ISO 9000 • ISO 14000 • ISO/TS 16949 • TE Supplement • VDA 6.1 • OHSAS 18001 • HACCP
AS9100 • CE Marking • CGMP • ISO/IEC 17025 • BS 7799 • TL 9000 • SA 8000 • ISO/IEC 15408
Supply Chain Management • Six Sigma
ISO 9000 is a series of quality management systems standards created by the International Organization for Standardization (ISO), a federation of 132 national standards bodies. The ISO 9000 quality management systems (QMS) standards are not specific to products or services, but apply to the processes that create them. The standards are generic in nature so that they can be used by manufacturing and service industries anywhere in the world. First released in 1987 and revised in a limited manner in 1994, they underwent a major overhaul in 2000.
The most important revised standard, ISO 9001:2000, uses a simple process-based structure, which is more generic than the old 20-element structure of ISO 9001:1994, is consistent with the plan-do-check improvement cycle used in the ISO 14000 environmental management systems standards, and adopts the process management structure widely used in business today. ISO 9001:2000 addresses an organization’s quality management system requirements, in order to demonstrate its capability to meet customer requirements, and applies to all generic product categories, such as hardware, software, processed materials and services.
ISO 9001:2000 registration gives the organization the benefit of an objectively evaluated and enforced quality management system. It is a tangible expression of a firm’s commitment to quality that is internationally understood and accepted. ISO 9001:2000 registration is carried out by registrars, accredited organizations that review the organization’s quality manual and other documentation to ensure that they meet the standard, and audit the firm’s processes to ensure that the quality management system described in the documentation is in place and is effective.
ISO 14000, released in 1996, is a global series of environmental management systems (EMS) standards, providing a framework for organizations to demonstrate their commitment to environmental responsibility.
An EMS enables an organization to control the environmental aspects and impacts of its activities, products and services by establishing targets and objectives related to identified environmental management goals. Once implemented, an EMS will improve compliance with legislative and regulatory requirements, reduce exposure to liability, prevent pollution, reduce waste and create a more positive public image.
Organizations that register to ISO 14001, the most important of the ISO 14000 standards, demonstrate sound environmental management practices, are able to prevent environmental disasters and government sanctions, and experience fewer regulatory audits by correcting environmental problems. ISO 14000 supporting documents include environmental labeling, life-cycle assessment, environmental aspects in product standards, and environmental performance evaluation.
ISO/TS 16949 is the international automotive quality management systems (QMS) standard, released in 1999 and revised in 2002 to align with ISO 9001:2000. This standard combines ISO 9001:2000 with automotive sector-specific requirements from the American QS-9000, German VDA 6.1, French EAQF and Italian AVSQ quality standards. British and Japanese automakers also contributed to its development.
ISO/TS 16949 applies to all internal and external suppliers of production or service parts; production materials; and heat treating, painting, plating or other finishing services directly relating to original equipment manufacturer (OEM) customers. International automotive suppliers no longer have to satisfy multiple national automotive quality standards, which were often contradictory and led to redundant audits.
Each participating automaker has customer-specific requirements for unique and specific product needs that could not be harmonized. Applicable customer-specific requirements are audited as part of ISO/TS 16949 registration and the particular automaker(s) are listed on the supplier’s registration certificate.
The TE (Tooling and Equipment) Supplement to QS-9000, released in 1996, sets forth quality system requirements for Big Three tooling and equipment suppliers.
Developed by the Chrysler/Ford/General Motors Supplier Requirements Task Force, it fully embraces ISO 9001:1994, includes many of the QS-9000 sector-specific requirements, and contains sector- and customer-specific requirements for manufacturers of tools, dies, molds, plating, robotics and assembly, along with some coolants and lubricants.
Big Three tooling and equipment suppliers must conform to the TE Supplement. Chrysler has mandated that its tooling and equipment suppliers register to this standard.
VDA 6.1, released in 1991, is the quality system standard of the German automobile industry. It was developed by the Verbrand der Automobilindustrie e.V. (VDA), with input from major manufacturers and suppliers.
