Despite a lack of news on the Q001 front, we’ve been busy working behind the scenes to address some stakeholder feedback. The most common suggestion we received from potential users of the new Q001 standard was that while it did present requirements in a clearer manner than ISO 9001, there were still too many of them. This was by design, since we wanted Q001 users to be simultaneously compliant with ISO 9001.

But the issue kept coming up, so I went back to the work we did with the Management Maturity Model (M3) Initiative, which proposed a tiered system of certifications. The M3 model allowed for a simpler “Level 1” management system that was “compliant, if not mature.” It was intended to be used by organizations just starting down the path of management system certification, similar to CMMI Level 2.

We scrapped that idea when porting over the M3 work into the Q001 scheme, since any Level 1 user company would never comply with ISO 9001. A lot of stakeholders said they didn’t care, though, and that slavish conformity to ISO 9001 would limit the Q001 scheme in the future. They had a point.

So based on this feedback, I took a second look at the idea. I’m happy to announce that we’ve updated the scheme procedures to introduce a new level of certification that addresses this need.

New “Q001 Level 1” Introduced

Whereas the original Q001 model had three certification levels, the new model now has four. These are:

  • Q001 Quality System Certified Level 1
  • Q001 Quality Management System Certified Level 2
  • Q001 Quality Management System Certified Level 3
  • Q001 Quality Management System Certified Level 4 with Honors

While the Q001 standard remains untouched, organizations will be able to decide ahead of time if they want a full “quality management system” certification, and thus could receive a Level 2, 3 or 4 certificate based on their final audit score, or if they want a limited “quality system” certification issued solely at Level 1.

Notice the wording: we view Level 1 as a “quality system,” whereas the others are “quality management systems.” That’s intentional, to represent the different levels of maturity.

For those pursuing Level 1, they would be allowed to exclude major clauses within the Q001 standard, and a number of sub-clauses. They would still be required to implement the bulk of the product and service realization requirements in clause 8.0. Data gathering is greatly reduced, but there is still an expectation to measure product quality and on-time delivery. The company would have to implement a formal corrective action system, but would not be expected to conduct internal audits or management reviews.

Having said that, many companies may still opt for this “lighter” approach to implementation and certification. All clients would still have to undergo statistical review of their quality data, incident investigations and QMS document review. Level 1 organizations may also elect to opt for the customer feedback review, for additional points.

The only caveat: a company must determine beforehand if it intends to pursue Level 1 or not. A Level 2 audit would not be allowed to be downgraded to Level 1 mid-audit; nor could a Level 1 audit be upgraded to Level 2+ mid-stream.

Remote Auditing Methods (RAM)

While this was in the back of our minds for some time, the recent coronavirus pandemic pushed this next improvement to the forefront. The new accreditation rules will allow for the use of Remote Auditing Methods, or RAM. Obviously this means that organizations can more easily undergo remote auditing rather than rely solely on on-site audits.

Where this approach differs from the IAF’s weak “ICT” approach, the accreditation procedures define some strict requirements for the use of RAM, including suggestions on how to ensure compliance with security and confidentiality requirements. For example, the scheme recommends the use of Tor-encrypted secure email addresses for both the CB and client when submitting evidence for review. The scheme also recommends the use of limited-life messaging apps that destroy a message after viewing, allowing the CB to view evidence and have it automatically wiped afterward. It also disallows RAM if the client and CB cannot develop methods that comply with applicable regulations, a nod towards ITAR.

The use of RAM will help clients save a fortune on travel expenses for audits, as well. It will require some additional training on the part of CBs and their auditors, to ensure everyone knows how to use the appropriate tech. But we’re in the 21st century, and clearly need to start acting like it.

Better, Stronger Faster

These improvements are being done as we finalize various other scheme documents, including the final few procedures and the accreditation contract that CBs would have to sign to get into the program. To date we have interest from various countries including the United States, Portugal, Mexico, Spain, China, Czech Republic and more.

To download your free copy of the Q001 standard, click here.

To view the current set of accreditation documents, click here. Give it a few days for the new rules to appear on that page.

If you are interested in offering Q001 certification as an accredited certification body, click here to fill out an online application.

 

Advertisements

ISO 17000 Series Consulting