The best way to explain the requirement of clause 4.1.1a in ISO 9001:2015 is organizations are now required to identify the inputs and outputs of the processes of their quality management system. Since these terms can be a bit confusing for some:
Inputs: Resources that are needed or used in the execution of a process step (raw materials, labor, information, etc.).
Outputs: The results or outcomes that are created through the execution of a process or process step.
The key to this requirement is understanding the transformational process that is performed by your business to create the product or service your company sells. Word of caution here: DO NOT GET TOO DETAILED when you are identifying the inputs and outputs. At a micro level, businesses can have hundreds of processes or steps and to identify the inputs and outputs of all those steps would be a monumental task.
Start at a very high level
I find the best, and most effective way to comply with this clause and get a good understanding of inputs and outputs is to utilize a tool commonly used in Lean Six Sigma practice called a SIPOC diagram. The SIPOC diagram is defined as, "A tool used by a team to identify all relevant elements of a process improvement project before work begins. It helps define a complex project that may not be well scoped, and is typically employed at the Measure phase of the Six Sigma DMAIC (Define, Measure, Analyze, Improve, Control) methodology." (iSixSigma, 2017)
SIPOC diagrams are very easy to complete. Here are the steps you should follow to create your SIPOC Diagram and Identify the Inputs and Outputs of your organization.
1. Clear some wall space and assemble a cross function group (3 to 5 people are generally sufficient). Post some flip charts with headings (S-I-P-O-C) written on each, or headings written on post-it notes posted to a wall.
2. Fill in the process steps vertically in the Process column (the "P"). If your organization was certified to previous versions of ISO 9001, you will already have a high level process map documented in your Quality Manual. Use this map as your process steps in the SIPOC. If you are starting new, describe what your organization does in 5 to 7 steps (roughly). An example manufacturer could be something like this: Quoting - Order Processing - Engineering - Outsourcing - Production - Shipping - Invoicing.
3. Identify the outputs of each process step. Once the process steps are in the center column, outputs are easily identified by asking the question, "what does this process step create?". Post those in the "O" column next to the associated step.
4. Identify the inputs of each process step. Now ask the question - "what resources are needed to accomplish the process step?" and post those next to the appropriate step in the "I" column.
Note: Following those steps to this point will give you a great start toward the understanding of your business' inputs and outputs. You can stop here if you'd like - but if you want to utilize the tool to its fullest, you take the following two steps and use that information to begin the formation of your list of interested parties.
5. Identify the customers that will receive the outputs. For each output, ask who the person, department, or entity is that will be receiving the output and list those in the "C" column. These customers could be internal or external to your organization.
6. Identify the suppliers of the inputs. Ask who provides each listed input and document those in the "S" column. Much like customers - suppliers can be internal or external to your organization.
Once this exercise is complete - confirm the information and document it in the appropriate location within your management system. Understanding the inputs and outputs helps provide a foundation for what comes next - evaluating (measuring) the inputs and outputs to determine potential opportunities for improvement.
Effective communication within a company allows the Management System to function efficiently, by providing relevant, meaningful information to the people who need it. The 2015 revision of ISO 9001 makes it is necessary for a company to decipher the internal and external communications pertinent to the management system and put some structure around it. In doing this it is necessary to know who to communicate with, how communication will occur and who is responsible for doing the communication.
When working with communication within a company there is two main divisions to consider; internal and external. Internal communication is all levels of the organization, this means the staff who deliver and implement information, operational staff and management staff. Internal communication can be delivered in three main formats; visually, written and face to face. The format of internal communication is determined by any barriers within the company. Barriers within a company could include language barriers, illiteracy, some staff working outside the office, technology within the company, etc. Internal communication is all about ensuring internal employees have the information they need to be able to effectively execute their job.
The second division of communication within a quality management system is external communication. This method of communication involves anyone pertinent outside the company; included would be other companies in the same field (service providers, maintenance providers), contractors, customers, stakeholders or board members. Devising effective external communication ensures all relevant interested parties are appropriately informed. (more on relevant interested parties - click here).
The easiest way to formalize organizational communication is to put together a communication matrix. Odds are pretty good that you are already doing quite a bit of communicating with internal and external stakeholders, the matrix functions as a summary so all communication can be viewed from a macro level to identify gaps and redundancies in communication. The easiest way to construct this matrix is to create a table in Microsoft Word or Excel with the headings listing in the next section. Then begin populating it with all of your current communications that are taking place and use this matrix as your starting point. I have included some definitions as a guide.
Categories and examples of internal and external communication:
a) What is communicated: Define and document the topic of communication - what is the information that is going to be delivered?
b) Frequency of communication; Specify how often this communication is going to take place. This is typically daily, weekly, monthly, quarterly, yearly. The frequency of the communication depends solely on the topic of discussion, for example financial communication may be monthly whereas structural or environmental changes could be yearly.
c) Audience; this can be anyone internal or external to the company and be decided based on the topic of the communication, for example financial communication may be with only internal employees that handle cash flow or budget information, structural or environmental may only include any employees that can make physical changes within the company or work in the department being altered or changed. Quarterly business reviews may be delivered to the Board of Directors.
d) Mode of Delivery; this can be done in many ways including face to face, visually which would include power points, videos, dry erase board or written could be a newsletter, email, manual, etc.
e) Communicator; this is typically determined by the topic of communication - who is the person (or group) responsible for delivering the communication.
All in all, communication is a really important aspect of running an effective and efficient business; utilizing a simple structure like a communication matrix can ensure intentional, relevant, and timely delivery of information.
Internal audits often provide the biggest problem for ISO certified organizations. Fundamentally nobody objects to internal audits, the goal is to optimize them but that can mean different things. Management usually recognizes that audits are supposed to review the way the organization is operating to ensure that processes are followed as expected, to ensure they are still achieving the goals set and to look for opportunities for improvement. However, when they don’t see audits reporting any problems or finding things to improve then the tendency is to move for cost reduction.
How can we reduce the duration and the cost of the audit?
Here is the thought, "If there are no findings then my processes must be excellent – I don’t need to audit them." Of course the problem is that the reason nothing was found and no improvements were suggested is because the audits themselves were not effective. Should every audit result in at least one nonconformity? No. The last thing you need is for audits to feel like a traffic cop walking around the facility writing tickets.
Management must ensure that audits are effective and demand improvement. All processes can be improved and audits need to provide this for management. To get back to the original question of reducing the cost of audits - Costs can be significantly reduced by implementing improvement ideas resulting from internal audits - not by minimizing the audits.
Even with that mindset in place, there are still issues with internal audits
The first problem with internally resourced audits is that people typically don't want to do them. This is not what their career path is, this is not their chosen vocation and they know that when they get back to their day job nobody has done their work for them. This is not something to be desired, it is extra work to be avoided and minimized.
The next problem is that these people are rarely adequately supported. They may have auditor training but because they do this once a year for a few days it’s easy to forget. It is difficult to remember the types of things they should be looking for, how to determine conformance, how to assess a process for effectiveness and with limited experience it is difficult to identify opportunities for improvement. Typically internally sourced auditors are cautious about what they say. They are unsure if a process is effective or not and tend not to say anything. Their findings normally focus on errors with procedures and occasional administrative improvements.
One indicator of the performance of your internal audit team is whether they catch all issues before the external auditor has findings. Not only does this protect your certification but it reduces effort and administration. If your
external auditor is finding things then you should question your approach to internal auditing.
Outsource your internal audits?
Outsourcing internal audits is the solution that more and more ISO certified organizations are moving to. Their recognize their internal people already have full-time jobs to do. They have difficulty maintaining adequate expertise and dedicating the necessary time to perform effective audits. Companies have outsourced functions with similar traits for years (accounting, legal, information technology, etc.) and now that thought process is moving its way to into the quality profession. As internal resources get busy, it just makes more and more sense to call on outside expertise.
