13485cert

Archive for the ‘QC’ Category

The Perfect Pecan Pie – My Risk Management Plan

In ISO 14971, QA, QC, Quality, Quality Management Systems, Risk Management on February 11, 2011 at 5:41 am

I hope everyone enjoys this selection for the music video. It’s one of my favorite songs by Sting—mostly because it seems to be more upbeat than many of his other tunes. I can almost hear him smiling as he wrote the lyrics.

                This blog posting is a continuation of my previous post on the subject of Risk Management Training, specifically the ISO 14791:2007 Risk Management Standard. In my Risk Management Training, I use the example of making “The Perfect Pecan Pie” as a practical example of applying the principles of Risk Management.

                The first step of the Risk Management Process, or any process, should be planning. My personal preference for planning Risk Management is to begin by brainstorming in order to create a list of potential Quality issues. During the brainstorming session, I will use a Cause & Effect Diagram (a.k.a – “Fishbone Diagram”) to ensure that I have covered as many of the important issues as possible. For those that are unfamiliar with this tool, there are six categories of causes for any problem. These are sometimes referred to as the six “M’s”, because each category begins with the letter “M”:

1)      Materials

2)      Method

3)      Machine

4)      Measurement

5)      Manpower

6)      Mother Nature

                Materials are the single most important component of any product. As the saying goes, “Garbage in equals garbage out.” The right, fresh ingredients are just as important to baking pies as biocompatible materials are to manufacturing implantable medical devices. For example, stale pecans are plain nasty; while granular sugar produces a sickeningly, sweet syrup. Pecan pies are derived from “chess” pies—pies that were cheese-like due to the custard consistency created by cooking butter, eggs, milk and sugar at a low temperature. Therefore, the filling of a pecan pie requires a six tablespoons of unsalted butter, three large cage-free eggs (size matters—don’t get extra large), one cup dark brown sugar (light brown is also too sweet), three-quarters cup light corn syrup, one tablespoon natural vanilla (artificial vanilla tastes totally different and overwhelms the praline flavor), and one cup of pecan halves (I’m told that Georgia pecans picked fresh from the tree are amazing, and roasting them enhances the flavor even more.).

                Manufacturing processes are always the second most important factor related to Quality. For the “Perfect Pecan Pie,” this is also true. Most people will try making their first pie by cooking the filling and the pie crust together. This can produce acceptable results if you are extremely lucky. For custards, however, it is much easier to get consistently beautiful pies by pre-cooking the pie-shell (and sealing it with egg yolk) and pre-cooking the filling separately in a double boiler (always use the right machine for the job). Once the filling gets to the desired temperature (~130F) then the filling should be poured into the pre-cooked crust for the final baking. The final baking should be at 275F for one hour (at sea level).

                If you choose to deviate from any of the above directions regarding the manufacturing process, good luck finding a material review board to approve the release of your pie. If you don’t seal the pie crust, it will leak and you will never get be able to serve an intact slice of pie. If you don’t use a double boiler, you get a mixture of caramel and burnt candy. If you overcook the filling, the consistency will be off. If you undercook the filling, the pie will be uncooked…another way to make it impossible to serve an intact slide of pie.

                When you are cooking a soup, stew or some other dish, measuring is a forgiving process. For baking, the ratio of ingredients, the degree of mixing, and the temperature for baking are critical. Any deviation usually leads to a disaster.

                The next category, manpower, addresses the issue of training. You would think that baking is all about skill. However, like all validated manufacturing processes, proper use of process controls can transform the most inept person into a brilliant baker. Most people struggle with the crust. Packard Consulting, however, has developed a fool-proof method for making a crust. The key is to cool the dough ball and press it into a glass pie dish. The reason for a glass dish is so that you can hold the uncooked shell up to the light to inspect it for “thin spots.” Then you cover the shell with foil, poke it several times with a fork to allow it to vent, bake it for 15 minutes at 400F, uncover it, brush it with egg yolk to seal the crust, and continue baking it for 10 more minutes—or until the crust is a golden brown on the edges.

                Finally, the oven temperature is most critical for the final baking—after pouring the pre-cooked filling into the pre-baked pie crust. In this case, we have an artificial environment (i.e. – Mother Nature). Unfortunately, very few ovens are calibrated accurately and the temperature is very inconsistent throughout the oven. Ovens are hottest on the top rack and the back of the oven is always hotter than the front. Therefore, you need to rotate the pie during the baking process or it gets cooked unevenly. Another critical step is to “map” the oven temperature. You must determine where in the oven (i.e. – which rack position) to place the pie when the oven is set at 275F. In some ovens, the temperature is so far off that it is necessary to raise or lower the setting by 15 degrees.

