8 ways Training Records Manager makes managing training easy

Posted by Emily Hill on Thu, Feb 15, 2018

Our software is continually evolving. This is why the Qualsys team all undertake regular refresher training.  It is crucial that we know how to make the new features and enhancements work for our customers. 

Last week, Caroline Wilson, Service Implementation Manager at Qualsys, ran a training session on the module "Training Records Manager". 

In this article, I asked Caroline to share 8 of the best things about the Training Record Manager module. 



1) Use for all different types of training records 

You can use this module for all different types of training records. It's used for SOPs, internal training, induction, health and safety, FLT assessments, medicals, working at heights, health surveillance and lots more. 


Laptop Training & iPhone Auditor.png

2) It's automation at its best

I've worked in quality for 5+ years. In my previous roles, I would have loved to have had a system like this. It's a million times better than using spreadsheets. For example, all the training planning process takes place in one central system. Instead of having to email and book training in everyone's calendar, as an administrator you can automate this from the system. Notifications and due dates are set in the system, so you are not spending hours chasing people. 


training records sheet.png

3) Ratings

If as a business you invest in your employees and your training, it's a big risk for your business if the training provider isn't any good.

As an administrator, you can add a form field which ensures your employees rate their training. This is a really powerful tool. Getting this feedback is really useful when planning for the next year of training. 


Johnson and scholes cultural web.jpg

Johnson and Scholes: Business Cultural Web, http://wikireedia.net/wikireedia/images/5/53/Culturalweb.jpg 


4) Make the system work for your business

Many businesses have their own internal terminology. With Training Records Manager phrases can be updated centrally by administrators so you can make the system work for your business. It's a great way to get your users more engaged with the system. 


5) You get more information, in a format you can actually use

The Training Record Manager module is really flexible. When you are configuring the module, you can capture any information you want. For example you may want qualitative data about the training as well as quantitative, so you can adapt the forms to make it work for your business. 


Access Training Records Manager datasheet

Training records datasheet.png

6) Custom training reports

Most of the time, your leadership teams are not going to have the time to configure dashboards and widgets. The Training Manager module provides leadership with custom training reports. This can then be enforced on their screens, so they can see any outdated training records, drill-down into high-risk areas, and chase anyone who is not fulfilling their training requirements. 


7) Confidence you’re compliant:

When compliance training needs to happen on an annual basis, it can be really easy for it to get missed. This is where Training Records Manager is really helpful. You can automatically manage a retraining schedule. So when you have a new starter or someone changes their role, you can copy a training program. It saves weeks of your time.  

 EQMS Modules.png

8) Integrates with other modules 

This module is not only used for external training. When used with Document Manager you can send training and quizzes on a new document or policy prior to it going live. 


Download the Training Records Manager Datasheet to learn more about the technical features and benefits of this module.  >>> 


Tags: Training Record Software

The top 5 GRC certifications for the quality professional

Posted by Alex Pavlovic on Tue, Feb 13, 2018

Of course good governance, risk and compliance isn't just about getting certificates on the wall. But they don't hurt either!

GRC certifications showcase commitment to quality, demonstrate professional expertise and work wonders for the paycheck - the 2017 Global Knowledge Salary Report identifies governance as the most lucrative professional certification, bringing an average global salary of $92,766 (£66,911) for accredited individuals.

We've identified the top 5 GRC certifications that the modern quality professional should aim for. 

1. GRCP (Governance, Risk and Compliance Professional) 

Offered by non-profit think tank OCEG, the GRCP certification acts as a baseline for other GRC qualifications with its broad focus. It demonstrates:

  • Knowledge of the operation of the core GRC disciplines, from auditing to risk 
  • Understanding of the GRC capability model and its four elements: learning, alignment, performance and review
  • Competence in advising on key GRC controls and functions, and integrating GRC processes into a holistic strategy

Image result for grc certification


Participants prepare for the exam with OCEG's 'GRC Fundamentals' video course or a two-day training program. Best of all, the exam's free for OCEG All Access Pass members.


2. CGEIT (Certified in the Governance of Enterprise IT)

With its tighter focus, CGEIT is designed for professionals specifically managing IT governance for their business. A CGEIT certification demonstrates:

  • The necessary expertise to manage and advance an enterprise's IT governance 
  • Understanding of how to optimise enterprise IT system frameworks to boost efficiency and effectiveness
  • Competence in IT risk management to support information security processes

Image result for cgeit

The CGEIT certification is provided by global information systems association ISACA.


3. PMI-RMP (Project Management Institute - Risk Management Professional)

The Project Management Institute offers a risk management accreditation to IT professionals, which builds on the risk-centric elements of CGEIT with a project-based focus. PMI-RMP certification requires:

  • Confident knowledge in risk strategy, planning and processes
  • Competence in monitoring and reporting IT risk and engaging stakeholders
  • Understanding of IT risk analysis for projects and how to build effective mitigation plans

Image result for pmi-rmp

For any quality professional wanting to learn how to insulate their business's information technology systems from risk in large-scale, complex projects, look no further.


4. CGRC (Certified in Governance, Risk and Compliance)

The GRC Group and its two institutions, the SOX and GRC institutes, offers members with a minimum of three years' professional experience the opportunity to achieve its CGRC certification.

CGRC involves:

  • Understanding how the various roles and tiers of a business can contribute to robust and effective GRC
  • Gaining knowledge of the key GRC regulatory requirements and how to meet them
  • Understanding best practice in control frameworks, how to improve internal operation with focused investment, and how to track GRC process performance

Image result for cgrc grc group

GRC requires constant improvement and innovation. Understanding how to invest in a  business's GRC system is a crucial skill provided by CGRC certification. 


5. CRMA (Certified in Risk Management Assurance)

As its name suggests, the Institute of Internal Auditors focuses on quality professionals involved in the auditing process, providing educational material, certification and networking opportunities to its members.

Its CRMA certification aims to give participants the tools they need to:

  • Unlock the full potential of internal auditing to drive continuous improvement
  • Evaluate how risk relates to core business processes - and how to mitigate it
  • Understand how to effectively manage and analyse risk

Related image


CRMA is achieved by passing a 100-question multiple-choice examination. 


Business-wide benefits

These five certifications are all valued indicators of governance, risk and compliance professional excellence. Whether it's building core knowledge of GRC, improving control of IT systems or understanding and insulating against risk, achieving a GRC certification benefits the recipient and their business by laying the groundwork for robust, resilient GRC processes.


What you should do now

Looking to build your GRC expertise? Browse the standards and compliance section of our website for detailed breakdown of the key GRC standards.

How do you compare with your peers in the quality industry? Read our 2017 Global Quality Trends Report to gain insight from industry experts and learn how the quality industry is changing.

Finally, our Knowledge Centre provides a range of materials to support GRC professionals: access gap analysis and risk register templates, download standard toolkits and browse Qualsys's training courses.

Access Knowledge Centre

5 things you should know about GDPR

Posted by Alex Pavlovic on Mon, Jan 29, 2018

GDPR: four letters that you'll hear more and more over the next few months. 

You probably know that the EU's General Data Protection Regulation constitutes a dramatic change to the way businesses must handle and process their data - and it comes into force on 25 May.

But beyond that, most people scratch their heads. Here are five things you should know.

eu gdpr security

1.  It's got three aims

At its core, GDPR is really quite simple. Its three aims are:

  • To unify and strengthen the protection of personal data for EU citizens
  • To give EU residents greater control of how their data is stored and used
  • To control how personal data is exported outside the EU

Everything about GDPR boils down to these three guiding principles. Understanding how your business can fulfill these aims is the first step to compliance.

Personal data can be anything from name and address to race, religion, social media posts or even genetic and biometric data. Making sure businesses use the personal data that they possess in the right way is the crux of GDPR.


2.  It's tougher than the rest

GDPR replaces older legislation like the EU's Data Protection Directive or the UK's Data Protection Act and goes beyond them in a few important ways:

  • Unlike a directive, it's directly binding - so if your business is based in the EU or deals with it, you will have to comply from 25 May
  • It harmonises various sets of legislation into a single framework
  • It includes export of personal data beyond, as well as within, the EU

In short, there's no way of avoiding it and it has potentially worldwide reach. On the flip side, a single legislative framework simplifies compliance: nail GDPR, and your business has a compliant data management system that will build customer trust, strengthen reputation and image, and dodge financial penalties. Which brings us to the third point...


3.  It's got teeth

GDPR packs a serious financial punch for businesses found to be in non-compliance after 25 May. Fines of up to €20m (£17.56m) or 4% of annual turnover, whichever is greater, can be slapped on companies not managing personal data properly. Personal data must be:

  • Processed transparently and lawfully
  • Collected for legitimate purposes
  • Relevant, pertinent and necessary
  • Up-to-date and accurate
  • Stored only if necessary
  • Secure and confidential

If your business isn't complying with any of this - plan how to change it before May!

Some key steps to take include:

  • Creating detailed records of your data processing
  • Documenting your data policies and procedures
  • Training and informing staff about GDPR

We know how it is. You want to focus on the long term, but those short-term tasks stack up, get in the way and take up time. Trust us: setting aside some time for creating and actioning a plan now is the best approach to avoid nasty surprises further down the line.


4.  It will affect your business... even after Brexit

Every business with ties to the EU will be affected by GDPR. Yes, that includes British businesses after the Brexit date of 29 March 2019. 

The Queen's Speech in June 2017 highlighted the fact that GDPR, or something broadly identical to it, will remain in force once the UK leaves the European Union - so complying with GDPR is just as important for British businesses as those on the continent. 

gdpr brexit uk eu

5.  It affects everyone

The data protection officer (DPO) will be the main gatekeeper of GDPR, with tasks like monitoring compliance, cooperating with data protection authorities, and informing and auditing colleagues. But responsibility for data and information security compliance in a business falls on everyone. Let's take a look:

  • Marketing teams must get consent from those receiving marketing information
  • IT teams must guarantee electronic data security - and inform the supervisory authority within 72 hours if there's a breach
  • Customer account teams must make sure customer data is secure and relevant
  • HR must safeguard employee information
  • And so on!

Data touches all parts of a business. So getting questions answered, gathering information and putting together an action plan for GDPR compliance is absolutely vital.

Working Hard-1.jpg


What you should do now

GDPR will be the biggest overhaul of data protection regulation in twenty years - so get prepared.

Download our free GDPR toolkit for more information and guidance.




Tags: European Data Regulation, EU GDPR

GDPR workshop: 23 February 2018

Posted by Alex Pavlovic on Tue, Jan 23, 2018

Qualsys will be hosting a full-day GDPR workshop at our Sheffield office on 23 February 2018.

Do you know your ARs from your IPRs? Can you conduct a PIA? Do you know who the data controller in your business is? If, like hundreds of businesses in the UK, you need more information about preparing for GDPR, don't panic. A Qualsys survey in November 2017 found that 87% of businesses don't feel ready

The General Data Protection Regulation constitutes the largest overhaul of data protection regulation in twenty years - and comes into force on 25 May 2018.

From that date, businesses found to be in breach of the regulation will be susceptible to fines of up to €20m (£17.56m) or 4% of their annual turnover, whichever is greater.

It's not surprising that businesses are nervous and scrambling to prepare and adapt before the big day. There's confusion and uncertainty about what compliance means and what steps to take. 

Image result for gdpr

The Qualsys team will be offering expert support and guidance to businesses wanting to inform themselves about preparing for GDPR. Whether you're a Qualsys customer or not, our doors will be open on Friday 23 February for a full-day informative workshop in Sheffield.

Come join us and learn:

  • What GDPR means for your business
  • What to do before 25 May
  • How to conduct a PIA, manage risks, handle security breaches and prepare staff
  • How to manage assets, data types, customers and suppliers
  • Ten top tips from the Qualsys team

And much more. We will provide all delegates with a free information pack (and plenty of ideas!) to take away with them. To provide the most focused and valuable experience we can, places will be limited to ten delegates only on a first-come-first-served basis.

Get the knowledge you need to approach GDPR with confidence.

The workshop is priced as follows:

£399 (Qualsys customers)

£449 (non-customers)

GDPR workshop - Qualsys ltd (002).png

What you should do now

Sign up for the workshop here

Read how our software suite helps businesses prepare for GDPR here

Tags: Governance Risk and Compliance News, European Data Regulation, EU GDPR

User group round-up: December 2017

Posted by Alex Pavlovic on Tue, Jan 16, 2018

Last month, Qualsys hosted its largest ever user group.

Almost 50 attendees from 19 companies headed to the Victorian Sheffield mill that Qualsys calls home for a day of workshops, networking and discussion. 

User Group 3.jpg

Commercial Director Robert Oakley shared tips about weathering 'the perfect storm' arriving in 2018.

Quality Assurance Manager Kate Armitage offered insight into GDPR, while the Qualsys service team demonstrated how our GRC modules will help businesses comply with it.

Managing Director Mike Pound shared news about the Qualsys rebrand and the exciting changes coming in the new year.

The day was an opportunity for Qualsys's customers to meet other businesses facing the same GRC hurdles, share their experiences, learn about the new software features and developments on the horizon, and gain valuable GRC insight from across the Qualsys team.

It was useful to meet new users like ourselves as well as experienced users. The interaction in each workshop was beneficial, and the GDPR information will prove very useful.

- Gerry McArdle, SHE Manager at Fujichem Sonneborn


It's no secret that 2018 will be a pivotal year for the quality profession. We are just a year away from the great question mark of Brexit, and the biggest overhaul of data protection regulation in two decades comes into force in May. In this climate, Qualsys's customers are finding events like the user groups increasingly useful. 

Qualsys user group.png 

GDPR is one of the main challenges we'll be tackling in 2018. The breakout groups were great for adding focus and giving everyone a say. We're really looking forward to the new version of EQMS!

- Geoff Airey, Group Audit & Compliance Manager at Lowri Beck

A 2018 programme of new, topic-focused informative events, as well as more user groups, will be unveiled soon to support quality professionals on the journey to natural governance, risk and compliance. 

Keep an eye on the Qualsys website for details. 

What you should do now

Missed out on the user group? Access the brochure, slides and more here.

Access December 2017 User Group Slides, Presentation & More Here



Qualsys launch the Global Quality Survey 2018

Posted by Emily Hill on Tue, Jan 16, 2018

For the fourth year running, Qualsys have launched the annual Global Quality Survey. It's your chance to have your say on how the role of quality and the industry is changing. 

Global quality trends survey 2018

Never before have quality professionals encountered such pressure in balancing and prioritising various organisational demands such as:

  • Reducing the cost of poor quality
  • Improving customer satisfaction
  • Engaging a remote and global workforce with quality

As technology evolves alongside developing regulatory requirements, so does the role of quality. It’s time to ask: how do you compare with others in your industry?

About the survey

The survey comprises 34 questions compiled by Robert Oakley, Commercial Director and Mike Bendall, Business Mentor.

We've kept many of the survey questions the same to help us to get a full picture of how the industry is changing. 

Take the Global Quality Trends Survey 2018


£1 to Sheffield Children's Hospital Charity 

For every quality, regulatory, or compliance professional who enters, Qualsys will donate £1 to Sheffield Children's Hospital Charity. Last year, we raised £151 for the charity. 

Take the Global Quality Trends Survey 2018


Before you go... 

See the results from the Global Quality Trends report 2017 here 

Please also share the survey on Twitter & use #GQTS2018


Qualsys awarded Great User Experience Award by Finances Online

Posted by Alex Pavlovic on Thu, Jan 11, 2018

Qualsys are delighted to announce that our software has been awarded the Great User Experience 2017 Award by Finances Online. 

Here's what the award means - and how you can read a full review of our software. 



Finances Online is an online platform collecting reviews of B2B and SaaS products. The site enables software buyers to quickly compare thousands of different solutions. 

Prior to getting listed on their directory, Finances Online researches, verifies and applies social algorithms to generate a score for each vendor. 


Verified by Finances online.png


We use a behaviour-based customer satisfaction algorithm to gather customer reviews, comments and opinions across a wide range of social media sites to help buyers to make an informed buying decision.



After the evaluation process, Finances Online awarded Qualsys the Great User Experience 2017 Award. 

Rob Needham, Technical Director at Qualsys is delighted the software's accessibility and user friendliness has been recognised. He said:  

We've been working really hard to make the software as user-friendly and intuitive as possible. Balancing lots of powerful functionality with a slick interface can be a real challenge. Throughout 2018, we have a jam-packed product roadmap which is going to further optimise our solution.  

 risk management software.png

Qualsys were also awarded the Rising Star 2017 Award. This is awarded to solutions which have rapidly expanded their popularity and customer uptake. Everyone at Qualsys would like to thank our new and existing customers for helping us achieve this accolade.



Read the review of Qualsys here 


ISO 22301: How to create a disaster recovery plan

Posted by Emily Hill on Mon, Jan 08, 2018

When a disaster strikes, there is often little time for planning a response, especially when the systems that are essential to your business operations are impacted. The GRC professional can and should play a leading role in addressing disasters.  

The role of the GRC professional must, however, start long before a catastrophe hits. They must plan, prepare and practice for an emergency.

A disaster recovery plan (DRP) is a documented, structured approach which includes how to respond to unplanned incidents. 

Business continuity and disaster recovery plans can provide a competitive advantage, especially as major businesses increasingly demand them as part of vendor selection processes. Without effective plans, businesses risk sanctions, fines, loss of customers, lawsuits and even going out of business. 

This step-by-step plan will help you build an effective disaster recovery plan using our GRC software


1) Audit your internal systems

Before you can do anything, you need to undertake exploratory audits to identify and review potential disasters. 

Develop a Business Impact Analysis (BIA) that identifies all critical functions, systems and applications, and outlines how a disruption to each of them will impact the business.


  1. Seek the input of all departments in the organisation to ensure that every issue is covered.
  2. Use Qualsys's Audit Manager to set up questionnaires for each area of your business and assign responsibility to each department head to collect the data you need. 

auditing software 4.png


2) Understand vulnerabilities, risks and opportunities  

Agree on how you will determine the impact of a risk and then conduct a risk assessment which details the potential ways they could damage your business. 

These may be:

  • Cyber attacks
  • Power outages
  • Natural disasters 
  • Human error

Document the risk of each of these occurring, the impact that they can have, and what will need to be recovered.

Risks include:

  • Loss of customers
  • Cost of downtime
  • Reduced productivity
  • Reputational damage
  • Recovery costs 

Tip: Use Qualsys's Risk Manager to collect risk data from across your business and associate each risk to audits, suppliers, documents, policies, incidents, etc. 

 risk management software.png

3) Control of external provisions

How exactly could your external providers impact your business? Do you have up-to-date contact information? Should you spread the risk by taking on multiple providers? 

All of the following may cause a disaster when you rely on a supplier:

  • Financial viability
  • Capability and capacity
  • Ethics assessment
  • Social responsibility
  • Process control
  • Sub-contractors 
  • EHS 
  • Change 

Assess the risk from each external provider and create contingency plans and exit strategies for the loss of suppliers that are critical to operations.

Tip: Use Supplier Manager to keep a central repository of: 

  • Contact details
  • Service level agreements / contracts 
  • Evaluation and re-evaluation criteria
  • Cost of poor quality
  • Real time dashboard
  • Routine supplier audit records 


4) Keep an asset register

Add all the information on the components of your assets and equipment in a detailed inventory.

Add all details about the assets, including:

  • the warranty expiration date
  • location
  • version number
  • installation or purchase date
  • latest updates of both essential
  • supporting equipment

It is also important to state objectives should there be an incident, for example: what is the recovery time objective? What would be the maximum tolerable downtime? 

Tip: Use Equipment and Asset Manager to manage equipment throughout its lifecycle. 


5) Risk analysis

Identify, assess and appropriately manage threats and vulnerabilities. 

Reduce any identifiable risks by setting up the appropriate supporting systems and strategies. These should include backups of data and the routine inspections of IT assets.

Ensure you can discover potential threats through measures such as antivirus software, network monitoring and staff training, and mitigate the damage through redundancies that protect critical data and applications.

 inspection management software.png

6) Document your DRP 

Your DRP should include a short-term plan that repairs and restores critical business processes, and a long-term plan that covers things such as root-cause analysis and long-term preventive strategy. 

You will need to make sure your DRP is kept up to date and will enable you to meet your recovery objectives. 

Tip: Use Document Manager to store files and share documents with the right groups or individuals.   

7) Train your employees

Who exactly is your disaster recovery team? What are their roles and responsibilities should an incident occur?

Part of your disaster recovery plan should be to make sure your employees have the necessary formal training should something happen. Then the training should be recorded in a central system they will be able to access. 

Communicate the plan to all of your staff and arrange formal training to ensure they understand and can fulfil their responsibilities under the DRP.

Training should be conducted on a regular basis and whenever any changes are made to the plan that will affect staff roles during the recovery.

Tip:  Training Record Manager enables you to maintain records, identify training needs and assign responsibility for tasks. 



8) Test your DRP 

While identifying the risk and creating a mitigation plan are important first steps, practice is also essential.

Undertake regular exercises to validate plan procedures will work as designed. This means you need to test your DRP on a regular basis to ensure that your plan is fit for purpose. 

Tests should assess all your procedures, identify opportunities for improvement, and ensure they are implemented. For example:

  • Test your emergency phone numbers 
  • Test your communications systems across the globe
  • Check all contact information is up to date
  • Make sure all communications templates and data are secured and backed up

Tip: Use the Incident Manager module to set off a test workflow to see the response and identify any issues. 



What you should do now

Want more information about business continuity? Learn how to use Qualsys's software for your disaster recovery planning (and more) by scheduling a demonstration or discovery  call here 

Schedule a GRC Software discovery call

Tags: Compliance Management Software, ISO 22301

Quality priorities 2018: Review of 2017 & new year's resolutions

Posted by Emily Hill on Thu, Jan 04, 2018

We asked 10,000 quality professionals to share their highlights from 2017, plans for 2018, and any advice they would share with others. 

Qualsys would like to thank everyone who took part in the survey, and here are eight of the best. 

global manufacturer 2018 plans.png


1)  Aza Bik, Quality Manager for Cardiology and Cardiac Surgery

What went really well for you in 2017? 

I developed the quality management systems in two healthcare organisations. They both achieved ISO 9001:2015 certification.  I succeeded in getting my ISO 22000 lead auditor certificate. And I also managed to progress my career, landing a role as a quality consultant.

Plans for 2018? 

In 2018, I'll be conducting a research project in quality management and coordinating an infection control program.

Advice for other professionals? 

Be ambitious in everything you do. 


2)  A UK-based business

What went really well for you in 2017? 

Achieving ISO 9001:2015 certification was a real highlight of 2017, as was being part of the business process and assurance function and delivering a quality presentation at a CQI branch.

Plans for 2018? 

I plan to get more involved with business process and assurance functions and maintain our certification to ISO 9001:2015.

Advice for other professionals? 

I'd recommend you encourage senior management to become more involved with your quality management system. Engage regularly with stakeholders at all levels of your organisation and share knowledge and experiences with others. 

3)  A quality student

What went really well for you in 2017? 

I have been on a steep learning curve throughout 2017. I've been made aware of new data laws and learning where to find important information on changing regulations. 

Plans for 2018? 

In 2018, I want to further my education, see about starting work within the industry, and start saving to pay off my tuition fees!

Advice for other students? 

I'd advise other quality students to talk to as many professionals in the industry as possible and to get involved with the CQI. 


4) Kevin Tuke, Group IMS Manager, Eptare Refrigeration

What went really well for you in 2017? 

In 2017, our business successfully launched some really exciting new products to market, and I integrated all our new acquisitions into our IMS. We also successfully transitioned to the new ISO 9001 and ISO 14001 standards!

Plans for 2018? 

In 2018, I'll be looking closely at the metrics across 15 plants and 12 countries. I aim to stabilise the group non-quality costs (total NQ costs / turnover). And I want a 1% increase in Right First Time across the group. 

Advice for other professionals? 

Internal audits are a great opportunity. Make sure you use them to add value to your business.


4) 10,000+ employee, multi-site manufacturing business

What went really well for you in 2017? 

I managed to get approval to replace our obsolete quality management system packages. We transitioned to ISO 9001:2015. One of the greatest achievements was getting agreed metric methodologies for measuring and comparing global quality performance. 

Plans for 2018? 

We'll be rolling out our new quality management software. We're starting to integrate our global quality system and that will help us to monitor global quality system KPIs. 

Advice for other professionals? 

Make sure management understand the importance of your quality management system. Too often, it's seen as an afterthought and not an essential business tool. 

5) Global manufacturer

What went really well for you in 2017? 

We managed to achieve AS9100 C implementation in our US facility. We also successfully passed our AS9100 D readiness review. Best of all, a large number of our employees successfully completed their internal auditing foundation course training. 

Plans for 2018? 

We'll be getting certified to AS9100 Rev D and doing an IATF 16949 gap analysis training.  

Advice for other professionals? 

Training our employees is the most important activity we can undertake. It makes implementation of change far less painful.  


6) US-based manufacturer

What went really well for you in 2017? 

Our quality management system transition to ISO 9001:2015 went really well. Quality control at manufacturing sites and running workshops to engage employees have both been successful. 

Plans for 2018? 

Increase internal standardisation of processes. 

Advice for other professionals? 

You must set objectives and set a vision for your quality management system. 


7) UK-based business consultancy services

What went really well for you in 2017? 

Successfully passing several examinations and getting a promotion. 

Plans for 2018? 

Become more familiar with our quality, environment, process safety and GDPR requirements. 

Advice for other professionals? 

Be resilient - don't give up after receiving any type of disappointment. 


8) UK-based 250+ person food manufacturer

What went really well for you in 2017? 

More employees have started challenging our processes which I've found really helpful. I worked with our internal communications team at the start of last year to get some messages out there, including some "Why Quality?" instructional videos.

Plans for 2018? 

My resolution for next year is to try something new each month, like running quality improvement workshops, going to different training events, and creating reports on new areas. 

Advice for other professionals? 

We should challenge the status quo more. Don't be afraid, just speak up. 


What you should do now

Ambitious plans for 2018? We are all learning and developing our skills.

Sign up for Qualsys's 1-day courses to be inspired, network, and gain actionable advice for advancing the maturity of your governance, risk and compliance management practices. Browse courses here. 

Alternatively, if you are looking to implement a new governance, risk and compliance management system, download our GRC software datasheets. They discuss the software features, benefits and how you can use the software in your business. 

GRC Softwar datasheets

GRC in 2018: Qualsys staff share their predictions

Posted by Emily Hill on Thu, Jan 04, 2018

As another new year begins, the Qualsys team have reflected on the events from the past year and shared their predictions for the year ahead.

We've asked members of staff from across the business to tell us what they foresee as potential GRC challenges and opportunities over the next year. 

1) Data privacy - top of the business agenda

 GRC predictions 2018.png

Kate Armitage, Product Quality Assurance Manager at Qualsys believes first and foremost that data privacy will be squarely on top of the 2018 business agenda: 

Data privacy isn't anything new, but when the European Union's General Data Protection Regulation (GDPR) enters into force in May 2018, it will strengthen the rights of individuals to control what data they share.

However, this poses many challenges for businesses who rely on the data to benefit society. For example, modern cars collect vast quantities of data. This data is used for all kinds of things, such as improving the vehicle performance and even making roads safer. Yet in Germany, privacy rules already give ownership of the data to individuals in the default setting, making it hard to get consent. As a result, this makes their roads ever so slightly less safe.

For many businesses, in particular high-tech companies who rely on vast amounts of consumer data, GDPR is a complex and broad regulation which will fundamentally change how their business operates now and long into the future.

More GDPR resources here 


2) Brexit turbulence might cause a rise in ISO certifications 

Predictions for 2018 2.png

Ryan Peplow, one of Qualsys's product testers, thinks Brexit will result in a larger number of UK-based businesses investing in their ISO certifications. 

UK businesses who export their products and services will likely invest more in their ISO certifcations. Many of these standards, such as ISO 13485, the medical device standard, harmonise regulatory requirements and help businesses implement a best practice management system. ISO certification may help UK-based businesses stay competitive. 

Read about Annex SL 


3) Ethics will play a wider role in the business 

Predictions for 2018 7.png

Mike Pound, Managing Director, says that there will be more pressure on governance, risk and compliance to monitor and manage the ethics of the business. 

Governance, risk and compliance is always influenced by changes in society. We must continually be asking what our consumers want and care about.

For example, throughout 2017, sexual harassment and assault allegations have surfaced around many powerful and influential men, and media coverage of these revelations has dominated news cycles. Bill Cosby, Harvey Weinstein and Kevin Spacey are but a few that have been revealed, but there will be more. Throughout 2018, more businesses will be reviewing their processes, and should be investigating any past events that might surface. 

Learn about about management system solutions


4) Leadership will understand the role they play in governance, risk and compliance

Predictions for 2018 4.png

Michael Ord, New Business and Marketing Director at Qualsys, believes quality teams are going to get much more involved with key performance metrics in order to engage leadership. 

The Global Quality Survey 2017 revealed 67% of leadership teams weren't engaged with governance, risk and compliance. 

But these same leadership teams are running successful, busy and high-growth businesses. A weak governance, risk and compliance system will never keep pace with the risks that a high-growth business faces. As the business grows and encounters more challenges, it needs a management system that works. 

We're finding more and more GRC professionals are getting better at engaging leadership. They are using our software to monitor key performance indicators such as Net Promoter Score, Customer Lifetime Value, and the Cost of Poor Quality. That is getting the attention of leadership, because they can do something with that information and it speaks their language. 

 KPIs you should be measuring


5) Culture of Excellence

Predictions for 2018 5.png

Tom Hodgson, New Business Development Manager at Qualsys believes GRC professionals will be doing a lot more in 2018 to encourage employees to take ownership of the governance, risk and compliance management system. 

While we have always known that culture will always triumph over compliance, there is a disturbing trend of employees not challenging the information presented by their governance, risk and compliance management systems.

This leads to one-sided views, interpretations and ideas. I think 2018 will be the year where GRC professionals are going to go further to get their employees really stuck in. We're already seeing our software getting more and more attention as employees understand why they need to be challenging documents, processes, and even our software. This makes their business fitter, faster and stronger. 

8 tips for quality professionals to implement a culture of excellence 


6) Truly integrated GRC solutions 

Predictions for 2018 6.png

Charlie Munns, Business Development Executive at Qualsys said businesses are going to invest heavily in technology in 2018. 

GRC teams are spending a lot of time chasing people for the information they need to do their job well. This data isn't always accurate and it's slow to reach them. Throughout 2018, we're going to see more businesses adopt a real-time integrated approach. We're already seeing more and more businesses connect our software with their existing ERP and Microsoft applications - this is reducing duplication of effort and enabling teams to identify risks and opportunities faster than ever. 

 Read about integrations


What you should do now

Ambitious plans for 2018? We can help you replace tired, outdated legacy systems, engage your employees and achieve a culture of excellence. Browse our GRC solutions here. 

Alternatively, if you are looking for inspiration on where to focus your efforts in 2018, read Global Quality Industry trends report here. 

New Call-to-action