Selecting, Implementing, and Using QMS Software Solutions

Selecting,
Implementing,
and Using
QMS Software
Solutions
THE QMS GUIDEBOOK
Table of Contents
Introduction: Why do We Need QMS?

Getting on the Quality Management Software Soapbox. . . . . . . . . 3
Getting Started on Your Journey

8 Simple Rules for Selecting a Quality Management Software System . . . 6
Look Under the Surface: 4 Things to Ask a Compliance Software Vendor �� 8
Tips for Implementation Success

Build vs. Buy: Best-Practice QMS Solution over Custom Development . . . 10
Avoid Scope Creep in Enterprise Software Implementation . . . . . . . 13
ROI: Assessing Value in a Quality and EHS Management System . . . . . 15
Best Practices for QMS Solutions

The Importance of Risk in the Complex Quality Lifecycle . . . . . . . . 17
Risk Assessment: Creating a Risk Matrix . . . . . . . . . . . . . . . 18
Three Keys to Global Harmonization in Quality: Learning to Share . . . . 20
Final Thoughts: Fun Takes on QMS Software

Is Quality Dying a Slow Death, or Evolving Beyond Definition? . . . . . . 21
What Star Wars Can Learn from Quality Management Software . . . . . 22
The QMS Guidebook: Selecting, Implementing, and Using QMS Software Solutions
www.etq.com • 800.354.4476 • info@etq.com
3 | Getting on the Quality Management Software Soapbox
Getting on the Quality Management

Software Soapbox
but it is still a complex dynamic. Each company will need to
determine which risk model best fits their business needs. The
trick is to find a solution that is flexible enough to provide the
level of detail needed for risk activities, but make it easy for each
company to adapt and grow their Risk Management program.
What You Didn’t Know, or Were Afraid to Ask

The main obstacle to truly being risk-based is the shift in
changing your understanding of Quality and risk. It’s sometimes
difficult to understand what is “critical” in a business, and
therefore overuse Corrective Actions. Many feel it’s better to just
initiate the Corrective Action and deal with the process than truly
assess whether you even need it. Not every adverse events needs
to be a Corrective Action; this dilutes the purpose of the process.
Corrective Actions are designed to correct critical and/or systemic
issues. Risk Assessment and Risk Management are designed to
help discern which is critical and which is not critical. Non-critical
Is The Quality Management Software Market events can be immediately corrected; however, many businesses
do not see the value of correcting non-critical events in the
Evolving to be Easier, or More Complex? source data in which they are found.
As the world market evolves, product lifecycles are speeding up
Especially in regulated industries where the scrutiny is so high,
to accommodate market demand and keep up with competing
we often want to err on the side of caution and do a full-blown
products. As a result, Quality benchmarks need to evolve as
investigation on a minor event, such as a label smudge. While this
well. Risk is fast becoming the benchmark for assessing Quality
is an important correction, it’s not critical and wastes resources
throughout an organization. This is because organizations
and time for a business. First and foremost, organizations need
need a systematic and objective way of looking at incoming
to realize where their critical events lie, focus on those first,
information and making decisions on how best to manage
then worry about the non-critical areas as they come. Risk
Quality. Risk Management provides this benchmark—it allows
Management provides this ability to filter out the critical events
for a quantitative method to review the data and come up
and make the right decisions on how to handle them.
with decision criteria to help make better decisions leading to
better Quality. In this day and age, companies cannot afford
Why Companies are Still Reluctant to
to lag on their Quality—product lifecycles are moving too fast
and companies cannot keep up. Risk has evolved over the Purchase a QMS
years to be more quantitative in nature and is incorporated Software is a key component in today’s industries. Again,
into traditional Quality models in order to keep up with the industries are moving faster and much like the automated
pace of the new markets. This evolution is seen in adopting risk assembly line, so too must the business processes that govern
matrices incorporated into multiple facets of the Quality dynamic; manufacturing be automated. So why are people so hesitant to
Complaints, Audits, Nonconformances, Corrective Actions, implement software? Here are a few potential reasons:
and similar functions all use Risk in some form or another.
This is growing in interest to the point in which risk activities 1. The Fallacy of the Custom Solution: Most people
often govern the processes and are fully integrated in the remember the days of the custom-developed solution, where
traditional workflows. in order to get the software to work the way you want it to,
you need a team of developers over the period of a year or
Whereas this was once a discipline reserved for only the more to code the system into your company’s “mold.” While
leading edge companies, is now becoming mainstream. Most the stigma remains, the software has evolved beyond this.
software solutions have some element of risk built in, and as Especially in business process automation (such as Quality),
more risk solutions are offered, more companies adopt the risk the custom solution is gone, giving way to the “configured”
methodologies. This mainstream adoption is going on now and solution. Adaptations and changes to the system are all
soon it will be hard to find a company that doesn’t have some encased in settings and drag and drop interfaces, making
sort of risk built into their system. The bottom line is that Risk the configuration of the system as easy as changing your
Management is getting easier to access for all organizations; Facebook settings. Now the business user, not a developer,
is adapting the system to meet the business need; this is ensuring the Quality and Compliance of your operation.
extremely powerful and time-saving on resources, but is also Software can provide that time-savings through automating
putting the software design in the hands of the people who processes, integrating with other business systems, and
actually use the tools. Very powerful, and organizations are fostering better visibility and collaboration throughout the
slowly warming up to this concept. business.
2. The Fallacy that Software is too Expensive: Much like 2. Return on Investment: There’s not doubt that oftware
the advent of standardize parts in the automotive industry, is an investment. From the small desktop solutions to the
having a configured system that has all the components enterprise systems, there is an investment to be made. The
developed out of the box has driven the price point down return on that investment is where the difference is made.
considerably. One solution can satisfy many different If you can reduce your Corrective Action cycle time by 50%,
organization’s needs, and so companies can now get into a and you’re able to focus on the issues that matter most to
decent enterprise software product for a fraction of the cost organization, then you’ve already seen the return. The key
10, even 5 years ago. here is to ensure that you’ve maximized the software to
realize that return.
3. The Fallacy of the In-House Maintenance: Another
issue that comes up with many smaller businesses is a small Then there are the not-so-obvious benefits.
IT footprint. They cannot manage yet another system, and IT
will not administer the system for them. Thanks to the advent 1. Rapid Application Development: As a Quality
of cloud computing, we are seeing this paradigm slowly professional, you’re not in the business of building
fade. Software as a Service (SaaS) is growing in exponential applications. But to the earlier point, software these days is
fashion, and it enables a small organization to get into the less developing and more configuring. Many organizations
game with little to no administrative IT footprint. Much like are leveraging the workflow-based platforms to extend
we use Facebook, Pandora, and LinkedIn in our personal lives, the software to more areas of the business. Take the
so too are professional software solutions coming into the Environmental Health and Safety (EHS) system for example—
fray. Applications that are delivered in the cloud and are paid many Quality systems have similar functions to that of an
as a subscription are enabling smaller businesses to enjoy the EHS system. If you can leverage your existing solution in
benefits of enterprise Quality Management solutions, without Quality, and create a similar set of modules for the EHS
having to dedicate specific resources or significant cash flow team, you’ve not only doubled the power of the software to
to a single tool. Pay as you go—it’s the way of the future. another operational area, but you’ve also created another
“hero moment” for you and your team. Many organizations
Everyone resists change. Most often, the larger companies will have become a center of excellence due in part to their
be the ones to take the first step, and sometimes the innovators use and innovation into other areas like EHS, HR, PLM, and
in the industry, regardless of size. Mainstream adoption often Supplier Management.
comes when it becomes easier to make the change from one
system (or no system) to an automated software tool. With 2. Enterprise Risk Management: QMS solutions that
flexible, configurable solutions that can be deployed in-house or incorporate risk are unique in that the risk concept
over the Web, change becomes easier, and more and more small transcends Quality. Risk is a company-wide issue. You’ve
to mid-sized organizations can enjoy the benefits of the solutions heard the mantra, “Quality is everyone’s responsibility.”
in the market today. That’s a nice statement, but often Quality is really only the
“responsibility” of the Quality department. Very few outside
What are the Obvious and Not-so-Obvious of Quality actually “speak” Quality, so there is a disconnect.
However, everyone in the company speaks risk. By using risk
Benefits to a QMS Solution? as a benchmark, you are translating your Quality activities
As with anything, you often find that your goals change over
into risks and opportunities that the entire company can
time. This is also the case with an enterprise Quality Management
understand. Enterprise Risk is a function that can come from
System (QMS). Many will enter into an investment in a QMS
Quality and be extended to the entire organization. Along
with very specific goals—“implement Document Control and
with that, a risk-based QMS can be extended to encompass
Corrective Action,” and then as they see more value, they see
the entire enterprise, thereby becoming an Enterprise Risk
more potential in the software. You get the “core” needs covered,
Management (ERM) solution.
and then as that is running smoothly you begin to look for ways
to make the software work for you elsewhere. That’s what it’s
What’s Your Price? Moreover, what’s Your
for—it makes your job easier. The obvious benefits are:
Price Not to go with QMS?
1. Time-savings: Let’s face it—manually processes are time- How much to pay for an Enterprise Quality Management
consuming. Chasing paper is not what you’re in Quality for. solution? Again, when we look at this, we have to discuss in terms
You need to be able to free up as much time dedicated to of not price point, but also investment and return. How much
is an automated system worth to your organization? Typically

enterprise systems will not be cheap, but the key is to do your
due diligence and examine your current “as-is” and the potential
“to-be” by implementing a system. Configurable systems and
systems hosted in the Cloud will be offered at a reasonable price,
and as these systems become more flexible and easily deployed,
you will see the price points go down. Consider the following
examples of Return on Investment (ROI):
1. Case: One Life Sciences consumer goods company was

using over 500 systems to manage both Quality and EHS
(QEHS) processes. This varied in range from spreadsheets to
enterprise ERP systems, across all of their global applications.
Managing 500+ different sources of data left them with a
disparate view of their QEHS. They decided to make the
investment in an automated solution, and thanks to the
benefits listed above, they’ve reduce the 500+ systems down
to a single system. Regardless of their actual investment cost,
the benefit of having a single source of the truth has been an
overwhelming return.
2. Case: A Blood Services organization had a manual Quality

process that tracked their Quality Control (QC) data. Since
this was a manual process, the time it took to manage and
review the QC data was roughly 45 days to completion. Once
they implemented an automated system, they have since
reduced this time to less than a day for the same process.
Less than a day! They estimate the time saved to be near 650
hours of labor. This is a perfect example of time-savings as
an ROI metric.
Scalability: Can’t We All Get Along?

One key area that needs to also be mentioned is scalability. We
no longer live in a single siloed world. Companies have multiple
facilities, each with their own unique processes relative to the
corporate standard. Everyone operates in their own way that
works for them, and implementing a software system should
not force them to change. QMS needs to be adaptable to the
business processes for each line of the business, but also conform
to a corporate standard. So the question becomes, “how can
we all be unique in our processes, but conform to the common
corporate platform?” QMSs are evolving to address this issue. It
used to be that for each site, a separate instance of the software
needed to be installed and maintained. If you have 30 sites, then
you would need 30 systems, each with their own administration
and workflows. No longer is this the case. Flexibility is now
extending beyond just the processes and workflows, but also
into the locations in which processes are located. With flexibility
by location, you can log into the system from your site and see
all the relevant workflows, coupled with some of the corporate
standard workflows. They become one holistic workflow that can
vary site to site, but maintain the relevant data that corporate
needs to track. So in effect, you have a global, holistic solution
that can satisfy both corporate needs and the needs of the
individual sites.
6 | 8 Simple Rules for Selecting a Quality Management Software System
8 Simple Rules for Selecting a Quality

Management Software System
In a market where high-demand causes organizations to organization’s look and feel. While many ask whether the
seek software systems that will fit into their complex business system can be configured to meet their changing needs,
infrastructure, the pressure to find the right system often causes the ability to change the colors, logos, fonts, and general
angst to many. Coupled with the host of options out there, the layout of the navigators, forms and reports is usually
pressure builds. Often, organizations will “settle” on a system an afterthought. Many systems will offer some level of
that has most of the functionality they need, but doesn’t provide configurability, but this will usually not extend to the layouts
everything they want. That being said, here are “8 Simple Rules” themselves. End users must contend with the vendor’s
on what to look for in a QMS. look-and-feel, which will be foreign to them. The ability
to control all aspects of the software’s user interface helps
1. Flexibility to Adapt to Business Processes: Probably user-acceptance of the software, and user buy-in is one
the most important consideration is the ability of the system of the major contributors to a software implementation’s
to adapt to your existing business processes, and be flexible success. In the age of Web-based applications, vendors can
enough to change and improve as your processes change demonstrate flexibility by complying with Web user interface
and improve. This may seem like a simple statement, but standards. Furthermore, they should be able to provide this
many times software vendors build their systems around control without the need to customize the software. When
a generic, best-practice approach that cannot be changed selecting a system, have a well-defined set of user interface
without substantial time and cost. These vendors want you requirements that will make the system work for you, and
to adapt your processes to their software, not the other ensure that the system is able to meet those requirements
way around. If your company has spent years developing without having to do extensive development.
and fine-tuning business processes, and upon purchasing a
software system, you find yourself reengineering your proven 4. Making Sense of the Data—Reporting and
processes to fit within the software system’s limitations, you Searching: When you automate using QMS, there is an
have compromised your efficiency. enormous amount of data created. Without some means
of easily accessing the data, the QMS makes it extremely
Do not compromise—find a solution that is truly flexible and difficult to derive trends and insights on the Quality system.
configurable, and can configure all aspects of the software, Users are left to their own devices to manually filter out the
including workflows, forms, fields, reports, business rules, data, or even export the results into an external system for
even the look and feel. Configuration should also be easy for reporting. This is a time-consuming effort, and can lead to
non-technical administrators. Graphical tools such as drag- time management issues in finding the data, filtering the
and-drop will enable administrators to own the configurations of data and reporting on the data. Software systems will often
the system with limited to no programming knowledge required. offer some means of search capabilities, but this comes in
In many cases, the cost of changing your operations as a result of many ways and may require administrative intervention.
an inflexible software package outweighs the cost of the package Having search capabilities is often not enough—the system
itself. Careful and thoughtful attention to the software’s flexibility should be able to search not only at the highest level, but
is key to a successful implementation. also search on multiple criteria and search within records, or
even within attachments embedded in records. At the same
2. Web-based versus Web-enabled: The Internet has
time, reporting on the data comes in many flavors. Many
made the world much smaller. Organizations are building
software vendors consider reporting an afterthought in the
intranets and extranets into their global network, and the
development of their products—usually partnering with third
need to have systems in place that not only utilize the
party tools to help make sense of the data, but with only
Internet but also thrive on it is key to success. Following
limited integration between the two systems. Others will
this lead, enterprise software vendors are building tools
embed reporting tools directly into their product—providing
that move away from the old client-server models to a thin-
a more integrated method of pulling data across records
client interface, allowing for more flexibility in a global
within the system. When selecting a software solution,
environment. There are software vendors that are Web-based
determine the types of searches and types of reports you
and some that are “Web-enabled.” Knowing the difference
need to generate, and require that the vendor is able to
between the two can provide a key differentiator in your
create such searches and generate the reports you need.
selection of the system.
5. Taking Quality to the Enterprise—Scalability
3. Look and Feel—Making the System Your Own:
Matters: Ultimately, your QMS may not serve a single site,
One of the more overlooked issues when selecting the
especially if your organization has multiple facilities. As
software is the ability to “brand” the system with your
7 | 8 Simple Rules for Selecting a Quality Management Software System
more and more companies scale their systems to span the many come from a technology background, and never take
enterprise, it will become necessary for the QMS to follow into account the user experience. The result is a software
suit. When selecting a software system, think about the system that is technologically advanced, but completely
long-term goals on how you plan to scale. It may not be “un-user friendly.”
an immediate need, but having the ability to expand your
QMS beyond your four walls to include other facilities, or When selecting a software system, take into account the
even suppliers and customers, can make a difference in the end user’s experience. Make sure the software can easily be
system’s long-term value. Watch out for false scalability configured to help the end user—whether it is familiar forms
promises—some systems will claim scalability, but have and layouts, even colors that match the corporate look. If you
no real experience in the matter. A scalable system must are replacing an existing system, see if you can match the new
obviously be technically capable of handling the load of system’s look and feel, even the form layouts to the old system.
additional users, but that is only half of the picture. The This can make the transition much easier, and make the end users
scalability of administration is equally important and can be more productive right from the start.
much more expensive to fix later if not considered up-front.
8. Time to Value—Implementation and Deployment:
Look for customer references that have scaled the system to a You’ve covered your needs in terms of the solution and it has
level that is equal to your business, specifically in the ability to all the bells and whistles your company needs—now what?
delegate administration to different levels in the organization, The solution needs to be implemented. This is where, many
across the entire enterprise. Truly scalable systems include times, software selections fail. In fact, in a recent study of over
location-based administration that extends beyond simply 9,000 software implementations, 71% of them either failed
managing different user groups, to enabling location-specific or were late or over budget. Many of these projects cited
configurations and dynamic filtering of location-specific data. the implementation project as a major reason for failure. It
is critically important that the software vendor be able to
6. Tying Systems Together through Integration: demonstrate their capability to not only deliver the solution
Operational areas no longer live in silos when it comes to to you on time and on budget, but do so in a fashion that
business systems. Whether they are Production, Financial, lets you use the system as you intend to use it—with all your
or Quality systems, the ability to interact, collaborate, and configurations and best practices built in.
coordinate across the business is key to uncovering any
gaps in processes, and creates visibility from one operational Look for a solution that has a proven implementation method
area to the next. It is of paramount importance to be able to that involves the requirements gathering, the side-by-side
integrate your systems. collaboration with their folks and your team, and sticks to an
agreed upon project scope. Furthermore, get your requirements
When looking to select a system, keep in mind the integration finalized up front—adding new features and functions
options available within the solution. Avoid solutions that claim mid-stream often delays projects as more time is added to the
integration, but will only do basic integration “lookups.” While project to meet these new “last minute” entries. Finally, make
this is powerful and eliminates some degree of double-entry sure all the stakeholders in your organization have had their
of data, true integration will not only pull data in from production opportunity to contribute to the requirements phase. This will
systems, but will also push data back to those systems, such ensure that all parties are satisfied before the implementation
as nonconformance issues, overall cost of Quality activities begins.
and more.
These 8 rules of engagement when selecting a software solution
7. Know Your Audience—End User Acceptance: (which can really be applied to any enterprise solution, not just
Typically, the team selecting a software system is made up of Quality or EHS), can have a tremendous impact on how you
multiple areas—IT, Quality, Operations, Purchasing, and more. approach your software purchases in the future.
More often than not, the participants are manager-level,
and are making the decision on behalf of themselves and
the end users. The end users, while most likely the highest
volume user, are more than likely not involved in the ultimate
decision. Many software systems will have the technology
and process management needed, but once implemented,
the end users are lost. It doesn’t look familiar; it doesn’t look
and feel right, and requires significant adjustment to get used
to. Look and feel may not seem like a “deal breaker” but it
can be a hindrance in the learning curve for many users, and
cause delays in getting implemented and effective. Many
software vendors do not come from your industry. In fact,
8 | Look Under the Surface: 4 Things to Ask a Compliance Software Vendor
Look Under the Surface: 4 Things to Ask a