                Now that I have given you the recipe for the “Perfect Pecan Pie,” you might be tempted to make one. Before you do, I recommend getting a piece of paper and documenting every step you take—including any visual observations, the taste of the dough, and the taste of the filling. This information will become your risk management file. As you perfect your technique, learn the idiosyncrasies of your kitchen appliances, and you find sources for each ingredient…you will need to prevent these secrets from becoming lost. Your collection of notes is a Risk Management File.

                You have now completed Section 3 of the 14971:2007 Standard. Keep drooling and I promise to serve up another slice:)

 PS – Here’s a cool drumming lesson that gave me a much better appreciation for the layers of rhythm within the song I chose for this blog’s background entertainment.

The Secret to Successful Training

In Internal Auditing, International Standard, ISO, ISO 13485, Medical Device, QA, QC, Quality, Quality Management Systems, Training on January 7, 2011 at 3:32 am

About 10 years ago my CD collection was stolen and I haven’t heard this tune since. Sass Jordan might be a little raw for your average professional but everyone needs to loosen up sometimes. Just-in-case you were wondering, I think this CD (Rat) was next to the Greatest Hits of Ella Fitzgerald—which they left behind. I love the singing by both women but for very different reasons.

Recently a client asked me to create a training course on how to train operators. I could have taught the operators myself, but there were so many people that needed training that we felt it would be more cost effective to train the trainers.

                Usually I have multiple presentations archived that I can draw upon, but this time I had nothing. I had never trained engineers on how to be trainers before—at least not formally. I thought about what kinds of problems other Quality Managers have had in training internal auditors and how I have helped the auditors improve. The one theme I recognized was that most auditors needed feedback.

                I finally decided to use the Deming Cycle (Plan-Do-Check-Act, or PDCA) as my framework for the training. Most QA Managers are very experienced and have little trouble planning an audit schedule. The next step is to do the auditing. The problem is that there is very little objective oversight of the auditing process. The Standard requires that “Auditors shall not audit their own work.” Therefore, most companies will opt for one of two solutions for auditing the internal audit process: 1) hire a consultant, or 2) ask the Director of Regulatory Affairs to audit the internal auditing process.

                Both of the above strategies meet the requirements of the Standard, but neither strategy helps to make internal auditors better. I have interviewed a lot of audit program managers, maybe 50+, and the most common feedback for auditors is “change the wording of this finding” or “you forgot to close this previous finding.” This type of feedback is related to the report writing phase of the audit process. I rarely hear program managers explain how they help auditors improve at the other parts of the process.

                When auditors are first being trained we typically will provide examples of best practices for audit preparation, checklists, interviewing techniques AND reports. After the auditors have been “shadowed” by the program manager for an arbitrary three times the auditors are now miraculously “trained.” Let’s see if I can draw an analogy that will make my point…

                That kind of sounds like watching your 16 year-old drive the family car three times and then giving them a license. I guess that’s why my new Ford Festiva was severely dented on all four sides within 6 months. You might think my father was a Saint, but I think he might have totaled his tenth car by age 18. At least I contained the damage to one vehicle.

                Anyway the key to training auditors to audit, or anyone on anything, is consistent follow-up over a long period of time.

                The question is…was my training successful?

                Well, how much follow-up training of the trainers did the client ask for?

Risk Management – It’s Not My Job

In Contract Manufacturers, International Standard, ISO, ISO 14971, Medical Device, QA, QC, Quality, Quality Management Systems, Risk Analysis, Risk Management, Supplier Audit, Supplier Audits, Supplier Qualification, Supplier Quality on January 5, 2011 at 4:12 am

There’s no deeper meaning to this week’s YouTube selection. I just thought I would share one of my favorite guitar soloists with you. The recording quality is only good, but just watching Tim play reveals how freakishly good he is. I highly recommend the live CD with Dave Matthews and Tim Reynolds. If someone knows of a better quality recording that I can post in my blog, please let me know.

Have you experienced a discussion similar to this?

Auditor: “How do you manage risk throughout the production process?”

Auditee: “That is the responsibility of our customers. We will prepare a risk analysis if customers pay for it, but usually customers do the risk analysis.”

Most contract manufacturers in the medical device industry exclude design from their Quality Management Systems. Unfortunately, most of the contract manufacturers also associate risk management with only the design process. Risk Management cannot be “not applicable” in an ISO 13485 Quality Management System. The requirement of section 7.1 is: “The organization shall establish documented requirements for risk management throughout product realization. Records arising from risk management shall be maintained.” The Standard also references ISO 14971 as a source of guidance on Risk Management.

                For a contract manufacturer, compliance with ISO 14971 is not my primary concern as an auditor. My primary concern is to verify that contract manufacturers analyze risks associated with the processes that they perform and do their best to minimize those risks. What I don’t understand is why more companies don’t want to have strong risk management process. Risk management is how we prevent bad things from happening. Bad things like scrap, complaints and recalls. Should we expect our suppliers to have a strong risk management process?

                Duh.

                Contract manufacturers should be doing everything they can to get better at risk management. During pre-production planning they should be asking, “What happens if…” The contract manufacturer knows best HOW things will fail in production, while the customer knows best WHAT happens when things fail in production. In order to be safe and effective, both companies need to collaborate on risk analysis.

                The reason companies avoid doing risk analysis is because it’s time consuming and tedious.

                 Too bad, so sad.

                 Balancing my checkbook is time consuming and tedious too, but I balance my checkbook to prevent an overdraft charge. Not doing risk analysis can be much more painful. Scrapping out a part can cost tens or hundreds of dollars. Complaints can cost thousands of dollars. Recalls can cost millions of dollars.

                If I owned a contract manufacturing company, I would make sure that everyone in the company is involved in risk management, because we don’t want scrap, we can’t afford mistakes that lead to complaints, and a recall will put us out of business.

Supplier Evaluation – Take 5

In Forward to MDA, International Standard, ISO, Medical Device, Purchasing, QA, QC, Quality, Quality Management Systems, Supplier Audit, Supplier Audits, Supplier Qualification, Supplier Quality on January 3, 2011 at 9:47 pm

This blog has been moved to the following location and the name has been changed: http://bit.ly/SupplierEval-take5.

This blog website and the blogs within it are gradually being transferred over to my new website: http://www.MedicalDeviceAcademy.com. The titles may change, and there may be minor revisions to the content as the blogs are reviewed and edited. There will be a subscription list created for the new blog site. If you would like to be added to the list for the new blog site, please email me directly at: rob@13485cert.com.

Supplier Evaluation – Less is More

In Forward to MDA, International Standard, ISO, Medical Device, Purchasing, QA, QC, Quality, Quality Management Systems, Supplier Audit, Supplier Audits, Supplier Qualification, Supplier Quality on January 2, 2011 at 8:26 pm

This blog has been moved to the following location: http://bit.ly/Less-is-more.

This blog website and the blogs within it are gradually being transferred over to my new website: http://www.MedicalDeviceAcademy.com. The titles may change, and there may be minor revisions to the content as the blogs are reviewed and edited. There will be a subscription list created for the new blog site. If you would like to be added to the list for the new blog site, please email me directly at: rob@13485cert.com.

Elsmar Cove – Wikipedia for QA

In Elsmar Cove, International Standard, ISO, Medical Device, Purchasing, QA, QC, Quality, Quality Management Systems, Supplier Audit, Supplier Audits, Supplier Qualification, Supplier Quality on January 2, 2011 at 4:11 pm

While you are reading, here’s a seasonal favorite from one of my favorite singers (also from North Texas State) and a country singer that everyone will recognize.

After my last blog posting I planned to write a blog on supplier evaluation and re-evaluation. After a busy December, I finally have time to write again. Before I share my own ideas, I thought I would share a great resource with you: The Elsmar Cove Forum.

                Most of the people reading my blog are probably aware of a website called Elsmar Cove, but I think most people visit this site only when they need a quick answer to a question. It’s sort of like Wikipedia for Quality Assurance. Marc Smith is the creator of Elsmar Cove, http://elsmar.com/, and the forum just had its 15-year anniversary. This is a no frills website that has fantastic content and very little advertising. People from all over the world (~18,000 active participants) are contributing daily to this forum and many of the contributors are Quality and Regulatory experts. I like to use the site to keep up on best practices and trends in Quality. It also gives me an opportunity to learn from other types of Quality Systems such as: AS9100, TS16949, and ISO14001.

                Someone I used to work with had a saying he learned from his first boss: “A picture tells a thousand words, but a demonstration is better than a thousand pictures.” Therefore, I thought I would try to demonstrate the power of Elsmar Cove by researching best practices in supplier evaluation. Step 1: The first thing you do is visit the site. Step 2: Type “supplier evaluation” into the Google™ custom search. This will produce 100’s of links within the Elsmar Cove Forum related to supplier evaluation. Step 3: Skim the search results to find the entry or entries you are looking for. These search results include a supplier evaluation survey that you can download and adapt to your own company. If you need a quick solution, this is really fast and free.

                Another approach is to limit your search to Forum discussion threads. You can do this by going to the Forum Discussion page: http://elsmar.com/Forums/index.php. If you click on the tool bar link for “search” a pop-up window will appear. If you type “supplier evaluation” in this search bar, you will see 531 results presented in reverse chronological order. Below are a couple of threads that I thought were particularly good:

Benchmarking Supplier Certification Programs

http://elsmar.com/Forums/showthread.php?t=42595&highlight=supplier+evaluation

Service Supplier Rating where objective pass/fail data is not available

http://elsmar.com/Forums/showthread.php?t=44412&highlight=supplier+evaluation

Choosing Supplier Evaluation Methods – Determining what a Critical Supplier is

http://elsmar.com/Forums/showthread.php?t=10951&highlight=supplier+evaluation

Supplier Approval for Distributors of Equipment

http://elsmar.com/Forums/showthread.php?t=43508&highlight=supplier+evaluation

Second party audits – Supplier audits or product audits?

http://elsmar.com/Forums/showthread.php?t=30966&highlight=supplier+evaluation

How you do Receiving Inspection for Chemicals?

http://elsmar.com/Forums/showthread.php?t=44951&highlight=supplier+evaluation

Supplier Evaluation Responsibility

http://elsmar.com/Forums/showthread.php?t=43756&highlight=supplier+evaluation

                I hope you find Elsmar Cove to be a useful website, and my next blog will share a few ideas for supplier evaluation of my own.

How to Qualify a Supplier

In Consulting, Forward to MDA, International Standard, ISO, Medical Device, Purchasing, QA, QC, Quality, Quality Management Systems, Supplier Audit, Supplier Qualification, Supplier Quality on November 17, 2010 at 2:49 am

This blog has been moved to the following location, and the title has been changed: http://bit.ly/HowQualifyaSupplier.

This blog website and the blogs within it are gradually being transferred over to my new website: http://www.MedicalDeviceAcademy.com. The titles may change, and there may be minor revisions to the content as the blogs are reviewed and edited. There will be a subscription list created for the new blog site. If you would like to be added to the list for the new blog site, please email me directly at: rob@13485cert.com.

The Quality Police

In Consulting, International Standard, ISO, Medical Device, QA, QC, Quality, Quality Management Systems on November 11, 2010 at 12:24 am

            A few years ago I was in the process of resigning from my job as Director of Quality from ConforMIS. My boss at that time paid me a kind complement that provided me with a perspective that I had not had prior to that moment. I don’t remember the exact wording, but his basic message was: Quality Managers that work cooperatively with operations are rare and highly sought after. He described my approach to Quality as modern and progressive. Over time I have learned to articulate this as the difference between Quality Control (QC) and Quality Assurance (QA). The word “control” is the key difference between these two responsibilities. QC is responsible for verifying that product is “good.” Often this creates friction between manufacturing personnel and inspectors. It doesn’t help that the people often have the same title as our favorite FDA employees—the Inspectors.

            We might as well give the QC folks a uniform, a badge and a gun. They act like they are the Quality Police. Progressive companies have changed their organizational structure and integrated the Inspectors into the production lines. Now we have U-shaped cells instead of lines. Operators are now referred to as “team members,” and everyone takes a turn at inspection as a normal part of job rotations. This modern and progressive approach is difficult for “old school” Quality Managers to accept. They feel uncomfortable with this approach, because they remember when manufacturing didn’t care about Quality and would just “ship it.” Some of these managers are quite young. Unfortunately, these Quality Managers were taught methods for achieving quality that are thousands of years old.

            The 21st century is not “out of control.” We merely upgraded our risk controls. Once we relied upon the Inspectors. Now we rely on process validation, automation, and statistical analysis of process variable that are Critical to Quality (CTQ). Many people use rules of thumb to estimate the effectiveness of visual inspection. At best visual inspection is capable of catching 98% of the problems. Validation, automation and statistical analysis each have the capability of exceeding 98% effectiveness by themselves. When we combine each of these methods together, we improve the certainty of making good product to Sigma Quality levels of 5 and 6-sigma. At this level of quality, the importance of visual inspection begins to evaporate. It is in the context of a highly automated and robust process that modern Quality Managers are implementing “radical” changes. We don’t need the Inspectors. We need Quality Engineers that can help us implement the new risk controls.

            When I first started at ConforMIS, I was interviewing candidates for a new QA Associate. I used this title to differentiate it from QC Inspectors. One of the design engineers argued that we needed to hire an inspector that was more qualified at performing measurement of implants. I argued that we needed good suppliers to do this for us. We also needed to have strong supplier controls such as process validations, supplier audits, process risk management, and a physical presence on-site at the supplier. Being the hiring manager, I got my way (I’m also 6’6”).

            During the interview process, I asked each person to describe their role in their current position. One candidate actually described himself as the “Quality Police.” I stopped the interview immediately and showed him the door. Coincidentally, the design engineer thought this candidate was great. When I finally hired someone for the job, I made a point of telling him this story. The person I hired had no experience in the medical device industry and he knew little about measurement techniques. He was also the oldest candidate that interviewed for the job. What won him that job was that his mindset was the most modern and progressive of the people we interviewed. He may also be the first QA person in history to have the customer service department rave about him. I miss working with him, but I know a company in Massachusetts that is very lucky to have him.

QC is Dead: Muda vs. Kaizen

In Consulting, International Standard, ISO, Kaizen, Lean Manufacturing, Medical Device, QA, QC, Quality, Quality Management Systems on November 10, 2010 at 12:57 am

         I thought it might be fitting to explain the title of my blog. Quality Control (QC) is not really dead. The concept is just old and tired. QA, or Quality Assurance, is the politically correct acronym of the twenty-first century. QC is no longer the focus of the Quality Department. In fact, progressive companies do not even have departments. Inspection is now the responsibility of manufacturing personnel, while the quality function is the responsible for monitoring, measuring, data analysis, and improvement of processes and product. The purpose of the broader range of activities is to ensure that Quality Management Systems remain effective and companies continue to satisfy customers.

            For those of you who are not already enlightened, ISO certification is the process for verifying that companies have an effective Quality Management System. Registration bodies audit Quality Systems to verify conformity to an international standard that can guide them to building a more successful business. This standard is divided into eight sections. The first three sections are boilerplate (i.e. – purpose, scope and definitions). The fourth section is about documentation of the Quality Management System. The fifth section defines the requirements for Management Responsibilities. The sixth section is about resource management of both human resources and equipment (i.e. – HR, training, maintenance, and work environment). The seventh section is the longest section. It is titled “Product Realization.” This section includes everything but the kitchen sink. In this section, the standard includes all of the following functions: customer service, R&D, purchasing, manufacturing, process control, installation, service and calibration. The eighth section is where the standard finally addresses QC and QA. Specifically, 8.2.4 Monitoring and Measurement of Product, is QC. Everything else in section eight is in the realm of QA.

            For those of you that have not already been indoctrinated into the world of Lean Manufacturing, QC is something very bad—almost evil. QC is muda. QA, however, is a value-added activity. QA projects are Kaizen events. These focused projects are exciting. The projects educate and recharge our tired work force. Kaizen events transform a shift of clock watchers into an elite Delta Force waging guerilla war upon the wastes of twentieth century industrialization.

            In the modernized organization, QC is now fully integrated into the job duties of manufacturing. If a company is unfortunate enough to still have silos, the Quality Department oversees the QC function by reviewing paperwork. Often this consists of a checklist that gets no more than 15 minutes of scrutiny. If all the documents on the checklist are complete, signed and dated—product will ship. Some companies have had the foresight to automate this double-check and replaced the QA clerk with a mobile barcode reading device and a fork truck driver.

            The primary role of QA today is to identify problems before they bite us in the ass and to recommend corrective actions to top management. Hourly inspectors of the QC era have been replaced by salaried quality engineers that wield tremendous influence over operational decisions. I am a consultant that trains this new generation of employees responsible for quality. If you happen to see anyone in your organization reverting back to the old ways, please remind them to follow the yellow brick road.

%d bloggers like this: