How to Implement
Smart Compliance with Quality
Management System Requirements
ISO 9001:20XX Quality
Management System
Improvement
Linda Bankoski
Quality Leadership Associates
Linda Bankoski
Quality Leadership Associates
2
Check - in
• Who Is Here?
– Quality Managers
– Executive Management
– Consultants
– Auditors
– Students
– ………….
• What are you seeking?
Improvement Opportunities
Focus on what you have in place today
1. Do our management systems simply comply?
2. Does compliance
• add value?
• deliver what our business needs?
3. What can we learn from today?
Worst and Best Practices
4. Identify “that sounds like us”
• Think,
• Celebrate,
or
• Plan!
Request and Hope
Request
• Don’t leave without at least one idea to improve your
QMS (quality management system)
• Do not forget that this is based on
my experience with ISO 9001:2008 and
about ISO 9001:2015
QMS
Hope
From this
QMS
To this
Disclaimers
6
Management of Quality Systems
Discipline
High
Maturity and Difficulty to
Maintain
Performance Excellence
Benchmarks
World Class
Excellence
Best Practices
PDCA
Reactive
Systems
Impulsive
Systems
Low
Formal
Systems
Key
Performance
Indicators
Baldrige Award
Lean Enterprise
2015
1994
1987
2008
2000
ISO 9001 standards
Meet specifications
Conformance-Driven
Thought Shift
High
Performance-Driven
Benefits
The Goal:
An Effective Quality Management System
A comprehensive set of planned and implemented policies and
procedures that describes the quality assurance efforts of a
business & how it establishes and uses measurable objectives to
achieve positive results including:
•
•
•
•
•
Customer satisfaction
Continual improvement
Competitive advantage
Sustainable business
Growth capability
•
•
•
•
Healthy financials
Productivity
Personnel satisfaction
Regulatory compliance (as applicable)
Critical Differences
• “Cartoon-inspiring” organizations
– Focus on reducing costs
– Results
• Decreasing value
• Decreasing quality
• Effective organizations
– Focus on customers and increasing value and quality
– Results
• Better
• Faster
• Cheaper
Reduced Costs
• Effective must proceed efficient
Evolution of the ISO 9001 Standard
2015
Business
Focus
2008
Performance
Focus
2000
Customer
Focus
1994
Process
Focus
1987
Product/Service
Focus
Management Systems
Review
Documents
Business
Requirements
Audit
Documents
Practices
Audit
Compliance
Business
Requirements
Documents
Practices
Reasons to Certify
• Discipline
– Regular audits
– Outside ‘eyes’
• Feedback
– Objective
– Professional
– Experienced
• Improvement
– Ongoing input
• Marketing
Significant improvement comes from outside by invitation.
W. Edwards Deming
ISO 9004:2009
The purpose of an organization is
• To identify and meet the needs and
expectations of its customers and other
interested parties, to achieve competitive
advantage, and to do this in an effective
and efficient manner, and
• To achieve, maintain, and improve overall
organization performance and capabilities
Quality Management Principles
• Framework toward improved performance
of an organization
• Aimed at helping organizations achieve
sustained success
• Form the basis for the quality
management system standards within the
ISO 9000 family
Quality Management Principles
Appendix B
(informative)
1. Customer Focus
2. Leadership
3. Engagement
Involvement of People
4. Process Approach
5. System Approach to Management
6. Continual Improvement
6. Factual
Evidence
Based Decision
Making
7.
Approach
to Decision
Making
7. Mutually
Relationship
Management
8.
Beneficial
Supplier Partnerships
Quality Management Principles
Appendix B
(informative)
1. Customer Focus
2. Leadership
3. Engagement
Involvement of People
4. Process Approach
5. System Approach to Management
6.
5. Continual Improvement
6. Factual
Evidence
Based Decision
Making
7.
Approach
to Decision
Making
7. Mutually
Relationship
Management
8.
Beneficial
Supplier Partnerships
A Strategic Decision
Documented business structure?
Want to improve?
Performance must be evaluated using data
Principle #6 - Evidence Based Decision Making
Evidence Based Decision Making
A Strategic Choice
• Documented system
– Consistency
– Improvement
• Demonstrate compliance
– Data = Evidence
•
•
•
•
•
Files
Forms
Charts
Graphs
Interviews
– Politics = The art of influence
• Attempt to convince through power of argument
ISO 9000-2008
Model of a process-based quality management system
Continual Improvement of the
Quality Management System
Customers
Management
responsibility
Resource
management
Requirements
Input Product
Customers
Measurement,
analysis,
improvement
realization
Output Product
Satisfaction
Key
Value-adding activities
Information flow 21
ISO 9000-2015
Model of a process-based quality management system
4.1, 4.2, 4.3
Establish
context. Define
relevant
interested parties
& scope of QMS
10 Continual Improvement
*
Customers
& other
relevant
interested
parties
Requirements
5 Leadership
Customer
Satisfaction
4.4 QMS – General &
Process Approach
6 Planning
Inputs
*
9 Performance
evaluation
8 Operations
Outputs
Products and
services
7 Support processes
22
Shift from 20082015
In general
• Management Responsibilities = Leadership
• Resource Management = Support
• Product Realization = Operations
• Measurement, Analysis and Improvement =
Performance Evaluation
• Prevention = Risk Management
• The 2015 revision
– Allows many opportunities for improvement
• Less prescriptive
• Puts the systems in context
• Alignment of purpose
• Promotes active leadership
• Acknowledges interested parties
– Sets up challenges
• If “simple compliance” was the goal
• Auditing is focused on procedures in place
• If interactions of processes aren’t clearly
understood
Follow the Process Thread
ISO 9001:2008
4.1 a) determine processes…
b) …sequence and interactions of these processes
c) …ensure …operation and control of these processes
d) ensure …resources and information to support …and monitor these processes
e) monitor, measure …and analyze of these processes
f) implement actions …and continual improvement of these processes
8.2.3 Monitoring and measurement of
processes
8.4 c) characteristics and trends of processes…
5.6.2 c) process performance…
Follow the Process Thread
ISO 9001:2015
4.4 determine processes needed for the QMS and their application throughout…and shall determine
a)…inputs required and the output expected…
b)…sequence and interactions of these processes
c)…ensure criteria, methods, including measurements …effective operation and control of these
processes
f) Risks and opportunities…plan and implement the appropriate actions…
g) methods for monitoring, measuring…and evaluation and changes to processes…achieve intended
results
h) opportunities for improvement of these processes and the QMS
6.2.1 establish quality objectives at relevant functions, levels and processes.
9.1.3 analyze and evaluate …data and information…from monitoring, measurement
e)…assess the performance of processes
9.3 c) information on the quality performance including trends and indicators for
2) monitoring and measurement results
10.1 determine and select opportunities for improvement
a) improving processes to prevent nonconformities
General Requirement
Resourcing
Processes
Production
Processes
Management
Processes
R&D
Processes
Service and
Support
Processes
Customer
Inventory
Processes
Improvement
Processes
Maintenance
Processes
Planning
Processes
Quality
Processes
General Requirements
Worst Practices
– Pretending that they are not there
– Including only an organization chart
– Showing only the interactions of product-related
processes
– Copying the diagram from the 2008 standard
Best Practices
– History and longer term plans
– Describe one holistic system
– Identified key processes including system
management and strategic planning
– Complete charts of all key process interactions
– Identified inputs, outputs and measures
4.2 Documentation Requirements
–
–
–
Statement of quality policy and quality objectives
Quality manual
Required procedures
1.
2.
3.
4.
5.
6.
–
Procedures you need for effectiveness
•
•
•
–
Document control
Record control
Internal audits
Control of non-conforming product
Corrective action
Preventive action
Planning
Operations
Control of processes
Required records
Document
Why?
– Describe the business structure
– Consistency
– Person to person
– Day to day
– Order to order
– Improvement
– Base line
Documentation
Worst Practices
– Quality manual is a copy of the standard
– The language of the standard is used
– No identified processes
– No process maps
– Manuals or files everywhere
– “Paperless” systems with no computer access
for workers
– Over documented
– Complex documents to follow
– Ad nauseum ……..
Documentation
Best Practices
– Simple quality manual in the “voice” of top
management (as simple as 1 page)
– Quality manual used to orient new employees
– No “ISO” speak
– Process and facilities maps
– Posted pictures
– Graphics and diagrams
– Hyperlinks maintained
B.O.S.S.
– Drop down levels
Manual
– “Owned” at every process
Procedure
– Interconnected sets
Job Aids
– Work station iPads
Trainer’s Guide
Verification
Quality “Manual”
Planning
What do we need
to do?
See Strategic Plan
Documentation
What do we need
to know?
See Document
Control #1 and
Master Lists
Key Processes
Competence &
Awareness
What else do we
need to know?
See Competence
Plans and Records
We do what we do.
See Flowcharts A) Production,
B) M/M of Products, C) R&D,
D) Infrastructure,
E) Calibration, F) Purchasing,
G) Inventory and Out of Spec
Product Control #2
Evidence
How we know
what we did.
See Records
Control #3 and
Master List
Is our system
suitable,
adequate and
effective to meet
our customer’s
and interested
party’s needs?
Management
Processes
Customers’ Requirements
Quality Policy
Objectives
KPIs
Quarterly
Review
What do we need
Corrective
to improve?
Action
Preventive
Action
See Corrections
Process #5
See Prevention
Process #6
System Audits and
Data Analysis
How are we
doing?
See Monitoring
and Measurement
#4 and Schedule
Required
procedures
System Management
Worst Practices
– Senior management completely unaware of the QMS and
how it works
– Stating commitment to customers
– No requirement for QMS improvement
– Holds the Quality manager responsible for the QMS
Best Practices
– Concentrated efforts on improvement of systems
– Management committed to QMS
– Sets high standards for the system
– Depends on QMS data for decisions
– Continual improvement
– Empowers everyone to improve
– Integrated systems
Quality Policy
Planning
Worst Practices
–
–
–
–
–
Only reacting
Random numerical goals that never change
No relationship to policy
“Company” goals with no cascading
Changes aren’t managed as part of the QMS
Best Practices
– Every process has measurable objectives that relate to overall objectives
• Clear connections and cascades
– Balance of leading and lagging measures
– “SMART” objectives
•
•
•
•
•
Specific
Measurable
Achievable or Agreed upon
Relevant or Realistic
Timed
– Objectives are “line of sight” that relate to overall objectives
– Changes are anticipated and planned
• Succession planning
• Development planning
Responsibility, Authority and
Communication
• Internal communication
– Appropriate communication processes
– Communication processes regarding the
effectiveness of the QMS
How’s
it
going?
We’ve
got
issues.
Here’s
what we
need to do.
We can
do
that.
Responsibility, Authority and
Communication
Worst Practices
–
–
–
–
–
Generic job descriptions
Defined discipline and no defined authority
Annual meetings to tell employees
Powerless management rep
No effective action on reported issues
Best Practices
–
–
–
–
–
Clear details of authority
Effective two-way interchanges
Intentional listening sessions
Shift, daily, weekly process reviews
Effective suggestion collection and implementation
processes
Management Review
Worst Practices
•
•
•
•
•
•
•
Task of management rep
Done for compliance with ISO 9001 requirements
Disconnected from business
Disconnected from customer needs
Only quality issues
Weekly or annual
Hoping that things improve
Management Review
Best Practices
•
•
•
•
•
•
•
•
•
•
Business focus
Driven and managed by top management
Coordinated and valued
Two-way communication with all
Obsession with improvement
At least once per quarter
Aligned with weekly and monthly info
Evaluate “processes thread”
Related to communication processes
Clear decisions and actions with timing and follow-up
Provision of Resources
Worst Practices
• React to crises
• Managed outside of QMS (i.e. budgets, etc. )
Best Practices
• Regular inventory of resources
–
–
–
–
People with right knowledge, skills, abilities, energy
Time
Money
Physical assets
• Equipment
• Stock
– Unique assets
• Partnerships
• Technology
• Reputation
• Processes
• Result of effective communications
Human Resources
Worst Practices
• Training records only
• “Grandfathered” into positions
• Purchased curriculum and everyone is required
• Confidential personnel files
Best Practices
• Records of competence based on interviews, identifying
education, training, skills, experience
• Customized curriculum
• Measures of OTJ competence
• Color coded job matrices
• Competence and succession planning
Infrastructure
Determine
Provide
Maintain
a) buildings, workspace, and utilities
b) process equipment (hardware and software)
c) supporting services (transport, communication, etc.)
Worst Practices
Best Practices
• Employee opinion survey
• Production equipment
only
• Complete equipment and
utilities lists with frequency
• Scheduled based on usage
• Predictive and preventive
Work Environment
Determine
Provide
Manage
Conforming
product
Work Environment
Worst Practices
Best Practices
• Not understanding
• Focus on employee “comfort”
• Protection systems
• Measures of reliability
• Tracking records
–
–
–
–
Diversity
Empowerment
Complaints
Safety
Production Planning
Worst Practices
• Order entry
• Production scheduling
Best Practices
• Plans by product line
• Value stream maps
Customer Orders
Worst Practices
• “We know what they need”
• Promise anything with no hope of delivering
• No records of requirements including delivery
• Disconnected marketing and quote
processes
Best Practices
• Specifics and details of requirements
• Inventory management for customers
Customer Communication
Worst Practices
•Assuming understanding
•No records
Best Practices
•Synchronized, routine, planned interactions
•Use of data
•Organized email records
Design and Development
D&D planning
D&D inputs
D&D verification
D&D review
Design and
Development
Actions
D&D outputs
D&D changes
D&D validation
Design and Development
Worst Practices
• Each “creator” does their own thing
• Undefined records requirements
• Proprietary
Best Practices
• Complete list of projects
• Available records of progress vs. plans
• Computer generated tracking system
Purchasing
Worst Practices
•
•
•
•
No specifics
“ASAP”
“They know us”
“We know them”
Best Practices
Details! Documents, Drawings with rev levels
•
•
•
•
•
•
Clear criteria to select
Recommendations of others
Certificate of analysis data
Test samples
On site audit
Pilot study
Price
•
•
•
•
•
Records of evaluation
Statistical data
– On time deliveries
– Product quality
Supplier rating data
On site audit
Response to needs
Actual costs
Verification of Purchased Product
Worst Practices
• Accept by load
• File COAs
Best Practices
• Data collection
• Receive only acceptable
• Connect with purchasing
Customer Property
Worst Practices
• No awareness of customer property
– Intellectual property
– Procedures, blueprints and drawings
– Labels and packaging materials
– Equipment and molds
– Tooling and parts
• No records of notification of problems
Best Practices
• Inventory identification
• Records of reports
Production and Service Processes
Worst Practices
• Complex (many page) procedures
• Overly simple procedures
• No defined criteria
• “I’ve been here XX years”
Best Practices
• Streamlined procedures
• Photos or displays where they are needed
• Examples
Product and Part Preservation
Worst Practices
• Forklift damage is common
• No criteria for what is acceptable
• No identified rework processes
Best Practices
• Reports of conditions
• Includes maintenance
Calibration
Worst Practices
• “The company we use has a list”
• “They know when to come”
• Missing or unclear records
• No traceability
• Damaged or lost devices
Best Practices
• Lists of equipment and frequency
• Easy to access, complete records
• Clear labels and ownership
X
Improvement
Worst Practices
• Avoid “bad news”
• Shoot messengers of
feedback
• Justifying and blaming
• Fix symptoms
• Goals
– Not real
– Generic
– Reduce feedback
Attitude
Shift
Best Practices
• Drive for “perfection”
• High value for “bad
news”
• Multiple sources of
feedback
– Audits
– Customer feedback
– Imbedded improvement
processes
• Six Sigma
• Lean Tools
– “Excellence” programs
Every Day Process
What did we learn from today?
Yes!! Finding problems
helps us!
I don’t
believe this!
Welcome to the “School System Recovery Program”
Customer Perception
Worst Practices
• Mechanical surveys
• Lack of follow-up
• Collect without intent to use
• Passive information
• Annual
• Complaints
Best Practices
• High value for understanding customer perception
– Multiple views
• Active solicitation
• Beyond surveys
• Closer to continual than periodic
– Real time
– Detailed
• Partnerships
• Improved based on experience
Internal Audit
Worst Practices
• Management ignores program
• Weapons of mass destruction
• Done to comply
• Result in papers and files
• Static plan
• Missed schedules
Best Practices
• Management craves results
– System QC
– Ideas
• Master schedule- Safety, Environment, Housekeeping, 5S, Prevention,
Financial, Sarbanes-Oxley
• Key source of improvement
Monitoring and MeasurementProcesses
Worst Practices
• Trying to ignore it
• Not taking it seriously
• Collecting data and not using it
Best Practices
• Clearly identified processes
– Key
– Flowcharts
– Interactions
– Inputs and outputs with defined measures
M and M of Product
Worst Practices
• No clearly defined specifications
• Test until it passes
• Lying with statistics
• No records of person authorizing release
• Missed scheduled tests
Best Practices
• Clearly defined criteria
– Specifications
– Photographs
– Examples
• Trends are monitored
• Action
– Defined
– Taken before failures
Control of Nonconforming Product
Worst Practices
• Multiple ways to mark NC products
• Excess of “bad” inventory
• Only used for final products
• Store it in shipping area
Best Practices
• One clear process
• Consistently used
• Ownership
Use of Data
Worst Practices
• Thinking too small
• Low expectations
• Little use of statistics
Best Practices
• Consistent collection
• Use for decisions
• Value for facts
Improvement
Worst Practices
•
•
•
•
•
•
•
•
Confusing corrective and preventive
No awareness of top management
A black hole
Focus on product related customer complaints only
Focus on personnel
Focus on product failures only
Mechanical review by management
‘Enough’ to comply
Best Practices
•
•
•
•
•
•
•
Top management value
Obsession with timeliness
Objectives to increase preventive actions
Include safety, health, environment, lean
Include process problems
Include suggestions
Six sigma reviews
– Define, Measure, Analyze, Improve, Control
Improvement
Worst Practice
• No real use of:
Quality Objectives
Analysis of
Data
Preventive Action
Best Practice
Aligned System Requirements
Defined Customer
Needs and
Requirements
Customer group
Product A
1.
2.
3.
4.
Product B
1. Requirement
2. Requirement
Product C
4. Requirement
5. Requirement
6. Requirement
Product D
3. Requirement
Requirement
Requirement
Requirement
Requirement
Company
Specific
Policy
•
Policy covers
•
6 requirements
Objectives
Customer Perception
Financial
Internal Processes
Improvement
Measures vs.
requirements
Sources of Problems
94-96%*
Problems caused by
quality systems and
how the systems are
managed
4-6%
Problems caused by people
*Data from W. Edwards Deming and Joseph Juran
Improvement
Best Practices
•
•
•
•
A guiding light
Focus on customer needs
Focus on system
Used as a basis for planning
• Recognizing that the system is the
solution
Improvement
Best Practices
• Drive for “perfection”
• High value for “bad news”
• Multiple sources of feedback
– Audits
– Customer feedback
– Imbedded improvement processes
• Six Sigma
• Lean Enterprise
– “Excellence” programs
• Baldrige and beyond
My plan was that you would have at least one
improvement idea to create a specific plan
Nonconforming
Management
Products
Review Output
Audit Findings
Six Sigma
Projects
Improvement
Opportunities
Facilities
and
Equipment
Problems
Document and
Process Errors
Lean
Opportunities
Customer Comments
Prevention
Ideas
Improvement Plan
• People
– Improve the systems that set people up to fail
– Listen effectively
• Processes
• Business
Action
The Change Process
Support and Direction
Reaction
Shock/
Denial
Provide
Information
Improvement
Active
Participation
Depression
Hope
Ask and
Listen
Thank You!
“It is not necessary to change. Survival is not mandatory.”
W. Edwards Deming