Authors Posts by ISOUpdate.com

ISOUpdate.com

185 POSTS 23 COMMENTS
ISO Update aims to provide information, resources, and updates around the Standards and Certification industry. We believe that organizational standards can help businesses of all shapes and sizes become more efficient and successful on a local, federal, or global scale.

by -
Questions for your CB - ISOUpdate.com

Choosing a Certification Body (CB) should be considered as an opportunity to question and verify the capabilities of the team that will be assessing and auditing your organization each and every year. This process can be daunting, especially to those of us who are new to the industry. ISOUpdate has a Directory of CB’s you can use to start your hunt, but we understand it might be confusing if you don’t already know what to look for and what questions to ask during the process. Here’s an assorted list of some questions that you need to ask your potential Certification Body.

Are you Accredited?

This should be the first and most important question you ask your CB when you are requesting quotes and determining who to select as your future CB. Confirm that the organization you are working with is accredited to ISO/IEC 17021 to ensure that your certification will be recognized. ISO/IEC 17021 is the conformity assessment standard that applies to bodies providing audit and certification of management systems.

Where will my certification be recognized?

If you are working with international suppliers or looking to do business in a certain country, you will need to ensure your new certification is recognized internationally. Ensuring your certification body is accredited by an Accreditation Body that has joined the IAF Multilateral Recognition Agreement (MLA) will confirm that your certification is recognized globally, but more specifically, in the markets you are interested in pursuing.

Can you supply a Letter of Certification Intent?

If you have been asked by an organization to obtain an ISO certification to do business with them, it would be worth pursuing a letter of certification intent to then offer your supplier for the time period leading up to your achievement of certification. This may be sufficient for the supplier as proof of your active commitment to becoming certified, and sufficient to start a contract with your organization for work.

What is the requirement of QMS maturity before certification can take place?

A Certification Body cannot implement a system for your organization, it can only audit an existing system. You may need the services of an Internal Auditor or Consultant to help your organization meet the requirements of the standard before you can move forward with your CB. In general, if you are running a successful business, you are already achieving a large portion of the standard, but an Internal Auditor or Consultant will be able to maximize efficiency, reduce documentation and wasted time and energy to ensure you meet and exceed all requirements. Some CB’s may require your system to be in place for a certain time period before they can audit it – ensure you are able to meet those deadlines.

What is your NPS for client satisfaction?

NPS or Net Promoter Score is a metric that organizations use to measure customer satisfaction. Organizations ask current clients their likelihood to recommend this organization to a friend. This is a great metric to consider when picking any organization you are planning to work with, as it indicates overall customer satisfaction of the whole process when dealing with a company. High NPS’s can give you, a potential client, a good indication of what you can expect from this company.

Other important customer service related questions you should be asking:

  • How flexible can you be in terms of scheduling issues? Can you accommodate our expected registration date, or close to it?
  • If we have questions and call in, can we expect a prompt response?
  • What happens if we have a difference of opinion with one of your auditors? Who do we contact?

If your organization has a deadline to meet or an expiration to worry about for recertification, you will need to make that clear to the sales representative when they are quoting you a price. Time constraints will be a factor when they are selecting available auditors.

It is also valuable to know who your point of contact will be throughout the certification process, especially if you and your auditor come to a disagreement. This stage in your quoting journey is a good opportunity to understand what levels of communication this organization has for dealing with common questions, scheduling, and non-conformities.

What relevant industry experience do you have?

This question is especially pertinent if you are working in a specialised industry. Having an auditor who is familiar with your industry will make the whole process much easier.

Do you have local auditors?

Having a local auditor is an extreme advantage to you as a client, as it reduces the expenses incurred during your surveillance audits. A local auditor will have reduced travel, accommodation, and food expenses.

Other Questions to ask related to your auditor:

  • Does the registrar use the same lead auditor/auditors each time?
  • How many auditors would you use on this particular project?
  • What is the frequency of surveillance audits and what is covered?
  • Can we meet the auditors who would work on this project? And could we interview the lead auditor assigned to our company?
  • Are travel and subsistence expenses built-in or additional? And if they are additional could you quote me an estimated figure?

You may want to dive into the CB’s process for hiring auditors; most certification bodies are extremely particular about who they hire as auditors, but it might be worthwhile to ask their base level of experience needed. Another important note to consider if your organization is pursuing re-certification, are you maintaining impartiality with your auditor team? The purpose of certification audits is to have an impartial, outside view of your QMS to eliminate bias. While it is wonderful if your organization has a pre-existing and positive relationship with your auditor, it can sometimes create bias. Consider switching up your auditor every few years and don’t become too reliant on your current third-party auditor to ensure you are getting the most out of each certification audit.

Do you offer certification to other standards? Do you offer integrated audits for more than one standard?

If you are looking to achieve ISO 9001:2015 and ISO 14001:2015 for example, having an integrated audit could be an option for your organization to save costs and time.

What sort of “off-site” time (such as report preparation, document reviews, etc.) could we be charged for?