The majority of VDA 6.1 is based on the ISO 9000 quality management systems standards, but is organized into a distinct set of elements in two areas: Management, and Product and Process. These elements incorporate portions of the ISO 9001:1994 quality system model and the ISO 9004-1 quality system guidelines, along with automotive sector-specific requirements.
VDA 6.1 has also incorporated requirements from QS-9000 and the French EAQF automotive quality standard. In addition, suppliers with design responsibility must comply with German Road Traffic Law.
This standard affects companies that manufacture or supply components and other products to such German automotive manufacturers as Volkswagen, Audi, Mercedes-Benz, BMW, Porsche, Adam Opel and Ford-Were.
The Volkswagen Group, consisting of Volkswagen, Audi, Seat and Skoda, requires all of its production and service parts suppliers to register to VDA 6.1.
OHSAS 18001, developed by a group of European standards bodies, is an occupational health and management systems (OHSMS) standard designed to create a safer workplace. OHSAS 18001 contains requirements in such areas as planning, risk assessment and hazard identification, consultation and communication, operational control, emergency preparedness and response, and accidents and incidents.
OHSAS 18001 is ideal for a company that wants to make occupational health and safety a priority; reduce liability, workers’ compensation and medical treatment costs; eliminate or minimize workplace injuries, and increase employee productivity; and decrease absenteeism and lost work hours by preventing injuries and accidents.
Debate over the International Organization for Standardization (ISO) developing an OHSMS standard continues. ISO may revisit the matter in the future, with OHSAS 18001 offering a possible framework for such a standard.
Hazard Analysis of Critical Control Points (HACCP)
Hazard Analysis of Critical Control Points (HACCP), enforced by such agencies as the US Department of Agriculture’s Food and Safety Inspection Service (FSIS) and the Food and Drug Administration (FDA), is a scientific process control system for eliminating contaminants at critical areas in the food production and distribution process.
HACCP helps to prevent, as close to 100 percent as possible, harmful contamination in the food supply. To ensure safer food, HACCP requires the following seven principles to be followed:
- Conduct a hazard analysis
- Identify critical control points (CCPs)
- Establish critical limits for CCPs
- Establish monitoring procedures
- Establish corrective actions
- Establish verification procedures
- Establish record keeping procedures
HACCP requirements, endorsed by the United Nations Codex Alimentarius, European Union, Canada, Australia, New Zealand and Japan, apply to meat, seafood and poultry plants; grocery stores; restaurants; and other food processing and handling facilities.
AS9100, released in 1999 and revised in 2001 to align with ISO 9001:2000, is the international ISO 9000 derivative for suppliers to the aerospace industry. AS9100 takes the ISO 9001:2000 quality management systems standard covering every step and department of the manufacturing process, and inserts aerospace industry-specific requirements. AS9100 also addresses flowdown of aerospace prime contractors’ quality management system requirements to suppliers and their subcontractors. Flowdown includes specifications for parts or assembly designs, characteristics, inspections, and other process functions and product features.
The prime aerospace contractors consider AS9100 a major step in the history of quality management in the aerospace field. Government agencies, such as the Defense Department and the Federal Aviation Administration (FAA), also support AS9100, though suppliers still have to meet additional federal requirements. The major difference is a drop in compliance costs and time for suppliers, due to the elimination of multiple audited governmental standards. This industry-generated standard also takes the place of programs the government has dropped.
AS9100 is designed to reduce defects in the supplier chain, continually improve quality and boost customer satisfaction. By becoming registered to AS9100 and ISO 9000, companies dealing with aerospace prime contractors and the government enjoy a competitive advantage. The regulatory burden is lightened, so suppliers can spend more time improving the manufacturing process in an industry that puts a top priority on safety and quality.
The CE Marking is required to sell any product manufactured or distributed under European Union (EU) New Approach Directives in the European Economic Area (EEA). The EEA consists of the 27-nation EU. In addition, Switzerland, although part of European Free Trade Association (EFTA), is not part of EEA. The other 3 non-EU countries in EFTA, Liechtenstein, Iceland and Norway, are members of the EEA.
The New Approach Directives, designed to eliminate technical barriers to trade in Europe, set product safety technical requirements. The most important of these apply to medical devices. Other directives include low voltage, simple pressure vessels, toys, construction products, electromagnetic compatibility, machinery, personal protection equipment, telecom terminal equipment, boilers, explosives and recreational craft.
The CE Marking is affixed to products after they are successfully tested for conformity to applicable directives.
Current Good Manufacturing Practices (CGMP)
Manufacturers of medical devices that plan to distribute products in the U.S. are required to adhere to Food and Drug Administration (FDA) Current Good Manufacturing Practices (CGMP), under which the company must establish a quality assurance program and its medical devices must meet specifications and controls to guarantee they are safe and effective for intended use.”
CGMP covers quality assurance programs and organization, buildings, equipment, components, production and process controls, packaging and label control, distribution and installation, device evaluation and records.
The FDA monitors medical device problem data and inspects the operations and records of device manufacturers to determine CGMP quality assurance compliance.
ISO/IEC 17025, released in 1999, contains all the requirements that testing and calibration laboratories must meet to demonstrate that they operate quality management systems (QMS), are technically competent and can generate technically valid results. All ISO 9000 requirements that are relevant to the scope of testing and calibration laboratory QMS have been incorporated into ISO/IEC 17025, along with technical competency requirements.
ISO/IEC 17025 covers such matters as quality system; personnel; document control; review of requests, tenders and contracts; subcontracting of tests and calibrations; purchasing services and supplies; services to the client; control of records; internal audits; accommodation and environmental conditions; test and calibration methods and method validation; equipment; measurement traceability; sampling; handling of test and calibration items; and reporting the results.
ISO/IEC 17025 accreditation is a more thorough process than ISO 9000 registration because it recognizes a laboratory’s competence to produce technically valid results as well as its QMS conformance. When a laboratory is part of a larger facility, ISO/IEC 17025 accreditation can occur at the same time as ISO 9000, QS-9000 or ISO/TS 16949 registration if the auditor is working for both an accreditation body and a registrar.
BS 7799, developed by the British Standards Institution (BSI), provides a comprehensive set of information security management systems (ISMS) controls, which apply to information systems used by organizations in industry and commerce, including information processing technology in the area of networks and communications.
There are two parts to the standard. BS 7799-2 is a specification standard that sets ISMS requirements that can be implemented, audited and used for registration. BS 7799-1 is a guidance document that is the basis for the international information security guidance standard, ISO/IEC 17799.
The standard covers such areas as document control, security policy and organization, asset classification and control, physical and environmental security, communications and operations management, access control and compliance with legal requirements. Organizations seeking BS 7799 registration must assess security risks, select controls and develop guidelines.
TL 9000, released in 1999 and revised in 2001 to align with ISO 9001:2000, is the telecommunications industry derivative of ISO 9000. This standard harmonizes telecommunications quality management system (QMS) requirements for the design, development, production, delivery, installation and maintenance of hardware, software products, and services. Conformance to TL 9000 decreases time to market and improves the total cost of ownership throughout the supply chain.
TL 9000’s structure contains five levels of QMS requirements and measurements. They are ISO 9001:2000; common telecommunications industry quality system requirements (QSRs); hardware, software and services specific QSRs; common telecommunications industry measurements; and hardware, software and services specific quality system measurements.
TL 9000’s telecommunications sector-specific QSRs are divided into six categories and marked accordingly: common (C), hardware (H), software (S), services (V), hardware and software (HS), and hardware and services (HV). There are no services and software (VS) elements. A supplier is only required to implement the additional elements that fit its scope of operations. Only a hardware and software company that offers a service must implement all sector-specific requirements.
TL 9000 breaks ground by establishing cost and performance based measurements that measure the reliability and quality performance of hardware, software and services. These performance measurement tools are important from the customer’s point of view and include hardware return rates, system outages, number of problem reports, software update quality, on-time delivery, invoice accuracy, and the efficiency and level of success of the supplier’s business processes and activities.
