Product Updates

ISO 9001: Using Omega 365 as the Quality Management System

Jul 18, 2023
10 min read
ISO 9001 is defined as the international standard that specifies requirements for a quality management system. In Omega we obtained the certification in June 2023. By utilizing our own software, Omega 365, as a fundament, we demonstrated that our organization meets international standards and that we focus on continuous improvements.
Johnny Vik
Johnny Vik

Our approach to get certified

When we developed our new platform, Omega 365, we recognized the importance of actively utilizing the system ourselves. This approach ensures that we not only gain invaluable experience and feedback firsthand but also attract a substantial user base that can contribute to the ongoing improvement of our system. By actively using and familiarizing ourselves with Omega 365, we are better equipped to assist our clients effectively, drawing on our personal experiences to guide them in maximizing the platform's potential. 

By successfully obtaining ISO certification through our Omega 365 software, we not only establish our commitment to quality but also offer concrete evidence to both existing and potential clients. They can confidently adopt the same solution to achieve compliance with ISO 9001 Quality Management standards.

To be able to meet the requirements for the ISO 9001 standard we had to:

  • Get a clear understanding and overview of all the requirements in the standard
  • Document our processes, procedures, policies and objectives related to quality management
  • Define quality goals
  • Create a plan for how we can meet all the requirements 
  • Implement the system, and ensure it is actually used
  • Identify and manage risks
  • Perform internal audits to ensure that our routines and processes are well understood and used throughout the organization
  • Prepare for external audit. Document and follow-up any short comings.
  • Regularly review the performance of the system with top management. 
  • Ensure that incidents are reported, evaluated and that we learn from them
  • Document focus on continuous improvements


Get an overview of requirements

To ensure that we had a good overview of all the requirements in the ISO standard, we used our "Checklists" functionality. The checklist library contains the organizations checklists. We created one called "ISO 9001:2015" which had a check item for each requirement in the standard:

The checklist for ISO  9001:2015

The checklist was reviewed and approved by the quality manager.
With the checklist in place, we had a good overview of all the requirements, and could start the process and see where we met the requirements, and where we did not.

Document our processes, policies and procedures

In Omega 365 there are two main registers for storing documentation; in Omega 365 Document Register and in Omega 365 Content Items. Both options meets the ISO requirements for good control of documentation, including support for review and approval. Content items can be made available for the organization by creating document manuals. We selected to use "Content Items" as it is somewhat simpler, and that content we produce here can easily be made available at different surfaces, as it is pure HTML content. Microsoft Word allows for more advanced formatting options, but for our needs, we concluded that HTML Content is the best option.

Read more about "HTML Content Items" in this video:

 


You can also watch this video to learn more about Omega 365 Document Management:

 


Define quality objectives and goals 

In Omega 365 we have the app called "Follow-up Register". Here we define our quality goals, and we use this app for following them up regularly. We can also link other data to these follow-up items.

The follow-up items can be categorized (e.g. "goal", "requirement"). 

Overview of follow-up items in Omega 365


Create a plan for how to ensure that we meet all the requirements

In Omega 365 the "Activities" register is a central register. The activities can be scheduled, and there are different views to serve different needs.

Also, many of the activities should be repeated at a certain frequency, e.g. yearly reviews, monthly risk management meetings etc.

The "Control Plan" view is very practical - it gives a clear overview of what the current status is on the key activities: 

We created the quality and security schedule by going through the following steps:

  1. Build a hierarcy of activies
    • The control plan view shows a status at the different levels. With a well defined hierarchy, we can easily see where we have outstanding activities, or activities with punch / issues.
  2. Create checklist for the activities
    • With a checklist we ensure that we have good control what we actually need to do, and we can check it off when completed
  3. Plan for when the activities should be executed. 
    • This could be done either with the gantt view, or simply just setting the planned start/finish dates manually
  4. Identify who is responsible for executing and signing off each activity
  5. Follow-up the execution of the activities
    • The check items in the check list are closed out when completed
    • When all check items are completed, the activity is automatically set to completed
    • Using the comments / journal section for each activity, one can create comments and assign actions
    • The activity is closed when those set to sign off the activity has signed
  6. Reporting
    • The control plan view gives a great view of the current status, and where there are outstanding activities, or issues
    • The gantt view gives a good view of when the activities are planned to be executed, and the relationships between them


Implement the system and make sure it is actually used

Of course, it does not matter how great a system is, if it is not used. As part of our strategy to ensure that it was used, having efficient training was important. Omega 365 comes with an integrated training system, called "Academy". Here we set up courses, with a combination of text and video content that we create ourselves.

To ensure ongoing engagement and accountability, we recognized the importance of regular follow-ups. Our Meetings module proved invaluable in this regard, enabling us to streamline our meetings by preparing and sharing agendas with participants in advance. Additionally, the module facilitated the seamless documentation of actions and decisions made during meetings, ensuring transparency and accountability. 

In addition we have regular internal audits to ensure that we apply with the procedures and policies that we have in place, as explained in the next section.

This video gives and introduction to Omega 365 Quality Management:

 

Identify and manage risks

To have an overview of the risks and a plan for how to respond to them is crucial for any organization. Omega 365 Risk Management software is used by many companies, and of course, we use it ourselves to manage our own risks.

The risks can be registered at any level in the organization, and can be visible across all subsidiaries, departments and projects. The CEO, the quality manager and others with sufficient permissions, can easily get a good overview of the current risks by using the risk register, and drill down wherever needed to view more details. The risk matrix provides an easy way to get an overview of the key risks in the organization.

Mitigating measures are defined using workflows, and clear responsibility is given to ensure that these are followed up.

Regular Risk workshops and meetings are held, and by using our "Meetings" app, we have structured and efficient meeting related to risk management.

In this video you learn more about the Risk management in Omega 365:

 

Perform audits and reviews

To create a plan for the audits and reviews, we again used the "Activities" register, including checklists.

When there were findings and improvements, we define workflows against the activity, where we have defined several workflow processes. The workflow functionality is central in Omega 365. To learn more, you can watch this video:


 

Report and follow-up incidents

In Omega 365 we have a "Incidents register". All Omega employees can report incident. We emphasize the importance of encouraging and valuing incident reporting within our organization, and incidents with with a certain level of criticality is evaluated and discussed in monthly management meetings, so that we learn and improve from our shortcomings and errors.

We follow this procedure for managing incidents:

  1. Report incident
    During this step, our primary objective is to gather the essential information needed for evaluating and learning from an incident. Our focus lies in finding the right balance, ensuring that users provide sufficient details without burdening them with excessive requirements. It is crucial to avoid creating barriers that discourage incident reporting, as this could result in underreported or insufficiently documented incidents. Our goal is to create an environment where reporting incidents is accessible and encouraged, empowering users to contribute effectively to the incident management and prevention efforts of our organization.

    The "New incident" reporting app. 

    When reporting incidents, the category "Harm to" includes both actual harm and potential harm. It is essential to understand that even if an incident did not result in any immediate injury to a person, we register it with the "Injury to person" type, if slight modifications in the circumstances could have led to an injury. This inclusive approach enables us to capture near-miss events and identify potential risks that may otherwise go unnoticed. By acknowledging and documenting such incidents, we can proactively address underlying hazards and enhance our overall safety measures.

  2. Evaluation and lessons learned
    During this phase, we do the following:
    • Initial assessment: Determine the severity (critical, very high, high, etc). Note that one can configure Omega 365 to require to initiate a certain workflow process depending on the severity.
    • Root cause analysis: Categorize the root cause and describe it.
    • Impact: Did it impact schedule, cost or quality?
    • Summary: The person in charge of the evaluation, writes a summary (lessons learned, preventive measures etc)
    • Related incidents: Are there other incidents related to this one, if so, add it under "Related incidents"
    • Other related information: Tie the incident to to an Object (tag), daily log entry, lessons learned, risk, other party
    • Mitigating measures: Define mitigating measures using workflows. 
      Within the Incidents app, one find all the necessary details regarding the reported incidents, including incident descriptions, impact assessment, root cause analysis etc.

  3. Follow-up
    • Follow-up the workflows / mitigating measures and ensure that they are completed

Continuous Improving

ISO 9001 places significant emphasis on the concept of continuous improvement. These are the key points that we focus on, which are aligned with the requirements in ISO 9001.

  1. Performance evaluation - monitor, measure, analyze and evaluate the performance
    • We have implemented several ways of monitor the status and or progress. This includes standard dashboards based on status from the various workflows (improvement suggestions, bugs in our software etc):
    • These status dashboards are used both at a company level, and by department managers to monitor their performance
    • Monitoring the status of clients - performance of servers, issues reported, incidents follow-up etc.
    • Using the follow-up register. Here we have our goals defined, and can report status and forecast. To define the work required to meet the goals we assign tasks and use workflows, and activities when that is relevant.
  2. Corrective actions
    • Incidents are reported in our system, and we encourage co-workers to report incidents. The incident reporting system is available for all to report incidents.
    • When an incident is reported - corrective actions / mitigating measures are defined and followed up using the workflows register
  3. Preventive actions
    • To help us identify issues before they occur, we have different tools available. For example dashboard for monitoring performance on our servers helps us being able to identify potential issues before they actually occur.
  4. Improvement suggestion from our users
    • Our users can easily create improvements to our solution. The suggestions appears in the central register in Omega 365, automatically pushed over from the client's installations
    • The suggestions are evaluated by the responsible, which is automatically assigned in the workflows register
    • When needed the suggestion is reviewed by the Product Change Board, which is also a role in Omega 365. Workflows are assigned to this role.
    • All the decisions (e.g. implement / not implement) are documented, and if to be implemented, it is sent to the responsible developer for execution and testing.
  5. Data-driven decision making
    • By developing dashboard that provides a good overview of how our systems are used, we get valuable insight that helps us making decision. In our "Data Insight" app, we have an overview of how many active users there are, which data registers are used (e.g. how many documents are created the last month for a specific client). This information is actively used for us to make decision, e.g. we can see that one client use the "Meetings" app heavily, while another has no meetings registered.