We just attended the Aerospace and Defense Requirements Conference at the Phoenix Convention Center this week.  In our home state of Arizona, we have many suppliers providing products and services to the Aerospace and Defense industry. This conference was sponsored by many prime manufacturers such as Honeywell, Boeing, and Raytheon; including being presented by the Arizona Technology Council, where Sustaining Edge Solutions is a member company.

The primary goal of this conference was to allow those who attended the opportunity to hear firsthand what type of supplier requirements it takes to become a preferred supplier.  A common theme from BAE Systems, Northrop Grumman, Boeing and other presenters was the need, NO the Requirement that all suppliers must have an effective Quality Management System and Certification to ISO 9001/AS9100.

The following are notes we quickly wrote as the speakers presented:

• Must have ISO/AS certification, a strong Quality Management System.
• Just-in-time supply systems, including a 100% on-time delivery.
• Zero parts per million – supplier expectation.
• Cost, quality and schedule imperative for all suppliers
• 42% of Boeing Defense, Space and Security revenue is subcontracted.
• Deliver value and solutions – must be customer focused.
• Have an up-to-date website.  “Let people know who you are.”
• Register for online RFP applications
• Know your customer and potential customers quality requirements.
• Improve affordability and efficiency through Lean Operations.

What’s the take away here?  Supplier opportunities do exist according to all the presenters we heard.  At a minimum, if your company is not certified to the ISO 9001/AS9100 standard, you won’t be considered.  Also, having an effective lean manufacturing program focus on quality, cost, and schedule is highly desirable.

Question: Has certification to ISO 9001 or AS9100 helped your organizational growth?  Have you found it to be a prerequisite to become a supplier to major Aviation, Space and Defense customers?

Let us know!!

Our friends at the Phoenix Police Department’s Records and Identification Bureau were the first U.S. police department registered to the ISO 9001 standard back in 2003.

We just read that another police department, The Emergency Communications and Property Room Divisions of the Houston Police Department (HPD) was recently certified to ISO 9001:2008. HPD is the largest police department in Texas and the fifth largest in the United States.  They pursued ISO 9001 certification, in part, because it establishes clear guidelines and goals against which they can measure achievements. Primarily, HPD determined that the ISO quality management system provides the ideal business model to further the Department’s commitment to continually improve its effectiveness in serving the needs of the community.

The Emergency Communications Division (ECD) is typically the first point of contact that the HPD has with the citizens of Houston. More than 1.2 million calls for service are dispatched by the ECD every year, which further include calls to utilize alternate response strategies. The process is designed so that 9-1-1 calls are initially received by a cadre of independent call takers who then distribute calls-for-service requests to the HPD or the fire department, accordingly.

A cultural shift

Countless improvements were realized in both divisions during the course of the QMS implementation. As stakeholders became more engaged and empowered, several time-saving ideas became evident and cost-savings were revealed. Creating process maps allowed everyone to actually see the sequence and flow of tasks and to identify nonvalue-added activity. This visual approach also made it possible to ensure process interconnectivity, or lack thereof.

There is a burgeoning interest in continuous improvement. With quantified performance improvement in virtually every work process, the incentive to sustain mutually beneficial supplier-customer relationships is now established.

Congratulations to another major police department achieving ISO 9001 success!  Another example that certification success is obtainable for any organization; even ones that carry weapons.  :)

U.S. Commerce Secretary John Bryson announced four organizations—three health care operations and one nonprofit business—as the recipients of the 2011 Malcolm Baldrige National Quality Award, the nation’s highest honor for performance excellence through innovation, improvement, and visionary leadership. This marks the first year that three health care organizations have been selected at one time.

The 2011 Baldrige Award recipients—listed with their category—are:

• Concordia Publishing House, St. Louis, Missouri (nonprofit)

• Henry Ford Health System, Detroit, Michigan (health care)

• Schneck Medical Center, Seymour, Indiana (health care)

• Southcentral Foundation, Anchorage, Alaska (health care)

The 2011 Baldrige Award recipients were selected from a field of 69 applicants. All of the applicants were evaluated rigorously by an independent board of examiners in seven areas defined by the Baldrige Criteria for Performance Excellence: leadership; strategic planning; customer focus; measurement, analysis, and knowledge management; workforce focus; operations focus; and results. The evaluation process for each of the recipients included about 1,000 hours of review and an on-site visit by a team of examiners to clarify questions and verify information in the applications.

Named after Malcolm Baldrige, the 26th Secretary of Commerce, the Baldrige Award was established by Congress in 1987 to enhance the competitiveness and performance of U.S. businesses. The award promotes excellence in organizational performance, recognizes the achievements and results of U.S. organizations, and publicizes successful performance strategies. The award is not given for specific products or services. Since 1988, 90 organizations have received Baldrige Awards.

For more information, go to www.nist.gov/baldrige.

A series of groundbreaking case studies by the International Organization for Standardization (ISO) and partner organizations shows that implementing standards can provide economic benefits from between 0.5 and 4 percent of companies’ annual sales revenues. The studies are based on the experiences of 11 companies operating in a variety of business sectors in 10 countries.

The size of the companies varies from a small business with 25 employees and annual sales revenue of around $4.5 million, to companies with several thousand employees and annual revenue of more than $1.5 billion.  They operate in a variety of business sectors: agri-food, chemicals, construction and construction materials, electrical appliances, electrical power transmission, food retail/food logistics, industrial automation equipment, and information and telecommunications.

These case studies were undertaken in close cooperation between an ISO member body, an academic institution, a company in the respective country, and staff of the ISO Central Secretariat acting as advisors to the project team.

Readers interested in more details of the preliminary case studies can find the full versions of the reports originally developed by the project teams and summary presentations about each project at the iso.org website.

Interested in more information on the proven financial benefits of ISO Registration, contact us. Share with us your organization’s benefits derived from registration.  These benefits are much more than financial. Let us know and we will publish your comments in our next monthly newsletter!

Top Ten Tips to avoid Lean Six Sigma deployment problems according to More Steam:

1. Leadership cannot be delegated.
Successful and durable process improvement efforts depend on senior leadership engagement. Leaders should be active teachers. “Engaged” means process improvement activities are on their calendar and on their “to do” lists – not an initiative that is assigned to others.

2. This is not an “organic” exercise at the beginning.
A certain amount of fascism is required to get things started. Most important projects will cross functional boundaries, so leadership will need to enforce value stream thinking that puts customers ahead of departmental priorities.

3. The “M” in DMAIC does not stand for Months.
Don’t let people get hung up on playing with tools at the expense of getting things done.

4. Don’t take on projects that have massive scope.
It is better to execute a series of smaller, tightly-focused projects that get done.

5. Remember the “3APs”:
Go to the Actual Place (Gemba) where the work is done, observe the Actual Process as it is performed, and talk to the Actual People who perform the process. Beware of Gembaphobia (the fear of going to where the work is actually performed) – tough problems can’t be solved from a conference room.

6. Don’t pick the most available people to become project leaders (Black Belts and Green Belts).
There’s a reason why those people are available, and it’s not because they get things done. Make the functional leaders cough up their best people. Those people will get more done with the right attitude and good people skills than with a mastery of advanced technical methods.

7. Avoid establishing a “Caste System” or “Expert Culture” where only experts can solve problems.
Everyone can use these tools and this thinking in their daily work. Waiting for an “expert” can become a convenient excuse.

8. Don’t operate in secret.
Over-communicate to offset the natural fear of change and suspicion.

9. Don’t forget middle management.
The layer of clay requires extra attention to penetrate. Middle managers must get on board for the approach to have legs. If leaders lead, middle managers will follow.

10. Don’t train without projects!
It’s a total waste of time and money. Don’t over-train, in advance, in batches. Try to pull as needed. Most improvement is accomplished with the simplest tools. The discipline to recognize problems from a customer perspective and address them head-on is more important than technical skills.

We agree with all of these Tips to avoid Lean Six Sigma deployment problems and have witnessed them.  Tell us which of these you faced in your organization, including how you overcame them and your suggested TIPS!

It appears from our vantage point and the experts that the manufacturing segment is coming back. Many of us are thinking of what is the best way to shape our company’s economic recovery into the most profitable form possible.

The answer is to deliver more than your share of customer value. Keep in mind your competition won’t be standing idle while you innovate and grow during the improving economy. To stay ahead of your competition, you should keep a strategic focus on what sets your company apart within your industry.

You could have a number of marketable differences from your competition. Spending more on R&D, or sales efforts? Acquiring capital equipment beyond your current capacities? Is what you’re doing focused on internal needs, or are you implementing your customer’s ideas?

1. Conduct face-to-face interviews.

Of all the ways to learn about customer needs-telephone, e-mail survey, Internet, nothing comes close in effectiveness to face-to-face customer interviews. Many of us use customer surveys to determine satisfaction levels. We use a Likert Scale method (1-5) based on questions we have determined are important. The reality, though, is that most questions asked are actually customer-reactive, not market-customer proactive interviews. Should we be asking our customers “Please rate the quality of our products?”, or “How can we provide a better quality product to you?” Get out and visit your customers and find out what’s important to them!

2. Develop a Voice of the Customer mentality.

Voice of the Customer studies typically consist of both qualitative and quantitative steps. They are generally conducted at the start or finish of a new product, process, or service design in order to better understand the customer’s wants and needs. That e-mail survey with the 3-5% average return, is it handing you a report of “what the customer wants?” This is a flawed model. Train your people to be VOC experts!

Best of all, you’ll develop a reputation among customers as “that supplier who really does listen to us.”

3. Become a quantitative organization.

After you conduct good qualitative customer interviews, you can target specific customer ideas you could work on. Which ideas do you target in your product design? Which ideas do you target in your product realization processes? At this point get quantitative. Being quantitative helps you to understand which customer outcomes are most important and least satisfied.

The key to taking advantage of the recovering economy is in changing the way your company approaches your current and future customers. Start now, with a new approach and you’ll shape a true recovery at your company.

According to data from The British Assessment Bureau’s (BAB) independent 2011 Client Satisfaction Survey,  44 percent of respondents said that they had won business as a result of becoming certified to ISO 9001, the quality management system standard from the International Organization for Standardization (ISO).

The survey, which was carried out by specialist market research organization, Lake Market Research (LMR), showed that for many organizations, the prospect of winning more work was the primary motivation for implementing the standard. When asked, 57 percent said that a client requirement motivated them to obtain certification, with 31 percent responding that winning more business was their incentive.

ISO 9001 is intended to help improve internal management processes, leading to greater efficiency. However, ‘improving internal processes’ was only the third most popular reason for seeking ISO 9001 certification, with 24 percent confirming this. However, the results of BAB Client Satisfaction Survey didn’t prove a surprise to BAB’s director of marketing, Robert Fenn. “Prospective clients have often mentioned that they require the [ISO 9001] standard to qualify for a particular tender,” says Fenn. “However, what we didn’t know is how many of our clients had actually won work as a direct result of achieving certification. With the latest results now in, we’re delighted to confirm that certified organizations are getting the reward they deserve from implementing a robust, recognized quality management system.”

Verbatim feedback from the survey backed up the figures, with some clients suggesting that ISO 9001 carried real weight. “We have won several government contracts which we couldn’t even have attempted without ISO 9001,” says Debbie Horlock from Screenfix Windscreens.  It isn’t just the government that insists on certification either. “We are starting to win new accounts that we could not have approached in the past as they insisted on having ISO 9001,” says Christian Stoneham from Masters Exhibitions & Shows.

Question: Has being registered helped your company improve the bottom line?  We know that a customer requirement is a major motivator for registration, but was going after more business a factor, and has it worked for your organization?

Let us know!

We found this new article on Leadership Styles informative and extremely insightful, enjoy!

Barry Salzberg, CEO of Deloitte, has spent his entire 34-year career in one place, climbing the corporate ladder. From his first unsupportive manager at the New York-based professional services firm to the mentors who helped pull him up through the ranks, Salzberg learned to lead and be led, eventually becoming CEO of Deloitte LLP in the United States in 2007. He has a message for the next generation of leaders: The old leadership hierarchy no longer works.

“Gone is the day of the old command-and-control environment, the climb-the-ladder model in which the employee kept quiet and didn’t say too much, certainly not much beyond what was asked and tasked,” Salzberg told his audience at a recent Wharton Leadership Lecture. “Gone, too, is the densely layered organizational hierarchy [and] dinosaur-like structures that are too slow and lumbering for today’s environment.”

To thrive in an ever-changing world, companies must actively commit to cultivating younger leaders throughout the organization, and encouraging older leaders to pass on what they know. “Leadership now needs to be the norm, not the exception,” he noted. “No longer is leadership about a few exceptional leaders at the top of the organization. Rather, the future is about exceptional teams and the leaders within those teams who can out-maneuver, out-manage and out-innovate their competition.”

Up the ‘lattice’

That is why leadership needs to be flat, Salzberg noted. In a global world, leaders are required at all levels of the organization, not just at the top. In fact, Deloitte has “kicked away the ladder,” he said. “In my organization, we talk now about the lattice, not the ladder.” With a lattice structure, people can move not just up and down but also sideways. If employees need to ease up on the intensity of work to take care of a child or an aging parent, the lattice structure allows them to do that without destroying their career. “The corporate lattice metaphor signals a shift in mindset. It’s better reflective of today’s employees, who want variety and flexibility, and reject a one-size-fits-all approach.”

Another leadership relic, according to Salzberg: the idea of a “ruling elite in the clouds of some bureaucratic Mount Olympus.” In the past, it would have been unthinkable for the average employee to have direct contact with the CEO, he pointed out. Today, CEOs regularly host employee town halls, in which people are encouraged to ask and say anything. “Our people have to see that if they disagree [with their boss], nothing will happen, that there are no [negative] consequences to promotion or compensation.”

No ostriches, no elephants

Leaders today must also be transparent, especially in our socially networked world, said Salzberg. “In today’s social media environment, it’s fascinating to see how in 10 seconds what you say is spread throughout the organization. There are few hiding places.”

The experience helped him develop what he calls his “no ostriches, no elephants” principle. “No burying your head in the sand if there’s a problem, and no ignoring the elephant in the room,” he said. “Much better to name and tame an issue, no matter how difficult it is, than to ignore it or pretend it isn’t there. Making sure the truth is told and discussed with all is the foundation of leadership. Without that, you can’t build trust.”

To read the entire article, see Knowledge@Wharton website.

Question: Has the current social media business environment lifted teamwork to a newer dynamic area of stability, or can total transparency harm team organizational effectiveness? Respond!

If your company is certified to AS9100B, you should already know that the transition to AS9100C Aviation, Space, and Defense Standard starts July 1, 2011. If your surveillance or re-certification audit is going to take place after this date, you must have completed the transition to the new requirements, and have the correct documentation and objective evidence to demonstrate effectiveness.

AS9101D Audit Requirements for Aviation, Space, and Defense is the new, completely rewritten standard that defines the requirements for Certification Bodies (CBs) to audit your system. This standard creates common auditing methods and document formats (seven appendices) that the CB auditor will use, and can be used by your organization in support of your internal audits, and external audits at your suppliers.

Key differences to the audit requirements and CB audit process include:

• Expanded scope of what and when a Major nonconformity will be written. Major nonconformity situation example, “a nonconformity where the effect is judged to be detrimental to the integrity of the product.”

• A new nonconformity report (NCR) used by the auditor. Example, when nonconformity found requires immediate containment action meaning –“fix now” to contain the nonconforming condition, it will be done. Immediate containment and correction can be reviewed by the audit team during the audit.

• Each audited “Product Realization Process – level of effectiveness” will be recorded on the Process Effectiveness Assessment Report (PEAR). The PEAR identifies 4 effectiveness levels. If the auditor classifies the effectiveness level as a “1 or 2” it will result in a nonconformity being issued.

• No more soft grading or scoring. If the auditor found evidence of non-fulfillment of a requirement, the auditor determines the nonconformity classification (major/minor). The “observations and opportunities for improvement” grade no longer exists for borderline correction actions.

• Audit results will be posted on the Online Aerospace Supplier Information System (OASIS) for approved parties to view (i.e., your customers)! This transparency alone only emphasis the need to seriously examine your current documented system and its conformity and effectiveness.

With the development of the AS9100C and AS9101D standards, you can count on performance-based, process-oriented audit methods and techniques facing your company future. It is now May, and the clock is ticking. Life was good when the auditor would ask for “thus and so” and you could show “thus and so” and get a check mark. Those days are changing fast!

Question:  Has your Certification Body (CB) informed your organization of the new requirements and their future audit process?  We have found it’s a CB communication mixed bag!  Let us know, and do you think the new CB audit process and AS9100C expanded requirements will make a difference in supplier quality? Respond!!

ISO 27001 is an international standard which defines the requirements for an Information Security Management System (ISMS). The standard is designed to ensure the selection of adequate and proportionate security controls. The standard is particularly suitable where the protection of information is critical, such as in the finance, health, public and information technology sectors.

The confidentiality, integrity, and availability of vital corporate and customer information are essential to maintain competitive edge, profitability, legal compliance and commercial image.

Annex A of ISO 27001 is probably the most mentioned annex of any management standard. Why is there so much talk about it? Let’s take a look at the security controls and examples.

If you have read Annex A, you have seen that 133 security controls are listed there.  Annex A contains the following clauses:

• A.5 Security policy
• A.6 Organization of information security
• A.7 Asset management
• A.8 Human resources security
• A.9 Physical and environmental security
• A.10 Communications and operations management
• A.11 Access control
• A.12 Information systems acquisition, development and maintenance
• A.13 Information security incident management
• A.14 Business continuity management
• A.15 Compliance

These 133 controls which can be seen from the names of the clauses, are not focused solely on IT – they also cover for example physical security, legal protection, human resources management, and organizational issues. You could consider Annex A as a form of a catalogue of security measures to be used during your treatment process – once you identify unacceptable risks in risk assessment, Annex A will help you choose the right control(s) to decrease those risks. And ensure you don’t forget any important control.

Annex A is where ISO 27001 and ISO 27002 come together – the controls in ISO 27002 are named the same as in Annex A of ISO 27001, but the difference is in the level of detail – ISO 27001 gives only a short definition of a control, while ISO 27002 gives detailed guidelines on how to implement the control.

Obstacles

If by now you are thinking that Annex A is a perfect implementation tool for your information security project, don’t get confused – it also has some things that don’t always make good sense. For instance, some controls define almost the same issues, sometimes causing confusion – like A.9.2.6 (Secure disposal or re-use of equipment) and A.10.7.2 (Disposal of media).  Annex A mentions policies and procedures, however it does not require those to be documented. It might seem strange, but only where the word “documented” appears, does the standard require written policies and/or procedures.

Mandatory relationship with ISO 27001

The mandatory clauses 4 to 8 contain the management part of the standard – they prescribe the PDCA cycle (Plan-Do-Check-Act phases), including risk assessment and treatment, documentation control, records control, provision of resources, internal audit, management review, corrective and preventive actions.  The risk assessment & treatment process is the main connection between clauses 4 to 8 and the controls from Annex A – it will help you decide whether individual controls from Annex A are necessary for decreasing risks or not. It means clauses 4 to 8 and Annex A cannot exist one without the other.

The focus on risks and the flexibility to apply security controls according to what your organization considers as appropriate are the real benefits of the an ISO 27001 ISMS – you must be careful to take full advantage of them.

Question: How did/will your organization identify it’s appropriate controls, too many, too little, was it successful,  and what lessons have you learned?

Thanks for reply!