Tag Archives: International Organization for Standardization

What is ISO 9001:2008? The Stunning Conclusion!

 

English: ISO 9001 Version 2008 associated docu...
English: ISO 9001 Version 2008 associated documentation

Hosting Company Auditing and Certification — Part 3-B of 3

Here is a final look at the legitimacy standards we have in place at Superb Internet, which we’re exploring for two reasons:

  1. To establish how we meet and exceed all of the major credibility markers common to the hosting industry; and,
  2. So you can have an educated sense of what these seemingly cryptic acronyms and numbers mean, which can help you vet organizations in various fields.

Our staff is certified for ITIL (Information Technology Infrastructure Library), which I covered in Part 1 of this series; ITIL confirms our expertise and commitment to continual improvement in IT consultation. Our business is audited via SSAE-16 (Statement on Standard for Attestation Engagements #16) as well, which was discussed in Part 2 and verifies our bookkeeping policies and processes.

“I’d never be audited by those SASE enthusiasts. Why should a stamped envelope ever address itself? It ain’t proper.”

Sir … I’m not talking about self-addressed stamp envelopes. Please calm down; we’re almost finished with the series. Part 3, which I subdivided into two pieces, is on the Quality Management System (QMS) described in our ISO 9001:2008 accreditation. This standard is developed by an international body of top industry professionals who together determine universal (cross-cultural) standards of operation for businesses. In the first article (3-A), I reviewed Sections 4 & 5 of the standard (the first two of five sections); this second piece will review Sections 6-8. (Work by Praxiom Research Group Limited was instrumental to understanding the standard.)

“Never subsection. Never. It ruins the venison – makes it gamey and unclean, like a checkerboard.”

Thank you for the advice. OK so we will take a look at each of these sections. Each of them pertains to a different set of requirements: Resource Requirements (Section 6), Realization Requirements (Section 7), and Remedial Requirements (Section 8).

ISO 9001:2008 – Section 6: “Resource Requirements”

Section 6 has to do with identification and provision of the resources needed by your business. Here is fuller detail of the requirements related to resources:

1.    Identify & Provide – Figuring out what resources you need and how to provide them is given an overview in Section 6.1.

2.    Worker Competence – Section 6.2 relates to the capabilities of anyone completing tasks within the organization, as follows:

  • Make sure the workers have appropriate competence, the ability to deliver products effectively.
  • Consider and remain aware of the needs your organization has regarding competence – this applies to any staff members, including both those who are directly and indirectly responsible for organizational duties.
  • Train and otherwise prepare staff and resources to meet needs properly.
  • Review and determine how well the training activities function.
  • Compile and keep data and records related to your workers, proving their competencies.

“I prove my competencies by gutting a prairie dog, taking its still-beating heart, and –”

Listen, sir, no more organ removal references. Moving on …

3.    Infrastructure Provision – Requirements on how to create a sustainable infrastructure are established in Section 6.3.

  • In order to meet product requirements, you must do the following:

o    Identify your infrastructure needs.

o    Provide whatever resources are needed to create it.

o    Maintain the infrastructure. Maintenance is achieved via periodic reviews and objective assessment of all its details.

4.    Environment Suitability – 6.4 focuses on how the environment of the workspace interrelates with the quality of the system.

  • A work environment must be defined and established that will result in the highest quality.
  • Once defined and established, the work environment must be properly managed so that quality indicators can be consistently met.

“Just give me a badge and a gun. Then the rest of the work environment will take care of itself, consistently.”

Eh, that’s probably not a good idea.

ISO 9001:2008 – Section 7: “Realization Requirements”

This section has to do with bringing products into reality – how you go about transforming a product from scratch into fully realized form. These are the basic steps:

1.    Planning Control – A large part of successful realization is in the planning. The planning stage is discussed in Section 7.1.

  • First, planning must be developed into a process.
  • The process must then be used to organize, step-by-step, how products will be realized.
  • Outputs should be developed from the planning process that both reflect the organization and foster understanding of the realization roadmap.
  • Not just the planning process but the realization processes themselves must be planned.

2.    Customer Processes – Controlling processes that involve your customers is the focus of Section 7.2.

  • Figure out what your product requirements are. Here’s how:

o    Understand the needs your customers want you to meet.

o    Identify what is required by your product itself and by its functionality.

o    Determine what is needed per agencies outside your organization (eg, federal).

o    Understand any additional needs your firm has.

  • Specific to customer needs related to products, perform a review to go over these parameters:

o    What are they? Assess and elaborate.

o    Develop records related to them and conduct regular maintenance.

o    Control for any modifications.

  • Communication procedures with your customers should be understood, detailed, and put into action.

“My communication procedures involve a bullhorn, an aerosol can, and an acetylene torch.”

