I’m due to start with today’s client at 10am, giving them an hour in the morning to get everything running and deal with things that have come in out-of-hours. Today’s consultancy will be focused on reviewing the company’s ISO related documentation and I arrive at 9.50am after crawling through three junctions of barely moving traffic on the M25.
I’m greeted by an employee who happens to be the daughter of the two directors. Last time I visited, she was temporary part time but during conversation she reveals she is now permanent full time. This is a positive sign for the organisation.
Next, I greet another member of the team, he’s busy running between the supply containers as he prepares the next load of equipment and supplies to go out to site with the operatives. I wave a greeting to one of the directors, who is in deep phone conversation about a contract; he seems positive, which is a good sign.
Finally, I reach the office of the director I work with the most, as she manages the organisation’s ISO9001 certification. Before I can greet her, though, I’m accosted by two tiny dachshunds and suddenly I’m having the best client-day of my career. When I last visited these puppies were only a few months old and were even smaller. They both immediately demand to be picked up. This is how I end up beginning the meeting with one in my arms (trying to lick my face) and the other on my lap (chewing my new watch – I don’t mind).
We start by discussing how things are going; very well as it turns out. Today they are due to hear back from a huge job they tendered for; they reached the final stage and are up against two other companies but seem very confident that it’s going to go their way. I check that this is on their Opportunities register, which it is.
We have just established that they have had an extremely intense workload since the summer and therefore there is some updating to be done on the Quality Management System (QMS) documentation when disaster strikes; all the phonelines go dead. This company relies entirely on customers and operatives calling in, and this brings their entire operation to a halt. Eventually, we are given an answer; the supplier is nationwide, and their entire network is offline. Every single customer on their network in the UK is completely without communication services.
I check in with another client of mine who uses the same provider; they too have been bought to a full stop.
We decide that there’s nothing to be done, so we’ll go ahead with the QMS consultancy. Without internet, we can’t access the cloud drive that holds the QMS documentation, but there is a USB back up of it. I plug it in and start familiarising myself whilst the organisation continues to try and find a work around to contact their operatives if not their clients.
A few hours pass as I work through their QMS clause by clause. I begin by checking that there have been no major changes to the business: no, nothing has majorly changed for longer than I’ve been alive, so it’s not likely to change any time soon. I work through the general things, a few things need some reviewing or updating but essentially everything is going well. Finishing up the basics, I can move onto the more “chunky” parts of the system.
Some companies still prefer to document their key processes: it’s not necessarily required by the standard any more but it’s certainly useful, especially for training new members of staff. My client has no major changes to any of their key processes.
The Quality Policy is essential as it is a key clause in the 9001 standard and must be worded a certain way. The policy rarely changes much, but it must be evidenced that it has been reviewed regularly (such as having the director sign and date it). I’m happy to see that one of the directors reviewed and re-signed the policy last month.
The Interested Parties requirement was only introduced with the 2015 standard, and many of my clients prefer to fulfil this via a register. Interested Parties must be identified, including details on what they need and expect from the company and its ISO systems. This can seem difficult at first, but most companies are surprised by just how many interested parties they actually have.
Another essential new clause of the ISO9001 standard is the assessment of Risks and Opportunities. This is designed to help companies prepare for future events and to help highlight improvements but can be daunting (especially the risks section). It seems as though humans have a natural aversion to thinking about potential negative events, but once we get thinking we seem to come up with many ideas. The risks assessment is designed to help companies put an action plan into place for if these risks present themselves, and the same for opportunities. I note the irony that “complete loss of communication tools” is not included on the risk register.
The Objectives requirement seems to confuse some of my clients but is actually quite simple. The idea is they set targets and objectives for improving the organisation in line with the ISO they have in place. I notice that some of the target dates for completion have passed, and so need to be reviewed to see if they were achieved. Through listening to the conversations going on around me, I note in my report a few suggestions for objectives (one being to have a separate back up in case of telecom failure!).
As part of handling issues and non-conformances, many organisations prefer to have a central “Non-Conformance Log” (although it goes by many different names). This is used to record any and all issues, inside or outside of the ISO system, and aid the investigation, corrective and preventive measures the company puts into place. The idea is that if any trends present themselves, they can be spotted quickly. Unfortunately, the “Action Log” hasn’t been updated in almost a year despite the conversation around me identifying events that should have been recorded on it. I make a note in my report and ensure it is highlighted to the directors before I leave.
I notice that a Management Review hasn’t been conducted in the last 12 months, despite their documents stating this timescale. This is an essential part of the ISO9001 standard, as it allows management to have a full and detailed review of the system overall. I point this out in my report and speak to both the directors about it; they assure me that it is only because they have had such a heavy work load this year.
With the document review completed and the organisation still without phone lines or internet, I have a quick meeting with the directors to talk them through everything I’ve looked at and any improvements that could be made. They show me an entry on the calendar for a scheduled management review meeting at the end of the month. I answer any questions they have and make sure they are completely up to speed with what needs to be done.
Everything finished with 5 minutes to spare I bid my farewells, wishing them luck with the phone and internet issue. I make sure to grab a sneaky cuddle with the dachshunds before I go. Then it’s time to battle the M25 again. I make it home in just over 2 hours and finish up my report before making sure I’ve prepared for the next day’s client. It’s the same thing again on the other side of the M25, with another long running client. Work finished (for now), I settle down for the evening with my two Jack Russells and reassure them that I didn’t like the Dachshunds better than them.
See the last blog in the series: Internal Audits