SQT Blog

We have spent the last ten years refining our HACCP systems and now retailers are requiring TACCP (Threat Analysis Critical Control Point) and VACCP (Vulnerability Analysis Critical Control Point).  Do threats and vulnerabilities have to be dealt with through a separate management system or can they be incorporated into our existing HACCP?

The key to making HACCP a management system that production, engineering, supply chain and not just technical understood was to make it logical, logic works in the Food Industry.  Central to this logical approach was the need “to control reasonable hazards”.  Unfortunately when it comes to TACCP /VACCP “reasonable” is a word that is rarely used.  Threats to business usually originate from “unreasonable” people or organisations but unfortunately this is the world we live in when it comes to supply chain management.

The first step for any Technical Manager is to source a guidance standard which will offer some advice.  PAS 96:2014 is such a starting point and when Tesco, McDonalds, J. Sainsbury, Hilton Food Group, Heineken and the Food Standards Agency (FSA) contribute to such a document it carries significant weight.

Personally I believe that TACCP is an unfortunate term as it implies that there will be CCPs in the same way that HACCP does.  This will not be the case as all the threats and vulnerabilities will be controlled by an FBOs pre-requisite programme.

Author: Denis Kiely

Learn more about TACCP on our 1 day training course – more

We are happy to draw your attention to the upcoming Quality in Ireland Conference taking place in the Radisson Blu Hotel in Galway on Tues 21st Oct hosted by NSAI and IT Sligo.

This is an excellent event with many great speakers so worth noting in diaries.

See http://www.nsai.ie/NSAI-Quality-in-Ireland-2014.aspx for more details.

It is common practice in organizations where Failure Mode Effect Analysis (FMEA) is used as a quality improvement tool, to set thresholds on the Risk Priority Numbers (RPN’s), above which actions should be taken to reduce the RPN. I don’t believe that setting such thresholds is good practice. I propose instead that responsibility should be placed on the team to decide whether action is appropriate. In the event that the team decides that it is not necessary to take action on a particular identified cause of the failure mode, then the team leader should sign off on this decision on behalf of the team; i.e. the team will take responsibility for proposing no corrective action be taken, should that be the decision.

The reality is that the choice of the values (Severity, Occurrence, and Detection ratings) which go to make up the RPN is very much based on the judgement of the team members, and there is wide scope for variability in the values that will be chosen. It is a virtual certainty that if two teams with identical backgrounds are given the same failure mode to analyse, even if the causes are agreed among them, they will come up with different RPN’s. That is the nature of FMEA. In these circumstances, I don’t believe it makes sense to have fixed RPN thresholds for action on causes. One of the teams may well have RPN’s below the threshold whereas the other team working on the same failure mode may not.

I think there tends to be too much emphasis and reliance on the RPN values in FMEA in making decisions on whether or not corrective actions should be implemented. I believe the real benefit of the FMEA is the intense discussion that takes place between the team members. I believe that by the time the team has reached the stage of calculating the RPN, the discussion that has taken place up to that point should be sufficient to inform the team’s decision on whether or not corrective action is to be taken, and the responsibility for the decision, should rest with the team.

Learn more about FMEA techniques by attending our Failure Mode Effect Analysis training course.

Like all ISO standards, one of the world’s most popular quality management standards, ISO 9001, is reviewed every five years. The International Standards Organisation (ISO) is currently revising ISO 9001:2008 to ensure it is relevant and up-to-date and has now had its Draft International Standard (DIS) released.  At the DIS stage all interested parties can submit feedback that will be considered before the final draft is published by the end of 2015.

The main reasons for the change is to keep ISO 9001 relevant, reflect changes in its environment and ensure it continues to deliver “confidence in the organization’s ability to consistently provide product that meets customer and applicable statutory and regulatory requirements”.

The impact of this revision will be similar to, if not greater than the 2000 edition, which was a major change for accreditation bodies, certification bodies, training organisations, implementing organisations, procurement organisations, consultants and customers.

The main changes in the new draft relate to its format and the increased importance of risk.

These include:

• The same high-level structure used by other management system standards which will help companies to implement more than one standard
• Identification of risk and risk control as requirements
• Management will be required to take a more active role in aligning quality policies with business needs
• Changes in terminology

Organizations certified to the current standard, ISO 9001:2008 will be given a three-year transition period after the new version has been published to migrate to the new edition of the standard.

The draft version is now available on the ISO website which you can reach by clicking here.

Sources

ISO

IRCA

Morgan McKinley

 

Blog courtesy of http://www.pegasuslegalregister.com/resources/pegasus-blog

In our EN 14971: 2012 blog, we discussed the changes to EN 14971: 2012 in broad terms and we have seen that to comply with the EN version of the standard, manufacturers will have to move away from the ALARP system of risk analysis and evaluation. This will mean significant changes to the risk management process. In this newsletter and subsequent newsletters, we will deal with each of the seven Content Deviations* in detail. In this newsletter, we deal with the first two Content Deviations: Treatment of Negligible Risks and Risk Acceptability Assessment. In Annex D8.2 ISO 14971 Standard indicates that the manufacturer may ignore negligible risks. However, the Essential Requirements of the three Medical Device Directives (MDD), state that “All risks, regardless of their dimension, need to be reduced as much as possible and need to be balanced, together with all other risks, against the benefit of the device”

Content Deviation 1: Treatment of Negligible Risks

In Annex D8.2 ISO 14971 Standard indicates that the manufacturer may ignore negligible risks. However, the Essential Requirements of the three Medical Device Directives, state that “All risks, regardless of their dimension, need to be reduced as much as possible and need to be balanced, together with all other risks, against the benefit of the device”

The first step in risk analysis process is to identify hazards – best practice is to identify as many as possible at the beginning of the process and divide them into two categories – those that need to be analysed for risk as they could cause harm and those that cannot possibly cause harm (even in the case of misuse) often due to the design of the device. If you choose not to analyse a hazard, you must record the rationale for choosing not to conduct the analysis. Another alternative is to analyse the hazard and show that it has been reduced as far as possible.

How to Address Content Deviation No. 1

Annex D8.2, of ISO 14971 indicates that negligible risks may be disregarded. However, the Essential Requirement 1 and 2 of the MDD specifically require that all risks must be considered. This means that where possible controls need to be generated for all risks listed in your risk analysis documents (such as FMEAs). If no further controls are possible, then record a statement to this effect in the risk analysis documentation. It is important to remember that even for negligible risks an economic justification is not permissible for not reducing the risk as far as possible (See also Content Deviation No. 3 Risk Reduction Economic Considerations the subject of our next Newsletter). In achieving compliance with EN 14971: 2012 the Treatment of Negligible Risk will not be your highest priority. Discuss with your Notified Body a timeframe for implementation of reducing Negligible Risk as far as possible.

Tip: Do not include business risks or risks to manufacturing personnel in the risk analysis that you conduct to fulfil the Medical Devices Directives; this will simplify your risk analysis and exclude a number of (negligible) risks that would otherwise have to be reduced as far as possible in order to comply with EN 14971: 2012 and the MDD.

Content Deviation No. 2: Risk Acceptability Assessment.

This Deviation relates to the process of evaluating risks. The ISO 14971 states that the acceptability of risk must be decided by the manufacturer. Clause 3.2 of the 14971 Standard, states that, “Top management  shall: define and document the policy for determining criteria for risk acceptability.”   The manufacturer’s risk management policy must define and record the criteria that it uses for deciding which risks are acceptable or not.   Essential Requirements 1 and 2 states that risks be reduced as far as possible, and that all risks shall be included in a risk/benefit analysis—not just the risks that meet a certain criteria. Therefore, the requirement to establish a risk policy for the acceptability of risk directly contradicts the MDD.

The question is: how does a manufacturer establish acceptability criteria?

Robert Packard of www.medicaldeviceacademy.com in his excellent blog on the Content Deviations recommends the following:

“For new devices, I recommend benchmarking the risks of the new device against existing devices. In other words, if the new device presents equal or lower risks than existing devices, then the risks of the new device are acceptable. For existing devices, I recommend performing a risk/benefit analysis, evaluating adverse events observed with the device against the benefits of using the device”.

 What is Acceptable?

