It is a fundamental tenet of management that to control something you first need to measure it. This presents a very real problem for quality management. As we have previously discussed, there are different understandings of the term 'quality', so there is no agreement about what should be measured.

There are three types of measure that might be used, each based on a different definition of quality:

Financial measures. These are based on the concept of the costs of quality (prevention, appraisal and failure). It is argued that measuring quality in the common language of finance makes it accessible to all managers. This not only puts quality firmly on the broader business agenda within an organisation, but enables quality decisions to be taken objectively by the weighing of costs and benefits in financial terms.  

However, there are problems with this approach. There is no commonly agreed basis for measuring the costs of quality, and in any case any accounting system is based on a series of managerial judgements (how to allocate fixed costs and overheads, what depreciation method to use, and so on).

Operations-based measures. These tend to be based on the ‘conformance to specification’ approach to defining quality. It tends to be easier to use such measures in manufacturing operations, in which the products and the processes used to produce them are quite distinct.  
​
The physical attributes of goods can usually be measured with precision, and aspects of their performance can be tested. The performance of the production process can also be measured by, for example, determining the level of defect or scrap rates produced. Various aspects of service operations can still be measured for conformance to specification, bur some of them can be controversial, for example judging the quality of a health service by the length of its waiting lists.

Where large quantities are involved, it may be appropriate to use statistical techniques such as acceptance sampling and statistical process control charts. Acceptance sampling is used to decide whether to accept or reject a batch of goods on the basis of checking a few items from the batch; statistical process control charts are used to monitor the performance of a process by checking its output at regular intervals.

The results can be used not only to confirm whether a current output is within the permitted range but also to give warning of likely problems and hence the need for preventative action.

Customer-based measures. These are measures that stem from the user-based or value-based approach to quality. They are typically based on attempts to gauge the degree of customers' satisfaction. This may be done by using the feedback forms that are so prevalent in hotels, restaurants, airlines, and so on.

Alternatively, customers may be interviewed by organisational staff or independent market researchers; or focus groups and the like may be used. Customer-based measures tend to be more prevalent in service organisations.

Given the intangible nature of most services, this is probably necessary and desirable. This approach requires quality to be defined very much from the customers’ viewpoint, and so is bound to be based on their perceptions; but such an approach may lead solely to an analysis of failure, with little or no attention given to emulating successful situations. This approach can be applied to internal and external customers.

​Whatever measures are used, it is still necessary to know why the measurement is being carried out, and what will be done with the results. Measures in themselves are not particularly useful. They are useful only when used comparatively. This requires some kind of standard or target against which to compare current performance.

If you would like to look at how to implement an ISO 9001 management system, then simply contact us.

Or, if you want to see what's involved in more detail, then get a completely free, no obligation, totally tailored ISO Gap Analysis for your business (only available to UK businesses).

To be awarded an ISO 9001 certificate, an organisation’s quality system must be assessed and approved by independent assessors. The assessors inspect the related and required documentation and then inspect the organisation to ensure that what is communicated happens in practice.

They are likely to make some recommendations, but if no major discrepancies are found, the organisation will be issued with a certificate of compliance. Further inspection visits will be made to assess the organisation’s continued compliance. If serious faults are found, the certificate can be withdrawn.

The benefits of ISO 9001 certification:

1. The advantage of any standard is that it gives both suppliers and customers the confidence of knowing exactly what they are agreeing to. Buyers know that an ISO 9001 registered supplier has a quality system of a recognised standard in place. By seeking quotations only from ISO 9001 accredited suppliers, buyers can more easily make direct comparisons between them.

2. By operating to ISO 9001, a supplier should be doing so more efficiently, gaining the cost benefits that flow from improved quality. These savings will usually be greater for those suppliers who have not previously adopted a systematic approach to managing quality.

3. The possession of an ISO 9001 certificate gives marketing benefits to an organisation. Many purchasers increasingly say that they will buy only from organisations with ISO 9001 accreditation, so the possession of it nullifies the advantage of competitors who have already gained certification. ISO 9001 certification can be used to enhance an organisation’s image and demonstrate to existing and potential customers that the organisation takes quality seriously.

Criticisms of ISO 9001

The ISO 9001 approach to quality does, however, have its critics. Indeed, some very large purchasing organisations do not value it and instead impose their own quality systems on their suppliers, believing these to be more appropriate and superior.

The main criticisms levelled at ISO 9000 are:

1. “It is bureaucratic”: The requirement to document procedures and actions can seem like a huge imposition on organisations that have not previously operated such a system. The process of certification requires a lengthy exercise to break down processes and their inputs/outputs and produce the Standard’s required documentation. There is scope for organisations to design their own procedures within the system, but the accusation has been made many times that compliance becomes an end in itself. Some organisations may in the process forget to do the simple things, such as analysing their successful endeavours with a view to emulating them.

2. “It is expensive”: The costs of installing ISO 9001 comprise the fees to the certification body and the work of consultants and staff preparing for assisting in the assessment. There are then the ongoing costs of running the system, including continuing registration fees. Certification fees vary, depending on the size of an organisation. If consultants are contracted, their costs have to added. Internal staff costs are difficult to assess, but these can soon mount up. Notwithstanding the argument that these costs should be seen as an investment, it is easy to see that for many small and medium-sized enterprises, ISO 9001 certification can be prohibitively expensive.

3. “It does not guarantee the quality of a product”: ISO 9001 does not itself require an organisation to set any particular standard for the quality of its goods or services. Indeed, the basis of ISO 9001 is that an organisation can specify any standard it likes. As long as its quality system ensures that its products meet that standard, it can achieve ISO 9001 certification. Customer satisfaction has, however, become more important in measuring quality performance as the standards have gone through revisions.

4. “Service organisations may not find it entirely suitable”: ISO 9001 was originally devised with manufacturing organisations in mind, and subsequent versions of the standards used the language and concepts of those who produce physical goods rather than services when discussing quality. More recent revision of the standards has aimed at being more acceptable to the service and process business sectors, reflecting a more modern understanding of quality. This includes a new focus on customer satisfaction and on organisations as linked processes.

5. “It does not improve quality per se”: The intention of ISO 9001 is to ensure that organisations achieve conformance to specification. It aims to achieve a specified standard rather than to raise that standard. As we mentioned previously, greater benefits may accrue to an organisation that had no formal quality management system in place previously. These may take the form of a greater level of conformance to a specification and a heightening of awareness about quality. It is certainly true that some organisations have cynically used ISO 9001 accreditation as a marketing ploy, rather than as a basis for improving their quality performance more widely.

If you would like to look at how to implement an ISO 9001 management system, then simply contact us.

Or, if you want to see what's involved in more detail, then get a completely free, no obligation, totally tailored ISO Gap Analysis for your business (only available to UK businesses).

Anyone struggling with the EU GDPR (General Data Protection Regulation) should look no further than ISO 27001. It’s the international standard for information security, and its framework is close enough to the Regulation’s that many experts consider it a perfect launchpad for a GDPR compliance project.

Certifying to the Standard means you’re already halfway to GDPR compliance, plus you’ll experience the general benefits of ISO 27001 certification.

​And, unlike the GDPR, ISO 27001 provides clear instructions on the steps you need to follow in order to stay secure.

What is ISO 27001?

ISO 27001 outlines three essential aspects or ‘pillars’ of effective information security: people, processes and technology.

This three-pronged approach helps organisations defend themselves from both highly organised attacks and common internal threats, such as accidental breaches and human error.

Its requirements are similar in many places to the GDPR, but whereas the Regulation only occasionally suggests specific practices (such as encryption), ISO 27001 lays out clearly what organisations need to do to remain secure.

How ISO 27001 helps

ISO 27001’s requirements overlap with the those outlined in Article 32 of the GDPR:

• Take measures to pseudonymise and encrypt personal data.
• Ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services.
• Restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.
• Implement a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures.

Article 32 also mandates that organisations address risks that could lead to the “accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data”.

An effective ISMS (information security management system) that conforms to ISO 27001 will meet all these requirements.

We identify the key requirements of ISO 27001 for you and will outline a structured approach to implementation based around:
​

• Defining the scope of the ISMS.
• Defining your information security policy.
• Creating a list of relevant risks that would compromise the confidentiality, integrity and availability of your information.
• Defining a systematic approach to risk assessment.
• Carrying out risk assessments to identify and evaluate information security risks.
• Identifying and evaluating options for the treatment of these risks.
• Selecting, for each risk, the controls to be implemented.
• Preparing a statement of applicability (SoA).
• Meeting your organisation’s ongoing legal, regulatory and contractual obligations through a Compliance Legal Register and Key Issues Newsletter.

If you would like to look at how to implement an ISO 27001 management system, then simply contact us.


Or, if you want to see what's involved in more detail, then get a completely free, no obligation, totally tailored ISO Gap Analysis for your business (only available to UK businesses).

A Quality Management System - or QMS - offers a systematic approach to managing quality. John Oakland, one of the world’s top 10 gurus in quality & operational excellence, defines a quality management system as: “an assembly of components, such as organisational structure, responsibilities, procedures, processes, and resources, for implementing quality”.

​He says that a good example would:

• be a written system
• ensure that customers’ requirements were met
• ensure that the organisation’s needs were met
• apply to and interact with all the activities of the organisation.

Accordingly, he lists the requirements of such a system as:

1. a written quality plan, quality manual and policy, understood, implemented and maintained at all levels of the organisation. Such items should be updated regularly
2. an organisation chart defining the responsibilities of all those who affect quality
3. a review of accepted orders to ensure that customers' requirements are clear, and procedures which control the design of goods or services to ensure that these requirements are met
4. procedures to ensure that purchased goods and services conform to the requirements of the organisation and that their progress can be traced through to the finished goods
5. systems that ensure the suitability for use of any materials or services supplied by a customer
6. a fully documented process manual with sufficient detail to enable the process to be carried out under specified conditions
7. the control, calibration and maintenance of all measuring and testing equipment
8. a documented system which identifies and segregates all non-conforming goods and services and which specifies corrective action
9. quality protection (for example packaging) for finished goods to ensure they reach customers undamaged
10. procedures for any servicing operation to document and verify that it satisfies customers' requirements
11. quality records which provide objective evidence that the work is being carried out in accordance with documented procedures
12. procedures which identify training needs and carry out and record training for all employees
13. the use of statistical techniques
14. self-policing through internal audits and reviews.

So where does ISO 9001 fit in?

The ISO 9000 series is a set of world-wide standards which offer a framework against which organisations of all kinds can build quality management systems. The standard has its origins in Britain as BS 5750, first published in 1979.

However, in the UK it is now known as BS EN ISO 9000, the BN denoting that it complies with British Standards, the EN that it complies with European Standards, and the ISO that it complies with the system of the International Organization for Standardization.

ISO 9000, when first published in 1987, used the concepts and vocabulary of manufacturing. Its revision in 1994 went some way towards making the standards more user-friendly for service industries, and this process continued in the simplifications incorporated in the ISO 9000:2000 series in 2000, and the last update to ISO 9001 in 2015.

In simple terms, ISO 9000 requires organisations to ‘say what they do, and do what they say’. They ‘say what they do’ by detailing all their operating procedures, explaining how quality is monitored and controlled. They must then demonstrate that they ‘do what they say’ as they operate their quality systems. This usually involves keeping permanent records of all quality checks, tests and other activities, so that the system can be audited.

Next week we’ll look at the benefits of getting ISO 9001 accreditation.

If you would like to look at how to implement an ISO 9001 management system, then simply contact us.

Or, if you want to see what's involved in more detail, then get a completely free, no obligation, totally tailored ISO Gap Analysis for your business (only available to UK businesses).

The achievement of quality is something for all organisations: it involves everyone and everything in an organisation. It is total. The focus on satisfying customers’ expectations or requirements makes the application of quality management in all organisations, both profit-oriented and not-for-profit, a realistic option.

​Quality management adopts the perspective that all parts of an organisation and all its employees can have an impact on quality. Although the errors of those in direct contact with its customers may be more instantly recognisable, the errors made by those who have only an indirect role also detract from quality.

For example, the poor design of a product may dissatisfy customers, or a clerical error may result in an angry customer if it leads to their being invoiced incorrectly.

Quality management takes a truly systemic approach to organisations; it is based on the belief that quality will come about only if all employees and all activities of an organisation are involved:

• An organisation is viewed as a system of interconnected people.
• Any action taken anywhere can have an impact on quality.
• Suppliers are part of this system, and in a spirit of partnership are included in improvement activities.
• Quality is viewed from the customers’ or end-users’ perspective.

To see quality through the eyes of customers and exceed their expectations, an organisation must first know what its customers want. Building a relationship with, and getting closer to, its customers is essential if it is to gain a thorough understanding of their expectations.

Thus quality management highlights the important role played by all those who deal directly with its customers, those providing services, sales and marketing staff, and so on. Such staff have an invaluable opportunity to obtain vital information about the perceptions that customers have about the organisation and its products and services, and can gauge any changes in customers' expectations and any indications of their future requirements.

But what of those who operate well away from their customers? Quality management addresses this with the concept of the chain of customers. In this chain everyone in an organisation, no matter where they work in it, is considered a link, and the chain eventually leads to an external customer.

Put simply, if quality is maximised as a product or service moves along this chain, then ultimately the external customer will be satisfied. Changes in customers’ requirements can also be communicated backwards along the chain. In an ideal world, these chains stretch back to suppliers who are themselves external to the organisation.

For this concept to work in practice, good communications throughout an organisation are essential. This leaves no place for the inter-departmental barriers and ‘turf wars’ that can characterise so much of organisational life and hamper effective communications within the organisation. Quality management simply cannot work within an atmosphere of ‘them and us’.

Quality is always at the top of the management agenda and is an issue that requires leadership from the very top of an organisation. Senior managers’ lack of commitment is recognised as the most significant barrier it to is achieving the successful implementation of quality management.

This is why senior managers need to develop a written quality strategy for their organisation that will:

• make clear the broad aims and long-term goals of its Quality Management System (QMS)
• define how quality management fits into its corporate objectives and strategy
• describe the actions needed to implement QMS
• indicate the resources needed for its implementation.

Fine words are never likely to be enough, however. Managers need to demonstrate their commitment to quality management by their actions. As well as setting the framework for quality management by putting into place appropriate quality systems and procedures, supportive performance measurement systems and reward schemes, managers also need to demonstrate a personal commitment to quality management by, for example, fully participating in all quality improvement programmes.

Quality Management Systems

There are three factors which are common to all approaches to Quality Management Systems:

• management commitment and quality policy
• the use of tools that constantly and quantitatively monitor and compare performance results
• teamwork.

The successful implementation of a Quality Management System requires a supportive organisational culture, a culture of quality. There is a strong sense of learning from mistakes and avoiding the apportionment of blame. In this culture, everyone takes responsibility for achieving quality improvements, but such an environment can only be built on mutual trust, with a management style that does not depend on blame or fear.

Quality management needs to be underpinned by a quality management system such as ISO 9001:2015, and we’ll discuss this further next week.

If you would like to look at how to implement an ISO 9001 management system, then simply contact us.

Or, if you want to see what's involved in more detail, then get a completely free, no obligation, totally tailored ISO Gap Analysis for your business (only available to UK businesses).