TITLE: ISO-9000 on a shoestring -
by Saul KinderisThe Pacific Manufacturing Groups approach to ISO-9000 compliance & registration.
The Pacific Manufacturing Group is a manufacturing cooperative composed of 7 small companies in the Pacific Northwest. Several of the shops do a significant percentage of business overseas and found themselves asking the fifty thousand dollar question. How to achieve ISO-9000 compliance and registration without spending a $50,000 or more. Another major issue was determining how to use it as a business tool for increasing efficiency, profitability and product quality rather than allowing it to become another bureaucratic money eater, of which we've all seen plenty. With an initial self survey in which everyone claimed that they were in compliance, we decided that a better survey was in order. After several false starts we got the ball rolling in early 1994 with a self assessment survey (see attached). With the surveys completed we evaluated everyone’s commitment and formulated a game plan, with three of the shops electing to continue with the project.
The next stage entailed several decisions, we had to decide between registration and certification. Both involve passing ISO-9000 audits conducted by a certified lead assessor, the difference being that for registration the auditor is under contract to a third party registrar vs. with you directly. This adds at least several thousand dollars to the cost and more typically $5,000 and up vs. direct contract. This doesn't address , of course, the value of being registered and listed in the directory of ISO-9000 registered companies. It also neglects the value of having a "fresh set of eyes" look over your processes, as happens during an outside audit. Another issue is that certification as opposed to registration will not satisfy contractual or legal requirements, where they exist, which require registration. Since none of our shops had such a requirement and the certification process would serve the function of a pre-audit and internal training, we decided that it would be a cost effective approach. With that in mind we developed our objectives and implementation plan.
Objective: Accomplishing ISO-9000 compliance, training and registration at the lowest possible cost, by working together as a co-op/network. We calculated an expected direct cost of under $2,500 per company plus employee time. With a goal of being compliant and passing our initial audits by November of 1994. Expected paybacks are in the areas of reduced product liability (design control) and reduced wastage in departments that currently are exempt from cost of quality accountability (i.e. accounting, engineering and programming - areas where goals are not stated & effectiveness not tracked, which have a direct impact on product quality). We plan on utilizing the ISO program as a tool to increase profitability and not just as a marketing tool.
Our Plan - Partnering with several other companies to reduce costs and increase the knowledge base. We would train several individuals as Certified Lead Assessors and train the other managers in Internal auditing. This would then allow us to trade audit hours and avoid the direct expense of outside consulting. The individuals taking the training would have to do the balance of the certification work themselves. (We want to be able to tell our customers that the audit was done by a CLA.) We also looked at the option of hiring a CLA directly, but felt that due to the ongoing nature of the program we needed to increase our own talent pool instead, even though this would take people away from their current duties. After completing the training we would work as a group to develop procedures and training programs for each company and combine for training, consulting and registration bids as needed.
PMG ISO-9000 action plan & schedule - Excerpts
June 1994
1st Step - Auditor Training - practice audit - audit a major supplier. Goals -
1. Satisfy customer (BCAC,FAA,FDA) requirements of auditing your suppliers to determine conformance & capability.
2. Get all members of team to a basic level of understanding of the audit process.
July 1994
2nd Step - Auditor Training - practice audit - do preliminary gap analysis of each others shops, looking
for areas of obvious nonconformance, both in planning and in practice.
1. Satisfy customer requirements of auditing your own site
2. Help us each develop an action plan addressing what major changes will need to be made and get the
people who own those processes involved in thinking about how they would like to make them.
3. Continue to build everyone’s audit experience.
a. Review QA & Procedure manuals + Site tour
b. Inform management of audit scope & procedures
c. Use standard format and checklists to conduct audit
I Note what is covered in written procedures
II What is done in actual practice
III What objective evidence is available
August 1994
3rd Step - Brainstorm solutions to problems that were noted
4th Step - Take one week long CLA class
5th Step - complete our gap analysis audits of each others companies and address those items which were
overlooked previously.
September 1994
Review and revise this action plan: Address items such as employee training programs, develop individual
company and group "work on lists"
PACIFIC MANUFACTURING GROUP ISO-9000 Self Survey Questionnaire - Excerpts
For those of you who think your system is in compliance with ISO-9000 or any other specification I'll give
you a few examples of typical problems that crop up during a thorough audit.
