ISO 9001:2015 – Practical Quality
By Michael Haycock, Sr. BRC Consultant
It has been over thirty years now since Tom Peters published “In Search of Excellence”. While you may have an argument about cause and effect, it seems (to me) this was the starting point for many business books, concepts and organizations buying into the newest, biggest and best. This generally required substantial investments in training, implementation (consulting) and often significant and disruptive change.
There has been benefit with some of the concepts when implemented, but there is a surprising amount of scepticism and even outright anger over the significant dollars spent with little or no return. (I sat in a conference where by application and invitation ONLY, several speakers of companies having won the award, provided enthusiastic promotion of the “Malcolm Baldrige Award”. I was significantly impressed with the presentation but while driving back to the office, heard in 30 seconds of business news that one of those very companies had filed for bankruptcy at the end of that business day.)
Also, the organization I worked for had a division that won Malcolm Baldrige and it no longer exists. I have worked with ISO 9001 Quality systems for almost 25 years now. (Yes, almost as long as this particular system has been in place.)
My experience has been that the system has value for any organization, properly applied. The value is not in doing strange and unusual activities, it is in doing what we know needs to be done – and the “standard” gives us a common basis to go forward.
When I worked in the Registration side of this business, the clear mandate and instruction was to clearly identify what the standard required, but allow and expect that the organization would determine how this was done. This has become an area where the external auditor has specifically identified what has to be said and documented to meet requirements.
This has also become an area where some of the most insignificant errors have been identified for nonconformances – as apposed to correction (just fix it). I always documented these “errors” in the audit report but almost without exception were fixed at the time of the audit. This ensured they could be reviewed during the following audit to ensure there was nothing systemic, but did not cause time to be wasted looking for the “root cause” of an isolated or insignificant event. The role of any auditor – internal or external – is not to write nonconformances. It is to provide VALUE to the organization.
Practical Approach to ISO 9001:2015
The draft document is still being reviewed for ISO 9001:2015. Over the years when standards have been updated and released we have seen revisions where there seemed to be much coming and revisions where the “status quo” seemed to be the order of the day. ISO 9001:2015 contains quite significant changes in both structure and content, but what should always be a constant is that you do what most benefits the organization. Even with the final draft not due until September (this year – 2015 – probably) there is work that can be done that will be of value – regardless of what the standard finally looks like.
For this article I have two areas I would like to review briefly: “Risk” and “Documentation”.
Risk
Risk has always been with us – and always will be. It is now for the first time in an ISO 9001 standard that the actual word “risk” has been used. I think this is a good thing. This could entail a review of where the risk – and ultimately the significant risk – exist within the organization.
The BRC has been fortunate to deal with hundreds of you throughout the many years of our business and recognize most of you already have a significant work responsibility without anything else to do. Most of you have a particular and significant awareness of the world that goes on around us – and the effect on you even if you have a small operation in small town Canada.
About 4 years ago we conducted specific training for an organization that was making metal product for the oil industry. Their business was booming. Now there is a question if they will even remain in business. Who would even know that oil would go from $100 plus a barrel to $45 a barrel (about $60 right now)? I have a gas receipt from March 2014 where I paid $1.39 a litre in Ontario. A March 2015 fill-up was $0.85 a litre.
This is not intended to be history lesson – only to say, risk once recognized is to be ignored at our peril. Even more important is to look at risk within the organization and say “what if…? Oil is only the most visible and ongoing RISK. What if you did business with “Target”?
Documentation
“Documented information” is the phrase used to identify current documentation requirements. In previous standards this documentation would be identified, traditionally, as:
- Quality Policy Manual
- Procedures
- Work Instructions
- Records
Organizations can have multiple other documents for their own specific purposes.
Quality Policy Manuals can be structured to the standard so that everyone understands there is a system and, relevant to their position, can find what instruction is needed. It should be customized to show specific organizational requirements and linked to Procedures – who, what where, when, why.
“External auditors“ have at times said the mirror of a standard is a waste of time. I would agree that the repeat of standard is mostly a waste – but its mirror can direct everyone to the specific standard requirements that are covered by procedures and work instructions.
Work Instructions are typically the how.
The amount and nature of documentation should reflect the amount of risk in an activity. E.g. – long term employees vs. lots of turn over, etc.
What is the time and effort that is spent to review and update documentation? Many organizations do not take much effort – but having docs which do not reflect the organization’s activities are as bad as – or worse – than having nothing.
Currently Records are not specifically identified in ISO 9001:2015. They fall within the “required documentation” general expectation – back to what and how much evidence is required to confirm that certain expectations have been met.
Example:
Recent reports indicate that certain herbal medicine (tablets) not only provide little or no benefit (that is an ongoing discussion), but more importantly do not contain the actual “herbal medicine” contained on the label. They also contain certain ingredients that could be harmful to people who were taking these unaware. So – this discussion is not about benefits of “herbal ingredients” – much of that is general and people swear by the goods. The discussion is about having the records that indicate the appropriate tests were done – or not – to indicate contents. This goes to credibility and protection of the organization by ensuring that regardless of the product, the customer gets what is expected. What is the risk in not doing tests properly and more importantly keeping records of tests that were done?
Additional articles will be forthcoming as the standard gets to FDIS and finally release. There is very little in the NEW standard – once again – properly applied that doesn’t make sense.
A note about working with your registrar:
Registrars have taken more and more liberties with their expectations for application and implementation of these standards. It is important to work closely with your registrar. The application of the system should be unique to your organization. The registrar should not be telling you what to do. They should be asking what you do and confirming that requirements are met – to benefit the organization.
Practical, useful, beneficial and value to the organization… We have a number of articles to follow which will include risk, leadership, training, auditing, correction and corrective action just to name a few. If you have a particular area of interest, please let The BRC know and we will do our best to provide this information. For any requirements of the standard you believe do not make sense or appear artificial for your organization, please send us a note, e-mail or your other preferred manner of communication, and we will do our best to show means of relevance – including adaptation and implementation.
Eagles fly into storms.