Compliance Software Vendor
In this day and age, very rarely do people buy anything without draws so much focus, that the service element becomes
doing their research. This rings true when it comes to the buying an afterthought. Look for a vendor that has a proven track
process for enterprise software systems. In many ways, the buyer record of implementing their solutions successfully, and make
has so many tools available to research vendors and understand sure to spend some time reviewing their strategy. Proper
the pros and cons, we see a much more informed and educated implementations, whether large or small, should incorporate
enterprise buyer. Web-based research will give you some of the some element of project management that involves both
key areas to rate a vendor on, such as: parties. The best way to find out if the implementation
methods are “proven” is to look for proof from existing
Market expertise
customers.
Features and utilities
Broad company overview 2. Customer Satisfaction: Today’s enterprise software buyer
will no doubt ask for references. Most vendors will gladly turn
Pricing and support structure you towards their go-to reference or load you up with case
Breadth of applications offered studies. And most buyers will discuss the cursory questions—
“What do you like about the software,” and “does the
All these things can be commonly found after some basic
software meet your needs,” etc. When doing your reference
research, and a few discovery demonstrations. However, we
call, it’s also a good practice to delve into some more
still see cases where a company has selected a vendor, and
intangible questions. Remember, enterprise software is not
that vendor continues to fail on their delivery of the solution.
only an investment in a solution; it can be an investment in
You would think that these failures would be picked up on
the people within the company. Questions like “What do you
during their extensive, informed research, but there is more to a
think of your account manager or service manager,” or “Do
company than the above bullet points. Below are some additional
they respond to your needs at this company,” or even“ What
considerations to be aware of when selecting an enterprise
is their user conference like” will give you a deeper insight
vendor—those that go beyond pricing, features, and tools.
into how this company operates. These types of questions
1. Implementation Track Record: One of the primary (which may seem silly at first) add dimension to the vendor,
reasons software implementations fail is a lack of and also give you an indication of the health and longevity of
communication and project management within the the company. You want to invest with a company that will be
implementation team. To put it more simply, the project around for as long as you continue to work with them.
scope goes over time and over budget. Often (and especially
in the Compliance software market), the software sale
9 | Look Under the Surface: 4 Things to Ask a Compliance Software Vendor
3. Financial Well-Being: As stated above, you are investing be time to suggest a workshop or proof of concept. These
in an enterprise solution and the company behind it— are typically 1-2 day engagements with the vendor whereby
it’s critically important that you feel comfortable about you give them a simple set of requirements, and ask them
the company’s financial well-being as well as their product to implement it on a small scale. It’s like a “test-drive” of the
offering. In this day and age, software companies are being system on your terms and using your processes. What makes
bought and sold, and a company’s control is sometimes it powerful is that you can get a glimpse of how your future
in the hands of a venture capitalist rather than a software relationship with the vendor will be, and how they work when
architect. In some cases, the software vendor is a minority implementing your solution. These workshops can be time-
shareholder in their own company. Venture capital consuming (and occasionally a pay-for exercise), so reserve
investment, loans and lines of credit to keep operations this for special circumstances.
going—truth is, a software vendor may have more debt
than equity. Don’t hesitate to get financial information from In our world where we have all the information at our fingertips,
the vendor. it’s sometimes easy to say we know everything. But there are
still those data points that are not publicly known, and getting
Now many may not be apt to opening their books for you, the right answers can make a big difference in your decision.
and that’s fine—there are a few ways to get an accurate So it’s important to do your research and come to the table
financial picture: prepared, but don’t be afraid to ask for more information on your
enterprise software solution.
a. Search the Web for Investment News: Vendors
may not actively promote when they are bought or
invested in, but the investors love to talk up their
portfolio. Look for press releases from investors
on your vendor, and read carefully on whether the
investment firm is providing capital, or actually
purchasing the vendor.
b. Ask for a Debt to Equity Ratio: This is a great way

to see the financial health of an organization without
prying into their books. The Debt to Equity ratio will
indicate how much they owe versus how much they
own. Be wary of vendors with high ratios—chances
are they may be burning more cash than they are
bringing in.
c. Annual Growth Rate: Average growth percentages

over a 3-5 year period are nice, but the vendor could
have had one great year in year 1, and the next 2-4
years they declined. Compounded Annual Growth
Rate provides a more accurate depiction of how the
company has fared financially over the past few years.
d. Annual Net Income Growth Rate: Another

good metric to asses the health of a vendor is to
examine the net income growth, which is essentially
the vendor’s profitability. They could have a decent
revenue stream, but are they profiting enough to
sustain themselves? Net income will give you an idea
if the vendor can stand on its own two feet. These
are just some basic ways to understand the health of
the company. A healthy company that invests money
back into their product and plans for the long-term
will ultimately result in more product innovations,
providing you with services for years to come.
4. Proof of Concepts and Workshops: If you get to a

point where two vendors are equally adept, then it might
10 | Build vs. Buy: Best-Practice QMS Solution over Custom Development
Build vs. Buy: Best-Practice QMS Solution over

Custom Development
In today’s dynamic and demand-driven market, the need to This step is important, because 70% of software costs occur after
implement enterprise technology to keep pace with rapidly implementation. A rigorous lifecycle analysis that realistically
evolving operational, production and compliance environments estimates ongoing maintenance incurred by a custom
is key to success. In recent years, enterprise technology has development project often tips the balance in favor of buying.
become more prevalent in its penetration of all operational areas
within a business. It has become so prevalent that it is rare to 2. Flexibility and the Ability to Adapt to Change:
find a department within an organization that does not have Businesses experience constant and rapid changes.
a dedicated enterprise software solution to provide some level Companies change their processes, expand or shrink, and
of support. competition drives innovation to the market. Application
developers often hear “although we needed that a year
In the case of Quality, this statement rings true. In recent years, ago, it’s not what we need to run our business today.” Add
enterprise software solutions have become commonplace in rapidly changing technology and the adaptability of a
in many organizations, whether integrated QMS, or Quality homegrown system becomes an issue, and often a system
Management modules within larger production systems, built in-house becomes obsolete before it’s complete. A
even down to simple point solutions for Document Control or best practice configured application is a production ready
Corrective Action. Recent reports on top software components application that can be customized for a unique environment
for organizations show that Quality Management is at the top of within a relatively short timeframe.
the list. In many organizations, Quality Management solutions
are a strategic priority. As demand for these solutions grow, Furthermore, having the flexibility to adapt to changes is key
so does the vendor landscape—more software vendors are to success in response to changing market conditions. With
providing solutions for Quality and Compliance Management configurable solutions, processes can be changed as needed with
than ever before. little to no additional costs. With custom developed solutions,
there is little room for change—if change is required, it can result
When determining the strategy for automating a mission critical in hundreds of development hours and the project overruns can
business process like those in QMSs, a “Build versus Buy” choice be steep.
remains a key decision. Overwhelmingly, organizations have
proven the decision to “Buy” provides much greater value and 3. Best Practices Experience and Core Business Focus:
success than the decision to “Build.” Here is a “Top Five” list of When determining an enterprise solution, it is important
things to watch out for in a build versus buy scenario. to consider the focus of the organization. How well do the
vendors know the business challenges your organization
1. Predictable and Transparent Costs: Developing an faces? How well versed in best practices is the vendor, and
enterprise application is no small task, especially when it what is their experience in the industry? A vendor who is
comes to estimating the cost of development. When you rooted in these best practices has a broad knowledge base
buy a best-practice enterprise solution, you evaluate in of experience to draw from, whereas a custom development
advance the features, functions, and capabilities in an existing from a vendor outside of the industry will be starting from
enterprise environment. A known cost is attached to a best- scratch on how to match your business processes to the
practice solution. If you build a new system with alternative application. This can push the scope of the project out, simply
development resources, project costs and time to deploy may because the learning curve on processes and terminology
range widely, affecting the success of the project. need to be collaborated on. Selecting a vendor with a broad
background on a specific industry like Quality Management
In fact, according to Gartner Research Group, packaged helps to provide a foundation for building a process that
applications with best practices already built in have found favor meets your requirements, with a long-standing knowledge
within many enterprises and are now considered viable choices base of experience to draw from.
for many corporate tasks. In fact, corporate edicts have often
been established that preclude even a discussion of the build 4. Consider the Project Scope—Proven
versus buy process. Therefore, buying a software package with Implementation versus New Application
best practices already built in, under all circumstances is the Development: According to a report by the Standish
dominant trend. Group on more than thousands of software projects, 40%
failed completely, and an additional 33% were “challenged,”
When evaluating whether to buy or build, it’s critical to meaning that they completed late, went over budget, or were
thoroughly understand total costs during the software lifecycle— completed with fewer features and functions than originally
typically 7 or 8 years. specified. Even more staggering, a recent study by Gartner
Research revealed that nearly four in ten major software Because a best-practice configured solution requires little to no
purchases ended up as “shelfware”—software that was development costs and uses a proven method of implementation
purchased, but never implemented. to ensure projects are kept on scope, the actual risk associated
with implementing is considered lower than that of a custom-
The root of all these challenges lies in the ability of the project built application. This is primarily due to the unknown factors that
to be defined properly. With custom developed solutions, the can occur in custom development, as well as long-term costs to
project scope encounters obstacles not foreseen at the outset of update and maintain the custom-built system.
the project, and it is extremely difficult to estimate the time and
expense associated with a major development project. This is Avoid the Dangers of Buy…then Build
primarily due to development of new features not inherent within When making the decision of build versus buy, it’s important
an existing application or customer developed application, which to determine the level of development required, in either case.
creates a tendency to change and modify the scope “on the While many off the shelf software systems will claim to have the
fly.” The result, according to the Standish Group, estimates that best practices built out of the box, what is often not determined
52.7% of all custom application projects cost 189% of the original is any level of custom development that may be needed after
estimate provided. the software is purchased. Often times, purchased solutions will
incorporate a framework of best practices within their solution,
Software vendors with best practices built-in draw on a history
but in order to tailor the system to meet your needs, the system
of implementation of similar processes, and have implemented
must be custom developed. As a result, the customer is left with a
hundreds of projects of similar focus and scope. These
purchased solution that will need a custom development project
implementations follow a proven process, and follow a pattern of
added into the purchase, creating the same challenges with a
project management that delivers the product on-time and within
purely built solution. Look for systems that have the flexibility
scope.
to adapt to specific processes without any need for custom
5. Return on Investment—Look for the Hidden Cost development. These solutions often enable the administrator
of Development: While many custom-built applications (or “Power User”) to configure all aspects of the system to meet
outline a broad scope for a project, without having a best unique business needs. Configurable systems such as these
practice approach it is impossible to determine how long the completely eliminate any custom development needs, and
project will actually take. Vendors that offer a best practice provide a truly flexible and adaptable system that embodies the
solution are able to leverage years of implementation and purpose of a purchased, best-practice solution.
product development to accurately scope out a project and
The decision to implement enterprise software is not a simple
will not incur the same project overruns custom developed
task. Software solutions typically represent an investment of
solutions encounter.
5-7 years, often up to a decade for many organizations. When
Consider the breakdown on build versus buy conducted in a weighing the options of determining software selection, the
Standish Group Report, illustrated in the tables on the next page. “Build versus Buy” decision is one that will always come up,
and requires careful consideration on the path to take for your
When comparing these two scenarios, we can assign a risk investment.
ranking to build versus buy, as illustrated in the risk matrix below:
While both options have merit, many organizations opt to
leverage the existing best practices implemented within the
industry, the proven track record of success and innovation, and
the most flexible technology that will help them seek returns on
their technology solution. For many, the growing trend lies in
purchasing a solution that provides the most functionality and
features, and presents the lowest total risk to the organization.
13 | Avoid Scope Creep in Enterprise Software Implementation
Avoid Scope Creep in Enterprise

Software Implementation
While many companies focus heavily on the software’s ability to Here are just some quick points to consider when looking at an
meet the business need, very few focus on the vendor’s ability implementation project:
to implement the software. The responsibility of a software
implementation project is shared between the vendor and 1. Get the Requirements Up Front: While this may seem
the customer. While the vendor needs to deliver on all those like a no-brainer, many companies won’t truly know what
promises they made in the RFP, the customer needs to make their requirements are when they start a project. You may
sure that their processes are well-defined, and that all the have one or two project managers who swear up and down
requirements of the solution are outlined in detail. Without they know the processes, and do not need this exercise—
the roadmap for the solution, the vendor can only take a “best until you actually get all the stakeholders in a room. At that
attempt” at meeting the business need. Kind of like shooting a point, the picture gets painted a different shade of what you
moving target in the dark, blindfolded and with one hand tied thought. Many times, the stakeholders will “trickle in” during
behind the back. the project after implementation has begun, and this is the
source of the evil “Scope Creep” paradox. The more features
With all the investment put into selecting a software vendor for we want, the more time it will take, and the more time it will
your business, it is hard to believe that there is any possibility take, the less likely the vendor is to deliver it on time.
of failure. However, recent studies have shown that within a
sample set of more than 9,000 software rollouts, 71% either By gathering all the stakeholders and clearly defining the project
failed or were late and over budget. Even more staggering, a and its requirements at the start, the actual implementation
recent study by Gartner Research revealed that nearly four in ten process will move much smoother. No one is “trickling in” and all
major software purchases ended up as “shelfware”—software elements of the project are planned and ready to go. This early
that was purchased, but never implemented. The root cause of investment of time in the beginning of a project may seem like
such pitfalls is usually attributed to challenges associated with it would take longer on the outset, but in reality, this up-front
project management, and the inability to properly define the investment of time actually speeds up the project in the long run.
requirements to make the implementation successful. As a result, Resources are efficiently managed, project timelines are met, and
the end users never really accept the solution, and the cost to this project is delivered on time and on budget.
implement correctly becomes extended.
2. Get a Design Specification: Whether you are
Successful projects are the result of the Quality of the solution implementing a configurable, out-of-the-box solution or
and the acceptance of the solution by the end users. As seen a heavily custom developed application, getting a design
in the diagram below, without proper planning and project specification is an important step in the process. A design
definition at the start of the project, implementation projects can specification is essentially a simple mock-up, “wire frame”
often suffer in the long-term. Projects without a defined scope or depiction of what the final product is going to look like
will often require fluctuations in resource levels, and push the once implemented. These are typically done in phases of
project out far beyond its expected completion. the implementation, so that each “piece” is given its own
design specification. Think of it like building a house. You
would want to see the floor plan before they start laying the
foundation, and building up the rooms. You want to make
sure the bathroom is in the right place, the kitchen, and so
forth. Same goes for the software solution—making sure the
forms look right, the fields and keywords match your ideas,
and are in the right place are very important.
At this point, with the requirements gathered and design

specifications in place and approved, then the real
implementation can begin. Whether configuration or coding,
most implementations will vary, but ultimately the goals are
similar. This is to deliver the finished product according to the
information provided in the first two points. Ensuring the finished
product matches your requirements exactly is important, which is
covered in the next point.
14 | Avoid Scope Creep in Enterprise Software Implementation
3. UAT—User Acceptance Testing: It’s important to always

include the end users in the process—they are after all, the
day to day users of the system. Their acceptance of the
system will ultimately determine whether the new solution
is truly a success or not. The UAT phase of the process is
like the “test drive” of the new sports car—making sure
that the seats are comfortable, the engine is tuned, and the
wheels won’t fall off. Just the same in the software world—
move around through the workflows and forms, push the
performance, and make sure the proverbial “wheels stay on.”
This is usually done by the company’s project team, but many
like to take a few of their end users and let them comment
on the system. This is a good practice to get the “word on the
street” for those daily users.
The theory behind using this project management/requirements

first approach to implementation is that during UAT, only minor
problems are tweaked. The last thing either party wants is a major
technical flaw this late in the game.
Investment in software shouldn’t fall victim to a poor

implementation. Not only does it leave a bitter taste in the
mouths of the project team, but the software investment
becomes diluted and could end up as “shelfware.” Ensuring the
project requirements are gathered at the start, the design is
approved before implementing and testing on the backend will
help to make sure the project is completed within scope and
within budget.
15 | ROI: Assessing Value in a Quality and EHS Management System
ROI: Assessing Value in a Quality and EHS

Management System
Everyone seeks out value. Whether you’re a coupon clipper, a infrastructure and say, “can my too-big-to-fail systems handle
sale shopper, or a garage sale stalker, people look to get some the processes we need, and if not, what systems can we put in
sort of value out of their buying experience. And if the product is place that will integrate with these systems and provide me with
purchased at retail, you look for ways to get the most out of the quick ROI?” QMS and EHS are prime examples of systems to
product you purchased. accomplish this goal. Here’s what these systems offer:
The software sale is no different, and potential customers are

looking for ways to demonstrate a viable Return on Investment
(ROI). Let’s dispel any misconceptions first—software is not just
a tool, it’s an investment. Quality and Environmental Health and
Safety (EHS) management solutions require upfront costs, and
upfront effort to get it up and running, and the returns only
come after you’ve put financial investment into the product and
financial investment into the implementation. The key is how
quickly you expect to see a return.
In this market, ROI needs to happen quickly. We have entered a

time when IT departments are cutting budgets and looking for
ways to consolidate and integrate business systems. As such, IT
is looking for ways to cut systems that are draining resources,
protect budgets for larger-scale implementations, and seek out
solutions that are low-cost alternatives. The Chief Information
Officer (CIO) is looking for ways to demonstrate immediate ROI
on projects, to the tune of seeing returns within a Quarter. This 1. Workflow and Business Process Automation: Look
need has had an effect on the “Software Middle-Class”—those for a system that has the flexible workflow to not only
systems that are high-cost with long timelines to ROI. You have accomplish the task of Quality and Health and Safety, but
three real scenarios in this IT solution model: to also provide value in all business process initiatives. Can
the system be configured to do more for the organization?
1. The “Too Big To Fail”: These are the long-term, high
Leading systems integrate PLM, SCM features into Quality,
budget projects that are simply too big to abandon or
and add Sustainability to EHS that the software middle-class
too critical to the business to scale back. SAP is a prime
once handled; this provides additional value to the system
example—the solution touches so many parts of the
and makes it a lower-cost alternative to these middle-class
business, and has so much stake in the success of IT, that it
systems.
will never be scaled or abandoned.
2. Integration Capabilities: Again, the CIO will ask whether
2. The “Software Middle-Class”: These are specialized
the “big project” systems like SAP can handle the process,
solutions that serve a singular need (or the needs of a few),
and if it can’t, then can it be integrated with these QMS and
but come at a high-price of entry, and no definable ROI in the
EHS systems. Look for solid and certified integration points
near future. These are solutions that end up on the chopping
that will enhance your “too-big-to-fail” systems. Leading
block with people looking for lower cost alternatives.
QMS and EHS systems offer various levels of integration—
3. The “Low Entry, High Return”: These are specialized enough to fill the gaps that are necessary to round out the
solutions that have carved out their niche in a particular infrastructure.
function, and have certain “out-of-the-box” qualities that
3. Provide Immediate Value: When looking at these
make the product have a low entry cost, but due to the
systems, take time to realize the ROI is critical. The nature
configurable nature and flexibility, can yield a faster ROI than
of QMS and EHS systems is in their configurability—they
their middle class cousins.
are inherently built to be configured quickly and adapt to
So, what does this mean for Quality and EHS solutions? Well, changing processes with little to no programming or custom
it means that companies are looking for more value from their development. This enables them to provide value within a
systems; QMS and EHS solutions are expected to do more short span of time, usually within a Quarter.
and provide more immediate value. The CIO will look at their
16 | ROI: Assessing Value in a Quality and EHS Management System
4. Demonstrate Definable ROI: This one is tricky—how only do leading QMS and EHS system provide the low-entry,
do you define ROI? Many companies look for quantifiable high value mix, but are prime examples of gaining ROI in a short
ROI, but often have no baseline to compare it to. As many period of time.
organizations are not tracking ROI metrics on a particular
software solution, they seek ways to determine how much
value a system like Quality Management or EHS Management
will provide. Here are just some sample cases where ROI is
provided on QMS and EHS systems:
a. Time Savings: One area is in saving time over

manual or cumbersome processes. The nature of
workflow-based automated Quality and EHS is that
it reduces the cycle time to complete otherwise
manual process. One organization had a Quality
Control process that took upwards of 45 days to
complete a cycle in a manual process. This was
due to diverse locations and compiling data from
various sources. Using automated solutions, the QC
process was reduced from 45 days to a single day.
While not immediately quantifiable, the time savings
is staggering.
b. Systems Consolidation: Creating a centralized

resource for Quality and Safety is important to
demonstrate value. Another company had a diverse
portfolio of business systems managing their
processes, which would grow over time as new
divisions adopted business processes. At its high
point, they had over 700 business systems driving
processes, with various levels of complexity. Using
a single, holistic solution, they were able to reduce
the number of systems from 700 to a single system.
This alone saves time and money in maintenance,
but also provides a more efficient method of tracking
Quality and Safety.
c. Administrative Overhead: Manual or

cumbersome processes take up resources. Whether
this is in man-hours, administration time, or physical
bodies, this is time spent on the system, rather
than the business. One such example came when
an organization purchased a system to manage
Audits. The system enabled them to automatically
schedule audits versus manually scheduling them.
This reduction in time and overhead resulted in a
resource savings equal to 5 full-time employees. These
employees are now freed up to do work more relevant
to the business, and not on scheduling.
So, ROI is all in how you perceive value in the system. Look for a
solution that not only is able to provide value in a short period
of time, but demonstrates the value in a way that you can relate
to your organization. The above are just specific examples. You
would need to use these as a base, but will have to determine
your own metrics based on your unique business needs. The
take-away is that ROI comes in all shapes and sizes, and not
17 | The Importance of Risk in the Complex Quality Lifecycle
The Importance of Risk in the Complex

Quality Lifecycle
Manufacturing industries have matured over the years, customer In reality, ERM follows a path no different than the more granular
demand increases, and the complexity of the products also departmental levels:
increases. So we now have a complex product lifecycle that
needs to move faster to keep up with demand—manufacturers a. Risk Identification: Simply put, look for the
must keep pace with the demand, while ensuring Quality of the potential risks. Whether at a low-level or high-level,
product at every step. The faster we move, the harder it becomes you need to figure out where your risks arise. This can
to correct adverse events, and prevent Quality issues in the same be from adverse events, hazard analysis, departmental
way we’re used to. We need a measure to help us search out the surveys, and similar areas.
most critical issues and address the Quality issues that matter b. Risk Assessment: Once you’ve identified the risk,
most. Risk Management is of growing importance in Quality for you need to determine how severe it is. Is this risk
this very reason. high, low, or negligible? Assessment seeks to cate-
gorize (and potentially prioritize) our risk.
Let’s look at some of the areas risk plays in the Quality lifecycle:
c. Risk Review: New risks within an organization need
1. Risk in Design: Incorporating risk in design is a critical, to be reviewed. Risks cannot automatically be assigned
but sometimes overlooked component in the Quality life- an action—often you need a team to review the risk
cycle. Traditionally speaking, Quality has always been reactive ranking, determine the next steps, and so forth.
in nature—“events happen and we need to correct them.”
However, if we can work towards mitigating risk during d. Risk Mitigation: We now ask the question, “how do
earlier stages in the product lifecycle, such as in design, then we fix this?” Risk Mitigation relies on taking steps to
we can mitigate the risk of these in-field failures. Tools like correct the events, and ultimately reduce their risk to
Failure Modes and Effects Analysis (FMEA) or simple Hazard acceptable levels. Corrective Actions help to create a
Analysis provide the ability to break down a design into core plan for investigating and correcting systemic issues,
components and assess the risk of failure. By calculating the and reduce the risk of recurrence.
risk before the product is even built, you can take steps to e. Risk Reporting: The last step is sometimes over-
mitigate that risk in a more proactive way. Even for known looked, but critically important. Reporting not only
risks, you can better prepare your team for potential post- creates visibility into top risks, but it also lets you trend
market events, and handle them more efficiently. out potential areas of improvement. Reporting lets
you see how one area’s risks overlaps with another
2. Risk in Process: Corrective Actions are an issue in many
area’s risks.
organizations. You would think that a system designed to
efficiently correct a problem wouldn’t be a problem itself— As industries move faster and product lifecycles shorten, you
but it can be, especially if every event becomes a Corrective need to benchmark Quality not only as a corrective measure, but
Action. Too many Corrective Actions can shift the focus on in a proactive, preventive way. Incorporating risk into the product
what is most overdue, versus what is most critical. By incor- lifecycle will help to identify, mitigate, and prevent potential risks
porating risk into the process of adverse events, you can filter along the way.
the critical and non-critical events, ensuring that the highest
risk events make it to the top of the list. Less critical events You need to identify potential risks, assess the dangers, take steps
can even be handled immediately—Quality systems do not to correct your “path” to mitigate the risk, and continue on. The
specifically state that every event become a Corrective Action. faster you go, the more risk mitigation plays into the equation.
Using risk will help to streamline the system in this fashion.
3. Enterprise Risk Management: Risk mitigation is every-

where. If you think of an umbrella, the spines that make up
the umbrella are the various risk areas (risk in design, risk in
process, safety risks, human factors, governance, etc.). The
umbrella as a whole is Enterprise Risk Management (ERM).
ERM seeks to combine risk elements from all over the orga-
nization and take action based on those elements in broad
strategic level.
18 | Risk Assessment: Creating a Risk Matrix
Risk Assessment: Creating a Risk Matrix

In this day and age, risk is the biggest buzzword in the what about the middle? There’s a gray area of subjectivity here.
compliance industry. We’ve talked about it, you can’t go How do companies determine this gray area?
anywhere without hearing about it, and everyone’s got a risk-
based solution. I think the primary reason why we focus on Risk
Assessment and Risk Management, is because in business, we
need to quantify our actions. We can no longer rely purely on
“gut instinct” to execute on events, whether Quality, Financial,
Social, or similar areas. The world moves too fast, and one
misstep can make or break your business. Risk provides the
objective metric to help the decision-making process. But, you
need to know how to use risk.
How do you define risk? It’s not as easy as you may think.
Companies spend plenty of time and money coming up with a
scheme on how to calculate risk for their organization. Risk is
defined as the “systematic application of policies, procedures, and
practices to the tasks of analyzing, evaluating, and controlling
risk.” All this really means is that we put tools in place to help us
look for risks, assess those risks, and then take action on the risk. This is not always an easy answer. Some companies have to
The trick here is finding the risk, isn’t it? How do we find the risk? weigh the costs versus benefits on these risks, without creating a
disproportionate cost to risk (Example: spending $1M to prevent
The components of risk usually manifest themselves in two forms: a blister is disproportionate; spending $1M to prevent a fatality
hazards or harms. Hazards represent the potential source of is proportionate). Companies will carefully vet these zone, and
a harmful event (the cause). Harms are the resulting damages typically adopt a concept called ALARP (As Low as Reasonably
to products, persons, or the environment (the effect). Risk is Practicable). Simply put, this means that the risk is as low as we
essentially cause and effect on a defined scale. It’s the scale in can possibly get it, or it’s “Tolerable” or “Undesirable”—but it isn’t
which most struggle. critical or catastrophic. So then, with the ALARP in place, you have
a risk matrix:
Usually, when trying to quantify hazards and harms, most
organizations look at two metrics: Severity and Frequency (or
likelihood). Taking these metrics into account, we can develop a
scale in which to measure hazards and their harms. This can be
numeric (scale of 1-5), verbal (excellent to poor) or both. If you
were to graph these scales, you would come up with a numerical
matrix, one that highlights the risk “zones” by their multiplied
number on the axis, much like this one below:
Now you can go off and start using it, right? Well...you need to
“vet the matrix”—put it through real-world historical examples
and see if the risk matrix comes up with the correct risk based on
historical events. You may need to “tweak” the matrix based on
the vetting process. Hard mathematics will not properly assess
the risk without a little real-world honing. Once you’ve fine-tuned
the matrix, you can start utilizing it in your Compliance system.
You can see that we have a Low-Risk or Generally Acceptable Risk

zone, and a High-Risk or Generally Unacceptable Risk zone, but
19 | Risk Assessment: Creating a Risk Matrix
Risk Assessments and risk matrices are wonderful tools to help 4. Use Risk to Ensure Effectiveness: For an action to be
guide decision-making in an organization, but they are not truly corrective to the process, it must be effective, otherwise
meant to be stand-alone tools. They help to provide a guide for you’re back to square one. Much like risk can be used to filter
Risk Assessment, using quantitative and repeatable metrics to adverse events, risk can also be used to ensure effectiveness
ensure a consistent method of determining risk. Most best-in- of a CAPA. Risk helps to ensure that not only is the CAPA
class organizations will assemble a “risk team” to go over adverse effective, but it’s within the risk limits of your organization’s
events and determine the risk. It’s up to the team to decide how compliance standards.
an event will be handled, and what the true risk is. Risk matrices
are the keys to unlocking quantitative risk-based processes, but CAPA is an effective and essential tool but, like many processes,
the people are the drivers of the system. can be blocked up if you are too reactive to events. In order to
streamline your CAPA process, it is important to look at adverse
The next question becomes, “How do I incorporate Risk into events and filter them to properly determine how critical they are.
my Quality Management System?” More specifically, how can
Risk ease the bottlenecks in an organization’s Corrective Action
process?
Too often, when adverse events enter an organization’s Quality

system, people are quick to open up a Corrective and Preventive
Action (CAPA). No matter what the adverse event, its severity or
impact, a CAPA is opened up. Having a CAPA system in place
is an extremely valuable (and essential) part of a good QMS.
However, if everything becomes a CAPA, then you create a
bottleneck. Employees are so focused on working on their CAPAs,
they forget to do anything else.
What you end up with is this—hundreds of CAPAs, without really

knowing which CAPAs are critical to the business and which have
less impact. It becomes the needle in the haystack conundrum—
finding the critical adverse events can prove difficult if you don’t
have a way of finding them. I once asked a Quality Manager how
he handles CAPAs—what his metric was. “We handle the most
overdue first,” was his reply, and he went on to say that if it isn’t
critical and is at the “bottom of the pile,” then they don’t get to it
in time. That said, there is a better way.
1. Not every event needs to be a CAPA: Yes, it’s true—

if you can immediately correct an event, then correct it. Not
every event needs to be opened up as a Corrective Action,
only those that are systemic issues and pose a critical impact
on the business.
2. Use Risk to filter events: So if not every event needs

to be a CAPA, then how do we figure out the bad the from
not-so-bad? You need a way to filter these events, and
you need to do it in a repeatable, systematic method. Risk
Assessment is a great way to do this. Risk matrices will help
your team make the determination as to the criticality of an
event. The higher the risk, the more likely we would like to
take Corrective Action.
3. Do a CAPA on your CAPA System: Sometimes even

a good CAPA process needs a little updating. Make sure
to continually audit the CAPA process, and if the process is
not efficient enough, then it may be time to do a CAPA to
correct any potential bottlenecks or problems within. Like any
good process, a little maintenance and “trimming” is always
healthy.
20 | Three Keys to Global Harmonization in Quality: Learning to Share
Three Keys to Global Harmonization in Quality:

Learning to Share
corporate standard. Leading edge QMS Solutions are able
to have site-level processes layered on top of a corporate
backbone—each site is able to retain the specific data points
that are pertinent to them, while keeping in line with the
standardized, corporate process. This allows the enterprise to
be common and unique at the same time.
3. Get a Strong Project Team to Work Out the

Details: Technology is only as effective as the team that
is implementing it. Harmonization, by definition, is a group
operating in the same direction—the team must be able
to work together to get the business requirements to
building a standardized solution. This involves looking at
the stakeholders of the system (at the corporate level and
the site level), the inputs required across the enterprise,
the processes that govern the system, the desired outputs
that the team expects to see, and how the results will be
measured and managed. This methodology will spit out a
set of requirements which, if done properly, will create a
framework for a harmonized system. But each team member
must contribute and commit to the cause. When starting the
journey towards harmonization, there will be bumps along
Each site within the organization, operating under their own the way. Not all processes will fit together, and there will
QMS, are happy to have their specific processes just the way they need to be compromises. It is important that the project team
like them. Then someone comes along and says, “we’re going to stay focused on the ultimate goal—the stronger the team,
standardize on a single platform.” There are inherent challenges the better the end result will be.
to harmonizing a solution, especially Quality Management.
A strong team builds innovation and the technology drives it. The
However, with the right tools, harmonization can actually enable
combination of these two elements will then answer the question,
a single standardized environment, while at the same time
“how can we all be common, but keep our processes and data
sustaining each site’s unique business processes. Below are a few
unique?”
key considerations when harmonizing your QMS:
1. Ask, “How can we all be Common, but Keep our

Processes and Data Unique?”: Perhaps the biggest
challenge leading into a harmonization/standardization
initiative is convincing the site-level managers to adopt the
system. Many times, each site will want to keep their specific
processes in fear that a harmonization may compromise
their unique way of doing business. When harmonizing a
system, traditional methods would warrant that all sites need
to adopt the corporate standard, and fit into the “mold” that
is set in front of them. With today’s advances in technology,
it’s now possible to be “common” on a corporate level, while
maintaining the unique processes associated with each site.
The key lies in the technology.
2. The Technology Platform Needs to Support

Harmonization: Technology is constantly evolving, and
each new advancement brings business systems closer
together. For harmonization projects to be successful, the
software solution needs to be flexible enough to adapt to
the concept of having multiple processes operating on a
21 | Is Quality Dying a Slow Death, or Evolving Beyond Definition?
Is Quality Dying a Slow Death, or Evolving

Beyond Definition?
Is Quality as we know it a dying concept, or is you funny, but Quality by Design is a key component
of improving overall product Quality, and they are
it evolving?
Quality users as well.
There are those who crave the old days of Deming and Juran, and
d. Governance, Risk, Compliance: Methods in this
those who see their multiple Quality certifications as a badge of
sector are continually borrowing from Quality, and
honor, and those who will define them as a Quality practitioner.
while the terms may change, the goals are similar.
These are the folks who hold on dearly to the concept that
Quality is reserved for the few practitioners who are meant to e. Other Processes: IT, Supply Chain and more areas
“police” the Quality operations—a single point of contact for all are all Quality involved.
of Quality.
3. The Consumers of Quality: Quality is not just in practice.
These are those who fear Quality is dying. There are many in the organization that consume the results
of Quality and use Quality data to make decisions. C-Levels
There are those in this market who recognize we are in a world
within an organization are a perfect example. While not
of change, and Quality is no longer defined within the narrow
considered a part of the Quality machine, improving overall
box we have always placed it in. These are the people who
Quality as it affects the bottom line is of critical importance.
believe that Quality is undergoing an evolution, one that will not
Without consuming the critical Quality related data from the
eliminate the concept of Quality, but expand it to the enterprise.
above areas, decisions are made much more difficult.
In this evolutionary model, what is the view of Quality? Well,
So, what is the future of Quality? Well, it needs to expand the
Quality means different things to many people. In fact, Quality
vision to encompass these groups and escape the narrow
can be considered such a broad scope, that it may defy definition.
definitions of the past. We need to be able to incorporate the
However, the challenge is that Quality is defined differently
Quality practices and translate them into the vernacular of these
throughout the enterprise, and the key to recognizing what
involved areas, and demonstrate that Quality goes beyond a
Quality is depends on who is defining it. Here are some of the
single department. Quality is everyone’s problem, and by creating
segmentation of who Quality touches in the enterprise:
a holistic vision of Quality, all areas begin to converge and
1. “In the Box” Quality: QC, QA and the like are what you recognize their role in Quality.
would call “in the box” Quality. Simply put, it’s the folks who
This recognition is the first step to the evolution of Quality,
have Quality in their title, and live and breathe the practices
taking the concept to new heights and shaping the future of how
that have been perfected over 60 years.
organizations view Quality.
2. The Quality “Involved”: There are many areas within the
organization that don’t consider themselves to be Quality
professionals, but whether they like it or not, they are
involved in Quality in some way or form. I am speaking of
those disciplines, that while not directly related to Quality,
utilize the Quality methods and processes that exist in their
Quality department. These are:
a. EHS: Processes and practices in EHS have incredible

similarities to Quality. Simply looking at the ISO
standards for Environmental and Health and Safety will
demonstrate how similar ISO 9000 aligns.
b. Corporate Social Responsibility: Whether Human

Resources, or social responsibility, the concepts of
improvement, controls, and processes are touching
Quality.
c. Product Design and Development: Tell an

Engineer he’s a part of Quality, and he may look at
22 | What Star Wars Can Learn from Quality Management Software
What Star Wars Can Learn from Quality

Management Software
specifically sensitive documents would have been limited to those
who had the proper access rights. Furthermore, document control
can limit the details of certain fields within the data, so that no
sensitive data is accessed.
2. Employee Training System: Without proper employee

training, then many organizations run the risk of Quality
incidents, Safety incidents, and other risks to the business.
It appears to me that The Empire was not tracking training
in a centralized system. If they were, then they would have
been able to see that nearly 80% of the Stormtroopers in
The Empire couldn’t hit a target with a blaster if their lives
depended on it (and it often did). Or maybe they would have
uncovered the fact that their patrol procedures clearly missed
security breaches—Like 80 year old Jedis skulking around the
“What if The Empire had implemented a QMS on the Death Star?” tractor beam. Proper training systems enable managers to
Here’s what would have helped The Empire in their endeavor to see visibility into not only who is trained, but also how well
rule the galaxy if they only had put Quality Management as a they are trained and whether actions need to be taken to
strategic initiative. update training records for poor performance.
Project Management: From the time that the Death Star plan 3. Supplier Management and Supplier Rating: Let’s
was conceived, it took The Empire almost 20 years to complete face it—The Empire had to have contracted out to build
it. A project this large requires multiple roles involved and this Death Star. All the components that go into building a
delegation of activities. The Death Star project management team finished product rely on suppliers and contractors to help
consisted of three key people—Grand Moff Tarkin, Darth Vader, complete the process. When watching the movie, we know
and Emperor Palpatine. These are not the more flexible managers, that the Rebels found a weakness in the design of the Death
and are not above taking employee errors or missed deadlines Star (thanks to the weak Document Management System). If
with the aid of a lightsaber, force lightning or a death ray. The Empire would have had a real-time inspection and rating
system, they would have been able to inspect that access
Perhaps if The Empire implemented a Quality-based Project port, and send out a Corrective Action to the knuckleheads
Management System, they would be able to clearly define the who thought putting a direct access to the Death Star core
roles involved in the project, assign tasks to those roles, and was a good idea.
manage the project from an aggregate level. Workflows keep the
project deliverables on track, and perhaps this level of visibility 4. Nonconformance, Audits and Corrective and
would enable them to maintain control, without having to resort Preventive Action: Let’s stay on this, then. Obviously, we
to the Dark Side as their only means of clairvoyance. know that the Death Star had a defect. It was only in the final
hour did The Empire realize the danger, and by that point it
1. Document Management: Let’s be honest—even The was too late. If they had a Quality system in place, they would
Empire could’ve used a strong Document Management have found this flaw, whether through regular space Audits
System. Given the sheer size of the Death Star with the (or at the very least an Audit through tremors in the Force), or
thousands of “employees” that worked there, there would a Nonconformance when the defect was installed, and issued
have been tens of thousands of records that would need a Corrective Action to fix the problem. Clearly, Quality took a
to be controlled—work instructions, job descriptions, backseat to their overconfidence, and ultimately resulting in,
procedures, floor plans, and the like. You would think that well…you know the rest.
with this “technological terror” The Empire constructed, there
would be a secure Document Management System in place. 5. Management Review and Reporting: As I said before,
the primary project managers used fear as their primary
Then how did a small droid like R2-D2 plug into the network motivator, and seldom relied on the data to help them with
and download the Death Star plans like it was a space walk in Quality. In the movie, you see the officers of the Death Star
the park? My guess is that The Empire, in all its glory, was using sitting in a conference room, and not one of them produced
a file system to store documents. If The Empire would have used a report—if they had a robust reporting system that collected
a Document Control system like those in a QMS, access to these
23 | What Star Wars Can Learn from Quality Management Software
Quality data from all areas of the Death Star, and rolled this
data up to help determine the top risks and top Quality
issues, then maybe that meeting would have gone differently.
Perhaps if that poor guy had shown Darth Vader his latest
Quality Report, he wouldn’t have gotten the old “force choke”
from the Dark Lord of The Sith. Having a top-level reporting
system that presents the Quality system challenges in a single
view might have mitigated their risks.
6. Risk Assessment: I think that perhaps The Empire took

many risks when going about this whole Death Star thing. Did
Tarkin assess the risk of testing the Death Star on Leia’s home
world? Did Darth Vader assess the risk of letting the Rebels
escape with the Death Star plans? Did they assess the risk
when they underestimated the rebel’s chances of destroying
the Death Star? In any system, it’s important to incorporate
risk into the processes, whether Quality or similar system. If
The Empire would have perhaps weighed the severity and
likelihood of the risks associated with their actions, perhaps
we would have seen a different outcome of the story. Risk
Assessment, especially in a QMS, allows managers to filter out
critical events, and make better decisions on how to handle
them, and then ultimately mitigate the risk of recurrence.
Of course, we know that if The Empire followed these rules of

Quality Management, we wouldn’t have had the story that makes
Star Wars so great. But it is sometimes fun to imagine, “What if?”
and see how life would have been if instead of Darth Vader, we
had Darth Deming.
24 |
www.etq.com 800.354.4476
info@etq.com 516.293.0949

Selecting, Implementing, and Using QMS Software Solutions

Transféré par

Informations du document

Description originale:

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Selecting, Implementing, and Using QMS Software Solutions

Transféré par

Droits d'auteur :

Formats disponibles

Selecting,

Introduction: Why do We Need QMS?

Getting Started on Your Journey

Tips for Implementation Success

Best Practices for QMS Solutions

Final Thoughts: Fun Takes on QMS Software

Getting on the Quality Management

What You Didn’t Know, or Were Afraid to Ask

is an automated system worth to your organization? Typically

1. Case: One Life Sciences consumer goods company was

2. Case: A Blood Services organization had a manual Quality

Scalability: Can’t We All Get Along?

8 Simple Rules for Selecting a Quality

Look Under the Surface: 4 Things to Ask a

b. Ask for a Debt to Equity Ratio: This is a great way

c. Annual Growth Rate: Average growth percentages

d. Annual Net Income Growth Rate: Another

4. Proof of Concepts and Workshops: If you get to a

Build vs. Buy: Best-Practice QMS Solution over

Avoid Scope Creep in Enterprise

At this point, with the requirements gathered and design

3. UAT—User Acceptance Testing: It’s important to always

The theory behind using this project management/requirements

Investment in software shouldn’t fall victim to a poor

ROI: Assessing Value in a Quality and EHS

The software sale is no different, and potential customers are

In this market, ROI needs to happen quickly. We have entered a

a. Time Savings: One area is in saving time over

b. Systems Consolidation: Creating a centralized

c. Administrative Overhead: Manual or

The Importance of Risk in the Complex

3. Enterprise Risk Management: Risk mitigation is every-

Risk Assessment: Creating a Risk Matrix

You can see that we have a Low-Risk or Generally Acceptable Risk

Too often, when adverse events enter an organization’s Quality

What you end up with is this—hundreds of CAPAs, without really

1. Not every event needs to be a CAPA: Yes, it’s true—

2. Use Risk to filter events: So if not every event needs

3. Do a CAPA on your CAPA System: Sometimes even

Three Keys to Global Harmonization in Quality:

3. Get a Strong Project Team to Work Out the

1. Ask, “How can we all be Common, but Keep our

2. The Technology Platform Needs to Support

Is Quality Dying a Slow Death, or Evolving

a. EHS: Processes and practices in EHS have incredible

b. Corporate Social Responsibility: Whether Human

c. Product Design and Development: Tell an

What Star Wars Can Learn from Quality

2. Employee Training System: Without proper employee

6. Risk Assessment: I think that perhaps The Empire took

Of course, we know that if The Empire followed these rules of

Vous aimerez peut-être aussi