Designing Your Safety Management System for Compliance AND Prevention?

Legislation is generally born of disaster and destruction.  Unfortunately, losses have already occurred, and rules generally result to prevent them from happening again.  But does compliance to regulation alone ensure the best Safety Management System?  

The 1912 sinking of the RMS Titanic, leaving 1,517 people dead, led directly to the 1914 adopting of the International Convention for the Safety Of Life At Sea (SOLAS), the first primary international safety book from which most other policies and regulations sprang, including the ISM Code.   Then, in 1934, the sinking of the Morro Castle, killing 126 people, led to the adoption of significant upgrades to SOLAS in 1948.  It also served as an impetus for the U.S. Merchant Marine Act of 1936, federal officer training mandates and the establishment of the federal maritime academy at Kings Point, NY.

Would a Safety Management System and the ISM Code have helped avoid the tragedy of the sinking of the Titanic?   It would take until the 1987 Sinking of the Herald of Free Enterprise for the IMO to publish the ‘Guidelines on Management for the Safe Operation of Ships’ (IMO Resolution A.596 and in 1989 IMO Resolution A.647), now evolved into the ISM Code.  There is a long list of maritime disasters and high number of casualties, with specific incidents over the last 75 years standing out in terms of significance in helping to force and forge international agreement on safety, liability and environmental controls.

  • 1967 – Torrey Canyon oil spill off the French and Cornish coasts, led to the Civil Liability Convention of 1969, activated in 1975, moving IMO into environmental and legal issues ensuring adequate compensation for victims of oil pollution resulting from maritime casualties and liability on owners.  It also led to the 1973 International Convention for the Prevention of Pollution (MARPOL).
  • 1978 – Amoco Cadiz ran aground, splitting in 3 parts spilling 1.6 million barrels three (3) miles off the coast of Brittany, France.  Very significant changes followed, including updates to MARPOL and SOLAS on safety and pollution, and the 1982 Paris MOU, establishing Port State Control safety and pollution audits, enabling international port inspection for non-compliant ships that can no longer hide. It also led to the International Convention on the Standards of Training, Certification and Watchkeeping for Seafarers (STCW, 1978).
  • 1983 – Marine Electric, a WWII 1944 built rust-bucket, which sank in a storm off the Virginia coast led to the immediate scrapping of 70 similar WWI era vessels and what some say are the most important safety reforms in the second half of the 20th century, calling out lax USCG inspection policies.  This resulted in mandated survival suits and the creation of the USCG Helicopter Rescue Swimmers Program.
  • 1987 – Herald of Free Enterprise capsized after leaving harbor in Zeebrugge, Belgium.  This British Roll-on-roll-off (RORO) car and passenger ferry disaster killed 193 of the 539 passengers and crew due to the bow door being left open on leaving port and extra ballast still in her tanks, with the victims trapped inside the ship, succumbing to hypothermia. Investigation determined a chain of events of sloppiness and negligence which Britain’s Lord Justice Sheen castigated the ships owners and a controversy whether there was criminal negligence enough to justify a charge of manslaughter. This led directly to adoption of the ‘Safe Management and Operation of Ships’ (IMO resolution A.647), requiring each vessel to have a working, audited Safety Management System, shipping companies to have a license to operate.  This will later be referred to as the ISM Code.  In 1988, UK implemented the Merchant Shipping (Operations Book) Regulations, S.I. 1988 No. 1716 (now superseded).
  • 1989 – Exxon Valdez ran aground on Bligh Reef in Alaska releasing nearly 11 million gallons of crude oil into Prince William Sound, the worst oil spill in U.S. history until the 2011 Deepwater Horizon spill in the Gulf of Mexico. Following this disaster was the establishment of the first Port State policy with international repercussions, the Oil Pollution Act of 1990 (OPA90) in the U.S. which mandated all tankers be double hull when entering U.S. waters.  It eventually became a rule internationally, first with the 1999 Erika disaster and the 2002 Prestige, both oil spills/casualties in almost the same spot in the NW coast of Spain and France, which finally phased out all single hull tankers.

