Information security SMS users welcome ISO/IEC 27001

Transcription

Information security SMS users welcome ISO/IEC 27001
Vol. 6, No. 2
IMS
March-April 2006
ISO Management Systems
When Results Count. ISO Standards.
ISSN 1680-8096
Information
security
• Greenhouse
gas accounting
• ISO 22000
and world trade
• People
and quality
S-Class and
ISO/TR 14062
ISO 9001 in
the media ?
ISO 9001 in China
ISO/IEC 17025:2005. The international accreditation
standard for competent laboratories.
Confidence in the competence of laboratories
is frequently needed
Competent laboratories operate to
International Standards.
• by businesses when testing new products, or
ensuring that finished products are fit for sale
Competent laboratories operate to
ISO/IEC 17025:2005.
• by government regulators and trade officials
who require assurance about domestic or
imported products before they can be placed
on the market
• by consumers and users of products who
need assurance about the quality and
reliability of testing and analysis relating to
environmental, health or safety hazards.
Available from ISO national member institutes
(listed with contact details on the ISO Web site :
www.iso.org) and from the ISO Central
Secretariat Web store at www.iso.org or
by e-mail at [email protected].
© ISO Management Systems, www.iso.org/ims
EDITORIAL
by Roger Frost
A naked, unashamed marketing blurb
A
s catchy titles go, how do you rate the following : ISO
14064-1:2006, Greenhouse gases – Part 1 : Specification
with guidance at the organization level for the quantification and reporting of greenhouse gas emissions
and removals ?
Or how about the sequel : ISO 14064-2 :2006, Greenhouse gases
– Part 2 : Specification with guidance at the project level for
the quantification, monitoring and reporting of greenhouse
gas emission reductions and removal enhancements ?
Or the concluding episode to the
series : ISO 14064-3:2006, Greenhouse gases – Part 3 : Specification
with guidance for the validation
and verification of greenhouse gas
assertions ?
ed by the United Kingdom Meteorological Office in February
2005, contends that rising concentrations of greenhouse gases
may have more serious impacts than previously believed, and
that the poorest countries will be most vulnerable to the harmful effects.
In the report’s foreword, British Prime Minister Tony Blair writes
that “ it is now plain that the emission of greenhouse gases…is
causing global warming at a rate that is unsustainable.”
The stakes are high. ISO Secretary-General Alan Bryden has
commented : “ Claims made about reductions of the greenhouse
gas emissions widely held responsible for climate change may
have political and financial implications, in addition to environmental
and technical ones. Ensuring their
credibility is thus vital.”
The scope is both micro- and macroscopic : from local, national and
regional to global levels.
You’re forgiven if none of them is
your idea of the title of a best seller.
And yet…
So far, ISO 14001 has rather overshadowed the other documents in
ISO’s environmental management
family. The publication of the ISO
14064 series (see pages 14-16) may
change that. I certainly hope so.
And this editorial is an unrepentant, bare-faced promotional “ blurb ” for the
ISO 14064 series. Its aim is to encourage you to
buy the standards and, even more so, to implement them.
The dynamics are, to say the least,
variable. Emissions and claims
about them are likely to become
the object of dealings that could
range from principled negotiation,
fair bargaining and consensus-seeking to pressure tactics, power moves
and horse-trading.
ISO 14064 and ISO 14065 :
buy these standards —
and use them !
And the same goes for the complementary
ISO 14065 series, due next year, which specifies requirements
to accredit or otherwise recognize bodies that undertake greenhouse gas validation or verification.
The good environmental management practice distilled in ISO
14001 remains globally relevant. At the same time, to practise
good environmental practice, it helps to have a good environment left in which to practise. And that’s where ISO 14064 and
ISO 14065 come in.
The negative effects on the physical, economic and social environments of an atmosphere rendered unstable by the build-up
of greenhouse gas emissions have placed climate change and
how to mitigate it as one of the most pressing items on the global agenda.
Whatever the context, as the urgency to tackle the problem increases, so will the
need intensify for a robust, internationally
accepted tool for quantifying greenhouse gas
emissions and verifying claims about them.
That tool is ISO 14064.
The standard has been developed by some 175 international
experts from 45 countries and 19 liaison organizations, guided by the four principles of regime neutrality, technical rigour,
extensive participation and speed-to-market. They have laboured
to provide a variety of users with a flexible, credible and verifiable tool applicable across a variety of voluntary or regulatory
greenhouse gas schemes.
ISO 14064 and ISO 14065, like all tools, are made to be used.
At another time of world crisis, the call, “ Give us the tools and
we’ll finish the job ! ” came from a leader, Winston Churchill.
This time, the call goes to leaders, political and economic, and
could be expressed as, “You’ve got the tools – now please use
them to get the job done ! ”
A report entitled, Avoiding Dangerous Climate Change, which
collates evidence presented by scientists at a conference host-
ISO Management Systems – March-April 2006 1
What sort of manager are you ?
Type A or Type B ?
AB
Option A
Option B

I’m focused on my own short-term goals.
The future can take care of itself. Waste, finite
resources and the environment are someone
else’s problem. Good corporate citizenship is just
“ window dressing.”
I take the strategic view. My goal is sustainable business – without polluting or depleting the
environment. I save money by cutting waste and
making efficient use of resources. I respect the
environmental concerns of customers, shareholders, employees, regulators, local communities, and
society as a whole.

If you ticked Option A, then running a business
that meets the requirements for sustainable
development is your objective. ISO has a road
map to get you there :
• ISO 14001:2004, Environmental management systems –
Specification with guidance for use.
• ISO 14004:2004, Environmental management systems –
General guidelines on principles,systems and supporting techniques.
•
Newly revised • Globally relevant • Even clearer
• Still more compatible with ISO 9001:2000
For ‘ A ’ class managers !
Available from ISO’s national member institutes
(listed with contact details on the ISO Web site : www.iso.org)
and ISO Central Secretariat (Web store + [email protected]).
© ISO Management Systems, www.iso.org/ims
CONTENTS
VIEWPOINT
5
ISO 22000’s potential impact on world trade in agricultural
products According to Raymond Saner and Ricardo Guilherme, ISO 22000,
Food safety management systems, has the potential to bridge some of
the gaps between the rich importing and the poor would-be exporting
countries. The authors are respectively Director and associate trade
researcher of the Centre for Socio-Eco-Nomic Development (CSEND).
SPECIAL REPORT
ISO MANAGEMENT
SYSTEMS is published
six times a year
by the Central
Secretariat of ISO (International
Organization for Standardization)
and is available in English,
French and Spanish editions.
Publisher : ISO Central Secretariat,
1, rue de Varembé, Case postale 56,
CH-1211 Geneva 20, Switzerland.
Tel.
+ 41 22 749 01 11.
Fax
+ 41 22 733 34 30.
E-mail [email protected]
Web
www.iso.org
Editor in Chief : Roger Frost.
Contributing Editor : Garry Lambert.
Artwork : Pascal Krieger,
Pierre Granier.
A one-year subscription
(six issues) to ISO MANAGEMENT
SYSTEMS costs 128 Swiss francs.
Subscription enquiries : Sonia
Rosas-Friot, ISO Central Secretariat.
Tel.
+ 41 22 749 03 36.
Fax
+ 41 22 749 09 47.
E-mail [email protected]
Advertising enquiries :
ISO Central Secretariat,
Case postale 56, CH-1211 Geneva 20,
Switzerland.
Contact : Régis Brinster.
Tel.
+ 41 22 749 02 44.
E-mail [email protected]
and
SOGI Communication, 103, rue La
Fayette, 75481 Paris cedex 10, France.
Contact : Martin de Halleux.
Tel.
+ 33 (0)1 42 81 94 00.
E-mail [email protected]
© ISO, March-April 2006.
The views expressed in ISO
MANAGEMENT SYSTEMS are those
of the authors. The advertising
of products, services, events or
training courses in this publication
does not imply their approval by ISO.
Cover photo : © ISO
9
Information security – ISMS users welcome
ISO/IEC 27001 – the new international benchmark
Experienced users of information security management systems (ISMS)
are rolling out the red carpet for the recently published ISO/IEC
27001:2005, which is set to become the international benchmark.
ISO INSIDER
14
Launching of ISO 14064 for greenhouse gas accounting and verification • ISO studies
people aspects in quality management • ISO prevents misuse of its name on Internet to
the benefit of consumers
INTERNATIONAL
28
Early adopters underline benefits of ISO 22000
Companies among the first in the world to implement ISO 22000 are underlining the benefits of the new International Standard for ensuring safe food
supply chains.
ISO 9000 in China’s Great March to quality
The Chinese Government’s early and forward-looking support for ISO 9000
has paid dividends in integrating Chinese companies with global supply chains.
ISO/TR 14062 gives Mercedes road map to
designing environmentally friendly car
The Mercedes Car Group has introduced the S-Class, a
more environmentally friendly vehicle produced via a
“Design for Environment” (DfE) programme using ISO/
TR 14062 and other standards in the ISO 14000 family.
Breaking news –
ISO 9001-based
quality
management for
the media
Two media quality management
standards based on ISO 9001:2000
are now being rolled out by their first
users in Belgium, France, India,
Kenya, and Mexico.
POM or BOM? The best way to implement ISO 14001
What’s needed ? Performance or balance ?
POM
BOM
STANDARDS FOR SERVICES
44
Israeli standards for telephone billing and for mass events
Innovatory service standards developed by the Standards Institution of Israel (SII) include
ones to make telephone billing transparent and to ensure the safety of mass public events.
NEXT ISSUE
48
ISO Management Systems – March-April 2006 3
ISO 22000 for
safe food supply
chains.
ISO 22000, Food
safety management
systems – Requirements
for any organization in
the food chain.
Available from ISO national
member institutes (listed
with contact details on the ISO
Web site : www.iso.org) and
from the ISO Central Secretariat
Web store at www.iso.org.
E-mail enquiries to [email protected].
Looks good.
But is it safe ?
© ISO Management Systems, www.iso.org/ims
VIEWPOINT
Hardly a day goes by
without the media
reporting on the difficult negotiations
w i t h i n t h e Wo r l d
Trade Organization
(WTO) and the threat
to international trade
should there be no successful conclusion to the Doha
Round.
The problem most often reported centers around market
access for agricultural products from developing countries
that cannot pass the prohibitively high level of tariffs of the
industrialized countries.
Many of the developing countries suffer from deep poverty. The only products they can
sell are agricultural products.
Developed countries, on the
other hand, are justifiably worried about health risks due to
food poisoning and other foodrelated illnesses. The situation
seems impossible to solve.
However, ISO 22000, Food
safety management systems –
Requirements for any organization in the food chain, has
the potential to bridge some
of the gaps between the rich
importing and the poor wouldbe exporting countries.
Food safety and
international trade
To give an idea of the global
importance of the food and
agriculture sector, we can note
that the European food industry alone represents a sector
valued at USD 700 billion dollars and employment for more
than 2,6 million people. 1)
by Raymond Saner and
Ricardo Guilherme
ISO 22000’s
potential
impact on
world trade
in agricultural
products
Efficient and harmonized measures
to ensure safe and
adequate food supply chains and food
management are of
paramount importance to the
citizens of all countries. For
example, the worldwide concerns linked to genetically
modified organisms and plants,
avian flu or foot-and-mouth
disease are examples of how
such concerns affect our daily lives.
To respond to such concerns,
safety measures have been
developed by different international organizations like the
Food and Agriculture Organization (FAO), the World
Health Organization (WHO),
the WTO and ISO.
Country
Raymond Saner is Director of
the Centre for Socio-Eco-Nomic
Development (CSEND), an independent, non-governmental
organization based in Geneva,
Switzerland, specializing in capacity building, organizational
reform and institutional development, and of its research and
development branch, Diplomacy
Dialogue.
Ricardo Guilherme is associate
trade researcher at CSEND,
specializing in trade law.
