Hosting Company Auditing and Certification — Part 3-A of 3

In addition to Superb Internet’s ITIL staff certification (Part 1 of this three-part series) and our SSAE-16 auditing (Part 2), we are certified for the ISO 9001:2008 standard. This is the first of a two-part within a four-part series, so 3-A & 3-B is the last one (because both are on this same standard). This article (3-A) covers the first 2 sections of the standard, Sections 4 & 5, and the final one (3-B) covers the last 3 sections, Sections 6-8.

“You and your standards. You’ll never mount a 28-point buck on your wall if you don’t lower your standards to the point where you can do and say whatever you want, such as call a 3-point buck a 28-point buck.”

3-point? That’s lopsided, isn’t it? Listen, sir, again – please stop disrupting my train of thought. ISO is short for the International Organization for Standardization (that’s correct, despite the lettering flip-flop). Its goal, as stated in its initial charter created by a 25-nation delegation that met in London in 1946, is “to facilitate the international coordination and unification of industrial standards.”

“Interesting. You do realize that most meetings of folks outside America in 1946 were just an excuse for pinkos to exchange bomb-making and dirty-dancing techniques, right? Or are we reading different websites?”

Well… Unfortunately I’m busy now writing this piece, but once I’m through, I’d love to hear what kind of sultry dance moves were most prevalent during the 1940s. ISO 9001:2008, one of the standards developed and maintained by the ISO, contains parameters for a credible quality management system. Regardless of the size of a business or its industry, 9001:2008 certification is useful for demonstrating the full functionality of quality management practices within an organization.

“My quality management system involves dunking my head in a bucket of ice water when I’ve had too much to drink. Makes me feel refreshed… and very cold.”

I can imagine. It’s a good system you have, though. No one can fault you for that. Below I will review the importance and scope of the International Organization for Standardization, why 9001:2008 has significance, and further explanation of what it entails as a third-party certification method.

The ISO: Diverse Scope, Unified Mission

Since its inception, the International Organization for Standardization has created almost 20,000 standards. All its standards are voluntary. However, as with the SSAE and ITIL credentials we hold, sometimes our clients have internal rules specifying that they can only work with organizations possessing certain third-party certifications.

“I’ll show you a third-party certification. It’s called my American Nazi Party voter registration card.”

Please, please don’t ever vote, my man. The ISO streamlines business practices by placing global guidelines on how organizational systems should be administered and managed. Additionally, because the ISO has members from over 160 nations and create standards via consensus, international trade is enhanced by agreements made at the level of standardization (or so say its advocates).

“Gotcha, you con-artist! Everyone knows there are only 43 countries. Well… I guess 44 if you count Antarctica.”

You have an interesting globe. How many countries are in South America, for example? Two? Paraguay takes up half the continent? Additionally, the ISO, because it is comprised of so many nations, is able to draw on the perspectives of experts from all over the planet. The diversity of the organization’s membership allows the standards it creates not only to be objective, but also to be flexible enough to allow application across a worldwide cultural tableau.

“I’m looking for a woman who’s flexible enough to allow application across a worldwide cultural tableau.”

Thank you for sharing.

What is the ISO 9000 Family?

Here’s how 9001:2008 fits into the broader picture of the standards. A topical subgroup within which the ISO organizes standards pertaining to certain subject matter is referred to as a “family of standards.” Sample families are quality management, environmental management, country codes, food safety management, social responsibility, energy management, risk management, currency codes, and language codes. The ISO 9000 family, of which 9001:2008 is a part, covers quality management.

“Ma’am, I’d like to uncover your quality, and then I’d like to manage it.”

Wow, your mind is really in the gutter. The quality management heading for ISO 9000 denotes creating a meaningful relationship between the needs and desires of a customer and the products and services offered by an organization. Examples of some of the “siblings” of 9001:2008 include 9004:2009, which specifically covers improving the efficiency and effectiveness of a quality management system, and 19011:2011, which standardizes auditing (both in-house and third-party) of such a system.

“I once got ‘audited’ by the IRA. They were very violent. I’m lucky to have survived.”

The Irish Republican Army? Huh, well, I’m sorry that happened to you.

ISO 9001:2008 – Section 4: “General Requirements”

Let’s take a look at the individual sections of the standard. The standard has 5 sections that run from “Section 4” to “Section 8.” They cover, in order, General Requirements, Management Requirements, Resource Requirements, Realization Requirements, and Remedial Requirements.

