Category Archives: QHSE

SWOT analysis – Context of the organisation

The SWOT analysis is a business tool that is widely used. The introduction of chapter 4 “Context of the organisation” within the new ISO standards makes this technique applicable for management systems. Since then, it has been commonly used by quality and safety managers for improvement and development, The new versions of the ISO standards require companies to perform an in-depth analysis of the current context of the company. The internal as well as external factors have to be identified and understood properly to conduct a thorough investigation. For a long period of time, the SWOT analysis has proven to be an excellent tool for businesses to minimize their weaknesses, focus on their strengths and take advantage of beneficial opportunities.


In order to use the SWOT analysis properly it is always good to understand some of the pitfalls that come with it. A large number of managers and academics criticise the tool because it is a “low grade” form of analysis. To have a good exercise you should consider the following flaws:

  • Excessive lists of strengths, weaknesses, opportunities and threats;
  • No prioritisation of factors;
  • Factors are described too broadly;
  • Factors are often opinions not facts;
  • There is no recognised method to distinguish between strengths and weaknesses, opportunities and threats.


Most people use the approach of starting from the inside out. This technique begins by looking at the inside of the company, and understanding their strengths and weaknesses. When those are identified they can then discover the external factors such as opportunities and threats.

The inside

During identifying the strengths and weaknesses, you should look at every factor that is related to the internal environment of the organisation. Look for reasons why the company is doing better than their competitors due to internal strengths or where the company lacks these strengths and improvements can be made. Some resources to take into consideration are:

  • Land, equipment, knowledge, brand equity, intellectual property, etc.
  • Core competencies
  • Capabilities
  • Functional areas such as management, operations, marketing, finances, human resources and R&D
  • Organisational culture
  • Value chain activities

The outside

When identifying the opportunities and threats, you should look at the uncontrollable factors outside of the organisation. These factors can be very broad, such as worldwide factors or local points when it comes to local laws. Some points to think about are:

  • Market changes such as globalisation.
  • Competitors
  • Changes in laws and regulations
  • Big macroeconomic changes such as population of country, demographical changes
  • Political hot topics

Good practices

The following bullets will help you to structure the analysis to get the most value out of the exercise:

  • Identify factors relative to the competitors. Thismakes it possible to specify whether the factor is a strength or a weakness.
  • List between 3 – 5 items for each category. By doing this, it prevents the creation of lists that are either endless, or too short.
  • Items must be clearly defined and as specific as possible. For example, a firm’s strength is: brand image (vague); strong brand image (more precise); brand image valued at $10 billion, which makes it the most valued brand in the market (very good).
  • Rely on facts not opinions. Find some external information or involve someone who could provide an unbiased opinion.
  • Factors should be action orientated. For example, the “slow introduction of new products” is an action orientated weakness.

In order to be able to make use of the analysis it is important to prioritise the different factors. This helps to come up with an actionable plan on how to make the company stronger and prepared for the upcoming changes.


Published by:

Transition to ISO9001:2015

The first important question to ask is why would you change to the ISO9001:2015 version. Apart from the fact that it is obligatory if you want to stay certified, it has other advantages.

Integrated system

Quite a lot of companies are certified for multiple standards. The new High Level Structure (HLS) of the ISO9001:2015 makes it easier to combine several of these standards. The HLS is embedded within more standards such as the ISO14001:2015, ISO27001:2008 and many more. This new approach makes it easier to create a single integrated management system to support all the standards that apply to your company.

Risk based thinking

The new version has risk based thinking at the center of the company. It requires companies to understand their risks and take actions accordingly. Understanding the context of the company and which opportunities and risks there are in the market. And last it should give a clear overview of the stakeholders and the power they have. All this information isn’t required to be documented but in order to properly manage all the information it is a good practice to create a specific document for it.

Opportunity to reduce complexity

The new version is less strict and gives a lot of room to reduce complexity. There are no obligatory procedures any longer and there is more freedom on how companies describe their activities. Although in practice many companies do not change or delete procedures, they could in theory. The reduction of complexity does make it easier to manage the entire management system since some documents can be delete or combined. This reduces the time of document control and redistribution of new versions, which leads to less mistakes in using old versions by the team.


In the end, switching to the new ISO9001:2015 standard is a requirement, but the implications for your company will not be all that significant. We see many companies first performing the minimal changes to get certified for this new version before they start to really make the system more efficient. This is a pretty standard practice because it reduces the risk of losing the certificate. On the other hand, updating the management system to the ISO9001:2015 version is a good opportunity to completely update the management system. We would love to hear which approach you prefer, put it in the comments or drop an email!

Published by:

Management review – Where to focus?

Many quality managers are having a hard time getting support from management. The yearly management review is an opportunity to get the opinion of higher management when it comes to the management system. In that respect, it can be described as a yearly check of the engine.

Management review: the structure

Every company has its own way of handling the management review. There is of course the required input which is stipulated in the standard such as:

  • Status of the action points from last management review
  • Major changes that have an influence on the management review
  • Info about the effectiveness of the management system such as:
    • customer satisfaction results
    • the extend to which the goals are reached
    • corrective actions and deviations
    • audit results
  • Company defined KPIs which may include
    • Number of ill employees
    • Number of quality issues
    • Number of safety issues
    • Number of environmental issues
  • The availability of required resources
  • The actions taken to reduce risks
  • The opportunities for improvement

Besides the review of last year a quick peek into the future is mostly part of the exercise. This covers the goals/objectives for the coming year and the major changes that are expected. These are the standards and sometimes even mandatory checks for the management review. However to really get input from different perspectives, more unambiguous question are needed. An example is:

How is the management system supported by the company overall?

This question forces management to think about how the entire company contributes to the management system, not just the quality management team. The input of every individual within the company is crucial to get an effective management system in place: the more people contribute the better. Upper management should really think about how employees perceive the management system and take away the hurdles for people to contribute to it. To achieve this it is for example important to make it easy to file issues and encourage proposal of improvements. Forcing management to think about these topics once a years isn’t that bad at all even though it might contain questions that are difficult to answer.

High Level Structure

With the new standard some new topics could be added to the management review. The management review is a great opportunity to re-evaluate the risk analysis, context analysis and the stakeholder analysis. During the management review management can check if the documents are still up to date. It could very well happen that some major market changes have occurred which introduced new risks.

Recommended is to keep the stakeholder analysis, context analysis and risk analysis active by reviewing the documents regularly. The management review is a great point in time to re-evaluate them once again.

Let us know how you perform your management review in the comments.

Published by:

Internal audit – Involve more people to get better results

On November 3th we hosted another free Workshop “Get the most out of your Internal audit”. After the feedback of last edition we decided to create more interaction to the workshop. The presentation was shortened and the actual doing was extended. We did this to increase the collaboration between the quality professionals.

Intern audit event

Internal audit

During this edition of the workshop the participants performed an actual Brown paper audit under the guidance of Emiel Kort. Emiel showed how to apply the methodology and what the added value of this type of audit can be. All the participants agree on the following added value:

  • Get a feeling for what colleagues do
  • Easy to identify the point for improvement
  • Internal audits can be more fun this way

Again the event was a great success. The participant learned a lot of new techniques from Emiel as well as their peers. Due to this success we are planning to organise more of these events so keep an eye on our linkedin page.

Published by:

Internal audit – pick the right strategy for your internal audit

Internal audits can be performed in so many different ways that it can become pretty tough to pick the best techniques for an internal audit. To name a few techniques: department based audit, employee based audit and clause based audits. Even though these techniques have their own unique advantages they all treat the processes in silo’s.

Most of these techniques make use of some sort of checklist to guide the auditor. This list allows the auditor to simply check whether or not evidence is present that the process is being followed. This is a good approach to check if the processes are followed but doesn’t say anything about the overall performance of the company with respect to the applicable norms.

This same techniques can be used to check compliance to certain standards. The compliance check is an important exercise and should definitely be performed at least once a year (depending on the frequency of changes of the different standards). However, for the company to gain insight in the added value of the processes it is important to also audits with respect to the interactions of them. This additional analysis shows the effectiveness of the process. Like when the required output from the sales process doesn’t align with the production process.

When the audits are ready, the most important activity is cross checking the outcome of those audits. The common denominator of the audits is one of the best input for improvement actions. A good example is when 8 out of 10 sales employees don’t follow a certain procedure. We would go over the procedure/process and that specific internal audit and perform a 5-why root cause analysis to see why all 8 employees break this procedure. When the root causes are clear and they are pretty similar for the entire workforce changes can be made to the procedure.

Internal audits are very important to check the effectiveness of the company but make sure they aren’t performed in separate silos and perform cross audit analysis to really gain insight into the effectiveness of the procedures. The second lesson is: apply a diversified audit strategy. Every audit technique has his own advantages. Make sure you use them all.

Published by:

Risk Management in ISO 9001:2015

Risk management is one of the basic requirements as described in the HLS (High Level Structure). This HLS applies to all standards that “are plugged into it” and the High Level Structure (HLS) of the new ISO management systems has six clearly distinguished elements:

  1. Leadership and Creativity
  2. Risk
  3. Compliance Management
  4. Process Approach
  5. Improve Management
  6. Monitoring and Detection

When integrating systems such as ISO 9001, ISO 14001 and OHSAS 18001, we have always looked at overlapping elements as “lean and mean” and their integration as much as possible. However, this blog is not so much about this radical change at first sight. A bigger change I see for yourself in the refurbishment of the elements Corrective and Preventive actions.

The elements Correction and Preventive encountered resistance in many organisations. Discovery of errors is often bad enough, administering them is like treason and investigation the root cause is insane. With this percepetion, of course, you can never keep it nice and cosy in the company. Thoughts about risks, and recording them is often experienced as an “American” experience to be able to blame afterwards.