E-mail [email protected]
Web www.csend.org
Web www.diplomacydialogue.org
While obviously necessary,
each measure taken to ensure
food safety and to ensure
against food-related illnesses has potentially devastating impacts on the exporting countries, especially from
developing and poor regions
of the world.
The importance and potential negative impact of food
safety measures is even higher in developing countries,
since the share of agriculture
in GDP, as well as with regard
to total population engaged in
agriculture, represents major
proportions in many of these
often very poor countries (see
Table 1).
1) “The Sixth Framework
Programme – new research
opportunities for SMEs ”, at
http://sme.cordis.lu/thematic/
home.cfm
(as of 7 December 2005).
Share of
agriculture
in GDP
Share of total
population
engaged in
agriculture
Bangladesh
30,0
59,6
India
27,0
56,8
Kenya
29,0
77,1
Pakistan
26,0
52,6
Senegal
18,0
75,0
Developing countries (average)
26,3
50,4
Table 1 – The importance of agriculture to wealth and employment
in developing countries.
FAO, “ Agriculture, Trade and Food Security : Issues and Options in the
WTO Negotiations from the Perspective of Developing Countries ”,
Geneva, 2000, Volume II (GDP data taken from World Bank, World
Development Report, 1998/99).
ISO Management Systems – March-April 2006 5
© ISO Management Systems, www.iso.org/ims
VIEWPOINT
Impact of SPS measures – Kenya
The widely publicized case of European Union (EU) restrictions on fish exports from Lake Victoria in Kenya in 1997
gives us a glimpse of how hard food safety requirements
and subsequent import restrictions can impact developing countries.
The region of Lake Victoria was responsible in 2001 for
over 95 % of all Kenyan fish landings (with Nile perch as
the dominant species), having experienced a population
inflow around the lake border of more than 1,2 million
people in just two years. It is also worth noting that in the
1980’s and 1990’s, Kenyan fishery was almost totally exportoriented, mainly to the EU.
However, due to several concerns related to hygiene, salmonella detection, pesticide residues and a cholera outbreak
in East Africa, the EU practically banned importation of
fresh fish from that region in 1997. This caused Nile perch
exports to fall from 14 143 tonnes in 1996 to 10 881 tonnes
in 1998, with export value dropping dramatically from USD
43,9 million in 1996 to USD 29 million in 1998.
ITC and Commonwealth Secretariat, “ Influencing and Meeting
International Standards – Challenges for Developing Countries ”,
Geneva, 2003.
Therefore, long-lasting food
safety problems may result in
very negative impacts on the
economies of poor, developing
countries (see box, Impact of
SPS measures – Kenya ).
The same holds true for stringent food safety compliance
requirements – such as water
treatment and fumigation
requirements, maximum residue limits of pesticides and
technical requirements higher than those in international
standards – imposed on poorer and smaller nations (see
box, Standards and non-tariff
barriers ).
Ideally, food safety measures
should safeguard the lives of
ISO 22000 has the
potential to bridge
some of the gaps
between the rich and the
poor countries
the consumers while minimizing negative impacts on food
producers whenever possible.
Unfortunately, what is legitimate (food safety) is sometimes mixed up with illegitimate goals (protectionism of
local food producers resulting
in discrimination against foreign food producers).
As the European Union (EU)
Trade Commissioner, Peter
Mandelson, has asserted,
“…future challenges in trade
policy [will be] in the so-called
non-tariff barriers to trade, to
which the question of standards is crucial … If not managed with care, these measures can be impediments to
trade which are difficult to
justify.”
He went on to say, “ [It must
be] confusing for a third country to receive one of 25 different national certificates
for a product that is subject
to harmonized EU rules ”. He
added : “…we must not allow
our standards to be based on
prejudice, or as a response to
pressure groups. The basis for
them has to be sound scientific analysis .”
Standards and non-tariff barriers
Standards and non-tariff barriers can prove quasi-insurmountable obstacles when practised against least developed countries and small island nations. The case of Jamaican pepper is an example of how difficult compliance with
sanitary and phytosanitary measures (SPS) can become.
Jamaican hot pepper is a priority yield suitable for small
producers, and directed to both domestic and foreign markets such as the US, Canada and Mexico. However, exports
are currently lower than they were a decade ago.
Among other factors such as marketing and production
problems, food safety issues, like a gall midge infestation
in 1997, prompted the US to demand fumigation on all
peppers exported from Jamaica, including bell and chili
peppers (even though the gall midge pest had been only
detected in hot peppers).
Quick action was taken by the Jamaican government to
solve the issue, but the comprehensive measures requested
by the US meant only that production costs would increase
for Jamaica. To make matters worse, the Jamaican Hot Pepper Task Force and the US Animal and Plant Health Inspection Services (APHIS) agreed, in 2002, on a 10-point SPS
system to remove the fumigation requirements
In the event, Jamaica did not implement the system, highlighting the considerable problems that US measures have
caused to Jamaican exporters. As the World Bank says, while
the Jamaican government has been proactive to respond
to the problem, pay-offs were close to zero and exports
virtually crumbled.
Henson, Spencer, and Jaffee, Steve, “Jamaica’s Trade in Ethnic
Foods and Other Niche Products: The Impact of Food Safety and
Plant Health Standards”, World Bank, 2005.
6 ISO Management Systems – March-April 2006
© ISO Management Systems, www.iso.org/ims
VIEWPOINT
In conclusion, the EU Trade
Commissioner underlined the
need for a continued push “ for
harmonization of SPS products and process requirements
through the establishment of
international rules.” 2)
or recommendations, where
they exist ” 3).
The Agreement defines the
Codex Alimentarius Commission as the body responsible
for establishment of standards,
guidelines and recommendations related to food safety,
Disparities are not limited to
transactions between developed and developing countries ; divergences abound even
in North-North and SouthSouth negotiations, corroborating the dire need for harmonization and homogeneous
treatment of SPS measures in
the international trading environment.
In fact, more has to be done
in terms of technical assistance and capacity building in
poorer countries, particularly under the Standards and
Trade Development Facility
(STDF)5), a joint initiative by
FAO, World Organization for
Animal Health (OIE), World
Bank, WHO and WTO.
In a meeting held 29-30 June
2005 4), the WTO Committee on
SPS Measures reported specific
examples of trade concerns
Harmonization
The use of harmonized food
safety measures between member countries of the WTO,
on the basis of international
standards developed by international organizations, constitutes a main goal of the WTO
Agreement on the Application
of Sanitary and Phytosanitary
Measures ( SPS Agreement ).
The SPS Agreement attempts
to regulate harmonization
when it comes to measures
applied to protect human,
animal or plant life or health,
stating that, “to harmonize
sanitary and phytosanitary
measures on as wide a basis
as possible, members shall
base their sanitary or phytosanitary measures on international standards, guidelines
food additives, veterinary drug
and pesticide residues, contaminants, methods of analysis and
sampling, and codes and guidelines of hygienic practice.
Members are able to employ
more stringent levels of protection, provided there is sound
scientific justification and a
non-discriminatory assessment
of risks. But the fact of the
matter is that the SPS Agreement sometimes provides for
ambivalent flexibility in terms
of applicable food safety measures, thus causing several compliance problems especially in
the case of developing countries’ agricultural exports (see
box, Standards and non-tariff
barriers).
tha t r an ge d
from Australia’s import
restrictions
on apples from New Zealand,
the EU and the United States,
to the EU’s private retailers’
EurepGap fruit and vegetable
restrictions against least developed countries (LDC’s), or also
to Japan’s import suspension
on heat-processed straw and
forage for feed due to a footand-mouth disease outbreak
in China.
In the same meeting, China
asserted that the “volume of
notifications of SPS measures posed a significant problem for developing countries”,
in contradiction with special
and differential treatment for
developing countries, and in
particular LDC’s.
ISO 22000 – a feasible
alternative ?
The importance of ISO to the
current debate on food safety
is clear. ISO has a long-standing and productive cooperation with the Codex Alimentarius Commission with more
than 300 ISO standards having
2) Speech by Peter Mandelson at
the Conference on EU Exports
and Sanitary and Phytosanitary
Measures, Brussels, 27 May 2005.
3) WTO Agreement on the Application of Sanitary and Phytosanitary
Measures, Article 3.1 (excerpt).
4) WTO Committee on Sanitary and
Phytosanitary Measures, summary of
the meeting held on 29-30 June 2005
(G/SPS/R/37/Rev.1), 18 August 2005.
5) See www.standardsfacility.org.
ISO Management Systems – March-April 2006 7
© ISO Management Systems, www.iso.org/ims
VIEWPOINT
HACCP steps
been adopted by Codex in such
areas as food products, water
quality, chemistry and conformity assessment 6).
This historically tight cooperation between ISO and Codex
means that proper harmonization of food safety management
systems may not be just a distant
ambition, but a viable objective
after all under the international
trade framework.
Food safety problems
may result in very
negative impacts on
the economies of poor,
developing countries
Accordingly, at a July 2005 session of Codex, several governmental delegations underlined
the view that ISO’s activities in
providing harmonized international standards for adoption as
national standards are important, and that Codex should continue its cooperation with ISO
in the relevant areas. The complementary character of ISO and
Codex denoted the importance
of an optimized coordination
between the two bodies 7).
ISO 22000, published on
1 September 2005, solidifies a
response to an increasingly
diverse mesh of domestic food
safety regulations, without sidetracking from the wider scope
of the ISO 9001:2000 quality
management system standard
and the Hazard Analysis and
Critical Control Point (HACCP) parameters adopted by
Codex.
8 ISO Management Systems – March-April 2006
By facilitating the implementation of HACCP guidelines and
harmonizing otherwise diverse
national regulations, the ISO
22000 standard might be able
to respond to legitimate food
safety requirements while at
the same time help reduce the
non-tariff barriers caused by
the use of illegitimate (protectionist) SPS measures.
ISO 22000 mirrors the HACCP
principles and facilitates their
practical implementation on a
step-by-step basis (see Table 2),
striking a homogeneous balance
as a food safety standard for countries and private players alike.
With its “ food chain/processdriven ” approach, ISO 22000
treats food safety concerns in a
holistic manner that efficiently
oversees the “ forest ” of safety
requirements, while linking individual processes to the whole
system and ensuring objective
measurement of results.
This means that domestic food
safety management systems
around the world could be subject to equivalent performance
evaluations. At the same time,
capacity-building efforts, instead
of aiming at costly bilateral
compliance initiatives, could
be more easily implemented
in an internationally accepted
manner, even if adjustments
to regional conditions are to be
taken into account.
ISO 22000 – strategic step
ISO 22000, covering HACCP
principles, Codex application
steps and the main requirements of private food retail-
Equivalent
coverage
by ISO
22000 ?
Hazard Analysis
YES
Critical Control
Point (CCP)
Determination
YES
CCP Limits
YES
Monitoring
of CCPs
YES
Corrective
Action Plan
YES
System
Verification
YES
Documentation
YES
Table 2 – Comparison of HACCP and
ISO 22000.
ers, may play a crucial role in
the attainment of a basic food
safety standard for producers
in developed and developing
countries. It thus represents a
strategic step towards further
harmonization of food safety
demands in the global arena.
In other words, ISO 22000 would
be able to moderate concerns
related to trade barrier negotiations and streamline capacitybuilding efforts in developing
countries. If properly adopted and implemented by countries, it would reflect universally
accepted food safety requirements, demanding fewer disparate efforts by countries and
producers on tight budgets.
With the potential for increased
transparency and traceability
measures, ISO 22000 is a useful tool to address the sensitive issue of SPS measures as
discriminatory or disguised
restrictions in international
trade and in access to export
markets.
ISO 22000 could be the main
conduit for SPS trade facilitation, simplifying formalities
connected with importation
and exportation, and allowing
developing countries to create
more employment, increase
domestic revenue and meet the
necessary poverty reduction
and millennium development
goals in due course 8).
And given proper political will
by member countries, official
endorsement of ISO 22000
and other ISO standards by the
SPS Agreement, in cooperation
with ISO, national accreditation
authorities and the STDF initiative, would finally enable effective WTO negotiations on the
harmonization of standards.
This would ensure that the
food safety interests of most
countries do not conflict with
the capacity-building and market access needs of poorer
nations.
•
6) WTO Committee on Sanitary
and Phytosanitary Measures, statement by the representative of ISO
at the meeting of 29-30 June 2005
(G/SPS/GEN/589), 11 July 2005.
One may also mention the newly
published ISO/PAS 28000 specification or supply chain security
management systems as an additional apparatus to foster smooth
and coordinated flows of international trade among countries.
7) Codex Alimentarius Commission,
Report of the Twenty-Eighth Session on 4-9 July 2005 (Alinorm
05/28/41), Rome, 2005.
8) See, for instance, Annex E of the
Draft Ministerial Text (Doha Work
Programme – Preparations for the
Sixth Session) of the Ministerial
Conference, 2005.
© ISO Management Systems, www.iso.org/ims
SPECIAL REPORT
ISMS users welcome ISO/IEC 27001–
the new international benchmark
Experienced users of information security management systems (ISMS) are
rolling out the red carpet for the recently published ISO/IEC 27001:2005,
which is set to become the international benchmark. This Special Report
gives voice to the customers of the standard. A follow-up article in the next
issue of ISO Management Systems will provide implementation guidance.
Information is an all-pervasive asset that drives operations and processes across all
business areas. Today, information is considered as a key
business commodity and is
ascribed business value, utility and importance.
by Ted Humphreys
Ted Humphreys serves as
Convenor of the Joint Technical
Committee, ISO/IEC JTC 1, Information Technology, Subcommittee 27, IT Security techniques,
Working Group 1, Requirements,
services and guidelines. He is
also Director of XiSEC, a company
specializing in information
security management systems.
Tel. + 44 1473 626615.
E-mail [email protected]
Web www.xisec.com
Recognizing the business value of information is of extreme
importance to all organizations.
In summary, business needs to
make sure it manages its information effectively to get the
most value out of it.
This means managing information security risks to ensure that
information is not :
• denied or made unavailable
– e.g. this could be a denial of service attack from an
external threat, or due to an
accidental system failure or
overload ;
• lost, destroyed or corrupted
– e.g. this could be an attack
from an external threat, or
an accidental system failure
or user processing error ; or
• leaked, disclosed without
authority, or stolen – e.g.
this could be an attack from
ISO Management Systems – March-April 2006 9
© ISO Management Systems, www.iso.org/ims
SPECIAL REPORT
an external threat, an accidental system failure, or an
insider leaking information
to competitors or external
colleagues.
Without information security,
the business is faced with various negative impacts including
financial consequences, weakened protection of the organization’s intellectual capital
and IPR, loss of market share,
poor productivity and performance ratings, ineffective operations, inability to comply with
laws and regulations, or loss of
image and reputation.
Today, information
is considered as
a key business commodity
The recently published standard ISO/IEC 27001:2005, Information technology – Security techniques – Information
security management systems –
Requirements, provides a basis
for designing and deploying a
management system for information security.
This ISO/IEC standard revises and improves on the hugely successful previous information security management
system (ISMS) standard from
British Standards Institution
(BSI) BS 7799 Part 2:2002,
which it replaces.
This article provides feedback
from some of those thousands
of businesses that have already
been using an ISMS to manage and protect the critical
and important asset of information.
BAE Systems Bofors AB,
Sweden
“ It is vital to be certified both
for us and for our customers.
Since we also deal with many
international contacts, a worldwide certificate of this kind is
essential.”
Anders Jonsson, Director
of Information Technology.
BAE Systems Bofors
Managing information
security
As a management tool, ISO/
IEC 27001 relates to the broader roles and responsibilities of
an organization such as corporate social responsibility, governance and legal and regulatory obligations. All these aspects
can be associated with the
increasing dependence of businesses on information systems
and information and communication technologies (ICT).
ISO/IEC 27001 is a risk-based
specification designed to take
care of the information security aspects of corporate governance, protection of tangible
and non-tangible assets information assets and legal and
contractual obligations, as well
as the wide range of threats to
the organization’s ICT systems
and business processes.
Applying the ISO/IEC 27001
risk management philosophy
as part of the business’s overall risk approach provides the
organization with the means
to implement effective information security management
in compliance with the organ-
10 ISO Management Systems – March-April 2006
ization’s objectives and business requirements.
Certification is not
a mandatory requirement
of ISO/IEC 27001
ISMS certification
Tata Steel, India
Certification in compliance with
BS 7799 Part 2 has been in place
for several years now. Certification is not a mandatory requirement of ISO /IEC 27001:2005
(or of BS 7799 Part 2) – it is
the decision of the organization whether or not to take the
certification route. ISO/IEC
27001:2005 (and previously BS
7799 Part 2) can be used without going for certification.
“ Tata Steel felt the need to
improve information security due to increased usage
and dependence on IT and
increased risk perception by
its stakeholders. We were certified for fulfilling the requirements of BS7799 Part 2 standard in 2003.
However, over 2 000 organizations from over 50 countries
have been certified and the
growth in this area is increasing rapidly. The International
Register of ISMS Certificates
is available on the Web at www.
ISO27001certificates.com and
provides a comprehensive,
country-by-country overview
of all the organizations that
have been certified.
The following selection of
organizations that did decide
to go for certification highlights a number of motivations
and benefits.
“ By implementation of the controls and framework of BS7799
Part 2, we have been able to
reduce information security risks, threats and provide
assurance to our stakeholders. It has helped us to build
an environment of information security awareness and
lay down a focused and structured approach towards security management.
“ We welcome the release of
ISO/IEC 27001 for providing
an international framework for
improving information security controls and their implementation.”
Raghavendra Mathur Head
IT Infrastructure, Tata Steel
© ISO Management Systems, www.iso.org/ims
SPECIAL REPORT
Siemens Business Services
GmbH, Vienna, Austria
“ We have striven for certification because this standard
offers a maximum of security. When making offers, we
enclose the certificate according to BS 7799 Part 2. This
spares us the necessity to furnish additional evidence on
information security – a real
competitive advantage ”.
Dr. Albert Felbauer,
General Manager, Siemens
Business Services
Range of market sectors
The organizations that are
already implementing ISO/IEC
27001 cut across a wide range
of market sectors, including:
telecoms, financial and insurance services, manufacturing
sector, utilities (electricity,
gas, oil, water), retail industry,
service industry, healthcare,
police and emergency services, universities and government departments.
tion bodies that approve certification bodies are allowing
18 months from the publication
of ISO/IEC 27001 (15 October
2005) for the latter to make
arrangements with their clients for making the transition
to the new standard.
User feedback
The following feedback on
information security management systems comes from a
selection of organizations that
have already benefited from
ISO/IEC 27001, or that are
experienced users of BS 7799
Part 2 and are now making the
transition to the new International Standard.
Larsen & Toubro Limited,
India
Larsen & Toubro was the first
company in the world certified
to ISO/IEC 27001:2005. L&T is
one of the Asia’s largest engineering and construction con-
glomerates with business in the
chemical, petrochemical, fertilizer, hydrocarbon, oil and
gas, nuclear and hydro power,
cement, minerals, automobile,
aerospace, ship building and
allied sectors.
With its joint ventures such
as L&T Chiyoda and L&T
Sargent & Lundy, its activities include computer-assisted
engineering, process technology, basic and detailed engineering, heavy engineering,
modular fabrication, project
management, procurement,
logistics, erection, construction
and commissioning.
“ Our engineering procurement and construction business environment, dealing
with large lump-sum turnkey
projects, involves a variety of
complex factors such as global
level dependencies, co-ordination between players, and location issues, besides technology, competence and business
risks. As such, it is only logical
for us to leverage the information technology potential to
meet our business objectives
and grow a breed of satisfied
customers.
“With the increasing use of
IT in our day-to-day business
operations, protecting the business’ critical information and
information processing assets
from all possible threats and
vulnerabilities is more important now than ever before, considering the business dependency.
Larsen & Toubro (L&T), India, one
of the Asia’s largest engineering
and construction conglomerates,
was the first company in the world
certified to ISO/IEC 27001:2005.
The feedback coming in from
around the world is that businesses have been eagerly waiting for the arrival ISO/IEC
27001 in order to achieve certification to an internationally recognized benchmark. It is
expected that this will accelerate the growth in the certification business following on
the success of ISO 9001 and
ISO 14001.
Now that ISO/IEC 27001:2005
has been published, BS 7799
Part 2: 2005 has been withdrawn and all current certificates will need to be upgraded
into ISO/IEC 27001 certificates. The national accredita-
ISO Management Systems – March-April 2006 11
© ISO Management Systems, www.iso.org/ims
SPECIAL REPORT
“ IT security concerns have
been uppermost in our mind,
prompting us to collaborate
with both governmental and
nongovernmental agencies
and professional forums such
as ISO/IEC, BSI, ISMS-International Users’ Group (ISMSIUG), etc., besides ensuring
compliance to IT security best
practices. We are proud to be
part of the global developmental efforts on IT security
management and to pioneer
the trends.
K. Venkataramanan, President
(Operations) of L&T, India: ‘The
ISMS in accordance with ISO/IEC
27001…assures the top management of the consistency of actions
and ability to respond to challenging business situations in the
event of any disaster.’
“The ISMS in accordance with
ISO/IEC 27001 ensures formal structured business risks
assessment and guides application of security controls and
technology. It assures the top
management of the consistency of actions and ability to
respond to challenging business situations in the event of
any disaster.
“ B e s i d e s t h i s, i t h e l p s i n
spreading information security awareness and the need for
compliance across the organization.”
security and provide its customers with the confidence to
know that industry best practice was being rigorously followed.
K. Venkataramanan,
President (Operations) &
Member of the Board, L&T
“Commitment to the standard
has already helped the company win business with a range of
local and central government
clients in addition to several
larger corporate clients within the private sector. Customers appreciated the assurance
of Nesco’s regular six-monthly external audits by an independent, accredited third party certification body.
Nesco Group, United Kingdom
“ As an IT recruitment and
training organization, the
Nesco Group was experienced
in handling sensitive and confidential information. As the
business continued to grow
and the volume and sensitivity of both internally and externally generated information
increased, so did the need for
the group to demonstrate a
commitment to information
security to its customers and
prospects alike.
“ Certification to BS 7799 has
demonstrated that the Nesco
Group is a secure organization with which to do business. Achieving BS 7799 is
clear demonstration of our
commitment to providing the
very highest levels of information security.”
Tina Holt, Operations
Director and Director of
Security, Nesco Group
“As a significant supplier of
services to the public sector,
the Nesco Group identified
BS 7799 as a key differentiator
within this increasingly important market sector. The Nesco
Group knew that by being one
of the first IT recruitment and
training companies to implement an ISMS, certified to BS
7799, this would publicly reaffirm its commitment to data
12 ISO Management Systems – March-April 2006
“ It is vital that the company’s
recruitment and training activities are protected from security breaches or interruption.
It was primarily for this reason that the company chose
to achieve BS 7799. The ISMS
ensures that any risk to the
group’s internal systems and
the data they carry are controlled and the chances of a security breach or interruption are
minimized.
“ The ISMS features a strict
security policy, supported by
regular security forums and
audits. The regime covers the
physical security of all premises and IT assets, provides for
back-up systems and a disaster recovery plan and includes
ongoing security training for
all employees.
“ Our recruitment and training customers trust us with
their confidential information.
Achieving BS 7799 enabled
us to reassure them that their
trust was well placed.”
Brian Wilshaw, Senior
Business Development Manager,
Nesco Group
TDS AG, Germany
“ As an IT service provider
with a comprehensive outsourcing service spectrum,
TDS AG has had information
security certifications for many
years. These include, for example, the IT Baseline Protection
from the German authority for
IT security.
“ In addition, the company’s
data centres were certified
in accordance with ISO/IEC
27001 in 2005. To achieve this,
it was necessary to carry out
risk analyses for all hardware
and software systems.
“ The new ISO/IEC 27001 was
important for TDS because it
was easier to integrate with the
existing quality and information security management system and it was possible to simplify the documentation.
“ The new standard especially demands a measurability of information security. To
describe and ‘live’ information
security is one thing. To constantly measure it is another,
more important undertaking.
This resulted in the addition
of continual improvement of
the ISMS processes.
“The biggest advantage of the
ISO/IEC 27001 certification
for TDS is first and foremost
that it is an ISO/IEC standard which is recognized internationally. As TDS operates
internationally, this was a very
important aspect.
“ Additional security also
requires the integration of subcontractors during and after
the end of the working relationship. So within the ISO/
IEC 27001 requirements that
© ISO Management Systems, www.iso.org/ims
SPECIAL REPORT
Knut Krabbes, Quality and
Security Manager of TDS, Germany :
‘ The biggest advantage of the
ISO/IEC 27001 certification for TDS
is first and foremost that it is an
ISO/IEC standard which is
recognized internationally.’
ensuring the integrity, accessibility and availability of information to its clients – other
governmental departments and
police, fire and health services
on the island.
is important that these organizations know they are handling
secure data and that all relevant legislation – such as the
Data Protection Act – is being
adhered to.
“ISD has now made compliance
with BS 7799 a contractual obligation for its business critical
outsourced services. This policy has already seen Manx Telecom, who manages the government’s wide area network
(WAN), achieve certification to
BS 7799 for its business.
“ Improved management. The
move from a technical focus to
a more business-led focus has
seen some significant changes
in working practices. There are
now clearer responsibilities and
roles and a single repository for
information with centralized
documentation under strict version control is therefore more
easily accessible.
“ The benefits of an ISMS
include the following :
have now been created, these
sub-contractors are to be monitored. Through the new standard, an increase in the precision
of the requirements has been
reached, so that audits also contain informed statements.
“ Process improvement. Areas
for improvement are now easier to identify. ISD changed the
way in which it approached
its formal incident procedure which has led to service
improvement.
“ I am convinced that through
the new ISO/IEC 27001 standard, a big step towards more
security in the TDS Group has
been achieved.”
“ A typical example of this
would be where a server has
failed. Previously, the failure
would have been noted, fixed
and normal service resumed.
Now, it is classified as a corrective action, the reasons for
the failure examined more
carefully and measures put in
place which in turn should help
reduce system down-time.
Knut Krabbes, Quality and
Security Manager, TDS AG
Isle of Man Government
“Achieving BS 7799 is a cornerstone of the government’s
strategy in bringing about fundamental changes in the way it
uses IT and in its external positioning as the ‘e-island ’.
“The Information Systems Division (ISD) is at the heart of this
project, providing a robust and
effective technical infrastructure
and promoting development of
pan-government processes.
“Achieving high standards of
information security was fundamental to the project and in
“ Business assurance. Certification to the standard has raised
the profile of the ISD within
the government and gives valuable assurance to customers
and suppliers that it is following best practice, which is particularly important where data
is shared with off-island organizations.
“ For example, the island’s police
and health services regularly
share data with their United
Kingdom counterparts. Here, it
“This in turn has helped improve
communications throughout the
division which consists of 150
users spread over three sites.
“ BS 7799 has enabled us to
drive through a significant business change and improvement
programme and will continue
to keep us focused on new initiatives and process improvement.
“We have recently been assessed
against the new and enhanced
requirements of ISO/IEC 27001
by our certification body and
are currently awaiting our certificate.”
Allan Paterson, Director,
Information Systems Division,
Treasury, Isle of Man
Government
ISMS success factors
It is important that organizations implementing ISO/IEC
27001 :
• stay focused on the business
needs ;
• always consider information
security as an integrated part
of implementing the business
objectives for risk management, governance and deploying cost-effective measures
for the organization’s commercial well-being ;
• consider information security as a business culture,
as proposed by the OECD
Security Principles :
• make sure information security is an on-going process to
achieve effective deployment
of an ISMS to ensure the
businesses security posture
is kept up to date through
continual improvement ;
• win management commitment early in the process ;
and
• involve a multi-disciplinary
approach across the business
as security should not be left
to the IT department – it
should be regarded as a corporate issue with responsibilities assigned across all
levels of management and
staff roles.
Out-perform
ISO/IEC 27001:2005 is already
establishing itself as the international benchmark for information security management
systems. As users testify, it provides many benefits to businesses, ensuring their security and
well-being and allowing them
to be successful in today’s riskpervasive environments.
The feedback indicates that
ISO/IEC 27001 is destined
even to out-perform its highly
successful forerunner, BS 7799
Part 2, and is set for worldwide implementation across
the whole spectrum of markets
and business sectors.
•
ISO Management Systems – March-April 2006 13
© ISO Management Systems, www.iso.org/ims
ISO INSIDER
Launching of ISO 14064 for greenhouse gas
accounting and verification
by Chan Kook Weng and Kevin Boehmer
in 2002 by the ISO Technical
Management Board’s Ad Hoc
Group on Climate Change. It
observed that governments,
business corporations and voluntary initiatives were using
a number of approaches to
account for organization- and
project-level GHG emissions
and removals with no generally accepted validation or verification protocols.
ISO was preparing to launch
its new international greenhouse gas (GHG) accounting
and verification standards – the
three-part ISO 14064 – when
this issue of ISO Management
Systems went to press.
ISO’s goal in developing the
standards is to provide a set
of unambiguous and verifiable requirements or specifications to support organizations
and proponents of GHG emission reduction projects. When
they use ISO 14064 for quantification, reporting and verification, it will ensure that “ a
tonne of carbon is always a
tonne of carbon .”
ISO 14064 has resulted from
several years of detailed study
and engagement with the international community of governmental and business organizations with a stake in climate
Some 175 international
experts from 45 countries
and 19 liaison organizations
participated in developing
ISO 14064
In response, the Department
of Standards Malaysia (DSM
– www.dsm.gov.my) and the
Standards Council of Canada
(SCC – www.scc.ca) proposed
the development of ISO 14064
and have since managed some
175 international experts from
45 countries and 19 liaison
organizations through eight
international meetings to complete the standard.
ISO 14064, Greenhouse gases,
comprises three parts, respectively detailing specifications
and guidance for the organizational and project levels,
and for validation and verification.
Organizational level
Part 1: Specification with guidance at the organization level for the quantification and
reporting of greenhouse gas
emissions and removals, details
principles and requirements for
designing, developing, managing and reporting organizational- or company-level GHG
inventories.
ISO 14064 objectives are to :
change. It has been developed
by Working Group (WG) 5 on
Climate Change of ISO Technical Committee (TC) 207, which
is responsible for the ISO 14000
family of environmental management standards.
These high profile standards
– which were presented at
the United Nations Climate
Change Conference in Montreal, Canada, in late 2005 – will
provide clarity and consistency
between those reporting GHG
emissions and stakeholders.
ISO 14064 provides a solution
to the problem brought to light
14 ISO Management Systems – March-April 2006
• enhance environmental
integrity by promoting consistency, transparency and
credibility in GHG quantification, monitoring, reporting and verification ;
• enable organizations to
identify and manage GHGrelated liabilities, assets and
risks ;
• facilitate the trade of GHG
allowances or credits ; and
• support the design, development and implementation
of comparable and consistent GHG schemes or programmes.
Dr. Chan Kook Weng (left) is
Convenor, ISO/TC 207 Working
Group 5 on Climate Change. He
is a Senior Research Fellow with
the Malaysian Palm Oil Board.
Kevin Boehmer (right) is Secretary, ISO TC/207/WG 5. He is a
Programme Manager with the
Canadian Standards Association.
E-mail [email protected]
Web www.csa.ca
Web www.tc207.org
© ISO Management Systems, www.iso.org/ims
ISO INSIDER
It includes requirements for
determining organizational
boundaries, GHG emission
boundaries, quantifying an
organization’s GHG emissions
and removals, and identifying
specific company actions or
activities aimed at improving
GHG management.
ISO 14064 will be
complemented by ISO 14065
on accreditation of GHG
verification or validation
bodies
Part 1 will be of interest to
organizations participating in
voluntary GHG registries or
regulatory allowance-based
schemes, or GHG scheme
administrators designing such
programmes or schemes.
GHG projects or project-based
activities specifically designed
to reduce GHG emissions or
increase GHG removals.
It includes principles and
requirements for determin-
ing project baseline scenarios
and for monitoring, quantifying and reporting project performance relative to the baseline scenario and provides the
basis for GHG projects to be
validated and verified.
Part 1 is consistent with best
practice established in the
Greenhouse Gas Protocol Corporate Accounting Standard
developed by the World Business Council for Sustainable
Development and the World
Resources Institute.
Project level
It also includes requirements
and guidance on inventory
quality management, reporting, internal auditing and the
organization’s responsibilities
in verification activities.
Part 2 : Specification with guidance at the project level for the
quantification, monitoring and
reporting of greenhouse gas
emission reductions and removal enhancements, focuses on
ISO 14064-1
Design and develop organizational GHG inventories
ISO 14064-2
Design and implement GHG
projects
GHG inventory documentation
and Reports
GHG project documentation
and reports
GHG Assertion
Verification
Verification
process
Programme
specific
Level of
assurance
consistent
with needs
of intended
user
ISO 14064-3
GHG Assertion
Validation and/or
verification
Validation and
verification process
For example ISO 14065
(To be published) Requirements for
validation or verification bodies
Programme
specific
Figure 1 – The relationships between the three parts of ISO 14064 and ISO 14065.
The Part 2 standard will be
of interest to project proponents participating in voluntary programmes or regulatory credit-based schemes, or
GHG scheme administrators
designing such programmes
or schemes.
Requirements
of the
applicable
GHG
programme
or intended
users
Part 2 of ISO 14064 requires
users to select or establish relevant good practice guidance
in fulfilling many of its requirements to ensure compatibility with existing (e.g., Clean
Development Mechanism) or
emerging practice.
Validation and verification
Part 3 : Specification with guidance for the validation and
verification of greenhouse gas
assertions, details principles
and requirements for verifying GHG inventories and
ISO Management Systems – March-April 2006 15
© ISO Management Systems, www.iso.org/ims
ISO INSIDER
validating or verifying GHG
projects.
ISO 14064 process principles
It describes the process for
GHG-related validation or
verification and specifies components such as validation or
verification planning, assessment procedures and the evaluation of organization or project
GHG assertions.
Regime neutrality – ISO 14064 is GHG regime or scheme
neutral. In other words, the developers of ISO 14064
balanced being “ scheme sensitive ” with becoming “ scheme
selective ” or being “ policy relevant ” with becoming
“ policy prescriptive ”.
ISO 14064 Part 3 can be used
by organizations or independent parties to validate or verify
GHG assertions and establishes new international best practice for the GHG validation or
verification process.
Technical rigour – The developers of ISO 14064 recognized
that anything short of a technically rigorous standard would
loose market credibility and relevance. To this end, each Part
of ISO 14064 treats technical best practice in its own way –
Part 1 maintains consistency with existing best practice
(eg, GHG Protocol), Part 2 is designed to be compatible with
existing best practice or allows for the establishment and
justification of new best practice, while Part 3 establishes
new international best practice.
ISO 14065
ISO 14064 will be complemented by ISO 14065, which specifies requirements to accredit
or otherwise recognize bodies that undertake GHG validation or verification using
ISO 14064 or other relevant
standards or specifications.
Extensive participation – WG 5 recognized that the
credibility of ISO 14064 might be impacted by the extensiveness of participation in the standards development
process. The participation of various countries, regions,
stakeholder groups and technical experts was therefore
encouraged to ensure different perspectives ; needs
and expertise were accounted for.
ISO 14064 embodies the
principles of regime
neutrality, technical rigour,
extensive participation and
speed-to-market
ISO 14065 is being developed
by the joint Working Group 6,
which was set up in 2004 and
comprises experts from ISO/
TC 207 and ISO/CASCO, Committee on conformity assessment, managed by the South
African Bureau of Standards
(SABS – www.sabs.co.za) in
partnership with the Standards
Council of Canada. The standard is expected to be published
in early 2007.
Speed-to-market – As a variety of GHG initiatives and
schemes have been established, are under development or
are being planned, WG 5 committed to an ambitious, but
responsible schedule to complete the standard. WG 5
delivered ISO 14064 in about three-and-a-half years.
Table 1 – ISO 14064 process principles.
Figure 1 (preceeding page)
shows the relationships between
the three parts of ISO 14064
and ISO 14065.
Challenges
The developers of ISO 14064,
whilst taking advantage of
ISO’s reputation and process
16 ISO Management Systems – March-April 2006
strengths, were not immune
from the challenges of standardization in this sometimes complex and always political area.
To help guide their work, WG 5
established and maintained the
four principles of regime neutrality, technical rigour, extensive participation, speed-tomarket (see Table 1).
ISO 14064 developers regularly revisited these process
principles to help ensure that
the standards would provide
a variety of users with a flexible, credible and verifiable
tool applicable across a variety of voluntary or regulatory
GHG schemes.
WG 5 is not under the illusion that ISO 14064 will represent a “ total solution ” to
GHG accounting and verification needs, but is confident
that it represents an important
“ building block ” to organizations or project proponents
participating in various voluntary or regulatory initiatives,
or to administrators responsible for designing and implementing GHG schemes or programmes.
Striking example
ISO Secretary-General Alan
Bryden recently commented:
“ Claims made about reductions of the greenhouse gas
emissions widely held responsible for climate change may
have political and financial
implications, in addition to
environmental and technical
ones. Ensuring their credibility is thus vital.
“ ISO is combining its environmental and conformity assessment expertise to develop tools
for measuring, validating and
verifying such claims. This is a
striking example of how ISO’s
work can help to provide practical tools for meeting the global challenges that the international community is wrestling
with.”
•
© ISO Management Systems, www.iso.org/ims
ISO INSIDER
ISO studies people aspects in quality
management
by Peter Merrill
The opening paragraph of ISO
9000:2000, Quality management systems – Fundamentals
and vocabulary, contains eight
quality management principles
which are the basis of the ISO
9000:2000 series.
The standard starts by saying
that a successful organization
is Customer focused. The job of
the Leadership is to set direction, create objectives for the
organization and Involve people, who are the essence of
the organization, in achieving
those objectives.
The principles continue by
saying that most efficient way
of using an organization’s
resources is through the Proc-
Organizations that manage
their people well score
the highest marks for
successful implementation
of quality management
ess approach and the processes in the organization need to
come together as a System.
It must be a permanent objective of any organization to seek
Continual improvement. If you
do not, then your competition
will overtake you. The way to
drive continual improvement is
through a Factual approach to
decision making. Finally, Mutually beneficial supplier relationships give the greatest value
to the customer and this recognizes that a business system
operates in an “ eco-system ”
with other businesses.
Four of the principles, the
Process approach, a System
approach to management, Continual improvement and a Factual approach to decision making focus on the “ hard skill ” or
“ process ” aspects of an organization. ISO 9001:2000, which
gives the requirements for a
quality management system,
is heavily based on these four
principles.
The other four principles are
about “ people ” and contain
phrases such as the following :
• “ understanding…needs and
expectations ”,
• “ create and maintain the
internal environment in
which people can become
fully involved ”,
• “ people at all levels are
the essence of an organization ”,
• “ full involvement (of people) enables their abilities
to be used for the organization’s benefit ” and
• “ mutually beneficial relationship ”.
ISO 9001:2000 standard does
not develop these principles
to any extent. However, experience shows that organizations that have addressed these
“ people ” issues while developing their management system
have usually implemented ISO
9001:2000 far more easily and
effectively.
Evidence
Do people matter ? We instinctively know that we do matter, but the doubters still ask
for evidence. Evidence of the
benefits of people involvement
comes from a wide range of
sources. Waterstone Human
Peter Merrill is leading the ISO/
TC 176 study group on the involvement of people in management
systems. He is also a member of
the TC 176 Chair’s Strategic Advisory Group with responsibility for
Resource Management.
President of Quest Management
Services, Canada, he is a leading
authority on management systems
in North America and author of
the book Do It Right the Second
Time: Benchmarking Best Practices
in the Quality Change Process
(ISBN: 1563271753).
E-mail pmerrill@
questmanagementservices.com
Web www.
questmanagementservices.com
IMS – November-December 2005 17
© ISO Management Systems, www.iso.org/ims
ISO INSIDER
An American Society Quality survey on people equity in
May 2005 2) shows conclusively that organizations with top
leadership support, that possess a quality culture and that
manage their people well score
by far the highest marks for
successful implementation of
quality management.
The ASQ survey authors conclude, “ The message is simple.
If an organization is serious
about quality, its efforts cannot be confined to a few people with formal quality responsibilities.”
The University of Vigo in
Spain conducted a study of
ISO 9001 implementation 3)
from a perspective of “ personnel participation ” and concluded that this participation
was “ the key for quality system survival and improvement in the long term .” It also
underlines the importance of
“teamwork” in small to medium-sized companies.
People involvement
During the late 1980’s and
1990’s, Europe and North
America developed national
excellence awards based on the
concepts of leadership setting
People
IMPROVEMENT
A strong culture is defined as
one which proactively responds
to market conditions, cares
equally about customers, shareholders and employees and
which rewards people and
behaviours that create useful change.
direction and improvement,
being driven by a balance of
people and process improvement (see Figure 1).
LEADERSHIP
Capital in its 2005 study of
corporate culture 1) shows that
a strong culture correlates
directly with financial performance.
Processes
Figure 1 – The typical national
excellence award model.
Interestingly, the United Kingdom, which supported ISO
9000:1987 (and before that BS
5750) aggressively through the
1980’s and early 1990’s, found a
vacuum in the use of the standard and introduced the Investors in People (IIP) standard in
the 1990’s to fill that gap. Over
30 000 organizations have now
registered to the standard.
Let us look briefly at the “ people ” content of IIP and the
excellence awards, Baldrige
(USA) and EFQM (Europe).
aims and objectives. This is
close to the text within paragraphs 5.4, Quality planning
and 6.2, Human resources of
ISO 9001:2000.
IIP requires an organization to have a plan with clear
aims and objectives which
are understood by its people. The development of people must be in line with these
aims and objectives. People
also need to understand how
they contribute to achieving
18 ISO Management Systems – March-April 2006
The USA pursued their own
comprehensive Malcolm
Baldrige National Award and
“ morphed ” this into various
state awards. The Baldrige
Award includes “ soft skills ”
components. A look at the
Baldrige model (see Figure
2) quickly reveals the balance
of “ people ” and “ process .”
Baldridge addresses the people aspects more fully than ISO
9001:2000.
The organization must be committed to the development of
its people and managers need
to support that development
so that people improve their
performance. IIP also identifies
whether people believe their
contribution to the organization is recognized. This thinking “ pushes the envelope ”
compared to ISO 9001:2000.
1) 2005 Canadian Corporate Culture Study, by Waterstone Human
Capital.
E-mail [email protected]
The organization then needs
to improve in performance of
its teams and individuals. People must also understand the
impact of their development on
the performance of the organization. Finally, the organization gets better at developing
its people. This links very closely to Section 8, Measurement,
analysis and improvement of
ISO 9001:2000.
2) “ People Equity : The Hidden
Driver of Quality ,” by Kostman
and Scheimann, Quality Progress,
May 2005. Web www.asq.org.
3) “ Quality Management and
Personnel Participation, ” by
Prado, Gonzales and Lorenzo ;
University of Vigo, Spain, Human
Factors and Ergonomics in
Manufacturing, Vol. 14 (3) 2004.
E-mail [email protected].
Organizational profile :
Investors in People
IIP focuses very strongly on
people involvement and has
four sections: commitment,
planning, action and evaluation. With some restructuring, the content can be aligned
quite closely with the PlanDo-Check-Act Cycle of ISO
9001:2000.
Baldrige
Environment, relationships, and challenges
2
5
Strategic
planning
Human
resource focus
7
Results
1
Leadership
3
6
Customer and
market focus
Process
management
4
Measurement, analysis and knowledge management
Figure 2 – The Malcolm Baldrige National Quality Award.
© ISO Management Systems, www.iso.org/ims
ISO INSIDER
ENABLERS
EFQM
The European Quality Award,
which is based on the EFQM
Model, again reflects the balance of people and process
(see Figure 3).
The EFQM 2005 Recognition
Book again shows how successful organizations emphasize people development and
involvement, leadership, continual learning, and other people-oriented aspects.
People in ISO and national
standards
The Canadian Standards Association has performed a survey
of people-based standards.
The data has been analyzed by
Dr. Anne Wilcock, of the University of Guelph, and reveals
a sharp increase in the issuing
of people-related standards
over the last five years.
At the international level, ISO/
TC 176, which is the ISO technical committee responsible
for the ISO 9000 family, has
developed ISO 10002, which
focuses on complaints handling
at the customer interface, ISO
10019 on selecting consultants,
and ISO 19011, which among
other issues addresses auditor
competency. These all have an
impact on human issues inside
and outside an organization.
In addition, the excellent ISO
10015 addresses training from
a system perspective.
Many national standard bodies are addressing the people-processes gap in different
ways. Australia has developed AS 5037 on knowledge
management ; Sweden’s SS
624070 provides a framework
for development of a compe-
RESULTS
People
Leadership
Policy and
strategy
The strategy for developing
a “ people standard ” has been
for the study group to take
the “ people ” principles from
ISO 9000:2000, quoted at the
beginning of this article, and to
use them as a base for further
development. It is also using
principles proposed by Japan
as additional input.
Peole results
Processes
Partnerships
and resources
Customer
results
Key
performance
results
Society
results
INNOVATION AND LEARNING
Many national standard
bodies are addressing the
people-processes gap
Figure 3 – The EFQM Model used as the basis for the European Quality
Award.
tence management system,
and Portugal has recently proposed a European Standard on
human resources.
Also at the international level, the International Atomic
Energy Authority (IAEA), in
its draft Standard DS 338 is
including knowledge management content, recognizing that
not all knowledge can be codified but must also be transferred
between people as tacit knowledge. The industry sees this need
with the pending retirement of
many of its key people.
Last but far from least, ISO’s
key mission is to be the “leading
value-adding platform and partner for...global and market relevant International Standards
covering...management and
organizational practices.”
ISO/TC 176 clearly needs to
address the “ people issues ”
of quality management more
effectively. As has been shown
above, much attention to the
people aspects is paid in national standards, in award schemes,
and in several ISO standards.
But the overall context is missing and the information remains
scattered in “ islands ”.
Therefore, ISO/TC 176 Subcommittee (SC) 3, Supporting technologies, resolved at its
2004 annual meeting in Kuala
Lumpur to establish a study
group to address the need,
desirability and feasibility of
guidance documents to help
organizations to develop competencies and people aspects
for quality management.
ISO Guide 72, Guidelines for
the justification and development of management system
standards, will be used to establish the “ business case ”.
People Aspects Study
Group
The People Aspects Study
Group had its first meeting in
Panama in October 2005. The
group is composed of representatives from all regions of
the world, and from both large
and small and medium-sized
enterprises, as well as from
academia. ISO/TC 176/SC 3
has also invited ISO/TC 207,
Environmental Management,
and ISO/CASCO, Committee
on conformity assessment, to
join the study group.