In order to comply with the EN ISO 14971:2012 version of the risk management standard, you will need to implement risk controls for all risks, regardless of acceptability. However, you will also need to perform a risk/benefit analysis. The risk/benefit analysis should consider not only the benefits to patients and the risks of using the device, but the analysis should also consider relative benefits of using other devices.

The clinical evaluation report and the risk management report for the device should be based upon clinical evidence of the device for the intended use—including adverse events. For new devices that are evaluated based upon literature review of equivalent devices, Notified Bodies expect a Post-Market Clinical Follow-up (PMCF) study to be conducted in order to verify that the actual risk/benefit of the device is consistent with the conclusions of the clinical evaluation. In order to perform this analysis, a clinical expert is necessary to properly evaluate the risk/benefit ratio of the device, and to create a protocol for a PMCF study.

MEDDEV 2.12/2 rev 2, Post Market Clinical Follow-up Studies, indicates that the PMCF study protocol should indicate the study endpoints and the statistical considerations. In order to do this, your company will need to establish quantitative criteria for acceptability of the identified risks. Therefore, your documentation should make it clear that risk acceptability criteria should be based upon clinical data. Acceptance of risks should be conducted at a later point in the risk management process than under the ALARP system (e.g., – as part of the overall risk/benefit analysis).

How to Address Deviation #2

As your company becomes aware of the second deviation between the ISO 14971 Standard and the Essential Requirements of the MDD, your risk management team will need to change the risk management process to clarify when risk acceptability should be evaluated, and the risk management policy should specify how acceptability should be determined.

The risk management process at your company will need to specify that implementation of risk controls is required for all risks—regardless of acceptability. You should also consider eliminating the evaluation of risk prior to implementation of risk controls. Instead, your company should base acceptability of risk solely upon the clinical risk/benefit analysis, and should involve the manufacturer’s medical expertise in making this determination.

Finally, your risk management process should specify the need for Post Market Clinical Follow-up Studies in order to verify that actual clinical data supports the conclusion that the risk/benefit ratio is acceptable over the lifetime of the device.

The proper place to document this conclusion is in the conclusions of the clinical evaluation report and risk management report. Both of these documents should cross-reference to one another and the conclusion should be reassessed as new post-production data is collected over time.

*Content Deviation: During the process of making ISO 14971 an EN standard (a process known as harmonisation), it became apparent that the standard did not comply with all the requirements of the Medical Devices European Directives, namely 90/385/EEC, 93/42/EEC and 98/79/EC. The differences between EN 14971: 2012 and the Medical Devices Directives are known as Content Deviations.

 

The seven Content Deviations are:

• Treatment of Negligible Risk
• Risk Acceptability Assessment
• Risk Reduction Economic Considerations
• Risk-Benefit Analysis Not Optional
• Risk Control Options
• First Risk Control Option
• Labelling Information Cannot Influence Residual Risk

Submitted by John Lafferty, SQT Healthcare Tutor

A second committee draft (CD2) of the revised environmental management systems standard was published in October 2013 and ISO countries had until 23 January 2014 to vote on whether CD2 should become a draft international standard. CD2 has received overwhelming support from ISO members, ensuring the draft international environmental management system standard will progress to the next step. In excess of 80 percent of ISO members who were balloted voted to move the revision of ISO 14001 to a draft international standard.

The next meeting of the international working group that is drafting the standard takes place between 25 February and 1 March. It will consider the comments submitted during the latest consultation and look to build a stronger consensus on the changes that are being proposed.

Martin Baxter, executive director of policy at Institute of Environmental Management and Assessment (IEMA) and the UK’s appointed expert on the revision to 14001, said the response to the draft standard from environmental professionals had been “overwhelmingly positive”.
“The changes being proposed are significant, integrating environmental management into organisational strategy and decision-making and adding further emphasis on improving environmental performance,” he explained.

An increasing number of organisations are pursuing ISO 14001 certification. In its annual survey of certifications, the International Organization for Standardization said the number of ISO 14001 environmental management system certificates at the end of 2012 was up 9 percent to 285,844 over the previous year.

Revision timeline

Early 2014: IEMA submits comments on CD2.

Mid 2014: Final Ballot takes place for adoption of the new 14001 standard.

Jan 2015: Final Draft International Standard.

May 2015: The revised ISO 14001 will be adopted and published, and the transitional period for organisations with certifications will begin.

