Category Archives: Quality

How management buy-in can help ISO implementation

One of the most difficult tasks that a person may need to undertake before approaching the ISO topic is to win the buy-in from top management. QHSE is considered a cost center where resources are spent to implement and manage the system, but the benefits may not be immediately apparent.

Of course, a key concern for top management is a healthy bottom-line. This is communicated to all department heads in the form of KPI’s with accountability. This means that everyone knows what is important for top management and what is expected of them. But this rarely happens when it comes to ISO.

Sending the right message to your people about the importance of cooperation with the implementation project means a smoother transition. Things get done in a more timely manner. With the right level of support, within six months you must be able to build a completely integrated management system across multiple locations and different business units.

Depending on the size and complexity of an organization, an ISO system contains multiple components. How quickly these are prepared and ready for use depends on the involvement of top management.

So what happens if the management doesn’t send the right message?

Not much attention is paid to ISO and the initial never gets off the ground, usually because the QA Manager leaves it to the departments. In this case, departments are so busy that they never manage to do their part. As a result, the term of 2 weeks changes in 1 month, then 2 months, etc.

Internal auditors are trained for a period of 2 days, but when audits are required, most trainees are not available. And if they are, they rush through the audits, missing crucial non-compliances.

There are challenges for your authority as an auditor. Non-conformities do not get addressed in a timely manner. Corrective and Preventive Actions don’t get adequately implemented or they are addressed in a rush to get you out of the way.

Requested data such as those for KPIs, HSE and customer feedback are never sent or you have to ask for it again and again.

There is a poor turnout at management assessments or safety committees.

These are the worst case scenarios, but not uncommon.

So how do you bring management on board?

  • Work out the Cost of Quality and that is not the cost involved in implementing and managing it.
  • Calculate the direct costs of not implementing health and safety, but also highlights the indirect costs of the more difficult to quantify, but are costs nonetheless.
  • Explain what QHSE would mean for their customers and future customers.
  • Explain how a QHSE system would improve their supplier relationships and business results

Because money is an important subject, it is important to emphasize that QHSE is not only a cost center, but also a profit center, provided that they become involved.

This article has been written by Birjees Hussain

Published by:

Process approach to GDPR

In our previous post on GDPR we touched upon the impact it has on your quality management system. We also gave some examples of important topics you should take into consideration. Last week we had a great consulting session with our trusted partner on GDPR and which areas are best to focus on. In this post we will give you some of the useful tips and tricks that came out of that meeting.

Process Approach

The process approach is a good way to find out when and where your company touches personal data. This can easily be done by walking through the processes that are followed within the company. For example, start with sales and go all the way through to the point where the invoice is sent to the customer. When the primary processes have been checked, the secondary processes such as HR and IT can then be checked. This exercise will show you exactly where personal data is touched. Make a list of all the points where this data is handled by your suppliers.

When you are aware of which data is in the company, think about who is handling the data and different ways that it can be handled. You can classify the data as described in our previous post. Make sure you clearly describe who is the processor of the data. When the data is classified and you describe why you need it, you put an expiration date on it and you are good to go.

Sub Processors

An important part to think about is sub processors. Sometimes you are not the one that has the power to change the data, but you give that right to someone else, your sub processor. A good example where you see this often is salary slips. A lot of the time it is accounting firms that are the ones managing the salary slips. However, the majority of companies don’t do this themselves, but they also outsource this to a dedicated supplier. When this is the case make sure you have an agreement in place between you and your accounting firm, because they have the ability to alter the data. In this setup the accounting firm needs to have a data processing agreement with the company that processes the data. And remember, don’t forget to ask your supplier for a data processing agreement.

We provided dozens of companies with the easy to use tools to manage their GDPR and compliance in a broader sense of the word. Want to know how we accomplished this? Feel free to contact us.