“ People aspects ” address
issues such as change, teamwork, recognition, competence, communication and
the learning organization and
these are being examined to
decide whether they should be
within the scope of the future
standard.
Although the group’s early
work has indicated value in
a people standard, it plans to
carry out a survey in each delegate’s country to identify more
precisely the need and desirability for such a standard. It
is also making an analysis of
awards and standards already
issued that appear to address
people aspects.
The group planned to examine
the results of the survey and
analysis at its next meeting in
March 2006 in Delft, The Netherlands. The People Aspects
Study Group will present its
final report to ISO/TC 176/SC 3
plenary meeting in Busan,
Korea, in November 2006. •
ISO Management Systems – March-April 2006 19
© ISO Management Systems, www.iso.org/ims
ISO INSIDER
ISO prevents
misuse of its
name on Internet
to the benefit
of consumers
by Roger Frost
ISO has recently scored new
successes in its fight to prevent
its name being misused on the
Internet to mislead people into
buying products or services
that they believe are endorsed
by ISO.
The Arbitration and Mediation
Center of WIPO (World Intellectual Property Organization)
ruled that the following Internet domain names, which had
been registered by companies
with no connection to ISO, be
transferred to ISO :
tem standards which at the end
of 2004 were implemented by
some 760 900 organizations in
154 countries
The success of ISO’s standards
has been accompanied by the
growth of organizations offering related products and services such as certification of conformity, consultancy, training,
publications and software.
Vigorous
The majority operates in a
business-like manner without infringing ISO trademarks,
but some make use of ISO’s
name in a way that could confuse potential customers into
believing that these organizations are part of ISO, or that
they, their products or services are endorsed by ISO.
This has led ISO to take even
more vigorous action in recent
• iso1stop.com,
iso9000commerce.com,
isoeasy.com, isoeasy.org,
isoeasy.info, isonet.net and
isotraining.net.
WIPO upheld ISO’s contention that the inclusion of “ iso”
in the domain names gave the
misleading impression that the
Web sites were sponsored by
ISO, or affiliated to it. The
WIPO arbitrators found that
the domain names had been
registered with a view to commercial gain by the registrants
since Internet users could be
attracted to the sites mistakenly believing them to be connected to ISO.
ISO has published more than
16 000 International Standards
including the ISO 9000 and
ISO 14000 management sys-
years to protect Internet users
from making such abusive purchases and to pursue organizations refusing to comply with
ISO’s policy on the use of its
name and logo.
José Checa, Legal Adviser at
ISO Central Secretariat, commented : “ To date, ISO has
successfully filed several cases with the WIPO Center, in
addition to some court actions
in several countries. These decisions have confirmed that ISO
is a famous mark protected in
most countries and that any
unauthorized registration as an
Internet domain name of the
mark ISO – alone or in combination with other words – in
the context of standardization
and related activities should
not be permitted.”
Some make use
of ISO’s name in a way
that could confuse
potential customers
ISO’s policy on the use of its
name and logo can be consulted on its Web site, along with
guidelines on publicizing certification to its ISO 9001: 2000
and ISO 14001: 2004 standards.
•
José Checa, Legal Adviser at
ISO Central Secretariat :
‘ Any unauthorized registration as
an Internet domain name of the
mark ISO – alone or in combination
with other words – in the context
of standardization and related
activities should not be permitted.’
20 ISO Management Systems – March-April 2006
© ISO Management Systems, www.iso.org/ims
INTERNATIONAL
Early adopters underline benefits
of new ISO standard
for safe food supply chains
by Roger Frost
Companies among the first in the world to implement ISO 22000 are underlining the benefits of the new International Standard for ensuring safe food
supply chains. At least 50 countries look set to have adopted it within only six
months of its publication.
Early adopters of ISO 22000,
the new International Standard
on food safety management systems, have provided favourable
comments and expressed positive reactions in response to
an informal enquiry from ISO
Central Secretariat to gauge
the worldwide reaction to ISO
22000, which ISO published on
1 September 2005.
Thirty-four countries around
the world were already reporting various ISO 22000 deployment activities by the end of
2005, while the standard had
also been published as a Euro-
pean Standard, to be followed
by adoption as a national standard by the 29 countries that
are members of the European Committee for Standardization (CEN).
This indicates that ISO 22000
will have been adopted by 50
ISO Management Systems – March-April 2006 21
© ISO Management Systems, www.iso.org/ims
INTERNATIONAL
countries or more – or be in the
process of adoption – within six
months of its publication.
An edited selection of the
replies follows with firstly,
comments from companies
that have already been certified to ISO 22000, and secondly
a brief overview of worldwide
developments.
to guarantee the quality of the
product – like those included
in the seven Hazard Analysis
and Critical Control Points
(HACCP) principles.
“ All these are simplified into
one quality and safety management system that meets all the
requirements of many customers, covering ISO 9001:2000,
GMP, HACCP, BRC, IFS and
similar frameworks.
choice there is an organization working day after day to
achieve one of the main objectives of our winery – continual
improvment.”
The voice
of the ISO 22000 user
ARGENTINA
Bodega Familia Schroeder –
vineyard and winery
Silvina Sassin, Head of Quality Control : “ Implementing
ISO 22000 in our organization
means an advantage over other schemes as it offers management tools – like those offered
by ISO 9001:2000 – but better
adapted to the food industry.
ISO 22000 also gives guidelines
“ On top of this comes the added prestige brought by this
certification to an ISO standard, and the considerable
support we have received as
a result amply justifies this recent venture.
“ O uAn
r ENEL
g r e amedium
t e s t svoltage
atisfact i o noverhead
s t e m s line.
from the fact
that behind the consumers’
22 ISO Management Systems – March-April 2006
Hedelab – manufacturer
of dietary supplements
AUSTRALIA
Vinpac International – wine
bottling and packaging
“ With the implementation of
ISO 22000, we guarantee safe
products and the effectiveness
of the production process. It
also allows us to improve the
relationship with the international market in order to
grow industrially and commercially.
“We believe that the implementation of a food safety management system brings significant
benefits. First of all, it gives
our customers greater confidence when buying and drinking our wines. At the same time,
it instills in all of us here at
the firm a sense of satisfaction
and ease of mind from the
knowledge that what we are
doing is being done well – and
not only from the point of
view of quality. Finally, doing
things properly is beneficial to
society in that it helps to preserve jobs in a healthy organization.
BELGIUM
Ben Bowering, Quality, Health,
Safety and Environmental Manager : “ This standard has the
potential to turn the onerous
task of meeting multiple, often
duplicated or even contradictory requirements from various different safety and quality
guidelines into one meaningful system.
“ I believe that in terms of
its international recognition,
its rigour and its capacity to
improve safety along the entire
food chain, the ISO 22000 standard is exactly that – something that will offer benefits
for everyone concerned.”
Implementing ISO 22000
means an advantage over
other schemes
Gilles Gernaey, Scientific
Director : “ For us, the objective of ISO 22000 is to allow
the harmonized implementation, no matter what the country or product concerned, of
the HACCP method, recognized by experts as the best
tool currently available for
guaranteeing food safety for
the consumer.
ISO 22000 allows
the harmonized
implementation of the
HACCP method
“ Since the significant increase
of various food safety crises,
certain countries, as well as
certain food industry groups
and companies, have established their own safety standards, resulting in more than
2 0 c o e x i s t i n g s t a n d a r d s.
Thanks to the international
consensus which led to the
development of ISO 22000,
certification to this standard
is destined to become the
international benchmark for
food quality.”
© ISO Management Systems, www.iso.org/ims
INTERNATIONAL
DENMARK
FINLAND
Danisco Sugar – sugar factory
of one of the world’s
leading producers of
ingredients for food and
other consumer products
Caternet – fresh food
logistic services
Henrik Solkær, Vice President responsible for sustainable development : “ As a manufacturer of food ingredients
and feed, product safety has
top priority and we find it natural that we’re front runners
in this important area. We constantly strive to improve our
safety efforts and we’ve long
been awaiting a global standard covering both food and
feed as an alternative to many
industry standards.
“ We have a strong focus on
safety management and communication up through the
supply chain – from suppliers
to customers – to ensure the
highest possible food and feed
safety standard. The new ISO
standard thus fits our approach
perfectly. The ISO 22000 certification is an important milestone in our year-long effort,
and we see it as a clear signal
to the world of our stance on
food and feed safety.”
Michael Weckström, Managing
Director (right), and Jaakko
Repo, Quality Manager : “All
our operations are now based
on ISO 22000 and on the ISO
9001:2000 quality management
standard. ISO 22000 is a useful additional tool to the quality management system that
emphasizes the organization’s
responsibility for food safety,
increases the efficiency of our
previous system and improves
our working methods.
“ It has already drawn interest among our customers. In
the future, we see ISO 22000
as bringing credibility to the
company image and improving our competitiveness.”
lia Eau Ile-de-France/Centre
produces and supplies drinking water. ISO 22000 provides
an answer to its core concern :
to control all sanitary hazards.
Before starting our approach
towards ISO 22000 certification, we had already introduced an HACCP system and
an ISO 9001:2000-certified
quality management system.
“ Once it became available,
ISO 22000 was able to merge
seamlessly with the two existing systems. Today, ISO 22000
enables us to identify the risks
associated with our activity,
to foresee them and to more
effectively contain any emergency that may occur.
“ For a group like Veolia Eau,
this certification means that
we can guarantee the reliability of our organization,
not only to our local customers – community groups, for
instance – but also at international level.”
PALESTINE
Al-Haya Food Industries Co.
– meat processing
to prove that commitment to
produce safe food and to comply with International Standards is not limited to big
companies and has nothing
to do with the location of the
company.
“We have managed to develop
the ISO 22000:2005 system by
building on our existing ISO
9001:2000 and HACCP system
in a country with a destroyed
economy and bad security situation.
“ We believe that this new
standard is very comprehensive, well established and very
systematic. It has helped us
in gathering all different systems and programmes under
‘one umbrella’ and achieving
a focused approach to control
the safety of our products.
Certification to this
standard is destined to
become the international
benchmark
“ We now we feel much more
confident in the products’
safety and we have achieved
an excellent reputation in the
country for being the first to
adopt such a new standard.
FRANCE
Veolia Eau
Ile-de-France/Centre
– manager of public
utilities involved
in the production and
supply of drinking
water
Gabrielle Coat – QualityEnvironment Manager : “ Veo-
Nahed A. Sabri, Quality Assurance Manager : “ As a small
meat processing company in
Jerusalem, we have managed
“We very much encourage food
organizations to adopt such a
comprehensive standard which
will have a positive impact on
the overall food safety status
and company reputation – and
we highly appreciate ISO for
taking the initiative to develop this standard.”
ISO Management Systems – March-April 2006 23
© ISO Management Systems, www.iso.org/ims
INTERNATIONAL
PORTUGAL
M.A. Silva Cortiças Lda. –
wine cork producer
link in the food supply chain
and to show the world the
advantages of using a natural
product to seal wine bottles.”
SWITZERLAND
UNITED KINGDOM
Chocolats & Cacaos Favarger – chocolate manufacturer
CROWN Speciality Packaging
– manufacturer of decorative
tinplate containers for food,
promotional and
pharmaceutical products
SPAIN
Angulas Aguinaga – manufacturer of food products
based on fish and surimi
Manuel Silva, President and
Managing Director : “ M.A.Silva
is a leading Portuguese cork
producer whose mission is to
produce reliable, high quality
corks for bottles of fine wines
created around the world. It
was the first company in Portugual to be certified to ISO
22000:2005
“ As a global player, we welcome ISO 22000:2005 because
we had felt the need to have a
normative reference that could
be recognized and accepted
worldwide. Previously, our
dilemma was deciding which
of the existing local norms
we should adopt to meet the
demands of different markets
on food safety.
