Auditing is all about comparing evidence to requirements. That’s why changing requirements always grab the attention of auditors. As most of you know, ISO 9001 is undergoing a revision that is scheduled to be published in 2008. The new standard, ISO 9001:2008, includes mainly editorial amendments: re-arranged words but few significant changes. There are a few things that auditors should take note of, though. Let’s take a look at the Draft International Standard of ISO 9001:2008 and discuss how it might impact your auditing.
审核完全是为了将证据与要求相比较。这就是为什么标准的改变牵动了审核员的心。你们大多数人都知道ISO 9001正在修改,计划在2008年公布。ISO 9001:2008新标准包含了主要评论的修改:重新编排字句,但几乎没有什么重大改变。尽管如此,还是有几个问题需要引起审核员注意。让我们看看ISO 9001:2008国际标准的草案稿,并讨论新标准如何影响审核工作。
Statutory requirements 法定要求
The word statutory will be inserted in a couple of places within the introductory part of the standard. This is primarily to make the language consistent with section 7.2.1—determination of requirements related to the product—which has always required that the organization determine statutory and regulatory requirements for its products. Even though the concept is not new, the requirement reminds all auditors that they need to understand the legal requirements of the products they’re auditing. Statutory and regulatory requirements are often taken for granted by auditors, with the assumption that the organization knows what applies to its products. This is not always the case. During the planning phase, auditors must research the statutory and regulatory requirements on the product produced by the organization, and make sure they able to effectively evaluate this.
“法定”一词被插在标准介绍部分好几处。这主要是保证语言与7.2.1——确定与产品有关的要求,其中经常需要这种确定产品法律法规方面的要求——协调一致。尽管概念不很新颖,但要求所有审核员记住他们审核的产品法定要求。通常情况下,审核员认为组织知道法律法规方面的要求,假设组织知道什么法律法规的要求应用于产品。并不经常是这样的。在策划阶段,审核员必须研究组织生产的产品所应用的法律法规的要求,保证审核员有能力评价产品是否应用了法律法规的要求。
Technically, there is a difference between statutory and regulatory requirements. It’s a very fine difference, though. We’ll cover it briefly for the sake of completeness. Statutes are laws. They say what you can and can’t do in broad terms. Regulations are usually specific guidelines published and enforced by regulatory bodies. The bottom line is that statutes and regulations are both enforced by authorities that can make your life difficult. Understand what statutes and regulations apply to your products, and make sure you’re able to meet them. Satisfaction of this clause is typically achieved in a two part manner:
从技术层面讲,法律和法规司有区别的。尽管区别不是很大。为了保持完整,我们简而言之。法令是法律,广义上说,就是规定你可以和不可以做什么。法规通常是由制定规章的机构公布和推行的特定指南。总之法令和法规是由官方机构推行强制执行的,使得你的生活更加艰难。理解什么法律法规适用于你的产品,保证你能满足这些法律法规的要求。满足该条款通常通过以下两种方法实现:
- Developing a process for understanding and staying up-to-date with statutes and regulations
- 为理解和及时更新法律法规,制定一个过程。
- Compiling an index or listing of statutes and regulations applicable to your products
将适用于产品的法律法规编个目录或列表
These processes are not specifically required by ISO 9001, but they would represent an effective way of meeting the requirement.
这些过程不是ISO 9001特别要求的,但这些过程会展现出如何有效地满足法律法规要求。
It’s worth noting that statutes and regulations can come from the country in which you are based, and they can originate from countries in which you’re selling your products. Multinational organizations have to consider statutory and regulatory requirements everywhere they operate in the world. Understanding and staying current with statutes and regulations can become somebody’s full time job for companies that operate around the globe.
值得提及的是法律法规的要求可以来自生产国,并且也可来自销售国。跨国组织不得不考虑在世界上每一国的法律法规要求。对于在全球经营的公司,理解和及时更新现行的法律法规工作可以成为某人全部的工作。
This clause is also very significant for companies that produce highly-regulated products. Examples of highly regulated products include:
* Drugs and pharmaceuticals
* Medical devices
* Food
* Aircrafts and aircraft parts
* Explosives and firearms
该条款对生产高监控产品的公司来说也非常具有意义。高监控产品的例子包括:
* 医药
* 医用设备
* 食品
* 航空航天零件
* 炸药和火器
Management representative 管理者代表
ISO 9001:2008 will clarify who can act as the management representative. That role must be held by a member of the organization’s management. This makes 2 things clear:
The management representative is an employee of the organization (not a consultant)
The management representative is someone with the responsibility and authority to make decisions, assign resources, and get things done.
ISO 9001:2008明确谁可以作为管理者代表。必须由组织管理层的成员担任管理者代表。这弄清了2件事:
管理者代表是组织的员工(不是咨询师)
管理者代表是具有职责和职权进行决策、分配资源并使任务得以完成。
In the past, the decision of who was assigned as management representative was usually unchallenged by auditors. This will need to receive some new scrutiny by auditors to ensure that the assignment meets the full intent of ISO 9001:2008. Besides being a member of the organization’s management, there are 3 responsibilities that must be carried out by the management representative and which auditors must verify:
过去,审核员不问及分配谁来担当管理者代表的决议。这需要审核员新的审核点,以保证该任命符合ISO 9001:2008的全部要求。除了是组织成员以外,还有三种管理者代表必须执行的职责,而且也是审核员必须确认的:
1. The management representative will ensure that the processes of the quality management system are established, implemented, and maintained. This is the project management aspect of being a management representative. Establishing, implementing, and maintaining a QMS requires that the management representative must coordinate many different efforts and continually sell the benefits of the system. It bears repeating that the management representative does not own the system, though. Everybody owns the management system, led by top management.
1. 管理者代表保证质量管理体系的过程得以建立、实施和保持。这是作为管理者代表的项目管理部分。建立、实施和保持质量管理体系需要管理者代表必须协调各方面的工作,并不断地宣传质量管理体系的益处。尽管不得不再说一遍管理者代表不拥有质量管理体系。在最高管理层的领导下,每个人拥有该质量管理体系。
2. The management representative will report to top management on the effectiveness of the management system. This happens during management review, possibly the most important process of the entire standard. The management rep does not need to personally collect and present the data on effectiveness, but they make sure it happens. The most effective management reviews involve a wide range of organizational managers and influencers, with the management representative coordinating their input.
2. 管理者代表向最高管理层汇报管理体系有效性。它发生在管理评审阶段,可能是整个标准最重要的过程。管理者代表并不需要他个人去收集和展现有效性方面的数据,但必须保证确实发生过。最有效的管理评审涉及涵盖广泛的组织的经理层和具有影响力的人群,由管理者代表协调这些人的输入。
3. This basically means that the management representative must help promote a customer focus throughout the organization. There is nothing more important to the organization’s success than the customer, and the management representative must continually remind everyone of this fact. Promotion of awareness can be accomplished in many ways, and here are a few simple ways that come to mind:
* Posting data on customer feedback trends
* Publishing product specifications
* Holding meetings that address customer issues
* Serving as a liaison between the organization and the customer
* Distributing memos and emails that clarify customer requirements
3. 其基本含义是管理者代表必须帮助组织促进以顾客为关注焦点工作。对组织成功来说没什么对顾客还重要的了,管理者代表必须不断地提醒每位员工这一事实。可以通过多种方法提高认识,以下是几种简单的方法:
* 公布顾客反馈趋势数据
* 公布产品规格
* 举行会议讨论顾客问题
* 在组织和顾客之间作为联络人
* 分发明确顾客要求的备忘录和邮件
Competence 能力
The competence and training requirements of ISO 9001 have long been some of the most confusing. The reason is that the standard specifies some broad requirements and gives the organization total discretion for how they will be applied. This discretion has been tightened a bit through the requirement that the organization “ensure the necessary competence has been achieved.” This replaces the previous requirements for evaluating the effectiveness of training.
ISO 9001的能力和培训要求已经是长时间最让人头疼的问题了。究其原因是标准给出更广泛的要求,让组织自己判断如何应用这些要求。该判断力已被稍微限定一下,即要求组织”保证达到了必要的能力“,这代替了原来评价培训有效性的要求。
Ensuring that competence has been achieved can take place in a number of manners, but the most obvious is a demonstration of the newly developed skills or abilities. This works especially well for competency building aimed at skills and training. “Okay, we’ve talked about the task, and we’ve demonstrated how it should be performed. Now you give it a try.” If the trainee is able to effectively perform the task over the period of observation, then they could be reasonably considered competent. Keep in mind that the period of observation could be an hour, day, week, or month. It all depends on the complexity of the skill being demonstrated. Most “on-the-job training” programs focus on this kind of evaluation. The trainee starts out as an apprentice and then gradually begins performing many of the tasks themselves. The training culminates in the trainee being able to demonstrate the full range of skills involved with the job.
可以有很多种方法保证已达到能力,但最明显的是新开发的技能或能力的证明。这对旨在技能和培训而建立的能力方面特别奏效。“好吧,我们已经谈妥了任务,我们已经证明任何完成任务。现在你试一试吧”。如果被培训人员能够在观察期内有效地完成任务,那么就有理由认为他们有能力。记住观察期可能是小时、天、周或者是月。观察期的长短取决于要被证明的技能的复杂程度。大多数在职培训项目关注于这类评价。被训人员以徒弟身份开始,然后渐渐地开始独立完成许多工作。在被训人员能够证明相关工作所及的全部技能时,培训结束。
The inspection of an employee's work or product can verify that competence has been achieved. For employees who produce a tangible good or deliver a service, this is often a reasonable indicator of whether training has had the desired effect. Many organizations already have existing systems for inspecting their products, and these systems can be channeled into the training program. But this will only work if the product's inspection is traceable back to individual employees.
检查员工的工作或产品可以验证是否达到能力的要求。对于那些生产有形产品或服务的员工来说,这种方法经常是合理的指示器表明培训示范已经达到期望的效果。大多数组织已经拥有了检查产品的方法,这些方法可被用于培训项目。但是这只适用于产品检查可追溯到个体员工。
Tests and examinations can be used to ensure that competence has been achieved, especially when the competence is related to knowledge and facts. Be aware that many individuals simply don't perform well on formal tests or examinations, regardless of the quality of the instruction and training materials, so this may not be an ideal gauge of effectiveness. Another drawback is that tests are heavy on administration, requiring someone to spend a great deal of time creating the tests, making sure that all learning objectives are addressed, creating answer keys, creating a grading scale, taking time to grade the tests, dealing with test anxiety and disappointment, and so on. Tests and examinations do have the advantage of resulting in a numerical score, which is easy to quantify and track over time.
可用测试和考试的方法来保证能力的达到,特别是当能力与知识和事实相关联时。注意许多员工在测试和考试时表现的不够好,无论在当时和培训资料的质量好坏,因此这也许不是理想的效果测试办法。测试的另一个缺点是给行政管理增加了负担,需要花费大量的时间准备测试,保证教授了所有学习目标,制作答案,制作评分表,考卷打分,处理考试焦虑和失望情绪,等等。测试和考试确实有产生分数的益处,这很容易地量化长期追踪。
Finally, some organizations use performance reviews to draw judgments on whether employees have achieved competency. Most organizations already use performance reviews of some sort. As long as a logical connection can be made between the training and the job performance, the system will work. One caution, however: Make sure to separate the record of performance review from the record of training effectiveness evaluation, as every organization seeking to keep or gain ISO 9001 registration will be required to provide evidence of the evaluation to its third-party auditor. Showing performance review records to outside parties will create ethical (as well as legal) problems, so you're far better off maintaining separate files.
最后,有些组织利用业绩评价来判断员工是否达到能力的要求。大多数组织已经使用业绩评价的某种方法。只有培训与工作业绩之间存在逻辑上的联系,这种方法就有效。但注意:要把业绩评价记录与培训有效性评价记录分开,因为每个组织想要获得ISO 9001认证,就需要给第三方审核员提供评价的证据。给外方出示业绩评价记录会产生道德(同时也可能是法律)问题,因此你最好把文件还是分开放。
Auditors will need to probe the issue of competence deeper than they have in the past. What was once accepted as meeting requirements may not meet the requirements of ISO 9001:2008.
审核员比以前更深入地探究能力问题。以前认为满足标准要求不一定满足ISO9001:2008的要求。
Work environment 工作环境
ISO 9001:2000 will add a note in order to clarify the scope of work environment. Notes are not auditable, of course, but they provide insights on how to interpret the requirements that are auditable. The note states that work environment includes physical, environmental, and other factors needed to produce the products in question. Consider the following examples:
ISO 9001:2000加了个注释以便澄清工作环境的范围。注释部分当然是不审核的, 但可以帮助了解如何解释需审核部分的标准。工作环境的注释包括物理的、环境的和其他使产品出问题的因素。考虑以下例子:
Candy manufacturer: Raw materials are received into the facility and are immediately moved into a climate controlled storage area. The cleanliness of the storage area is immaculate, far different than most other warehouses. A weekly inspection is conducted to look for any evidence of pests. The raw materials are transported into manufacturing by personnel wearing white gloves and smocks, and all manufacturing is tightly controlled under Good Manufacturing Practices. All outside doors and windows are kept closed and the housekeeping is very strict; even the garbage cans are clean and spotless. Nobody with any kind of illness is permitted inside the facility, and no jewelry is permitted to be worn. Once manufacturing is complete, the finished product is stored in an area that is maintained at 40 degrees F, plus or minus 4 degrees, and the gauge used to monitor the temperature is calibrated. A weekly audit is conduced to evaluate the condition of finished product in inventory.
糖果厂:将原材料收到进料器并马上运到气候控制储藏区。储藏区的清洁是无容置疑的,与其他仓库大相径庭。每周检查一次,看是否有害虫。由身穿白色手套和工作服的人员将原材料运送到生产车间,而且所有生产过程实行良好作用规范(GMP)严格控制。紧闭所有对外门窗,极其严格地管理厂区卫生,即使垃圾桶也很清洁和无污物。带有任何疾病的人都不允许进入车间,不允许佩戴珠宝。生产过程一完成,制成品储藏在温度保持在40华氏度,正负4度的仓库,用于监控温度的温度表已做了校准。每周审核一次评价仓库内的制成品。
Insurance company: People are stationed at desks and perform work on computers and telephones. The office temperature is maintained at “typical office conditions,” which is usually a compromise between the women who like the office warmer and the men who like it cooler. Dress codes are enforced so personnel are not distracted in their work and to maintain a professional environment in the event customers visit. Personnel are not allowed to play music from their radios or computers, as the sound disturbs people in their work, even when played at low volume. Hot food items are restricted to the break rooms, as some employees were offended by the smells of certain foods that were consumed at desks. Personnel photographs are decorations are permitted in cubicles, but nothing that could constitute a threatening work environment are allowed. Everything about the office is maintained is a pleasant yet bland manner because this is the environment that was found to result in the highest productivity, lowest service defects, and fewest personnel problems.
保险公司:工作人员坐在桌前,用电脑和电话工作。办公室温度保持在“标准办公室条件”,这是喜欢温暖的女士与喜欢凉爽的男士之间的折中。强制实行着装规定,使工作人员工作时不分神并在顾客访问时保持专业化的环境。工作人员不允许听音乐,因为声音干扰工作,即使小音量也不行。热食品限定在休息室,因为有些工作人员讨厌某些食品的味道。允许用个人照片来装饰工作格,但禁止对工作环境造成危害的任何事情。办公室内的每件东西都以温馨的方式保持着,因为发现这样的环境会产生最高的生产率,最低的服务偏差和最少人员问题。
Paper mill: The inside of the plant is very damp, and a half inch of water is on most of the floors. Additionally, the nature of the production process is very hot in some areas, and the ambient temperature in the summer can reach over 110 degrees. During winter months, temperatures in the warehouses are just a few degrees above freezing. For many years, the harsh environmental conditions were simply accepted as a given. The conditions didn’t negatively affect the product, so management felt no need to change anything. Recently it became clear that employees were becoming ill at a higher than normal rate, however. The increased illnesses affected the mill’s attendance rate, which in turn impacted its ability to produce paper on schedule. Work conditions are being improved now that the link between the environment and product conformity was recognized.
造纸厂:工厂内部非常潮湿,地板上有半英寸的水。另外,生产过程在某些工位非常炎热,夏天周围温度可达110多度。到了冬季,仓库温度只有零上几度。把这样艰苦的环境条件视为是理所应当已经很多年了。但是最近发现工人在高温下生病的比例大于平时。疾病影响了工厂的出勤率,从而影响了按时生产纸张的能力。现在工作条件正在得到改善,环境与产品符合性之间的关系得到了重视。
In all these cases, the work environment is focused on what is needed for the product in question. Sometimes organizations discover connections between the work environment and product conformity that they didn’t know existed, as in the paper mill example. ISO 9001 simply says that you will determine the environmental conditions that you require. Whatever you require is what you will be expected to provide and maintain.
在上述案例中,工作环境关注的是产品需要什么样的条件。有时候,组织发现他们不知道工作环境与产品符合性之间有联系,正如造纸厂的例子。ISO 9001只是简简单单地说你要确定你需要的工作环境的条件。你需要什么就是希望你提供和保持什么。
Here are some typical controls related to specific work environment variables:
以下是与特定工作环境变量有关的典型控制:
* Temperature and humidity: Gauges for monitoring, records of conditions, records of gauge calibration, investigation of affected product when conditions fail to meet environmental requirements
* 温湿度:用仪表进行监控,记录温湿度,记录仪表校准情况,在条件未能满足环境要求时调查受影响的产品
* Safety hazards: Identification of hazards, prioritization of risks, procedures for job safety, monitoring of compliance, records of monitoring, corrective action on accidents and near misses, regular meetings to discuss safety issues
* 安全损害:识别损害,对风险进行分级,制定工作安全程序,监控执行情况,记录监控情况,在发生事故和差点出事时采取纠正措施,定期开会讨论安全问题。
* Lighting, noise, vibration: Specifications for characteristic, procedures for maintaining specifications, ongoing measurement of characteristic, records of measurement, calibration of gauges, records of calibration
* 光线,噪音,震动:做出参数规范,制定程序保持规范,不断地测量参数,记录测量结果,对仪表进行校准,记录校准情况
* Housekeeping: Procedures for housekeeping, defined responsibilities, training of personnel, periodic audits of housekeeping, corrective action on nonconformities, signage to remind personnel of guidelines
* 厂区卫生。制定卫生程序,确定职责,培训员工,定期检查,发现不合格采取纠正措施,做出标志提醒员工遵守
* Personal hygiene & behavior: Documented policies for personnel, recurring training, monitoring by supervision, counseling for employees
* 个人卫生和行为:出台政策,再犯培训,监督监控,提供咨询
ISO 9001 does not require documented procedures or records related to work environment, though it often makes sense to have such things. In cases where the organization establishes requirements for work environment, then the only way to verify that the environmental conditions were met would be through records. Documentation would also be required to consistently communicate the work environment requirements and controls.
ISO 9001对工作环境不需要文件化的程序或记录,虽然制定出文件化的程序和记录经常是有意义的。如果组织建立了工作环境要求,你们确认工作环境是否得以满足的唯一方法就是通过记录。也需要文件始终如一地搭建工作环境要求与控制之间的桥梁。
Thursday, January 24, 2008 By Craig Cochran
(Originally published in The Auditor, Jan-Feb 2008)
Translated by Jelly Feb. 20, 2009
没有评论:
发表评论