ISO-IRIS

Subtitle

IRIS information from circa 2008 - (note - this version is obsolete - see opening paragraphs)

A Summation of IRIS requirements (not up to date) for resource purposes. IRIS information is hard to come by, with restricted access to any information of any depth, so essentially one must join the consortium to obtain this information.

NOTE - This posting DOES NOT include the standard itself, which is only available to members through the IRIS supplier portal. This information is simply a commentary on the standards clauses.

This information applied to the version concurrent with ISO 9001:2008.  A recent newsletter from IRIS HQ indicates that there will be sweeping changes to IRIS in response to the latest 9000:2015 release, although strangely IRIS has in the past stated that it was an addition to ISO 9001, then claimed ISO 9001 would no longer be a prerequisite to IRIS as it wasn’t proscriptive enough.Now it seems to have reverted to the "add-on" scenario.


The latest newsletter (August 2015) states that “ IRIS becomes ISO Norm”…”UNIFE has decided that the IRIS standard should become as ISO standard similar to other industries already done so”..(sic)


I suspect that with the increased generalization of the 2015 version, the new IRIS standard will become even more proscriptive than before.

The following is information I received from inquiring into IRIS in 2010. It is offered under Fair Use as the following conditions apply –

  1. It is now obsolete with the introduction of the newest version of IRIS
  2. It is made available to advance understanding of ecological, moral, and scientific issues
  3. It is distributed without profit to those who have expressed prior interest
  4. It is for research and educational purposes

 

FAIR USE NOTICE: These page may contain copyrighted (©) material the use of which has not always been specifically authorized by the copyright owner. Such material is made available to advance understanding of ecological, political, human rights, economic, democratic, scientific, moral, ethical, and social justice issues, etc. It is believed that this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, this material is distributed without profit to those who have expressed a prior general interest in receiving similar information for research and educational purposes.

 

(The following information is from an unknown and undetermined source. It reads like a presentation/training handout, although this may be simply the way it was translated, much of this information comes in German.)


You already know and understand the requirements of ISO 9001 for process-based quality

management systems

You need to understand the terms in the context of the International Railway Industry

Standard (IRIS)

You need to understand the additional requirements specified in clauses O to 4 of IRIS for

process-based business management systems

You need to know what is required in terms of additional processes, controls and documents

for conformity to IRIS requirements


 

The purposes of the International Railway Industry Standard are many.

~lt is a global standard for the rail industry that is based on ISO 9001

-It expects to result in cost reduction (better value)

-It expects to result in effective business processes (that is they fulfill their

objectives)

~lt expects to result in efficient business processes (that is they deliver more

with fewer inputs)

-...lRlS applies regardless of role in supply chain

'...lRlS will eliminate multiple audits

-The standard includes the IRIS certification rules including up to 12

applicable knock-out questions (failing a knock-out question would stop an

auditor's recommendation for certification — see Annex 4)

-Applicable knock-out IRIS requirements are a prerequisite for IRIS

certification

The preliminary requirements of IRIS lay out rules for interpreting the

standard:

-Where IRIS specifies use of a process it shall be documented and

controlled by key performance indicators (see 4A1C)

~All processes are to be integrated into the organization's business

management system (in line with our eLearning for developing and

documenting a management system)

-The system must result in conformity with Euro Norm (EN) 50126 (for

hardware reliability) and EN 50128 and 50129 (for communications and

signaling software reliability) remain the primary standards if they contradict

IRIS requirements —

-The terms, definitions and abbreviations from Annex 5 and Annex 7 apply

throughout the IRIS standard

-For Reliability, Availability , Maintainability and Safety (RAMS) refer to IRIS

requirements specified in clause 7.11

IRIS includes guidelines and these are to be interpreted as follows:

-“Should” is not mandatory but organization may consider it necessary to

take its management system to the next level of maturity or performance

-IRIS recommends the business management system also conforms with

ISO 14001 and BS OHSAS 18001 for environmental management and

health and safety management

IRIS uses terms with specific meanings as described here:

“Abnormal Work" is out of scope work or parts required to attain acceptance

(probably subject to a contract change)

“Consignment Stock” describes replacement parts as listed, stored and

maintained

“Critical Product" has the potential to introduce risks that threaten health,

safety or business performance

“Criticality" is a rating of how much risk is attached to the failure of a Critical

Product

“Component” is a sub-device above the integration level of the smallest

exchangeable unit of a system

Engineering Change is a new or revised standards, product designs,

processes, procedures, suppliers that have the potential to impact health,

safety or business performance (change control is covered by 7.3.7 and

4.2.3b)

