ISO Re-Registration

To maintain ISO registration we are required to conduct ongoing internal and external audits throughout the year. Every three years we must submit our management system to a full re-registration audit. We are very pleased that we have successfully passed this audit without any non-conformance issues, and we will now retain our registration for another three years.

At this point it is worthwhile to consider what we have learned over the three years that we have run the system. There are three significant points:

Error tracking is a valuable input for system improvement.

When we first set up our processes, we determined the best practices for every activity and set these as standard procedures. We identified key control points and created checking and review steps to manage these procedures. We also instituted a fairly rigorous quality control process at the end of projects, and we established a central repository to record all of our 'non-conformances'. We used this list to investigate the root cause of problems. Was there a problem with training? Methodology? Or were there extra steps that could be taken to reduce the chance of errors? All of the problems that we have encountered during the three years that the system has been in place have contributed to the improvement of the system. We have tweaked the system not in a random or hap-hazard manner but in response to problems and opportunities for improvement that we have discovered through the course of running our systems. You can learn from your mistakes - but only if you have method to catch and analyze them in the first place.

ISO management processes can - and should - be applied beyond the scope of registration.

We originally set up ISO processes to improve the quality of products and services we provide to clients. This is still the scope of the registration. But, as we have been running our system, we have started to expand the management system to other areas. At first we applied it to IT, security and network management. These are routine, yet critical processes that support and protect our organization. We found that we could best manage them with documented procedures and controls very similar to our product and service control systems. We are now expanding these management concepts to more loosely defined activities such as sales. And this is also quite successful. The main lesson here is that an ISO registered management system is not designed just to satisfy ISO auditors - it is built to run a real business. It is not just the ISO management system, it is OUR management system.

An ISO registered management system is not just about quality control.

We have found that our ISO system has improved quality, but it has also given us additional, valuable insight into our business. A very basic quality control system would simply involve inspection. One would look at a product at the end of the process. Errors would be caught and fixed and rework would be done. ISO requires more than this. It mandates that we design processes to reduce or eliminate errors when the work is done. This makes a lot of sense. It costs less to prevent errors than to fix them. A stitch in time saves nine! By documenting our processes we get a much deeper understanding of our business. By recording data and setting measurable objectives, we get a clear sense of what is working and what is not. Besides improving quality, our management system has made our business more efficient, much easier to scale and easier to manage.

ISO certification at Space Database

The ISO certification at Space Database took around six months from the time that we set it up as a serious project until the time that we felt we were truly running the system. We ran the system for more few months before we had our first external audit and became fully certified.

 We were helped in our project by a very good coach. We had heard that it was very difficult to prepare for the audit without the help of someone that thoroughly understood the ISO system and the process of certification. We met with and interviewed a few different consultants and then selected the one that we felt most comfortable with. Jeff Chesebrough was a very helpful guide and remains a valuable resource as our current internal auditor.

The first thing we had to do was to define our 'scope' of certification. What was it that we wanted to say that our company did? We had to put some thought into what our company actually does. Next we had to define a quality management statement. What was the goal of the system we were about to design? These are very important steps because without them you don't know where you are going and you have nothing to measure you progress against.

The scope of our business:

The provision of software and services for real estate clients, including building surveys, interior design and information management.

 Our Quality Policy Statement:

Space Database is committed to supplying their customers with services that meet their expectations and with information that is clear, accurate and reliable. Space Database strives to continually improve the efficiency and profitability of their processes.

The next thing we had to do was the largest part of this project: we had to map out and document the processes for the work that we do in the office. This involved defining what we do from the sales process, through project management and the various work procedures all the way to final delivery and acceptance of the finished work. We had to document all of the tasks in the office and all the ways that different types of work gets done. We created work flow diagrams and text descriptions of everything. It was a team based effort and it was interesting to find out that there was quite a bit of disagreement about how things were actually being done!

Once we had mapped out our processes, we began to discuss how things could be improved. What should we change? Where were problems most likely to occur? We updated our procedures in ways that we could all agree would help us work more effectively with fewer errors and problems. We designed control systems - mostly in the form of check lists - that would ensure that the steps we had agreed on as being essential for quality results were actually followed.

 The last piece of our quality control system was the setup of measurable objectives. How can you know if your system is working if there is no way to measure results? We set up both objective measures of our performance based on turn-around times and profitability as well as subjective measures based on what our clients thought of us. We conducted an online survey with multiple choice answers. We now re-do this survey every year to see if we are improving.

Although nerve racking, our first certification audit was quite painless. The system was new and we were all enthusiastic about it. Subsequent audits have been a ittle harder. We now have a track record to beat and new goals to reach every year. There is always the tendency to loosen the controls over time. But that is why the system requires regular external audits. The auditor ensures that we do what we said we were going to do!

It was a fair bit of work to set up, but the ISO certification process was not really difficult. We know our own business and we have an intuitive sense of what will make it work better. The ISO system simply helps us standardize on the best practices within the organization. And then the fear of the auditor keeps us honest!

 

Quality is Free

It's common sense that quality is more expensive. If you want consistent and predictable results, most people believe, you have to pay more. It's common sense that you pay more because quality costs 'extra'. Well it turns out that common sense is wrong in this case. Producing a higher quality product or service can in fact be less expensive and less time consuming than producing lower quality.

North American industry has been taught this lesson in no uncertain terms by the Japanese. By focusing on quality, Japanese manufacturers have been able to produce higher quality products at lower cost than their American rivals. They did this by carefully studying their processes and investing in quality.

The key to calculating the cost of quality is to see it as an investment. You can either spend upfront to ensure that there is consistency and control in your processes, or you can inspect your results later and fix problems and deal with the consequences. Research by Philip Crosby has shown that investing in good quality planning can cost around 3-5% of the cost of sales whereas the cost of fixing problems can be 20%. We have experienced particular projects where the cost of fixing the problem doubled the amount of work. If we factor in the risk of liability due to damages because of defects and errors, the cost could be far higher. Seen in this way the upfront investment in quality control not only pays for itself (it's free) but it also provides a substantial return!

Common sense is right about one thing though, people are willing to pay more for quality. Not because it costs more to produce, but rather because it is worth more. We are willing to pay more for things we know to be reliable and dependable.

So if quality costs nothing - or less than nothing - why doesn't everyone set up a rigorous quality management program? Why doesn't everyone have ISO 9001 registration? I think there are two main reasons. The first is that people fail to comprehend the true economics of quality and how it actually reduces cost. The other is that it is hard to figure out how to go about it. What are the essential steps to ensure that our particular service or product is of a consistent quality?

The first step in developing a quality management system is to map out what the steps in our various processes are. Are there standard ways of doing things? Or steps that should be taken? The next step is to look at problems and errors that have occurred in the past. At which stages in the process did the errors occur? What are the steps that could have prevented or caught the problem earlier on?

Once we understand our processes and what the causes of error are, we are ready to redesign the process. We can look at the process of people whose work is of higher consistency. Are there special steps in their process that we can standardize for everyone? We can put in extra control steps in areas where we know there are often problems. We can streamline areas where problems are unlikely to occur.

In a future post I will describe how we implemented an ISO 9001 certified quality management system at Space Database and how we continue to improve it.