Section 8. Measurement, Analysis, and Improvement

At the base (but not the basement) of most process improvement programs, you'll usually find a set of recommendations or requirements that focus on measurement, analysis, and improvement. CMMI and Six Sigma have them as well.

These activities are important because they provide you with the empirical data and objective insight to assess your program and make it better. The measurements show you how you are doing. The analyses help clarify how you might do things better. And the improvements are your actions in response to the data.

Here is the natural cycle of process improvement:

  1. Implement a process.

  2. Observe it in action for a while.

  3. Measure its performance.

  4. Analyze the measurements to see what is working well, what has potential for refinement.

  5. Make refinements.

  6. Begin the cycle again.

Section 8 of ISO 9001 deals with the cycle of measurement, analysis, and improvement. This section sets forth requirements for collecting measurement data on customer satisfaction, process performance, and work product quality. It also establishes requirements for controlling products that do not conform to quality standards, for analyzing measurement data, and for ensuring that QMS refinements are implemented through a culture of continual improvement using corrective and preventive actions.

Section 8 addresses these topics in five subsections:

  1. General

  2. Monitoring and measurement

  3. Control of nonconforming product

  4. Analysis of data

  5. Improvement

These are described next.

The general requirement for Measurement, Analysis, and Improvement is that the organization shall plan and implement the measuring, analysis, and improvement processes needed to demonstrate that the products being produced conform to the established requirements, that they were created using the mechanisms provided in the QMS, and that improvement data was collected for future work. In other words, the organization needs to plan to collect measurements that will demonstrate compliance.

In short order, this subsection summarizes the whole intention of the ISO 9001 Standard. The previous statements represent the Standard's three overriding philosophies:

In order to meet the three goals, your organization will need to monitor a series of activities and collect measurements from these observations to improve your QMS.

The subsections under 8.2 detail four kinds of measures that should be taken. Before I look at this, I'll briefly touch on measurement regularity. This is one area where organizations can easily swing wrong in one of two directions: either they don't measure the effectiveness of their program often enough, or they attempt to measure the thing too much. Each route can introduce obstacles to productivity.

If you don't measure enough, you'll be hard-pressed to collect enough data to show where your program might be improved. If you try to collect too much in very short cycles, you might get bogged down in number crunching at the sacrifice of program execution. So this falls to the judgment of the individual organization.

Ultimately, you and your people will know your QMS best. You'll know how products and projects cycle through it, and you'll gather a sense of what measurement and analysis schedules work best. The general rules here are twofold: select a set of measures designed specifically to help you improve your program, and then conduct measurement activities based on a schedule suitable to the general throughput of your organization.

The next set of measures has to do with your Quality Management System. The requirement here is that the organization shall conduct internal audits to ensure that the QMS conforms to ISO standards and that it is effectively implemented and maintained.

I alluded to this earlier in the discussion of Section 4. The Quality Management System is not a static entity. It is not a fixed program; it is a dynamic one. It evolves over time. It should change to meet the changing needs of your organization, its business, and market demands. Because of this dynamic trait, you should periodically measure your QMS to keep it on course, to make sure it has not inadvertently drifted off mission. To ensure this, you should measure your QMS along three lines.

First, you should measure it against the requirements of ISO 9001:2000. This is a type of gap analysis in which you map the requirements of your QMS to the requirements of the Standard.

Next, you should take measures of how effectively the QMS has been implemented within the organization. These measures usually have to do with overall compliance with the QMS from project to project.

Finally, you should collect measures on how well maintained the QMS is. This has to do with confirming the proper configuration management and version control of the Quality Manual, and the records that indicate these activities have been formally conducted.

The measures specified previously help you assess how well the QMS fits into your organization: how well it's been integrated into your work teams, how well it's been adopted, and how efficiently it's being maintained.

Here in Section 8.2.3, you begin to measure how well the QMS is performing and how effective it is within the organization. The requirement is that the organization shall monitor the processes of the QMS and measure selected ones to make sure the QMS as a whole is meeting the quality objectives of the organization.

I mentioned this earlier. The QMS needs to be founded on a series of quality objectives, objectives that tie in with the overall mission of your organization. And so the processes and procedures (and all else) contained in the QMS should be verified from time to time to show that they really are helping you meet your quality goals.

This does not mean that everything in the QMS has to be measured. A more efficient approach is to periodically select a subset of processes and measure just those. The measures can be anything that you find meaningful. This might include a count of noncompliance issues around a process, the estimated time a process helped save for a certain project activity (or the time it cost), the number of change requests a process helped you analyze, and so on.

The goal here is to go beyond simple process execution. The better path is to execute with an eye toward evaluation, understanding, and improvement.

The flip side of measuring process effectiveness is to measure product quality. The two should actually tie together pretty closely.

A common mantra in the field of process improvement is that the quality of a product is heavily influenced by the quality of the processes used to produce it. So here the requirement is that the organization shall regularly monitor the characteristics of the product to verify that the requirements are being met.

Again, this turns back to customer satisfaction. If the goal is to build what the customer has asked for, it becomes important to regularly measure how fully the product components or the full product meet those specific requests.

In addition, the organization should collect and maintain evidence of this conformity at various stages in product development. If problems with meeting the specified requirements are uncovered, further promotion of the product might need to be postponed until the issues, whatever they may be, have been properly addressed and authorization to continue has been given.

Monitoring and measurement of the product is probably the most immediate of ISO 9001's measures. It is an online activity. It is active, not reflexive. That is, it influences the throughput of product realization. If the measures indicate a conformance problem, production should be addressed. Someone should hit the red button on the assembly line. If this is not in place, the organization runs the risk of introducing problems into the final production product, which could amount to a high-risk situation for the company further down the line.

Figure 5-7 illustrates monitoring and measuring requirements.

"Control of nonconforming product" is a technical way to spell out how to deal with products (or product components) that don't turn out right: those that come out defective.

In Section 8.2.4, the Standard describes the requirement for monitoring and measuring product quality. This is an ongoing activity, carried out as a product is created and assembled across the many stages of its life cycle. These measurement and monitoring activities help detect any defective outputs.

Here, in this section, the idea is to introduce ways to control the nonconforming products when you do find them.

Naturally, if at all possible, customers should be spared an encounter with a failed product. One DOA package out of 1,000 can make the whole lot suspect.

And so the Standard requires the organization to be proactive with nonconformance: it (the organization) shall ensure that product components falling out of conformance are identified and controlled to prevent unintended delivery. In other words, keep an eye on construction at critical steps. Inspect what you produce. Keep an eye out for the worms.

But it's not enough just to keep the bad parts from slipping by; the organization shall deal with nonconforming product by taking one of three actions. First, it should take action to eliminate the nonconformity. This is a two-dimensional requirement, implying steps. The organization should inspect the defective product with a view toward fixing it. If it can remedy the defect, the product can be shipped; if not, it should be discarded (or labeled as unsuitable for use). Any product that goes through a remediation step should also be subjected to reverification. Taking this further, the organization should investigate the source of the defect—investigate what condition introduced the error in the first place—and work to remove that source from the production process.

As an option to that, the organization can discuss the nature and severity of the defect with the customer. If the customer deems that the defect is of an inconsequential nature, then the organization is free to release the product to the customer. However, if either the organization or the customer has reservations about the suitability of the unit, it should, again, be either marked as unsuitable or discarded.

Finally—and of significant impact—if for some reason products that do not conform to the requirements are released into the field, the organization shall take remedial action to mitigate the risk of poor or irregular performance. Actions here might be to initiate field corrections, to send out errata data, or to issue a product recall.

Controlling nonconformance is essential to controlling the ultimate quality of products in production and the quality of the production process itself. In line with this, a final requirement of the Standard is that the organization shall establish and maintain records of nonconformance instances as they occur.

As described earlier in the three previous subsections, ISO 9001 requires that an organization collect measurements across its activities to gauge performance in four areas:

Section 8.4 makes use of this collected data by requiring that the organization analyze and interpret measurement data to determine how well the organization is meeting its quality objectives.

This is a cornerstone activity within the ISO Standard. Here you tie actual performance to your previously defined performance goals. In Section 5, I discussed management's responsibility for establishing quality objectives for the organization and the QMS. This was a basic first step in creating the Quality Management System. The general design of the QMS should come from these objectives. Once it has been in use for a while, management should analyze its performance to see how well the system is meeting these objectives.

Analysis of data can take many forms. For this reason, it's important to understand up front how you plan to measure the success of your QMS. "Soft" quality objectives such as "achieve industry-leading customer satisfaction," or "meet or exceed customer expectations" may be founded on noble intentions, but they are difficult to measure. They are not very precise. The goals you establish for the QMS work better if they are more quantitative and less qualitative.

Here are examples of three solid goals for a Quality Management System (and the program that will come out of it):

  • Reduce the occurrence of product defects by 5 percent in year 1.

  • Increase the throughput of shippable components by an average of 12 percent per month.

  • Reduce the need for component rework by 2 percent each quarter in year 2.

These goals provide two benefits for a quality program: they are easily measurable and verifiable, and they provide the focus needed to design the QMS. Once data has been collected from the activities that impact those goals, an analysis will readily reveal how well the QMS is working to meet those goals.

If it proves to be working well, you know you're on the right track. If it's having minimal impact, you know you might need to revise (sharpen) the QMS.

An inescapable theme in all quality programs—CMMI and Six Sigma included—is the focus on improvement. A characteristic of quality programs that is often under-stressed is that they are not about being perfect. The nirvana of zero defects has pretty much been discarded in the commercial realm. Rather, quality programs are about becoming better, about continually improving over time. This idea is brought out here.

ISO 9001 focuses on continuous improvement in two ways. The first way is to take action to correct or refine the quality management system when weaknesses are found or opportunities for improvement are discovered. The second is to build safeguards into the program (efficient processes and procedures) that prevent defects or errors from being introduced into the production life cycle.

Let's take a brief look at each next.

Section 8 of the Standard requires the collection of measurement records that quantify program performance and provide a basis for making future decisions about potential process improvements:

  • Records of internal audits

  • Records of assigning and authorizing personnel

  • Records of nonconformity

  • Records of actions to correct nonconformity

  • Records of preventive actions

    Examples:

    • Audit criteria

    • Audit reports

    • Audit plans and policies

    • Staff assignment forms

    • Staffing notifications

    • Noncompliance records

    • Defect-tracking systems

    • Defect-tracking and management reports

    • Process improvement plans

    • Process performance measures

    • Process improvement results