QUALITY MANAGEMENT SYSTEM

QUALITY MANAGEMENT

ISO 9001: 2015

ROI

Selecting the Right

QUALITY

MANAGEMENT SYSTEM

for Your Organization

Rachel Magasweran

Senior Solutions Architect, General Networks

BEST PRACTICES CHECKLIST

www.gennet.com

QUALITY MANAGEMENT SYSTEM

INTRODUCTION

A standardized and regulated Quality Management Process is a key requirement for many organizations. Quality management involves more than just document management and retention: it is a set of systems, checks & balances and compliance intended to make sure organizations are driving toward excellence, safety and customer satisfaction.

However, along with all the benefits of quality management, it can also be a cumbersome, manual effort involving tedious cross checking, updating, and approval processes. To add to the challenge, the quality management effort is usually managed with ever expanding and unwieldy excel spreadsheets.

A remedy for these problems is to embrace the digital automation offered through quality management software solutions. The challenge is finding a quality management system that not only provides functionality, capabilities, fit and ease of use but also successfully addresses the complexity and scope of a company’s quality management program.

03 04 05 06 07 08 09 10

Building a Case For a Quality Management System

ISO 9001: 2015 - Recent Game Changer

Step 1: Assess Your Readiness

Step 2: Review the Solution Landscape

Step 3: Does the System Meet Industry Standards?

Step 4: Align Your Functional Requirements with Product Features

Step 5: How Do You Plan to Store and Secure Your QMS Data?

Step 6: Make Sure Your QMS is Valid & Compliant

The new ISO 9001: 2015 standards require companies to move away from the traditional approach to one that centers on risk management...

Companies that have chosen to become ISO 9001 certified are faced with a new challenge:

in September, 2015, the ISO released a new version, ISO 9001:2015, which companies will have to comply with if they wish to remain certified....

QMS solutions range from basic systems that address a single component to customized enterprise systems that incorporate all components of your quality management initiatives...

The way your company likes to do things is a major consideration when deciding to move ahead with a digital QMS...

Not all systems adhere to standards, so you will have to figure out what you need and then check the system requirements...

A QMS is complex and includes many different components. Some vendors offer a total suite while others only offer a few components...

Another consideration is storage and security. First, what kind of solution best fits your company’s temperament, needs, and standards’ requirements...

Simply moving from a manual to a digital QMS does not make you compliant. You actually have to validate your system, which can take some time...

CONTENTS

11 12

Step 7: How to Calculate ROI for a QMS

Take an Analytical Approach

If you have to prove ROI for a QMS to upper management, we have created a list of items to calculate and include in your analysis...

The new ISO 9001:2015 requirements incorporating a risk management approach are prompting companies using a manual system to move to a digital QMS to save time, comply with the new rules, and stay ahead of the quality curve...

QUALITY MANAGEMENT SYSTEM

The new ISO 9001: 2015 standards require companies to move away from the traditional approach to one that centers on risk management.

M

ost companies are now required to identify, assess, and prioritize risks and develop a plan to accept, avoid, and minimize the impacts of these risks. This fundamental shift in standards is causing companies that have previously relied on manual processes to finally consider the move to a digital Quality Management System (QMS).

Many of these companies now recognize that their current systems are time consuming to manage, largely because they are manual and siloed. Most use multiple, diverse systems to manage and store information regarding quality, and many use Microsoft Excel as the backbone of their systems — often pushing these programs to perform tasks they were never designed to do.

Integrated and streamlined digital systems can alleviate the quagmire of paperwork required and significantly speed up the quality process as well as better track, manage, and improve quality, compliance, and risk management processes. Digital systems eliminate the constant scanning and printing needed to add approval signatures to documents and put an end to the hours wasted trying to locate the correct information, for example, to incorporate into a report on corrective actions. They also provide easy access to information that may reside in other business systems, such as an ERP or CRM, and they automate approval processes and create clear audit trails. Since the information can be easily found, updated, and quickly made available for whoever needs it, updating the quality information and keeping in compliance with regulations is easier.

There are many products available to help you with your quality management processes. There are industry-specific solutions, quality components bolted onto existing manufacturing operations packages, and others that bundle some but not all quality components into their application offerings. To help you navigate some of the industry complexities, we have outlined some considerations to jumpstart your move to a digital QMS.

BUILDING A CASE FOR

Companies that have chosen to become ISO 9001 certified are faced with a new challenge:

in September, 2015, the ISO released a new version, ISO 9001:2015, which companies will have to comply with if they wish to remain certified. Companies certified on ISO 9001:2008 are required to transition to the new requirements by September 2018, three years from the release of the new standard.

There are substantial changes in the revised standard. The new requirements are generic, not specific to manufacturing, services, or industry. They are intended to be applicable to any organization, regardless of its type or size or the products and services it provides.

Nigel Croft, Chair of the ISO subcommittee that revised the standard, says that ISO 9001:2015 “is even less prescriptive than its predecessor, focusing instead on performance.

We have achieved this by combining the process approach with risk-based thinking, and employing the Plan-Do-Check-Act cycle at all levels in the organization.”

“The 2015 version actually has no specific prescribed documented procedures. It’s left very much up to the organization, taking into consideration, of course, their customer requirements, the regulatory framework in which they may operate, to define their own needs for documentation in order to manage the processes.”

ISO 9001:2015 — RECENT GAME CHANGER

WATCH & LEARN Discover the New ISO 9001: 2015

Identify your internal resource capabilities.

For example, do you have IT and Quality professionals to manage the system, a technical project manager to lead the implementation and define requirements, department representatives to give feedback, executive sponsors to support the change, etc.?

Determine your budget for the system, imple- mentation, and annual maintenance and support.

Do you plan to implement and maintain the system yourself or do you need third-party support? If you have a tight timeline, a third- party with QMS expertise could help fast- track the implementation and ensure the new system is setup correctly and efficiently.

What systems will the QMS need to integrate with, including portals, document management systems, and financial systems?

How and who will validate and test the system to confirm compliance with standards and regulations?

Determine how you will conduct your security assessment. This includes identity and access management, password management, role management, electronic signatures and controls, process audits, policies, and procedures.

THE CHECKLIST

q

q q

q q q

STEP 1: ASSESS YOUR READINESS

QMS solutions range from basic systems that address a single component, such as CAPAs, to customized enterprise systems that incorporate all components of your quality management initiatives.

T

o help choose the right one for your firm, you first need to consider your resources.

Different QMS require different resources.

Therefore, implementing a digital QMS requires people, processes, and technologies

— and your available resources need to take each of these elements into consideration.

Do you have the people, budget, and time needed to implement a highly customizable enterprise solution? Or do you have a small department that needs an affordable, off- the-shelf package that you can get running quickly on your own?

Your readiness assessment should include an inventory of your current software and storage systems and whether you need your QMS to integrate well with them. You should also consider your timing needs and whether you have the support of upper management in transitioning to a digital system. Do you need to prove ROI before you can move forward? Most of this assessment can be handled internally; however, consultants can also help you determine your company’s state of readiness if needed.

Are you comfortable with ‘out of the box’ functionality and processes?

Do you require customization to meet your organization’s processes or systems?

What are your key functional requirements?

THE CHECKLIST

The way your company likes to do things is a major consideration when deciding to move ahead with a digital QMS.

q q q

STEP 2: REVIEW THE SOLUTION LANDSCAPE

D

o you want to adapt to the processes that the software dictates or would you like the software to flexibly adapt to your established processes? The latter takes a more customized approach and will require you to spend a lot of time configuring it, so with any package under consideration, you will need to understand the level of customization needed and your willingness to either do that on your own or hire someone to help you.

A custom system will need to be maintained and updated, so make sure you take into account the added costs – not just the upfront initial cost of a QMS. You will want to understand the hidden costs of items such as changing a process, adding custom programming, or simply maintaining the system.

ISO 9001

FDA 21 CFR Part 11 EU GMP Annex 11

THE CHECKLIST

q q q

Are you required to meet:

q

STEP 3: DOES THE SYSTEM MEET INDUSTRY STANDARDS? Does your company need to adhere to standards as part of its QMS?

N

ot all systems adhere to standards, so you will have to figure out what you need and then check the system requirements. Each standard is different and may have additional requirements that must be addressed. For example, ISO 9001 has standard components that require a monthly management review of quality, internal audits, document control, and a system to prevent and correct issues, among other requirements.

The new ISO 9001:2015 standards include Risk Management, Integrated Expectations, and Voice of the Customer. Most likely, you will need to add new policies and procedures to address these areas and incorporate internal processes that you may already have into the QMS system. To address risk management, for example, you may have to show you are tracking risks and have an audit trail of root cause resolutions to stop an issue from reoccurring. When it comes to integrated expectations, you may have to consider stakeholders, including vendors, customers, and employees, that you may not have taken into account previously, which could lead to systematic changes throughout your company.

When it comes to Voice of the Customer, you may need to create a formal system to track complaints, wants, and needs and demonstrate how that information informs your product development.

Make sure your vendors can provide tools to address these new standards and their require- ments when evaluating different solutions. Not all solutions are created equal.

QMS Oversight – Automatic reporting and dashboards to consistently monitor the progress of goals and any potential issues and trends.

Objectives and Goals – Company, quality, operations, or sales goals that define a goal for the company.

KPIs – Quantifiable targets and deadlines that meet the goals.

Management Reviews – A required review of the status of the goals, often along with the status of NCRs, CAPA, process improvement stats, etc.

Quality Assurance – Proactive measures to prevent defects and issues.

Quality Control – Reactive measures to identify and correct defects and issues, and measures to verify that quality was met.

Risk Management – Severity and probability of risk, often shown on a matrix.

Controls – Process controls or actions you are taking to prevent risks and measure compliance.

Purchasing – Supplier selection and monitoring.

THE CHECKLIST Business Processes – All official documents, such as order processing, production planning, policies, procedures, work instructions, references, forms, checklists, labels, etc.

Document Control – Management, storage, revision, approvals of all business documents, and automated workflows to receive and document approval.

Training and Development – Mandatory one-time and annual training on documents pertaining to their job function. Training management of required courses, such as annual safety training.

Audits – Internal, external, vendor, supplier, and external standard or accreditation reports. Manage audits, questions, schedules, and results.

Non-Conformance Report – Official documentation of non-conformance with definition of the root cause.

Corrective Action Preventive Action (CAPA) – Formal documentation of how a non- conformance was resolved with automated workflows to approve and document resolution.

A QMS is complex and includes many different components. Some vendors offer a total suite while others only offer a few components. Be sure to identify your key functional requirements and align them with product features.

q q q q q q q q q

q

q

q

q

q q

STEP 4: ALIGN YOUR

FUNCTIONAL REQUIREMENTS WITH PRODUCT FEATURES

That is a surprisingly long list, and you may have other software or processes that take care of some of these components. Few vendors offer an all-encompassing system, so you will have to take care that the one you need meets all of your critical requirements.

Do you want to host your QMS on-premises or in the cloud?

Where will your data be stored?

Do you require additional security measures?

THE CHECKLIST

q q q

STEP 5: HOW DO YOU PLAN TO STORE AND

SECURE YOUR QMS DATA?

Another consideration is storage and security.

F

irst, what kind of solution best fits your company’s temperament, needs, and standards’ requirements? Do you need on-premises data storage or are you hoping a cloud-based solution can alleviate some of your hardware and support needs? If you are considering a cloud solution, you will need to determine the accessibility of the data as well as whether you can store sensitive or critical data in the cloud.

What happens if your QMS is audited and you need to make the data available — does the vendor provide outside access in such situations? Also, you will have to decide whether you can trust the security systems the vendor has in place, or have a plan to make sure that what you are doing on-premises conforms with any standards’ requirements.

Unfortunately, simply moving from a manual to a digital QMS does not make you compliant.

How do you plan to ensure that your company is compliant? System validation should include validating accuracy, reliability, consistent intended performance, and the ability to discern invalid or altered records.

What is your training plan for employees?

How are you updating your policies and procedures?

THE CHECKLIST

q

q q

STEP 6: MAKE SURE YOUR QMS IS VALID & COMPLIANT

Y

ou actually have to validate your system, which can take some time. In addition to verifying the system’s security, roles, and passwords, you then need a process to make sure employees are trained on the proper and compliant use of the system and updating policies/SOPs of the new system.

Just because you implement the component for risk management, for example, does not mean you are compliant if you do not use it or do not use it in the way your new policies dictate. Implementation in this case might mean your system has the ability to be ISO 9001:2015 compliant -- but your company is not automatically compliant.

IT labor (infrastructure, support, maintenance)

Quality department labor (maintaining paper systems, handling audits with paper, manual document/

records management, manual, maintaining CAPA system manually, creating manual KPIs for management meetings, etc.)

High-level managers/VPs labor (manually signing-off on documents)

Cost of poor quality (returned products, underutilization, scrap/re-work, lost sales, low customer satisfaction, warranty costs, etc.)

Risk of not meeting standard/regulation (loss of standard, legal fees and exposure of not meeting regulations, fines, etc.)

Although it will not be an easy exercise, once you compile the information, it should provide you with a clearer picture of the benefits of moving to a digital system.

THE CHECKLIST

q

q q q q

If you have to prove ROI for a QMS to upper management, we have created a list of items to calculate and include in your analysis.

E

ssentially, you have to determine your time and cost savings, comparing manual standard operating procedures to a digital system. In the simplest of terms, you need to figure out how much time and labor you spend on manual processes that could be digitized, how much labor you will need to run the new system, as well as the time it will take to implement new processes and provide training for those that need it.

STEP 7: HOW TO CALCULATE

ROI FOR A QMS

IF YOU NEED HELP ASSESSING YOUR READINESS, PROVING ROI, OR IMPLEMENTING A QMS, WE CAN HELP.

TAKE AN ANALYTICAL APPROACH

The new ISO 9001:2015 requirements incorporating a risk management approach are prompting companies using a manual system to move to a digital QMS to save time, comply with the new rules, and stay ahead of the quality curve.

H

owever, the market for QMS is quite complex. As with any software implementation, you have two choices: handle the project internally or find a partner to help. Some companies will choose to implement one internally, which is appealing mainly because it appears to lower costs.

This approach often costs more in the long run when the implementation takes longer than expected, or worse still, if you chose the wrong system only to learn it is missing key components or that no one is actually using it. For example, you do not want to implement a standalone QMS that does not integrate well with your document management system and forces you to enter duplicate items into different systems.

Having a partner that has implemented scores of quality management systems, one that can devote undivided attention to the project and share best practices, can help you implement the right QMS faster and ensures that it will not only meet company expectations but also be widely adopted and used. A well-trusted partner can alleviate some of the burden of the analysis phase through assessments and demonstrations as well as implementation. We hope this initial checklist of considerations will help you get started.

QMS

818.249.1962 | [email protected] WWW.GENNET.COM

GENERAL NETWORKS

Your Trusted Partner in Quality Management Solutions

Q

uality management professionals need quick, unencumbered access to data, while organizations need to manage risk, retention, compliance, and storage factors. General Networks helps organizations modernize their quality management processes and systems by aligning solutions to your current and future business needs, compliance requirements, and technical environment. Our team of specialists has the industry, process, and product knowledge to support your project from architecture and imple- mentation to customization and support.

ABOUT