ISO 22301: How to create a disaster recovery plan

Posted by Emily Hill on Mon, Jan 08, 2018

When a disaster strikes, there is often little time for planning a response, especially when the systems that are essential to your business operations are impacted. The GRC professional can and should play a leading role in addressing disasters.  

The role of the GRC professional must, however, start long before a catastrophe hits. They must plan, prepare and practice for an emergency.

A disaster recovery plan (DRP) is a documented, structured approach which includes how to respond to unplanned incidents. 

Business continuity and disaster recovery plans can provide a competitive advantage, especially as major businesses increasingly demand them as part of vendor selection processes. Without effective plans, businesses risk sanctions, fines, loss of customers, lawsuits and even going out of business. 

This step-by-step plan will help you build an effective disaster recovery plan using our GRC software


1) Audit your internal systems

Before you can do anything, you need to undertake exploratory audits to identify and review potential disasters. 

Develop a Business Impact Analysis (BIA) that identifies all critical functions, systems and applications, and outlines how a disruption to each of them will impact the business.


  1. Seek the input of all departments in the organisation to ensure that every issue is covered.
  2. Use Qualsys's Audit Manager to set up questionnaires for each area of your business and assign responsibility to each department head to collect the data you need. 

auditing software 4.png


2) Understand vulnerabilities, risks and opportunities  

Agree on how you will determine the impact of a risk and then conduct a risk assessment which details the potential ways they could damage your business. 

These may be:

  • Cyber attacks
  • Power outages
  • Natural disasters 
  • Human error

Document the risk of each of these occurring, the impact that they can have, and what will need to be recovered.

Risks include:

  • Loss of customers
  • Cost of downtime
  • Reduced productivity
  • Reputational damage
  • Recovery costs 

Tip: Use Qualsys's Risk Manager to collect risk data from across your business and associate each risk to audits, suppliers, documents, policies, incidents, etc. 

 risk management software.png

3) Control of external provisions

How exactly could your external providers impact your business? Do you have up-to-date contact information? Should you spread the risk by taking on multiple providers? 

All of the following may cause a disaster when you rely on a supplier:

  • Financial viability
  • Capability and capacity
  • Ethics assessment
  • Social responsibility
  • Process control
  • Sub-contractors 
  • EHS 
  • Change 

Assess the risk from each external provider and create contingency plans and exit strategies for the loss of suppliers that are critical to operations.

Tip: Use Supplier Manager to keep a central repository of: 

  • Contact details
  • Service level agreements / contracts 
  • Evaluation and re-evaluation criteria
  • Cost of poor quality
  • Real time dashboard
  • Routine supplier audit records 


4) Keep an asset register

Add all the information on the components of your assets and equipment in a detailed inventory.

Add all details about the assets, including:

  • the warranty expiration date
  • location
  • version number
  • installation or purchase date
  • latest updates of both essential
  • supporting equipment

It is also important to state objectives should there be an incident, for example: what is the recovery time objective? What would be the maximum tolerable downtime? 

Tip: Use Equipment and Asset Manager to manage equipment throughout its lifecycle. 


5) Risk analysis

Identify, assess and appropriately manage threats and vulnerabilities. 

Reduce any identifiable risks by setting up the appropriate supporting systems and strategies. These should include backups of data and the routine inspections of IT assets.

Ensure you can discover potential threats through measures such as antivirus software, network monitoring and staff training, and mitigate the damage through redundancies that protect critical data and applications.

 inspection management software.png

6) Document your DRP 

Your DRP should include a short-term plan that repairs and restores critical business processes, and a long-term plan that covers things such as root-cause analysis and long-term preventive strategy. 

You will need to make sure your DRP is kept up to date and will enable you to meet your recovery objectives. 

Tip: Use Document Manager to store files and share documents with the right groups or individuals.   

7) Train your employees

Who exactly is your disaster recovery team? What are their roles and responsibilities should an incident occur?

Part of your disaster recovery plan should be to make sure your employees have the necessary formal training should something happen. Then the training should be recorded in a central system they will be able to access. 

Communicate the plan to all of your staff and arrange formal training to ensure they understand and can fulfil their responsibilities under the DRP.

