Governance, Risk and Compliance Blog

Using EQMS to manage risk

Posted by Marc Gardner on Mon, Oct 09, 2017

To stay competitive in today's market, it's vital you have a good strategy to manage risk. In recent times, some high-profile organisations have learned the hard way that neglecting risk can not only be costly, but undo years of work building a strong brand and reputation.

If your organisation is ISO-certified, or in the process of becoming certified, you'll already be familiar with risk-based thinking and embedding this way of working across the business. ISO standards now require a risk-based approach, where risk is less an isolated part of your quality management system (QMS) and more a feature of the QMS as a whole. With this approach, you can handle risk much more proactively instead of merely reacting when things go wrong.

ISO 27001, for example, requires you to document how you'll assess and treat risk as you implement your information security management system. And while ISO 9001 doesn't formally say you must do a full risk assessment, it does say you must monitor, measure, analyse and evaluate the risks and opportunities.

A commonly used tool for assessing risk is the risk assessment matrix. You've probably seen one before. A grid of reds, ambers and greens telling you what risks are likely to occur and how severe their impact could be.

Manually creating a risk assessment matrix takes a lot of time – you need to identify what risks apply to your business, decide how you'll evaluate them ('likelihood' and 'impact' tend to be the most common) and then assess them based on the criteria you've chosen.

EQMS Risk Manager

Features

EQMS Risk Manager gives you a framework for identifying, evaluating, managing and monitoring risk. By bringing together data into one integrated, central system, EQMS Risk Manager takes away the problem of business units and departments all working in isolation, without transparency or any knowledge of each other's processes.

Identifying risk Any user can log in and suggest a risk. The system directs the suggestion to your Risk Manager, who then decides whether to log the suggestion as a risk to be further assessed, or reject it. The system records the Risk Manager's response and feeds it back to the user who made the suggestion.
Evaluating risk The system keeps a full list of all the risks your business faces. It assesses each risk against the data provided (including likelihood and impact) and uses a formula to calculate a risk level and risk class.  
Managing risk If the risk class and risk level are unsatisfactory, the Risk Manager may take action to lessen the risk (and perhaps lower its class and level) until it becomes acceptable. For higher risks, the Risk Manager may define which action should be taken when a related incident occurs so its impact can be limited.
Monitoring risk The system has powerful risk analysis and monitoring tools such as configurable risk calculators and risk traffic lights. It provides easy access to a bank of assessments so users can see what controls were tested and the results of the assessments. Risk Managers can access a range of reports to analyse metrics, and apply a number of parameters to help with their decision-making.


Benefits

EQMS Risk Manager saves you time and money by allowing you to assess risks quickly, efficiently and consistently. Its workflow functionality enables you to assign responsibilities and set deadlines to ensure risks are dealt with promptly and never ignored. Your employees know exactly who's responsible for doing what when it comes to limiting risk, which in turn allows you to better demonstrate compliance.

 

What you should do now

If you'd like to know more about how EQMS Risk Manager can help your organisation manage risk easily, arrange a demonstration by clicking the following link.

Request your EQMS Software demonstration

Tags: Risk Management, Risk Based Thinking

Friday Feature -  Managing Supply Chain Risk

Posted by Emily Hill on Fri, Sep 04, 2015

Risks in Going Global

Globalisation provides businesses with countless growth opportunities. However, as supply chains become more and more complex, the risks multiply. The most recent devaluation of the Chinese currency is a reminder of the risks associated with going global, but there are ways your company can use this as an opportunity. 

 

Risk Assessments for companies

 

Over the past three decades, the Chinese economy has grown by an average of 10% per year, catapulting it into the second largest economy in the world. China's attractively low overheads and enormous working population has transformed the potential of global supply chains. However, China is in a headwind of change, which has – and will continue to have – reverberations across the globe.

China’s growth has started to wane. By the end of 2015, it is predicted that Chinese growth will drop to 6.8%, lower than the 7.4% experienced in 2014. Although this still makes China’s level of growth far higher than the US (2.5%) and Europe (1.5%), the contraction of growth indicates that China is starting to ‘unglue’.

Factors such as the decreasing working population, overvalued shares and national debt are starting to take a toll. In fact, The Economist reports that the total debt racked up by the government, household and corporates in China is as much as 250% GDP.

Chinese officials have attempted a range of strategies to reduce the deficit and stimulate growth – from cutting interest rates to increasing the amount banks can lend. However, China’s recent shift from monetary to fiscal policies has been cause for concern. Following a currency devaluation in early August, the Chinese stock market recently suffered its steepest fall since 2007 in a day now known as ‘Black Monday’.

A surge of panic among investors and policy makers across the world led to colossal sales of stock. In fact, it is estimated that approximately £74 billion was wiped off the value of the London FTSE, a bitter reminder of the 2008 financial crisis where companies worldwide experienced firsthand the fragility of the global economy.

Whilst globalisation provides us with a pool of possibilities, there is more need for a stronger emphasis to manage risks effectively.


The importance of proactive risk management in supply chains

While risk management is commonly associated with defensive activities to prevent disaster, a proactive approach to risk management allows organisations to identify opportunities for developing real competitive advantage.

Systematic analysis of risk will often uncover opportunities for improvement. This enables businesses to make strategic decisions that will set it apart from its competitors. The use of a robust risk management framework and systems that help you consistently assess and quantify risk will therefore position your business to take advantage of opportunities as well as avoid disaster.

For example, a thorough financial risk assessment is critical if you are looking to launch a new product to the Chinese market or take on a new Chinese supplier.  With the recent turmoil in Chinese markets a thorough grasp of the risk inherent in either scenario is important and might offer a stellar opportunity or the prospect of failure. After all, the most successful investor of the 20th Century, Warren Buffet, has made millions practicing the aphorism “buy low, sell high”.

EQMS Risk Manager will support you to make top level management decisions and help your business to grow.

Find out how EQMS Risk Manager can benefit your business with the EQMS Datasheet Pack.

 

ISO 14001 Software

Tags: Risk Management

Qualsys Welcomes City of Bristol College to EQMS

Posted by Emily Hill on Wed, Sep 02, 2015

Qualsys is excited to welcome the City of Bristol College as a new EQMS customer.

As one of the largest further and higher education colleges in the country, the City of Bristol College carefully selected EQMS for its integrated functionality, user-friendly interface and powerful reporting capabilities.

The City of Bristol College’s EQMS solution will consolidate EQMS modules including Risk Manager, Document Manager and Audit & Inspection Manager, as well as the iEQMS Auditor for iPad application, and will assist the college in achieving their management goals.

 

 

The City of Bristol College is undertaking a transitional project to provide outstanding education and training. The key project priorities include:

• Pursuing excellence in teaching, learning and assessment 

• Creating a self-evaluative, can-do culture

• Investing in learning through robust financial planning

• Harnessing technology and innovation to transform learning


Gemma

“We’re delighted to introduce the City of Bristol College to the world of EQMS,” says Qualsys Key Account Manager, Gemma Baldan.

“Their commitment to utilising innovative technology and instilling a can-do culture within the organisation is one that Qualsys shares. We’re looking forward to working closely with them during the implementation process and see a bright and productive future ahead.”

 


EQMS will support the City of Bristol College in achieving their project goals in the following ways:

Pursuing excellence in teaching, learning and assessment

Excellence in teaching, learning and assessment involves continuous improvements. EQMS Document Manager will help City of Bristol College incorporate a consolidated approach to document management. By placing key documentation in one easy-to-access portal, EQMS users will be able to share and collaborate on projects securely and efficiently.

Creating a self-evaluative, can-do culture

Vital to the success of any transformational project is equipping employees with the skills and resources they need. EQMS KPI Dashboard provides instant access to real-time reporting information, enabling the management team to make better decisions and improve understanding and communication between all staff.

Investing in learning through robust financial planning

Robust financial planning relies heavily on successfully managing risk. EQMS Risk Manager will enable the City of Bristol College to approach risk proactively. Managing risks via a controlled framework such as EQMS provides a simple way to assess risk, and a structured reporting methodology which delivers accurate management information.

Harnessing technology and innovation to transform learning

EQMS uses advanced technology an intuitive design and powerful reporting features. Qualsys are continuously developing cutting-edge solutions to support EQMS users. The iEQMS Auditor for iPad allows audits to be undertaken remotely, ensuring that audits and inspections are completed quickly, easily and accurately while removing the need for duplicating work.


Find out how EQMS by Qualsys can support your organisation with the EQMS Datasheet Pack.

Trusted ISO Compliance Software

 

Image Credits: www.cityofbristol.ac.uk

Tags: iEQMS Auditor, Audit Management Software, Risk Management, Document Manager, New Customers

Friday Feature – Mistakes Can Cost the Earth... and Pay for Space Flight

Posted by Alastair Atcheson on Fri, Jul 17, 2015


Human error, fraud, and badly managed budgets cost businesses billions of pounds every year. Although these losses may be small on an individual scale, they can add up astronomically.

Understanding loss is often much more tangible when put it is put in perspective. For example, how much do businesses lose compared to the total cost of sending a space craft to the most distant planet in our solar system?


New_Horizons_Probe

Putting a Price on Pluto

This week, NASA’s New Horizons mission to Pluto showed us an entirely new world. The probe revealed giant ice mountains, craters and huge valleys on the surface Pluto and its moons, all for the fraction of a cost of some costly business errors.

The total cost of the New Horizons mission was around $700 million, or about $46.7 million per year for the 15 years it took scientists to design, build and fly the probe to a distant speck 3 billion miles away.

While that may sound like a lot, it looks like money-well-spent compared to some of these costly errors.


1. Improper Medicare payments cost the American government nearly 1000 times as much each year as New Horizons

In 2013, ‘improper payments’ consisting of overpayments, payments sent to the wrong people, and fraud, cost the US government $45.7 billion. To put that in even better perspective, the government spends less than $10 billion on NASA every year.


2. Annual payments to dead federal workers cost more than the Pluto mission’s annual spend

$84.7 million was paid to federal workers who had already died by the government’s Office of Personnel Management in 2013. That’s nearly double the cost of New Horizons.



3. NASA previously lost a Mars orbiter craft by mixing up metric and imperial

NASA’s impressive budget handling had no doubt been influenced by their previous mistakes, like the time they lost a $125 million orbiter craft in space by forgetting to ensure that everyone involved was using the same measuring system.

In 1999, American company Lockheed Martin still worked in feet and inches, and an unfortunate oversight meant that the craft’s coordinates weren’t transferred between Lockheed in Denver and NASA in California.


tom_hanks_apollo

As you can see, organisations face a huge range of variables when it comes to managing and minimising loss. While it is impossible to predict and prevent every area of loss, the first step to ensuring that your organisation has maximum control is to implement the proper management systems.

EQMS software consolidates and integrates governance, risk management and compliance initiatives across your organisation with a single solution. EQMS tools manage your policies, audit programme, risk assessments, incidents, accidents, business issues and more.

No longer will your team be mixing up measurements, sending payments to the wrong people, or losing probes in space. While that last one may not strictly apply to your business, effective management systems are vital to minimising loss and improving efficiencies.

Ensure that mistakes don’t cost your organisation the Earth! Learn more about EQMS software with our datasheets here, or follow the link below.

 

ISO 9001 Software


Picture credits:
www.news.discovery.com
w
ww.sporcle.com


 

Tags: Risk Management, Risk Based Thinking

Friday Feature – Alley-Oops! Nike’s Risk Management is No Slam Dunk

Posted by Alastair Atcheson on Fri, Jul 03, 2015


It’s safe to say that Nike’s marketing department shot a bit of an air-ball when they decided to dress up a statue of Winston Churchill in a French basketball jersey as a publicity stunt.


Nike Churchill Risk Management


A French court has ordered the sportswear giant to pay £48,000 to sculptor Jean Cardot, who was outraged that his work had been desecrated and used without his permission. Mr Cardot has been in a legal tussle with Nike since the stunt occurred in 2011, and has finally won his payment this week.


So how could Nike shoot such a miss?


Clearly their marketing department didn’t evaluate all the risks involved with the stunt. Without having proper procedures in place to ensure that the stunt was appropriate and the proper authorities (e.g. the sculptor) had given permission, Nike were always shooting in the wrong hoop.


Nike have yet to comment on this debacle, but perhaps they thought conducting a proper risk assessment would take too long, cost too much money, or was simply unnecessary. Too many organisations still cut corners when it comes to risk management, which can not only cost you money but can also affect product quality and pose a significant danger to employees.


NBA Risk Management


EQMS Risk Manager saves you time and money by allowing you to manage all types of risk in a single solution.


By assigning responsibility to certain tasks, EQMS Risk Manager evidences and enforces accountability. It ensures that risks are never ignored and always dealt with appropriately, minimising the chances of costly oversights such as an inappropriate basketball jersey.


Manage your risks effectively and start shooting from the three point line! 


Download EQMS Datasheets to learn more about Risk Manager, or follow the link below.


ISO 9001 Software

 

Image credits:

www.telegraph.co.uk
www.funystack.com 

 

Tags: Risk Management

ISO 9001:2015 – The CQI's Richard Green on 'Risk and Opportunities'

Posted by Alastair Atcheson on Thu, May 28, 2015

Risk is a concept that many people naturally assume is something bad; ‘That’s a bit risky, are you sure you want to risk that?’ However, the upcoming changes to ISO 9001 will require businesses to move away from this perception and instead view risk as ‘risk and opportunity’.


As part of his presentation on clarifying the jargon of ISO 9001:2015 (see the full webinar here), The Chartered Quality Institute’s Head of Technical Services, Richard Green, discusses the definitions of risk and how organisations should approach the increased focus of risk in ISO 9001:2015.

 

Why Watch?

In this segment, Richard defines risk as ‘the effect of uncertainty’ that can be ‘positive or negative’. A hot area of debate, a universal definition of risk is something that still needs to be resolved.
Annex SL does not prescribe a risk management methodology, but it does require companies to:

  • determine their risks and opportunities
  • plan and take actions to address them


While many companies will already approach risk similarly, Richard argues that the bulk of the work to come is due to organisations general focus on risk, rather than both risk and opportunity. However, you have the freedom to do this in any way that works for you, as long as you determine and plan.

 

 

See the Full Webinar!

Receive one hour’s worth of IRCA CPD points by watching the full 25 minute presentation here and completing a summary questionnaire on the topics covered. Correct submissions will be sent a PDF certificate confirming CPD points from IRCA. Richard’s presentation covers the essential changes to ISO 9001:2015 and was recorded at the annual EQMS User Group in April 2015.

 

ISO 9001 Changes IRCA Webinar

 

Tags: CQI, ISO 9001:2015, Risk Management, Events, Risk Based Thinking

EQMS Compliance for Solicitors software reviewed by Jonathan Bray

Posted by Michael Ord on Fri, Feb 15, 2013

Jon Bray

Solicitors compliance expert, Jonathan Bray, writing in the respected 'Compliance & Risk Journal' compared the key compliance software solutions to support COLP / COFAs.

Jonathan reviewed a range of reputable solutions, and made the following remarks about EQMS.

EQMS Compliance for Solicitors

Jon Bray EQMS Review
"EQMS is being developed for the legal market having been a leader in other highly-regulated industries for almost 20 years.

The developer boasts an impressive client list including BT, Diageo, the Financial Times and a whole host of local authorities and NHS Trusts. Many firms will undoubtedly be attracted by this proven track record.

The version for law firms is built upon the same engine used by the company's blue chip clients, but its workflows have been adapted from the ground up for COLPs and COFAs.

It is fair to say that the system is currently in an advanced development stage and feels less polished than some other software, but from what we have seen so far the end product is likely to be impressive. The developers say they are working hard to make the system user-friendly and intuitive, without losing any of the software's sophisticated features. 

As well as recording and monitoring functions, EQMS has full audit and reporting capability.

The software is mainly preconfigured for ease of set up, although fully customisable to a firm's procedures and workflows.

Integrated document management, including precedent manuals and policies with roll-out capability, add real value to the service.

Compliance Officers looking to maximise their chargeable time will also be able to opt for an approved risk management consultant to help them manage the firm's overall risk and compliance strategy on an on-going basis.

EQMS can be run in the cloud or on a local server, and data can be accessed by mobile devices.

The product can also integrate with the major accounts packages and Microsoft Office applications, as well as Sharepoint."

Partnership Opportunities for Risk Management Consultants

Mike Bendall

Mike Bendall, Qualsys Director said:

"Qualsys are 100% committed to delivering a real game-changing solution for solicitors compliance. The EQMS Compliance for Solicitors software has been developed for the past 18 months, working with key industry experts and is now being rolled out beyond our pilot firms.

We will soon be announcing exciting partnership opportunities for Risk Management consultants working in the legal market"

 

Request free 1 hour consultation

Tags: Risk Management, Compliance Management Software, SRA

EQMS New Features and New Releases

Posted by Gemma Baldan on Wed, Dec 12, 2012

rob needham Rob Needham, Technical Director, Qualsys

We are pleased to announce a raft of new releases to both EQMS functionality and feature sets. A range of the features and modules have been released and are available on current version of the system.

There are also a host of new compliance and risk management modules which will be available very early in the new year.

Current new releases:

Document Manager

You can now work from EQMS Document Manager without even having to enter the application, it can work as part of you every day role, using;

  • Microsoft Word, Excel and Powerpoint Add-Ins
  • Outlook Exchange Add-In
  • Sharepoint App
  • Android and Apple App

PDF Overlays:

The PDF overlay function ensures that when a document is exported or printed, that key document control information is recorded as a footer; for example the date, document type, void if printed statement, e-signature, user name etc. 

EQMS Audit Manager:

  • Plan and schedule audits with ease
  • View all audit activity at a glance
  • Create new audits from stored templates
  • Record status, milestone dates and any other required data
  • Build reusable lists of audit questions 
  • Raise findings and actions associated with questions 
  • Set non-conformance triggers for question responses

EQMS Training Manager:

  • Assign training requirements by individual, group or role
  • Verify course completion
  • Automated re-training scheduling
  • Record details of training providers and their performance
  • View record of training undertaken by individual
  • Identification of training gaps
  • Automated email and to do list notifications and escalation of training reminders
  • Storage of certificates and evidence of course completion
  • Management reports

CAPA Manager

  • Record and track issues / complaints / incidents etc.
  • View Issues for defined periods by status
  • Classify issue source for further analysis
  • Build reusable workflow templates for each class of issue
  • Automate investigation with step-by-step action (eg root cause analysis)
  • Automate corrective/ preventive actions with workflow-enabled functionality
  • Track actions through to ensure  issue resolution and verification
  • Management reports 

Releases due early in 2013:

Risk Manager

  • Identify and record risk assessments
  • Automatically segregate and classify risk
  • Define probability of occurrence and likely impact
  • Automate  action to avoid, transfer, mitigate or accept risk by the appropriate individuals
  • Apply Risk Ratings
  • Management Reports
  • Automatic lookup and display of related investigations

 Supplier Manager

  • Store Supplier details in the database
  • Store Supplier evaluation and rating records
  • Supplier Approval Process with configurable automated workflow
  • Track non-conformances with  automated workflow through to problem resolution
  • Automate corrective/ preventive actions with workflow-enabled functionality
  • Management Reports

KPI Management Dashboard
GRC Dashboard

  • Dynamic real time reporting
  • Customisable screen and report view
  • Extensive list of  reporting capability
  • Customised reports
  • Permission driven
 For more information please feel free to contact us:
Click to contact us

Tags: New features, Quality Management Software, EQMS, Risk Management, Compliance Management Software, Document Management

Validated Computerised Quality Systems in GxP Environments

Posted by Gemma Baldan on Fri, Nov 02, 2012

Is the system fit for purpose?

It’s crucial that organisations operating across the Pharmaceutical and Medical Device industry carefully consider the impact of the introduction of computerised quality system applications. 

The European Medicine Agency's (EMEA) Guidelines to Good Manufacturing Practice (GMPs) - Annex 11, Computerized Systems (aka EU Annex 11) and The Food and Drug Administration's (FDA) rule on Electronic Records/Signatures (21 CFR Part 11 aka Part 11) are crucial in the manufacture of pharmaceutical products.

compliance

Businesses operating within the Medical Device and Pharma industries are compelled through the FDA and EMEA to instigate a formal validation process to ensure that all software is fit for purpose.  Whilst the legislation that governs particular sectors may vary, the principles of software validation are consistent and typically demand consideration of the following areas:

  • Software Vendor Development Methodology
  • Customer Requirement
  • Customer System Specification
  • Software Verification
  • System Validation
  • System Change Control and Validation
  • Problem Resolution Process and Tracking

So how can we ensure that a computerised quality system is fit for purpose under either Part 11 or Annex 11?

Whether operating under Annex 11 or Part 11, all computerised systems used in GxP regulated environments require compliance for ensuring integrity of data and records. 

 The FDA suggests that “when computers are used as part of the quality system, the [device] manufacturer shall validate computer software for its intended use according to an established protocol. This has been a regulatory requirement of FDA's medical device Good Manufacturing Practice (GMP) regulations since 1978”

 EMEA Annex 11 goes further into the requirements of computerised systems than Part 11. There are specific points in Annex 11 that relate directly to the supplier and service provider of the software. It addresses formal agreements, software review and supplier audits.  It is important to note that a software supplier cannot sell a validated system; validation requires a risk-based approach that the system performs as intended in its actual environment; however a system can provide the functionality to enable compliance with the specific regulations.

Key considerations:

When evaluating computerised quality systems, consider if the system;

  • Provides access control /user management.
  • Allows only authorised changes to data and documents
  • Ensures data integrity including: prevention of deletion, poor transcriptions and omission. 
  • Provides full time stamped audit trails
  • Provides Disaster recovery / Back up and retrieval
  • Provides the use of Electronic Signatures where necessary
  • Allows for system maintenance and change control
  • Supports management of training documentation

  

Five tips to help ensure you select the right supplier:

  1. Evaluate the quality methodology of the supplier; how do they design, construct, supply and maintain the software? Do they have relevant ISO9001 and TickIT quality marques in place to underpin the way they work?
  2. Understand the history of the vendor’s suppliers, if they have outsourced work – was all the software built in house? If not, how are the vendor’s suppliers quality checked?
  3. Are any third party apps used within the software? How heavy is the vendor’s reliance upon these apps, and how reliable are the apps themselves?
  4. Consider any known limitations of the software package or versions and the adequacy of any corrective actions by the Supplier.
  5. Has the supplier supplied to GxP regulated industries previously? Was the software compliant in ensuring integrity of records and data
Finding a vendor that you can trust to work closely alongside you is crucial to the success of your project; in our next post we'll be discussing key considerations of vendor selection.
For further help or information, feel free to Get in touch. We'd be happy to hear from you.

 

Tags: Quality Management Software, Annex 11, Risk Management, Compliance Management Software, Document Management, FDA

ISO9001 Training Courses by the Chartered Quality Institute

Posted by Michael Ord on Tue, Jul 24, 2012

The Qualsys team obsess about issues around compliance and quality (and football). This GRC blog aims to keep busy Quality Managers informed of the latest news, events and knowledge. 

ISO9001



 Qualsys Cert No. 1857 - ISO 9001

 

 


We recently interviewed Colin Partington, an expert on ISO9001 and quality in general, and he advised organisations to use ISO9001 as a business improvement tool not just a 'tick in a box'.

Training courses by organisations like CQI (Chartered Quality Institute) are a great way to kick-start the process. If you are interested, or in the process of becoming ISO9001 certified then its definitely worth a look.

Chartered Quality Institute

This course offers an introduction to the structure and requirements of the ISO9001, also on offer is the chance to gain practical knowledge on the implementation of a quality management system and the chance to gain ISO9001 certification.

CQI offer a 2 day courses from:

• 30-31st July 2012
• 26-27th September 2012
• 5-6th December 2012-07-2

Venue:
MWB Knightsbridge
14 Basil Street
London

SW3 1AJ

For a CQI member a place on the course will cost £495.00. However the course is also open to non members but at the higher price of £594.00.

The course is aimed at: company staff or managers seeking to understand and implement the ISO9001 with a view to implementing an effective Quality Management System.

The course will cover:

  • The ISO9000 series of standards and their structure.
  • The requirements of the ISO9001.
  • Budgetary requirements placed on an organisation when implementing ISO9001.
  • Developing a QMS framework.
  • Alternative methods of document description and processes.
  • An insight into online QMS.
  • Process and Performance measures e.g. internal quality audit programmes. 
  • Preparation for achieving ISO9001.

The course is fully interactive offering tutorials, practical skills development exercises, group work activities.

The desired result:

  • On completion an employee will be able to relate ISO9001 to his or her own organisation.
  • Have the confidence to implement an ISO9001 programme.
  • Understand the objectives and benefits of an effective QMS.

More?

Please get in touch if you are running events or training courses and would like us to review them.

Colin Partington

 

 

 

 

 

 

 

 

 

 


Watch Colin Partington talk to Qualsys about the impact of ISO9001

 

Tags: Quality Management Software, ISO 9001:2015, EQMS, Risk Management, Compliance Management Software