RISK MANAGEMENT and ISO 17025:2017

Transcription

1 RISK MANAGEMENT and ISO 17025:2017 Dr. Bill Hirt Global Technical Advisor ANAB / ANSI-ASQ National Accreditation Board January 31, 2018

2 Outline of Sections Introduction of ANAB Risk management consistency in ISO stds General understanding of Risk-based Mgmt and Tools Resources of ISO Guidelines Document Elements in new standard for RISK How RISK is challenge both for labs and AB s

3 ANSI-ASQ National Accreditation Board / ANAB Non-profit accreditation body; now 25 years in the industry Offer ISO programs and sector specific ISO-based programs 60 full time employees, 185 technical assessors, 4 office locations Accredited customers in 58 countries, over 2,000 total accr ns Signatory to 4 int l MRAs/MLAs (ILAC, IAF, IAAC, APLAC)

4 ANSI-ASQ National Accreditation Board / ANAB LABORATORY-RELATED Laboratories FORENSIC ISO/IEC Accreditation for Inspection Bodies ISO/IEC forensic ISO/IEC test laboratories and RMP ISO/IEC forensic ISO agencies PT Providers Training ISO/IEC Product Certifiers ISO (w/ansi) Government Programs: DoD ELAP, EPA Energy Star, CPSC Toy Safety, NRC, NST IPV6, US Navy Training MANAGEMENT SYSTEMS Certification Bodies ISO/IEC Accreditation for Management System Certification Bodies: ISO 9001 (QMS) ISO (EMS) ISO (Food) TS (US Automotive) etc. Training 4

5 Risk components to cover Risk Terminology & The Four Elements of Risk Role of Standards In Changing Perceptions of Risk Process vs Product Risk and Existing Controls Metrics and Tools Converting Unknown to Known EAGLE Certification Group 2017 Confidential Do Not Reproduce 5

6 What is Risk? THE EFFECT OF UNCERTAINTY UPON OBJECTIVES Source: ANSI Z A risk is a potential future event that could result in adverse and unplanned consequences A risk may not be a problem, an issue or a crisis! With Mitigation Risk is also a measure of the potential inability to achieve overall program objectives within defined cost, schedule and technical constraints * *Reference: Risk Mgt Guide for DoD Acquisition, 4th Edition, June 2003 EAGLE Certification Group 2017 Confidential Do Not Reproduce 6

7 Risk Based Thinking Risk Implementation Used throughout your organizational processes Risk-based thinking for QMS (business) - Clause 6.1 Identify and prioritize Plans to address the risk (PLAN) Implement the plan (DO) Check for effectiveness (CHECK) Learn from experience (ACT) EAGLE Certification Group 2017 Confidential Do Not Reproduce 7

8 Risk Based Thinking Outcome Prevention (Replacing P/A) Risk to the Customer Minimize risk to the organization! Staff Equipment Product/Service Be eliminated or mitigated risk EAGLE Certification Group 2017 Confidential Do Not Reproduce 8

9 Risk Management Terminology* Uncertainty: The state, even partial, of deficiency of information related to, understanding or knowledge of, an event, its consequence, or likelihood. Risk: Characterized by reference to potential events and consequences or a combination of these and expressed in terms of a combination of the consequences of an event and the associated likelihood of occurrence. *All Definitions are 2011 American National Standards Institute and published in ANSI/ASSE Z the National Adoption of ISO Guide

10 Risk Management Terminology* Risk Management: Coordinated activities to direct and control an organization with regard to risk. Risk Management Framework: Set of components that provide the foundations and organizational arrangements for designing, implementing, monitoring, reviewing, and continually improving risk management throughout the organization. *All Definitions are 2011 American National Standards Institute and published in ANSI/ASSE Z the National Adoption of ISO Guide

11 Risk Management Terminology Likelihood: the chance of something happening Exposure: the extent to which an organization is subject to an event Consequence: outcome of an event affecting objectives

12 Risk Management Terminology Probability: the chance of occurrence (0-1) Frequency: number of events per unit of time Vulnerability: intrinsic properties of something resulting in susceptibility to a risk source that can lead to an event with consequence

13 New ISO 9001 and Terminology Documented Information: Written procedures & Records Maintain: Documented Procedures Retain: Records

14 Four Elements of Risk Management Risk Management encompasses: Identification Prioritization Measurement & Feedback Mitigation Each applies equally to the QMS system, PROCESS and PRODUCT associated risks! All phases of product realization AND all aspects of company operations!

15 All management system standards now specify risk management activities: TOTAL System AS 9100, AS 9110, AS 9120 (aerospace) ISO (medical devices) ISO & SQF IATF ISO 9001 ISO/IEC Risk and Standards While all address risk, each has a unique twist. Until the Annex SL was created, standards focused on risks associated with the product only and not all areas of the organization

16 Managing Process Risk The standards require the identification and reduction of process-based risks.

17 Contract Review Product Development (Design) Purchasing Process Risk Examples Planning / Production / Service Change Control / CA / PA Modify your forms to mandate risk analysis Testing for accredited work Test report issuing

18 Common Risk Identification Tools BRAINSTORMING FMEA HACCP Cause / Effect Diagram 5 Whys Preliminary Hazard Analysis Fault Tree Analysis Internal & External Audits

19 Show Me The Data Pay LESS attention to the actual NUMBERS, FOCUS attention on the TRENDS Trends provide the CONTEXT for the numbers good or bad, trending up or down, above target or below target.

