ASQ CQA – 5. Quality Tools and Techniques Part 13

32. 5F Configuration Management

Application management. There is an ISO standard which is 10,007. And this is quality management system guidelines for configuration management. And what is the purpose of this standard? This standard assists organization in applying configuration management for technical and administrative direction over the life cycle of a product. So here what we are doing is we are considering the whole life cycle of the product product.

And what confliction management does is the confliction management is used to meet the product identification and traceability requirements as identified in the International Standard or 9001. So 9001 has some requirements related to identification and traceability. Those requirements could be met through the configuration management which is described in 10,007 standard. Let’s talk about what configuration is, what configuration management is, how that is applied. So let’s briefly look at these aspects. Let’s start with what is configuration.

So configuration is a functional and physical characteristics of existing or planned hardware, firmware, software or a combination thereof. So whatever hardware, software or the product which you have, this is basically the functional and physical characteristics as set forth in the technical documentation and ultimately achieved in the product.

So here there are two things whatever is in the documentation and whatever is achieved. Basically the configuration management connects these things, what you have in the documentation and what you actually have in the product. So, after talking about the definition of configuration, now let’s look at the definition of configuration management. So the configuration management is the process of systematically handling changes to a system in a way that it maintains integrity over time over the life cycle of the product.

So here you want to make sure that whatever you have in the drawing and whatever you have in the product is maintained throughout the life cycle of the product. And below here is 10,007 2017 definition of configuration management. I will just read this definition. This definition says that configuration management is the coordinated activities to direct and control the interrelated functions and physical characteristics of a product as defined in the requirements for product design, realization, verification, operation and support.

This is slightly complex definition, but let’s understand configuration management in slightly simpler terms which is given above, that this is a process to handle changes to the system which maintains integrity over time over the life cycle of the product. So understanding this in a slightly simpler term would be that the computation management provides the documentation that describes what is being produced and what has been produced and what modification has been done when this was produced.

So basically this keeps track of all the changes. You make changes to the drawing, then you make sure that those changes are used for producing the item. If some changes have been made in the product, then those changes are again translated back to the drawings. So this is basically conflict management. And now if we look at ISO 10,007, there are four key steps in configuration management and we will not go into details of these. So four steps in configuration management are configuration identification, change control, configuration status accounting, and configuration audit. But let’s understand the change control part in a little bit more detail, in simpler terms. So let’s say if you are making a product which has three pieces, three parts. So here is my product. This has three parts ga, GB and GC. So let’s say these are three pieces Ga, and then the red one is GB, and let’s say the green one is GC. So these are three parts. Now, for each of these parts, there will be drawings which will have details related to these parts. Let’s say the part Ga has rev zero. Part GB has rev one.

Some changes were made. So GB part has reached revision one, and there were a lot of changes made to part C. So the part GC has reached to rev seven. Together, all these things make a product, and this product is rev, let’s say A. Now, if we make a change to one of these parts, let’s say my part number B gets revised. Let’s say the dimension get shortened here because of some reason, we make this part GB slightly shorter. So now my new product will be something like this, which is my part Ga, which is still in rev zero, my part GB, which is now slightly shorter. Now this has reached rev two instead of rep one. And I have part GC, which is green, which is still at rev seven. Note together these things will be called as rev B. So you not only change the revision to the part, but but the revision of the whole assembly also changes because one of the parts have been changed. So this is how you make change control in configuration management.

33. 5G Verification and Validation

Let’s start with the definitions first. So here is the definition of verification as defined in ISO 9000 2015. So standard 9000 is the one which basically provides all the definitions related to quality. So in that verification is defined as confirmation through the provision of objective evidences that the specified requirements have been fulfilled. So when you are designing a product, let’s say you are designing a chair, let’s say you are designing the mouse or whatever you are designing, in that what you want to do in verification is confirm that the specified requirements have been fulfilled in the design. So this is verification. So in verification, once again what you are doing is you are looking to see whether the requirements have been fulfilled in the design or not, whether the design has addressed all the requirements which this design was supposed to do as against verification. Now let’s look at the definition of validation.

Validation is defined as the confirmation through the provision of objective evidence that the requirements for a specified intended use or application has been fulfilled. So here you will see that focus is on intended use or application, whether the product is doing what it is supposed to do. So here what you’re doing is you are looking at the application part, not just looking whether the requirements have been met or not in the design. So in validation what you’re looking at is whether the product is good for the intended use or not. Let’s look at these two definitions side by side and that will help us in understanding the difference between these two. So here I have the definition of verification and validation which we talked earlier. So if we look at this that these are confirmation through provision of objective evidences, this is also through the provision of objective evidences. So both verification and validation look at the objective evidences.

But what objective evidence is when it comes to verification it is focused on whether the specified requirements have been fulfilled or not. But when it comes to validation here the requirements for the specified intended use or application have been fulfilled or not. The key difference here is that verification is typically internal process during the design stage when the design team or an independent person verifies checks the document. This is verification, this is an internal process. Whereas when it comes to validation, validation is typically an external process where you validate the product, whether the product actually meets the requirement. So let’s say if you are validating this mouse, what you will do is you will give this mouse to, let’s say ten people, 20 people. Let them use that and take feedback from them whether this mouse is performing as intended or not. If you are making a big project, let’s say the Finery or Power project, let’s say the Power project was supposed to make 210 MW.

