Qooling » Blog Archives

Author Archives: nickappel

How to design a good nonconformity report

A good nonconformity report has all the information that is needed, and is easy to understand by others in the organization. This sounds trivial and easy to do, however in practice it can be a lot harder to put together. The report is actually a way to communicate what went wrong somewhere in the company with everybody in the organization. Clear sentences and proper detailed descriptions are crucial. A lot of confusion can be prevented by having an easy to use NC form, so it is vital that it is done correctly.

Keep It Simple

More often than not we see quite complex nonconformity reports. The form has a ton of questions which people in the field don’t feel like filling in. Their jobs are to build and produce, not to fill in forms. So it is important to keep the form simple. Make sure that the people in the field only have to fill in just a couple of questions which holds the bare minimum of information for the manager to create the report.

Reduce Freedom

In order to analyze properly, make sure you use pre-defined fields in your nonconformity form. This way you will have consistent information to analyze. Also ensure that the person filling in the nonconformity doesn’t have the option to come up with a whole story that is hard to understand. These predefined selections make life a lot easier both for the quality department and the person that fills in the form.

Photos

Always add pictures to the nonconformity report. Pictures say more than thousands words and are much easier to interpret by someone else. He or she simply looks at the image and sees what went wrong. All mobile phones these days allow you to take a photo or two of the situation and add it to the report. With the latest quality platforms you now have mobile apps that integrate directly with your quality management system for even faster reports. Check out how Qooling allows you to do this.

Root Cause

Support some kind of root cause analysis for the nonconformities. There are more than enough options to use. Just make sure you pick one and follow through. Some options are:

The root-cause analysis really allows the company to find out why things went wrong. Finding the root cause is important for setting up the right actions to prevent this from happening in the future. Coming up with a solution to just one cause will not lead to the desired results and still leaves room for the same kind of mistakes.

Published by:

Introduction to NEN1090

Why NEN-EN1090?

The NEN-EN 1090 is part of the European series of product standards for the production of steel and aluminium constructions. Companies that work with steel and aluminium construction are required to meet this standard through the revised legislation on July 1, 2014. This means that all parts of steel and aluminium constructions must be provided with the CE-marking.

The FPC is a mandatory part of the EN 1090. This guarantees the quality of the manufacturer’s products. The main components of the FPC make it a kind of quality system according to ISO 9001, but more extensive with regard to technical requirements and less extensive in other areas, such as customer satisfaction. In addition, it´s a welding quality system based on EN-ISO 3834 (depending on the execution class). Finally, a welding coordinator should be appointed according to EN-ISO 14731. In order to continue to comply with this standard, it’s important that the administration is properly maintained.

The manufacturer declares with the CE marking that all structural requirements have been met. The basic principle is that a product must be accepted in all European countries if it complies with the standards. Member States can no longer impose their own requirements on products and companies. This should benefit every company that deals with construction.

How to continue to comply?

Proving compliance to the NEN-EN 1090 can be quite an intense job. The administration involved in showing traceability of welders and materials can already take up quite some time. On top of that, every weld needs to become traceable which in most cases leads to extensive Excel sheets and paper lying all over the workshop or production side. This will take up a lot of valuable production time because someone needs to fill in all the details, and needs to make sure it is archived properly and easily retrievable.

Qooling can help you to easily continue to meet the NEN 1090. We offer an online solution to keep the administration up to date and efficient so that unnecessary delay or failure costs are not incurred.

Through our software you can see at a glance what is happening within your company, and you have the complete traceability of all your welding.

Published by:

Why data is important in Quality Management.

At the center of all quality management systems is the concept of continuous improvement. This implies that you have the ability to prove that there has been some kind of improvement. It may sound straightforward, but it isn’t always that easy to do. Many times there is limited data or even no data to even come up any results. In order to prove progress, it is important to have the consistent data to back it up.

