|
||||||||||||||||||||||||||||||||||||||||
Sustaining Edge Solutions, Inc. Newsletter
|
Archive for 2011
ISO 9001 Proven to Help Win New Business
Monday, June 13th, 2011According to data from The British Assessment Bureau’s (BAB) independent 2011 Client Satisfaction Survey, 44 percent of respondents said that they had won business as a result of becoming certified to ISO 9001, the quality management system standard from the International Organization for Standardization (ISO).
The survey, which was carried out by specialist market research organization, Lake Market Research (LMR), showed that for many organizations, the prospect of winning more work was the primary motivation for implementing the standard. When asked, 57 percent said that a client requirement motivated them to obtain certification, with 31 percent responding that winning more business was their incentive.
ISO 9001 is intended to help improve internal management processes, leading to greater efficiency. However, ‘improving internal processes’ was only the third most popular reason for seeking ISO 9001 certification, with 24 percent confirming this. However, the results of BAB Client Satisfaction Survey didn’t prove a surprise to BAB’s director of marketing, Robert Fenn. “Prospective clients have often mentioned that they require the [ISO 9001] standard to qualify for a particular tender,” says Fenn. “However, what we didn’t know is how many of our clients had actually won work as a direct result of achieving certification. With the latest results now in, we’re delighted to confirm that certified organizations are getting the reward they deserve from implementing a robust, recognized quality management system.”
Verbatim feedback from the survey backed up the figures, with some clients suggesting that ISO 9001 carried real weight. “We have won several government contracts which we couldn’t even have attempted without ISO 9001,” says Debbie Horlock from Screenfix Windscreens. It isn’t just the government that insists on certification either. “We are starting to win new accounts that we could not have approached in the past as they insisted on having ISO 9001,” says Christian Stoneham from Masters Exhibitions & Shows.
Question: Has being registered helped your company improve the bottom line? We know that a customer requirement is a major motivator for registration, but was going after more business a factor, and has it worked for your organization?
Let us know!
Which Method was First – or can I use Both?
Thursday, June 2nd, 2011
|
|||||||||||||||||||||||||||||||||||||||||||||
A Corporate ‘Lattice,’ not Ladder
Tuesday, May 24th, 2011We found this new article on Leadership Styles informative and extremely insightful, enjoy!
Barry Salzberg, CEO of Deloitte, has spent his entire 34-year career in one place, climbing the corporate ladder. From his first unsupportive manager at the New York-based professional services firm to the mentors who helped pull him up through the ranks, Salzberg learned to lead and be led, eventually becoming CEO of Deloitte LLP in the United States in 2007. He has a message for the next generation of leaders: The old leadership hierarchy no longer works.
“Gone is the day of the old command-and-control environment, the climb-the-ladder model in which the employee kept quiet and didn’t say too much, certainly not much beyond what was asked and tasked,” Salzberg told his audience at a recent Wharton Leadership Lecture. “Gone, too, is the densely layered organizational hierarchy [and] dinosaur-like structures that are too slow and lumbering for today’s environment.”
To thrive in an ever-changing world, companies must actively commit to cultivating younger leaders throughout the organization, and encouraging older leaders to pass on what they know. “Leadership now needs to be the norm, not the exception,” he noted. “No longer is leadership about a few exceptional leaders at the top of the organization. Rather, the future is about exceptional teams and the leaders within those teams who can out-maneuver, out-manage and out-innovate their competition.”
Up the ‘lattice’
That is why leadership needs to be flat, Salzberg noted. In a global world, leaders are required at all levels of the organization, not just at the top. In fact, Deloitte has “kicked away the ladder,” he said. “In my organization, we talk now about the lattice, not the ladder.” With a lattice structure, people can move not just up and down but also sideways. If employees need to ease up on the intensity of work to take care of a child or an aging parent, the lattice structure allows them to do that without destroying their career. “The corporate lattice metaphor signals a shift in mindset. It’s better reflective of today’s employees, who want variety and flexibility, and reject a one-size-fits-all approach.”
Another leadership relic, according to Salzberg: the idea of a “ruling elite in the clouds of some bureaucratic Mount Olympus.” In the past, it would have been unthinkable for the average employee to have direct contact with the CEO, he pointed out. Today, CEOs regularly host employee town halls, in which people are encouraged to ask and say anything. “Our people have to see that if they disagree [with their boss], nothing will happen, that there are no [negative] consequences to promotion or compensation.”
No ostriches, no elephants
Leaders today must also be transparent, especially in our socially networked world, said Salzberg. “In today’s social media environment, it’s fascinating to see how in 10 seconds what you say is spread throughout the organization. There are few hiding places.”
The experience helped him develop what he calls his “no ostriches, no elephants” principle. “No burying your head in the sand if there’s a problem, and no ignoring the elephant in the room,” he said. “Much better to name and tame an issue, no matter how difficult it is, than to ignore it or pretend it isn’t there. Making sure the truth is told and discussed with all is the foundation of leadership. Without that, you can’t build trust.”
To read the entire article, see Knowledge@Wharton website.
Question: Has the current social media business environment lifted teamwork to a newer dynamic area of stability, or can total transparency harm team organizational effectiveness? Respond! 
Free Tutorial on New ISO/IEC 17021
Thursday, May 5th, 2011Click here
|
|||||||||||||||||||||||||||||||||||||||||||||
AS9101D: Are You Ready?
Monday, April 18th, 2011If your company is certified to AS9100B, you should already know that the transition to AS9100C Aviation, Space, and Defense Standard starts July 1, 2011. If your surveillance or re-certification audit is going to take place after this date, you must have completed the transition to the new requirements, and have the correct documentation and objective evidence to demonstrate effectiveness.
AS9101D Audit Requirements for Aviation, Space, and Defense is the new, completely rewritten standard that defines the requirements for Certification Bodies (CBs) to audit your system. This standard creates common auditing methods and document formats (seven appendices) that the CB auditor will use, and can be used by your organization in support of your internal audits, and external audits at your suppliers.
Key differences to the audit requirements and CB audit process include:
• Expanded scope of what and when a Major nonconformity will be written. Major nonconformity situation example, “a nonconformity where the effect is judged to be detrimental to the integrity of the product.”
• A new nonconformity report (NCR) used by the auditor. Example, when nonconformity found requires immediate containment action meaning –“fix now” to contain the nonconforming condition, it will be done. Immediate containment and correction can be reviewed by the audit team during the audit.
• Each audited “Product Realization Process – level of effectiveness” will be recorded on the Process Effectiveness Assessment Report (PEAR). The PEAR identifies 4 effectiveness levels. If the auditor classifies the effectiveness level as a “1 or 2” it will result in a nonconformity being issued.
• No more soft grading or scoring. If the auditor found evidence of non-fulfillment of a requirement, the auditor determines the nonconformity classification (major/minor). The “observations and opportunities for improvement” grade no longer exists for borderline correction actions.
• Audit results will be posted on the Online Aerospace Supplier Information System (OASIS) for approved parties to view (i.e., your customers)! This transparency alone only emphasis the need to seriously examine your current documented system and its conformity and effectiveness.
With the development of the AS9100C and AS9101D standards, you can count on performance-based, process-oriented audit methods and techniques facing your company future. It is now May, and the clock is ticking. Life was good when the auditor would ask for “thus and so” and you could show “thus and so” and get a check mark. Those days are changing fast!
Question: Has your Certification Body (CB) informed your organization of the new requirements and their future audit process? We have found it’s a CB communication mixed bag! Let us know, and do you think the new CB audit process and AS9100C expanded requirements will make a difference in supplier quality? Respond!!
Why is My CB Auditor Driving a Cadillac?
Monday, April 4th, 2011
|
|||||||||||||||||||||||||||||||||||||||||||||||
Sustaining Edge Solutions, Inc. Newsletter
Sustaining Edge Solutions, Inc. | 8055 N. High Branch Drive | Tucson | AZ | 85743
|
ISO 27001 ISMS – Annex A Controls
Thursday, March 17th, 2011ISO 27001 is an international standard which defines the requirements for an Information Security Management System (ISMS). The standard is designed to ensure the selection of adequate and proportionate security controls. The standard is particularly suitable where the protection of information is critical, such as in the finance, health, public and information technology sectors.
The confidentiality, integrity, and availability of vital corporate and customer information are essential to maintain competitive edge, profitability, legal compliance and commercial image.
Annex A of ISO 27001 is probably the most mentioned annex of any management standard. Why is there so much talk about it? Let’s take a look at the security controls and examples.
If you have read Annex A, you have seen that 133 security controls are listed there. Annex A contains the following clauses:
- A.5 Security policy
- A.6 Organization of information security
- A.7 Asset management
- A.8 Human resources security
- A.9 Physical and environmental security
- A.10 Communications and operations management
- A.11 Access control
- A.12 Information systems acquisition, development and maintenance
- A.13 Information security incident management
- A.14 Business continuity management
- A.15 Compliance
These 133 controls which can be seen from the names of the clauses, are not focused solely on IT – they also cover for example physical security, legal protection, human resources management, and organizational issues. You could consider Annex A as a form of a catalogue of security measures to be used during your treatment process – once you identify unacceptable risks in risk assessment, Annex A will help you choose the right control(s) to decrease those risks. And ensure you don’t forget any important control.
Annex A is where ISO 27001 and ISO 27002 come together – the controls in ISO 27002 are named the same as in Annex A of ISO 27001, but the difference is in the level of detail – ISO 27001 gives only a short definition of a control, while ISO 27002 gives detailed guidelines on how to implement the control.
Obstacles
If by now you are thinking that Annex A is a perfect implementation tool for your information security project, don’t get confused – it also has some things that don’t always make good sense. For instance, some controls define almost the same issues, sometimes causing confusion – like A.9.2.6 (Secure disposal or re-use of equipment) and A.10.7.2 (Disposal of media). Annex A mentions policies and procedures, however it does not require those to be documented. It might seem strange, but only where the word “documented” appears, does the standard require written policies and/or procedures.
Mandatory relationship with ISO 27001
The mandatory clauses 4 to 8 contain the management part of the standard – they prescribe the PDCA cycle (Plan-Do-Check-Act phases), including risk assessment and treatment, documentation control, records control, provision of resources, internal audit, management review, corrective and preventive actions. The risk assessment & treatment process is the main connection between clauses 4 to 8 and the controls from Annex A – it will help you decide whether individual controls from Annex A are necessary for decreasing risks or not. It means clauses 4 to 8 and Annex A cannot exist one without the other.
The focus on risks and the flexibility to apply security controls according to what your organization considers as appropriate are the real benefits of the an ISO 27001 ISMS – you must be careful to take full advantage of them.
Question: How did/will your organization identify it’s appropriate controls, too many, too little, was it successful, and what lessons have you learned?
Thanks for reply!
Design of Documentation
Tuesday, March 1st, 2011 |
Sustaining Edge Solutions, Inc. Newsletter |  |
|
|||||||||||||||||||||||||||||||||||||||||
Greetings! Welcome to Sustaining Edge Solutions Performance Improvement Newsletter. Our newsletters provide information on Business Management Systems ISO 9001, AS9100 Aviation, Space and Defense, ISO/TS 16949 Automotive, ISO 27001 Information Security, ISO 13485 Medical Devices, ISO 14001 Environmental, and others. This includes process auditing techniques and process improvement methods Six Sigma, Lean Enterprise, and other topics of interest to our readers. Have a topic of interest for a 2011 future newsletter? Please let us know.
A critical question that many organizations face when starting a documented operational management system or improving a current one is “How much documentation is required?”
If you’re a quality improvement veteran, you remember the ISO 9001, 1987 and 1994 versions required a number of ‘documented procedures’ as part of the standard’s 20 requirements. Such an approach did lead to an organization putting effort into creating documentation which doesn’t add much value. This was reduced with the ISO 9001:2000 revision, specifying just 6 documented procedures, although implementers are given the latitude to define more as they see fit. We find today in many cases that lessons learned from past year’s experiences is driving a “less is more” when it comes to management systems documentation. If we cannot rely on the ISO standard telling us where and how much documentation to write, what can we base our decision on? Do we base it on: The answer is in the risk associated with needing to control your business processes. What is the risk of a certain system or process not being controlled? Many factors come into play: personnel experience, competencies, turnover, task complexity, customer and regulatory requirements are just some to be considered. The Standard also asks that the organization document to ensure the planning, operation and control of the Management System processes is effective. An embedded guidance note further states that the extent of documentation is going to depend on:
No two management systems are quite the same. Documentation will look different; exclusions are taken for requirements that don’t apply. The number and diversity of procedures, work instructions, and forms, will always vary. The standard’s structure should be a guide for the kinds of documents the organization should consider including within their system. We have seen too many cases where the requirements themselves are only used for guidance (example: verbatim standard language for policies) rather than a sequenced and integrated documentation focus for improving our company competitiveness and profitability. Use a risk management process applicable to your internal and external requirements, products and processes when developing documentation and the amount required. Remember, a healthy appreciation of the value of process control documentation is the difference between a certification hanging on the wall, or a sustained organization that always satisfies its customer needs. Interested in extended risk management information and/or developing a custom approach to your documented operational and quality management system?
It appears from our vantage point and the experts that the manufacturing segment is coming back. Many of us are thinking of what is the best way to shape our company’s economic recovery into the most profitable form possible. The answer is to deliver more than your share of customer value. Keep in mind your competition won’t be standing idle while you innovate and grow during the improving economy. To stay ahead of your competition, you should keep a laser focus on what sets your company apart within your industry. You could have a number of marketable differences from your competition. Spending more on R&D? Acquiring capital equipment beyond your current capacities? Is what you’re doing focused on internal needs, or are you implementing your customers ideas? 1. Conduct face-to-face interviews. Of all the ways to learn about customer needs-telephone, e-mail survey, Internet, nothing comes close in effectiveness to face-to-face customer interviews. Many of us use customer surveys to determine satisfaction levels. We use a Likert Scale method (1-5) based on questions we have determined are important. The reality, though, is that most questions asked are actually customer-reactive, not market-customer proactive interviews. Get out and visit your customers and find out what’s important to them. 2. Develop a Voice of the Customer mentality. Voice of the Customer studies typically consist of both qualitative and quantitative steps. They are generally conducted at the start or finish of a new product, process, or service design in order to better understand the customer’s wants and needs. That e-mail survey with the 3-5% average return, is it handing you a report of “what the customer wants?” This is a flawed model. Train your people to be VOC experts. Best of all, you’ll develop a reputation among customers as “that supplier who really does listen to us.” 3. Become a quantitative organization. After you conduct good qualitative customer interviews, you can target specific customer ideas you could work on. Which ideas do you target in your product design? Which ideas do you target in your product realization processes? At this point get quantitative. Being quantitative helps you to understand which customer outcomes are most important and least satisfied. The key to taking advantage of the recovering economy is in changing the way your company approaches your current and future customers. Start now, with a new approach and you’ll shape a true recovery at your company.
December U.S. manufacturing technology consumption totaled $446.76 million, according to The Association For Manufacturing Technology (AMT) and the American Machine Tool Distributors’ Association (AMTDA). This total, as reported by companies participating in the U. S. Manufacturing Technology Consumption (USMTC) program, was up 40.9 percent from November and up 104.8 percent when compared with the total of $218.16 million reported for December 2009. With a year-to-date total of more than $3.2 billion, 2010 is up 85.3 percent compared with 2009.
“For the first time in USMTC history, we experienced four months of consecutive growth following IMTS [the International Manufacturing Technology Show], ending the year on a solid upswing,” says Douglas K. Woods, president of AMT. “2010 orders closed strong, up 85 percent over 2009, and December’s orders were 40.9-percent higher than the previous month. With backlogs firming and quotation levels accelerating, we are very optimistic that the industry will see strong results in 2011.” The USMTC report, jointly compiled by the two trade associations representing the production and distribution of manufacturing technology, provides regional and national U.S. consumption data of domestic and imported machine tools and related equipment. Analysis of manufacturing technology consumption provides a reliable leading economic indicator as manufacturing industries invest in capital metalworking equipment to increase capacity and improve productivity. U.S. manufacturing technology consumption is also reported on a regional basis for five geographic breakdowns of the United States. To view the five geographic areas visit the AMT website.
New ISO/IEC 17021 Raises Level of Management System Certification. The International Organization for Standardization’s (ISO) just-published second edition of ISO/IEC 17021 sets new requirements for auditing management systems and for auditor competence in order to increase the value of management system certification to public and private-sector organizations worldwide. The certification bodies that carry out management system certification (independently of ISO), are being given a two-year period to bring their operations in line with the new edition.
Certification bodies that use the new edition will be able to ensure competent audit teams, with adequate resources, following a consistent process and reporting audit results in a consistent manner. ISO/IEC 17021:2011 was developed by the ISO Committee on Conformity Assessment and is available from ISO national member institutes. Manufacturing for Growth. Four leading associations of small- and medium-sized manufacturing companies announced that they are combining resources to host the inaugural Manufacturing for Growth (MFG) meeting, a gathering of hundreds of manufacturing leaders, March 3-6, 2011, in Chandler, AZ. For more event information read press release. U.S. to Celebrate World Standards Day 2011. This year, the U.S. Celebration of World Standards Day-Advancing Safety and Sustainability Standards Worldwide-will recognize the crucial role of standards, codes, and conformity assessment in ensuring the health and safety of people and the environment, today and for future generations. Standardization speeds innovation, facilitates harmonized trade, and boosts consumer and government confidence in products, services, systems, and processes. But above all, standardization provides an adaptive framework for developing the most effective solutions to critical global challenges. Since the initial celebration in 1970, World Standards Day is now recognized in nations around the globe. U.S. activities are organized annually by a planning committee consisting of representatives from across the standards and conformity assessment community. For more information or to register, please visit ANSI website.
To see the course description, schedule, and on-line registration click on the course title below. We do provide onsite and custom training.
View all our Courses Understanding and Implementing ISO9001:2008 Understanding and Implementing AS9100C (9110 &9120) Aviation, Space and Defense Understanding and Implementing ISO/TS16949:2009 Automotive Understanding and Implementing ISO14001:2004 Environmental 5S Five Pillars of a Lean Workplace Organization Understanding and Implementing ISO 13485:2003 Medical Devices Understanding and Implementing ISO 27001:2005 Information Security All courses can be delivered at your company. Don’t see a course, location, or date that fits your needs?
|
|||||||||||||||||||||||||||||||||||||||||
|
email: wtighe@sustainingedge.com
phone: 888-572-9642 Toll Free
|
|||||||||||||||||||||||||||||||||||||||||
 |
 |
Justified Versus Unjustified Complaints
Monday, February 7th, 2011Has your organization decided that it’s a good idea to classify customer complaints according to whether they are “justified?” This occurrence just took place with a client of ours that received a complaint due to using a product beyond its capability and felt it wasn’t necessary to utilize their corrective actions system for identification and resolution.
This may make some logical sense, but it’s the worst thing a company can do for building customer satisfaction. Take all customer complaints seriously!
Craig Cochran recently wrote an article for AIAG Quality Standards which highlights ways to ensure your customers are satisfied with how you handle their complaints.
If I’m a customer, all my complaints are justified. If you try to tell me that my complaint is “unjustified,” it’s only going to make me angrier than I already am. Once the customer experiences a problem, it becomes the company’s problem. Regardless of the fault of the problem, customer satisfaction has been affected, and action must be taken.
Consider these scenarios:
(1) The customer used the product incorrectly, and the performance was adversely affected; the complaint is deemed unjustified. But why did the customer use the product incorrectly? Was the application known prior to the sale? Were the instructions unclear? Is there any chance that the customer was misled, even unintentionally?
(2) The customer says the product was damaged, but the type of damage described could only have happened at the customer location; the complaint is deemed unjustified. But should the product’s packaging be improved? Should you provide guidelines for proper handling?
In each of these cases, an argument could be made that the problem was the customer’s fault. Taking this position, though, does nothing to enhance customer satisfaction, nor does it further the organization’s long-term objectives. Savvy organizations will look for ways to error-proof their products with customers. Of course, some problems are truly the customer’s fault. When these situations occur, the organization might not be obligated to replace the product, provide credits or refunds, or accept returns. In all cases, however, customers must be treated in a diplomatic, cordial manner.
Reporting Back to Your Customer. Customers want to know what action has been taken. After all, the customers had a negative experience related to something they spent their hard-earned money on. They even took the time to tell the organization about it. Now they’re curious. What are you going to do about it? If your organization is interested in turning the negative experience into a positive one, someone must take the time to report back to the customer. The communication should include three key elements:
- The results of the investigation into the problem;
- The action taken; and
- A statement of thanks for reporting the problem.
Reporting action back to the customer closes the loop on the issue. It also lets the customer know that you take his or her feedback seriously and are committed to making improvements. In some cases, it can determine whether your organization remains a supplier to this customer.
The following steps represent implementation guidelines for an effective complaint system:
- Determine what information is needed in order to investigate and take action on customer complaints. Build your complaint form/CAR around this information.
- Establish contact methods for customer complaints. Remember that voice contact is preferred by most customers.
- Appoint someone as the complaint administrator. This person will be responsible for the entire process.
- When a complaint occurs, use structured problem-solving techniques to address them in a systematic manner.
Complaint information should be one of the most widely disseminated topics in an organization. Trend data should be posted on every departmental bulletin board, along with the details of relevant complaints involving that department. Complaints, their root causes and eventual corrective action must be made topics of any regular communication that takes place throughout the organization.
Does your organization neglect unjustified complaints? Give us an example and we will provide a direct response to your input with suggestions for improvement.