The outsourced internal auditors not only protect your certification but they are ISO experts. They maintain the necessary competence, have loads of experience and can bring best practices that your internal resources may not have thought of or been exposed to. They should be coaching, training and helping as they audit (good internal auditors are different from external auditors). They should be experienced enough to identify any issues in your ISO system and allow solutions before the external auditor gets there. They should have a wide ranging knowledge of organizations and subjectively advise about the effectiveness of your system and challenge for improvements. Management should again demand this of internal auditors irrespective of the fact that they are outsourced – it’s just that now the benefits of good internal audits can be realized.
When you get right down to the numbers, in practice, outsourced audits are likely cheaper and add more value. Higher quality audits, more valuable suggestions and the development of a relationship with an outside expert that can help support the ongoing development of your management system - and with responses to third party and customer auditors in the event they find something. Add to that the missed hours of work, the distraction to an employee's "normal job" and costs of training, preparation, reporting and on-going communication and questions. Outsourcing makes so much sense.
This does, of course, all rely on the fact that an outsourced auditor must be good. While simply being able to demonstrate effective audits is the ultimate test, someone with lots of auditing experience, ASQ and RABQSA qualifications, experience with consulting, qualified trainer and other ISO experience all indicate the ability of the auditor.
The benefits are there to justify outsourcing your internal audits now. If you are considering the move to externally sourced internal audits - Click Here for more information and to get the process started!
3 Easy Ways to Determine the Context of Your Organization
In this week's blog, we will dissect and better understand Clause 4.1.1. Of the ISO:9001 standard. This clause essentially changes the application and concept of clause 4. Context of the organization is a brand new requirement in this revision of ISO 9001, and your organization must now take into consideration both internal and external issues that can have an effect on strategic objectives and the planning of QMS. We now need to determine the context of our processes and procedures to comply with this clause.
So how do we do that? I'm so glad you asked…
1. Evaluate Your Organization. The first step is to look into your organization and evaluate processes, procedures, and context. Take time to evaluate all of the elements of your organization and their influences. Look at how they reflect on the management system. Take a look at your company's culture, flow of information and processes, company size, objectives, goals, complexity or simplicity of products, customers you serve, markets, the list can go on and on. You also will want to remember not to overlook the possible risks as well as possible opportunities regarding your company's business context.
2. Determine The Requirements. After you evaluate all aspects of your company, the next step is to determine which new requirements your company has already met in your existing documentation, and which are not yet met. If your company has already been using ISO 9001:2008, then you've already defined the scope of the management system and sequence of processes and interactions in your Quality Manual. Using these as an input to determine your context can save you time and prevents you from having to start from scratch! If you do have to start fresh and determine the scope of your management system, no big deal - the bulk of this task was done in Step 1 with your evaluation. Don't forget to determine and include your relevant interested parties. See last week's blog on for more information on relevant interested parties!
3. Document, Document, Document. After you've evaluated and determined your requirements, it's important to put pen to paper (or keyboard to monitor) and document your context. It is very helpful to document this context as a part of your scope within your Quality Manual. The standard does not specifically state that the context needs to be maintained as documented information, but it certainly helps with setting the strategic direction of the organization if the context is spelled out in black and white.
If you take a step back, your context already exists, this process just helps you understand and firm it up. Think of it this way - if someone asked you what your company does and who it serves - what would you tell them? Think of what your response would be. That alone will give you a great jump-start to understanding your context.
Ever been questioned about your data? Not questioned one-on-one sitting in your office, but more of an "on-the-spot, everyone I know is watching" kind of questioning? Yeah, not fun. As a healthcare data analyst, you aim to provide data that is accurate, representative, and helps the right people make the right decisions. So what happens when someone calls out your data in front of everyone and claims that it doesn't represent reality?
Yeah, I know how that feels. I've been there. But how do you really know if what you are providing does actually represent reality? (Psst - if you aren't sure if it represents what is really happening, how can we expect others to trust what you are providing?)
There are many ways (unfortunately) that data can become misaligned with what is actually happening and provide an inaccurate picture; formula errors, data extraction errors, data entry errors, and so on - but the one I want to talk about in this blog - random sampling - helps ensure data accuracy.
Random Sampling, what's that?
Random sampling is a technique used when it is not feasible or practical to obtain and analyze an entire population of data. In statistics, a population is the complete set of data for the question of interest. We can use random sampling to obtain a subset of data from the whole population in order to estimate what the entire population is telling us. That's a mouthful, I know.
Let's say you wanted to estimate the average length of stay of a hospital inpatient over the past 6 months. If you could easily obtain all of the patient length of stay data, you could just use software to add up all the individual "lengths of stay", divide by the total number of patients and "presto!" you'd have the average length of stay of the population (hospital inpatients in the last six months).
In the day of electronic medical records, the data for the whole statistical population is becoming more readily available electronically - which greatly simplifies our data collection. But what if you were interested in learning more about length of stay and the underlying causes - maybe something that is not available in a report and would necessitate a chart audit or some other manual data collection process.
How can you ensure that your sampling is representative of the whole?
When you sample, the key is to make sure your sampling is random - meaning you can't just take 15 patients from Unit A and 15 from Unit B and 15 from Unit C and so on. Nor should you just list all of your patients in order and take "every 10th" patient. You should have a method to randomly select - free from any selection bias.
Microsoft Excel has a really easy formula to truly take a random sample from a data set. Check out the video below and I'll show you how it works.
ISO 9001:2015 4.2 - Identifying and understanding the needs and expectations of relevant interested parties
It's very important to understand the needs and expectations of interested parties in your ISO 9001 management system. Interested parties will have an impact on your organization’s ability to provide products and services that consistently meet customer needs as well as legal and regulatory requirements. This article will help you in understanding the needs of interested parties and continuously meet their expectations.
An interested party is typically includes your customers, government or non-government organization, employees, owners or shareholders. You should know who your interested parties are for many reasons. To name a few, the management system scope needs to include the relevant interested parties' requirements, measurement traceability needs to be maintained- when this is an expectation of those interested parties, the quality policy is to be made available to relevant interested parties (when appropriate), and requirements for products and services may need to include requirements from relevant interested parties.
So, how do you get started?
In plain English, the requirements of the standard want you to be aware of the parties that have some interest in your organization, and to have knowledge of what their requirements are of your business. Follow these steps and you'll be on your way...
Finally, make sure this exercise is not just a one time analysis. The needs and expectations of interested parties are fluid, so you need a way to ensure this review takes place on a frequency that makes sense for your business.
The 2015 revision of ISO 9001 has removed the requirement of a Quality Manual, something that has been needed historically if your organization has wanted to achieve and maintain certification. This requirement appears no more! Woohoo! Shred those Quality Manuals and never look back!
Right? If the standard doesn't say we need it, then we don't need it. One less document to maintain. Finally, life as an ISO 9001 certified company is getting easier!
Let's hold on a second...
A common practice to create and maintain a Quality Manual for the ISO 9001:2008 standard (and earlier versions) was to create an exact copy of the verbiage in the standard, change all of the "shall" words with "will" or similar term that fits, change all references to "the organization" to the name of your company, slap a few logos on it, give it a control number and publish it.
And then...nothing. Let it sit for years until the new standard is published and then repeat this copy-paste process all over again. That practice, although common, doesn't help anyone.
It's Time to Re-Think the Manual
Now is the perfect time to rethink the Quality Manual. Take a step back and really consider what a manual should do for your company - provide the framework for your entire management system. Here are a few ideas to get you started.
Keeping your Business Manual Current
Even if your ISO Certified Company has a thorough and accurate Manual for the previous year, it is still very important to keep this document up to date. Here are some things to watch out for that may trigger the need for an update.
So, there are some things to think about. Even though the Quality Manual is not mandatory, it is still very much necessary. Use this opportunity to increase the role of the Manual within your business management system.
Do you have a have an interesting way that you have made your manual more valuable? Please share in the comments below.
Now ISO 9001:2015 does not disallow the use of printed out, controlled hard copies of procedures, work instructions, and the like. Companies choosing to maintain hard copies of the "approved" documents at point of use or in other controlled locations certainly can keep doing that and your certification won't suffer.
But, this is the 2015 version of the standard. Yes, 2015. It's time to simplify.
There are tools out there now that will facilitate compliance with all of the 9001 Documented Information requirements in an electronic environment, and drastically improve the document revision and approval process.
Facilitate, as in, make easier.
My personal favorite is Microsoft SharePoint.
Using Microsoft SharePoint can drastically simplify the way you're currently managing your business documents. Users can simply create a metadata based document library where you can tag documents, search based on keywords and tags, and not worry whether you're accessing a duplicate or latest version of the file. The SharePoint library can simply organize your documents that may be relative to one another ,and share the same security and permissions. Here are some of the features you can use to simplify your workload and management roles:
Version control is a distinctive feature for any enterprise-scale document collaboration platform. In SharePoint, the versioning feature automatically saves every version of a document. This allows multiple people to make changes to a document without the fear of overwriting a previous version.
An approval workflow feature is also available to simplify organization and sharing task responsibilities. The approval workflow routes items in a SharePoint site to specified people for approval. It manages and tracks all of the human tasks involved with the process and provides a record of the process when it completes. Approval workflows support any business process that requires sending documents or items to colleagues or managers for approval.
The check in - check out feature allows you to make changes to a file on a site, and ensures no one else can edit the file. When you have the file checked out, you can edit it online or offline and save it as frequently as needed. You can simply check out, check in, and discard changes you make to files in SharePoint libraries.
User permissions can allow users to specify who can view drafts and edit content on any document. This feature allows users to manage and assign documents to specific individuals without having to make all documents public within SharePoint.
Don't wait another minute. Start exploring this now.
There are so many benefits to moving from a paper based document control system to one that utilizes SharePoint that I would have to post another blog (or 2) to adequately describe them all. Making this leap will save you so much time, and it does not take too long to convert. If you would like a nudge to get started, shoot us an email, or post a comment below. We'd love to help you out!
If you read the title and had a flashback to the Geico commercial with the camel wandering around the office - I hope it put a smile on your face. If you have no idea what I am talking about - you might want to check it out here.
Ok, so I am not writing about camels or insurance. But I AM writing about "what day it is".
Have you ever had a spreadsheet with data that included dates and someone (maybe you) was wondering what day of the week each date corresponded to? As I am sure you know, in healthcare, day of the week matters. There may be different arrival patterns in the ED, there might be different staff scheduled in the birthing unit, There might be...I think you get the idea. Saturdays are not the same as Tuesdays.
Excel has a formula to extract the day of the week from a date field that assigns number values to the day of the week depending on which criteria you enter (Monday = 1, Tuesday = 2, and so on). This is helpful, except it leaves people asking, "what day is it?" - as in - "are the 1's Mondays or Sundays?"
I've got a simple way to bring the names of the days into your spreadsheet so that no one is left trying to decode your data. i.e. Monday = Monday, Tuesday = Tuesday...easy, right?
Check out this video and I'll show you exactly how to do it. :)
A while back I got asked about a way to utilize Excel to compare data from two separate sources or locations - WITHOUT having to painstakingly look through each line manually. If you are manually comparing data across spreadsheets right now, this is especially for you!
In this short video I use a couple of Excel tools to compare two spreadsheets and find what data is missing from one spreadsheet but exists in the other.
Here's the setup - one spreadsheet is a list of patients that have been discharged and the other spreadsheet is a list of patients that have been sent bills for their visit. These lists have about 75,000 visits on each one and 1,000 of them have not been billed.
Before the HIPAA police gets all excited - this is not a list of names, it is a list of randomly generated numbers that I labeled "account number" which represents a patient visit. All made up data. :)
END OF DISCLAIMER
Ok, where was I? Oh yeah - If I wanted to manually compare both lists to find the "missing 1000" I would likely have at least one birthday before I was done. And I'd probably make a bunch of mistakes. Double yuck.
Watch the video, follow the steps and you could do this same comparison yourself in a couple of minutes. Yeah, not a typo - you can find 1000 "needles" in a 75,000 line item "haystack" in a couple minutes!
If you are able to put this quick tip to work, let me know all about it in the comments below!
Thinking of Outsourcing your Internal Audits?
Christopher M. Spranger, MBA, ASQ MBB
Want to receive free tips to improve your business?