Wednesday, May 17, 2017

Design and Development Review, Verification and Validation

    Clause 8.3.4 of ISO9001:2015 requires that design and development should be reviewed, verified and validated:


The requirements here are probably confusing to many readers - What are the differences in these three activities? And what shall be done exactly for each activity?

Design and Development Validation
    Let's first take a look at design and development validation. In ISO9000:2015, validation is defined as "confirmation, through the provision of objective evidence, that the requirements for a specific intended use or application have been fulfilled". ISO9001:2015 says, as cited from Clause 8.3.4, the purpose of validation is to ensure the resulting products and services meet the requirements for the specified application or intended use. From these statements in ISO9000 and ISO9001, several points can be extracted:
1. Validation is done on the resulting product, so it should be done on the real product, not just the ideas of the product.
2. Validation must be done with objective evidences. So it involves a process of obtaining objective evidences. This process can be inspection, testing, and so on.
3. Validation is to confirm the resulting product meet the requirements. So it involves a judgment or a decision making process. 
    As a summary, design and development validation involves analysis (e.g. inspection, testing, etc.) on a real product and a judgement based on the analysis result whether the product actually meets the requirements of the intended use or application.

 Design and Development Verification
    Now let's look at the design and development verification. In ISO9000:2015, verification is defined as "confirmation, through the provision of objective evidence that specified requirements have been fulfilled". ISO9001 says the purpose of verification is to ensure that the design and development outputs meet the input requirements. So the key points here are:
1. Verification is done on design and development outputs. The design and development outputs are the design concepts or ideas of the product, e.g. what materials to be used, what structure to look like. It is not talking about a real product. This is the key difference between verification and validation. In terms of time sequence, verification is done before validation, as design concepts are generated before a real product is manufactured.
2. Verification must be done with objective evidences. So same as validation,  it also involves a process of obtaining objective evidences. This process can be calculation, simulation, experiment and so on.
3. Verification is to confirm that design and development outs meet the input requirements. So same as validation, it involves a judgement or a decision making process as well.
    As a summary, design and development verification involves analysis (e.g. calculation, simulation, experiment, etc) on the design concepts and a judgement based on the analysis result whether the design concepts meets the input requirements. Please be noted that as there's no real product yet during the verification stage.

Design and Development Review
    So how about design and development review? ISO9000:2015 defines "review" as "determination of the suitability, adequacy or effectiveness of an object to achieve established objectives". ISO9001:2015 says the purpose of review is to evaluate the ability of results of design and development to meet the requirements. Based on these statements, it is important to notice that
1. Review is done on the results of design and development. Here the results of design and development can be anything generated from the design and development process, including the design and development plan, the feasibility study, the risk analysis, the design concept of the product, the verification results, the validation results, and even an individual document such as the process flow chart. 
2. Unlike verification and validation, review can be done with or without objective evidences. For example, when a material is proposed for the designed product, there's probably no objective evidence available at this point yet to prove that the material is suitable, but when reviewing the design proposal, a decision can still be made whether or not to approve this material. Review can done through meetings, emails or any other ways of communication. For example, if a document needs to be reviewed before its release, it can just be done through email by individual person, and if a design concept needs to be reviewed before its finalization, a meeting can be held.
3. Review is to confirm that results of design and development to meet the requirements, so same as validation and verification, it involves a judgement or a decision making process.
    As a summary, review is a decision making process, during which the evaluation can be done with or without objective evidences. And it can be done during any stage of the whole design and development process. As mentioned before, verification is done before validation, but review has no such time sequence in relative to verification and validation.
 
Summary
    The table below is a summary of the above discussion, which compares what to be reviewed, verified and validated, when they should be done and how they are done:
Review
Verification
Validation
What
Almost everything
Design concepts
Real products
When
Any time
Before the design concepts are finalized
After real products are made
How
Meetings, emails,
Calculation, simulation, experiment
Testing, inspection
Posted by at No comments:
Labels:

Wednesday, May 3, 2017

Knowledge Management in the Organization

    One of the new requirements in ISO9001:2015, compared with ISO9001:2008, is the management of organizational knowledge, as specified in 7.1.6:
     To implement this requirement in an organization, one first needs to understand the concept of “organizational knowledge” here. It refers to the knowledge which is needed to carry out the quality processes effectively. From the point view of a process (shown in the below graph, cited from ISO9001:2015), the organizational knowledge can be classified into four types:
  1. The knowledge of the input of the process, i.e. the information which determines how to take the actions. For example, when there’s a customer claim, the engineers need to know what kind of failure it is, how the failure occurred, etc., before determining what corrective actions can be taken;
  2. The knowledge of how to and where to obtain the input. For example, in the above case of customer claims, the engineers need to know how to analyze the failure product to identify the cause of the failure;
  3. The knowledge of how to carry out the process, i.e. the experience or skill needed to carry out the actions based on the information obtained. For example, in the above customer claim, after identifying the nature of the failure and the reason of occurrence, the engineers should know what corrective actions to be taken;
  4. The knowledge of how to evaluate the outputs, i.e. the knowledge to evaluate the effectiveness of the actions taken. For example, in the above customer claim, the engineers should have the knowledge to determine whether the actions taken are effective. 
    Now let’s see what an organization should do to fulfill the requirement of Clause 7.1.6. We can rephrase 7.1.6 and list up the requirements there as the following:
  1. Identify the knowledge needed;
  2. Acquire and maintain the knowledge 
  3. Share the knowledge to the persons in the organization who need them;
  4. Repeat the above steps in case of changes.

Let’s discuss what should be done in each step.

1. Identify the knowledge needed
    Once the organization determines the processes in its quality management system (Determining the quality processes is part of the quality planning. Please see this article about quality planning), the organization should also determine the four types of knowledge needed for each process (and for each sub-process in some cases). Below is an example of knowledge identification for the document control process. The organization should do the same for all the other quality processes it has identified.

2. Acquire and maintain the knowledge
    After identifying all the knowledge needed, the organization then should determine which pieces of knowledge should be acquired and how they can be acquired. It is important to know here that “acquiring” means that the organization is gaining the knowledge for the first time. Nobody in the organization has such knowledge at this point. It is different from sharing of knowledge in Step 3. Sharing means the knowledge is made available to additional persons other than the ones who have acquired it.
    There are multiple ways for an organization to acquire a piece of new knowledge, e.g. sending someone to attend external training, hiring experienced and skilled employees, receiving feedback from customers, and analyzing the failures. The organization shall define clearly the ways and the persons who’re responsible to gain the knowledge.
    After acquiring the knowledge, the organization shall maintain it. Though it is not required in ISO9001:2015, it is always preferred to maintain the knowledge in a documented format, e.g. a written procedure, a training material in the format of PPT, etc. For such documented knowledge, the organization can follow the document and records control process to maintain the knowledge. The owner to maintain each piece of knowledge should be assigned.
Following the example in Step 1, the organization can determine how to acquire and maintain each piece of knowledge with the following template:

3. Share the knowledge to the persons in the organization who need them
    After the knowledge is acquired, it should be shared inside the organization with the persons who need it. Ways to share the knowledge include but are not limited to internal training, forums, meetings, email, intranet, etc. The organization should define clearly what knowledge should be shared, how it should be shared, and whom it should be shared with.
    Again, let’s use the document control process and see how to share the knowledge.

4. Repeat the above steps in case of changes
    When there are changes in the quality management system and its processes, the knowledge needed to carry out each process may change as well. In this case, Step 1 to 3 should be redone to update the knowledge and maintain its adequacy and validity. If necessary, the documented procedures, training materials or the documented records which have been established should be updated accordingly.

Some Additional Notes
    When determining whom the knowledge should be acquired by and shared with, the organization should link it up with employee training. As discussed in the other article, what trainings are needed for each post should be defined clearly in order that the employees can have the necessary competency to perform his/her duty. Defining of such trainings for each post must be consistent with the assigning of persons to acquire the knowledge or to be shared with the knowledge.

Posted by at 1 comment:
Labels:
Subscribe to: Posts (Atom)