Michael Ord

Recent Posts

6 Quality KPIs your CEO cares about most: GRC 2018 Global Survey Results

Posted by Michael Ord on Thu, Apr 05, 2018

GRC professionals are spending a lot of time compiling reports. In fact, the Global GRC Survey 2018 found that 42 percent are spending over a week every month compiling reports.

This is 2.7 extra days every month spent reporting compared with 2015

With more time and energy than ever spent reporting on key performance indicators, it's important to focus on what matters most. 

Below we've used the Governance, Risk and Compliance survey results to answer what KPIs your CEO needs to see and explained how our software tool can help you save weeks getting this information. 


Don't tell me your job is compliance. We can't have somebody in charge of quality. We're all in charge of quality. When Land Rover Jaguar send out a car, everyone in the factory agrees they are responsible for quality. If there's something wrong with it, we collectively have got that wrong. And that's the mindset change that's needed in many companies. Mostly, Quality is about money. Top management are very interested in money. If you don't think money is on your agenda, then think again. You have to speak the language of the business.

John Oakland, Oakland Consulting. 

Read more: http://get.eqms.co.uk/skills-quality-career-progression/


governance risk and compliance software UK vendor best software - Copy

The GRC Metrics Your CEO cares the most about


KPIs 2017

Results from the GRC survey


1) Cost of Poor Quality 

The Cost of Poor Quality (COPQ) is the total lost due to either internal or external quality issues. These are unwanted overheads due to poor systems, processes or practices, and can severely reduce business profitability.

COPQ can be measured by: 

  • Incidents
  • % rework
  • Defects %
  • Non-conformities
  • Right first time percentage
  • Time dedicated to root cause analysis / resolve issues
  • Scrap / wasted product / time

Our software enables businesses to track and measure these costs using CAPA Manager. Cost data is captured so trends can be analysed, risks can be reviewed and preventive action can be put in place.

CEOs want this data because reducing this waste is one of the fastest way to make the business more profitable. 

EQMS Modules

Image: Integrated software modules enable you to plan, manage and assign roles and responsibilities so everyone in your business can play their part in practising good governance, risk and compliance. All activity is displayed on a single KPI dashboard, giving your leadership team a picture of the business. 


2) Customer retention 

Acquiring new customers is expensive. Most businesses rely on repeat business from their existing customers.

High customer retention levels demonstrate your business is well aligned, that you are delivering on value and keeping your promises. 

A kink in the chain will result in higher customer churn rates. Ignored customer feedback, a drop in Net Promoter Score , and higher customer churn rates will all reduce your profitability. 

Our customers use Complaints Manager to log customer feedback, assign roles and responsibilities and monitor trends over time. The reporting tools enable you to drill down and answer questions such as: 

  • Are we noticing more complaints or issues from a certain department, supplier, type of customer, product? 
  • Do we need to adjust the business strategy or the process and operations? 


Chris O and Mike P

3) Asset value 

Few businesses keep an updated list of assets and equipment owned. Consequences are inevitably costly. Being unable to fulfil an order because you don’t have the equipment to do the job. Buying duplicate items of equipment. And wasting money, time and effort purchasing equipment you do not need.

Your CEO wants to be able will want to know that investments are being maintained and will want a forecast of any assets which will require cash.  

Our customers use Equipment and Asset Manager to manage;

  • Tangible and intangible asset register (e.g. DPR)
  • Asset life cycles, including calibration, maintenance schedules, eol plans. 
  • Asset values


Desktop Issue & Equipment Manager


4) Risks 

Every business needs to be identifying and managing both internal and external risks. 

Your CEO wants to know about any vulnerabilities, new risks and new opportunities which will help to make the business more profitable. 

Qualsys's customers use Risk Manager to identify, assess and manage risks. Risk suggestions can also be raised for a more collaborative approach. 

Risk KPIs include: 

  • Impact assessment results - potential costs 
  • Outstanding compliance risks
  • Risk treatment 
  • Internal audit performance and audit scores
  • Business continuity plans / disaster recovery > performance testing metrics 


Risk impacts assessment


5) Culture 

Your CEO wants to know whether your business has a culture of quality. A culture of quality can seem difficult to measure, but engagement with quality, governance, risk and compliance management is a good indicator. 

  • Risk suggestions from across the business
  • Training scores e.g. using Training Records Manager to send a quiz
  • % of policies read and understood by employees 
  • Number of change requests / process changes 
  • Time taken to resolve issues

Document Manager, Training Records Manager and Change Manager are all used by our customers to measure culture and provide CEOs with an understanding of where improvements and investment is needed. 

How would you rate the maturity of your management system

GRC Global Benchmarking Report  


6) Productivity

An efficient management system will enable your business to react faster to risks and be more able to make the most of new opportunities. 

Metrics will be very specific to each organisation, but may include:

  • Documented policies, procedures and processes  
  • On time in full (OTIF)
  • Speed of responses to any findings
  • Training days completed 

All of Qualsys's GRC software modules will help improve the efficiency, resilience and profitability of your business. 

Plan Do Check Act


What you should do now

Join our GRC Metrics workshop. 






Tags: ISO 9001:2015, Key Performance Indicators

The GDPR more important than ever: Cambridge Analytica 'Big Data' Scandal

Posted by Michael Ord on Tue, Mar 20, 2018

Cambridge Analytica has provoked international uproar for exploiting the data of millions to manipulate the US 2016 presidential election and the UK Brexit referendum, using data harvested from Facebook's mobile application, "Thisisyourdigitallife".

Facebook knew about the misuse years ago, requested the deletion of the data by Cambridge Analytica yet didn’t blacklist until recently. Facebook have terms of use for third parties and developers but it has had minimum security checks and controls.

Both Facebook and Cambridge Analytica have denied any wrongdoing. 


From a compliance perspective, the app was launched in 2015, it is covered by the Data Protection Act (DPA). But if it were to be in use after 25 May of this year, then the General Data Protection Regulation (GDPR) would apply. Here's how both Cambridge Analytica and Facebook would be implicated. 

Big data.jpg

Online identifiers and profiling 

The DPA only covers personal data and sensitive data. But Cambridge Analytica used data to psychologically profile people and deliver a series of content to manipulate their beliefs and values. The GDPR will not allow businesses to profile people without their explicit permission. The regulation covers online identifiers, profiling data subjects, and other data you have. 


Explicit consent 

The application was developed by University of Cambridge academic Aleksandr Kogan who has no connections with Cambridge Analytica. As was common with apps and games in 2015, the application was designed to harvest not only the user data of the person taking part in the quiz, but also the data of their friends. 

Facebook has since changed the amount of data that developers can scrape in this way. However, the General Data Protection Regulation puts responsibility on both the controller and processor. In this case, Facebook would have a responsibility to protect the data subjects and be transparent and explicit about how the data is to be used.

controller vs processor.png

Want to learn more about GDPR? Join our upcoming workshop


Time it takes to report a breach

Cambridge Analytica has been withholding information. Under the DPA, breach notifications are not mandatory. The business can decide who and what they report to the ICO. However, under the GDPR, breach notifications are mandatory and must be made within 72 hours or face huge fines. Penalties for breaches of the GDPR are substantial - sharing personal information and using it beyond the stated purpose will incur a €20 million or 4% of global turnover fine


GDPR changes.png


Time to get your data policies up to the mark!

According to the Global GRC Survey 2018, 99% of governance, risk and compliance professionals feel their businesses aren't fully prepared for the General Data Protection Regulation. 

Prepare for the regulation, get template policies, and ask questions by joining our GDPR workshopClick here to learn more.

Alternatively, download our GDPR toolkit



Tags: ISO 27001, EU GDPR

Types of quality management systems

Posted by Michael Ord on Mon, Mar 05, 2018

Across different industries and sectors, you'll find variations in the role of the quality management system.  

General quality management principles say that you should define and follow all the best practice processes that you need (determined by you) to run your business / organisation, plus a selection of quality management supporting processes (audit, non-conformance, mgt review etc.) that are applicable to everyone.

Different industry standards / legal regulations then add to the list of mandatory processes and these are different depending on what you do. In some cases they even mandate what the processes have to contain. On top of this there may be voluntary codes of conduct. 

Unfortunately not all processes that are relevant to an industry are necessarily relevant to every business within that industry. For example, a primary engineering business might require processes for product design, product manufacture and new product testing, while a sub-contract business may only be involved in one of these.

However, no matter what industry you're in, getting the right information to the right person at the right time is necessary for the success of your business. This is where quality management system (QMS) software comes into play. 

Different types of QMS software support your business goals in different ways. Choosing the best QMS for your company requires looking at your objectives and determining the main quality challenges you need to resolve.

What is a QMS? 

Short for quality management system, a QMS helps your business automate quality processes to improve efficiency, track the cost of poor quality (COPQ), and improve customer satisfaction. 

What are the benefits of using a QMS? 

A good QMS enables you to focus on building a culture of quality and mentoring / training employees, rather than scrambling to keep tabs on all your policies, processes and procedures, you can see your strengths, weaknesses, opportunities and threats from a centralised system. A QMS helps you make sense of large volumes of data, so you can focus on the most pressing issues. 

Whether you are looking to implement a QMS for the first time or want to switch to something that better suits your business needs, there are several types of QMS software solutions you may want to consider. 

Quality management system frameworks 

The most popular framework used is the ISO 9001 quality management system. By certifying to the standard, businesses demonstrate they have a sound level of control over their processes and are invested in satisfying the needs of their customers. 

Access our ISO 9001:2015 toolkit for information about complying with the regulation.  


List of the different types of quality management system 

Quality management systems can go well beyond managing documentation and policies.

Click on each of the below to learn more about the solution. 

EQMS Modules.png

By module: 

  1. Document control 
  2. Change control
  3. Enterprise & operational risk management 
  4. Supplier management 
  5. Equipment and asset management 
  6. CAPA management 
  7. Policy management 
  8. Internal audit
  9. Training records management 
  10. Integrated BI / GRC Dashboard 
  11. Complaints management system
  12. Accident and incident reporting management system


By management system

  1. Governance, risk and compliance management system 
  2. Integrated business management system 
  3. ISO 9001 management
  4. Product life cycle management 
  5. Food safety management 
  6. Health and safety management 
  7. Environmental management
  8. Information security management   


What to do now

Not quite sure what you need? Drop us an emailgive us a call on +44 (0) 114 282 3338, schedule a discovery call at a more convenient time, or drop in for a coffee. 

Alternatively, read more about the changing role of quality management systems here. 

New Call-to-action


Tags: Quality Management Software

ISO 31000: Understanding the context of the organisation

Posted by Michael Ord on Wed, Apr 05, 2017

As part of ISO 31000, leadership need to demonstrate an understanding of the organisation and its context in regards to internal and external influences.

Being able to demonstrate the context of the organisation helps a business to properly align its risk management strategy with its overall risk appetite and risk tolerance in order to gain a competitive edge without compromising business continuity.



Considering PESTLE – Your External Contributors To Risk

Common factors to consider when understanding your organisation’s context in relation to external factors can be assessed using the PESTLE acronym:

  • Political
  • Economic
  • Social
  • Technological
  • Legal
  • Environmental

There are, of course, further factors which will influence the risk elements of an organisation, but it is these which are key to understand for any business.

With each element of the PESTLE acronym, it is important to consider: trends, external stakeholder relationships or impact, drivers affecting the organisation’s objectives, and contractual relationships and agreements.



Assessment Of Internal Context

Understanding the internal context could include the mission, vision, values and the alignment of strategic goals and objectives; standards or regulations adopted by the organisation (which are not required by legislation – that falls under external); and impact of resource.

Internal context can also cover:

  • Complexity of networks
  • Knowledge resource, sharing, and management
  • Contractual agreements and internal dependencies, and
  • Information systems including technological resource or reliance


Wistia video thumbnail - EQMS Risk Manager

Thanks for reporting a problem. We'll attach technical data about this session to help us figure out the issue. Which of these best describes the problem?

Any other details or context?


The Role Of Leadership In Understanding The Context

When leaders have recognised the influence of external and internal factors which may impact on risk, it is up to them to use this information – the context of the organisation – to assess the severity and likelihood of risks posed within these parameters.

As part of the risk management strategy, once the context is defined it is helpful to the progress of an organisation adhering to an ISO 31000 framework to communicate definitions and understanding to key stakeholders.

Next in the series: Clauses 5.4, 5.5, and 5.6 – Implementation, Evaluation, and Improvement

ISO 31000 Risk Management Toolkit

Tags: ISO 31000

Global Quality Trends Report

Posted by Michael Ord on Thu, Mar 23, 2017

In March 2017, Qualsys Ltd distributed the annual benchmarking Quality survey, asking quality professionals about their challenges, key responsibilities and resources.

Global Quality survey 27017 - cover.png

Download the Report FREE here: 

The 34 questions in the survey were grouped into four broad categories: the role of the quality professional; main challenges; technology and systems; and the responsibilities and activities within the quality operations.

Over 150 quality professionals took the survey, raising £151 for Sheffield Children's Hospital Charity. 

The 151 responses we received—from around the world, across more than a dozen industries, and from organisations large and small—took the temperature of the industry to understand how the role of the quality professional is changing.

In the Global Quality Trends Report, we have collated the key information from the Global Quality Survey.  

Download your FREE copy of the report to: 

  • Access a 15 Page (7 minute read) Report
  • See how you compare and benchmark against your peers
  • Insights from industry experts 

 Get the report by filling out the form below >>> 





Tags: Quality Culture

ISO 31000: Risk management principles

Posted by Michael Ord on Wed, Mar 22, 2017

ISO 31000 relies on the application of some core risk management principles. These are designed to illustrate the importance of risk within the context of the organisation, and will help you to understand why risk management is vital to business success.


Core Risk Management Principles

Core risk management principles PNG.png

Assessing risk enables you to create and protect value within your organisation. Identifying risks allows you to illustrate areas for improvement, align business goals with a more refined scope, and protect your assets (physical and intellectual).


How Risk Management Creates And Protects Value

Risk is often approached in a haphazard manner, when frameworks such as ISO 31000:2009 are not yet in place. This leads to higher costs associated with failures, which reduces the overall value of the organisation. Failures caused by poorly managed risks can also damage the reputation of an organisation, with the impact spreading much further than the initial risk failure.

For example, a manufacturer that does not check the quality of materials from a supplier could unknowingly create a sub-standard product. The far-reaching cost of this poorly managed risk extends to recall processes, replacements, refunds, machine downtime, delay in re-supply, and ongoing costs to reputation which could result in less new business and lost existing customers.

When risks are identified, action can be put in place to mitigate the damage should the risk occur. Risks can be more easily managed, and risk treatment plans will reduce the long-term cost of a risk occurrence.




More Efficiency, Greater Profit

Risk management creates value by helping an organisation to identify not only potential hazards to the business, but also possible opportunities.

A more efficient risk management process will impact on business operation: workplace risks can be removed to create a safe environment, or data controls put in place to simplify document access and reduce risk to stolen or corrupted data.

Creating a more efficient environment will naturally increase the profit margin of a smooth-running business. However, opportunities identified during risk management can also be implemented to further create value in an organisation.

For example, the understanding that sharing knowledge via a document hub is less risky than relying on one person to hold the knowledge for a process will lead to a more collaborative working environment. This knowledge share could open further innovative discussion for future profit opportunities, and will at the very least enable the organisation to maintain business continuity.


Next In The Series: Clause 5.2 – Leadership and Commitment: 11 Essential Steps

ISO 31000 Risk Management Toolkit

Tags: ISO 31000

EQMS ROI Calculator – First Release, Feedback Requested

Posted by Michael Ord on Wed, Apr 01, 2015

People buy EQMS solutions for a variety of reasons: to upgrade from paper, spreadsheets and / or legacy systems, to improve access to KPI data and reports and to increase decision-making velocity.

Quantifying the 'business benefits' is relatively straightforward. But for many of our customers, there is a CFO or Procurement Department who require a Business Case Report which examines 'economic benefits' such as savings or increased efficiency.

EQMS Business Case


Qualsys have years of experience supporting organisations through their procurement process. We know that Quality professionals are busy people, so we have developed a range of tools to help ensure a 'painless' procurement process.

Building on the success of the recently released EQMS Buying Toolkit (which includes editable templates, technical information, case studies, etc.), Qualsys have developed and formalised the Return on Investment Calculators that are typically provided in spreadsheet format.

Business Case: Process Mapping and Efficiencies

Qualsys' Process Mapping experts have supported complex businesses all over the world. Over time, we have produced best-practice models for various quality processes, such as:

  • Completing a document version change
  • Change requests and CAPA management
  • Conducting a supplier audit
  • Conducting an internal audit
  • Managing training records

Customers often ask us to produce 4 Year Return on Investment reports which map an existing process against how the process would perform with an electronic quality management system (EQMS). The difference in time-savings for completion of each process can be multiplied by volume to identify a percentage saving and an economic justification.

See the example Version Change Process below:

Process Flow Chart


EQMS ROI Calculator –  4 Year Business Case Report

The EQMS ROI Calculator has recently been released, and enables prospective customers to create a 12 page Business Case Report in just four simple steps.

ROI Document Manager

Initially focussing on EQMS Document Manager, simply complete the four steps to see an instant preview of how and where your organisation would see process efficiencies.

Every organisation is different, so the ROI Calculator allows you to edit the values / times or simply use the default data. You can aslo choose to recieve a fully customised PDF report which can be shared internally.

How to use the EQMS ROI Calculator

ROI Calculator Flow Chart


Your feedback please

We have additional EQMS modules such as Audit & Inspection Manager, Risk Manager, CAPA Manager and Training Records Manager ready to go. However, as this is a new approach we'd really value your feedback about the usability and content of the EQMS ROI Calculator.

We will take any feedback on board as we refine this tool to provide maximum value for your procurement process.

Simply email me at michael.ord@qualsys.co.uk or call +44 114 282 3338 with your comments and suggestions.

Thanks in advance, 


Michael Ord

Michael Ord


T: +44 114 282 3338

E: michael.ord@qualsys.co.uk


Useful Resources

ISO 9001 Software CTA



IRCA Webinar: "ISO 9001 - The Story so Far" - Qualsys Sponsor

Posted by Michael Ord on Fri, Jun 13, 2014


Qualsys are pleased to announce our partnership with IRCA (International Register of Certificated Auditors), the world's original and largest international certification body for auditors of management systems.

IRCA are the sister organisation to the Chartered Quality Institute (CQI) and represent the voice of over 10,000 Auditors worldwide.

simon wells resized 183

Simon Wells, Training Manager at Qualsys:

"Education is crucial to creating a culture of compliance. At Qualsys, we are constantly learning from our customers and from organisations like IRCA and CQI.  

We feed this knowledge into our EQMS Governance, Risk and Compliance solutions  such as iEQMS Auditor for iPad  with a view to giving our customers crucial tools to help make compliance excellence a competitive advantage.

Our partnership with IRCA is a natural extension of this approach.

We have augmented our Implementation and Training courses even further and will be announcing a range of inititives alongside IRCA  including CPD Points for Training, co-hosted webinars, Auditing and ISO 9001:2015 Resources and more."

IRCA Webinar - sponsored by EQMS Auditor for iPad

As part of our ongoing commitment to Quality Management excellence, we extended our coverage of the changes to ISO 9001:2015 by sponsoring IRCA's webinar, 'ISO 9001 - The Story So Far'. 

Richard Green, IRCA

IRCA’s Technical Manager Richard Green (above), said: "It’s an exclusive opportunity to find out the latest on the proposed ISO 9001 changes, in light of the DIS (Draft International Standard), released in May 2014."

The webinar covers:

• the revision timeline and most significant changes to date
• the drivers for change – why move away from the 2008 version? 
• the importance of Annex SL 
• how it will affect auditors and quality professionals

IRCA on the importance of Audit

Richard Green (IRCA) said:

"‘The adoption of Annex SL as the basis for all future ISO management system standards will drive a transition from ‘Auditor’ to ‘Assessor’.

"Increasingly audit personnel will need to deal with ‘shades of grey’. Yes, Standard requirements will still need to be met but there will be new evidence sources to be examined and interpreted and the need for increased use of judgement to assess the capability of the system to fulfil current and future requirements and outcomes.

"New competencies will need to be acquired and existing ones refined if present auditors are to successfully move on up to the next level."

View the Webinar Now

Simply click here and quickly register your details to watch the webinar instantly.

Alternatively, you can download the webinar slides for free.

IRCA Website


Learn more about EQMS Auditor for iPad

EQMS Auditor for iPad

More ISO 9001:20915 Resources:

ISO 9001:2015

Tags: ISO 9001:2015

Happy New Year! EQMS Special Offers from Qualsys

Posted by Michael Ord on Tue, Jan 14, 2014

The New Year is a time for reflection and optimism.

Since we returned from the winter break, the Qualsys Account Management team have been conducting telephone interviews with EQMS Customers and Partners from around the world.

Quality Managers, Compliance Officers and Audit Managers from companies such as BT, Diageo and Sodexo, as well as a whole host of small and medium-sized Enterprises have been sharing their thoughts and expectations on the year ahead;

  • What have we learnt from 2013? 
  • What challenges did we overcome? 
  • How is quality management changing? 
  • How can we drive even more business improvement? 
  • What are your new year's resolutions?

The initial feeling is that despite the differences between sectors, the issues facing Quaility Managers from around the world are remarkedly consistent;


  • Speed of change (regulatory/competitive/customer demand/ technology) 


  • Communication
  • Business case (delivering visible value)
  • Technology as an enabler
  • Multi-jurasdiction/regulation compliance

Over the next few weeks we'll be compiling the responses into a series of free whitepapers and articles. We'll share the expert insights and reflections and would welcome your thoughts and ideas too.

It's a uniquely dynamic and exciting time; we wish you a happy and prosperous 2014.

New Year Special Offers

In the meantime, here are two special new year incentives which are available to new and existing EQMS customers.

Special Offer #1

2 days of Design Time for FREE*: Worth £1,380

Branding image



  • Any EQMS Software or Training Purchase Order (PO) recieved before February 28th 2014 qualifies for Free Custom Branding of your EQMS system.
  • New & Existing Customers making additional purchases will qualify.
Free Custom Branding (Worth £1,380)

Special Offer #2

2 days for 1*: EQMS Spring Clean (Save £790+VAT)

EQMS offer

Make the most of your EQMS, start the new year with a clean, organised and up-to-date navigation, permissions, workflows and document control set up.

Qualsys experts will review your navigation and document structure and provide detailed feedback and best practice guidance.

I want the 2 for 1 Special Offer!

Tags: Quality Management Software, EQMS

Outsourcing by Government set to net £11.5 billion savings p.a.

Posted by Michael Ord on Mon, Oct 28, 2013

Osborne 2600702b

As George Osborne looks to make £11.5 billion savings in government spending and cut government borrowing by £49 billion, the public sector is facing its stiffest challenge for decades. 

Local Government, the Civil Service and the Police are all in the throes of cost-cutting which is leading to an ever-increasing focus on front line services and the questioning of any non-core activity.

Outsourcing organisations are being approached to take-on non-core activity and are being challenged to drive down costs. The value of these opportunities may be lower than previous contract values but their volume is set to rise dramatically.

A typical example of this was announced earlier this month with Dorset Police’s four-month trial of out-sourcing the guarding of major crime scenes to private company Securitas.

police dorset

Police and Crime Commissioner Martyn Underhill recently highlighted Dorset as the fourth lowest spending force in England and Wales – an indication that a creative approach to managing cost can pay dividends.

Trend to lower value Outsourcing Contracts 

The ISG Outsourcing Index for the Europe, the Middle East and Africa (EMEA) shows activity in the UK public sector worth €2.0bn in the first half of this year. Last year the annual market was worth €4.6bn, significantly more than double this year's first-half amount. 

However, these figures track outsourcing contracts with an annual value of €4 million or more. Smaller contract values are ignored but will inevitably begin to form a much greater proportion of outsourcing business.

The shortfall in high value contracts may well prove to be a blip as full-year UK figures for 2013 will still exceed their five-year average. And the UK continues to dominate public sector outsourcing activity in the EMEA region. In the first half of this year, the two billion euros worth of public sector outsourcing activity that took place in the UK represented an astonishing five-sixths of all public sector outsourcing activity in EMEA by value.

Only outsourcing operations that employ systems to truly standardise services across multiple contracts irrespective of contract size will make commercial sense of these opportunities.

Technology platforms such as ECMS Change Management for Outsourced Service Providers from Qualsys provide the controls to deliver standardised, compliant services across multiple contracts and manage change control to optimise flexibility and maximise profitability.
ECMS image

Armed with tools like this, niche players are set to benefit as are the most nimble of the larger players. The growth opportunities for those outsourcing organisations that can demonstrate this agility will be huge.

Learn more about ECMS >


Tags: Quality Management Software, ECMS, Compliance Outsourcing