In 1994, in very similar circumstances to the 1987 capsizing of the Herald of Free Enterprise, the Ro-Ro Ferry MS Estonia sank in heavy seas, killing 852 of the 100 people on board.  In this case the bow door failed.  Following this disaster, the ISM Code would become mandatory.  In 1998, the ISM Code becomes mandatory for passenger ships, tankers and bulk carriers, in 2002, mandatory for all other ships over 500 GT.  By 2010, the ISM Code was further amended to include the concept of assessment, by the company concerned, of “…all risks to…ships, personnel and the environment and (establishment of) appropriate safeguards”.

Essentially, the risk management principles of ISO Standard 31000: 2009, are now virtually a part of the Code.  The significance of the Code is that SOLAS, of which it is a part, is one of those maritime conventions that the United States has in fact ratified, and, because SOLAS is a part of the basic treaty law of all maritime nations, the most recent amendments lend themselves to universal application by means of domestic enforcement in each country.  The recent 2013 revisions by the Maritime Safety Committee to the ISM Code, adopted and enforced by IMO in 2015, now spell out a requirement for companies to assess the risks to their vessels, personnel and the environment, arising from their operations.  While the sinking of the MS Herald of Free Enterprise was the most significant catalyst in the making of the ISM Code, the MS Estonia was instrumental in making the ISM Code mandatory.

Deepwater Horizon highlighted significant deficiencies in the Safety Management System and non-compliance to the ISM Code.  In April 20, 2010, a blowout occurred at BP’s Macondo well in the Gulf of Mexico, triggering an explosion on the Deepwater Horizon drilling rig that killed 11 oil workers and caused 4.9 million barrels of oil to spew into the ocean over an 87-day period. The US Chemical Safety Board (CSB) concluded that the blowout occurred due to “effective compression,” a phenomenon that occurs when there are extreme pressure differences inside and outside of drill pipes, causing them to buckle. When oil and gas spilled on to the deck of the Deepwater Horizon rig, the crew moved to seal off the well using shears that cut and shut the pipe. The intense pressure differences meant that the drill pipe bucked and moved off center within the BOP, rendering the shears ineffective, and with disastrous consequences.  The drilling platform exploded, burned for about 36 hours and eventually sank, leaving a billion dollars-worth of equipment on the bed of the sea.

Prior to Deepwater Horizon, the U.S. Mineral Management Service (MMS), now the bureau of Ocean Energy Management, Regulation and Enforcement (BOEMRE), had been working on the safety and environmental management systems (SEMS) rule.  One of the consequences of that event was that the agency (now BOEMRE) speeded up the implementation process for SEMS. The rule was finalized in October 2010 (BOEMRE 2010). Companies operating on the outer continental shelf of the United States had to be in full compliance with this rule by November 15, 2011. The rule’s requirements are demanding. Getting into compliance would be a challenge, even for those companies that already have an effective offshore safety management system.  Regulators may conduct audits at any time, and those audits could result is serious penalties.

On April 13, 2015, the Department of the Interior’s (DOI) Bureau of Safety and Environmental Enforcement (BSEE) proposed new offshore oil and gas regulations that will cost the industry hundreds of millions of dollars. However, offshore oil and gas producers will have several years to comply with some of the more stringent rules, owing to the costs and the technical challenges involved.  The proposed regulations establish design and operational requirements for critical well control equipment used in offshore oil and gas drilling operations, revising existing rules while incorporating latest industry standards. When enacted, there will be new minimum baseline requirements for the design, manufacture, repair, and maintenance of blowout preventers (BOPs).

On 13 January, 2012, the Italian cruise ship Costa Concordia capsized and sank after striking an underwater rock obstruction off Isola del Giglio, Tuscany, with a loss of 33 lives of the 4,242 people onboard.  The Captain, who was found guilty of manslaughter of the 33 passengers, was sentenced to 16 years in prison.  No charges were brought against the owners, despite the poor safety culture on board.  However, immediately after the tragedy, Cruise Lines International Association (CLIA) created a Global Cruise Industry Operational Safety Review to inspect the safety practices of the cruise industry and suggest improvements. Within 12 months since the accident, the review board suggested ten (10) changes, all of which were accepted by the industry and implemented.

The 2015 sinking of the ro-ro containership El Faro in the Hurricane Joaquin between Jacksonville, FL and San Juan, Puerto Rico, killing 33 crew, highlighted once again the vulnerability of the aging U.S. fleet.  The ship met applicable requirements for ‘intact and damage stability’ for its age.  It was operating with a minimal stability margin with limited ballast capacity and available freeboard, leaving little flexibility.  It would not have met standards for a ship built today.  Consider also added factors of heavy weather –  70-90 knot winds and 25-30 foot seas, and lack of updated predictive weather technology.  Built in 1974, she was beyond the age when most international commercial ships trading internationally are recycled, an average of 11 years old.  Ships in the U.S. average about 31 years.  This is largely due to the two principal requirements of the 1920 Jones Act.  The first specifies that U.S. flagged ships must be crewed by American Citizens, rooted in a legitimate national-security interest.  The second requires vessels engaged in intrastate transportation to be built in America.  Building new ships in the U.S. is far too costly, and due to fulfilling Navy contracts, you would have to wait a decade to build a new ship in a U.S. yard.  Consider the 1944 built, U.S. Maritime Commission owned Marine Electric which split in two in 1983 and subsequent immediate scrapping of 70 similar vessels.   The El Faro, owned by Tote Marine, was 41 years old when it sunk in 2015.  Nonetheless, three months following the El Faro tragedy, the sister ship, the El Yunque, was scrapped.

The biggest change we have seen in the last 35 years in global marine surveying and loss control is an evolution in how the industry approaches maritime safety.  It is moving from engineering fixes to assessing risk for prevention and addressing the arguably more challenging element – human factors which account for 80-90% of all accidents at sea.    An independent periodic review of your safety management system with the consideration of risk factors and prevention measures beyond compliance and getting a jump-start prior to enforcement of impending regulation may be the best practice for preventing loss.

 

 

The Cost of Certification

  • A deterrent to system implementation?

Certifications often drive the implementation of a system approach, based on ISO standards. The primary implementation demand is for ISO 9001. Certifications do have initial costs and then recurring costs for surveillance and re-certification visits. This is a responsive approach to business requirements, invariably driven by a forthcoming contract that mandates the system approach. Prudent businesses appreciate the risk of not having a process-based system.

When budgets are tight, supply chains are challenging, and retaining employees is difficult, it is all the more essential that organizations invest in a good management system. As W. Edwards Deming said, “A bad system will let down a good person every time.”

An efficient management system should be an essential asset of any good organization. Certification should not be the primary driver of this requirement. The optimum return on investment is by effective process performance based on objective information analysis, which in turn is based on data from within the organization or an appreciation of inputs publicly available. Organizations’ leaders should look beyond certifications to implementing and maintaining systems that drive continual improvement. Continual improvement drives organizations to find cheaper and quicker solutions while improving the quality of their products and services. After all, is that not what customers expect? The best quality for the cheapest price point?

Organizations can, and should, consider the option of self-declaring their conformity to ISO 9001, without incurring the added expense of certification, especially when customer requirements do not mandate it. Meeting customer requirements, ensuring continual improvement, and leading the organization to innovate cannot be achieved without a system in place. Effectiveness and efficiency is achieved when employees use system processes to achieve objectives. Customers’ confidence in the organization comes from trusting that they will receive conforming products/services consistently. The cost of not following a system approach can lead to work performance that is not optimized and results in losses.

ISO 9001:2015 requires an appreciation of the context of the organization, as well as the risks and expectations of the interested parties. This enables the organization’s leaders—in fact, requires them in clause 5.1.1 b—to define quality policy and objectives for the quality management system (QMS) that is aligned to the strategic direction of the organization. The QMS now is not an add-on to the business strategy but is integrated with it.

Experience has repeatedly shown that the lack of customer focus is the major cause of businesses failing or not performing, of governmental agencies overshooting budgets, and sensitive organizations (e.g., nuclear facilities, military bases, hospitals) making fatal errors. The cost of not having a system is so high and the consequences so dangerous that it would be almost suicidal not to have a management system in place.

Once the decision to implement the system has been made, why reinvent the wheel? The well-tried, regularly updated ISO 9001 standard, which encompasses years of global wisdom, is the correct choice. Once the system is implemented and the organization’s leaders have confidence in the system’s performance based on objective inputs (such as audits, inspections, feedback, and other inputs), top management can self-declare the system as conforming to ISO 9001. There is no cost to this except the minor investment in using a competent consultant who comes in respecting the existing system and then identifies and addresses any gaps. After all, every functioning organization has a system.

The next stage, requiring investment in the certification, is a decision to be made by top management when a business requirement necessities this. When it does, then the work will pay for it.

(this article was published in Quality Digest. To read the article online) https://www.qualitydigest.com/inside/management-article/cost-certification-050817.html#

 

Publication of ISO 45000 – Update!

The publication of ISO 45000 is behind schedule. The standard was supposed to be available last year.  As of date from information available to QMII the DIS is just in the registered phase, this means it further needs 12 weeks of translation and voting and after that it could get published or it could go into the FDIS phase, or if the committee still can’t agree, it would go back to the DIS for further development.  Though we expect that after all this time, they would be about ready to agree on the final version. While we are waiting, let us at least start preparing to use the standard. QMII as always is looking ahead to assist our clients to be prepared and ready for implementation.

It is definite and well known to organizations that having an internationally recognized Occupational Health and Safety (OH&S) Management System enhances organizational performance, enables meeting OH & S challenges and thus improve stakeholder satisfaction. QMII adds value by assisting our clients Identify these benefits as the key requirements, enabling them to manage and drive continual improvement.  We have already begun assisting our clients upgrade to 9001:2015, 14001:2015 and AS9100 Rev D. aligning the existing system to the High-Level Structure and the new requirements. Please contact QMII for further information.

The Cost of Certification: A deterrent to system implementation?

Certifications often drive the implementation of the system approach, based on ISO standards. The primary implementation demand is of ISO 9001. Certifications do have initial costs and then recurring costs for surveillance and recertification visits. This is a responsive approach to business requirements invariably driven by a forthcoming contract which mandates the system approach. Prudent businesses appreciate the risk of not having a process based system.  In the economy today when budgets are tight, supply chains challenging and retaining employees difficult, it is all the more essential that organizations invest in a good management system. A bad system will let down a good person every time.[1]

An efficient management system should be an essential asset of any good organization. Certification should not be the primary driver of this requirement. . The optimum ROI is by effective process performance based on objective information analysis based on data from within the organization or appreciation of inputs publically available. Organizations’ leadership should look beyond certifications to implementing and maintaining systems that drive continual improvement. Continual improvement drives organizations to find cheaper and quicker solutions while improving quality of the product and services. After all is that not what customers expect? The best quality for the cheapest price point!

Organizations can, and should, consider the option of self-declaring their conformity to ISO 9001, without incurring the added expense of certifications; especially when customer requirements do not mandate it. Meeting customer requirements, ensuring continual improvement and leading the organization to innovate cannot be achieved without a system in place. Organizations effectiveness and efficiency is achieved by the employee using the system processes to achieve objectives. It is not a one time achievement to meet requirements, the organization needs to understand and consistently meet requirements. The customer confidence in the organization comes from this trust of receiving conforming products/services consistently. The cost of not following a system approach can lead to work performance which is not optimized and result in losses. The revised ISO 9001:2015 requires appreciation of the context of the organization, appreciation of the risks and expectations of the interested parties. This then enables the leadership of the organization, in fact requires the leadership (in clause 5.1.1 b of ISO 9001:2015) to define quality policy and objectives for the QMS aligned to the strategic direction of the organization. The QMS now is not an add-on to the business strategy but to be integrated with it.

