Section 5.9. Section 8. Measurement, Analysis, and Improvement

5.9. Section 8. Measurement, Analysis, and Improvement

At the base (but not the basement) of most process improvement programs, you'll usually find a set of recommendations or requirements that focus on measurement, analysis, and improvement. CMMI and Six Sigma have them as well.

These activities are important because they provide you with the empirical data and objective insight to assess your program and make it better. The measurements show you how you are doing. The analyses help clarify how you might do things better. And the improvements are your actions in response to the data.

Here is the natural cycle of process improvement:

1. Implement a process.

2. Observe it in action for a while.

3. Measure its performance.

4. Analyze the measurements to see what is working well, what has potential for refinement.

5. Make refinements.

6. Begin the cycle again.

Section 8 of ISO 9001 deals with the cycle of measurement, analysis, and improvement. This section sets forth requirements for collecting measurement data on customer satisfaction, process performance, and work product quality. It also establishes requirements for controlling products that do not conform to quality standards, for analyzing measurement data, and for ensuring that QMS refinements are implemented through a culture of continual improvement using corrective and preventive actions.

Section 8 addresses these topics in five subsections:

1. General

2. Monitoring and measurement

3. Control of nonconforming product

4. Analysis of data

5. Improvement

These are described next.

5.9.1. 8.1. General

The general requirement for Measurement, Analysis, and Improvement is that the organization shall plan and implement the measuring, analysis, and improvement processes needed to demonstrate that the products being produced conform to the established requirements, that they were created using the mechanisms provided in the QMS, and that improvement data was collected for future work. In other words, the organization needs to plan to collect measurements that will demonstrate compliance.

In short order, this subsection summarizes the whole intention of the ISO 9001 Standard. The previous statements represent the Standard's three overriding philosophies:

• Build a product according to what your customer wants, not what you think the customer wants.

• Use a Quality Management System as a managerial guide for the development of the product.

• Work to continually make the QMS better by collecting improvement data at regular intervals.

5.9.2. 8.2. Monitoring and Measurement

In order to meet the three goals, your organization will need to monitor a series of activities and collect measurements from these observations to improve your QMS.

The subsections under 8.2 detail four kinds of measures that should be taken. Before I look at this, I'll briefly touch on measurement regularity. This is one area where organizations can easily swing wrong in one of two directions: either they don't measure the effectiveness of their program often enough, or they attempt to measure the thing too much. Each route can introduce obstacles to productivity.

If you don't measure enough, you'll be hard-pressed to collect enough data to show where your program might be improved. If you try to collect too much in very short cycles, you might get bogged down in number crunching at the sacrifice of program execution. So this falls to the judgment of the individual organization.

Ultimately, you and your people will know your QMS best. You'll know how products and projects cycle through it, and you'll gather a sense of what measurement and analysis schedules work best. The general rules here are twofold: select a set of measures designed specifically to help you improve your program, and then conduct measurement activities based on a schedule suitable to the general throughput of your organization.

5.9.2.1. 8.2.1. Customer satisfaction

The first measures that the Standard stipulates are measures of customer satisfaction.

The requirement is that the organization determine and document how it will collect customer satisfaction data. As mentioned earlier, ISO 9001 is structured with a keen focus on customer satisfaction. The concept of "quality" can be defined any number of ways, but a safe way to get a handle on it is to link it with customer satisfaction. If the customers are content with the products you've produced, chances are you've meet their quality needs. You haven't underestimated or overestimated what they wanted. They'll probably return.

The trick can be finding ways to measure this satisfaction. (Some companies find the very idea intimidating.) But there are lots of established paths.

You can conduct focus groups. You can send out surveys. You can count support calls. You can track external change requests. You can subscribe to competitive analyses. You can send your people out on the road to go and ask customers if they're happy with you.

The idea is to position your organization to work in line with what the customer wants. That's the surest way to ensure both quality and success. By defining and then collecting measures of customer satisfaction, you can direct your organization appropriately.

5.9.2.2. 8.2.2. Internal audit

The next set of measures has to do with your Quality Management System. The requirement here is that the organization shall conduct internal audits to ensure that the QMS conforms to ISO standards and that it is effectively implemented and maintained.

I alluded to this earlier in the discussion of Section 4. The Quality Management System is not a static entity. It is not a fixed program; it is a dynamic one. It evolves over time. It should change to meet the changing needs of your organization, its business, and market demands. Because of this dynamic trait, you should periodically measure your QMS to keep it on course, to make sure it has not inadvertently drifted off mission. To ensure this, you should measure your QMS along three lines.

First, you should measure it against the requirements of ISO 9001:2000. This is a type of gap analysis in which you map the requirements of your QMS to the requirements of the Standard.

Next, you should take measures of how effectively the QMS has been implemented within the organization. These measures usually have to do with overall compliance with the QMS from project to project.

Finally, you should collect measures on how well maintained the QMS is. This has to do with confirming the proper configuration management and version control of the Quality Manual, and the records that indicate these activities have been formally conducted.

5.9.2.3. 8.2.3. Monitoring and measurement of processes

The measures specified previously help you assess how well the QMS fits into your organization: how well it's been integrated into your work teams, how well it's been adopted, and how efficiently it's being maintained.

Here in Section 8.2.3, you begin to measure how well the QMS is performing and how effective it is within the organization. The requirement is that the organization shall monitor the processes of the QMS and measure selected ones to make sure the QMS as a whole is meeting the quality objectives of the organization.

I mentioned this earlier. The QMS needs to be founded on a series of quality objectives, objectives that tie in with the overall mission of your organization. And so the processes and procedures (and all else) contained in the QMS should be verified from time to time to show that they really are helping you meet your quality goals.

This does not mean that everything in the QMS has to be measured. A more efficient approach is to periodically select a subset of processes and measure just those. The measures can be anything that you find meaningful. This might include a count of noncompliance issues around a process, the estimated time a process helped save for a certain project activity (or the time it cost), the number of change requests a process helped you analyze, and so on.

The goal here is to go beyond simple process execution. The better path is to execute with an eye toward evaluation, understanding, and improvement.

5.9.2.4. 8.2.4. Monitoring and measurement of product

The flip side of measuring process effectiveness is to measure product quality. The two should actually tie together pretty closely.

A common mantra in the field of process improvement is that the quality of a product is heavily influenced by the quality of the processes used to produce it. So here the requirement is that the organization shall regularly monitor the characteristics of the product to verify that the requirements are being met.

Again, this turns back to customer satisfaction. If the goal is to build what the customer has asked for, it becomes important to regularly measure how fully the product components or the full product meet those specific requests.

In addition, the organization should collect and maintain evidence of this conformity at various stages in product development. If problems with meeting the specified requirements are uncovered, further promotion of the product might need to be postponed until the issues, whatever they may be, have been properly addressed and authorization to continue has been given.

Monitoring and measurement of the product is probably the most immediate of ISO 9001's measures. It is an online activity. It is active, not reflexive. That is, it influences the throughput of product realization. If the measures indicate a conformance problem, production should be addressed. Someone should hit the red button on the assembly line. If this is not in place, the organization runs the risk of introducing problems into the final production product, which could amount to a high-risk situation for the company further down the line.

Figure 5-7 illustrates monitoring and measuring requirements.

Figure 5-7. An ISO 9001 Quality Management System is required to provide for monitoring and measurements along four lines: to periodically measure customer satisfaction, measure process performance, measure product performance or product quality, and periodically conduct internal audits to help gather and analyze these measures.

5.9.3. 8.3. Control of Nonconforming Product

"Control of nonconforming product" is a technical way to spell out how to deal with products (or product components) that don't turn out right: those that come out defective.

In Section 8.2.4, the Standard describes the requirement for monitoring and measuring product quality. This is an ongoing activity, carried out as a product is created and assembled across the many stages of its life cycle. These measurement and monitoring activities help detect any defective outputs.

Here, in this section, the idea is to introduce ways to control the nonconforming products when you do find them.

Naturally, if at all possible, customers should be spared an encounter with a failed product. One DOA package out of 1,000 can make the whole lot suspect.

And so the Standard requires the organization to be proactive with nonconformance: it (the organization) shall ensure that product components falling out of conformance are identified and controlled to prevent unintended delivery. In other words, keep an eye on construction at critical steps. Inspect what you produce. Keep an eye out for the worms.

But it's not enough just to keep the bad parts from slipping by; the organization shall deal with nonconforming product by taking one of three actions. First, it should take action to eliminate the nonconformity. This is a two-dimensional requirement, implying steps. The organization should inspect the defective product with a view toward fixing it. If it can remedy the defect, the product can be shipped; if not, it should be discarded (or labeled as unsuitable for use). Any product that goes through a remediation step should also be subjected to reverification. Taking this further, the organization should investigate the source of the defectinvestigate what condition introduced the error in the first placeand work to remove that source from the production process.

As an option to that, the organization can discuss the nature and severity of the defect with the customer. If the customer deems that the defect is of an inconsequential nature, then the organization is free to release the product to the customer. However, if either the organization or the customer has reservations about the suitability of the unit, it should, again, be either marked as unsuitable or discarded.

Finallyand of significant impactif for some reason products that do not conform to the requirements are released into the field, the organization shall take remedial action to mitigate the risk of poor or irregular performance. Actions here might be to initiate field corrections, to send out errata data, or to issue a product recall.

Controlling nonconformance is essential to controlling the ultimate quality of products in production and the quality of the production process itself. In line with this, a final requirement of the Standard is that the organization shall establish and maintain records of nonconformance instances as they occur.

5.9.4. 8.4. Analysis of Data

As described earlier in the three previous subsections, ISO 9001 requires that an organization collect measurements across its activities to gauge performance in four areas:

• The institutionalized use of the Quality Management System by the organization

• The overall effectiveness of the Quality Management System

• Supplier efficiency

• Customer satisfaction

Section 8.4 makes use of this collected data by requiring that the organization analyze and interpret measurement data to determine how well the organization is meeting its quality objectives.

This is a cornerstone activity within the ISO Standard. Here you tie actual performance to your previously defined performance goals. In Section 5, I discussed management's responsibility for establishing quality objectives for the organization and the QMS. This was a basic first step in creating the Quality Management System. The general design of the QMS should come from these objectives. Once it has been in use for a while, management should analyze its performance to see how well the system is meeting these objectives.

Analysis of data can take many forms. For this reason, it's important to understand up front how you plan to measure the success of your QMS. "Soft" quality objectives such as "achieve industry-leading customer satisfaction," or "meet or exceed customer expectations" may be founded on noble intentions, but they are difficult to measure. They are not very precise. The goals you establish for the QMS work better if they are more quantitative and less qualitative.

Here are examples of three solid goals for a Quality Management System (and the program that will come out of it):

• Reduce the occurrence of product defects by 5 percent in year 1.

• Increase the throughput of shippable components by an average of 12 percent per month.

• Reduce the need for component rework by 2 percent each quarter in year 2.

These goals provide two benefits for a quality program: they are easily measurable and verifiable, and they provide the focus needed to design the QMS. Once data has been collected from the activities that impact those goals, an analysis will readily reveal how well the QMS is working to meet those goals.

If it proves to be working well, you know you're on the right track. If it's having minimal impact, you know you might need to revise (sharpen) the QMS.

5.9.5. 8.5. Improvement

An inescapable theme in all quality programsCMMI and Six Sigma includedis the focus on improvement. A characteristic of quality programs that is often under-stressed is that they are not about being perfect. The nirvana of zero defects has pretty much been discarded in the commercial realm. Rather, quality programs are about becoming better, about continually improving over time. This idea is brought out here.

ISO 9001 focuses on continuous improvement in two ways. The first way is to take action to correct or refine the quality management system when weaknesses are found or opportunities for improvement are discovered. The second is to build safeguards into the program (efficient processes and procedures) that prevent defects or errors from being introduced into the production life cycle.

Let's take a brief look at each next.

5.9.5.1. 8.5.1. Continual improvement

The first requirement under Improvement is that the organization shall continually improve the effectiveness of its QMS.

The term continually implies two actions in practice. The first is the regular assessment of the system. Regular means at scheduled intervals. The actual schedule selected will naturally depend upon the needs of your organization and the maturity of your QMS. A small organization using a relatively new QMS may find it beneficial to assess the program's effectiveness on a quarterly or semiannual basis. A larger organization using a well-established QMS may find that it needs to assess the system only every other year. These types of assessments can be considered major. But for both organizations, management should assess components of the QMS on a more frequent basis. This leads to the second implication: "continually" implies conscientiousness.

Continuous improvement is not haphazard improvement. Nor is it change for the sake of change. Continuous improvement should be a conscientious activity in which the organization engages in carefully planned analyses of the effectiveness of the QMS, studies the results of these analyses, and then derives ways to make the system more effective. This may be the single strongest indicator of the success of any Quality Management System: the degree to which the organization is committed to its improvement.

5.9.5.2. 8.5.2. Corrective action

One of the fundamentals behind process improvement is to fix things in your system that are weak or show opportunity for improvement. This can be called corrective action.

The ISO requirement for corrective action is as follows: the organization, when encountering nonconformity, shall take corrective action to remove the root cause of the problem.

In other words, you shouldn't be content with just fixing the faulty component or element. ("Get that worm out of here!") You should make an effort to determine where, how, and why the problem occurred, and then take steps to remove that potential from the system.

To support this, the organization should maintain a documented procedure used to govern how nonconformities are reviewed, how root causes are determined, how potential solutions are evaluated, and how corrective actions needed to remedy the situation are implemented to prevent the same kinds of errors from bring introduced in the future.

As a potential part of measurement activities and to provide a history of process improvement activity, the organization should also work to record the results of improvement actions taken and review the effectiveness of these actions on a regular basis.

5.9.5.3. 8.5.3. Preventive action

In addition to taking corrective action to remove the root cause of problems in the Quality Management System, the Standard also requires that the organization take a proactive stance when it comes to defect prevention.

The requirement here is that the organization shall take action to eliminate the potential for nonconformities creeping into the system. This means that the organization should work to anticipate the possibility of trouble before it occurs. To support this, the organization should establish a documented procedure that governs how it will define potential nonconformities and their causes, how it will evaluate the need for action to prevent the potential, and how it should implement the actions needed to ensure the continuing integrity of the system.

As a potential part of measurement activities and to provide a history of process improvement activity, the organization should record the results of the preventive actions taken and review the effectiveness of these actions on a regular basis.

Figure 5-8 illustrates the improvement requirements of the Standard.

Figure 5-8. The focus on improvement runs throughout ISO 9001:2000. The Standard requires three areas of concentration. First is a focus on continuous process improvement. Second is a focus on taking corrective actions to mitigate any poorly performing elements of the system. Third is to take preventive actions so that defects do not enter into the system or into production lines.

5.9.6. Required Records

Section 8 of the Standard requires the collection of measurement records that quantify program performance and provide a basis for making future decisions about potential process improvements:

• Records of internal audits

• Records of assigning and authorizing personnel

• Records of nonconformity

• Records of actions to correct nonconformity

• Records of preventive actions

  Examples:

  • Audit criteria

  • Audit reports

  • Audit plans and policies

  • Staff assignment forms

  • Staffing notifications

  • Noncompliance records

  • Defect-tracking systems

  • Defect-tracking and management reports

  • Process improvement plans

  • Process performance measures

  • Process improvement results