Emily Hill

Recent Posts

Policy management best practices 

Posted by Emily Hill on Mon, Mar 05, 2018

Every governance, risk and compliance person, regardless of the type of business they work for, wants their policies to be read and understood by their employees, customers and suppliers. 

But let's face it - most employees probably aren't engaging with your policies. Afterall, you wouldn't be getting so many repeated mistakes and issues if they had really read and understood your policies. 

Kate Armitage, Product Quality Assurance Manager at Qualsys has earned a reputation for making even the driest of subjects interesting and thought-provoking. 

So when it comes to creating Qualsys's policies, she's always got a strategy for raising awareness, getting everyone onboard and making real business improvement. 

In this article, Kate has shared 7 top tips for creating policies that are effective and engaging.

 Kate armitage - quality manager-718280-edited.jpg

1) Establish a process for creating policies

Create a process for creating policies. You can do this within our Document Manager software (see image below). 

Policies within our software.png

Determine what policies are needed. Typical business policies: 

  • Electronic device policy
  • Flexible working policy
  • Risk management policy
  • Quality policy
  • Information security 
  • Business continuity and disaster recovery planning
  • Ethical policy
  • Equal opportunities policy
  • Data protection policy 
  • Health and safety policy

Standardise a template for the processes and procedures. This way there is a common look and feel to all the documentation. Here is our privacy policy example. 


2) Don't do it on your own

All of your policies should have an official owner. But that doesn't mean you have to do everything. For example, get relevant departments to be part of the approval cycle before the policy goes live. Below is an example of how this works in our software. 

Approval path example.png

Give employees ownership, assign responsibility and create the processes and procedures with the staff members who are doing the work. This way your team feel involved and empowered and more likely to share any ideas or risks. 


3) Link between policies

Create good links between different policies and documents where relevant. This will encourage users to read around and you can improve views of your policies by up to over ten times.

 Qualsys process interaction map.png

Image: Example of Qualsys's policy map 


4) Make your policies really simple

Good communicators make themselves look smart. Great communicators make their audiences feel smart.

First, read this. Now the rule is to keep your policies as simple as possible.



5) Cater for different learning styles 

When you're writing a policy, first and foremost you are becoming a teacher. Good teachers cater to different learning styles. For example, create process flow diagrams to support the written processes or a visual representation often aids understanding, or, if you have the time, create a video / webinar or audio recording to go with the written policy.  


6) PDCA 

Always remember that as well as planning and implementing the policies, that you are also discussing and reviewing the processes during your audit schedule. 

 auditing software and quality management.png

7) Use our software to manage all of your policies

Your policies should not be dispersed, nor should they only exist on paper. You need a system which provides a framework for managing and controlling your policies. Our software enables you to manage the entire life cycle of your policies. 

See our policy management module in action. 


What you should do now

Try our Stakeholder engagement template for a free step-by-step guide to getting your team engaged with quality. 

 Stakeholder Engagement toolkit


Tags: ISO 9001:2015, Policy management

8 ways Training Records Manager makes managing training easy

Posted by Emily Hill on Thu, Feb 15, 2018

Our software is continually evolving. This is why the Qualsys team all undertake regular refresher training.  It is crucial that we know how to make the new features and enhancements work for our customers. 

Last week, Caroline Wilson, Service Implementation Manager at Qualsys, ran a training session on the module "Training Records Manager". 

In this article, I asked Caroline to share 8 of the best things about the Training Record Manager module. 



1) Use for all different types of training records 

You can use this module for all different types of training records. It's used for SOPs, internal training, induction, health and safety, FLT assessments, medicals, working at heights, health surveillance and lots more. 


Laptop Training & iPhone Auditor.png

2) It's automation at its best

I've worked in quality for 5+ years. In my previous roles, I would have loved to have had a system like this. It's a million times better than using spreadsheets. For example, all the training planning process takes place in one central system. Instead of having to email and book training in everyone's calendar, as an administrator you can automate this from the system. Notifications and due dates are set in the system, so you are not spending hours chasing people. 


training records sheet.png

3) Ratings

If as a business you invest in your employees and your training, it's a big risk for your business if the training provider isn't any good.

As an administrator, you can add a form field which ensures your employees rate their training. This is a really powerful tool. Getting this feedback is really useful when planning for the next year of training. 


Johnson and scholes cultural web.jpg

Johnson and Scholes: Business Cultural Web, http://wikireedia.net/wikireedia/images/5/53/Culturalweb.jpg 


4) Make the system work for your business

Many businesses have their own internal terminology. With Training Records Manager phrases can be updated centrally by administrators so you can make the system work for your business. It's a great way to get your users more engaged with the system. 


5) You get more information, in a format you can actually use

The Training Record Manager module is really flexible. When you are configuring the module, you can capture any information you want. For example you may want qualitative data about the training as well as quantitative, so you can adapt the forms to make it work for your business. 


Access Training Records Manager datasheet

Training records datasheet.png

6) Custom training reports

Most of the time, your leadership teams are not going to have the time to configure dashboards and widgets. The Training Manager module provides leadership with custom training reports. This can then be enforced on their screens, so they can see any outdated training records, drill-down into high-risk areas, and chase anyone who is not fulfilling their training requirements. 


7) Confidence you’re compliant:

When compliance training needs to happen on an annual basis, it can be really easy for it to get missed. This is where Training Records Manager is really helpful. You can automatically manage a retraining schedule. So when you have a new starter or someone changes their role, you can copy a training program. It saves weeks of your time.  

 EQMS Modules.png

8) Integrates with other modules 

This module is not only used for external training. When used with Document Manager you can send training and quizzes on a new document or policy prior to it going live. 


Download the Training Records Manager Datasheet to learn more about the technical features and benefits of this module.  >>> 


Tags: Training Record Software

Qualsys launch the Global Quality Survey 2018

Posted by Emily Hill on Tue, Jan 16, 2018

For the fourth year running, Qualsys have launched the annual Global Quality Survey. It's your chance to have your say on how the role of quality and the industry is changing. 

Global quality trends survey 2018

Never before have quality professionals encountered such pressure in balancing and prioritising various organisational demands such as:

  • Reducing the cost of poor quality
  • Improving customer satisfaction
  • Engaging a remote and global workforce with quality

As technology evolves alongside developing regulatory requirements, so does the role of quality. It’s time to ask: how do you compare with others in your industry?

About the survey

The survey comprises 34 questions compiled by Robert Oakley, Commercial Director and Mike Bendall, Business Mentor.

We've kept many of the survey questions the same to help us to get a full picture of how the industry is changing. 

Take the Global Quality Trends Survey 2018


£1 to Sheffield Children's Hospital Charity 

For every quality, regulatory, or compliance professional who enters, Qualsys will donate £1 to Sheffield Children's Hospital Charity. Last year, we raised £151 for the charity. 

Take the Global Quality Trends Survey 2018


Before you go... 

See the results from the Global Quality Trends report 2017 here 

Please also share the survey on Twitter & use #GQTS2018


ISO 22301: How to create a disaster recovery plan

Posted by Emily Hill on Mon, Jan 08, 2018

When a disaster strikes, there is often little time for planning a response, especially when the systems that are essential to your business operations are impacted. The GRC professional can and should play a leading role in addressing disasters.  

The role of the GRC professional must, however, start long before a catastrophe hits. They must plan, prepare and practice for an emergency.

A disaster recovery plan (DRP) is a documented, structured approach which includes how to respond to unplanned incidents. 

Business continuity and disaster recovery plans can provide a competitive advantage, especially as major businesses increasingly demand them as part of vendor selection processes. Without effective plans, businesses risk sanctions, fines, loss of customers, lawsuits and even going out of business. 

This step-by-step plan will help you build an effective disaster recovery plan using our GRC software


1) Audit your internal systems

Before you can do anything, you need to undertake exploratory audits to identify and review potential disasters. 

Develop a Business Impact Analysis (BIA) that identifies all critical functions, systems and applications, and outlines how a disruption to each of them will impact the business.


  1. Seek the input of all departments in the organisation to ensure that every issue is covered.
  2. Use Qualsys's Audit Manager to set up questionnaires for each area of your business and assign responsibility to each department head to collect the data you need. 

auditing software 4.png


2) Understand vulnerabilities, risks and opportunities  

Agree on how you will determine the impact of a risk and then conduct a risk assessment which details the potential ways they could damage your business. 

These may be:

  • Cyber attacks
  • Power outages
  • Natural disasters 
  • Human error

Document the risk of each of these occurring, the impact that they can have, and what will need to be recovered.

Risks include:

  • Loss of customers
  • Cost of downtime
  • Reduced productivity
  • Reputational damage
  • Recovery costs 

Tip: Use Qualsys's Risk Manager to collect risk data from across your business and associate each risk to audits, suppliers, documents, policies, incidents, etc. 

 risk management software.png

3) Control of external provisions

How exactly could your external providers impact your business? Do you have up-to-date contact information? Should you spread the risk by taking on multiple providers? 

All of the following may cause a disaster when you rely on a supplier:

  • Financial viability
  • Capability and capacity
  • Ethics assessment
  • Social responsibility
  • Process control
  • Sub-contractors 
  • EHS 
  • Change 

Assess the risk from each external provider and create contingency plans and exit strategies for the loss of suppliers that are critical to operations.

Tip: Use Supplier Manager to keep a central repository of: 

  • Contact details
  • Service level agreements / contracts 
  • Evaluation and re-evaluation criteria
  • Cost of poor quality
  • Real time dashboard
  • Routine supplier audit records 


4) Keep an asset register

Add all the information on the components of your assets and equipment in a detailed inventory.

Add all details about the assets, including:

  • the warranty expiration date
  • location
  • version number
  • installation or purchase date
  • latest updates of both essential
  • supporting equipment

It is also important to state objectives should there be an incident, for example: what is the recovery time objective? What would be the maximum tolerable downtime? 

Tip: Use Equipment and Asset Manager to manage equipment throughout its lifecycle. 


5) Risk analysis

Identify, assess and appropriately manage threats and vulnerabilities. 

Reduce any identifiable risks by setting up the appropriate supporting systems and strategies. These should include backups of data and the routine inspections of IT assets.

Ensure you can discover potential threats through measures such as antivirus software, network monitoring and staff training, and mitigate the damage through redundancies that protect critical data and applications.

 inspection management software.png

6) Document your DRP 

Your DRP should include a short-term plan that repairs and restores critical business processes, and a long-term plan that covers things such as root-cause analysis and long-term preventive strategy. 

You will need to make sure your DRP is kept up to date and will enable you to meet your recovery objectives. 

Tip: Use Document Manager to store files and share documents with the right groups or individuals.   

7) Train your employees

Who exactly is your disaster recovery team? What are their roles and responsibilities should an incident occur?

Part of your disaster recovery plan should be to make sure your employees have the necessary formal training should something happen. Then the training should be recorded in a central system they will be able to access. 

Communicate the plan to all of your staff and arrange formal training to ensure they understand and can fulfil their responsibilities under the DRP.

Training should be conducted on a regular basis and whenever any changes are made to the plan that will affect staff roles during the recovery.

Tip:  Training Record Manager enables you to maintain records, identify training needs and assign responsibility for tasks. 



8) Test your DRP 

While identifying the risk and creating a mitigation plan are important first steps, practice is also essential.

Undertake regular exercises to validate plan procedures will work as designed. This means you need to test your DRP on a regular basis to ensure that your plan is fit for purpose. 

Tests should assess all your procedures, identify opportunities for improvement, and ensure they are implemented. For example:

  • Test your emergency phone numbers 
  • Test your communications systems across the globe
  • Check all contact information is up to date
  • Make sure all communications templates and data are secured and backed up

Tip: Use the Incident Manager module to set off a test workflow to see the response and identify any issues. 



What you should do now

Want more information about business continuity? Learn how to use Qualsys's software for your disaster recovery planning (and more) by scheduling a demonstration or discovery  call here 

Schedule a GRC Software discovery call

Tags: Compliance Management Software, ISO 22301

Quality priorities 2018: Review of 2017 & new year's resolutions

Posted by Emily Hill on Thu, Jan 04, 2018

We asked 10,000 quality professionals to share their highlights from 2017, plans for 2018, and any advice they would share with others. 

Qualsys would like to thank everyone who took part in the survey, and here are eight of the best. 

global manufacturer 2018 plans.png


1)  Aza Bik, Quality Manager for Cardiology and Cardiac Surgery

What went really well for you in 2017? 

I developed the quality management systems in two healthcare organisations. They both achieved ISO 9001:2015 certification.  I succeeded in getting my ISO 22000 lead auditor certificate. And I also managed to progress my career, landing a role as a quality consultant.

Plans for 2018? 

In 2018, I'll be conducting a research project in quality management and coordinating an infection control program.

Advice for other professionals? 

Be ambitious in everything you do. 


2)  A UK-based business

What went really well for you in 2017? 

Achieving ISO 9001:2015 certification was a real highlight of 2017, as was being part of the business process and assurance function and delivering a quality presentation at a CQI branch.

Plans for 2018? 

I plan to get more involved with business process and assurance functions and maintain our certification to ISO 9001:2015.

Advice for other professionals? 

I'd recommend you encourage senior management to become more involved with your quality management system. Engage regularly with stakeholders at all levels of your organisation and share knowledge and experiences with others. 

3)  A quality student

What went really well for you in 2017? 

I have been on a steep learning curve throughout 2017. I've been made aware of new data laws and learning where to find important information on changing regulations. 

Plans for 2018? 

In 2018, I want to further my education, see about starting work within the industry, and start saving to pay off my tuition fees!

Advice for other students? 

I'd advise other quality students to talk to as many professionals in the industry as possible and to get involved with the CQI. 


4) Kevin Tuke, Group IMS Manager, Eptare Refrigeration

What went really well for you in 2017? 

In 2017, our business successfully launched some really exciting new products to market, and I integrated all our new acquisitions into our IMS. We also successfully transitioned to the new ISO 9001 and ISO 14001 standards!

Plans for 2018? 

In 2018, I'll be looking closely at the metrics across 15 plants and 12 countries. I aim to stabilise the group non-quality costs (total NQ costs / turnover). And I want a 1% increase in Right First Time across the group. 

Advice for other professionals? 

Internal audits are a great opportunity. Make sure you use them to add value to your business.


4) 10,000+ employee, multi-site manufacturing business

What went really well for you in 2017? 

I managed to get approval to replace our obsolete quality management system packages. We transitioned to ISO 9001:2015. One of the greatest achievements was getting agreed metric methodologies for measuring and comparing global quality performance. 

Plans for 2018? 

We'll be rolling out our new quality management software. We're starting to integrate our global quality system and that will help us to monitor global quality system KPIs. 

Advice for other professionals? 

Make sure management understand the importance of your quality management system. Too often, it's seen as an afterthought and not an essential business tool. 

5) Global manufacturer

What went really well for you in 2017? 

We managed to achieve AS9100 C implementation in our US facility. We also successfully passed our AS9100 D readiness review. Best of all, a large number of our employees successfully completed their internal auditing foundation course training. 

Plans for 2018? 

We'll be getting certified to AS9100 Rev D and doing an IATF 16949 gap analysis training.  

Advice for other professionals? 

Training our employees is the most important activity we can undertake. It makes implementation of change far less painful.  


6) US-based manufacturer

What went really well for you in 2017? 

Our quality management system transition to ISO 9001:2015 went really well. Quality control at manufacturing sites and running workshops to engage employees have both been successful. 

Plans for 2018? 

Increase internal standardisation of processes. 

Advice for other professionals? 

You must set objectives and set a vision for your quality management system. 


7) UK-based business consultancy services

What went really well for you in 2017? 

Successfully passing several examinations and getting a promotion. 

Plans for 2018? 

Become more familiar with our quality, environment, process safety and GDPR requirements. 

Advice for other professionals? 

Be resilient - don't give up after receiving any type of disappointment. 


8) UK-based 250+ person food manufacturer

What went really well for you in 2017? 

More employees have started challenging our processes which I've found really helpful. I worked with our internal communications team at the start of last year to get some messages out there, including some "Why Quality?" instructional videos.

Plans for 2018? 

My resolution for next year is to try something new each month, like running quality improvement workshops, going to different training events, and creating reports on new areas. 

Advice for other professionals? 

We should challenge the status quo more. Don't be afraid, just speak up. 


What you should do now

Ambitious plans for 2018? We are all learning and developing our skills.

Sign up for Qualsys's 1-day courses to be inspired, network, and gain actionable advice for advancing the maturity of your governance, risk and compliance management practices. Browse courses here. 

Alternatively, if you are looking to implement a new governance, risk and compliance management system, download our GRC software datasheets. They discuss the software features, benefits and how you can use the software in your business. 

GRC Softwar datasheets

GRC in 2018: Qualsys staff share their predictions

Posted by Emily Hill on Thu, Jan 04, 2018

As another new year begins, the Qualsys team have reflected on the events from the past year and shared their predictions for the year ahead.

We've asked members of staff from across the business to tell us what they foresee as potential GRC challenges and opportunities over the next year. 

1) Data privacy - top of the business agenda

 GRC predictions 2018.png

Kate Armitage, Product Quality Assurance Manager at Qualsys believes first and foremost that data privacy will be squarely on top of the 2018 business agenda: 

Data privacy isn't anything new, but when the European Union's General Data Protection Regulation (GDPR) enters into force in May 2018, it will strengthen the rights of individuals to control what data they share.

However, this poses many challenges for businesses who rely on the data to benefit society. For example, modern cars collect vast quantities of data. This data is used for all kinds of things, such as improving the vehicle performance and even making roads safer. Yet in Germany, privacy rules already give ownership of the data to individuals in the default setting, making it hard to get consent. As a result, this makes their roads ever so slightly less safe.

For many businesses, in particular high-tech companies who rely on vast amounts of consumer data, GDPR is a complex and broad regulation which will fundamentally change how their business operates now and long into the future.

More GDPR resources here 


2) Brexit turbulence might cause a rise in ISO certifications 

Predictions for 2018 2.png

Ryan Peplow, one of Qualsys's product testers, thinks Brexit will result in a larger number of UK-based businesses investing in their ISO certifications. 

UK businesses who export their products and services will likely invest more in their ISO certifcations. Many of these standards, such as ISO 13485, the medical device standard, harmonise regulatory requirements and help businesses implement a best practice management system. ISO certification may help UK-based businesses stay competitive. 

Read about Annex SL 


3) Ethics will play a wider role in the business 

Predictions for 2018 7.png

Mike Pound, Managing Director, says that there will be more pressure on governance, risk and compliance to monitor and manage the ethics of the business. 

Governance, risk and compliance is always influenced by changes in society. We must continually be asking what our consumers want and care about.

For example, throughout 2017, sexual harassment and assault allegations have surfaced around many powerful and influential men, and media coverage of these revelations has dominated news cycles. Bill Cosby, Harvey Weinstein and Kevin Spacey are but a few that have been revealed, but there will be more. Throughout 2018, more businesses will be reviewing their processes, and should be investigating any past events that might surface. 

Learn about about management system solutions


4) Leadership will understand the role they play in governance, risk and compliance

Predictions for 2018 4.png

Michael Ord, New Business and Marketing Director at Qualsys, believes quality teams are going to get much more involved with key performance metrics in order to engage leadership. 

The Global Quality Survey 2017 revealed 67% of leadership teams weren't engaged with governance, risk and compliance. 

But these same leadership teams are running successful, busy and high-growth businesses. A weak governance, risk and compliance system will never keep pace with the risks that a high-growth business faces. As the business grows and encounters more challenges, it needs a management system that works. 

We're finding more and more GRC professionals are getting better at engaging leadership. They are using our software to monitor key performance indicators such as Net Promoter Score, Customer Lifetime Value, and the Cost of Poor Quality. That is getting the attention of leadership, because they can do something with that information and it speaks their language. 

 KPIs you should be measuring


5) Culture of Excellence

Predictions for 2018 5.png

Tom Hodgson, New Business Development Manager at Qualsys believes GRC professionals will be doing a lot more in 2018 to encourage employees to take ownership of the governance, risk and compliance management system. 

While we have always known that culture will always triumph over compliance, there is a disturbing trend of employees not challenging the information presented by their governance, risk and compliance management systems.

This leads to one-sided views, interpretations and ideas. I think 2018 will be the year where GRC professionals are going to go further to get their employees really stuck in. We're already seeing our software getting more and more attention as employees understand why they need to be challenging documents, processes, and even our software. This makes their business fitter, faster and stronger. 

8 tips for quality professionals to implement a culture of excellence 


6) Truly integrated GRC solutions 

Predictions for 2018 6.png

Charlie Munns, Business Development Executive at Qualsys said businesses are going to invest heavily in technology in 2018. 

GRC teams are spending a lot of time chasing people for the information they need to do their job well. This data isn't always accurate and it's slow to reach them. Throughout 2018, we're going to see more businesses adopt a real-time integrated approach. We're already seeing more and more businesses connect our software with their existing ERP and Microsoft applications - this is reducing duplication of effort and enabling teams to identify risks and opportunities faster than ever. 

 Read about integrations


What you should do now

Ambitious plans for 2018? We can help you replace tired, outdated legacy systems, engage your employees and achieve a culture of excellence. Browse our GRC solutions here. 

Alternatively, if you are looking for inspiration on where to focus your efforts in 2018, read Global Quality Industry trends report here. 

New Call-to-action


4 steps to get buy-in for your GRC solution (includes free survey to send your employees!)

Posted by Emily Hill on Wed, Jan 03, 2018

Now you know you need to upgrade your governance, risk and compliance (GRC) management system, it's time to convince others across your business.  

Kate Armitage, Product Quality Assurance Manager at Qualsys has worked in various quality roles for the past 13 years. Kate advises:

You need to use your sales skills when it comes to getting what you need for your GRC system. For this, I use the sales technique "AIDA". AIDA is an acronym which stands for Attention, Interest, Desire, Action. It's a simple and effective way to get buy-in across your business.

Kate armitage - quality manager.jpg

Below, Kate has summarised some examples of how she has applied the AIDA technique. 


1) Awareness 

Awareness is all about getting your employees to acknowledge that there is an issue. Ask your employees what they like about the existing system, what they dislike, and any ideas they might have.

You may also want to get some quantitative data, such as:

  • How would you rate our existing document / risk / issue management system? (out of 10) 
  • Can you always find the documents you need? 
  • Are you confident your training records are always up to date? 

Here is an example survey we sent on behalf of a multi-site manufacturer who wanted to replace a document management system. 

quality management system software review.png

2) Interest

You now have their attention, so it will be much easier to get their interest. Using social proof is a powerful way to get buy-in for your case. 

Social proof is most powerful for those who feel unfamiliar or unsure in a specific situation and who, consequently, must look outside of themselves for evidence of how best to behave there.

Robert Cialdini - Influence: The Power of Persuasion

Use your survey data for social proof, for example:

  • 87% don't feel confident the documents they are accessing is correct 
  • 60% aren't sure where to find the latest SOPs
  • In the past 12 months, 90% of employees spotted an issue but didn't report it because they didn't know who to tell. 

Here is an example presentation we put together on behalf of a potential customer who wanted to convince their employees they needed a consolidated and integrated GRC solution. If you'd like some free assistance with this, contact us here. 

What do you like the least about your quality management system.png 


3) Desire 

Now you have presented the findings, you need to present the solution. We'd recommend using feedback from all your research thoughout this presentation. 

Here is an example presentation template you can use to get buy-in.  If you'd like more help putting together a buy-in presentation, contact us and we'd be delighted to help prepare your presentation or present on your behalf. 




4) Action 

After this, it's important to continually set objectives, measure and report the findings to your employees. Are you on track? What is the bigger picture? How can we improve? 

During your implementation of our GRC solution, your dedicated Service Implementation Manager will help you set up your system to make this natural.

Read more about our best practice implementation service here.


What you should do now

If you need some extra help to engage your workforce, schedule a 15-minute discovery call. We'll listen to your challenges and see how we might be able to help you on your journey. 

Alternatively, for free templates, guides and advice from professionals who have been through the same challenges as you, we'd recommend downloading our Business Case Toolkit

Governance risk and compliance management software


Tags: Quality Management Software

Alliance Medical opts for Qualsys's governance, risk and compliance software

Posted by Emily Hill on Tue, Jan 02, 2018

Qualsys is delighted to welcome Alliance Medical, Europe's leading medical imaging service business, as a new customer.

 Alliance medical.png

For over 25 years, Alliance Medical has provided medical imaging services for both public and private healthcare markets across Europe. The company is at the forefront of molecular imaging technology, deliving high quality PET/CT scanning services. 

Alliance Medical puts patient care and safety at the heart of the business. The team are continually looking for opportunities to improve their services. In 2016, members of their quality and process improvement team recognised an opportunity to upgrade their governance, risk and compliance managment system. 

After a thorough evaluation of solutions, Alliance Medical selected Qualsys's governance, risk and compliance software and services.

The solution will help Alliance Medical to implement even more robust processes - preventing mistakes, improving visibility and identifying more opportunities. 

Below, we've summarised some of the reasons Alliance Medical opted for Qualsys's solutions. 

Preserve integrity of documents 

Using SharePoint or manual processes for document management can make it difficult to guarantee the integrity of a document. 

Alliance Medical opted for Qualsys's document management module because it will enable them to: 

  • Restrict access to documents through advanced permission controls 
  • Ensure old versions of documents are locked to prevent losing information
  • Complete lifecycle management of a document

Audit for opportunity  

When it comes to spotting issues or potential problems, many businesses struggle to get the resources and buy-in needed to make internal auditing part of a routine. This leads to ignored problems, reactive processes, and costly mistakes. 

Alliance Medical is using the internal auditing module to plan, schedule and manage mutiple audits quickly and efficiently. The solution will help the quality team to: 

  • Use standardised templates to plan and schedule audits
  • Capture the right nformation during an audit
  • Automatically notify users of any corrective measures that need to be resolved.

auditing 5.png

Share risk data across multiple sites 

Alliance Medical already uses an advanced risk management rating system for all operational and enterprise risks.

Qualsys's risk management module will enable Alliance Medical to optimise the process by:

  • Enabling risk assessors to share risk data across sites, to share best practice, and to be aware of potential issues
  • Communicating risk to senior management teams, so they are aware and can advise
  • Standardising risk data for stronger decision making. 

risk management software.png

Michael Ord, New Business & Marketing Director at Qualsys, worked closely with the team at Alliance Medical to scope their requirements and said: 

We are truly delighted to now be working with Alliance Medical. Our services team is now working closely with Alliance Medical to configure and train their staff. Our services team works very closely with our customers as this ensures they have a sustainable system that is properly implemented and will benefit all employees. 


It all starts with a phone call 

Not sure whether we can help you? Or perhaps you know you need a consolidated governance, risk and compliance solution, but don't know how to get buy-in from your financial or leadership teams?

Schedule a 15-minute, no-obligation discovery call. We'll learn more about your challenges and will try and help you on your journey. 

Alternatively, browse our business case toolkit. It has heaps of templates, guides and advice for your peers to help you on your journey to procuring a new system. 


Governance risk and compliance management software


Tags: New Customers

Qualsys support The Children's Hospital Charity snowflakes

Posted by Emily Hill on Thu, Oct 26, 2017

Whether it's the clocks going back next week, the drop in temperature or Bonfire Night approaching, summer is definitely long gone. 

But one thing that we do look forward to this time of year is sponsoring the Children's Hospital Charity's snowflake display which decorates the front of the hospital building. 

The annual display is much anticipated by patients, staff and the public, as hundreds of lights adorn the entire hospital, each with a ‘gift tag’ attached displaying the name of a local sponsor.

The charity is very important for Qualsys as many of our employees have children who have used the hospital's services at some point

Our donation will be going towards the "Make it Better" appeal. This was launched in 2012 to help raise money to build new wards and create the best possible environment for children to get better more quickly. 

Tchad Western is Corporate Fundraiser at the Children's Hospital Charity.  He said: "This year our light switch-on will be the biggest yet, with a fun evening being planned! We'll also be celebrating the new wing bedrooms being open as well as seeing the start of the first school’s snowflake sponsorships. So it'll be a great evening."

What to do now 

The hospital will switch on its light display on 30 November.

Please feel free to join us at the event! 








ISO 13485 software validation process

Posted by Emily Hill on Thu, Oct 26, 2017

When you're implementing an electronic medical device quality management system, your software validation plan is of the utmost importance. You'll need to ensure that your system is working and continues to work as required.

There are no shortcuts in this process. However, we provide a structured approach which will help you demonstrate compliance to regulations and standards such as ISO 13485 before, during and long after you've implemented our quality management software. 

In this article, Chris Owen, Services Director at Qualsys Ltd, explains what software validation means and how we approach validating your quality management system software.

What is software validation? 

Businesses must carefully consider the impact of introducing new software applications, particularly where the solution is mission-critical or where the company needs to demonstrate compliance with regulations and standards.

Once the software is installed it must be checked periodically to make sure that it's correctly configured and working as it should. This is all software validation. 


When is it necessary to validate quality management software? 

Quality management software must be validated when a computer system is used in a good practice (GxP) process, to revise the quality of a product, or to generate information for regulatory bodies. Validating the software helps reduce risk and legal liability, as well as providing evidence that the computer system is fit for purpose. 


Requirements for ISO 13485:2016 validation

In the latest version of ISO 13485, the standard has more explicit requirements for software validation. The standard specifies that any business wanting to achieve certification must:

  • Develop procedures to validate and revalidate your quality management system software
  • Develop an approach that is proportionate to the risk being taken
  • Use procedures to validate and revalidate other software applications 
  • Validate computer software applications for their intended use 
  • Validate software whenever its intended use changes 
  • Maintain a record of your software validation and revalidation activities. 


What does a software validation process look like? 

First, you need to adopt an approach which is proportionate to the level of risk that you're taking by using your electronic quality management system. Here's an example of a software validation process: 

  1. Understand the operational requirement
  2. Produce a specification of the requirements
  3. Choose a trusted supplier
  4. Verify the software's capabilities
  5. Validate the implemented system
  6. Use formal change control, including revalidation
  7. Resolve any non-conformities and deviations


Validation test plans

To validate your quality management system software, you'll need to put together a validation test plan. This is a document detailing the objectives, process required, description of the process, expected result, actual result and any comments or observations. Qualsys provides you with templates and support throughout this process. 


How Qualsys can help with the validation

Qualsys will help you throughout the validation process. We make sure that the validation process progresses smoothly and quickly by lessening the impact of many of the most time- and resource-consuming tasks.

We offer: 

  1. System specification requirements (before you buy the system)
  2. Operational Qualification (OQ), Performance Qualification (PQ) and Installation Qualification (IQ) documentation
  3. Validation test scripts
  4. Validation test plans
  5. Validation templates 
  6. Software verification
  7. System change control and validation 
  8. Problem resolution process and tracking

Qualsys work with in-house specialists and an independent validation services partner who have an excellent reputation in carrying out a range of validated projects for AstraZeneca, ConvaTec, Eli Lilly, GlaxoSmithKline, Piramal Healthcare and Sanofi. 

For more information about our validation services, request a 15-minute discovery call with one of our team.

Schedule a GRC Software discovery call 

Tags: ISO 13485