Welcome to my blog for all things related to business quality (processes, systems and ways of working), products and product quality, manufacturing and operations management.

This blog is a mixture of real-world experience, ideas, comments and observations that I hope you'll find interesting.



ISO 9001:2015 – what does it mean for you?

The latest version of the international standard for Quality Management Systems, ISO 9001:2015 was published in September 2015. There will be a transition period until September 2018 for organisations that are certified to ISO 9001:2008 to upgrade to the new version.

For a summary of what is different about the new standard and what will have to change, see my previous blog.


Clearly this depends on your business and its existing Quality Management System, but assuming that you are a typical SME with a Quality Management System that complies with ISO 9001:2008**:

  1. Issues for Top Management

 One of the key differences in the new version of ISO 9001 is that it has pushed some important elements of quality ‘up the pecking order’ in the organisation, i.e. these issues become the responsibility of all top management (albeit with guidance from quality management) not just a single Management Representative or a delegated Quality Manager:

  • Scope of the QMS, and Quality Policy and Objectives (which must now be measurable)
  • Business Context (information about internal and external issues that affect its strategic direction; risks and opportunities and actions to address them) – this needs regular attention
  • Responsibilities – there is no longer a single-point requirement for a Management Representative, so how is responsibility and accountability for quality to be distributed amongst top management in a way that ensures the appropriate priority is given to these issues and leadership is provided not dispersed or lost?
  • Improvement, especially regarding discontinuities (as opposed to continuous improvement as per ISO 9001:2008) such as innovation, breakthrough change, re-organisation, etc.
  • The deployment of risk-based thinking – one common process to be used throughout the business, or bespoke processes for different areas (although not stated the same way in ISO 9001:2015, I think that Corrective Actions could also be similarly evaluated as being pan-business or specific to given areas).
  1. New Processes or Substantial Changes

Some new requirements require significant thought about how to implement and will need new or substantially changed processes:

  • Risk identification, analysis and mitigation (includes both opportunities and threats) as part of risk-based thinking
  • Organisational knowledge capture, maintenance and effective usage
  • Definition of ‘Interested Parties’, their requirements and how to meet these requirements
  • Improved supplier management, including measurement
  • Changing the appropriate processes to include risk-based thinking (once it has been defined; see above)
  • Communication and ensuring awareness of quality measurement – and their role in it – amongst all staff and other parties
  1. ‘Just Do It’ Changes

Some changes can be made as part of normal continuous improvement to the QMS; they aren’t difficult or contentious and don’t need a lot of careful planning, they can just be implemented:

  • Documenting the new processes or modifying existing ones, including references or links from other documents or processes in the QMS to make it all work together as an integrated whole
  • Management Review changes
  • Nomenclature changes (no Management Representative any more, CAPA changes to just Corrective Actions, no Records – see (4), below)
  • Re-categorising / changing / updating Preventive Actions (see (4), below) to either become Corrective Actions or to be incorporated into the chosen risk-based thinking process
  • Aligning Key Performance Indicators / metrics with the new Quality Policy and Objectives
  • The standard says that ‘QMS changes must be planned’ – how is this to be done (as opposed to happening on an ad-hoc basis)? 
  1. What Can You Dispense With

You don’t have to, but if you choose to do so you can dispense with:

  • The Quality Manual (although consider retaining a token summary-level version if you think that some customers may demand to have a copy and it is difficult or unwise to provide them with your entire QMS)
  • The ‘PA’ (Preventive Actions) part of ‘CAPA’ (Corrective Actions and Preventive Actions) as these are replaced by risk-based thinking
  • Explicit references to Records as opposed to Documents in general
  • Procedures (as opposed to Processes) – the ‘documented information’ should be what your business requires, although there are still some requirements to retain certain documented information so effective document control is as important – arguably more important – than ever.
  1. What Conclusions Can We Draw From All This?

I will suggest the conclusions most appropriate to typical SMEs in a future blog.

In the meantime, if you need help in understanding, interpreting and applying the new standard in a beneficial, pragmatic, low-bureaucracy way please get in touch with us: information@primilis.com, 0800 6126 593.

** If you think this doesn’t help you, or fear it’s too difficult or too bureaucratic, or don’t know how to go about it, do get in touch as we have a proven, easy-to-adopt, low-bureaucracy approach to managing business processes that we think you will find to be refreshingly pragmatic and effective.

ISO 9001:2015 – what has changed?

The latest version of the international standard for Quality Management Systems, ISO 9001:2015 was published in September 2015. There will be a transition period until September 2018 for organisations that are certified to ISO 9001:2008 to upgrade to the new version.


What is different about the new standard and what will have to change? In overall terms the new standard has a greater emphasis on:

  • Leadership from top management, and broader business awareness including the requirements of stakeholders and changes in the business environment
  • Planning, setting objectives, measuring results and responding to changes (plan-do-check-act, more explicit than before)
  • Risk and opportunity management
  • Communication and involvement of people throughout the organisation, including collecting and sharing ‘organisational knowledge’ across the business
  • Reducing the number of mandatory requirements and procedures
  • Including services and third parties within the quality management system.

Expanding on the differences in a little more detail:

  1. Structure and Overview

ISO 9001:2015 looks rather different – some of the content from the 2008 version has moved around and there are significant new sections. There is also a change in terminology.

The main reason for the rearrangement is to align its structure with other international standards so they read similarly and are more easily compared or cross-referenced; it doesn’t imply that an organisation’s quality management system, or the terminology that an organisation uses, needs to change in a similar way.

There is also a reduction in the number and degree of prescriptive approaches that should be taken for different aspects of quality management, i.e. more freedom is now given in how to meet certain requirements such as document and record control.

ISO 9001 has taken a process approach for some time. This is now more explicitly enshrined in the new version but is unlikely to make a great deal of difference to most businesses although some tightening up of processes and performance measures may be appropriate.

  1. Management and Leadership

There has been work done on the standard to both push quality management up the corporate agenda and make it integrated into ‘business as usual’ rather than standing apart from it.

Hence there isn’t a Management Representative any more; the quality management system – and ensuring customer satisfaction and meeting other corporate requirements – becomes the responsibility of all top management not a single person. The need for leadership is stressed.

  1. Context and Scope

A new clause has been introduced to address the ‘context’ of the organisation.

Organisations will need to identify, understand, monitor and review relevant internal and external ‘issues’ that may have an impact on what the organization does and how it delivers its intended results. These issues can include risks and opportunities, legal, regulatory, financial, political or social issues and changes, market trends and changes, competitor activity, technology changes, etc., i.e. the broader business environment that is sometimes asked about during ISO 9001 audits (“what has changed recently in your business environment”).

Organisations will also need to define, then understand and monitor the needs and expectations of, ‘interested parties’, i.e. stakeholders (organisations or individuals including investors, staff, customers and suppliers) that can be affected by, or can affect, the organisation’s activities.

These contextual issues will require a strategic understanding by top management and should be considered as part of on-going risk and opportunity management processes as well as during the design and maintenance of the quality management system.

The scope of the quality management system (i.e. what parts of the business are included or excluded from the system and why) has often seemed to be of more interest to the auditing body than to the organisation itself. In the 2015 version the scope has been made more important still, and now needs to take context into account and justify any exclusions.

  1. Quality Objectives

The quality policy should be aligned with the organisation’s strategic direction. The quality objectives now need to be more detailed, specific and measurable, and need to relate directly to the quality policy. They may need to be distributed to different parts of the organisation; there certainly needs to be good awareness of them throughout the business.

Plans on how the organisation will achieve the objectives will need to be produced and resources allocated (i.e. objectives are no longer merely laudable aims) and they must be kept updated.

The QMS itself also needs to have planned (as opposed to solely ad-hoc) changes.

  1. Risk Management versus Corrective & Preventive Actions

Corrective Actions stay, but Preventive Actions are effectively replaced by ‘risk-based thinking’. Taking a risk-based approach to quality management is a fundamental change to the old standard in that it elevates its importance and distributes risk-based thinking throughout the business’s operations.

Specifically, organisations must now take opportunities to identify and take appropriate actions on both risks and opportunities that affect the organisation’s ability to meet its aims and satisfy its customers. Risk management is a key theme that is referenced in several parts of the new standard and is explicitly covered, for instance, in the Management Review.

However, in keeping with the intent to have fewer prescribed processes, there is no prescribed risk management process, it is simply stated as a requirement that risks and opportunities are identified and acted upon i.e. that risk-based thinking is adopted by the organisation; it is left to the organisation to determine how. Is this a weakness in the standard?

Risk management is very important to the new standard and the auditors will need to see an effective process in place, not token gestures. However, in the absence of a prescribed approach in ISO 9001, organisations are left to either devise their own methods (with what guarantee of effectiveness?) or to follow a prescribed approach such as one of those described in the guidelines on formal risk management Standard, ISO 31000, which may appear difficult, complex and confusing to many organisations.

  1. Design and Development Processes

These are quite similar to the 2008 version, although the wording is more comprehensive and rather clearer than before and now more clearly includes work done by third parties.

  1. Products and Services

ISO 9001 used to be written around products; its applicability to services had to be implied. ‘Products and services’ are now extensively referenced and the applicability of the standard to both goods and services is made clear.

New clauses cover post-delivery activities (warranty, service and recycling) and control of changes in production (to complement the control of changes in design and development).

  1. Awareness and Communications

In the early days of ISO 9001 it was not unheard of for auditors to quiz random auditees about the company’s quality policy and objectives, the relevance of their work to the quality management system (and vice versa) and the implications of not following processes.

Those days may be returning as the need for staff to be aware of these things is now explicit and may, therefore, be tested (this may help to help bring stray sheep back into the fold…).

The need, timing, scope and process for making internal and external communications is now an explicit clause in the standard; there will need to be a communications plan.

There is also a new clause to cover the ‘Environment for the operation of processes’ which includes not just the physical environment (as with :2008) but also ‘soft HR’ social and psychological issues such as stress reduction, emotional protection, the provision of a non-confrontational environment, etc.

  1. Purchasing

‘Purchasing’ has gone; it is now replaced by the wordier – but more helpful – ‘Control of externally provided products and services’. This is helpful for those organisations that outsource parts of their processes, or even manufacturing as a whole, e.g. to a Chinese contract manufacturer, as the applicability of ‘Purchasing’ (as was) to third-party manufacturing management was always tenuous.

Now a more thorough and, as with the rest of the standard, risk-based approach is to be taken, including being used to determine the controls that are appropriate for the organisation’s various external providers. Similarly, management of non-conforming product has now been extended to cover non-conforming process outputs and services not just materials or products.

  1. Documentation and Information

The requirements for formal documentation have been made simpler and more flexible… but, arguably, more vague. The Quality Manual has gone, as have the six mandatory procedures.

The rather artificial separation of documents from records has been removed and replaced by stated requirements to maintain and retain documented information.

There is more freedom given to the organisation to determine how information is captured and managed. Documented information must be maintained as necessary to have confidence the processes are working as planned – the organisation will need to decide what this means and must be able to justify it. Some prescribed types of documented information must be retained (similar to the previous reference to Records).

Also, there is a new and explicit requirement for the organization to obtain, maintain, and make available the ‘Organisational Knowledge’ necessary for the operation of its processes and to ensure that its products and services meet all requirements, i.e. ensuring not just good documentation, but also the sharing of information, mutual exchange of informal but important knowledge, etc.

  1. Appendices

An annoying characteristic of many international standards is the extensive cross-referencing that implies the need to buy many different documents to be able to properly read just one of them.

ISO 9001:2015 has moved a little way towards helping with this by adding two appendices that:

  • Provide an explanation, in summary, of the changes made since the 2008 version and clarifying the new structure, terminology and concepts
  • List the other documents in the ISO 10000 portfolio of quality management standards that provide further information if required, and providing a short description of their content (to give the reader a little help in deciding if they are really needed for cross-referencing).


Clearly this depends on your business and its existing Quality Management System; I will talk about the implications for typical SMEs in a future blog. In the meantime, if you need help in understanding, interpreting and applying the new standard in a beneficial, pragmatic, low-bureaucracy way please get in touch with us at Primilis (http://www.primilis.com).

A reliable microwave oven

My microwave oven is falling to pieces. It still works, but all the plastic trim round the door has become brittle and bits are falling off every time we open it.

So all praise to Sharp for their ‘Carousel II’, circa 1986 – yes, it’s nearly 24 years old (it’s even coloured beige and brown, for Heaven’s sake; when did you last see a beige and brown microwave?) and in all that time it has not skipped a beat.

Actually, that’s not quite true. Something seemed to go wrong about 12 years ago. On a couple of occasions it refused to heat the food and blew a fuse. But then it picked itself up, dusted itself off, and just started working again with no intervention from anyone and it has been fine ever since.

I think that is stunning reliability and I’m not naive enough to believe that we’ll get the same from its replacement; yes, after 24 years you can’t get replacement parts and, with the door seal disintegrating, it looks like the end of the line.

From what I can see, the modern equivalents look prettier (beige and brown – what was I thinking?) and are 50% more powerful but most of their user interfaces are unnecessarily complicated and there are a lot of functions my family will never use.

So let’s cross fingers that I don’t have to update this post for another 24 years.

Update 6 Jan; someone else had a similar experience and has reinforced my worry that we won’t get anything as good, certainly not from Sharp: http://www.amazon.co.uk/review/R1AVEAZL814BHE

Update 3 October 2014: Interesting and relevant BBC article about washing machines:  http://www.bbc.co.uk/news/business-27253103

Primilis and CogniDox announce a Graphical QMS

Our Press Release from 5 March 2013:

Primilis and Cognidox have announced the development and general availability of a new Graphical Quality Management System (G-QMS) to aid companies looking to achieve Quality certification. The collaboration has been documented as a case study available for free download from both the CogniDox and Primilis websites.

One of the difficulties for companies in pursuit of Quality certification (such as ISO 9001 or ISO 13485) is documenting company business procedures in a way that is intuitive, easy for occasional users, and gets used by everyone in the organisation.

Quality is a process and not a “badge”, so user adoption and buy-in is a critical factor for success. CogniDox is already a popular document management system (DMS) solution providing the document control procedures required by quality management standards. Using standard CogniDox features for HTML control, Primilis quickly implemented a QMS to capture business processes in an easy-to-understand, visual form with rich graphical content. They created a “website-within-a-website” to enable users to interactively view quality procedures in a browser and download editable documents where required.

All of the content is created with commonly-used tools (e.g. Microsoft Word, PowerPoint, and Visio), which avoids any additional training or specialist software. “If you are a Quality Manager or Executive at a company considering a strategy for ISO 9001 then our case study is essential reading to help your business understand the possibilities for effective Quality Management Systems,” said Tom Gaskell, Primilis Director. “Before you build a filing cabinet full of paper procedures or hire consultants for an expensive SharePoint intranet project, talk to us about an easy way of combining document management with a graphical QMS.”

The case study is available in PDF format to download (no registration required) from:


Also linked to from the Primilis website http://www.primilis.com.

Example screenshot – a simple Internal Audit process:



Crosby’s Quality Management Maturity Grid

Of all the quality ‘gurus’ I find the late Philip Crosby one of the most readable. In his book ‘Quality is Free’ (Mentor 1980, ISBN 978-0451625854), which I can thoroughly recommend, he advocates the use of a simple tool to show where you are in the quality management spectrum; he calls it the Quality Management Maturity Grid.

The grid is a simple 5 x 6 matrix that shows different stages of maturity of the company’s quality management against six different quality management categories (management understanding of quality, problem handling, cost of quality, etc).

The lowest stage of maturity is called ‘Uncertainty’ – the organisation is inexperienced, quality management is a low priority and reactive, etc – then as quality management matures it goes through the stages of ‘Awakening’, ‘Enlightenment’, ‘Wisdom’, then the highest level, ‘Certainty’.

Each point – maturity versus category – on the grid has a brief description of how that combination appears in the company; for instance, in the ‘Uncertainty’ stage, Problem Handling looks like “Problems are fought as they occur; no resolution; inadequate definition; lots of yelling and accusations.” If that sounds like your company then I’m sorry to hear it and you are at the ‘Uncertainty’ stage for Problem Handling!

Here’s the grid (I know it’s difficult to read in some browsers as it’s shown below; you can either make your browser window a lot wider or click on it a couple of times to see it more clearly):

(Corrected 09 July 2012, thanks to Stephen for spotting the bug – see Comments.)

You use it by asking a number of people to assess the company; the more the merrier from different levels and roles across the company as it helps to give a more complete picture. Each gets a copy of the grid and makes a subjective judgement about which Stage the company is at for each category; they mark the grid in the appropriate position.

It is important that they are very honest in their assessment; make a point of this with them.

(By the way, you may find Cost of Quality a bit tricky to estimate if I don’t explain what it really means; sorry about that, I’ll have to blog about it another time. In the meantime, have a look at Jim Wells’ excellent description here.)

The total score is obtained by adding up the scores for each category; Stage 1 ‘Uncertainty’ gives a score of 1, Stage 2 ‘Awakening’ = 2, Stage 3 = 3, etc. The minimum score is therefore 6 (all categories are at ‘Uncertainty), and the maximum is 30 (all are at Certainty); I know of no company that is at 30 so if you really are there please get in touch as I’d really like to meet you!

It is really interesting not only to see the scores for each category (as well as the total), and the arithmetic mean across all the assessors, but also to see how individuals from different departments or roles in the company mark each category; big variances in scores indicate that people see the company as being very different in this area – why is that? Is the high score or the low score more appropriate? What needs to be done about a low score from just one part of the business? It can be a fascinating exercise.

The thing I particularly like about the Quality Management Maturity Grid is that it is (a) very quick and easy to use, (b) insightful – it makes you think, and (c) – most important – it doesn’t just show you where you are but, also, what your company would have to be like to get a higher score; it therefore acts as your route-map for strategic quality and helps you plan your quality improvement initiatives so that you move steadily towards the right in the grid.

Eddie Mair rattles my speakers

Intermittent problems are a real pain. They never show themselves when you are in a position to do anything about it.

I have been disappointed by the Bose sound system in my Mazda; it under-uses its sub-woofer, fails to automatically adjust to changes in ambient noise (one of its key selling points) and, for several months, has produced an intermittent rattle from the right hand side front speaker.

However annoying the rattle, and however pervasive on long journeys, every time I took it to the garage to be fixed… nothing. Whatever I did to prove its existence led only to ‘here he goes again’ looks from the polite but bemused garage staff. “It does rattle, honest, and it’s really annoying”. “Well, Mr Gaskell, when it does it again, you be sure to bring the car back to us…”

I have just completed a quest to get the rattle to appear.

Volume and tone settings have little effect; if it’s going to rattle, it’s going to rattle, if it’s not, it’s not.

Speech seems to be the culprit, but only a few male voices cause it: Radio 4 mid-morning at the garage had no chance. Melvyn Bragg and his guests – nothing. Ladies’ voices – no effect. Local radio – only the occasional voice, nothing consistent. I even tried Richard Burton (via Jeff Wayne’s War of the Worlds); no effect.

But now, courtesy of BBC Radio 4’s PM programme, I have the answer.

The most consistent speaker-rattler in British Radio is… Eddie Mair. All I had to do was stick a Radio 4 ‘PM’ podcast on my iPod and I now have all the proof I need – anything that man says makes my off-side front door speaker try to turn itself inside-out. He has a pleasant voice and there’s nothing about it that makes him stand out as a speaker-rattler, but speaker-rattler he certainly is!

So thank you, Mr Mair, for making proper diagnosis and repair possible. I’m not sure it’s a second career with as much potential as your day job, but it has helped me enormously.

And that goes to show the best route to fixing an intermittent problem – find a way of making the problem happen all the time (or at will), or you can waste a lot of time chasing ghosts.

How to get 5.1 audio on Sky HD – updated


I have just installed a Sky HD system for a colleague and hit a really annoying problem.

The Sky HD box puts out stereo digital audio onto its HDMI connector, and provides 5.1 (surround sound) digital audio on separate connectors. This is fine if you are just feeding a TV, but if you are going into an AV receiver to provide switching between different video sources – and to give you surround sound – it is a real pain because:

(a) Some AV receivers won’t let you provide audio separately from the HDMI video signal

(b) Those that do let you provide separate audio and video (e.g. Sony) don’t allow you to use automatic HDMI linking or signalling if you do use separate audio; in other words, rather than using one remote control to control everything, you’re back to having a whole pile of remote controls, one per box, and you need a degree in AV Engineering to work out what controls what!

The grapevine suggests that Sky recognise the limitation of their design and, at some point in the future, will allow you to optionally select 5.1 for the HDMI interface. This may or may not be a software upgrade; nobody seems to know. Until they do fix it, here’s a work-around:

Go to http://www.hdcable.co.uk and buy their ‘DVI to HDMI Converter with Audio’ box (CECD0101B); it’s about £50. Then get yourself a short digital audio coax to coax lead (or optical to optical) and a decent quality short HDMI male to DVI male cable. Wire it up like this:

Sky HD Fix

The hdcable.co.uk box strips off the stereo digital signal from the HDMI cable and replaces it with the 5.1 digital audio from the Sky HD box. The AV receiver sees a normal HDMI cable (carrying 5.1 audio) and can use all its HDMI linking / signalling / etc so you can stick half your remote controls in the cupboard as the TV remote can do all the day to day controlling!

There are several more expensive ways of fixing the problem, but this was the cheapest and easiest that I found and works a treat. I’ve even suggested to the good folks at hdcable.co.uk that they make another version specifically for this SkyHD purpose with an HDMI connector instead of a DVI connector.

UPDATE – January 2012

Courtesy of Mike Spurr (thanks Mike) it now transpires that HD Cable have stopped making this product. Although some Sky HD boxes now seem to have a ‘5.1 on HDMI’ audio option, older boxes certainly don’t and there is still a need for something like this if you want to embed the 5.1 audio with the HDMI output.

HD Cable recommended CYP products as an alternative (at a higher cost), and Mike has found this: http://www.superfi.co.uk/p-3638-cyp-au11ca-hdmi-audio-embedder-with-repeater.aspx

It’s actually a little easier to use than the HD Cable product, although it is more expensive, but if your Sky HD box doesn’t offer you the choice and you need to strip off 2 channel and add 5.1 to Sky’s HDMI signal then it seems a good way of doing it:

The winds of change…

In a recent blog I wrote about Deviations and Concessions, temporary changes that allow you – when necessary and under control – to not do things the way you normally do them.

But what happens when the change is permanent; how do you manage change?

This is a well-established part of quality management and you may be quite familiar with Change Requests or ECRs (Engineering Change Requests) and Change Orders or ECOs (Engineering Change Orders) or sometimes ECNs i.e. Notes. So, rather than go through the basics, I thought it might be useful to look at some of the issues and subtleties.

What system do you need?

Quality Management Systems invariably have a change control facility built-in, as do Product Lifecycle Management systems (e.g. Agile) and many MRP or ERP systems. There are also many stand-alone systems available.

For organisations that mainly produce documentation, an integrated document control system such as SharePoint or CogniDox (or others) could provide the required version and change control.

For companies that produce software, configuration and version management is crucial and they will probably want to use an established tool, from an open-source system such as CVS or Subversion up to an enterprise-level application such as IBM’s Rational ClearCase.

However, for many hardware-producing companies, if they don’t already have an integrated system for change control they don’t necessarily need to make a large investment; it can be provided via a simple paper or e-forms based system or a DIY database.

How many forms?

Many organisations that take a DIY approach use separate documents or templates or e-forms, etc, for ECRs and ECOs (or ECNs), the former being used to request a change and the latter to implement it. However, some organisations use one single form or template to request a change, assess it (see below), approve and implement it.

You can also use the same process to release products or documents for the first time rather than to change them.

What are the consequences?

All ECRs / ECOs / ECNs should define what needs to change and why. However, for me a key part of change control – and one that is often missed – is to assess the consequences of making the change before you commit to it.

What are the costs, including re-work or scrappage? What effect will it have on timescales? What risks will it introduce? Will it invalidate any approvals or require re-testing? Will customer, sales or marketing documentation need to be changed? Will customers need to be advised (does it affect compatibility with other products)? Will test systems need to be changed? Will production systems need to be changed? Will you need to swap-out sales or production product samples?

Any actions resulting from these consequences will need to be properly managed if the change is implemented.

You will want to make sure these questions are asked and the results and actions agreed by all the ECR / ECO signatories who must cover all the relevant parts of the business and must agree that the change is worthwhile after taking into account all these consequences…

Who signs it, and why?

How often do you see these things being signed without the person actually reading the document? Are people signing to say they are merely aware of the document’s existence or to say they take full responsibility for everything contained within, including costs and consequences?

Here’s a thought – if you are designing a template or form that has sign-off boxes, write down exactly what each signatory should check and sign for. Make it explicit, then it can becomes a meaningful process rather than tokenism. (Then use internal audits to verify they are doing it right!)

How do you know the change has been made?

You make be able to implement the change immediately or you may have to wait until a certain time, or after a certain number of units has been produced, or at a certain product serial number.

Your system should allow this cut-in point to be specified; you should ‘close the loop’ and make sure that the implementing of the change is recorded as proof that it was done correctly.

How do you keep track of what has changed?

You may have very few changes in what you do and may not need anything other than a record of the changes having been made. Lucky you! However, for many companies the changes accumulate and become complex to administer, especially if using third parties and especially for low volume, high mix products.

How do you know what changes were applied to product XX, serial number ABC12345? How do you know what changes the system shipped to Customer YY on 08/04/2009 had applied to it? Can you identify all the products shipped with Change ZZZ applied to them?

There are two main ways of answering these questions. The first requires a detective job in which you cross-check build records, change control cut-in dates, serial numbers, etc, etc, and work out what changes applied to any given item. It can be painful and slow, but it’s the way that many companies do it.

The second is to fully manage product configuration; you keep a record of what changes / deviations / concessions / etc, and often what specific subassemblies or parts, are applied to every single product. This is more difficult to do, requiring more comprehensive systems or databases, but gives better traceability and is a must-do for high integrity / high safety systems; only you can decide if it is worthwhile for your business.

I hope this has given a few useful pointers as to how Change Control can best meet your requirements. For many organisations it doesn’t need to be complex, but to be meaningful and effective it has to go beyond mere tokenism; you should be actively managing change, not merely watching it wander, out of control, past the window!

Being devious about Deviations

If quality is doing “exactly what it says on the tin” (courtesy of Ronseal), what happens if you really don’t want to? What happens if you knowingly choose to do something else? Presumably that isn’t allowed?

Well, yes it is. Quality management shouldn’t be a straightjacket.

Of course, if you’re dealing with safety-critical applications or other high security, high safety, high risk or cost areas there are many restrictions and must-do activities – some aspects of quality aren’t up for negotiation – but sometimes it is highly appropriate to deliberately not follow the normal processes or standards. However, you should do this in a controlled way rather than just allowing anarchy.

The way to do this is called a ‘Deviation’ or a ‘Concession’.

The two are slightly different in that a deviation is before the event – you choose to do something not in the normal way or to the normal specification – whereas a concession is an acceptance of something that is already not to the normal specification. One way of thinking of it is ‘the supplier deviates and the customer grants a concession’. But this subtlety is often lost and, for many people, not worth worrying about; the key principle is that if you choose not to follow your normal path, do so in a managed, measured way.

So a common technique is to have a deviation (or concession) form, or electronic template, or database or other system that records what you are doing in a different way to normal, why, authorised by whom, and – most importantly – for how long… because a key characteristic is that deviations (I’ll stop adding “and concessions”, take that as read) are temporary. They are made to expire after a certain time period, or after a certain number of units are made or cycles of activity are complete, or after a predictable set of circumstances are met. Deviations are controlled, measured and time-limited changes. If you want to make permanent alterations you use change control; I’ll talk about that another time.

Typically, a deviation note contains:

  • A reference number and date
  • Who has raised / requested the deviation and who is responsible for implementing it
  • The parts or processes or other things that are affected, and the quantities involved
  • The normal standards or specifications or processes, etc, that would be used
  • The reason for wanting to deviate from the norm
  • What needs to change
  • Actions to be taken
  • When the deviation becomes effective (in terms of date, item serial number, relationship to other parts or material batches, customer demands, etc)
  • When the deviation expires (in terms of date, item serial number, relationship to other parts or material batches, customer demands, etc)
  • Any cost, time or risk impacts, or other consequences of the change
  • Somewhere to record whether it has been turned into a permanent change
  • Its status – Being considered? Rejected? Pending? Implemented? Expired? etc. (You may even want to record the change history of this deviation itself)
  • An appropriate level of sign-off, to make it clear that the deviation has the understanding and agreement of staff at appropriate levels of responsibility… including quality management and possibly including the customer.

If you are designing your own system, the ability to add attachments is hugely valuable. You would also be wise to add the ability to automatically flag up the expiry of deviations, i.e. have the system send a message or email to the user when its expiry date is approaching.

Of course, you may already have a change control or Product Lifecycle Management system that has deviations and/or concessions built in but, if not, you don’t need to go out and buy an expensive integrated system, you really can do it yourself using Excel or Word or Access or any other simple document or database technique.

Finally, if you are introducing this facility into your processes, make sure it isn’t abused or over-used. Deviations should be the exceptions not the norm. Check they really are temporary and they really are time-expiring automatically and things then revert to normal. Check that expiry times are not excessive. Check that they are being signed off at the appropriate level and are being properly stored so that, if problems subsequently arise, you can back-track and understand what was done when and why.

Wireless technology recruitment in Cambridge

It’s great to see a real home-grown high-tech success story in the UK.

Cambridge Broadband Networks, a company I know well, is just such a success. They’ve recently celebrated their tenth anniversary and are growing very quickly at the moment, in fact they are one of the top 50 technology hardware and equipment sector companies as recognised in the Department for Business Innovation and Skills 2009 R&D Scoreboard, and were in the Sunday Times Tech Track 100 in 2009 and a finalist in Growing Business magazine’s Fast Growth Business of Year Awards 2010.

Cambridge Broadband Networks design and manufacture next-generation microwave communications products that provide broadband data and voice for mobile phone backhaul (3G, HSPA and 4G/LTE) and access. They sell to emerging markets in the Far East, Middle East and Africa as well as in Europe, and their highly innovative ‘Point to Multipoint’ architecture is, in many applications, more technologically advanced, much more future-proof and far more cost-effective than any of the competing solutions.

The company is recruiting hard and is currently looking for product managers, hardware and software engineers, customer support engineers, business development people, test engineers, and other roles, mostly UK based but with a few overseas roles too. I promised the good folks at Cambridge Broadband that I’d mention their search on this blog site.

If you’re interested, have experience in wireless comms, and are local to the Cambridge (UK) area, they have an open recruitment evening on Wednesday 11 Aug, 5-7pm to discuss the opportunities; even if you aren’t local you can find more details on their website: http://www.cbnl.com/about/vacancies.html