GSFC Quality Management System Code 400 Audit Readiness Training Bob Bridgers July 25, 2003

1
GSFCQuality Management System Code
400Audit Readiness Training Bob BridgersJuly
25, 2003

2
What is the Goddard Quality Management System
(QMS)?

• The Quality Management System (QMS) is our
  business system, which has been set up to comply
  with ISO 9001. It is documented as a series of
  GSFC procedures and guidelines, or GPGs, that
  implement the requirements of ISO 9001.

3
GSFC/QMS Training 2003

• ALL PERSONNEL SHOULD
• Know the GSFC Quality Policy
• Know the requirements of applicable directives,
  from your organizations Directives Requirements
  List. (Goddard Directives Management System
  (GDMS) at URL http//arioch.gsfc.nasa.gov/iso9000/
  index.htm)
• Know who the GSFC ISO Management Representative
  is.
• (Richard Day)
• Know your defined job responsibilities.
• (TA for Contractors PD for Civil Servants)
• Know if there are any Records associated with
  your work and be able to find them.

4
GSFC/QMS Training 2003

• ALL PERSONNEL SHOULD (Continued)
• Know your organizations objectives, and how your
  job contributes to the achievement of those
  objectives
• Know how to access the GDMS, Directives
  Requirements List, controlled documents, and
  associated records for documents related to your
  work.
• Know what to do if you are audited

5
GSFC/QMS Training 2003

• PROGRAM AND PROJECT MANAGEMENT PERSONNEL SHOULD
• Understand and comply with the requirements of
  400-PG-8730.3.1
• Be able to describe how you interact with your
  customer
• Be able to describe how you measure customer
  satisfaction
• Be able to describe how your organizations goals
  map or contribute to the Code 400 Directorate
  goals.
• Ensure that the QMS requirements applicable to
  the organization are communicated and understood
  throughout the organization.

6
GSFC Quality Policy

• Q What is the GSFC quality policy?
• A With customer satisfaction as our primary
  goal
• GSFC is committed to meeting or exceeding our
  customer's requirements
• We achieve excellence in all of our efforts.
• You may be asked what this means to you in the
  performance of your job.
• It will not have to be recited or paraphrased.
• The GSFC Quality Policy is officially established
  in the GSFC Quality Manual (GPG 8730.3), and is
  unchanged since 1999.
• The GSFC Quality Manual is located in the GSFC
  Directive Management System (DMS) at
  http//arioch.gsfc.nasa.gov/iso9000
• Effective Date January 27, 1999

7
GSFC/QMS Training 2003

• Who is the QMS Management Representative?
• Richard Day
• His role, and that of the Quality Management
  System Council, are described in GPG 1060.1.

8
ISO 9001s Governing Body at GSFC

• The Center Director appoints the Management
  Representative (MR) and a Quality Management
  Council (QMSC)
• the Management Representative interfaces between
  the general work force and the Center Director.
  This is a specific, ISO-required function, and
  you will be asked about by the auditors.
• The QMSC includes a directorate-level
  representatives from each Goddard Directorate and
  each Code 100 organization that has a significant
  role in the QMS.

9
GSFCs QMS Implementation

• The QMS has been implemented such that it
• Reflects the way we actually do our work,
  changing as few things as possible.
• Meets the requirements of ISO 9001

10
Who is in scope? Is anyone exempt?

• Every organization in 400 is in scope.
• Everything 400 programs and projects do in scope.
• Some organizations at GSFC are out of scope.
  Examples Health Unit, Security.
• Some of the work of some organizations is in
  scope, and some is out. Example Facilities.

11
Our Scope to the Goddard QMS is defined by Our
Core Processes

• Science Enabling
• This includes the grants process providing data
  to the science community science support tools
  proposal support process and the science
  research management process.
• Systems Development
• This includes space flight systems balloons
  sounding rockets aircraft experiments ground
  systems data systems.

12
In Scope to the Goddard QMS (contd)

• Program/Project Management
• This includes cost, schedule, and technical
  control review and reporting budgets
  procurement contracts and safety and mission
  assurance.
• Technology Enabling
• This includes the technology research and
  development management mission specific
  products transfer and commercialization.

13
In Scope to the Goddard QMS (contd)

• Mission Operations
• This includes operations of on-orbit spacecraft
  maintenance of on-orbit operations systems
  collection and preservation of all data from
  on-orbit spacecraft and communications support
  to other NASA mission operations.

14
And What About Our Contractors?

• Contractors must comply with the Quality System
  requirements cited in their contract
• On-site contractors classified as GSFC employees
  are subject to the GSFC QMS and must follow the
  same procedures as civil servants.
• Off-site contractors are not subject to either
  our QMS internal audits or ISO 9001 registrar
  audits.

15
What is the importance of Process Documentation?

• We document the processes for doing work that is
  in-scope to the QMS
• We need to keep process control documents up to
  date, use correct versions, and get rid of
  obsolete copies.
• Any document that affects the quality of our
  products must be controlled.
• Documents are controlled by two systems
• Directives, in the GDMS
• Controlled Documents, by configuration management.

16
The QMS Document Pyramid
Tier 1-Quality Manual
Tier 2-Center Procedures
Tier 3-Directorate Procedures
Tier 4-Work Instructions
Base - Records
17
OK, Tell Me About These Levels...

• Tier 1 is our Quality Manual, GPG 8730.3. It
  describes our commitment to quality, our
  organization, and our implementation of ISO 9001.
  It shows how our QMS meets the requirements
  specified in ISO 9001.
• Tier 2 is the set of about 30Goddard Procedures
  and Guidelines (GPGs) that implement the ISO 9001
  requirements. These are Center procedures that
  implement the requirements of ISO 9001.

18
Go on -- I Can Tell Youre Going to...

• Tier 3 are the Procedures and Guidelines, or PGs,
  which are Directorate and lower-level directives
  used to implement the GPGs. The details of
  implementation are left to the Directorates or
  lower-level organizations. These details are
  documented in PGs.
• Tier 4 are the Work Instructions used by
  employees in doing their work. Work instructions
  may be procedures, handbooks, flow charts,
  drawings, checklists, forms, or anything that
  provides us with very specific directions for
  performing specific tasks.

19
Finally, the Bottom of the Pyramid

• The foundation of the QMS are our Records. ISO
  9001 requires evidence of QMS implementation, and
  these records are it.
• All QMS-required records are specified in
  directives
• GPGs
• PGs
• WIs.
• These records are kept by designated
  organizations. Each program and project has a
  records manager who is responsible for the
  safe-keeping and location of all records.

20

• Goddard Internal QMS Homepage
• http//arioch.gsfc.nasa.gov/iso9000/index.htm
• Provides links to GDMS, CCMS, all other QMS
  functions
• Provides access to Audit Database
• Provides access to NCR/CAS and other problem
  reporting systems
• Provides other information such as audit
  schedules, membership of QMS, and many other
  functions

21
What is the GDMS?

• GDMS refers to the Goddard Directives Management
  System -- an automated collection of Goddard
  directives which are to be followed by employees,
  along with the procedures for establishing and
  maintaining such collection.
• GDMS is a web-based application located at

http//gdms.gsfc.nasa.gov/gdms/
22
GDMS Objectives

• Document and control policy statements and
  implementing instructions unique to GSFC.
• Provide GSFC managers with the means to
  efficiently convey current, controlled,
  up-to-date instructions to employees, customers,
  and the public.
• Provide a standard method for initiating,
  reviewing, approving, distributing, revising,
  tracking, managing, and canceling GDMS-controlled
  directives.

23
What is a directive, and what kinds are there?

• A directive is a policy, procedure and guideline,
  or instruction that has been approved and
  published by the appropriate authority. GDMS
  includes four types of directives
• Goddard Policy Directive (GPD) (replaces GMIs)
• Goddard Procedures and Guidelines (GPG) (replaces
  GHBs)
• Procedures and Guidelines (PG)
• Work Instruction (WI)
• GPDs and GPGs are Center-level Directives.
• PGs and WIs are Lower-level Directives.

24
Who can access GDMS?

• Everyone has Read Only access.
• All individuals registered in LISTS have an
  account in GDMS and can login as a User.
• The URL is http//gdms.gsfc.nasa.gov/gdms USER ID
  - Your User ID is usually the first initial of
  your First Name followed by your Last Name. User
  ID is not Case Sensitive. If this doesnt work,
  call for help.
• PASSWORD - If this is your first Login, your
  Password is your Last Name (ALL CAPS). GDMS will
  prompt you to change your Password. Whatever you
  set up will be your permanent password. The
  password is always case-sensitive.

25
Whats all this about Objectives and
Measurements?

• The new ISO standard requires quality objectives,
  metrics, and analysis to improve your processes.
• By now, your program office should have
  established their quality objectives from their
  existing goals.
• The quality objectives must be traceable to Code
  400s objectives, published in 400-PG-8730.3.1.
• You need to be able to explain how your job
  contributes to the achievement of these
  objectives.
•  

26
What else do I need to know?

• Your job responsibilities. What procedures and
  work instructions tell you how to do your job,
  and where can you find these procedures? Where
  are they located?
• All personnel must be able to answer these
  questions. Each person should be able to place
  and explain his or her job and responsibilities
  within the appropriate directives.
• The relevant directives are all identified on
  your Directives Requirements List.
• All directives must be accessed using the GDMS.
  Dont keep hard copies around.

27
What about configuration control?

• Configuration Control (CM) is used in every Code
  400 organization. Your configuration manager
  should be able to explain everything dealing with
  CM.
• Remember that every document that affects the
  quality of your product must be controlled. It
  must be a directive or a Controlled Document.
• A Controlled Document is any document that is
  controlled by the organizations CM processes.

28
I keep hearing about Nonconformances.

• Nonconformance Reports are written for the
  failure to meet requirements.
• The process is being revamped so that NCRs are
  written mainly for customer complaints, audit
  nonconformances, systemic problems, and supplier
  audits. Product problems are handled by a new
  problem-reporting system.
• You need to know that your organization has a
  Nonconformance Lead that deals with NCRs received
  by your organization.

29
QMS Leads in every organization

• QMS Implementation Manager - the senior QMS
  lead, with a high degree of training, with
  overall responsibility for QMS compliance in the
  organization
• Directives Manager responsible for helping the
  organization with all directives matters
• Configuration Manager responsible for proper
  performance of a configuration control processes
• Nonconformance Lead dispositions NCRs,
  coordinates corrective actions, and closes NCRs
  when completed
• Records Manager responsible for proper
  record-keeping and records maintenance in the
  organization.
• You should know who these people are.

30
So whats all this about an audit?

• GSFC is seeking Certification of Compliance to a
  new version of ISO 9001. The version we are
  currently certified to will expire in a few
  months.
• This audit is scheduled for the week of August 4,
  2003.
• Code 400 will be audited on August 7 and 8.
• The schedule has been received, and is being
  distributed.
• Nearly every program will have at least one
  project audited.
• This audit is extremely important to us. We need
  this certification.

31
And more about the audit.

• The auditors assume we already comply with the
  old version of ISO 9001
• They will be looking specifically at the new
  requirements.
• Emphasis is on
• management and management commitment
• Customer satisfaction
• Quality objectives, which must be measurable by
  metrics
• Analysis of metrics for Continual Improvement
• Communication understanding at all levels!

32
Auditee Etiquette Philosophy (cont)

• Show them that you follow procedures and work
  instructions where required. Understand your
  DRL!!
• Think before answering questions
• Answer truthfully, directly, and simply. Dont
  volunteer information not asked for.
• If you do not know the answer, direct the auditor
  to your supervisor
• It is all right to ask for help!

33
Listen, Listen, Listen

• Listen to the question completely before
  answering.
• Answer ONLY the question that is being asked
• Do not offer additional information that you
  THINK the auditor will find interesting
• Do not dodge questions, answer directly

34
Get Help If You Need It!!!

• Get the most knowledgeable person available
  relative to his/her area of expertise. Dont
  guess. Get help.
• Ask supervisors or team leaders for assistance
• Ask other people to help as required.
• Call your QMS Implementation Manager!

35
Responding to Questions

• Respond promptly, but know your answer. It is OK
  to think for a moment before answering
• Never pretend to know the answer, and dont try
  to bluff the auditor. They will know!
• Unsolicited information may complicate the audit
  process and add to the time to complete the audit
  with you.

36
Sidewalk Questions

• Can you state the GSFC Quality Policy? (You only
  need to be familiar with it or be able to find
  it.)
• Can you name the GSFC Management Rep?
• How does your work contribute to achieving your
  organizations quality objectives?
• These can be asked of anyone, at any time.

37
Typical Audit Questions

• Would you please explain to me what it is you do?
• How do you know what it is you are supposed to
  do?
• Are there instructions defining the manner in
  which you do your job? Show them to me. (Go to
  the GDMS.)

38
Typical Audit Questions (contd)

• What records do you keep? Can you show me? How
  long do you keep them?
• These are specified in each directive that
  requires records
• Do you know what the Quality Policy is? Can you
  tell me what that policy means to you in your
  job?
• Who is the Management Representative? What is his
  role in the QMS?
• How does your work contribute to your
  organization meeting its objectives?

39
Some Audit No-Nos!

• Dont guess or bluff your answers. Dont be
  afraid to say, I dont know, but Ill find out
• Dont volunteer information not asked for
• Dont act like the auditor is wasting your time
• Dont be rude. Be courteous instead. The
  auditor, and all the audit escorts, have a job
  they have to do.
• _________________________________________
• Note that the auditors may speak ISO, whereas we
  speak QMS language. The auditors will be
  escorted by Code 400 QMS experts who can help.

40
Some Audit No-Nos! (cont)

• Dont criticize coworkers or the Center
• Dont argue with the auditor
• Dont say you dont follow procedures
  because...you dont have time, or cant be done
  that way

41
Final Checklists

• Know the sidewalk questions answers
• Use and understand the GDMS
• Understand the ISO requirements for document
  control current documents only, and removal of
  obsolete documents
• Use and understand your Directives Requirements
  List. Put it on your own Working Documents List.
• Be able to produce the required records
• Know where the records are that you are
  responsible for.
• Have a general, cursory understanding of what is
  in this presentation

42
And finally, on our audit day .

• This may seem like a lot, be we are confident.
• There are two auditors for the Center. Only one
  will be auditing Code 400 on Aug 7-8.
• The auditor will be escorted by 2-3 Code 400 QMS
  experts to help him and you. The Code 400
  experts will do their best to keep you informed.
• Your organization needs to be available and
  flexible.
• A call has gone out for a Point of Contact phone
  number that will be available all day. The team
  will call first.
• Remember that the Audit Plan is just a Plan. It
  can change as the audit progresses.

43
The Bottom Line

• ISO 9001 Registration demands the active
  commitment and participation of all employees at
  all levels. Get involved. Stay informed.
• ISO 9001 Registration is critically important to
  GSFC and NASA
• And a final point to be proud of out of all the
  government agencies that have sought ISO
  Certification, and most have tried, NASA is the
  only government agency ever to achieve and keep
  it.

44
Your organizations QMS Leads are

• QMS Implementation Manager _________________
• Directives Manager___________________________
• Configuration Manager________________________
• Records Manager ____________________________
• Nonconformance Lead (NCL)___________________