Quality, ISO 9000, QSM, what is what? (Quality concepts made simple)

by Ouijdane El Arabi (A graduate of the national school of management and trade Oujda Morocco, a current student in EMUNI University Slovenia in Euro-mediterranean entrepreneurship diploma (EMED). Worked previously in several non profit organizations but also interned in many businesses.

 

ISO 9001, quality, QSM quality management, certification… Many terms and concepts that have been talked about for the last 10 years and many new entrepreneurs, managers, business students and public get mixed between these concepts and others and find it hard to understand exactly what is about!

In this article we will explain in very simple words what quality is about and what are the most important concepts that we have to know about as students, consumers, entrepreneurs, present or future managers.

Quality, is it about price or about the best product in the market?

Quality can be defined by the International Standards Organization (called also ISO) in ISO 9000 (2015) as “degree to which a set of inherent characteristics  of an object  fulfils requirements”

In other very simple words, quality is the degree of which the organization presents the object (product, service, process, system…) the way it was exactly demanded by the customer.

The concept of quality is dedicated towards the customer and not for the businesses or for the marketing as lot of people think

Before continuing on other concepts I must clarify something: A Product coming from China is not a product of a small quality, and another product coming from Germany is not a product of a high quality In fact there is NO high , medium or small quality: There is only QUALITY or  0 QUALITY (or NO quality). It all depends on what the customer REQUIRES.

For example if, as a customer,  I am asking for a pink long sleeves shirt with a high black neck made of pure cotton  and there are 3 companies telling me that they have what I want, when I go and meet with the sales managers of the two businesses I found out that:

Company A’s offer	Company B’ offer	Company C’ offer
A PINK T-SHIRT with a  high neck made of cotton	A PINK SHIRT with HIGH BLACK NECK made of cotton	A GREEN shirt with high GREEN neck made of polyester

So, after reviewing the 3 offers, I figure that Company B is the one who executed what I required: that is QUALITY

Companies A & C have offered different things than what I required: that is 0 QUALITY or NO QUALITY.

And of course the quality issue depends on what I want as a customer, how I want it, when and using which tools.

This subject is strictly related to another important and critical topic, especially for startups and SMES’: writing down product specifications, written statements of an item’s required characteristics, documented in a manner that facilitate its procurement or production and acceptance. Understanding the real meaning of quality assurance and writing down accurate product specifications, may represent the key to success for many firms.

QMS, certifications what are these concepts ?

A quality management system (QMS) on the other hand is a set of policies, requirements, standards, rules needed to accomplish the execution, production through a particular process in the company.

For example, ISO 22301 (business continuity) is a standard to create a BCMS (Business continuity management system).

We hear often that the organization X or the Process Y is certified ISO 9001, and we often do not understand what it means or how it can help us as customers. First of all,  the term certification or conformity is a set of processes that show your product, service or system meets the requirements based on ISO’s definition. So when we say that X or Y are certified means that they follow the requirements of a standard (ISO 9001 for eg).

In very simple words, it means that the organization respects the rules of ISO 9001 in making a certain product, service or system. This is verified by an independent, third party competent Organization (http://www.bulltek.com/registrar_assistance/registrarassistance.html). Anyhow, you can internally use the standard references as a guideline even without being certified”

ISO 9001, 27001, 22000,14000…., what is the difference ?

Each of these standards is designed in most cases for a particular type of industry, service… Let’s see which is which:

ISO 9000: is related to quality management (ISO 9001 means that the business have respected the quality required by the customer from the very first stages of concepts to the very last steps of production and beyond. ISO 9002 means that quality was respected from the production till the after sales services….)

• ISO 22000 is about food safety management
• ISO 27001 is related to data and information management
• ISO 14000 is related to environmental management
• ISO 4217 is a standard for currency codes.

The list goes on and on (please check the ISO website for popular standards https://www.iso.org/popular-standards.html ) , and ISO has put a standard for various numbers of disciplines, industries and areas and that are very specific, however ISO 9000 is one of the standards that can be applicable to every industry or process and has become very important in many aspects of business life.

How can ISO 9000 helps my business as an entrepreneur?

Being certified as ISO 9000 family does help the organizations in many ways:

• Works positively towards image building and good reputation of the business.
• Gives quality insurance to the customer.
• Facilitates having funds and cooperation.
• Facilitates growth capital and the search for new shareholders and investors.
• Positions the business I a good rank when compared with competitors.
• Keeps a continuous track of the business audit (Please check DR Max’s article about audit and quality).
• The employees are very concerned of the customers, so they keep being dynamic towards customer helping and customer services.
• The business is up to date and has numerous actions towards its inner and external business environment.

 

 

Is 9001 2015 viable for startups?

 

Not many young entrepreneurs are familiar with ISO 9001 standard.

All they think they know is sometimes is that:

-it may be useful on a later stage…but definitely not now!

-it’s most of the times an expensive obligation, a condition to have access to certain markets or for approaching some industrial partner that compulsory require the application of this standard in order to do business with them

-it’s somehow perceived as against the spirit of a startup… a pioneer doesn’t shave to spend times drawing maps, his task I conquering unexplored territories. Startups process are liquid and constantly changing, it’s against this flexibility-mantra to tighten-up processes like ISO 9001 seems to suggest

– …ISO 9001 what?

Well, an expert will probably tell you (There are endless articles like that on the net) that ISO 9001 certification is really essential because:

• Brings into your organization a continuous improvement culture
• Helps you to formalize and document your processes; the idea behind is: if you can do that, then you can easily explain them to third parties/stakeholders and if a process is formalized, is also under control
• Teaches you how to approach the concepts of risk and opportunity management
  
• Makes you sensitive to customer needs and issues because with ISO 9001 you have to pay attention to customer satisfaction and customer experience, having therefore the chance to boost your sales
• Shows you the importance to setting goals and objectives for all your processes…in the end performance is everything

NO. Is too simple and unrealistic. That’s just part of the truth…when it comes about ISO 9001 certification you have to think carefully about the following aspects:

SUPPOSED ISO 9001 ADVANTAGE	ISO 9001 PROS	ISO 9001 CONS	SUGGESTION FOR IMPLEMENTATION
PREVENTING COMPANY’S FAILURE	?	Startup fail for many reasons, but they are definitely Not failing because they don’t have ISO 9001 certification!	First contents, then the framework….if processes are working you are always in time to formalize them into procedures. Start with knowing the standard, and then with applying internally its principles. Your firm will benefit from it.  Undergoing a certification process request defining a clear certification-purpose and having in place a consistent organization… both thing request a mature and well aware organization, with a strong identity and company culture.
CONTINUOUS IMPROVEMENT	It’s ISO 9001 DNA, through the plan-do-check-act approach, that is naturally improvement .oriented	Improvements can be defined and realized with many alternative methods	Get familiar as soon as you can pdca continuous improvement cycle: in the end is a very good management method in every stage of your startup development. Is the best way to get in contact with ISO 9001 world  (and also with other standards of the ISO family such as ISO 20000, 14001, 27001 etc)
PROCESSES DESIGN AND FORMALIZATION	It’s true, this represent a weakness for many startups…they just don’t document and write down enough their processes; but establishing uniform and well defined process is essential for: – transform a craftsman, like sometimes a startupper really is (producing products with sometimes unacceptable erratic quality) into a business man (able to guarantee always the same quality standard) -make yourself understood and appreciated to potential partners and investors	Process design and formalization is costly, takes a lot of time and needs to be kept properly updated and therefore well understood by everyone into your organization. Briefly, it needs also a lot of (expensive and time demanding) training	Do it in steps: -set this point as, f.i., a specific Business plan’s goal -start with core processes, the “heavy ones” that really make your organization looking unique and special… that’s a good point for developing a good business plan too! -get gradually to reach a full documentation of primary and secondary processes in a two years approach
RISKS AND OPPORTUNITY	Getting familiar with the concept of risk since the early development stages is very important. Not being enough  risk-aware is a very significant reason of failure for many startups.	ISO 9001 tell to perform a risk analysis, but it doesn’t tell you how to do it, which kind of techniques are appropriate for a startup. Performing a risk analysis and using it as a management tool on a regular basis request time and a mature and consistent management culture.	A startup is by definition a risk taking organization. Use first the ISO 9001 risk approach in developing some parts of your business plan (f.i 5 forces model) and get familiar with it. Then fully develop it with the help of some skilled advisor who can provide the most appropriate frameworks and tool to perform the risk analysis
GETTING FAMILIAR WITH CUSTOMER	ISO 9001 is, since the very beginning of its history, customer oriented. Being aware of the importance of developing skills, processes and tools to hear the “customer voice” is certainly extremely important	Sometimes customer voice can be hard or too expensive to be detected by a startup alone; sometimes can be even misleading, especially when it’s about bringing to market some potentially disruptive and unexperienced change	There are many methods and chances (direct, f.i. asking questions directly to your customers, and indirect, like f.i. analysing claims and behaviours) to detect customer satisfaction and the effectives of the provided customer experience. –          Start with simple and not too much structured methods, gathering timely the first basic feedbacks. –          Learn how to use it in improving your organization –          Refine your research and analysis from time to time investigating some specific elements (f.i. connected with some commercial initiative such as the launch of a new product
SETTING GOALS AND OBJECTIVES	ISO 9001 provides a really important  and widely used framework for setting, reviewing, and taking action against objectives etc etc	It can be difficult, especially in an early stage, to follow efficiently the many changes and the variations a startup  may have to undergo; moreover, goals and objectives may be enforced by partners, investors, customers etc	Use first the ISO 9001 just as a framework able to inspire and make your work consistent. Then refine your work from time to time, following the progressive formulation of your firm’s identity

 

It can be concluded that:

• the implementation of ISO 9001 standard into your organization is important but probably not in an early stage of development: at this stage training (also about ISO standards) is instead essential to get familiar with this specific world;
• at an intermediate stage, you can use ISO 9001 framework for internal application to build your quality system and trying to organize people, resources and process inside your business;
• –you can then think about ISO 9001 third party certification when your firm is sufficiently mature to implement and most of all improve and maintain such a quality system growing consistently and coherently with your business development; you can also think, in order to make costs sustainable, to obtain ISO 9001 certification as part of a cluster, a joint venture or a network of firms.

 

 

 

 

 

La molecola del rischio

La gestione del rischio diviene ufficialmente la base per la progettazione di processi con un sistema di gestione. Ciò significa intraprendere misure di gestione sulla base di una corretta valutazione dei rischi: a ben vedere questo è già l’approccio che caratterizza la gestione delle aziende più virtuose e dei manager più competenti.

L’approccio per processi, la loro gestione ed interazione devono avere come principale obiettivo il  raggiungimento dei risultati attesi in accordo con la politica della qualità e la direzione strategica dell’organizzazione.
La gestione complessiva dei processi e del sistema di gestione per la qualità si avvale come di consueto della metodologia del Plan-Do-Check-Act (PDCA) con un focus sul “Risk-based thinking” mirato a prevenire effetti indesiderati.

IL RISCHIO INTESO COME OPPORTUNITA’

Il RISCHIO è “l’effetto dell’incertezza” rispetto ad un risultato atteso” e la nuova Norma ha reso esplicito ed ha incorporato tale principio nei requisiti della norma per la definizione, implementazione, mantenimento e continuo miglioramento del sistema di gestione per la qualità. E’ facile comprendere dunque come la gestione del rischio sarà il motivo conduttore dell’intera norma, per il raggiungimento degli obiettivi.
Servirà ad identificare non solo i rischi, ma anche le opportunità; quali rischi ed opportunità vi siano in un’organizzazione dipende dal contesto in cui opera.

L’ approccio alla norma deve dunque abbracciare tutte le componenti tipiche del rischio, ovvero l’incertezza, le relazioni causa-effetto e le possibili conseguenze.

Il rischio è infatti associato alla probabilità che un evento possa accadere, apportando determinati impatti ad un determinato contesto. Ma di ogni evento che si verifica non si è portati a cogliere e valutare neutralmente caratteristiche e dimensioni, ma spesso solamente l’aspetto negativo il suo potenziale di rottura degli equilibri.
Non quindi i lati positivi, l’opportunità e/o la necessità di un cambiamento.

Ecco perché preferiamo identificare ogni rischio in ultima analisi come opportunità:

– di gestire il cambiamento gestionale, operativo, e in ultima analisi, strategico, invece che subirlo;

– di business, in termini di sua difesa, consolidamento o espansione;

– di “difendere”, eliminare o ripensare un processo per renderlo più efficace ed efficiente;

RISCHIO –> OPPORTUNITA’ –> CREAZIONE DI VALORE

E quindi suggeriamo di accostare intimamente la gestione del rischio alla creazione del valore. L’opportunità potrà a sua volta distinguersi in opportunità di (aumentare) leadership e di (consolidare) esperienza

Tutto questo arricchirà l’azienda aumentando costantemente la sua resilienza, ovvero alla capacità di una organizzazione di assorbire adattandosi sollecitazioni (e danni) trasformandole in opportunita’ di cambiamento.

Cosa potranno fare dunque le organizzazioni?

La risposta più scontata, anche se corretta, sarebbe:

• Identificare e ordinare i rischi
• Pianificare e attuare specifiche azioni per affrontarli
• Controllare l’efficacia delle azioni attuate
• Apprendere dall’esperienza (miglioramento continuo)

Essa è tuttavia parziale e per così dire “monodimensionale”, in quanto tende a rendere la gestione del rischio uno dei tanti automatismi aziendali e non tiene affatto conto dell’equazione rischio=opportunità.
Inoltre, spesso questo favorisce un approccio slegato e quindi scarsamente efficace tra le tre tipiche direttrici di AZIONE ovvero:

– intervento sull’EVENTO;
– intervento sul DANNO;
– intervento sulle conseguenze economico-finanziarie;

L’approccio più corretto e a maggior valore aggiunto  pertanto propone di:

• Identificare e classificare le opportunità in rapporto alla strategia aziendale;

• Pianificare e attuare specifiche azioni per gestire le incertezze legate alle opportunità;

• Controllare e monitorare il tasso di raggiungimento delle opportunità e la loro trasformazione in business a valore aggiunto;

• Consolidare la leadership e l’esperienza aziendale aumentando la resilienza dell’organizzazione.