“ The beauty of ISO 22000 is
that we did not need to overload our documentation system, indeed the standard’s
integration with our quality
management system certified
to ISO 9001 for over 10 years
was quite harmonious.
“ This ISO 22000 certification
is the perfect tool to offer our
customers the guarantee that
our natural corks are a strong
Javier Cañada Millán, Director, Quality and R&D : “ In 2005,
Angulas Aguinaga received the
prize for innovation from the
Ministry of Agriculture and
Fisheries of the Spanish Government.
“ The main reason why we
implemented ISO 22000 is that
it deals specifically with food
safety and because it is a standard with international reach,
developed by a scientifically
based committee with broad
experience in the field of food
and public health.
“ The deployment of this standard required us to strengthen our existing HACCP team,
enabled us to develop a better
structure and a better definition of our corporate quality
policy in relation to food safety
and, as a result of this implementation, we have been able
to move forward significantly
in the study of Critical Control
Points (CCP).”
24 ISO Management Systems – March-April 2006
Philippe de Korodi, General
Manager : “ Favarger recognizes
that the quality and safety of
its products are the condition
for its long-term growth. Customers increasingly need ‘trust
marks’ to make decisions in
the face of complex choices.
In addition to ISO 9001:2000,
ISO 22000 brings the necessary focus on safety.
Complying with
International Standards is
not limited to
big companies
“ The international and ‘neutral’ nature of ISO 22000 certification makes it an attractive and economically sound
management target compared
to other regional food safety standards. For an SME like
Favarger, the cost and energy required to obtain an ISO
22000 certification cannot be
taken for granted. However,
the benefits far outweigh the
investment.”
James Barnett, Plant Manager :
“ Crown Carlisle is very proud
to have achieved another major
milestone with the attainment
of our ISO 22000 food safety management certification.
This significant accomplishment underscores the company’s continued commitment
to deliver best-in-class service
and quality to our clients.
“ Companies within our sector
are increasingly recognizing the
important role of accredited systems in order to protect consumers and enhance the manufacture of product to meet more
demanding standards. The certification enables us to demonstrate the result of our activities
to customers, suppliers and other interested organizations.”
ISO 22000 will have been
adopted by 50 countries
or more
© ISO Management Systems, www.iso.org/ims
INTERNATIONAL
UNITED KINGDOM
The Wrigley Company – manufacturer of chewing and bubblegum, and confectionery
“We have combined ISO 22000
with our own internal standards and this has not only provided a robust guideline for our
food safety management system, but it has also allowed us
to promote a culture of continual improvement in our manufacturing practices.”
European Standard. According
to CEN rules, this means that
all CEN members (29 countries at present) have to adopt
this standard as national standard within six months after
its publication and withdraw
any national standard which
is contradictory with it.
•
The benefits far outweigh
the investment
ISO 22000 worldwide
overview
Alan Richards, Production
Director : “ Food safety standards are of the highest priority
for the Wrigley Company. We
want to be 100 % confident at
all times that we have the very
best systems in place to ensure
that nothing could leave our
factory that could be harmful
to the consumer.
It integrates food
safety management
with our ISO 9001:2000
system
“ After extensively reviewing
existing standards and the new
ISO 22000, we were convinced
that this new standard would
help us ‘ raise the bar ’ to an
even higher level. The benefit
of ISO 22000 is that it audits
and verifies our food safety
management system according to HACCP principles and
that it integrates food safety management with our ISO
9001:2000 quality management
system.
By the end of 2005, activities
at various stages related to the
deployment of the standard
were already being reported
in 34 countries. These activities range from the translation
and adoption of ISO 22000 as a
national standard to the establishment of accreditation and
certification systems, to promotion, training, implementation, certification, preparation for certification audits,
or to waiting for certificates
to be issued following successful audits.
In response to the informal
survey carried out by ISO Central Secretariat, one or several
of such activities were reported to be in process in the following countries: Argentina,
Australia, Belgium, Brazil,
Canada, China, Cuba, Denmark, Estonia, Egypt, Finland,
France, Hungary, India, Israel, Jordan, Latvia, Lithuania,
Malaysia, Morocco, Palestine,
Philippines, Portugal, Serbia
and Montenegro, Singapore,
Slovakia, Slovenia, South Africa, Spain, Thailand, Ukraine,
United Arab Emirates, United Kingdom, USA.
As ISO 22000:2005 was developed in cooperation with the
CEN, it was also published as a
ISO Management Systems – March-April 2006 25
© ISO Management Systems, www.iso.org/ims
INTERNATIONAL
ISO 9000 in China’s Great March
to quality
China’s dynamic economic growth is being driven by booming industrial production much of which is exported to the West. The Chinese Government’s early and forward-looking support for ISO 9000 has paid dividends in integrating Chinese companies with global supply chains. An
example from the telecom sector is provided by Huawei Technologies
which records rising customer satisfaction thanks to ISO 9001 implementation.
by Wu Tian and Ming Yang
As the largest developing country in the world, China plays a
major role in the global economy. With growth far outstripping that of the leading Western nations, China has become,
in effect, the world’s workshop.
Therefore, it is more important
than ever that Chinese business
organizations operate in accor-
26 ISO Management Systems – March-April 2006
dance with International Standards such as ISO 9001:2000.
The Chinese Government was
an early supporter of ISO 9000
and has long encouraged Chinese organizations to implement quality management
systems (QMS) in line with
the ISO 9000 family of standards. It has established pro-
Huawei Technologies Co. Ltd., a
leading Chinese telecoms manufacturer, has seen customer
satisfaction improve significantly
since implementing ISO 9001.
QMS policies, and introduced
many quality-related actions,
especially in helping organizations make the transition to
ISO 9001:2000.
© ISO Management Systems, www.iso.org/ims
INTERNATIONAL
Quality infrastructure
In 1989, the China National
Technical Committee on Quality Management and Quality Assurance (SAC/TC 151)
was established by the national standards body, the China State Bureau of Technical
Supervision (CSBTS) in order
to create the necessary quality
infrastructure.
In April 2001, as part of the
governmental reforms, the
State Council of China decided
to set up the General Administration of Quality Supervision,
Inspection and Quarantine of
the People’s Republic of Chi-
nationonal standards body,
along with the Certification
and Accreditation Administration of the People’s Republic of
China (CNCA), both answering to AQSIQ.
SAC/TC 151 is the national
“ mirror committee ” to ISO/
TC 176, Quality management
and quality assurance, and
its responsibility is to mobilize Chinese quality management experts in providing ISO
9001:2000-based QMS training and research to help local
organizations.
The standards making up the
ISO 9000 series, first pub-
first accreditation body, now
known as the China National
Accreditation Board for Certifiers (CNAB – www.cnab.org.
cn), was also set up in 1992.
An ISO 9001:2000 transition
working group (WG) was
established by SAC/TC 151
and CNAB in 1998. The WG
comprised members from government, the accreditation and
certification bodies, technical
experts and business organizations. It selected ten representative certified organizations as
pioneers in transitioning their
QMS to ISO 9001:2000.
Following this lead, the WG
prepared the way for others to
follow, based on the transition
guidelines agreed by ISO and
the International Accreditation
Forum (IAF – www.iaf.nu), aided by research, study and discussion, document updating,
and training of QMS auditors
and company quality managers in ISO 9001:2000 requirements.
In addition, articles and books,
such as Implementing ISO
9001:2000 in the Manufacturing, Service, Software and Construction Sectors and Understanding and Applying ISO
9001:2000 were published to
help organizations establish
and maintain a QMS based on
the International Standard.
na (AQSIQ – www. aqsiq.cn)
by merging CSBTS and the
State Bureau of Import and
Export Inspection and Quarantine (CIQSA).
At the same time, the State
Council established the Standardization Administration of
the People’s Republic of China (www.sac.gov.cn) as the new
lished in 1987, were adopted as China national standards in 1992. Subsequently,
the 1994 and 2000 versions of
the ISO 9000 were adopted in
the same years.
China’s first certification body
was established in 1992 and the
country’s first ISO 9001 certificate was issued that year. The
Quality initiatives
As a result of these initiatives,
some 138 042 ISO 9001:2000
certificates had been awarded by Chinese certification
bodies by 30 June 2005. Of
these, the electrical and optical equipment sector was
most strongly represented,
followed by basic metals and
fabricated metal products,
construction, and machinery
and equipment.
Since China is a developing
country, these sectors are considered as basic and fundamental industries that need rapid development before other
associated sectors can develop in turn.
Wu Tian (left) is Secretary of
SAC/TC 151 (Chinese ‘ mirror
committee ’ to ISO/TC 176). She
has ten years’ experience as a
certified QMS and EMS auditor,
and currently works for the
China National Institute of
Standardization (CNIS).
China National Institute of Standardization. (CNIS), 4 Zhichun Road,
Haidian District, Beijing 100088,
China.
E-mail [email protected]
Web www.cnis.gov.cn
Ming Yang (right) is Director of
the Accreditation Management
Division of the China National
Accreditation Board for Certifiers
(CNAB) and is a QMS, OHSMS
(occupational health and safety
management system), FSMS
(food safety management system),
TL 9000 (telecoms industryspecific QMS) and CMMI (capability
maturity model integration)
lead assessor.
E-mail [email protected]
Web www.cnab.org.cn
ISO Management Systems – March-April 2006 27
© ISO Management Systems, www.iso.org/ims
INTERNATIONAL
Survey
conducted by
the 3rd party
annually-Gallup
and NFO (TNS)
In that endeavour, both the
Chinese Government and
direct customers require these
industries to demonstrate they
can meet requirements by
achieving ISO 9001:2000 certification. As the certification
statistics indicate, these sectors have indeed been active
in upgrading their quality management capabilities.
The Chinese Government
was an early supporter
of ISO 9000
Manufacturing sector organizations play a key role in the
development of the Chinese
economy. By conforming to
ISO 9001:2000, these manufacturers can demonstrate their
ability to provide products that
consistently meet customer
needs and applicable regulatory requirements.
Many now accept that the
QMS approach and the concept of continual improvement
can ensure conforming products and services, and enhance
customer satisfaction. In particular, they recognize the
Continual improvement of customer satisfaction
85
84
83,4 %
83
82
81
80
79,8 %
79,5 %
79 %
79
78
77
76
Figure 1 – Gallup/TNS survey of Huawei customer satisfaction 2001-2004
importance of good documentation and employee training
in achieving these goals.
Rural organizations have also
made a great contribution to
economic development and
social stability in China. ISO
9001:2000 implementation can
also help these township and
village entities follow good
QMS practice.
Reaping the benefits
Huawei Technologies Co. Ltd.
is an excellent example of a
company that embraced ISO
9001 and has reaped the benefits in improved customer
satisfaction. A leading manufacturer of electrical and telecommunication equipment,
Huawei employs 22 000 people
and achieved 2004 revenues of
CNY 46,2 billion (about USD
5,5 billion).
The company has branches and research institutes
throughout China, including
Beijing, Shanghai and Nanjing, plus eight regional companies, 55 branches and technical service centres around
the world.
28 ISO Management Systems – March-April 2006
Many international telecoms
operators such as BT, Telephonic, FT, SingTel, AIS, MTN
and Telemar use Huawei products in their networks.
By conforming to ISO
9001:2000, manufacturers
demonstrate their ability
to provide products
that consistently meet
customer needs
Huawei first implemented an
ISO 9001-based QMS in 1993,
and made the transition to
ISO 9001:1994 in 1996, being
awarded certification in China, USA and the United Kingdom. The company upgraded
to ISO 9001:2000 and TL 9000
(the telecom sector-specific version) in 2002.
Since customer focus is the
core of its quality management
policy, customer satisfaction is
the key measurement of QMS
improvement. To determine
changes in this vital parameter, Huawei enlisted Gallup and
Transaction Network Services,
Inc. (TNS) to survey levels of
customer satisfaction from 2001
2004
2003
2002
2001
to 2004. The findings indicate a
steady improvement from 79 %
to 83,4 % level of customer satisfaction over the period (see
Figure 1).
