Category Archives: Quality

How to apply the PDCA-cycle to improve your business!

The PDCA (plan-do-check-act) cycle is a four-step approach which is used in business for the control and continual improvement of processes and products. By consistently testing out possible solutions, comparing the results and implementing those that are successful, there is the potential for steady improvement in all areas. Therefore, the PDCA cycle fits exactly to the elements and requirements of the quality management system.

Planning

The PDCA cycle starts with planning, in which your problems or opportunities are identified and understood. Collect as much relevant data as possible and find the cause of the problem. The data can be collected from your recalls, quality issues, safety problems or any other register in which data is accumulated. After the data is gathered, it is important to make a plan according to the mission, vision and values of the company. This allows the company to stay close to what is important for it. Set goals and determine the best way to meet them.

Execution

In the ‘do’ phase, all planned activities of the process take place. Use the approved plan from the previous phase as a starting point. Set a clear goal that you want to achieve and measure the results along the way. Involve the employees while executing the plan – this helps with gaining trust and allows them to contribute to improving the company. It is crucial that data is collected to see what happens over a period of time.

Check

Once the data of the execution phase is collected, it is essential to make it understandable. When the data is known, it is important to benchmark this data against the data that was identified in the planning phase. The initial data was collected to spot certain areas to improve. Now check the new data against your initial goals while at the same time benchmarking it against the old data. According to the results, you can then go to the next step – act.

Act

On the basis of the analysis and results from the previous phases, decisions can be made on whether previous measures and plans need to be adjusted. If necessary, adjust the plan and start again with planning phase. When the results show no consequences, it is important to make the decision to stop the project. This will prevent the company from spending resources on projects which have a low likelihood of adding value.

How PDCA Is Covered in Qooling

Qooling allows for easy gathering of information throughout the company. This data can be used to identify improvement projects and plan ahead for them. During the execution phase you can assign tasks to employees and again allow them to share information fairly easily. The information can then be used to check the results and benchmark against the situation which occurred months ago. This way the results can be found by the a few simple clicks.

Conclusion

The PDCA-cycle is a great way to improve the operations, but similar to most management practices it is important to gather the data to check the progress. Gathering this information isn’t always easy or straightforward, so it is important to use the proper solutions to get accurate results.

Published by:

How management buy-in can help ISO implementation

One of the most difficult tasks that a person may need to undertake before approaching the ISO topic is to win the buy-in from top management. QHSE is considered a cost center where resources are spent to implement and manage the system, but the benefits may not be immediately apparent.

Of course, a key concern for top management is a healthy bottom-line. This is communicated to all department heads in the form of KPI’s with accountability. This means that everyone knows what is important for top management and what is expected of them. But this rarely happens when it comes to ISO.

Sending the right message to your people about the importance of cooperation with the implementation project means a smoother transition. Things get done in a more timely manner. With the right level of support, within six months you must be able to build a completely integrated management system across multiple locations and different business units.

Depending on the size and complexity of an organization, an ISO system contains multiple components. How quickly these are prepared and ready for use depends on the involvement of top management.

So what happens if the management doesn’t send the right message?

Not much attention is paid to ISO and the initial never gets off the ground, usually because the QA Manager leaves it to the departments. In this case, departments are so busy that they never manage to do their part. As a result, the term of 2 weeks changes in 1 month, then 2 months, etc.

Internal auditors are trained for a period of 2 days, but when audits are required, most trainees are not available. And if they are, they rush through the audits, missing crucial non-compliances.

There are challenges for your authority as an auditor. Non-conformities do not get addressed in a timely manner. Corrective and Preventive Actions don’t get adequately implemented or they are addressed in a rush to get you out of the way.

Requested data such as those for KPIs, HSE and customer feedback are never sent or you have to ask for it again and again.

There is a poor turnout at management assessments or safety committees.

These are the worst case scenarios, but not uncommon.

So how do you bring management on board?

  • Work out the Cost of Quality and that is not the cost involved in implementing and managing it.
  • Calculate the direct costs of not implementing health and safety, but also highlights the indirect costs of the more difficult to quantify, but are costs nonetheless.
  • Explain what QHSE would mean for their customers and future customers.
  • Explain how a QHSE system would improve their supplier relationships and business results

Because money is an important subject, it is important to emphasize that QHSE is not only a cost center, but also a profit center, provided that they become involved.

This article has been written by Birjees Hussain

Published by:

Process approach to GDPR

In our previous post on GDPR we touched upon the impact it has on your quality management system. We also gave some examples of important topics you should take into consideration. Last week we had a great consulting session with our trusted partner on GDPR and which areas are best to focus on. In this post we will give you some of the useful tips and tricks that came out of that meeting.

Process Approach

The process approach is a good way to find out when and where your company touches personal data. This can easily be done by walking through the processes that are followed within the company. For example, start with sales and go all the way through to the point where the invoice is sent to the customer. When the primary processes have been checked, the secondary processes such as HR and IT can then be checked. This exercise will show you exactly where personal data is touched. Make a list of all the points where this data is handled by your suppliers.

When you are aware of which data is in the company, think about who is handling the data and different ways that it can be handled. You can classify the data as described in our previous post. Make sure you clearly describe who is the processor of the data. When the data is classified and you describe why you need it, you put an expiration date on it and you are good to go.

Sub Processors

An important part to think about is sub processors. Sometimes you are not the one that has the power to change the data, but you give that right to someone else, your sub processor. A good example where you see this often is salary slips. A lot of the time it is accounting firms that are the ones managing the salary slips. However, the majority of companies don’t do this themselves, but they also outsource this to a dedicated supplier. When this is the case make sure you have an agreement in place between you and your accounting firm, because they have the ability to alter the data. In this setup the accounting firm needs to have a data processing agreement with the company that processes the data. And remember, don’t forget to ask your supplier for a data processing agreement.

We provided dozens of companies with the easy to use tools to manage their GDPR and compliance in a broader sense of the word. Want to know how we accomplished this? Feel free to contact us.

Published by:

GDPR in Quality Management

The date that the General Data Protection Regulation (GDPR) is coming into effect is approaching soon. This new law affects almost all companies, but it can have a bigger effect on certified companies. Regardless of the certificate the company holds, all ISO certificates have the fundamental rule:

“The organization needs to demonstrate that they meet the legal requirements.”

This small but fundamental rule means that the certificates are only valid when an organization operates according to the law. Now we know that laws can be fluid and also contradicting depending on regions and countries, but we won’t go into this now. It is fair to say that all companies need to operate according to the GDPR. In this blogpost we provide some easy tips on how this can impact your management system. In the end a lot of companies treat compliance to laws in the same region as compliance to international standards.

The Data

There is a lot of data going through the company. In order to understand which data is stored where, classifying the data helps a lot. A good point to start with is classifying the data owners in line with the stakeholders identified in the stakeholder analysis. Most data can be classified into three categories: customers, employees and suppliers. When the type of stakeholder is known, it is important to classify the kind of data, such as: personal data, company data, payment data, etc. These classifications are highly dependent on the type of service or product you deliver. It is important to know where the data is stored. In order to have this overview you should map out all the products/services you have that hold any kind of data. Some topics we use for such a register are:

  • Company name
  • Contact person
  • Purpose of data
  • Type of Stakeholder
    • Customer
    • Employee
    • Supplier
  • Type of Data
    • Contact details
    • Payment details
    • Personal details
  • Duration of saving
  • Agreement (PDF of contract)

Management System

On top of the register there are some processes that need to be added. People now have more rights, and in order to observe that it is important to document how you support these rights. Two important points here are:

  • How is the organization going to make sure that people have the right to be forgotten? In essence, how are you going to delete all their data across all databases?
  • How will the organization support a request from a customer to get an overview of all the information the organization holds of that person?

These are just two important questions, but it shows that clearly defined processes should be in place and therefore must be added in some way to the management system.

Organizational Impact

The organization can be quite significant. You need to assess whether a data protection officer is required. The three main assessment points are:

  • Public authorities or bodies, except for courts acting in their judicial capacity.
  • Companies who process data requiring ‘regular and systematic monitoring of data subjects on a large scale’.
  • Companies who process, on a large scale, any special category of personal data. This includes data which reveals racial or ethnic origin; political opinions; religious or philosophical beliefs and other such information.
  • Companies who process, on a large scale, personal data relating to criminal convictions and offences.

In case you are required to appoint a data protection officer it is good to include this in the management system, just like your prevention officer is part of the management system.

Policies

The last important part of the GDPR is that the organization has a clear policy on how to handle data and how to protect it. This policy should be readily available and easy accessible for stakeholders.

Impact on Management System

With the requirement to work according to the law and regulations, the GDPR has a clear impact on most management systems around the world. Due to the overlap in a lot of best practices within international standards, we recommend to make the GDPR an inclusive part of your management system, and not to treat it as a separate part.

If you want to know how you can structure a lot of the GDPR related activities within an integrated management system, just contact us.

Published by:

How to keep your quality management system simple

That may sound like a contradiction in terms, particularly if you’ve ever read a management system standard document! They’re not the simplest of things to comprehend but that doesn’t mean your management system has to be just as hard work.

Keep it simple!

A quality management system is mainly focused on customer satisfaction, in which a healthy amount of risk management is introduced for a good dose.

The vast majority of business owners want happy customers and lower risks right? So think about the steps that you naturally take to ensure these are achieved and hey presto! you have the basis for implementing your system.

You don’t have to reinvent the wheel. It is not necessary to make a shoehorn in extra forms, registers, checks or balances to meet a theoretical need. Start with what you have and keep it simple.

Mandatory requirements

Among the mandatory requirements of a formally certified quality management system are a quality policy and quality objectives. Even if you have no need for a formally certified system, your business can still benefit from having these in place.

Your customers will be happy that you’re demonstrating your commitment to quality. Your business will have additional direction and purpose created by your quality objectives.

Be authentic

The remaining requirements of a quality management system include sufficient process documentation that you can be sure things are working to plan. You will define the measures of success and when and how these are to be monitored and evaluated.

Don’t be tempted to download a template package. Yes, I know it’s free and it promises to be super easy. The reality is it will never be anything more than a burden. Be authentic. Write your own.

Simply the best

The best systems are the simplest ones. Simplicity doesn’t mean that something isn’t fit for purpose. Conversely, just because something is complicated doesn’t mean it’s better.

The best person to write your policies and processes is you. You can employ the services of a consultant to coach and guide you. They may even do some writing for you but ultimately you know your business best.

If you’re a slightly bigger business with segregated duties and responsibilities, get the process owners to do the writing. Process owners are the people who operate and/or manage an activity on a daily basis. The experts.

 

This article has been written by Lucy Payne of valeqms.co.uk

Published by:

Risk management in relation to quality

The concept of risk-based thinking has been adopted explicitly by ISO 9001:2015 and replaces the previously stated requirement in ISO 9001:2008 for ‘preventive action’.

In ISO 9001 , risk is defined as ”the effect of uncertainty”. Therefore, risk management in relation to quality, involves the identification, assessment and prioritisation of risks to product or service conformity.  The purpose of this activity is to minimize the potential negative effects of opportunities and risks.

Risk in relation to quality

Both internally as externally quality risks can arise to the company. Internal risks include:

  • shareholders
  • employees
  • equipment
  • technology/software
  • storage of raw materials
  • storage of finished products
  • after-sales support

External risks, which could extend throughout the supply chain, include:

  • landlord
  • legal/regulatory compliance
  • suppliers/delivery partners
  • clients/customers
  • political/social/economic factors
  • special interest groups/action groups
  • general public

Identifying and assessing risks

Tools and techniques to assist in the identification of such risks to quality include brainstorming, fault tree analysis, process mapping and failure modes and effects analysis (FMEA). Effective application of these tools can help to identify risks.

Options to address risks

Options for addressing risks include:

  • avoidance of the source of the risk
  • taking action to reduce the likelihood of the risk
  • taking action to reduce the severity of the risk
  • transferring the risk to a third party
  • retaining the risk under informed decision (perhaps in order to pursue an opportunity)

Benefits of addressing risks

The benefits of addressing risks include:

  • reduced likelihood of occurrence
  • reduced insurance premiums
  • added assurance for investors/shareholders
  • improved customer satisfaction
  • improved employee engagement

Following a thorough risk assessment of your business operations, you can formulate a comprehensive, robust and practical Business Continuity Plan and/or Disaster Recovery Plan.  As a result, you are able to be proactive in identifying risks and addressing potential pitfalls.  This is surely preferable to simply leaving your business success to chance.

This article has been written by Lucy Payne of valeqms.co.uk

Published by:

KPI management

Key Performance Indicators (KPIs) are a very important part of a (integrated) management system. They can show how good or bad the management system is functioning. However, we see a lot of KPIs defined and monitored by quality that are mainly focussing on compliance to standards, such as number of audits performed, number of inspections performed, number of sick days, etc. We do believe that when KPIs are more aligned with company goals, the impact of the management system will be a lot bigger. In line with that reasoning you as a quality management should own these KPIs. Make them your responsibility even though you might not have a direct effect on them. Simply own them and make the line managers or operational managers also part of that process in order for the alignment to work.

It Is Not About Absolute Figures

We are a strong believer of ratios when it comes to KPIs, simply because a lot of one dimensional figures don’t work when the company gets bigger. When you have more orders there is a good chance more things can go wrong and more people are getting ill, so use ratios.

Some great examples include recall per X units manufactured or issues per Y units purchased from supplier B. Ratios allows for scaling whilst still giving a great insight.

Align with Business

In order for the business to get some real value out of the management system make sure the KPIs are aligned with its goals. For example, track quality issues per model or per project and put a financial figure to it. Even though the figure might not be very accurate, it is so much better than working with nothing at all.

