How to Write an ISO 9001 or ISO TS29001/API Q1 Quality Policy

Posted on January 28, 2012 by Bill

First things first, there’s no difference between writing a quality policy for an ISO 9001 or an ISO TS29001/API Q1 quality management system. Next, there’s no established or preferred format for writing a quality policy.

Your organization’s quality policy can be as detailed or as brief as your organization chooses to make it. However, it must reflect the purpose of the organization and set the framework for quality objectives and continual improvement of the quality management system.

It’s also important for the quality policy to state the organization’s commitment to its customers, stake holders and to comply with customer, industry (regulatory) and any applicable local, state or federal (statutory) requirements.

Ensure your organization’s quality policy includes reference to the following two key statements:
1. Top management’s commitment to meet requirements.
2. Top management’s commitment to continually improve the effectiveness of the quality management system.

The following is an example of an ISO 9001 or ISO TS29001/API Q1 quality policy.
“ACME Widget Company is committed to providing its customers with products and services that will meet or exceed their expectations for quality, on-time deliveries and value.
Our top management is committed to complying with requirements and continually improving the effectiveness of the quality management system.”
Remember, the bottom line is to write a quality policy that actually describes your organization’s purpose and top management’s commitment to meet requirements and continually improve the effectiveness of the quality management system.
I hope this helps!

ISO 9001 Response Time Requirements

Posted on January 16, 2012 by Bill

Question: Recently, a new firm began auditing our organization, and I’m noticing differences in requirements compared with our previous auditor. At the closing of an annual surveillance audit for a three-year certificate, if a nonconformance is issued at the closing meeting:
• What is the expectation for response to the auditor for a minor nonconformance and a major nonconformance?
• How many days are expected for the initial response for each?
• How many times during the next 12 months should we expect the auditor to revisit the site to verify corrective action for each?
Deborah M.
Grand Rapids, MI

Answer: Clause 8.2 of ISO 9001:2008, internal audits, does not specify or prescribe any time limits. Clause 8.2.2 only requires the management for the responsible area—the process owner—to take corrective action without undue delay. With regard to audit follow-up visits, this depends strictly on the registrar or other auditing body. Some auditing bodies will follow up on closed corrective action reports during their next scheduled surveillance audit. This allows enough time for the organization to evaluate the effectiveness of the corrective action taken.
In most cases, the Auditee is required to complete the correction action report identifying the root cause and the corrective actions taken to prevent a recurrence. This information is assessed by the auditing body to confirm that a root cause was identified and that the action taken matches the root cause. This is normally done in the form of a desk review. Due to the costs involved and other logistics, it’s rare for any auditing body to want to come out to verify each corrective action taken. This is usually something for the internal audit staff to perform as part of its audit activities.
I hope this helps.
Bill
Bill Aston
Managing Director
Aston Technical Consulting Services
Kingwood, TX

API Q1 Versus ISO TS29001 QMS Certification

Posted on January 12, 2012 by Bill

QuestionRobert Meyer asks the following about APIQ1.
As this standard was developed by API and basically covers the requirements ISO 9001 and ISO TS 29001, is the API the only company that can provided certification?  Can this certification be obtained from another certification body or registrar?  Thanks for your kind answer.

Answer:  Hello Robert,  Thanks for contacting us. The API is the only registrar that can provide APIQ1 QMS certification which authorizes the application of the APIQ1 Monogram.  The APIQ1 and ISO TS29001 standards are identical, with exception of Annex A which is specific to the APIQ1 monogram and not included as a part of the ISO TS29001 standard.  ISO TS29001 QMS certification can be obtained from other registrars, not just the API.

I hope this helps.

Best regards,

Bill

An International Standard or format for API Q1 Management Reviews?

Posted on October 24, 2011 by Bill

QUESTION:

Fayyaz asks the following about APIQ1 :
Dear Sir
Kindly let me know that is there any INTERNATIONAL STANDARD or guideline for conducting API Q1 management reviews effectively on standard forms, records or patterns.

REPLY:

Hello Fayyaz,

There is no international standard or required format reporting or documenting management reviews.  Each organization must make their own decision as to the format that will work best for them.

As long as all input items as defined in clause 5.6.2 are presented or discussed and that the output items as defined in clause 5.6.3 are document, that all that’s required to show evidence of conformance.

A best practice is to prepare an agenda that shows all management review input items discussed as well as review of the quality policy and objectives.  The output items, which include action items or management decisions made regarding resources must be documented.

If a meeting is used to conduct the management review, consider documenting all information in the form of meeting minutes, along with names of all meeting attendees.

I hope this helps.

