Planning is the process of conceptualizing the activities required to achieve a desired goal. It is the first and foremost activity for any new project/task that you want to accomplish. Planning involves thinking about the risks that may occur in future and addressing these through adequate control measures. Clause 6 of ISO 9001 deals with this highly critical activity and requires an organization to take a risk-based approach and plan for the uncertainties pro-actively preventing undesired effects. Another aspect of planning is to identify objectives which can be used to monitor and track our progress. Additionally, this clause requires an organization to plan for changes and follow a structured approach for any changes required in the management system.
Why Is it important?
Risk based thinking is introduced in the new version of ISO 9001 and is included throughout the standard. This shift was done to introduce a pro-active approach to handling risks, rather than taking an approach of preventive actions when the issue has already occurred.
Let us understand why risk-based thinking is important and how it impacts various aspects of our lives. We face risk of traffic or car breakdown when we travel from our house to office. To reduce the effects of the risk, we may plan to leave home 15 minutes early or take a longer route with lesser traffic. Risks may also sometimes present opportunities, risks of running late may give us an opportunity to explore other modes of travel or you may want to look for a job closer to home.
In a business scenario also, risks are equally important. Through a pro-active approach on planning ahead for the risks, we can avoid unforeseen situations, occurrences, events or incidents. This helps in reduction or mitigation of our liabilities and improve the product or service delivery. This in turn, helps in managing reputation and helps in business growth.
Defining Quality Objectives is an important step for any organization to control its processes and helps bring-in continual improvement in their systems. Quality Objectives gives you important insights on how you are progressing and drives you to create plans to meet the objectives. This is a good way to identify opportunities and pave a way for growth of your organization.
Moreover, any continual improvement or corrective action may need change which should be handled in a formal manner to avoid any unforeseen consequences of the change.
Actions to address risks and opportunities
This clause of ISO 9001 requires an organization to consider the contextual issues and requirements of the interested parties and determine the risks and opportunities. In our Article on Clause 4, SWOT analysis was used to determine the internal and external context followed by a stakeholder’s analysis to determine their requirements. Risks and opportunities are identified from these issues or through non-conformities that are identified in the course of your operations. The identified risks may be at the strategic levels or operational levels. Some examples of risks that an organization may face are given below:
Strategic Risk
- Competition high in our area of operation
- Reputation at stake if a complex/large project is not successful
Operational risk
- Risk of defective delivery
- Risk of schedule slippage due to unclear requirements
Once all risks are identified, the next step is the address these risks and opportunities. A risk which is operational in nature may be handled by a manager who owns the area/function while ownership of strategic risks is with the top management.
Once you have identified all operational and strategic risks, the next step is to plan actions to either reduce the likelihood of its occurrence (called mitigation) and/or reduce the severity or impact of the risk (called contingency). For a small organization or where the complexity of work is less, this could just mean planning mitigation actions and ensuring timely closure of all such actions.
Companies may opt for a detailed risk evaluation. This is done by defining a risk methodology to manage all kinds of risks. This methodology involves assessing the risk, giving it a score or a rating and then comparing it against an acceptance level. Based on the acceptance levels, adequate response to the risk is planned. Risk matrices (Sample given in Figure below) based on probability and impact are used to give a rating to the risk. A risk lying in the green zone may be acceptable whereas amber and red need additional controls and shall be prioritized for closure.
Once control action on risks is taken, the effectiveness of these actions shall be evaluated to ensure that the control measures were effective. Monitoring of risk should be carried out on a regular basis or on events like changes in staff, process or equipment.
Quality Objectives and Planning to Achieve Them
The next stage of Planning is to set quality objectives for various levels/functions in the organization. The quality objectives shall be consistent with the quality policy and shall be relevant to the conformity of products/ services, and the enhancement of customer satisfaction.
The quality objectives must be defined in a way that they are measurable and consideration shall be given to the applicable customer and statutory and regulatory requirements.
A simple method of establishing these quality objectives is using the S.M.A.R.T. methodology. What SMART specifies is that each objective shall be defined in a way that it is:
- Specific - The objectives are written in a way it is interpreted in same way by anyone who reads it
- Measurable – This means that the objective should be quantitative so that it can be compared against a goal and its achievement assessed. Terms such as amount, percentages, etc shall be used to define these objectives.
- Achievable- An objective which is planned but capturing its data is difficult or there are no mechanisms/resources to achieve the results makes an objective useless. So, adequate resources/mechanisms should be available to achieve the objective.
- Relevant –The objective shall be relevant to organization’s context and it shall provide an insight if the customer / statutory and regulatory requirements are being met or not.
- Time-Oriented- The objective should be time-bound so that its achievement can be evaluated within a fixed time-frame.
Some examples of quality objectives are given below:
- Product – Reduction in defective product by 2% within a year
- Customers –Improvement in customer satisfaction scores by 4% by end of 2020
- For the QMS –Number of improvement opportunities in a quarter, etc
The quality Objectives shall be defined by the top management and once these are finalized, the organization shall:
- Document these Quality objectives in your quality manual/ procedures/ quality plans or any other relevant place.
- Communicate the quality objectives to the employees, as required. This may be done through training or in meetings.
- Deploy these quality measurements in the organization. You may plan to capture the data manually or use tools to gather the data required. Also, plan for mechanisms to report these quality objectives.
- Ensure these are measured across the organization. Monitor the achievement of the quality objectives using dashboards or simply by reporting these at fixed time intervals
- Review the achievement of objectives with the top management. This can be done in management review meetings. Based on the achievement of the quality objectives, the goals may be updated, as appropriate
- Plan actions when the actual results do not meet the goals. This gives you an opportunity to identify continual improvement initiatives.
Planning of Changes
When the organization determines there is a need to change the QMS, this clause of ISO 9001:2015 requires such change to be carried out in a controlled manner. A defined change management process is a good way of addressing this clause. A structured approach ensures that the person requesting the change consider a number of items such as who will be impacted, the resources required, etc. This ensures that change approver/manager makes a good decision and manages the change properly.
The steps required to plan a change are:
- Identify the change required and define the details of the change
- Assess the need of change considering
- the purpose of the changes and potential consequences
- the availability of resources
- the allocation or reallocation of responsibilities and authorities.
- whether the integrity of QMS could be compromised as a result of making the change
- Get an approval from top management/ change approver for change implementation
- Create a plan and identify tasks, resources and responsibilities, timelines, etc. to carry out the change
- Create a communication plan and identify all the internal and external stakeholders that are impacted and need to be informed of the change
- Get review of the changes done by top management/change approver after changes are done.
- Conduct Training for people affected by the change
- Monitor the change to evaluate its effectiveness