Abstract
Qatar Biobank (QBB) is a platform that will make vital health research possible through its collection of samples and information on health and lifestyle from the local population of Qatar. The goal of QBB is to collect, process, store, and finally share high-quality biological samples and associated data for research purposes with the research community. To do this, a series of standardized procedures following evidence-based practices are required, and QBB is achieving this by implementing an integrated management system (IMS) that incorporates ISO 9001: 2015 and ISO 27001: 2013 standards. ISO 9001 is one of the most commonly implemented quality management systems as it is applicable to any size of organization. ISO 27001: 2013 is increasingly popular as organizations look to manage their data and information security, especially in the light of the recent General Data Protection Regulation legislation and an ever-changing digital landscape. QBB has achieved certification in both ISO 9001: 2015 (originally 2008 standard) and ISO 27001: 2013 since 2014. In 2016, during preparations for recertification of both standards in 2017, QBB chose to integrate both of the management systems in preference to running them in parallel, without compromising the goals and objectives of QBB. The IMS has ensured that rigorous processes and controls are implemented to not only manage the quality of internal and external processes and services provided, but the privacy and confidentiality of data collected during a participant visit are consistently protected as well as a proactive approach to identifying and managing risk within the organization. This article will explore the impact of implementing an IMS on the continuous improvement of services within QBB.
Introduction
An integrated management system (IMS
Qatar Biobank (QBB) has implemented an IMS by combining the ISO 9001: 2015 Quality Management System standard and the ISO 27001: 2013 Information Security Management System standard. The IMS is structured to provide a robust, comprehensive, and continuously improving management system in a manner that ensures customer satisfaction as well as a commitment to quality and information security performance.
QBB has identified two types of customers: participants and researchers. QBB first gained ISO certification in 2014 after only 2 years of operation and has maintained the standards required to achieve recertification in 2017 for both ISO 9001: 2015 and ISO 27001: 2013. There were two key reasons for QBB adopting the ISO 9001: 2015 standard, and these were self-improvement through identification of internal and external needs and the management of the public image and marketing of QBB. 2 The key reason for adopting ISO 27001: 2013 was to ensure the security of the data collected and held within QBB.
Through the integration of both standards, QBB top management was able to identify areas of commonality and these are identified in Figure 1. With the identification of common areas between ISO 9001: 2015 and ISO 27001: 2013, if in the future another management system is introduced with shared common areas it will result in an easier integration and reduction in the duplication of work.3,4
Common areas between ISO 9001: 2015 and ISO 27001: 2013.
As both ISO standards follow a Plan, Do, Check, Act (PDCA) process 5 the work can be more streamlined and reduce duplication. Figure 2 illustrates the PDCA cycle for the IMS implemented at QBB.
QBB PDCA cycle. PDCA, Plan, Do, Check, Act; QBB, Qatar Biobank.
Strategic business objectives for both quality and information security are set and measured using key performance indicators (KPIs). The effectiveness of the objectives and the overall IMS is measured through three key activities: the internal audit process, performance evaluation, and the management review process. Other ongoing evaluation criteria include the management and review of improvement, nonconformity and corrective actions procedure. The nonconforming outputs help to identify gaps in processes and activities and provide a way to manage these through corrective actions. Additional performance evaluation is completed to assess the effectiveness of our suppliers. Owing to the impact their services may have on the overall effectiveness of QBB, this is a useful tool to help understand where services or processes may be falling below expectations. 6
The internal audit process in QBB is designed to assess the effectiveness of the IMS and overall performance. It demonstrates compliance with the planned activities in the PDCA process. To accomplish this, internal auditors are selected from all departments in QBB and trained by a recognized standards body to develop the skills and knowledge to become competent to fulfill the role and requirements of a successful audit process. This opportunity encourages staff development and provides staff with a better insight into all activities within the organization and how processes are interconnected, as each auditor could not audit their own department. Initially a change in mind-set was required as the purpose of the internal audit was to find evidence of compliance to a system and not to search out evidence of nonconformity.
The management review procedure (MRP) within QBB has been designed to review and evaluate the IMS at planned intervals to ensure its continuing suitability, adequacy, effectiveness, and alignment with the strategic direction of QBB. The MRM focuses activities to ensure readiness for the next audit. The minutes from the previous management review meeting and follow-up actions from previous MRP£ (status) are reviewed, as well as a review of the policy statement to ensure it is still valid. Changes in the external and internal issues relevant to the IMS and the performance and effectiveness of the IMS are monitored through the following areas:
Compliance review (audit results—internal and external) Objectives (KPIs—quality management system [QMS] and information security management system [ISMS]) and opportunity for improvement through review of KPIs Customer feedback and complaints Training plan/competency/effectiveness Equipment calibration Supplier evaluation Nonconforming outputs and corrective actions Health safety incidents (accidents/near miss/emergencies) and information safety incidents Effectiveness of actions taken to address the risks and opportunities (strategic risks and ISMS risks) Improvement plans Legal requirements and compliance Status of services delivered to customer (researcher) Adequacy of resources Changes in the management system Overall performance and service conformity.
Performance evaluation relates to the activities related within the scope of the IMS. As both ISO 9001: 2015 and ISO 27001: 2013 require performance evaluation this is covered through the following operations in QBB:
Operational procedures of each department
Established KPIs for key processes
Internal audit/compliance review
Feedback and complaint handling process
Nonconformity and corrective actions.
Customer satisfaction of the services provided and customer perception of QBB are very important and the monitoring, measurement, analysis, and evaluation of these factors provide information to the top management about whether the requirements are being met. Methods such as customer surveys are used to establish a basis for information and trend analysis. 7 Currently, QBB customers are asked to complete a survey at three different time points and the results of these will be discussed in this article.
Types of customer survey:
Participant feedback—upon completion of the initial visit by the participant in QBB
Overall participant feedback—completed by the participant after receiving their results feedback by the medical office
Researcher feedback—upon completion of their research project.
The implementation of the IMS has standardized the documentation required within QBB. It is suggested in the literature that the perception from staff about the main outcomes of implementing a management system is that there is an increase in the documentation required.8,9 Documentation within QBB is considered in two categories, as internal and external. External documentation includes regulatory, legal, and scientific requirements, which include the research access application procedure, nondisclosure, and material transfer agreement documents. Internal documentation is related to the specific processes and tasks to show compliance to the ISO standards such as work instructions and forms. Within QBB documentation identified as required to ensure a functioning IMS are shown in Figure 3. The IMS manual describes the scope of the system; procedures describe how processes are completed and define the staff roles and responsibilities. The work instructions are clearly defined sets of instructions that must be followed to complete a task. Finally, forms and records are used to demonstrate conformity. 1 Standardized documentation has proved vital for the orientation and development of staff, and it helps to minimize confusion through clarification of responsibilities of staff grades, roles, responsibilities, and consistency of actions.
QBB IMS documentation. IMS, integrated management system.
Documents are reviewed on a yearly basis and are updated as required to reflect changes in practices.
Methods
From the initial ISO certification in 2014 until the end of 2016, QBB ran both ISO management systems in parallel. However, in preparation for the 2017 recertification the decision was made to integrate the two systems.
Measuring the success of the IMS is done through the identification of objectives, which are in line with the strategic business plan for QBB. Self-defined quantifiable markers are used to measure the effectiveness of the objectives on a quarterly basis. The IMS objectives set for QBB include ensuring that the QBB recruitment strategy continuously meets its target for eligible recruitment of participants. The continuous monitoring of overall participant feedback, with expected approval percentage to be >90%, and the continuous monitoring of researcher feedback with an expected approval percentage to be >80%, are all key to the success of the organization.
The public image, perception of the research, and marketing of QBB are important aspects to be considered in Qatar. QBB has developed a service that provides participants with a 5 star experience that is safe, clean, and private. With a small population, word of mouth marketing and social media have been very successful in maintaining participant recruitment numbers, and so it is vital to ensure the expectation of the top management and stakeholders of a 5 star service matches that of the public image. Customer satisfaction and customer perception are vital to the ongoing recruitment strategy for QBB. The standardized processes created help to improve customer relations and reduce and manage complaints. The ISO certifications help to give customers and stakeholder's credible signs of assurances and commitment to quality standards and security.
Results and Discussion
The results provide an overview of the customer feedback and internal and external audit findings from 2014 until 2019. The internal audit process and training for the selected internal auditors have proven to be invaluable. Table 1 shows the results of audit findings from 2015 until 2019. In 2015, the internal auditors found a total of 22 observations and 3 nonconformities across both management systems. The expertise of the internal auditors has successfully highlighted gaps in processes that have been resolved or action plans implemented before the external audit procedures. To ensure smooth surveillance and recertification procedures each year to the point in 2019, only one opportunity for improvement was identified across both management systems during the external audit.
Internal and External Audit Finding Results
Positive observation.
Observation.
Opportunity for improvement.
Nonconformance.
IMS, integrated management system; ISMS, information security management system; QBB, Qatar Biobank; QMS, quality management system.
The results of the three customer surveys show areas of great strength and customer satisfaction in the services provided; however, they also highlight areas that require improvement and areas where improvement is ongoing. The participant feedback survey commenced in 2014 and the results from 3380 participants show that each year >92% of respondents are satisfied with the services provided and would recommend QBB to a family member of close friend. The overall feedback survey collected after the results feedback are given and rates the quality of overall services provided. The results from 3966 surveys from 2014 to 2019 show areas where customers have positive assessments of QBB, and include overall services provided that are consistently rated as either excellent or very good; since 2014, the feedback percentages are consistently >95%.
An area identified as a weakness is the length of time participants had to wait for their results feedback after their QBB cohort visit. After identifying a shortage of medical staff the results have improved from year to year and currently show a 91% satisfaction rate. The researcher feedback survey, which is completed at the end of the research project, commenced in 2017 and only nine results have been collected to date. The results show researchers are satisfied with most of the services provided, including the ease of accessing information and the quality of data and samples provided. However, dissatisfaction with the waiting time between the research application and the provision of samples and data to the researcher was identified.
During the management review process a decision to allocate additional resources to improve turnaround times from application to delivery was made. Another area QBB is working hard to improve is the awareness of the availability of QBB resources within the Qatar research community through awareness and information sessions to local universities and research centers.
A staff engagement survey was created in 2019 and sent to 74 employees, and 60 completed surveys were returned. The survey asked staff about their perception of working with an IMS and the impact it has on the quality of services and their work. The staff engagement survey in Table 2 returned positive results. Totally 100% of all responders agreed that the quality of work and services are better now. How much of this can be attributed to the IMS and how much from experience and growth is a topic for debate.
Staff Responses to the Impact of ISO Certification
The implementation of an IMS is not reflected in the customer satisfaction results, as percentages remain consistently high and in line with the KPIs set internally within QBB. The benefits of having an IMS have had a greater impact on staff and operations, while maintaining a consistently high level of service externally. With the implementation of the IMS, QBB has embarked on a path of continuous improvement, which has helped to support the organization during a period of significant growth and development. New departments and processes have been created, participant numbers increased, and staff numbers have increased by >30%.
Undoubtedly, without such a robust IMS in place many more challenges would have been encountered, from the introduction of new services to the induction and orientation of the new employees. The identification of needs and gaps in established processes are being quickly identified and acted on by all staff, who are now engaged as part of their daily role to be aware of the need for continuous improvement, as shown in the internal audit statistics. As QBB continues to grow and develop, the need for further management systems may be identified. With an IMS, the introduction of further standards can be managed with ease and confidence.
Footnotes
Author Disclosure Statement
No conflicting financial interests exist.
Funding Information
No funding was received.