The first two points of the HLS are therefore extremely important and elementary. New? No, not at all! Most companies estimate – prior to projects or processes – all the risks and try to eliminate them.  In the years ahead – I expect – leadership herein are key. In this time of uncertainty good leadership is essential, after all, despite all the tensions a culture that allows errors – but don’t make the same mistake twice AND be able to demonstrate a decent performed risk assessment – is necessary.

With this in mind words like creativity, leadership and risk management as described in the new standard gives a lot of homework to companies.

Actually, isn’t it is a pity that we have misunderstood the paragraph “Preventive action” for all these years?


Guest author: Robert Paul Boer

Published by:

Digital Quality and Safety Management

A question often asked is “Why would we want to use a dedicated digital solution for our quality and safety activities while Office and an intranet are working just fine?”. It indeed might work just fine, but that is also where the issue lies. Exactly in those two words: “just fine”.

Why digital?

A dedicated digital solution is defined as a solution which has the ability to manage all quality and safety related activities such as procedures, forms, issues, incidents, NCRs, CAPA and other registers. These solutions aggregate all information needed to make good business decisions and reduce business risks. They give deep insight in the cost of lack of quality and allow every employee to easily engage with the information.

The Office based solution might work just fine but requires many manual actions and is therefore not only labor-intensive but also prone to mistakes. A simple example is version control on procedures and processes. This administrative action can lead to employees using outdated versions. In addition, especially for companies where e-mail is used extensively, distribution is an issue and people tend to re-use wrong versions. The same goes for internal forms. 

A digital solution helps companies prevent such mistakes from happening. Furthermore, the registration of for example NCRs and corrective actions can all be automated and linked. For example during an audit an NCR is identified and should be filed. This requires another form for the NCR plus the additional corrective actions should be registered. Good digital solutions have an easy to use interface where the entire registration process can be done on a single screen which saves over 75% of the time.

The next big advantage of a digital quality and safety management solution is the ability to have a good insight in what goes on in the management system. The structured data makes it easy to visualize what is valuable. Dashboards give great insight in the actions to be taken and status of certain KPIs. A good example is the ability to see which suppliers are doing great and which ones should improve.

The latest digital solutions have a mobile application. This allows for all kind of data collection which wasn’t possible in the past. Service engineers can easily report issues on the go while warehousing personnel can report issues when supplies are not delivered according to quality demands. These new streams of data weren’t reaching management in the past, because of the cumbersome process that required the reporter to be behind a desk or having the latest forms printed.

The decision to implement a dedicated digital solution to manage the quality and safety aspects of the company will add a lot of value by means of the opportunities described above.

Like to find out how a digital solution can streamline your business? Contact us


Published by:

Non conformance report: what’s in it for me?

The non conformance report: what’s in it for me?

In a previous blog post we gave a few tips on when to write an NCR. However, a lot of employees still don’t write an NCR even though they should. The main reasons for not writing the NCR are; 1) they don’t see the added value and 2) they are afraid to get punished for it. In this blog post we will dive deeper into these reasons.

Not seeing the Added Value

Many employees don’t write an NCR because they don’t see the added value. This is a shame, because there is a lot to gain for not only the employer but also the employee. A proper follow up and root cause of the NCR provide valuable insights into what is going wrong within the organisation. Without this analysis the company is not able to improve the way of working, which ultimately benefits the employees and should make life easier for them as well. Hence, it is very important that employees write NCR’s in order to gain these insights.

In order to get employees involved in process improvement, communication is key. Many are willing to share their knowledge when they see that management takes them and their feedback serious. Always make sure to communicate the results of a root cause analysis with involved employees and ask for potential improvements. It is even better to include them in the entire process. This attitude will prove them that they do have a voice in the improvement process of the company. Moreover the direct effect of the NCR they wrote becomes visible.

Afraid of Punishment

Surveys show a major part of the workforce marks “making errors on the job” as their number 1 fear. We are all humans, and everyone makes mistakes. A company can only learn from her mistakes when the employees are willing to write NCR’s, and therefore admit them. Particularly important is to realise that nobody makes a mistake on purpose and that sometimes a mistake actually is a flaw in the (management) system.

It is crucial that management never punishes employees for making mistakes and reporting it. Ultimately this causes the learning cycle of the company to stop. Management should guide and train the people who have direct responsibility over the root cause of the NCR’s and never punish anyone. For instance, when a particular employee is involved in a number of NCR’s it is of major importance that management has an open mind about why this happens. It could very well be that the company didn’t provide the person with the right tools or training.

Based on these two reasons we can (again) conclude that company culture plays a big role in the willingness of employees to write NCRs. When people feel happy and aren’t afraid they will be more open and share all the things that went wrong easier. Therefore it is important that management does whatever it takes to prevent a blaming and shaming culture within the organisation. Such a culture would be detrimental to a company who would like to learn from its mistakes.

Please share your experiences in the comments.

Published by: