The assessment is over, you have ushered the audit team out the door, and you already know how you’re going to fix most of those niggly things they brought up. The assessment team was very constructive. It’s going to feel great to get all of these NATA requirements ticked off, right?
Nonetheless, you don’t understand why the issues raised are important enough to go in the report. With only four weeks to provide your response, there’s no time to look into it further, so the “Just Do It” approach ensues. You get the assessment report and hold a meeting to decide who will do what, including all the observations and recommendations. Great work – you’ll have everything fixed and your reply to NATA post haste.
Can I say, hold your horses!
Is it essential to get the response to NATA absolutely on time? What about the other risks? The real threat to your business presented by the issues the audit team identified? The risk of wasting time and money on interventions for trivial problems? The possibility of the same issue coming up in future assessments, which can threaten your accreditation and your reputation?
Ditch the “get it over and done with” approach.
Now is the time to slow down and take a quality improvement approach (remember Plan Do Check Act?) to each of the issues raised by the auditors. Here’s my step-by-step process to address these findings so that hopefully they never come back to haunt you again, saving you time and money in the long run.
1. Understand the real problem
Study what NATA wrote carefully. Make sure you have understood exactly what the auditors found and why they think it is wrong. Go and look at what they saw if you haven’t seen it yet. Don’t rely on second-hand reports.
Look up the clause of the standard the report refers to and refresh yourself on the requirements. If you still aren’t sure what the problem was, phone up the NATA lead auditor to ask for more context.
You should be able to say what the thing is that has gone wrong (or could go wrong) and be clear about what requirements relate to it. If not, you need more information.
For example, NATA finds a staff member working in section B and their manager has not signed them off as competent in section B. You have two issues to consider – the staff member may not have been trained for section B. The second is that they received training, but you have no evidence of this. The first scenario is more concerning. Your investigation should establish what training the staff member has had and consider the risk presented if that training was not complete. Your corrective action will be very different for the two scenarios.
Whether you have accreditation to ISO 17025, ISO 15189, GLP or ISO 9001 standards, the standards ask you to ensure that you have trained, qualified and competent staff members doing the job. The training or competency record is a tool for management and other staff members to plan (training programs, rosters, recruitment drives, etc.).
2. Investigate further
Check other staff, projects, samples, invoices to see how widespread that problem is. Record this information, including dates and reference numbers. If the problem turns out to be more widespread than you thought it was, you will need this data as a benchmark.
3. Assess the risk
Assess the risk the issue poses to your business – an informal assessment is enough. Consider how often the problem occurs and how severe the consequences might be. Then consider the controls that are already in place and how they reduce the risk. There’s a whole Australian Standard on this if you want to formalise your process of risk assessment.
In this case, the risk is that a person without adequate training works in section B and produces invalid results. The seriousness of this issue depends on the nature of the work, how much supervision is in place, how structured it is and how much impact it could have on your test results. Check how many other training records are out of date.
4. Planning corrective action
If it is a minor issue with little or no impact on your business, you can decide no corrective action is needed. It is your decision, but explain your reasons clearly to NATA (using your risk assessment), or they may reject your response.
However, even minor issues can become big ones if they come up again at future NATA assessments. Do not be complacent about addressing minor issues.
If you have assessed the risk as medium or high, you need to plan and implement corrective action. Identify all the reasons why it is going wrong and prioritise these. Use brainstorming to come up with ways to prevent it from happening.
Decide which actions are worth taking and implement them according to the change management practices in your organisation. You will probably have sent a reply to the lead auditor by this stage, but this is not the time to sit back and forget about NATA non-conformances.
Once the changes have been in place for a while (say, 3-4 months), assess how effective they are. The data from your original investigation will be helpful at this point, as it enables you to demonstrate improvement.
If the corrective action has been effective and is not costing too much (time, money) to implement, then this is when you should update your procedures and standardise the new steps in your process. However, if it has not been effective, you may need to go back and reconsider your corrective actions to find something more practical. We often need to accept our fixes will be good enough, not perfect.
5. Revisit the issue one last time
6 to 12 months or even two years later, take one last look at all the corrective actions from the NATA assessment. Are they still working? Do you think the problem identified was really a problem? How much time (and money) is going on papering over a non-issue or a more serious issue?
Sometimes NATA’s report inadvertently suggests how you should fix the issue, and you end up implementing that, rather than fixing the actual problem (if there is one). A great example is a lab that NATA advised to manage a form provided by a manufacturer by including its image within a word document in the document control template. The in-use forms were then printed independently and placed in the lab. They changed their system to comply and ended up with an uncontrolled form in the lab.
I’ve heard people say, “but we told NATA we were going to do this, so we have to keep doing it”. This is not an argument for keeping an inefficient or wasteful process in place. Management of any organisation has the right to decide that something is no longer a problem, that they will bear the risk, or that they will investigate further when control measures have been ineffective. If you decide to adopt specific NATA recommendations, make sure you understand the risk they are trying to control. Otherwise, you cannot determine if it is working or not.
If you want assistance to follow up on an assessment report or plan for your next reassessment, contact us to discuss your requirements.