Experience has repeatedly shown that the lack of customer focus is the major cause of businesses failing or not performing, of governmental agencies over shooting budgets, sensitive organizations (nuclear facilities, military, hospitals et al) making fatal errors. The cost of not having a system is so high and the consequences so dangerous that it would (in the author’s view) be almost suicidal not to have a management system in place.

Once the decision to implement the system has been made, why re-inventing the wheel? Therefore the well tried, regularly updated ISO standards encompassing the global wisdom of years are the correct choice. ISO 9001 is the first fundamental standard to then opt for. Once the system is implemented and the leadership has confidence in the performance based on objective inputs (audits, inspections, feedback and other inputs) the TM can self-declare the system as conforming to ISO 9001. There is no cost to this except the minor investment in using a competent consultant who comes in respecting the existing system and then identifies/addresses gaps. After all every functioning organization has a system.

The next stage requiring investment in the certification is a TM decision to be made when a business requirement necessities this. When it does, then the work will pay for it!

[1] Dr. Deming

Risk Based Thinking. Is this something new?

 

I was thinking about this fundamental change in the ISO 9001:2015 standard , comparing it to the 2008 version, wherein the Preventive Action (PA) has moved from being only at the ‘A’ stage of the P-D-C-A (Plan Do Check Act) cycle to the ‘P’ stage as Risk and then at each stage thereafter. It has formalized something perhaps first stated circa 1546 when John Heywood coined the proverb “look before you leap.”[1] It is therefore naturally intuitive that not just at plan stage, but also at the pre-plan stage that the context of the organization should be considered together with needs of interested parties (Clause 4.1 & 4.2 of ISO 9001:2015). Based on these inputs risk should be appreciated (Clause 4.4.1 f). Has the standard previously not addressed the risks posed to a QMS?

Risk was always considered but inferred and inadequately interpreted by organizations. Risk has only now been systematized as a requirement in the new revision of the standard. Throughout the standard, in clauses related to each stage of the P-D-C-A cycle, there is a requirement to address the risk.  Can you imagine a General planning a war strategy without appreciating the risks? Hitler did not learn from Napoleon’s disastrous winter campaign in Russia in terms of apparent risks based on lessons learned from available information (Clause 9.1.3 requiring analysis and evaluation)? Perhaps an opportunity for the rest of the world!

In real life do we not consider various risks as we send children to school, select toys, and plan expeditions? Of course the detail we go into is decided in the context of what we are doing and the parties involved. Therefore if it is a simple production line to manufacture toilet rolls the context and risk would be different than compared to operating a nuclear plant. But why risk-based thinking and not risk management?

ISO 9001:2015 has to remain applicable across industries and various sizes of organizations. ISO 9001 continues to remain a process based standard. Should an organization need a formal risk management system the standard refers to ISO 31000 the Risk Management Standard. Risk-based thinking asks that everyone in the organization think about the risk of doing or not doing their assigned tasks. This concept of based thinking was implicit in the ISO standards earlier too. After all the requirements for planning, then review and continual improvement were integral to the P-D-C-A cycle. It has now been better put as a requirement to be established systematically by requiring the organization to understand the context (Clause 4.1 of ISO 9001:2015) and then determine risks before planning (Clause 6.1 of ISO 9001:2015). Though the revised standard does not mention preventive action, a QMS is a preventive tool. With risk replacing preventive action the preventive tool has become more effective philosophy. Moreover now risk does not always have a negative connotation. It must be addressed and where applicable it should be taken as an opportunity for improvement. Risk input may lead to a positive new innovative idea.

QMII has developed its expertise and reputation over thirty plus years as the foremost consultancy in the PBMS (Process Based Management System) approach. We specialize in this system approach and take very seriously our  responsibility of assisting our clients and alumni to use the appropriate standard as the basis for implementation to show the system effectiveness results. As organizations seek to be newly certified or are transiting to the 2015 version, they must not go into ‘panic mode’. The new standard with its HLS (High Level Structure) is actually a lot more logical, simple, user friendly, customer focused and current with modern technologies as also applicable to manufacturing and service industries. In summing up this thought I would say risk has always been considered. All that the standard has done is asked companies to be pro-active rather than reactive. At the very basic level, all that the organization has to do is consider these few steps:

  1. Consider the aspects or some may prefer to call them hazards. These should be identified and listed in various processes by process owners. Where an organization is departmentally organized the department heads should consider these.
  2. Having listed the risks the impact or potential harm the hazard could do is listed against the risk.
  3. This departmental list can then be consolidated as the organization list under the TM (Top Management) direction by a responsible manager/ person, or if there is a designated QM (Quality Manager) by him.
  4. Evaluate each risk/ hazard/ aspect and the associated impact/ potential hazard to assign a priority/ significant number.
  5. Take a decision with TM involved to isolate, minimize, accept, transfer or eliminate the risk.
  6. This paper exercise then requires a specific plan! Call the column Hazard Controls or Impact Controls and come up with proposed action details including assigning responsibility and completion date. Process owners must also agree with TM on the frequency of monitoring the progress.

This can be further expanded if necessary in the context of the organization to not only give priority number/ severity of risk number but to also consider the likelihood of detection. A multiple so obtained could be a good guide.

The standard asks organizations to plan to address risks but does not specify the need for a documented plan. However, a well-documented plan to address risks can only benefit an organization and add value.

 

[1] I always thought look before you leap came from horse riding as an intuitive warning in horse jumping. However I realize from Google search that Heywood recorded it in relationship to marriage:

“And though they seeme wives for you never so fit,  Yet let not harmfull haste so far out run your wit:
But that ye harke to heare all the whole summe
That may please or displease you in time to cumme.
Thus by these lessons ye may learne good cheape
In wedding and all things to looke ere ye leaped

Optimum SW solution from QMII to your QMS (and SMS) needs

With the implementation date for ISO 9001:2015 hanging like the sword of Damocles over organizations, the need to implement a risk based system is stressing. To have a Risk Based System it is essential that Risk Based Monitoring (RBM) be incorporated at each step of the organization. The leaders must particularly be conscious of this. RBM cannot be effective or provide the objective inputs based on casual analysis. The source data must be correct so the information it provides is useful. Data analysis of risks and trends is now integral to the system approach. The standard does not require a formal risk management system in all cases, but in general a well laid out system would not only be cost effective but would also contribute to the bottom line, encourage innovation and bring opportunities for improvement. 

The use of a simple, user friendly RBM system with dashboards is now a felt need. These systems assist in optimal planning of resources for subsequent P-D-C-A cycle improvements and as inputs to Management Reviews. QMII has kept itself ahead of the curve and appreciated this requirement even as the ISO 9001:2015 and related standards were still in the draft stage. We now offer a cost effective, user friendly and intuitive integrated management software solution to manage aspects of your QMS (as well as Maritime SMS) and your business. The towing industry too would find this most useful as they move to compliance with Sub Chapter M. 

Please enjoy reading the first Newsletter of this year and do check our QMII Face Book page as also reach out to us. Don’t forget QMII alumni and clients have lifelong support from the expert QMII Team throughout their lives. A promise we make because we “appreciate your management system” and are stakeholders in your success.

Communities are showing Interest in Environmental Management Systems

As the debate over global warming continues, more and more communities are looking inward to see what they can do to reduce their environmental impact.   ISO 37101:2016 was released in July of this year with the same ten clause High Level Structure (HLS) as ISO 14001:2015 – Environmental Management Systems.   ISO labels ISO 37101 as “Sustainable development in communities – Management system for sustainable development – Requirements with guidance for use”.

The Foreword to the standard makes reference to other related standards like ISO 50001:2011 – Energy Management Systems, ISO 14046:2014 – Environmental management – Water Footprint, ISO 26000:2010 – Guidance on social responsibility, ISO 45001 – OHSAS Management Systems System (scheduled for release in early 2017) and ISO 20121:2012 – Event sustainability management systems — Requirements with guidance for use.  All of these standards will be updated to the new HLS in the next few years, which will make it easier for communities to have an integrated management system with multiple standards.

The Foreword also makes reference to the 3 pillars of sustainability – social, environmental, and economic, just like ISO 14001:2015.    By identifying and focusing on all three pillars, a community can try to reach a sustainability balance for their community and surround communities.   When operating in areas with limited water, ISO 14046 may be a good standard to consider along with ISO 37101 and ISO 14001.  If the community uses a lot of energy, ISO 50001 should be considered. 

While ISO 37101 is not certifiable, it can be considered and implemented, by small and large cities that want to conform to a sustainable ISO standard.  Communities may want to have people trained to meet both ISO 14001 and ISO 37101 standards, to win favor with EPA and government officials.  EPA recommends ISO 14001 for communities, and implementation of the standard could help prevent occurrences like what happen to the water systems in several cities over the last few years.  And, since both standards have the ten clause HLS, it is easier to adapt to the existing management system in place.  Communities can use all or part of ISO 37101 standard to improve their Carbon Footprint and reduce their environmental impact. 

QMII can help an organization decide which ISO standards would work best for their community, and whether they would be more comfortable being compliant to ISO 37101, or want to be certified to ISO 14001, or both.

 

More Tips for ISO 9001:2015 Auditors

Over these last nine months the inputs provided by QMII, on the changes in the 2015 version of ISO 9001, have been very well received by our alumni and clients. As such, we continue this discussion in the editorial to the April issue of the Globe we would like to suggest some thoughts on specific areas of the standard which an auditor should look at, to see the compliance to ISO 9001:2015. As the system is updated it should definitely consider that the implementation of the standard is aligned with and integral to the business management. The revised standard, in defining Policy requirements in clause 5.2.1a, specifically requires the policy to be based on the context of the organization and supportive of the strategic direction of the business. This is further emphasized in clause 5.1.1b where the need to align policy and objectives to the strategic direction of the business is a requirement. 5.1.1c requires integration of the QMS to the business processes.

Documented evidence removes doubts between records and documents in 2008 version. The term exclusion is removed. As such, the organization has to now further determine what is applicable to them, making it necessary for the organization to remain responsible and keep the promises to customers. Organizations do not have to meet the quality manual requirements if they already have the information elsewhere, perhaps on their websites. This does not mean you have to throw away your quality manual if you have one! All the standard is asking organizations to do is to incorporate quality in all they do and not let quality become a separate entity. Some organizations, already certified to ISO 9001:2008, have concerns about transiting to the 2015 version.

I think in the overall perspective these organizations will find it valuable to transit sooner, rather than wait for the 2018 cutoff. After all if a risk exists, it must be assessed, mitigated or used as an opportunity for improvement quickly. Waiting for preventive action which is data driven under the 2008 version at the Act stage of the P-D-C-A (plan-do-check-act) cycle is not responsible of the organization or to the customers.

Appreciating the context of the organization and understanding the risks is the right way to go about meeting requirements. Auditors must audit to see correct understanding and successful implementation of clause 4.1 of the ISO 9001:2015. Understanding the needs and expectations of interested parties (clause 4.2 of ISO 9001:2015) has to be successfully implemented by organizations. This should be an item on the audit to be well established.

For further information on this refer to the blog

Adoption of risk based thinking is emphasized throughout the revised standard and auditors must see proof of implementation. There is greater emphasis on the process approach used to achieve intended objectives. Continual improvement has been replaced by improvement. The organization must see overall benefits in the business achieving set results.

These and many more benefits of the revised standard should be the objective of auditors auditing the organization to ISO 9001:2015. Good luck with the implementation of revised ISO 9001 and stay tuned for more tips.

Measuring the ROI of your system

Weighing the value of a product against the perceived value in terms of ROI (return on investment) is fair. However, where the client is opting for a process based management system consultancy, and is starting at a stage of near zero level understanding of the product and or service, price unfortunately, often dictates the decision. ISO 9001:2015 Clause 8.4.1 clearly and categorically requires that external providers of products, processes and services, to be selected based on their ability to perform and meet requirements; implying not based on the lowest price!

In this 30th year of service to our clients and alumni my introspection and analysis brings me to look critically at what we are celebrating. QMII is celebrating the success of our clients. If the client is not successful we have failed. Successful clients have enabled QMII to reach this 30 year milestone. If the client does not use the system or simply is left with a certificate hanging on the wall I do not consider it value added or call it success. Perhaps, it met the client’s immediate requirement of winning a contract because the certificate was a prerequisite. But beyond certification the investment becomes lost money. The system must work.

As President and CEO, leading the QMII Team, I have always thought of the value we provide in meeting client objectives; stated or unstated. It can at times be difficult to predict what the client considers of value. However, with our experience and a methodology developed over 30 years QMII knows how to deliver more in specific terms:

Functional gains in achieving efficiency, time saving, waste reduction, and overall effect to the bottom line of the client business – what QMII coined as “Cash in the Bank.”

The reduction in the tension and stress on the client leadership by reducing anxiety about the outcome of the system implementation.

QMII has very consciously avoided templates. Templates in effect throw away the existing management system! Our belief has been to “Appreciate your Management System”. The QMII Team works with the client to capture the “As-Is” of the system and proceed forward from there.

Corporate Social Responsibility (ISO 26000) is still not a requirement and understandably has a cost value to it. The gains of being socially responsible are often not tangible or immediately visible in the short run. We have assisted organizations, to adopt these values in a manner which does not affect productivity and as a result, in the long run these organizations are respected by their clients.

It worth re-emphasizing Dr. Deming’s “A bad system will defeat a good person every time.” The endeavor of the QMII Team in these 30 years has been to understand and appreciate the client’s needs; assisting with development and implementation of successful management systems in varied discipline. Meeting client objectives.

So while the ROI may not be apparent to some at the outset, we can say with confidence that those we have worked with have gone from success to success.

What came first – the DATA or the DECISION?

In today’s digital world, collecting data has almost become second nature in any organization. After all, in the end, it is only a few gigabytes on a cloud or local server. Not much thought is given to the usefulness or purpose of a data collected. The basic thought is ‘who knows when we may need it?’ Large organizations are leaders in this data collection obsession. In our line of work, we work with numerous clients. One thing in common that we often find is the organizations collecting data with no objective of where, how or when the data will be used.

As a result of this obsessive, compulsive, purposeless data collection, leaderships are now driven to draw conclusions and trends from the data collected; without the data in the first place being aligned to a purpose. At times, we hear ‘the data is not helping us make a decision’ or ‘we are not sure why we are collecting the data … we just have to’. Data collection should lead to it being converted to information. Information should then be analyzed and enable informed decision making and improvement of the system.

The human mind is a great data storage center and we can probably learn a few things from it. We use the memory space allocated very carefully; selecting what we collect as data for future use or for making an informed decision. However, let’s take a step back and a moment to think on how we are able to do this. It being a second nature it may not be readily apparent to us. In essence, we start with a decision we need to make and based on this decision we decide on the kind and quantity of information we require for analysis, which would give us the ‘confidence’ to either proceed ahead or maintain a neutral position. This confidence is based on statistics (this includes inputs based on our personal experiences). It should always be that the decision drives what data we assimilate and not the other way around. It may be argued that some of this data we store may be based on previously collected inputs that we at the time did not have use for but collected. Nevertheless, even when we do, our brain sees a possible use for it in the future resulting in us storing it.

So, as you look at the data you have or, are beginning to collect, ask yourself ‘what is the purpose, the end result, the objective for which the data is being collected?’ Once the objective is defined, then only will the correct data be collected and be useful, informative and productive enabling objective cost effective decisions. Starting with the objective is critical in all that we do; and we already do it subconsciously. So going forward, make a ‘conscious decision’ to get data that is useful.