- THE MAGAZINE
- WEB EXCLUSIVES
A management system built in conformance to an organization’s applicable ISO standard can bring a host of benefits. After becoming ISO certified, it is likely that an organization will achieve process improvement, lower defect and scrap costs, and increased customer satisfaction, for example.
To reap the most benefits from ISO certification, many organizations elect to implement ISO conformance software to ensure efficacy and efficiency in processes and procedures tied to an ISO management system. Other reasons for adopting such software include easing overall ISO conformance and the third-party assessment process. Furthermore, ISO conformance software typically will be able to help the organization satisfy additional requirements-regulatory as well as those imposed by the customer.
Automation is IntegralAutomation is at the heart of ISO conformance software. Such software automates internal audits, which helps to ensure, for example, that policies, procedures and work instructions have been approved and that employees are correctly trained. Also, the software automates the management system itself, providing a streamlined process to help ensure that processes and procedures are executed correctly and on time.
“Process control can be achieved through mistake-proofing techniques such as automated workflows, stage/gate methodologies and work list management,” says Steve Scott, chief technical officer of Powerway Inc. (Indianapolis). “These solutions provide a means of defining the process that will be executed for each product, service, document, problem or change.”
For example, instead of using a paper-based process for dealing with nonconformances and subsequent investigations, an automated workflow process could be implemented to help an organization capture nonconformances and make decisions regarding severity and the appropriateness of full investigations. Or, after one assessment has been completed, the software could automatically schedule the subsequent assessment reminder, which would be communicated to the appropriate employee after a pre-determined interval. If an important function requires reassessment after 90 days, for example, the software would automatically notify the responsible employee when that function is due.
ISO conformance software typically will distribute work to employees, monitor activity and notify employees via an escalation function of events that require attention. The escalation function allows deadlines to be built into document approvals, corrective actions and request responses. If the responsible employee does not meet a deadline, the system will automatically notify management, escalating through the ranks until the issue is resolved.
Change management functionality is another capability that ISO conformance software typically possesses. Software with this functionality will be able to notify users if revised documentation, for example work instructions, might have an adverse effect on other areas of the management system, which may help to eliminate failures caused by improper documentation.
ISO conformance software eases the third-party assessment process by virtue of its automated nature and transparency. “If such a system is embraced by the users and reinforced by upper management, an organization will be sure that it is following procedure,” says Bob Herdoiza, chief executive officer of Cebos (Brighton, MI). “In reality, getting ready for an ISO surveillance assessment really is not very time intensive because you are already doing it by the nature of the system.”
The software’s transparency means that assessor and employee alike are able to see what is happening within the management system in real time. “If you’re responsible for quality, you can see at a glance who is qualified and whether or not the document control system is working,” says Dan Riordan, vice president of marketing for IBS America Inc. (Lexington, MA). “You can look at the corrective action system and it is easy to see whether or not people are creating corrective actions. Are those corrective actions being responded to? Is the root cause analysis being identified? It is all there at your fingertips.”
Making It ViableWhen considering the purchase of ISO conformance software, an organization needs to be sure that management and other areas of the organization, such as IT, will back implementation. In short, there has to be a culture of compliance, an interest in quality and a willingness to embrace the system at all levels for an implementation to be successful.
“A lot of times what we see are cultural issues of people trying to change from a paper-based to an automated solution,” says Nikki Willett, vice president of marketing and regulatory affairs for Pilgrim Software (Tampa, FL).
“The culture is used to paper and does not want to use the automated solution or does not use it in the correct way, or they think the automated solution should be solving all their problems, and of course it is not,” she says. “Any automated solution needs to be combined with good plans and programs to be truly effective.”
If there is enough internal dedication for viable implementation, the organization should first conduct a needs assessment, determining the functionality they require in a solution.
“In the early stages of quality management maturity for an organization, the controls over processes are limited to internal processes such as document control, corrective and preventive action, internal auditing, statistical process control and product quality planning,” says Scott. “As the quality management system matures, this extends beyond the organization to include customers and suppliers.”
Organizational integration is another aspect warranting consideration. ISO conformance software will be most effective when it is integrated across the entire organization, operating as a centralized system, providing enterprise visibility. In this way, all areas of the organization are using the solution, which makes it easy to determine the organization’s overall state of compliance.
The organization also should be cognizant of how automation could help to streamline its business processes. When converting to a software solution, there should not be an attempt to imitate the paper-based system that is being replaced; rather, it should be explored how the unique functionality of the automated solution could improve process efficiency, by eliminating steps, for example.
When looking at what is currently on the market, Ricardo Lepper, chief executive officer of SoftExpert USA (Auburn, IN), says there are five primary functions that vendors should support: compliance management, quality management, audit management, risk management and policy management. “It also is desirable to have the capability to integrate with enterprise content management; business process management; environmental, health and safety compliance; business intelligence; technical controls; and continuous control monitoring,” he says.
Organizations should rate prospective vendors by software ease of use, quality of support, vendor experience and software configurability. When software is configurable, user-made changes will carry over from release to release. A configurable solution may allow an organization to more easily satisfy customer requirements by enabling it to reconfigure business processes, for example. It is important that the configurability of the software be user-friendly enough to allow non-IT personnel the ability to make modifications. The level of support offered during initial implementation is another critical factor. A vendor should have a sound understanding of an organization’s needs and possess a solid methodology for implementing the solution.
A pitfall to be wary of is the misconception that ISO conformance software guarantees compliance. Although such software automates processes and procedures, it is really only a facilitator, and employee commitment ultimately decides its success. “ISO compliance software gives the capability to easily enter, record and track data, easily access data at the right time at the right place for the right person and turn that data into information, knowledge and potentially a competitive advantage,” says Willett.
“But it does not stop there,” she says, “meaning that the organization has to have the cultural behavior associated with quality and compliance to be able to meet its customers and stakeholders’ expectations and meet the compliance regulations as well. It is not just the system. An integrated model will link value and effectively coordinate an organization’s people, process and technology capabilities so that quality can become embedded in the fabric of the organization.”
Building Your SystemFrom vendor to vendor, ISO conformance software typically is sold as a framework that can be applied to a variety of ISO standards. This is because the standards that such software will apply to are based on ISO 9001: 2000 Quality Management Systems-Requirements and, therefore, include the same five fundamental areas: documenting SOPs, polices, procedures and work instructions; ensuring employee training is up to date; monitoring the state of compliance through internal audits; finding and remedying issues in a timely manner; and ensuring the quality of reports.
Most software solutions are modular and scalable, meaning that price incurred is contingent on the level of functionality and the number of users. For example, an organization may elect to purchase a document management module first for a limited number of users and then, as the company grows, add more modules to the solution as well as give more employees access to it. Or, for instance, if an organization is part of the automotive industry and, therefore, must conform to ISO/TS 16949, it will need to purchase an additional module for advanced product quality planning (APQP).
“Organizations may implement just a few modules, according to their immediate need, and incrementally improve creating scalability according to the return on the investment made,” says Lepper. “The organization must consider what point in compliance maturity it wants to reach and which software solution can respond to that expectation, taking into account the overall project budget.”
Additionally, many solution providers offer functionality that satisfies specific regulatory requirements, such as those enacted by the FDA or EPA. “Many businesses are now looking at a much wider range of compliance so that in addition to covering ISO they cover 21CFR and other regulations,” says Bill Best, president of Proquis Inc. (Schaumburg, IL). “Many ISO compliance software packages have extended their offering to meet these needs, and organizations are looking for this coverage to improve their ROI [return on investment].”
Vendors typically provide a choice of how their solution is deployed. Organizations usually will be able to choose from a client-based, Web-based or software as a service (SaaS) approach. Though not always the case, larger companies usually use client-based solutions because they have the IT resources to manage such a deployment. Mid-size and small companies generally opt for the Web-based or SaaS approach, because those can be used without large IT investment.
Bigger Challenges, Better SolutionsNo doubt ISO conformance software is trending toward a greater level of flexibility and functionality. Besides being configurable, scalable and having the ability to fulfill requirements other than those created by ISO, for example, functionality such as enterprise risk management has become part of some ISO compliance solutions. And this trend will continue as organizations are faced with a larger number of increasingly stringent requirements.
It also is predicted that the future of ISO conformance software will largely include the Internet. A Web-based approach can help an organization become centralized, and if it is a SaaS solution, the cost of entry may be eased, because the solution can be viewed as an operating cost rather than a capital investment.
“Through the use of SaaS, compliance software companies are deploying their strategies much faster,” says Lepper. “The software vendor assumes more of the total risk, and customers have better uptime, lower life cycle costs, no upgrades to worry about and, in most cases, enhanced functionality.” Q
For more information on the companies mentioned in this article, visit their Web sites:
- Cebos, www.cebos.com
IBS America Inc., www.ibs-us.com
Pilgrim Software, www.pilgrimsoftware.com
Powerway Inc., www.powerwayinc.com
Proquis Inc., www.proquis.com