AS 9100 – Getting Employee Engagement in the System

AS 9100 aerospace quality management systems enable organizations a framework for using a process-based approach to meeting customer requirements. AS 9100 in clause 5.1.1h requires the leadership to show their commitment to the system by “engaging, directing, and supporting persons to contribute to the effectiveness of the quality management system.” Further clause 7.3 asks organizations to ensure that those working under their control are aware of their contributions to the effectiveness of the system, to product safety, product conformity and the need for ethical behavior. Many organizations struggle to get employee buy-in to the system. Some organizations reward best teams and performers but how do we get intrinsic involvement and buy-in from all. This article discusses some steps that companies can take to encourage intrinsic employee involvement in the system. 

Setting Challenging Objectives 

AS 9100 asks organizations to set objectives at relevant functions, levels and processes. When setting objectives, QMII encourages organizations to set objectives for each process/procedure. These can further be broken down into smaller goals for individual process team members. The objectives must flow from the policy so in doing their work to achieve the goals it is clear to the employee on how they impact the customer. The objectives when too easy do not encourage improvement or motivate the workforce. When too challenging affect morale as the goals/objectives are never reached. Review the objectives at periodic intervals to monitor progress and readjust as necessary.  

Management Involvement 

The workforce is more willing to pitch in when they see the leader pitching in. This must be something they do often rather than once in a while. The workforce must get representation at meetings on quality. This may be in the form of their suggestions for improvement being presented to the management at the management review and then receiving feedback on their suggestions rather than never knowing what happened. Management may choose to present to the workforce on a monthly or quarterly basis on the state of the system so the workforce knows where the organization stands and where it is heading. The workforce must feel like the part of a team and a valued team member. Only then will they willingly contribute. 

Customer Focus 

Often each worker may not know who the end customer is or get to see the end product in use and how the product benefits customers and their business and further end users. Organizations must make known to the users who the end customer is, share positive feedback received from customers, accolades received by the company and perhaps even arrange to see the end product in use.  

Personal Development 

Investing in personnel is a great way for an organization to show the workforce that they care. That you are willing to invest in them because they invest so much in what they do. Consider AS 9100 training for your workforce. It will also better help them understand why they do what they do. QMII offers a number of different training formats for AS 9100, including an overview, internal auditor and lead auditor format.  

 

Audits VS. Inspections

There is often confusion about the difference between audits and inspections. The purpose of each may seem the same, but they are slightly different.  Audits focus on why, while inspections focus on what. The purpose of an audit is to get the confidence that processes are working well.  An audit involves various layers to answer a “why” question. It involves exploratory reviews involving documentation, risk assessments, and nonconformities, etc.  While an audit may need more effort in finding an answer, an inspection is less complicated. The answer to an inspection question will involve a straightforward yes or no answer.

Inspections focus more on the action, while audits are about the process.  Inspections review a single point in time, but an audit follows a process from start to finish.  An inspection simply looks at the product or service. The process of an inspection is quite simple, it either clears the project if it meets the requirements specification or rejects it. If it is rejected, its loss can be reworked at an extra cost. Inspections must be conducted at every step to minimize the chances of product failure.

Why are audits and inspections important to an organization?  Inspections deal with things that cause immediate accidents or other issues. Inspections protect the customer, so the customer is not harmed by a non-conforming product yet from an organization’s point of view that they are too late.  The audit is to cover the root cause of these problems. The audits provide the input and ensure continuous improvement and it is where we take on nonconformities.

Here at QMII, we provide valuable information when it comes to our auditing services. We can give insight on where your system is working well as well as the risks and suggest opportunities for improvement. QMII’s audit services reduce the fear of an audit. Some individuals fear being blamed for non-conformities and often dread the idea of an audit. Our services are to ensure auditees are put at ease while QMII auditors look to find the effectiveness of controls in the system.

Although there is often confusion when differentiating audits and inspections, it can be easier to think of it as the Plan-Do-Check-Act cycle. Inspections are a “do” while audits are a “check.”  Inspections are required to do, and the audits are the process of checking and making sure inspections have been done.

 

 

Is your organization ready for MDSAP?

