Alex Pavlovic

Recent Posts

What you need to know about ISO 45001

Posted by Alex Pavlovic on Thu, Mar 15, 2018

ISO 45001, the world's first international occupational health and safety quality standard, was published on 12 March, replacing the previous OHSAS 18001 benchmark.

As with any new standard, it's vital for quality professionals to understand the requirements of ISO 45001, what the standard means, and how it will affect their business.

Here's what you need to know.

Image result for health and safety


1. You've got three years

Already compliant with OHSAS 18001? You have until 12 March 2021 to make the switch to ISO 45001. The good news is that you'll recognise most of the requirements of the new standard have been carried over from OHSAS 18001. But of course, in line with the requirements prescribed by other ISO standards, ISO 45001 contains several new areas of focus. You will need to be familiar with these as well if you want to work towards compliance.

Image result for calendar countdown

2. It makes some key changes

ISO 45001 adds to the requirements of OHSAS 18001 in several areas. Some common themes from other recent ISO standards are apparent here, as follows:

  • Increased focus on risk management - Companies must consider, identify and take the necessary corrective and preventative action to address any risks posed to the health and safety of their workforce.
  • Increased emphasis on business context -  Linked to the focus on risk is the emphasis on context-specific business risks seen in ISO 31000. Businesses need to consider the unique ways that the health and safety of their workers might be compromised - and act accordingly.

  • Increased commitment from senior management - Top management must actively engage in the health and safety management system of their business, and contribute to it. In many ways, this change has been a long time in motion- the number of directors jailed for H&S negligence tripled in 2016 alone - but ISO 45001 formalises and codifies the managerial responsibility for health and safety in a way that OHSAS 18001 did not.
  • Increased focus on objectives and KPIs - Businesses should set, monitor and evaluate health and safety performance objectives as drivers of continuous improvement in the workplace.

 iso 45001 health and safety workplace


3. It's compatible

ISO 45001 is designed for close integration with other ISO standards. So if you're already working to one or more other ISO benchmarks, you have a firm advantage for getting 45001-compliant as well.

It also means you can more easily build a holistic, ISO-compliant environmental, health and safety management system. The incorporation of Annex SL gives ISO 45001 the same top-line framework as other ISO standards, placing the same emphasis on leadership, planning, continuous improvement, and other key areas. Take the necessary steps prescribed by Annex SL, and your business is much closer to a resilient 'culture of quality'.


Image result for annex sl


What to do next

1. Read a breakdown of the key ISO 45001 clauses here

2. Making the change to the new standard? Download our free ISO 45001 transition toolkit.

3. Looking to build risk-based thinking into your EHS system? Join our risk workshop on 22 March. 

4. Qualsys's software modules are designed to simplify, streamline and automate your health and safety management procedures with powerful and user-friendly functionality. Read more here.


Read about ISO 45001 management software


The 3 ways every business should be managing risk

Posted by Alex Pavlovic on Tue, Mar 06, 2018

Risk lurks in every nook and cranny of a business - and there is increasing pressure from standards like ISO 9000 and 31000 for senior management teams to address it. 

Yet a 2017 Qualsys survey revealed that 67% of quality professionals believe that their leadership team is completely disengaged with governance, risk and compliance management. Worse still, most businesses aren’t currently using any formal risk assessment process.

Nothing grabs the headlines like a good business disaster - think of Volkswagen's $30 billion emissions scandal, Uber's hacker breach or KFC's chicken shortage.

So how can businesses embed the risk-based thinking they need into their daily operation? 

Risk management workshop - sign up today

1. Get everyone in the business to own risk

Identifying risk, of course, comes first, and it’s not something you can just know. Risk exists in every area, site and department of a company, from finance and production to information security and suppliers. Examples include:

  • Mergers and acquisitions
  • Liquidity
  • Reputational damage
  • Counter party risk
  • Market competition

As such, no one person can pinpoint risk on their own. Different areas of a business operate differently and can be stronger or weaker in their management of risk.

Nor should a risk assessment be a one-off: “our office is in a flood risk area, so if there is heavy rain it might flood, forcing us to shut down.” As business processes change, new risks are constantly being introduced - so looking at risk should be a routine.

Onboarding a new supplier? Introducing a new IT system? Updating a financial policy? They all bring risk, and every employee connected to those areas should consider how. Risk assessment should be a constant, flexible process encompassing everyone in your business.

Human error can strike anywhere, even in the largest and most complex of enterprises. In 1999, NASA's $125m Mars Orbiter probe entered the orbit of Mars 100 kilometres too close to its surface and was destroyed - because its attitude control system used imperial measurements, while its navigation software used metric. A costly, so-called 'schoolkid blunder' might have been averted had more eyes been on the case.

Implementing a robust system collating input from everybody is a valuable way of strengthening your risk assessment and gathering a comprehensive picture of the full gamut of risk - what mistakes might be made, what uncertainties can impact your objectives, and how to manage and minimise them. Just because a particular risk hasn’t happened yet, it doesn’t mean it won’t.


risk map.png

2. Implement an integrated risk management system

So you’ve asked your staff to consider and identify risk areas. But how do you quantify each risk and assess how to respond to them? You’ve probably seen a risk assessment matrix like this before, where risks are assessed by severity and likelihood:

 risk matrix assessment


The standard matrix is an effective, if simplistic, tool for risk assessment. Knowing what to do with risk information is another thing entirely; new standards and regulations are demanding increasingly sophisticated, specific and comprehensive risk programs, while giving businesses flexibility to determine their own processes.

The 2015 iteration of ISO 9001 prescribes 'risk-based thinking', with preventative actions and input from senior management, while the ICO mandates a privacy-risk-specific Privacy Impact Assessment (PIA) to comply with the EU’s upcoming GDPR regulation.

 Because of this, understanding how to assess and manage specific risks in compliance with various frameworks and the context of your organisation takes time and consideration.

Some businesses are more risk-averse than others and have a lower ‘risk appetite’. Some appreciate resources like gap analysis templates and risk management software as effective tools for risk management. Others employ methods like the Delphi technique or SWOT.

Take the opportunity to do your research and consider what external support you can draw on.

Whatever process you map out for risk control, some key elements include:

  • Auditing auditing auditing. 'Taking the temperature' of your business at frequent intervals with internal audits allows you to see how risks are being addressed and managed.
  • Fine-tuning responses. Don’t wait for a risk to mature - ensure CAPA processes are already in place. When something does go wrong, your team can respond quickly and intuitively.
  • Delegating responsibility and making sure skill gaps are plugged. Your staff should know what is expected of them, and how. An airtight workforce will have a lower incident rate and faster risk remediation time
  • Looking for standard commonalities. New ISO standards share the Annex SL high level structure, giving them similar risk management themes and values. Targeting these core areas avoids duplication of efforts and allows risk management to be rapidly implemented. One Qualsys customer, Aberdein Considine, used this approach to achieve four ISO standards in less than a year.

 Image result for  risk

3. Measure risk opportunities


Lastly, you should avoid seeing risk as a purely negative phenomenon. As well as asking, “what could go wrong?”, ask, “what uncertainties might present opportunities?” Risks and opportunities are really two halves of the same coin: uncertainty.


  • A project might be budgeted for - and come in above or below target.
  • An inbound marketing campaign might aim to increase website traffic - and bring in absolutely nobody, or so many people that your website crashes.
  • A new product might flop, or completely swamp production with high demand.

The common thread is the uncertain; the difference is that positive risk presents opportunity, while negative risk demands redressing. By planning for positive risk as well - what to do with those unspent funds, how to tweak your website to cope with more visitors, what production contingency plans you can put in place to cope with demand - you are not only encouraging optimism as well as caution, you are prepared for any eventuality. And your business will be stronger, healthier and more prepared because of it.


iso 9001 risk based thinking

What to do next

Unsure how to start tackling risk?

Our free ISO 31000 toolkit contains a range of resources to help you get to grips with the risk management standard.

Qualsys are also hosting a full-day interactive risk management workshop at our Sheffield office on 22 March. Delegates will learn how to:

  • Drive and embed risk-based thinking across their business
  • Apply risk standards like ISO 31000 to their processes and practices
  • Build a robust risk management system around core risk principles using tried and tested tools and templates 
  • Engage team members to identify and manage risk

Find out more here


Money for nothing: the cost of poor quality

Posted by Alex Pavlovic on Tue, Feb 27, 2018

KFC's running supply chain débâcle is costing them £4.2m every week by one estimate.

A recent Deloitte quality report identified manufacturers spending up to $100,000 (£71,510) and 116 workdays per site per year to comply with overly complex, outdated and redundant quality management systems (QMS).

And after 25 May, fines of up to €20m (£17.64m) await businesses without GDPR-compliant information security processes in place. 

The cost of poor quality is getting increasingly eyewatering- and more and more businesses are investing in preventative measures to save themselves from serious financial jeopardy down the road. 

kfc crisis supply chain poor quality costColonel Sanders's supplier management processes leave something to be desired

The importance of being standardised


Deloitte's 'Quality 2020' survey revealed three key commonalities among respondents in the manufacturing sector:

  1. Standardisation was identified as the key goal for quality management, impacting on other quality areas such as operational efficiency and the cost of poor quality. 96% believed a moderate to extreme improvement in quality would arise from standardising quality management.
  2. The main problems contributing to the rising cost of poor quality were identified as: the rising complexity of standard requirements, having to maintain multiple quality systems for multiple standards, and the growing gap between certification and actual quality performance
  3. The overwhelming majority believed that 'significant effort' would be needed to effect the necessary changes 

In short: businesses are losing vast amounts of money to unstandardised, overly complex quality management processes, while quality standards themselves become more complex and numerous. This expenditure can be crippling and, even worse, is completely avoidable.

In the case of KFC, some businesses are neglecting to follow robust quality processes. KFC switched their supplier from Bidvest to DHL without the correct vetting, leaving themselves stranded with a logistical chain unable to cope with demand.

It's no surprise then that David Cau, Director of Business Risk at Deloitte, concluded that:

The GRC market seems to be thriving, as more companies realise that they pretty much have to invest in this area.


investment return grc software

More and more businesses are willing to 'spend £1 to save £2' with a GRC solution


Why GRC?


Survey respondents estimated an expenditure reduction from 116 workdays and $100,000 per site needed to comply with quality standards each year to 67 workdays and $51,000 per site if their quality management systems were standardised, simplified and centralised.

And the cost of poor quality (COPQ) from events like closures, complaints and non-conformances naturally falls as fewer of these events occur.

The financial advantages of achieving these goals by onboarding governance, risk and compliance software has contributed to an explosive growth of the sector, with between 15% and 20% annual growth predicted between 2018 and 2020. 

Does it really take the 'significant effort' predicted by the survey respondents to implement a GRC solution?

That depends.

Implementation, cultural fit, bespoke business requirements and internal engagement are all problems which need to be considered by any company looking for a GRC software solution.


If the basic requirements aren't met, nothing will be.

Close research is needed for any procurement project; many businesses seeking GRC software vendors use 'quadrant' analyses provided by Forrester or Gartner. But many vendors are left out by this approach - as David Cau recognises.


These quadrants lead companies to limit their GRC tool selection process only to the vendors mentioned in the quadrants, or even only consider players from the leader’s quadrant and initiate their choice only from an IT standpoint, rather than also considering the business needs.


There's really no way around it: if your business wants to save money with a leaner, more efficient quality backbone, careful GRC software research is the way forward. Find the vendor for you, and the effort will undoubtedly reap rewards.

What to do next


We've put together a GRC software vendor scorecard to help you evaluate prospects - access it here.

Putting together a business case for a GRC software investment has never been easier, thanks to the obvious financial advantages. Kickstart the process with our business engagement toolkit.


Governance risk and compliance management software



Tags: Operational Excellence

The top 5 GRC certifications for the quality professional

Posted by Alex Pavlovic on Tue, Feb 13, 2018

Of course good governance, risk and compliance isn't just about getting certificates on the wall. But they don't hurt either!

GRC certifications showcase commitment to quality, demonstrate professional expertise and work wonders for the paycheck - the 2017 Global Knowledge Salary Report identifies governance as the most lucrative professional certification, bringing an average global salary of $92,766 (£66,911) for accredited individuals.

We've identified the top 5 GRC certifications that the modern quality professional should aim for. 

1. GRCP (Governance, Risk and Compliance Professional) 

Offered by non-profit think tank OCEG, the GRCP certification acts as a baseline for other GRC qualifications with its broad focus. It demonstrates:

  • Knowledge of the operation of the core GRC disciplines, from auditing to risk 
  • Understanding of the GRC capability model and its four elements: learning, alignment, performance and review
  • Competence in advising on key GRC controls and functions, and integrating GRC processes into a holistic strategy

Image result for grc certification


Participants prepare for the exam with OCEG's 'GRC Fundamentals' video course or a two-day training program. Best of all, the exam's free for OCEG All Access Pass members.


2. CGEIT (Certified in the Governance of Enterprise IT)

With its tighter focus, CGEIT is designed for professionals specifically managing IT governance for their business. A CGEIT certification demonstrates:

  • The necessary expertise to manage and advance an enterprise's IT governance 
  • Understanding of how to optimise enterprise IT system frameworks to boost efficiency and effectiveness
  • Competence in IT risk management to support information security processes

Image result for cgeit

The CGEIT certification is provided by global information systems association ISACA.


3. PMI-RMP (Project Management Institute - Risk Management Professional)

The Project Management Institute offers a risk management accreditation to IT professionals, which builds on the risk-centric elements of CGEIT with a project-based focus. PMI-RMP certification requires:

  • Confident knowledge in risk strategy, planning and processes
  • Competence in monitoring and reporting IT risk and engaging stakeholders
  • Understanding of IT risk analysis for projects and how to build effective mitigation plans

Image result for pmi-rmp

For any quality professional wanting to learn how to insulate their business's information technology systems from risk in large-scale, complex projects, look no further.


4. CGRC (Certified in Governance, Risk and Compliance)

The GRC Group and its two institutions, the SOX and GRC institutes, offers members with a minimum of three years' professional experience the opportunity to achieve its CGRC certification.

CGRC involves:

  • Understanding how the various roles and tiers of a business can contribute to robust and effective GRC
  • Gaining knowledge of the key GRC regulatory requirements and how to meet them
  • Understanding best practice in control frameworks, how to improve internal operation with focused investment, and how to track GRC process performance

Image result for cgrc grc group

GRC requires constant improvement and innovation. Understanding how to invest in a  business's GRC system is a crucial skill provided by CGRC certification. 


5. CRMA (Certified in Risk Management Assurance)

As its name suggests, the Institute of Internal Auditors focuses on quality professionals involved in the auditing process, providing educational material, certification and networking opportunities to its members.

Its CRMA certification aims to give participants the tools they need to:

  • Unlock the full potential of internal auditing to drive continuous improvement
  • Evaluate how risk relates to core business processes - and how to mitigate it
  • Understand how to effectively manage and analyse risk

Related image


CRMA is achieved by passing a 100-question multiple-choice examination. 


Business-wide benefits

These five certifications are all valued indicators of governance, risk and compliance professional excellence. Whether it's building core knowledge of GRC, improving control of IT systems or understanding and insulating against risk, achieving a GRC certification benefits the recipient and their business by laying the groundwork for robust, resilient GRC processes.


What you should do now

Looking to build your GRC expertise? Browse the standards and compliance section of our website for detailed breakdown of the key GRC standards.

How do you compare with your peers in the quality industry? Read our 2017 Global Quality Trends Report to gain insight from industry experts and learn how the quality industry is changing.

Finally, our Knowledge Centre provides a range of materials to support GRC professionals: access gap analysis and risk register templates, download standard toolkits and browse Qualsys's training courses.

Access Knowledge Centre

5 things you should know about GDPR

Posted by Alex Pavlovic on Mon, Jan 29, 2018

GDPR: four letters that you'll hear more and more over the next few months. 

You probably know that the EU's General Data Protection Regulation constitutes a dramatic change to the way businesses must handle and process their data - and it comes into force on 25 May.

But beyond that, most people scratch their heads. Here are five things you should know.

eu gdpr security

1.  It's got three aims

At its core, GDPR is really quite simple. Its three aims are:

  • To unify and strengthen the protection of personal data for EU citizens
  • To give EU residents greater control of how their data is stored and used
  • To control how personal data is exported outside the EU

Everything about GDPR boils down to these three guiding principles. Understanding how your business can fulfill these aims is the first step to compliance.

Personal data can be anything from name and address to race, religion, social media posts or even genetic and biometric data. Making sure businesses use the personal data that they possess in the right way is the crux of GDPR.


2.  It's tougher than the rest

GDPR replaces older legislation like the EU's Data Protection Directive or the UK's Data Protection Act and goes beyond them in a few important ways:

  • Unlike a directive, it's directly binding - so if your business is based in the EU or deals with it, you will have to comply from 25 May
  • It harmonises various sets of legislation into a single framework
  • It includes export of personal data beyond, as well as within, the EU

In short, there's no way of avoiding it and it has potentially worldwide reach. On the flip side, a single legislative framework simplifies compliance: nail GDPR, and your business has a compliant data management system that will build customer trust, strengthen reputation and image, and dodge financial penalties. Which brings us to the third point...


3.  It's got teeth

GDPR packs a serious financial punch for businesses found to be in non-compliance after 25 May. Fines of up to €20m (£17.56m) or 4% of annual turnover, whichever is greater, can be slapped on companies not managing personal data properly. Personal data must be:

  • Processed transparently and lawfully
  • Collected for legitimate purposes
  • Relevant, pertinent and necessary
  • Up-to-date and accurate
  • Stored only if necessary
  • Secure and confidential

If your business isn't complying with any of this - plan how to change it before May!

Some key steps to take include:

  • Creating detailed records of your data processing
  • Documenting your data policies and procedures
  • Training and informing staff about GDPR

We know how it is. You want to focus on the long term, but those short-term tasks stack up, get in the way and take up time. Trust us: setting aside some time for creating and actioning a plan now is the best approach to avoid nasty surprises further down the line.


4.  It will affect your business... even after Brexit

Every business with ties to the EU will be affected by GDPR. Yes, that includes British businesses after the Brexit date of 29 March 2019. 

The Queen's Speech in June 2017 highlighted the fact that GDPR, or something broadly identical to it, will remain in force once the UK leaves the European Union - so complying with GDPR is just as important for British businesses as those on the continent. 

gdpr brexit uk eu

5.  It affects everyone

The data protection officer (DPO) will be the main gatekeeper of GDPR, with tasks like monitoring compliance, cooperating with data protection authorities, and informing and auditing colleagues. But responsibility for data and information security compliance in a business falls on everyone. Let's take a look:

  • Marketing teams must get consent from those receiving marketing information
  • IT teams must guarantee electronic data security - and inform the supervisory authority within 72 hours if there's a breach
  • Customer account teams must make sure customer data is secure and relevant
  • HR must safeguard employee information
  • And so on!

Data touches all parts of a business. So getting questions answered, gathering information and putting together an action plan for GDPR compliance is absolutely vital.

Working Hard-1.jpg


What you should do now

GDPR will be the biggest overhaul of data protection regulation in twenty years - so get prepared.

Download our free GDPR toolkit for more information and guidance.




Tags: European Data Regulation, EU GDPR

GDPR workshop: 23 February 2018

Posted by Alex Pavlovic on Tue, Jan 23, 2018

Qualsys will be hosting a full-day GDPR workshop at our Sheffield office on 23 February 2018.

Do you know your ARs from your IPRs? Can you conduct a PIA? Do you know who the data controller in your business is? If, like hundreds of businesses in the UK, you need more information about preparing for GDPR, don't panic. A Qualsys survey in November 2017 found that 87% of businesses don't feel ready

The General Data Protection Regulation constitutes the largest overhaul of data protection regulation in twenty years - and comes into force on 25 May 2018.

From that date, businesses found to be in breach of the regulation will be susceptible to fines of up to €20m (£17.56m) or 4% of their annual turnover, whichever is greater.

It's not surprising that businesses are nervous and scrambling to prepare and adapt before the big day. There's confusion and uncertainty about what compliance means and what steps to take. 

Image result for gdpr

The Qualsys team will be offering expert support and guidance to businesses wanting to inform themselves about preparing for GDPR. Whether you're a Qualsys customer or not, our doors will be open on Friday 23 February for a full-day informative workshop in Sheffield.

Come join us and learn:

  • What GDPR means for your business
  • What to do before 25 May
  • How to conduct a PIA, manage risks, handle security breaches and prepare staff
  • How to manage assets, data types, customers and suppliers
  • Ten top tips from the Qualsys team

And much more. We will provide all delegates with a free information pack (and plenty of ideas!) to take away with them. To provide the most focused and valuable experience we can, places will be limited to ten delegates only on a first-come-first-served basis.

Get the knowledge you need to approach GDPR with confidence.

The workshop is priced as follows:

£399 (Qualsys customers)

£449 (non-customers)

GDPR workshop - Qualsys ltd (002).png

What you should do now

Sign up for the workshop here

Read how our software suite helps businesses prepare for GDPR here

Tags: Governance Risk and Compliance News, European Data Regulation, EU GDPR

User group round-up: December 2017

Posted by Alex Pavlovic on Tue, Jan 16, 2018

Last month, Qualsys hosted its largest ever user group.

Almost 50 attendees from 19 companies headed to the Victorian Sheffield mill that Qualsys calls home for a day of workshops, networking and discussion. 

User Group 3.jpg

Commercial Director Robert Oakley shared tips about weathering 'the perfect storm' arriving in 2018.

Quality Assurance Manager Kate Armitage offered insight into GDPR, while the Qualsys service team demonstrated how our GRC modules will help businesses comply with it.

Managing Director Mike Pound shared news about the Qualsys rebrand and the exciting changes coming in the new year.

The day was an opportunity for Qualsys's customers to meet other businesses facing the same GRC hurdles, share their experiences, learn about the new software features and developments on the horizon, and gain valuable GRC insight from across the Qualsys team.

It was useful to meet new users like ourselves as well as experienced users. The interaction in each workshop was beneficial, and the GDPR information will prove very useful.

- Gerry McArdle, SHE Manager at Fujichem Sonneborn


It's no secret that 2018 will be a pivotal year for the quality profession. We are just a year away from the great question mark of Brexit, and the biggest overhaul of data protection regulation in two decades comes into force in May. In this climate, Qualsys's customers are finding events like the user groups increasingly useful. 

Qualsys user group.png 

GDPR is one of the main challenges we'll be tackling in 2018. The breakout groups were great for adding focus and giving everyone a say. We're really looking forward to the new version of EQMS!

- Geoff Airey, Group Audit & Compliance Manager at Lowri Beck

A 2018 programme of new, topic-focused informative events, as well as more user groups, will be unveiled soon to support quality professionals on the journey to natural governance, risk and compliance. 

Keep an eye on the Qualsys website for details. 

What you should do now

Missed out on the user group? Access the brochure, slides and more here.

Access December 2017 User Group Slides, Presentation & More Here



Qualsys awarded Great User Experience Award by Finances Online

Posted by Alex Pavlovic on Thu, Jan 11, 2018

Qualsys are delighted to announce that our software has been awarded the Great User Experience 2017 Award by Finances Online. 

Here's what the award means - and how you can read a full review of our software. 



Finances Online is an online platform collecting reviews of B2B and SaaS products. The site enables software buyers to quickly compare thousands of different solutions. 

Prior to getting listed on their directory, Finances Online researches, verifies and applies social algorithms to generate a score for each vendor. 


Verified by Finances online.png


We use a behaviour-based customer satisfaction algorithm to gather customer reviews, comments and opinions across a wide range of social media sites to help buyers to make an informed buying decision. 


After the evaluation process, Finances Online awarded Qualsys the Great User Experience 2017 Award. 

Rob Needham, Technical Director at Qualsys is delighted the software's accessibility and user friendliness has been recognised. He said:  

We've been working really hard to make the software as user-friendly and intuitive as possible. Balancing lots of powerful functionality with a slick interface can be a real challenge. Throughout 2018, we have a jam-packed product roadmap which is going to further optimise our solution.  

 risk management software.png

Qualsys were also awarded the Rising Star 2017 Award. This is awarded to solutions which have rapidly expanded their popularity and customer uptake. Everyone at Qualsys would like to thank our new and existing customers for helping us achieve this accolade.



Read the review of Qualsys here 


Qualsys launch new brand and website

Posted by Alex Pavlovic on Wed, Dec 20, 2017

Qualsys are delighted to announce the launch of our new website and brand. 



Who better to tell the story of the brand than our very own Managing Director, Mike Pound?: 

"Qualsys was founded on 1st March 1995. Two people with a vision for integrated compliance systems were sat in a single room in Sheffield with a self-designed logo. To help us get started, a kind local printer offered to smarten up the logo for our very first marketing materials.

"By 2003, the launch of EQMS as the leading integrated compliance management system was witnessed by fourteen employees - across two rooms! This tied in with the rollout of our first professionally designed logo and branding.

"In 2009, it was time to change again. Ben Hollis, one of our in-house designers, led the development. By this time there were thirty employees spread across three even larger rooms - with a network of associates across the world.

"Now we have updated again. This new website is the result of a collaboration between our fifty staff, our associate network, and UPPB2B, our branding partner. Things get bigger and better and change – the new logo reflects our past, lives in the present, and looks forward to a future in which the fundamentals of the company remain and flourish.

"Simply put, we provide compliance systems to support organisations - these systems are designed to be internalised rather than imposed, organic and integrated rather than a burdensome superstructure. We now have a global presence and a fantastic set of clients. We have stopped counting the rooms. 

Many thanks to UPP and to the Qualsys team for their efforts. Early feedback on the rebrand from our clients has been incredibly positive. The vision of an integrated compliance system remains and must be constantly refreshed to reflect the increased scope of GRC and the increasing power of technology to facilitate integration. The local printer is wowed by the new image and has offered no improvements..."

View our new website here: 


Qualsys sponsor the International Quality Awards 2017

Posted by Alex Pavlovic on Wed, Nov 29, 2017

What links Portsmouth, an Indian dairy cooperative, a Canadian hydroelectric project and a hospital in Dubai?

The inaugural International Quality Awards, hosted by the CQI, which took place in London on November 22.

CQI Awards

Designed to, in the words of the CQI's Director of Policy Estelle Clark, 'plug the gap' in an awards calendar neglecting the quality industry, the Awards aimed to recognise the achievements of quality professionals across the globe with six categories. Qualsys were thrilled to sponsor the event!

"Every day, Qualsys sees quality professionals using innovative programs and strategies to drive quality. We need to share their successes. For us, that is what the International Quality Awards are all about." Mike Pound, Managing Director, Qualsys

Hosted within the Merchant Taylors' Hall, a stone's throw from the Bank of England, the Awards drew finalists from three continents. Quality engineers, audit managers and risk analysts from power, transport, manufacturing, healthcare and FMCG backgrounds (among others!) were invited to share and celebrate their achievements. The CQI's mission to introduce a platform showcasing the best of the quality industry - which Acting CEO Vince Desmond discussed with us in July - shone through.

"In celebrating our profession today, we are reminded that we have the potential to underpin confidence in our public, private and non-profit organisations. Let us not view today as an isolated celebration, but part of a broader campaign to promote the value of our profession to the wider world." Vince Desmond, Acting CEO, CQI
CQI Winners

Anyone working in quality will be aware of its historic positioning: often separated from the broader business, viewed as an overhead and an annoyance, called upon only to comply with a regulation or fix a problem, with quality professionals devoid of recognition and working in isolation. A recurring theme from the Awards was that this could not continue - and, with the increasing importance of quality and governance, risk and compliance (GRC), cannot continue.

The unique ability of quality professionals to create confidence, guarantee satisfaction and safety, avoid financial and environmental waste and deliver projects successfully was a key element targeted by the organisers.

The Quality Professional of the Year and Quality Professional in a New Project categories showcased several incredible individual achievements, while the Leadership and Quality Team of the Year awards highlighted the importance of teamwork and direction in driving a culture of quality. Meanwhile, the Emerging Talent Award focused on what Vince Desmond calls the 'new breed' of quality professionals - the passionate, well-rounded future leaders of the industry - and the CQI Honorary Award celebrated individual contributions to the quality industry itself.



Three top stories from the Awards

1. Not one but two teams won the Quality Team of the Year Award. Al Zahra Hospital, styling itself 'the best in Dubai', was recognised for the exceptional commitment of its team to delivering high quality patient care, while the Banaskantha District Cooperative Milk Producers' Union in India was awarded for its continued supply of quality dairy products from over 350,000 farmers to consumers across Asia.


2. Yele Odofin-Belo scooped the Quality Professional in a New Project Award. He was recognised for his work with ATCO, a Canadian holding company supplying temporary luxury accommodation for labourers working on isolated, large-scale projects - in the middle of nowhere. ATCO's client, constructing a hydroelectric dam in British Columbia, laid out numerous heavy non-conformance penalties: $50 fines for every meal not served to plan, up to $1000 fines for every towel not replaced! Yele implemented a quality control system to avoid and minimise these penalties, drawing on formal systems such as ISO 9001:2015 and redesigning operational procedures to address high-risk areas and guarantee a successful project.


3. After a long and successful career, John Oakland was given the CQI Honorary Award in recognition of his invaluable contribution to the quality profession. A prolific author of hundreds of reports, articles and books, John is also Executive Chairman of Oakland Consulting, one of several leading quality consultants partnered with Qualsys. John shared the award with Crossrail's Andrew Wolstenholme, currently overseeing the construction of the South East's new Elizabeth line, which is expected to serve 200 million people annually when it opens in December 2018.



All told, the Awards got off to a flying start in their inaugural year, bringing a diverse collection of quality professionals together to celebrate the growth of the industry and the remarkable contributions of those within. The full list of winners was as follows:

Quality Professional of the Year Award

John Feltham, Portsmouth International Port, U.K.

Emerging Talent Award

Charlotte Laverty, Alan Auld Engineering, U.K.

Leadership Award

John Holland, Jaguar Land Rover, U.K.

Quality Team of the Year Award

Al Zahra Hospital, Dubai, U.A.E.

Banaskantha District Cooperative Milk Producers' Union, India

Quality Professional in a New Project Award

Yele Odofin-Belo, ATCO Two Rivers Lodging Group, Canada

CQI Honorary Award

John Oakland, Oakland Consulting, U.K.

Andrew Wolstenholme, Crossrail, U.K.

Due to this success, the CQI has already announced that the Awards will return in 2018. We welcome all quality professionals to consider applying - it could be you on stage collecting an award next year! Read our ten reasons to enter here, and stay tuned on the Qualsys blog for the five things we learnt from the 2017 Awards.




Tags: CQI, Quality Culture