Understanding the entirety of the process for auditing is important. Certification is not just an individual looking at your documents. They are taking a sample of your work and understanding how you effectively run your business using the requirements of an international standard. Auditors spend hours before and after each audit, preparing, going through the evidence, reporting findings, and interpreting the standard. By understanding this, you are able to better understand the quoting process, and the variables in place with each and every audit. By asking what is included in the quote, and even understanding the role and administration involved in the process, these numbers make much more sense.

Do you offer training for the standard you are looking to obtain?

If your organization wants to maximize your system, having your management team and employees attend training to fully understand the processes and guidelines of the standard is highly recommended.

For example, in ISO 9001:2015, there is increased attention on the involvement of upper management to ensure the success of the QMS. Upper management is required to have an active interest in the system and is responsible for ensuring its success. Attending training can only help your organization more easily obtain your certification.

How do you determine how much time to spend on a full system/surveillance audit?

This question should make or break your decision-making process, and it will confirm to you if your potential CB is truly accredited to ISO/IEC 17021. Organizations who are accredited are required to quote audit days based on the number of employees your organization has on staff and the risk level of your management system. Ensure you know the exact and correct number of employees you employ when you are in the quoting phase, as this will be asked. Discrepancies in quotes from the initial quote to actual billing are often due to misrepresentation from the organization on the true number of employed staff. To avoid surprises, ensure your number is accurate.

Summary

These are some key questions to ask prior to employing a CB. They have been designed with the intent to give you valuable insight into the CB, which is critical to selecting the right registrar for your organization’s needs. These are generic questions to help your organization by directing your questioning to ensure you are well informed about their practices. We highly encourage you to customize each and every question to fit your company’s agenda.

by -
Predict, Survive, Grow - ISOUpdate.com

ISO 31000 is a standard on risk management developed by the International Organization for Standardization firstly in 2009 and updated in 2018. It is the international codification of the principles and guidelines of risk management, which emerged as a necessity to have one international standard which applied to all industries and organizations of all sizes. In other words, because there were a number of standards on risk management that different organizations in different industries were implementing, experts deemed it necessary for a new family of standards to emerge and to unify all the concepts in one single standard which would provide guidelines and strategies for implementing risk management. Later on, we will discover how ISO 31000 and ISO 22301 can be intertwined, and how can ISO 31000 deepen the risk management control in an organization that has already implemented ISO 22301 – business continuity management system.

Uncertainty is an inseparable part of every business, and as such, every company has to tackle the risks associated with uncertainty in every dimension of business operations. First, risks have to be identified, after which they are categorized and preventive and responsive measures for each identified risk are implemented. The nature of risk nowadays has evolved into unprecedented complexity, because the amount of data that goes in and out of companies is rapidly increasing. As such, unsurprisingly, contracts and insurance companies require mechanisms in place which make sure that the company is identifying and tackling risks.

ISO 31000 helps organizations protect their assets as well as increase the likelihood of achieving objectives by providing direction and risk management strategies. It is adaptable to the context of every organization and it helps mitigate risk within the organization by implementing risk-based decision-making and risk-based corporate culture. That is to say that both employees and stakeholders make decisions by always bearing in mind the risks associated with each decision, but at the same time, apart from seeing negative consequences, it helps a company also identify positive opportunities.

On the other hand, one of the most famous international standards which deal with the continuation of business operations and business security is ISO 22301. This is a standard on business continuity management and it is widely-implemented in organizations of all sizes and all industries. Differing from ISO 31000, ISO 22301 does lead a company to certification if the latter proves to have implemented the standard and its requirements.

The main goal of this standard is to offer a management system which makes sure that in case of incidents, of every nature, an organization can continue its crucial business operations – in other words, it can survive. Incidents can have a very different nature from each other, ranging from natural disasters to cyber-attacks, and ISO 22301 includes all of these kinds of incidents. It also helps a company to mitigate risk and to evaluate which risks are more imminent and more probable.

Based on these factors, and a proper understanding of the organization and its context, a Business Continuity Plan should be developed (BCP). This plan includes actions and measures to be taken in case of different scenarios, the persons in charge of every scenario and how to contact these persons in case that one of the scenarios happens. In other words, a BCP should be composed, but there should also be instruments to activate the BCP and responsible managers should be appointed for every situation, and the information should be communicated clearly so that every employee is aware of who to contact in different scenarios.

So, among other things, risk assessment and risk management are integral parts of business continuity, and this is where ISO 31000 and ISO 22301 intersect. In ISO 22301 there are two important clauses which deal specifically with risk: close 6.1 on “Actions to address risks and opportunities” and clause 8.2 on “Business impact analysis and risk assessment”.

Every business is exposed to risk, ranging from market risks, investment (or stock) risks, natural risks, cyber risks and so on. Depending on the scale of risk exposure, a company might choose to implement and get certified against ISO 22301, but at the same time have ISO 31000 as a guiding tool for risk-based thinking, risk strategies and risk-based corporate culture. It is a very good integration (but not an integrated management system, since ISO 31000 does not offer requirements but guidance) of two standards which can produce a very detailed and accurate platform, that can serve a business well in difficult times – and as history has often proved, it can help a company stay in business when faced with risks and challenges.

It is often argued that civilization started when the first humans learned to domesticate plants and were able to farm and harvest. In order to be able to farm, one must at least be able to recognize and know seasons, humidity and temperature as minimum requirements to be successful. So, in other words, it was the event of being able to predict which marked the beginning of civilization and its continuation and evolution to this point. We have developed immaculate methods (e.g. scientific method) to predict and forecast in order to survive, thrive and evolve. The same concepts apply to a business if you see it as thinking, living organism which is striving to evolve and thrive, but which also has to deal with the bad days where survival is the main objective. We can consider standards such as ISO 22301 and ISO 31000 as the scientific methods of the world of management, which help a business as a living organism to survive in these bad days while helping them reach their objectives and grow in good times.

About PECB

PECBpecb logo is a certification body for persons, management systems, and products on a wide range of international standards. As a global provider of training, examination, audit, and certification services, PECB offers its expertise on multiple fields, including but not limited to Information Security, Business Continuity, Resilience and Recovery, Governance, Risk Management, and Compliance, Quality Management, IT Governance & Service Management, Health, Safety, and Sustainability.

About the Author

Julian Kuci is the Marketing Quality Assurance Manager at PECB. He is an honour graduate of RIT in Economics & Statistics and Public Policy & Governance. Julian holds a diploma in Transitional Justice from the Regional School of Transitional Justice and is certified against ISO 9001 – Quality Management and ISO/IEC 27001- Information Security Management.

by -
PAS 99 Integrating Common Management Systems - ISOUpdate.com

Management systems are designed to add value to the organization by saving resources, time, and money. PAS 99, developed according to the ISO standards for writing management system standards, is a single framework developed by the British Standards Institution (BSI) which assists in proficient management of all ISO certified systems. PAS 99 was developed in response to the need for a reference document for the implementation of a real and effective integrated management system. Prior to the publication of PAS 99, there was confusion in the market about what should be considered an integrated management system as organizations were only able to merge the reference documentation (manuals, procedures, etc). This approach was far from a real integrated management system and insufficient for many organizations.

PAS 99:2006 was created to enable organizations to integrate common management system requirements into one framework. PAS 99:2012 is based upon the structure of ISO Guide 83, and now sets a common structure to be followed by all management system standards moving forward.

PAS 99 is designed to be used by organizations that have a management system standard or are implementing various management system standards. It applies to organizations of all sizes and industries.

To integrate different management systems, some elements of the standards were restructured to enable easier integration of various management systems. The high-level structure as adopted by many of the new standards has the following elements:

  1.  Scope
  2. Normative Reference
  3. Terms and Definitions
  4. Context of the Organization
  5. Leadership
  6. Planning
  7. Support
  8. Operation
  9. Performance Evaluation
  10. Improvement

Benefits of PAS 99 Integrated Management Systems:

PAS 99 has gained success because it provides a great number of benefits to users.

Some of the benefits of implementing the PAS 99 system include, but are not limited to:

  1. Meet differently implemented standard requirements of your business with a single set of policies and procedures. This helps govern the standards in a more coherent and less cumbersome manner, which results in a more streamlined and smooth approach to meeting the multiple different requirements.
  2. A single audit can cover all the various management systems in place, providing a way to achieve the same end goal but with far fewer resources involved.
  3. Improve the overall efficiency of your business by systematically removing redundancy and duplicate tasks. The duplicate tasks with different targets are now replaced by singular tasks that cover all the different targets of the individual management systems.
  4. Roles and responsibilities are clearly defined with roles now being responsible for all the areas that have an overlap causing the merger of multiple roles into one. This new role will now be responsible for all the common objectives that were previously being looked after by multiple different roles.
  5. Continuously improve multiple management systems by providing an integrated overview of the systems which allows growth to be driven without handling and executing improvements on multiple disparate systems.

Implementation and certification of PAS 99 Integrated Management Systems:

PAS 99 can be tailored for specific business needs and can be built to suit any organization that utilizes multiple certified systems. The developers of your organization’s specific PAS 99 will help your management design and implement a tailored PAS 99 integrated management system. Then, your staff must be trained to ensure effective implementation of PAS 99. The type of training your staff receives can vary and is based on your organization’s specific needs.

In the process of getting PAS 99 certified you can expect the following:

1. Gap analysis

It is during a Gap Analysis that discrepancies between PAS 99 requirements and the organization’s existing integrated management system are assessed before any further formal assessment.

2. Formal Assessment

It is during a Formal Assessment that, firstly, your organization is assessed for preparedness for the assessment of PAS 99 controls and procedures. If there is any gap found, it will be communicated to you for rectification. Then, if the primary requirements are fulfilled, an assessment of the actual implementation of controls and procedures is carried out.

3. Certification and beyond

After the Formal Assessment, a PAS 99 certificate is issued having validity for three years and during this time the client manager of PAS 99’s developers would stay in touch with the user’s organization and would help in any improvements.

Compliance with this specification does not in itself ensure conformity with any other management system standards or specifications. The requirements of each management system standard will still need to be addressed to achieve certification. Organizations that wish to certify compliance with PAS 99, can do so to demonstrate that an effective integrated management system is in place.

by -
Implementing ISO 9001 Improves Business Performance - ISOUpdate.com

Contemporary marketplaces work in a highly competitive environment. It has become imperative for organizations to improve their business performance and stay ahead of their competition. Improving business performance requires cost reduction without compromising quality. Implementing ISO 9001 can help organizations easily improve their business performance. ISO 9001 is an international standard that defines requirements for Quality Management Systems. It has all the ingredients which can ensure that a business runs in the most optimized manner and improves its performance. Let’s explore how various aspects of ISO 9001 help achieve higher business performance.

How does ISO 9001 help improve business performance factors?

Business Performance is defined by product quality, waste control, cost reduction, competitiveness improvement, sales volume, and profitability. An ISO 9001 system ensures each of these factors improves with the implementation of requirements which are built-in to various clauses of the standard.

Product Quality

Product Quality and achievement of higher customer satisfaction is at the core of the ISO 9001 standard. ISO 9001 defines various controls within its clauses that ensure that an organization provides high-quality output to its clients and meet its customers’ expectations. Some of the ISO 9001 requirements that ensure these are:

  • Understanding the Context: ISO 9001 requires that an organization understands the requirements of all its interested parties and internal/external issues that are relevant to the organization while defining the scope of the Quality Management System. This ensures that the requirements of customers are well understood and catered to when defining the Quality Management System. ISO 9001 requires that top management actively involves themselves in defining the strategic direction and ensuring that the Quality Management System runs in conjunction with the business scenario and aligns with the companies’ long term and short-term objectives. Understanding the requirements of its customers and setting of objectives ensures that an organization understands the needs of its customers well and processes defined are more customer-centric.
  • Risk Management: Risk-based thinking is introduced in the new version of ISO 9001 and is an important tool to understand the risks involved in delivering a quality product/service to the customer and to take actions to address these risks.
  • Operational Controls: Various controls are built in the standard in various clauses to ensure all deliveries are reviewed and tested before it reaches the customer. Some of these are requirement/design reviews, quality inspections of both raw materials/final product, monitoring of suppliers, etc.
  • Resources and Infrastructure: ISO 9001 touches on all the aspects of a business and support systems required to ensure product quality to the customer. This includes infrastructure, communication, resources, both human resource and equipment/tools that may be required.
  • Data-Driven Approach: ISO 9001 is a standard that is driven by data and has efficient monitoring mechanisms applied. It requires that the organization defines its quality objectives and constantly improves on their performances. Organizations with a continuous focus on the quality objectives and with improvement in the goals, achieve their business objectives.
  • Process-Approach: ISO 9001 focuses on having a standard set of procedures and having streamlined processes in all departments of an organization. This ensures processes are repeated and produce the same quality of product every time. This approach provides the necessary controls that are required to keep the risks at an acceptable level and deliver a more consistent result.
  • Empowered and Engaged Employees: ISO 9001 also stresses having empowered and engaged employees, a suitable work environment, access to organizational knowledge and training. This helps to improve the overall morale of employees and employees put in their best efforts towards customer satisfaction and ensure better product quality.

Waste Control

To achieve higher business performance, waste control is important as it makes your processes leaner and more efficient and you deliver faster. This also ensures that the procedures are optimized and the product quality improves.

  • Non-Conforming Product/Process: ISO 9001 requirements define a very detailed approach for handling non-conforming product /processes. It requires that an organization analyse all aspects of the non-conformities and ensure that the non-conformities do not re-occur. This pro-active approach improves processes and reduces waste in the processes.
  • Continual Improvement: The new version of the ISO 9001 standard has captured various aspects of running a business beyond just a Quality Management System. It gives a framework or a tool to improve performance. ISO 9001 focuses on continual improvements which require that organizations explore various ways to improve the current set of processes and develop optimized ways of working.

Cost Reduction

Implementing ISO 9001 means that the business operates a set of consistent processes which are continuously improving with time. This brings in efficiency and you deliver more with the same set of resources. Waste control and lesser rework reduce the cost of deliveries.

Competitiveness

Efficient risk management which is embedded in all the processes of the organization ensures that the organization has analysed business needs well. This reduces all risks due to external factors like competition, market, trends, technological advancements, etc. and improves business sustainability in a competitive marketplace. ISO 9001 also improves customers trust in the organization’s processes when an organization is ISO 9001 certified. ISO 9001 focuses on increasing customer satisfaction and working towards improving customer relationships at all levels. This itself improves the competitiveness of an organization as old customers are retained and new customers are introduced.

Sale Volume and Profitability

The overall increase in the reputation of the organization in the market due to excellent customer satisfaction and improved product deliveries brings in new business and increases sales volume. Reduced costs and increases in sales result in increased profitability in business.

Conclusion

ISO 9001 is all about: Improved product quality + process improvements.

Both of these factors, when implemented through the various clauses of ISO 9001, ensure that there is less waste in the system. This further ensures cost reduction. The reduced cost helps the organization to pass on better value to its customers. As you provide value to the customer within the same cost, the customer is “delighted” and you gain more business. Each delighted customer provides you with new references and your competitiveness improves. A surge in sales volume is what follows which increases your profitability. So, just by applying the ISO 9001 standard, you achieve higher business performance with improvement in all the parameters that define performance.

About the Author

Avital Koren is the Director of ISO Global

 

by -
ISO 17021 Requirements for Certification Bodies - Video

ISO 17021 is an International Standard that provides Certification Bodies (CB) with a set of requirements that will enable them to ensure that their management system certification process is carried out in a competent, consistent and impartial manner.

The conformity assessments done by ISO 17021 certified CBs provide value to all types of organizations.
ISO/IEC 17021 Conformity assessment — Requirements for bodies providing audit and certification of management systems, as it is officially called, was prepared by the ISO Committee on conformity assessment (CASCO) in 2006. It was developed to fulfil the need to have an International Standard that could facilitate the recognition of bodies that were performing conformity assessments and the acceptance of their certifications on a national and international basis; making it easier to recognize management system certification in the interests of international trade.

Read the full description of the standard at ISOUpdate.com/standards/iso17021

by -
Calibration Explained - ISOUpdate.com

When developing a Quality Management System, companies often struggle with the calibration requirement and the expectations that surround it. As a matter of fact, because it is misunderstood, people try to exclude it as fast as you can say calibration. Let us attempt to explain what calibration is, why it is important, what is required by ISO 9001:2015 and some common pitfalls while implementing this requirement. In this article, Factor Quality keeps it as simple and relatable as possible so you can easily understand the concept of Calibration and it’s importance.

“One accurate measurement is worth a thousand expert opinions.”

– Rear Admiral Grace Hopper

Why is Calibration important?

Let us give you 2 great examples of why calibration is such an important activity of your business:

  1. Imagine weighing 10 lbs. of screws and shipping it to a customer. 

When the customer receives it, they weigh the screws at 8 lbs. Expect this customer to complain. When they do, you will have to investigate what happened and resolve the matter promptly. So, what happened? Is your scale accurate? Is their scale accurate? The only thing that you know with certainty is that you have essentially cheated your customer unknowingly. Calibrating your tools and equipment should give you the confidence that your devices are measuring, in this case weighing, the way they are supposed to.

  1. You buy a piece of furniture that is supposed to fit at a specific spot at home.

Only to find out that when you put it together the furniture is too big for the area. It makes you wonder if the dimensions were published correctly or if the pieces of furniture were measured correctly.

Measurements can become more critical when we are talking about items in the medical, automotive & aerospace industries. A piston that is too heavy in racing can slow the car down. A part that does not measure as expected will not work in a satellite and potentially delay a launch. A catheter size change could potentially be damaging to a patient.

Calibration is needed to help us confirm that the measurements we perform are being done with accurate devices.

It is a concept that has been around shortly after civilizations were started. Measurements were needed to calculate weights and lengths for early trades- calibration was done of devices to ensure fair trade. As time went by and technology evolved other measurements and means to ensure accuracy were introduced.

As inventions have evolved over time the demand on accuracy has also increased. When we say “lighter, faster, better!” Somehow these items must be measured to validate the statement. If you think about it, calibration is quietly a key component of any economy and hence it ought to be considered a key component of businesses.

In this image, you will notice that at 1 inch, all rulers are measuring the same. But look at the 2- & 3-inch marks? They are all different. Which is the right measurement?

The quote by Rear Admiral Grace Hopper now makes more sense, right? It is extremely important to have a measuring device that you can rely on.

“One accurate measurement is worth a thousand expert opinions.”

Okay, I get it is important, but what is calibration?

Calibration simply put is ensuring a measurement meets a known standard.

So, let’s dissect this statement.

What do we mean by known standard? A known calibration standard.

What is a known calibration standard? An object with a universally recognized value (for example a centimetre, a millimetre, a kilo, etcetera). Normally these standards are traceable to a national agency. Here in the US, we use the National Institute of Standards and Technology, NIST. Therefore, most organizations in the USA use the term “NIST traceable” when speaking about their measurement devices.

How do you ensure it is meeting that standard?

The idea is that the device used (ruler, calliper, micrometre, scales, etcetera) gives you the certainty that your measurements are accurate. The act of calibrating means that you are verifying the tool to see if it meets those standards. If it does not meet the standard, then you will need to adjust, fix or scrap the item.

Since the introduction of Quality Systems calibration requirements have been present. In ISO 9001:2015, the requirement is called “Measurement Traceability” and calibration is a component of this requirement. It is written in such a manner that your company needs to first decide if “measurement traceability” is a requirement that applies to your company. It is quite possible to have businesses where no measurement devices are used (mostly service organizations). If that is the case, then you can deem the requirement as not applicable to the business.

For those companies that do have measuring devices then the question becomes “What items require calibration?” Normally we like to say that there are two categories:

  1. Equipment used to approve products- usually, this equipment that is carried by Quality personnel in the organization and it is used to determine if the product meets requirements at any point of the manufacturing or realization process. Not just final inspection.
  2. Equipment that is used to monitor a key factor in the process- a means to assure the process is performing as needed. An example of this can be a thermometer for a furnace where the temperature has been determined to be a critical factor in the process.

What are the ISO 9001 Requirements?

The intent of the calibration requirement is that, once you determined you have equipment/devices that need to be calibrated that you need to control it. What does this control mean?

It means that:

  1. you identify these devices, so you are aware of their calibration status;
  2. these devices are handled with care as not to affect their accuracy;
  3. you retain proof that these devices have indeed been calibrated.

