Q&A With Sarah Stuart: Continue With ISO/AS9100 Implementation?
Here is a question that we receive quite a lot. In fact, a current client asked us this exact same question yesterday.
Question: My team is telling me to not keep going with our ISO/AS9100 implementation. They say we don’t have time to make things perfect. We have come so far? What should I do?
I spoke some of our Impact Washington Resource Partners about this subject. We all agreed on the answer to this question. Before I begin the discussion, it is important to know that some of these men and women have been performing 3rd party certifications for Registrars for many years. The rest of us have been successfully helping companies implement management systems compliant to ISO 9001/AS9100 for – ahem – decades. My point in raising these credentials is that, while we all agree on the answer, none of our clients normally believe us. This is because the answer is too easy.
Most recently, I had this conversation again with W.S. “Scott” Henry. Scott have been an auditor for 3rd party certifying bodies for the past 14 years. He has performed over 400 audits to ISO 9001, AS9100, and AS9120. Here is our answer: Make sure you have the required documentation (procedures and records) covered, and then proceed forward with processes you have. It will be okay. Registration is not about perfection and documenting everything, it is about continuous improvement. There is great value to be gained to improving your business from the certification process itself.
First, there are two myths that we need to squash concerning ISO 9001/AS9100.
Myth 1: I can’t get certified if I haven’t documented all my processes.
Fact: This is technical, but bear with me. The standards make a distinction between retained documentation and maintained documentation. Retained documentation is your records. Depending on the standard and your business there are only 13-15 records you must retain. Maintained documentation is your Quality Manual, Procedures, and Work Instructions. This is what is important. To attain your certification, you must have your 13-15 required records under control to prove you did what you said you would do. You DO NOT need to maintain procedures for every process. There are a few required, but this 1-3 at the most. You only need to have procedures if it improves the effectiveness of the process. In other words, if a procedure will help you achieve an effective process with the records to prove it, you should write it. If no one is ever going to read it, and the work will be accomplished just fine then you don’t need to document.
In fact, auditors expect this to be an iterative process of continuous improvement. Overtime, with effective internal and external audits, you will learn where more robust documentation is required to fulfill customer orders. In other words, the processes required by the standard will help you build a system at is effective and right sized for you.
Myth 2: The auditor is going to be super hard on us and we need to be perfect.
Fact: There is nothing more that auditors love than an imperfect process that has been recognized with a Corrective Action or Continuous Improvement Project documented and in work (Corrective Action is one of the 13-15 records). These actions should be truly in work with the company doing the right thing. Seriously, registration auditors love this because it means your Management System is working.
The auditing process itself normally brings on this misconception. All of my colleagues do this to our clients. Part of how we judge process effectiveness (after looking at the 13-15 required records), is to poke around the edges. We ask, “What if this happened, what if that happened, and how would you handle this?” It is a method of determining whether the Process Leader has considered risk. In no way shape or form are we asking the client to change their process when the likelihood or severity of risk is very small. Still, if we don’t ask, we can’t tell if risk has been considered. If you were to achieve perfection and mitigate every remote or little risk, your management system would become bloated and not Lean. We don’t expect or want this.
The result of this that some clients consider the registration audit as a “pass/fail” event. It is far from this. If the finding is not about not having required documentation, all that is that is required is that you fix the problem and move on. Usually this can be accomplished remotely. It is not unusual to have multiple cycles to find a good solution that is effective and sticks. Auditors expect this and embrace this because it shows your Management System is working.
When your employees say they are not ready, perform an audit on the documentation required by the standard (this is the 13-15 required records and a few procedures). This audit should take about 4 hours. The records are there and effective, or they are not. It is easy to discern. If those process records are in order, set up your registration audit with your certifying body for 3-4 months out.
As soon as possible, perform your full system internal audit and find those places where things can be improved and/or waste eliminated. Initiate your corrective action system for the things you find. If you have your required records covered, 90% of the time you will find the requirement that was causing consternation is self-induced and could be Leaned-out. If you implemented a requirement and no one is doing it, but yet the process is still effective, that is waste. Eliminate it. This is the beauty of internal audits. Embrace your internal audit process as a way to identify waste.
Here is one last comment. After your 13-15 items of required documentation is working well (are you hearing a theme), you may find that your employees may have made the implementation harder than it should be. No business is perfect. That is not the point. A world class business monitors its business processes and constantly improves them. That is what the standard requires. Don’t get lost in the detail.
If you wish to have your situation reviewed, please contact us at www.impactwashington.org. We would be happy to stop by and help.
from Impact Washington is adding this because there are three required records that are not rocket science, but they take time. Keep an eye on these if your employees are telling you these are the ones that are not ready. They are:
1) Evidence of Employee Competence
2) Evidence of External Provider Criteria Approval
3) Evidence of Fitness of Use for Measuring Instruments and Software (Calibration)
Our recommendation is to still do the audit of the required documentation and make sure the processes above are not going above and beyond the standard. Wait for these records to be in control before seeking certification, but don’t forget the other 10-12 required records.
P.P.S From Sarah Stuart: If your employees have asked to put the certification on hold and it is not about one of the three records above, more than likely they are at an impasse of how much control is appropriate. This is a different problem. Email us at www.impactwashington.org if you want us to reach out to our experts for their thoughts on this subject. If this is appealing, we will reach out to our Lean Experts, our Human Performance Experts, and our ISO experts.
W. S. “Scott” Henry
Scott has performed over 400 3rd-party audits to ISO 9001, AS9100 and AS9120 standard over the past 14+ years. He worked as a buyer and quality engineering tech for a highly-regulated company doing design, manufacturing and post-delivery support of transport products. Completed projects have resulted in improved process and product performance, reduced waste and decreased need for customer and regulatory oversight. He is most familiar with manufacturing , test and inspection of basic metals, electrical and electronic equipment, transport aircraft and composite materials. He also has experience in auditing companies doing warehousing and distribution and those providing design and/or project management services.