Quality management system development

Why should you have a quality management system?

A quality management system is the first step towards truly understanding your business. A good QMS structures your business approach, embedding continuous improvement as a way of doing business.

The standard starts with asking you hard questions about your business and your customers. The system then takes a look at leadership, defining what the responsibilities of top management are, and what processes they must put in place. Planning comes next, to ensure the business understands what must be managed to succeed. Now the business knows what must be done, the resources must be made available to deliver on the plans. Operational control is required to ensure the products are properly designed, the processes for procurement, manufacture and control are in place and that operators know what to do when there is a problem. The process also has to be measured, this includes auditing and non-conformance management. Finally, the system demands continuous improvement.

As an ISO9001 lead auditor and lean six sigma master black belt I can integrate process improvement using world-class tools into your documented system.

Contact me for a discussion to see how I can help your business.


What does quality mean and why should everyone be involved?

Everyone knows what quality is don’t they?

Or do we? I suspect there are a few words missing from that statement.

Everyone knows what quality means to them.

So why do we run into quality issues in business? In my experience it is usually because the person making promises (specifications) doesn’t have to deliver against them (product or service provision).  The meaning of quality is variable, depending on the purpose of the product or service, and the customers need. For example, if I want a quality car, my criteria are very different if I am a lottery winner, or earning minimum wage.

It goes hand in hand with the idea of “fit for purpose”. Often when judging if something is fit for purpose we are making a commercial judgement of risk to our business of receiving a complaint, when a product is outside of the agreed specification. If his commercial question becomes a technical question the standards drift. By the time our customer complains we are a long way from what was agreed and often don’t understand how we got here, and more importantly how to fix it.  I believe the question we should really be asking is this

“If I was the customer receiving this product or service, with the customers standards, would I accept it?” . If the answer is yes, check you are right. Respect your customer enough to ask them.

We must always remember that decisions about fitness for purpose and quality will always belong to the customer.

It is vital to ensure everyone is involved. If our employees understand why the specification is important to our customer, and the impact of being out of specification, they are more likely to ensure the specifications are met.


Simple. Tell me I forget, show me I remember, involve me I understand. It is only through open communication and transparent understanding that we can engage all of employees in delivering excellence for the customer.

Let’s engage all of our employees in delivering the customer’s vision of excellence within the cost constraints agreed.


Risk in the quality process

Under the revised ISO quality systems standard ISO9001:2015 there is a requirement for risk assessment, but what does that really mean?

It is relatively easy to understand risk in the context of safety or environmental contamination, but how does risk apply to quality? The best way to start looking at this is to think about what a complaint is; complaints happen when the business has failed to deliver the customer’s expectations against an order. A specification was agreed, the customer had a clear vision of the benefit they would experience from purchasing your product, but it failed to deliver.

Sometimes the product attracts complaints even though it meets the specification. Why?

Part of the revised standard requires businesses to understand the context of their business, in other words do you understand your business strategy and the market segments you are targeting? Also who will buy from you and who are your competitors?

From start to finish of delivering a product or service there are risks. Did we understand what the customer asked for, does the customer understand what they need, did we produce what we expected to produce, was it delivered on time? There is a tendency to assume that the customer knows what they want , understands how my product will achieve their aims and knows how to use my product. Sometimes this is true, but often there are assumptions and misunderstandings in the buying process that make this a false view.

There are several points at which the risk of providing the wrong product or service can be controlled. The first is ensuring we understand what the customer wants, which involves not only understanding the stated requirements of the customer, but also the unstated requirements such as obvious or  industry standards in the customers business that they would just expect us to know. One example would be renting a room in a hotel – do you need to specify the the room has a bed in it? If our standard products don’t satisfy the customer needs or their stated requirements, what else do they need that we don’t know about. the risk of failing to address this is the customer choosing another supplier.

These considerations were implicit in ISO9001:2008, but have been made explicit in ISO9001:2015. There are many ways to manage risk, but we can only manage risks when we assess what the risks are.

One of the most significant changes in ISO9001:2015 is bringing the requirement to understand the legislation that is relevant to your business. This was always a requireemtn, but with the harmonisation of standard structure from Annex SL, the legislative requirement has been made more obvious.

Another area that has been strengthened with more rigorous risk analysis is handling of non-conformance. Whilst consideration of the risks associated with releasing the product have always been considered, an FMEA approach requires us to consider both performance and commercial risks, which may not have been clear before. What are the potential costs of failure compared to the cost of rejecting or scrapping the product? This is not a licence to release anything, far from it. An effective FMEA on a non-conforming product should involve all stakeholders, which must include the customer. Can we afford to involve the customer in a decision about defective stock? Surely it is healthier for the supply chain if we do, it also gives the customer a chance to consider the real impact of a defect, not only on their process, but also on their total supply chain costs.

Rejecting something that is out of specification seems an easy choice, but it creates costs which will come back later in the form of price increases.

Auditing is an area where risk has become an explicit consideration. It is no longer acceptable to simply audit on the basis of auditing all procedures every year, now we must consider the risk to the business of a failure in a particular area. When you consider the risk it becomes obvious that just auditing every process every year is not the right thing to do. For example if there is a manufacturing process that is absolutely critical to customer quality, would it make sense to audit that process at the same frequency as a process that causes a minor inconvenience if there is a defect?

In conclusion, applying risk analysis techniques as part of the QMS encourages the business to consider its strategy, objective and environment in a structured and rational way. Using risk analysis in this way helps a business integrate its quality functions into the daily business operations and makes it almost impossible for a business to run a QMS in parallel to standard business  operations. Integration at this level results in safer products, more accountability and better customer satisfaction.