Why should you have a quality management system?
A quality management system is the first step towards truly understanding your business. A good QMS structures your business approach, embedding continuous improvement as a way of doing business.
The standard starts with asking you hard questions about your business and your customers. The system then takes a look at leadership, defining what the responsibilities of top management are, and what processes they must put in place. Planning comes next, to ensure the business understands what must be managed to succeed. Now the business knows what must be done, the resources must be made available to deliver on the plans. Operational control is required to ensure the products are properly designed, the processes for procurement, manufacture and control are in place and that operators know what to do when there is a problem. The process also has to be measured, this includes auditing and non-conformance management. Finally, the system demands continuous improvement.
As an ISO9001 lead auditor and lean six sigma master black belt I can integrate process improvement using world-class tools into your documented system.
Contact me for a discussion to see how I can help your business.
Tamarind Tree Consulting Ltd have joined the BSI organisation. As a business committed to improving the ease and effectiveness of ISO9001:2015 certification for SME’s it is a proud moment to be accepted as a member of the BSI organisation.
I felt it was important to be part of the BSI organisation to help promote quality and process excellence.
By now everyone who is certified to ISO9001:2008 knows they have to transition to ISO9001:2015. But it’s all OK, it’s the quality manager who has to make it happen right? And we have time too, there is a long time to changeover.
Actually no, there isn’t that much time and the quality manager can’t do it alone. ISO9001:2008 will cease to be a viable standard in September 2018, that is less than two years. If your company has a lot of cultural adjustment that is not much time at all.
The new standard places much greater emphasis on top management involvement, placing greater responsibility for the quality management system on top management. this means that although top management can delegate authority for certain tasks, responsibility for making those things happen can’t be delegated.
One example is responsibility for the QMS, the standard says top management is responsible for demonstrating leadership and commitment by ensuring the integration of the quality management system requirements into the business processes. This means that authority for ensuring that the business processes meet the needs of the QMS rest with the individual process owners, not simply the quality manager. If your production manager isn’t committed to the QMS and has a habit of regarding the QMS as the quality managers job there will be a problem during audit. Also, the previous quick tidy up just before an audit will be unacceptable. There must be a consistent approach to the QMS evidenced all year round. The requirement is for integration of QMS requirements into the business processes – if the business processes operate every day, but the QMS activity all happens in the month prior to an audit, there is a clear dysfunction.
The new standard also does not require any mandatory procedures. I hear you cheering, but before you make a bonfire out of your manuals there is a catch (isn’t there always!). If there is no documentation the auditor has to interview top management and the staff operating the process to check that there is a common view of what is to be done, roles and responsibilities and a consistent methodology to carry out the process. Interviews take time and it has been reported that some certification bodies are adding between half a day and a day to the audit requirements where documentation is minimal. Consider as well how easy it will be to ensure that all of your staff from managers to shopfloor not only operate the process in the same way, but describe it similarly enough to be recognisable as the same process.
Bear in mind these are only two aspects of twenty-two specific responsibilities placed on top management in clause 5 – Leadership.
Another new clause is 7.1.6 Organisational Knowledge. This mandates that an organisation will determine the knowledge necessary for operation of its processes not only now, but also in the future. This includes identifying what new knowledge and skills will be required to address the changing needs and trends of its business environment. Further changes addressing the need to consider products and services and ensure that key performance indicators are identified and where deemed appropriate, monitored and measured mean that this version of the standard really does have to integrate into the business operation.
Another addition is included in the way businesses think about their processes. In addition to arranging the processes in order and linking them logically, it is also necessary to identify the process inputs and outputs. In order to do this the process owners have to understand how the processes link together. If it isn’t done, don’t blame the quality manager; the responsibility for making it happens lies with top management, which means that the process owners have to be involved.
This is not a thorough review of the implications of ISO9001:2015, it is only intended to give a flavour of the challenges ahead. If this sounds like a task you would appreciate some help with, contact me at Tamarind Tree Consulting – I can help. Head over to my website where you can see my experience and contact me through the website, or message me on LinkedIn to discuss how I can help you meet the September 2018 deadline for transition.
I have just found out that, as expected, I passed the Lead Auditor training course with MfQ. The training should not be underestimated, the case studies and challenges in the course require careful thought from experienced heads as well as newcomers. That said, I have enough experience it would have been embarrassing had I not passed.
It does raise an interesting point, although my training is certified, and the training is accredited by IRCA, I am not a certified IRCA lead auditor. There is a separate, detailed programme of audit evidence to provide before I can be certified by IRCA as a lead auditor. I am certified as having passed a training course that complies with the requirements of IRCA as lead auditor training.
The next step on this journey is to look for opportunities to practice audit skills with the aim of achieving IRCA lead auditor status. This is the continuous improvement life. Learning is not an activity that you do for a time then stop, learning is a lifelong obsession when you are totally committed to continuous improvement.
Baldwin and Francis manufacture flameproof and intrinsically safe electrical switchgear for hazardous environments. Their primary markets are oil and gas, marine, rail and industrial sectors
The existing system meets the needs of ISO9001:2008, however with ISO9001:2008 expiring in 2018 B&F must plan a transition to ISO9001:2015. As a result, Baldwin and Francis Ltd asked Tamarind Tree Consulting to modify their quality management system in preparation for the ISO9001:2015 transition.
The transition task is more complex for Baldwin and Francis Ltd since they have to also consider the additional requirements of ISO/IEC80079-34:2011 It was essential that the consultant used could ensure that the requirements of both standards were integrated. A vital aspect of the business is disciplined application of both standards to ensure that the equipment provided ensures the safety of electrical distribution in explosive atmospheres.
With only six weeks to the next transition audit it was vital to ensure that any alterations were practical and closely managed. It was also essential to ensure that all progress was sustainable to ensure that it provided a platform for future system development.
Tamarind tree conducted a gap analysis of the system to identify both the required changes and the necessary care points. This was designed to ensure that the changes would not compromise system integrity or product performance.
Working in collaboration with the team at Baldwin and Francis Ltd, the first step was to train auditors to assess the system against both ISO9001:2015 and ISO/IEC80079-34. Auditors were selected from a range of functions across the entire business. The document control system was modified to include risk assessment of processes and a systematic review of the business processes was initiated.
The system modifications identified by Tamarind Tree Consulting assisted in a positive external audit result. Ongoing certification was maintained and the external auditor confirmed that the system complied with the needs of both ISO9001:2015 and ISO/IEC80079-34:2011.
Feedback from Baldwin and Francis was very positive, with particular recognition of the timely, expert and engaging service they were provided
Stephen Clarke, CEO and Managing Director of Baldwin and Francis stated,
“ This has been a very successful project. Tamarind Tree Consulting led my team throughout the task in a practical, knowledgeable way. Tim Akerman quickly engaged with all employees, fully understood our needs and delivered the actions required to meet the audit deadline as well as re-aligning our plans for the transition to the new standards. All on time and to the agreed costs. I am sure that we will be using their services again”
Under the revised ISO quality systems standard ISO9001:2015 there is a requirement for risk assessment, but what does that really mean?
It is relatively easy to understand risk in the context of safety or environmental contamination, but how does risk apply to quality? The best way to start looking at this is to think about what a complaint is; complaints happen when the business has failed to deliver the customer’s expectations against an order. A specification was agreed, the customer had a clear vision of the benefit they would experience from purchasing your product, but it failed to deliver.
Sometimes the product attracts complaints even though it meets the specification. Why?
Part of the revised standard requires businesses to understand the context of their business, in other words do you understand your business strategy and the market segments you are targeting? Also who will buy from you and who are your competitors?
From start to finish of delivering a product or service there are risks. Did we understand what the customer asked for, does the customer understand what they need, did we produce what we expected to produce, was it delivered on time? There is a tendency to assume that the customer knows what they want , understands how my product will achieve their aims and knows how to use my product. Sometimes this is true, but often there are assumptions and misunderstandings in the buying process that make this a false view.
There are several points at which the risk of providing the wrong product or service can be controlled. The first is ensuring we understand what the customer wants, which involves not only understanding the stated requirements of the customer, but also the unstated requirements such as obvious or industry standards in the customers business that they would just expect us to know. One example would be renting a room in a hotel – do you need to specify the the room has a bed in it? If our standard products don’t satisfy the customer needs or their stated requirements, what else do they need that we don’t know about. the risk of failing to address this is the customer choosing another supplier.
These considerations were implicit in ISO9001:2008, but have been made explicit in ISO9001:2015. There are many ways to manage risk, but we can only manage risks when we assess what the risks are.
One of the most significant changes in ISO9001:2015 is bringing the requirement to understand the legislation that is relevant to your business. This was always a requireemtn, but with the harmonisation of standard structure from Annex SL, the legislative requirement has been made more obvious.
Another area that has been strengthened with more rigorous risk analysis is handling of non-conformance. Whilst consideration of the risks associated with releasing the product have always been considered, an FMEA approach requires us to consider both performance and commercial risks, which may not have been clear before. What are the potential costs of failure compared to the cost of rejecting or scrapping the product? This is not a licence to release anything, far from it. An effective FMEA on a non-conforming product should involve all stakeholders, which must include the customer. Can we afford to involve the customer in a decision about defective stock? Surely it is healthier for the supply chain if we do, it also gives the customer a chance to consider the real impact of a defect, not only on their process, but also on their total supply chain costs.
Rejecting something that is out of specification seems an easy choice, but it creates costs which will come back later in the form of price increases.
Auditing is an area where risk has become an explicit consideration. It is no longer acceptable to simply audit on the basis of auditing all procedures every year, now we must consider the risk to the business of a failure in a particular area. When you consider the risk it becomes obvious that just auditing every process every year is not the right thing to do. For example if there is a manufacturing process that is absolutely critical to customer quality, would it make sense to audit that process at the same frequency as a process that causes a minor inconvenience if there is a defect?
In conclusion, applying risk analysis techniques as part of the QMS encourages the business to consider its strategy, objective and environment in a structured and rational way. Using risk analysis in this way helps a business integrate its quality functions into the daily business operations and makes it almost impossible for a business to run a QMS in parallel to standard business operations. Integration at this level results in safer products, more accountability and better customer satisfaction.