1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Which business processes are not QMS processes?

Discussion in 'ISO 9001:2015 - Quality Management Systems' started by Leonid, Feb 25, 2016.

  1. Leonid

    Leonid Well-Known Member

    Joined:
    Jan 4, 2016
    Messages:
    164
    Likes Received:
    31
    Trophy Points:
    27
    Location:
    Moscow
    Standard requires integrating QMS requirements into organization’s business processes (5.1.1c). What are business processes which are not the processes needed for the QMS? The latter include at least processes for management activities, provision of resources, product realization, measurement, analysis and improvement.
     
  2. Somashekar

    Somashekar Well-Known Member

    Joined:
    Jul 30, 2015
    Messages:
    114
    Likes Received:
    98
    Trophy Points:
    27
    Hi.. That question reads wrong to me. It is about integrating QMS requirements into Org business process. If you are planning, staffing, doing and monitoring some process which is directly not connected to the Org business, the Org is free to keep that away from integrating QMS requirements with that process. Like for example the canteen management in an Org....
    It is still a business process as resources and maintenance are involved. It has its own structure for operating and supporting the other more direct business processes. Its up to the Org to determine and decide.
     
    Jennifer Kirley likes this.
  3. Sidney Vianna

    Sidney Vianna Well-Known Member

    Joined:
    Jul 30, 2015
    Messages:
    127
    Likes Received:
    172
    Trophy Points:
    42
    Obviously, that would depend on the context of each organization, but the following would typically be outwith of the traditional QMS:

    • waste management
    • occupational health and safety
    • payroll management
    • accounting and financing (although, in my mind the billing process [to the customers] has a very strong correlation with customer satisfaction and should be deemed as part of the QMS)
    • Legal counsel
    • etc....
     
  4. Bev D

    Bev D Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    605
    Likes Received:
    663
    Trophy Points:
    92
    Location:
    Maine
    that reminds me of a funny sad story. we are a veterinary diagnostic device company. our auditors are typically related to the (human) medical device industry and occasionally the auditors come from hospitals. we got a hospital auditor one year and they audited the employee cafeterias. at the time we tried to tell the auditor that an employee cafeteria was not the same as a hospital patient cafeteria and was therefore not in scope for auditing but they were adamant. so we got written up for the recipes not being written down (including serving sizes) and in doc control with revision numbers etc. they also issued an observation that the satisfaction surveys should all have a revision number/date etc. what a waste of time and energy and emotion that was.

    although these types of events are relatively rare, we have all encountered them and they drive the majority of the dissatisfaction with external auditors and standards based quality systems...
     
  5. normzone

    normzone Well-Known Member

    Joined:
    Aug 3, 2015
    Messages:
    137
    Likes Received:
    77
    Trophy Points:
    27
    [Bev D], sounds like a real dog day.

    Wouldn't " occupational health and safety " fall under statutory and regulatory ?
     
  6. Bev D

    Bev D Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    605
    Likes Received:
    663
    Trophy Points:
    92
    Location:
    Maine
    The cafeteria services fall under the same regulations that govern any food service or restaraunt. OSHA also has oversight as with the rest of the facility. But neither govern revision control of recipes.
     
  7. Sidney Vianna

    Sidney Vianna Well-Known Member

    Joined:
    Jul 30, 2015
    Messages:
    127
    Likes Received:
    172
    Trophy Points:
    42
    Not in the context of ISO 9001. The requirement in the ISO 9001 standard refers to PRODUCT (and services) statutory and regulatory requirements. For example, European Directives, FDA QSR, FAA Part 21, etc....On top of that, read the 5th paragraph in section 0.4 of ISO 9001:2015, which CLEARLY states that is does NOT delve in occupational health and safety management.
     
    Last edited: Feb 25, 2016
  8. QMSmaster

    QMSmaster Active Member

    Joined:
    Dec 29, 2015
    Messages:
    59
    Likes Received:
    9
    Trophy Points:
    7
    Sometimes auditors have personal hot buttons or agendas. I had an auditor focus on how quickly we deleted customer credit card numbers from our ERP system.
     
    Last edited by a moderator: Feb 26, 2016
  9. Leonid

    Leonid Well-Known Member

    Joined:
    Jan 4, 2016
    Messages:
    164
    Likes Received:
    31
    Trophy Points:
    27
    Location:
    Moscow
    Thanks, Sidney! Refernce to management processes is well taken.
    I checled Wikipedia https://en.wikipedia.org/wiki/Business_process and found that business processes include inter alia management processes that govern the operation of a system. In this respect all management systems established in the organization, including QMS, fall under business processes.

    But how to audit the requirement of 5.1.1c. Wnen will audit findings indicate conformity and when nonconformity?
     
  10. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Sounds like they just heard about ISO 27001...
     
  11. Brian@Trident

    Brian@Trident Member

    Joined:
    Feb 26, 2016
    Messages:
    6
    Likes Received:
    1
    Trophy Points:
    1

    I have to disagree, I'm afraid, the fifth para of section 0.4 actually states 'This International Standard does not include requirements specific to other management systems, such as those for environmental management, occupational health and safety management, or financial management.'. Where Occupational Health and Safety (ie OHAS 18001) is seperately certified, the management system arrangements could be seen to be isolated from an assessment under ISO 9001:2015. I'd argue however, that many of the managment system arrangements are common, and furthermore that where occupational health and safety are implemented as a function of health risks assessments, then these will very much be inscope under ISO 9001:2015.
     
