An Interview with Quality Management Consultant, Colin Gray
4 August 2020
Colin Gray is an ISO 9001 Quality Management Consultant. He is also a certified auditor, a qualified instructor and professional speaker. He's passionate about process and management systems; his experience with ISO spans more than three decades. In our interview, Colin shares his insights and predicts upcoming changes.
Colin, thanks very much for agreeing to take part in this interview. How are you coping right now with the various lockdowns and inconveniences?
I have always operated somewhat remotely, so while this was an upheaval we already had strong processes in place to support customers and develop more powerful solutions. In person is always nicer, and in some situations such as auditing it provides a unique perspective, but a remote approach provides a different perspective. Not worse and sometimes better. I am so pleased how the team is positive, keen on sensible safety and just great at doing the right thing.
As stated in the introduction, you're a Quality Management Consultant and for over 30 years have been offering consultancy, training and auditing services. How did you get involved in this line of work?
The key was in the early definition of software functionality. Organizations wanted custom software to help them run their businesses and that software reflected the processes in their business. That is basically the same principle of quality assurance.
Very early on I was introduced to BS5750, which was a British version of ISO 9001 and it just made sense to build it into the definition of processes that were being controlled by software. I got involved with some business consulting, financial modeling and took an MBA to put the whole thing in perspective. It never seemed wrong to look at all these things as a holistic solution to an organization being successful by design.
Most of the ISO world is focused on 9001. Quality has a direct impact on the bottom line and thus it's easy to see the appeal for organizations and customers.
Do you work solely or mainly with ISO 9001? And if you do work with other quality or management standards, roughly what percentage of your time is devoted to ISO 9001?
Most of the ISO world is focused on 9001. Quality has a direct impact on the bottom line and thus it's easy to see the appeal for organizations and customers. So most of my practice supports 9001 and the other quality derivatives such as 13485, AS9100, IATF16949, 17025.
But my real passion is process and management systems. All of these standards and others work for organizations because they are not about being good, they are about always being good. I have developed and applied this with other standards and work actively in environmental 14001, health and safety 45001 and information security 27001, among others.
I personally was impressed to see a video of you giving a presentation to the American Society for Quality (ASQ). That must be something you're proud of!
I do enjoy presenting. It's part of the rewarding nature of teaching people things. I think the message of ISO has been misrepresented and distorted over the years, and correcting that is a passion.
I see that not so long ago you gave an ISO 9001:2015 Webinar. A lot of readers might find this interesting insofar as it's a remote and therefore easily accessible service. Tell us a bit more about the webinar.
As I mentioned, I have been working remotely for years. I have done many webinars, including a full series of ISO webinars a couple of years back. I mastered the technology, integrated it with on line offerings and generally grew our understanding of how to reach people. Webinars, online and other tools are part of it. They are not the goal but they cause progress and I am keen to facilitate that.
Let's suppose Covid19 stays with us for a while longer and lockdowns remain in place. How much will you be affected by things? What I really want to determine here is the extent to which you're able to offer your services remotely.
We are very conscious about how serious this is. We know people who are not as lucky as we are. We are very positive about doing our part. We are currently working 100% remotely with no problems, no project slippages, no failures and certainly no problem for our 100% successful certification guarantee. We have strong controls in place to make these project happen successfully.
We all buy into the concept (because this is what ISO is all about) and we follow our disciplines to ensure everything is managed formally. We don't miss a trick. We love the personal interaction but realistically things are going to change. I think the financial benefits of not having to travel will sway the industry in the future so I always see this as being a thing. I don't see that as a challenge.
ISO 9001 is great. But it's not just about being good ... it's about always being good.
Let's talk about ISO 9001. It's obviously the world's most popular quality management standard, so how would you briefly summarize its strengths and/or benefits?
Done well, it's great. There is nothing in it to moan about unless you misunderstand. And importantly it's not about being good ... it's about always being good, successful by design. I have to contrast the excellence of the model itself and the underlying principles of process, management and quality, with the certification process which over the years has suffered from bad press, mediocrity, and generally unjustifiable costs.
However, just because some aspects aren't great doesn't mean we (as a team of quality professionals) can't be. And generally things are better these days and will only improve, and I am a big proponent of the certification process and concept.
How would you contrast the latest revision (ISO 9001:2015) with its predecessor? Is everything about it better, or are there any shortcomings?
This is the best one yet and the additions are the best thing since sliced bread. The focus on strategic thinking causes organizations to start looking at quality and success from a long term planned perspective and the concept of risk (which is not really new) is just a balance of common sense. People talk about not having to have documents and records but they miss the point. They are "doing" the standard and not focusing on the success of the business.
And auditors that struggle with not having enough teeth to audit or write their findings just don't understand the concept of effective processes. From an organizational perspective this is a great standard.
Good certification kits make a difference. With sufficient commitment, guidance, support and some degree of expertise, a certification kit is going to save a lot of effort.
These days there are quite a few DIY certification kits on the market. For small or medium-sized companies, what do you think of these products? Are they a viable alternative to a professional consultant?
All help is always welcome. And many companies have fewer choices if from no other reasons than profitability and available resources. Good certification kits make a difference. With sufficient commitment, guidance, support and some degree of expertise, a certification kit is going to save a lot of effort. But there are many inferior products that hinder rather than help. Due diligence is essential.
Generally, the more in-house expertise the organization has, the more the DIY solution can standalone. In real life it often requires a little leg up, and some independent expertise can do that. Remote guidance, support, training and project insights are all part of the solution.
I think we can all agree it's quite normal for companies to feel slightly apprehensive during the days prior to their certification audit. What's the best advice you would give to companies in this situation?
It's easy for me. I have done this so many times. But I recognize that the uncertainty is going to be a challenge. ISO is not some secret squirrel club. It's a model that's carefully defined in black and white. You can put the work in and make sure things are right before they happen. That's our approach.
We know a client will pass an audit. We know and we guarantee it. But that doesn't matter when you are standing outside the conference room pacing. Attention to detail, preparation, preciseness are essential.
Finally, in your opinion (and we need to remember that your experience spans more than three decades) what is the single biggest mistake companies make when setting up an ISO 9001 system from scratch?
I get asked this a lot. It's an easy answer. I tell people to throw the standard away. Seriously. When someone has been given a task to do ISO – that's what they do and they focus on it and they miss the point. Its downhill from there.
Top management have a different problem. They often fail to get sufficiently involved in the project and assume everything will be a breeze. "Go get ISO", they tell their staff. "And can you get it done by the end of the year?" And they expect their staff to do it in their spare time, without extra resources, with limited or no access to expertise, often limited authority, and usually a deadline ... and people buy into it. This is a recipe for failure.
Colin, thanks again for agreeing to take part in this interview. Is there anything you'd like to add?
I love this stuff. Great questions and thanks for letting me share. I enjoyed it!