And in the real world BLOG
In the real world of quality.com.au our durations are set the same as anyone else. We do however, try and make all durations virtual. We also ensure that we take the audit plan and make the right people available at the right time with the right records. We give access anywhere up to a week in advance and a week after the event.
Does your certification provider supply you with an audit plan? Do they supply it with sufficient time before the audit commences? If the answer is no to either or both of these questions, you deserve better.
Without this invaluable tool, how can you satisfactorily prepare for the audit? Never forget that the certification process is a relationship journey, not just one of inspection and compliance. When you are in a relationship, both parties need to contribute. It is very difficult to ensure the right people are available at the right time so that the auditor is reviewing the right process owners and associated records.
In a word…. Don’t do it. Yes, I know that’s three words but don’t do it. Sure life and business get in the way, but with enough planning and enough commitment, there should be no reason to change the date. Our management system is ready 24x7. Our management system is available through any web enabled device at any time. And our certifier is a joy to work with. Not the least of which their ability to think outside the certification audit box.
There is a cornerstone to any effective communication policy and that is having one source of truth. One environment for knowledge preservation. Sure it is not mandatory, but it makes effective communication very difficult with out one. So we use (funnily enough) myQuality for all things quality.com.au. Sure it has secret spaces, hidden IP, and needs internet connection, but without it we can’t function and we have no effective communication. But we do and so comms are streamlined and factual.
In the real world it is all about context. What do you do? Why do you do it? At quality.com.au (QCA) we have both of these on our home page on the web. We also have it in every newsletter we send out.
However, it needs to be a little more specific than that when it comes to our certifications, professional indemnity and our intellectual property insurances. So in that space we document and retain in our myQuality portal to ensure the directors and our interested parties are on the same page.
At quality.com.au we claim to design, develop and implement quality management systems. We are even certified to ISO 9001 to do so. Nice huh!
Let me remind you (because it is worth it), at quality.com.au we claim to design, develop and implement quality management systems. We are even certified to ISO 9001 to do so. Nice huh!
Our controls are the contracts, checklists and quality plans we develop as part of the project plan. Next our design outputs are subjected to internal audits, external audits and even peer review as EVERY project has an assigned project director to ensure all facets of every project is delivered.
Open communication is the only way to manage external audits. Phone calls, emails, pre-agreed dates for the following year are a start. Locking these expectations in a charter and formal agreement has enabled us to budget and be comfortable with our certification spends. And as we head toward our ISO 27001 audit, the blend of expertise needed from our auditors, their durations, and availability, it is very clear and easily met. Now let’s see if we pass this certification audit at the beginning of June. Wish us luck.
Our current certification provider is Global-Mark. They primarily use subcontractor external auditors. They do have employee external auditors, but they a small in number. Do we care if the external auditor is employee or subcontractor? No. But we do know and that ensures transparency.
Our current auditor is a Global-Mark employee. He has a great technical knowledge of the three standards we are certified to (soon to be four) and has grown in expertise with his understanding of commercial reality and the simplicity of small business. And we are not easy to audit either.
In our world we take preparation very seriously. We ask for the plan. We develop our own plan to correspond to what the auditor wants to see. We ensure our people are briefed and agree to specific time slots.
Then we further develop our road map to ensure our auditor has the right information to do his or her job right and meet their back office compliance review needs. We do go a little extra and prepare anticipated records they will want to see, PDF’ing them ready for review. We also ensure there are fall-back people and data so the audit flows well should any hiccups occur or availability issues arise.
At quality.com.au we have many interested parties, many internal and external requirements, many external providers who provide products and services for the delivery of our strategic plans, quality objectives, risk management and, of course our quality management systems delivery to our clients.
In our world we define the responsibilities, authorities and verifications of all people in our policies, procedures, employment contracts, subcontractor consultant agreements and external provider agreements. Each have specific terms and conditions. Each enables the person or company to modify ‘bits’ to best suit them and our commercial partnership. These are managed through open communication in all of its form.
Nothing says more for leadership and commitment than walking the talk and communication. Within the realms of our vast organisation that means; one source of truth, uniformity in application, strategic planning, clears goals and objectives, corporate certification, legal compliance, ethicacy and so much more.
To the extent necessary, our company maintains documented information (policy, procedure, instruction, etc) to support the operation of its processes; and retains documented information (records) to have confidence that the processes are being carried out as planned.
These documents and records are managed with our proprietary product, myQualityTM which enables us to add and indeed subtract or archive as we need.
We have a rolling three year plan. The current one finishes this December, the next one starts in January 2022. We are writing that one as I newsletter. It contains all of the above requirements from the standard and a little bit more. Heck, it even talks about succession plans and blue sky thinking. But we don’t just write it and then leave it fallow. The plan is reviewed biannually by the directors to ensure there is no drift. Sure there is always drift, but we react, improve, test and rethink.
We certainly walk the talk with this clause. In fact we have 16 types of RIOs (a risk improvement opportunity workflows). In fact, we can have as many or as few as we like. Of which 6 of the 16 are hard core planning for change with the rest being workflows to ensure change happens in a managed way.
One of the most utilised type is the ‘opportunity’ type. This enables us to determine how can we proactively make our systems and our company a better place.
Here are at quality.com.au we follow a strict formula to ensure what our clients want (whether they know it or not) and what they get align, and align with a great deal of accuracy.
A big call? You bet. When you retain our SaaS product (myQuality) and our services (design, implement, certify and support), there cannot be any surprises.
Yes we have an Objectives Register. Yes, it is split into quality, environment, safety, information security and strategic. Yes, we have several programs, targets and results for each. Yes, we freely make this available to all our stakeholders. Yes, we review it every management review. Heck we even reference and tie in our business plans, strategic plans and heaven forbid, our sales and marketing plans.
And does it help? Well, it is mandatory for our 4 certifications, but most of all it helps our shareholders focus on why we are business and why we do what we do!
Click here for ours. Please feel free to cut and paste. You can find it in our myQuality platform, in our induction process and it is reviewed every management review meeting.
This clause of the standard really does me in. No prescription. No maintained or retained documented information, just a bunch of feel good stuff that really challenges the less competent of external auditors and business owners / managers. So stay clear of the rabbit hole.
In our real world, everything starts with the strategic plan and all subsequent plans to ensure the company is resourced. Sure we use a cross-reference table and a quality manual as the minimum, but it is the rubber to the road that demonstrates our understanding.
There are many key elements in this clause and most are the requirements of Fair Trading in Australia, good governance in commercial risk, best practice in customer communication and tight-as with regard binding contracts and deliverables.
One virtual site. Nothing more. Nothing less. Over 80 actual project sites around the world, but only one certified site. Sure we have our ‘head office’ at Pyrmont listed as our registered address, but the reality is our company and our systems only exist in the cloud. We might actually put a bum on a seat in a client office from time to time, but all the evidence of engagement, delivery and support reside on a connected device.
Well in our world, the site is our registered office in Pyrmont. But nothing, and I mean nothing ever happens there that is covered by our scope of operations. In fact, all operational, in-0scope activities before contract are virtual with an even split between virtual service delivery or on-site service delivery using our very own virtual systems in myQuality, or the clients virtual systems and even the odd LAN based systems.
We are not required by any contract to have the project ‘office’ certified. We do however, run our operational health checks and internal audits on all things operational, but once again, that is a virtual scenario.
Well we pretty much follow the above words. Fortunately, since we use myQualityTM ourselves, we have our audits conducted remotely. Even before lockdowns. So, the plan arrives, the people are set and the audit is conducted. We also have a provider, who then plans the date for the next audit. Twelve months out! Excellent.
Well we were treated the same as any of our clients. No significant difference during the documentation review (aka audit), precertification review (conducted simultaneously with the document review), the certification review was quick and to the point and every other post certification review over the last 24 years. Yes, you read right. 24 plus years we have been walking the talking. Currently three standards of 9001, 14001 and 45001 and soon 27001. We do present some challenges to our certification providers and in particular some hardship for our auditors, because we do things just a little different.
In the real world it is all about context. In our business, we were like everyone else way back last century. We offered far more than we would like to do, but in order to make ends meet, we took on more and more until we finally burnt out resources or decided not to live with the lack of gross margin.
We were then ‘lucky’ enough to realise a cash flow that enabled us to niche and to focus on what we did, what we did well and what we wanted to do. In particular it was to make quality certification easy and to make it available to any business.
I am often asked this question. The provider we currently choose and trust to provide quality.com.au with certification to ISO 9001, 14001, 45001 and soon 27001 is Global-Mark. We have been a client of Global-Mark since the day Herve Michoux (Managing Director) opened his doors for business (circa 2007). They made the transfer process from our previous provider seamless and painless with no extra fees. We like their personnel, processes, back office support and automation, ensuring we get what we deserve from a certification provider.
The short answer is… when they are due. Then we consider when it is convenient for the provider and then when it is convenient to us. For us, it is anytime. We don’t prepare for external audits. Our systems are living breathing systems that can come under scrutiny whenever. Sure we get busy. Sure there are always external factors that might sway us. But certification is a strategic objective for us so we give it the attention it deserves.
Having said this, we are fortunate with our provider (Global-Mark) who assigns us a dedicated client manager to deal with all planning matters when it comes the audit dates.