I hope this is unrelated to your town constable work. OK so more on realization …

3.    Product Development – Section 7.3 has to do with establishing controls for the designing and developing of products.

  • Plan how to design and develop as follows:

o    Plan and control how you design and develop your products.

o    Outputs from planning should be revised and modified regularly.

  • Determine what the inputs are to manage design and development:

o    This involves definition, maintenance, and review of inputs (ie, anything going into that aspect of the system).

  • Also figure out what the outputs are (ie, what comes out of the system):

o    You need to determine what these are ideally, create outputs actively, and monitor them.

o    Make sure that your outputs achieve the needs of your inputs.

  • Review your processes frequently, actively, and openly:

o    Design and development should be studied and assessed from all possible angles.

o    These reviews should all be recorded and kept in an organized system for continual improvement.

  • Confirm your processes through a systematized verification procedure, which can give you a sense of whether this part of the QMS is working smoothly:

o    Confirm that both design and development meet the specifications you’ve established for them through *verifications*.

o    Keep records of these confirmation processes and results as well.

  • Ensure the validity of this aspect of the QMS:

o    An additional way to understand your design and development is by ensuring that it is valid – that it represents truth and makes sense.

o    Keep records of these checks.

  • Make sure that proper administration protocol governs all adaptations to the system:

o    See where adaptations are taking place. Is anything changing within that system?

o    Make notes of any changes that have taken place either purposely or accidentally.

o    Review, verify, and validate as noted above. Through each of these processes, ensure that objectivity and the QMS itself are prioritized.

o    Approve any adjustments or modifications; revise the QMS as applicable moving forward.

“I think the best way to modify is to stay absolutely silent and look to the left and right rapidly.”

Now you’re honoring the prairie dog. You are truly a complicated man.

4.    Purchase Control – This section (7.4) deals with the control of organizational purchases, both on the process and on what you purchase itself:

  • Make sure you have proper controls on both the suppliers and any incoming products:

o    Develop a list of parameters that must be met by suppliers.

o    Choose suppliers based on their ability to meet your needs.

o    The products themselves should also be vetted and reviewed.

  • Your needs should be properly delineated and communicated with any potential suppliers:

o    Definition and description.

o    Communicate these needs based off the documentation you’ve developed.

  • Make sure you have reasonable processes for verifying any products your firm purchases:

o    Develop and activate processes to verify and inspect the products, to ensure needs are being met.

5.    Providing Controls – The way that you provide products and services is controlled by the standards of Section 7.5.

  • All production and services should occur within defined controls.
  • Validate and control any special process – one that contains outputs that cannot be determined or understood until production/delivery.
  • Understand, define, and measure your products.
  • Determine and ensure safety of any customer property your organization ever has within its possession.
  • Make sure that products and pieces of products continue to meet needs set forth in the QMS, both while moving within the organization and during delivery.

“As with digestion: I track and record all robots that are passed to me by the grocery-industrial complex. Lots of data, all of it helpful.”

Good, that sounds helpful.

6.    Measuring Equipment – Per 7.6, all equipment you use to track and measure data should be controlled:

  • Figure out what you need in terms of measurement.
  • Ensure equipment meets these needs.
  • Keep equipment calibrated, and ensure your software meets all monitoring needs.

ISO 9001:2008 – Section 8: “Remedial Requirements”

Section 8 deals with improvement and correction of any problems throughout the Quality Management System and firm as a whole.

1.    Measuring Processes – Section 8.1 defines, broadly speaking, the creation of ways to measure and monitor.

  • General determination, planning, and the activation of processes to measure and monitor.

2.    Measuring Categories – The next section (8.2) is specific to the measurement and monitoring of specific aspects, including the following:

  • Customer satisfaction
  • Internal auditing
  • The processes of your QMS itself
  • Characteristics of individual products.

“All I need in a product is that it’s bright blue and smells like road kill.”

I don’t even know if that product exists. Speaking of which, nonstandard products:

3.    Nonstandard Products – Products that don’t fit the expectations of the rest of the system are determined and controlled via section 8.3 as follows:

  • Creation, recording, and activation of products.

4.    QMS Numbers – QMS data is recorded and assessed within 8.4:

  • Determination of types of data
  • Collection
  • Analysis.

5.    Standardized Improvements – The final section, 8.5, has to do with improving the system and making any necessary corrections:

  • Basing analysis and improvement on how effective different aspects are.
  • Changing anything that does not comply with the system.
  • Recording all actions taken.
  • Ensuring that irregular products don’t unnecessarily recur.

“I’m irregular ever since I chewed on that prairie dog.”

Dude, I don’t want to hear about it.

Summary & Conclusion

So that covers all our certifications, standards, and audits. Again, ISO standards come from an international body whose intent is to create worldwide ways of understanding the legitimacy and functionality of systems across the globe. Its establishment of how to create and maintain quality helps us understand how to build the fiber of superiority into Superb Internet, as well as how to maintain it. Parameters covered in this piece include the resources needed to achieve the ends of a Quality Management System (QMS), how to realize products most effectively, and how to perform improvements in the most quality-conscious ways.

by Kent Roberts and Richard Norwood

What is ISO 9001:2008? This is Gonna Be Fun!


English: Illustrative diagram of history of de...
English: Illustrative diagram of history of development of ISO 9000 series of standards (Photo credit: Wikipedia)

Hosting Company Auditing and Certification — Part 3-A of 3

In addition to Superb Internet’s ITIL staff certification (Part 1 of this three-part series) and our SSAE-16 auditing (Part 2), we are certified for the ISO 9001:2008 standard. This is the first of a two-part within a four-part series, so 3-A & 3-B is the last one (because both are on this same standard). This article (3-A) covers the first 2 sections of the standard, Sections 4 & 5, and the final one (3-B) covers the last 3 sections, Sections 6-8.

“You and your standards. You’ll never mount a 28-point buck on your wall if you don’t lower your standards to the point where you can do and say whatever you want, such as call a 3-point buck a 28-point buck.”

3-point? That’s lopsided, isn’t it? Listen, sir, again – please stop disrupting my train of thought. ISO is short for the International Organization for Standardization (that’s correct, despite the lettering flip-flop). Its goal, as stated in its initial charter created by a 25-nation delegation that met in London in 1946, is “to facilitate the international coordination and unification of industrial standards.”

“Interesting. You do realize that most meetings of folks outside America in 1946 were just an excuse for pinkos to exchange bomb-making and dirty-dancing techniques, right? Or are we reading different websites?”

Well… Unfortunately I’m busy now writing this piece, but once I’m through, I’d love to hear what kind of sultry dance moves were most prevalent during the 1940s. ISO 9001:2008, one of the standards developed and maintained by the ISO, contains parameters for a credible quality management system. Regardless of the size of a business or its industry, 9001:2008 certification is useful for demonstrating the full functionality of quality management practices within an organization.

“My quality management system involves dunking my head in a bucket of ice water when I’ve had too much to drink. Makes me feel refreshed… and very cold.”

I can imagine. It’s a good system you have, though. No one can fault you for that. Below I will review the importance and scope of the International Organization for Standardization, why 9001:2008 has significance, and further explanation of what it entails as a third-party certification method.

The ISO: Diverse Scope, Unified Mission

Since its inception, the International Organization for Standardization has created almost 20,000 standards. All its standards are voluntary. However, as with the SSAE and ITIL credentials we hold, sometimes our clients have internal rules specifying that they can only work with organizations possessing certain third-party certifications.

“I’ll show you a third-party certification. It’s called my American Nazi Party voter registration card.”

Please, please don’t ever vote, my man. The ISO streamlines business practices by placing global guidelines on how organizational systems should be administered and managed. Additionally, because the ISO has members from over 160 nations and create standards via consensus, international trade is enhanced by agreements made at the level of standardization (or so say its advocates).

“Gotcha, you con-artist! Everyone knows there are only 43 countries. Well… I guess 44 if you count Antarctica.”

You have an interesting globe. How many countries are in South America, for example? Two? Paraguay takes up half the continent? Additionally, the ISO, because it is comprised of so many nations, is able to draw on the perspectives of experts from all over the planet. The diversity of the organization’s membership allows the standards it creates not only to be objective, but also to be flexible enough to allow application across a worldwide cultural tableau.

“I’m looking for a woman who’s flexible enough to allow application across a worldwide cultural tableau.”

Thank you for sharing.

What is the ISO 9000 Family?

Here’s how 9001:2008 fits into the broader picture of the standards. A topical subgroup within which the ISO organizes standards pertaining to certain subject matter is referred to as a “family of standards.” Sample families are quality management, environmental management, country codes, food safety management, social responsibility, energy management, risk management, currency codes, and language codes. The ISO 9000 family, of which 9001:2008 is a part, covers quality management.

“Ma’am, I’d like to uncover your quality, and then I’d like to manage it.”

Wow, your mind is really in the gutter. The quality management heading for ISO 9000 denotes creating a meaningful relationship between the needs and desires of a customer and the products and services offered by an organization. Examples of some of the “siblings” of 9001:2008 include 9004:2009, which specifically covers improving the efficiency and effectiveness of a quality management system, and 19011:2011, which standardizes auditing (both in-house and third-party) of such a system.

“I once got ‘audited’ by the IRA. They were very violent. I’m lucky to have survived.”

The Irish Republican Army? Huh, well, I’m sorry that happened to you.

ISO 9001:2008 – Section 4: “General Requirements”

Let’s take a look at the individual sections of the standard. The standard has 5 sections that run from “Section 4” to “Section 8.” They cover, in order, General Requirements, Management Requirements, Resource Requirements, Realization Requirements, and Remedial Requirements.

“I require that you stand at the other end of the shooting range during target practice.”

That’s not a very nice thing to say. Section 4 covers the following:

1.    Development of the Quality Management System (QMS) – Section 4.1 is kind of an overview. It includes doing the following with the QMS:

  • Establishment
  • Documentation
  • Implementation
  • Maintenance
  • Improvement.

It also introduces the idea of basing the QMS in a process model – such as the PDCA (Plan/Do/Check/Act) Cycle – to allow for constant adaptation.

2.    Documentation of the QMS – Section 4.2 deals with documents in the following ways:

  • Ensure that the paperwork is related to what your business does, that it’s properly customized to your culture and industry.
  • Specifically it’s advised to create a manual that has to do with quality; it should be regularly reviewed/revised.
  • Place proper controls on this paperwork. This applies both to documents and records (below).
  • Records need to also be created and controlled. These records are data and information (aka inputs) related to quality over time — as opposed to general overview, descriptive, and policy statements made in the manual.

“I never met a man I respected who didn’t know how to control his records. Loved every one I met who could. Like Metallica once said, ‘Nothing else matters.’”

That’s an interesting perspective. Thanks for the Metallica reference. That’s helpful.

ISO 9001:2008 – Section 5: “Management Requirements”

Section 5 is the requirements for management. To be clear, this relates to managing the QMS; however, the individual in charge should also be someone within the management of the company (see #5 below). An overview of this section:

1.    Dedication to Quality – Section 5.1 has to do with the following efforts related to integrating a prioritized attitude toward quality into your company via support:

  • Make sure it’s easy for the system to be created and developed.
  • Make sure it’s easy for it to be put into place, to be implemented.
  • Also ensure that you can easily make modifications and improvements to the QMS.

2.    Customer Focus – You heard it here first: the customer is always right. Section 5.2 deals with maintaining a customer-centered perspective in these two ways:

  • Identification of their concerns. Find out what your customers want.
  • Meet their concerns. Don’t turn customer concerns away at the door. Ensure that all needs are being properly addressed.

3.    Quality Policy – 5.3 addresses specifics of how to manage and maintain your internal quality policy in the following ways:

  • It should be functional and clear about the requirements.
  • It should express improvement processes and dedication to evolution.
  • Your quality policy should directly reflect your objectives (below).
  • Make sure that the policy is disseminated and fluidly open to suggestions from everyone in your organization.
  • Perform regular reviews, and revise as needed.

4.    Proper Planning – Make sure plans are in place to allow the QMS to grow and thrive methodically, per Section 5.4, as follows:

  • Support, create, and ensure the functionality of quality objectives, so you know what you’re trying to achieve.
  • Plan to create the QMS, document it, and put it into place, as well as to perform regular upkeep and modifications.

5.    Who Does What – Section 5.5 mandates determining the roles and responsibilities for quality within your organization … like so:

  • Make sure it’s clear who’s in charge of what, as well as what exactly the designated individuals need to do within their roles.
  • Everyone in the organization should who know these designees are.
  • An executive in your organization should be ultimately in charge of the QMS.
  • You should have a framework in place to allow and encourage internal dialogue about the QMS.

6.    Regular Reviews – Section 5.6 relates to reviews of the QMS:

  • Perform reviews at reasonable intervals. Look at opportunities for improvements. Keep records.
  • Look at and study your QMS inputs (information/records).
  • Create outputs. In other words, you need takeaways from these reviews. What did you learn? Also determine what resources are needed moving forward.

“9/11 was an inside job!”

Sir …

“You’re the one using bullets! You’re a hypocrite.”

OK …

Summary & Conclusion

These standards are important to us at Superb Internet. They allow us to demonstrate both our commitment to standards established by the international community and our ability to actually meet those standards. We are, after all, certified in ISO 9001:2008.

So far, we have covered general and management requirements. Essentially, you need to create a sustainable system, take it seriously, make it adaptive, and enhance communication; doing so will ensure it is an organic, flexible, organization-wide team effort. Assign roles and responsibilities. Collect data, analyze it, and document your takeaways. Ensure that there are always outputs to correspond to the inputs (data and info) flowing through the QMS.

We have three sections left, which will be covered in the final part of this series, 3-B: resources, realization, and remediation. OK I’m through. Let’s get to those sultry dance moves, buddy: I can handle the truth.

by Kent Roberts and Richard Norwood