20 Risk Prioritization The process of analyzing Prioritizing Process risks against impact Product Schedule Performance criteria Cost Copyright 2017 DB Performance Solutions, LLC and ISTI, LLC

21 Common Risk Prioritization Tools FMEA (Severity, Detection, Occurrence, RPN) HACCP Impact / Effort Matrix Pareto Analysis Copyright 2017 DB Performance Solutions, LLC and ISTI, LLC

22 RMS Risk Prioritization Tools BALANCED SCORECARDS and RISK MATRIX

23 Impact Analysis Impact Benefits High Medium Low 1 Low Medium High * Incorporate the change 3 4 Additional analysis should be conducted prior to making the decision Do not incorporate the change Note: *3 - high impact x high benefits - No change allowed, but we need to record details of proposed change, to provide input into future revisions. EAGLE Certification Group 2017 Confidential Do Not Reproduce 23

24 Risk Matrix Legend: Acceptable Concern Critical

25 Risk Mitigation Identify Evaluate Select Revaluate Residual Risk? Reduce?

26 Common Risk Mitigation Tools Strategic Planning (Management) Control Plans Team Based Problem Solving (8-D) Poke-Yoke (Error-Proofing) Training / Awareness On Site Audits, Internal, Customer, Third Party Design for: Reliability / Maintainability / Manufacturability

27 System-Level Mitigation Tools Contingency Plans Emergency Response Plans Succession Planning Strategic Planning Reviews

28 Risk Monitoring & Feedback Established metrics Systematically tracking and evaluating performance Ensure that Lessons Learned feedback into future risk identification activities. Changes need to current mitigation?

29 Evaluating Risk Effectiveness CAPA System Internal Audit Returns / Warranties / Complaints Review of Internal Failures Management Reviews

30 Feedback Make certain that RISK IDENTIFICATION includes past experience from related products: Things Gone Wrong / Things Gone Right Feasibility Reviews Design Reviews Adverse Event Reports Previous Complaints Customer Feedback

31 Risk vs Company Size Varying Applicability to Different Functions Risk Processes..appropriate to the product and the organization

32 Risk vs Company Size Supplier Management: Supplier capability, interface, etc. Purchasing: Vendor capability, Critical material / part / detail, lead times, special process Manufacturing: Applying appropriate methods, special processes Inspection: Independent verification, Critical requirements Individuals: Application decisions, injury

33 Risk Management Review [Management] review shall include assessing opportunities for improvement and the need for changes to the quality management system How is this linked to the expectations of Risk Management?

34 Risk Management Review What are the results of the Key Metrics? What risks have been reduced due to Internal Audits? What risks were identified in External Audits? What risks were detected by our CAPA System?

35 Risk Management Review What risks escaped detection and caused complaints / rework / warranty? Have the risk management plans been updated accordingly? What external changes can impact our risk? What additional or transferred resources are required to minimize or eliminate risks?

36 RMS Scorecard Review example scorecard provided Red / Yellow / Green Stoplights for immediate impact of problem areas Based upon defined metrics and objectives covering defined functions in the organization Higher level concerns Bubble-Up to the next layer of the organization.

37 Summary Many ways to manage Risk Many ways to document methods for Risk Many tools for Risk Management Some Standards / Customer-required Methods

38 Risk categories general business Product properties Business impact Customer-related Development environment Process issues Staff size / experience Technical issues Technology / Other

39 ISO / ANSI-Z-540 Risk Primarily for calibration laboratories following ANSI-NCSL-Z in addition to Required measurement and review to determine probabilities of RISK for decisions.

40 ISO / ANSI-Z-540 Risk

41 Class exercise In your tables or groups of 4 to 8 if possible Spend 3 or 4 minutes thinking about your lab / organization think of at least 3 or 4 risks, take notes then share with your group

42 ISO Table of contents-1

43 ISO Table of contents-2

44 ISO Risk Management enables an organization to :

45 ISO Risk Management enables an organization to : (2)

46 ISO Risk Management

47 Risk elements in ISO 17025:2017 Introduction paragraph impartiality lab to demo how it minimizes it reporting statements of conformity 7.10 b -- non-conforming work Actions to address Risks & Opp s / / plan actions proportional

48 Risk elements in ISO 17025:2017 (2) Note only in Improvement e -- update risk piece of CAR s m -- management review results of risk identification Bibliography references ISO guidelines Includes when evidence / records required

49 How will AB s assess Risks & Opp s New to the ISO world, though not 9001 All AB s now challenged to develop policies Need customer lab inputs and examples Likely to wrestle with this for the 3-year implm tn Assessors have similar learning curve as labs

50 Questions and Discussion Good Luck!!

51 Contact Information Dr. Bill Hirt Global Technical Advisor ANAB / ANSI-ASQ National Accreditation Board bhirt@anab.org / billhirt17025@gmail.com info@anab.org and Training Offerings info@asq.org