NASSCOM EMERGE Community Catalyst for Growth of Emerging & Start-Up companies

Read the press release from the horse's mouth (aka ISO)

http://www.iso.org/iso/pressrelease.htm?refid=Ref1138

Dear Hemanta

Ensuring compliance is all about perception and internal drive. In my experience in implementing ISO standards be it 9001, 27001 or 25000, at the end of the day its about how a team uses it to move ahead. Majority of my implementations have just been a wall hanging at their facilities for their client's to come and have a look at. But we have been fortunate enough to get people who really want to bring in the discipline into the system and use that to grow.

The point regarding the manner in which ISO Programs have been implemented has a lot to do with the sponsors, implementers and auditors. As a reference framework ISO and all other models offer sound management practices and most of us will agree to this statement.

This is surely a topic which deserves a separate discussion thread of its own.

We shouldn't blame the weapon if there's a crime. I would just add that a rifle can also be used to win Olympic Gold Medal - Abhinav Bindra will probably agree!

ISO 9001:2008 (as I understand it based on the drafts issued so far and numerous articles on many websites) will have major changes w.r.t the following:

1. Training has to be seen in the context of competence and not merely training effectiveness. There should be clear demonstration of training results in terms of the impact on competence enhancement

2. Infrastructure will now include the computing and other IT facilities provided to employees

3. MR role can't be staffed with an external consultant - MR must necessarily be from the Management Team

4. Management of outsourced processes needs to be done with higher rigor

5. In addition to the above, at various places additional notes or changes have been introduced to aid clear and consistent interpretation.

On the whole, the implementations of improvement/quality programs will not require significant operational changes. However, from a tactical and strategic angle there are many changes which are required. An example of this - even in a smaller company someone from the management team will have to take the mantle of being the MR (I can see this itself making a sea-change to the ISO Programs!)

i agree with you that there is no point blaming the arrow when the hand that let it is crooked. Yes that definitely warrants a separate thread of its own. But in principle there have been some frustration from Medium sized organisation stating stringent adherence to these practices cramps & constraints them for e.g. one of my customers who is in IT services had to face a tough time during his ISO 9001 implementation specifically with respect to their Purchase policy. As per process the policies for purchase was deemed very stringent for an IT services organisation. 

Financial audits performed for a period (P&L) or as on date (Balance Sheet), rely on the financial data available with the organization or rather made available by the organization. And they could be wrong for technical reasons (unintentional calculation or understanding error) or ethical reasons (remember Enron). Despite this most of us readily rely on the published financial reports as we believe organizations will take utmost care as any lapse will open them up for legal action.

Similar logic applies to audits for management systems like ISO et al - organizations take due care to make sure they have the right evidence to successfully demonstrate compliance. The evidence presented to the auditors could be wrong for technical reasons (unintentional calculation or understanding error) or ethical reasons.

ISO and other certifications/laws/regulations like SOX, Basel II, CMMI, GAAP rely on documented evidence to carry out the audits. Unfortunately or fortunately, I can't think of any other way in which audits can be performed. We need to understand the fact that auditors can't be present at all times with an organization to do audits in an ongoing mode (even if this were possible the costs will be prohibitive) and they need something which is visible and verifiable to assess compliance. Documentation can be seen as a "necessary evil" if one may like but there's simply no alternative that meets both the criteria of verifiable and visible. Keeping documentation to the minimum possible may hold the key but there's no consensus either on what is "minimum possible".

Audits add value by revealing where an organization stands vis-à-vis the target certification/law/regulation. The quality of audits results depends squarely on the facts/data/documents presented to the auditors and how meticulously and ethically they are assessed. Audits in all cases, however, "constrain" an organization to clean up its acts and books at least to the extent required to demonstrate compliance. Despite the general perception that accounting data and certifications do not truly reflect the "as is" situation most of us rely on them as there's no other better alternative.

Hi, i would like to share my thought process about QUALITY,

I think quality is way of life, it needs to be continuously inculcated and oriented in the set of people working together.

Practically, internal auditors who take the resposibility of regular internal audits and checking, quality orientation sessions for team, even during inductions there can be quality orientation, in the orientation, team needs to be addressed that quality is not only paper work / documentation, it goes alonwith process steps and we need to live the process to possess quality in our work culture.

ISO publishes new edition of ISO 9001 quality management system standard

http://www.iso.org/iso/pressrelease.htm?refid=Ref1180

Please share this with everyone you think will be interested

Thanks Hemanta, forwarded to our quality team, i will also go through.

regards

Jyoti