Regulations and standards play a fundamental role in quality assurance (QA) by establishing clear parameters that organizations must meet to ensure the safety, effectiveness, and reliability of their products or services.
This topic spans multiple industries, from pharmaceuticals to automotive, and its relevance lies in how these regulations not only ensure legal compliance but also drive innovation and continuous improvement.
What are regulations and standards?
Regulations serve as a framework that defines the minimum expectations for processes and products. We could say that regulations establish the minimum quality expectations for products and services that enter the market. In highly regulated industries like pharmaceuticals or food, these standards dictate specific practices such as rigorous testing, detailed documentation, and regular audits.
Some examples of highly regulated sectors include:
- The pharmaceutical industry.
Similar to food and cosmetics, standards like Good Manufacturing Practices (GMP) ensure that medicines, food, and products are safe and effective, requiring strict controls throughout the production process.
Although it may seem like a single regulation/standard, there are differences between bodies such as the European Union, the U.S. FDA, and even older references like the World Health Organization.
- The automotive sector.
Another highly regulated industry, standards such as ISO 26262 ensure the functional safety of electronic systems in vehicles. This standard is crucial because vehicles now include a large number of electronic components due to decades of ongoing miniaturization.
A striking example of the importance of these components was the supply chain shock during early COVID-19, where shortages led to price spikes, cancellations, and months-long delays in deliveries.
Non-compliance with these regulations can lead to serious consequences, including fines, loss of consumer trust, and reputational damage.
While technology is well-assumed in software and internet domains, in many other sectors it remains a critical enabler of both innovation and regulatory compliance. It provides a common framework for all market players to operate fairly and avoid potential abuses of unregulated free markets.
One example would be green regulations and initiatives worldwide that have driven the transformation of the energy mix toward lower-emission sources.
Impact on quality management processes
Given the above, it’s clear how essential technology is in quality processes, from early stages to final implementation and public availability. Given the critical nature of QA processes, the following elements should be considered:
- Regular audits. Identify gaps before they become major problems. For instance, ISO certifications require periodic renewals to confirm the process remains valid.
- Comprehensive documentation. Provide clear evidence of compliance during regulatory inspections.
- Staff training. Ensure all employees understand and commit to applicable regulations, fostering a culture of quality.
Strategic benefits of compliance
While some regulations or standards are optional, compliance offers tangible benefits:
- Consumer trust
- Products that meet recognized standards build greater credibility. For example, in the European auto industry, Euro NCAP safety ratings inform consumers about vehicle safety.
- Innovation
- Regulations encourage the adoption of new technologies to improve processes. Emissions standards or the push toward electric vehicles are clear examples of regulatory-driven innovation. Another is ISO 14001, which provides a framework for managing environmental risks.
- Operational efficiency
- Standardization helps reduce costs associated with errors or defects, allowing early detection of deviations.
Measuring the impact on quality
The impact of regulations on product quality can be measured using various methodologies and tools, evaluating both compliance and outcomes in terms of customer satisfaction, operational efficiency, and defect reduction.
Here are a few key indicators:
First Time Quality (FTQ)
First Time Quality (FTQ) measures the percentage of products that meet quality standards on the first try, reflecting the effectiveness of regulated processes.
If, for example, you manage quality at a screw factory and 20% of the output doesn’t meet expectations (bad finish, wrong threading…), this metric will show it. Our goal is always to get as close as possible to 100%.
Rejection rate
Calculates the percentage of defective products versus total output, signaling problems with standard implementation.
Cost of poor quality (COPQ)
They include expenses associated with rejected products, claims, and penalties, showing the financial impact of non-compliance. It’s worth noting that these costs of poor quality can also include estimates of intangible costs, such as the loss of consumer trust or damage to the company’s reputation.
In the field of quality, we have specific certifications that verify whether our systems meet certain quality standards. Among them is ISO-9001, which sets the benchmark for how Quality Management Systems (QMS) should operate.
Before diving into the various key indicators available—some already mentioned—it’s important to remember that quality standards do not specify the exact indicators that an organization must follow.
The organization’s responsibility is to “determine and apply the criteria and methods (including monitoring, measurement, and related performance indicators) necessary to ensure the effective operation and control of these processes,” as stated in the standard itself.
As a preview of the next section, it’s important to note that each industry and sector is governed by different indicators, so the ones below are some of the more generic metrics that cover a broad portion of the possible spectrum.
Generic Key Indicators
A fundamental idea to remember about KPIs, or key indicators, is that they must serve the organization’s continuous improvement process and meet SMART criteria—that is, they must be Specific, Measurable, Achievable, Relevant, and Time-bound.
An indicator must have a clear purpose and serve the organization, which means it should be reviewed, refined, and updated over time to remain aligned with the goal of continuous improvement. Likewise, generic indicators like “Quality” are meaningless unless they are quantifiable and contextualized.
When focusing on the customer, we have a wide range of indicators to help with decision-making, such as average complaint resolution time, customer retention rate (or its inverse, the churn rate, measured over days, months, or years depending on the industry), and number of complaints.
In quality systems, there are also metrics like defects per million or customer satisfaction, measured using Net Promoter Score (NPS), Customer Satisfaction (CSAT), or Customer Effort Score (CES). While they differ in scope, these indicators all aim to express how satisfied and valued customers feel with a company and its products.
Here’s a practical example you’ve likely experienced: when you call a telecom company’s customer service and, at the end, you’re asked to rate the service from 1 to 10. That’s NPS in action—scores of 9–10 are promoters, 7–8 are passives, and 6 or below are detractors. Calculations are then made to produce a single score. Of course, one indicator alone is not enough; context and complementary data are essential for relevance.
We can also define internal performance indicators for areas like human resources—employee satisfaction, turnover rate, and knowledge renewal index, to name a few. The tech industry, for example, tends to have higher turnover than sectors like metal manufacturing, where it’s typically much lower.
There are a couple of indicators I personally find quite versatile across multiple domains—safety, quality, or development. These are Mean Time Between Failures (MTBF) and Mean Time to Repair (MTTR).
- MTBF measures the average time between two failures in a given process, machine, instance, or system.
- MTTR measures the average time it takes to repair a system after a failure—i.e., from detection to full recovery.
With these two data points, we can identify bottlenecks in production processes. Based on earlier principles, we might discover that emergency procedures are poorly defined or that staff require additional training.
Even with such simple data, we can build change proposals that genuinely improve our processes.
Software Indicators
Since we’re a technology company, let’s also talk briefly about software-related indicators. While there are many, here are a few core ones:
- Code coverage: measures how much of the codebase is covered by tests, typically unit tests.
- Code churn rate: tracks how frequently code changes; higher churn means greater risk of introducing bugs. Common intervals are 30 or 60 days.
- Error rate vs. delivered functionality, also known as the rework rate. Closely tied to churn, this measures how often features are modified shortly after release.
There are countless others, but this article would never end if we listed them all. To name just a few more: active platform users, deployment frequency (a common DevOps metric reflecting how quickly new features are released), and a classic management metric—team velocity, which measures how much functionality a team can complete per unit of time.
Different Sectors, Different Standards
Below are examples of standards across various industries to illustrate the diversity in this field.
- AS 9100
- AS 9110
- AS 9120
- ISO 9001 (previously discussed)
- IATF 16949
- ISO 26262 (also previously discussed)
As mentioned earlier, the food and pharmaceutical industries follow Good Manufacturing Practices (GMP).
In the financial sector, methodologies like CAMEL or SERVQUAL are applied, alongside frameworks like Prudential Supervision (PRES) and regulations such as:
In the technology sector, standards such as ISO 9001:2015 or ISO 10006:2017 are often used, applying the PDCA cycle (Plan-Do-Check-Act) and techniques like the Delphi method or Monte Carlo simulations, also used in industries like finance.
Conclusion
This article aimed to establish the foundations of understanding your industry’s standards and regulations, and to highlight the value these frameworks bring when planning and executing successful quality strategies.
Have you experienced challenges or successes related to regulations? Share your thoughts in the comments 👇.
Luis Chueca
Zaragoza-born by blood and, among other things, an avid reader of science fiction and fantasy. I’ve always had a spark for technology running through my veins, and eventually, fate gave me the chance to turn one of my passions into a career. I spent part of my life working as a full-time developer, and although it was fulfilling, I knew I could contribute even more—so I moved to the quality assurance side to push every project I’m involved in toward excellence. Nowadays, part of my focus is on automation—not just of tests, but of processes that help the whole team improve, step by step, every single day.
View more of Luis.More thoughts about this.
Read more.
Improving test quality with mutation testing.
QA in IoT: How to Ensure Reliability in a Connected World.
Mutation Testing in Spring Boot 3 Projects: Beat the Slowness and Supercharge Your Tests.
More Than Paperwork: Why Documentation Still Matters in QA (and How to Use It Effectively).
Comments are moderated and will only be visible if they add to the discussion in a constructive way. If you disagree with a point, please, be polite.
Tell us what you think.