Quality Management Systems
Over the years when working with organisations wanting assistance in gaining ISO 9001 certification I have found that the Plan, Do, Check, Act (PDCA) model is not well understood or used. ISO 9001:2015 now has the PDCA model linked to the clauses of ISO 9001 which should make it easier to understand when an organisation is planning its approach in the development and implementation of its quality management system.
Plan - establish the objectives of the system and the fundamental processes and resources.
- Clause 4 - Context of the organisation
- Clause 5 - Leadership
- Clause 6 - Planning
- Clause 7 - Support
Do - implement what was planned.
- Clause 8 - Operations
Check - establish the objectives of the system and the fundamental processes and resources.
- Clause 9 - Performance Evaluation
Act - take actions to improve process performance, as necessary.
- Clause 10 - Improvement
The following are the most Frequently Asked Questions:
Q. Does it take very long to implement a quality management system?
A. It depends on the following:
- The size of your organisation;
- The complexity of your business processes and the products and services you offer;
- How much you believe needs to be documented;
- Management commitment; and
- Resources (financial, human, technology).
N. B. Some small businesses have received ISO 9001 certification after only 6-weeks starting from scratch with a full time dedicated staff member and a quality consultant as a mentor. To get everything developed, implemented and understood it can take anything for 3 - 12 months and is really up to management and staff making the commitment.
Q. Do we have to document everything we do?
A. Apart from where ISO 9001 states you need to ‘maintain document information’ it is up to you to decide what you need to document and how to document for example using technology, flow charts, process maps, works instructions, photos, DVD’s etc.
Q. Is it a good idea to have a dedicated person planning and implementing a quality management system?
A. Definitely. While staffs know the processes really well and what works and what doesn’t a trained staff member in the requirements of ISO 9001 or using a quality consultant can give you guidance and support on the intent of ISO 9001 and assist and explain the standard in plain language.
Q. How involved does management have to be?
A. VERY. The Leadership clause in ISO 9001:2015 has been strengthened to ensure leadership demonstrates commitment and support and has clear direction and resources for the organisation.
Q. How can an organisation work out what its objectives and KPIs are?
A. Leadership group to think through the internal and external environment their organisation is involved or affected by. Using an S.W.O.T & P.E.S.T.L.E will assist the thinking and the results should provide enough information for their focus for 12-months with key strategic objectives and KPIs developed along with the risks that need to be managed.
Q. The standard talks about stakeholder analysis what does this mean?
A. ISO 9001 still has the focus on the customer and key stakeholders that could affect positively or negatively need to be identified and their expectations noted by an organisation. This type of analysis will assist an organisation develop its QMS to include key stakeholder requirements for example customers, Boards, management and staff, Regulatory bodies, lobby groups, financial institutions, local government authorities, etc. Bottom line – an organisation needs to achieve the standard of product and / or service expected by stakeholders.
Q. What and when do we need to monitor, measure, analyse & evaluate our business?
A. Apart from the results of audits, non-conformances, customer feedback, management reviews ISO 9001 leaves it up to an organisation to decide which of its processes, products, services, projects it wants to monitor, measure, analyse and evaluate. Points to always consider when deciding MMA&E is what to analyse, when should we do this, how should we do it, who should do it and what will you do with the information you have collected; for example does the information need to go to the Board, the Leadership Team, staff, regulatory bodies?
Q. Do we need to do a formalised risk assessment and have risk registers to comply with ISO 9001 risk-based-thinking?
A. No you don’t, but having a clear, if not simple process in some instances to do a risk assessment is better for staff in understanding why they need to identify risks and what controls are to be put in place to manage the potential risks. Good business practice should have risks documented somewhere and if not in a formal register could be in process flow, flow charts, in actual documentation to be used by staff and the customer etc. Leadership needs to make sure risks identified are being managed and reported against, where required.
Common problems – without a doubt
- Someone has been given the task to develop ISO 9001 QMS and they do it without consulting staff resulting in no buy-in or understanding of the processes staff need to follow or why.
- System designed and then ‘business as usual’ until the auditors come around and then a mad rush to get ‘everything ready’ for the auditors.
- No benefit seen by management or staff when the above points are evident.
- Plan carefully
- Take your time in the implementation phase
- Involve / brief / train as many people as you can
- Act on any actions identified to ensure the organisations QMS is right for them, working for them and getting the results they expected.
For any further information on contracting in an internal auditor to conduct your audits or auditor training please refer to more Audit Tips.