Examples:
1. Qualified Supplier List - most of us have a statement somewhere in our QA manual that we will only
purchase products and processing from qualified sources and that we will determine their approval status.
We then either fail to document their status & how it was achieved (i.e. standard supplier site survey
audit or self audit) or purchase material and processing from non approved sources. If this section isn't
carefully written it will either be too vague or it will needlessly tie your hands.
2. Corrective Action - We all state that we will investigate the cause of a non-conformance and implement
corrective action, yet how many of us have proof that we actually executed the corrective action as stated,
prevented the same problem from occurring on another job, or even made sure it was filled out. What kind of evidence do we have that the cause was in fact the cause and not just a fanciful guess? Do you have proof
that the corrective action taken was in fact effective?
3. Tool Calibrations - Do your procedures actually conform to MIL-STD-45662? Do your records show
traceability to NIST? Do you for instance check the faces of a micrometer in a way that will detect
wear(i.e. optical flat or calibrated ball)?
4. Do you state in your manual that all MRB authority lies with the customer and yet disposition parts "use
as is" on a tag?
5. Do you actually have copies of the standards that you spec your material to(i.e. BMS 7-186 which then
calls out QQA-367 for aluminum forgings or AMS 5659 for steel), and do you actually know if your copy is
the latest revision? Do you call out Mag inspect per Mil-Std-1949 ? (it's obsolete).If you don't have these
and other specs how do you verify that you actually received the correct material? How do you interpret
test reports? If a supplier sent you material manufactured to an old revision would you know?
6. Do you hold a certain level of quality for one customer and a different one for another, and yet state in your manual that you are making everything to a single quality standard?
7. Do you understand risk or cost analysis of defective processes so that corrective action responses are commensurate with the risk presented?
8. Do you have a documented employee training program, that addresses the skills needed to perform the job? Do you use statistical methods or other means to determine what training is necessary based on results?
These are all items you would want to address before you spend your hard earned money on ISO-9000 registration.
Saul Kinderis, in addition to his work as the Quality Program Implementation Leader for the Pacific Manufacturing Group, is the Quality Assurance Manager at Precision Technology Corporation in Woodinville, Washington . He is an ASQC Certified Quality Engineer and a trained ISO-9000 lead assessor with his RAB certification pending with the Registrar Accreditation Board of the U.S.A. If you would like additional Information he may be reached at (206)363-2512 or (206)0481-1718. Address Mail to PO Box 2221, Bothell, Wa 98041
SUMMARY of Presentation to NTMA Fall Conference 1995, Hilton Head S.C.
by Saul Kinderis
THE OPTIONS
Registration
Hiring a Certified Auditor Directly
Forming a Network and Sharing Audit Skills
Compliance - Internal auditing only
THE BENEFITS OF ISO-9000 FOR A SMALL COMPANY
Defining your processes and understanding what you are doing and what the obstacles are.
Internal Audits and Peer Pressure.
Management Review vs. let QC take care of it.
Corrective Action and Preventative Action vs. Operator Error.
External Audits and what a fresh set of eyes can see.
THE COSTS
Internal Costs - doing all this in addition to your regular job:
Analyzing; Training; Documenting; Auditing
External Costs:
Books, Videos, Other Training Materials; Consultants; Seminars; Classes; Registration.
Note: If your company does business that has been impacted by foreign trade you may be eligible for a federal grant through the trade adjustment act, contact your local office for additional information.
SUMMARY OF EXTERNAL COSTS BY OPTION
REGISTRATION - For a company of 35 or fewer employees
First Year $6,000 to $8,000
Thereafter $1,500 to $3,000 per year
HIRING A CERTIFIED AUDITOR DIRECTLY
First Year $2,000 to $3,000
Thereafter $800 to $2,000 per year
FORMING A NETWORK & SHARING AUDIT SKILLS
First Year $1,000 to $2,000
Thereafter $200-$600 per year
COMPLIANCE - Internal Auditing Only
First Year $1,000 to $2,000
Thereafter $200-$600 per year
TYPICAL MISTAKES - The Road to Ruin & Beyond
Doing ISO to do it and not because it makes sense for you.
Over Documentation and Bureaucracy
Not Understanding the Specification
Expecting QC to "do it"