Dennis Arter, FASQ

October 2013

Management Systems Integration: Big Q or little q?

Eras of management

Control era (product) 1925-1975

Define characteristics and inspect to those characteristics (form, fit, function)

Assurance era (process) 1975-2000

Define processes to achieve results and make sure those processes are being followed. (Say what you do and do what you say)

Eras of management

Management era (system) 2000-2012

Develop organization systems to achieve results and provide resources to achieve success.

Integration era (whole) 2012-2018

Combine quality, environment, safety, security into a holistic view. More emphasis on risk management.

Plan Do

CheckAct

Back to Basics

From our Quality history

PDCA means

PlanIdentify item or service characteristics (form, fit, function)

Define methods, material, and machines to make or deliver that product

Define the systems in which the product is made or delivered

PDCA means

DoProvide people, equipment, material and infrastructure to make or deliver the product

Follow the defined methods

PDCA means

CheckMeasure progress in achieving defined products, processes, and systems

This can be through inspection, audit, customer satisfaction, SPC, or any number of such tools

PDCA means

ActReduce differences between desired and actual states

Make things better and smarter

Note: Deming (PDSA) and Six Sigma (DMAIC) are versions of this.

Good and evil

Some systems promote Good

Quality management tries to achieve excellence, efficiency, satisfaction, delight.

Financial management tries to improve efficiency.

Human resource management tries to maximize people resources.

Good and evil

Some systems prevent Evil

Environmental management tries to prevent harm to the planet.

Safety management tries to prevent harm to people.

Security management tries to keep bad guys away.

Financial management tries to protect assets

Note: These can also save resources if done right.

Bring things together

Material Ideas

People Machines

Make it

Deliver it

Evaluate itChange

Quality management model

Acceptable?

EffectsChange

NoPollutants

Sources

Conditions

Evaluate

Avoid

Transfer Mitigate

Take Action

Environmental Management model

Safety management model

Acceptable?

Barriers

EffectsChange

NoEnergy

Sources

Conditions

Evaluate

Security management model

Acceptable?

Barriers

TargetChange

NoThreat

Monitor

Recent initiatives

ISO 19,011:2011, Management systems – Guidelines for auditing management systems

ISO 17,021:2012, Conformity assessment auditing

ISO Annex SL:2012, Proposals for management system standards

ISO 9001:2015, Quality management systems – requirements

Common elements

4. Context of the organization

5. Leadership

6. Planning

7. Support

8. Operation

9. Performance evaluation

10. Improvement

Emerging trends

Access to information

Global market

Sustainability

Climate change

Business continuity

Social conditions

Triple bottom line: People, Profit, Planet

Social responsibility

1. Consider social and environmental effects of operations when making decisions.

2. Be accountable for social and environmental effects of operations.

ISO 26,000:2010, Guidance on social responsibility, released in Dec 2010.

Not meant for conformity assessment use.

Big in Europe and Asia; not N. America

General risk model

1. Define risk

Quantitative (What is out there?)

Qualitative (How bad is it?)

2. Judge risk

Risk effects analysis (What happens?)

Acceptable and unacceptable risk (Worth it?)

3. Provide countermeasures (ATM)

Avoid (physical and admin)

Transfer (buy insurance or sell to Moldova)

Mitigate (process design)

Risk issues

Good or evil

Quality profession emphasis on making better

Risk professions emphasis on preventing evil

Is it actually increasing?

Attention to risk concepts is increasing every day

Future: Big Q?

Quality heart and soul

Environmental brain

Safety shoes

Security skirt

Sustainable energy

Low carbon emissions

Future: or little q?

Quality is part of the stew

Let’s have a conversation

Preserve emphasis on goodness

Big Q or little q

Thank You

Dennis Arter, the Auditguy

Kennewick, Washington, USA

Mail: Dennis@auditguy.net

Web: http://auditguy.net

Blog: http://auditguy.blogspot.com

Twitter: @Auditguy

Reference

Quality

ISO 9000 family and spin-offs

ISO 9001:2008 is quite mature.

Current emphasis is on processes and how they form systems. No big changes expected.

Most of the world sees quality as conformity assessment (registration/certification).

Quality

Medical device and pharmaceutical

Device is mature. FDA 21 CFR 820 (Quality System Requirements) and ISO 13,485:2003 apply.

Pharma moving towards harmonization, with FDA 21 CFR 210 as the start.

Quality

Food safety

ISO 22,000:2006 (HACCP and ISO 9001 and GMP)

British Retail Consortium (BRC codes)

Safe Quality Food 2005 (SQF) is quite mature

Consolidation effort by Global Food Safety Initiative

Consumer interest strong and getting stronger

Environment

ISO 14001:2004, Environmental management systems -- Requirements and rest of family.

Quite mature and merging with 9001.

Expect much more activity on labeling and claims of conformance.

ISO 50,001:2011, Energy management systems

Occupational safety

Still pretty reactive and lacking maturity of other systems. (Lawyers?)

OHSAS 18,001:2007 (Requirements) developed by ISO and ILO. Not much interest in No. America.

Responsible Care and Process Safety Management (21 CFR 1910) for chemical industry in USA.

Information security

ISO 27,001:2005 (Info Security). Started out as BS 17,799.

ISO 13,335:2004 (IT/MIS Security) available for free.

Identity theft and password capture are huge revenue generators for bad guys.

Cyber-warfare is being developed (StuxNET worm). Zero Day thriller novel recently released.

Governments and multi-nationals interested in registration/certification.

Business security

NFPA 1600:2007 on Disaster Planning, Emergency Response, and Business Continuity used by US Dept. of Homeland Security.

ISO 22301:2012 Societal security - Business continuity management systems - Requirements

Supply chain security

Supply chain risk (sole source, lean, safety, terrorism)

ISO 28,001:2007 Security management systems for the supply chain used for registration

Risk management

ISO 31,000:2009 says that Risk management:

1. Creates and protects value

2. Is an integral part of all organizational processes

3. Is part of decision making

4. Explicitly addresses uncertainty

Risk management

ISO 31,000:2009 says that Risk management:

5. Is systematic, structured and timely

6. Is based on best available information

7. Is tailored

8. Takes human and cultural factors into account

Risk management

ISO 31,000:2009 says that Risk management:

9. Is transparent and inclusive

10. Is dynamic, iterative and responsive to change

11. Facilitates continual improvement of the organization

See also ISO 14,971:2001 (Risk management for medical devices)

CSR is not SR. Focus is on business

Some national standards being developed, especially in Eastern Europe, but not ISO

Conformity assessment, with government encouragement

Used in USA as shorthand for green and corporate charity

No ISO movement (that I am aware of)

Corporate social responsibility