There are six (6) implementable clauses within ISO 9001:2015 Quality Management System Standard.
Within this series of posts over the next six weeks we will discuss the requirements to all six clauses and the correct interpretation thereof.
Organizations should note the new requirements to consider improvement with respect to its processes, products and services, and the performance of the quality management system overall. You should continue to seek objective evidence that improvement is taking place. They should note, however, that while improvement does not need to be continual, it does need to be evidenced as occurring.
Auditors should look for evidence that the organization is considering improvement in respect of its processes, products and services, and the performance of the quality management system overall.
In the case of products and services, this is to meet not just known but predicted requirements. They should note that there is no longer a requirement to audit preventive action as a distinct entity.
Auditors should also note the removal of the explicit requirement for the organization to improve its quality management system through the review of the quality policy, quality objectives, audit results, analysis of data and corrective actions, and management review.
If Top management has set realistic process objectives, and there is no evidence of improvement, this information should fed back via the audit report to allow Top management to determine what type of action is appropriate.
10.2 Nonconformity and Corrective Action
The requirements of Clause 10.2.1 are comparable to Clause 8.3 – Control of Non-conforming Product and Clause 8.5.2 – Corrective Action. There is an additional requirement for your organization to determine whether other similar non-conformances exist or have the potential to exist that may affect product, process or QMS conformity. There is also a new requirement for your organisation to determine whether changes to the QMS are required to prevent a reoccurrence.
Regarding Clause 10.2.2, auditors should no longer expect to find a documented corrective action procedure. Your organization should be able to provide evidence that it is fulfilling the requirements of this sub-clause by other means, e.g. by the use of computer-based records.
Note the new requirement to record the nature of non-conformities as well as the subsequent action(s) undertaken. You should ensure that your organization is meeting this additional requirement.
Dealing with Corrective Action
A corrective action should be considered as a reactive response to a problem since it is taken when a non-conformance is detected or upon receipt of a customer complaint. Your organization should first contain the problem and then determine its root cause in order to take appropriate corrective action to prevent the problem’s recurrence.
- Recording corrective actions using the forms provided;
- Performing an initial review;
- Determining causes and the need to take action;
- Implementing action where required;
- Preventing recurrence;
- Evaluating effectiveness;
- Recording the results using the forms provided;
- Examine the effectiveness of corrective actions;
In response to a symptom, evaluate the need for initiating the problem solving process. If necessary, provide an emergency response action to protect the customer and initiate the process.
- The symptom(s) has been defined and quantified;
- The customer(s) who experienced the problem(s)/symptom(s) are identified;
- Measurements taken to quantify the problem(s)/symptom(s);
- Look for a performance gap;
- The cause is unknown;
- Symptom complexity exceeds the ability of one person to resolve.
Establish an investigation team with:
- Process and/or product knowledge;
- Allocated time;
- Authority to solve the problem and implement corrective actions;
- Skill in the required technical disciplines;
- A designated Team Leader.
Define the Problem
Describe the internal/external customer problem by identifying what is wrong and detail the problem in quantifiable terms Define, verify and implement the interim containment action to isolate the effects of the problem from any internal/external customer until permanent corrective actions (PCA) are implemented. Validate the effectiveness of the containment actions.
Select an Interim Containment Action
An interim containment action is kept in place until a verified permanent corrective action can be implemented. In some cases, the interim containment action may be the same as or similar to the emergency response action. However, an emergency response action is implemented with minimal supporting data. An interim containment action provides more opportunity for investigation.
Verify an Interim Containment Action
Any interim containment action you implement must protect the customer from the problem without the introduction any new problems. Also, a single interim containment action may not be enough. You may need to implement more than one interim containment action to fully protect the customer.
An interim containment action can be any action that protects the customer from the problem. However, before you implement an interim containment action, you need to verify that the interim containment action will work. To verify the interim containment action:
- Prove before implementation it protects the customer from the problem;
- Provide a before-and-after comparison;
- Prove that the interim containment action will not introduce any new problems.
Methods of verification may include:
- A test to determine the desired performance level;
- A demonstration that changes eliminated the issue without creating a new problem;
- A comparison between the interim containment action and similar proven actions;
- A review to evaluate whether the interim containment action was effective;
- Assurance that the interim containment action did not introduce a new problem.
Implement an ICA
Conduct trial runs whenever possible. However, in some situations, your verification may simply be a matter of common sense. For example, if an interim containment action involves stopping the shipment of all products, you can be sure that customers will stop experiencing the problem.
You and your team must consider all of the trade-offs connected to your interim containment action. An important part of implementing an interim containment action is planning how you will implement the action. To implement an interim containment action, follow this management cycle:
- Plan (Re-plan);
- Do (Implement);
- Check (Monitor);
- Act (Evaluate);
Identifying the Root-Cause
Isolate and verify the root-cause by testing each possible cause against the problem description and test data. Also isolate and verify the place in the process where the effect of the root-cause should have been detected and contained (escape point).
Complete a Comparative Analysis
The problem description should describe the problems in terms of what, where, when, and how big. The description should contain facts; such as observations and documentary evidence and not assumptions. All information must be gathered before identifying the root-cause can begin. Make sure both of the above factors are true before you move to the next step. Consider any new information that the team may have gathered since completing the initial problem description.
Once you have reviewed the problem description, you can begin a comparative analysis. A comparative analysis will help you identify relevant changes in a change-induced situation. Then you can reduce the number of possibilities that you must consider to determine root-cause. To complete a comparative analysis:
- Ask yourself; what is unique, peculiar, different, or unusual about the symptoms?
- Consider features such as people, processes, materials, machines and the environment;
- List all facts without prejudice as to the possible cause.
Consider each difference you listed, and look for changes, ask yourself:
- What has changed to give rise to this difference?
- Keep in mind that each difference may not have a corresponding change;
- List the changes next to the difference;
- Look at the dates each change occurred;
- Eliminate some changes if they occurred after the problem started;
- Consider categories of people, machines, processes or measurements;
If the problem is change-induced, the root-cause must be the result of a change relative to one or more of the identified changes. It is important to remember that you have not yet moved from the ‘observations’ phase of the process. Any information you develop during the comparative analysis must be fact based, not opinion based and must be true only for the symptoms information. Do not rule out any facts that might be valid answers. If it is a fact and it answers the question, write it down.
Develop Root-cause Theories
Now that you have narrowed down the possible root-causes, you need to develop theories about how the problem occurred. Theories are statements that describe how a change may have created the problem. To develop root-cause theories:
- Use brainstorming techniques to generate ideas;
- Ask: ‘how could this change have caused the problem?’
- Continue to ask the question until all possible theories are developed;
- List at least one theory for each change;
- List each theory individually on a worksheet;
- List every possibility, no matter how strange or unlikely;
- Don’t reject or qualify any theory;
- Start with the simplest single change theory first;
- Then work up to more complex theories;
- Be specific; don’t use generalities such as ‘poor quality’ or ‘doesn’t work’.
Test the Theories
To test the theory, do the following:
- Ask, ‘Does this theory explain the symptoms and data, if so how?’
- Test the theory against each individual condition.
If a theory explains the problem, but lacks information necessary to explain why it happened, gather more data:
- Gather more data to prove or disprove these theories;
- Test simple (single change) theories first;
- Test highly complex or interactive theories last.
The root-cause must explain all known data. Any theories that pass the trial run are the most likely causes. If only one theory passes the trial run then verify this theory as the root-cause. However, more than one theory may pass the trial run. In those cases (and when practical and feasible), collect and analyze any missing data for uncertain theories and re-examine information to resolve uncertainties.
If additional information reveals that a theory cannot fully explain why the problem happened eliminate it from consideration. If it is not feasible to gather and evaluate additional information, try to verify each remaining theory. Start verification with the theory that best explains the symptoms.
Verify the Root-Cause
Once you have determined the most likely cause(s), verify that it actually causes the problem. Verification is the proof you need to confirm that you have identified the root-cause. Verification is done passively and actively. Passive verification is done by observation:
- Look for the presence of the root-cause without changing anything;
- If you cannot prove root-cause, then the identified cause is not the root-cause.
Active verification is done by manipulating the root-cause variable:
- Implement and remove the root-cause variable to make the problem ‘come and go’;
- Both ‘coming’ and ‘going’ are essential tests to confirm the root-cause;
- There can be more than one verified root-cause.
Determine and Verify the Escape Point
After you have determined and verified the root-cause, you need to determine the escape point of the problem. An escape point is the point closest to the root-cause at which the problem could have been detected but was not.
A control system is a system deployed to monitor the product/process and ensure compliance to quality requirements. A control system consists of responsibilities, procedures, and resources. A control point is a location within the control system at which the product/process is checked for compliance to the quality standards.
A product or process may have more than one control point within the system. When you identify the escape point, you can work to improve or establish a system to ensure that if problems occur, they will not go undetected. To understand how the problem escaped and to identify the escape point:
- Review the process; focus on the part of the process where the root-cause occurred;
- Determine if a control system exists to detect the problem.
If none exists, the development of a new control system must be considered as part of the problem solution. If a control system currently exists:
- Identify the control point closest to the root-cause;
- Determine if the control point is capable of detecting the problem.
If the control system is not capable, the development of an improved system must be part of the problem solution. If the control point is capable of detecting the problem, then the control point is the verified escape point. Choose and verify permanent corrective actions for the root-cause and the escape point.
Select the best permanent corrective action to remove the root-cause and select the best permanent corrective action to eliminate the escape point. Verify that both decisions will be successful when implemented without causing undesirable effects. Steps for permanent corrective actions (PCA) selection:
- Establish decision criteria, e.g. what is feasible;
- Identify possible actions;
- Choose the most appropriate permanent corrective action (PCA);
- Test and verify the permanent corrective action;
- Re-evaluate the ICA & PCA for the escape point.
Implementing & Validating Permanent Corrective Actions
Plan and implement selected permanent corrective actions. Remove the interim containment action and monitor the long-term results. Steps for PCA implementation:
- Develop Action Plan for PCA;
- Implement the PCA Plan;
- Remove the ICA;
- Evaluate the PCA for escape point;
- Perform validation;
- Confirm with the customer that the symptom has been eliminated.
Modify the necessary systems, policies, practices and procedures to prevent recurrence of this problem and similar ones. Make recommendations for systemic improvements as necessary:
- Review the history of the problem;
- Analyze how the problem occurred and escaped;
- Identify affected parties;
- Identify opportunities for similar problems to occur and escape;
- Identify practices and procedures that allowed the problem to occur;
- Identify practices/procedures that allowed the problem to escape to the customer;
- Analyze how similar problems could be addressed;
- Identify and choose appropriate preventive actions;
- Verify preventive action and its effectiveness;
- Develop action plan;
- Implement preventive actions;
- Present systemic preventive recommendations to the process owner.
Serious consequences may occur when the underlying symptoms are not addressed, when the quick fix is accepted as a final, permanent solution. Excessive reliance on containment or emergency response action will create a repeating cycle. Problem containment is an addiction that will only get worse until root-causes are found and addressed.
Join our mailing list to receive upcoming posts: https://www.isoqar.co.za/