Calibration Program Setting & Management

Managing a calibration program can be a costly expense to any business. Not only from the out-of-pocket expense of sending out items to get calibrated at a defined frequency but also the time it takes to manage the program. By the way, ISO 9001:2015 never defines the frequency of calibration for any given device. Some companies do counter the expense of external calibration by doing it themselves. Maintaining a calibration program can be achieved by using simple spreadsheets. We have seen software packages that help you manage, remind you and keep records of calibration activities. There are some calibration houses that have started offering “calibration data” solutions.

The most common pitfalls of calibration programs:

1. Dealing with out of tolerance items.

Many organizations do not deal with “Out of Tolerance” items. Small businesses are often happy to receive their calibration certificates and quickly file them without taking a close look at them. But if you do not read it properly, you might miss that the calibration house notified you about an item being out of tolerance. Luckily, nowadays the calibration companies do not only report it on the certificate, but they also provide a quote for the adjustment/ fix.

If you used an item that was out of tolerance you need to know the effects of the failure. People forget to analyze if the “Out of Tolerance” condition could have affected any of the measurements taken with the device. If the out of tolerance item does not affect your products then, no need to do more. However, if the out of tolerance device affects your product then you might have your hands full trying to figure out what product(s) were measured with the device and how far back in time you need to go to assess product quality. This might even have you recalling the product to ensure it is safe.

2. Proper handling of measurement devices.

For example, what if someone was to bump into equipment X and it falls onto the floor? Do you need to know as soon as it happens? Yes! It is extremely important to verify that the calibrated item still functions as expected. If not, you would have to deal with the consequences. Normally, months later, through a customer return/ complaint or through an Out of Tolerance condition detected at calibration that you will need to investigate. Another frequent calibration pitfall is that items are not identified properly to show their calibration status. Calibration stickers are the easiest way to identify your equipment and tools. The picture here is a snapshot of items you can find in google when searching for “calibration stickers”. You choose which best suits your organization and then start using it on all items that are calibrated. This is an easy way for everyone to know when to get the item calibrated.

3. Calibrated equipment missing proper identification.

Calibration stickers are the easiest way to identify your equipment and tools. The picture here is a snapshot of items you can find in google when searching for “calibration stickers”. You choose which best suits your organization and then start using it on all items that are calibrated. This is an easy way for everyone to know when to get the item calibrated.

Some companies identify measuring devices with stickers that state “For Reference Only”. This is an acceptable practice if the device is not being used to determine if the product/ test is viable or not. The litmus test comes when auditors ask the employee how they use device “X” and what decisions they might make based on the device readings.

Now granted calibration stickers can fall off, especially if the devices are being used in an environment where the stickers are being exposed to chemicals or are prone to wear due to use. So, some companies keep the status of their calibrations using alternate methods. Which is fine, but you must prove that they make sense for your organization.


Need More Help?

We understand that you might still have questions at the end of this blog and might not know where to start when creating your calibration system.

Don’t stress! We get it!

Factor Quality is here to help!

Factor Quality - ISOUpdate.comWe can come in or meet online and check if your organization is calibrating the right items and controlling them correctly? We have vast experience setting up calibration systems that make sense and are sustainable. One size does not fit all and we are here to help you determine what fits your organization.

Check out our Process Improvements services but remember that we can always add a la carte services to ensure more value for you. We are not about just charging you money, we are here to ensure we make your QMS better. That is our goal.


About the Author

Pierre Servan | CEO, Principal Consultant, Factor Quality Inc.

Factor Quality was founded in 2011, with a vision to help fix quality issues, improve businesses, and help them get certified. Pierre never thought he would encounter such a rewarding industry with clients that appreciated his work, students that appreciated his words, partners that helped him and consultants/colleagues that appreciated him and what he had to say. Today, Factor Quality helps organizations take the next step in their quality journey and service the following certification: ISO 9001, ISO 14001, ISO 13485, ISO 16949, ISO 17025, ISO 45001, AS9100, AS9110 & AS9120. If you are interested in learning more about Factory Quality, visit them at www.factorquality.com/

by -
Stakeholders in ISO 9001:2015 - Video

ISO Management Systems consider Interested Parties an essential element in the success of any business. Interested parties, also referred to as Stakeholders must be managed in order to obtain and retain their support. Additionally, many ISO Management Standards including; ISO 9001, ISO 14001, and ISO 45001, require organizations to understand and manage the interests and expectations of their Interested Parties as part of the certification process.

Most organizations have many Interested Parties. Determining which are the most relevant is a critical step towards developing a plan to prioritize and manage them.

How can an organization begin this process? Read the full article here!

by -
What is ISO 9001? - ISOUpdate.com

What is ISO?

ISO, or the International Organization for Standardization, is a non-governmental international organization that develops, through consensus, voluntary, market-relevant international standards with the aim of supporting innovative thinking and practices and providing solutions to global challenges. Through international standards, ISO provides specifications for products, services and systems to ensure quality, safety and efficiency, and are instrumental in facilitating international trade.

In short, ISO sets a standard for how companies produce their product or service and manage their organization to ensure that what you expect from an organization is what you receive. Download the information PDF from ISO here to learn more about the history of ISO. 

