By now, you may have realised that ISO is a business management process that is not so complex, right? If tackled well, It is easier than many expect. In this blog, we will be talking about ISO 9001 Clause 6. However, if you are interested in other clauses within this standard I invite you to look at the other reading material or YouTube videos that go over the rest of the clauses.
The ISO 9001 Clause 6 is basically split into three main sections:
- ISO 9001 Clause 6.1 | Actions to address risks and opportunities
- ISO 9001 Clause 6.2 | Quality objectives and planning to achieve them
- ISO 9001 Clause 6.3 | Planning of Changes
ISO 9001 Clause 6.1 |Actions to Address Risks and Opportunities
The first of which is actions to address risks and opportunities. As you might be aware this particular clause, ISO 9001 Clause 6, is a new addition to the standard, that is ISO 9001:2015.
Here we have to consider the risks and opportunities relating to your organization and if you follow the blog regarding clause 4, in that particular clause, we are required to create a SWOT analysis whereby we have to identify the strengths, weaknesses, opportunities and threats relating to your organization. In ISO 9001 Clause 6, the standard asks us to prioritize these risks and opportunities so that we can do something about them.
So the standard specifically says that when planning the quality management system the organization shall consider the issues referred to in 4 .1 and the requirements referred to in 4 .2 to determine the risks and opportunities that need to be addressed. these need to be addressed to give the necessary assurance that the quality management system can achieve its intended results, enhance desirable effects, prevent or reduce undesired effects, and achieve improvement. So when we are creating the SWOT analysis we have to consider these elements.
So what are the strengths, weaknesses, opportunities, and threats relating to our organization? What do the external and internal stakeholders of the organization want? And what are our strengths, weaknesses, opportunities, and threats in being able to provide these stakeholders what they need? The standard goes on to say that the organization shall plan actions to address these risks and opportunities and define how to integrate and implement the actions in its quality management system processes and evaluate the effectiveness of these actions.
As a minimum, you will be discussing risks and opportunities on a yearly basis. However, when first creating the list of risks and opportunities and you’re going to prioritize them, it is wise to come up with a list of actions that you’re going to do to mitigate your risks and seize your opportunities. If based on any of the risks we identify throughout the process, we need to change something within our processes, then that has to be reflected in the way the processes for your organization are defined. Let me take a simple example.
So if you are a company that is developing software, for example, for your clients, then a risk that you might have is that you wouldn’t understand or you wouldn’t be in agreement with the scope of the software that you are developing for your client.
Therefore, in the long run, it might result in your client not being happy with the cost of the software once it has been completed, because it would have not been properly specced before agreeing on a price with the client.
Or else, it might be that the client gets the software that they wanted at the price that was pre-agreed. However, the company doesn’t generate the profit that it should have generated from that particular project. So it’s important, for example, in this case, that we add a step within your sales process, whereby we effectively understand the requirements of your client and only once that has been fully completed do we provide an accurate quote to our clients.
This varies drastically from what a supermarket will need to do whereby if a client is requesting a carton of milk that is available on one of your shelves then there is no scoping that has to be done and the client can freely take that carton of milk to the cash and go ahead and pay.
So what I’m trying to explain here is that when reading this particular sentence on integrating and implementing the actions into its quality management system processes this is what I mean. It means that the processes of sales for example for a software company and the supermarket will be different because they have different risks.
To evaluate the effectiveness of these actions means that if, for example, we’re taking an action, for example, one of our risks might be that we have a high employee turnover. As one of the actions that we choose to implement, we decide that we’re going to improve the employee culture within our organization.
After taking these actions to improve the culture within the organization, we should monitor the employee turnover rates to see if the actions that we are taking actually had an effect on the risk that we wanted to solve in the first place. And the standard has some further notes that we can consider.
First of all, the standard states the following: The actions taken to address risks and opportunities shall be proportionate to the potential impact on the conformity of products and services.“
Once again, that example of the software development company, if the software is not properly specced and an accurate quote is given to the client, or a definitive quote is given to the client, rather than accurate, then invariably that will have a huge risk either on the quality of the product or on the profitability of the project.
Therefore, a certain amount of importance has to be given to that particular step. And that is what this particular section is effectively talking about. And then we have an additional two notes.
Note 1 of ISO 9001 Clause 6.1 says “Options to address risks can include avoiding risk, taking a risk in order to pursue an opportunity, eliminating the risk source, changing the likelihood or consequences, sharing the risk or retaining the risk by informed decisions.“
Let’s see what each of these means. So whenever we have a risk, we have different choices. First of all, we can adopt new practices. We can do things in a different way to avoid certain risks from coming to fruition. We can take risks in order to pursue an opportunity. So we might know that we are investing for example in a new product that is being developed by our organization, however, we are not 100% sure that this new product will work.
The company might still decide to move ahead with that particular project because they are excited and they see the potential benefit that seizing such opportunity will get to your organization. You can eliminate the risk source.
So if for example one of your risks is that someone might get injured for example and then you might want to work in a different way whereby you would not be exposing your employees to certain risks.
So eliminating the risk source is something that I try to avoid when working with my clients because invariably this will mean that you will definitely have to change the way that you are working before. So yes, eliminating the risk source is something that you should avoid unless absolutely necessary. Going back to the example of the software company, to eliminate the risk of not defining the software properly, we shouldn’t stop selling software, right?
But rather we should do different things to mitigate that particular risk. Changing the likelihood or consequences would be what we would be doing if we are investing more time in scoping the software before giving a quote to our customers.
Once again, in the case of the company sharing the risk, okay? Sharing the risk or transferring the risk is for example when we are using insurances. By paying the insurance we are effectively transferring some of that risk onto another company.
Of course, each risk carries another risk whereby we might be relying on an insurance company but what would happen if that insurance company were to go bust, for example? So sharing the risk is another technique that we use to mitigate risks and even though it is commonly used, there are other risks that we have to consider when we are sharing the risk.
Finally, we can retain the risk by informed decision, which means that we would know that a particular process is risky. However, we decide to keep it as it is because the risk that we have right now is of a potential negative impact that is less than the action that we would need today to mitigate that particular risk.
Note 2 of ISO 9001 Clause 6.1 states that “Opportunities can lead to the adoption of new practices, launching new products, opening new markets, addressing new customers, building partnerships, using technology and other desirable and viable possibilities to address the organizations or its customers needs.“
So here the standard is telling us that we can do different types of things effectively to mitigate risks.
ISO 9001 Clause 6.2 | Quality Objectives and Planning to Achieve Them
Moving on to ISO 9001 Clause 6 .2, this particular clause talks about quality objectives and planning to achieve them.
First of all, what are quality objectives? Quality objectives are objectives for your organization that are aimed at having some type of goal that everyone can see within your organization. And given that the standard says that the organization shall establish quality objectives at relevant functions, levels and processes needed for the quality management system, that means that first of all, we have to consider generic elements, for example, the HR function.
The accounting function, if we want to include accounts within the quality management system, we don’t need to mind you, but HR would be a wise inclusion within the quality objectives. We can have objectives at different levels.
So it might be a top management level, it might be lower down within the organization, we can have goals relating to specific departments rather than the organization. And we can also have goals relating to our processes. For example, the conversion rate of our sales process, the number of defective products that are generated by our manufacturing line, et cetera. The objectives shall be consistent with the quality policy.
This means that when creating quality objectives, we have to go back to the quality policy that would have been created in clause five, right? The topic of how to create a quality policy has already been covered in past blogs. The quality policy and the objectives that we create right now have to cater for those unique selling points that you have as an organization to make sure that whatever you are saying in the quality policy in terms of words, you are now translating that in terms of actual numbers.
For example, if you want to say that you want to become a market leader in the quality policy, then in the quality objectives, you might have an objective relating to the market share. that you have as an organization.
So quality objectives have to be consistent with the quality policy. They have to be measurable and when talking about measurable here I like to tell my clients to have smart objectives. Smart objectives doesn’t necessarily mean and doesn’t just mean that they have to be intelligent objectives but smart objectives is an acronym to having specific, measurable, attainable, relevant and timely objectives for your organization.
Once again I invite you to go to my website or other videos within this YouTube channel so that you can understand how to create quality objectives that are smart for your organization. So moving on to the third point here we have to take into consideration that quality objectives have to into account applicable requirements.
So if there are any applicable customer requirements or statutory and regulatory requirements. For example, we might have agreements with our clients as regards SLAs, okay, software or rather service level agreements.
If we have committed with our clients that we’re going to service their needs within, for example, 24 hours, it might be a good idea to have a quality objective that measures the timeliness of our response to our clients to make sure that you are able to meet those SLAs.
To be relevant to the conformity of products and services and to enhance, and to enhancement of customer satisfaction. What this is saying is that of course, quality objectives have to relate to quality and not just the quality of the product or service itself, but rather to how happy your clients are with the service or products they are getting from your organization.
And there are different ways in which we can do this. First of all, we can evaluate the quality of the product or services itself, but we can also consider elements, for example, the amount of repeat work that we can get from clients.
This is an indirect measure of customer satisfaction because only happy clients will buy time and time again from your organization. So what percentage of your clients are purchasing once again from your business if it’s relevant to your organization?
So yes, monitoring quality and customer satisfaction is definitely a critical part of creating quality objectives that are compliant with the requirements of the standard. Objectives have to be monitored, communicated, and updated as appropriate, and the organization shall maintain documented information on quality objectives.
What this means is that first of all, given that it has quality objectives, have to be maintained as documented information. means that we have to have these objectives written down somewhere so that the auditor can actually see them and read them and objectives have to be monitored.
If for example, we come up with a quality objective that SLAs have to be sorted within 20 hours, it’s useless to come up with that objective if we’re not going to monitor the performance of each and every request that we get from our clients to be able to get a number for the actual time that we are taking to respond to customer needs.
Another element is that they have to be communicated. So it’s useless once again to come up with a list of objectives if they are saved somewhere and not communicated with the relevant people. If objectives are communicated adequately and if as an intelligent leader would do quality objectives are tied to the performance appraisal of employees, then you’re going to make sure that everyone within your organization is pulling the same rope and taking your organization into the same direction, which is obvious but not so common.
And objectives have to be updated. This goes without saying. Once again, it’s useless to come up with objectives, leaving them like that for six, or seven years, you know, and expecting that these objectives will remain relevant to your organization.
So we have to make sure that objectives are continuously updated to reflect the changing realities of your organization.
ISO 9001 Clause 6.2.2
Moving on to clause 6 .2 .2, here we see that it states that when planning how to achieve its quality objectives, the organization shall determine what will be done.
So the actual objective, what are we going to do to reach that particular objective, what resources will be required to do the actions that are needed to reach that specific objective, who will be responsible for the deadline and by when it will be completed? How the results will be evaluated, okay?
So basically, once again, by employing smart objectives, we will be meeting part of the requirements of this particular clause, 6 .2 .2, but also we have to make sure that we are adequately scoping the decisions that we take for each objective and the actions and implications of meeting each and every objective, and we have to make sure that the right resources are being provided in terms of time and money to allow the person who is responsible for such an objective or such tasks to be able to make sure that they are actually capable of doing those actions to meet the results of this objective.