In validation you actually see whether the power plant is actually producing 210 MW or not. What is the energy consumption, how much water it is taking. So all those things become the part of validation where you actually validate. So now how do we do this? Verification is generally done by checking documents, codes and design. So basically this is more of a checking process. Whereas validation involves testing and validating the final product. As I already told you, in case of power project, you actually run the plant and see how much water consumption is there, what is the emission, how much power our business is producing and so on. That will be the validation.

34. 5H Risk Management Tools

Risk management there is a five step process so we will go through all those five steps. This will be the part one of risk management tools. In part two we will talk about FMEA. FMEA is failure mode and effects analysis. Then in addition to FMEA we will talk about P FMEA and in that the P is for the process and then D FMEA and D here means the design so the process FMEA and the design FMEA. Then we will talk about hazard analysis and critical control points HACCP and then the last item in risk management tools will be the critical to quality analysis. Let’s start with the part one of the risk management tools which is understanding and managing risks. This particular item will also be covered in number of videos so in the first video we will talk about the definitions part and then in next few videos we will talk about the five steps approach to managing risks. The first definition is the definition of risk and this definition is as for ISO 9000 2015 this definition is quite a simple definition risk is effect of uncertainties. So when we talk of risk we need to talk of uncertainties unpredictability. Another important thing in risk is risk could be positive or negative.

Most of the time when we talk of risk we talk of negative, we talk of risk of failure, we talk of risk of not meeting customer requirements but then the risk could be positive as well if you just look at the definition of risk, definition is effect of uncertainties. Uncertainties could lead to a positive effect or the negative effect. When you look at a risk, look at the risk from two points of view one is the probability or the likelihood of that risk and second is the consequences of the risk. Some of the risk might have low probability of happening but have high or the significant consequences but then there could be some risk which have a high likelihood of happening but the impact might be minimum. So you need to evaluate risk based on these two criteria the likelihood or the probability and the consequences or the impact of the risk. We will talk about these two things later on when we look at the five step process of managing risk. And as I earlier said most of the times when we talk of risk we think of negative consequences but then risk also includes the positive consequences as well. And here is the next definition which is the definition of opportunity.

So when a risk which leads to positive consequences that risk is called as opportunity so opportunity is a positive risk. So when we talk of the negative risk what we might want to do is we might want to avoid that risk, we might want to address that risk so that that risk doesn’t impact our process or our target. But then when it comes to opportunity, an opportunity is the positive risk. So when it comes to opportunity, we want to take the maximum benefit of that positive risk or the opportunity coming to the next definition, which is the definition of issue. As we earlier talked, risk is related to a future event which is unpredictable, which is yet to happen. On the other hand, if something has already happened, then we don’t call that as a risk, we call that as an issue. So after talking about these three definitions, the definition of risk, the definition of opportunity and definition of issue, now let’s understand, why do we need to take risk? Why can’t we just avoid risk?

The fact is you cannot avoid risk. Risk is everywhere you go from home to office there is a risk, risk of accident, risk of getting delayed, and if you don’t go to office, you just stay in home. There is a risk of earthquake, there is risk of anything happening in the house. So risk is everywhere. But then you need to manage those risks. If you don’t take risks, you don’t get rewarded. So if you don’t go to office, you don’t get paid. So risk and rewards are associated together. So you need to take some risk to get rewarded. Most of the time it is assumed that more risk you take, more reward you get. But then that might not be true always. So you might be taking unnecessary risk which will only lead to losses and you might not get rewarded for those stupid risks which you might want to take. So risk is not always related with the reward. So you need to manage risk so that you take the right risks which could lead to the reward, the proper reward.

So in general what you want to do is you want to balance risk and reward. So you want to take less risk and you want to get more reward for those risks. So after understanding that, why do we take risk? And of course we have to take risk, if we are doing business or even in our personal life, we have to take risk. Now the next definition here is the definition of risk management. The definition of risk was quite simple, but if you look at the definition of risk management, this is quite complicated. So first thing what I will do is I will just read this definition and then on the next slide I will break this definition into number of pieces so that you will be able to understand this definition much better. Let’s read the definition of risk management. So risk management is the identification, assessment and prioritization of risks, positive or negative, followed by coordinated and economical application of resources to minimize, monitor and control the probability and or impact of unfortunate events or to maximize the realization of opportunities. Looks quite complicated.

So you know what, let’s break this into number of pieces. So here is that same definition which I have split into number of pieces. So what we want to do in risk management is we want to identify risks. What you want to do is identify what are the risks associated with the activity which you are doing. And then what you want to do is assessment of risk. You assess those risks and when I say assess the risk, you assess the risk based on two criteria the probability of happening, the risk and the impact or the consequences of the risk. And then based on this, you prioritize those risks. So you take those risks which have less likelihood of happening and there are less severe consequences of that and you sort of avoid those type of risks which are more likely to happen and have significant impact.

So based on the likelihood and the consequences, you prioritize those risks. So once you have prioritized the risk, the next thing which you do is you put resources on that and what fore you put those resources you put those resources for minimizing monitoring and controlling the negative risks. So whatever risk which could lead to negative consequences, you want to minimize those, you want to monitor those risks and you want to control those risks. And when I say minimize, monitor and control you keep in mind that you are looking at the probability and the impact, both of these things. So this was for the negative risk. On the other hand, if the risk is positive, then what you want to do is you want to maximize the realization of the opportunity using the resources which you have put. So this is the definition of risk.