Best regards,

Bill Aston

Managing Director, ATCS

ISO 9001, ISO TS29001 and ISO TS2900/APIQ1 QM Systems

Posted on September 26, 2011 by Bill

Knowing and understanding the fundamental requirements of quality management systems used by an organization, or being considered by an organization, can improve the opportunities for success, minimize useless costs, and mitigate confusion or misunderstanding.

Let’s discuss ISO 9001, TS 29001 and API Q1.  Although these QMS standards are interrelated, there are key differences that should be understood for their successful implementation.

ISO 9001:2008:  This is a generic QMS that can be implemented by any organization of any size that provides a service or product.  This standard is not product, source or industry specific.

ISO TS29001:2010:  This QMS is based upon the requirements of ISO 9001.  However, this standard includes the addition of numerous “supplemental requirements”.  These supplemental requirements identify and enhance requirements for documented procedure control features and records of conformity.  This standard is specific to suppliers of equipment, materials and services for the oil and gas industry.

ISO TS29001:2007/APIQ12008 (Addendum 1, 2010):  This standard is identical to ISO TS29001:2010.  However, it includes specific requirements for applying the API monogram to product or equipment.  This is an essential standard for API Q1 certification and API product specification licensing.  It is important to note that ISO TS 29001 does not include API monogram requirements.

Visit www.ISO.org for more details.

API speaks at ASQ, EED, Conference in Las Vegas, NV

Posted on August 21, 2011 by Bill

Bill Aston, Chairman for ASQ, Energy & Environmental Division’s Oil & Gas Committee, announces and encourages all interested quality professionals to attend the ASQ, EED’s 38th conference.

This conference will be held in Las Vegas, NV from Sept. 26 to Sept. 28, 2011.  A presentation related to ISO TS29001/API Q1 and ISO 9001 will be provided by the API.  Other quality related presentations will be conducted by speakers from the ASQ, EED, Nuclear and Environmental committees.  For additional information contact ASQ, EED at www.ASQ.org or Bill Aston at www.astontechconsult.com.

Beware of Quick ISO 9001 or APIQ1 Certification Offers

Posted on July 31, 2011 by Bill

Beware of quick ISO 9001 or ISO TS29001/API Q1 certification offers.  To be clear, it’s highly improbable that anyone can deliver on this promise and here are a couple reasons why.

First, the Registrar’s Auditor is required to verify that the organization has established and implemented the following QMS documentation, procedures and activities prior to obtaining certification.  ISO TS29001/API Q1 requirements are more extensive than ISO 9001 and require additional procedures, control features and records.

  1. Quality manual
  2. Quality policy
  3. Quality objectives
  4. QMS procedures (six required)
    1. Control of documents
    2. Control of records
    3. Control of nonconforming product
    4. Internal audits
    5. Corrective actions
    6. Preventive action
  5. QMS training
  6. Completion of a QMS internal audit
  7. Completion of a Management review

Secondly, most Registrars require at least two (2) to four (4) months of QMS records to be available as evidence of conformity to ISO 9001 and/or API Q1 requirements.

So, obtaining ISO 9001 or API Q1 certification within just a few weeks is doubtful at best.  “If it sounds too good to be true, it probably is”.

In my opinion, promises to provide quick certification are a “hook” intended to sell a one size fits all, low cost generic quality manual and procedures.

The cognizant Registrar’s Auditor will quickly identify existing disconnects between the quality manual and procedures versus the company’s actual operating conditions or processes.  The end result of this situation will be that the company is left with the task of finding a “competent QMS consultant” to resolve all the findings/nonconformities documented during the Registrar’s audit.  Additionally, the company may have to reapply for a certification audit and pay associated expenses.

Key Points:

  1. Beware of promises to provide QMS certification within a few weeks
  2. Beware of a QMS quote that’s not based on a site visit or gap analysis of your company
  3. Beware of a QMS quote that doesn’t specifically identify deliverables, provide a development and implementation schedule or include an estimated completion date.

All comments and/or inquiries are welcomed.  Thanks for visiting ATCS Q-Blog.  For all QMS audit and QMS certification needs, please visit us at www.astontechconsult.com.

ISO 9001 & ISO TS29001/APIQ1, Customer Satisfaction

Posted on June 26, 2011 by Bill

Many suppliers and a few consultants struggle with understanding as well as implementing ISO 9001 and ISO TS29001/API Q1 requirements for monitoring and measuring customer satisfaction.  There’s a common belief that an organization is required to perform customer surveys.

Although ISO 9001 and ISO TS29001/API Q1 do reference surveys as a possible method of obtaining customer feedback to determine satisfaction, it’s not the only way.  As a matter of fact, conducting online surveys is probably the least productive method to obtain customer feedback.

According to information available from www.constantcontact.com, the industry open rate for online surveys is less than 20%.  Based upon this information, I’m willing to go out on a limb and say that the industry open rate for direct mailed surveys is even less.

So how can customer satisfaction best be measured or monitored?  If we look at the big picture and consider the use of data that should already be available, the task of monitoring or measuring becomes readily achievable.  As opposed to conducting satisfaction surveys, let’s take a different approach.  Let’s monitor and measure the following.

  1. Warranty claims filed
  2. Customer reported field failures
  3. Customer complaints or positive feedback received (via phone call, email, face to face meetings or direct mail)
  4. Number of late vs. on time/early deliveries completed
  5. Number of repeat customer orders
  6. New customer orders received

The results of monitoring and measuring these key performance indicators (KPIs) can be used to calculate a customer satisfaction rating.  This rating can be tracked over to determine or to assess trends (a rise or fall) in customer satisfaction.

In my opinion, this approach is much more practical and provides real time information that is directly related to customer satisfaction.  Please see ISO TS10004:2010, Quality Management – Customer Satisfaction, Monitoring and Measurement Guideline for additional information.

ISO 9001 and ISO TS29001/API Q1 only identify the requirement for monitoring and measuring customer satisfaction.  Each organization is responsible for the development of a procedure that will provide evidence of conformity.  I look forward to hearing your opinion.

Thanks for your continued interest and the comments.

ATCS, Q-Blog

Quality is 24/7/365

Corrective & Preventive Actions Explained

Posted on June 10, 2011 by Bill

A standard requirement for every ISO 9001 and ISO TS29001/APIQ1 quality management system is to have documented procedures for corrective and preventive actions.

Explanation: A corrective action is “REACTIVE” and a Preventive action is “PROACTIVE”.  Any action taken to prevent the reoccurrence of a nonconforming condition will always be a corrective action, not a preventive action.  This is because the action taken addresses a nonconforming condition that has already occurred.

A preventive action is “PROACTIVE”.  It’s an action taken to prevent a potential nonconformity or a nonconforming condition from occurring. Consider a preventive action as a form of risk management.  If an organization determines there to be a high probability for a nonconforming condition to occur and this potential nonconforming condition poses an unacceptable or unnecessary risk of loss to the organization, its customers or other stake holders, any action taken to prevent its occurrence would be considered as a preventive action.

A fairly common situation that I encounter during the development of quality management systems as well as while performing audits is the occasional Consultant, Auditor and organization QMS Management representative that does not understand the differences between a corrective action and preventive action.

This tends to perpetuate the spread of the misinformation that a corrective action and a preventive action are one of the same or worst yet, that preventive actions are just pie in the sky.

The definitions of corrective actions and preventive actions are provided in ISO 9000:2005, “Quality management systems, Fundamentals and vocabulary”.  In my opinion, it’s essential for every quality professional to fully understand the standard definitions of terms used in ISO 9001 and ISO TS29001/API Q1.  Operating without this basic information makes the responsibility of educating others that are not aware of the difference between a corrective and prevention action, all the more difficult.

Thanks for your continued interest and the comments.

ATCS, Q-Blog

Quality is 24/7/365

Supply Chain Management & Quality Audits, Part 4

Posted on May 22, 2011 by Bill

Supplier Management and Quality Audits has been the primary focus of our past discussions presented in parts 1, 2 and 3.  The key points covered in each of these parts are as following.

Supplier Chain Management & Quality Audits, Part 1:

  1. The importance of conducting supplier quality audits
  2. Which suppliers should be audited
  3. The potential impact that poor supplier performance can have on customer satisfaction.
  4. The Purchaser’s duty to control outsourced processes and ensure requirements have been met.

Supplier Chain Management & Quality Audits, Part 2:

  1. Auditor selection, training, experience and qualification requirements
  2. Proactive management of customer satisfaction
  3. Short and long term suggestions for supplier quality auditing

Supplier Chain Management & Quality Audits, Part 3:

  1. Defining the differences between supplier quality, quality system certification and internal auditing.
  2. Supplier quality audit planning strategies
  3. Reporting the results of supplier quality audits.

Although I have attempted to provide as much information and guidance as possible regarding supplier quality audits, it should be noted that this is an area that can and should be approached in a manner that will meet your organization’s requirements.

Neither ISO 9001 nor ISO TS29001/API Q1 is prescriptive with regard to the methodologies to be used to monitor, measure or analyze supplier performance.  Every organization must consider and select the approach that works best for them.

Thanks for your interest and the comments.

ATCS, Q-Blog

Quality is 24/7/365