Your SlideShare is downloading. ×
ATP Quality Assurance Plan
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

ATP Quality Assurance Plan


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. ISO 9001: BEST PRACTICE OUTLINE PREPARED FOR: Surface Warfare Center, Indian Head Division 25 May 2010 This report is confidential and intended solely for the use and information of the company to whom it is addressed. Avid Technology Professionals
  • 2. © 2007, ATP * CONFIDENTIAL AND PROPRIETARY INFORMATION * All Rights Reserved Document Change History Version Date Description Number Avid Technology Professionals 2
  • 3. © 2007, ATP * CONFIDENTIAL AND PROPRIETARY INFORMATION * All Rights Reserved I. Quality Assurance Program Overview Avid Technology Professionals recommends that the NSWC/IHD Assessment Program consists of two major documents and three supporting appendices. These documents are based on and build on the ISO 19011 process: 1. NSWC/IHD Assessment Program Overview. This document summarizes how the entire program functions and how the other documents relate to each other. 2. NSWC/IHD Assessment Best Practice Outline (this document). This document is based on the ISO 19011 “Guideline for quality management systems auditing” document. This standard provides the overall best practice outline for conducting a QA assessment. This overall outline is supported by details provided in the Appendices. 3. Appendix A- Assessment Program Authority. This appendix aligns with ISO 19011’s section 5.1. This section includes all activities needed to establish an authority for the assessment program. 4. Appendix B- Assessment Program Planning. This appendix provides support for establishing program objectives and the program scope. a. Assessor Competencies. This lists out skills that the assessors should possess. b. Voice of the NSWC/IHD Survey. The survey objective is to get the NSWC/IHD organizations input into the overall “state of the assessment program.” 5. Appendix C- Assessment Program Implementation. This is the core checklist that provides assessors with questions to guide their on-site activities. The checklist is primarily based on ISO 9001 and is supported by multiple frameworks. a. Assessment Checklist b. Supporting Assessment Checklists Avid Technology Professionals 3
  • 4. © 2007, ATP * CONFIDENTIAL AND PROPRIETARY INFORMATION * All Rights Reserved II. Assessment Best Practice Outline Executive Summary ATP will provide computer and technical support in the planning and framework development for NSWC/IHD’s mission to become ISO 9000 certified. ATP has various experiences with ISO 9001 to include helping government clients initiate an ISO 9001 program. ATP will help NSWC/IHD ensure that the LIMS application supports and enhances this mission to its fullest ability. Such a task could consist of further development of the NSWC/IHD’s quality management system based on the relevant standards, clearly defining and documenting those standards for the laboratory, identifying gaps between the NSWC/IHD's current quality management system and what is required for certification; plus, providing assistance with the registration process at it applies to LIMS. This document provides a Quality Assurance best practice outline that ATP would use. This outline is intended to describe the key components associated with having an ISO compliant QA program. This outline is based on ISO 19011. ISO 19011 has the following 5 major activities: 1. Establish an assessment program authority 2. Establish the assessment program 3. Implement the assessment program 4. Monitor and review the audit program 5. Improve the audit program. The relationship between these activities is shown below. These activities are described further in sections 5-7. Sections 5-7 also reference NSWC/IHD NSWC/IHD-1 ongoing QA activities (in green font). The intent is to show the relationship between ISO 19011 and the current NSWC/IHD QA program. Avid Technology Professionals 4
  • 5. © 2007, ATP * CONFIDENTIAL AND PROPRIETARY INFORMATION * All Rights Reserved Authority for the audit program Establish the audit program P • Objectives and extent Competence L • Responsibilities of Auditors A • Resources N • Procedures Implementing the audit Program • Evaluating auditors Improving the D Audit Program • Selecting audit teams Audit O • Directing audit activities Activities A • Recording C T C Monitoring and reviewing H the audit program E • Identify opportunities for improvement C K III. ISO 19011 Best Practice Outline Scope This International Standard provides guidance on the principles of assessments, managing assessment programs, conducting quality management system assessments and environmental management system assessments, as well as guidance on the competence of quality and environmental management system assessors. It is applicable to all organizations needing to conduct internal or external assessments of quality and/or environmental management systems or to manage an assessment program. The application of this International Standard to other types of assessment is possible in principle, provided that special consideration is paid to identifying the competence needed by the assessment team members in such cases. IV. Customized Assessment Program ATP will use a hybrid of best practices to create the NSWC/IHD Center ISO 9001 program. This customized approach synthesizes the most relevant materials into one cohesive program. This NSWC/IHD Center program will build on two fundamental standards: ISO 19011 and ISO 9001. COBIT, ITIL, and ISO 20000 may become supporting standards that provide details and specifics that the NSWC/IHD Center organization requires. Balanced Scorecard is used to report the results. Balanced Scorecard provides a means to aggregate the assessments and to look for the “big picture” commonalities. Balanced scorecard also provides the potential to automate the Assessment Process and Assessment Reporting. ISO 19011 provides an overall audit Avid Technology Professionals 5
  • 6. © 2007, ATP * CONFIDENTIAL AND PROPRIETARY INFORMATION * All Rights Reserved process overview that tells an organization how to start, execute, and terminate an audit program. ISO 9001, COBIT, ITIL, and ISO 20000 are standards that provide in-depth QA details. Figure 2- Overall Assessment Program depicts the relationship between these standards and methods. It shows ISO 19011 as the base, ISO 9001 as the supporting base, COBIT/ ISO 20000/ ITIL as the supporting standards, and Balanced Scorecard as the reporting mechanism. Further details will be developed and integrated into appendixes. QA Program E stablished by B Practices est Balanced Sc orecard Standardized reporting, agg regate picture , Pareto diagra Tabulate level m 2 & derive leve l 1 metrics Provide specific COBI Sustainment Function ISO Provide specific Sustainment guidance Function 2000 guidance ITI ISO 9001 - Quality L Managem ent System Methodology to de termine root causes ISO 19011 - Gui delines for qual Provides the ov ity management sy erall process an d programmatic stems auditing methodology Figure 2 - Overall Assessment Program Avid Technology Professionals 6
  • 7. © 2007, ATP * CONFIDENTIAL AND PROPRIETARY INFORMATION * All Rights Reserved III. Phased Approach The NSWC/IHD Center Assessment Program will utilize a phased approach. The four phases will be associated with several objectives. The phases are broken down as follows: Phase I- Establishing the Baseline Assessment Program. Primarily focused on developing a baseline assessment practice based on ISO 19011 and ISO 9001 standards. Understand the “as-is” state. Develop an automated process for sending out due out reminders. Phase II- Refining the Assessment Program based on recommendations. Focused on defining the end state, conducting an assessment, draft a reporting methodology, developing metrics and modifying the assessment program based on lessons learned. Phase III- Tabulating & Deriving Consolidated Metrics. Focused on gaining efficiencies and taking the assessment program to a new performance level. Key goals include refining the Key Performance Indicators and aggregating the NSWC/IHD centers level two metrics into a CIO-level depiction. Phase IV- Automating the Process. The primary goal is to provide automation tools for the assessors and an automation tool to generate reports. The tool should allow leaders to generate various views. IV. Phase I - Baseline Assessment Program This phase will entail developing an overall process and programmatic methodology in accordance with (IAW) ISO 19011.: 1. Develop an initial best practice outline based on ISO 19011. 2. Conduct a “Voice of the NSWC/IHD” Survey. Surveys will be sent to the divisions. 3. Document the “as-is” environment and perform a gap analysis of existing NSWC/IHD Center audit processes and the best practices for IT auditing 4. Create checklists that focus on understanding the process and identifying process owners. 5. Create an automated process to send out reminders for deliverables and action items. 6. Tollgate review of results with senior leadership. 7. Document Phase I Lessons Learned. The ISO 19011 process is depicted in the blue box in Figure 3 below. The outside boxes show the relationship between the supporting best practice mechanisms and ISO 19011 that will be developed and implemented during Phase I. Avid Technology Professionals 7
  • 8. © 2007, ATP * CONFIDENTIAL AND PROPRIETARY INFORMATION * All Rights Reserved Authority for the audit program Establish the audit program P • Objectives and extent Competence L Appendix B- • Responsibilities of Auditors A - Assessor Competencies • Resources N - Voice of the NSWC/IHD • Procedures Survey Implementing the audit Program • Evaluating auditors Improving the D Audit Program • Selecting audit teams Audit O • Directing audit activities Activities • Recording A Appendix C- C T - Assessment C Monitoring and reviewing the audit program H Checklist E • Identify opportunities for improvement C - Supporting K Figure 3 - Phase I Summary (ISO 19011 best practice outline as the core) V. P II Assessment Development & Enhancement Phase II will build on Phase I, the ISO 19011 process, and the Lean Six Sigma VAS. Phase II will focus on making improvements based on Phase I lessons learned. Specifically this Phase will look at following areas: 1. Define “Future State” 2. Develop metrics/ Key Performance Indicators (KPI). Can’t improve what you can’t measure. 3. Conduct an assessment. 4. Identify Rapid Improvement Events. 5. Improve processes and checklists IAW Pareto focus, Phase I lessons learned, waste reduction, and KPI’s. 6. Develop a document that describes the processes to be used in conducting a NSWC/IHD1 site QA audit. Refine COBIT, ITIL, and ISO 20000 (the “pillars” listed in Figure 2). This documentation will be found in Appendix C 7. Develop a standardized reporting format (Appendix D- Monitoring & Reporting). Reporting categories will be based on the IS 9001 processes (Management responsibility, Resource management, Product realization, Measurement/analysis/ improvement). 8. Tollgate review of Phase II results with senior leadership. 9. Document Phase II Lessons Learned. Figure 4 depicts the Phase II activities in the black boxes and their relationship with the Core ISO 19011 process (shown in the center blue box). Completed Phase I activities (in gray) are also shown in the black boxes. Avid Technology Professionals 8
  • 9. © 2007, ATP * CONFIDENTIAL AND PROPRIETARY INFORMATION * All Rights Reserved Appendix B- Authority for the audit - Assessor Competencies program - VoNSWC/IHD Survey Establish the audit program P Appendix D- • Objectives and extent • Responsibilities Competence of Auditors L A - Establish KPI’s • Resources N - Identify largest error producers Appendix E- • Procedures Rewards & Implementing the audit Program Incentives Improving the • Evaluating auditors D Appendix C- - Assessment Checklist Audit Program • Selecting audit teams Audit O • Directing audit activities Activities • Recording - Supporting A C T C Monitoring and reviewing the audit program • Identify opportunities for H E Assessment Checklist improvement C K Appendix D- - KPI’s - Balance Scorecard Figure 4 - Phase II Summary Avid Technology Professionals 9
  • 10. © 2007, ATP * CONFIDENTIAL AND PROPRIETARY INFORMATION * All Rights Reserved VI. Phase III - Tabulate and Derive Metrics Phase III will focus on developing a strategy for collecting level 2 metrics from the NSWC/IHD organizations and aggregating them into level 1 metrics. The objective is to create an assessment methodology that will depict the level 1 program strengths and weaknesses. Phase III objectives include: 1. Modify processes and checklists IAW Phase II lessons learned. Leaders should be able to easily identify and address the most critical areas. 2. Tabulate, Consolidate, and Derive Metrics. Collect the NSWC/IHD Center Level 2 metrics and aggregate the results into a higher level depiction (level 1). Metrics must be actionable, enabling an organization to react and make decisions based on the results. You can’t improve what you can’t measure! Focus on how well the NSWC/IHD maintaind services and oblige by policies and procedures. Performance Management – Design Principles  Ensure metrics are easy to understand and cost effective to measure  Metrics must be actionable, enabling an organization to react and make decisions based on the Performance results Metrics  Metrics must align to business strategy by setting performance objectives, aligning goals, and holding management accountable for achieving results  Develop shared organizational understanding of performance and drivers of performance in the context of information technology to directly impact customer satisfaction and business results Process for  Obtain buy-in from all critical stakeholders and ensure that they have a voice in setting the Setting Metrics priority for the desired metrics  Gather stakeholder input in a coherent and consistent manner Customized  CIO Scorecard Scorecards by  CIO Direct Reports Scorecards Stakeholder  Business Liaison Scorecards 3. Improve Reporting Mechanism based on lessons learned. 4. Tollgate review of Phase III results with senior leadership. 5. Document Phase III lessons learned. Avid Technology Professionals 10
  • 11. © 2007, ATP * CONFIDENTIAL AND PROPRIETARY INFORMATION * All Rights Reserved VII. Phase IV- Automate the Process Recommend a strategy for implementing an automated audit processes based on best practices across the NSWC/IHD Organization. a. Develop an automated reporting tool for the assessors. b. Develop an automated reporting tool that aggregates the assessor’s reports into an enterprise-wide report (Pareto-like format). Notional GS1 Quality Management Overview ILL US TR AT IVE 1 1 35 Key System Performance – May 2006 High Severity Issues (June 06) 32 25 30 20 8 25 23 23 23 21 15 7 20 17 5 15 15 10 4 3 13 14 12 14 5 15 12 11 14 3 12 5 3 10 10 8 9 7 6 4 5 5 4 0 S y s te m S y s te m S y s te m S y s te m S y s te m S y s te m S y s te m S y s te m 0 1 2 3 4 5 6 7 8 # Hours Downtime # Hours System Latency Is s u e s O p e n Is s u e s C lo s e d System 1 System 2 System 3 System 4 System 5 System 6 System 7 System 8 Productivity Cost (System Outage / Latency)1,2 Customer Satisfaction Index1 $400 100% $367 98% $350 $321 $321 $300 96% $250 $242 $224 94% $212 $200 92% $145 $156 $150 90% 98% 98% $100 88% 95% 93% 94% $50 86% 92% 92% 90% 89% 89% $0 84% 88% 87% Oppurtunity Cost ($K) 82% System 1 System 2 System 3 System 4 System 5 System 6 System 7 System 8 80% 2001 2002 2003 2004 2005 Target IT Staff Helpdesk (1) Dummy data - for illustrative purposes only (2) Calculated by multiplying average known cost of downtime per system by % of users affected Figure 5 - Notional Phase IV Balanced Scorecard Report Avid Technology Professionals 11