7.1.3 Infrastructure
Boy oh boy! Last week really got people talking. “People talking about people” is always exciting. Many of you made the point that the most important resource is always the people, without whom none of the other resources are relevant. I couldn’t agree more. There was also some debate about how organizations (and the standard) should address “people as a resource”. Much of the discussion last week was about terminology and semantics. And because of that, it makes getting to the nitty gritty of the issue very difficult. If we can’t agree how people should be classified in an organizational discussion, (“calling people a ‘resource’ diminishes their value”), getting deeper into the subject is challenging. Even (DIS) ISO9001:2015 hasn’t gotten the language (or even the organization of their thoughts, in my opinion) straightened out.
Having fumbled our way through the first reference to “People”, the next two sections are more straightforward. The notes are helpful as well. Sometimes the standard doesn’t indicate the requirements very clearly. In this case, however, it defines “infrastructure” and and even gives examples in the notes for clarification. (Stayed tuned next week when those helpful notes set a real snare on the subject of “environment” when they refer to the organization’s “social” and “psychological” environment). But this week, we’ll focus on “7.1.3 infrastructure”. It reads as follows:
The organization shall determine, provide and maintain the infrastructure for the operation of its processes to achieve conformity of products and services.
NOTE: infrastructure can include:
a) buildings and associated utilities;
b) equipment including hardware and software;
c) transportation;
d) information and communication technology
The only relevant shall is that we must “determine, provide and maintain” that which is necessary to make conforming products (or services). Pretty simple. Compliance to this requirement would require evidence that the organization has, in fact, “determined”, and then continues to “provide and maintain” the required infrastructure. (I’m not suggesting this be a document – consensus among those interviewed will suffice. This also assumes there is consensus that the infrastructure is reliable based on its maintenance.)
The notes to support this area also specifically identify the types of infrastructure that might be considered (and these are the areas an auditor might look at):
a) buildings and associated utilities – is the building and equipment suitable? For example, if you are manufacturing metal stampings or storing metal products, a leaky roof, non-enclosed travel paths between buildings, etc may not be suitable to ensure you can consistently provide conforming products (if “rust free” is a requirement). Water treatment services, beyond public water/sewer may be required to ensure regulatory compliance where processes produce waste water unsuitable for discharge into the sewer, etc. This should be the focus of consideration for buildings and associated utilities. Some auditors may inquire as to contingency plans to ensure your infrastructure is maintained. Most organizations have at least a basic contingency plan either for compliance or customer assurance.
b) equipment including hardware and software – this is pretty obvious that the organization must have the proper equipment, however the addition of the “hardware and software” wording has given pause to quite a few both in the 2008 version and in this one. The intent is that the organization understand their equipment, but also maintain and upgrade as appropriate, the related software. This may be specific to a piece of manufacturing equipment within the building, a measuring system or device in the lab, or it may also be the organization’s ability to meet the customers’ needs with regard to communication (such as being able to send/receive design files, programs for programmable machinery, etc). This comes up again in item d). And the expectation is that someone knows the status of these items and has a plan to maintain them.
c) transportation – again, this is pretty obvious. If product must be maintained at a certain temperature, for example, the proper fleet (either internal or by an external provider) must be maintained. If a certain number of trips is required to provide just-in-time delivery, a scheduling process must be maintained, etc. And there should be a contingency plan in the event of service interruption.
d) information and communication technology – customer requirements often specify their preferred method of communication and order processing, and the organization must be able to meet their criteria (ie – electronic purchase orders & acknowledgements, advance ship notices, electronic billing, etc).
This week, we were fairly well able to stay on topic the way the standard is constructed. However, next week may be a different story. It should be fun as we discuss “environment for operation of processes” which starts out clear and then takes a crazy foray into the absurd with the standard including the provision of a “social” and “psychological” environment suitable for processes.
THIS WEEK’S HOMEWORK
Take a moment to consider how your organization “determines, provides and maintains” the four bullet items above. Does your organization have evidence suitable for audit? Again, this needn’t be a document, necessarily, but is there a person or persons with responsibility for this activity? And will it be evident that these considerations have indeed been made and that the proper buildings, equipment, transportation, information and communication technology are being provided and maintained?
