Governance, Risk and Compliance Blog

57% of Quality Professionals Overworked [Global Quality Survey]

Posted by Atheal Alwash on Fri, Apr 21, 2017

How Do You Compare? Global Quality Survey Reveals 57% Quality Professionals Overworked

The Global Quality Survey 2017, conducted every year by Qualsys to test the pulse of the quality industry, has this year proven that Quality Managers are under increasing pressure in their roles.


Quality Manager stress levels

In fact, 57% of respondents said they were either ‘slightly overworked’ or ‘extremely overworked’ in their role. Pressures on quality professionals are increasing as organisations feel the urgency to transition to ISO 9001:2015 or other ISO Standards. While this is a decrease on the 65% reporting as overworked in the 2016 survey, there are still many pressures facing quality professionals, including their challenges in future Standards certification.

Business Growing? You need quality more than ever

The importance of the quality team in times of business growth is underestimated according to survey results. While 38% of respondents saw an increase in business growth in the last year, only 16% saw that reflected in the growth of the quality team. The survey also found that 68% had no promotion in the last 12 months, despite almost 37% being in their quality role for at least five years.

How are quality professionals getting promoted? 

Of those who had been promoted, 41% had implemented an electronic quality management system in the last two years. These results reflected the reported influence of workload and pressure, with those who have an EQMS system in place far less likely to feel overworked, as 36% using software tools reported they are not overworked in their role.

Reduce reporting time with technology

Reporting is a big time drain for quality professionals, with 53% of respondents spending four or more days a month on creating reports – and 12% of these spent more than 10 days per month on reporting. Interestingly, those with a higher workload did not have QMS tools in place, as 57% with EQMS software spend less than 4 days per month on reporting.

Respondents cited increased workload related to the transition or first certification for ISO 9001:2015 as a key factor, alongside changing the culture of quality management within their organisation. The survey revealed that 82% of respondents agreed that organisations will have to manage multiple Standards in the next five years, suggesting the workload will only increase for many.

What You Should Do Now 

Download the full report of the Global Quality Survey 2017 here for more details on the changes and influences on the quality industry this year.


ISO 31000: Communication & Consultation

Posted by Chris Owen on Wed, Apr 19, 2017

The ISO 31000 framework is designed to provide a consistent and structured approach to risk management, and this includes how to communicate key information to relevant stakeholders.


Management involved in the development of the risk strategy need to consult internal and external stakeholders throughout the creation and implementation of the framework. It is like any other business development strategy: it will only be effective if the right elements are communicated to the right people, at the right time.

Feedback can be gathered from stakeholders to ensure an appropriate strategy is put in place using the ISO 31000 framework. Leadership should be confident in their decision-making process and be ready to provide a rationale for decisions made regarding the risk strategy.



Clause 6.2: Gather Expertise

The design behind Clause 6.2 in the ISO 31000 framework is to bring together a range of areas of expertise in order to deliver a comprehensive risk strategy. This approach reflects the requirement of many other Standards, such as ISO 9001:2015, which state that risk and quality improvement are the responsibility of every individual rather than just a dedicated team.

To create a sense of inclusion, understanding, and continuous improvement, it is suggested under ISO 31000 that management communicate regularly with key stakeholders throughout the risk management strategy development. This also facilitates a risk-aware culture, improving alignment with business goals and objectives, as individuals become aware of their role within day-to-day risk management.


Communication Tips

It is suggested that organisations using the ISO 31000 framework for their risk strategy follow the below points:

  • Information should be presented in a timely, accurate, and factual way
  • Key stakeholders should be communicated to at each step of the risk management process
  • Information should be delivered in accordance with internal policy, confidentiality, respect to individuals’ private data, and maintain the integrity of sensitive information
  • Communication is two-way: feedback from stakeholders is essential during the Evaluation stage of the ISO 31000 framework.


Next in the series: Clause 6.3 – Establishing The Context


ISO 31000 Risk Management Toolkit


How Technology is Shaping the Role of the Quality Professional

Posted by Ben Marshall on Wed, Apr 19, 2017

In today’s modern workplace, computers and automation are commonplace. However, the Global Quality Survey 2017 revealed that many quality professionals are still underequipped when it comes to technological tools – despite realising that it is increasingly important to go digital.