Collecting Data

Data is a main ingredient to show how the company improves on certain KPI’s. However, collecting the data is more often that not a very labor intensive task, mainly done by the quality department. In order to make it easy for the organization to share the required data, it should be fairly easy for employees to do this. A mobile app helps in this process. Having all the important forms at your fingertips makes it so much easier to share this information, which allows the quality department to focus on analyzing the data instead of pushing people to provide it. Also having an open IT infrastructure which allows for sharing data between systems is key in order to pull the data from different sources.

Analysing Data

When the data is gathered it should be analyzed properly. This is not just drawing graphs but also interpreting the changes of the data over time. Different time frames could show interesting effects. Furthermore, mapping out different root causes will give more insight on how to improve the company. It is important to play around with the data and not only focus on the predefined KPI’s. Playing around and plotting different variables against each other can give completely new insights. A great technique to check out where this goes wrong is by using the “Pareto” plot of the data.

 Showing Results

Maybe the most important aspect of using data to improve quality management is communicating the results. Not only to top management, but to the employees within the company. Every employee helps by providing the data. When you involve them in the results of the analysis, they see the impact they had on the company instantly. Which then makes them more willing to share again in the future.

 Pitfalls

The biggest pitfall with analysis data is the inconsistency in the data. It is very important the data is clean and usable. This can be easily checked simply by plotting the data and looking for weird spikes. Also during the setup, it is required to predefine certain choices. When you give employees the option such as “I don’t know” or “general”, they will most likely choose that. This will lead to a lot of data with that option, which completely ruins the possibility to analyze it, so try to prevent these options.

 

Qooling makes collecting information and analyzing it a lot easier by a simple to use mobile app and the straightforward interface of its platform.

Published by:

Process approach to GDPR

In our previous post on GDPR we touched upon the impact it has on your quality management system. We also gave some examples of important topics you should take into consideration. Last week we had a great consulting session with our trusted partner on GDPR and which areas are best to focus on. In this post we will give you some of the useful tips and tricks that came out of that meeting.

Process Approach

The process approach is a good way to find out when and where your company touches personal data. This can easily be done by walking through the processes that are followed within the company. For example, start with sales and go all the way through to the point where the invoice is sent to the customer. When the primary processes have been checked, the secondary processes such as HR and IT can then be checked. This exercise will show you exactly where personal data is touched. Make a list of all the points where this data is handled by your suppliers.

When you are aware of which data is in the company, think about who is handling the data and different ways that it can be handled. You can classify the data as described in our previous post. Make sure you clearly describe who is the processor of the data. When the data is classified and you describe why you need it, you put an expiration date on it and you are good to go.

Sub Processors

An important part to think about is sub processors. Sometimes you are not the one that has the power to change the data, but you give that right to someone else, your sub processor. A good example where you see this often is salary slips. A lot of the time it is accounting firms that are the ones managing the salary slips. However, the majority of companies don’t do this themselves, but they also outsource this to a dedicated supplier. When this is the case make sure you have an agreement in place between you and your accounting firm, because they have the ability to alter the data. In this setup the accounting firm needs to have a data processing agreement with the company that processes the data. And remember, don’t forget to ask your supplier for a data processing agreement.

We provided dozens of companies with the easy to use tools to manage their GDPR and compliance in a broader sense of the word. Want to know how we accomplished this? Feel free to contact us.

Published by:

GDPR in Quality Management

The date that the General Data Protection Regulation (GDPR) is coming into effect is approaching soon. This new law affects almost all companies, but it can have a bigger effect on certified companies. Regardless of the certificate the company holds, all ISO certificates have the fundamental rule:

“The organization needs to demonstrate that they meet the legal requirements.”

This small but fundamental rule means that the certificates are only valid when an organization operates according to the law. Now we know that laws can be fluid and also contradicting depending on regions and countries, but we won’t go into this now. It is fair to say that all companies need to operate according to the GDPR. In this blogpost we provide some easy tips on how this can impact your management system. In the end a lot of companies treat compliance to laws in the same region as compliance to international standards.

The Data

There is a lot of data going through the company. In order to understand which data is stored where, classifying the data helps a lot. A good point to start with is classifying the data owners in line with the stakeholders identified in the stakeholder analysis. Most data can be classified into three categories: customers, employees and suppliers. When the type of stakeholder is known, it is important to classify the kind of data, such as: personal data, company data, payment data, etc. These classifications are highly dependent on the type of service or product you deliver. It is important to know where the data is stored. In order to have this overview you should map out all the products/services you have that hold any kind of data. Some topics we use for such a register are:

  • Company name
  • Contact person
  • Purpose of data
  • Type of Stakeholder
    • Customer
    • Employee
    • Supplier
  • Type of Data
    • Contact details
    • Payment details
    • Personal details
  • Duration of saving
  • Agreement (PDF of contract)

Management System

On top of the register there are some processes that need to be added. People now have more rights, and in order to observe that it is important to document how you support these rights. Two important points here are:

  • How is the organization going to make sure that people have the right to be forgotten? In essence, how are you going to delete all their data across all databases?
  • How will the organization support a request from a customer to get an overview of all the information the organization holds of that person?

These are just two important questions, but it shows that clearly defined processes should be in place and therefore must be added in some way to the management system.

Organizational Impact

The organization can be quite significant. You need to assess whether a data protection officer is required. The three main assessment points are:

  • Public authorities or bodies, except for courts acting in their judicial capacity.
  • Companies who process data requiring ‘regular and systematic monitoring of data subjects on a large scale’.
  • Companies who process, on a large scale, any special category of personal data. This includes data which reveals racial or ethnic origin; political opinions; religious or philosophical beliefs and other such information.
  • Companies who process, on a large scale, personal data relating to criminal convictions and offences.

In case you are required to appoint a data protection officer it is good to include this in the management system, just like your prevention officer is part of the management system.

Policies

The last important part of the GDPR is that the organization has a clear policy on how to handle data and how to protect it. This policy should be readily available and easy accessible for stakeholders.

Impact on Management System

With the requirement to work according to the law and regulations, the GDPR has a clear impact on most management systems around the world. Due to the overlap in a lot of best practices within international standards, we recommend to make the GDPR an inclusive part of your management system, and not to treat it as a separate part.

If you want to know how you can structure a lot of the GDPR related activities within an integrated management system, just contact us.

Published by:

Risk Management in ISO 45001

The new ISO 45001 has replaced the OHSAS 18001. Just like most other ISO standards, the ISO 45001 adopted the High Level Structure (HLS). This is a great step forward because it now allows for consistent management systems. A lot of companies have multiple certificates and with this newly adopted HLS it is much easier to integrate the different standards.

In previous posts we touched upon the importance of risk management in the HLS: Risk Management ISO9001:2015 , Handle risk management and Practical guide.  We even wrote an e-book about it. With the ISO 45001 the way of managing risks can be the same as with other standards, but the type of risks will be different. We will touch upon a couple of topics to take in consideration while identifying your risks.

Law

The most important aspects of the risks is the law. In many countries the laws are pretty clear when it comes to employees and everything surrounding it. This can be all kinds of laws from how to handle PPE to working hours or number of leave days. Not obeying the law will not only lead to fines but can also lead to a bad reputation and possible problems with unions. In order to make sure these risks are identified, just note down the laws and take appropriate action.

Work

The daily activities of certain people can inhabit serious risks. These might not always be clear on the outside but will reach the surface when you talk to people. The employees are a key source of information when it comes to identifying the risks involved in their day to day activities. It is always wise to plan a couple of hours with people in the field and identify the risks they face.

Company

Then there are the company wide risks and opportunities, more on a strategic level. These can be big macroeconomic challenges such as economic downturn or rapid economic growth, tight labor market or the rights of robots. All these topics and many more can have an impact on the risks and opportunities the company has to manage. Make sure you include these in the risk overview because they will be important to the organization.

Manage Risks

When the risks are identified it is important to start managing them. Some risks can be accepted due to the low impact or low likelihood, others can be transferred by for example getting insurance. However quite a few require a certain type of action on how to mitigate them. Make sure you assign responsible people to specific tasks. It is key to only make one person responsible for each task. This forces the person to take responsibility. Great automation solutions can help a lot in this case. Qooling users make use of the following flow to mitigate the risk.

Conclusion

In the end it is really important that the company has a good overview of all the risks involved, not just only for OH&S and how it can mitigate them. Make sure you have a good system in place on how to identify them. Also ensure you include the employees, as they are key in getting the right information.

Published by:

Root Cause Analysis: 5 Whys

After the elaborate piece on the Cause and Effect diagram we will take a deeper look in the 5 Whys as a root cause methodology.

The concept behind 5 why’s is that you keep on asking the question why did it happen until you reached to the underlying cause. Due to this setup the 5 Whys methodology is a very power tool for the root cause analysis because it forces people to really think about what went wrong.

Example

A wrong product has been delivered by a supplier.

1 Why. Why was a wrong product delivered?

The purchase department provided the wrong information.

2 Why. Why did the purchase department provided the wrong info?

The found this info on the server which they assumed was the latest version.

3 Why. Why wasn’t the latest version on the server?

Sales had been negotiating with the customer and forget to update.

The analysis shows that something went wrong in the process. Modifying the process can prevent this from happening in the future. A possible solution could be adding an addition step in which purchase just cross check with sales before they purchase the goods.

Also in this example it is clear we didn’t reached till the fifth why. This is not important sometimes the root cause is clear after 3 steps sometimes after 5. But for sure the root cause is clear after 5 steps.

Boundaries

When it comes to 5 Whys there are not so many boundaries. The strong characteristic about 5 Whys is that it allows you to find a root cause within purchase while the issue occurred at sales. This broad and inter process root cause analysis can very effective because of characteristic.

However, with the 5 Whys it is very easy to reach a level where it is easy to just blame a person or department. It is important to leave the personal aspects out of the equation and focus on the processes and organisation. Blaming somebody doesn’t help, always try to look at the organisation. So when a particular person is making the same mistake multiple times maybe we should give him or her training to improve his way of working. Or maybe the recruitment process is not how it should be. Just try to prevent blaming people.

Published by:

Insight in Cost of Quality: the hidden gem

Total Cost of Quality is a very important topic but not well known by a lot of C-level managers. When asked about the total Cost of Quality, a lot of C-level managers simply don’t know or give an industry standard. This reaction is understandable but very striking at the same time. In many industries the estimated costs of quality is in the range of 20%, which is some serious money when you are talking about tens of millions or even hundreds of millions.

Open your eyes

Automation can help companies to get a better feeling for their cost of quality. This starts by providing employees with the tools to record a quality issue. A number of companies claim to have very little issues, only because their issue form is around 6 pages. No one in their right mind is going to fill that up so a lot of issues are not even registered. Providing a mobile app with just 2 or 3 fields and an option to add images lowers the burden significantly to report an issue. This will lead to a bigger influx of issues, which is great.

Pick up the issue

Now that the burden of reporting an issue is out of the window, the real power of automation kicks in. The different stages the issue needs to follow can be predefined with pinpoint accuracy which means that the right person can add information precisely at the right time. A good automation solution allows the option to create a structured actions plan, and distributes the action to the designated owner. This connects the corrective actions to the issue on hand.

The automation allows for the hidden costs to get exposed, for example costs like waiting hours by the team or repair hours required to fix the issue. Multiplying these hours with the internal hourly rate, the company will be able to put a price tag to the lost hours. Furthermore, the solution can give an indication of the costs the administration has cost based on the hours worked on the issue.

Finalize

When all the information required for the incident has been provided, the report can be closed. This way of tracking Total Cost of Quality allows management to get a real-time insight in the actual costs. They can always have a clear overview of what all these issues cost the company. Just check the example.

analyse issues

Dashboard

In the end it is very important to get a grip on your total cost of quality and clearly see where the company is bleeding money in order to fix this. You can only take this step when everybody in the company is able to file an issue easily. Have fun increasing your efficiency.

Published by: