We implement ISO 9001 in your business to support your strategic growth.
As we are experts in finance and profitability for small & medium-sized enterprises, we use this quality management system to:
- Make sure you have the management information to support strategic business decisions.
- Ensure best practice is standardised across your branches and departments, protecting your brand and ultimately ensuring customer satisfaction.
- Put systems in place to review all uncertainty the business faces and take actions to maximise opportunities and minimise risk.
- Make it easier for you to train new staff and open in new locations.
- Ensure that there are internal controls in place to prevent fraud or wasteful activities.
We partner with Sustained Growth Consulting Services to provide ISO 9001 implementations.
Below we explain why the new ISO 9001:2015 standard, more than any of the previous versions, has the potential to improve your company’s bottom line. This places an emphasis on top management accountability, the alignment of the QMS with the strategic direction of the organisation and replaces preventative action with risk-based thinking and improvement.
Leadership is Now Spread Throughout Your Company
The requirement for a Management Representative and a Quality Manual have been removed, spreading the responsibility for the QMS across the organisation. This has the effect of embedding the QMS more fully through the various departments and processes. Quality is no longer something imposed but it becomes an integral part of everything done in the areas that fall within the QMS scope.
Actions to Address Risks & Opportunites
Clause 6.1.1 states that with reference to internal and external issues and interested parties, risks and opportunities that may affect the QMS must be determined.
Clause 6.1.2 requires action to be put in place to address these and for these actions to be integrated into the QMS.
Examples of external factors would include changes in legislation such as the General Data Protection Regulation (GDPR) law on the requirement for organisations and businesses to be fully transparent about how they are using and safeguarding personal data, which will be in force from May 2018.
Reviewing internal and external factors affecting your organisation on a regular basis gives you the opportunity to plan well ahead for any changes to be made. Scrambling to react to new legislation at the last minute can lead to high consultancy costs, or not being ready and being open to being penalised.
Brexit is an example of another external factor that must be considered by many businesses. Although the repercussions are still unknown, the sooner you start to consider the potential risks and opportunities, the better prepared you will be. Questions need to be asked such as how will you respond if the UK market slows down and how might it affect any suppliers you deal with in the UK.
Taking a systematic approach to understanding how Brexit could affect your business and stakeholder’s interests allows you to reduce risks; an example could be if you currently have key suppliers in the UK, identifying alternative suppliers within the EU. It also allows you to maximise opportunities arising; an example could be identifying potential customers who are now supplied by UK companies, but who may be ready to switch to another company within the EU if tariffs are introduced on UK-EU trade. The earlier you can identify new potential leads, the better chance you have of creating a strategy that turns them into prospects, and ultimately into customers.
Control of Externally Provided Processes, Products & Services
The 2008 standard mentioned requirements to ensure controls over outsourced
Clause 8.4.1 requires that ‘the organization shall ensure that externally provided processes, products and services conform to requirements’.
Controls are required and ‘there should be criteria for the evaluation, selection, monitoring of performance, and re-evaluation of external providers, based on their ability to provide processes or products and services in accordance with requirements’.
In our experience, SMEs don’t always have the time for systematic review of subcontractors and suppliers. However, if external providers are not meeting the required standards, they can cost you money, negatively affect your brand, and damage your relationships with customers, employees or the public. These days, it is common for key processes, including manufacturing, to be outsourced. It is critical that external providers are properly vetted and their outputs regularly reviewed. The ISO 2015 standard will ensure that this is happening in your organisation.
Understanding Organisational Context and Shareholder’s Interests
Clause 4.1 of the new standard requires the organisation to “determine external and internal issues that are relevant to its purpose and its strategic direction” and information about these issues is to be monitored. Clause 4.2 requires determining interested parties to the QMS and their requirements.
This means that external issues that affect your company such as competitive, technological, market and legal, and internal issues such as values, culture and performance of the organisation need to be evaluated.
Interested parties are stakeholders and include customers, suppliers, employees, investors, media, union representatives and the public; so you need to figure out who your interested parties are and how your QMS needs to satisfy their requirements. For example, the public might want your factory to keep noise to a minimum, the customer might want high quality and a fast, reliable service, and employees may want job security and a strong health and safety policy.
This will cause most companies to have to take a more comprehensive look at themselves. In the typical planning process, SMEs often don’t have the time to take a helicopter view of all stakeholder needs and the relevant internal and external factors. This may sound like a time-consuming exercise but it means that senior management needs to establish what will be monitored, how to monitor it and when it will be reviewed. The benefit is that you are much more fully prepared for risks and opportunities.
The requirement for “risk-based thinking” is mentioned a number of times throughout the standard.
Clause 5.1.1 requires management to demonstrate a commitment to the QMS by ‘promoting the use of the process approach and risk-based thinking’.
In Annex A, A.4, we are told that risk-based thinking has replaced ‘preventative action’ in the 2008 standard.
The aim is to establish a systematic approach to how risk is considered in your organisation. There is
By systemising how your organisation thinks about risk, you take out the human element that may over or underestimate it, thus creating processes to get the work done as efficiently as possible, whilst fully considering all uncertainties.
Clause 5 on leadership is similar to ISO 9001:2008; however, now top management must show leadership of the QMS, rather than just demonstrating a commitment to it. This means that they must actively engage in and undertake key QMS activities, rather than just having to ensure that they occur.
From our experience, when top management is committed to the QMS, it is taken far more seriously throughout the organisation. This means the difference between having a QMS to tick a box to gain external credibility and having one because you genuinely believe that it leads to overall improvement and consistent service offering.
Ultimately, if top management shows that the QMS is important to them, the culture of the organisation will gradually change to reflect that commitment to quality, and a quality-consciousness embedded into the organisational culture means improved customer service and more efficient processes, thus potentially increasing revenue and decreasing costs.