Archive for April, 2009

Information Security

Wednesday, April 1st, 2009
Performance Improvement Solutions for Your Business Needs April 2009
Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet. In this issue

Greetings!

Welcome to Sustaining Edge Solutions E- Newsletter

Our newsletters provide guidance on operational and quality systems ISO 9001, AS9100, ISO/TS 16949, TL 9000, ISO 13485, ISO 14001, and others. This includes process improvement methods Six Sigma, Lean Enterprise, and other topics of interest to our readers.

If you have any questions about the articles appearing in this issue, or you want to suggest topics for future issues, please let us know.

Newsletter Sign-up

Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet. Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet. Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet.

Information Security
Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet.

Security matters have become an integral part of daily life, and organizations need to ensure that they are adequately secured. Businesses risk losing over $1 trillion from loss or theft of data and other cybercrime, according to a recent study by security technology firm McAfee. They found that malware increased by 400 percent last year

The survey found 80% of the malware is aimed at making a financial gain, rather than the traditional viruses and worms which just have nuisance value. The increase in the availability and power of removable storage, such as mobile phones, laptops, and USB sticks, has made data loss or theft much easier.

Data loss is a major threat in today’s technology world and it may be the right time for your organization to consider implementing an ISO/IEC 27001 Information Security Management System (ISMS).

An ISMS describes activities that relate to the protection of information and information infrastructure assets against the risks of loss, misuse, disclosure or damage. describes controls that an organization needs to implement to ensure that it is sensibly managing these risks.

The risks to these assets can be calculated by analysis the following issues:

  • Threats to your assets. These are unwanted events that could cause the deliberate or accidental loss, damage or misuse of the assets.
  • Vulnerabilities. How susceptible your assets are to attack.
  • Impact. The magnitude of the potential loss or the seriousness of the event.

According to the ISO/IEC committee responsible for this standard, ISO/IEC 27001 is intended to be suitable for several different types of use, including:

  • Used to formulate security requirements and objectives;
  • Used to ensure that security risks are cost- effectively managed;
  • Used to ensure compliance with laws and regulations;
  • Used as a process framework for the implementation and management of controls to ensure that the specific security objectives of an organization are met;
  • Used by management to determine the status of information security management activities;
  • Used by internal and external auditors to demonstrate the information security policies, directives and standards adopted and determine the degree of compliance with those policies, directives and standards;
  • Implementation of a business enabling information security; and
  • Used to provide relevant information about information security to customers.

As the trend in information security continues to change from technical security controls to a greater concern for overall business risk management, ISO 27001 will continue to grow as the recognized standard to guide businesses in the establishment of an acceptable level of risk tolerance and to successfully manage and mitigate risk in an interconnected eBusiness environment.

Look for more information on ISO 27001 including its companion documents and our ISMS services later this month on our web site.

Purchase the ISO 27001:2005 Standard at ANSI Store

Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet.

Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet. Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet. Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet.

Error Proofing
Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet.

The current economic conditions provide an excellent opportunity to implement error-proofing in our product designs and processes. You have probably heard many names used to describe error-proofing, such as poke-yoke, idiot proofing, fail safes, and mistake- proofing.

Mistake-proofing is the term applied to prevent mistakes from occurring in the manufacturing process, to eliminate the error from further processing, to warn that the error has occurred etc. We use error-proofing in design to prevent assembly errors. Examples include adding design features upside-down; backwards or reversed assembly; using snap-together features to eliminate fasteners (thus eliminating missing fasteners or incorrect, high/low torque etc.). However, most people use the terms mistake-proofing and error-proofing interchangeably.

W. Edwards Deming observed: “Quality comes not from inspection, but from improvement of the process.” It’s a point that’s too often forgotten. Rather than looking for defects after the fact, the true goal of manufacturing engineers and managers should be to install processes that yield zero defects.

Error – proofing falls into certain specific categories:

  • Physical: Error-proofing involves installing components like fixtures or sensors to eliminate conditions that may lead to an error.
  • Operational: Error-proofing involves making modifications or installing devices that reinforce the correct procedure sequence.
  • Philosophical: Error-proofing involves identifying situations that cause defects and doing something about it-empowerment of the workforce, for example.

Approaches to error proofing include prevention, which seeks to prevent errors from creating defects, and detection, which detects defects and immediately initiates corrective action to prevent multiple defects from occurring.

A very useful tool in error proofing is Failure Mode Effects Analysis (FMEA). Our March Newsletter included information on the purpose, risk Identification and control of FMEA.

Why implement an error-proofing system?

  • Competitive advantage: In a global market the cost of quality is part of a company’s competitive advantage. It costs far less to prevent defects from occurring in the first place than to catch them later through inspection, and then find that you must rework or repair them.
  • Knowledgeable workers: When every employee understands the principles of error-proofing, work teams can see more easily how defects are generated, and can then act effectively to eliminate them.
  • Predictability: If our machines (manual or robotic) include error-proofing devices, then we are assured that the end product will be defect-free. This outcome eliminates inspection and rework operations, as well as scrap, all of which increase manufacturing costs.
  • Reduced variation: Error-proofing devices also ensure that all sub-assemblies and completed assemblies are exactly the same. There will be little chance of part-to-part variation if machines are designed or modified to prevent errors and their resulting defects.
Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet.

Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet. Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet. Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet.

Writing Checklist for Documents
Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet.

When writing a procedure, keep in mind these questions:

  • What is the objective of process? Know its purpose before starting.
  • Which activities are part of scope? Agree on coverage of activities.
  • Who is responsible for these activities? Identify key process players.
  • What are inputs and who are suppliers? Identify inputs and providers.
  • What are outputs and who are customers? Identify outputs and recipients.
  • What is referenced as an information source? Identify related documents.
  • What is the logical series of steps? Organize the steps in a logical sequence.
  • How are the activities performed? Interview users and observe operations.
  • Which departments use the process? Know readers and users of the process.
  • What reports or records are generated? Identify records for the process.
  • What forms are used? Don’t overlook forms used to collect information.
  • When and where is the work performed? Identify timing and location of work.
  • What products are covered by the process? Define its applicability.
  • What process documentation already exists? See if documents can be adapted.
  • What are the requirements of the process? Know user and organization needs.
  • What are the quality criteria? Identify the acceptance criteria.
  • What are the related procedures? Ensure compatibility with other processes.
  • Which tasks have or need instructions? Add or refer to needed instructions.
  • How might the process be audited? Be able to demonstrate conformity.

Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet.

Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet. Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet. Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet.

New ISO 14000 EMS Series in 12 languages
Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet.

A newly revised ISO standard will facilitate even further the application of the ISO 14000 series on an environmental management system (EMS). By establishing a common vocabulary, the standard will ensure the effectiveness of communication, key for the implementation and operation of environmental management systems.

This third edition of ISO 14050:2009, Environmental management – Vocabulary has been fully updated to include the latest developments in the field. The standard now provides clear and concise definitions of all concepts and terms used throughout the ISO 14000 series in the three official ISO languages, English, French and Russian, as well as in Arabic and Spanish. The standard also provides equivalent terms in Dutch, Finnish, German, Italian, Norwegian, Portuguese and Swedish.

An ISO survey published last year showed that up to the end of 2007 at least 154,572 certificates of compliance with ISO 14001:2004 (requirements for environmental management systems) had been issued in 148 countries.

Håvard Hjulstad, Convenor of the ISO/TC 207 Terminology Coordination Group which developed the standard, said “Given the global context, and the extent of the application of the ISO 14000 standards, it is clear now more than ever that ISO 14050 is crucial for ensuring that all the users of these standards are on the same page, no matter where in the world they are.”

Currently there are 21 published standards in the ISO 14000 series. ISO 14001 and ISO 14004 provide requirements and guidelines for establishing an EMS. The rest address specific environmental aspects including labeling, product design, performance evaluation, greenhouse gases, life cycle assessment, communication, and auditing. ISO 14050 compiles the terms in all these standards in one practical document.

Aligned with the release is a video clip, ISO 14001 – the world’s environmental management system standard. The video clip can be downloaded free of charge from ISO’s Web site. It is also available in high resolution on DVD for being shown in conference settings. The DVD version is also free, although postage and handling will be charged. Watch the 5 minute video clip in English only on YouTube.

We do offer training and consulting services in 14001 EMS.

Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet.

Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet. Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet. Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet.

User Software Document Development
Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet.

When application software is used accurate information about how the software will help the user accomplish a task is necessary. The documentation may be the first tangible item that the user sees and therefore influences the user’s first impressions of the software product.

ISO 26514:2008 – Systems and Software Engineering – Requirements for Designers and Developers of User Documentation, covers the phases involved in designing, specifying, and producing user documentation. It is divided in two parts:

1. The first part covers the user documentation process for designers and developers of documentation. It describes how to establish what information users need, how to determine the way in which that information should be presented to the users, and how to prepare the information and make it available. It is not limited to the design and development phase of the life cycle, but includes activities throughout the information management and documentation processes.

2. The second part provides minimum requirements for the structure, information content, and format of user documentation, including both printed and on-screen documents used in the work environment by users of systems containing software. It applies to printed user manuals, online help, tutorials, and user reference documentation.

The standard recommends that development of the user documentation should be part of the development of the software product, and follows the same processes as the software product life cycle.

ISO 26514 is the first of a new suite of standards planned to address software user documentation. While ISO 26514 was developed to address the needs of user documentation designers and developers, three further standards are being developed that will address the needs of managers, acquirers and suppliers, and testers and assessors of software user documentation.

To order ISO 26514:2008 in e-Standard format visit the ANSI web site.

Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet.

Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet. Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet. Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet.

Training Courses
Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet.
Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet. training

To see the course description, schedule, and on-line registration click on the course title below. Courses are awarded Continuing Education Units.

Understanding & Implementing ISO9001:2008
ISO 9001:2008 Process Based Internal Auditor
Documenting Your Quality Management System

Understanding & Implementing AS9100B:2004
AS9100B: 2004 Process Based Internal Auditor
Documenting Your Quality Management System

Understanding and Implementing ISO/TS16949:2002
ISO/TS16949:2002 Process Based Internal Auditor
Documenting Your Quality Management System

Understanding and Implementing ISO14001:2004
ISO14001:2004 Process Based Internal Auditor

The Five Pillars of a Lean Workplace Organization
Continuous Process Improvement
Lean Six Sigma

All courses can be delivered at your company. Don’t see a course, location, or date that fits your needs?

Contact Us

Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet.
Quick Links
Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet.
Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet. Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet.