Former attendees explain why you should sign up for a workshop

Posted by Emily Hill on Mon, Apr 09, 2018

Qualsys provides a number of workshops to help you to tackle important business challenges. 

If you are thinking of attending but you are not sure whether they are right for you, below you'll find feedback from former attendees who have explained how they benefited. 

I found the day most useful. It’s great to see the materials that have been shared with us. I often go on learning events and have never experienced the same level of willingness to (1)-1


1) More confident

Kevin Tuke, Epta Group's Integrated Management Systems Manager recently attended the ISO 31000 Risk Management workshop. He said: 

As with other workshops, you may well be attending with some existing knowledge of the topic, but you may not be clear on everything.

In regard to the Workshop provided by Qualsys – I am now fully in line with understanding the topic. But more than this, I am ready to apply the theory into practice and provide clear guidance for my colleagues.

 In addition, the documented information provided in support of the workshop for future reference was extremely clear and practical. Links were provided to all of these user documents.

 Overall it was an exceptional learning opportunity – in great / historical surroundings, great staff and hospitality.


Workshop 2-678547-editedThe GDPR resources



2) Informative 

Geoff Airey, Group Audit and Compliance Manager at Lowri Beck, also attended an ISO 31000 risk management workshop. He said: 

The Workshop was informative, clear and taught by people who knew the subject. All attendees took part, and it was a great foundation for Risk management which wasn’t a sales pitch for your software.



Workshop 1Before and after: How prepared do you feel to tackle the GDPR? 



3) Based on feedback from your peers

Chris Owen, Services Director at Qualsys planned the workshop schedule. He said:

GRC is a really challenging role with a lot of responsibility. It's important that the person in this role has the latest knowledge and insights.

These workshops are designed using the feedback we've received from hundreds of GRC professionals and insights from our internal teams. 

When we plan these workshops, our team works together to ensure that they cover important areas, useful tools, and share ideas. 

There are currently seven topics to choose from - Supplier management, Risk, the GDPR, ISO 45001, ISO 9001:2015 transition, Culture of Quality, GRC Metrics. But any requests for other topics can be sent to


What to do now

If you still aren't sure whether the workshops are for you, give our team a call on +44 (0) 114 282 3338 and we'd be delighted to answer any of your questions. 

Alternatively, browse all upcoming workshops, learn more and sign up here:

GRC Workshops training compliance  



Tags: GRC Resources

How to solve the HR-Quality disconnect

Posted by Annie Grace on Fri, Mar 10, 2017

Is your organisation suffering from HR-Quality disconnect?

Common side effects include: outdated training records, lack of communication between departments, frustrated employees, time-heavy manual processes, and a high risk of employees not having the latest training requirements. 

We've talked to many quality professionals who feel this disconnect. But if HR control the training records and you control the quality management system, how can you ensure their processes meet the requirements of ISO 9001:2015? 

Clause 7.2 'Competence' requires organisations to determine the competency requirements for those people performing work under its control. Once these competence requirements have been determined, the organisation must then ensure that those people possess the necessary competencies. The organisation is required to take action to acquire the necessary competence. Actions taken need to be evaluated for effectiveness. 

So how do you solve this disconnect between departments? Below are 8 questions you should ask for a more integrated training record management system. 


#1 Does The Organisation Have The Required Competence? 

ISO 9001:2015 defines competence as "the ability to apply knowledge and skills to achieve intended results." This means ensuring that employees not only have the knowledge, but are able to apply it to ensure the objectives of the organisation are reached. For example, this may mean that during the on-boarding process that all pre-employment checks are completed using up-to-date forms, arranging and conducting required training, and job role definitions are time-consuming - but necessary. 

Using an EQMS system means documentation can be held in one hub for easy access, while training can be booked and managed with ease. A workforce that is increasingly familiar with digital processes is likely to be receptive to a cloud-based GRC system, too, rather than working from paper.



#2 How Do We Identify Knowledge Gaps? 

If a skills gap is identified, the organisation is required to take action to address any competency issues, and even check that this action has been effective. 

A comprehensive training records management system will enable HR managers to have a real-time overview of current knowledge gaps in the company. This is ideal for three reasons:

  • Identifying common knowledge gaps means training can be block-booked to save time and money
  • Risk is reduced by ensuring all staff are trained to appropriate levels at all times
  • Skills gap analysis can be easily delivered when assessing requirements for a recruitment process, to efficiently recruit new staff with a broader skill set.



#3 How Do We Control Training Documentation?  

ISO 9001:2015 Clause 7.2.5 requires documented information as evidence of competence. This means records of education, training, skills and experience must be documented. A suitable EQMS system will enable individuals to access and update their own training records (if you want - or HR representatives can be responsible with further controls). The ability to upload documentation such as certificates to confirm training and skills is an ideal feature for ISO 9001:2015 compliance.

It's not just training documentation that benefits from controls, either. When all documents are held in a central hub, version control means HR Managers can ensure only the latest policies, processes, and forms are in use. When important updates are made to a document, individuals or groups can be made to acknowledge that they have read the new version. This immediately shifts responsibility from HR to the individual, which in turn reduces the risk of future litigation from (ex)employees.


document management best practice.png


#4 How Do We Keep Confidential Employee Information Secure?  

These days, people are more wary about data held about them by any organisation – including the one they work for. Boost trust with digital personnel files: with a document management system individuals can access records held on them at any time, without compromising data security.


If your organisation is (or is striving towards) ISO 27001 accredited, you'll understand the importance of data security. The Standard is designed to maintain strict controls over data - without restricting access where it would hinder business operations. A system such as EQMS Training Manager or Document Manager can be restricted by individual permissions, meaning users can only access files that you give them access to. This feature is perfect for any organisation wishing to provide individuals clarity over information held on them without compromising on data security compliance.

#5 Can Employees Access Critical HR Policy Documents?

Hosting critical HR policies and procedures in one central hub means users can access them at any time - without the need to pester the HR department. This means happier staff as they can find the answers they need instantly, and a positive and more efficient HR department as time spent on common questions is slashed.

What if you have remote or mobile workers in your organisation? A document management system that is based in the Cloud enables people to access any HR policy documentation at any time, from any location. This is especially helpful if your organisation has a remote workforce, or people who are often out of the office but need access to these documents.document management best practice.png

When using a quality management system for ISO 9001:2015 compliance, you'll need to consider whether your procedures are up-to-date and accessible by all relevant parties. EQMS Document Manager is an example of how change logs and read receipts of critical documents ensure full compliance and allow for easy audits.



#6 How Does Employee Training Change To Prevent Issues Recurring?  

One vital aspect of HR is ensuring that the workplace is a safe environment. That’s tricky on even a small site, but if you have multiple sites or your organisation employs home or mobile workers if becomes a nightmare to handle.

Untrained staff and knowledge gaps raise the risk of accidents in the workplace, or problems which affect the quality of product or service output. A system that allows for risk management to be the responsibility of ALL staff means new hazards and potential risks can be immediately addressed, and preventative actions could include implementing further staff training. 

A GRC system can allow anyone to raise risks as they spot them, which triggers an automated workflow for action. While this often falls to the quality team, many actions will also be the responsibility of HR. By implementing such a system, it will promote inter-departmental communications and increased awareness of individual responsibilities to workplace safety.



The Next Step To Solving The HR/Quality Disconnect 

Integrated quality management software for HR will provide several benefits to improving processes and reducing risk, including:

  • Full training record management with overviews and drill-down reporting for knowledge gap analysis
  • Requirement to acknowledge receipt of essential policy documents to reduce risk of liability
  • A single source of truth for all policy documents
  • Permissions restrictions for greater data security and information distribution
  • A reduction in time demands on the HR team - common policy and procedure questions held in one easy access place instead

For more information about how EQMS can help solve the HR/Quality disconnect, request a demonstration of EQMS Training Records Manager here

 EQMS training records manager


Tags: GRC Resources, Change Management

OHSAS 18001 and ISO 45001 – Essential resources

Posted by Marc Gardner on Wed, Sep 02, 2015

Keep on top of the occupational health and safety standards with these essential resources. This selection of websites, videos and blogs covers the fundamentals of OHSAS 18001 and presents what's currently known about the upcoming ISO 45001 standard set to replace it. We hope you find it useful, but if you have anything to add please leave us a comment.

BSI Group

BSI Group

The British Standards Institution (BSI Group) is the UK's national standards body. They produce technical standards on a wide range of products and services and supply certification and standards-related services to clients ranging from high-profile brands to small local companies in 172 countries worldwide.

Their overview of OHSAS 18001 is a useful place to start, providing a summary of the existing OHSAS standard as well as information on implementing and maintaining a management system, and gaining certification.

They have also produced a helpful PDF guide to the new ISO 45001 standard, which you can read and download here.


National Standards Authority of Ireland (NSAI)


The National Standards Authority of Ireland (NSAI) is Ireland's equivalent to BSI. They are the national certification authority for CE marking and provide a certification service that enables Irish businesses to demonstrate that their goods and services conform to the relevant standards.

NSAI's website has a range of useful information, but their information leaflet and PowerPoint presentation on migrating to ISO 45001 might be of particular interest.




NQA is part of NTS, the leading independent provider of environmental simulation testing, inspection and certification services in the US. NTS serves a broad range of industries, from civil aviation, space and defence to telecommunications, electronics, medical and automotive.

Here they give a detailed talk on the changes businesses will have to make when the new standard is introduced. Their webinar on how ISO 45001 will change the way occupational health and safety management systems are implemented and certified is also very good.




The International Organization for Standardization (ISO) is an independent, non-governmental membership organisation and is the largest developer of voluntary international standards.

Their web page on management system standards sets out a thorough yet concise summary of the background to the standards, and their page on ISO 45001 provides useful articles and a current timeline for implementation of the standard.


Charter 4 Solutions

Charter 4

Charter 4 Solutions is a multi-disciplinary business consultancy that can help you gain ISO and OHSAS certifications. They work with all types of companies, from young developing enterprises to leading multi-nationals.

They've produced an easy-to-follow infographic to give you a brief overview of the OHSAS 18001 standard.


Qualsys blog











Over the coming months, the Qualsys GRC blog will be keeping track of the latest thinking and developments in regards to the ISO 45001 standard, linking to useful resources and publishing whitepapers as the standard progresses along its timeline. 



What you should do now 

Download the EQMS Datasheet Pack to learn how EQMS software can help your organisation comply with ISO 45001. 


Trusted ISO Compliance Software


Tags: GRC Resources, ISO 45001

5 Crucial ISO 15189 Resources for Laboratory Professionals

Posted by Alastair Atcheson on Tue, Feb 24, 2015

In October 2012, the final draft of ISO 15189 was approved. The transition from CPA to UKAS introduced new requirements designed to ensure that your laboratory consistently delivers technically valid results by complying with both technical competence and management system requirements.

The following collection of resources provides:

  • a comprehensive breakdown of the Standard
  • reasons for achieving accreditation
  • how to ensure compliance with the Standard


1. ISO 15189 Accreditation: Is It Worth It?

ISO 15189 Accreditation  


Are you new to ISO 15189, or perhaps unsure if it is worthwhile getting your business accredited? This introductory article aims to help you make that decision by:

  • providing an overview of the Standard, its purpose and its global presence
  • comparing ISO 15189 and CLIA
  • considering the advantages ISO 15189 can bring to your laboratory



ISO 15189 Checklist

This FAQ from the American Association for Laboratory Accreditation works as a ISO 15189 checklist, offering great introduction to the essential points relating to ISO 15189. It talks you through:

  • details of a quality management system requirements necessary to comply with ISO 15189
  • requirements contained within ISO 15189
  • benefits of getting ‘peer evaluated’ accreditation and the process of accreditation itself



3. Everything You Wanted to Know – Presentation from POLQM

ISO 15189 Explained


Authored by Michael Noble from the University of British Columbia, this comprehensive presentation lives up to its ambitious title as it covers:

  • the history of ISO 15189 and the purpose of its development
  • a breakdown of the Standard and its contents
  • the significance of ISO 15189:2003 and its place in the future
  • options for applying ISO 15189 and the difference between accreditation and certification

4. ISO 15189 Gap Analysis – Qualsys

ISO 15189 Checklist


Performing a gap analysis is advised to help ensure that your laboratory meets the requirements for ISO 15189. This free tick-box spreadsheet is an ISO 15189 cheklist that allows you check your laboratory against each clause in the Standard and also includes a:

  • series of simple self-assessment tick boxes
  • summary of all additional requirements compared to the CPA Standard
  • gap analysis result (out of 100%) to identify areas of improvement


5. Whitepaper – Dark Daily

ISO 15189 Accreditation


This professional whitepaper is an excellent resource for those wanting to know more about the main components of a Quality Management System designed to oversee medical laboratories. It provides valuable insight into:

  • four main components of an ISO 15189 QMS – Management Responsibility, Resource Management, Service Realisation and Analysis & Improvement
  • the Deming Cycle, which your business can utilise for continual improvement
  • case studies that demonstrate successful application of much of the theory 

Want more?

ISO 15189 Software

Image credits.

Tags: GRC Resources, ISO 15189

The Top 5 GRC Twitter Accounts You Need To Follow

Posted by Callum Hornigold on Mon, Feb 03, 2014

Callum Hornigold Qualsys

Want to stay on top when it comes to governance, risk and compliance? We’ve compiled an executive list of the top GRC Tweeters to follow to ensure you're at the forefront of the latest news, events and opinion.

Michael Rasmussen

Twitter handle @GRCPundit

Michael Rasmussen

Known by the self-styled but equally justified moniker “The GRC Pundit”, Rasmussen holds over 18 years’ experience in GRC. Showcasing his expertise on the topics of enterprise GRC, GRC technology, corporate compliance, and policy management, not only is he an active Tweeter but also a regular keynote speaker, author, and advisor. He’s also noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester. If you’re not following him, you’re simply behind the curve.


Matt Kelly

Twitter handle @complianceweek

Matt Kelly

Matt Kelly is editor of the globally revered Compliance Week, one of the leading information services on corporate governance, risk and compliance. A serial Tweeter at the vanguard of GRC news, if any breaking information surfaces you can guarantee he will have a handle on it.


Tammy Whitehouse

Twitter handle @tammywh

Tammy Whitehouse Twitter resized 600

Another member of the Compliance Week team, Whitehouse is a long-standing business writer who’s been a regular contributor since 2005. Specialising in auditing, her work has been featured in an impressive index of journals and periodicals including Journal of Business Strategy, Strategy & Leadership, Compensation & Benefits Review, Inc, and Buyside. What’s more, her Tweets are purely business-orientated and highly focused.


Ted Bilich

Twitter handle @TBilich

Ted Bilich

A reverend of risk, Bilich is CEO of Risk Alternatives, providing world-class governance, risk management, compliance, and dispute resolution services. Having counselled, facilitated, and taught in a wide variety of settings, including Fortune 100 companies, growing businesses and non-profits, Bilich is one of the world’s leading experts in risk management and compliance – a title cemented by over 8000 Twitter followers.


Norman Marks

Twitter handle @normanmarks

Norman Marks

When Marks’ Twitter bio states he’s “considered by some as a thought leader”, this may well be a modest understatement with over 3,577 followers. An “evangelist” and expert in internal audit, risk management, compliance and ethics, Marks has led large and small internal audit departments, been a Chief Risk Officer and Chief Compliance Officer, and managed IT Security and governance functions.


And Not To Forget....

Be sure to follow us @QualsysEQMS for the latest news, events and opinion within governance, risk and compliance and feel free to get in touch with any questions you may have regarding our software.

Tags: GRC Resources, Governance Risk and Compliance News, Who to Follow for GRC