Submitted by Ronan O’Sullivan, Antaris Consulting

To read more blogs from Antaris, click here

 

Sources

http://www.environmentalistonline.com/article/2014-01-28/revised-iso-14001-to-become-dis

http://www.up-ltd.co.uk/news/3069

http://www.environmentalleader.com/2014/01/29/iso-14001-revision-receives-majority-support-moves-forward/

https://www.2degreesnetwork.com/groups/energy-carbon-management/resources/revised-iso-14001-standard-moves-step-closer/

https://www.iema.net/policy-iso14001revision

Figures released from ISO show a large uptake over the previous twelve months.  There are over 19,573 standard developed by the ISO since its formation in 1947. The reach of the organisation has expanded with national members 164 countries, rising from 162 in 2011. Ireland’s representative body is the NSAI. The national members consist of 111 member bodies, 49 correspondent members and four subscriber members.

The number of active projects in 2012 has increased to 4056, from 4007 in 2011. Consequently, the number of standards published has also risen from 1208 in 2011, to 1280 in 2012.

A summary of the statistics is shown in the table below.

Table 1 Global Distribution of Certificates 2011 and 2012

Standard	No. of Certs Issued 2012	No. of Certs Issued 2011	Increase	Increase (%)
ISO 9001 (Quality)	1,101,272	1,079,647	21,625	2%
ISO 14001 (Environmental)	285,844	261,957	23,887	9%
ISO 50001 (Energy)	1,981	459	1,522	332%
ISO 27001 (Information Security)	19,577	17,355	2,222	13%
ISO 22000 (Food Safety)	23,231	19,351	3,880	20%
ISO/TS 16949 (Quality Automotive)	50,071	47,512	2,559	5%
ISO 13485 (Quality Medical Devices)	22,237	19,849	2,388	12%
Total	1,504,213	1,446,130	58,083	4%

Source (ISO, 2013)

From Table 1 above, it can be seen that the uptake for the seven most popular standards have all increased over the past year. The greatest increase in uptake has occurred with ISO 50001, with an increase of 332%.

This increase is due to the fact that ISO 50001 was released in June 2011, and therefore the 2011 figures represent six months of uptake. In addition this is the first internationally recognised energy management standard.  The large increase may be the result of companies with existing standards upgrading their systems to comply with the requirements of ISO 50001, as the standard is in its infancy.

Sustainable Energy Authority Ireland’s Large Industry Energy Network (LIEN) is a voluntary network comprising of 140 companies representing 60 percent of Ireland’s industrial energy usage. A staggering €60m in avoided energy costs has been achieved since 2008 with the Scheme. SEAI also have a scheme under the LIEN, called the Energy Agreements Programme (EAP), over which there are 80 members which requires organisations to implement an energy management system.

In addition to this Ireland is home to many of the world largest MNCs (e.g. Google, Pfizer) and these companies are paving the way for best practice energy management for their colleagues in other countries and this has been enforced further with the swift implementation of ISO 50001. Germany and the UK are the market leaders in the largest number of ISO 50001 certificates issued but Ireland is coming up behind these countries, and is driven by SEAI’s goal to ensure that all members of the EAP have achieved ISO 50001 certification by the end of 2013. (Brogan, 2012)

The global uptake of ISO 50001 over the first twelve months has exceeded that of ISO 14001 in its initial twelve month period, and is rivalling the number of uptakes of the ISO 9001 in the 1990’s.

ISO 9001 makes up the majority of the certificates issued with over 73% of the global total awarded in 2012.

Table 2 Distribution of Certificates 2011 and 2012 in Ireland

Standard	Intro Year	No. of Certs Issued 2012	No. of Certs Issued 2011	Change (%)	Total Certs Issued
ISO 9001 (Quality)	1993	2,331	1,875	+24%	43,462
ISO 14001 (Environmental)	1999	417	663	-37%	4,947
ISO 50001 (Energy)	2011	35	n/a	n/a	35
ISO 27001 (Information Security)	2006	48	30	+60%	146
ISO 22000 (Food Safety)	2007	49	49	0%	246
ISO/TS 16949 (Automotive Quality)	2004	23	21	+10%	187
ISO 13485 (Medical Devices Quality)	2004	193	159	+21%	975
Total		3,096	2,797	+11%	49,998

