Title Quality Management Evaluation & Audit policy Document ID Director Mark Reynolds Status Final Owner Neil McCrirrick Version 1.1 Author Mark Reynolds Version Date 07/11/2011 Quality Management Evaluation & Audit Policy Crown Copyright 2012
Amendment History: Version Date Amendment History 1.0 12/09/2011 Initial document 1.1 07/11/2011 Updated to align with ISO 9001 as a result of stage 1 audit. Approvals: Name Organisation Version Date Martin Severs, Chairman, ISB 1.1 07/11/2011 Related Documents: Ref no Doc Reference Number Title Version 1 Information Standards Development Methodology 2 ISB Quality Manual 1.0 1.2 Glossary of Terms: Term Acronym Definition Crown Copyright 2012 Page 2 of 8
Contents 1 Purpose...4 2 Management Review...5 3 Internal Audit...7 Crown Copyright 2012 Page 3 of 8
1 Purpose This document defines the management review and internal audit procedures for the Information Standards Board for Health and Social Care (ISB). The overall aim of the evaluation and audit policy is to recognise and celebrate good quality in the service and direct activity for quality improvement where this is required. The policy is comprised of Rules for the management review (Section 2) and internal audit. (Section 3). Crown Copyright 2012 Page 4 of 8
2 Management Review Purpose Frequency Inputs Structure Output The Director shall review the organisation's quality management system at planned intervals to ensure its continuing suitability, adequacy and effectiveness. This review will include assessing opportunities for improvement and the need for changes to the quality management system, including the quality policy and quality objectives. Records from management reviews shall be maintained. The Director provides a monthly report to the Information Standards Board on progress made against the business plan and other operational activities. A formal review is conducted at 6 month intervals (covering May September; October March) and presented to the ISB for approval. Results of audits. Customer feedback, including complaints and the results of the developer survey. Process performance and product conformity, including financial accounts and Clarity reports. Status of preventive and corrective actions, including the ISDM and ISMS issues logs. Follow-up actions from previous management reviews. Changes that could affect the quality management system. Recommendations for improvement. Customer Feedback Website statistics. User group feedback. Surveys. Mailing list statistics. Complaints and compliments. Operations Standards and IST/35 statistics. Actual vs planned budget HR. Commercial Changes to Quality Management System Suitability of quality policy. Previous period. Future changes. Audit and Issues ISDM and ISMS issues. ISO 9001 audit Internal audit Service Improvement Goals Actions Recommendations for improvement. The output from the management review is a report. This is issued to the ISB and stored in accordance with the ISB Information Management policy. The report shall Crown Copyright 2012 Page 5 of 8
include any decisions and actions related to: Improvement of the effectiveness of the quality management system and its processes. Improvement of product related to customer requirements. Resource needs. Actions Escalation Governance The Director is accountable to the ISB for responding to the report and implementing the agreed recommendations. This is normally done through objectives in the business plan for the next financial year. The implementation of this service improvement activity is managed and reviewed on a regular basis by the ISMS Operations Board. Follow-up activities include the verification of the actions taken and the reporting of verification results. Any issues are reported to the Chairman of the Board either by the Director or the auditor. The evaluation is governed by the ISB. Crown Copyright 2012 Page 6 of 8
3 Internal Audit Purpose Frequency Auditor Access Inputs Scope Method Criteria Report The audit shall to determine whether the quality management system: Conforms to the planned arrangements. Conforms to the requirements of ISO 9001:2008. Conforms to the quality management system requirements. Is effectively implemented and maintained. An audit shall occur no less than every two years. The Director shall be responsible for initiating the audit. The frequency of the audit shall be determined by the previous audit results. The auditor will be appointed from outside ISMS and not be related to the business of standards assurance and approval. They may be appointed from within the Department of Health Informatics Directorate. Selection of auditors and conduct of audits shall ensure objectivity and impartiality of the audit process. The recommended auditor shall be confirmed by the chairman of the ISB. The Director and Head of Operations shall ensure that the auditor has access to all staff and records as they deem necessary. Inputs will include: Clarity management information. Interviews with staff, developers and users. Recent post-implementation and maintenance reviews. Annual business plan. Previous management review, internal audit and ISO 9001 audit results. The audit shall consider: Conformance to ISO 9001 requirements. Adherence to the quality policy, quality manual and other policies as documented in the quality manual. Fitness for purpose of the information standards development methodology. Customer satisfaction. Accuracy of documents and records, including SharePoint, Clarity and the ISB website. Feedback from staff on quality enablers and barriers. The audit will normally take the form of a set of interviews and assessment of the inputs provided. All staff will be reminded that the audit must be objective and impartial. The audit shall conform to the requirements of ISO19011:2002 Guidelines for quality and/or environmental management systems auditing. Service conforms to ISO 9001:2008 with no non-compliances. The quality statement is fit for purpose. The ISB adheres to the quality manual, policies and procedures. There is evidence of a culture of continuous improvement. This may include recommendations where practice is correct and the policies need to change. The results of the audit shall be a report. This will be issued to the ISB and stored in accordance with the ISB Information Management policy. The report shall include a record of when the audit took place, who conducted the audit, who was interviewed, exact records and in-practice examples audited for each Crown Copyright 2012 Page 7 of 8
Actions Escalation Governance process. The Director shall be accountable to the ISB for responding to the report and implementing the agreed recommendations. The implementation of this service improvement activity will be managed on a regular basis by the ISMS Operations Board. Follow-up activities shall include the verification of the actions taken and the reporting of verification results. Any issues will be reported to the Chairman of the Board either by the Director or the auditor. The audit will be governed by the ISB. Crown Copyright 2012 Page 8 of 8