Published by:

GDPR in Quality Management

The date that the General Data Protection Regulation (GDPR) is coming into effect is approaching soon. This new law affects almost all companies, but it can have a bigger effect on certified companies. Regardless of the certificate the company holds, all ISO certificates have the fundamental rule:

“The organization needs to demonstrate that they meet the legal requirements.”

This small but fundamental rule means that the certificates are only valid when an organization operates according to the law. Now we know that laws can be fluid and also contradicting depending on regions and countries, but we won’t go into this now. It is fair to say that all companies need to operate according to the GDPR. In this blogpost we provide some easy tips on how this can impact your management system. In the end a lot of companies treat compliance to laws in the same region as compliance to international standards.

The Data

There is a lot of data going through the company. In order to understand which data is stored where, classifying the data helps a lot. A good point to start with is classifying the data owners in line with the stakeholders identified in the stakeholder analysis. Most data can be classified into three categories: customers, employees and suppliers. When the type of stakeholder is known, it is important to classify the kind of data, such as: personal data, company data, payment data, etc. These classifications are highly dependent on the type of service or product you deliver. It is important to know where the data is stored. In order to have this overview you should map out all the products/services you have that hold any kind of data. Some topics we use for such a register are:

  • Company name
  • Contact person
  • Purpose of data
  • Type of Stakeholder
    • Customer
    • Employee
    • Supplier
  • Type of Data
    • Contact details
    • Payment details
    • Personal details
  • Duration of saving
  • Agreement (PDF of contract)

Management System

On top of the register there are some processes that need to be added. People now have more rights, and in order to observe that it is important to document how you support these rights. Two important points here are:

  • How is the organization going to make sure that people have the right to be forgotten? In essence, how are you going to delete all their data across all databases?
  • How will the organization support a request from a customer to get an overview of all the information the organization holds of that person?

These are just two important questions, but it shows that clearly defined processes should be in place and therefore must be added in some way to the management system.

Organizational Impact

The organization can be quite significant. You need to assess whether a data protection officer is required. The three main assessment points are:

  • Public authorities or bodies, except for courts acting in their judicial capacity.
  • Companies who process data requiring ‘regular and systematic monitoring of data subjects on a large scale’.
  • Companies who process, on a large scale, any special category of personal data. This includes data which reveals racial or ethnic origin; political opinions; religious or philosophical beliefs and other such information.
  • Companies who process, on a large scale, personal data relating to criminal convictions and offences.

In case you are required to appoint a data protection officer it is good to include this in the management system, just like your prevention officer is part of the management system.


The last important part of the GDPR is that the organization has a clear policy on how to handle data and how to protect it. This policy should be readily available and easy accessible for stakeholders.

Impact on Management System

With the requirement to work according to the law and regulations, the GDPR has a clear impact on most management systems around the world. Due to the overlap in a lot of best practices within international standards, we recommend to make the GDPR an inclusive part of your management system, and not to treat it as a separate part.

If you want to know how you can structure a lot of the GDPR related activities within an integrated management system, just contact us.

Published by:

How to keep your quality management system simple

That may sound like a contradiction in terms, particularly if you’ve ever read a management system standard document! They’re not the simplest of things to comprehend but that doesn’t mean your management system has to be just as hard work.

Keep it simple!

A quality management system is mainly focused on customer satisfaction, in which a healthy amount of risk management is introduced for a good dose.

The vast majority of business owners want happy customers and lower risks right? So think about the steps that you naturally take to ensure these are achieved and hey presto! you have the basis for implementing your system.

You don’t have to reinvent the wheel. It is not necessary to make a shoehorn in extra forms, registers, checks or balances to meet a theoretical need. Start with what you have and keep it simple.

Mandatory requirements

Among the mandatory requirements of a formally certified quality management system are a quality policy and quality objectives. Even if you have no need for a formally certified system, your business can still benefit from having these in place.

Your customers will be happy that you’re demonstrating your commitment to quality. Your business will have additional direction and purpose created by your quality objectives.

Be authentic

The remaining requirements of a quality management system include sufficient process documentation that you can be sure things are working to plan. You will define the measures of success and when and how these are to be monitored and evaluated.

Don’t be tempted to download a template package. Yes, I know it’s free and it promises to be super easy. The reality is it will never be anything more than a burden. Be authentic. Write your own.

Simply the best

The best systems are the simplest ones. Simplicity doesn’t mean that something isn’t fit for purpose. Conversely, just because something is complicated doesn’t mean it’s better.

The best person to write your policies and processes is you. You can employ the services of a consultant to coach and guide you. They may even do some writing for you but ultimately you know your business best.

If you’re a slightly bigger business with segregated duties and responsibilities, get the process owners to do the writing. Process owners are the people who operate and/or manage an activity on a daily basis. The experts.


This article has been written by Lucy Payne of

Published by:

Risk management in relation to quality

The concept of risk-based thinking has been adopted explicitly by ISO 9001:2015 and replaces the previously stated requirement in ISO 9001:2008 for ‘preventive action’.

In ISO 9001 , risk is defined as ”the effect of uncertainty”. Therefore, risk management in relation to quality, involves the identification, assessment and prioritisation of risks to product or service conformity.  The purpose of this activity is to minimize the potential negative effects of opportunities and risks.

Risk in relation to quality

Both internally as externally quality risks can arise to the company. Internal risks include:

  • shareholders
  • employees
  • equipment
  • technology/software
  • storage of raw materials
  • storage of finished products
  • after-sales support

External risks, which could extend throughout the supply chain, include:

  • landlord
  • legal/regulatory compliance
  • suppliers/delivery partners
  • clients/customers
  • political/social/economic factors
  • special interest groups/action groups
  • general public

Identifying and assessing risks

Tools and techniques to assist in the identification of such risks to quality include brainstorming, fault tree analysis, process mapping and failure modes and effects analysis (FMEA). Effective application of these tools can help to identify risks.

Options to address risks

Options for addressing risks include:

  • avoidance of the source of the risk
  • taking action to reduce the likelihood of the risk
  • taking action to reduce the severity of the risk
  • transferring the risk to a third party
  • retaining the risk under informed decision (perhaps in order to pursue an opportunity)

Benefits of addressing risks

The benefits of addressing risks include:

  • reduced likelihood of occurrence
  • reduced insurance premiums
  • added assurance for investors/shareholders
  • improved customer satisfaction
  • improved employee engagement

Following a thorough risk assessment of your business operations, you can formulate a comprehensive, robust and practical Business Continuity Plan and/or Disaster Recovery Plan.  As a result, you are able to be proactive in identifying risks and addressing potential pitfalls.  This is surely preferable to simply leaving your business success to chance.

This article has been written by Lucy Payne of

Published by:

KPI management

Key Performance Indicators (KPIs) are a very important part of a (integrated) management system. They can show how good or bad the management system is functioning. However, we see a lot of KPIs defined and monitored by quality that are mainly focussing on compliance to standards, such as number of audits performed, number of inspections performed, number of sick days, etc. We do believe that when KPIs are more aligned with company goals, the impact of the management system will be a lot bigger. In line with that reasoning you as a quality management should own these KPIs. Make them your responsibility even though you might not have a direct effect on them. Simply own them and make the line managers or operational managers also part of that process in order for the alignment to work.

It Is Not About Absolute Figures

We are a strong believer of ratios when it comes to KPIs, simply because a lot of one dimensional figures don’t work when the company gets bigger. When you have more orders there is a good chance more things can go wrong and more people are getting ill, so use ratios.

Some great examples include recall per X units manufactured or issues per Y units purchased from supplier B. Ratios allows for scaling whilst still giving a great insight.

Align with Business

In order for the business to get some real value out of the management system make sure the KPIs are aligned with its goals. For example, track quality issues per model or per project and put a financial figure to it. Even though the figure might not be very accurate, it is so much better than working with nothing at all.

With this setup you as a quality manager can directly show the impact on the business. Costs of quality have a direct negative effect on the company’s bottom line. Make sure this is well understood by everybody in the organization.

Own Them

In order to show management that you are serious make sure you own the KPI’s and do whatever it takes to improve them. Set goals for the company based on the performance of last year or quarter. Showing ownership proves you take it serious. Go and talk with operational managers and discuss how the company can reach these goals, and what kind of processes need to be improved. Involve the line manager in the process of setting these goals, then celebrate reaching these goals with them and give them credits for it.

So in order for top management to not take the management for granted, make sure it adds value and show how it helps the company to increase the bottom line.

We have helped a lot of companies to get the insights in their cost of quality in order to go to an improvement approach. Top management can directly see what the (integrated) management brings them and how it adds value to the company, on top of staying compliant. Do you want to know how Qooling can help your organization with this? Just contact us.

Published by:

The Importance of Top Management Buy-In

Top management is crucial when it comes to a successful management system. Management should actively show that they can see the added value of the system. Almost every director states that quality is at the core of the organization and is recognized as one of the pillars of the company. Ensuring that this is actually the case and how to keep it maintained proves to be much harder. Once too often top management points the finger to the quality department when it comes to maintaining the quality. Having a quality department doesn’t say anything about the quality you deliver, actual actions should be taken.

Why a Management System?

Top management might feel like the management system is a necessary evil because they don’t see what it brings for them. Most of them may agree that having proper processes gives guidance to the employees and a certain amount of structure to the organization. However, when it comes to managing the system and more importantly the information that comes out of it, most managers get lost. When asked about the cost of quality of their company or their cost of safety they have no clue and might be able to come up with a educated guess. Though most agree that having these actual figures helps them to make better decisions. That is why using the proper solutions for managing the quality and safety are so important. Qooling gives top management constant real-time insight in their actual cost of safety. It also lowers the barrier for employees to file these mistakes which leads to much more data to analyse, and therefore the opportunity to make better informed decisions.

Lead by Example

Procedure and process can be annoying sometimes. They are designed to keep things organized within an organization with the trade off of losing some time efficiency. However, having people working according a certain system helps maintain consistencies and a certain level of quality and safety. Most processes have the organization in mind, sometimes at the expense of the individual employee.

Due to these trade offs, some top management cut corners when it comes to certain processes, which might be necessary at times. The implications can be quite severe because of the sign it gives to other employees. If you don’t think the processes is important enough to follow why should others?

Actively Involved

Being actively involved in the management system will show commitment to the company. This can be as easy as pointing out certain topics when walking around. A better approach is when top management is actively performing management walks or organizing toolbox meetings. These actions directly shows the commitment of top management to these things. This doesn’t have to be all formal but can be a life conference call to the company or just a certain location. The point is, it shows how involved top management is and how important they think these matters are.

Published by:

5 Questions That Reveal Management Commitment

Top Management Audits

There are two common types of Quality Management System audits. There’s the company’s 1st party audit where the organisation audits itself. This type of audit is more commonly known as an Internal Audit. Then there is the 3rd Party Audit, usually carried out by your chosen certification body. Regardless of which audit is in process, both almost always have one failing in common. Tope Management is almost always excluded from the scope of the audit.

There could be a number of reason why this is the case, not the least of which could be because staff charged with performing these audits, including the Management Representative, may be afraid of speaking to a director or an MD or are afraid of asking tough questions for fear of reprimand.

But let’s say that you have been encouraged by top management to do just that. So what should you be asking? Here are the top 5 questions that effective audits reveal about top management’s commitment.

  1. What is their vision for the company? Is that vision documented somewhere and, if so, how is it communicated to all staff and not just those immediately below them?
  2. What overall Key Performance Indicators (KPIs) have they set and do they cascade this information down the organisation in a manner that all staff understand what is required of them to achieve those objectives. Even a staff member at the lower echelons of the organisation should be made aware of what he is required to do and how important his role is in achieving those KPIs.
  3. What resources have they budgeted for to ensure that the Quality Management System functions effectively and that their Quality Policy is fulfilled? The fewer the resources, the more the QMS department will struggle to get things done and vice versa.
  4. What is their role in the Quality Management System and how do they show their commitment to their staff. Their commitment and the way they get involved in the system is an indicator of the level of buy-in across an organisation and how well the system is adhered to.
  5. And finally, how often are Management Reviews held? When was the last review? Who was present and what were the key decisions that came out of that meeting? What happens to the minutes once they are recorded and to whom are they circulated? There is no point to these reviews if they are held just because the standard mandates it.


This article has been written by Birjees Hussain

Published by:

The Real Cost of Safety

The real cost of safety, or perhaps better phrased the real cost of a lack of safety is something that is not always clear and can be hard to calculate. There are so many factors involved when someone gets injured on the job that it might not always be clear the moment the injury happened. There are a number of topics that have an effect on the costs involved.

Direct Effects

When an accident happens on the job a lot of costs are made to perform a proper investigation. These investigations are always very thorough and properly executed. This is of course a good thing but it also means they take up a lot of resources like money and time. A safety specialist might be hired for the investigation and the operational staff will be busy with this. Sometimes the production needs to be put on hold to perform the investigation. This will lead to a serious loss of production time.

Indirect Effects

Loss of production hours of the employee is one of the indirect effects. As long as the employee is not able to work his/her salary still needs to paid, and a replacement also needs to be arranged, as the job must continue.

The second financial effect comes from the lost of potential contracts. Some contractors prefer the subcontractor with the lowest number of injuries with days lost. These statistic can become crucial for winning tenders.

The last indirect effect might be the increase in insurance premiums. Insurance premiums are based on the likelihood of an accident. Past incident statistics can be used to calculate current insurance rates. When these statistics go up this can be very negative for the insurance costs.

Emotional Effects

The employee and his/her family can have severe psychological damage in case of a serious injury. However, not only the family can fall victim to this but also the colleagues of the person that had the accident. Some colleagues might have seen the accident happening. Certain injuries can cause serious psychological damage the moment you see it happening. All the visits to the psychologist and loss of hours work can lead to a serious financial impact for the company especially when several colleagues were involved.

As with everything when it comes to safety: it is better to prevent than to cure. Automation solutions like Qooling can help companies in this process. When employees have an easy way to file near misses the (Q)HSE people can start finding the root cause to these situations and take appropriate (corrective) actions.

Published by:

Why Quality Management

A quality management system for good and socially responsible business.

With the increasing pressure on efficiency and costs, we see the attention of quality management evaporate. As if it were a luxury, those organizations could hardly afford to keep at least an existing certification. While an efficiently operating quality management system is just as important today as ever before.

The basis

The basis for a quality management system is to make work processes clear in relation to the output (customer service), the effort to be provided, and other resources (money for example) and content quality aspects for the customer and the staff. That transparency, plus and then controllable compliance with what has been specified, provides reliable and certifiable service on a basic basis for financing and customer trust.

At the same time, there is a basis for critical review of the efficiency of those work processes. Are there “lean” terms of “waste”, waste of energy on issues that do not contribute to the customer and the quality to be delivered? Are quality and effort in balance? A quality management system is not ‘complete’ after certification, but must constantly be used for continuous improvement of efficiency, customer satisfaction and quality.


And for those who still find it quite luxurious: it provides a basis for communicating with clients or financing about that balance and reasoned counterweight of pressure to work under the cost price, for example. An organization that has its quality management system in order and insight into its processes is so many times stronger against cuts and irresponsible financiers.

Finally, let’s not forget the staff. Insightful work processes that focus on client and staff interests contribute to motivation and productivity, lower absenteeism and better self-responsibility in the workplace – to self-governing teams.

In short: an efficient quality management system (supported by a good planning / control cycle and a risk management system) is the basis for healthy and socially sustainable business management.

This article has been written by Jantina van Rossum of iConact.


Published by: