The scope of our quality management system is Volunteer Operations (VolOps), welfare service delivery.

All businesses and organisations are affected by both internal and external factors. By identifying what ours are, we can consider how they may have an impact on our operations. Therefore, within our management system, we can put in adequate control measures.

Our QMS and how it sits within the overall context of the organisation is summarised in the following diagram, with further information about Factors in the subsequent tables.

The following external factors affect the way in which VolOps conducts its business and delivers its services, to varying degrees.

The following internal factors may affect the way in which we conduct our business and delivers our services, to varying degrees.

“Interested parties” (often referred to as stakeholders or stakeholder groups) means anyone who has an interest in our operations and how we deliver our services through one form or another. We have identified who our interested parties are and what their needs and expectations of us as an organisation are in the table below:

We need a policy for our QMS which must be reviewed and signed off by the Director of VolOps (DVO) annually. The latest policy will be communicated throughout the organisation and available to any interested parties upon request.

The quality policy forms the core of our QMS. Any processes and procedures are created and followed, to ensure we meet the terms of the policy and senior leaders will monitor adherence throughout and via internal audits.

The VolOps Senior Management Team (SMT) must demonstrate leadership by providing adequate resources, strategic direction, establishing roles and responsibilities and encouraging the integration of quality into our day-to-day operational activities.

The QMS is seen as everybody’s responsibility within our organisation.

Roles, responsibilities and authorities have been delegated with regards to the effective running of the management system. However, overall accountability rests with DVO and VolOps SMT.

Each role within VolOps is defined in a role/job description which describes key responsibilities and the person specification (i.e. the skills and knowledge required of the role holder). Staff are recruited against these job descriptions.

We have set a number of Objectives and Key Results (OKR) that will enable us to develop our management system throughout the NDP trial. These OKRs are set out in a separate document.

Our objectives should also be linked to our wider operational goals and targets.

Any risk or opportunity our operation might face will arise from the external and internal issues/ needs and expectations of interested parties listed earlier in this document (see External and Internal Factors and Interested Parties above).

A risk-based approach is adopted to address the challenges we are faced with, particularly regarding the external and internal issues of the organisation and the needs and expectations of interested parties.

Risks are managed in accordance with the SSAFA Risk Management Policy, with a specific Risk Register for identifying, qualifying, quantifying and mitigating risks to the NDP programme.

Leadership is responsible to ensure that adequate resources are provided for effective implementation of the QMS. Our resources can be generalised and split into two categories: infrastructure and people.

Our infrastructure is made up of buildings, office space, computers, desks  software. Each of these resources must be fit for purpose and it is up to senior management to ensure they are sufficient for employees to complete their required tasks and duties. In addition, software licenses must be kept up-to-date, and it is critical that all data is backed up to ensure it can be retrieved.

By law, we are required to comply with legislation and regulations regarding both our premises and our employees, all of which are observed.

People

Adequate people should be provided to ensure effective execution of processes and QMS. We evaluate our needs at regular intervals as the needs may vary over a period of time (e.g. new projects or changes in requirements). Where relevant we review capabilities and constraints of internal resources and, as appropriate, gain support from external providers.

Our people are our most valuable resource. Therefore, we record our organisational knowledge through training records, a record of any training which has been completed and when any certificates expire.

Infrastructure

We determine, provide and maintain infrastructure required for the efficient and effective operation of the organisation. By infrastructure we include hardware, software, equipment, and communication facilities. Infrastructure maintenance includes updates to hardware and software in a way that ensures smooth execution of the operations. We have a change control policy that establishes a standard process for requesting, planning, communicating, approving, implementing and reporting changes to FHS services and systems

Environment for operation of processes:We maintain social, psychological and physical aspects of the work environment for people to operate efficiently. These include workplace location (with many of our staff now working remotely) and the provision of the equipment, applications and support necessary. We have policies and provide advice and guidance to create a workplace that is safe (physically) and is free of discrimination or harassment.

Measures are taken to provide an environment which is suitable for the operation of our processes and ensuring conformity of service delivery.

Policies and procedures have been established to manage the social, psychological and physical factors of the organisation and the Health and Safety at Work Act 1974 is observed to ensure a ‘safe place to work’ – this extends to caseworkers visiting beneficiaries homes.

Documented information is backed up to ensure it is retrievable. Guidance is given to staff relative to their responsibilities with regards to confidential information.

Organisational Knowledge

It is important to keep up to date our organisational knowledge to ensure we address any changing needs and trends. This is achieved through the experience of our personnel and internal and external sources.

Staff are recruited based on the job requirement and can include educational achievement and experience. Ongoing training assessments are conducted with training provided to ensure competence levels are maintained. Documented evidence of competence is maintained.

Communication processes within the organisation are demonstrated through awareness as to the requirements of the QMS including the policies, objectives, contribution and implication of non-conformance is undertaken both for staff and external providers. Awareness communication channels include induction for new staff, regular staff and team meetings, day-to-day verbal direction.

The term ‘documented information’ refers to any written document, either hard or soft copy, which is required by the standard or by the organisation’s operations and activities. However, it also includes software and external documentation.

It is imperative that only approved documents are used to ensure consistency. Should a document require an amendment or improvement, or if a new document needs to be created, the procedure belowmustbe followed:

IMPORTANT NOTE: All documents must be protected against a) unauthorised access or amendment b) virus or corruption. In addition, it must be backed up and stored in a way which is easily retrievable. Finally, the retention period of documented information shall be identified in line with statutory, regulatory or SSAFA policy/ practice and recorded.

It is critical all documentation, data and records are backed up. This will allow them to be retrieved in an emergency or if they are accidently lost or deleted.

It is also important to put in place certain access restrictions to ensure confidential or sensitive information is only accessible to authorised personnel.

Within each step of our processes there are several standard procedures which must be followed by all employees, at all levels, to ensure we meet our service user requirements. These processes and procedures must be internally audited to ensure they are a) fit for purpose and b) complied with.

Reviewing our external providers is important to ensure that our own service delivery is not affected or impacted, and we can continue to meet the needs and expectations of our service users.

Third party levels of compliance and checks are completed before any supplier is engaged with across all areas of SSAFA, through competition and/or due diligence.

Any external provider or third party with who we share [personal] data is covered by the Data Processing Agreements procedure and is recorded on the relevant register. This procedure (which requires relevant Data Protection Impact Assessments (DPIA), Due Diligence and Data Sharing Agreements) and the register are maintained centrally for SSAFA by the Data Governance Manager.

Client focus is at the heart of everything we do and we aim at meeting their requirements and needs, ensuring our service meets quality standards.

Therefore, requesting, recording and analysing any feedback we receive is critical in ensuring we are meeting user requirements but also to identify any pitfalls in our service. Our process for this is as below:

• Face-to-Face meetings
• Questionnaire procedures with service users
• Use of surveys

We will undertake the following actions to identify opportunities and achieve the continual improvement of our management systems:

• Setting of objectives
• Regular review of the quality management policies
• Review of the management system, trend analysis and evaluation takes place with a view to identifying opportunities for improvement
• Staff suggestions for improvement
• Robust internal communications, including the cascading of important information via the management hierarchy.
• Regular review of staff competence, organisational knowledge and awareness levels with training implemented as required
• Internal Audits – opportunities arising from non-conformances identified
• Client survey – feedback is evaluated and used to implement improvements
• Keeping up to date with changes and advancements in the use of technology and systems across the sector
• Senior management taking ownership of the management system and looking for improvements when reviewing the organisation’s strategic direction
• Impact Assessment/Evaluation of our service delivery.

Internal audits of our own management system are planned and carried out to ensure that our processes and procedures are a) being followed b) fit for purpose. An internal audit schedule outlines what audits need to be undertaken and when.

Internal audits will review a sample of recent worked examples or a procedure as it is happening in real-time. Audits will be planned and scheduled on a risk-based priority.

The Audit Report document from each internal audit will include:

• The procedure being audited
• The auditee
• Any evidence that was reviewed
• The findings
• Any opportunities for improvement or non-conformances
• Any follow up-action required

Compulsory reviews of the management systems must take place on a planned basis. These are called MRM and they should follow an agenda where compliance to each clause of the standards is discussed. The minutes from these meetings must be recorded.

There will always be ideas to improve our ability to meet client needs and increase satisfaction levels. These are known as ‘opportunities for improvement’ (OFI).

Opportunities for Improvement will likely cover ways to:

• Improve our services
• Address future needs and requirements of clients
• Correct, prevent or reduce undesirable actions or outcomes
• Improve the performance and effectiveness of the QMS

When an OFI is raised it should be logged, discussed (e.g. at the MRM) and actioned as appropriate.

Sometimes, procedures are followed incorrectly, service delivery falls short or incidents occur. When this happens, we must record the instance as a ‘non-conformance’.

What can constitute a non-conformance?

• Failure to meet our legal and regulatory requirements
• Failure to comply with our own standards
• A non-compliance with policy, core procedure or protocol
• Client complaint

All non-conformances should be recorded and analysed regularly to spot any trends or patterns.

See separate Non-Conformance Procedure document.

When a non-conformance is raised, it is crucial that corrective action is used to:

• solve the issue; and
• ensure it doesn’t happen again.

The root cause for any significant non-conformance must be identified before appropriate corrective action can be applied to ensure that the implemented solution is effective. Furthermore, it is best practice to:

• Keep a log of any corrective action required and taken for all non-conformances
• Allocate an accountable individual for implementing the corrective action
• Determine how the corrective action has eliminated reoccurrence of the non-conformance
• Provide a deadline for it to be completed by.