Posted by & filed under ISO9001: RISK ASSESSMENT AND MANAGEMENT, Uncategorized.



When I go into a new contract, the first thing I must do is to recognise the vocabulary of the organisation. I need to know how information is expressed and conveyed. My understanding of the vocabulary, and where it might need to be changed, is critical for developing the quality system. The interpretation of nouns such as  “measurement” and “continuous improvement”  into quality system processes has become more critical now that international standards agencies are emphasising their importance for certification.

Quality records which formerly were expressed in words are being crunched into numbers which don’t always improve processes, let alone the bottom line.   I have even seen one comment that nothing in process development was any use unless it was, or could be, measured. I wonder how they manage uncertainty; I assume the need hasn’t arisen.

Uncertainty is, of course, at the heart of the requirement to assess and manage risk. One of the international standards undergoing revision defines the effects of uncertainty as “… the deficiency (in part or whole) of information {my bold italics} related to, understanding or knowledge of, an event, its consequence, or likelihood.”

So, based on the above, we need to look at potential risk in information, which can mean in product, development, documentation, employee calibre, to mention a few sources. The conversion of information into numbers requires superior and experienced judgement by suitably authorised persons within the organisation. We want to avoid creating a flurry of measurement levels, classifications and categories (to mention a few) in the never-ending search for perfection. Risk management must be based on root cause analyses of sufficient depth and clarity on which to define and base the numbers. The analyses will be described in words, not numbers. Numbers on their own describe nothing unless related to a condition that can be described in words.

Take for example the Defect Categories below. As prose they are sufficiently clear to allow the reader (QAM, Quality Engineer, technician) to make judgements (risk assessments) from their experience and to ensure the data meets the required standard or specifications.  The categories can apply to many different kinds of business. No flow charts or complicated diagrams are required. They are statements of fact, easily understood.

The “Description” vocabulary is sufficiently specific to alert interested parties, such as quality management representatives and other responsible authorities, to current or potential  nonconformances. From this specific vocabulary they should be able to initiate their corrective and preventive actions. The positive or negative effects (deviations from the expected) can be judged accordingly.

The categories can be used for internal audit, customer complaints, and part of continuous improvement and, therefore, risk assessment and management; avoid cosmetic additions such as colour; e.g., “Critical” is coloured red, “Major” yellow, and so on. If a colour is necessary to note “Critical”  e.g.,for  red tags on items segregated in the nonconformance area, the quality assurance procedure will include a reference to the tag and its place in the process being described.

The addition of colour to categories such as “critical” could imply another level of measurement; e.g., red = priority 1. We already know from the Defect Category that the first level is critical and needs priority, so there is no need to send the reader in another direction. It is over-egging the pudding and introduces the need for yet another definition.








Critical The product is inoperable and this is seriously affecting the customer’s business
Major The product is wholly or partly inoperable which is inconvenient for the customer
Significant The defect in the product should be rectified by the next planned release. If there is no planned release, a new release is required.
Minor The defect should be rectified in the next (planned?) release. The customer is prepared to accept the product in its current condition without rectification.
Enhancement The reported defect is not covered by a customer requirement.  An enhancement is advisable.


In the example above “Critical” denotes a situation with possible dire consequences to the customer’s business and (inevitably) to the supplier. Everyone in business understands that this is a two-way street; the effect on the customer has to affect the business, even if it is only short term.

These categories are useful for risk assessment: a sort of reverse root cause analysis starting with applying e.g., “Critical” to carefully-chosen Key Performance Indicators could bring a different set of information from that derived from nonconformances.

I can hear the statisticians and other measurement enthusiasts protesting, but a number does not say what is, Numbers simply indicate conditions which have had, or will have, to be defined and clarified in words..  The words in the box are easily understood; this is important when so many different languages by the readers and users could be involved. They have been in the industrial and public lexicon for a sufficiently long time to be used without misunderstanding.

Qualidoc ISO Cheat SheetQMS Training: useful questions

An image of the Qualidoc ISO cheat sheet

Leave a Reply

  • (will not be published)