Common findings during audits - CALISO Consulting: 100% success rate. Consulting, training and certification services for ISO 9000, MDD, EN 46000, TL 9000 and CE

Common findings during certification audits to ISO 9001:2000: Element 4 Quality Management System No objective evidence that all the processes for the quality management system (QMS) have been identified, nor that their sequence and interaction and criticality have been established: i.e. no overall process maps or list of critical processes. No comprehensive quality manual and applicable procedures or processes driven by training, automated tools, or other planning methods. No document control an record control procedure or process Lack of knowledge or involvement of Top Management in the corrective action system. Lack of understanding or knowledge of the QMS. Element 5 Management Responsibility Objective evidence that top management is not committed to the QMS, is running day to day business on a separate "path" as the QMS, and that they are barely involved and aware of the workings of the QMS. Quality policy is inadequate and does not have any relevance with quality objectives. No quality objectives set to measure effectiveness of relevant processes. No management representative designated with sufficient authority to ensuring the QMS is established, implemented and maintained Incomplete management reviews, and no tracking of action items. Element 6 Resource Management Objective evidence that top management is not committing the appropriate human resources, infrastructures and work environment to implement an effective EMS. I.e. internal and external complaints, and lack of timely actions due to unavailability of resources. No proper identification of qualification and training needs for employees. No evaluation of training effectiveness. Element 7 Product Realization Requirements related to the product are not complete or nonexistent. i.e. product specifications are not available. No evidence or reviews of proposals/quotes, orders and order changes. No process for adequate communication with customers regarding products, complaints, and feedback. No process to adequately control design and development activities, especially in the design and development input stages. No verification and validation of design changes. No evaluation and re-evaluation of critical suppliers. No incoming verification of critical purchases. Processes where no inspection or verifications can be conducted are not validated. Product status in regards to inspection is not systematically maintained. Customer property, especially intellectual property, is not controlled and safeguarded. Measurement devices are not calibrated. Element 8 Measurement, analysis and improvement No evidence of measurements of customer satisfaction. No procedure and lack of evidence of compliant internal audits being conducted. Processes and product are not being monitored effectively to ensure quality. Nonconforming products are not identified or are reworked without being reinspected afterwards. Data is not being collected and analyzed on customer complaints and product conformity in order to demonstrate the suitability of the processes, and drive continual improvement. No systematic evidence of continual improvement i.e. Continual Improvement Plan. No corrective action being conducted. Confusion between corrective and preventive action. Common findings during certification audits to ISO 9001:1994: Element 4.1 Management Responsibility Objective evidence that top management is not committed or involved in the ISO implementation/ adoption process: No Management Review meeting was held. No Management Representative was designated. Lack of knowledge or involvement of Top Management in the corrective action system. Lack of understanding or knowledge of the quality system. Lack of resources committed and identified to meet the ISO 9000 requirements (no verification, audit, or QA personnel. Refusal of expenditures towards meeting calibration requirements etc) Designated ISO/Management Representative has limited knowledge of ISO 9000 requirement or intent. (see Online training). Element 4.2 Quality System Lack of Level 1, 2 and 3 documentation. Canned Manuals and procedures that have nothing to do with company's operation. Element 4.3 Contract Review No actual review of quotes, bids, POs or Sales Orders conducted. No amendments to contracts conducted when an order is going to ship late, incomplete or in deviation of customer specs. No feedback loop from production/planning to adequately conduct a determination of capability before taking and order. No feedback loop from production/planning to adequately conduct amendments to contracts when production is going to deviate from the order requirements (due date, specs, qty etc..) Sales personnel taking orders that they know they cannot really fulfill (due date, specs, qty etc) Element 4.4 Design Control Design Project records not maintained. No evidence of planning and planning updates during design cycle. Planning does not include Design Review, Output, Verification or validation activities. Verbal design inputs are not documented. No evidence of review of the design input. No evidence of design parameters verification or validation. Confusion between design reviews and design verification, or design verification and validation. No complete design cycle conducted. No Configuration Control for software design. Element 4.5 Document and Data Control Working drawings and specs with unauthorized changes such as whiteout, or changes in tolerances/dimensions. Customer supplied drawings or specs with unauthorized changes. Pattern of lack of control of documents such as forms (logs, checklists), internal specs. Xerox copies of documents that are under distribution control such as procedures and work instructions. Obsolete documents at the work place. Uncontrolled postings, markings, and instructions at the workplace. Uncontrolled documents of external origin (ISO, IPC standards) Element 4.6 Purchasing Purchases done verbally with no records of the purchasing data (POs, contracts, specs etc) Purchases conducted with unapproved vendors (subcontractors) for items critical to quality (calibration services, maintenance services, carriers etc) ASL kept but not really used. Product or service nonconformities linked to vendors are not fed-back to Purchasing in order to continuously evaluate vendors. Element 4.7 Control of customer supplied product Customer supplied products not recognized as such, and treated like regular products. Equipment supplied by customers not considered as CSP (computers, inspection equipment). Element 4.8 Identification and traceability Products or material not identified at various stages of the process neither by labels, markings, process documents, nor by location. The employees just know what it is…. Multiple errors in serialization where traceability is a required. Element 4.9 Process Control No Preventive, or Predictive maintenance procedures or records. Lack of effective procedure(s) for scheduling/planning. Lack of quality plans for service companies. Insufficient level 3 documentation to address the process. A lot of recording activities not covered in the work instructions or procedure, and the recording media is not referenced (forms, logs etc) Process parameters specified without allowance for normal variation (range). Element 4.10 Inspection and Testing Inspections conducted without clear inspection criteria in the procedures or in the inspection documents. Inspection documents lacking clear Pass/Fail information. No incoming inspections (PO vs. Packing slip, shipping damages, Qty, C of Cs). No inspections at all when inspections can/should be conducted. Inspection records not kept or maintained as Quality Records. Element 4.11 Calibration Lack of understanding of what needs to be under calibration control. Measuring instruments are usually left out. Recall process managed by calibration vendors not by the supplier. Majority of devices is "For Reference Only"…. No investigation of prior use when a device is found to be out-of-calibration. Test software not under calibration control. Element 4.12 Inspection and Test Status Products at certain stages of the process without any way to tell whether they have been inspected, have passed, or have failed inspection. "The operators just know". Element 4.13 Control of nonconforming product "This is not nonconforming product, this is good product! It is only missing serialization labels!" Products that do not meet a certain requirement (qty, inspection, minor features) not identified as nonconforming. Nonconformities and dispositions not documented. No bug-tracking system/database for software nonconformances. Element 4.14 Corrective and Preventive Action Customer Complaints not logged. No feeding of customer complaints (major or trends) into the Corrective Action system. Product nonconformities (MRB, NCMRs) not linked with the corrective action process. Nobody or few people aware of the Corrective Action System. Top Management not in the loop. Very shallow or nonexistent root-cause analysis. No verification of effectiveness conducted. CAR timelines are not managed and majority is open. "This corrective action is also a preventive action because it prevents the problem from happening again". Confusion between Corrective and Preventive action. (COMMON) Element 4.15 Handling, Storage, Packaging, Preservation and Delivery Products with shelf life, or preservation issues not identified and controlled/protected against deterioration. Chaotic storage system. No procedures for Handling, Storage, Packaging, Preservation, or Delivery. No periodic maintenance and check of ESD systems. 4.16 Control of Quality Records "This is not a Quality record! It has nothing to do with quality." Records stacked, hidden, and/or difficult if not impossible to retrieve. Only completed forms becoming quality records. Quality Records kept in shoeboxes and exposed to damage. 4.17 Internal Quality Audits No CARs issued per internal audit. "Everything was okay!" No complete audit conducted (all applicable ISO elements, all Departments/activities) Element 4.18 Training No training records kept. No training records relating to the quality system: Procedures, Work Instructions, quality Policy. Training needs determination is not related to the quality system. No identification of qualification requirements. Employees not trained on ISO 9000, quality policy or procedures... (see Online training). Element 4.19 Servicing Confusion between maintenance and servicing. Servicing element applicable but not recognized (supplier offering extended warranties, repair services not under warranty). No contract review/amendments on servicing orders. Element 4.20 Statistical Techniques Statistical techniques used but not documented. No statistical techniques used on customer complaints, and product or service nonconformities. ASL kept but not really used. Process without inspections, SPC or product validation. For more detailed information on the ISO 9000 standard and its interpretation consult The Bookstore For Training on ISO 9000 and internal auditing see Online training

CALISO Consulting, LLC 1516 Oak Street, Ste. 312 - Alameda - CA 94501 - Tel .510.864.0463 E-mail: Tiout@calsoconsulting.com Copyright & legal information