ISO 9001:2015 Supplier Management Transcript

Please find below the transcript from the ISO 9001:2015 Supplier Performance Management Webinar. 

You can download the entire webinar recording here. 

 

 About this Webinar: 

Until recently, ISO 9001 only explicitly required an organisation to keep records of the criteria for selecting, evaluating and re-evaluating suppliers. The latest revision to ISO 9001:2015 now requires an organisation to not only record the criteria, but to also record the result of these activities, including performance monitoring. 

The shift towards greater emphasis on supplier performance monitoring may require your organisation to review supplier management processes. 

In this webinar, Robert Oakley and Mike Bendall present the changes to ISO 9001:2015, the challenges and a best practice approach for managing suppliers. 

 

 
The transcript: 

Welcome to the webinar.

I’m Robert Oakley and together with my colleague Mike Bendall we are your hosts for the next hour and our topic is optimising sustainable supplier management. We are both Directors of Qualsys Limited, a developer and vendor of Governance, Risk and Compliance solutions in the form of our flagship EQMS application. Our business was formed in 1995 so we have extensive experience of working with organisations to optimise all manner of business processes including supplier management.

Over the next hour, we'll share: 

  1. How to pro-actively manage your suppliers and the benefits in terms of supplier quality and compliance  
  2. Best practice approaches to improve supplier quality by identifying your best suppliers and removing weak performers to strengthen your business and build competitive advantage. 
  3. Improve Supplier Performance Visibility by eliminating information silos and making supplier data visible to everyone who needs it. 
  4. How to ensure supplier mistakes are not repeated and issues are resolved in a closed-loop process.
  5. Provide details of additional Information and resources to help you get the best out of your suppliers.

I will kick off looking at what Supplier Quality Assurance really means, why it is important and relating this to the recently updated ISO 9001 standard. We will take a look at your feedback from the pre-webinar survey that many of you completed and see how you think you fare against the requirements of the standard.

After a look at the requirement for and benefit of record-keeping I will hand over to Mike Bendall for an exploration of best practice approaches to supplier management.  

We will answer questions at the end. I know we have had a number of questions already so we will provide our feedback on these and we will handle more if we have time. 

 

So, what does Supplier Quality Assurance mean in today’s World?

Joseph Juran, the renowned Quality Management guru came up with this definition in his Quality Management Handbook in 1951 and it still stands the test of time.

What_is_supplier_quality_assurance.png

Juran worked as a freelance consultant and spent time training the Japanese in his approach to Quality Assurance. He advocated training across all layers of management and allied this to scientific analysis of suppliers' performance as the cornerstone of his ethos.

Of course these days there is recognition that supplier quality is important. New competitors spring up at a moment's notice to challenge our product quality and prices. We buy components, ingredients and services from all over the world to source quality at the best price.

Supply chains can extend around the World to complicate our desire for traceability.

And with suppliers all over the World the logistics of ‘just in time’ and lean initiatives become a headache for procurement departments.Supplier performance in terms of parts per million metrics or corrective action thresholds are recognised controls.

Compliance with recognised international standards is mandatory for many sectors and regulation impacts us all to protect the consumers of our products and services.

The more sophisticated buyer wants to ensure that he protects his business so he demands more detailed information about your products and services and expects guarantees and warranties.

 

News_supplier_management.png

 

The pitfalls of poor supplier management are all too evident. The horsemeat scandal of 2013 that hit Tesco and other retailers and the BP oil spill of 2010 were both attributed to poor supplier performance but where were the controls and the processes?

Ultimately these businesses paid a high price for a lack of control over their supply chain.

With supermarkets stocking 35-40,000 products, has the risk to the consumer really diminished and are the safeguards in place?

Not all organisations are as reliant on their supply chain.

Some may purchase minimal products and services that have minimal impact on their own end product or service. It is up to us to identify our strategic suppliers.

The key to understanding the level of exposure to failures by these suppliers is a robust approach to assessing and quantifying risk. 

The focus on risk has been a major feature of the latest version of the ISO 9001 Standard.

Thankfully we have a new beefed-up ISO 9001 standard to guide us. As always, the publication of the standard has given rise to seemingly endless debate about interpretation but the standard certainly addresses supply management in more depth, or, as it is termed in the standard, external provisions.

 ISO_9001_Globe-1.png

 

Clause 8.4 of the standard focuses our attention on our responsibility to control externally provided processes, products and services. Sub-clause 8.4.1 scopes the extent of our responsibility and unlike the previous version of the standard, it is explicit about all the circumstances where we need to ensure that external provision conforms to our requirements.

The standard also tells us that the areas of activity where we need to define and apply criteria to ensure the supplier has the capability of satisfying our requirements.

This is not optional as the standard obliges us to keep documentary evidence of associated activities and ‘necessary actions’.

Sub-clause 8.4.2 clarifies the controls needed to ensure external provision does not adversely impact our own products and services.

Externally provided processes must fall under the control of our Quality Management System and we are obliged to determine and apply controls for the provider and their product or service. We certainly need to consider if they have sufficient internal controls and if their products or service will impact our ability to meet regulatory demands. 

Lastly the sub-clause insists that we have verification processes in place to ensure the external provider will consistently meet our requirement. Sub-clause 8.4.3 is explicit about the scope of the information we share with our suppliers. 

As you might expect we are obliged to define the requirements of the process, product or service we are buying in. But this is extended to cover other areas such as the required competency of the supplier’s staff and an explanation of the verification and validation processes that we have employed to check that provision meets the requirement.

 

Survey Results: 

your_supplier_management_processes.pngtools_to_manage_suppliers.png

 

 

 

 

 

 

 

 

 

 

 

 

 

senior_management_reports.png

supplier_management_effective_test.png

 

 

 

 

 

 

 

 

 

 

 

 

 

We were interested to see how you felt you stacked up in relation to the demands of the IS0 9001 Standard.

The Standard demands that you define and apply criteria for four distinct areas of control:

  • Initial Supplier evaluation
  • Supplier selection
  • Supplier monitoring
  • Supplier re-evaluation

The majority of you had processes for evaluating suppliers and 67.1% have a defined process for supplier selection.

However, once selected, it seems that there is a tendency to leave suppliers alone with only 40.7% having a defined process for supplier re-evaluation.  There is also a lack of monitoring that seems to concern you from reading a lot of the anecdotal comments you added to the survey. 

Some of you senior management might contend that you may not have what we earlier termed strategic suppliers but have they carried out a thorough and systematic risk assessment?  The horsemeat scandal certainly caught out many large organisations that appeared completely blind to the potential problem.

It was interesting to see that there are only 10% use a commercial database solution for managing suppliers.  Naturally we were pleased that there appears to be potential for our EQMS solutions but it is of concern to see that supplier data is locked away in information formats that are difficult to interrogate and provide no automated alerts or real time management information. This restricts the availability of information that supports rapid decision-making.

We also sensed a real concern from you about senior management commitment to supplier management.

Over 55% of senior managers don’t have any regular reports to review supplier performance which reinforces our view that once suppliers are in the club you assume that they will continue to perform effectively.

Interestingly, when we asked you how effective you are at managing various aspects of your supplier relationships you are clearly best at managing problems and errors.

We would contend that if there was a greater focus on effective monitoring and regular re-evaluation, you wouldn’t need to be as good at rectifying problems.

Here are some of the challenges you told us you are facing:

Issues_with_Supplier_Management.png

 

The changing nature of global business is certainly presenting a range of challenges.  Just before we move on to look at some of our recommendations we thought we would introduce the audience participation bit with a couple of polls.

 

Poll 1: Do you believe your existing Supplier Management processes satisfy the requirements of ISO 9001:2015?

supplier management best practices

Poll 2: Do you believe your existing Supplier Management processes satisfy the requirements of your business? 

supplier-management-KPI's

 

Record Keeping: 

One of the key changes to the ISO 9001 Standard in relation to supplier management is the explicit requirement for record keeping.

There is the obvious contractual documentation and information that describes the nature of what is being provided by your supplier.You are now expected to record the criteria you have used to evaluate and re-evaluate suppliers. You need to keep assessment and audit records, tracking performance over time.

The Standard is less prescriptive about commercial information such as expenditure and cost of poor quality, but you need the information to support decision-making.

Capturing as much of this information in a database as possible allows you to interrogate the data to support decision-making. 

Realtime dashboards and reporting allows you to make faster, better decisions about suppliers which can ultimately provide you with tangible competitive advantage in your marketplace and avoid potential problems.

Regulation often dictates that records must be kept for a given period of time and a database facilitates easy search and retrieval.

Here’s a supplier record in our Supplier Management Application:

Record_Keeping_Processes.png

It provides common access to information to you, your staff and potentially your suppliers. 

  • Centralised
  • Manages the complete lifecycle of evaluation, approval, monitoring and re-evaluation
  • Configurable to include the data fields you require
  • Inclusive and transparent
  • Critically it is driven by a database that provides ongoing analysis and alerts to ensure that critical tasks are not forgotten.

 

Supplier Assessment:  

In compliance, with good Quality Management practice we recommend following a Plan, Do, Check, Act cycle, and therefore start with planning the requirements for the product or service that we require.

plan_do_check_act.jpg

The output from this process will be a comprehensive specification, including standards and tolerances that must be met, for the product or service. This specification will be verified and approved.

The ISO 9001:2015 standard requires that you provide this information to prospective suppliers so that they are clear what it is that you are asking for.

Once you have a specification you should also undertake Risk Analysis (FMEA):

  •   Identify any risks associated with the product or service itself.
  •   Identify any risks associated with producing or delivering the product or service.
  •   Quantify these risks using a consistent methodology.
  •   Identify the Controls required to mitigate unacceptable risks.

This information will inform the details of your supplier evaluations and the controls you need to impose on your suppliers. In particular you should consider risks associated with Single Sourcing. 

 

Supplier Evaluation:

Now we are clear about what it is that we want we can move on to Supplier Evaluation.

The purpose here is to identify potential suppliers who are capable of meeting our requirements.

