When the new ISO 9001:2015 certification standard was announced in late 2015, it made waves in manufacturing due to its heavy emphasis on risk management. In our experience, in helping companies become ISO 9001:2015 certified, we’ve seen first hand how the value of embracing a risk-averse culture and the other core aspects of ISO 9001:2015 extends to all aspects of operations.
ISO 9001:2015 requires that organizations proactively consider potential hazards in their operating environment and quality management systems—and then take steps to minimize identified risks. This is perhaps the most significant change from the prior edition of ISO 9001 because many quality systems are only designed to capture deviations and corrective actions. This particular modification within the new standard has the greatest potential for improving how companies produce and deliver goods and services.
Traditionally, quality management systems track deviations and corrective actions related to them. This process becomes a self-fulfilling prophecy because it assumes deviations will occur, and the company simply should expect them to happen and then learn from it. However, the extremely competitive (discrete) manufacturing market and the constant pressure to increase margins requires that the bar be set higher than before.
The main motivation to implement quality systems should never be to place the framed certificate on the wall. Instead, quality systems should improve quality and efficiency of operations: a reduction in injuries, safety-related incidents and sick leaves results in cost savings, a more productive workforce and smoother audits and compliance-related activities.
Here’s a simple and obvious statement: Deviations that never occur impact the business the least. For example, periodic preventive maintenance of machinery reduces unexpected production downtime and the instances where major (and expensive) repairs are required. Plus, the money saved can be spent on other preventive measures to further decrease the overall frequency and severity of deviations.
ISO 9001:2015 places emphasis on management’s active participation in risk management activities. Businesses should catalog all of their key processes, the risks related to them and how to mitigate these risks. This self-assessment provides management a prioritized “risk mitigation list.”
Proper training of employees is often the best way to mitigate risks. Ensuring that the right people know what they should know and striving to avoid burdening employees with unnecessary training and too much information can be a difficult balancing act. Therefore, risk management and standard operating procedure (SOP) management process should be tightly integrated: If an impactful risk can be mitigated with a new process, then the new process should be quickly documented and only the affected employees should be trained.
No matter how good the risk management process is, deviations can still occur. This is typically because either an identified risk was not yet mitigated, the mitigation plan for identified risk was not sufficient or the risk was not identified.
Whatever the reason, deviation management and corrective actions should also be inherently imbedded within risk management and SOP processes. Every deviation should be linked to a previously identified risk or generate a new documented risk. Most corrective actions require that existing processes must be improved, changes must be documented and employees must be trained to understand the new procedures. When these different key pillars of the quality management system are seamlessly integrated, the system enables and reinforces continuous improvement.
It is best to avoid using the old checklists and Excel sheets in quality systems. Powerful yet intuitive solutions are available to better support an organization’s related objectives, as well to automate and simplify core quality processes, which ultimately helps management focus on the most impactful quality improvement initiatives.