With this setup you as a quality manager can directly show the impact on the business. Costs of quality have a direct negative effect on the company’s bottom line. Make sure this is well understood by everybody in the organization.

Own Them

In order to show management that you are serious make sure you own the KPI’s and do whatever it takes to improve them. Set goals for the company based on the performance of last year or quarter. Showing ownership proves you take it serious. Go and talk with operational managers and discuss how the company can reach these goals, and what kind of processes need to be improved. Involve the line manager in the process of setting these goals, then celebrate reaching these goals with them and give them credits for it.

So in order for top management to not take the management for granted, make sure it adds value and show how it helps the company to increase the bottom line.

We have helped a lot of companies to get the insights in their cost of quality in order to go to an improvement approach. Top management can directly see what the (integrated) management brings them and how it adds value to the company, on top of staying compliant. Do you want to know how Qooling can help your organization with this? Just contact us.

Published by:

The Importance of Top Management Buy-In

Top management is crucial when it comes to a successful management system. Management should actively show that they can see the added value of the system. Almost every director states that quality is at the core of the organization and is recognized as one of the pillars of the company. Ensuring that this is actually the case and how to keep it maintained proves to be much harder. Once too often top management points the finger to the quality department when it comes to maintaining the quality. Having a quality department doesn’t say anything about the quality you deliver, actual actions should be taken.

Why a Management System?

Top management might feel like the management system is a necessary evil because they don’t see what it brings for them. Most of them may agree that having proper processes gives guidance to the employees and a certain amount of structure to the organization. However, when it comes to managing the system and more importantly the information that comes out of it, most managers get lost. When asked about the cost of quality of their company or their cost of safety they have no clue and might be able to come up with a educated guess. Though most agree that having these actual figures helps them to make better decisions. That is why using the proper solutions for managing the quality and safety are so important. Qooling gives top management constant real-time insight in their actual cost of safety. It also lowers the barrier for employees to file these mistakes which leads to much more data to analyse, and therefore the opportunity to make better informed decisions.

Lead by Example

Procedure and process can be annoying sometimes. They are designed to keep things organized within an organization with the trade off of losing some time efficiency. However, having people working according a certain system helps maintain consistencies and a certain level of quality and safety. Most processes have the organization in mind, sometimes at the expense of the individual employee.

Due to these trade offs, some top management cut corners when it comes to certain processes, which might be necessary at times. The implications can be quite severe because of the sign it gives to other employees. If you don’t think the processes is important enough to follow why should others?

Actively Involved

Being actively involved in the management system will show commitment to the company. This can be as easy as pointing out certain topics when walking around. A better approach is when top management is actively performing management walks or organizing toolbox meetings. These actions directly shows the commitment of top management to these things. This doesn’t have to be all formal but can be a life conference call to the company or just a certain location. The point is, it shows how involved top management is and how important they think these matters are.

Published by:

5 Questions That Reveal Management Commitment

Top Management Audits

There are two common types of Quality Management System audits. There’s the company’s 1st party audit where the organisation audits itself. This type of audit is more commonly known as an Internal Audit. Then there is the 3rd Party Audit, usually carried out by your chosen certification body. Regardless of which audit is in process, both almost always have one failing in common. Tope Management is almost always excluded from the scope of the audit.

There could be a number of reason why this is the case, not the least of which could be because staff charged with performing these audits, including the Management Representative, may be afraid of speaking to a director or an MD or are afraid of asking tough questions for fear of reprimand.

But let’s say that you have been encouraged by top management to do just that. So what should you be asking? Here are the top 5 questions that effective audits reveal about top management’s commitment.

  1. What is their vision for the company? Is that vision documented somewhere and, if so, how is it communicated to all staff and not just those immediately below them?
  2. What overall Key Performance Indicators (KPIs) have they set and do they cascade this information down the organisation in a manner that all staff understand what is required of them to achieve those objectives. Even a staff member at the lower echelons of the organisation should be made aware of what he is required to do and how important his role is in achieving those KPIs.
  3. What resources have they budgeted for to ensure that the Quality Management System functions effectively and that their Quality Policy is fulfilled? The fewer the resources, the more the QMS department will struggle to get things done and vice versa.
  4. What is their role in the Quality Management System and how do they show their commitment to their staff. Their commitment and the way they get involved in the system is an indicator of the level of buy-in across an organisation and how well the system is adhered to.
  5. And finally, how often are Management Reviews held? When was the last review? Who was present and what were the key decisions that came out of that meeting? What happens to the minutes once they are recorded and to whom are they circulated? There is no point to these reviews if they are held just because the standard mandates it.

 

This article has been written by Birjees Hussain

Published by: