Interested Parties

Management requires everyone to work together for quality

Management requires everyone to work together for quality

Context of the Organization – Interested Parties

This is one way of looking at Interested Parties. Other consultants look at it differently. You need to decide what works best in your company.

Scope, requirement hasn’t changed, Assume you reviewed it and it accurately represents your organization

Who are the interested parties?

This changes from company to company only you can determine who the interested parties are. In previous revisions of ISO we were mostly concerned with  the customer with some interest in our suppliers and our employees. But nothing was formalized and there wasn’t a direct consideration of risk/opportunity.

¡  People who have a stake in what and how your organization performs in producing products or services which meet the customers’ requirements

¡  Are relevant to the QMS

While section 4.2 of the ISO 9001:2015 standard does not require you to identify the risks and opportunities, they should be included in section 6.1. So we’ll go over that now and save repetition later.

Risk negative or positive, ISO 31000, 14001 opportunity, Interested Parties can be both

Here is a side point in ISO 9001 risk is considered to be either negative or positive. In ISO 31000 and ISO 14001 they consider risk as negative and opportunity as positive. Keep that point in the back of your mind in-case an auditor challenges the term “opportunity” and be prepared to say in your company opportunity means positive risk. You can use whatever name you want. I have a client who names quality objectives as “rocks”. It is a term everyone there knows and understands and it meets the standards requirements for quality objectives so the auditors don’t challenge the name.

Interested Parties effect the QMS

Interested parties effect the QMS. This is important because this may or may not include the customer, the end users and your competitors.

One way to look for Interested Parties is to consider the  following areas. Again you may not have all of these and you may think of some not included in this presentation. It is up to you to identify the interested parties for your company.

  • Suppliers – Providers of raw material, components, sub-assemblies, finished product and services
  • Internal groups – Employees, unions, stock holders, management
  • Intermediaries – The most common is a distributor but there are also aftermarket service groups
  • Alliances – A bank may recommend a consultant they think will increase the company’s profitability, while the consultant may recommend a bank to clients who are having banking issues
  • Influencers – Think of peer groups, councils, chambers of commerce

Organizing Interested Parties

There is more to be done than just list the interested parties. Some of the interested parties can provide both a risk and an opportunity. For example a supplier performance issue presents a risk to you meeting your customers’ requirements. However, if they are a leader in their industry they could provide you with a competitive advantage with a new product none of your competitors has access to use.

Slide 10 – Risks and opportunities

So let’s start the table.

Interested Party Concern Risk Opportunity
Suppliers Their reputation and quality/delivery/price influences yours Nonconformance Superior performance
Employees Is it stable? Do they have pride of workmanship? Controls product quality Source of innovation
Shareholders Source of investments, company direction Looking for short term ROI Supports re-investing
Community Impact on your reputation, and ability to produce Demands which reduce profits Promotes development
Intermediaries Increased sales, impacts your reputation Damage to product More contacts/sales
Alliances Increased opportunities, concerns for reputation Your reputation is tied to theirs Increased sales
Interested party Concern Risk Opportunity
Influencers Is their advice of value Different frame of reference Wide range of experience
Regulators Compliance Not managing changes Good rating
Certifying bodies  Do they understand the organization and the standard(s) Dependent on auditor training Global view of QMS

 

You get the idea.

Controlling Risk from Interested Parties

Now that you have a list of your interested parties and the concern or impact they have on your company with the inherent risks or opportunities, you need to monitor and control your risk and capitalize on your opportunities. So let’s add a column.

Interested Party Risk Opportunity Monitor
Suppliers Nonconformance Superior performance Annual performance review/ random inspection
Employees Controls product quality Source of innovation Annual performance review
Shareholders Looking for short term ROI Supports re-investing Review BOD reports
Community Demands which reduce profits Promotes development Community newsletters, membership in community organizations
Intermediaries Damage to product More contacts/sales Reports of NC and Sales
Alliances Your reputation is tied to theirs Increased sales Monitor press releases Qtrly Sales
Influencers Different frame of reference Wide range of experience Monthly meetings
Regulators Not managing changes Good rating Regulator updates/ ratings
Certifying bodies Dependent on auditor training Global view of QMS Annual surveillance audit

 

 

Of course these controls are typical examples and you should define what works for your company. The point is you should have a way to monitor and address risk and capitalize on opportunities.

Documenting Interested Parties

When the auditor arrives they are going to ask, “Who are your interested parties?” There is no requirement in the standard that you list interested parties.

You must communicate to your organization who are the interested parties and how they will be monitored.

So when identifying Interested Parties think about who affects or has the potential to affect your QMS

Let your common sense guide you on identifying the Interested Parties, Don’t worry, you can do this. If you need help, e-mail me at technacon1986@sbcglobal.net or call (708) 814-3685.

The next presentations will be on internal and external influences.

Documented Information

Can we throw out our procedures or are we still locked in?

Can we throw out our procedures or are we still locked in?

ISO 9001:2015 and Documented Information

The first thing we heard about ISO 9001:2015 version was no more need for procedures, quality manuals or records. Hurray, hold a bonfire in the parking lot!

Hold the matches. We now have documented information in place of procedures, manuals and records. So is this an “I gotcha” on the part of ISO?

Not necessarily. Jump into the standard at section 7.4 Communication which says “The organization [your company] shall determine the internal and external communications relevant to the quality management system, including:

  1. a) on what it will communicate;
  2. b) when to communicate;
  3. c) with whom to communicate;
  4. d) how to communicate;
  5. e) who communicates.

This gives the company the leeway to communicate in manners other than written procedures. For example instead of having a Work Instruction on how to assemble a product or complete a form, the company could have a video employees could reference instead.

Where is Documented Information required?

In the ISO 9001:2008 there are 6 documented procedures. That is all you needed. So what about the 2015 revision?

Thumbing through the standard I found a requirement for documented information as follows:

  • 4.3 Determining the scope of the quality management system – “The scope of the organization’s quality management system shall be available and be maintained as documented information”
  • 4.4.2 To the extent necessary, the organization shall:

o   maintain documented information to support the operation of its process

o   retain documented information to have confidence that the processes are being carried out as planned

  • 5.2.2 Communicating the quality policy – “The quality policy shall be available and maintained as documented information
  • 6.2.1 Quality objectives and planning to achieve them – The organization shall maintain documented information on the quality objectives.
  • 7.1.5.1 General [Monitoring and measuring resources] -The organization shall retain appropriate documented information as evidence of fitness for purpose of the monitoring and measurement resources.
  • 7.2 Competence d) Retain appropriate documented information as evidence of competence
  • 7.5.1 General [Documented Information] –The organization’s quality management system shall include documented information required by this International Standard and documented information determined by the organization as being necessary for the effectiveness of the quality management system
  • 7.5.3.1 [Control of documented information]Documented information required by the quality management system and by this International Standard shall be controlled…..
  • 7.5.3.2 [Control of documented information]Documented information of external origin determined by the organization to be necessary for the planning and operation of the quality management system shall be identified as appropriate, and be controlled.
  • 8.1 Operational planning and control e)1) and 2) -The organization shall plan, implement and control the processes needed to meet the requirements for the provision of products and services, and to implement the actions determined in Clause 6 by: determining, maintaining and retaining documented information to the extent necessary to have confidence the processes have been carried out as planned and to demonstrate the conformity of products and services to their requirements
  • 8.2.3.2 [Review of the requirements for products and services] – The organization shall retain documented information as applicable on the results of the review and on any new requirements for the products and services.
  • 8.3.2 Design and development planning j) – the documented information needed to demonstrate that the design and development requirements have been met.
  • 8.3.3 Design and development inputs – The organization shall retain documented information on design and development inputs
  • 8.3.4 Design and development controls f) – The organization shall apply controls to the design and development process to ensure that documented information of these activities [a-e] is retained
  • 8.3.5 Design and development outputs – The organization shall retain documented information on design and development outputs
  • 8.3.6 Design and development changes – The organization shall retain documented information on design and development changes and the results of reviews and the authorization of the changes and the actions taken to prevent adverse impacts
  • 8.4.1 General [Control of externally provided processes, products and services] – The organization shall determine and apply criteria for the evaluation, selection, monitoring of performance and re-evaluation of external providers based on their ability to provide processes or products and services in accordance with the requirement. The organization shall retain documented information of these activities and any necessary actions arising from their evaluations.
  • 8.5.1 Control of production and service provision a) – Controlled conditions shall include, as applicable the availability of documented information that defines the characteristics of the products to be produced, the services to be provided, or the activities to be performed and the results to be achieved;
  • 8.5.2 Identification and traceability – The organization shall control the unique identification of the outputs when traceability is a requirement, and shall retain the documented information necessary to enable traceability.
  • 8.5.3 Property belonging to customers or external providers – When the property of a customer or external provider is lost, damaged, or otherwise found to be unsuitable for use, the organization shall report this to the customer or external provider and retain documented information on what has occurred.
  • 8.5.6 Control of changes – The organization shall retain documented information describing the  results of the review of changes, the person(s) authorizing the change, and any necessary actions arising from the review.
  • 8.6 Release of products and services -The organization shall retain documented information on the release of products and services. The documented information shall include evidence of conformity with the acceptance criteria and traceability to the person (s) authorizing the release.
  • 8.7.2 [Control of non-conforming outputs] – The organization shall retain documented information that describes the nonconformity, describes the actions taken, describes and concessions obtained, and identifies the authority deciding the action in respect of the non-conformity.
  • 9.1.1 General [Monitoring, measurement, analysis and evaluation] – The organization shall retain appropriate documented information as evidence of the results.
  • 9.2.2 [Internal audits] – The organization shall retain documented information as evidence for the implementation of the audit program and the audit results.
  • 9.3.3 Management review outputs – The organization shall retain documented information as evidence of the results of management reviews.
  • 10.2.2 [Nonconformity and corrective action] – The organization shall retain documented information as evidence of the nature of the nonconformities and any subsequent actions taken and the results of corrective action.

              Whew! That was a lot of documented information, about 30 by my count. So what does this mean, do we need 30 procedures now instead of six or zero as some consultants are claiming?

The Clues as to What to do for Documented Information

Retain Documented Information

First look for the word “retain” before documented information. In most cases this was a “record” in the 2008 version and about 2/3 of the referenced documented information requires information be retained.

If you have an ERP system or a design program or a project program or a database program which automatically retains information such as product test results and release authority there is no need for a procedure or manual directing you to save the data, your system does this for you. If there is not an automated system than there must be some way to communicate, “save this stuff this way”. Does it need to be a procedure? No, but a procedure may be the simplest and easiest method of communication.

The Other 1/3

So let’s look at the other 10 or so requirements of documented information.

  • Scope of the quality management system (QMS). Hopefully your QMS is part of the company’s strategic planning, if not there are some more basic issues going on which need to be addressed first. So the scope could be part of the strategic plan. It could also be addressed in a risk/opportunity matrix. Or it could simply be part of the company quality manual. Many companies will need to continue to provide a quality manual because it is a customer requirement. Do they need to regurgitate the standard? No. Put in them the information the standard and your customers require. Organize it to make sense to you, your customers, employees, regulators and any other interested party your company has identified.
  • The quality policy is documented information. It can be posted throughout the company via electronic message boards or bulletin boards. Ta da! You’ve got it. Of course the company will want to note which bulletin boards have it in case of an update, not all companies have electronic message boards.
  • Quality objectives and planning to achieve them should already be in place. An easy way to maintain them is with a project program like Basecamp. However, such a program isn’t necessary. It can simply be part of the management review minutes.
  • Information required by the standard and the organization must be controlled. This includes documents of external origin. So if there is data or communications which is vital to your QMS or that the standard tells the company it must have, it needs to exist and be protected against unauthorized changes. What this information is and how it is to be handled must be communicated. So if a video works, great. If a procedure is the answer, great. If the information is a regulation or a statute  than a link to the source of the information may be effective.
  • Documented information that the design requirements have been met will include specifications and drawings and records of design reviews. Again, this may be done with a specific program or communicated with a procedure.
  • Control of externally supplied products and services requires retained documented information about how suppliers are managed, evaluated and controlled. It is important to suppliers to have this information as well as retaining documented information so a system must be in place to control suppliers. A video might do a good job of explaining this or an e-mail or a procedure.

Summary

While procedures are no longer required, they may be the easiest and clearest form of communication for the who, what, where, when, why, and how of an activity. It is acceptable to have new and innovative ideas to communicate and retain documented information. So let’s hear your input. If you didn’t have to have a procedure how would you handle documented information?