A significant 37% of respondents agreed that they don’t have the tools they need to effectively manage quality. These figures are mirrored by the number of days spent reporting: 48% without a QMS system to assist with audits and compliance to Standards spend more than 4 days per month creating reports. This is compared to 57% of those with QMS systems who spend less than 4 days per month on the same type of tasks.


Lack Of Suitable Technology Is Enough To Make People Leave

Only 27% feel their organisation is more than slightly effective at using technology to assist in delivering continuous quality improvement across the organisation.

Feeling underequipped to carry out a role to its fullest is a big reason for quality professionals to walk away: 20% of respondents had left a job because they felt they did not have the right tools. This ties in with the number of dissatisfied quality leaders who feel unheard despite more than ever reporting directly at board level (68% compared to 2016’s 56%).




The Right Tools Could Equal Promotion

It might seem all doom and gloom, but there is an upside: quality professionals who have procured and implemented the right tools for the job - namely, and electronic quality management system – are far more likely to receive a promotion. Of those who had introduced EQMS to their organisation in the last two years, 41% were promoted.

The mindset of the quality profession is very much leaning towards the importance of technology in their roles and beyond: 62% of respondents agreed that a quality management system is going to evolve into a business management system within the next five years. This is a positive outcome for quality professionals who strive for better tools and greater integration of quality processes across the organisation. A mindset of business management system is useful to drive the procurement of technology tools such as EQMS, as buy in is easier to manage from leadership if direct and holistic business benefits can be derived from a business case.


Request a demonstration of EQMS today to see how the software can apply across your entire organisation as a business management tool.


Request 30 minute EQMS Demonstration



What United Airlines Can Teach Us About Processes and People

Posted by Emily Hill on Tue, Apr 18, 2017

Your company has been there - your staff followed a set process, but it failed to meet the needs of your customer. Perhaps your company over-promised and under-delivered, or delivered nothing at all. It resulted in a customer complaint, lost your company money and potentially a bad review. 

However, few companies have faced as much outrage as United Airlines last week. 

Turbulence on the groundUnited airlines 2.png

The airline suffered a public relations nightmare after a video showed security officers dragging a bloodied passenger off an overbooked flight in Chicago to make space for a member of staff. The result was backlash on social media, billions of dollars wiped off their market share and a seriously tarnished reputation.

In an interview with ABC's Good Morning America, Oscar Munoz, CEO of United's parent company said he felt "ashamed" and has promised to review the airline's passenger-removal policy.

Munoz said: "That is not who our family at United is. This will never happen again on a United flight. That's my promise."  

We could focus on why a thorough risk assessment hadn't been done on the policy beforehand to prevent such a PR disaster. However, one of the most worrying aspects of what happened was that none of the staff took the initiative to stop the situation before it got out of control. 

The staff followed the set process, but they forgot on the most important thing. The people.

The airline invites you to "fly the friendly skies", so why were they not friendly on the ground? Why didn't the airline staff help the customer? Why didn't they step in, realising how much the flight meant to him? 


Moral conscience of the organisation

Kate Armitage, Quality Manager at Qualsys Ltd said: "This incident raises an important question - where was the moral conscience of the organisation? Indeed, United Airlines had the right to remove a passenger. It doesn't mean that it was the right thing to do."

Armitage continued: "The purpose of ISO 9001:2015 is to ensure the organisation is consistently supplying products and services that meet customer requirements. This incident shows employees following a policy, but forgetting customer needs."  

The revised ISO 9001:2015 standard has more explicit requirements for leadership commitment, risk-based thinking and a process approach. Changing employee mindset from rules-based to full ownership and accountability is essential for organisations to remain certified, and for a culture of quality. 

Armitage added: "Organisations need to move beyond rules-based processes of the past - where employees feel they must simply follow a set process, towards a "true culture of quality" - an environment in which employees seek improvement." 

Read: 4 Essentials for a Culture of Quality - Harvard Business Review  




Start by Assessing Behaviour

So how can organisations encourage ownership, accountability and improvement? 

In Culture May Be The Wrong Question, Norman Marks, says that while be should be worrying about culture, it can be difficult to assess as there is hardly ever a single culture.

There are also often differences between teams, locations, as well as changes over time. 

Instead, Marks suggests we start by assessing behaviour.

How to do this?

In the article, Marks suggests taking the below list and making is specific for your own organisation. Then assess each attribute for your team, department, location and organisation as a whole. 

  1. What behaviours do you want your organisation and its people to demonstrate every day?
  2. What are the risks to achieving the objective you just defined?
  3. What actions (i.e., controls) are you taking to provide reasonable assurance of appropriate behavior?
  4. Is there reasonable assurance, or are the risks to behaviour outside desired levels?
  5. How are you monitoring both the level of risk and the incidence of undesired behaviour? 
  6. What needs to be done to provide reasonable assurance that people, both individuals and groups, will behave the way we need them to behave?

Read the full article here


Change Behaviour

If you found any weaknesses and inconsistencies across your organisation, Michael Ord, Director at Qualsys Ltd suggests building a stakeholder engagement plan. He said: "Introducing behavioural change can be incredibly challenging. There are many moving parts and it can be difficult to measure.

To help quality professionals navigate this shift, we have created a stakeholder engagement toolkit. The toolkit gives you a step-by-step guide to make you an agent of change." 

To become a change-agent, download the Stakeholder Engagement Toolkit here.


Change company culture

Alternatively to learn more about the new ISO 9001 risk-based thinking requirements, download the ISO 9001:2015 toolkit or sign up for the ISO 31000 toolkit.


Tags: ISO 9001:2015

ISO 31000 Toolkit: Implementation, Evaluation, And Improvement

Posted by Jamie Rose on Wed, Apr 12, 2017

A risk management strategy requires a comprehensive implementation and continuous monitoring in order to be a successful approach for an organisation. For ISO 31000, you are advised to follow three key steps in delivering your risk management plan: implement, evaluate, improve.

The cyclical nature of clauses 5.4 – 5.6 are reflective of ‘Plan Do Check Act’, seen in several forms within the Higher Annex SL framework. The drive for continuous improvement is seen in other standards, such as ISO 9001:2015, so using a similar process for the risk management strategy makes sense for an organisation wishing to have cohesive strategies across the company.




Step One: Clause 5.4 - Implement

The first step to any risk management strategy is, of course, the plan – which should also consider the timings required at each phase of the process.

Once a plan is defined, taking into account the internal and external context of the organisation and the various risk factors involved in the business operation, it needs to be rolled out.

Communication is a vital part of this step. Leadership should define the who, what, when, and how of the communication plan for the risk management strategy:

  • Who needs to know about the strategy?
  • What do they need to know (what actions are required from individuals)?
  • When should they be told/when do they need to act?
  • How will this be communicated to the people involved?

Then the roll out of the risk management strategy can begin, with relevant individuals feeding in to the risk register and communicating to departments how their role sits within a risk aware environment.



Step Two: Clause 5.5 - Evaluate

Once a risk management strategy has been implemented, it’s important to make sure that it is working and staff are adhering to the plans provided to them.

An evaluation may take the form of interviews or surveys, or a quantitative review of reports from the risk management software an organisation is using.

The evaluation stage is recurrent: it does not only happen on an annual basis, for example. A regular evaluation of the risk management strategy enables organisations to react in real-time to knowledge gaps, new risk opportunities, or changes in external factors that impact upon the risk to an organisation.

Evaluation is designed to ensure the risk strategy remains appropriate, and that the framework in use (in this case, ISO 31000) is still appropriate to the organisation’s requirements.



Wistia video thumbnail - EQMS Risk Manager

Thanks for reporting a problem. We'll attach technical data about this session to help us figure out the issue. Which of these best describes the problem?

Any other details or context?


Step Three: Clause 5.6 - Improve

Continuous improvement is a benefit for any organisation. Ongoing evaluation allows for the planning and implementation of changes to a process in order to make it more efficient.

Review of a risk management strategy evaluation will highlight areas in which your organisation can improve. Acting on improvements will increase the resilience of the business as you adapt the risk strategy against the framework and the ever-changing context of the organisation.

Where the need for change is identified during the evaluation process, leadership are then required to implement the change and assign accountability for the new element in the risk strategy to relevant individuals. This ensures a continuously improving, maturing, and advanced risk management strategy will develop with ease.


Next in the series: Clause 6.2 – Communication and ConsultationISO 31000 Risk Management Toolkit

What Is Wrong With Sharepoint For Document Management?

Posted by Kate Armitage on Fri, Apr 07, 2017

The Global Quality Trends Report 2017 revealed that 45% of quality professionals do not use a quality management software tool to manage their documentation. Of these, 20% use Sharepoint to handle documents, while others have archaic systems of printed documents, shared drives, or MS Word/Excel shared documents.

There are big problems here for any quality professional striving for continuous improvement, and who wishes to implement a culture of quality across the organisation.


Download >>>

Connect for SharePoint Datasheet 




#1: No Document Control Means Anyone Can Edit

Hosting documents in a central hub such as Sharepoint or on an internal shared drive, without the proper controls, opens up vital information to incorrect editing by unauthorised individuals.

This can lead to the wrong information being disseminated across the organisation or, worse, to customers. The damage that misinformation can cause is limitless: the direct impact is followed by ongoing issues. For example, using the wrong product instruction will result in poor quality or even illegal product being created and – if the same instruction is followed at quality assurance stage – sent out to the public. Had this product inadvertently broken regulations (such as not including the right nutritional information, for example), the cost to reputation, the costs associated with product recalls, and costs in rectifying damage caused are significant.


orange_tick_opt.pngSolve it: EQMS Document Manager enables administrators to create bespoke user groups, and edit document controls on a case-by-case or batch basis. Permissions for editing, uploading, and downloading information can be set according to user group and type. Change logs also provide evidence of all actions with a time-stamped and user ID to ensure a full and clear audit trail of any changes made to documentation.




#2: Anyone Can See Sensitive Information

While you may have some restricted access folders on your shared drive or within Sharepoint, there is no guarantee that the wrong eyes may see sensitive information. Someone with a little IT knowledge could easily bypass security protocols, or it could be something as simple as the wrong person being given permission (or not having their permission revoked) due to human error.

An organisation must protect its interests by retaining controls over its sensitive and confidential nature, and archaic systems just don’t offer the right level of security for peace of mind. Any business aiming for ISO 27001 would be at a distinct disadvantage in this situation!

orange_tick_opt.pngSolve it: EQMS allows you to silo documentation into specific groups, areas, or even between different companies if your organisation is a parent to multiple businesses or clients requiring access to some documents. Confidential information is restricted to the relevant parties, so only the right eyes can see sensitive data.

 Sharepoint connect.png

#3: No Knowledge Of Receipt

Sometimes you WANT people to see documents! Once a new document is uploaded or important changes have been made to an existing document, it’s important to communicate this to the relevant individuals.

However, how do you know for sure they have read the document as required? There is no surefire way to tell that your staff have read the latest policy update – which puts your organisation at risk: reputational damage, or litigation following an incident (where the new policy would have covered an individual), are just two examples.

orange_tick_opt.pngSolve it: EQMS Document Manager allows document owners to select a read receipt acknowledgement to an individual, group, or groups, ensuring the tick-box system confirms that users have read the document. A change log on the document means users can easily see why the change was made, while the feedback option allows any user to provide feedback to the document owner for further updates or changes.


If you’re one of the 45% of quality professionals not yet using a quality management system to control your documentation, you can request a free bespoke demonstration of EQMS Document Manager to see how it can improve security, reduce errors, and promote quality improvement.

Request a demonstration of EQMS Document Manager here


EQMS Document Manager

Tags: Document Management

ISO 31000: Understanding the Context of the Organisation

Posted by Michael Ord on Wed, Apr 05, 2017

As part of ISO 31000, leadership need to demonstrate an understanding of the organisation and its context in regards to internal and external influences.

Being able to demonstrate the context of the organisation helps a business to properly align its risk management strategy with its overall risk appetite and risk tolerance in order to gain a competitive edge without compromising business continuity.



Considering PESTLE – Your External Contributors To Risk

Common factors to consider when understanding your organisation’s context in relation to external factors can be assessed using the PESTLE acronym:

  • Political
  • Economic
  • Social
  • Technological
  • Legal
  • Environmental

There are, of course, further factors which will influence the risk elements of an organisation, but it is these which are key to understand for any business.

With each element of the PESTLE acronym, it is important to consider: trends, external stakeholder relationships or impact, drivers affecting the organisation’s objectives, and contractual relationships and agreements.



Assessment Of Internal Context

Understanding the internal context could include the mission, vision, values and the alignment of strategic goals and objectives; standards or regulations adopted by the organisation (which are not required by legislation – that falls under external); and impact of resource.

Internal context can also cover:

  • Complexity of networks
  • Knowledge resource, sharing, and management
  • Contractual agreements and internal dependencies, and
  • Information systems including technological resource or reliance


Wistia video thumbnail - EQMS Risk Manager

Thanks for reporting a problem. We'll attach technical data about this session to help us figure out the issue. Which of these best describes the problem?

Any other details or context?


The Role Of Leadership In Understanding The Context

When leaders have recognised the influence of external and internal factors which may impact on risk, it is up to them to use this information – the context of the organisation – to assess the severity and likelihood of risks posed within these parameters.

As part of the risk management strategy, once the context is defined it is helpful to the progress of an organisation adhering to an ISO 31000 framework to communicate definitions and understanding to key stakeholders.

Next in the series: Clauses 5.4, 5.5, and 5.6 – Implementation, Evaluation, and Improvement

ISO 31000 Risk Management Toolkit

Tags: ISO 31000

10 Lessons Learned By Quality Professionals

Posted by Atheal Alwash on Tue, Apr 04, 2017

One of our company's core values is continual learning and hunt improvement. It's baked into our culture through our weekly Quality Circles. This is where we reflect on what we've learned in the past week and how we can help others improve. 

This week, we decided it would be interesting to open up our Quality Circle and ask quality leaders across the globe about their key lessons learned and offer any advice. 

If you are looking for inspiration to transform your quality management strategy or want some useful tips to drive more engagement with quality, here are 10 takeaways offered by quality leaders: 



#1: Set Goals

“Cultural change is difficult to implement and takes a longer time than anticipated.”

Several respondents commented that not having defined goals affected their ability to implement change in 2016.

The aim in setting goals is to enable quality professionals to define their objectives in real terms, to help achieve buy-in from leadership. It also helps to measure success with culture change and the roll-out of new systems such as EQMS.


Hands squeeze the cup winner against lightning dark sky..jpeg

#2: Get Buy-In Early

Throughout the survey, a common theme was the lack of support from top management impacting upon a quality professional’s ability to be in effective in their role. 

“You can only progress with any project if the top management allows you to.”

Those that felt top management were in support of quality as a business process had far better survey responses overall, reporting less stress and more authority to influence change.

“Top management was involved in the strategic planning and thinking of the organisation and quality projects.”

Getting buy-in at the earliest stage possible for any quality process change, such as implementing a new quality management system, is the best way to ensure engagement and support from leadership throughout the project.



#3: Start At The Top And Work Down

Once you have leadership support, thanks to your early communication (see above), it’s time to roll-out the ideas of quality improvement to the rest of the organisation.

“Communication is key.”

Quality professionals responding to the survey found that it was most effective to start with leadership, then middle management, and then communicate with the rest of the staff, in a cascade communications plan. Managers are more likely to push for change where leadership have determined it as essential, and staff at lower levels can champion a project to their peers for further influence.



#4: Plan, Plan, Plan

Gap analysis is your friend when it comes to implementing changes to quality culture. Those taking part in the survey who felt they had not planned enough before rolling out a new quality management system, or taking on a new ISO Standard, felt the pressure later down the line.

“A small change can end up taking a considerable amount of time to implement and get agreement.”

Planning as much as possible, from actual implementation actions to a full communication plan that identifies stakeholders at each stage, will ensure change management success. Time is a key factor: most respondents agreed that more time should be allowed than anticipated during the planning stage, to ensure success.


Businessman finding the solution of a maze.jpeg


#5: Keep It Simple

End users don’t need to know how a quality management system works, or the details of an ISO Standard. They want to know why they need to do it (the benefits to them, not necessarily the business), and what they need to do (book training etc).

“No one buys in to quality until they see a positive impact on their role or other aspect of life at work.”

Avoiding jargon and keeping the message simple at all stages of a plan was a big lesson learned by several quality professionals in 2016. Some felt that an overly-complicated plan, that involved too many stakeholders, meant projects were slow to get off the ground. Others found that engaging end users was their biggest challenge, as the messaging was too complex or irrelevant to an individual’s role.


#6: Don’t Do It On Your Own

“Don’t take on too much.”

As quality professionals face business growth (without growth in their department), it’s ever clearer that success cannot be achieved if a quality manager takes on a change process alone.

With 57% of respondents feeling overworked or extremely overworked, it’s important to remember that going it alone won’t lead to success – either on a personal level (you will face burnout!) or organisation level (projects without buy-in are unlikely to succeed).

“Learning to delegate and project manage rather than doing everything myself was the best lesson I learned last year.”

Those that work in teams can share the workload, and draw on shared experience as well as different skills to achieve change success. Whether transitioning to ISO 9001:2015 or implementing a quality management system, working in a team delivers more benefits than simple stress reduction. It ensures buy-in across an organisation, creates project champions who can influence change on a peer level, and drives success through group interest.

                Choose the Best Project Team: How to Herd Cats



#7: Do It For The Business, Not ISO 9001

While 62% of respondents agreed that the changes and transition to ISO 9001:2015 will have a positive impact on the organisation, there is a common feeling that Standards are not the be-all and end-all.

The benefits brought by Standard certification, such as business growth opportunities and greater efficiency, are a sideline to overall quality improvement.

“Constant changes to Standards make for a heavy workload. You need to approach it as continuous quality improvement rather than just for certification – then you see long-term culture change as people realise personal benefits instead of a technical certificate.”

The integration of quality into a business-wide culture was a clear success driver for many respondents, suggesting that ISO certification is an ideal achievement but is still secondary to overall business objectives when it comes to quality and continuous improvement.

“Don't get too tied up with the day job to look around at other business environment issues.”



#8: Have a Little Patience

 “It takes a long time to turn the boat.”

It can be tempting to run headlong into project roll-outs as you get excited about the benefits ISO certification or QMS implementation will bring. However, a clear theme for quality professionals in 2016 was to anticipate that things take longer than you expect.

"This year made clear the difficulty of changes a quality culture in a large organisation driven by time constraints.”

Time is needed to achieve full buy-in from all stakeholders, allow for technical implementation, and build a communications plan for long-term success.

Quality professionals who allowed plenty of time for a project felt less overworked, and had a more positive outlook on top management engagement. A long-term plan means fewer long-term costs, too, as one respondent pointed out from experience:

“Too much done too quickly generates too much rework and lots of unnecessary costs.”


 Young woman jumping over a gap in the bridge as a symbol of risk.jpeg

#9: Go Digital

“We need to adapt to technology advances more if we want to succeed.”

The importance of technology in driving continuous improvement – and personal success – was evident in the survey results. 

Of the respondents who had recently implemented a quality management system, 41% had received a promotion.

More than that, technology has been identified by respondents as a key driver to integrate quality as part of the business, rather than as a standalone department.


#10: Implement As Much Training As You Can

Quality managers reported that staff education was a big barrier to success in 2016, and they learned that training is the only solution.

“QMS works best when employees ‘get it’.”

The lack of clarity about ‘why ISO 9001’, and understanding of quality as an organisation-wide responsibility, led many quality professionals to develop training programmes for 2017. Training wa highlighted throughout the survey as something that many organisations require on a more frequent and in-depth scale – and those that have comprehensive training are seeing greater success overall.

“I felt great enjoyment gained from training staff and delivering this in line with the company values.”


What you should do now:

You can download the full Global Quality Survey Results here >>>

Alternatively, download the ISO 9001:2015 toolkit for more tutorials, tips and advice from quality professionals.

ISO 31000 Clause 5.2: Leadership and Commitment - 11 Essential Requirements

Posted by Gemma Baldan on Wed, Mar 29, 2017

Within ISO 31000, as in all ISO Standards following the new Annex SL higher framework, leadership is an essential consideration in applying the framework. The ability to communicate the what, why, and how of a risk management process is crucial to on-boarding all stakeholders in their commitment to contributing to continuous improvement.


Leadership is required to follow eleven essential requirements set out within ISO 31000, including:


#1: Align with the strategies and objectives of the organisation

Leaders need to identify the overall business strategies and objectives and align the approach of risk management with such. By doing so, leadership can more accurately assess the risk appetite and culture of the organisation in order to create a focused and integrated risk strategy.


#2: Ensure alignment with risk management and risk culture

The risk culture of an organisation is set at a strategic level, but is the responsibility of leadership to communicate this to all individuals in the business. This ensures that the approach to risk is completely aligned at every level, and that risk management processes are appropriately delivered in accordance with overall business goals.


#3: Define and endorse the risk management policy

The leadership are required to set out the risk management policy, and ensure that this is endorsed across the organisation. Without all-level involvement and understanding, the risk management process can be undermined and not provide a strong enough structure to mitigate risks.


#4: Allocate resources to risk management

Depending on the risk appetite of an organisation, and the perceived level of risk, leadership are able to use a comprehensive risk management strategy to appropriately allocate resource where required. Understanding where the greatest resource is required helps to mitigate ongoing risk. It may be that the lower-level risks require greater resource as the likelihood is higher. For example, customer service failures could be a risk to company reputation – so a greater resource is required on an ongoing basis to prevent incidents than for a potentially severe risk with low probability (such as an earthquake on a non-fault line area). 


#5: Assign accountability, responsibility, and authority at appropriate levels

Risk management only works if there is accountability across an organisation: it cannot lie with one person alone. Leadership must align the risk management strategy and identify who needs to take responsibility for each area of risk, and ensure these people are accountable for reporting on their aspect of the risk management process on a regular basis.


#6: Recognise and address contractual obligations and voluntary commitments

Risk involves external parties and influencers as well as internal processes and stakeholders. Leaders must make sure that any contractual obligations (such as downtime SLAs for a hosting company) are assessed and met within the risk management system. An orgnaisation committed to improving quality on a continuous basis, such as those accredited to ISO 9001:2015 are also wise to ensure voluntary agreements – internal and external – are assessed also.




#7: Establish risk criteria, risk appetite, and risk tolerance and ensure they are understood and communicated

Leadership must ensure that the risk management strategy applied using ISO 31000 is clearly and comprehensively communicated to all staff. This includes the risk appetite and tolerance, and ensuring an understanding of those concepts in the context of managing risk on a day-to-day basis within individual roles.



#8: Ensure risk management performance indicators are included as the performance indicators for the whole organisation

Risk management is required to be an integrated part of the organisation in order to be effective. As such, leadership responsible for risk management reporting must be able to represent the risk performance indicators in relation to their impact on overall business performance, goals, and strategies. This includes managing those responsible for risk at a granular level within departments to deliver an overview of the impact on the organisation as a whole.


#9: Communicate the value of risk management to the organisation and key stakeholders

Communication is the most effective strategy for implementing an integrated, comprehensive, and effective risk management process. It is up to leadership to devise and implement a communication plan regarding risk management, incorporating internal staff and any relevant external stakeholders.


#10: Promote the systematic monitoring of risk

A risk management strategy is only effective if it’s applied, monitored, and reviewed on a regular basis. This enables leadership to identify knowledge gaps, or problematic areas of risk which need further attention – as well as illustrate where the risk management process is a success.

 risk register.png

#11: Continuous review of appropriateness of the framework and risk management processes

As an organisation grows, merges, is acquired, or takes on new sectors or opportunities, so the risk strategy will need to be redefined. The same applies for the political, environmental, and economical influences on an industry or organisation: if these change, it is likely the risk register requires a review. At each stage of change, leadership must review the appropriateness of the ISO 31000 framework and ensure the processes laid out are relevant, proactive, and clear.


Next in the series: Clauses 5.3 – Design: Understanding Organisation And Context

ISO 31000 Risk Management Toolkit

Tags: ISO 31000

EQMS Spring User Group 2017

Posted by Emily Hill on Fri, Mar 24, 2017

On Wednesday 22nd March 2017, Qualsys Ltd welcomed our customers from W. E. Rawson, NHS, Sodexo, and many other businesses to our office for the EQMS Spring User Group. 

The User Group is an opportunity for our customers to see what's new, share ideas and meet other users of the system.

If you couldn't make the Spring User Group or want to recap some of the key points from the day, we have put together a summary of each of the talks below. 


EQMS User Group.png


Qualsys welcomed brands from across the globe to the EQMS User Group

"In my experience of using Document Manager in EQMS over the last 12 years, it is a very user-friendly system for the end user and I like the way EQMS is structured.

Qualsys provides an excellent support service with Rob Needham being our main point of contact. Rob is very approachable and helpful and listens to our requests and issues which helps a lot. We always get a response from the Support Team which is great."

Janice McMillan, Diageo 

EQMS User group 2.jpg

EQMS User Group was chaired by Robert Oakley


The State of the Quality Industry - Michael OrdGlobal Quality survey 27017 - cover.png

Michael Ord, New Business and Marketing Director at Qualsys, kicked off the event with the results from the Global Quality Survey.

The survey results highlighted three key challenges for quality leaders: 

  • Authority to do the role 
  • Data ownership
  • Leadership engagement 

Michael has put all of the key findings into the Global Quality Trends Report.

This report can be downloaded here.



Chris Owen.jpg

Chris Owen discussing the flexibility of EQMS Issue Manager and EQMS Audit and Inspection Manager


EQMS Insights - Chris Owen 

Chris Owen, Services Director shared some of the ways EQMS Issue Manager and EQMS Audit and Inspection Manager can be configured to meet your internal business processes. 

Chris has put together more information about EQMS here:


"EQMS is the best software currently available on the market. Qualsys support is second to none and very customer focused, I would highly recommend this product."  - Lee Clack, W. E. Rawson Ltd

Rob Needham.png

Rob Needham sharing the EQMS Roadmap 


EQMS Roadmap - Rob Needham 

For the EQMS Roadmap, Rob Needham, Technical Director at Qualsys Ltd, demonstrated:

  • Key enhancements
  • Issues Manager web services 
  • New Issues Manager Mobile Application 


Issues Manager Ipad app.png
New Issue Manager iPad Application



EQMS Futures - Rob Needham 

Rob Needham then shared upcoming projects, including: 

  • EQMS version 7 Update
  • Mobile Technology 
  • BI Reporting
  • EQMS Ideas Board.


"EQMS is an indispensable part of how we manage document control and accreditation at Leeds teaching Hospitals. The team at Qualsys are pushing the boundaries of what EQMS can deliver, and we are excited to see upcoming developments." - Bradley Dickinson, NHS Leeds Teaching Hospital 

EQMS Equipment Manager - Rob Needham 
"We've updated the EQMS Equipment Manager user experience and user interface so it is now a lot more intuitive," said Rob Needham, EQMS Technical Director. 
The updated version of EQMS Equipment Manager will be available in the coming months: 
Upcoming: updated EQMS Equipment Manager 
Equipment calibration checks.png
The new look for the asset register 
Equipment model 2.png
Easily search for Equipment Model

location types.png
Search Equipment by location. 

EQMS Account Management Services - Gemma BaldanEQMS Optimisation Services.png

"Every customer is now entitled to a free annual health check to give a top level review of user activity, non-utilised functionality, overdue items and a report on overall activity," said Gemma Baldan, Key Account Manager at Qualsys Ltd.

Gemma continued:

"We have an exciting range of new account management services to help our customers understand, measure and maximise their EQMS return on investment."

Existing EQMS customers can learn more about the optimisation services here.




John Oakland-1.png

Redefining Quality: John Oakland and Richard Corderoy, Oakland Consulting 

"Do you have variable control, are you gaining control or are you in journey to world class.pngcontrol?" asked John Oakland, Executive Chairman at Oakland Consulting and one of the world’s top 10 gurus in quality & operational excellence, to the User Group delegates. 

"Every time I ask this question, I get the same response - "gaining control"....

Quality professionals need to set a destination for world class performance."  

The video from this presentation is coming soon.

In the meantime, download a whitepaper by Richard Corderoy and John Oakland here.



Break Out Sessions: 

The group then split into three to discuss EQMS modules in more detail. This is an opportunity to share their use of the system, suggest system enhancements and help other EQMS customers with quality-related challenges. 

If you would like more information about the feedback, or to provide more feedback, email

"Brilliant day! There was lots of useful information to be consumed. Qualsys should be applauded for the hard work and effort they are putting in to get their software right." - Liam Herridge, NHS Leeds Teaching Hospital.  

EQMS User group.jpg

"A really interesting day and great to be able to hear the experiences of other EQMS users. Came back to the office inspired to push forward with Issue Manager. Thank you" - Chris Storey, University of Leeds. 

 New Call-to-action