Our Quality System complies with ISO 9001, but we want to use it to prevent problems, too
“We want to keep track of the defects for our ISO 9001 quality system and, more importantly, we want to prevent them from happening again. We’re ready for an ISO audit because we have the paper forms from our ISO consultant gave us, but they don’t actually improve our quality. How can we get information we can use?”
The real problem
Since the company could not standardize and aggregate the information to look for patterns, they got no warning when a trend was starting. In order to do any kind of analysis, they had to re-enter information by hand from their paper-based ISO 9001 compliant system. As this was incredibly time consuming, it didn’t happen often.
The interview process was simple enough – dig into the most painful issue first and follow up with more questions, leading to valuable insights.
- What’s causing the most stress? Is it maintaining ISO 9001 compliance or solving the quality problems? We need to stay compliant and the paper forms do that for us, but we really want to understand where the quality problems are coming from so we can fix them. So, the answer is “both,” but we think we have the ISO part covered. We don’t want to lose that.
- Is there anything in your Quality Manual that says you need to use the paper forms, or just that you need to track the information? The Quality Manual just says that we track the information, and gives example forms.
- What do you need for audit purposes? We need to know what the problems was, what the immediate corrective action was, what the preventative action will be, who found it, who fixed it, and who verified it was fixed. Everything needs to be signed so we have accountability.
- What do you need in order to dig into and solve the quality problems? We need to know all the ISO 9001 information plus where the problem happened, what kind of problem it was, who was working on it, what equipment was being used, what product was being made, what shift it was, and many other things. More importantly, though, we need to look for trends, but we can’t do that with the paper forms.
- What else have you tried? We tried to enter the data from the forms into spreadsheets, but when lots of people put information in, the sheet always gets messed up. Not intentionally, but people accidentally delete a column and we can’t get the info back. Or two people try to open it at once. Or some people will write a problem happened in the braze furnace and others will write the vacuum furnace even though they are both names for the same piece of equipment. That makes it impossible to do meaningful pivot tables.
- How often does your management team get together to review problems? Our ISO manual just says that we have to do it “quarterly” because it is too hard to try to dig through all the forms more often than that. The downside is that when a problem trend starts, it may be months before we compile the data and notice it.
- How do you know when a problem is solved? We know that we fixed the immediate problem because we’ve either remade or replaced the parts, or sometimes we can use them “as is.” For the preventative actions which make sure a problem doesn’t happen again, though, we can really only confirm that we made a change. The way we know if the change worked is trying to remember it when new quality problems pop up. We can’t have a Quality System that relies on someone’s memory…
A spreadsheet is a good next step from the paper forms, but that usually works when only one or two people have access to it.
The solution in this case was a Corrective And Preventative Action (CAPA) database that had specific roles and responsibilities based on a user’s login. Because each user has their own password, the system satisfies the ISO 9001 requirements. If this were an ISO 13485 requirement, the system could require the user to log in again just before electronically signing anything.
The system had pull downs for all of the categories of information to be tracked, like equipment, people, processes, vendors, material lot numbers, etc. Only the Quality Department could add items to those pull downs to prevent the list from growing too large. The CAPA system then aggregated data across every possible category and, when there was more than three new related quality problems, sent an e-mail notification to the Quality Management Team as a “heads up.” This way, the team got notified as the problems were happening, not just on a quarterly basis.
Finally, the system sent out a notification six months and a year after a preventative action was put in place so the Quality Management Team would get a reminder to go back and verify that it was still effective. The Quality Team then documented that the preventative action was working or that it needed to be updated, which was also tracked.
The company decided to manually enter the past year’s worth of quality issues into the CAPA system. This was a good opportunity to make sure that all of the equipment, categories of problem, and category of products were in place. Once this information was in, the company saw right away that brazing problems usually happened on Mondays after a three day weekend. This led to some experiments that determined that product left out in the open for more than 48 hours started to oxidize, disrupting the braze process. Based on this, products that weren’t going to be brazed within 48 hours were stored in a desiccated container to prevent oxides from forming. This preventative action was checked 6 months and 12 months after it was implemented, and it was confirmed that brazing problems were now no more likely on a Monday than any other day.
About two months after implementing the system, the company’s Quality Department got a notification that the injection molded product line had three problems in only four weeks, and it came from the same vendor and same lot of material. They were able to immediately quarantine the lot of material and avoid making more bad parts.
A big win for the Quality Department was when the ISO 9001 Recertification Audit came up. Rather than spending two weeks pulling all of the CAPA paperwork and making sure everything had the required signatures, they spent 10 minutes setting the auditor up with a “Read Only” account in the CAPA system and showing her how to navigate in it. All of the documentation had the required signatures and the auditor found evidence of tracking and correcting quality problems, setting up preventative actions, and verifying that those actions worked. The process of verifying that the preventative actions were working was cited as a “continuous improvement” step by the auditor, leading to a much easier recertification audit. The auditor was able to cut the length of the audit by two hours because she didn’t need to dig through paper forms.
One of the biggest rewards, though, was that the company saw its overall quality rate start to improve dramatically. There were still problems, but repeat problems quickly became a thing of the past. Not only was the CAPA system ISO 9001 Compliant, it also helped prevent problems.
The nitty-gritty details
The first task was to set up a table of quality issues and make sure that all of the details required by the ISO 9001 Quality Manual could be tracked. More fields were then added for the extra things the company wanted to track, like equipment or process. Then user roles were set up and each role was given either read or read/write authority for each individual field, allowing everyone to enter information in some of the fields and only certain people in other fields, like signature fields. The system was set up to date stamp when certain entries were made, and those dates were used for following up at the required interval. To verify that no records were lost, which could have been an audit finding, the table was set up so records could not be deleted, but they could be flagged as “Entered in Error” so they were not included in any further quality reporting.
Summary reports were written for each parameter tracked, like the person reporting the issue or the product involved. Every night, a script ran to review the reports and if three problems with the same parameter were accumulated, the CAPA system sent the report to the Quality Department for review in the morning.
A separate table was set up for preventative actions and tied to all of the quality problems that the actions should prevent. Quality problems had to be associated with an open preventative action for them to be signed off as complete. Additional reports were written to find all preventative actions implemented more than six or more than twelve months ago but not yet having a sign off for their six or twelve month review. After the Quality Department reviewed the preventative action to make sure it was working, it came off the report. Since multiple quality problems could be covered with the same preventative action, the Quality Department was not overwhelmed with the number of items on the report, which was an early fear of theirs.
Finally, a listing of all quality issues and all preventative actions was set up with drill down functionality for anyone doing an audit and the list could be filtered, sorted, and searched for any specific key words.