First Article Inspection (FAI) describes verification and documentation of

an item representing the first production run of new or upgraded product or

validation of one-off items or software

Key Performance Indicator (KPI) is used to measure the performance of a

process

Multidisciplinary approach describes all needed specialists for a project

working as one team

Outsourcing is a temporary delegation of a product realization process or

processes

Project is a temporary endeavor to create a unique product or outcome

Quality deficiency costs means all costs that result from product not being

produced right the first time

...other more familiar terms are defined in Annex 5 and ISO 9000

Tender is a formal proposal to buy for specified product requirements to be

fulfilled at a quoted price (not in Annex 5)


-IRIS requires a business management system (to fulfill requirements

beyond a traditional quality management system)


-IRIS requires any outsourcing of processes or products to be governed by a

documented transfer (of responsibility) procedure including the following

controls:

-Feasibility study

-Risk analysis

-Planning

-Communication to customer

-First article inspections


-IRIS requires the management system to include a product life cycle cost

management process


-IRIS requires the management system to include a project cost

management process

-...and please note that IRIS requires key performance indicators for certain

processes (see 4.1c and Annex 3)


IRIS specifies more documentation in the business management system:

-Including any documents imposed by regulators


-Document the processes specified by IRIS (per 4.2.1c)

-Including the safety policy statement

-Including the safety objectives

-...personnel must have access to and awareness of the relevant

procedures

'Provide access to business management system documents to:

-Customers, and

-Regulators.

-Show the relationship between the documented procedures (in the business

management system) and the IRIS in the Quality Manual (see 4.2.2)

~Extend scope to include all sites involved with projects (see 4.4)

In controlling documents, IRIS additionally requires the organization to:

-Show effective management and control of all documents pertaining to its

products

-Name personnel who authorize and review system and product related

documents (and are competent)

-Review of the impact of requirements specified in external documents on

the supply of product

-Provide traceability to customer requirements throughout the supply chain

for:

-Design

-Manufacturing

-Field support

-Identify, describe and communicate customer interfaces and communication

channels

'...and to record by date or serial number to signify when each change is

implemented


IRIS requires updating of the procedure for controlling records so it includes

the following additional controls:

-Approve the results recorded before their official release

-Make records available for review by, or release to:

-Customers

-Regulators

-...per the legal requirements


IRIS requires the organizations business management system to manage

knowledge (KM) as follows:

-Document best practices and continually update to improve processes and

products, such as:

-Design standards and design rules

-Lessons learned after projects

-Methods

-Manufacturing engineering standards

-Process and product nonconformities

-Feedback from the field

-Failure analysis

-...these are examples of knowledge to be managed by the system

-...KM should define and implement a process to identify, obtain, protect,

use and evaluate information, knowledge and technology (remember that

should is an optional requirement to achieve a higher maturity level or the

performance to be expected from a mature management system

For multi-site projects extend the documented business management

system to include other sites involved in projects, to cover:

- Each site’s scope of responsibility (see 4.2.2a)

- Internal operational interfaces and responsibilities (procedures -

4.2.1c)

- Customer-related interfaces and responsibilities (7.1)

- Processes, procedures, documents and records applicable to

each site (7.1)

- Plan to fulfill customer requirements (7.1)

- Assurance of conformity to the IRIS (5.4.2 and then 8.2.2)

- Assess the efficiency of cross-site processes and improve as necessary

(please note that many processes are “cross-site" by their nature and key

performance indicators may be set and used to assess the efficiency of

these processes)

' ...also refer to clause 7.7 (Project Management) and consider the fact

that management systems are extended by way of their system planning

processes (per clause 5.4.2 for larger projects) and the quality planning

processes (per clause 7.1 for smaller projects)

 -IRIS requires effective and efficient business management systems

(comprising many more processes than is customary in quality management

systems)

 -Govern outsourcing with a documented transfer procedure to examine and

control feasibility, risk, planning, customer communications and first article

inspections (this is a knock-out requirement)

-Include documented safety policy and safety objectives

-Show the relationship between the documented procedures and the IRIS in

the Business System Manual

-Name those who authorize and review documents

-Ensure traceability of customer requirements throughout the supply chain

-Identify, describe and communicate customer interfaces and communication

channels

-Record implementation of changes by date/serial number

-Review and approve the results recorded before they are released officially

 Document for knowledge management and continually update to improve

processes and products

Extend the documented business management system to include other sites

involved in projects, to cover:

Each site's scope of responsibility

Internal operational interfaces and responsibilities

Customer-related interfaces and responsibilities

Processes, procedures, documents and records for each site

Plan to fulfill customer requirements

Assurance of conformity to the IRIS

Assess the efficiency of cross-site processes and improve as necessary

(KP|s may be set and used for this)


 Management Responsibility

...and Resource Management

IRIS specifies an additional policy requirement under customer focus

perhaps to further emphasize the change from quality to business

management system:

-Ensure the documented policy (business management systems include the

organization’s quality policy)...

 reflects the organization’s willingness to satisfy customer needs (see 5.2)

-Ensure the quality policy extends top management’s commitment to

customer satisfaction throughout the life of each project from receiving the

Note to Proceed...

...to the end of the warranty or to final customer approval (see 5.2)

 -Establish the Business Plan (with reviews at least annually) covering the

organizations scope of rail industry activities including:

-The organization’s mission and vision

-The organization's business objectives (see 5.4.1)

-The organization’s plan to reduce risks (see 5.4.2)

-The organization’s market strategy

-The organization’s product strategy including obsolescence (see

7.12)

-Any impact of changes in technology and legal requirements

-The organizations plans for developing new products and processes

(see 5.4.2)

-The organization’s make or buy strategy

-The organizations capacity (now and future)

-...and the organization is to support the fulfillment of its Business Plan with

its process for predicting, monitoring and controlling or managing costs (see

7.7.4)

With the documented quality objectives IRIS requires the following:

-Business objectives deployed to the processes (via KPls) or to functions

and levels...

-Plan for regular reviews at each level from system/organization to

project/department/process and down to each individual (see 6.2.2.4)

-Conduct the reviews per the plan (audit is not to be used as the review tool

so the reviews can be audited)

-Address customer expectations in the objectives

-Include dates for achievement of objectives

-...and should define and deploy a planning process to address external

trends and needs of interested parties

 - Identify customer interfaces and communication channels (see 7.2.3)

-Describe roles and responsibilities for all processes that:

-affect customer satisfaction

-Are validated (see 7.5.2)

-affect reliability, availability, maintainability or safety (RAMS)

'Insure employees know they are responsible for raising issues/deviations

to manager for action (see 8.2.3 and 5.5.3)

-Define who owns each process (many systems conforming to ISO 9001

already to this)

-Define the authority and responsibility of process owners (many systems

conforming to ISO 9001 already to this)

-Please note that the procedures can define the roles, authorities (can do)

and responsibilities (must do)


Additional IRIS requirements for the Management

Representative and the Customer Relationship Management (these

authorities and responsibilities could be assigned to the same person)...

Provide him or her the organizational freedom to:

'Resolve matters pertaining to quality

-Stop work if critical requirements are not met

Customer Relationship Management (see clause 5.5.4):

Appoint a member of management and define authorities and responsibilities

that include:

-Ensuring process needed to satisfy customers and their requirements are

in-place and maintained (per 5.5.2 a)

-Reporting to top management on the performance of these processes and

any need for improvement (per 5.5.2b)

'...and ensuring training for customer satisfaction and awareness of

customer satisfaction (per 6.2.2d)


IRIS specifies communication processes as follows:

-Policies (quality, safety etc, per 5.3d)

-Mission and Vision (see 5.3.1)

-Organizational performance (this report could come out of management

review)

-Customer related issues (see 7.2.3)

-...and issues and deviations (see 5.5.1)


IRIS specifies additional requirements for the management review process:

General:

-Review the system at least every 12 months

-Review the processes and projects before reviewing the system (so Top

Management can see how well their system supports its processes and

projects)

Additional Review Input:

'Key issues from previous project and process reviews

-Results of field-failure analyses including impact on quality, safety or the

environment

-KPI outcomes

-Customer on-time delivery performance

-Customer reported nonconformity

Additional Review Output:

-Any improvement plans for: customer satisfaction, integration of business

processes, KPI fulfillment and customer satisfaction

-Other suggested outputs include: performance of the organization and the

State of the System report (describing what the system does well and where

it will be improved)


IRIS specifies use of a documented procedure for managing resources:

-Plan the provision of resources including their:

-Identification (as in determination)

-Provision

-Monitoring

-Use documented procedure for providing the resources to fulfill current

order book and considering the mid-term (three months, say) and long-term

(12 months perhaps) order forecasts:

-Personnel (abilities, skills and knowledge)

-Equipment and facilities

~Purchased materials and components

-Outsourced materials and components


IRIS specifies many additional requirements for the management of human

resources:

6.2.1 General

Should define, use, measure and review HR processes including appraisals

to help identify training needs

Quality Management Systems usually include both recruiting and training

processes to provide competent people

6.2.2f Competence training and awareness

Ensure personnel are aware of how their work contributes to the

achievement of safety objectives

6.2.2.1 Product Design Skills

Identify the applicable design tools and techniques

Ensure designers are skilled in the tools and techniques

Provide competent designers (this is not additional)

6.2.2.2 Employee Motivation and Empowerment

Create and maintain a work environment to promote innovation (see 6.4)

and enable employees to motivate themselves to achieve objectives and to

continually improve (see 6.2.2d and 8.5.1)

IRIS requires use and improvement of a documented procedure for quality

and safety training:

-Identify learning needs for competence

-Include engineering changes and local regulatory requirements

-Plan training to fulfill learning needs

-Deploy organizational knowledge (see 4.3)

-Fulfill process and customer requirements

'ldentify quality and safety critical activities

-Maintain records of those able to complete critical activities

-Maintain and upgrade qualifications of such personnel

-Explain the consequences of nonconformity on the customer

-. . .and train temporary workers and induct or orient new employees

6.2.2.4 Regularly appraise performance against the individual and team

objectives linked to business objectives


lRlS specifies additional requirements of the organizations infrastructure

and work environment:

Infrastructure includes:

-Use of planned and predictive maintenance

-Packaging and preservation of tooling and equipment

-Availability of replacement parts for key equipment

-Setting objectives for maintenance and continual improving maintenance

Work environment:

-Define and use processes to ensure work environment complies with legal

requirements

-Minimize potential risks to health and safety of employees (see 7.3.2 and

7.5.1)

-Maintain premises in a state of order, cleanliness and repair consistent with

needs of product and production processes (the discipline of 5S delivers

this)


IRIS specifies requirements for a contingency plan or plans to reduce the

effects of:

-Utility interruptions,

-Supply chain disruptions

-Labor shortages

-Key equipment failures

-Field returns

-Any loss of leadership (succession planning)

 -The BMS must anticipate customer requirements so design translates

customer needs into product requirements

-Review the Business Plan (at least annually) and fulfill the plan with the

BMS via its objectives, KPls and processes

-Conduct the planned reviews at every level from company (system), its

processes and projects to each individual

-Objectives include customer expectations and the dates for their

achievement

'Name the customer relationship manager and include all processes in the

BMS that effect customers

-Validate processes that effect reliability, availability, maintainability or safety

-Ensure employees know they are responsible for raising issues and/or

deviations to manager for action

-Define who “owns” each process and the authority and responsibility of

process owners

 -Should define, use and manage processes such as those related to product

realization and customer satisfaction

IRIS requires determination of the internal costs related to each requirement

including:

- Costs from suppliers

- Costs of operating (based on experience)

- Also consider disposal costs

...this can facilitate risk management, value engineering and cost

management


IRIS suggests use of a change process including a Change Control Board


IRIS requires:

- Review by the disciplines involved in realization including project managers (and suppliers as

appropriate)

- Apply the review process to all stages before commitment to meet requirements: commitment

to id, submission of bids/proposals, forming contracts to supply, after sales services,

before accepting any changes to requirements

Reports issued to senior management in time for preventive (proactive) action:

- Progress (planned v. actual)

- Completion date

- Contingencies and mitigation plans

- Risk management progress and issues

- Follow-up of open issue list


IRIS requires use a process to ensure identified requirements are:

- Deployed from statutes and regulations (also see 8.2.1)

- Complete, clear and precise

- Unequivocal, verifiable and testable

- Maintainable and feasible

- Individually shown to comply (legal) or conform (non—legal)

- Negotiated/updated with impact on offer identified

- Evaluated and accounted for (including contract variations)

- Effectively liaised with customers and transferred so they are

understood, acknowledged and committed to (by every party involved)

- Manage and mitigate deficiencies identified in the reviews

- Identify and communicate the risks (including customer)

- ...and identified risks are monitored and mitigated


IRIS specifies additional requirements for communicating customer's requirements

to certain suppliers:

- Use effective arrangements for communicating all information related to the

delivery of the customer's contractual requirements down the value (supply)

stream.


IRIS suggests use of a process for internal and external communications:

- Organization should define and implement communications process (internal

and external)

 - Identify interested parties

- Define supply chain

- Identify topics

- Define authorities and responsibilities

- Define how new information is considered

- Define how significant information changes the management system's

policy, objectives and processes

 

IRIS repeats the requirements from clause 7.2.2 (pre-tender) for the review of the tender

itself:

-Multidisciplinary team (and appropriate suppliers) uses a process to develop and address

customer and regulatory requirements for the products and processes so:

-Each requirement complies or conforms

-Are negotiated/updated with impact on offer identified

-Risks are identified, controlled and validated

-Opportunities are identified, controlled and validated

-Feasibility of specifications is confirmed and recorded

~Responsibilities are effectively transferred (that means understood, acknowledged

and committed to by every party involved)

-Identify, control and validate risks and/or opportunities

-Establish the budget

-Approve the offer

~...also the organization measures the performance of its Tender Management using a Key

Performance indicator


IRIS requires use of a documented procedure for designing and developing

the product and any equipment used to manufacture the product, this

procedures includes the following controls:

-Measure performance of design process by use of a Key Performance

Indicator

-Apply the relevant EN standards as a design input

-Enable prevention of nonconformity in design, manufacture, installation,

use, maintenance and recycling of the products

~Design output includes documentation and training for the safe use and

maintenance of the product

-For IRIS scope 19 (signaling) the principles applied in developing high

integrity systems shall conform to applicable EN standards or agreed

equivalent

-Software design shall conform to EN 50128 or agreed equivalent

 please note that when applied to signaling and software design use of

the applicable standards is a “knockout" requirement

In keeping with its Project Management requirement (see clause 7.7), IRIS

requires the design plan to determine:

The sequence of tasks, mandatory steps, significant stages and

configuration control

According to complexity of design use the following planning approach:

1. Structure the design effort into significant elements (including

verifications at each level of detail (see 7.3.5)

2. For each element, determine tasks & necessary resources

3. Identify the person responsible for each task

4. Determine the design content, input data, constraints and

performance conditions for the product (additional?)

Apply design for the environment, design for maintainability and design for

safety as applicable and per the applicable requirements of EN 50126,

50128 and 50129


IRIS also suggests the organization should define and implement a

collaboration process and measure its efficiency


IRIS specifies essential design inputs for the rail industry:

'Consider Reliability, Availability, Maintainability and Safety (R.A.M.S.) as

input requirements to design of the product and manufacturing equipment

-Consider life cycle costing (LCC) as input requirements to design

-Determine and be aware of criticality of product and the function and risks

of product within the finished product or vehicle

'Apply design input controls to the adoption of any new technology or in the

development of new products (this is a knockout requirement)

-Integrate maintainability of signaling equipment as part of the design (see

7.5.1.5)

-Validate new designs before they are introduced to customer projects

(repeat of 7.3.6) - (this is a knock-out requirement)

IRIS specifies verifiable product design output for input to the design of production

processes:

-Specifications and Drawings (acceptance criteria)

-Information on materials (MSDS etc)

-Flowchart/layout of production process

-Control Plan (see 7.1c)

-Work Instructions (see 7.5.1b and 7.5.20)

-Process acceptance criteria (see Specs and Wis)

-Product acceptance criteria (see Specs and Drawings)

~Data for quality, measurements, reliability and maintainability (of manufacturing equipment)

-Results of error-prevention (FMEA)

-Results of error-proofing (for use in production design)

-,..and methods of rapid detection and feedback of nonconformity during production (or

before for input assemblies/materials)


Under IRIS, design reviews must also ensure the design and development

process:

-Specifies the design phases and the measurements to be applied and

reported to management reviews of design progress (really this is a design

planning 7.3.1 requirement)

'Specifies who is involved in each design review with consideration for

manufacturability, costs, RAMS, serviceability etc...

-Requires reviews (and verifications - see 7.3.5) of each level of design

detail

-Requires results of design reviews to be input to phase review

-Defines points at which design phases are reviewed and authorized to

proceed to the next phase

Design validation makes sure the design works in the actual conditions of

use, therefore IRIS specifies additional requirements:

'Validate designs for all identified operational conditions (freeze, thaw, bake

and shake etc...)

'Adopt validation methods specified by EN standards (both of these are

knockout requirements)

-Require use of a documented procedure for validation testing:

-Test objectives and conditions (for reproducibility)

-Configuration of product/prototypes for testing

-Method of testing and recording of results

-Test per the test plan and procedures

-Fulfill the specified testing criteria


lRlS specifies an additional requirement and makes one suggestion for

controlling design changes:

-Control design and development changes using a process:

-Including changes from deferred and abnormal work

-Should define and implement a design and development change process


'...also IRIS specifies an additional design control in 7.3.8 Design Approval

to apply special safety controls to signaling equipment as specified in EN

standards (a knock-out requirement)


IRIS requires the organization to use a documented procedure to control its

purchasing including:

~Suppliers use of 3rd party certified ISO 9001 systems, unless otherwise

specified by customer

'A register of approved suppliers and for what goods and services (incl.

verification) they are approved to supply

-Identify, assess and manage the risks of supply of critical items

-Use customer approved suppliers of special (7.5.2) processes

-Approval authority must also have authority to stop use of an approved

supplier

-Rank suppliers according to periodic reviews of supplier performance and

adjust purchasing controls accordingly

-Require recovery actions of suppliers not meeting requirements

-Ensure conformity of all goods and sen/ices received including those from

customer (see 7.5.4) and customer designated suppliers

-...and specify and use key performance indicators for purchasing

IRIS specifies additional requirements for the purchasing process to include

negotiation before accepting supplier's offer with due consideration for:

-Level of conformity with specifications

-Total cost including cost of doing business with the supply and the life-cycle

costs

-Previous performance in terms of quality/cost/timeliness


~lRlS specifies the content of purchase orders and subcontracts:

-Identity and issue (revision) of documents that specify requirements

-Appropriate details from the organization's quality plan

-Spec to verify conformity of goods and services (also First Article

Inspection)

-Rules for notification and dispositioning of nonconforming goods and

services

-Rights of access to records by customer and regulators

-Flow-down customer requirements to the supplier and their sub-suppliers

-Requirements for commissioning, warranty and spare parts


IRIS specifies additional requirements for verifying incoming products:

~ Ensure purchasing procedure specifies verification according to

organizations delegation of verification responsibilities (see 7.4.1 scope

and selection criteria):

- Obtain evidence of purchased product's conformity

- Review required documentation for acceptable evidence of

conformity (products and raw materials)

- Organization to conduct receipt inspection (extent is determined

by completeness of above verifications)

' Ensure Product Documentation is delivered (see 7.5.5)

~ Do not use product until it is known to conform unless released under

customer waiver

- ...and IRIS suggests organization should define and implement

verification process (we recommend selection of suppliers based on their

competence to verify their own systems, processes, products) IRIS

suggests use of “checklists and templates“ for pre-shipment verifications


IRIS adds a new section with requirements for supply chain management to

-Support ordering with information covering the entire supply chain

-Provide customer access to production information at the key stages in the

order-driven process

-Regularly communicate forecasts to suppliers so they manage their

capacity

'ldentify shortages in time to recover the delivery schedule

-...and ensure suppliers schedule their deliveries to fulfill purchasing

requirements


IRIS specifies additional production requirements:

~Verify conformity of production to the design outputs (see 7.3.3 acceptance

criteria)

-Maintain the controlled conditions for all shifts

-Account for all product during manufacturing, including:

-Parts

-Quantities (to avoid sale to gray market)

-Split Orders

-Nonconforming Product (to avoid sale to gray market)

-Maintain evidence (records) that all operations (manufacturing and

inspection) have been authorized and completed as planned

-Include process to control deferred (delayed) work and Abnormal Work (see

definition)

-Demonstrate due awareness of product criticality and mitigate risks for

critical products

-...and minimize potential health and safety risks for employees (also see

6.4)


IRIS adds a new subsection of production scheduling to:

'Support scheduling process with production information at key stages in the

process

-Identify bottlenecks in production and take action to improve the process

-Use customer forecasts and orders to plan production

-Schedule production and testing (short/mid/long-term) to fulfill customer

requirements

-...and measure capacity and adjust resources as necessary with due regard

for urgent orders and supply problems

Here we see IRIS re-stating requirements from 8.2.3 and 8.2.4 regarding

conformity of production and product to:

-Drawings

-Part Lists

-Flowcharted Procedures

-Inspection Procedures and Specifications

-Work Orders, Travelers, Routers or Process Cards

'Manufacturing Plans

-List of Tools

-List of numerical control machine programs and specific instructions for

their use

Changes to production processes are to be controlled per a process that:

-Identifies persons authorized to approve changes (see 5.5.1)

-Documents changes to production processes, equipment, tools and

programs (whether internal or contractual)

-Obtains acceptance of changes from customer (per contract) and from

regulator (per regulation)

'Reviews results of process change to confirm achievement of desired effect

without adverse affects to product conformity (see 8.2.3)

-...and maintains the record (date/serial number) of each change

implemented in production (see 7.13)


lRlS requires design and control of manufacturing equipment and tooling:

-Apply design and development to the manufacturing equipment, fixtures,

jigs and tools

-Use a documented procedure for providing conforming manufacturing

equipment and tools (see First Article Inspection clause 7.9)

-...and to periodically check to ensure equipment and tooling is stored per

specified requirements


IRIS makes the management of special processes a knock-out question:

~Manage “special processes” per organization‘s documented procedure(s)

and any contractual requirements

-Ensure personnel performing special processes are identified,

trained/competent and authorized

-Validate process before approval for production per the documented

procedure(s)

-Change and revalidate special processes per the documented procedure(s)

-...and please remember, a special process is where conformity of the

resulting product cannot be readily or economically verified


IRIS suggests measures for preserving product that remain a requirement in

ISO 9001:

'Organization should provide for the following in accordance with the product

specifications and applicable regulations:

-Cleaning

-Special handling for sensitive products (example, ESD)

-Marking and Labeling

-Shelf-life control and stock rotation (example, FIFO)

-Special handling for hazardous materials

-...and protect product documentation (also see 7.4.3) against loss and

deterioration


lRlS specifies additional more prescriptive requirements for the control of

measuring devices:

~List all of the devices that determine product quality, including employee

and customer-owned devices; using the following headings:

-Equipment Type

-Unique Identification

-Location

-Frequency of verification and verification method

-Acceptance Criteria (including due dates)

-Reference to the calibration methods

-Recall devices for calibration per defined process

-...and ensure ambient conditions are suitable for calibration, inspection and

testing (this repeats 6.4)


IRIS specifies extensive additional requirements for the project system within the

organization's corporate system:

-Develop and use a project management system or plan (see 7.1) or new product

development process:

-Describe key performance indicators, roles and responsibilities (see 5.5.1)

-Integrate relevant functions into one multidisciplinary team

~...and include the functions as necessary to address all applicable areas

(see list below):

7.7.1 integration Management

7.7.2 Scope Management

7.7.3 Time Management

7.7.4 Cost Management

7.7.5 Quality Management

7.7.6 Human Resources Management

7.7.7 Communication Management

7.7.8 Risk and Opportunity Management

7.7.9 Change Management

Details:

7.7.1 Integration Management:

-Ensure the product realization process integrates the work of the entire

project team and establishes the rules by which the team operates

throughout the project life cycle including change control

7.7.2 Scope Management:

-Identify the entire scope of work, subdivide into work packages, control and

verify the work to assure consistency and scope change control

7.7.3 Time Management:

-Identify the following to ensure timely completion:

-Deliverables and associated tasks

-lnterdependencies of tasks (including suppliers’)

-Sequence of tasks, resources, durations and milestones

~Critical path (chain of task durations = time to complete project)

-Regularly review and record progress against milestones

'Take counter-measures to avoid impact of any delay on customers (see

8.2.3)

-Obtain customer authorization before changing the schedule

-Manage long-lead items including those from suppliers

7.7.4 Cost Management:

-Use a key performance indicator and cost management process to:

-Plan all project related costs during the whole project life cycle

-Track the cost progress of each work package

-Estimate and report the cost of completion

-...and identify cost savings to pay for any cost over-runs

Project Quality Management to manage project deliverables is a knock-out

clause:

7.7.5 Quality Management:

-Associate each project deliverable with its process

-Establish the Key Performance Indicators for above processes

-Include the identification, clarification, fulfillment and control of each

deliverable

-Include design and process validation

-Include on-time delivery

-Manage suppliers within the Project

-Include customer approvals and handovers

-Review and record project progress at regular intervals throughout the life of

the project

-Review project phases and authorize progress to next phase

-Apply appropriate resources and tasks to overdue issues

7.7.6 Human Resources Management (see 6.2):

-Identify and assign the project roles

-Document the roles and responsibilities

-Identify the reporting relationships

-Acquire and assign appropriate human resources

'...and develop competencies to enhance project performance

7.7.7 Communication Management (see 5.5.3):

-Determine the needs of the project's stakeholders

-Communicate these needs to the project team

-Plan the communications from project team to fulfill needs

'lnclude the product specific requirements, defect reporting and rail industry

risks

-...and share project information per the plan (without undue delay)


The final lRlS project management requirement is for managing risks and

opportunities:


7.7.8 Risk and Opportunity Management:

-Identify the risks and opportunities

-Analyze and assess the risks and opportunities (quantitatively or objectively

and qualitatively or subjectively)

'Consider use of Strengths Weaknesses Opportunities Threats Analysis,

Failure Modes and Effects Analysis and other techniques

-Decide on the risk response (avoid, transfer, mitigate or accept)

-Earn the benefits of opportunities (using the plan>do>check>act cycle to

work systematically)

-Document and communicate to stakeholders (see 7.7.7)

~Demonstrate awareness of criticality, risks and risk mitigation

-Review and update risk assessment during the project

-...and apply the lessons learned throughout the organization

'...for further information on risk (and opportunity) management consult ISO

31000


lRlS specifies additional requirements for configuration management:

-Use a documented procedure to manage configuration appropriate to each

product on the critical products list

-List critical products and their components (including software) starting with

safety critical items

-Obtain customer approval of the list

'Maintain traceability of all items on the list during (design), production,

(installation) and operations

-Use the change management process (see 7.7.9) when managing

configuration

~...and configuration management is to include replacement products and

spare parts for the agreed life cycle (even when obsolescent — see 7.12)


IRIS specifies knock-out requirements for first article inspection:

-Use a KPI and process to plan, initiate and conduct first article inspection

-Use a documented procedure to specify first article inspection, verification

and record keeping requirements

-Verify the production process to ensure process conformity

'Then inspect a representative item from the first serial production run of a

new part

-Also apply to one-off items and software

-Re-inspect following any subsequent change that invalidates the previous

FAI result

-...and apply the FAI process to suppliers (specify in subcontract or

purchase order see 7.4.2)

IRIS specifies knock-out requirements for Commissioning and Customer

Service:

-Organize suppliers (see 7.4.2) and demonstrate adequate customer support

during commissioning until product validation is complete and accepted by

the customer

-Where commissioning is a specified requirement ensure processes provide

for:

-After-sales support per agreed requirements

-Manage maintenance per clause 7

-Action on problems identified after delivery

-Technical documentation updates (see 4.2.3)

-Approval before use of any repair schemes (repair is a design

change — see 7.3.7)

-...and for management of Consignment Stock (see 7.5.5)


IRIS specifies requirements for assuring reliability, availability, maintainability

and safety (shortened to RAMS) of the product (rail equipment):

-Standardize routines to maintain conformity of software to EN 50126, EN

50128 or EN 50129

'Use a documented RAMS procedure to calculate and document, collect and

analyze data and take improvement actions

-Use a documented procedure to manage the life cycle costing requirements

(so customer knows the costs of ownership)

~Collect data from operations during and after the warranty period

-...and analyze life cycle cost data and use resulting information to

continually improve the products, processes and the business management

system

When it comes to the management of obsolescence and change IRIS

specifies the following:

7.12 Obsolescence Management:

-Establish a process to ensure the availability of qualified spare parts for the

defined and agreed life cycle

7.13 Change Management is a knock out requirement:

-Use a documented procedure to execute, control and react to changes that

impact product realization.

-Determine which changes need to be referred to customer per

contract/project requirements

-Assess and verify impact of any change

-Validate and approve changes per contract/project requirements

-Stop implementation of external changes without prior authorization from

applicable stakeholders

-...and enable customer review of any change to form, fit, function,

performance or durability of product per proprietary designs

 

 

IRIS requires use of a process for measurement, analysis and

improvement...

When it comes to assuring customer satisfaction, IRIS require use of a key

performance indicator and process for obtaining and evaluating customer

satisfaction data that leads to action to remove the root causes of potential

dissatisfaction (with preventive action — see clause 8.5.3) and actual

dissatisfaction (with corrective action — see clause 8.5.2)

Clearly internal auditors must be competent in implementing the

recommendations of ISO 19011 and understanding the requirements of this

International Rail Industry Standard

All shifts are to be audited and audit criteria include external requirements

such as the contract and the applicable EN standards

IRIS requires key performance indicators from the measurement and

monitoring of the processes governed by the business management system

When it comes to inspection and testing the product, IRIS requires evidence

that products conform to customer requirements and that the following be

documented for the acceptance of goods and services (these requirements

repeat what ISO 9001 specifies in the clauses shown in parentheses):

-Provide criteria for acceptance or rejection (see 7.3.3)

-Specify where in the production sequence to verify (see 7.10)

-Record the measurement results (see 4.2.4)

-Specify the equipment and usage of equipment (see 7.1 b)

-Show the test results data as specified (see 8.2.4)

-...and show the test results for validated processes (see 7.5.2)


IRIS requires the documented procedure for controlling nonconforming

product to be extended to include any failure of project deliverable to fulfill

requirements (including the time and cost requirements)

With a knock-out requirement IRIS says nonconforming processes are to be

controlled as follows:

-Correct nonconforming processes (per clause 8.2.3) but also record the

process variation

-Evaluate whether the process variation has caused nonconforming product

-If so, control nonconforming product per clause 8.3 — as of course you

would


lRlS specifies additional requirements for obtaining customer concessions

-Obtain a customer concession or deviation permit whenever product or

process deviates from approved requirements (and indicate status in

shipping documents) — record costs (of nonconformity)

-Record expiration date or quantity limit (for the concession) and revert to

original or superseding specifications thereafter

-...and organization is to apply these rules to its suppliers before involving its

customer


IRIS requires organization to use a key performance indicator and process

for collecting and analyzing data to result in information to make fact-based

decisions...

...these data are to include data from external incidents regarding the

products in service and product safety

IRIS recommends use of processes to manage:

~Continual improvement (based on preventive action and corrective action)

-Taking action to prevent nonconformity (preventive action), and

-Stopping recurrence of nonconformity (corrective action)

-...both preventive and corrective action should include multidisciplinary

reviews and assessments...

Here we see that in addition to the six documented procedures specified by

ISO 9001, IRIS specifies ten other processes that are to be governed by

documented procedures:

-Transferring and outsourcing contract activities

~Providing Resources (staff, equipment, tooling and facilities)

-Training - people with the required attributes so they are competent

-Validating design and development of the product (testing prototypes)

-Approving designs of control commands and signaling

-Purchasing (from supplier selection to receipt of conforming goods and

services)

'Maintaining equipment and tools (for production)

-Inspecting first production run articles (First Article Inspections)

-Assuring and improving product Reliability, Availability, Maintainability and

Safety

-...and Controlling Changes

-...please remember that more documented procedures are normally

required by the organization

 IRIS specifies ten other processes that are to be governed by

documented procedures:

-Transferring and outsourcing contract activities

~Providing Resources (staff, equipment, tooling and facilities)

-Training - people with the required attributes so they are competent

-Validating design and development of the product (testing prototypes)

-Approving designs of control commands and signaling

-Purchasing (from supplier selection to receipt of conforming goods and

services)

'Maintaining equipment and tools (for production)

-Inspecting first production run articles (First Article Inspections)

-Assuring and improving product Reliability, Availability, Maintainability and

Safety

-...and Controlling Changes