Authors Posts by

ISO Update is an independent website that aims to provide information, resources, and updates around the Standards and Certification industry. We believe that organizational standards can help businesses of all shapes and sizes become more efficient and successful on a local, federal, or global scale.

0 2373
Risk Management in Your Organization -

Risk Management (RM) is the process of identifying, quantifying, evaluating and managing the exposure to all kinds of dangers, damages or losses faced by an organization in pursuit of its objectives. Part of Risk Management is to coordinate, assign resources and take the appropriate measure to reduce, minimize, monitor, and control the probability and/or impact of unfortunate events, or to maximize the benefits of an investment or an action.

Assessing Threats and Opportunities

We are all exposed to threats and opportunities that can either prevent us from achieving a specific goal or, in the case of opportunities, help us meet them in an effective way. Assessing, managing and mitigating losses is a process carried out by every organization whether they are conscious about it or not. However, this process is not always carried out in the best possible way. In order to effectively manage risk, it is essential for this process to be systematic, transparent and credible.

In order to effectively manage risk, it is essential for this process to be systematic, transparent and credible.

Risk Management

Risk Management considers the identification of two types of events: negative events which are classified as risks and positive events which are classified as opportunities. This process involves the following actions:

  • Understanding of the current situation (the context of the organization).
  • Identify the types of risk and opportunities an organization is exposed to.
  • Measure the potential risks/opportunities in terms of likelihood and magnitude of impact.
  • Define actions to respond in order to avoid or minimize damage or maximize the benefits of opportunities.
  • Monitor the progress of the actions.


Risk Management also involves having a plan in place in order to get things back to normal as quickly as possible if something bad does occur.

The benefits that a successful risk management may bring to an organization include:

  • Compliance to legal requirements or other requirements.
  • Assurance and enhanced decision-making.
  • Improve the efficiency of an organization’s processes.
  • Increases the effectiveness of actions taken within a project.
  • Efficacy of the strategy of an organization.

Risks affecting organizations can have consequences in terms of economic performance and professional reputation, as well as environmental, safety and societal outcomes.

Managing risk effectively helps organizations perform well in an uncertain environment and not giving due importance to risk can result in severe consequences for organizations as well as individuals.


There are many standards and regulations that address Risk Management, some of these are:

  • ISO 31000:2009, Risk management – Principles and guidelines.
  • ISO 14971:2000 Medical devices — Application of risk
  • Management to medical devices
  • ISO 17776:2000 Petroleum and natural gas industries — Offshore production installation — Guidelines on tools and techniques for hazard identification and risk assessment
  • CSA Q 850:1997 Risk Management Guidelines for Decision Makers
  • JIS Q 2001:2001 Guidelines for development and implementation of risk management system

0 1883
How Does ISO 45001 Differ to OHSAS 18001? -

The new ISO 45001 standard has been published and supersede OHSAS 18001. It is a truly international standard as scores of countries will agree to it.

Note: Companies already certified to OHSAS 18001 will have 3 years’ to become certified to the new standard.

The new standard applies the ISO High Level Structure and is compatible with ISO 9001:2015 and ISO 14001:2015 thus easily integrated with these management systems and give more value to the organizations.

What are the Differences Between ISO 45001 and OHSAS 18001?

Context of Organization

Companies will have to define the Context of their Organizations, meaning the External and Internal Issues in the environment in which they operate. The Context will have to be systematically determined and monitored.

The organization shall have to look the conditions affecting the operations such as regulations, stakeholders and governance. They have to understand the drivers of their organizational culture.

Needs and Expectations of Workers

The Needs and Expectations of Workers and other Interested Parties such as Shareholders, Customers and Board Members have to be defined. From this step the requirements and deliverables of the Management System will be further developed.

Risks and Opportunities

Organizations will be required to determine the Risks and Opportunities that may impact its ability to deliver planned results which shall include enhancement of health and safety of employees during the job. Legal and other requirements have also got to be identified and considered.


There is increased emphasis on the Leadership of the company to become engaged in and be responsible for the management system to be more effective.

Objectives and Performance Reviews

There is an increased focus on the Objectives determined by the organization as improvement drivers and their achievement shall be evaluated during Performance Review. The Objectives should support the Policy and shall be considered within the available resources. The responsibility for achieving Objectives, the time frame and measures to establish progress has to be decided and should evaluate whether Objectives have been achieved. Documented information has to be retained about objectives and plans to achieve them.

Communication Requirements

Communications requirements have been enhanced in terms of defining the objective of communication and if it was effective in addition to Who, What and When it should take place.

Removal of Preventive Action

Preventive Action has been removed from Corrective and Preventive Actions. The Preventive Actions are now undertaken in the Risk Management Processes while determining the risks and opportunities and ways to reduce or eliminate risks and undertake opportunities.

Health and Safety

It also allows the participation and consultation of workers to a higher degree in the Health and Safety Management System.

The new standard has requirements for taking care of and monitoring the health and safety of workers in the Contractor’s organizations and in Outsourced Processes and during Procurement Processes.

Risk Control

For the reduction of OH&S risks and eliminating Hazards the new standard specifies hierarchy of controls in an order of preference with reference to risk management. Hazards and risk controls are required to be planned in the operational controls. The standard introduces requirements for management of planned changes in operations such as working conditions, work force, equipment as well as changes in risks and known hazards.

Implementation of the new ISO/FDIS 45001 standard will result on overall better Health and Safety of Workers and reduced accidents.

Learn more about ISO 45001 Standard

Read more about Monitoring and Measurement in ISO 45001

0 3385
Tips and Tricks for ISO 9001 -

Ready to implement ISO 9001 in your organization? Here are some ISO 9001 tips that will help make the process easier, and tricks to the process to be aware of and prepare for.

Tip: Implement ISO 9001 for the Right Reason

When implementing a quality management system (QMS) for ISO 9001, management should be clear about the purpose of the QMS. If the only driver is to get on customers’ tender lists or because a competitor has already got one, it’s highly likely that the QMS will remain a set of documents for certification purposes only.

Management should aim for a QMS that will help the organization produce quality products or services, continuously improve its process, and provide confidence to customers that the organization is capable of meeting their requirements all the time.

Tip: Motivate your Workforce

In order for organizations to achieve a desired level of quality, people need to get involved. People are the essence of organizations and their full involvement is essential to implement and maintain ISO 9001.

Employees can be motivated by:

  • Ensuring that everyone knows and understands the organization’s quality policy;
  • Defining and communicating responsibilities and authorities within the organization;
  • Building the competence of employees;
  • Providing adequate infrastructure and work environment;
  • Initiating improvements, e.g. by implementing employees’ suggestions.

Trick: Only Hire a Consultant if…

If an organization’s staff does not have the time or skills to develop the QMS by themselves, a good consultant will make possible a speedy transfer of knowledge and skills. If the staff does have the time, there are enough published materials available from the web that will help staff obtain the necessary skills to develop the QMS.

Tip: Take the Necessary Time

All too often organizations are in a hurry to obtain certification and do not spend the time needed to implement the system effectively. Before applying for certification, your QMS needs to be in place and its effectiveness checked through an internal audit, followed by corrective actions on audit findings.

Trick: Define SMART Objectives

Many organizations set quality objectives that are impossible to meet. Objectives need to be specific and relevant to the process or task to which they are being applied. They also need to be measurable and achievable within the resources that can be made available in a realistic and timely manner. It’s helpful to have a start and completion date.

Tip: Go Easy with the Paperwork

Many believe that everything in the system needs to be elaborately documented. ISO 9001 only requires one quality manual, six procedures, and approximately 20 records.

Often, organizations are better off sticking to what is required and keeping those documents simple; additional procedures and records should be considered only if they add value to the system.

Tip: Set the Example

Some employees may find it difficult to change their ways of doing and may have a tendency to deviate from defined procedures. To change this, top management should ‘walk the talk’, i.e., should not allow deviations from set procedures or permit the release of materials with deviations.

Under such an approach, employees will start respecting system requirements and everyone will take account of their responsibilities for the success of the QMS.

Learn more about ISO 9001 and how to engage top-level management to ensure the success of your QMS.

0 596

ISO 45001 is the first International Standard for occupational health and safety written by ISO. Formerly OHSAS 18001; ISO 45001 was published in March 2018 and encompasses work safety in Global supply chains that are effectively and accurately improved through the set of processes. You might be wondering, “Do I need ISO 45001 Certification?”

You might consider the need of an effective organizational health and safety management system vital for your companies growing success. But, is certification worth your effort?

Who needs and will benefit from ISO 45001?

Does your small business need ISO 45001?

The key feature of ISO 45001 is that no matter what size is the organization, it is designed to aid all. The aim of ISO 45001 is to reduce workplace injuries and illnesses globally, and companies of all sizes can benefit from the proactive approach outlined in ISO 45001.

Does demonstrating that your company is fully compliant matter to you?

ISO management systems are designed to aid organizations in creating and enforcing best practice. However, in order to endorse complete compliance and demonstrate impeccable reliability to the external parties, Certification is an absolute must. Simply following the standard is not enough to prove to external parties you are compliant, you must maintain active certification. ISO 45001 certification will allow other parties to trust you on acting upon the best practices of health and safety at workplace. Once certified, you can also advertise your certification to future clients and employees, giving them added trust in your capabilities and forward thinking.

Does your company wish to improve performance?

Through ISO 45001 Certification, your company will benefit from a structured guide, step-by-step, that will enhance your organizations performance. ISO audits goal is to not only find non-compliances, they actively seek to improve inefficiencies, with the end goal of making your organization more productive, improve performance, and satisfy your bottom line.

Does employee protection matter to you?

The standard set out by ISO 45001 management allows company owners and higher ups to determine what requirements need to be achieved to provide a safe and reliable environment for their workers and contractors. Once ISO 45001 is implemented, the Certification availed by the company thus proves the company to be safe to work at for the outer sources. Moving forward as ISO 45001 becomes more integrated into companies and their best practices, this standard could become a requirement for suppliers, contractors, etc. to do business. Like ISO 9001, companies may demand your compliance to ensure your organization is treating employees with similar standards to theirs, as are the goal of international standards.

Are you focused on improving productivity?

The implementation of ISO 45001 management allows a way towards less workplace injuries and illnesses through a proactive approach to organizational health and safety. By being proactive, a company can improve its productivity by manifolds. With ISO 45001 Certification, companies prove that they have taken every necessary measure to protect the workers, eliminating inefficient practices, and proactive measures and guides in place, employees deliver more in less time due to effective systems in place.

Do you wish to prove a commitment towards employee health and safety?

The acquirement of ISO 45001 Certification demonstrates a company’s interest towards their workers and their safety. This is a challenging aspect of many industries, especially if the work involves great physical challenges; oil refineries, factories, warehouses, etc., need to take great care to implement effective solutions to workers safety, and ensure while the job is dangerous by nature – necessary steps have and are being taken to make the workplace as safe as possible for employees and contractors.

An ISO 45001 Certification indisputably proves your company cares and will has the employees’ interest at heart, and all the precautionary measures have been taken to ensure their safety.

Do you wish to reduce workers’ insurance premiums?

With ISO 45001 implementation and Certification, companies can reduce insurance premiums. By maintaining a proactive system to reducing hazardous environments in the workplace, insurance costs will reduce, allowing your company to continue running as usual, but reducing costs associated with insurance.

The ISO 45001 Certification has several other benefits including workplace cultural change and employee job satisfaction, knowledge, and participation. ISO 45001 focuses on employee participation, and the context of Organization and Leadership points out the roles played by employees in developing occupational health and safety management system parallel to mid-level and management.

Does your company need ISO 45001?

The decision to earn your certificate for compliance with ISO 45001 is dependant on many factors, and as the decision maker in your organization, it’s your decision to make. However, it’s important to note that organizations wishing to work internationally or who want to show compliance with global standards of Health and Safety in the workplace will need to implement and obtain ISO 45001 Certification.

What are the Differences between ISO 45001 and OHSAS 18001?

0 753
7 Quality Management Principles

This document, originally posted on introduces the 7 quality management principles that ISO 9000, ISO 9001 and other related quality management standards are based on. We have summarized the key points for you to digest. View the full document on

The 7 Quality Management Principles

“Quality Management Principles are a set of fundamental beliefs, norms, rules, and values that are accepted as true and can be used as a basis for quality management”.  ISO Standards use these rules or principles as a foundation to lead an organization to improvement of their processes. These principles were “developed and updated by international experts of ISO/TC 176, which is responsible for developing and maintaining ISO quality management standards”.

1. Customer Focus

“The primary focus of quality management is to meet customer requirements and to strive to exceed customer expectation”

This principle considers the organizations end goal of meeting, and exceed customer expectation with regards to confidence in their product or service. Sustained success is achieved by understanding the consumer and their needs; current and future; adding value at every interaction, and doing business with their needs in mind – this principle considers the companies focus is on their customer.

2. Leadership

“Leaders are all levels establish unity of purpose and direction and create conditions in which people are engaged in achieving the organization’s quality objectives”.

Leadership creates alignment. Alignment in strategies, company policies, vision and direction, processes, allocation of resources, etc. Standard within leadership are created with the purpose of achieving and succeeding company objectives.

3. Engagement of People

“Competent, empowered, and engaged people at all levels throughout the organization are essential to enhance its capability to create and deliver value”.

Simply put, organizations with engaged and empowered employees thrive.  It is essential for organizations or work effectively and efficiently, to lead and delegate by trusting their employees with the task ahead. Give recognition, empower your people and promote positivity. Facilitate the engagement of people in achieving the organization’s quality objectives.

4. Process Approach

“Consistent and predictable results are achieved more effectively and efficiently when activities are understood and managed as interrelated processes that function as a coherent system”.

By understanding how a process achieves results, an organization can optimize their systems and improve performance. One key benefit to this is achieving “consistent and predictable outcomes through a system of aligned processes”.

5. Improvement

“Successful organizations have an ongoing focus on improvement”

As the saying goes “change is the only constant”. For organizations to remain competitive and current, constant improvement is needed. Reacting to changes internally and externally; be it shift in leadership, consumer habits, or economic shifts; can create new and positive opportunities.

6. Evidence-Based Decision Making

“Decisions based on the analysis and evaluation of data and information are more likely to produce desired results”.

Correlation between variables, does not necessarily mean that a change in one variable is the cause of the change of the other variable. Ensure you are using sound and accurate measurements when you are making decisions to avoid subjective decisions that are not based on real data. “Facts, evidence, and data analysis lead to greater objectivity and confidence in decision making”.

7. Relationship Management

“For sustained success, and organization manages its relationships with interested parties, such as suppliers”.

Much like how engaging employees contributes to success, maintaining good relations with suppliers can influence the performance of an organization.  Suppliers and interested parties have an impact on your business and its success, whether you admit it or not. Maintaining relationships with such parties can contribute to sustained success by optimizing their impact on performance.

Next Steps

We’ve provided you with a general overview on the 7 quality management principles that are the baseline for ISO quality management standards, and how they can form a basis for performance improvement and organizational excellence.

Every organization is different, and how you apply these principles will be different, as the nature of your organization and the specific challenges you face differs. However, understanding the underlying principles is important to effectively implement standards.

Further Information

Download the PDF to dive further into each of the 7 principles. It will walk you through the Key Benefits of each of the 7 principles, and give you tangible ways to implement them in your organization. Download the PDF here.

Learn about the difference between Quality Management and Quality Improvement.

0 853
ISO 17025 and ISO 9001 Main Differences and Similarities
ISO 17025 and ISO 9001 Main Differences and Similarities

ISO 17025:2017

ISO 17025: 2017 “General laboratory competency of testing calibration requirements” is the third edition of this standard. The intentions of this standard are to be used as impartiality, competence and consistent requirements of calibration laboratories of all sizes or number of employees regardless of the industry. The standard requirements include rules on impartiality and confidentiality while performing calibration (clause 4), the company’s structural requirements (clause 5) and the requirements for the resources needed to carry out calibrations such as facilities, personnel, and equipment (clause 6).

All the necessary process requirements for performing calibrations (clause 7) are also included. They include;

Quotes and contracts reviewal: How do you ensure you get exactly what the customer wants done?

Calibration methods: How do you do the selection, verification, and validation of the method used for calibrating?

Sampling: When you don’t want to do everything, how do you do the selection of samples?

Handling items: What rules requirement do you need in handling test and calibration items that are given to you?

Records: What technical record do you need in keeping calibrations done on the equipment?

Result reporting: How do you do the reporting to the customers? Do you include general and specific requirements and also updating reports?

Complaints & nonconforming: How do you deal with complaints, including calibrations handling that you’ve done that are found to be non-conforming?

Data & IT management: How do you do the management of information technology as well as data in ensuring that the data is preserved against misuse?

From these requirements, you give the details needed in managing a calibration laboratory to ensure that the certifications you give out are right and traceable to the international standards.
These requirements are very specific for this type of laboratory and they also include other further requirements for a QMS in clause 8 (Management System requirements).


The applicability of the standards differentiates ISO 17025:2017 and ISO 9001:2015. ISO 9001:2015 can be applied to any type of company and in all industries, whereas ISO 17025:2015 can only be applied to calibration laboratories in any industry. Thus, ISO 9001:2015 requirements are very generic for them to be applied in any type of industry while ISO 17025:2017 are specific on what needs to be implemented in calibration laboratories.
An example: ISO 9001:2015 general requirements on the resources as well as processes are very general for any industry but ISO 17025:2017 tells you the resources required and how every process needs to be done in a calibration laboratory.
However, if you haven’t implemented ISO 9001, there are a minimum set of QMS requirements that are needed for ISO 17025:2017 standard that is referred to as option A. Implementing ISO 9001 is nice having it, it doesn’t have to comply with ISO 17025:2017. Such minimum requirements are quite similar to those that are found in ISO 9001:2015 and they include;

  • Improvement
  • Management reviews
  • Management system documents control
  • Documentation of management system
  • Corrective actions
  • Handling risks and opportunities
  • Records control
  • Internal audits

Things missing in QMS if ISO 17025:2017 minimum requirements but are included in ISO 9001:2015 requirements include;

The context of the organization: ISO 17025:2017 doesn’t talk about identification of your internal and internal issues or on establishment a QMS scope or interested parties.

Leadership: ISO 17025:2017 doesn’t include leadership commitments list that includes the quality policy.

Quality objectives: ISO 17025:2017 doesn’t include these essential QMS goals but they are included in ISO 9001:2015.

0 709

An organization faces many health and safety related issues despite planning and establishing various systems in place to ensure that all health and safety related requirements are addressed. Issues like more than expected health complaints, incidents resulting in serious injuries, absenteeism impacting work and deliveries to customers and many other such problems are a cause of concern to the organization at some point of time. These issues result in low worker satisfaction or motivation and may impact deliveries to customers resulting in lower customer satisfaction. It is important for an organization to keep a track of all such cases. To do this an organization needs to monitor, measure, analyze and evaluate processes to ensure that these are effective, adequate and suitable. ISO 45001 talks about this in the clause on Performance Evaluation.

Measurement and Monitoring Requirements

Measurement and monitoring requirements should be decided on the basis of risk and criticality of the process. The measurements should be in line with OH&S objectives established for the organization. The measurement and monitoring requirements should consider requirements of the standard, legal requirements and other requirements. Some examples can be:

  • observation of health of employees, work environment monitoring;
  • progress on policy declarations, objective achievement, and continual improvement;
  • competence levels of the workers
  • gaps in compliance with legal requirements, if any
  • Standards and Codes;
  • Insurance Requirements

Once you have identified your measurement and monitoring requirements, you need to establish systems to collect and consolidate these measures. To do this, you need to define criteria to compare these measurements. These criteria could be against industry benchmarks or organization’s own codes and objectives. Establish measurement devices or tools that would be required to take these measurements. Along with methods to collect and consolidation, establish methods to check that the results of measurements are valid.

Analysis and Evaluation

Analysis is the process of investigating data to determine relationships and trends. You may use various statistical tools like Pareto analysis, fish-bone analysis, 5-why analysis, etc. to draw a conclusion from data.

Evaluation is done to ensure adequacy, suitability and effectiveness of health and safety requirements. This activity is most often related to monitoring activities. Occupational health complaints, work environment monitoring and health surveillance of workers are some of the elements that need to be monitored in an organization.

The results of analysis and evaluation shall be used to take actions to eliminate root causes which are the reason for negative feedback or measurement going beyond the targets established.

Present the trend analysis in Management review meetings and Identify the need for improvements within the OH&S management system through evaluation of these processes.

Analysis and Evaluation of data may specify a number of areas of concerns or risks. Adequate actions should be taken pro-actively to ensure these risks or problems are adequately addressed before they reach severe levels and are difficult to con


0 1027
ISO 45001 will focus on fundamental concepts like “risk”, “worker”, and “workplace”.

Organizations are faced with numerous incidents and non-conformities at different point of time. Incidents could be as simple as a worker’s ill-health or serious such as high exposure to hazardous material or a vehicle accident. Similarly, Non-conformities may arise when a procedure is not met, a protective equipment starts mal-functioning or damage to property which may cause health or safety related risk to workers or other interested parties. ISO 45001 requires that all such events shall be identified and adequate actions shall be planned to address these incidents and non-conformities.

ISO 45001 requires organizations to plan, establish, and maintain a process to handle Incidents and Non-Conformities, whenever they are encountered. The process must include the following steps:

  • Report all incidents and non-conformities, whenever these are encountered.
  • Take immediate action to correct the Incident or Non-conformity in order to control the incident / non-conformity and deal with any consequences.
  • Identify all possible root cause that caused the problem. There are various tools that may be used to identify the root cause such as 5-Why analysis, Fish-bone Analysis, etc. Workers and other interested parties need to be involved when identifying root causes for an incident or non-conformity.
  • Undertake corrective action to eliminate the root cause. The intent of this exercise is to ensure that the incident or non-conformity will not occur again due to the root cause and will eventually improve the process.
  • Monitor the effectiveness of corrective actions to ensure that the non-conformity or incident has been completely eliminated.
  • The corrective action records and a summary of corrective action results need to be presented in management reviews.

Addressing all non-conformities and incidents in a holistic manner using root cause analysis helps an organization to further improve its processes and reduces any organizational health and safety related risks related to incident or non-conformity. This reduces the number of incidents and non-conformities over a period of time and organization can yield the benefits of reduced cost due to these incidents or non-conformities. Therefore, it is important for any organization to address all incidents and non-conformities and take appropriate corrective actions.

0 1190
5 Steps for Emergency Response Planning in ISO 45001 -

An unforeseen emergency can happen at any time. Emergencies can be natural like flood, earthquake, tornado, or a result of human involvement, for example fire, chemical or toxic substance spill, major structural failure. ISO 45001 ensures organisations are prepared to handle all emergencies through adequate response planning. The steps that need to be undertaken for emergency response planning are:

1. Identify Emergencies

The first step towards emergency response planning is to identify all emergency situations that an organization may face during working hours or beyond working hours. Consider company’s location, nature of company’s work, machines or chemicals that are used, manufactured or stored within the premises. Create a list of all potential emergencies that the company might face. Assess the risks associated with these emergencies.

2. Identify supplies/resources needed to respond to emergencies

You need to assess your current workplace ability to respond to emergencies. This includes internal and external resources, medical or other supplies required to respond to emergencies. You may be able to control some of the emergencies with proactive controls, like reducing ignition sources. Apart from pro-active controls, identify reactive controls like communication channels, medical aid, generators, firefighting equipment, etc. that may be required when an emergency occurs.

3. Create an emergency response plan

Appropriate Emergency Response plan need to be created once emergencies and mechanism of their response are identified. This will include procedures to handle emergencies, location and instructions for emergency facilities, Evacuation procedures, alarm and emergency facilities.

4. Communicate and Train workers/relevant stakeholders on emergency response

Once an Emergency Response Plan is created, it is important to communicate the plan to all workers /relevant stakeholders. You need to train workers to handle emergency situations. Frequent emergency drills may be carried out to educate workers from time to time.

5. Evaluation and revision of emergency response procedures

The emergency response procedures should be evaluated after a drill or after an emergency is faced. If need be, these emergency procedures should be changed or revised based on the results of testing or drills.

Emergency response planning is important for any company as it is always better to be safe than sorry. Putting in an effective response plan for emergencies may take some effort but it pays off in the long run. It ensures the safety of your workers and helps build a healthy and safe workplace.

Learn more about ISO 45001

0 11211

“What’s in it for me?” is not an unreasonable question for anyone to ask, especially if you are going to ask them to spend money. If you want your business to invest in a Quality Management System such as ISO 9001 you should have some idea of what it is going to cost you and how much you will get back for your investment.

Measuring Your Quality Costs

One way to look at this is to look at the model for Cost of Quality (CoQ) suggested by Armand V. Feigenbaum. His model splits quality costs into four areas:

  • Prevention Costs: The money spent on preventing issues from occurring such as training, creation of standards, quality plans, etc.
  • Appraisal Costs: The money spent on physically checking and auditing products, and systems.
  • Internal Failure Costs: Costs incurred when a failure occurs in house; scrap, rework, time spent replacing product, etc.
  • External Failure Costs: These usually cover everything from warranty costs to lost business.

It is generally accepted that spending money on prevention is going to be a lot less expensive than dealing with an issue once it hits your customer. In most models, it is suggested that costs increase by an order of magnitude for each step as you move from prevention through to external failure costs. Therefore, it will cost your business 10 times as much to deal with an issue once it has reached the customer than if you had caught it in-house, and would cost you a tenth as much to prevent the same  issue.

How Much Can You Save?

The problem of course is that with an effective quality system you prevent the problems from occurring in the first place so you never actually “see” the benefit as the problem never occurs. This can lull some businesses into a false sense of security and lead them to think that they can cut costs by spending less on quality when times are tough. The results of this can be very expensive when a product or service of poor quality slips through to the customer.

Of course if you measure CoQ right from the start you will be able to see how spending more on prevention and appraisal helps to reduce your failure costs and will result in an understanding of what that return on your investment is. You will be able to see the effect of spending more up front lowers the cost of poor quality.

Every business is very different and the ROI that you can achieve in one industry is going to be very different to that achieved in another. As a guide, a recent study undertaken through the American Society for Quality (ASQ) showed that for every $1 spent on your QMS, you could expect to see an additional $6 in revenue, a $16 reduction in costs, and a $3 increase in profits. On average, they saw that quality management reduced costs by 4.8%.

Another study undertaken by the Harvard Business School showed that companies that adopted ISO 9001 had the following benefits:

  • Higher rates of survival
  • Increased Sales
  • Growth in employment
  • Increased wages
  • Less waste
  • Improved worker productivity

So, while it may not be easy to predict your ROI, you can be pretty sure that investing money up front on your Quality Management System is going to be an effective investment.