Creating and implementing a Management System (MS) first requires choosing a standard, or set of requirements, to structure your system upon. Consider this the solid foundation that your MS is built on.

These standards are the key to creating an MS that properly delivers its promise to establish and improve upon efficiency and excellence. One such standard is ISO 9001, the internationally accepted standard for Quality Management Systems.

What is a Quality Management System?

Organizational operations are typically dictated by ideas centered on their customers. This includes customer satisfaction and customer service, as well as the need for offering products or services that meet certain standards and requirements that customers expect.

A Quality Management System, or QMS, is a compilation of diverse business processes that aims to fulfil customer requirements and deliver customer satisfaction. The QMS is a formal list of procedures, policies, responsibilities and organizational goals to ensure the organization is efficient and effective. The QMS aids a company’s aspirations towards improving efficiency and lowering costs, streamlining processes, creating organization-wide direction for employees and reducing wasted time, money and manpower.

A properly implemented QMS will help your company meet organizational requirements and achieve your vision, as well as satisfy your customers by fulfilling their expectations.

Who Needs ISO 9001?

The nature of ISO 9001 is to provide guidelines for quality management systems that aren’t specific to any single industry or category of work. Because of this, ISO 9001 can be used by any organization, in any industry.

ISO 9001 is currently used by over 1.5 million organizations in 191 countries, and the nature of ISO 9001 means it is inclusive to all sizes of organizations. Whether your organization has 2 workers or 2 million, ISO 9001 will improve your business through a process approach and increased efficiencies.

It is important to note that ISO 9001 is not a product standard. It does not define product quality.  This is a process-based standard: you use it to control your processes so that your end product will meet your desired outcomes. https://the9000store.com/what-are-iso-9000-standards/what-is-iso-9001/

Understanding the diverse nature involving risks and the specific requirements of certain industries, ISO 9001 has a small group of sector-specific applications for the standard, including:

ISO 13485Medical Devices

ISO 17582Electoral organizations at all levels of government

ISO 18091Local government

ISO/TS 22163Business management system requirements for rail organizations

ISO/TS 29001Petroleum, petrochemical and natural gas industries

ISO/IEC 90003Software Engineering

Your organization should consider achieving ISO 9001 certification if your organization wants to:

  • gain international credibility;
  • work with international suppliers;
  • improve the consistency of operations;
  • improve the company or product quality;
  • increase customer satisfaction and trust;
  • focus management and employees;
  • reduce waste and save money

How Can my Organization become ISO 9001 certified?

ISO does not directly provide certification for any standards. But, if it is not possible for an organization to be certified by ISO, who awards the certifications?

Organizations must use third-party Management Systems Certification Bodies to achieve certification for an ISO standard.

Certification Bodies Role in Certification to ISO 9001

The Committee on Conformity Assessment (CASCO) is the ISO committee that works on issues relating to conformity assessment. CASCO develops policy and publishes standards related to conformity assessment, it does not perform conformity assessment activities. Countries have governing bodies that provide accreditation to Certification Bodies. An accredited Certification Body (CB) has achieved accreditation from an Accreditation Body.

Finding an accredited Certification Body for standards like ISO 9001 can be done either by contacting the National Accreditation Body in your region or by visiting the International Accreditation Forum (IAF) https://www.iaf.nu/.

If your Certification Body is not accredited to ISO 17021 by an IAF Member Accreditation Body, your ISO 9001 certification will not be internationally recognized.

These factors must be taken into consideration before settling on an organization of your choosing for the certification of your company. When you are looking into organizations who are certified to ISO 9001, or at Certification Bodies to issue your ISO 9001 certificate, do your due diligence and ask if they are accredited to ISO 17021 and a member of the IAF. Most accredited Certification Bodies will advertise their accreditation on their website, so look out for the IAF logo.

What are the Requirements for ISO 9001 Certification?

Before your organization can begin the steps towards certification, your QMS must be in place and functioning. It is at this stage that you could consider bringing in an ISO consultant to assess your organization and provide industry experience and expertise for implementing your system.

Once your system is in place, and effective, an auditor from your selected Certification Body will perform a Stage 1 audit to determine your readiness for a Stage 2 Certification Audit. During your Stage 1 Audit, your Certification Body will review your management system’s documented information, evaluate site-specific conditions and have a discussion with employees. The auditor will determine if objectives, KPI’s or significant aspects are in place and understood. They will review the scope of the QMS and obtain information on your processes and operations, equipment in use, levels of control established, as well as applicable statutory or regulatory requirements. Internal audits and management reviews will be evaluated to ensure they are being planned and performed and the overall level of implementation of the management system will be assessed to determine if you are ready to move forward with the Stage 2 Certification Audit.

The Stage 2 Audit evaluates the implementation and effectiveness of the organization’s management system. During this audit, the Certification Body will determine the degree of compliance with the standard’s requirements and report any non-conformances that the organization will have to correct before the certificate of registration can be issued. If the Stage 2 audit is successful, the organization’s management system will be certified. http://isoupdate.com/resources/exploring-stage-1-and-stage-2-audits/

How Much Does ISO 9001 Certification Cost?