  12. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Wherein lies a big issue for the CB and their auditors - are they COMPETENT to audit that? Bearing in mind many organizations DO NOT stretch their QMS to include safety, who's going to ensure that the QMS auditor knows what to do in these odd cases?
     
    Sidney Vianna likes this.
  13. Brian@Trident

    Brian@Trident Member

    Joined:
    Feb 26, 2016
    Messages:
    6
    Likes Received:
    1
    Trophy Points:
    1
    As a company that also provides risk advice, guidance and assurance, I have to agree - I had a heated discussion about one particular risk which the auditor decided to review, as it is definitely linked to our outputs. However, his take on our approach was somewhat fundamental.



    Why have you not got a specific risk covering xxxxxxxxxxxxx. To which my response was, we have a risk which covers a number of similar (<5) risks, for which the mitigation and control is identical. So rather than 5 separate risks, we include them a one based a 5 similar processes. He couldn't get that. I have an MSc in safety risk management (and it is what I have been doing for a living for over 30 years).
     
  14. Paul Simpson

    Paul Simpson Member

    Joined:
    Aug 6, 2015
    Messages:
    41
    Likes Received:
    61
    Trophy Points:
    17
    Brian, this issue is one that has been debated here and on preceding forums in a lot of detail. I'll summarise my understanding here:
    • A standard user may choose to design their management system to meet any number of management systems standards
    • There are advantages to standards users integrating common management systems requirements if they see the benefit
    • Conformity assessment bodies may choose to offer an 'integrated audit' of a system if their customer (the standard user) wants it
    • The audit scope defines which standard(s) are included in the assessment
    • Auditors should not operate out of the audit scope for reasons of audit time and auditor competence
    That's about it as far as my memory goes. I'm sure my learned colleagues will add / subtract. ;)
     
  15. Sidney Vianna

    Sidney Vianna Well-Known Member

    Joined:
    Jul 30, 2015
    Messages:
    127
    Likes Received:
    172
    Trophy Points:
    42
    I strongly oppose that opinion and I believe that, it is exactly because of this misunderstanding that many organizations don't move forward with a truly integrated management system, encompassing many disciplines, such as quality, environmental, health & safety, etc...the erroneous notion that, if you integrate multiple systems (as everyone should do) anything under that system would be fair game during an ISO 9001 audit makes many progressive organizations refraining from doing it. As my colleagues already mentioned any auditor (and any organization engaging them) worth their salt HAVE TO understand and limit oneself to the declared SCOPE of an audit. ISO 9001 has a scope, audits have to have a scope, certificates have a scope, etc...the scopes determine the boundaries of what can be audited.

    Otherwise, you would have to give ISO 9001 auditors access to any aspect of the business that is covered under a regulatory or statutory requirement, including finances, labor relations, mergers and acquisitions, etc...

    As Paul Simpson mentioned, this very subject was discussed exhaustively at The Cove and, invariably, most knowledgeable experts agreed with the notion that I am describing above.
     
    David Sanabria and Andy Nichols like this.
  16. Sidney Vianna

    Sidney Vianna Well-Known Member

    Joined:
    Jul 30, 2015
    Messages:
    127
    Likes Received:
    172
    Trophy Points:
    42
    The assessment of 5.1.1.c should be done in a way that verifies that the business processes that are connected to the QMS are supporting conformance to the standard and ISO 9001 is not achieved solely by the efforts of the quality department.

    So, for example, if the organization has a product design and development process, a business process, the people responsible for developing the specifications, performing design reviews, agreeing/reviewing product specs (input), performing prototype validation, etc...are doing so in compliance with the standard. They, the process owners and doers are the ones supposed to develop, effect and improve the product design and development process to maintain conformance with ISO 9001. Not the quality department.
     
  17. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    CB auditors - worth their salt, as Sidney says - don't audit "clauses". The audit a management system, in recognition of the requirements as applicable and can thereby determine conformity as the audit progresses, not on a "clause by clause" basis...
     
  18. Brian@Trident

    Brian@Trident Member

    Joined:
    Feb 26, 2016
    Messages:
    6
    Likes Received:
    1
    Trophy Points:
    1
    Hey - what do I know? I own an occupational health company which is accredited to ISO 9001:2015, and therefore the view is different, as occupational health service delivery and occupational health risks are our outputs.
     
  19. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Yours is not the typical application of ISO 9001 certification (not accreditation, that's for labs) and Sidney is absolutely correct with his assertions. Indeed, even the CB accreditation auditors will take a dim view of auditors who exhibit mission creep...
     
    Last edited: Feb 26, 2016
  20. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    If Leonid is asking about what business processes would the QMS requirements are to be integrated isn't the Note in 5.1.1 already clarified that these processes are those that are "core to the purpose of the organization's existence"?
     
    Jennifer Kirley likes this.