Company Confidential Registration Management Committee (RMC) 1 CB and Auditor Performance Expectations Boston, MA July 22, 2011 R. Darrell Taylor Raytheon Corporate Auditor Auditor Workshop Boston, MA July 21-22, 2011

Company Confidential Registration Management Committee (RMC) Who am I? –R. Darrell Taylor, Corporate Auditor for Raytheon –RABQSA Certified Lead Auditor, AIEA and AATT certified –Voting Member of the RMC and Chair of the Database Sub/Team –Trained and active Oversight auditor –Recently added as the voting member for the AAQG and AAQSC

Company Confidential Registration Management Committee (RMC) Purpose –To communicate some of the American Aerospace Quality Group/Registration Management Committee (AAQG/RMC) expectations of the Certification Bodies (CBs) and CB auditors.

Company Confidential Registration Management Committee (RMC) Reference Documents –AS9104/1 »Requirements for Aviation, Space, and Defense Quality Management System Certification Programs –AS9104/2 –Requirements for Oversight of Aerospace Quality Management System Registration/Certification Programs –ISO »Conformity assessment — Requirements for bodies providing audit and certification of management systems

Company Confidential Registration Management Committee (RMC) Certification of a management system provides independent demonstration that the management system of the organization –a) conforms to specified requirements, –b) is capable of consistently achieving its stated policy and objectives, and –c) is effectively implemented. Excerpt from Introduction of The big picture:

Company Confidential Registration Management Committee (RMC) Certification Body Requirements –Before AS certification, accredited to for ISO 9001 –An aerospace/defense member on the CB Management Committee and in a position to make certification decisions –Use certified auditors –A documented process for working with clients –Accessible to the Accreditation Body and Sector Management Scheme for oversight –Utilize and record data in OASIS Excerpt from AS9104/1: section 6

Company Confidential Registration Management Committee (RMC) Certification Body Requirements (cont.) –Have a complaint resolution process –Consultancy and audit can not be the same group –Issue valid certifications –Manage auditors and the relationship with the Client Excerpt from AS9104/1: section 6

Company Confidential Registration Management Committee (RMC) Auditor Requirements –impartiality, –competence, –responsibility, –openness, –confidentiality, and –responsiveness to complaints. Excerpt from 17021: 4.1.3

Company Confidential Registration Management Committee (RMC) Top Issues List (1) –No Consulting on an audit »Watch for bias »Recognize there is more than one way to meet a requirement »Test for effectiveness

Company Confidential Registration Management Committee (RMC) Top Issues List (2 ) –No Soft Grading: »3.2 Major Nonconformity »A non-fulfillment of a requirement which is likely to result in the failure of the quality management system or reduce its ability to assure controlled processes or compliant products/services; it can be one or more of the following situations: a nonconformity where the effect is judged to be detrimental to the integrity of the product or service; the absence of or total breakdown of a system to meet a 9100-series standard requirement, an organization procedure, or customer quality management system requirement; any nonconformity that would result in the probable shipment of nonconforming product; and/or a condition that could result in the failure or reduce the usability of the product or service and its intended purpose. Excerpt from AS9101D

Company Confidential Registration Management Committee (RMC) Top Issues List (2 cont.) –No Soft Grading: »3.3 Minor Nonconformity »A non-fulfillment of a requirement which is not likely to result in the failure of the quality management system or reduce its ability to assure controlled processes or compliant products/services; it can be either one of the following situations: a single system failure or lapse in conformance with a 9100-series standard or customer quality management system requirement; or a single system failure or lapse in conformance with a procedure associated to the organization's quality management system. Excerpt from AS9101D

Company Confidential Registration Management Committee (RMC) Top Issues List (2 cont.) –NOTE: A number of minor nonconformities against one requirement (e.g., similar nonconformities associated to different sites or different departments/functions/processes within a single site) can represent a total breakdown of the system and thus be considered a major nonconformity. Excerpt from AS9101D

Company Confidential Registration Management Committee (RMC) Top Issues List (3) –Certification Bodies -Follow through on complaints all requests for corrective action are responded to within 30 calendar days from receipt of complaint; all feedback received is reviewed and, if response requested, the response is provided within 30 calendar days from receipt of complaint; Excerpt from AS9104/1

Company Confidential Registration Management Committee (RMC) Top Issues List (4) –Follow the process, complete the paperwork »What do you do as an auditor – we are drawn to blanks

Company Confidential Registration Management Committee (RMC) Top Issues List –Keep current on training –Develop effectiveness analysis techniques –Advocate for the process

Company Confidential Registration Management Committee (RMC) How does the RMC monitor this activity?

17 Certification Body Statistical Assessment Model ANAB Audits - 6 Criteria OASIS Results - 3 Criteria Feedback - 3 Criteria General - 1 Criteria Multifaceted Analysis Approach ANAB Performance + 4

18 Threshold Violations RMC & ANAB need to research –>6 ANAB to report to RMC –4-5 ANAB to investigate –2-3 No Action –<2

19 Questions