Title: GSFC Quality Management System Code 400 Audit Readiness Training Bob Bridgers July 25, 2003
1 GSFCQuality Management System Code
400Audit Readiness Training Bob BridgersJuly
25, 2003
2What is the Goddard Quality Management System
(QMS)?
- The Quality Management System (QMS) is our
business system, which has been set up to comply
with ISO 9001. It is documented as a series of
GSFC procedures and guidelines, or GPGs, that
implement the requirements of ISO 9001.
3 GSFC/QMS Training 2003
- ALL PERSONNEL SHOULD
- Know the GSFC Quality Policy
- Know the requirements of applicable directives,
from your organizations Directives Requirements
List. (Goddard Directives Management System
(GDMS) at URL http//arioch.gsfc.nasa.gov/iso9000/
index.htm) - Know who the GSFC ISO Management Representative
is. - (Richard Day)
- Know your defined job responsibilities.
- (TA for Contractors PD for Civil Servants)
- Know if there are any Records associated with
your work and be able to find them.
4 GSFC/QMS Training 2003
- ALL PERSONNEL SHOULD (Continued)
- Know your organizations objectives, and how your
job contributes to the achievement of those
objectives - Know how to access the GDMS, Directives
Requirements List, controlled documents, and
associated records for documents related to your
work. - Know what to do if you are audited
5 GSFC/QMS Training 2003
- PROGRAM AND PROJECT MANAGEMENT PERSONNEL SHOULD
- Understand and comply with the requirements of
400-PG-8730.3.1 - Be able to describe how you interact with your
customer - Be able to describe how you measure customer
satisfaction - Be able to describe how your organizations goals
map or contribute to the Code 400 Directorate
goals. - Ensure that the QMS requirements applicable to
the organization are communicated and understood
throughout the organization.
6GSFC Quality Policy
- Q What is the GSFC quality policy?
- A With customer satisfaction as our primary
goal - GSFC is committed to meeting or exceeding our
customer's requirements - We achieve excellence in all of our efforts.
- You may be asked what this means to you in the
performance of your job. - It will not have to be recited or paraphrased.
- The GSFC Quality Policy is officially established
in the GSFC Quality Manual (GPG 8730.3), and is
unchanged since 1999. - The GSFC Quality Manual is located in the GSFC
Directive Management System (DMS) at
http//arioch.gsfc.nasa.gov/iso9000 - Effective Date January 27, 1999
7GSFC/QMS Training 2003
- Who is the QMS Management Representative?
- Richard Day
- His role, and that of the Quality Management
System Council, are described in GPG 1060.1.
8ISO 9001s Governing Body at GSFC
- The Center Director appoints the Management
Representative (MR) and a Quality Management
Council (QMSC) - the Management Representative interfaces between
the general work force and the Center Director.
This is a specific, ISO-required function, and
you will be asked about by the auditors. - The QMSC includes a directorate-level
representatives from each Goddard Directorate and
each Code 100 organization that has a significant
role in the QMS.
9GSFCs QMS Implementation
- The QMS has been implemented such that it
- Reflects the way we actually do our work,
changing as few things as possible. - Meets the requirements of ISO 9001
10Who is in scope? Is anyone exempt?
- Every organization in 400 is in scope.
- Everything 400 programs and projects do in scope.
- Some organizations at GSFC are out of scope.
Examples Health Unit, Security. - Some of the work of some organizations is in
scope, and some is out. Example Facilities.
11Our Scope to the Goddard QMS is defined by Our
Core Processes
- Science Enabling
- This includes the grants process providing data
to the science community science support tools
proposal support process and the science
research management process. - Systems Development
- This includes space flight systems balloons
sounding rockets aircraft experiments ground
systems data systems.
12In Scope to the Goddard QMS (contd)
- Program/Project Management
- This includes cost, schedule, and technical
control review and reporting budgets
procurement contracts and safety and mission
assurance. - Technology Enabling
- This includes the technology research and
development management mission specific
products transfer and commercialization.
13In Scope to the Goddard QMS (contd)
- Mission Operations
- This includes operations of on-orbit spacecraft
maintenance of on-orbit operations systems
collection and preservation of all data from
on-orbit spacecraft and communications support
to other NASA mission operations.
14And What About Our Contractors?
- Contractors must comply with the Quality System
requirements cited in their contract - On-site contractors classified as GSFC employees
are subject to the GSFC QMS and must follow the
same procedures as civil servants. - Off-site contractors are not subject to either
our QMS internal audits or ISO 9001 registrar
audits.
15What is the importance of Process Documentation?
- We document the processes for doing work that is
in-scope to the QMS - We need to keep process control documents up to
date, use correct versions, and get rid of
obsolete copies. - Any document that affects the quality of our
products must be controlled. - Documents are controlled by two systems
- Directives, in the GDMS
- Controlled Documents, by configuration management.
16The QMS Document Pyramid
Tier 1-Quality Manual
Tier 2-Center Procedures
Tier 3-Directorate Procedures
Tier 4-Work Instructions
Base - Records
17OK, Tell Me About These Levels...
- Tier 1 is our Quality Manual, GPG 8730.3. It
describes our commitment to quality, our
organization, and our implementation of ISO 9001.
It shows how our QMS meets the requirements
specified in ISO 9001. - Tier 2 is the set of about 30Goddard Procedures
and Guidelines (GPGs) that implement the ISO 9001
requirements. These are Center procedures that
implement the requirements of ISO 9001.
18Go on -- I Can Tell Youre Going to...
- Tier 3 are the Procedures and Guidelines, or PGs,
which are Directorate and lower-level directives
used to implement the GPGs. The details of
implementation are left to the Directorates or
lower-level organizations. These details are
documented in PGs. - Tier 4 are the Work Instructions used by
employees in doing their work. Work instructions
may be procedures, handbooks, flow charts,
drawings, checklists, forms, or anything that
provides us with very specific directions for
performing specific tasks.
19Finally, the Bottom of the Pyramid
- The foundation of the QMS are our Records. ISO
9001 requires evidence of QMS implementation, and
these records are it. - All QMS-required records are specified in
directives - GPGs
- PGs
- WIs.
- These records are kept by designated
organizations. Each program and project has a
records manager who is responsible for the
safe-keeping and location of all records.
20- Goddard Internal QMS Homepage
- http//arioch.gsfc.nasa.gov/iso9000/index.htm
- Provides links to GDMS, CCMS, all other QMS
functions - Provides access to Audit Database
- Provides access to NCR/CAS and other problem
reporting systems - Provides other information such as audit
schedules, membership of QMS, and many other
functions
21What is the GDMS?
- GDMS refers to the Goddard Directives Management
System -- an automated collection of Goddard
directives which are to be followed by employees,
along with the procedures for establishing and
maintaining such collection. - GDMS is a web-based application located at
http//gdms.gsfc.nasa.gov/gdms/
22GDMS Objectives
- Document and control policy statements and
implementing instructions unique to GSFC. - Provide GSFC managers with the means to
efficiently convey current, controlled,
up-to-date instructions to employees, customers,
and the public. - Provide a standard method for initiating,
reviewing, approving, distributing, revising,
tracking, managing, and canceling GDMS-controlled
directives.
23What is a directive, and what kinds are there?
- A directive is a policy, procedure and guideline,
or instruction that has been approved and
published by the appropriate authority. GDMS
includes four types of directives - Goddard Policy Directive (GPD) (replaces GMIs)
- Goddard Procedures and Guidelines (GPG) (replaces
GHBs) - Procedures and Guidelines (PG)
- Work Instruction (WI)
- GPDs and GPGs are Center-level Directives.
- PGs and WIs are Lower-level Directives.
24Who can access GDMS?
- Everyone has Read Only access.
- All individuals registered in LISTS have an
account in GDMS and can login as a User. - The URL is http//gdms.gsfc.nasa.gov/gdms USER ID
- Your User ID is usually the first initial of
your First Name followed by your Last Name. User
ID is not Case Sensitive. If this doesnt work,
call for help. - PASSWORD - If this is your first Login, your
Password is your Last Name (ALL CAPS). GDMS will
prompt you to change your Password. Whatever you
set up will be your permanent password. The
password is always case-sensitive.
25Whats all this about Objectives and
Measurements?
- The new ISO standard requires quality objectives,
metrics, and analysis to improve your processes. - By now, your program office should have
established their quality objectives from their
existing goals. - The quality objectives must be traceable to Code
400s objectives, published in 400-PG-8730.3.1. - You need to be able to explain how your job
contributes to the achievement of these
objectives. -
26What else do I need to know?
- Your job responsibilities. What procedures and
work instructions tell you how to do your job,
and where can you find these procedures? Where
are they located? - All personnel must be able to answer these
questions. Each person should be able to place
and explain his or her job and responsibilities
within the appropriate directives. - The relevant directives are all identified on
your Directives Requirements List. - All directives must be accessed using the GDMS.
Dont keep hard copies around.
27What about configuration control?
- Configuration Control (CM) is used in every Code
400 organization. Your configuration manager
should be able to explain everything dealing with
CM. - Remember that every document that affects the
quality of your product must be controlled. It
must be a directive or a Controlled Document. - A Controlled Document is any document that is
controlled by the organizations CM processes.
28I keep hearing about Nonconformances.
- Nonconformance Reports are written for the
failure to meet requirements. - The process is being revamped so that NCRs are
written mainly for customer complaints, audit
nonconformances, systemic problems, and supplier
audits. Product problems are handled by a new
problem-reporting system. - You need to know that your organization has a
Nonconformance Lead that deals with NCRs received
by your organization.
29QMS Leads in every organization
- QMS Implementation Manager - the senior QMS
lead, with a high degree of training, with
overall responsibility for QMS compliance in the
organization - Directives Manager responsible for helping the
organization with all directives matters - Configuration Manager responsible for proper
performance of a configuration control processes - Nonconformance Lead dispositions NCRs,
coordinates corrective actions, and closes NCRs
when completed - Records Manager responsible for proper
record-keeping and records maintenance in the
organization. - You should know who these people are.
30So whats all this about an audit?
- GSFC is seeking Certification of Compliance to a
new version of ISO 9001. The version we are
currently certified to will expire in a few
months. - This audit is scheduled for the week of August 4,
2003. - Code 400 will be audited on August 7 and 8.
- The schedule has been received, and is being
distributed. - Nearly every program will have at least one
project audited. - This audit is extremely important to us. We need
this certification.
31And more about the audit.
- The auditors assume we already comply with the
old version of ISO 9001 - They will be looking specifically at the new
requirements. - Emphasis is on
- management and management commitment
- Customer satisfaction
- Quality objectives, which must be measurable by
metrics - Analysis of metrics for Continual Improvement
- Communication understanding at all levels!
32Auditee Etiquette Philosophy (cont)
- Show them that you follow procedures and work
instructions where required. Understand your
DRL!! - Think before answering questions
- Answer truthfully, directly, and simply. Dont
volunteer information not asked for. - If you do not know the answer, direct the auditor
to your supervisor - It is all right to ask for help!
33Listen, Listen, Listen
- Listen to the question completely before
answering. - Answer ONLY the question that is being asked
- Do not offer additional information that you
THINK the auditor will find interesting - Do not dodge questions, answer directly
34Get Help If You Need It!!!
- Get the most knowledgeable person available
relative to his/her area of expertise. Dont
guess. Get help. - Ask supervisors or team leaders for assistance
- Ask other people to help as required.
- Call your QMS Implementation Manager!
35Responding to Questions
- Respond promptly, but know your answer. It is OK
to think for a moment before answering - Never pretend to know the answer, and dont try
to bluff the auditor. They will know! - Unsolicited information may complicate the audit
process and add to the time to complete the audit
with you.
36Sidewalk Questions
- Can you state the GSFC Quality Policy? (You only
need to be familiar with it or be able to find
it.) - Can you name the GSFC Management Rep?
- How does your work contribute to achieving your
organizations quality objectives? - These can be asked of anyone, at any time.
37Typical Audit Questions
- Would you please explain to me what it is you do?
- How do you know what it is you are supposed to
do? - Are there instructions defining the manner in
which you do your job? Show them to me. (Go to
the GDMS.)
38Typical Audit Questions (contd)
- What records do you keep? Can you show me? How
long do you keep them? - These are specified in each directive that
requires records - Do you know what the Quality Policy is? Can you
tell me what that policy means to you in your
job? - Who is the Management Representative? What is his
role in the QMS? - How does your work contribute to your
organization meeting its objectives?
39Some Audit No-Nos!
- Dont guess or bluff your answers. Dont be
afraid to say, I dont know, but Ill find out - Dont volunteer information not asked for
- Dont act like the auditor is wasting your time
- Dont be rude. Be courteous instead. The
auditor, and all the audit escorts, have a job
they have to do. - _________________________________________
- Note that the auditors may speak ISO, whereas we
speak QMS language. The auditors will be
escorted by Code 400 QMS experts who can help.
40Some Audit No-Nos! (cont)
- Dont criticize coworkers or the Center
- Dont argue with the auditor
- Dont say you dont follow procedures
because...you dont have time, or cant be done
that way
41Final Checklists
- Know the sidewalk questions answers
- Use and understand the GDMS
- Understand the ISO requirements for document
control current documents only, and removal of
obsolete documents - Use and understand your Directives Requirements
List. Put it on your own Working Documents List. - Be able to produce the required records
- Know where the records are that you are
responsible for. - Have a general, cursory understanding of what is
in this presentation
42And finally, on our audit day .
- This may seem like a lot, be we are confident.
- There are two auditors for the Center. Only one
will be auditing Code 400 on Aug 7-8. - The auditor will be escorted by 2-3 Code 400 QMS
experts to help him and you. The Code 400
experts will do their best to keep you informed. - Your organization needs to be available and
flexible. - A call has gone out for a Point of Contact phone
number that will be available all day. The team
will call first. - Remember that the Audit Plan is just a Plan. It
can change as the audit progresses.
43The Bottom Line
- ISO 9001 Registration demands the active
commitment and participation of all employees at
all levels. Get involved. Stay informed. - ISO 9001 Registration is critically important to
GSFC and NASA - And a final point to be proud of out of all the
government agencies that have sought ISO
Certification, and most have tried, NASA is the
only government agency ever to achieve and keep
it.
44Your organizations QMS Leads are
- QMS Implementation Manager _________________
- Directives Manager___________________________
- Configuration Manager________________________
- Records Manager ____________________________
- Nonconformance Lead (NCL)___________________