Training should be conducted on a regular basis and whenever any changes are made to the plan that will affect staff roles during the recovery.

Tip:  Training Record Manager enables you to maintain records, identify training needs and assign responsibility for tasks. 



8) Test your DRP 

While identifying the risk and creating a mitigation plan are important first steps, practice is also essential.

Undertake regular exercises to validate plan procedures will work as designed. This means you need to test your DRP on a regular basis to ensure that your plan is fit for purpose. 

Tests should assess all your procedures, identify opportunities for improvement, and ensure they are implemented. For example:

  • Test your emergency phone numbers 
  • Test your communications systems across the globe
  • Check all contact information is up to date
  • Make sure all communications templates and data are secured and backed up

Tip: Use the Incident Manager module to set off a test workflow to see the response and identify any issues. 



What you should do now

Want more information about business continuity? Learn how to use Qualsys's software for your disaster recovery planning (and more) by scheduling a demonstration or discovery  call here 

Schedule a GRC Software discovery call

Tags: Compliance Management Software, ISO 22301

Eliminate Paper From Quality Management - World Paper Free Day 2015

Posted by Emily Hill on Wed, Nov 04, 2015

Given the ubiquity of emails, intranets, social media, text messages and mobile communications apps in the current office environment, you would be forgiven for thinking that the war on paper was over.

Worldwide paper consumption has actually increased 400 percent since 1970 and aAIIM Industry Watch Report - 'Paper Warsfound that paper flow actually increased in 25% of organisations last year.

This is surprising since paper based processes can cause a company so many short term and long term issues. 

With World Paper Free Day just around the corner, this is an opportunity for businesses to question paper-based processes and introduce new initiatives to eliminate paper based processes. 

Read on for more information about World Paper Free Day, reasons to reduce your paper and how you can eliminate paper from your quality management processes. 


quality managers go paper free

World Paper Free Day: 

This year, World Paper Free Day will take place on Friday, 6th November to encourage organisations to reduce their paper consumption. 

World Paper Free Day was introduced by AIIM (the Association of Information and Image Management), following a study which found that the main reason companies were not reducing their paper consumption was due to a lack of management initiatives. 

By challenging your company to go paper-free for one day, it engages all stakeholders to pro-actively consider their business processes, encourages innovative thinking and starts conversations which may otherwise never happen.  

Getting your organisation involved with World Paper Free Day is an opportunity to change the way your organisation operates for the better. 

Make your pledge to eliminate paper for World Paper Free Day here. 


Reasons to go Digital:

The amount of information required to manage compliance, governance and risk makes paper-based processes unsustainable. Here are just a few reasons why your organisation should be eliminating paper-based processes from quality management: 


Save Money: 

If you have a paper-based auditing process, filing cabinets which are full of compliance documents or you are keeping a paper-based record of training documents, it will be costing your company a lot more money than you may expect. 

Whilst the cost of paper is not particularily shocking, there are many other additional costs which you may not have considered. The cost of printing, copying, postage, storage, filing, shredding and recycling paper documents, costs 31 times more than a digital process

By moving your auditing processes, compliance documents and training records to an electronic quality management system (EQMS), it will reduce these unnessesary overheads. 


Save Time: 

Time-consuming administrative tasks, such as re-inputing auditing information from a clipboard to a spreadsheet can be a stressful burden.

The amount of time taken to re-input auditing information is wasteful and reduces productivity. Furthermore, time is money - you can calculate how much money this time equates to by using this ROI Calculator tool. 

By conducting audits electronically and managing all information in one interface, it reduces duplication effort, saving a significant amount of time. 


Ensure Compliance: 

In heavily regulated industries such as pharmaceuticals and healthcare, it is essential that all employees have access to the latest SOP's and other regulations. If this documentation is on paper, it will be easy to loose and difficult to find - rendering it impossible to effectively manage compliance. 

Paper-based processes are prone to error, slow and create information silos. By transferring these processes to an electronic quality management system, you can share all essential information with employees at a click and you can verify that all employees have acknowledged that they understand the new or updated requirement at a glance. 


What Next? 

Eliminating paper-based processes is essential for a sustainable quality management system. Find out more about how an EQMS can eliminate paper from your business processes by requesting a demonstration of our software. 


Request your EQMS Software demonstration



Tags: Compliance Management Software

EQMS Compliance for Solicitors software reviewed by Jonathan Bray

Posted by Michael Ord on Fri, Feb 15, 2013

Jon Bray

Solicitors compliance expert, Jonathan Bray, writing in the respected 'Compliance & Risk Journal' compared the key compliance software solutions to support COLP / COFAs.

Jonathan reviewed a range of reputable solutions, and made the following remarks about EQMS.

EQMS Compliance for Solicitors

Jon Bray EQMS Review
"EQMS is being developed for the legal market having been a leader in other highly-regulated industries for almost 20 years.

The developer boasts an impressive client list including BT, Diageo, the Financial Times and a whole host of local authorities and NHS Trusts. Many firms will undoubtedly be attracted by this proven track record.

The version for law firms is built upon the same engine used by the company's blue chip clients, but its workflows have been adapted from the ground up for COLPs and COFAs.

It is fair to say that the system is currently in an advanced development stage and feels less polished than some other software, but from what we have seen so far the end product is likely to be impressive. The developers say they are working hard to make the system user-friendly and intuitive, without losing any of the software's sophisticated features. 

As well as recording and monitoring functions, EQMS has full audit and reporting capability.

The software is mainly preconfigured for ease of set up, although fully customisable to a firm's procedures and workflows.

Integrated document management, including precedent manuals and policies with roll-out capability, add real value to the service.

Compliance Officers looking to maximise their chargeable time will also be able to opt for an approved risk management consultant to help them manage the firm's overall risk and compliance strategy on an on-going basis.

EQMS can be run in the cloud or on a local server, and data can be accessed by mobile devices.

The product can also integrate with the major accounts packages and Microsoft Office applications, as well as Sharepoint."

Partnership Opportunities for Risk Management Consultants

Mike Bendall

Mike Bendall, Qualsys Director said:

"Qualsys are 100% committed to delivering a real game-changing solution for solicitors compliance. The EQMS Compliance for Solicitors software has been developed for the past 18 months, working with key industry experts and is now being rolled out beyond our pilot firms.

We will soon be announcing exciting partnership opportunities for Risk Management consultants working in the legal market"


Request free 1 hour consultation

Tags: Risk Management, Compliance Management Software, SRA

Trends in document management through 2015

Posted by Michael Ord on Wed, Jan 16, 2013

The start of a new year is always a good time to reflect.
Mike Bendall, Document Management
We asked Mike Bendall, a Qualsys Director with 20+ years experience in the field, to provide a few articles on future trends, and best practice lessons in document management.

In the first in a series of articles, Mike gives his view of changing trends in document management, and the quality standards that drive compliance issues through to 2015. 

Document Management systems (DMS) explained

Integral to an organisation's content environment, document management involves the acquisition, storage and recovery of information pertinent to operations.  

A well-functioning document management system (DMS) generates agile document-modification while improving records' retention, security, auditing and summarisation.  

Regulations and quality standards developed by professional agencies for maintaining operational/performance criterion across a wide range of enterprise/business processes motivate DMS-integrity.

ISO Guidelines

The International Organisation for Standardisation generates ISO-guidelines to provide best-practice principles/procedures for quality assurance, environmental management and information security.  Several ISO pertinent standards are:

  • ISO-9001 Quality Standard regulates workflows producing goods and services.  The benchmark for quality enterprise management, it fulfils the rigours of independent, external audits.  ISO9001 applies to similar products/services of the same relative class/function, globally controlling these processes to guarantee consumer needs and expectations are satisfied.              
  • ISO-14001 offers worldwide standards for appropriate and safe control of enterprise processes that may negatively affect the environment through wasteful/dangerous acquisition of natural resources or excessive energy consumption.  Internal audits maintain 14001-certification, ensuring these standards are upheld.            
  • ISO-27001 standardises practices for security of organisational information.  Systematic evaluation of security risks identifies administrative priorities for managing threats to information security. 
    The objective is assure confidentiality, integrity, and safe-access to information.   

The three guidelines generate enterprise cost savings through improved efficiency, productivity, and market-expansion, caused by reliable measures of quality-assurance, environmental-protection and data-security.  I've found no evidence they will be modified through 2015. 

OHSAS Standards

  • OHSAS-18001, the most recent certification-spec from Occupational Health and Safety Management Systems, can be aligned with ISO 9001/14001, combining quality and environmental administration with occupational health/safety protection.  

I believe some augmentation of OHSAS will be made before 2015, if audits demonstrate standards need to be updated to reflect current realities for workplace health/safety management; 18001's priorities mandate ongoing improvements for employee safety.   


  • The Care Quality Commission (CQC) monitors all British healthcare services, supplying essential standards of quality-care and safety for venues ranging from NHS-providers to hospitals, care-establishments to patients' own homes.  

All health/social caregivers must be appropriately licensed by the CQC, which implements regular service-reviews to ensure progressive British healthcare.  Modifications to present standards may be enacted prior to 2016 if review deems them necessary. 


  • SRA (Solicitors Regulation Authority) provides the legal-services community guidelines for legal and ethical issues.  Its outcome-focused regulation (OFR) flexibly ensures justice and protection for clients by departing from confining conventions of law as necessary, while supporting and monitoring of solicitors' actions and behaviours.  

The SRA issues edicts affecting regulations as needed, and has already made 6 revisions to the OFR guidelines. It can be expected to modify its current regulatory stance on selected issues through 2015, if the need for further legal protection arises.  


  • Part-11/CFR (Code of Federal Regulations) was enacted to assure best-practice DMS-procedures through mandating replacement of paper records/signatures by electronic documentation.  

A new law, CFR/Part-11 will not likely be modified through 2015, unless further workplace efficiency/productivity generated by its enactment becomes necessary. 


  • SOX (Sarbanes-Oxley Act) protects shareholders/general public from fraudulent corporate accounting/management (eg., Enron/WorldCom-2002)

DMS-procedures affect all electronic record-keeping/administrative functions, both internal and external.  SOX may be modified through 2015 if further large-scale corporate fraud emerges.            


GAMP (Good Automated Manufacturing Practice) guidelines regulate pharmaceutical companies' information/test-data accuracy, its completeness, suitability and use of reliable DMS procedural, configuration and certification practices.

GxP quality guidelines are applied to certify product-safety and dependability. GAMP changes according to updates in corporate IT and its uses. 


Document Management systems are innately connected to current standards/regulations, since they are themselves published documents requiring management for consistent use administering materials, products, services, technologies, processes and systems. 

It is a constantly moving envrionment; document management systems will continure to evolve to meet the standards and regulations as they transition through 2015.

Download Free Whitepaper: Case for Document Management

Tags: ISO 9001:2015, Compliance Management Software, Document Management, SRA

EQMS New Features and New Releases

Posted by Gemma Baldan on Wed, Dec 12, 2012

rob needham Rob Needham, Technical Director, Qualsys

We are pleased to announce a raft of new releases to both EQMS functionality and feature sets. A range of the features and modules have been released and are available on current version of the system.

There are also a host of new compliance and risk management modules which will be available very early in the new year.

Current new releases:

Document Manager

You can now work from EQMS Document Manager without even having to enter the application, it can work as part of you every day role, using;

  • Microsoft Word, Excel and Powerpoint Add-Ins
  • Outlook Exchange Add-In
  • Sharepoint App
  • Android and Apple App

PDF Overlays:

The PDF overlay function ensures that when a document is exported or printed, that key document control information is recorded as a footer; for example the date, document type, void if printed statement, e-signature, user name etc. 

EQMS Audit Manager:

  • Plan and schedule audits with ease
  • View all audit activity at a glance
  • Create new audits from stored templates
  • Record status, milestone dates and any other required data
  • Build reusable lists of audit questions 
  • Raise findings and actions associated with questions 
  • Set non-conformance triggers for question responses

EQMS Training Manager:

  • Assign training requirements by individual, group or role
  • Verify course completion
  • Automated re-training scheduling
  • Record details of training providers and their performance
  • View record of training undertaken by individual
  • Identification of training gaps
  • Automated email and to do list notifications and escalation of training reminders
  • Storage of certificates and evidence of course completion
  • Management reports

CAPA Manager

  • Record and track issues / complaints / incidents etc.
  • View Issues for defined periods by status
  • Classify issue source for further analysis
  • Build reusable workflow templates for each class of issue
  • Automate investigation with step-by-step action (eg root cause analysis)
  • Automate corrective/ preventive actions with workflow-enabled functionality
  • Track actions through to ensure  issue resolution and verification
  • Management reports 

Releases due early in 2013:

Risk Manager

  • Identify and record risk assessments
  • Automatically segregate and classify risk
  • Define probability of occurrence and likely impact
  • Automate  action to avoid, transfer, mitigate or accept risk by the appropriate individuals
  • Apply Risk Ratings
  • Management Reports
  • Automatic lookup and display of related investigations

 Supplier Manager

  • Store Supplier details in the database
  • Store Supplier evaluation and rating records
  • Supplier Approval Process with configurable automated workflow
  • Track non-conformances with  automated workflow through to problem resolution
  • Automate corrective/ preventive actions with workflow-enabled functionality
  • Management Reports

KPI Management Dashboard
GRC Dashboard

  • Dynamic real time reporting
  • Customisable screen and report view
  • Extensive list of  reporting capability
  • Customised reports
  • Permission driven
 For more information please feel free to contact us:
Click to contact us

Tags: New features, Quality Management Software, EQMS, Risk Management, Compliance Management Software, Document Management

Validated Computerised Quality Systems in GxP Environments

Posted by Gemma Baldan on Fri, Nov 02, 2012

Is the system fit for purpose?

It’s crucial that organisations operating across the Pharmaceutical and Medical Device industry carefully consider the impact of the introduction of computerised quality system applications. 

The European Medicine Agency's (EMEA) Guidelines to Good Manufacturing Practice (GMPs) - Annex 11, Computerized Systems (aka EU Annex 11) and The Food and Drug Administration's (FDA) rule on Electronic Records/Signatures (21 CFR Part 11 aka Part 11) are crucial in the manufacture of pharmaceutical products.


Businesses operating within the Medical Device and Pharma industries are compelled through the FDA and EMEA to instigate a formal validation process to ensure that all software is fit for purpose.  Whilst the legislation that governs particular sectors may vary, the principles of software validation are consistent and typically demand consideration of the following areas:

  • Software Vendor Development Methodology
  • Customer Requirement
  • Customer System Specification
  • Software Verification
  • System Validation
  • System Change Control and Validation
  • Problem Resolution Process and Tracking

So how can we ensure that a computerised quality system is fit for purpose under either Part 11 or Annex 11?

Whether operating under Annex 11 or Part 11, all computerised systems used in GxP regulated environments require compliance for ensuring integrity of data and records. 

 The FDA suggests that “when computers are used as part of the quality system, the [device] manufacturer shall validate computer software for its intended use according to an established protocol. This has been a regulatory requirement of FDA's medical device Good Manufacturing Practice (GMP) regulations since 1978”

 EMEA Annex 11 goes further into the requirements of computerised systems than Part 11. There are specific points in Annex 11 that relate directly to the supplier and service provider of the software. It addresses formal agreements, software review and supplier audits.  It is important to note that a software supplier cannot sell a validated system; validation requires a risk-based approach that the system performs as intended in its actual environment; however a system can provide the functionality to enable compliance with the specific regulations.

Key considerations:

When evaluating computerised quality systems, consider if the system;

  • Provides access control /user management.
  • Allows only authorised changes to data and documents
  • Ensures data integrity including: prevention of deletion, poor transcriptions and omission. 
  • Provides full time stamped audit trails
  • Provides Disaster recovery / Back up and retrieval
  • Provides the use of Electronic Signatures where necessary
  • Allows for system maintenance and change control
  • Supports management of training documentation


Five tips to help ensure you select the right supplier:

  1. Evaluate the quality methodology of the supplier; how do they design, construct, supply and maintain the software? Do they have relevant ISO9001 and TickIT quality marques in place to underpin the way they work?
  2. Understand the history of the vendor’s suppliers, if they have outsourced work – was all the software built in house? If not, how are the vendor’s suppliers quality checked?
  3. Are any third party apps used within the software? How heavy is the vendor’s reliance upon these apps, and how reliable are the apps themselves?
  4. Consider any known limitations of the software package or versions and the adequacy of any corrective actions by the Supplier.
  5. Has the supplier supplied to GxP regulated industries previously? Was the software compliant in ensuring integrity of records and data
Finding a vendor that you can trust to work closely alongside you is crucial to the success of your project; in our next post we'll be discussing key considerations of vendor selection.
For further help or information, feel free to Get in touch. We'd be happy to hear from you.


Tags: Quality Management Software, Annex 11, Risk Management, Compliance Management Software, Document Management, FDA

New video: Qualsys Navigator (props to Ben H)

Posted by Michael Ord on Fri, Sep 28, 2012

The EQMS Navigator video is the first big release from Ben Hollis, Qualsys' resident graphics and film whizz, and shows the module of EQMS that 95% of people use on a daily basis.

EQMS is comprehensive suite of Governance, Risk and Compliance solutions with document management at its core. The Navigator module provides, easy to use, convenient access to documents, to do list items and more from any device.

We'd love to hear you feedback on the video:


Request a product demo

Tags: EQMS, Compliance Management Software, Document Management

Implementing a Quality Management System: Best Practice

Posted by Michael Ord on Tue, Sep 18, 2012

Implementing a quality management system is as much as an art as it is a science. It is an art to manage people and a science to have a process approach to quality. 

In this article Qualsys' Services Director Mike Bendall and Quality Manager Specialist Peter Pond discuss implementing a quality management system and answer your frequently asked questions. With experience implementing and consulting organisations of all sizes, they offer an expert perspective on successfully implementing a new quality management system. 


  • what a Quality Management System is,
  • why it is important to all organisations who want to succeed,
  • the benefits of implementing a quality management system, 
  • the requirements of a qms, 
  • operating a qms in a highly regulated environment,
  • the importance of a heirarchical culture,
  • steps to implementation.
peter pond

Mike Bendall

What is a Quality Management System (QMS)?

It sounds like a obvious question, but let's start wih the basics by defining and discussing the scope of a quality management system. 

"A QMS is a coordinated set of values and processes implemented by an organisation to ensure and demonstrate that it meets the standards demanded to satisfy its customers’ demands and expectations."

The international ISO 9001 standard is the accepted statement of the requirements of a quality management system. 



Why is a QMS Important?

A fully operational QMS will help an organisation to meet and demonstrate that it has met certain goals:

  • Consistently meet customer requirements.
  • Consistently manage internal requirements.
  • Consistently manage external requirements. e.g. the effective allocation of resources. 


What are the benefits of implementing a QMS? 

Implementing a quality management system will result in a number of long-term commercial gains. Here are just a few benefits of effectively implementing a QMS: 

  1. Achieve organisational goals.
  2. Reduce costly errors. 
  3. Improve customer satisfaction. 
  4. Market your business more effectively.
  5. Manage growth more effectively.
  6. Improve documentation availability. 
  7. Correct issues to continually improve products and services. 
  8. Grow market share in new territories and market sectors. 
  9. Creates a culture of quality. 
  10. Embed vision into all projects. 
  11. Better internal communications.
  12. Consistent products.
  13. Effectively measure performance of individuals and teams. 
  14. Improve compliance. 


How does a QMS support an organisation to manage cultural issues? 

Implementing a quality management system can ruffle the feathers of employees. It can take them out of their comfort zone and away from institutionalised processes. This is why support from operational and executive management from the outset is critical to the implementation of a quality management system.

Qualsys has worked with hundreds of quality managers and always found that it is best practice to get management to promote quality. It is advisable for managers to embark on a routine of positive reinforcement during the early stages of the systems life. Not only will this promote system use but it will motivate staff. Download the EQMS Stakeholder Engagement template for a step-by-step plan to getting buy-in from your internal stakeholders.  

To be effective, a quality management system needs to be robust, intuitive and flexible.The diagram below suggests how your quality management system should be.  



Under a QMS, processes should be subjected to tighter management. It is wise to expect changes in the way staff interact and to expect changes in the distribution of responsibility and accountability. 

It is important to take account of staff perception. By recognising existing employee attitudes and dispelling any concerns they hold is a vital part of managerial strategy when implementing a QMS.

Building on the theme of staff communication, when implementing a QMS an organisation should not shut its ears to employee suggestion. Employees are the ones who will use the quality management system so making any necessary amends to fit their needs and improve usability makes sense.

It is also advisable for an organisation to allow for an initial lag phase before improvements become the norm.

A quality management system offers peace of mind that regulatory requirements are being complied with and that the organisation is continually adopting a customer centric approach. 

Read our blog article "The Transformational Quality Professional - Moving the Business Forward", for more information. 

What does a QMS Require?

A quality management system requires a number of essential elements. Here are five of them: 

  • A quality policy and quality objectives, these statements must be documented.
  • A quality manual including scope, justifications for any exclusion, documented procedures, process interaction descriptions, this will specify how a QMS will be observed and emphasise the companys commitments to both continuous improvement and quality.
  • Any document procedures required by the compliance standard.
  • Any documents needed to ensure the effective operation, planning and control of company processes.
  • Records such as evidence of conformity to requirements and of effective QMS operation will be required by the compliance standard.


Operating in a Controlled Environment:

Many organisations deploy a quality management system to demonstrate compliance to regulatory requirements. A Quality Management System can support an organisation operating in a controlled environment in a number of ways: 

  • To ensure compliance standards are met, all company documents should conform to QMS processes.
  • This will ensure conformity in staff behaviour when performing their duties, a uniform data recording method and consistency in staff training.
  • The keeping of records such as audit findings, data monitoring, non conformance reports and corrective actions etc can be used as proof of QMS use and effectiveness.
  • A QMS can be used to enforce the required approval and disposition of documents and records.
  • It is important that only the most up to date version of documents are available to company users. To be compliant documents should have unique identity and version control when subjected to change.
  • The signatures of preparer and approver of the document may be required.
  • A summary of document history showing changes and dates of revision may be required.

To ensure that all records are both traceable and retrievable records must be managed and controlled in a similar manner to documents; it is advisable to assign them unique identifiers, which will be supplied by an electronic QMS support tool.


The Importance of Hierarchical Organisation:

Organisation is vital when dealing with controlled documents. A suggested hierarchy for managing QMS documentation is:

  1. Quality Manual
  2. Policies
  3. Procedures
  4. Work Instructions
  5. Lists
  6. Forms

EQMS Quality Management System

Any additional document types may be used at a company’s discretion. For example in this screen grab of an exemplar EQMS Document Manager structure:









Steps of implementation:

Implementation of a QMS is a multi-facted challenge. Here is a plan getting a QMS implemented:

  1. General templates for all Controlled Documents that the company plans to use should be drawn up before QMS documents are written, templates should have consistent styles and formats thus making them east to read and navigate. All template procedures and instructions should have purpose, scope and responsibilities sections, templates must also meet controlled document requirements e.g. unique identifier etc. It is optional for a company logo to be included in a document header.
  2. Many companies will have written procedures already in place, however these current procedures may not be up to scratch in terms of being out of date, incomplete etc. There may be some areas of the business such as finance that are not seen to fall under the scope of the QMS and existing procedures may be seen as the best option to achieve compliance. However any areas deemed not under the remit of the QMS must not have an impact on product safety of quality as these are under the jurisdiction of the QMS.
  3. Companies should undertake a flow chart style mapping of quality framework management processes, this helps to include all stakeholders in the process, highlights areas of non compliance and missing documents, it is a great method of identifying areas where change is needed.
  4. It is useful to map your QMS documents and structure according to hierarchy using process/document maps and organisation charts.
  5. Documents should be drafted according to the specifications in the document maps, be aware of your audience and use appropriate language accordingly, a large international company with bi-lingual staff may need to publish documentation in several languages.
  6. Electronic drafts should be managed appropriately, they should be documented and filed so that they can easily be identified, retrieved, reviewed, tracked and managed. The process used in the document control mechanism should be consistent to that used in the drafting process.
  7. It is important for all documents to be reviewed by Subject Matter Experts from all areas affected by the documents scope. Failure to review documents may result in a reduction of compliance, increase the risk of deviation from the QMS and create friction between staff/departments.
  8. It is important to obtain the appropriate approval level for an issued document, this will be dictated by the compliance standard. Once issued and approved a hard copy of the document must be filed at a secure location. Once documents are published staff can be trained to use them.


To Summarise:

  • Evaluate your existing business.
  • Ensure implementing a QMS is necessary.
  • Make sure that the processes are working.
  • Revise these processes where necessary and undertake continuous reviews.
  • Investigate Electronic Quality Management Solutions (EQMS) as a way of automating and simplifying the process.


What Next? 

Essential to the successful implementation of a quality management system is to get stakeholder engagement. Download the EQMS Stakeholder Engagement plan for more information. 



New Call-to-action


Tags: Quality Management Software, EQMS, Compliance Management Software, Document Management, Implementing EQMS

The case for document management

Posted by Gemma Baldan on Wed, Aug 15, 2012

When discussing any type of IT expenditure it is often two key questions that come to mind “when will we recoup our investment?” and “will it help us save money?”

There are many hidden costs associated with a paper based document management system; loss of productivity and efficiency, duplication of effort, inefficient customer response and poor business agility.

describe the image

When putting your case together it’s crucial to understand how to quantify the exact losses the business experiences. For example in a typical organisation 80% of employees will lose at least 30 minutes a day just from searching for information.

How easy is the system to use? It is of great importance that your document management system is compatible with existing work processes, and does not force employees to radically change the way they work. As well as understanding current losses, it is also important to get to grips with the requirements of implementation and application of the software solution. How long will it take to implement, how much of your time will be required?

This white paper will provide a base from which to make informed decisions on process, implementation and practical application of document management. it covers:

  • Key issues facing organisations regarding document management,
  • Business process and practical advice on questioning vendors
  • Key ROI considerations
  • The Case for Document Management is a crucial tool for busy Quality and Compliance Managers and gives you a quick overview of the key issues at hand. 

Download your copy here.                                                                                                                                                                                                                 

Tags: Quality Management Software, ISO 9001:2015, Compliance Management Software, Document Management

How EQMS 'Permissions' help solicitors with SRA compliance.

Posted by Michael Ord on Thu, Aug 02, 2012

Solicitors in England and Wales face a fresh impetus to ensure compliance across their organisations. Rule 8.1 (a)(i) of the SRA Authorisation Rules 2011 places the requirement on an authorised body and its managers to ensure compliance with obligations imposed on the body itself, its managers, employees or interest holders by or under the SRA’s regulatory arrangements.

Rule 8.2 of the Authorisation Rules refers to the need for an authorised body to have ‘suitable arrangements for compliance’, and the guidance notes to rule 8 refer to the need for ‘clearly defined governance arrangements providing a transparent framework for responsibilities within the firm’ as a common area for firms to consider.

In correlation with this, Outcome 7.1 of the SRA Code of Conduct 2011 outlines the need for a ‘clear and effective governance structure. Outcome 7.2 refers to the need for ‘effective systems and controls’ to achieve compliance.

Effectively maintaining an appropriate, up-to-date flow of information and documentation throughout an organisation on a paper-based basis can be a time-consuming and inexact process. 


EQMS compliance for solcitors

EQMS - Compliance for Solicitors features extensive permission-based document control which allows managers and compliance officers to thoroughly tailor the view of accessible content to reflect the needs of the firm and the roles of those within it. 

Reduce the risk of non-compliance arising from use of dated or erroneous content and ensure that only the most recent, approved versions of template documents are used by letting EQMS drive your working procedures. 

Document Manager

EQMS document permissions let you target specific users by group or role. They also help you to make document access match your organisational structure. Holding a single master copy of each document makes unnecessary duplication a thing of the past

Request free 1 hour consultation

Tags: EQMS, Compliance Management Software, Document Management, SRA, OFR