1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Context of the Organization

Discussion in 'ISO 9001:2015 - Quality Management Systems' started by The PPAP Assassin, Mar 20, 2017.

  1. MP480

    MP480 Member

    Joined:
    Jan 13, 2017
    Messages:
    26
    Likes Received:
    16
    Trophy Points:
    2
    Location:
    Phoenix, Arizona -USA
    PPAP Assassin,


    I maintain all of these in one log, the COTO log. Risks, Opportunities(which come from our CQIP), and Interested Parties.




    upload_2017-5-15_11-2-26.png

    upload_2017-5-15_11-5-16.png

    upload_2017-5-15_11-3-26.png
     
  2. The PPAP Assassin

    The PPAP Assassin Active Member

    Joined:
    Mar 20, 2017
    Messages:
    67
    Likes Received:
    29
    Trophy Points:
    17
    Location:
    Kent, OH
    Very nice! I have something similar to this. Since the clause says all we need to do is "monitor and review" COTO inputs, I did not include mitigation actions (you may want to edit that to say mitigating instead of "migrating" lol.. woops!)
    I think this is good. Because there should be actions to resolve the more critical issues discovered through this process instead of just listing them out and doing nothing. (Although.. the clause does not say we need to do this..) BUT! As you have conveniently done, you combined in risk management. So this is a perfect way to fulfill both requirements!
    What are the issues? (4.1) How have we addressed and mitigated the risk associated with them? (6.1.1) <--- WHICH, refers directly to 4.1 & 4.2. So the standard actually wants us to use COTO for risk management!!! BINGO! :D
     
    Last edited: May 23, 2017
  3. Nick1

    Nick1 Member

    Joined:
    Jan 27, 2016
    Messages:
    49
    Likes Received:
    20
    Trophy Points:
    7
    Hi,

    With respect to the Context of the Organization I would just use a S.W.O.T. analysis as you starting point to identify opportunities and threats. It might not be perfect but it gives you something to start with. After most of the important items are identified you can define the actions that have to be done by certain people. Please make one person responsible for one action otherwise people will blame each other for not doing anything on the action.

    Now you can manage the actions frequently while you can review the S.W.O.T. analysis every half a year or so depending on how volatile the market is you are operating in.

    For some more detail explanation on S.W.O.T. analysis just read this blogpost we wrote:
    http://blog.qooling.com/swot-analysis-context-of-the-organisation/

    Hope this helps.
     
  4. The PPAP Assassin

    The PPAP Assassin Active Member

    Joined:
    Mar 20, 2017
    Messages:
    67
    Likes Received:
    29
    Trophy Points:
    17
    Location:
    Kent, OH
    Very nice article Nick! This is all good stuff. I have a COTO log I developed in excel that segues into risk management. There is a meeting set up next week to discuss everyone's findings and to update the master log. (I sent out a blank copy for team members to fill out, next to each tab are examples) All findings will turn in to opportunities to mitigate risks. The standard actually WANTS us to use COTO findings for risk management. Has anyone else figured this out yet? It's really killing 2 birds with one stone if you ask me. Here is my Internal and External Issues log I created: (Feel free anyone who want to use this!) Sharing information is my pleasure :)


    upload_2017-6-6_10-16-10.png

    After this is completed as it relates to our organization, the data gets transferred over to a risk management spreadsheet in the same workbook where mitigation actions are assigned to certain team members, progress on actions, and a completed date. The intent is to gather data in management reviews in the future and then have separate follow up meetings in between (our management reviews are once a year, which suits this business perfectly) BUT, our next review is not until 1st quarter of 2018. SO I am holding a meeting to discuss COTO and risk management exclusively to get that established. Side note: All of this will have to be added to our Quality System procedures as well. (Other companies should do the same.) I may just throw it in to our quality manual as well, a brief explanation on how we handle risks..
    You can use a SWOT chart, but the way I have set it up is a bit more comprehensive so that it can satisfy 2 requirements in the new standard.

    Comments are appreciated! Thanks!
     
    Amrul Yahya and Nick1 like this.
  5. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    I believe you're making this into something waaaay more complex than it needs to be. Context is just asking the management to look at the strategic direction of the organization, look at the issues which affect that and the QMS and plan for it. So, from Nick's SWOT, if a weakness is that skilled folks are likely to retire and there are few available replacements to be hired, then planning to "grow" your own skilled people might be the plan - and can that process (call it an "apprenticeship scheme) be taken care of by the current training process (likely not!) so, what needs to be developed in the QMS to deal with that?

    It seems to me that the perfect vehicle for the review of issues and progress towards these strategic goals is best handled through management review activities (the standard pretty much tells you that) so having an extra meeting, might be unnecessary. Management know, for example, what they risk by losing skilled people like this - it doesn't need a log...
     
    Jennifer Kirley likes this.
  6. The PPAP Assassin

    The PPAP Assassin Active Member

    Joined:
    Mar 20, 2017
    Messages:
    67
    Likes Received:
    29
    Trophy Points:
    17
    Location:
    Kent, OH
    It's not really that complex man. I am working off the requirements. An SWOT chart does not provide tools to fulfill 6.1 (Actions to address risks and opportunities) Specifically, 6.1.2 (The organization shall plan actions to address these risks and opportunities). It just helps to get all of it on paper. Here is why I am thinking this way:
    6.1.1 - When planning for the quality management system, the organization shall consider the issues referred to in 4.1 (Understanding the organization and its context) and the requirements referred to in 4.2 (Understanding the needs and expectations of interested parties) paraphrasing... So in a nut shell COTO findings need to be addressed according to 6.1. This is why I lumped both requirements into one vehicle, much like member MP480 has done with her form.

    Plus, my QMS is most likely far different than yours. We have management reviews annually, usually in march of each year to review the previous year. Our auditor is coming in for the 2015 certification in April 2018. It would not be smart to wait that long to address risks... That would leave us about a month to figure out how to mitigate them and show proof of effectiveness.

    I may have explained it in a complicated manner, but it's really streamlined to take care of both clauses.
     
  7. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    This is the kind of thing which worries me. If you consider your budgetary process in a similar manner, you'll see why. Starting out the year, having set a budget, it's far too late to find out, next year, what happened... The same is true with your QMS.
     
  8. The PPAP Assassin

    The PPAP Assassin Active Member

    Joined:
    Mar 20, 2017
    Messages:
    67
    Likes Received:
    29
    Trophy Points:
    17
    Location:
    Kent, OH
    Where in the standard does it tell us the required frequency of management reviews? Our budget and finances are reviewed all the time. A margin analysis report is updated and emailed daily, as well as actual vs. budget revenue monthly. Our VP of finances is on the ball with all of that.

    Our registrar came in 2 months ago and reviewed our QMS against the standard. Gave us an "unconditional approval". That means, NO findings..

    I used to do management reviews the month after each quarter at my last job. It was necessary there because of the nature of the business.

    Here.. this place does not even own the material we process. The only suppliers we have are parts suppliers to fix machines. The customer provides everything else. NO engineering, NO design, NO automotive type quality standards, NEVER any big fires to put out. This is really a dream job in quality haha. So that is why it works for us.
     
  9. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    I'm not sure that's any qualification at all. Based on what heinous events I see weekly, no findings isn't any criterion.

    My point is that ISO 9001:2015 requires management to review the qms to ensure alignment with the strategic direction of the organization. If you talk to business leaders they will tell you that to discover ANYTHING which affects the attainment of strategic direction needs more attention than once a year. Things happen to affect the business plan - customer, regulatory, financial, supply chain, human resources and so on. Management finding out 11 months after the fact will not be able to react as necessary, to this late "news" and will fail in their strategic goals. The consequences will be dire. No one needs to convince me how many times a review needs doing (especially not ISO) - Top management will decide, if they understand the purpose of the review - and the link to strategic goals.
     
  10. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    1,071
    Likes Received:
    722
    Trophy Points:
    112
    Location:
    USA
    It's interesting to see monthly scrutiny of financial data but only annual review of quality management system performance data.

    While it's true that the standard does not specify frequency of management review, the management team might find that 11+ months is a long time to wait to respond to a performance indicator. After all, the system's performance is driving margin - true?

    I would think that working with customer owned property would promote a good deal of care to maximize performance in order to avoid scrap. Do your people feel satisfied to wait 11+ months to review how well processes are functioning and respond to unexpected issues?

    Are there more frequent department-level operational meetings?
     
    normzone likes this.
  11. Amrul Yahya

    Amrul Yahya New Member

    Joined:
    Jun 15, 2017
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Hi, I'm new member of this group. Currently I'm looking sample of Context of the Organization (4.1) by PESTLE or SWOT
    Appreciate if some one can share it with me ..

    Thanks..
     
  12. MCW8888

    MCW8888 Well-Known Member

    Joined:
    Aug 17, 2015
    Messages:
    642
    Likes Received:
    198
    Trophy Points:
    42
    The SWOT analysis can be develop in such a way that the Weaknesses/Threats becomes input to Risk and Opportunities. Your strength are your best practice. I've been through a transition audit and did not have any problem answering section 4 of the standard. From all our interested parties we just pick the internal processes and those that we can control internally. These are now inputed into the R&O. I recognized these COTO can be handy but it does not gel with the operators and contractors. Need to talk their language. Note: this is just ISO stuff. Now I have developed a very simple R&O derived from FMEA in order to met the IATF 16949 and can be updated during management review. It wasn't perfect but was acceptable. I only need to meet the minimum intent of the standard.
     
  13. MCW8888

    MCW8888 Well-Known Member

    Joined:
    Aug 17, 2015
    Messages:
    642
    Likes Received:
    198
    Trophy Points:
    42
    What is an unconditional approval? Does it mean you will get your certificate if you complete the Corrective Actions and return it to the auditors, and receive acceptance letter from them? The auditor might have commented in the report that" the company is recommended for an upgrade pending submission of Corrective Actions for minor nonconformance identified".
     
  14. The PPAP Assassin

    The PPAP Assassin Active Member

    Joined:
    Mar 20, 2017
    Messages:
    67
    Likes Received:
    29
    Trophy Points:
    17
    Location:
    Kent, OH
    Hello. It means that there were no findings, a perfect score on the audit.
     
  15. The PPAP Assassin

    The PPAP Assassin Active Member

    Joined:
    Mar 20, 2017
    Messages:
    67
    Likes Received:
    29
    Trophy Points:
    17
    Location:
    Kent, OH
    You assume that we only discuss these matters once a year. There are daily operation/ management meetings where we talk about current jobs, situations, quality, etc. We also have a very elaborate way to review our financial performance in all regards on a daily, weekly and monthly basis that is communicated with management, as I have previously stated.

    I am actually going to propose to do them bi-annually I think. It's a good idea. Although, I have been with 2 other companies that did them annually and all registrars had no issue with the frequency. In the case here, it works fine. We don't use management reviews as the sole means of performance evaluation.
     
    Jennifer Kirley likes this.
  16. The PPAP Assassin

    The PPAP Assassin Active Member

    Joined:
    Mar 20, 2017
    Messages:
    67
    Likes Received:
    29
    Trophy Points:
    17
    Location:
    Kent, OH
    See my reply to Andy. Thanks!
     
  17. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    IMHO this is entirely the wrong criteria...
     
  18. David Bradley

    David Bradley Active Member

    Joined:
    Aug 2, 2015
    Messages:
    57
    Likes Received:
    55
    Trophy Points:
    17
    Location:
    Michigan
    I think this is a lot more common than most realize. Many companies actually review QMS data on a continuous basis. You really don't want to wait a year to discover a problem. Having smaller, monthly, weekly and daily reviews give you a lot more responsiveness to any arising issues. Companies will then perform a yearly review, mostly for the record. Some will use this yearly review as more of a strategic planning session as opposed to actual review.
     
  19. Hatem

    Hatem Member

    Joined:
    Jun 23, 2017
    Messages:
    14
    Likes Received:
    3
    Trophy Points:
    2
    In my case, IP are detailed by names, as each one of them should have its specific requirements that we must meet (if he turns out to be ranked as VIP). For non important IP, we just group them together w/o naming them (e.g. Put them in a category named "Other customers" for example.)
    I hope this helps
    As far as putting identified risks and weaknesses from your internal and external issues' analysis in a COTO log, I think it's useful to do so for weaknesses (as they are internal and could be dealt with quite easily), but for risks (found from external issues), strategic actions must be taken involving even adding new strategic objectives or modifying old ones that must lead to operational objectives through different QMS processes. Subsequently, corresponding performance indicators will be set and followed up periodically.
     
    The PPAP Assassin likes this.
  20. Hatem

    Hatem Member

    Joined:
    Jun 23, 2017
    Messages:
    14
    Likes Received:
    3
    Trophy Points:
    2
    In my last post, my comparison was between Weaknesses (found from internal issues) and Threats (found from external issues).
     
    The PPAP Assassin likes this.