Returning customers: To access ISO tools that you have previously purchased, click here to login.
|
User Login
Login to access CASRO
product downloads
|
|
Preparing for the ISO 20252 and/or ISO 26362 Audit
A Simple Overview for Implementing ISO 20252 / ISO 26362:
Step 2: Appoint or assign a Quality Manager or Team. expand
- A company needs to appoint a quality manager/representative to achieve certification. The role could be absorbed into the existing organizational framework or could be shared between several existing roles.
|
Step 3: Complete an application for CIRQ Certification Services
Step 4: Read the ISO standard(s). Wherever the Standard states 'shall', there is a requirement to be met. Determine what the requirement are and discuss with your staff to determine what is required and what is currently in place.
Step 5: Identify both gaps between requirements of the standard(s) and the existing practices.
Step 6: Identify what, who and how the gaps will be filled. expand
- Identify areas where significant changes would be required to meet the whole standard.
- Develop a work program and timetable needed to achieve certification.
- Identify division of work among staff/departments.
- If a documented quality system does not exist, begin development of a Quality Manual or Procedure Manual.
|
Step 7: General Principles for inclusion in a Quality Manual: expand
- The quality manual is the top level document and should state the overall activities of the business and the quality system in relation to the services provided by the company.
- Section 3 of ISO 20252 is the quality management system framework and must be addressed within the system. Most of this section also applies to ISO 26362 as defined in its Section 4.2.
- Sections 4 - 7 of ISO 20252 follow the sequence of mainstream operations - from quotation and proposal through to final reporting.
- Section 4.1 and Sections 4.3 - 4.8 of ISO 26362 describe the components of establishing and managing an access panel. Throughout ISO 26362 there are numerous references to sections in ISO 20252 that also apply
- Keep documentation succinct - less is best.
|
Step 8: General Principles for inclusion in a Quality Manual: expand
- Procedures should then support the quality manual and be specific to process and activities of the business aligned to service delivery functions only. Make an assumption that staff will be trained and are competent, therefore processes need to be activity based rather than instructional based – procedures are not an instruction manual. i.e. procedures should be based on knowledge of the industry and reflect the series of activities undertaken to achieve an end point as compared to instructional material that is training/learning material.
- Each procedure or linked group of procedures not only specifies what is done but also assigns responsibilities; who, by title, does it.
- For most procedures or groups of them, the documented evidence (hard copy or more often computer record) of compliance is described. This becomes important when the system is audited. Most systems do not involve the creation of numerous forms. Much of the evidence will be in the form of or part of documents normally produced through research projects or other processes.
- It may be valuable to include an appendix to cross reference each clause of the appropriate standard to the procedures and quality manual. Although not essential, this serves two purposes. Firstly to ensure that the procedures do fully cover all relevant requirements of the standard(s) and, secondly, to make work easier for external auditors. Such cross referencing is needed because the procedures, as pointed out above, follow the sequence of operations rather than of the standard.
- Once finalized, procedures become a "controlled" document so that only one agreed version is followed at any one time.
|
Step 9: Implementing the System: expand
- Be sure staff is aware of components of the Quality Manual/System relevant to their position description.
- Either hold a series of meetings to inform/train staff or develop a slide show that is sent to each staff member who will be required to view and respond by email to identify that they understand the changes, accept them and agree to implement them.
- Appoint internal auditors to monitor and test the system through audits. Alternatively, have the quality manager or quality team create checklists that can be distributed to departments which cover terms of compliance. Departments can cross check one another's area. Most of this can be done electronically taking a no fuss approach.
- Where anomalies occur or processes need to change simply have the company internal auditors or department staff identify the problem. Then, the quality manager can oversee changes needed and compliance. Keep records to be used as internal audits in compliance with the standard.
- So that there is likely to be sufficient evidence of compliance, a minimum of three months between implementing a quality system and the first assessment is required. Three months is a standard expectation of records of compliance. However, given that most companies already comply with around 70% of the standard, you may take the 80/20 rule as a benchmark. That is, 80% of the systems being audited need to have evidence of at least 3 months compliance. The remaining 20% must show compliance BUT can be part of the continuous improvement required of the ISO standard and therefore does not have to have been proven for 3 months. As a rule, a company must show compliance to the intent of ISO 20252 and ISO 26362 (if applicable) for 3 months prior to audit.
|
Step 10: Completion of Certification Forms: expand
- Once the system has been operational for a few months, the company is now ready to complete the self-assessment form which they submit to CIRQ for pre-assessment.
- Based on the self-assessment form and documents submitted with it, the documented quality system will be reviewed and the company's readiness for audit will be evaluated and documented on the pre-assessment form.
- If it is determined by CIRQ that the company appears to be ready, an audit plan will be developed and the CIRQ audit will be initiated.
|
Step 11: On-site Audit: expand
- CIRQ auditors will spend time at the client company's site, in all departments and working areas, seeking evidence of compliance with the standard(s). Since the first stage of the assessment will have established that the documented quality system covers all requirements, the assessment is effectively against the company's own system - its own procedures - and the process is much the same as internal audits. The assessment and certification specification set out a minimum input by auditors based on the size of the company.
- Before starting the audit, auditors prepare an audit plan, with reference to all the company's documented quality system to be audited, highlighting the evidence to be examined.
- The primary evidence of compliance sought by auditors is either hard copy document or computer generated files. However, staff will be asked to describe how processes are carried out and expected to know the procedures relevant to their own work. Staff will also need to retrieve each requested piece of documented evidence and if necessary explain what it shows. These records are expected to be accessible in a reasonably quick timeframe while the auditor is on site and this also has implications for how it is filed and stored.
|
How can a CASRO member purchase copies of these standards ?
|
