Clause 7.4 Communication Requirements (explained)

Are you confused about the ISO 9001:2015 Clause 7.4 Communication Requirements? If so, then all will be revealed in this detailed article. As I’ve mentioned many times in previous chapters, poor communication strategies are often the greatest cause of failure to management systems. Regular, robust and timely communication is so simple to do, and yet a great many organisations are very poor at this. In my experience as an auditor, there are many reasons that I’ve identified as a cause of this.

High on the list is not assigning the correct roles, responsibilities and authorities for a particular communication task. This results in confusion with no person being sure whose responsibility it is to communicate a particular piece of information. Sometimes it can be the method used to communicate such as by email. Not everyone is a fan of checking and opening their emails on a regular basis, and this can often be the reason for a failure of ‘in-time’ communication.

Communication affects all aspects of every organisation including all processes and sub-process tasks. Studies have shown that effective regular communication with employees increases productivity and better customer service. This is because fewer mistakes are made due to a lack of an effective communication strategy. Effective communication strategy is how organisations and their employees interact with each other in order to achieve desired goals and intended outcomes. The purpose of communication is to improve processes and reduce errors.

Types Of Business Organisation

Internal business communication can be:

• Vertical communication: where a shop floor worker might feed a suggestion for improvement up to top management.
• Downward communication: where top management sends a communication down the chain to middle management or directly to the shop floor.
• Lateral communication: where communication might be sent out across a department of between 2 individuals.

External business communication can be:

• Anything that your organisation communicates to the outside world using any communication medium.
• Advertising messages.
• Design specifications sent to customers.
• Contracts sent to customers.
• Payment sent to customers.
• Communications with 3rd party auditors.
• Communications with regulators.
• Communications with shareholders.

Methods of communication

There are broadly three types of making communication including: verbal, physical (printed) and by using electronic means such as email or using video conferencing. I’m sure that many of you reading this will be thinking of times when you wish that you could have communicated telepathically! None of these methods is failsafe. Verbal communication relies on clear language that is understood by the receiver. Sometimes a person will say that they have understood the message when the opposite is true. Colloquial accents can be a cause of information that is misunderstood or misinterpreted.

I was once in Aberdeen (UK) delivering a 2-day internal auditor training course. One of the delegates attending the course had the broadest of Scottish accents that I simply could not understand. For the 2 days, I had to just not in politeness as if I was understanding his comments but I admit, I couldn’t understand a word of what he was saying. It’s quite funny looking back at it now but it wasn’t so funny at the time and I’m hoping it doesn’t happen again.

There are a great many foreign workers in the UK and so problems of correct interpretation between cultures can often be a source for miscommunications. Printed documents can be sent to the wrong person and they might simply get lost in transit. Errors in the data on the printed page or the person reading it could misinterpret the data are common. These same errors are true for communication using electronic media such as email. Emails can be sent to the wrong destination address or they can simply be ignored. I was once in a job role where I was receiving over 150 emails per day, and they still came in over the weekend! I soon got to the point where it was impossible to open and respond to them all. I created a priority ‘sender’ list and dealt with them first, everything and everyone else was placed in a queue.

The bonus to using a printed document of an email is that you have a ‘paper trail’ that can be used for issues of accountability. By having a paper trail you can ‘prove’ that the document was sent, especially with email. Just one word of advice here, be sure to back up your email system regularly to a separate storage drive. IT administrators will often delete emails ‘on mass’ and without warning when their servers become low on space. Also, don’t forget to back up the contents of your ‘deleted items bin. Backing up my email data has saved my life on more than one occasion.

Video conferencing can be difficult at the best of times because it’s dependent upon the users ‘local’ broadband connection quality. I live in an area where I’m lucky to get a 25meg connection speed even though I’m paying for a fibre connection. I’ve lost hope with the appalling customer service offered by the service provider. I can’t remember ever being in a video conference be it on Zoom, Teams or something similar without dropouts and glitches. Video conferencing does have enormous benefits and I still have to use the technology on a daily basis, but it’s just not perfect.

You may also consider running your own private forum board. These are very easy to set up and install on your intranet site. It enables the users to have a real-time chat facility where they can post any and all types of messaging. Someone will have to be designated the forum admin, although this can be a shared responsibility. Forums are good for storing historical data and you could also have an FAQ section for answers to common questions. Having a ‘how to’ section as part of the forum is a great place to provide multimedia based tutorials on technical issues as well as general IT tasks such as creating excel pivot tables etc.

At clause 7.4 the requirement asks that you determine:

(a) What to communicate: you are not expected to have a strategy for communicating every piece of data, just that data that you feel is relevant and important depending upon the risk. This might include production target, accident rates, environmental savings of energy and recycling, personal employee achievements, and financial reports etc. The question to ask yourself is; “What needs to be communicated”. Real-time, by the minute communications and non-important phone calls, don’t have to be captured as part of your communications strategy. Have you communicated your quality policy effectively?

(b) When to communicate: this might depend upon the type of communication and its level of importance. If a piece of information is critical to a production target at the beginning of each shift, then communication prior to the shift is essential. If there has been a safety accident, then swift communication describing the outcome of the investigation and corrective actions should be issued as soon as possible. If there has been an illegal discharge to a surface water drain, then a timely communication to the regulation authority is in order. If in your communication strategy you have made a commitment such as communication on sales figures each Monday morning at 90.00 hours, and you fail to do this, then you have a non-conformance against the process.

(c) Who the communicate is with: in your communications strategy, you might want to mention communication targets such as insurers, banks, regulators, contractors, transporters, hotels, hospitals, fire service, utilities companies etc. I’m naming these examples as they are communication targets that tend to be ‘set’ and always remain the same. I’m sure that in your organisation you could add many more to the list. If it’s also important that a particular person is contacted for these communication targets then this should also be captured.

(d) How to communicate: well, it might depend upon the importance of the message and the levels of risk. Would you send a real-time, system critical message by email? In that situation, it would be best to talk face-to-face or by direct telephone call. I would also back this up by sending a corresponding email. Email systems have settings that force the recipient to send a reply after opening the mail, this is also a good option for important messages. Digital display boards hanging above the shop floor are also good for real-time messaging. Letters or posters on a notice board are a very poor method of communication, people generally tend to walk straight past without taking any notice of anything displayed across them.

(e) Who is communicating: at point (c) above, I mentioned some communication targets that are set. It’s good to assign roles, responsibilities and authorities for persons who have the task of communicating with authorities such as regulators or insurance companies etc. would you want a recent new employee contacting and conversing with a regulator? I hope not, this task should be assigned to the person with the experience and knowledge that enables them to communicate effectively. Be sure to include at least one alternative in your communication strategy to cover holidays or absences due to sickness.

Having a clear communication strategy is critical for teams, managers and executives to perform their daily tasks so that desired outcomes can be achieved. Effective, planned communication processes allow for the smooth delivery of products and services and will help to alleviate problems caused by communication errors. If people know when and how to communicate because it’s written into a process, then you are crossing one more item off your ‘possible error’ list.

As an extreme example of what can go wrong due to a communication error, read the following brief description of what led to the Piper Alpha oil rig disaster:

What caused Piper Alpha disaster?

The primary cause of the accident was ruled to be maintenance work simultaneously carried out on one of the high-pressure condensate pumps and a safety valve, which led to a leak in condensates.

“The accident killed 165 out of 220 crew members and two crew members from the standby vessel Sandhaven.”

After the removal of one of the gas condensate pump pressure safety valves for maintenance, the condensate pipe remained temporarily sealed with a blind flange as the work was not completed during the day shift. Unaware of the maintenance being carried out on one of the pumps, a night crew turned on the alternate pump. Following this, the blind flange, including firewalls, failed to handle the pressure, leading to several explosions.

(https://www.offshore-technology.com)

Interestingly, ISO 9001:2015 does not have a requirement to maintain documented information for the requirements of clause 7.4. I fail to see how all of this information could be communicated properly without it being documented. I would recommend creating a form and calling it a ‘Communications Strategy’ document.

ISO 14001:2015

The same as for ISO 9001:2015 but with the following additions:

1. Take into account its compliance obligations: communicating with regulatory authorities is part of every environmental management system. This is one of the ‘set’ communication targets that I mentioned earlier. This must be captured into your communications strategy document.

2. Ensure the communicated information is consistent and reliable with the management system: your management system needs to be updated and maintained for the accuracy of information. Roles, responsibilities and authorities are important here, persons responsible for making observations, recording data analysis onto forms and entering this into the management system need to be clearly defined. Don’t leave important information to chance or guesswork.

3. You ‘shall’ respond to relevant communications on your management system: the term ‘relevant’ is subjective. What you decide to be relevant will depend upon the nature of the information and your organisational context. If we are referring to communications with regulatory authorities, then a timely response with accurate data is important.

ISO 14001:2015 does require that you maintain documented information as evidence of your communications. I would recommend creating a form and calling it a ‘Communications Strategy’ document.

ISO 45001:2018

The same as for ISO 9001:2015 but with the following additions:

1. You shall take into account your legal requirements: communicating with regulatory authorities such as the HSE (UK) is part of every safety management system. This is one of the ‘set’ communication targets that I mentioned earlier. This must be captured into your communications strategy document.

2. The organisation shall ensure that the views of external interested parties are considered: who your interested parties are will be dependent upon your organisational context. For example, clients will have safety requirements built into the terms of a contract, insurance companies, regulatory bodies such as the HSE (UK), contractors etc, will have safety requirements.

3. Ensure the communicated information is consistent and reliable with the management system: your management system needs to be updated and maintained for the accuracy of information. Roles, responsibilities and authorities are important here, persons responsible for making observations, recording data analysis onto forms and entering this into the management system need to be clearly defined. Don’t leave important information to chance or guesswork.

4. The organisation shall take into account diversity aspects: you are required to consider gender, language, culture, literacy, disability in your communication needs. Let’s not forget this is a health and safety standard the desired outcomes of which are to protect persons from accident or injury and to provide them with a safe working environment. Failures in communications regarding safety can lead to serious accidents. Having important safety information in a variety of languages, written in easy to understand terms, making the information easily accessible, and being able to present the same information in the form of a poster is good practice.

5. You ‘shall’ respond to relevant communications on your management system: the term ‘relevant’ is subjective. What you decide to be relevant will depend upon the nature of the information and your organisational context. If we are referring to communications with regulatory authorities, then a timely response with accurate data is important.

ISO 14001:2015 does require that you maintain documented information as evidence of your communications. I would recommend creating a form and calling it a ‘Communications Strategy’ document.

For Auditors:

ISO 9001:2015

• You will first need to establish what the organisation considers information that is relevant to the management system.
• Then check for what, how, when, with whom and by who communicates relevant information.
• Conduct random sample interviews to ascertain if persons are aware of how this information is communicated.
• Check if any non-conformances were caused by a lack of communication and if the corrective actions were effective and communicated to all interested parties.
• If there is a communications strategy document as part of the management system, check against the details of the document for example; if a communication is to happen each Thursday at 15.20, then check to see if this happens with failure.

ISO 14001:2015

As for ISO 9001:2015 but with the following additions:

• Check for an understanding of communicating with regulatory authorities such as by whom, when, how etc.
• Check if there is a process for ensuring the accuracy of data that is entered into the management system. How is the data validated and verified, when is this done and by who?

ISO 45001:2018

As for ISO 9001:2015 but with the following additions:

• Check for an understanding of communicating with regulatory authorities such as by whom, when, how etc.
• Check that the views of interested parties have been considered concerning safety. These would be evidenced in management review meetings, monthly safety meetings, external communications with regulatory authorities, consultants, industry bodies and manufacturers.
• Check if there is a process for ensuring the accuracy of data that is entered into the management system. How is the data validated and verified, when is this done and by who?
• Check that communications have considered: gender, language, culture, literacy, and disability. Look for information that is easily accessible, easy to understand, authored in alternative languages when necessary and is presented in a visual poster form if possible.
• Check for an understanding of communicating with regulatory authorities such as by whom, when, how etc.

Some further questions that I will be answering in future articles include:

• Which clause is essential for communication purposes?
• What is ISO communication?
• What is a communication procedure?
• What is external communication?
• How do employees communicate with QMS?
• What are communication policies and protocols?
• How do you bring quality awareness to your employees?