Coming from the conviction that consistent quality is best achieved by a consistent modus operandi, ISO 9001 interprets quality by the stability of processes as well. In this context, ISO has also integrated the consideration of risks and opportunities. Nowadays, almost all organizations are looking for opportunities to improve their process quality as part of a continuous improvement process (CIP). The revised standard, however, emphasizes much more strongly that risks may have a long-term impact on the quality of performance: should a contingency risk be identified, organizations are urged to take appropriate measures. “The standard requires the evaluation of risks”, reports Andreas Völkerding of DQS GmbH. “Practically, it’s required to systematically determine factors that could negatively influence the organization’s desired outcomes.” This creates a need to evaluate processes with respect to disruption potentials, both technically and organizationally. “This is aimed at concrete goals, such as the punctuality of deliveries, or a sufficient number of truck drivers for new and existing transport orders,” clarifies Andreas Völkerding.
To carry out processes seamlessly, both human and technological assets need to mesh optimally. Hence, in addition to organizational measures that support employees optimally in their work, impeccable technical equipment is indispensable. For example, if equipment is exposed to continuous wear due to a high degree of utilization, replacement investment has to routinely be taken into account.
Determine the focus
In practical terms, it is important to link related topics like quality management and process-supporting IT, and to consider both economic and image factors. It is necessary to look closely at the chain of responsibilities within the organization. Are new employees adequately instructed and familiarized with all critical factors? Do they know all valid company regulations – and are they aware of the risks addressed by them? “For example, wherever particularly valuable goods are being loaded, external persons may not enter the warehouse, or may only enter if escorted,” reports Andreas Völkerding. “This applies also to drivers making or picking up deliveries, who have to abide by the relevant safety and security regulations”, the experienced auditor adds.
To develop measures, it is necessary to distinguish between risks to valuable property, legal liability, or damage to the organization’s property. The next step is to determine the probability of realization and the consequences thereof. Once this has been done, the organization can develop measures suitable to reduce unwanted effects, and thus risks.
Emergency plans simplify return to business-as-usual
This includes also the creation of emergency plans for the most serious operational risks, in order to enable a rapid return to stable processes. All the same, there may be risks that cannot be reduced further, or that the organization is willing to accept, e. g. to utilize an opportunity. “When dealing with risks, a systematic planning process is recommended,” Andreas Völkerding advises. Such a planning process deals with the development of appropriate measures that are effective given the organization’s requirements. E. g., organizations using a high-rise packing system cannot tally, place into or release from stock if they experience a power breakdown. “In a case like that, an emergency power supply may be considered – but only if it delivers enough power to supply the entire installation for a sufficiently long time,” the auditor emphasizes.
Quality requires information
ISO 9001 does not require organizations to maintain documented risk management. However, in the age of digitalization, it is clear that a failure of computer systems is linked to risks that are continuously growing and harder and harder to evaluate. In order for those risks not to happen, it is recommended that logisticians construct an information security management system in parallel to their quality management system. “Quality and information security mesh tightly,” finds Andreas Völkerding. Order data are central to this: if they are missing, operational processes stop. If such data is inadequately protected, economic espionage can easily access sensitive information about industrial organizations or wholesalers. “Given a quantity structure and delivery address, strong conclusions may be drawn regarding the business of a competitor,” the trained logistics expert emphasizes. By implementing an information security management system (ISMS), organizations are starting a continuous process of planning and evaluation focusing both on the availability of information, and thus the continuity of business processes, as well as the security of information within the organization. It makes sense in a field closely meshing with quality to also rely on systematic management, because the standards, which are related, also closely mesh. “By deciding in favor of this, you decide to pick up the ball that was thrown by ISO last year with the revised standard last, and the risk-oriented approach it incorporates,” resumes Andreas Völkerding.
Andreas Völkerding is a DQS auditor assessing i.a. conformity with ISO 9001 (Quality Management) ISO 14001 (Environmental Management), BS OHSAS 18001 (Occupational Health and Safety Management) and TAPA (Transported Assets Protection Association) as well as the European GDP guideline.
To learn more about what a DQS certification to ISO 9001:2015 can do to address risk in your logistics company, please contact the DQS office nearest you. Their contact data can be found on this website at https://www.dqs-holding.com/en/contact-us/international.