Quality is important in all industries but perhaps more so in the medical industry and for those organizations producing medical devices. Apart from ISO 13485 that defines the requirement for medical device quality management systems, medical device manufacturers have to also comply with the regulations of the country their devices are going to be used within. In an effort to streamline the program for manufacturers the Medical Device Single Audit Program (MDSAP) was devised. The MDSAP program is an audit done of the company to the regulations of five participating countries. It is thus much longer than a regular ISO audit as it has to assess the system against multiple regulatory requirements.  

As your company prepares for this new audit scheme perhaps the easiest thing to do is a self-assessment. Use the MDSAP audit model guide to assess whether the company processes meet all the requirements. Conduct a gap assessment and then work to fill in the gaps including keeping records as needed by MDSAP. Just because an organization undergoes MDSAP does not mean that it will not have an ISO 13485 audit as these are two separate schemes. In the conduct of the assessment ensure that the person conducting it is competent to do so. This will avoid any last-minute surprises. Make note that the MDSAP model grades non-conformities differently and so use the same scoring scheme to know what are the priorities that need to be addressed immediately.  

Is the leadership prepared? Often in preparing an organization focuses on the lower echelons as also on the processes involved in the design and manufacturing processes. Ensure the leadership is briefed on the model guide and understands the expectations from them. As a part of each audit, the AO focuses on the management and assesses their commitment to the system. The leadership once committed will drive the rest of the organization to follow suit. This will make it easier for those implementing the system and assessing it internally.  

Make sure personnel are trained and understand well the expectations. QMII offers a variety of MDSAP offerings that are tailored to meet the requirements of the organization with training for each level of the organization. In addition, QMII also offers ISO 13485 lead auditor training. Organizations must recognize that participating in MDSAP will not exclude them from regulatory audits from other organizations. While the audit program may seem cumbersome at first there are benefits from participating in it that include reduced costs and a streamlined audit process.  

Can training solve the issue of human error at sea?

Those who have been employed in the maritime industry for even few months will have heard the term that 80% of the accidents incidents at sea can be attribute to human error. The solution for this is often quality maritime training for the personnel involved. However, training is perhaps the most easily reversible corrective action. System experts will even go so far as to say that when something goes wrong do not blame the individual but blame the system. Can it always only be the system fault. Surely human error does play some part.

With the onset of STCW, new rules were ushered in to ensure quality maritime training for all personnel at sea. Similar rules have been extended to those in the inland water towboat industry with the onset of Subchapter M. STCW required maritime training centers to have quality standards systems in place and for flags to provide oversight of the training institutions to ensure quality maritime training was indeed being delivered. So, with such well trained personnel why then do errors still take place?

Safety management system are truly only successful when a just culture for safety exists aboard the vessels. This means there is no fear of repercussion or reprimand for stopping someone performing an unsafe act or to report an unsafe condition. When human error does creep in, it can often be attributed to the dirty dozen of unsafe acts and conditions. When a non-conformity occurs, or a potential non-conformity is identified the corrective action identified must address the root cause(s) of the problem. Poor root causes analysis will lead to quick fixes but no long-term improvement. Identifying the root cause leads to systemic corrective action with solutions perhaps being newly identified competence, mistake proofing of the system, revised procedures and in some case training. However, this time the training is made systemic and so repeated at periodic intervals.

Quality maritime training is only the first step towards ensuring qualified mariners as required by the ISM code but they competent, qualified mariners need to have the support of the system. When human error, operator error, user error and the such are identified over time as root causes it may be possible that it is indeed such, but it may also signify a deeper root cause. Perhaps a poorly managed hiring process, or induction process, or onboard training program. Training may have some role to play in the success of a safety management system and the reduction of human error as a cause of incidents/ accidents. Quality maritime training may be a leading preventive tool, however, only when the issues are treated systemically will long term improvements be gained and safer operations as a result.

AS9100-Risk-Based Thinking in the Airline industry – It’s about time.

The airline industry statistically has one of the best safest records. AS9100 defines the framework for a quality management system for aerospace parts manufacturers across the globe. Over the past decade there have been several airline accidents however, that have brought the safety of airlines to the forefront. In a most recent case of the Boeing 737-max a software glitch was identified as the cause. As investigations proceed the general consensus is that this glitch should have been previously identified.

Risk generally is associated with ‘uncertainty’ or ‘negativity’. This changed with ISO 9001:2015 and the onset of risk-based thinking that now asks companies to consider the opportunities for improvement that may arise out of taking a ‘calculated’ risk. Further in AS9100, that is built on ISO 9001, there are requirements for consideration of strategic risks and operational risks and the need to take action to address each. The impact of coronavirus or a similar pandemic is a great example of a strategic risk that can affect business continuity.

Risk-based thinking in the AS9100 standard promotes customer focus within an organization. While risk-based thinking has been inherent in previous versions of the standard with preventive action, the new standards address risk at each stage of the PDCA cycle thus enabling the entire As9100 management system at each stage as a preventive tool.

The aerospace and automotive industry are leaders in the implementation of Failure mode and effects Analysis (FMEA) and the Plan-Do-Check-Act Cycle (PDCA) of process management.  Originally adopted by the military in the 1950’s, FMEA later was embraced by the auto and aerospace industries.  The FMEA process identifies risks that can then be addressed using mistake proofing and problem solving with a team approach.  FMEA can be used for either product or process. When used properly it can be a very effective at addressing risks. FMEA is a great core tool that can be applied to address the AS9100 clause 8.1.1 operational risk requirements.

AS9100 asks top management to take accountability for the quality of products and services produced by their organization; keeping a customer focus at the core of all they do.  The influence of end users, customers and the companies marketing department on the product’s design needs to be constantly reviewed. At each stage of the requirements gathering, design & development and manufacturing stages of the AS9100 system there are potential risks. As such doing a single FMEA may not be sufficient but may require a review of the FMEA at periodic intervals as a change in inputs to the process/product may change the associated risks or identify new ones.

Management wants to encourage continuous improvement and innovative recommendations by all stakeholders, but changes must be reviewed.  Whenever a change is made to a AS9100 certified product or service, that change should follow the PDCA Cycle approach, the same way it was done when the product was first introduced.  This will reduce the number of recalls, and the risk of injuries to end users of the products.

A single non-conforming product that goes out of the organization into the market results in an intangible loss for no value can be put on the loss of reputation. It only takes a single incident! Starting with risk appreciation at the Plan stage of the PDCA cycle and then throughout the rest of the cycle, with a focus on customer satisfaction, will help the aerospace industry improve by preventing non-conformities before they occur as well as hopefully, improve their As9100 certified products.

ISO 14001-Benefits for Maritime Companies

Environmental accidents in the maritime industry get quick media attention. ISO 14001 does not guarantee that maritime accidents will not happen. It does, however, get organizations to consider their operations from a life cycle perspective of minimizing the impact of their operations on the environment.

The maritime industry has for a while now been governed by the requirements of MARPOL. MARPOL has 6 annexes and as of date all six annexes are in force. The six annexes cover the requirements for prevention of pollution of the marine environment by oil, noxious liquid substances, harmful substances in packaged form, sewage, garbage and air. However, MARPOL does not address the lifecycle operations of the shipping business. From an ISO 14001 perspective this would need to encompass the need for recycling of ships once they are done with their life.

The French Aircraft carrier Clemenceau is a good example of a vessel that faced major issues with being scrapped. Having sailed all the way to Alang, India it was denied entry and had to transit back to French Waters. It was denied access to Alang owing the Asbestos used on the vessel and the potential harm it would have on the scrap workers at Alang. MARPOL also does not address the operations as managed from operations ashore and the environmental impact of the operations of supporting the ships.

ISO 14001 encompasses the entire operations of the company if within scope and encourages organizations to look at all their operations from a lifecycle perspective. This essentially means that when designing office spaces and building ships companies need to start thinking about how they will dispose of waste from the processes in a responsible manner to the environment. Environmental sustainability is a new buzzword and demonstrating commitment to the environment, to stakeholders, through implementation of an internationally recognized standard ISO 14001.

ISO 14001 need not run independent of the existing management system that most maritime companies have conforming to the ISM Code. The requirements of ISO 14001 as with the MARPOL requirements get incorporated into the one management system on which the company operates. ISO 14001 as with other ISO standards is a voluntary standard. As such companies must choose to implement an environmental management system conforming to ISO 14001. Many leading maritime companies have already done so. QMII’s ISO 14001 training is delivered in multiple formats such as executive overviews, internal auditor and lead auditor. The training is also provided in an instructor-led online format and QMII’s instructors, having a maritime background, bring a unique skill set to the class in connecting the requirements of the standard through real life experiences.

