Management systems are merging. Is quality at the center or part of the mix?

1. Management Systems Integration:
Big Q or little q?
Dennis Arter, FASQ
October 2013

2. Eras of management
Control era (product) 1925-1975
Define characteristics and inspect to those
characteristics (form, fit, function)
Assurance era (process) 1975-2000
Define processes to achieve results and
make sure those processes are being
followed. (Say what you do and do what
you say)

3. Eras of management
Management era (system) 2000-2012
Develop organization systems to achieve
results and provide resources to achieve
success.
Integration era (whole) 2012-2018
Combine
quality, environment, safety, security into a
holistic view. More emphasis on risk
management.

4. Back to Basics
Plan
Do
Act
Check
From our Quality history

5. PDCA means
Plan
Identify item or service characteristics
(form, fit, function)
Define methods, material, and machines to
make or deliver that product
Define the systems in which the product is
made or delivered

6. PDCA means
Do
Provide people, equipment, material and
infrastructure to make or deliver the product
Follow the defined methods

7. PDCA means
Check
Measure progress in achieving defined
products, processes, and systems
This can be through inspection, audit, customer
satisfaction, SPC, or any number of such tools

8. PDCA means
Act
Reduce differences between desired and
actual states
Make things better and smarter
Note: Deming (PDSA) and Six Sigma (DMAIC) are versions of this.

9. Good and evil
Some systems promote Good
Quality management tries to achieve
excellence, efficiency, satisfaction, delight.
Financial management tries to improve
efficiency.
Human resource management tries to
maximize people resources.

10. Good and evil
Some systems prevent Evil
Environmental management tries to prevent
harm to the planet.
Safety management tries to prevent harm to
people.
Security management tries to keep bad guys
away.
Financial management tries to protect assets
Note: These can also save resources if done right.

11. Quality management model
Material
Ideas
Bring things together
People
Machines
Make it
Deliver it
Change
Evaluate it

12. Environmental Management model
Sources
Pollutants
Acceptable?
Conditions
No
Avoid
Take Action
Transfer
Change
Mitigate
Effects
Evaluate

13. Safety management model
Sources
Conditions
Energy
Acceptable?
No
Barriers
Change
Effects
Evaluate

14. Security management model
Acceptable?
Threat
No
Barriers
Change
Target
Monitor

15. Recent initiatives
ISO 19,011:2011, Management systems –
Guidelines for auditing management systems
ISO 17,021:2012, Conformity assessment
auditing
ISO Annex SL:2012, Proposals for
management system standards
ISO 9001:2015, Quality management
systems – requirements

16. Common elements
4.
Context of the organization
5.
Leadership
6.
Planning
7.
Support
8.
Operation
9.
Performance evaluation
10.
Improvement

17. Emerging trends
Access to information
Global market
Sustainability
Climate change
Business continuity
Social conditions
Triple bottom line: People, Profit, Planet

18. Social responsibility
1.
Consider social and environmental effects
of operations when making decisions.
2.
Be accountable for social and
environmental effects of operations.
ISO 26,000:2010, Guidance on social
responsibility, released in Dec 2010.
Not meant for conformity assessment use.
Big in Europe and Asia; not N. America

19. General risk model
1.
Define risk
Quantitative (What is out there?)
Qualitative (How bad is it?)
2.
Judge risk
Risk effects analysis (What happens?)
Acceptable and unacceptable risk (Worth it?)
3.
Provide countermeasures (ATM)
Avoid (physical and admin)
Transfer (buy insurance or sell to Moldova)
Mitigate (process design)

20. Risk issues
Good or evil
Quality profession emphasis on making
better
Risk professions emphasis on preventing
evil
Is it actually increasing?
Attention to risk concepts is increasing every
day

21. Future: Big Q?
Quality heart and soul
Environmental brain
Safety shoes
Security skirt
Sustainable energy
Low carbon emissions

22. Future: or little q?
Quality is
part of the
stew

23. Let’s have a conversation
Preserve emphasis on goodness
Big Q or little q

24. Thank You
Dennis Arter, the Auditguy
Kennewick, Washington, USA
Mail: Dennis@auditguy.net
Web: http://auditguy.net
Blog: http://auditguy.blogspot.com
Twitter: @Auditguy

25. Reference

26. Quality
ISO 9000 family and spin-offs
ISO 9001:2008 is quite mature.
Current emphasis is on processes and how
they form systems. No big changes expected.
Most of the world sees quality as conformity
assessment (registration/certification).

27. Quality
Medical device and pharmaceutical
Device is mature. FDA 21 CFR 820 (Quality
System Requirements) and ISO 13,485:2003
apply.
Pharma moving towards harmonization, with
FDA 21 CFR 210 as the start.

28. Quality
Food safety
ISO 22,000:2006 (HACCP and ISO 9001 and
GMP)
British Retail Consortium (BRC codes)
Safe Quality Food 2005 (SQF) is quite mature
Consolidation effort by Global Food Safety
Initiative
Consumer interest strong and getting stronger

29. Environment
ISO 14001:2004, Environmental
management systems -- Requirements
and rest of family.
Quite mature and merging with 9001.
Expect much more activity on labeling and
claims of conformance.
ISO 50,001:2011, Energy management
systems

30. Occupational safety
Still pretty reactive and lacking maturity of
other systems. (Lawyers?)
OHSAS 18,001:2007 (Requirements)
developed by ISO and ILO. Not much interest
in No. America.
Responsible Care and Process Safety
Management (21 CFR 1910) for chemical
industry in USA.

31. Information security
ISO 27,001:2005 (Info Security). Started out as BS
17,799.
ISO 13,335:2004 (IT/MIS Security) available for free.
Identity theft and password capture are huge revenue
generators for bad guys.
Cyber-warfare is being developed (StuxNET worm).
Zero Day thriller novel recently released.
Governments and multi-nationals interested in
registration/certification.

32. Business security
NFPA 1600:2007 on Disaster
Planning, Emergency Response, and
Business Continuity used by US Dept. of
Homeland Security.
ISO 22301:2012 Societal security - Business
continuity management systems Requirements

33. Supply chain security
Supply chain risk (sole
source, lean, safety, terrorism)
ISO 28,001:2007 Security management
systems for the supply chain used for
registration

34. Risk management
ISO 31,000:2009 says that Risk management:
1.
Creates and protects value
2.
Is an integral part of all organizational
processes
3.
Is part of decision making
4.
Explicitly addresses uncertainty

35. Risk management
ISO 31,000:2009 says that Risk management:
5.
Is systematic, structured and timely
6.
Is based on best available information
7.
Is tailored
8.
Takes human and cultural factors into
account

36. Risk management
ISO 31,000:2009 says that Risk management:
9.
Is transparent and inclusive
10.
Is dynamic, iterative and responsive to
change
11.
Facilitates continual improvement of the
organization
See also ISO 14,971:2001 (Risk
management for medical devices)

37. Corporate social responsibility
CSR is not SR. Focus is on business
Some national standards being
developed, especially in Eastern Europe, but
not ISO
Conformity assessment, with government
encouragement
Used in USA as shorthand for green and
corporate charity
No ISO movement (that I am aware of)