TL 9000 registration may encompass an entire company, an organizational unit, a combination of units, several facilities, an individual facility, or a limited and defined product line. The registration scope may be for hardware, software, services or any combination thereof.
Social Accountability (SA) 8000, released in 1997, is the first international standard dealing with the workplace environment. It requires employers to pay wages sufficient to meet workers’ basic needs, provide a safe working environment, not employ child or forced labor, and not force employees to regularly work more than 48 hours a week. Other SA 8000 elements address health issues, freedom of association, discrimination, disciplinary practices and management.
Developed by the nonprofit Council on Economic Priorities Accreditation Agency (CEPAA), with the assistance of a wide range of business, industry, labor, human rights, certification and audit experts, and based on several existing international human rights standards, including the United Nations Universal Declaration of Human Rights and the Convention on the Rights of the Child, SA 8000 provides a means to improve working conditions and meet the social challenges of economic globalization.
SA 8000 certification enables a company to project a positive image and good reputation to clients, employees, suppliers, shareholders and consumers. This standard gives the general public confidence in the ethical production of the products they buy, contains mechanisms for continuous improvement and provides a marketing edge with better labor practices. Enforcing humane conditions in factories may also lead to higher quality products on the market.
ISO/IEC 15408, released in 1999, is the first international information technology security evaluation criteria standard, defining Common Criteria (CC) used to evaluate security properties of information technology (IT) products and systems, such as operating systems, computer networks, distributed systems, applications and other hardware, firmware and software.
These requirements apply to both security functions of IT products and systems, and assurance measures used during security evaluation and validation. The CC can also be used as a guide by IT consumers, developers and evaluators in developing or procuring products or systems with IT security functions.
During a security evaluation or validation, an IT product or system is known as a Target of Evaluation (TOE). A set of security requirements and specifications used to evaluate or validate a TOE is a developer Security Target (ST). An implementation-independent set of security requirements for a category of TOEs that meet specific consumer needs is a user Protection Profile (PP). Evaluation and validation is an assessment of a PP, ST or TOE against CC security requirements.
The ISO/IEC 15408 CC is implemented in the U.S. by the National Information Assurance Partnership (NIAP) Common Criteria Evaluation and Validation Scheme (CCEVS), which sets standards; monitors the quality of evaluations; and assures that the Common Evaluation Methodology (CEM), which addresses evaluation methodology and procedures, is used consistently across government-accredited, product testing and evaluation facilities.
Information technology security evaluations are conducted by Common Criteria Testing Laboratories (CCTLs), commercial testing laboratories accredited by National Voluntary Laboratory Accreditation Program (NVLAP), approved by the NIAP Validation Body and placed on the NIAP Approved Laboratories List
Supply Chain Management
Supply Chain Management recognizes that competition is now across supply chains, not individual companies. A supply chain is the network of companies linked together in supplier to customer relationships across a product life cycle from raw material to final consumption. Supply Chain Management integrates every aspect of product development and design, producing competitive advantages throughout the product life cycle.
Supply Chain Management optimizes and synchronizes material, process, information and cash flow from raw material to final consumption, while driving out excess inventory and unnecessary costs. The right product gets delivered to the right place, at the right time and at the right price.
Any organization in the supply chain network can initiate a supply chain program and realize benefits. However, the closer a company is to the final customer, the better it is positioned to lead a Supply Chain Management program.
Six Sigma is a statistically oriented approach to process improvement, designed to reach a quality level of less than 3.4 Defects Per Million Opportunities (DPMO) for Critical-To-Quality (CTQ) characteristics in a manufacturing or service process.
Achieving this Six Sigma level reduces the cost of defects from 20-30 percent to 1 percent of revenues. There is a reduced need for testing and inspection, costs go down, cycle time decreases and customer satisfaction goes up as companies are able to deliver the highest quality product, on time and at the right price.
Six Sigma uses a variety of tools, including Statistical Process Control (SPC), Total Quality Management (TQM) and Design of Experiments (DOE). It can be coordinated with other major initiatives and systems, such as new product development, Materials Requirement Planning (MRP) and Just-In-Time (JIT) Inventory Control.