(Source: ISO, 2013)

From Table 2, it can be seen that the distribution of ISO 9001 makes up the majority (over 75%) of the total number of certificates distributed. The uptake of this standard has increased 24% on the previous year also. The large uptake for this standard has been driven by the introduction of EU directives on products which specify minimum standards

ISO 9001

 

 

 

 

Figure 1 ISO 9001 Annual Distribution of Certificates

The distribution of ISO 9001 conformance certificates peaked in 2000 and 2001 where 3700 certificates were being issued annually. The uptake of the standard has dropped off since then to more modest levels. Yet 2012 saw an increase of 24% in certificates issued versus 2011, as 2331 certificates were issued.  From all the certificates distributed in 2012 in Ireland, over 75% of them were for ISO 9001.

ISO 14001

 

 

Figure 2 ISO 14001 Annual Distribution of Certificates

417 certificates distributed in 2012. This is lowest distribution rate of ISO 14001 certification for the previous five years. This drop off may be due to maturity of standard and proposed introduction of the new ISO 14001 in 2015.

ISO 50001

The number of ISO 50001 certificates issued in 2012 was 35. This number quite big considering it is a voluntary standard. The standard was only introduced in June 2011 and many companies with existing EnMS standards in place, such as EN 16001, may be waiting for their existing certification to expire prior to acquiring the new standard. The next ISO survey will give a good indication as to whether the SEAI met their goal stated above.

 

ISO 27001

 

 

Figure 3 ISO 27001 Annual Distribution of Certificates

There has been significant growth in the uptake of ISO 27001 since its uptake in 2006, where only six certificates were distributed, to 48 certificates being distributed in 2012.

ISO 22000 (Food Safety)

 

 

Figure 4 ISO 22000 Annual Distribution of Certificates

Launched in 2007, 23 ISO 22000 certificates were issued, and annually since 2010, the number of certificates issues has risen to 49.

 

ISO/TS 16949 (Automotive Quality)

 

 

 

Figure 5 ISO/TS 16949 Annual Distribution of Certificates

The adoption of ISO /TS 16949 has grown from seven in 2004 and 2005, to over 20 annually for the previous 6 years.

 

ISO 13485 (Medical Device Quality)

 

 

 

Figure 6 ISO 13485 Annual Distribution of Certificates

Progressive growth has occurred in the uptake of ISO 13485 since 2004. The number of certificates has increased tenfold from its introduction in 2004, where 19 certificates were issued, to 2012 where 193 certificates were issued.

 

To read more blogs from Antaris, click here

ISO has recently announced the creation of a new project committee to develop an international standard for occupational health and safety (OH&S).

The standard will provide guidance for improving worker health and safety and will be overseen by ISO Project Committee (PC) 283, Occupational health and safety management systems – requirements.

The secretariat of ISO/PC 283 has been assigned to the British Standards Institution (BSI) and is expected to begin work on transforming the existing OHSAS 18001 standard into a new ISO standard.

The first secretariat meeting is expected in late October 2013 and it will develop the health and safety management system standard in accordance with the general requirements of ISO 9001:2008, the quality management system standard and ISO 14001:2004, the environmental management system standard.

Huge congratulations to our delegates Stephanie Cunningham (Pepsico) and Kevin Marley (Xerox) who achieved overall Joint BEST Candidate for the NEBOSH International Diploma during 2012/2013.  This is a wonderful achievement for them (& SQT!!).

Stephanie said of her Diploma experience with SQT:

“I just completed my NEBOSH International Diploma in Occupational Health and Safety through SQT and under the close guidance of Finbarr Stapleton. Finbarr and SQT gave us clear directions from start to finish in regards to the course, module and exam requirements to facilitate successful completion of this very comprehensive diploma. The course contents are 100% applicable to my work which has helped me to help others to be safe in their daily work environment. Even now I often refer to the excellent course material to get detailed advice on certain H&S related topics. SQT were very supportive throughout the time it took to gain this qualification, which now gives me the scope and knowledge to excel in my current role as HSE professional.”

A NEBOSH qualification is one of the most prestigious and highly respected International qualifications in Health and Safety.

