Essential Guide To Q Ms

Selecting, Implementing,
and Using QMS Software

Solutions
THE QMS GUIDEBOOK EtQ, Inc.
Table of Contents
Introduction: Why do We need QMS?

Getting on the Quality Management Software Soapbox . . . . . . . . . . . . . . . 1
Getting Started on Your Journey

8 Simple Rules for Selecting a Quality Management Software System . . . . . . . . 4
Look Under the Surface: 4 Things to Ask a Compliance Software Vendor . . . . . . . 6
Tips for Implementation Success

Build vs. Buy: Best-Practice QMS Solution over Custom Development . . . . . . . . 8
Avoid Scope Creep in Enterprise Software Implementation . . . . . . . . . . . . .11
ROI: Assessing Value in a Quality and EHS Management System . . . . . . . . . . .13
Best Practices for QMS Solutions

The Importance of Risk in the Complex Quality Lifecycle . . . . . . . . . . . . . .15
Risk Assessment: Creating a Risk Matrix . . . . . . . . . . . . . . . . . . . . . .16
Three Keys to Global Harmonization in Quality: Learning to Share . . . . . . . . . .18
Final Thoughts: Fun Takes on QMS Software

Is Quality Dying a Slow Death, or Evolving Beyond Definition? . . . . . . . . . . . .19
What Star Wars Can Learn from Quality Management Software . . . . . . . . . . .20
The QMS Guidebook: Selecting, Implementing, and Using QMS Software Solutions
www.etq.com 800.354.4476 info@etq.com
1 | Getting on the Quality Management Software Soapbox
Getting on the Quality Management Software

Soapbox
What You Didnt Know, or Were Afraid to Ask
The main obstacle to truly being risk-based is the shift in changing
your understanding of Quality and risk. Its sometimes difficult to
understand what is critical in a business, and therefore overuse
Corrective Actions. Many feel its better to just initiate the Corrective
Action and deal with the process than truly assess whether you even
need it. Not every adverse events needs to be a Corrective Action; this
dilutes the purpose of the process. Corrective Actions are designed
to correct critical and/or systemic issues. Risk Assessment and Risk
Management are designed to help discern which is critical and which
is not critical. Non-critical events can be immediately corrected;
however, many businesses do not see the value of correcting non-
Is The Quality Management Software market Evolving to be critical events in the source data in which they are found.
Easier, or more Complex?
Especially in regulated industries where the scrutiny is so high, we
As the world market evolves, product lifecycles are speeding up often want to err on the side of caution and do a full-blown inves-
to accommodate market demand and keep up with competing tigation on a minor event, such as a label smudge. While this is an
products. As a result, Quality benchmarks need to evolve as well. Risk important correction, its not critical and wastes resources and time
is fast becoming the benchmark for assessing Quality throughout an for a business. First and foremost, organizations need to realize
organization. This is because organizations need a systematic and where their critical events lie, focus on those first, then worry about
objective way of looking at incoming information and making deci- the non-critical areas as they come. Risk Management provides this
sions on how best to manage Quality. Risk Management provides ability to filter out the critical events and make the right decisions on
this benchmarkit allows for a quantitative method to review the how to handle them.
data and come up with decision criteria to help make better deci-
sions leading to better Quality. In this day and age, companies Why Companies are Still Reluctant to Purchase
cannot afford to lag on their Qualityproduct lifecycles are moving a QMS
too fast and companies cannot keep up. Risk has evolved over the Software is a key component in todays industries. Again, industries
years to be more quantitative in nature and is incorporated into are moving faster and much like the automated assembly line, so too
traditional Quality models in order to keep up with the pace of the must the business processes that govern manufacturing be auto-
new markets. This evolution is seen in adopting risk matrices incor- mated. So why are people so hesitant to implement software? Here
porated into multiple facets of the Quality dynamic; Complaints, are a few potential reasons:
Audits, Nonconformances, Corrective Actions, and similar functions
all use Risk in some form or another. This is growing in interest to the 1. The Fallacy of the Custom Solution: Most people remember
point in which risk activities often govern the processes and are fully the days of the custom-developed solution, where in order to
integrated in the traditional workflows. get the software to work the way you want it to, you need a
team of developers over the period of a year or more to code the
Whereas this was once a discipline reserved for only the leading edge system into your companys mold. While the stigma remains,
companies, is now becoming mainstream. Most software solutions the software has evolved beyond this. Especially in business
have some element of risk built in, and as more risk solutions are process automation (such as Quality), the custom solution is
offered, more companies adopt the risk methodologies. This main- gone, giving way to the configured solution. Adaptations and
stream adoption is going on now and soon it will be hard to find a changes to the system are all encased in settings and drag and
company that doesnt have some sort of risk built into their system. drop interfaces, making the configuration of the system as easy
The bottom line is that Risk Management is getting easier to access as changing your Facebook settings. Now the business user, not
for all organizations; but it is still a complex dynamic. Each company a developer, is adapting the system to meet the business need;
will need to determine which risk model best fits their business this is extremely powerful and time-saving on resources, but
needs. The trick is to find a solution that is flexible enough to provide is also putting the software design in the hands of the people
the level of detail needed for risk activities, but make it easy for each who actually use the tools. Very powerful, and organizations are
company to adapt and grow their Risk Management program. slowly warming up to this concept.
2. The Fallacy that Software is too Expensive: Much like the 5. Return on Investment: Theres not doubt that oftware is an
advent of standardize parts in the automotive industry, having investment. From the small desktop solutions to the enterprise
a configured system that has all the components developed out systems, there is an investment to be made. The return on that
of the box has driven the price point down considerably. One investment is where the difference is made. If you can reduce
solution can satisfy many different organizations needs, and your Corrective Action cycle time by 50%, and youre able to
so companies can now get into a decent enterprise software focus on the issues that matter most to organization, then youve
product for a fraction of the cost 10, even 5 years ago. already seen the return. The key here is to ensure that youve
maximized the software to realize that return.
3. The Fallacy of the In-House Maintenance: Another issue
that comes up with many smaller businesses is a small IT foot- Then there are the not-so-obvious benefits.
print. They cannot manage yet another system, and IT will not
administer the system for them. Thanks to the advent of cloud 6. Rapid Application Development: As a Quality professional,
computing, we are seeing this paradigm slowly fade. Software as youre not in the business of building applications. But to the
a Service (SaaS) is growing in exponential fashion, and it enables earlier point, software these days is less developing and more
a small organization to get into the game with little to no admin- configuring. Many organizations are leveraging the workflow-
istrative IT footprint. Much like we use Facebook, Pandora, and based platforms to extend the software to more areas of the
LinkedIn in our personal lives, so too are professional software business. Take the Environmental Health and Safety (EHS) system
solutions coming into the fray. Applications that are delivered in for examplemany Quality systems have similar functions to
the cloud and are paid as a subscription are enabling smaller busi- that of an EHS system. If you can leverage your existing solution
nesses to enjoy the benefits of enterprise Quality Management in Quality, and create a similar set of modules for the EHS team,
solutions, without having to dedicate specific resources or signif- youve not only doubled the power of the software to another
icant cash flow to a single tool. Pay as you goits the way of the operational area, but youve also created another hero moment
future. for you and your team. Many organizations have become a center
of excellence due in part to their use and innovation into other
Everyone resists change. Most often, the larger companies will be areas like EHS, HR, PLM, and Supplier Management.
the ones to take the first step, and sometimes the innovators in
the industry, regardless of size. Mainstream adoption often comes 7. Enterprise Risk Management: QMS solutions that incorporate
when it becomes easier to make the change from one system (or no risk are unique in that the risk concept transcends Quality. Risk is a
system) to an automated software tool. With flexible, configurable company-wide issue. Youve heard the mantra, Quality is every-
solutions that can be deployed in-house or over the Web, change ones responsibility. Thats a nice statement, but often Quality
becomes easier, and more and more small to mid-sized organiza- is really only the responsibility of the Quality department.
tions can enjoy the benefits of the solutions in the market today. Very few outside of Quality actually speak Quality, so there is
a disconnect. However, everyone in the company speaks risk.
What are the Obvious and Not-so-Obvious By using risk as a benchmark, you are translating your Quality
Benefits to a QMS Solution? activities into risks and opportunities that the entire company
As with anything, you often find that your goals change over time. can understand. Enterprise Risk is a function that can come from
This is also the case with an enterprise Quality Management System Quality and be extended to the entire organization. Along with
(QMS). Many will enter into an investment in a QMS with very specific that, a risk-based QMS can be extended to encompass the entire
goalsimplement Document Control and Corrective Action, and enterprise, thereby becoming an Enterprise Risk Management
then as they see more value, they see more potential in the software. (ERM) solution.
You get the core needs covered, and then as that is running
smoothly you begin to look for ways to make the software work for
Whats Your Price? Moreover, whats Your
you elsewhere. Thats what its forit makes your job easier. The Price Not to go with QMS?
obvious benefits are: How much to pay for an Enterprise Quality Management solution?
Again, when we look at this, we have to discuss in terms of not price
4. Time-savings: Lets face itmanually processes are time- point, but also investment and return. How much is an automated
consuming. Chasing paper is not what youre in Quality for. You system worth to your organization? Typically enterprise systems will
need to be able to free up as much time dedicated to ensuring not be cheap, but the key is to do your due diligence and examine
the Quality and Compliance of your operation. Software can your current as-is and the potential to-be by implementing a
provide that time-savings through automating processes, inte- system. Configurable systems and systems hosted in the Cloud will
grating with other business systems, and fostering better visi- be offered at a reasonable price, and as these systems become more
bility and collaboration throughout the business. flexible and easily deployed, you will see the price points go down.
Consider the following examples of Return on Investment (ROI):
1. Case: One Life Sciences consumer goods company was using

over 500 systems to manage both Quality and EHS (QEHS)
processes. This varied in range from spreadsheets to enterprise
ERP systems, across all of their global applications. Managing
500+ different sources of data left them with a disparate view
of their QEHS. They decided to make the investment in an auto-
mated solution, and thanks to the benefits listed above, theyve
reduce the 500+ systems down to a single system. Regardless of
their actual investment cost, the benefit of having a single source
of the truth has been an overwhelming return.
2. Case: A Blood Services organization had a manual Quality

process that tracked their Quality Control (QC) data. Since this
was a manual process, the time it took to manage and review the
QC data was roughly 45 days to completion. Once they imple-
mented an automated system, they have since reduced this time
to less than a day for the same process. Less than a day! They
estimate the time saved to be near 650 hours of labor. This is a
perfect example of time-savings as an ROI metric.
Scalability: Cant We All Get Along?

One key area that needs to also be mentioned is scalability. We no
longer live in a single siloed world. Companies have multiple facil-
ities, each with their own unique processes relative to the corporate
standard. Everyone operates in their own way that works for them, and
implementing a software system should not force them to change.
QMS needs to be adaptable to the business processes for each line
of the business, but also conform to a corporate standard. So the
question becomes, how can we all be unique in our processes, but
conform to the common corporate platform? QMSs are evolving to
address this issue. It used to be that for each site, a separate instance
of the software needed to be installed and maintained. If you have
30 sites, then you would need 30 systems, each with their own
administration and workflows. No longer is this the case. Flexibility
is now extending beyond just the processes and workflows, but also
into the locations in which processes are located. With flexibility by
location, you can log into the system from your site and see all the
relevant workflows, coupled with some of the corporate standard
workflows. They become one holistic workflow that can vary site to
site, but maintain the relevant data that corporate needs to track.
So in effect, you have a global, holistic solution that can satisfy both
corporate needs and the needs of the individual sites.
4 | 8 Simple Rules for Selecting a Quality Management Software System
8 Simple Rules for Selecting a Quality Management

Software System
In a market where high-demand causes organizations to seek 3. Look and FeelMaking the System Your Own: One of the
software systems that will fit into their complex business infra- more overlooked issues when selecting the software is the ability
structure, the pressure to find the right system often causes angst to brand the system with your organizations look and feel.
to many. Coupled with the host of options out there, the pressure While many ask whether the system can be configured to meet
builds. Often, organizations will settle on a system that has most their changing needs, the ability to change the colors, logos,
of the functionality they need, but doesnt provide everything they fonts, and general layout of the navigators, forms and reports is
want. That being said, here are 8 Simple Rules on what to look for usually an afterthought. Many systems will offer some level of
in a QMS. configurability, but this will usually not extend to the layouts
themselves. End users must contend with the vendors look-
1. Flexibility to Adapt to Business Processes: Probably the most and-feel, which will be foreign to them. The ability to control all
important consideration is the ability of the system to adapt aspects of the softwares user interface helps user-acceptance of
to your existing business processes, and be flexible enough to the software, and user buy-in is one of the major contributors to
change and improve as your processes change and improve. a software implementations success. In the age of Web-based
This may seem like a simple statement, but many times software applications, vendors can demonstrate flexibility by complying
vendors build their systems around a generic, best-practice with Web user interface standards. Furthermore, they should be
approach that cannot be changed without substantial time and able to provide this control without the need to customize the
cost. These vendors want you to adapt your processes to their software. When selecting a system, have a well-defined set of
software, not the other way around. If your company has spent user interface requirements that will make the system work for
years developing and fine-tuning business processes, and upon you, and ensure that the system is able to meet those require-
purchasing a software system, you find yourself reengineering ments without having to do extensive development.
your proven processes to fit within the software systems limita-
tions, you have compromised your efficiency. 4. Making Sense of the DataReporting and Searching: When
you automate using QMS, there is an enormous amount of data
Do not compromisefind a solution that is truly flexible and config- created. Without some means of easily accessing the data, the
urable, and can configure all aspects of the software, including work- QMS makes it extremely difficult to derive trends and insights
flows, forms, fields, reports, business rules, even the look and feel. on the Quality system. Users are left to their own devices to
Configuration should also be easy for non-technical administrators. manually filter out the data, or even export the results into an
Graphical tools such as drag-and-drop will enable administrators to external system for reporting. This is a time-consuming effort,
own the configurations of the system with limited to no programming and can lead to time management issues in finding the data,
knowledge required. In many cases, the cost of changing your oper- filtering the data and reporting on the data. Software systems will
ations as a result of an inflexible software package outweighs the often offer some means of search capabilities, but this comes in
cost of the package itself. Careful and thoughtful attention to the many ways and may require administrative intervention. Having
softwares flexibility is key to a successful implementation. search capabilities is often not enoughthe system should
be able to search not only at the highest level, but also search
2. Web-based versus Web-enabled: The Internet has made
on multiple criteria and search within records, or even within
the world much smaller. Organizations are building intranets
attachments embedded in records. At the same time, reporting
and extranets into their global network, and the need to have
on the data comes in many flavors. Many software vendors
systems in place that not only utilize the Internet but also thrive
consider reporting an afterthought in the development of their
on it is key to success. Following this lead, enterprise software
productsusually partnering with third party tools to help make
vendors are building tools that move away from the old client-
sense of the data, but with only limited integration between the
server models to a thin-client interface, allowing for more flexi-
two systems. Others will embed reporting tools directly into
bility in a global environment. There are software vendors that
their productproviding a more integrated method of pulling
are Web-based and some that are Web-enabled. Knowing the
data across records within the system. When selecting a software
difference between the two can provide a key differentiator in
solution, determine the types of searches and types of reports
your selection of the system.
you need to generate, and require that the vendor is able to
create such searches and generate the reports you need.
5 | 8 Simple Rules for Selecting a QMS System
5. Taking Quality to the EnterpriseScalability Matters: Ulti- and cause delays in getting implemented and effective. Many
mately, your QMS may not serve a single site, especially if your software vendors do not come from your industry. In fact, many
organization has multiple facilities. As more and more companies come from a technology background, and never take into
scale their systems to span the enterprise, it will become account the user experience. The result is a software system that
necessary for the QMS to follow suit. When selecting a software is technologically advanced, but completely un-user friendly.
system, think about the long-term goals on how you plan to
scale. It may not be an immediate need, but having the ability to When selecting a software system, take into account the end users
expand your QMS beyond your four walls to include other facil- experience. Make sure the software can easily be configured to help
ities, or even suppliers and customers, can make a difference the end userwhether it is familiar forms and layouts, even colors
in the systems long-term value. Watch out for false scalability that match the corporate look. If you are replacing an existing system,
promisessome systems will claim scalability, but have no real see if you can match the new systems look and feel, even the form
experience in the matter. A scalable system must obviously be layouts to the old system. This can make the transition much easier,
technically capable of handling the load of additional users, but and make the end users more productive right from the start.
that is only half of the picture. The scalability of administration is 8. Time to ValueImplementation and Deployment: Youve
equally important and can be much more expensive to fix later if covered your needs in terms of the solution and it has all the bells
not considered up-front. and whistles your company needsnow what? The solution
Look for customer references that have scaled the system to a level needs to be implemented. This is where, many times, software
that is equal to your business, specifically in the ability to delegate selections fail. In fact, in a recent study of over 9,000 software
administration to different levels in the organization, across the implementations, 71% of them either failed or were late or
entire enterprise. Truly scalable systems include location-based over budget. Many of these projects cited the implementation
administration that extends beyond simply managing different user project as a major reason for failure. It is critically important that
groups, to enabling location-specific configurations and dynamic the software vendor be able to demonstrate their capability to
filtering of location-specific data. not only deliver the solution to you on time and on budget, but
do so in a fashion that lets you use the system as you intend to
6. Tying Systems Together through Integration: Operational use itwith all your configurations and best practices built in.
areas no longer live in silos when it comes to business systems.
Whether they are Production, Financial, or Quality systems, the Look for a solution that has a proven implementation method that
ability to interact, collaborate, and coordinate across the business involves the requirements gathering, the side-by-side collaboration
is key to uncovering any gaps in processes, and creates visibility with their folks and your team, and sticks to an agreed upon project
from one operational area to the next. It is of paramount impor- scope. Furthermore, get your requirements finalized up front
tance to be able to integrate your systems. adding new features and functions mid-stream often delays projects
as more time is added to the project to meet these new last minute
When looking to select a system, keep in mind the integration entries. Finally, make sure all the stakeholders in your organization
options available within the solution. Avoid solutions that claim have had their opportunity to contribute to the requirements phase.
integration, but will only do basic integration lookups. While this is This will ensure that all parties are satisfied before the implemen-
powerful and eliminates some degree of double-entry of data, true tation begins.
integration will not only pull data in from production systems, but
will also push data back to those systems, such as nonconformance These 8 rules of engagement when selecting a software solution
issues, overall cost of Quality activities and more. (which can really be applied to any enterprise solution, not just
Quality or EHS), can have a tremendous impact on how you approach
7. Know Your AudienceEnd User Acceptance: Typically, the your software purchases in the future.
team selecting a software system is made up of multiple areasIT,
Quality, Operations, Purchasing, and more. More often than not,
the participants are manager-level, and are making the decision
on behalf of themselves and the end users. The end users, while
most likely the highest volume user, are more than likely not
involved in the ultimate decision. Many software systems will
have the technology and process management needed, but
once implemented, the end users are lost. It doesnt look familiar;
it doesnt look and feel right, and requires significant adjustment
to get used to. Look and feel may not seem like a deal breaker
but it can be a hindrance in the learning curve for many users,
6 | Look Under the Surface: 4 Things to Ask a Compliance Software Vendor
Look Under the Surface:

4 Things to Ask a Compliance Software Vendor
In this day and age, very rarely do people buy anything without parties. The best way to find out if the implementation methods
doing their research. This rings true when it comes to the buying are proven is to look for proof from existing customers.
process for enterprise software systems. In many ways, the buyer
has so many tools available to research vendors and understand the 2. Customer Satisfaction: Todays enterprise software buyer
pros and cons, we see a much more informed and educated enter- will no doubt ask for references. Most vendors will gladly turn
prise buyer. Web-based research will give you some of the key areas you towards their go-to reference or load you up with case
to rate a vendor on, such as: studies. And most buyers will discuss the cursory questions
What do you like about the software, and does the software
Market expertise meet your needs, etc. When doing your reference call, its
Features and utilities also a good practice to delve into some more intangible ques-
Broad company overview tions. Remember, enterprise software is not only an investment
in a solution; it can be an investment in the people within the
Pricing and support structure company. Questions like What do you think of your account
Breadth of applications offered manager or service manager, or Do they respond to your needs
All these things can be commonly found after some basic research, at this company, or even What is their user conference like will
and a few discovery demonstrations. However, we still see cases give you a deeper insight into how this company operates. These
where a company has selected a vendor, and that vendor continues types of questions (which may seem silly at first) add dimension
to fail on their delivery of the solution. You would think that these to the vendor, and also give you an indication of the health and
longevity of the company. You want to invest with a company
failures would be picked up on during their extensive, informed
that will be around for as long as you continue to work with
research, but there is more to a company than the above bullet
them.
points. Below are some additional considerations to be aware of
when selecting an enterprise vendorthose that go beyond pricing, 3. Financial Well-Being: As stated above, you are investing in
features, and tools. an enterprise solution and the company behind itits criti-
1. Implementation Track Record: One of the primary reasons cally important that you feel comfortable about the companys
software implementations fail is a lack of communication and financial well-being as well as their product offering. In this day
project management within the implementation team. To put it and age, software companies are being bought and sold, and a
more simply, the project scope goes over time and over budget. companys control is sometimes in the hands of a venture capi-
Often (and especially in the Compliance software market), the talist rather than a software architect. In some cases, the software
software sale draws so much focus, that the service element vendor is a minority shareholder in their own company. Venture
becomes an afterthought. Look for a vendor that has a proven capital investment, loans and lines of credit to keep operations
track record of implementing their solutions successfully, and goingtruth is, a software vendor may have more debt than
make sure to spend some time reviewing their strategy. Proper equity. Dont hesitate to get financial information from the
implementations, whether large or small, should incorporate vendor.
some element of project management that involves both
7 | Look Under the Surface: 4 Things to Ask a Compliance Software Vendor
Now many may not be apt to opening their books for you, and thats In our world where we have all the information at our fingertips, its
finethere are a few ways to get an accurate financial picture: sometimes easy to say we know everything. But there are still those
data points that are not publicly known, and getting the right answers
a. Search the Web for Investment News: Vendors may not can make a big difference in your decision. So its important to do
actively promote when they are bought or invested in, but your research and come to the table prepared, but dont be afraid to
the investors love to talk up their portfolio. Look for press ask for more information on your enterprise software solution.
releases from investors on your vendor, and read carefully
on whether the investment firm is providing capital, or
actually purchasing the vendor.
b. Ask for a Debt to Equity Ratio: This is a great way to see

the financial health of an organization without prying
into their books. The Debt to Equity ratio will indicate
how much they owe versus how much they own. Be wary
of vendors with high ratioschances are they may be
burning more cash than they are bringing in.
c. Annual Growth Rate: Average growth percentages over

a 3-5 year period are nice, but the vendor could have
had one great year in year 1, and the next 2-4 years they
declined. Compounded Annual Growth Rate provides a
more accurate depiction of how the company has fared
financially over the past few years.
d. Annual Net Income Growth Rate: Another good metric

to asses the health of a vendor is to examine the net
income growth, which is essentially the vendors prof-
itability. They could have a decent revenue stream, but
are they profiting enough to sustain themselves? Net
income will give you an idea if the vendor can stand on
its own two feet. These are just some basic ways to under-
stand the health of the company. A healthy company that
invests money back into their product and plans for the
long-term will ultimately result in more product innova-
tions, providing you with services for years to come.
4. Proof of Concepts and Workshops: If you get to a point where

two vendors are equally adept, then it might be time to suggest
a workshop or proof of concept. These are typically 1-2 day
engagements with the vendor whereby you give them a simple
set of requirements, and ask them to implement it on a small
scale. Its like a test-drive of the system on your terms and
using your processes. What makes it powerful is that you can get
a glimpse of how your future relationship with the vendor will
be, and how they work when implementing your solution. These
workshops can be time-consuming (and occasionally a pay-for
exercise), so reserve this for special circumstances.
8 | Build vs. Buy: Best-Practice QMS Solution over Custom Development
Build vs. Buy: Best Practice QMS Solution over

Custom Development
In todays dynamic and demand-driven market, the need to This step is important, because 70% of software costs occur after
implement enterprise technology to keep pace with rapidly evolving implementation. A rigorous lifecycle analysis that realistically esti-
operational, production and compliance environments is key to mates ongoing maintenance incurred by a custom development
success. In recent years, enterprise technology has become more project often tips the balance in favor of buying.
prevalent in its penetration of all operational areas within a business.
It has become so prevalent that it is rare to find a department within 2. Flexibility and the Ability to Adapt to Change: Businesses
an organization that does not have a dedicated enterprise software experience constant and rapid changes. Companies change their
solution to provide some level of support. processes, expand or shrink, and competition drives innovation
to the market. Application developers often hear although we
In the case of Quality, this statement rings true. In recent years, needed that a year ago, its not what we need to run our business
enterprise software solutions have become commonplace in many today. Add in rapidly changing technology and the adaptability
organizations, whether integrated QMS, or Quality Management of a homegrown system becomes an issue, and often a system
modules within larger production systems, even down to simple built in-house becomes obsolete before its complete. A best
point solutions for Document Control or Corrective Action. Recent practice configured application is a production ready application
reports on top software components for organizations show that that can be customized for a unique environment within a rela-
Quality Management is at the top of the list. In many organizations, tively short timeframe.
Quality Management solutions are a strategic priority. As demand
for these solutions grow, so does the vendor landscapemore Furthermore, having the flexibility to adapt to changes is key to
software vendors are providing solutions for Quality and Compliance success in response to changing market conditions. With configu-
Management than ever before. rable solutions, processes can be changed as needed with little to
no additional costs. With custom developed solutions, there is little
When determining the strategy for automating a mission critical room for changeif change is required, it can result in hundreds of
business process like those in QMSs, a Build versus Buy choice development hours and the project overruns can be steep.
remains a key decision. Overwhelmingly, organizations have proven
the decision to Buy provides much greater value and success than 3. Best Practices Experience and Core Business Focus: When
the decision to Build. Here is a Top Five list of things to watch out determining an enterprise solution, it is important to consider
for in a build versus buy scenario. the focus of the organization. How well do the vendors know the
business challenges your organization faces? How well versed in
1. Predictable and Transparent Costs: Developing an enterprise best practices is the vendor, and what is their experience in the
application is no small task, especially when it comes to esti- industry? A vendor who is rooted in these best practices has a
mating the cost of development. When you buy a best-practice broad knowledge base of experience to draw from, whereas a
enterprise solution, you evaluate in advance the features, func- custom development from a vendor outside of the industry will
tions, and capabilities in an existing enterprise environment. A be starting from scratch on how to match your business processes
known cost is attached to a best-practice solution. If you build to the application. This can push the scope of the project out,
a new system with alternative development resources, project simply because the learning curve on processes and terminology
costs and time to deploy may range widely, affecting the success need to be collaborated on. Selecting a vendor with a broad
of the project. background on a specific industry like Quality Management
helps to provide a foundation for building a process that meets
In fact, according to Gartner Research Group, packaged applica- your requirements, with a long-standing knowledge base of
tions with best practices already built in have found favor within experience to draw from.
many enterprises and are now considered viable choices for many
corporate tasks. In fact, corporate edicts have often been established 4. Consider the Project ScopeProven Implementation versus
that preclude even a discussion of the build versus buy process. New Application Development: According to a report by the
Therefore, buying a software package with best practices already Standish Group on more than thousands of software projects,
built in, under all circumstances is the dominant trend. 40% failed completely, and an additional 33% were challenged,
meaning that they completed late, went over budget, or were
When evaluating whether to buy or build, its critical to thoroughly completed with fewer features and functions than originally spec-
understand total costs during the software lifecycletypically 7 or ified. Even more staggering, a recent study by Gartner Research
8 years.
revealed that nearly four in ten major software purchases ended When comparing these two scenarios, we can assign a risk ranking to
up as shelfwaresoftware that was purchased, but never build versus buy, as illustrated in the risk matrix below:
implemented.
The root of all these challenges lies in the ability of the project to
be defined properly. With custom developed solutions, the project
scope encounters obstacles not foreseen at the outset of the project,
and it is extremely difficult to estimate the time and expense asso-
ciated with a major development project. This is primarily due to
development of new features not inherent within an existing appli-
cation or customer developed application, which creates a tendency
to change and modify the scope on the fly. The result, according to
the Standish Group, estimates that 52.7% of all custom application
projects cost 189% of the original estimate provided.
Software vendors with best practices built-in draw on a history

of implementation of similar processes, and have implemented Because a best-practice configured solution requires little to no
hundreds of projects of similar focus and scope. These implemen- development costs and uses a proven method of implementation
tations follow a proven process, and follow a pattern of project to ensure projects are kept on scope, the actual risk associated with
management that delivers the product on-time and within scope. implementing is considered lower than that of a custom-built appli-
cation. This is primarily due to the unknown factors that can occur
5. Return on InvestmentLook for the Hidden Cost of Devel-
in custom development, as well as long-term costs to update and
opment: While many custom-built applications outline a broad
maintain the custom-built system.
scope for a project, without having a best practice approach it is
impossible to determine how long the project will actually take.
Avoid the Dangers of Buythen Build
Vendors that offer a best practice solution are able to leverage
When making the decision of build versus buy, its important to
years of implementation and product development to accurately
determine the level of development required, in either case. While
scope out a project and will not incur the same project overruns
many off the shelf software systems will claim to have the best prac-
custom developed solutions encounter.
tices built out of the box, what is often not determined is any level
Consider the breakdown on build versus buy conducted in a Standish of custom development that may be needed after the software is
Group Report, illustrated in the tables at the bottom of the page. purchased. Often times, purchased solutions will incorporate a
Comparison: Build Versus Buy
framework of best practices within their solution, but in order to

tailor the system to meet your needs, the system must be custom
developed. As a result, the customer is left with a purchased solution
that will need a custom development project added into the
purchase, creating the same challenges with a purely built solution.
Look for systems that have the flexibility to adapt to specific processes
without any need for custom development. These solutions often
enable the administrator (or Power User) to configure all aspects
of the system to meet unique business needs. Configurable systems
such as these completely eliminate any custom development needs,
and provide a truly flexible and adaptable system that embodies the
purpose of a purchased, best-practice solution.
The decision to implement enterprise software is not a simple task.

Software solutions typically represent an investment of 5-7 years,
often up to a decade for many organizations. When weighing the
options of determining software selection, the Build versus Buy
decision is one that will always come up, and requires careful consid-
eration on the path to take for your investment.
While both options have merit, many organizations opt to leverage

the existing best practices implemented within the industry, the
proven track record of success and innovation, and the most flexible
technology that will help them seek returns on their technology
solution. For many, the growing trend lies in purchasing a solution
that provides the most functionality and features, and presents the
lowest total risk to the organization.
11 | Avoid Scope Creep in Enterprise Software Implementation
Avoid Scope Creep in Enterprise Software

Implementation
While many companies focus heavily on the softwares ability to Here are just some quick points to consider when looking at an
meet the business need, very few focus on the vendors ability to implementation project:
implement the software. The responsibility of a software implemen-
tation project is shared between the vendor and the customer. While 1. Get the Requirements Up Front: While this may seem like
the vendor needs to deliver on all those promises they made in the a no-brainer, many companies wont truly know what their
RFP, the customer needs to make sure that their processes are well- requirements are when they start a project. You may have one
defined, and that all the requirements of the solution are outlined or two project managers who swear up and down they know
in detail. Without the roadmap for the solution, the vendor can only the processes, and do not need this exerciseuntil you actually
take a best attempt at meeting the business need. Kind of like get all the stakeholders in a room. At that point, the picture gets
shooting a moving target in the dark, blindfolded and with one hand painted a different shade of what you thought. Many times, the
tied behind the back. stakeholders will trickle in during the project after implemen-
tation has begun, and this is the source of the evil Scope Creep
With all the investment put into selecting a software vendor for your paradox. The more features we want, the more time it will take,
business, it is hard to believe that there is any possibility of failure. and the more time it will take, the less likely the vendor is to
However, recent studies have shown that within a sample set of deliver it on time.
more than 9,000 software rollouts, 71% either failed or were late
and over budget. Even more staggering, a recent study by Gartner By gathering all the stakeholders and clearly defining the project and
Research revealed that nearly four in ten major software purchases its requirements at the start, the actual implementation process will
ended up as shelfwaresoftware that was purchased, but never move much smoother. No one is trickling in and all elements of the
implemented. The root cause of such pitfalls is usually attributed to project are planned and ready to go. This early investment of time in
challenges associated with project management, and the inability the beginning of a project may seem like it would take longer on the
to properly define the requirements to make the implementation outset, but in reality, this up-front investment of time actually speeds
successful. As a result, the end users never really accept the solution, up the project in the long run. Resources are efficiently managed,
and the cost to implement correctly becomes extended. project timelines are met, and this project is delivered on time and
on budget.
Successful projects are the result of the Quality of the solution and
the acceptance of the solution by the end users. As seen in the
diagram below, without proper planning and project definition at
the start of the project, implementation projects can often suffer in
the long-term. Projects without a defined scope will often require
fluctuations in resource levels, and push the project out far beyond
its expected completion.
2. Get a Design Specification: Whether you are implementing

a configurable, out-of-the-box solution or a heavily custom
developed application, getting a design specification is an
important step in the process. A design specification is essentially
12 | Avoid Scope Creep in Enterprise Software Implementation
a simple mock-up, wire frame or depiction of what the final

product is going to look like once implemented. These are typi-
cally done in phases of the implementation, so that each piece
is given its own design specification. Think of it like building a
house. You would want to see the floor plan before they start
laying the foundation, and building up the rooms. You want to
make sure the bathroom is in the right place, the kitchen, and
so forth. Same goes for the software solutionmaking sure the
forms look right, the fields and keywords match your ideas, and
are in the right place are very important.
At this point, with the requirements gathered and design specifi-

cations in place and approved, then the real implementation can
begin. Whether configuration or coding, most implementations
will vary, but ultimately the goals are similar. This is to deliver the
finished product according to the information provided in the first
two points. Ensuring the finished product matches your require-
ments exactly is important, which is covered in the next point.
3. UATUser Acceptance Testing: Its important to always

include the end users in the processthey are after all, the day
to day users of the system. Their acceptance of the system will
ultimately determine whether the new solution is truly a success
or not. The UAT phase of the process is like the test drive of
the new sports carmaking sure that the seats are comfortable,
the engine is tuned, and the wheels wont fall off. Just the same
in the software worldmove around through the workflows
and forms, push the performance, and make sure the proverbial
wheels stay on. This is usually done by the companys project
team, but many like to take a few of their end users and let them
comment on the system. This is a good practice to get the word
on the street for those daily users.
The theory behind using this project management/requirements

first approach to implementation is that during UAT, only minor
problems are tweaked. The last thing either party wants is a major
technical flaw this late in the game.
Investment in software shouldnt fall victim to a poor implemen-

tation. Not only does it leave a bitter taste in the mouths of the
project team, but the software investment becomes diluted and
could end up as shelfware. Ensuring the project requirements are
gathered at the start, the design is approved before implementing
and testing on the backend will help to make sure the project is
completed within scope and within budget.
13 | ROI: Assessing Value in a Quality and EHS Management System
ROI: Assessing Value in a Quality and EHS

Management System
Everyone seeks out value. Whether youre a coupon clipper, a sale
shopper, or a garage sale stalker, people look to get some sort of
value out of their buying experience. And if the product is purchased
at retail, you look for ways to get the most out of the product you
purchased.
The software sale is no different, and potential customers are looking

for ways to demonstrate a viable Return on Investment (ROI). Lets
dispel any misconceptions firstsoftware is not just a tool, its an
investment. Quality and Environmental Health and Safety (EHS)
management solutions require upfront costs, and upfront effort to
get it up and running, and the returns only come after youve put
financial investment into the product and financial investment into
the implementation. The key is how quickly you expect to see a
return.
In this market, ROI needs to happen quickly. We have entered a time

immediate value. The CIO will look at their infrastructure and say,
when IT departments are cutting budgets and looking for ways to
can my too-big-to-fail systems handle the processes we need, and if
consolidate and integrate business systems. As such, IT is looking
not, what systems can we put in place that will integrate with these
for ways to cut systems that are draining resources, protect budgets
systems and provide me with quick ROI? QMS and EHS are prime
for larger-scale implementations, and seek out solutions that are
examples of systems to accomplish this goal. Heres what these
low-cost alternatives. The Chief Information Officer (CIO) is looking
systems offer:
for ways to demonstrate immediate ROI on projects, to the tune of
seeing returns within a Quarter. This need has had an effect on the 1. Workflow and Business Process Automation: Look for a
Software Middle-Classthose systems that are high-cost with system that has the flexible workflow to not only accomplish the
long timelines to ROI. You have three real scenarios in this IT solution task of Quality and Health and Safety, but to also provide value
model: in all business process initiatives. Can the system be configured
to do more for the organization? Leading systems integrate
1. The Too Big To Fail: These are the long-term, high budget
PLM, SCM features into Quality, and add Sustainability to EHS
projects that are simply too big to abandon or too critical to the
that the software middle-class once handled; this provides addi-
business to scale back. SAP is a prime examplethe solution
tional value to the system and makes it a lower-cost alternative
touches so many parts of the business, and has so much stake in
to these middle-class systems.
the success of IT, that it will never be scaled or abandoned.
2. Integration Capabilities: Again, the CIO will ask whether the
2. The Software Middle-Class: These are specialized solutions
big project systems like SAP can handle the process, and if it
that serve a singular need (or the needs of a few), but come at
cant, then can it be integrated with these QMS and EHS systems.
a high-price of entry, and no definable ROI in the near future.
Look for solid and certified integration points that will enhance
These are solutions that end up on the chopping block with
your too-big-to-fail systems. Leading QMS and EHS systems
people looking for lower cost alternatives.
offer various levels of integrationenough to fill the gaps that
3. The Low Entry, High Return: These are specialized solutions are necessary to round out the infrastructure.
that have carved out their niche in a particular function, and have
3. Provide Immediate Value: When looking at these systems, take
certain out-of-the-box qualities that make the product have a
time to realize the ROI is critical. The nature of QMS and EHS
low entry cost, but due to the configurable nature and flexibility,
systems is in their configurabilitythey are inherently built to
can yield a faster ROI than their middle class cousins.
be configured quickly and adapt to changing processes with
So, what does this mean for Quality and EHS solutions? Well, it means little to no programming or custom development. This enables
that companies are looking for more value from their systems; QMS them to provide value within a short span of time, usually within
and EHS solutions are expected to do more and provide more a Quarter.
14 | ROI: Assessing Value in a Quality and EHS Management System
4. Demonstrate Definable ROI: This one is trickyhow do you

define ROI? Many companies look for quantifiable ROI, but often
have no baseline to compare it to. As many organizations are
not tracking ROI metrics on a particular software solution, they
seek ways to determine how much value a system like Quality
Management or EHS Management will provide. Here are just
some sample cases where ROI is provided on QMS and EHS
systems:
a. Time Savings: One area is in saving time over manual or

cumbersome processes. The nature of workflow-based
automated Quality and EHS is that it reduces the cycle
time to complete otherwise manual process. One organi-
zation had a Quality Control process that took upwards of
45 days to complete a cycle in a manual process. This was
due to diverse locations and compiling data from various
sources. Using automated solutions, the QC process was
reduced from 45 days to a single day. While not immedi-
ately quantifiable, the time savings is staggering.
b. Systems Consolidation: Creating a centralized resource

for Quality and Safety is important to demonstrate value.
Another company had a diverse portfolio of business
systems managing their processes, which would grow
over time as new divisions adopted business processes. At
its high point, they had over 700 business systems driving
processes, with various levels of complexity. Using a single,
holistic solution, they were able to reduce the number of
systems from 700 to a single system. This alone saves time
and money in maintenance, but also provides a more effi-
cient method of tracking Quality and Safety.
c. Administrative Overhead: Manual or cumbersome

processes take up resources. Whether this is in man-
hours, administration time, or physical bodies, this is time
spent on the system, rather than the business. One such
example came when an organization purchased a system
to manage Audits. The system enabled them to automat-
ically schedule audits versus manually scheduling them.
This reduction in time and overhead resulted in a resource
savings equal to 5 full-time employees. These employees
are now freed up to do work more relevant to the business,
and not on scheduling.
So, ROI is all in how you perceive value in the system. Look for a
solution that not only is able to provide value in a short period of
time, but demonstrates the value in a way that you can relate to
your organization. The above are just specific examples. You would
need to use these as a base, but will have to determine your own
metrics based on your unique business needs. The take-away is that
ROI comes in all shapes and sizes, and not only do leading QMS and
EHS system provide the low-entry, high value mix, but are prime
examples of gaining ROI in a short period of time.
15 | The Importance of Risk in the Complex Quality Lifecycle
The Importance of Risk in the Complex

Quality Lifecycle
Manufacturing industries have matured over the years, customer In reality, ERM follows a path no different than the more granular
demand increases, and the complexity of the products also increases. departmental levels:
So we now have a complex product lifecycle that needs to move
faster to keep up with demandmanufacturers must keep pace
with the demand, while ensuring Quality of the product at every
step. The faster we move, the harder it becomes to correct adverse
events, and prevent Quality issues in the same way were used to.
We need a measure to help us search out the most critical issues and
address the Quality issues that matter most. Risk Management is of
growing importance in Quality for this very reason.
Lets look at some of the areas risk plays in the Quality lifecycle:
1. Risk in Design: Incorporating risk in design is a critical, but a. Risk Identification: Simply put, look for the potential
sometimes overlooked component in the Quality lifecycle. Tradi- risks. Whether at a low-level or high-level, you need to
tionally speaking, Quality has always been reactive in nature figure out where your risks arise. This can be from adverse
events happen and we need to correct them. However, if we events, hazard analysis, departmental surveys, and similar
can work towards mitigating risk during earlier stages in the areas.
product lifecycle, such as in design, then we can mitigate the
risk of these in-field failures. Tools like Failure Modes and Effects b. Risk Assessment: Once youve identified the risk, you
Analysis (FMEA) or simple Hazard Analysis provide the ability need to determine how severe it is. Is this risk high, low,
to break down a design into core components and assess the or negligible? Assessment seeks to categorize (and poten-
risk of failure. By calculating the risk before the product is even tially prioritize) our risk.
built, you can take steps to mitigate that risk in a more proactive c. Risk Review: New risks within an organization need to
way. Even for known risks, you can better prepare your team for be reviewed. Risks cannot automatically be assigned an
potential post-market events, and handle them more efficiently. actionoften you need a team to review the risk ranking,
determine the next steps, and so forth.
2. Risk in Process: Corrective Actions are an issue in many orga-
nizations. You would think that a system designed to efficiently d. Risk Mitigation: We now ask the question, how do we
correct a problem wouldnt be a problem itselfbut it can be, fix this? Risk Mitigation relies on taking steps to correct
especially if every event becomes a Corrective Action. Too many the events, and ultimately reduce their risk to acceptable
Corrective Actions can shift the focus on what is most overdue, levels. Corrective Actions help to create a plan for investi-
versus what is most critical. By incorporating risk into the process gating and correcting systemic issues, and reduce the risk
of adverse events, you can filter the critical and non-critical of recurrence.
events, ensuring that the highest risk events make it to the top
e. Risk Reporting: The last step is sometimes overlooked,
of the list. Less critical events can even be handled immedi-
but critically important. Reporting not only creates visi-
atelyQuality systems do not specifically state that every event
bility into top risks, but it also lets you trend out potential
become a Corrective Action. Using risk will help to streamline the
areas of improvement. Reporting lets you see how one
system in this fashion.
areas risks overlaps with another areas risks.
3. Enterprise Risk Management: Risk mitigation is everywhere. If As industries move faster and product lifecycles shorten, you need
you think of an umbrella, the spines that make up the umbrella to benchmark Quality not only as a corrective measure, but in a
are the various risk areas (risk in design, risk in process, safety proactive, preventive way. Incorporating risk into the product life-
risks, human factors, governance, etc.). The umbrella as a whole cycle will help to identify, mitigate, and prevent potential risks along
is Enterprise Risk Management (ERM). ERM seeks to combine risk the way.
elements from all over the organization and take action based
on those elements in broad strategic level. You need to identify potential risks, assess the dangers, take steps to
correct your path to mitigate the risk, and continue on. The faster
you go, the more risk mitigation plays into the equation.
16 | Risk Assessment: Creating a Risk Matrix
Risk Assessment: Creating a Risk Matrix

In this day and age, risk is the biggest buzzword in the compliance You can see that we have a Low-Risk or Generally Acceptable Risk
industry. Weve talked about it, you cant go anywhere without hearing zone, and a High-Risk or Generally Unacceptable Risk zone, but what
about it, and everyones got a risk-based solution. I think the primary about the middle? Theres a gray area of subjectivity here. How do
reason why we focus on Risk Assessment and Risk Management, is companies determine this gray area?
because in business, we need to quantify our actions. We can no
longer rely purely on gut instinct to execute on events, whether
Quality, Financial, Social, or similar areas. The world moves too fast,
and one misstep can make or break your business. Risk provides the
objective metric to help the decision-making process. But, you need
to know how to use risk.
How do you define risk? Its not as easy as you may think. Companies
spend plenty of time and money coming up with a scheme on how to
calculate risk for their organization. Risk is defined as the systematic
application of policies, procedures, and practices to the tasks of
analyzing, evaluating, and controlling risk. All this really means is
that we put tools in place to help us look for risks, assess those risks,
and then take action on the risk. The trick here is finding the risk, isnt
it? How do we find the risk?
The components of risk usually manifest themselves in two forms: This is not always an easy answer. Some companies have to weigh
hazards or harms. Hazards represent the potential source of a harmful the costs versus benefits on these risks, without creating a dispro-
event (the cause). Harms are the resulting damages to products, portionate cost to risk (Example: spending $1M to prevent a blister
persons, or the environment (the effect). Risk is essentially cause and is disproportionate; spending $1M to prevent a fatality is propor-
effect on a defined scale. Its the scale in which most struggle. tionate). Companies will carefully vet these zone, and typically adopt
a concept called ALARP (As Low as Reasonably Practicable). Simply
Usually, when trying to quantify hazards and harms, most organi-
put, this means that the risk is as low as we can possibly get it, or its
zations look at two metrics: Severity and Frequency (or likelihood).
Tolerable or Undesirablebut it isnt critical or catastrophic. So
Taking these metrics into account, we can develop a scale in which
then, with the ALARP in place, you have a risk matrix:
to measure hazards and their harms. This can be numeric (scale of
1-5), verbal (excellent to poor) or both. If you were to graph these
scales, you would come up with a numerical matrix, one that high-
lights the risk zones by their multiplied number on the axis, much
like this one below:
Now you can go off and start using it, right? Well...you need to vet
the matrixput it through real-world historical examples and see
if the risk matrix comes up with the correct risk based on historical
events. You may need to tweak the matrix based on the vetting
17 | Risk Assessment: Creating a Risk Matrix
process. Hard mathematics will not properly assess the risk without 1. Not every event needs to be a CAPA: Yes, its trueif you can
a little real-world honing. Once youve fine-tuned the matrix, you can immediately correct an event, then correct it. Not every event
start utilizing it in your Compliance system. needs to be opened up as a Corrective Action, only those that are
systemic issues and pose a critical impact on the business.
Risk Assessments and risk matrices are wonderful tools to help guide
decision-making in an organization, but they are not meant to be 2. Use Risk to filter events: So if not every event needs to be a
stand-alone tools. They help to provide a guide for Risk Assessment, CAPA, then how do we figure out the bad the from not-so-bad?
using quantitative and repeatable metrics to ensure a consistent You need a way to filter these events, and you need to do it in a
method of determining risk. Most best-in-class organizations will repeatable, systematic method. Risk Assessment is a great way
assemble a risk team to go over adverse events and determine the to do this. Risk matrices will help your team make the determi-
risk. Its up to the team to decide how an event will be handled, and nation as to the criticality of an event. The higher the risk, the
what the true risk is. Risk matrices are the keys to unlocking quan- more likely we would like to take Corrective Action.
titative risk-based processes, but the people are the drivers of the
system. 3. Do a CAPA on your CAPA System: Sometimes even a good
CAPA process needs a little updating. Make sure to continually
The next question becomes, How do I incorporate Risk into my audit the CAPA process, and if the process is not efficient enough,
Quality Management System? More specifically, how can Risk ease then it may be time to do a CAPA to correct any potential bottle-
the bottlenecks in an organizations Corrective Action process? necks or problems within. Like any good process, a little mainte-
nance and trimming is always healthy.
Too often, when adverse events enter an organizations Quality
system, people are quick to open up a Corrective and Preventive 4. Use Risk to Ensure Effectiveness: For an action to be truly
Action (CAPA). No matter what the adverse event, its severity or corrective to the process, it must be effective, otherwise youre
impact, a CAPA is opened up. Having a CAPA system in place is an back to square one. Much like risk can be used to filter adverse
extremely valuable (and essential) part of a good QMS. However, events, risk can also be used to ensure effectiveness of a CAPA.
if everything becomes a CAPA, then you create a bottleneck. Risk helps to ensure that not only is the CAPA effective, but
Employees are so focused on working on their CAPAs, they forget to its within the risk limits of your organizations compliance
do anything else. standards.
What you end up with is thishundreds of CAPAs, without really CAPA is an effective and essential tool but, like many processes, can
knowing which CAPAs are critical to the business and which have be blocked up if you are too reactive to events. In order to streamline
less impact. It becomes the needle in the haystack conundrum your CAPA process, it is important to look at adverse events and filter
finding the critical adverse events can prove difficult if you dont them to properly determine how critical they are.
have a way of finding them. I once asked a Quality Manager how he
handles CAPAswhat his metric was. We handle the most overdue
first, was his reply, and he went on to say that if it isnt critical and is
at the bottom of the pile, then they dont get to it in time. That said,
there is a better way.
18 | Three Keys to Global Harmonization in Quality: Learning to Share
Three Keys to Global Harmonization in Quality:

Learning to Share
Each site within the organization, operating under their own QMS, 3. Get a Strong Project Team to Work Out the Details: Tech-
are happy to have their specific processes just the way they like nology is only as effective as the team that is implementing it.
them. Then someone comes along and says, were going to stan- Harmonization, by definition, is a group operating in the same
dardize on a single platform. There are inherent challenges to directionthe team must be able to work together to get the
harmonizing a solution, especially Quality Management. However, business requirements to building a standardized solution.
with the right tools, harmonization can actually enable a single stan- This involves looking at the stakeholders of the system (at the
dardized environment, while at the same time sustaining each sites corporate level and the site level), the inputs required across the
unique business processes. Below are a few key considerations when enterprise, the processes that govern the system, the desired
harmonizing your QMS: outputs that the team expects to see, and how the results will be
measured and managed. This methodology will spit out a set of
1. Ask, How can we all be Common, but Keep our Processes requirements which, if done properly, will create a framework for
and Data Unique?: Perhaps the biggest challenge leading into a harmonized system. But each team member must contribute
a harmonization/standardization initiative is convincing the site- and commit to the cause. When starting the journey towards
level managers to adopt the system. Many times, each site will harmonization, there will be bumps along the way. Not all
want to keep their specific processes in fear that a harmonization processes will fit together, and there will need to be compro-
may compromise their unique way of doing business. When mises. It is important that the project team stay focused on the
harmonizing a system, traditional methods would warrant that ultimate goalthe stronger the team, the better the end result
all sites need to adopt the corporate standard, and fit into the will be.
mold that is set in front of them. With todays advances in tech-
nology, its now possible to be common on a corporate level, A strong team builds innovation and the technology drives it. The
while maintaining the unique processes associated with each combination of these two elements will then answer the question,
site. The key lies in the technology. how can we all be common, but keep our processes and data
unique?
2. The Technology Platform Needs to Support Harmonization:
Technology is constantly evolving, and each new advancement
brings business systems closer together. For harmonization
projects to be successful, the software solution needs to be
flexible enough to adapt to the concept of having multiple
processes operating on a corporate standard. Leading edge QMS
Solutions are able to have site-level processes layered on top of a
corporate backboneeach site is able to retain the specific data
points that are pertinent to them, while keeping in line with the
standardized, corporate process. This allows the enterprise to be
common and unique at the same time.
19 | Is Quality Dying a Slow Death, or Evolving Beyond Definition?
Is Quality Dying a Slow Death, or Evolving Beyond

Definition?
Is Quality as we know it a dying concept, or is it evolving? b. Corporate Social Responsibility: Whether Human
Resources, or social responsibility, the concepts of
There are those who crave the old days of Deming and Juran, and improvement, controls, and processes are touching
those who see their multiple Quality certifications as a badge of Quality.
honor, and those who will define them as a Quality practitioner.
These are the folks who hold on dearly to the concept that Quality c. Product Design and Development: Tell an Engineer
is reserved for the few practitioners who are meant to police the hes a part of Quality, and he may look at you funny, but
Quality operationsa single point of contact for all of Quality. Quality by Design is a key component of improving overall
product Quality, and they are Quality users as well.
These are those who fear Quality is dying.
d. Governance, Risk, Compliance: Methods in this sector
There are those in this market who recognize we are in a world of are continually borrowing from Quality, and while the
change, and Quality is no longer defined within the narrow box terms may change, the goals are similar.
we have always placed it in. These are the people who believe that
Quality is undergoing an evolution, one that will not eliminate the e. Other Processes: IT, Supply Chain and more areas are all
concept of Quality, but expand it to the enterprise. Quality involved.
In this evolutionary model, what is the view of Quality? Well, Quality 3. The Consumers of Quality: Quality is not just in practice. There
means different things to many people. In fact, Quality can be are many in the organization that consume the results of Quality
considered such a broad scope, that it may defy definition. However, and use Quality data to make decisions. C-Levels within an orga-
the challenge is that Quality is defined differently throughout the nization are a perfect example. While not considered a part of
enterprise, and the key to recognizing what Quality is depends on the Quality machine, improving overall Quality as it affects the
who is defining it. Here are some of the segmentation of who Quality bottom line is of critical importance. Without consuming the
touches in the enterprise: critical Quality related data from the above areas, decisions are
made much more difficult.
1. In the Box Quality: QC, QA and the like are what you would
call in the box Quality. Simply put, its the folks who have So, what is the future of Quality? Well, it needs to expand the vision
Quality in their title, and live and breathe the practices that have to encompass these groups and escape the narrow definitions of
been perfected over 60 years. the past. We need to be able to incorporate the Quality practices
and translate them into the vernacular of these involved areas, and
2. The Quality Involved: There are many areas within the organi- demonstrate that Quality goes beyond a single department. Quality
zation that dont consider themselves to be Quality professionals, is everyones problem, and by creating a holistic vision of Quality, all
but whether they like it or not, they are involved in Quality in areas begin to converge and recognize their role in Quality.
some way or form. I am speaking of those disciplines, that while
not directly related to Quality, utilize the Quality methods and This recognition is the first step to the evolution of Quality, taking
processes that exist in their Quality department. These are: the concept to new heights and shaping the future of how organiza-
tions view Quality.
a. EHS: Processes and practices in EHS have incredible simi-
larities to Quality. Simply looking at the ISO standards for
Environmental and Health and Safety will demonstrate
how similar ISO 9000 aligns.
20 | What Star Wars Can Learn from Quality Management Software
What Star Wars Can Learn from Quality

Management Software
Then how did a small droid like R2-D2 plug into the
network and download the Death Star plans like it was
a space walk in the park? My guess is that The Empire, in
all its glory, was using a file system to store documents.
If The Empire would have used a Document Control
system like those in a QMS, access to these specifi-
cally sensitive documents would have been limited to
those who had the proper access rights. Furthermore,
document control can limit the details of certain fields
within the data, so that no sensitive data is accessed.
2. Employee Training System: Without proper

employee training, then many organizations run the
risk of Quality incidents, Safety incidents, and other
risks to the business. It appears to me that The Empire
was not tracking training in a centralized system. If they
were, then they would have been able to see that nearly
80% of the Stormtroopers in The Empire couldnt hit a
What if The Empire had implemented a QMS on the Death Star?
target with a blaster if their lives depended on it (and it often did).
Heres what would have helped The Empire in their endeavor to rule
Or maybe they would have uncovered the fact that their patrol
the galaxy if they only had put Quality Management as a strategic
procedures clearly missed security breachesLike 80 year old
initiative.
Jedis skulking around the tractor beam. Proper training systems
Project Management: From the time that the Death Star plan enable managers to see visibility into not only who is trained, but
was conceived, it took The Empire almost 20 years to complete it. also how well they are trained and whether actions need to be
A project this large requires multiple roles involved and delegation taken to update training records for poor performance.
of activities. The Death Star project management team consisted
3. Supplier Management and Supplier Rating: Lets face itThe
of three key peopleGrand Moff Tarkin, Darth Vader, and Emperor
Empire had to have contracted out to build this Death Star. All
Palpatine. These are not the more flexible managers, and are not
the components that go into building a finished product rely on
above taking employee errors or missed deadlines with the aid of a
suppliers and contractors to help complete the process. When
lightsaber, force lightning or a death ray.
watching the movie, we know that the Rebels found a weakness
Perhaps if The Empire implemented a Quality-based Project in the design of the Death Star (thanks to the weak Document
Management System, they would be able to clearly define the roles Management System). If The Empire would have had a real-time
involved in the project, assign tasks to those roles, and manage the inspection and rating system, they would have been able to
project from an aggregate level. Workflows keep the project deliver- inspect that access port, and send out a Corrective Action to the
ables on track, and perhaps this level of visibility would enable them knuckleheads who thought putting a direct access to the Death
to maintain control, without having to resort to the Dark Side as their Star core was a good idea.
only means of clairvoyance.
4. Nonconformance, Audits and Corrective and Preventive
1. Document Management: Lets be honesteven The Empire Action: Lets stay on this, then. Obviously, we know that the
couldve used a strong Document Management System. Death Star had a defect. It was only in the final hour did The
Given the sheer size of the Death Star with the thousands of Empire realize the danger, and by that point it was too late. If
employees that worked there, there would have been tens they had a Quality system in place, they would have found this
of thousands of records that would need to be controlled flaw, whether through regular space Audits (or at the very least
work instructions, job descriptions, procedures, floor plans, and an Audit through tremors in the Force), or a Nonconformance
the like. You would think that with this technological terror when the defect was installed, and issued a Corrective Action to
The Empire constructed, there would be a secure Document fix the problem. Clearly, Quality took a backseat to their overcon-
Management System in place. fidence, and ultimately resulting in, wellyou know the rest.
21 | What Star Wars Can Learn from Quality Management Software
5. Management Review and Reporting: As I said before, the perhaps weighed the severity and likelihood of the risks asso-
primary project managers used fear as their primary moti- ciated with their actions, perhaps we would have seen a different
vator, and seldom relied on the data to help them with Quality. outcome of the story. Risk Assessment, especially in a QMS, allows
In the movie, you see the officers of the Death Star sitting in a managers to filter out critical events, and make better decisions
conference room, and not one of them produced a reportif on how to handle them, and then ultimately mitigate the risk of
they had a robust reporting system that collected Quality data recurrence.
from all areas of the Death Star, and rolled this data up to help
determine the top risks and top Quality issues, then maybe that Of course, we know that if The Empire followed these rules of Quality
meeting would have gone differently. Perhaps if that poor guy Management, we wouldnt have had the story that makes Star Wars
had shown Darth Vader his latest Quality Report, he wouldnt so great. But it is sometimes fun to imagine, What if? and see
have gotten the old force choke from the Dark Lord of The Sith. how life would have been if instead of Darth Vader, we had Darth
Having a top-level reporting system that presents the Quality Deming.
system challenges in a single view might have mitigated their
risks.
6. Risk Assessment: I think that perhaps The Empire took many

risks when going about this whole Death Star thing. Did Tarkin
assess the risk of testing the Death Star on Leias home world?
Did Darth Vader assess the risk of letting the Rebels escape with
the Death Star plans? Did they assess the risk when they under-
estimated the rebels chances of destroying the Death Star? In
any system, its important to incorporate risk into the processes,
whether Quality or similar system. If The Empire would have
www.etq.com 800.354.4476
info@etq.com 516.293.0949

Essential Guide To Q Ms

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Essential Guide To Q Ms

Загружено:

Авторское право:

Доступные форматы

Selecting, Implementing,

and Using QMS Software

Introduction: Why do We need QMS?

Getting Started on Your Journey

Tips for Implementation Success

Best Practices for QMS Solutions

Final Thoughts: Fun Takes on QMS Software

Getting on the Quality Management Software

Consider the following examples of Return on Investment (ROI):

1. Case: One Life Sciences consumer goods company was using

2. Case: A Blood Services organization had a manual Quality

Scalability: Cant We All Get Along?

8 Simple Rules for Selecting a Quality Management

Look Under the Surface:

b. Ask for a Debt to Equity Ratio: This is a great way to see

c. Annual Growth Rate: Average growth percentages over

d. Annual Net Income Growth Rate: Another good metric

4. Proof of Concepts and Workshops: If you get to a point where

Build vs. Buy: Best Practice QMS Solution over

Software vendors with best practices built-in draw on a history

Comparison: Build Versus Buy

framework of best practices within their solution, but in order to

The decision to implement enterprise software is not a simple task.

While both options have merit, many organizations opt to leverage

Avoid Scope Creep in Enterprise Software

2. Get a Design Specification: Whether you are implementing

a simple mock-up, wire frame or depiction of what the final

At this point, with the requirements gathered and design specifi-

3. UATUser Acceptance Testing: Its important to always

The theory behind using this project management/requirements

Investment in software shouldnt fall victim to a poor implemen-

ROI: Assessing Value in a Quality and EHS

The software sale is no different, and potential customers are looking

In this market, ROI needs to happen quickly. We have entered a time

4. Demonstrate Definable ROI: This one is trickyhow do you

a. Time Savings: One area is in saving time over manual or

b. Systems Consolidation: Creating a centralized resource

c. Administrative Overhead: Manual or cumbersome

The Importance of Risk in the Complex

Risk Assessment: Creating a Risk Matrix

Three Keys to Global Harmonization in Quality:

Is Quality Dying a Slow Death, or Evolving Beyond

What Star Wars Can Learn from Quality

2. Employee Training System: Without proper

6. Risk Assessment: I think that perhaps The Empire took many

Вам также может понравиться