Category Archives: iso9001:2015

How to design a good nonconformity report

A good nonconformity report has all the information that is needed, and is easy to understand by others in the organization. This sounds trivial and easy to do, however in practice it can be a lot harder to put together. The report is actually a way to communicate what went wrong somewhere in the company with everybody in the organization. Clear sentences and proper detailed descriptions are crucial. A lot of confusion can be prevented by having an easy to use NC form, so it is vital that it is done correctly.

Keep It Simple

More often than not we see quite complex nonconformity reports. The form has a ton of questions which people in the field don’t feel like filling in. Their jobs are to build and produce, not to fill in forms. So it is important to keep the form simple. Make sure that the people in the field only have to fill in just a couple of questions which holds the bare minimum of information for the manager to create the report.

Reduce Freedom

In order to analyze properly, make sure you use pre-defined fields in your nonconformity form. This way you will have consistent information to analyze. Also ensure that the person filling in the nonconformity doesn’t have the option to come up with a whole story that is hard to understand. These predefined selections make life a lot easier both for the quality department and the person that fills in the form.

Photos

Always add pictures to the nonconformity report. Pictures say more than thousands words and are much easier to interpret by someone else. He or she simply looks at the image and sees what went wrong. All mobile phones these days allow you to take a photo or two of the situation and add it to the report. With the latest quality platforms you now have mobile apps that integrate directly with your quality management system for even faster reports. Check out how Qooling allows you to do this.

Root Cause

Support some kind of root cause analysis for the nonconformities. There are more than enough options to use. Just make sure you pick one and follow through. Some options are:

The root-cause analysis really allows the company to find out why things went wrong. Finding the root cause is important for setting up the right actions to prevent this from happening in the future. Coming up with a solution to just one cause will not lead to the desired results and still leaves room for the same kind of mistakes.

Published by:

Problem Solving Approach (8D) Method

The Eight Disciplines (8D) is a problem solving method for product and process improvement. Its purpose is to identify, correct, and eliminate recurring problems. The structured approach provides transparency, drives a team approach, and increases the chance of solving the problem. 8D follows the logic of the PDCA-cycle. The disciplines are:

D1: Use a Team

Gathering together a good and cross-functional team is a crucial part. Due to a varied composition of knowledge, skills and experience, a problem can be looked at from different angles.

D2: Define and Describe the Problem

Define the problem in measurable terminology: Who, What, When, Where, Why, How, How Much (5W2H analysis). This is a good addition to the problem analysis and can help you to get a clear description of the problem.

D3: Develop an Interim Containment Plan

This may be necessary to temporarily solve the obstacle. For example, to help a customer quickly and meet their expectations, or because a deadline has to be met. Finding the definitive solution in that case is of later concern. The point is that the problem getting worse is prevented, but it does have the goal of implementing the final solution later.

D4: Determine and Verify Root Causes

Before a definitive solution is found, it is important to identify underlying causes that may be at the root of the problem. Use the 5 Whys and cause and effects diagrams to map causes against the effect or problem identified.

D5: Verify Permanent Corrections (PCs)

As soon as the cause of the problem is known, the best solution can be found. From here, permanent corrections can be chosen and checked to solve the problem. It is also important to check whether the chosen solutions have any unwanted side effects. That is why it is necessary to also develop emergency measures that come in handy for unexpected events.

D6: Implement and Validate Corrective Actions

As soon as the definitive solution is clear, you can start with the implementation. By scheduling recurring audits, with a solution like Qooling for example, underlying problems can be eliminated prematurely. You also need to monitor long-term effects and take unforeseen events into account.

D7: Prevent Recurrence / System Problems

Prevention is better than cure. Therefore, additional measures must be taken to prevent you from making the same type of problems in the future. Often it is best to carefully review management systems, operation systems and procedures, and change them where necessary.

D8: Congratulate Your Team!

Recognize the collective efforts of the team. Formally thank team members for their involvement. Use approaches that appeal to each individual member, as not every employee is the same. This is therefore the most important step within the 8D method. Because without the team, the problem could probably not be found and solved. Make sure you celebrate achievements.

The 8D method is a great method to not only reduce product and processing concerns, but also to increase customer satisfaction. A practical workflow solution like Qooling can help you with this in many ways. Experience the many possibilities of Qooling and ask for a free demo.

Published by:

8 Tips for How to Approach the ‘internal context’ in relation to ISO9001: 2015

One of the bottlenecks that I encountered when my customers developed their quality management system to comply with ISO9001: 2015 is the concept of “internal context”.

1 Employee engagement

The engagement of employees is fundamental to the success of every business operation. Reducing turnover also reduces costs associated with recruitment such as agency fees, preparation of contracts and training and inductions.  Engagement with the quality management system is integral to its effectiveness. Everyone at every level should know how they contribute to quality.

2 Training and development

Whether your employees undertake formal external training, an internal development program (such as a graduate scheme or accelerated promotion scheme) or informal sharing of knowledge through a buddy or mentor system, training and development is key to managing a skilled workforce.   A quality management system can help you to identify training needs and maintain appropriate records.

3 Skills and competence

Consider how your quality management system can help you to identify and address skills gaps and ensure you always have the right skills to satisfy your customer requirements.  How will you measure competence to ensure the effectiveness of any training you provide or any specific skills you recruit?

4 Physical resources

Ensuring you have the right physical resources to deliver your promise to customers is essential.  A quality management system can help you get to grips with what you need, where and when you need it and what the potential impact might be if you don’t.

5 Management methodology

ISO 9001:2015 promotes leadership at all levels.  It talks about top management empowering and encouraging leadership to promote the quality management system.  Do all your managers sing from the same hymn sheet? Are your management team clear on the vision, values and goals of the company?

6 Policies

Having robust policies in place to support your business strategy is essential.  Not only do they set out your stance internally for staff members, they can also provide a source of information externally for your customers and suppliers.

7 Mission and values

This is essentially your reason for being in business along with the principles which matter to you in running your business.  These are an important element of a quality management system as they feed in to the policies and management methodology mentioned above.

8 Supplier / partner management

Is your business entirely self-sufficient?  Chances are you rely on at least one key supplier or partner in order to deliver your products or services.  Try categorising them in order of how critical they are to your operations. The ones that you absolutely can’t function without should be your priority to manage.

 

This article has been written by Lucy Payne of valeqms.co.uk

Published by:

Why data is important in Quality Management.

At the center of all quality management systems is the concept of continuous improvement. This implies that you have the ability to prove that there has been some kind of improvement. It may sound straightforward, but it isn’t always that easy to do. Many times there is limited data or even no data to even come up any results. In order to prove progress, it is important to have the consistent data to back it up.

Collecting Data

Data is a main ingredient to show how the company improves on certain KPI’s. However, collecting the data is more often that not a very labor intensive task, mainly done by the quality department. In order to make it easy for the organization to share the required data, it should be fairly easy for employees to do this. A mobile app helps in this process. Having all the important forms at your fingertips makes it so much easier to share this information, which allows the quality department to focus on analyzing the data instead of pushing people to provide it. Also having an open IT infrastructure which allows for sharing data between systems is key in order to pull the data from different sources.

Analysing Data

When the data is gathered it should be analyzed properly. This is not just drawing graphs but also interpreting the changes of the data over time. Different time frames could show interesting effects. Furthermore, mapping out different root causes will give more insight on how to improve the company. It is important to play around with the data and not only focus on the predefined KPI’s. Playing around and plotting different variables against each other can give completely new insights. A great technique to check out where this goes wrong is by using the “Pareto” plot of the data.

 Showing Results

Maybe the most important aspect of using data to improve quality management is communicating the results. Not only to top management, but to the employees within the company. Every employee helps by providing the data. When you involve them in the results of the analysis, they see the impact they had on the company instantly. Which then makes them more willing to share again in the future.

 Pitfalls

The biggest pitfall with analysis data is the inconsistency in the data. It is very important the data is clean and usable. This can be easily checked simply by plotting the data and looking for weird spikes. Also during the setup, it is required to predefine certain choices. When you give employees the option such as “I don’t know” or “general”, they will most likely choose that. This will lead to a lot of data with that option, which completely ruins the possibility to analyze it, so try to prevent these options.

 

Qooling makes collecting information and analyzing it a lot easier by a simple to use mobile app and the straightforward interface of its platform.

Published by:

How to apply the PDCA-cycle to improve your business!

The PDCA (plan-do-check-act) cycle is a four-step approach which is used in business for the control and continual improvement of processes and products. By consistently testing out possible solutions, comparing the results and implementing those that are successful, there is the potential for steady improvement in all areas. Therefore, the PDCA cycle fits exactly to the elements and requirements of the quality management system.

Planning

The PDCA cycle starts with planning, in which your problems or opportunities are identified and understood. Collect as much relevant data as possible and find the cause of the problem. The data can be collected from your recalls, quality issues, safety problems or any other register in which data is accumulated. After the data is gathered, it is important to make a plan according to the mission, vision and values of the company. This allows the company to stay close to what is important for it. Set goals and determine the best way to meet them.

Execution

In the ‘do’ phase, all planned activities of the process take place. Use the approved plan from the previous phase as a starting point. Set a clear goal that you want to achieve and measure the results along the way. Involve the employees while executing the plan – this helps with gaining trust and allows them to contribute to improving the company. It is crucial that data is collected to see what happens over a period of time.

Check

Once the data of the execution phase is collected, it is essential to make it understandable. When the data is known, it is important to benchmark this data against the data that was identified in the planning phase. The initial data was collected to spot certain areas to improve. Now check the new data against your initial goals while at the same time benchmarking it against the old data. According to the results, you can then go to the next step – act.

Act

On the basis of the analysis and results from the previous phases, decisions can be made on whether previous measures and plans need to be adjusted. If necessary, adjust the plan and start again with planning phase. When the results show no consequences, it is important to make the decision to stop the project. This will prevent the company from spending resources on projects which have a low likelihood of adding value.

How PDCA Is Covered in Qooling

Qooling allows for easy gathering of information throughout the company. This data can be used to identify improvement projects and plan ahead for them. During the execution phase you can assign tasks to employees and again allow them to share information fairly easily. The information can then be used to check the results and benchmark against the situation which occurred months ago. This way the results can be found by the a few simple clicks.

Conclusion

The PDCA-cycle is a great way to improve the operations, but similar to most management practices it is important to gather the data to check the progress. Gathering this information isn’t always easy or straightforward, so it is important to use the proper solutions to get accurate results.

Published by:

When is an Audit not an Audit?

When you decide to become ISO certified you go through a series of steps and the certification body you choose also goes through a series of steps. Some companies hire a QA or QHSE Manager to undertake this task whereas others bring in outside help. The path you choose really depends upon your budget and how much time you are able to spend on writing processes, policies, procedures, job descriptions, conducting audits, writing reports, performing an audit, etc.

The consultant and certification body you choose have a huge impact on the integrity and robustness of your system.

Internal and 3rd Party audits serve two purposes. The audit by the Certification Body is obviously to get the certificate. The initial internal audit is to ensure that the QMS/QHSE system is ready for the 3rd party audit and subsequent audits ensure that the system maintains its integrity.

This is where 3rd party auditors play a key role. If 3rd party auditors do a bad job during audits it sends the wrong message to the companies’ management and internal auditors. A bad audit may take place because (1) the auditor is inexperienced in the industry he is auditing, (2) he generally lacks audit experience or (3) it’s deliberate. It is the latter that is the most worrying and is what I like to call a ‘fake audit’.

So what happens during these fake audits? Here are the signs to look for:

1.     The consultant comes with a 2 in 1 package, i.e. get the consultancy and the certificate for one fee. In essence, well known Certification Bodies’ fees are not cheap for a reason and these are separate from the consultant’s fees.

2.     A certificate is issued without an actual audit; maybe just after a meeting or a desktop audit.

3.     If the auditor does turn up and conducts an audit, obvious major or numerous minor non-conformities are ignored. In other words non-conformities are not issued when they should be.

4.     The Auditor says one thing to the Management Representative and another to the company management.

5.     Instead of focussing on the audit, the auditor spends more time complaining about his job and wishing he worked in a company like yours. This might give an indication as to why he is being soft.

Therefore, it’s worth remembering that not all certificates are the same.

This article has been written by Birjees Hussain

Published by:

Managing small business risks

Risks are inevitable.  Whether in life or in business, things happen that we can’t control.  What we can control is how we respond to those events and occurrences.

Managing small business risks is often as simple as having someone else to open up for you if your main key-holder is delayed.  Or having somewhere to divert your phone to if you’re unavailable. Or having a back-up plan in case your broadband service fails.  These things might not initially seem worthy of a full risk analysis when compared to the risks faced by bigger organisations.  But, if any of them actually happened, do you know how you would deal with them?

Identifying risks

In its ISO 9001 definition, risk is the effect of uncertainty.

Not many of us have a crystal ball handy to gaze into and predict the future, but we can consider things which might reasonably happen.

In my earlier blog on risk management, I talked about risks in relation to quality and how they can arise internally and externally to your business.   One really easy way to identify risks is simply to think about, and list, all the things that could realistically go wrong which would upset your customers or leave you unable to carry out your business.

  • How much do you rely on your utilities services to be able to function?
  • What would happen if a ‘flu epidemic wiped out half your employees for a week?
  • How would you carry on if your landlord served notice on your business premises?

Using my tips on the Process Approach may help to identify where risks occur in your business processes.

Assessing risks

Your own attitude to risk will differ from someone else’s so any steps you take to address risk may also be different.  There is no one-size-fits-all approach.

Having said that, a fairly common method is to assess the likelihood of the risk occurring and the severity or impact if it does.  You can score these out of 3 or 5, depending on your preference.  Then multiply the likelihood by the impact to reach the overall risk score.

You decide the score threshold at which you need to take action to reduce or mitigate the risks.  Anything above your threshold will need some action.

Considering plan B

The way you counter these risks may be different for each one identified.

Having a back-up plan for agency staff resources may be enough to satisfy the risk of large scale sickness absence.  Or you could decide to provide everyone with a ‘flu jab each year.  The point is that it’s up to you.

If access to the internet is essential to carrying out your everyday business activities, you may consider investing in a mobile broadband unit on a pay-as-you-go or a pay monthly contract.  One of my clients did this just recently as a result of our earlier session on risks and opportunities.  They even got to use it much sooner than expected when their office broadband failed.

Business benefits

The business benefits of managing risks can be diverse.  Whether it’s managing supply your chain, ensuring profitability, securing funding for your next project through good governance and robust risk management or simply helping you sleep at night, taking action is the most positive step you can make.

This article has been written by Lucy Payne of valeqms.co.uk

Published by:

GDPR in Quality Management

The date that the General Data Protection Regulation (GDPR) is coming into effect is approaching soon. This new law affects almost all companies, but it can have a bigger effect on certified companies. Regardless of the certificate the company holds, all ISO certificates have the fundamental rule:

“The organization needs to demonstrate that they meet the legal requirements.”

This small but fundamental rule means that the certificates are only valid when an organization operates according to the law. Now we know that laws can be fluid and also contradicting depending on regions and countries, but we won’t go into this now. It is fair to say that all companies need to operate according to the GDPR. In this blogpost we provide some easy tips on how this can impact your management system. In the end a lot of companies treat compliance to laws in the same region as compliance to international standards.

The Data

There is a lot of data going through the company. In order to understand which data is stored where, classifying the data helps a lot. A good point to start with is classifying the data owners in line with the stakeholders identified in the stakeholder analysis. Most data can be classified into three categories: customers, employees and suppliers. When the type of stakeholder is known, it is important to classify the kind of data, such as: personal data, company data, payment data, etc. These classifications are highly dependent on the type of service or product you deliver. It is important to know where the data is stored. In order to have this overview you should map out all the products/services you have that hold any kind of data. Some topics we use for such a register are:

  • Company name
  • Contact person
  • Purpose of data
  • Type of Stakeholder
    • Customer
    • Employee
    • Supplier
  • Type of Data
    • Contact details
    • Payment details
    • Personal details
  • Duration of saving
  • Agreement (PDF of contract)

Management System

On top of the register there are some processes that need to be added. People now have more rights, and in order to observe that it is important to document how you support these rights. Two important points here are:

  • How is the organization going to make sure that people have the right to be forgotten? In essence, how are you going to delete all their data across all databases?
  • How will the organization support a request from a customer to get an overview of all the information the organization holds of that person?

These are just two important questions, but it shows that clearly defined processes should be in place and therefore must be added in some way to the management system.

Organizational Impact

The organization can be quite significant. You need to assess whether a data protection officer is required. The three main assessment points are:

  • Public authorities or bodies, except for courts acting in their judicial capacity.
  • Companies who process data requiring ‘regular and systematic monitoring of data subjects on a large scale’.
  • Companies who process, on a large scale, any special category of personal data. This includes data which reveals racial or ethnic origin; political opinions; religious or philosophical beliefs and other such information.
  • Companies who process, on a large scale, personal data relating to criminal convictions and offences.

In case you are required to appoint a data protection officer it is good to include this in the management system, just like your prevention officer is part of the management system.

Policies

The last important part of the GDPR is that the organization has a clear policy on how to handle data and how to protect it. This policy should be readily available and easy accessible for stakeholders.

Impact on Management System

With the requirement to work according to the law and regulations, the GDPR has a clear impact on most management systems around the world. Due to the overlap in a lot of best practices within international standards, we recommend to make the GDPR an inclusive part of your management system, and not to treat it as a separate part.

If you want to know how you can structure a lot of the GDPR related activities within an integrated management system, just contact us.

Published by:

Risk management in relation to quality

The concept of risk-based thinking has been adopted explicitly by ISO 9001:2015 and replaces the previously stated requirement in ISO 9001:2008 for ‘preventive action’.

In ISO 9001 , risk is defined as ”the effect of uncertainty”. Therefore, risk management in relation to quality, involves the identification, assessment and prioritisation of risks to product or service conformity.  The purpose of this activity is to minimize the potential negative effects of opportunities and risks.

Risk in relation to quality

Both internally as externally quality risks can arise to the company. Internal risks include:

  • shareholders
  • employees
  • equipment
  • technology/software
  • storage of raw materials
  • storage of finished products
  • after-sales support

External risks, which could extend throughout the supply chain, include:

  • landlord
  • legal/regulatory compliance
  • suppliers/delivery partners
  • clients/customers
  • political/social/economic factors
  • special interest groups/action groups
  • general public

Identifying and assessing risks

Tools and techniques to assist in the identification of such risks to quality include brainstorming, fault tree analysis, process mapping and failure modes and effects analysis (FMEA). Effective application of these tools can help to identify risks.

Options to address risks

Options for addressing risks include:

  • avoidance of the source of the risk
  • taking action to reduce the likelihood of the risk
  • taking action to reduce the severity of the risk
  • transferring the risk to a third party
  • retaining the risk under informed decision (perhaps in order to pursue an opportunity)

Benefits of addressing risks

The benefits of addressing risks include:

  • reduced likelihood of occurrence
  • reduced insurance premiums
  • added assurance for investors/shareholders
  • improved customer satisfaction
  • improved employee engagement

Following a thorough risk assessment of your business operations, you can formulate a comprehensive, robust and practical Business Continuity Plan and/or Disaster Recovery Plan.  As a result, you are able to be proactive in identifying risks and addressing potential pitfalls.  This is surely preferable to simply leaving your business success to chance.

This article has been written by Lucy Payne of valeqms.co.uk

Published by: