| 1.1 Portfolio
21 Non-Conformance Portfolio | |
|---|
| 1.1.21 Non-Conformance Portfolio: | | 1. Before a non-compliance can be identified, procedures to measure compliance must exist. A businesses may wish to discuise a non-compliance with a name like Concern or Complaint or Incident or Defect, but its the same thing. | | 2. Business rules will have non-compliant defects where the business requirements have not been fully defined, expressed or understood - omission is the primary root cause. In most cases, a business rule defect with show up as something not working exactly as expected under certain circumstances - the majority of the application will continue working as expected. Hard program errors are not possible because software has been avoided. |
| 1. Incident Management: | | 1. Every company has incidents (non-conformances) that must be managed with an evidence trail. An incident is an event that has happened with a specific date, time and key person involved. Some incidents may simply be the realisation that some major mishap may have happened, but by coincidence it did not happen. Some incidents may be complaints, grievances or any non-standard event. | | 2. The common factor is that management must play a role to resolve the incident and must devise ways to prevent the incident happening again. Incident management is part of the Quality Management Service (QMS) relating to non-conformances. A non-conformance (incident) is when something is done that is not part of a formally documented work instruction or procedure. |
| 2. Author: | | 1. Good incident management begins with a quick and easy way for the key people involved to report the incident in writing, with diligence and as completely as they can. In some cases, an attached photograph can be worth a thousand words when dealing with something that is broken, defective or not working as expected. The author must be able to use any kind of desktop, laptop, tablet or smart phone to easily enter details of the incident - no special software can be involved. | | 2. A group of people may be involved as witnesses and each must be able to share the incident reporting service to add their involvement, what they saw and what they think. Each person can change their own data entry, but cannot edit another persons data entry - every change must be easy to view so fraud and conspiracy are prevented. | | 3. The date and time when each person makes an entry must be recorded in a way that cannot be changed. The date and time of the incident is a key factor that will distinguish one incident from another. |
| 3. Management: | | 1. The role of management is to understand the incident and gather more information until a conclusion based on facts can be written. Work in progress can be documented and shared with all involved parties in an open and transparent way. | | 2. Eventually management must identify the root cause and conclusions that may include a Corective Action Plan (CAP). For example; one or more people may need to be retained in a critical skill that the incident showed up as lacking. The CAP may identify many different actions involving many different people with an extended time scale, but a finit completion date. | | 3. When all corrective measured have concluded, then the manager may close the incident. |
| 4. Corrective Action Plan: | | 1. A Corrective Action Plan is a document like minutes of a meeting where each minuted topic has a named person responsible to deliver the minuted action by a specified date. (1) What to do. (2) Who do do it. (3) When it must be delivered. | | 2. An objective of a CAP it to give comfort to the wronged party that something will be done to prevent this happening again. Its like an agreement that says sorry with real conviction and real action by named people. | | 3. The CAP is a living document as each corrective action is delivered, it is updated to specify the actual delivered date alongside the original scheduled delivery date. The CAP is represnted as minutes because that is an easy format to be distributed to all involved parties. When applicable, the CAP can be printed as a normal A4 document. |
| 5. Evidence Trail: | | 1. The incident date and time is when a new incident is opened that will continue open until management formally close the incident when all corrective actions have concluded. A situation report shows all open incidents at any point in time, together with the expected close date. | | 2. Any number of people may add evidence to help management many an informed conclusion - that evidence is shared in an open and transparent way will all those involved. People can change evidence on the day they enter that evidence, but cannot change it afterwards, but they can add extra evidence to refute what they have already said. Nobody can change evidence entered by somebody else - no overall administrator exists to moderate who said what. Inappropriate language will be automatically removed as it is entered, but inappropriate attitudes cannot be automatically corrected. | | 3. Management can place a cost estimate on each incident to monitor the cost of dealing with non-conformances. Every business should strive to cut the cost of doing business with incident management being a key factor to determine what to cut. | | 4. Auditors can pick up on any incident and view its entiry life cycle in a glance. Auditors can see the Corrective Action Plan to determine what has been done to try to prevent the incident from happening again. People will make mistakes from time to time and it is the good business that acknowledges that incidents happen and must be managed in a professional way. Auditors would rather see a mistake well managed than a mistake covered up. |
|
|