So, as an ISO Consultant advising businesses on compliance with ISO Standards , I’m often faced with serious minded business people who’ve seen a lot of the world and have a slightly cynical view of the standard they are being told they need to comply with. Is it worth investing their time and cash complying?

Then if you get past the “why” of compliance in a reasonable manner, there is always the question of how, in a busy overworked world, are these new needs and requirements going to be met, especially day in, day out ?

There are often opposite approaches to the issue, both extreme, both unhelpful to the business and largely incorrect.

On the one hand, there can be raging optimism. Of course, this is what the business has been waiting for, we will speed things up/keep customers happy/cut out waste/meet our targets/improve the bottom line. This visionary approach is, of course, refreshing, and it would be easy for me to nod, smile, and take my fee. If I didn’t need to return to the business at some point, prepare them for recertification, and pick up lots of broken pieces.

In contrast, there’s the cynical and curmudgeonly approach of the business-weary die-hard. We are only doing this because of the chance of a big order/ it has no bearing on the day-to-day running of the business/ the staff won’t engage with it/ it’s just expensive bureaucracy/can’t we buy the approval off the internet?, etc.. Some managers can make Eeyore from Winnie The Pooh seem like a motivational speaker. I often wonder how they rose in leadership, or even got out of bed that morning.

Yes, somewhere between the two viewpoints is a middle way, which is just about close to reality. Meanwhile, my work count on this blog is going up, and your interest is going down. So, what five points would I highlight regarding successful “buy in” to ISO compliance from your staff and managers.

1/ Start Where You Are! Employees will sniff immediately the attempt to impose a piece of “one size fits all” theory onto the complexities of their business. But they would love some structured solution to the frustration of doing things badly, doing things twice, fending off customers, etc. What are your main business challenges, and how can compliance to an ISO Standard address them? How do you see your business getting to where it wants to be?

2/ Hire an Experienced, No-Nonsense ISO Consultant (I can recommend one…) who has a foot in both camps, those of the theory of the standard, and it’s practical application. They can give vital help with 1/, because they have probably seen it all before. When you pay a consultancy fee, you are, of course buying not just a document clerk, but a head full of experience which can’t be bought from Amazon.

3/ Make Your Quality Management System Simple! Alas, I come across the “quality versus quantity” error regularly. A highly-paid consultant has created a huge tome via late-night “cut and paste”, which looks impressive, sits proudly on a shelf, and remains there until the internal auditors pluck up the courage to blow the dust of it, or it moves centre-stage in the pre-recertification visit. More is certainly less. Carefully written, a decent QMS proves “less is more”

4/ Sell! You need to convince your people that this is a good idea. However, you need to use the good salesman’s art of stressing “benefits” (what it does for the business), rather than “features” (what it consists of). The skilful salesperson will “scratch where the client itches”. We’re back to point one. Find out what needs fixing, what and how, then tell your folks that it’s going to be done, but we need everyone’s help.

5/ Find Some Champions. This should not all be “top-down”. You will need internal auditors. Correctly-chosen, they will be those who carry the burden of compliance. Again, like a good consultant, they will have a foot in both camps, QMS theory, and it’s application. Give them both freedom and authority, and the system will virtually run itself, as it becomes tuned to the harmonic of the business.

There is much else to tell on this subject, and I’d be happy to talk. My life began on the factory floor in Nottingham, circa 1977, so I’m a “bottom-up” kind of chap, who loves making things work in reality. Please be in touch!

Written by Colin Brown of ISO Consultants

In my work as an ISO Consultant , I frequently find organisations making the whole process leading to ISO Certification far too complicated. ISO Consultancy , and gaining certification, is all about starting where the business is, building a system that fits its activities, and making it something that is embraced by the enterprise on a daily basis.

I could cover a number of standards here, but it’s probably best to start with the foundational standard ISO9001 . So, apart from the many myths and legends of ISO consultancy, what would I suggest to a company seeking ISO9001 certification?

1. Don’t over document the system

The ISO 9001 requirements for HOW you define a process, and the level of detail you need to include, are generic . Broadly, they are inputs, desirable outputs, and controls. It’s that simple. However, as the standard needs to fit many different industries and types of business, the method of defining the process can vary according to a business’s requirements, for instance using flow charts, documented procedures or work instructions, whichever work best for your business. This means that you truly can meet the requirements of the standard without including a lot of detail.

This is often misunderstood and many companies spend unnecessary time and effort going into long in depth explanations, which are never or rarely read by the staff who are supposed to follow them. In defining a process the inputs should be considered (what material is it, what machines do you use etc.), and the desirable outputs (a finished work piece or service), then what controls are critical in converting the inputs into the outputs, for instance particular machine setting etc. That’s all!

However, if your motivation is to improve Process Control as well as gain certification, it should be remembered that simplified process controls can be counter-productive. So, it is important to include the level of detail you need as a business to ensure that a process is controlled to the level you need. For instance, if you are using unskilled, inexperienced labour you will probably need far greater detail in the document, process maps, flowcharts or whatever form of process definitions you produce. But only what you need, and certainly not too much. Don’t over-document!

2. Don’t include things which are not in the ISO standard

I am regularly surprised that companies continue to offer up departments to external certification auditors which are not mentioned in ISO 9001 and have very little impact on the Quality of the products or services being provided. Your auditor does not need a grand tour of the company! HR, Marketing, Finance and IT Services are all functions which may have a small input to the certification visits, but the departments as a whole are not really addressed. So don’t send the auditors in, (unless you have a personal vendetta of course!)

Training records are a typical issue which often draws the auditor’s eyes towards H.R., but why not arrange simple access to these records rather than taking the auditor into the department. This avoids auditors asking additional questions which may lead into areas which are not as well controlled as those directly involved with the product or service. More exposure, rather than “just enough” is not necessarily beneficial to ISO Certification.

ISO Consulting is often more about advising clients what to leave out, rather than what to leave in. In Part Two, we look at how this applies to “over-auditing”, and why ISO 9001 is actually deeply relevant to your business.

Written by Colin Brown of ISO Consultants

What can you compare the job of ISO Consultant to? Occasionally, it seems a very strange job, running an ISO Consultancy. There are parallels with being a vicar, priest, or miscellaneous other minister of religion. Now, I wouldn’t say that being an ISO Consultant is a holy calling of The Almighty. However, in trying to interpret rules and standards from “on high” to a practical, workable scheme of things, like ISO 9001, and getting folks to embrace it in their daily working lives, there are great similarities.

And then there are the continual challenges of common misconceptions. Put simply, “myths and legends” that don’t really have much to do with the true essence of what ISO Standards are all about. Here are ten of them:

1. You can tell a good Quality/Environmental/Health and Safety System document by its weight/thickness.

No. “Less” is often “more”, providing it makes a difference to your business.  It helps you meet your business objectives. Usually, concise systems are more effective.  Because people are more likely to read, understand, and follow them.

2. Implementing an ISO based system, such as ISO 9001, is a major project and means you have to change the way you run the business.

Generally “No”,  but there are usually a few things to be changed. All companies have “processes” , even if these aren’t documented. A good ISO-Based Quality Management System should be written around how you already do business, not consist of alien practices inflicted to get you through the certification. Your business is unique, and the ISO system needs to be based around that uniqueness. Protecting, nurturing and helping it grow. In short, it’s purpose is to support and formalise the good bits of what you’re already doing well, rather than impose badly-fitting bureaucracy.

3. The Quality/Environment/Health and Safety Manager is responsible for Quality/Environment/Health and Safety, and lives in their own world. Meanwhile, the rest of us get on with running the business profitably.

No. This might be acceptable if we lived in a world with no fines for breaking laws, and accidents never happened. However, in this area there are very serious implications for non-compliance. So ideally, there shouldn’t be anybody in an organisation whose operations aren’t affected by them. In successful companies, with well-designed ISO systems, no-one should be able to notice that they are actually working to a standard. They should truly be part of “business as usual”. It’s safer (and cheaper) that way, too.

4. All these quality systems are just government bureaucracy and don’t do anything for the business.

This is closely related to myth three (above) Although backed by governments internationally, properly-written business-focused standards should help, not hinder companies. A good Quality Management System should help you be more efficient and consistently meet your customer’s requirements. Environmental health and safety systems, although protecting your staff and surroundings, should also help you avoid large fines, some of which could be large enough to threaten the whole future of your business. Properly-implemented, they should lead to contented customers, more efficient activity, and better business.

5. Quality systems are really just about controlling documents. Therefore, if in doubt, sign everything.

Perhaps in the past, quality systems in particular were over- focussed on documentation. But changes over the last 10-15 years have aimed them much more at improving effectiveness and efficiency. That said, the control of information within a business remains important, and for good reasons. You can’t manage without documentation, but it should serve the business, rather than the business serving it.

6. We can hide our problems areas. If you manage the auditors properly, you can keep them in the Quality Managers office all day.

Being clever with the auditors and keeping them away from problem areas may be a crafty and useful tactic in the short-term. But if your systems are really any good, then you shouldn’t have problem areas that you aren’t addressing. However, if you do have weak areas, then honesty really is the best policy. If you are taking action to improve things, then auditors should respond positively, and letting them see what you’re doing can be positive for two reasons. Firstly, they know you are committed to improvement. Secondly, having seen lots of similar situations before, they may actually be able to offer advice. This is the “auditor as business improvement consultant” approach, and is highly effective.

7. It’s always best to keep your mouth shut and only give the minimum of information to the auditors.

Yes, but don’t expect to get a lot out of the audit if you don’t put much in. Make some more words up !

8. The auditors are only looking for reasons to fail you.

Funnily enough, in over 20 years’ experience of this environment I’ve rarely found an auditor who just wants to fail people. This is their job, day-in, day-out, and very few people can be so negative for so long. However, if you really don’t get on with your auditor, then change him. If the certification body aren’t helpful with this, then change them too. There are around 120 certification bodies in the UK so you have plenty of choice, and they all take very kindly to people changing from their competitors, so you might even find a lower cost alternative.

9. Environmental systems just increase your operating costs.

An Environmental Management System (EMS), such as ISO 14001, should not be about tree hugging and love for little furry animals. It’s no longer a PR-friendly “nice-to-have” marketing tool, but should be make very sound business sense. And why? Breaking environmental law now has very expensive consequences. It could even be enough to push you into liquidation. Ignorance of the legislation affecting your operations is no defence, so having a good environmental system which is properly maintained should keep your business lawful, and you out of jail. Yes, and I really do mean “jail”

10. If you get one well written set of risk assessments, then you’ve addressed your Health and Safety requirements, and the staff can carry on as normal with their everyday jobs.

Health and safety systems are now a commodity like most other things. If you just want some risk assessments then you could buy them in. But the value of such systems is in them being applied to real business life. Do you really want your staff knocking holes in walls without checking if there are mains cables hidden in the plaster, or driving stacker trucks without being trained ? Health and Safety isn’t a matter of documentation. It should be a matter of practice, though documentation and records are, unfortunately, required.

If you’ve read this far, then you’ve got a good idea of how I work.

Hopefully, you will get some idea of the challenges of being a ISO Consultant. There is an art in keeping compliance and business success in tension, which involves large amounts of both technical comprehension and hard-won common-sense. After over twenty years in the industry, and having advised many types and “flavours” of enterprise, I suspect that I may have at least a few things to offer to your organisation. And I’d be happy to “bust” a few more myths that I’ve not mentioned here.

So, if you need more plan-speaking from an ISO consultant, please be in touch!

I received a call from a prospective customer. who explained that he’d bought a business which held an ISO 9001 certificate from a reputable certification body.

However, he’d identified that discipline within the business wasn’t good, and that most of the staff were unaware of their operating processes. But although business had a “sloppy” feel, the product range had potential and sales were reasonable.

He had a discussion with the company’s Quality Manager, who tried to quell his fears, proudly producing a set of internal audits. So everything seemed fine. The certification body visited the next week, audited through the business, gave it an all clear and left. So all was well. Or was it?

“But I know the system doesn’t work and the staff don’t know what’s in their operating procedures so can’t be following them ! ” he said to me.

Yes indeed. I often ponder why don’t other people ask this. How do we make ISO9001 truly work?

ISO 9001 provides tools that ensure consistent products and services are provided to a set cost and standard. It offers a process for managing longer term business improvement, helps to change cultures and can instil disciplines and consistent processes. However, many ISO certified companies see their newly-acquired standard as an end, not a beginning. Having the tools does not get the job done. Only using them does.

So back to my prospective customer and his “approved” company with little sign of “Quality”. He’d probably just managed to escape having the ISO 9001 certificate removed by the certification body if things were really as bad as he suggested. But if the system wasn’t delivering because the tools had stayed in the box.

There is overwhelming evidence that the processes which ISO 9001 encourages WILL deliver business improvement, so if they aren’t doing it in your business then it must be something to do with the way you are using them – a saw is always a saw, it will always cut, though if you leave it hanging on your shed wall, it might as well be a blunt pen knife.

An ISO 9001 management system WILL, for example, provide a certificate which should get you through many high-value tender adjudications. Beyond that, it will also provide a framework for continual improvement, encourage the establishment of business measures and metrics, formalise internal processes and procedures and drive consistency in their output. But you need to see the system and the principles behind it as more than a certificate that means you can tender.

So what happened to my gentleman? I explained how the system worked and suggested he start by aligning the Quality Policy and its objectives with his Business Plan. It’s then up to him whether he uses the tools he has or keeps the box firmly shut.

I hope he uses them, we need more British businesses which are strong, innovative and improvement based.

 

Written by Colin Brown of ISO Consultants

Image copyright Steve Cole. No unauthorised use.

From time to time, a scandal emerges which reminds us that although we (supposedly) live in a highly-sophisticated, carefully-controlled, global manufacturing world, things “being right” are only as good as things being “done right”. Quality management systems suddenly becomes very important. Sadly, standards such as ISO9001 are often only seen to truly “matter” when it’s far too late to change events.

Hence, in early 2013, huge retail groups are found out to be selling meat products which are not “what they say on the tin”. Maybe we could expect occasional cross-contamination in vast meat processing plants. But then, in a similar episode, a company making breast implants turned out to have been filling them with silicon which is industrial grade, rather than medical grade. And, circa 1985, Austrian wines were found to have been “improved” with anti-freeze. Most surprising for those strict, methodical, and thorough Germanic types.

How on earth did the mighty fall? Simple. Standards ceased to matter, and/or were not checked for compliance. All this certification and checking costs money, and unlike a new headquarters building, is not a striking statement of corporate success and importance. Standards, and their quality management systems, simply sit out of the way, quietly making sure that things are done properly in order to produce things which are what they purport to be. From time to time, however, something happens that shows that they matter. In fact, really matter…

In a cost-driven, recession-battered world, employing someone who is technically knowledgeable and can verify products and processes is almost as expensive as employing those who develop new products. So, somewhere down the supply chain, someone does not bother to check certifications.

Worse, they don’t bother to “check the checkers” to see if, when certifications are present, they are genuine and properly authorised. Is their standard more than ink on a letterhead? Eventually, this lands organisations in the situation of not knowing the integrity of their supply chains and therefore the quality of what they deliver. Simply, your major corporation ends up with goods wearing their precious and fragile identity, but of which they know neither quality nor origin. This is probably how horse meat turned up in a major supermarket’s product via Eire, France and Romania, no-one knowing precisely how on earth it got there.

Now, being in the quality business, it’s in my interest to convince you that, “save on standards and checking, and you’ll pay dearly later”. I would say that, wouldn’t I? However, it’s useful to reflect on what this particular lapse in quality has cost the companies concerned.

This will be more that what  good quality management systems, “checked by checked checkers” will cost. Think “driving without insurance” versus “being sued for causing an accident”. You may save the cost of the premium for a couple of years, but when things do finally go wrong, you’ll wish that you’d paid up for something intangible, maybe seeming a little unnecessary, but vital.

A few gallons of anti-freeze put the multi-million pound Austrian wine industry out of business for around ten years. Reputation and confidence are hard things to fix. Good Quality Assurance, ased around realitis quality management systems, will cost. A lack quality assurance will cost even more.

 

Written by Colin Brown of ISO Consultants