“I require that you stand at the other end of the shooting range during target practice.”

That’s not a very nice thing to say. Section 4 covers the following:

1.    Development of the Quality Management System (QMS) – Section 4.1 is kind of an overview. It includes doing the following with the QMS:

• Establishment
• Documentation
• Implementation
• Maintenance
• Improvement.

It also introduces the idea of basing the QMS in a process model – such as the PDCA (Plan/Do/Check/Act) Cycle – to allow for constant adaptation.

2.    Documentation of the QMS – Section 4.2 deals with documents in the following ways:

• Ensure that the paperwork is related to what your business does, that it’s properly customized to your culture and industry.
• Specifically it’s advised to create a manual that has to do with quality; it should be regularly reviewed/revised.
• Place proper controls on this paperwork. This applies both to documents and records (below).
• Records need to also be created and controlled. These records are data and information (aka inputs) related to quality over time — as opposed to general overview, descriptive, and policy statements made in the manual.

“I never met a man I respected who didn’t know how to control his records. Loved every one I met who could. Like Metallica once said, ‘Nothing else matters.’”

That’s an interesting perspective. Thanks for the Metallica reference. That’s helpful.

ISO 9001:2008 – Section 5: “Management Requirements”

Section 5 is the requirements for management. To be clear, this relates to managing the QMS; however, the individual in charge should also be someone within the management of the company (see #5 below). An overview of this section:

1.    Dedication to Quality – Section 5.1 has to do with the following efforts related to integrating a prioritized attitude toward quality into your company via support:

• Make sure it’s easy for the system to be created and developed.
• Make sure it’s easy for it to be put into place, to be implemented.
• Also ensure that you can easily make modifications and improvements to the QMS.

2.    Customer Focus – You heard it here first: the customer is always right. Section 5.2 deals with maintaining a customer-centered perspective in these two ways:

• Identification of their concerns. Find out what your customers want.
• Meet their concerns. Don’t turn customer concerns away at the door. Ensure that all needs are being properly addressed.

3.    Quality Policy – 5.3 addresses specifics of how to manage and maintain your internal quality policy in the following ways:

• It should be functional and clear about the requirements.
• It should express improvement processes and dedication to evolution.
• Your quality policy should directly reflect your objectives (below).
• Make sure that the policy is disseminated and fluidly open to suggestions from everyone in your organization.
• Perform regular reviews, and revise as needed.

4.    Proper Planning – Make sure plans are in place to allow the QMS to grow and thrive methodically, per Section 5.4, as follows:

• Support, create, and ensure the functionality of quality objectives, so you know what you’re trying to achieve.
• Plan to create the QMS, document it, and put it into place, as well as to perform regular upkeep and modifications.

5.    Who Does What – Section 5.5 mandates determining the roles and responsibilities for quality within your organization … like so:

• Make sure it’s clear who’s in charge of what, as well as what exactly the designated individuals need to do within their roles.
• Everyone in the organization should who know these designees are.
• An executive in your organization should be ultimately in charge of the QMS.
• You should have a framework in place to allow and encourage internal dialogue about the QMS.

6.    Regular Reviews – Section 5.6 relates to reviews of the QMS:

• Perform reviews at reasonable intervals. Look at opportunities for improvements. Keep records.
• Look at and study your QMS inputs (information/records).
• Create outputs. In other words, you need takeaways from these reviews. What did you learn? Also determine what resources are needed moving forward.

“9/11 was an inside job!”

Sir …

“You’re the one using bullets! You’re a hypocrite.”

OK …

Summary & Conclusion

These standards are important to us at Superb Internet. They allow us to demonstrate both our commitment to standards established by the international community and our ability to actually meet those standards. We are, after all, certified in ISO 9001:2008.

So far, we have covered general and management requirements. Essentially, you need to create a sustainable system, take it seriously, make it adaptive, and enhance communication; doing so will ensure it is an organic, flexible, organization-wide team effort. Assign roles and responsibilities. Collect data, analyze it, and document your takeaways. Ensure that there are always outputs to correspond to the inputs (data and info) flowing through the QMS.

We have three sections left, which will be covered in the final part of this series, 3-B: resources, realization, and remediation. OK I’m through. Let’s get to those sultry dance moves, buddy: I can handle the truth.

by Kent Roberts and Richard Norwood