Eight steps for a successful internal audit program

Internal audit programs play an important role in ensuring the success of the system. ISO standards such as ISO 9001, ISO 14001,  ISO 45001 provide the framework for management systems to function using a process-based approach, to achieve customer and other stakeholder’s requirements. Organizations certified to ISO standards, strive to be compliant, efficient and remain certified. Successful systems have Top Management (TM) / Leadership that are committed to and engaged with the system. They ensure regular internal audits and conduct management reviews (MR) to assess the continuing suitability, adequacy and effectiveness of the system. They further ensure that their decision-making process uses the inputs from the MR to ensure objective resourcing and support for efficiency.

External third-party audits too add value to this system, provided the auditors remain objective throughout the audit. Over the years QMII has come across instances where Non-Conformities (NC) were issued without the requirement being clearly stated or the evidence did not substantiate the requirement not met. However, these NCs are rarely challenged by organizations for “fear” of upsetting the auditors. Changes are further implemented to the system as a part of corrective action based on these findings. At times when the management is disconnected from the working system they often are surprised by the NCs presented at the closing meeting.

Is there, as a result, a case for preparing the organization for both internal audits and external audits? In well-functioning systems the organization should never have to prepare for an internal audit. The systems are designed to drive success and not for auditors or to get through audits without any NCs. NCs are, after all, an opportunity for continual improvement of the system and should be embraced, provided they are objective and not subjective to an auditor’s experience or opinion. An organization can and must respect a good NC and use it to drive correction and corrective action (CA). After all CA is NC driven. The organization/ auditee should be happy to receive a NC for risk(s) not appreciated.

I do however think that there are steps organization can take to build employee confidence in the  system, including the confidence to challenge the auditor when a NC is not clear or incorrectly given. Here are eight steps an organization can do to have its employees get that confidence for internal audit and subsequently for external audits:

  1. Conduct orientation on the process-based management system (PBMS) approach in general, and introduction to the highlights of the specific standard (e.g. ISO 9001:2015). This ensures that the basics of system approach and the internal management system are clear to all personnel.
  2. All TM must do a short training to be aware of the ISO standard, the main clauses and the benefits of the management system. This awareness leaders workshop (ALW) brings the confidence in the system, its implementation and continual improvement. This leadership awareness further encourages engagement of all personnel to use the system and increases buy-in.
  3. On regular basis, in day to day work and meetings refer to the management system. Ensure Quality, environment, safety, security, social responsibility, compliance are topics of discussion at periodic intervals. Even the middle and lower management e.g. supervisors should be encouraged to use the  system and engage others to do so. Management may have to support others in their roles of leadership at relevant levels.
  4. More than just following processes, all personnel must feel free and confident to challenge the process, make suggestions, raise NCs and submit innovative ideas. A participatory approach to system implementation is very cost effective. Let employees voice their concerns. Once they confident of their process and their system (with the fundamentals of the ISO Standard/other requirements built-in) the fear of audits will reduce.
  5. Put in place an aggressive internal audit program. When an outside (third party) auditor raises a NC, the organization does RCA (Root Cause Analysis) of the NC, but rarely does it challenge its Internal system and ask how the internal audit program missed the NC raised by the third party? Internal audits must be objective and strict and must raise all NCs.
  6. NCs must be tracked diligently and addressed within the time frame the organization has set for itself. TMs must stay involved by asking on the progress to the CA process. Overdue NCs must be investigated and TM must ask during the MR why the concerned department did not address it in time. Encourage PSW (Problem Solving Workshops) so teams can look at complex, inter-departmental NCs. Encourage use of tools as Causal Analysis and FMEA (Failure Mode Effect and Analysis).
  7. Creating a lesson learned data base has many advantages. It acts as a historic record for new joiners to learn of past occurrences. Additionally, it has great participatory value connecting each future task as a driver of improvement based on the past. The collective intelligence of the organization is available to the organization and does not vanish when individuals leave the organization.
  8. Some additional points for ISO 9001/ ISO 45001/AS9100 audit preparation:
  • Answer audit questions to the point. Do not volunteer information not sought.
  • Do not be reluctant to ask for your manager/ supervisor to support you if you are not clear on the question.
  • Have the confidence in your professionalism to ask the auditor for the requirement based on which the auditor is planning to raise a NC.
  • Be aware of risks associated with their process and actions taken to address them.
  • Explain the risks in the context of the organization and the context of what the employee does to them.

ISO 9001 certification decline – Does quality still matter?

ISO 9001 certification have seen a decline in the past two years per data from ISO. Some say that the standard has gotten too complicated with the introduction of organizational context, risk-based thinking and the removal of mandatory documented procedures. Even a few of QMII’s clients had considered letting their certification lapse as conformity to the new standard was perceived as too complex.

To certify or not

Let us begin by looking at the purpose of ISO 9001. ISO 9001 provides a framework for organizations looking to put in place a system that will enable them to consistently deliver products/services to customers that meet their requirements and enhance customer satisfaction. ISO 9001 certification is external validation that the system meets the requirements of ISO 9001. However, ISO 9001 allows organizations to use the standard and self-declare conformity without incurring the cost of certification. Many argue that there is no value in doing this. This is probably correct if you are implementing a system to meet a contractual or customer requirement. In these cases, certification is a requirement.

Waning trust in the system

Organizations that implement ISO 9001 for the benefits it will deliver in improved productivity, reduction in process waste and management of risks have seen the bottom line improve with time [1]. If implementing the standard enables consistent quality, why then the reluctance? Perhaps the trust in the ISO 9001 certification process has declined over time. Often have we heard from quality managers of the challenges faced when they raise non-conformities in internal audits. These are often viewed as “finger pointing” exercises since the certification body has already audited and “cleared” (certified) the system.

We have also heard from clients of certification bodies and auditors wanting to view documented evidence of organizational context, stakeholder needs and risks. The standard however does not require these to be documented and leaves it up to the organization to determine the risk of not doing so. Some auditors, however, struggle with auditing undocumented systems and auditing to the new standard [2]. As a result, organizations start documenting their system for the auditors and certification bodies resulting in a system tailored for auditors and  forced down on the organization by auditors. The auditors were to provide inputs to TM (top management) to make better decisions, instead now the auditors and audits have become the product. The system must be designed for the employees not for the auditors. The intent of the standard to act as a preventive tool gets lost in this compliance process.

Supplier audits

Over the past two decades there have been several mergers and acquisitions leading to larger multi-site organizations and perhaps as a result a reduction in certifications. As these organizations have grown, and maybe in part owing to the declining trust in the certification system, they have decided to conduct their own supplier audits. As such suppliers have chosen to let their certification lapse since they are nevertheless being audited by the customer and that is the audit that really counts for them.

Supplier audits are more focused on the customer contractual requirements. Organizations who perceive ISO 9001 as a documentation burden will then only document the parts of the system to meet contractual requirements rather than document the system to meet the organization’s requirements based on ISO 9001. They fail to see that ISO 9001 leaves the extent of system documentation up to the organization and often perceive it as everything needs to be documented.

Conclusion

While quality does matter and customers are still looking to receive a quality product, oft incorrect interpretation of the standard leads many to choose against ISO 9001 certification. At times other certification requirements like CE marking may be more desired and certification to two standards be burdensome. Also methodologies like Six Sigma and Lean have gained prominence. So, ISO 9001 certification gets the boot.

Those looking to gain the benefits of a quality management system need not re-invent the wheel. ISO 9001 provides the framework that essentially reflects business 101. If you do not need ISO 9001 certification then you can self-declare and let the doubters come and assess for themselves. In the meantime, you will still gain from a well implemented management system. Remember, you already have a system that has brought you thus far, align ISO 9001 to your system and not your system to ISO 9001.

[1] Guasch, Luis J.; Racine, Jean-Louis; Sanchez, Isabel; Diop, Makhtar. 2007. Quality systems and standards for a competitive edge (English)

[2]Quality Progress October 2017, Article: The results are in…

ISO 45001 Transition: Change is coming to health and safety

Organizations currently certified to BS OHSAS 18001 have until March 21, 2021 for their ISO 45001 transition. Those who are currently implementing management system conforming to BS OHSAS 18001 will notice some similarities and some differences. Those who are certified to other ISO standards such as ISO 9001 will notice the similarities in the standard owing the use of the High-Level Structure in the new ISO 45001 transition standard. This article discussed the key changes to the standard over the BS OHSAS 18001 requirements. It also highlights certain key aspects for those undertaking an ISO 45001 transition.

Keeping with the High-Level Structure, ISO 45001 in clause 4.1 and 4.2 asks organization to consider the context of their organization or the aspects of their business environment that may impact their operations. The business environment includes both internal and external issues such as new regulatory requirements, new technologies, cultural issues and company values to name a few. Companies need to consider the needs of different relevant stakeholders that may impact their system including the needs of their workers. Organizations are asked to have workers participate in the system development as they complete their ISO 45001 transition.

ISO under the high-level structure has removed the need for preventive action as now the entire standard is designed as a preventive tool. Further to support this is the introduction of risk-based thinking’ both from a strategic perspective and from an operational health and safety perspective. Risk-based thinking and the awareness of personnel of this is key to ISO 45001 transition. There is now a stronger stress of leadership’s role in the system. Leaders must take accountability for the effectiveness of the system and cannot wash their hands of the system. Leaders must not only engage in the system themselves but also engage others as the ISO 45001 transition takes place.. The Clauses under 5 also have a requirement for the consultation and participation of workers. They have to remove the barriers to participation and include even non-managerial workers.

Documents and records are not controlled under the common clause for control of documented information and based on the risk-based thinking there is more freedom allowed with the documentation. Outsources contractors will also need to be controlled within the scope of the system.

Organizations undergoing an ISO 45001 transition, will need to incorporate all these aspects into their system. Care must be exercised when setting up the system to design it around the user and not around the auditor or certification body for the system to be useful in the long run and to drive continual improvement.

Obtaining Top Management Commitment

Who cares about the system? 

Management systems need top management commitment to work well, and yet many systems lack the necessary commitmentYou may recognize some symptomsPolicy – ignoredObjectives  are barely alive. Corrective actions remain open. Managers seem not to appreciate the value of the requirementsEmployees are unsure about the system’s requirementsProactive identification and addressing of risks/opportunities is rareRoot causes of failure remain in the system. Consequently, the system is not improved. Employees are unaware of what the system should do for themManagement reviews are embarrassingLeaders either do not show or do not contribute. Top Management Commitment is lacking. Audits may temporarily energize the playersManagement representatives ask, Am I the only person who really cares?” 

Who trained the leaders? 

Many leaders do not explain their management systemsThey may know the importance of certification, but they rarely explain why their system is vital for survival and growthWhy is this? Examine your internal audit program; is it driven by top management’s objectives?  Audit your training recordsDo they show that leaders are competent and confident to show their top management commitment? Who trained the leaders in their organizational management systemCompetent leaders take responsibility for their systemThey explain how their system works and why its requirements are so important to themUnaware leaders blame employees for mistakes caused by their system. 

Your system, is it perceived as worthy? 

Even if your system is certified, do not expect leaders to support it Every organization is a systemDoes the documented part of this system describe how it converts stakeholder needs into cash (or continued funding)?  Is this the management system that was certified or was it some new ISO system built on templates?  

Is your system irresistible to the leaders?  If notshow how your system converts needs into cash so top managers would not want to lead without itTry our methodology to appreciate how others have developed systems and gained top management commitment beyond certification. Everyone should fulfill their objectives and earn their bonuses by using and improving  the system.  

Awareness Leaders Workshop 

Engage us to design and facilitate your one-day Awareness Leaders Workshop™Select attendees who are leaders by job title and those who are leaders by personalityInclude the skeptics! 

We listen to your objectives and design your workshop to fulfill your required outcomesThis may need  system analysis to result in a diagram that explains how the system converts needs into cash. This  workshop is facilitated by our senior management system consultant and auditor, who for over 20 years  has helped many willing and reluctant managers to understand and commit to their systems. 

Prepare for action 

Remove the root causes of what ails many management systemsYou want your top management commitment  to the requirements of their management systemClear the backlog of stale CARs  and pending actions on identified risks to prepare for the surge of improvements flowing from the renewed leadership of your system 

When you are ready, please email IJ Arora or call 888.357.9001 with your requirements.