________________________________________

We are now taking bookings for our September course – a number of places have already been filled so book early to avoid disappointment.

NEBOSH International Diploma in Occupational Health & Safety
Commencing 19th September – Blended Learning
(Home Study + 14 Workshops)
Presented by: Finbarr Stapleton
More Info
Book

________________________________________

 Why Risk Going Elsewhere for your NEBOSH Training?

Here’s 7 reasons why you should choose SQT:

1. We’re Better than the Rest…we regularly exceed the overall NEBOSH exam pass rates year on year. Check out a detailed breakdown of our results to date.
2. You can Trust us…we have been delivering NEBOSH training for the last 5 years and have helped dozens of people achieve their professional NEBOSH qualification – some even achieving the highest marks internationally!.
3. Our Tutors are Tuned in…Our lead tutor Finbarr Stapleton has over 25 years of Health & Safety experience and is constantly engaged with industry today.
4. We do Both…we are the only Irish training provider accredited by NEBOSH to deliver both the NEBOSH International Diploma & Certificate courses. Our course syllabi not only cover International legal frameworks and codes of practice but also Irish legislation.
5. You Won’t Be on Your Own…our workshop structured course enables discussion and knowledge sharing with your peers throughout the duration of your training.
6. Our Delegates Couldn’t be Happier…see what our Joint Best NEBOSH Candidate Stephanie Cunningham had to say – she’s a HSE Specialist with PepsiCo Ireland.
7. Free Access to Legislation Software…book a place on this September’s course and receive FREE access for 3 months to the Pegasus Legal Register (created and maintained by Antaris Consulting).

________________________________________

If the Diploma is not for you…

NEBOSH International General Certificate in Occupational Health & Safety
Commencing on 7th October 2013

More Info
Book
________________________________________

Why undertake the NEBOSH International Diploma over other H&S courses?

• It is the leading Health & Safety qualification for Health & Safety Professionals around the world.
• It is your first step to becoming a chartered Health & Safety Practitioner. You may apply for Graduate membership of the Institution of Occupational Safety and Health (IOSH) and full membership of the International Institute of Risk and Safety Management (IIRSM).
• It will provide you with a core of knowledge that is transferable across different occupational sectors around the globe.
• As an internationally recognised qualification, you can sit your exams anywhere in the world (don’t forget you have up to 5 years to complete them!)
• Last but by no means the least – there were 48 workplace fatalities reported in 2012 – many of which were preventable. This figure dropped from 54 in 2011and while the figure is heading in the right direction, – the Minister for Jobs, Enterprise and Innovation, Richard Bruton TD noted that ““Every workplace fatality is avoidable and represents a terrible tragedy for a family and a community, and combating workplace fatalities and injuries still represents a huge challenge for both the HSA and employers”.

________________________________________

Interested in taking the next step?

View a full course brochure here – or if you have any queries you can contact Eilish on 061 339040 or email ecummins@sqt.ie.

________________________________________

Coming Soon…

NEBOSH International Certificate in Fire Safety & Risk Management

and

NEBOSH Certificate in Environmental Management

Email us to register your interest

Setting calibration intervals is probably the most important decision to be made by those personnel with responsibility for the calibration system; the length of interval will influence the effectiveness of the calibration operations, and will have a considerable effect on the cost of the calibration process.

When I ask people about the sources of information used to make decisions on their calibration intervals, I get a variety of answers, including some which must be seriously questioned as to their validity and usefulness, such as:

“Our calibration vendor puts a sticker on the instrument with the next due calibration date, and we go by that”, or

“The instrument manufacturer calibrates for us, and we go on their recommendation”, or

“The auditor has pushed us to increase the interval”.

I am not saying you should ignore these sources of advice. However, with the possible and rare exception of the manufacturer of very specialised and unique measuring instruments, these external agencies are not in any position to advise you, and especially not to dictate to you, on your calibration intervals.

The intervals should be based on internal sources of information such as calibration histories, frequency and type of use of the instrument, the technical experience of your own company personnel, etc. This information is not generally available to the external agencies mentioned above, so they are not in a position to specify your calibration intervals.

Learn more about the setting of calibration intervals by attending our Calibration training course. The next scheduled date is 12th March in Dublin.