Governance, Risk and Compliance Blog

Leadership and Risk - Understanding ISO 9001:2015 Requirements [Video]

Posted by Emily Hill on Mon, Jan 23, 2017

One of the main changes in ISO 9001:2015 is more explicit leadership requirements to manage risk. However, these changes are causing a lot of confusion. So, what exactly does your leadership team need to do to meet the new requirements of ISO 9001?  

We asked Richard Green, Founder of Kingsford Consultancy Services to explain leadership, risk and ISO 9001:2015.

In the video below, Richard explains: 

Watch the video 


Transcript from the talk

How can you get top management to manage risk to meet ISO 9001:2015 Requirements? 

What are quality risks? 

If your organisation is still trading it is probable that your top management already has a good appreciation of the risks the business faces. You organisation probably has already put in place arrangements to both manage existing risks and to horizon scan for any new ones. 

In respect of your QMS, the risks you are concerned with are those which have the potential to impact:

  • Your organisation’s ability to consistently provide customers with conforming products and services
  • Your organisation’s ability to meet applicable statutory and regulatory requirements
  • Your organisation’s ability to enhance customer satisfaction

ISO 9001:2015 Toolkit

Top Management's Role

Firstly, ISO 9001:2015 states top management are responsible for ensuring the effectiveness of their organisation’s quality management system and for ensuring its intended results are achieved. 

They therefore need to be mindful of internal and external threats that could prevent them from delivering the intended results. However, risk can be positive as well as negative in the ISO world. Top management need to be mindful of opportunities which will facilitate the realisation of the intended results.

Secondly, top management are explicitly required to promote risk-based thinking in respect of their organisation’s QMS. This does not mean they have to do all of the risk-based thinking themselves, but they do need to evidence that they support a risk-based thinking approach.


What is Risk-Based Thinking

One of the key changes Annex SL has brought to existing MS standards is a systematic approach to the management of risk (P-D-C-A). We refer to this as ‘risk based thinking’. A useful overview of risk-based thinking is provided in 9001:2015’s introduction for those new to the subject or you can find an article here.

Risk-based thinking was implicit in ISO 9001:2008 (preventive action) – ISO 9001:2015 now makes the requirement explicit.


Why do we need risk-based thinking? 


Within our organisations different processes carry different levels of risks in terms of their potential impact on our organisation’s quality objectives and outcomes. We need to focus our efforts on our critical processes – how might they fail or how might they be improved?

Also the consequences of experiencing a process, product, service or system nonconformity is not the same for all types of organisation. You’d therefore expect greater management of risk in a nuclear power station than a dog grooming business. So too would your auditor.


Where in ISO 9001:2015 is Risk-Based Thinking? 

Clause 4 Context - Determine the processes required for operation of the quality management system and the risks and opportunities associated with these processes.

Clause 5 Leadership – Top management must ensure that the risks and opportunities that can affect conformity of products and services and the ability to enhance customer satisfaction are determined and addressed.

Clause 6 Planning – to give assurance that the quality management system can achieve its intended result(s), prevent or reduce, undesired effects and achieve continual improvement.

Clause 8 Operation -The organisation is required to implement processes to address risk and opportunities.

Clause 9 Performance Evaluation - The organisation is required to monitor, measure, analyse and evaluate risk and opportunities.

Clause 10 Improvement - The organisation is required to continually improve processes whilst responding to changes in risks and opportunities.

The requirements around risk are extensive. How can we ensure top management embrace these?


Grabbing the attention of Top Management

If top management are not engaged with respect to quality management system risk, what can you do?

  • Highlight the cost of quality failure - (Deepwater Horizon $43bn). As well as financial costs there is reputational damage or even jail.
  • Remember positive risk (opportunities) too – these include cost reduction, elimination of waste, faster to market and new innovations. Top management are always interested in bottom line improvement
  • Remind them this is not optional.


Approaches to Risk Management

ISO 9001:2015 doesn’t tell top management how to manage risk. It leaves that up to the organisation. Usually, it is the one(s) that works best for you. When selecting a risk assessment methodology ensure;

  • It enables the requirements of 9001:2015 to be met
  • It is straightforward to use
  • It is not cost prohibitive to use
  • It gives consistent and repeatable results
  • It is universally applied across functions managing the same risks
  • There is documentation, training and support available in order to ensure it is properly applied

Here are some risk management techniques: 

  • ISO 31010 Risk Management – lists some Risk Assessment Techniques
  • Failure mode and effect analysis
  • Cause and effect analysis
  • Delphi technique – structured, interactive forecasting
  • Hazard analysis and critical control points
  • Scenario analysis
  • Root cause analysis
  • Risk Indices
  • Cost benefit analysis


For more information about the changes to ISO 9001:2015, download the ISO 9001:2015 toolkit here

  ISO 9001:2015 Toolkit

Tags: ISO 9001:2015

FTSEGood Index member, Elementis, Opts for EQMS

Posted by Annie Grace on Thu, Jan 19, 2017

Elementis Plc, a leading speciality chemical company, is the latest to join the growing number of organisations using EQMS by Qualsys across the world.




A complex business infrastructure, Elementis has three businesses: Specialty Products, Chromium, and Surfactants. Within each business there are multiple locations and large teams of people spread across a wide geographic area. They sought software which would smooth business processes, speed up administrative tasks, and improve staff training management across the company.

Elementis employs more than 1380 staff in total, and operates in 35 international locations, including 13 manufacturing hubs. As a FTSEGood Index member, Elementis must adhere to strict standards, including ISO 14001 certification across several sites.

The framework that EQMS Document Manager provides for Elementis allows the company to accurately manage, store, access, and change documents, while keeping hold of version control and visibility depending on individual user permissions. Version control is essential on technical and policy documents, where the slightest change to a workflow or client instruction could have a major impact. Keeping control of the latest version enables Elementis to always follow the latest instruction or process with confidence.


The highly skilled Elementis workforce must operate to continued regulatory standards and evidence can be provided of this for any audit within minutes. The implementation of EQMS Training Records Manager will enable quality managers and trainers to access, plan, schedule, and report on training across the full workforce. A clear overview enables instant analysis of possible gaps in knowledge so that training can be planned as a priority.

Both EQMS Document Manager and EQMS Training Records Manager integrate with another module, EQMS Audit and Inspection Manager. This is an essential tool for Elementis, who work with multiple suppliers, manage a wide range of products and processes, and must adhere to rigorous industry standards for safe operation. EQMS Audit and Inspection Manager enables a quick overview or ‘drill down’ reports whenever required: Elementis are now audit ready 24/7, significantly reducing the administration raised by an audit and speeding up issue management with automated workflows.



“We’re really excited to work with Elementis,” said Michael Ord, New Business Director at Qualsys. “The modules they’ve selected will help them to keep track of all documentation, remain on top of all training requirements, and be fully audit-ready at any point. The significant time savings made by implementing EQMS means the QHSE team at Elementis will be able to focus on doing more important tasks and take a proactive approach to quality management without the shackles of huge amounts of administration.”





Download EQMS Datasheets to find out more about the functionality and system benefits of using EQMS. 


EQMS Datasheets

ISO / DIS 45001: How Does ‘Risk-Based Thinking’ Affect Your H&S Procedures?

Posted by Annie Grace on Mon, Jan 16, 2017

The new ISO 45001 will follow the high level Annex SL structure which means there will likely be more explicit requirements around risk-based thinking. But what does that mean for you as a health and safety professional in real implementation terms?



  • Health and Safety Leaders must develop a proactive, preventative approach to risk (compared to traditionally reactive structures);
  • Top management must take overall accountability for the protection of workers’ health and safety obligations (the number of directors jailed for H&S negligence has tripled in the last year);
  • Organisations must take into account all ‘interested parties’ – which now includes the workforce.

These changes alter the responsibilities of risk management from you to everyone. The buck, ultimately, stops with business directors – which is why, after an incident, they need to be able to prove that they have taken every actionable step possible to mitigate or prevent a risk from occurring.

If your H&S systems involve a handwritten incident logbook, you’re putting your staff, reputation, and business at risk. Not only does a logbook require people to remember it, find it, write in it, and inform the H&S team of the incident, but it is likely you don’t have a process in place to prevent the incident from recurring.


Paper based files sat in a folder won’t help you discover risk patterns, or help you to identify potential risks which you could mitigate to prevent a problem before it even occurred. That’s where software comes in to help. Systems such as EQMS Accident and Incident Manager provide a clear process for staff to record potential risks and hazards as they occur. Allowing any user to highlight a potential risk means your quality team will have a clear and instant overview of all areas of risk in the company – including those which may not have been obvious, such as risks occurring on another site to the location of the H&S team.

Moving from a paper-based or spreadsheet based H&S process may feel like an unnecessary headache, but it will save you considerable sums – and time – in the long run:

  • Recognise trends and mitigate risks before they occur to reduce incident rates and keep your insurance premiums low;
  • Automate workflows to reduce administration time and introduce a culture of responsibility to your workforce;
  • Maintain regulatory standard compliance at all times and avoid associated non-conformance costs;
  • Identify potential training gaps and requirements to ensure staff are fully up-to-date with all required H&S training and avoid preventable accidents;
  • Provide easy and fast audit trails in the wake of any audit or post-incident investigation, without adding to administrative demands.

EQMS Accident And Risk Manager is an easy-to-use, off-the-shelf, configurable system that helps you manage your new ‘risk-based thinking’ approach to health and safety.

Sign up for the FREE webinar on Wednesday 18th January 2017 to find out more about moving your H&S procedures into the digital age.




Tags: ISO 45001, Webinar

How to use EQMS Incident and Accident Manager for Health and Safety Compliance

Posted by Annie Grace on Thu, Jan 05, 2017


Health and safety.png

How does your company culture impact your health and safety responsibilities?

If your employees think health and safety risk and accountability lies only with a dedicated team of quality managers, it’s time to re-think your approach.

Every individual is responsible in the chain of accountability. Making a cultural change to shift responsibility to individuals has many business benefits – not least improving risk mitigation and reducing related incident costs.

Getting your staff on-board means having a comprehensive and easy-to-use process in place. You’ll find people are more willing to take accountability if it’s clear and easy to do so.

You’ll also find that monitoring the process is key to understanding where potential risks lurk and identify trends. You can locate your weakest points before they become a compliance or accountability problem.

It’s up to the quality team to implement the culture of responsibility – but how is that best managed, tracked, and audited? How can you be sure that you’re compliant – whether with OHSAS 18001 or the elusive soon-to-be-announced ISO 45001?


With a comprehensive EQMS system, naturally.

Managing a culture change is tricky. A solid EQMS system designed to handle change processes smoothly will not only simplify the transition but solidify your future.

You’ll save money by reducing errors and mitigating risks through an audit-friendly system.

You’ll allow individuals to take responsibility while improving business processes.

You’ll futureproof your quality management processes against changes to ISO standards.


Want your people to believe in QHSE (even if they’re not quality managers)? Book onto our next FREE webinar and take the next step to changing your quality culture:

  • Discover how EQMS helps your risk and accountability problems
  • Learn about EQMS Incident & Accident Manager software with no obligation
  • Understand how culture impacts your quality processes – and why EQMS solves your problems.


alex_swan.pngThe FREE webinar will be delivered by Alex Swan, our Business Development Manager. Book your place now!

Please register for Ensuring a Health and Safety Culture with EQMS on Jan 18, 2017 10:00 AM GMT at:

After registering, you will receive a confirmation email containing information about joining the webinar.

Tags: ISO 45001

ISO/IEC 17021-3:2017 Due This Month - Key Changes Explained

Posted by Emily Hill on Tue, Jan 03, 2017

ISO/IEC 17021-3 sets out the competence requirements for bodies providing auditing and certification of management systems. This month, we expect to see the new version of ISO/IEC 17021-3 go straight from Draft International Standard to ISO (no final draft stage), requiring many Certification Bodies auditing quality management systems and organisations operating quality management systems to update their practices in line with the changes. 


"Richard_Green.jpgAs a result of the overwhelming support the draft international standard ISO/IEC 17021-3 received during the ballot, we can expect to see the publication of ISO/IEC 17021-3 very early in 2017 - probably January." says Richard Green, Managing Director and Founder of Kingsford Consultancy Services, who was part of the committee who developed the standard in Geneva back in April. Richard adds:

"This not only has major implications for Certification Bodies auditing quality management systems, it will also impact organisations operating quality management systems, as there are will be new expectations placed on their external auditors."


Below, Richard Green has shared 5 of the key changes to the standard. 


 1. More consistent wording with ISO 17021-2

Part 2 of ISO/IEC 17021 focuses on competence requirements for auditing and certification of environmental management systems. The revised ISO/IEC 17021-3 standard will use consistent wording in line with ISO 17021-2 environmental audit. 

More information about ISO/IES 17021-2 here.


2. Reduces duplication 

It was noted that there were several examples of duplication in ISO 17021-1 and ISO 17021-3. In the revised ISO 17021-3, there has been an attempt to condense the requirements so that they are not reiterated. 


3. Incorporates new knowledge requirements arising from introduction of ISO 9001:2015 

The new version of ISO 17021-3 incorporates new knowledge requirements arising from the introduction of ISO 9001:2015, including those driven by Annex SL. For more information about these new requirements, download the Next Generation Auditing Whitepaper. 



4. Specific knowledge requirements for each auditor

Previously in the standard, the specific knowledge requirements were for the audit team overall. The revised standard now states that there are specific knowledge requirements for each individual auditor.

Manage individual auditor competency requirements in EQMS Training Records Manager.



5. Focus on additional knowledge required to audit Quality Management Systems

In the revised standard, there is a focus on the additional knowledge required to audit a quality management system, rather than the competence required to audit the quality management systems. This is because skills are picked up in ISO 17021-1.



For more updates to standards, subcribe to our GRC Newsletter. 


ISO 13485:2016: How to Optimise your Medical Device Quality Management System

Posted by Emily Hill on Thu, Dec 15, 2016

6 tips to optimise your medical device quality management system

During Quality Context's Annual Training Conference, Victoria Cavendish, medical device quality consultant at Orca Solutions shared six tips for optimising your medical device quality management system to meet the new requirements of ISO 13485:2016.  victoria cavendish.jpg

We've shared the tips below so you can get started today. 


1. Integrated process management

process approach advisera.png


"One of the common issues I come across is that processes are managed by each department. This causes a number of issues, such as a lack of communication between departments when a change is made, feedback is not always provided where it needs to be and it is very difficult to identify and measure risk," says Cavendish. 

EQMS helps to overcome this issue. The powerful quality management software is ideal for medical device manufacturers, where there are often complex, multi-faceted processes which require the expertise of employees from across different departments or need to be communicated to stakeholders across the organisation. 

Whether there is an issue or an opportunity, this can be logged in EQMS, then a pre-configured workflow is kicked off and notifications are then sent to relevant personnel. EQMS assigns responsbility for tasks, so employees know what they are accountable for. Furthermore, a full audit trail can be viewed at any stage to demonstrate compliance. 

Read more on Process Approach


2. Consider automation where possible


"Printing, sending emails, and manually compiling reports is not only tedious, it is prone to error," Cavendish says. "Reducing reliance on paper-based or hybrid solutions is key for an effective medical device quality management system. This reduces compliance burden, improves information integrity and accountability." 

EQMS helps to automate time-heavy, manual processes, such as:

  • sending out email and push notifications any action needs to be completed e.g. document reviewing, issue needs resolving, new supplier added, risk needs managing etc.
  • rather than spending hours searching for the person responsible, pre-configured groups / individuals are assigned responsibility to resolve issues. 
  • instantly produce KPI Dashboards with all of your ISO 13485 metrics.

Automating processes with EQMS 


3. Analyse the data resulting from quality processes

ISO 13485 follows a plan-do-check-act approach, for example, the standard requires organisations to:

  • plan how to evaluate the quality management system,
  • establish procedures to evaluate it, and
  • use analytical results to improve your quality management system. 


"Many organisations are really good at documenting processes. But you need to also review the process itself. Are your processes effective? Are they delivering the intended results?" Cavendish shares. "Are the key performance indicators correct? Do key performance indicators translate into business effectiveness?"

Collaboration is key here, and having a system such as EQMS where you can plan and continually review processes is essential for an effective medical device quality management system. 

KPI Reporting 


4. Scalable: 

"Your quality management system must be available to all of your employees, anywhere, at any time," said Cavendish. "This means ensuring your quality management system is scalable. How can you ensure employees can access your medical device management system anywhere, at any time, on any device, whilst all the information is controlled?" 


EQMS is an enterprise-wide quality management solution. Although EQMS has lots of advanced functionality, many of our customers love the system because of it's user-friendly interface and scalable pricing module. Read more reviews and about EQMS pricing here. 


Scalable quality management systems


5. Ongoing training


Having established processes to manage competence is a key requirement of ISO 13485:2016. However, Cavendish stated that too many organisations still manage training ad-hoc, rather than an ongoing process. 

"For an effective management system, employee training is key. You need to be systematically planning training, reviewing the training and testing employees on their knowledge," Cavendish adds. 


EQMS Training Records Manager enables you to log training requirements, provide feedback and associate any standards and regulations with each training requirement. 

Time to get rid of the spreadsheets? Read about EQMS Training Record Manager 


6. Internal audits: 

Cavendish also recommended carrying out regular internal audits to ensure that processes are being followed as planned. She says:

"You just can not trust your employees and suppliers are doing what they say they are doing. You need to go down and check for yourself. The only way to do this is through regular auditing." 

Auditing software solutions such as EQMS Audit and Inspection Manager and iEQMS Auditor provide a configurable, off-the-shelf solution for managing the end-to-end audit process. You can create, schedule and report on any type of audit and associate any relevant standards, directives and regulations with each checklist. 

How to drive supplier quality assurance through regular auditing


EQMS Auditing 


Read more about ISO 13485 

Tags: ISO 13485

Brexit Boom: Quality Professionals Across the World Take Advantage of Falling British Sterling

Posted by Emily Hill on Mon, Nov 28, 2016

Qualsys Ltd reports a record breaking quarter as falling UK exchange rates sees international demand soar, following Britain's vote to leave the European Union. 


Pound against the Euro.png

Enterprise quality management software (EQMS) provider, Qualsys Ltd, already had a portfolio of clients based in Europe, America and Australia, but since the June 23rd referendum the company has reported a dramatic rise in the number of international businesses investing in the solution, believed to be due to a falling exchange rate. 

Michael Ord, New Business Director at Qualsys Ltd, comments: 'Since the decision to leave the European Union, we've noticed a 30% year-on-year increase in the number of new business enquiries from overseas as quality professionals are finding that the software is now around 20-25% cheaper than the same period the previous year.

A falling exchange rate has also given many of our international customers a golden opportunity to extend their contracts with us. Clients who have used our EQMS Document Manager module for years, now want the full-suite of EQMS modules. Many of our long-term customers are now using EQMS for everything from managing risk and suppliers to auditing and training records.


Great time to invest in Enterprise Quality Management Systems

Qualsys Ltd also reports a leap in enquiries from businesses in the United Kingdom.

'Leaving the European Union is an unavoidable risk for many organisations. There is a lot of uncertainty about what 'Brexit' means, but what we do know is that there will be a number of changes to regulations and legislation. Managing this change without appropriate systems in place is an expensive process and can leave the organisation exposed to risk,' adds Ord, 'Business leaders want future-proof systems such as EQMS because it helps reduce compliance burden, improves accountability and ensures the right message is communicated to the right person at the right time.' 

For more information about EQMS, please download datasheets or read how EQMS helps manage multiple management systems and international standards.


Instant Quote

ISO 13485 Overview

Posted by Emily Hill on Fri, Nov 25, 2016

The UK has one of the largest medical device markets in the world, and it is forecast to grow by a culumative 16% by 2020.* Demand for medical devices is largely driven by innovation and an aging population. For organisations wishing to enter the market, one of the main challenges is navigating a complex regulatory landscape.

ISO 13485 is the world's most popular medical device quality management system which harmonises many international regulatory requirements to ensure products and services are fit for purpose. 

The below article gives those who are new to the Standard and medical device industry an overview of ISO 13485 which can be read in under 5 minutes. 




What is a medical device?

A medical device is anything related to healthcare that does not have a pharmaceutical action (i.e. it is not absorbed into the body or based on pharmacology / chemistry) as it's primary mechanism. Medical devices range from simple tongue depressors and bedpans to complex pragrammable pacemakes with microchip technology and laser surgical devices. 

The FDA defines a medical device as:

 "an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including a component part, or accessory which is:

  • recognized in the official National Formulary, or the United States Pharmacopoeia, or any supplement to them,
  • intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man or other animals, or
  • intended to affect the structure or any function of the body of man or other animals, and which does not achieve its primary intended purposes through chemical action within or on the body of man or other animals and which is not dependent upon being metabolized for the achievement of any of its primary intended purposes."


  • Delivery of medicines: syringes, tubing, inhaler
  • Patient monitoring: software
  • Repairing or replacing: stends, joint replacements
  • Diagnostic equipment: ECG, x-ray
  • Equipment with power sources: hearing aid, pacemakers


medical device manufacturerDySIS Medical: Innovative Medical Device Manufacturer 


Who needs ISO 13485? 

A quality management system is a set of policies, processes and procedures that help an organisation to meet the requirements of their stakeholders, based on the plan-do-check-act cycle.

In some countries, like Canada and in the European Union, it is a legal requirement to have the a quality management system if you: 

  • Design or manufacture medical devices. 
  • Supply raw materials or provide services related to medical devices, e.g. sterilization, installation, labeling, technical publication. 

ISO 13485, although not a legal requirement, demonstrates an effective quality management system. 

In contrast, however, to ISO / TS 16949, an organisation does not need to be actively manufacturing medical devices or their components to seek certification to this standard. This means it can be a strategic decision to get the standard if a company has the capability of manufacturing components for medical devices or providing services to medical devices companies. 



york instruments brain scanning medical device.png

York Instruments: Evolving brain scanning technology using EQMS 



Why get ISO 13485?

ISO 13485 is a voluntary standard, but it satisfies most European Union quality management system requirements and demonstrates compliance to medical device directives. As well as harmonising regulatory requirements, there are many other benefits of being certified to ISO 13485, here are 8 of them: 

  1. Increase customer confidence - ISO 13485 demonstrates an organisation's commitment to quality. 

  2. Meet customer expectations - ISO 13485 requires organisations to assess their ability to consistently provide medical device products and services that meet customer requriements and comply with all relevant regulatory requirements. 
  3. Promotes better communication - ISO 13485 sets out the requirements for establishing communications processes and encourages communication about the effectiveness of the quality management system.  

  4. Increase efficiency - ISO 13485 requires organisations to demonstrate robust processes which means they can benefit from reduced wastage and a better ability to monitor their supply chain.   
  5. Improves supplier relationships - ISO 13485 requires organisations to establish supplier evaluation, selection and monitoring processes.  

  6. Increases speed to market - The primary objective of ISO 13485 is to facilitate harmonised medical device regulatory requirements for a quality management system. ISO 13485 is recognised globally which means companies who are certified get access more markets worldwide

  7. Demonstrate that you provide safer medical devices - ISO 13485 follows the process approach, whcih treats the quality management system as a set of interrelated processes. Any changes need to be controlled and documented. 
  8. Enhances brand equity - Increased credibility ultimately leads to increased brand equity. This also means there are enhanced marketing and promotional opportunities. 





Inivata, medical device manufacturer who uses EQMS 


Want more information about ISO 13485:2016? Sign up for the Newsletter here.

EQMS newsletter




Tags: ISO 13485

ISO 9001:2015: 5 Challenges for Internal Auditors - Friday Feature

Posted by Emily Hill on Fri, Nov 18, 2016

Back in July 2014, prior to the release of ISO 9001:2015, Richard Green, former head of IRCA Technical Services, stated he believed that the changes to ISO 9001:2015 meant there would be a transition in the auditor's role from 'auditor' to 'assessor'. Green highlighted that auditors will increasingly need to deal with 'shades of grey; and 'new evidence sources will need to be examined.' Read more on this: ISO 9001:2015 Next Generation Auditing Whitepaper

Two years down the road, ISO 9001:2015 has been released and many organisations have transitioned to ISO 9001:2015. But how have auditors coped with the new changes? Have the changes been logical? And what are the challenges internal auditors are now facing? 

We asked Richard Green to share 5 of the main challenges internal auditors now must face. We've cut up the interview so you can watch all 5 videos in under 10 minutes. 

Changing role of the auditor: 

#1 A Box-Ticking Exercise

Moving from procedure based auditing to process based auditing requires a more informed and analytical process. Colin Partington, a Quality Management Consultant and ISO 9001 expert said in 'Next Generation Auditing' this will drive a cultural shift from procedure auditing where 'findings are discovered, corrective actions and made, and ultimately, boxes are ticked, to a more analytical approach which focuses on process auditing.'

So, is there still a perception that ISO 9001 is a box-ticking exercise? Richard Green shares his thoughts: 



Hi! We're Wistia. We provide business video hosting to attract, engage, and delight


Thanks for reporting a problem. We'll attach technical data about this session to help us figure out the issue. Which of these best describes the problem?

Any other details or context?


To summarise: 

  • ISO 9001 makes top management responsible and accountable for carrying out a certain number of activities themselves.
  • Clause 5.1.1. gives you a list of top management activities that they need to be involved with. Some of those they can delegate, but there are some of them that they can not delegate.
  • This is all designed to bring people at the highest levels into the quality management system. No longer can it centre around the quality management representative.
  • Leadership must promote a process approach and they need to understand how all processes fit together.
  • There are also requirements around risk.
  • Leadership now need to make decisions around whether the system is effective. And if the system is not being effective, they must act to make sure that the quality management system is effective.
  • It has come as quite a shock for some organisations but the changes are logical.
"In those organisations which were properly embracing quality,I think you find that the leaders were already meeting the new ISO 9001:2015 standard, because it was previously implied that they should be doing it. It was not explicit, but it was very much implied."



#2 Moving from Procedure to Process Based Auditing

Clause 4.4 and 6.6 in ISO 9001:2015 states that auditors need to look at the processes of the organisation and check that the organisation is monitoring, measuring and evaluating them to determine how effective they are in helping the organisation to achieve the desired outcomes. This requires process based auditing.

In 'Next Generation Auditing', Colin Partington, Quality Management Consultant and ISO 9001 expert says: 

“Process based auditing is more about following through a trail by taking a job from start to finish and reporting what is seen as it passes through the various departments. By taking this approach, a number of clauses can be covered in one audit.”

So how are auditors coping with the new challenges? Richard Green explains in this video: 



Hi! We're Wistia. We provide business video hosting to attract, engage, and delight


Thanks for reporting a problem. We'll attach technical data about this session to help us figure out the issue. Which of these best describes the problem?

Any other details or context?


To summarise:

  • Things are now less clear cut than they used to be.
  • Context is amorphous - your perception of context is different from the auditor’s interpretation.
  • There needs to be a discussion between the auditor and the commonality of view. I think the challenge for auditors, especially checklist auditors, is that now there is quite a lot of things which are grey.
  • It used to be black and white, but this has disappeared. That is where the assessor comes in.
  • There now needs to be judgment calls based on objective evidence that they see." 


#3 Leadership Buy-in

ISO 9001:2015 requires senior management to take accountability for the effectiveness of the quality management system. As stipulated in ISO 9001:2015 5.1.1 Leadership and Commitment for the Quality Management System, 'Top management shall demonstrate leadership and commitment with respect to the quality management system.'

This means that top management must ensure the quality management system is effective and that it delivers real business improvement.

But are auditors getting the buy-in they need from top management? And are top management listening to their internal auditors as much as they should be?

Richard Green explains in this video: 


Hi! We're Wistia. We provide business video hosting to attract, engage, and delight


Thanks for reporting a problem. We'll attach technical data about this session to help us figure out the issue. Which of these best describes the problem?

Any other details or context?


To summarise: 

  • Internal auditors are the most valuable auditors out there.
  • It is not your external auditor who perhaps comes in once or twice a year who has a look at your business. Internal auditors understand the business, the standard processes, they know where the weaknesses are.
  • Too often you see internal auditing is a secondary part of the role.
  • The organisation and top management need to recognise the real worth that lies in their internal auditors and they need to nurture, develop and make use of their insight.  
  • These are the people who are completely familiar with the business management system and can significantly impact the bottom line, if you listen to what they are saying.
  • It is a continuous feedback loop." 


#4 Challenging top management 

In 'Next Generation Auditing', Richard Green said:

"Going forward, assessors are going to need to be able to speak the language of the Boardroom. They will need to engage with top management regarding strategy and context, not minor operational matters. They will need to feel comfortable challenging individuals at this level." 

But are auditors comfortable challenging top management? What about when they have to deliver bad news? Richard Green shares his thoughts:



Hi! We're Wistia. We provide business video hosting to attract, engage, and delight


Thanks for reporting a problem. We'll attach technical data about this session to help us figure out the issue. Which of these best describes the problem?

Any other details or context?


To summarise: 

  • Auditors have always had to deliver bad news.
  • It is more challenging when bad news is not directed at quality managers and it is being directed to those at the helm of the business.
  • Of course, culturally, in certain parts of the world, the very notion of challenging what top management do is completely alien.
  • It's going be difficult and take a while for auditors to find their feet.
  • In terms of how we go about doing that, for instance in the whole issue around reporting. The skills that we see set out in ISO 9011, in terms of the approach of auditing, diplomacy and tact are all coming into the forefront now. 


#5 Training to meet new requirements 

Colin Partington, Quality Management Consultant, said in 'Next Generation Auditing'

"Many auditors come to me overwhelmed with increasing commercial pressures and time constraints. Such issues can result in constrained or irrelevant information being delivered to senior management.

To rectify this, as stated in ISO 9001:2015 4.1, Understanding the Organisation and its Context, the auditor must understand what the organisation does and what influences there are upon the organisation. How the auditor will establish these factors needs to be considered, almost certainly needing the top management to be interviewed to discover these." 

This requires a whole new skill set. So are auditors getting the training they require to meet the new requirements? Richard Green shares his thoughts: 



Hi! We're Wistia. We provide business video hosting to attract, engage, and delight


Thanks for reporting a problem. We'll attach technical data about this session to help us figure out the issue. Which of these best describes the problem?

Any other details or context?




To summarise: 

  • When we saw the new version of ISO 9001:2015, the requirements were significantly different for auditors in terms of their skills set.  
  • CQI's transition courses now actually lasts two days.
  • 85% of this course focuses on skills and behaviours. 
  • Auditors need to be able to interpret all the diverse evidence sources, which are going to require upskills and its raising the bar. 


Want more information about ISO 9001:2015? Download the toolkit. 

ISO 9001:2015 Toolkit

Tags: ISO 9001:2015, Quality Culture

Why You Should Migrate Your Documents from Lotus Notes to EQMS - 3 Reasons

Posted by Emily Hill on Thu, Nov 17, 2016

It used to be commonplace for IT teams to own the document management system. They would use a system like Lotus Notes by IBM, and then manage all configurations either internally or contract the work to external parties. 

But before long, the cracks started to show, and many quality professionals have recognised a growing gap between the functionality of their system and the requirements of their organisation. 

Accolade Wines, Honeywell and Yazaki are but a few organisations who have recognised the benefits of migrating their documentation from Lotus Notes to EQMS Document Manager, a highly configurable, off-the-shelf solution which enables you to track, search, retrieve, route, review, approve and annotate documents and technical drawings. 

Why are so many organisations migrating their documentation to EQMS? We've put together 3 of the main reasons below. 

 alternative to lotus notes for documentation



1. We are compliance experts

A large majority of IT professionals do not have a background in compliance. This means that when your IT team configures a system like Lotus Notes, there is often a gap between the functionality of the system and your organisation's real compliance requirements. And unfortunately, it is often too-little too-late when an issue with the system is detected.

With EQMS, advanced compliance is built-in to the system: 

  • Document Audit trail: Full version control - retain each superseded document and also find out who, when and what was changed in a document. 
  • Flexible Workflow: Drive review and approval processes with system messaging which integrates with your email system.
  • Works with Everything: Flexible API and web services integrate EQMS with your ERP, HR and or Financial Systems. 
You will also be assigned an experienced Service Implementation Manager who will configure your EQMS to meet your regulatory requirements. 


2. We will help you Spring Clean

EQMS Document Manager

Does the thought of migrating your online and offline documentation give you a headache? You are not alone. Many organisations have hundreds and even thousands of important documents in their Lotus Notes system which are duplicated, out-dated or siloed. Unfortunately, ignoring the issue will not make it go away. 

Now imagine this - the lifecycle of every critical document is managed systematically. Even better, it has all been done for you by an expert. 

Over the past 20+ years, our services team have migrated thousands of documents from Lotus Notes, SharePoint and desktops to EQMS Document Manager. They get under the skin of your processes and will support you as little or as much as you need to ensure your document management system is future-proof.  

Following a best-practice approach, the services team at Qualsys will: 

  • Audit your Documentation Requirements: They will help you to prepare a document audit plan, conduct feasibility and scoping exercises and review your processes. 
  • Configure the System: The services team will help you to ensure the terminology in your document management system suits your organisation's requirements. 
  • Migrate all documentation: By extracting documentation from your legacy systems and uploading them to your EQMS, your system will be ready for you and your organisation. 

For more information about our document migration processes, download EQMS Document Manager Datasheet here. 


3. We are always investing


Businesses have an increasing number of requirements from their document management system. However, many IT teams do not have the resources to keep the system up to date. 

EQMS is continually being enhanced. New features, resources and training guides are being produced to ensure our customers maximise their use of the system. 

Customers can even request changes to EQMS in a number of ways, including: 

  • Account Managers: Every customer has a dedicated Account Manager who is available to help you maximise your use of EQMS. They will put forward your change requests and build it into the EQMS roadmap. 
  • Events: Qualsys hosts regular Development Forums and User Groups which gives you the opportunity to hear from other EQMS customers, the development team and the Directors at Qualsys. 
  • Annual Health Check: Every customer also has an Annual Health Check, which is where we audit your use of EQMS and help you to find more ways to optimise your document management system. 

See the latest developments in our Software


Ready to see how EQMS Document Manager can work for you? 

If you are one of the many quality professionals who has found that Lotus Notes is no longer working to control your documentation, EQMS Document Manager could be the perfect solution. 

To learn more, talk to one of our technical experts here. 

See EQMS in action - free software trial

Tags: Document Control Procedures