We recommend starting with a standard supplier checklist, to promote consistency and ease of reuse. However, the findings of your evaluation should be analysed with regard to the risks you identified earlier.

Supplier capability and capacity are critical. 

Can the supplier supply what you want, in the volumes you require and in the timescales necessary?

The importance of other factors may depend on circumstances. For example, environmentally sustainable sourcing may or may not be a factor and the chance of child or slave labour being used may or may not constitute a real risk. If they are important you will require evidence that standards are being met.

The ability of a supplier to control their own production or delivery processes should be relatively easy to assess. It may be more difficult to define the requirements for their control of sub-contractors. For example, the risk of counterfeit products or materials entering the supply chain may be important, as may the potential effect of an extended supply chain on materials that must be stored under controlled conditions. Again, any risks must be mitigated by requiring your supplier to routinely supply evidence of supply chain conformity throughout the duration of supply.

At the end of this process, it is not sufficient for the contract to have identified both potential suppliers and risks associated. 

 

Supplier Selection

supplier_assessment.KPI png

The next step is Supplier Selection.

Your evidence for this will be the requirement which you provided to the supplier (ITT, RFQ etc), the supplier response confirming that they can and will commit to meeting the requirement (if necessary with details of how) and a contract agreement.

The contract should not only detail specifications, volumes, lead times and payment.

It should also detail the agreed processes that will operate between you for the duration of the contract.

For example, what is the process? Should either of you change the agreed specification or the delivery schedule? What product traceability evidence must be supplied and when? What constraints are there on the supplier to use staff with appropriate skills and get them regularly retrained or re-assessed? 

If this Joint Quality Planning is agreed before the start of the contract you have a basis for managing an ongoing relationship. 

 

Supplier Monitoring

Once the contract commences you will need to monitor supplier performance and in particular issues that arise due to suppliers.

Some issue management processes will have measurable costs. With others this will not be so easy. If you cannot quantify these costs and provide evidence of how they were incurred then you may have difficulty recovering them.

Think about where hidden costs may occur in your own experience. Is there a way of capturing them? If not, is it worth putting a process in place to do so?

One process to consider that has been very effective with our customers is the provision of online checklists that can be downloaded to a tablet for final source inspection. Competent supplier representatives can be delegated to complete these prior to shipping product or commencing service provision. This means the results are immediately available and any potential issues can be identified before it is too late.

 

Closed Loop Processing

Closed_Loop_processing-KPI-measurement.png

Once you have identified the things you need to monitor you need to consider how to do so in a way that captures critical information, alerts interested parties as to what to do about it and enables easy progress monitoring, all preferably in real time. Paper, electronic paper and spreadsheets only tend to work for small organisations where one person is responsible for end to end process management.

Systems based around on-line databases with workflow are key to this:

  • Issues may be logged as they occur
  • Responsible managers are automatically alerted
  • Decisions and approvals are recorded
  • Necessary tasks can be scheduled, issued and monitored through to completion
  • Information is collected and retained in one place for subsequent analysis and planning preventative action
  • Management reporting is automatic, not an administrative overhead
  • Records are automatically retained for audit purposes
A couple of additional features to consider:
  • Can these systems be shared with your suppliers, or even customers, to promote efficiency and transparency?
  • Do they integrate together so that, for example, a record of a supplier approval is also linked to records of:
    • Any audits and inspections of that supplier,
    • Any agreements or correspondence with the supplier,
    • Any issues or failures of that supplier
    • And any risks identified with that supplier.

Once you have effective supplier monitoring in place you then have the information to support appropriate supplier review and continuous improvement. Ongoing supplier re-evaluation effort can be tailored and proportionate to supplier performance and risks reviewed.

 

Collaboration:

Supplier-performance-management-best-practices.png

Joseph Juran was very focused on the human aspects of Quality Management and seems one of the more enlightened QM Gurus as he advocated close collaboration with suppliers even back in 1951 in his QM Handbook. Nowadays, it makes perfect sense if:

  • Staff, customers and suppliers have access to the same information.
  • Common taxonomy and clear definitions.
  • Transparency.
  • Agreed and explicit targets.
  • A commitment to improve.

 

How do we achieve this? 

Many of our customers have online portals for suppliers that explain their requirements, commercial terms and more.  Suppliers can load their information and the more sophisticated portals even automatically request updated information at the requisite point in time. One of our customers, Sodexo, a global provider of outsource services, has a portal which requests updated ISO 9001, Employers Liability and Professional Indemnity Insurance certification on the registered expiry dates.

In summary we hope that you have found this webinar to have been valuable and that you take away some ideas as a result of our time together. Pro-active supplier management offers rich potential for competitive advantage if you can find and keep the suppliers that offer the best quality at the best price.

Regularly updated information about your suppliers informs your understanding of the risk associated with your suppliers and provide the basis for a strong, long standing and mutually beneficial partnership.

 

Download the webinar for access to the webinar recording with the extended Q&A session. 

 

 

New Call-to-action

 

  Eqms WORKSHOPS - GRC Solutions

Topics: ISO 9001, Supply Chain Management

Share your thoughts on this article