13485cert

Archive for the ‘PDCA’ Category

What should governments do when technology changes faster than regulations?

In PDCA on November 17, 2012 at 3:01 am

The original spark of of an idea for this posting came from an article I saw about a new Smartphone App to help people hail a taxi in NYC. This new App is illegal (of course). The argument goes that this new technology will allow people to pay a premium to get a taxi–thus creating a two-tiered system. You can read the article and form your own opinion, but it seems that NYC would benefit from requiring the software to be licensed and validated as well. This would give the city more information and control over taxis. The city could also use this technology to enforce the pricing, make the process of hailing a cab safer, and make it easier for those with disabilities to get the special services they need. Governments are even slower to change than the people, but technology is forcing the issue.

Just a little background music for you to listen to…

In a LinkedIn subgroup I manage (Medical Devices: QA/RA), one of the members recently posted a discussion related to the following article in MIT Technology Review. The proliferation of viruses in hospital computer networks is just one example of the many ways in which technology is moving faster than our government’s ability to write legislation to protect public safety. When database software was first developed, a change to the software version could easily corrupt the database. A few decades later everything has changed except the perception by the regulators. Now the database is total separate from the software. There is even bridge software that allow multiple software applications to interact and update the database(s) simultaneously. No company, or hospital, wants a separate database for billing, patient records, and lab test results. We need enterprise solutions that interact with a robust central database. Banning personnel from downloading updates for the operating system and installing security software is irresponsible and demonstrates the magnitude of ignorance on the part of policy makers.

More than one billion smartphones and tablets will be purchased in 2013, and the number of smartphones already exceeds the planet’s population. My 4-year old is more adept with a tablet computer than my parents–and has been fighting with her older brother and sister for possession of Grandma’s iPad for the past two years. Parents have learned that we can’t keep up with the pace of technology, but we have adapted. We use monitoring technology to keep track of what our children are doing on-line. When we see a disturbing trend, we re-educate our children about unseen risks and block their access when needed.

Governments need to accept that it is no longer possible to predict what direction technology will take our healthcare, transit systems or commerce in general. Monitoring of current trends is the only realistic path. When we can monitor trends, we can make educated decisions on what appears to be safe and what appears to be taking people in the direction of harm.

I am a strong proponent of the Plan-Do-Check-Act (PDCA) model for continuous improvement.

English: Plan-Do-Check-Act Deming circle, also...

English: Plan-Do-Check-Act Deming circle, also known as the Shewart cycle, since Deming claimed he took the idea from him. Later Deming changed it to be Plan-Do-Study-Act, but the first version seems more popular and has become the defacto standard. (Photo credit: Wikipedia)

Governments need to be more open to letting people and companies try “Doing” on a pilot or trial basis. As a pre-requisite to “Doing”, governments can insist upon submission of implementation plans that include monitoring and training provisions. The implementation plans and the training are the “Plan” part of PDCA. The  initial trial/pilot is the “Do” part of PDCA, and implementation of a monitoring program is the “Check” part of PDCA. New and revised regulations should be initiated only after monitoring data has been analyzed, because this is the “Act” part of PDCA. As with any good PDCA cycle, the new and revised regulations should include a plan for training, implementation and monitoring the affects of the regulations. In this way, governments can continuously improve regulations at the pace it is needed and when it is needed. The metrics will also ensure that new regulations are more objective and less politically driven.

If you would like to see the comments others have made regarding the article in MIT Technology Review, please join the following LinkedIn subgroup: Medical Device: QA/RA. You will need to become a member of the parent group (Medical Device Group)–if you are not already one of the 140,000+ members connected with Joe Hage.

A Brief (650 Words) Training Module on Plan-Do-Check-Act (PDCA)

In PDCA, Training on October 22, 2012 at 3:00 am

For this posting, I have decided to tease my readers. You’ll have to join my new subgroup to read this posting.

Please join our subgroup to get the FREE training.

For those of you that feel gypped, here’s one of my favorite songs. 19 million viewers agree that U2 is one of the most amazing bands on the planet.

If you are one of those people like me that just can’t stand to drop one of your 50 LinkedIn Groups, then you can connect with me on LinkedIn or send me an email requesting it. If you are already a member of Joe Hage’s Medical Device Group, you don’t have to drop a group.

Attention Auditors! – Have you read ISO 19011?

In Audit Schedule, Internal Auditing, International Standard, ISO, ISO 19011, PDCA, Procedures, Quality Management Systems on July 20, 2012 at 2:58 pm

If you have ever taken a lead auditor course, one of the critical handouts for the class should have been ISO 19011. The title is “Guidelines for Auditing Management Systems”. In November of last year, this standard was updated and the changes were not superficial.

The background entertainment for this week is one of my favorite modern rock songs, but it never seemed to get much air time. I hope you enjoyed the 90’s.

ISO 19011 covers the topic of quality management system auditing. This Standard provides guidance on managing audit programs, conducting both internal and external audits, and how to determine auditor competency. Improvements to the New 2011 Version of the Standard include:

  1. Broadening the scope to all management systems
  2. Clarifying the relationship between ISO 17021 and ISO 19011
  3. Introduction of the remote audit methods
  4. Introduction of risk as an auditing concept
  5. Confidentiality is a “new” principle
  6. Clause 5, Managing an audit program, was reorganized
  7. Clause 6, Performing an audit, was reorganized
  8. Clause 7, Competence and evaluation of auditors, was reorganized & strengthened
  9. Annex B is new and the contents of the help boxes was moved to this Annex
  10. Annex A now includes examples of discipline-specific knowledge and skills

One of the most common points of confusion in the lead auditor course is the difference between 1st, 2nd and 3rd party audits. In the previous revision of this Standard, this was just a note at the bottom of page 1 and the top of page two. The note was not very clear either. The new version of 19011, in Table 1 (reproduced below), the difference between these three types of auditing is crystal clear:

The above table is just an example of the improvements made to ISO 19011, and of course there is little value-add to clarifying a definition. Figure 1 from the new version, “Process flow for the management of an audit program, is a better example of a “value-add”. This vertical flow chart is reminiscent of Figure 1 from ISO 14971:2007. It categorizes the various stages of audit program management into the Plan-Do-Check-Act (PDCA) cycle. I highly recommend this style for presenting any process in your internal procedures as an example of best practices in writing an SOP. The flow chart even references each of the clauses in the Standard. Unfortunately Figure 2, “Typical audit activities”, does not categorize the stages of audit activities (Clauses 6.2 – 6.7 of the revised Standard) into the PDCA cycle. I guess they needed to leave some improvement for the next revision.

The new version retained the opening meeting checklist that was in the previous revision (Clause 6.4.2), and Clause 6.4.9 has a brief closing meeting checklist. Figure 3, “Overview of the process of collecting and verifying information”, is a poor example of a flow chart. Should I make a better one? (Send me an email if you think I should.)

The most valuable changes in this revision are Clause 5.3.2, “Competence of the person managing the audit program”, and all of Clause 7. Most of the audit procedures I read neglect to define the qualifications and method for determining competency of the audit program manager. Clause 5.3.2 tells you how. Put it in your own procedure. Most of the procedures I read include qualifications for a “Lead Auditor”, but I seldom see anything regarding competency. Unfortunately, this Standard only specifically addresses “Lead Auditor” competency in a two-sentence paragraph—Clause 7.2.5. When I teach people how to be a lead auditor, I spend more than an hour on this topic alone.

The Standard would be more effective by providing an example of how 3rd party auditors become qualified as a Lead Auditor. 3rd party accreditation requires the auditor to be an “acting lead” for audit preparation, opening meeting, conducting the audit, closing meeting, and final preparation/distribution of the audit report. This must be performed for 15 certification audits (i.e. – Stage 2 certification or recertification), and another qualified lead auditor must evaluate you and provide feedback.

The last big additions to this Standard were the Appendices. Annex A provides examples of discipline-specific knowledge and skills of auditors. This section is a little on the boring side. I prefer to tell a story about the internal auditor that was auditing incoming inspection—but they had no idea how to check for calibration or how to measure components. Appendix B, the finale, has a table (Table B.1) that provides some guidance on how to conduct remote audits (i.e. – desktop audits). I was pleased to see that conducting interviews is a major part of remote auditing in this table. Section B.7 provides some suggestions with regard to conducting interviews, but if you exhibit all 13 of the professional behavior traits found in Clause 7.2.2 then you really don’t need any advice on how to speak with people. For the rest of us mortals, we could use a five day course on interviewing alone.

Additional guidelines are available on the ISO website.

%d bloggers like this: