Implementing QMS Certifications for Small Businesses and Start-Up Companies

Welcome to the fourth and final instalment of this short series on Quality Management System certification for small businesses and start-up companies.

In this 4 part series I have been explaining exactly what third-party certification involves, and how you can level up your business through this process. The standard we are focussing on is ISO9001:2015, as this is the most popular certified Quality Management System standard worldwide, with an estimated 1 million+ certifications.

Welcome to the fourth and final instalment of this short series on Quality Management System certification for small businesses and start-up companies.

In this 4 part series I have been explaining exactly what third-party certification involves, and how you can level up your business through this process. The standard we are focussing on is ISO9001:2015, as this is the most popular certified Quality Management System standard worldwide, with an estimated 1 million+ certifications.

In my previous articles we have been through the initial certification journey from having the motivation to start, putting in the basics of the system and getting certified. Assuming all goes well, you now have a certificate of approval to share with your existing and prospective customers, and have successfully levelled up in the world of quality. Job done. Well, not quite…

This is actually where some of the bigger challenges may unfold. In my experience as a third-party certification Auditor I would often see companies come up against issues in their first surveillance audit – likely as a result of business growth and changing priorities over the 12 months since the initial certification, and perhaps also some day to day complacency setting in after the big push for initial certification.

In today’s article I am going to present 3 strategies to help avoid this, and make sure maintaining your certification is as simple as possible.

Effective Internal Audits

First and foremost is regular self assurance through a robust internal audit program. This should be risk based so that you focus your efforts on where there is complexity or potential weakness.

Here are some examples of risk factors and why you may want to internal audit some areas more often than others:

Trend of non-conformities from previous internal / external audits.
Higher potential for error (e.g., a complex manufacturing process).
Less interaction with central function (e.g., process operated by geographically distant remote workers).

The last point is an interesting one, especially these days with more hybrid and remote working.

In my experience I find it can be more challenging maintaining compliance with process when staff are based overseas in different time-zones and do not have as much opportunity to be part of smaller daily conversations on the nuances of the quality management system that usually take place at head office. In addition to checking compliance, internal audits should also serve as a regular opportunity for them to have their say on how the process could be improved.

Setting internal audit frequency based on risk should make sure you are getting enough oversight, but without being overly time consuming – but of course make sure to document the rationale for it.

I would also recommend setting up some kind of automated scheduling system rather than relying on having to check a calendar or Excel sheet for when it is next time to do an internal audit. This doesn’t need to be some fancy bespoke QA software package.

I’m currently using my own monday.com workflow for this purpose, but there are many other platforms out there at a lower cost (such as Todoist, Trello and Evernote to name a few) that are easily accessible and would work just as well. Being able to program the schedule once at the beginning of the year and not worrying about forgetting what you planned is a massive help!

For more general guidance on running an effective Internal Audit program I wrote an article about this on my LinkedIn profile a while ago, which you can find here

New Starter Awareness

Naturally as the business grows, new personnel will join the company who may not be used to working with Quality Management System standards. It is vital to make sure these new starters are fully engaged with the process from early on, and understand why certain policies and procedures are in place.

I would strongly recommend putting some time aside during their first week induction training to talk through your system and how it influences the way things are done. The role of the individual will of course dictate the level of detail you go into, but I try to keep things light and promote the ISO9001 certification as something we should be proud of, as it demonstrates commitment to customer satisfaction and best practice.

Here are some top tips I have for a successful new employee Quality induction:

Share examples of where the Quality Management System has helped us in the past. For example at a recent induction I delivered, I walked through an example of a recent NCR (non-conformity report) and used it to show how several improvements were made to stop the same problem happening again, and make everyone’s jobs a little easier at the same time.

Set up a short verification of understanding that involves accessing and reading key policy documents. This will get the new starter familiar with navigating system documentation, and is also a way for you to confirm their IT access has been set up correctly as part of onboarding i.e., they can access relevant Sharepoint folders or Intranet sites to view documents.

Bring coffee. Lots of coffee. They will need it… only kidding. But perhaps save the Quality induction till day 2 as there will be a lot to take in!

Getting everyone on-board and aware of Quality Management System expectations early on goes a long way, especially in smaller start-up companies with less heavily engrained rules and procedures.

Meaningful Key Performance Indicators and Targets

Key performance indicators (KPIs) are metrics set up to establish the effectiveness of the overall Quality Management System and processes within it. In the context of a Quality Management System, KPI metrics are likely to revolve around things like on-time delivery, product conformity and customer satisfaction.

Keep these metrics simple and easy for people to understand. Think hard about which metrics really provide an honest, objective reflection of the health of the process. Make sure the data sources and calculation methods are clearly defined, and try to avoid making the data collection itself onerous. Needing to manually crunch numbers for long periods of time to get the KPI result will only become harder to maintain over time as other priorities stack up.

With KPI targets, aim to focus on trends over a longer period rather than a binary pass or fail criteria each month. In business (and life) we will have some good months, and bad months but that is not necessarily a reflection of where we are heading. I generally try to look at things like on-time delivery as an average across 6 months as this gives us more insight into consistency over a longer period of time.

Lastly, with any KPI target thing carefully about the human behaviour that it could drive. For example, having a team target of “No more than X non-conformities per quarter” might sound like a positive goal, but in actual fact it could have a negative effect as people would be reluctant to raise any non-conformities for fear of failing the target, which would result in missed opportunities to identify and fix problems hiding under the surface.

Meaningful KPIs and targets are like a satellite navigation system for your system, and should make sure you are heading down the right path. Whilst consistent non-achievement of some KPI targets can be frustrating, it should be seen primarily as an opportunity to go back to the drawing board and do something to improve the Quality Management System in order to get a better result. Remember that arbitrary KPIs with targets that can be easily passed look good on paper, but are unlikely to flag up systemic weaknesses and help you improve in the long run.

Conclusion

So there we have quickly covered 3 strategies you can deploy to maintain certification and ensure your Quality Management System remains effective in the years after initial certification. I really hope this gives you some ideas, and may even be of benefit to some of the more seasoned Quality professionals reading this article.

If you have come across any other strategies that have worked for you I would love to hear them, so feel free to drop me a message on LinkedIn or comment on one of my recent posts.

This concludes my 4 part guide on implementing QMS certifications
for small businesses and start-up companies. Thanks so much for
reading and feel free to reach out to me on LinkedIn.

Cheers,
Andrew Milner

#AssuranceWithAndrew