Issues Related to Quality Insurance — The Regs

The International Organization for Standardization develops and publishes the International Standards including ISO 9000, which are the top documents in use worldwide and include definitions of terms.

ISO 9000 uses the following definitions:

1) Quality: the degree to which a set of inherent characteristics of a product or service fulfils requirements.
2) Quality management system (QMS): management system to direct and control an organization with regard to quality.
3) Quality assurance (QA): part of quality management focused on providing confidence that quality requirements will be fulfilled.
4) Quality control (QC): part of quality management focused on fulfilling quality requirements.
5) Quality manual: the document that provides consistent information, both internally and externally, about the organization’s quality management system.

Although the meanings of the above may be clear, please consider the following additional information:
1) Quality is not another word for “good.” It is merely a measure of conformity. With AMOs, quality measurement is a fork with two tines: one, the measurement of service quality and, two, the measurement of product quality. Both of these can be measured against standards.

2) A quality management system (QMS) includes all of the company rules, policies, procedures and “the way things are done” to manage a company; everything from the top quality policy to sweeping the floor.

3) A quality assurance (QA) program includes an internal audit and how to deal with “findings.” Also included are non-conformance reports (NCRs) that many companies utilize to record periodic quality non-conformities.

4) Quality control (QC) includes mandatory tasks that need to be performed and recorded to get the product out the door. Prime examples of this are inspection check lists and unscheduled maintenance work cards that need sign-off.

5) Seldom do maintenance policy manual (MPMs) meet the above definition of a quality manual. All MPMs, maintenance control manuals (MCMs) and other manuals required by the Canadian aviation regulations (CARs) have been written to get Transport Canada approval. This has meant pleasing a TC Inspector, which I will elaborate on later. It also has meant that almost every company is in “non-compliance” with its manual in some way. I say “almost” because I have not seen every company out there. More companies are adopting additional manuals of detailed procedures that can address everything in the QMS to the degree necessary in order to guide employees on compliance. The added benefit of a detailed procedures manual is that it provides a standard for audits.

•    CAR 573.10 requires a quality manual, therein referred to as a “maintenance policy manual” or MPM (MCM in CAR 706). CAR 573 enables standard 573.10, item (m), which requires a detailed description of the quality assurance program required by section 573.09 of the CARs.

•    CAR 573.09 and Standard 573.09 contain numerous requirements, most of which ought to be self-explanatory and some of which I elaborate on below:

1) audits conducted at intervals set out in the MPM:
I have seen intervals ranging from six months to three years, but one year is the most common and most easily managed. Twelve months with a plus or minus window of one month allows auditing based on a repetitive cycle.

2) checklists of all activities controlled by the MPM:
Checklists are a guide to controlling the audit progress. They need to clear with each item on the list referencing the requirement. They need to be worded in such a way as to remove the need to have that referenced requirement in hand and still be understandable. I recommend that you extend your checklist to embody other guidance documents including CARs, company procedures, contract requirements and any other written requirement that you want to maintain compliance with.

3) a record of each occurrence of compliance or non-compliance with the MPM:
Although this only mentions the MPM, you ought to record all activities or occurrences that are in non-conformance with any requirement of your company. That gives you the tool that makes you better and better over time.

4) procedures for ensuring that each finding of an audit is communicated to them (the PRM):
Because the PRM is the person held responsible for resolution of these findings, a record of this communication needs to be created to be able to show compliance.

5)  findings resulting from the quality assurance program are distributed to the appropriate manager for corrective action and follow-up in accordance with the policies and procedures specified in the maintenance policy manual (MPM):

This is an important detail to note. The person in charge of the area of non-conformance is given the job of resolving the issue to the satisfaction of the PRM who still has overall responsibility. Note that the manager also needs to do the follow-up inspection. Often these tasks are dumped on the quality assurance personnel, which is wrong and usually leads to conflict.

6)  follow-up procedures for ensuring that corrective actions are effective:
This procedure needs to be flexible enough to allow variable time periods for the follow-up inspection. If the non-conformity occurred one or two times each year then you need to allow sufficient time for it to have the opportunity of re-occurring and to allow the related personnel to forget about the corrective action. This may range from a month to the day before the next audit; whatever you think is effective.

7) a system for recording the findings of initial and periodic audits, corrective actions and follow-ups:
The record for this is often the “Non-Conformance Finding” (NCF) form similar to TC’s documents. Some larger companies also have “Non-Conformance Reports” (NCR) which immediately report operational problems. To avoid confusion, you might refer to this NCF as an “Audit Finding.” I like that.

8) The duties related to the quality assurance program that involve specific tasks or activities within an AMO’s activities shall be fulfilled by persons who are not responsible for carrying out those tasks or activities; this refers to the auditor. Large companies usually have dedicated auditors. Small companies can achieve this in a variety of ways such as having a person in one area such as stores audit the other parts of the company, have a customer do the audit or hire a consultant (advertisement). You can have your dear old granny do it while she is serving tea. The very smallest one-person companies are exempted from this requirement.

9) The records required … shall be retained for the greater of … two audit cycles … and two years:
Every company I have seen keeps records as long as living memory goes back to protect against lawsuits. This can also assist your customers to rebuild lost technical records.
10) The audits … may be conducted on a progressive or segmented basis, provided that the entire organization is audited within the applicable interval; some companies have been on an all-inclusive, once-per-year audit and want to move to a segmented or progressive audit. To do that, they need to schedule the new program segments to start immediately after the big audit and conclude within the approved time period. Thereafter, each area needs to be audited with that period in mind ensuring that each area is done within the timeframe.

That’s all that is required by the regulations. Companies are usually intimidated by including other activities into MPMs. These actions often include separating corrective actions into short term and long term corrective/preventive actions. These actions are included in the TC Program Validation Inspection NCF forms. This is path by which the anonymous TC management in the Tower have imposed additional beatings including “Root Cause Analysis” and numerous other whims.

Too often, quality management systems, as described in MPMs, are a mess of additional requirements and end up being a problem. As I have stated before, many of these manuals are written to please the CASIs tasked with approving them. If you had an inspector that wanted to manage your company, your manual probably does not “direct and control” your organization as per the above ISO definition.

Your quality assurance program ought to measure your organization’s quality and provide that measurement to senior management. To be useful, each of the characteristics needs to be measurable in such a way as to be able to audit it. You need some standard to measure it against to be able to determine the degree of conformance. To find that measurable standard you ought to be able to refer to your quality manual or in one of the sub-tier documents such as a procedure.

That’s it for now. Next issue, I will look at further examples of the minister trying to avoid responsibility for aviation safety. We will also examine one ongoing and absurd example of the minister’s mandarins’ obsessive persecution of a private pilot who forgot his journey log. Until next time, be good.

Please be aware that I am not a lawyer or legal expert. What I write in my column is not legal advice or legal opinion. If you face a legal issue, you must get specific legal advice from a lawyer and preferably one with experience in the aviation matters in your own country.