Internal Audits-Aerospace Scheme

 AS9100, Tools of the Trade  1 Response »
Dec 152012
 

It has recently been brought to the attention of IMS that there are concerns within the aerospace industry regarding organisations internal audits, especially taking into account organisations certified to AS9100, AS9120 and AS9110.

There are various points within the Aerospace Scheme standards that refer to ensuring the Management System takes into account customer and regulatory requirements (4.1-The organisation’s quality management system shall also address customer and applicable statutory and regulatory quality management system requirements) is an example.  This implies that when applying the management system requirements the organisation needs to include customer and regulatory requirements.

One of the concerns being identified is that the internal audit plans and processes are not identifying applicable customer and regulatory requirements and being audited accordingly.  Many organisations are performing their internal audits against the Aerospace Standard clauses but not considering the other standards which may be applicable to them.  As an example, the internal audits should review compliance with customer specifications which may be referenced within contracts.  This could also include CAA, EASA and FAA requirements etc. The “note” within the internal audit clause states “Planned arrangements include customer contractual requirements” when making reference to the internal audit plans.

With this in mind, IMS Auditors will be reviewing internal audit plans in greater detail to ensure that customer, regulatory and statutory requirements have been planned and audited sufficiently.  Auditors will need to see that the Audit Plan/Schedule covers all requirements and the internal audit records cover the above.

 

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Accredited Certificates from other Countries and Organisations

 Tools of the Trade  No Responses »
Nov 272012
 

Many client’s often ask our auditors about the validity of a number of their suppliers certificates as they do not display the UKAS logo on their ISO 9001 certificate.

It’s important to remember that UKAS is the United Kingdom Accreditation Service and other countries have their own equivalent accreditation bodies, just because the certificate doesn’t display the UKAS logo doesn’t mean it isn’t valid.

The International Accreditation Forum (IAF) is the world association of Conformity Assessment Accreditation Bodies and other bodies interested in conformity assessment in the fields of management systems, products, services, personnel and other similar programmes of conformity assessment. Its primary function is to develop a single worldwide program of conformity assessment which reduces risk for business and its customers by assuring them that accredited certificates may be relied upon.

The IAF Signatories have all signed up to a Multilateral Agreement by which they all abide by the same set of rules and accept each others existence in terms of the services they supply.  By reviewing the Accreditation Body shown on the certificates in question against the IAF membership list you are able to ensure that the certificate you are viewing is from an accreditation body the equivalent of UKAS or ANAB (USA) etc.

There are other accreditation bodies in existence which are not necessarily on the list but by using a certification body who is accredited by a body on the list then you can guarantee that the same rules are being applied to each and every one of them and you should therefore have a consistent level of service.

To review the list of IAF Signatories, please click here.

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

AS9100 and AS9120 Pre-Audit Activities

 AS9100, Tools of the Trade  No Responses »
Sep 012011
 

Organisations applying the new revisions of AS9100 and AS9120 will notice that they are being required to provide a greater volume of information prior to any on-site activities being performed.

Auditors (internal and External) are less likely to be effective if they have not performed suitable planning for the on-site audits.  Planning will assist the auditor to keep the audit focused during the on-site audit and provide a true “process-based” audit.

Some of the additional information required (as per AS9101) by IMS or any other CB prior to the on-site audits being planned and performed will include:

  • The revenue for aviation, space, and defense industry, as a proportion of the total revenue;
  • the number of employees working for aviation, space and defense and the total workforce; and
  • identification of the major (e.g., top five) aviation, space and defense customers.

The above information will be used to help the auditor plan their audit and focus on the key areas of the organisation, thus providing a more effective audit.  There is no benefit to the organisation or their clients by focusing the audit within areas which could potentially have the least impact to the risks of the business, clients or aerospace industry.

If Boeing is your top customer, the auditor will focus their audit on the orders processed for them and the controls you have in place throughout that process.

Some organisations have questioned why we require the information stated above and we hope that this blog has clarified the reasoning behind this.  An update will be required on an annual basis to ensure the auditor continues to focus their efforts in the right direction.

The IMS Form (AS9100 and AS9120 Supplemental Questionnaire) used to provide this information can be found on the IMS Website.

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Process Control Tools

 AS9100, Tools of the Trade  No Responses »
Aug 312011
 

AS9101 clause 4.3.2.2 requires the Certification Body Auditor to ensure clients provide the necessary information and documentation for review, including the following:

  • Quality Manual;
  • Description of processes showing their sequence and interaction, including the identification of any outsourced processes;

Note 1: The processes can be depicted in various ways [e.g., process maps, turtle diagrams, SIPOC method (breakdown of supplier, inputs, process steps/tasks, outputs, customer), octopus].

Organisations shall be required to provide this information during the stage 1 assessment or a document review for the auditor to review and use as the basis for the audit plan.  There is no defined method for depicting this information but some common tools are detailed within Note 1 or organisations can create their own.

Whatever tool is used, the organisation must ensure that the process approach which has been defined within a previous blog is being utilised [i.e. inputs, process, outputs).

The auditor is also likely to produce their own tools for use, these can also be used as part of your own internal audit process.

Some of the tools used by the IMS auditors can be downloaded from the IMS Website.

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Process Approach to Auditing

 AS9100, ISO 9001, Tools of the Trade  2 Responses »
Aug 302011
 

Many of the ISO standards are designed around the process approach to auditing and design of the management system and takes you away from clause based systems.

Organisations who introduce ISO 9001, AS9100, AS9120, AS9110 etc need to ensure their management systems are utilising the Plan Do Check Act definitions and steer away from clause based auditing and system design.  This is also relevant to organisations implementing other standards such as ISO 14001.

Within ISO 9000, the definition of a process is: A set of interrelated or interacting activities which transforms inputs into outputs.

Inputs to a process are generally outputs from other processes and a process has a start and an end defined by two limits and must be considered when defining your own processes.

Within ISO 9001 and AS9100, clause 4.1 requires organisations to (e) monitor, measure where applicable, and analyse these processes, and (f) implement actions necessary to achieve planned results and continual improvement of these processes.

The above clause is very important and is commonly overlooked by organisations and auditors.  Many organisations applying AS9100, AS9120 or AS9110 will be aware of the the new Process Effectiveness Assessment Report (PEAR) form which auditors shall begin to use during assessments.  These Reports are very important and will identify if your processes have been clearly defined and are suitably monitored and measured.  Further information on the PEAR shall be included within a separate blog.

Tools can be used to help organisations define their processes, these shall also be detailed within a separate blog but some example tools can be process flowcharts, SIPOCs and Turtle Diagrams.

Taking the above information, organisations need to ensure that their processes have been clearly defined with inputs and outputs and showing the interaction of these processes.  Measuring the effectiveness of the process is also vitally important and non-conformance’s shall be raised if these processes are found to be ineffective.

You can be in compliance with a clause of ISO 9001 or the Aerospace Standards but still be non-conforming if you are not monitoring and measuring a defined process and taking corrective actions against any areas which are outside of the defined requirements or targets.

A prime example of this could be late deliveries, if you have a process for delivering products within a defined time frame and you are late or outside of that requirement then a non-conformance’s should be raised internally and corrective actions taken.

Please note that this is a requirement of ISO 9001 not just the aerospace standards.  Review clause 4.1 carefully and consider your processes and how you are defining, monitoring and measuring those processes.

If you need to download some process tools or the PEAR form visit the IMS website.

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

AS9100 and AS9101 Frequently Asked Questions

 AS9100, Tools of the Trade  No Responses »
Aug 292011
 

Due to the release of the new revisions of AS9100 and AS9120 the International Aerospace Quality Group (IAQG) have published a number of Frequently Asked Questions Documents.

It is recommened that you download these documents as there are a number of clarification points within these documents which will help to further explain not only the requirements of the standard but also the requirements and purpose of the AS9101D document.

The FAQs are free to download from the IMS website and are written by clause which makes them more user friendly. The auditors will also use these during the audits as an aid.

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Netregs Changes to Environmental Regulations

 ISO 14001, Legislation, Tools of the Trade  No Responses »
Dec 072010
 

The Government is bringing together all the information you need to run a business in one place for each of the countries within the UK.

Many of  you are regular visitors to Netregs for obtaining information with regards to environmental legislation.  Although Netregs will continue to operate and advise on environmental legislation they will no longer publish guidance on complying with the regulations.

For obtaining guidance you will need to visit the below websites:

These changes will be taking place over the forthcoming months

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Integrating ISO 9001 and ISO 14001

 ISO 14001, ISO 9001, Tools of the Trade  1 Response »
May 152010
 

More and more organisations are beginning to introduce ISO 14001:2004 (Environmental Management Systems) into their business and are never quite sure if they should integrate the requirements with their already existing ISO 9001:2008 Quality Management System.  In our experience this is a suitable option for most organisations and is relatively easy to carry out.

Due to a number of the clauses being almost identical but essentially following the same process it makes sense to combine these procedures to streamline the system and make it more manageable for users.

For example, both standards require control of Non-conformance’s, Corrective Actions and Preventive Actions and although the standards are different the process for controlling these will be the same.  You can have a non-conformance against a product or process requirement within ISO 9001 but then a non-conformance against an environmental incident such as a spillage in ISO 14001.  Although the non-conformance is different, the process for identifying the root cause and introducing correction and corrective actions will be the same.  In both cases you need to establish how the non-conformance occurred and how you are going to correct the root cause to ensure that the same issue does not reoccur.

The management review can follow the same process.  Both standards require you to perform a management review, they may have different input and output requirements but there is no need to hold tow meetings as the process of going through the inputs and reviewing data will be the same.  As long as your system captures the requirements of both standards auditors will be happy for you to combine the review process.

Internal Audits is another process that can be integrated fairly easily.  Again, the process of performing the audits will be the same, you will just be looking at different specific areas at various points.  You will however notice that the auditor will only need to audit some of the processes once; ensuring that the requirements of both standards are covered (training etc).

There are a number of consultants who are experienced with both standards and the process of integrating these.  A list of possible consultants can be found on the IMS main website but others are available.

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Difference Between Corrective and Preventive Actions

 AS9100, ISO 14001, ISO 9001, Tools of the Trade  2 Responses »
May 132010
 

Introduction

There are two clauses within the ISO 9001 standard that appear to cause many people confusion as to their difference and how to approach each of them; 8.5.2-Corrective Actions & 8.5.3-Preventive Actions.

Within the standard the wording within each of the clauses is very similar which is probably where most of the confusion stems from.

8.5.2 Corrective Actions:

“The organization shall take action to eliminate the causes of nonconformities in order to prevent recurrence.

8.5.3 Preventive Actions:

“The organization shall determine action to eliminate the causes of potential nonconformities in order to prevent their occurrence.”

Main Difference

You can clearly see from the excerpts taken from the ISO 9001 standard that Corrective Actions are taken as a result of non-conformances whilst Preventive Actions are taken against potential non-conformances to prevent them from ever occurring.

You should not be raising Preventive Actions after a non-conformance has occurred, you should only be raising Corrective Actions.

Corrective Actions

To address the Corrective Action clause you should be identifying the root cause of non-conformances that have already taken place and implementing immediate corrective actions to contain the situation and long term corrective actions to prevent their re-occurrence.

Detailed information on root cause analysis and techniques can be found within other guidance notes available on the IMS website.

Preventive Actions

This is usually where people take a step in the wrong direction, it is often seen that organisations are raising preventive actions as a result of a non-conformance and after they have identified corrective actions.  Because they see the word “Preventive” within the clause they believe this means to prevent the non-conformance from re-occurring.

Types of Preventive Actions can include processes such as performing risk assessments against product, processes and health and safety activities.  You are aiming to prevent a non-conformance from ever occurring by taking preventative measures.

Most organisations take Preventive Actions without knowing they are.  Within the construction industry you will commonly see kick off and progress meetings throughout projects, these are preventive actions as the members present at the meeting will be discussing potential problems which may hold back the progress of the project.

Observations raising during internal audits could be classed as Preventive Actions as they can suggest improvements within the system to prevent non-conformances from occurring in the future.

Customer feedback is another method that can be used as Preventive Action evidence as customer suggestions may prevent any issues from being raised in future with regards to the service or product you provide.

Hopefully now the above information has helped clarify any missunderstandings over the difference between Corrective and Preventive Actions.  you can download this guide by clicking here.  If you need some further clarification please do not hesitate to contact one of our auditors.

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

5 Whys Technique

 AS9100, ISO 14001, ISO 9001, Tools of the Trade  No Responses »
May 082010
 

Many organisations struggle to identify the underlying problem with regards to non-conformance’s and find that what they have introduced to address any issues often doesn’t solve the problem and the same issues reoccur.

There are numerous techniques that can applied to identifying the root cause of non-conformance’s, probably the simplest of these being the 5 whys technique.  Within IMS International we use this technique ourselves when non-conformance’s have been identified and have found this problem solving tool to be very effective.

The system is straightforward to implement, and once you get the hang of the process you can generally work through most issues within a matter of minutes.

By asking the question “Why” you can separate the symptoms from the causes of a problem. This is critical as symptoms often mask the causes of problems.

How to Use the 5 Whys
1. Assemble a team of people knowledgeable about the area of non-conformance. Include
as many personnel as possible.
2. Have the team members ask “Why” the Problem as described could occur, and write the
answer down underneath the Problem description.
3. If the answer provided from 2 (above) does not solve the Problem, you must repeat the question “why” until you do.
4. If the answer provided from 2 (above) seems likely to solve the Problem, make sure the
team agrees and attempt a resolution using the answer. You may find that there are
more than one root causes to the problem.

Example

Non-conformance:
The CNC Machine keeps failing.
• Why 1
Why did the equipment fail? Because the circuit board burnt out.
• Why 2
Why did the circuit board burn out? Because it overheated.
• Why 3
Why did it overheat? Because it wasn’t getting enough air.
• Why 4
Why was it not getting enough air? Because the filter wasn’t changed.
• Why 5 and Root Cause
Why was the filter not changed? Because there was no preventive maintenance schedule in
place informing the operator to do so.

Using the above example, you can change the circuit board and you can change the filter but it would not necessarily prevent the same thing happening again.  Those two items would form the basis of immediate correction action but not effective long term corrective action.  To ensure effective long term corrective actions you would introduce a preventive maintenance programme for the machine, at this point you should also review preventive maintenance plans with other machinery within the organisation as you could have the same issue elsewhere.

Although the technique is called 5 whys, you may ask the question more than 5 times so do not stop just because you get to the 5th why, continue until you are satisfied that you have identified the true root cause.

As you can see from the example, the 5 whys technique is very simple to use and if performed correctly it can be very effective in identifying and addressing root causes for non-conformance’s.

If you have any questions regarding the technique then please speak to one of our auditors, all of which are trained in the use of the technique and will follow the process when reviewing submitted corrective action plans by clients.

For further information you can download the IMS guidance note on the 5 Whys Technique.

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)