Because ISO 9001 certification is issued by an external Certification Body, the exact cost associated with the certification does vary. Accredited Certification Bodies must follow strict requirements for quoting certification activities. These costs are based on an organization’s employee count, the level of risk associated with the product/service being provided under the management system, and how many locations are being certified.

There are two types of costs associated with the certification: implementation and certification.

Implementation of a QMS that conforms ISO 9001 may be quite costly depending on your current practices, the nature of your business, your process design and employee awareness.

Summary

The general opinion of standards and certification is that the benefits outweigh any and all costs involved with audits and implementation. As a guide, a recent study undertaken through the American Society for Quality (ASQ) showed that for every $1 spent on your QMS, you could expect to see an additional $6 in revenue, a $16 reduction in costs, and a $3 increase in profits. On average, they saw that quality management reduced costs by 4.8%

Learn more about the ROI of Quality 

by -
Management Reviews – Your Responsibilities - ISOUpdate.com

When running an ISO 9001 certified quality management system (QMS), you need to ensure that the QMS and its effectiveness are consistently reviewed for effectiveness. Doing so allows your organization to better understand the processes and ensure they are performing at peak effectiveness. An integral part of the ISO 9001 standard is continual improvement via internal and external audits and annual reviews.

Management reviews work to prepare your organization for external audits as well as to ensure that ISO 9001 is being implemented and utilized to its best capacity.

An effective management meeting reviews current management and operational performance data, and if the need is identified, improves upon company measures.


Plain English Guide to ISO 9001:2015 Terms from Praxiom


Getting the most out of your Management Review

In ISO 9001:2015, section 5 outlines that the accountability for effective deployment of the QMS ultimately rests upon upper management. There is ambiguity though as the standard does not detail who owns the responsibility to schedule reviews, only that they must be planned. When making efforts to improve upon management reviews, you need to plan and prepare for them in advance. These meetings are required on an annual basis but can be held more frequently according to company preferences.


Learn more about how often you should be having internal audits for compliance


Steps to take Prior to your management review:

If you decide your organization should have multiple management reviews per year, it is a good idea to dedicate each meeting to a specific section of the system and split the work into more manageable tasks.  Setting dates, locations, and an agenda to direct the discussion is advantageous. ISO 9001:2015 also requires you to formally document these meetings.

Important note: Documenting a list of attendees is a good practice.

Ensure that you cover all the topics in the ISO standard you are certified to. The best way to do this is to produce a detailed agenda which lists the topics to be addressed during the meeting; this is particularly helpful to keep track of multiple reviews during the year.

The attendees must include the senior management team, but others can be included to discuss more specific issues. For example, specific processes that directly relate to certain employees or teams should have a representative present to ensure communication and changes are well received.

Management Review meetings should include the following:

  • Discussion on issues previously discussed in meetings, as well as a review of the effectiveness of any actions taken as a result of past meetings; 
  • Any updates to current external and internal issues affecting the Management System;
  • Review of available resources and their adequacy;
  • An examination of the overall performance of the Management System – including a discussion on possible updates and improvements.

Read more about the Audit Report from the perspective of Management from The Auditor Online.


Steps to Take During your Management Review

As per the requirements of ISO 9001:2015, minutes must be taken on behalf of all individuals attending management review meetings to document the discussion. Minutes must be descriptive and understood by an observer, as they will be made available to third-parties who were not present during the meeting.

Another good idea for increasing efficiency is to examine previous data or evidence. Examples of this could include minutes of the last review meeting, management system documentation, audit reports (both internal and external), policies, etc.

For continuous improvement, your organization needs to note trends affecting your business, as they can point to recurring issues that could be preventable. Current trends can also highlight issues that might not affect your company for the time being but might be consequential in the future. Areas such as requirements of potential business partners, compliance with legislation, and complaint records should be addressed.

Steps to take after your Management Review

Minutes should be distributed to the appropriate staff members, especially if changes or revisions have been made to company systems. This is done to ensure all staff are informed and conform to the updated system.

Management Review Checklist

While having a detailed agenda during the review is helpful, having access to a professional review template or checklist is extremely beneficial to ensure your management review is effective and compliant with ISO 9001. Below are sample templates from trusted sources who have taken the time to create generic templates for you to review and tailor to your organization. Use these as a guide during your own company Management Reviews.

Management Review Template from SAI Global – Click Here

Management Review Template from Sample Templates – Click Here

 

by -
Understanding ISO 55001 - ISOUpdate.com

Understanding ISO 55001

ISO 55001 lays down the prerequisites for an asset management system. It gives a framework for the establishment and regulation of objectives, policies, processes, governances, and facilities involved in any organization’s pursuit of their goals and objectives. The standard highlights the necessity of having a management system.

ISO 55001 does not include or specify any financial, technical, or accounting needs for managing various types of assets.

ISO 55001 uses an organized and effective system for driving ongoing improvement and creation of value.

This is possible by effectively managing all assets and the costs, risks, and performances related to these assets.

ISO 55001 is complemented by the two other additions in this category namely ISO 55002 and 55000. They provide the principles, overviews, application, guidance and terminology.

Read the full article on ISO 55001