Future development
Yet despite such successes, the
ISO 9001:2000 implementation
picture in China still has room
for improvement. Statistical
data from 2002 to 2005 shows
that certification in the high
risk nuclear fuel and pharmaceuticals sectors in China has
been very slow.
Huawei Technologies is
an excellent example of
a company that embraced
ISO 9001 and has reaped
the benefits
This is also true of the recycling,
electricity supply and gas supply industries, where sluggish
development is reflected in
little motivation to achieve
ISO 9001:2000 certification.
Nevertheless, this may well
change since the dynamic overall growth of the Chinese economy is expected to positively
impact all sectors in future. •
© ISO Management Systems, www.iso.org/ims
INTERNATIONAL
ISO/TR 14062 gives Mercedes
road map to designing
environmentally friendly car
The Mercedes Car Group has introduced the S-Class, a more environmentally friendly vehicle produced via a “ Design for Environment ” (DfE)
programme using ISO/TR 14062 and other standards in the ISO 14000
family. An impressive list of features includes lower fuel consumption, reduced
noise and noxious emissions, and an increase in components made from
by Matthias Finkbeiner
The author, Matthias Finkbeiner, is
Manager-Design for Environment,
DaimlerChrysler AG, Mercedes
Car Group Development.
DaimlerChrysler AG, Mercedes Car
Group Development, HPC X602,
D-71059 Sindelfingen, Germany.
E-mail matthias.finkbeiner@
daimlerchrysler.com
Web www.daimlerchrysler.com
recycled plastics and renewable raw materials.
Environmental protection is a
fundamental corporate objective of the DaimlerChrysler
Group, and an integral component of a business strategy geared to long-term value enhancement. Design for
Environment (DfE) is one of
the key elements in reaching
this target.
The DfE process at the Mercedes Car Group takes the
entire product life cycle into
account, from design through
production and use, to recycling and disposal. DfE has
been firmly established in
the development process for
Mercedes passenger cars since
1995.
The new Mercedes S-Class, a more
environmentally friendly vehicle
produced via a ‘Design for Environment’ (DfE) programme using
ISO/TR 14062 and other standards
in the ISO 14000 family.
A team of specialists from
the fields of life cycle assessment, dismantling and recycling planning, materials and
process engineering, as well
ISO Management Systems – March-April 2006 29
© ISO Management Systems, www.iso.org/ims
INTERNATIONAL
as design and production,
accompanies the development of each model right from
the start, defines the ecological requirements and ensures
that DfE principles are strictly adhered to.
The aim is to make environmental compatibility both
objectively measurable and
perceptible to the customer.
The new S-Class
Embodied in DaimlerChrysler’s environmental protection guidelines is the principle that we develop highly
environmentally responsible
products – and that we inform
the public about the company’s environmental protection
activities. The new S-Class and
the publication of a comprehensive 44-page brochure,
Environmental Certificate
Mercedes-Benz S-Class, are
examples of how these guidelines are put into practice for
the benefit of customers and
shareholders as well as stakeholders inside and outside the
company.
Credibility and acceptance by
different stakeholders were
the main drivers to achieving
compliance with the relevant
environmental management
standards of the ISO 14000
family. The main focus was the
integration of environmental
aspects into product design
and development according
to ISO/TR 14062:2002, Environmental management – Integrating environmental aspects
into product design and development.
DaimlerChrysler was actively
involved in the development
of this Technical Report, and
the content was found useful
in evaluating and improving
the company’s DfE process.
In addition to ISO/TR 14062,
the international life cycle
assessment standards – ISO
14040, ISO 14041, ISO 14042,
ISO 14043 – and environmental labels and declarations standards ISO 14020
and ISO 14021, were considered as well.
The DfE process
at Mercedes takes the
entire product life cycle
into account
The development process, the
environment-related data and
compliance with the relevant
environmental management
standards of the ISO 14000
family, as well as the contents
of the related S-Class brochure, were reviewed and verified by independent specialists of the TÜV certification
body (www.tuev-sued.de).
Even though ISO/TR 14062 in
particular is an ISO Technical
Report which is not intended for certification purposes, the Mercedes Car Group
decided to seek independent
verification and certifica tion of the above elements of
its S-Class programme. This
additional effort was deliberately engaged upon because
the independent “ third-party ” verification by TÜV was
seen as providing confirmation of the reliability of the
results affirmed, and therefore increasing acceptance
and credibility.
30 ISO Management Systems – March-April 2006
ISO/TR 14062 and DfE
at Mercedes Car Group
ISO/TR 14062 was used to
analyse the Mercedes DfE process by identifying gaps and
potential for improvement. It
addresses strategic, management and product considerations as well as the product
design and development process as such. In this article, I
provide examples of how these
issues were implemented at the
Mercedes Car Group.
Strategic considerations cover, for example, organizational and product-related issues,
and communication. One of
the product-related issues is
early integration, i.e. addressing the environmental aspects
early in the design and development process.
The Mercedes Car Group
adheres to the notion that the
sooner DfE is integrated into
the development process, the
greater the benefit will be in
terms of minimizing environmental load and cost.
This means “ building” environmental protection into the
products from the very beginning, along with implementing environmental aspects and
environmental targets in the
development process.
As part of management considerations, ISO/TR 14062
deals with the management
role, proactive and multidisciplinary approaches, support from existing management systems to supply chain
management.
The multidisciplinary approach
is a core element in the Mercedes development process.
Indeed, the success of integrating environmental aspects
into product design and development in an organization
© ISO Management Systems, www.iso.org/ims
INTERNATIONAL
firmed by a critical review.
These standards serve both as
a useful guidance in conducting LCA as well as an important reference for the credibility of the results.
Measuring environmental
performance
Measuring environmental performance at Mercedes follows
a multi-criteria approach. Taking the S-Class as an example, the team of experts at the
Mercedes-Benz Technology
Center in Sindelfingen created a four-point plan with
specific requirements :
depends on the involvement
of relevant disciplines and
organizational functions such
as design, engineering, marketing, environment, production, quality, purchasing and
service delivery.
Supply chain management is
also an important element of
the Mercedes DfE Process.
For example, environmental
issues like recycling concepts
and collaboration in the field
of life cycle assessment (LCA)
are addressed in the purchase
conditions.
Section 7, Product considerations of ISO/TR 14062 addresses Product-related environmental aspects and impacts ; Early
integration; Product life cycle ;
Functionality ; Multi-criteria
concept ; Trade-offs; Strategic
product-related environmental objectives such as Conservation of resources, recycling
and energy recovery ; Preven-
tion of pollution, waste and other impacts, and finally Design
approaches.
At Mercedes Car Group, the
product life cycle is addressed
by performing LCA’s on the
complete vehicle level as well
as decisions between different
concepts for individual parts.
The calculation of the LCA
for the new S-Class – from the
production of materials and
components to a service life of
300 000 kilometres and eventual disposal – took over 40 000
individual processes into consideration. The overall result
includes a total of more than
200 “ input ” factors (resources) and around 300 “ output ”
parameters (emissions).
These LCA’s comply with
the requirements of the life
cycle assessment standards
ISO 14040, ISO 14041, ISO
14042 and ISO 14043, as con-
1. Compliance with the European end-of-life vehicle
directive must be assured
by a recycling concept with
high rates of re-use, observance of prohibited substances and optimization of
the product concept with a
view to recycling compliant
design.
2. Greater use of recycled
materials compared to the
preceding model.
3. Components made from
renewable materials must
have a total weight of at
least 23 kilograms.
4. All major environmental
burdens which are caused
during the lifecycle of the
S-Class must be recorded
in an LCA.
Other goals such as achieving a reduction in fuel consumption or lowering exhaust
and noise emissions were also
defined in the book of development specifications.
The final Section 8 of ISO/
TR 14062, Product design and
development process contains a
general model of how environmental aspects can be integrated into the different phases
of the process from Planning ;
Conceptual design ; Detailed
design ; Testing/prototype; Production Market launch, to
Product review.
The aim is to make
environmental compatibility
both objectively
measurable and perceptible
to the customer
In the early days of DfE
implementation at companies, numerous concepts and
tools were discussed, but real
and systematic implementation as standard practice in the
industry was rather limited for
two key reasons :
• There was a lack of tools
for fast, reliable supply of
appropriate data and information.
• There was a lack of practical, efficient concepts for
implementation into the
organization’s development process.
We found the solution to
these issues at Mercedes-Benz
by using the DfE concept to
implement a procedure based
on “simultaneous engineering ”. This comprised three
main elements :
1. A methodological procedure, which allows integration of environmental targets
and measures into the Mercedes-Benz Product Development System. This procedure defines interfaces with
ISO Management Systems – March-April 2006 31
© ISO Management Systems, www.iso.org/ims
INTERNATIONAL
development phases and
employs a formalized Plan,
Do, Check, Act (PDCA)
cycle.
and functions, and teams with
cross-sectional functions –
quality management, project
management, etc.
from an environmental angle,
checking on their accomplishment and, if necessary, initiating improvement measures.
2. Tools and databases to
assist the DfE procedure
in simulating and evaluating the environmental performance of future vehicles
or parts.
One of the cross-sectional
teams was the DfE team, comprising experts from life cycle
assessment, dismantling and
recycling planning, materials and process engineering,
as well as design and production.
The integration of DfE in the
process organization of the
S-Class development project
ensured that environmental aspects were taken into
account at the earliest stage
of development. Pertinent
objectives were coordinated
in good time and reviewed at
the quality gates in the development process.
3. An organizational structure
that formalizes the integration of DfE into the development process.
The DfE process
at Mercedes takes the
entire product life cycle
into account
Tools and databases are continuously developed, maintained and optimized. Examples are tools for product
modeling, recycling and dismantling modelling/ planning, database for restricted
substances, material database
and LCA software and database. Apart from the data, process integration plays the most
important role.
Each DfE team member is
also the person responsible
for all environmental issues
and tasks on the respective
development team. This guarantees complete integration
of the DfE process in the
vehicle development project. The member’s duties consist of defining objectives for
individual vehicle modules
Chart shows the materials
composition of the new Mercedes
S-Class — a mix of steel, iron,
light alloys, recycled plastics,
polymers and natural materials
that has made the car lighter,
more recyclable and environmentally friendly.
The responsibility for improving environmental compatibility was an integral part
of the organization of the SClass development project.
The management of the overall project appointed people
to manage development, production, procurement, sales
and other functions.
In addition, there are development teams, such as bodyshell,
drive system, interior equipment, etc., that correspond
to the key car subassemblies
32 ISO Management Systems – March-April 2006
From the interim results, the
need for further action until
the next quality gate was
determined and implemented by collaboration among
the development teams.
The development process
for the S-Class “ Design for
Environment ” meets all ISO/
TR 14062 criteria for the
inclusion of environmental
aspects in product development. All the targets in the
four-point plan and the specifications were met, and in
addition, independent spe-
cialists examined the environment-related data for the
S-Class model and confirmed
their accuracy.
Product results :
the real benchmark
The process of integrating
environmental aspects in product development is only effective if it leads to an improved
product. Actual environmental improvements achieved
on the product are the “ real ”
benchmark of whether the
DfE process is successful. As
far as the new S-Class is concerned, the following results
clearly confirm that this was
achieved :
• Th e n e w S 3 5 0 r e m a i n s
more than 85 % below the
current EU emission limits for nitrogen oxides, and
around 75 % below for
hydrocarbons.
• The new six-cylinder saloon
consumes about 9 % less
fuel than the previous S 350.
Driving noise has also been
reduced by two decibels.
© ISO Management Systems, www.iso.org/ims
INTERNATIONAL
• Due to its newly developed
engine and the inclusion of
a particulate filter as standard, the new S 320 CDI diesel model also produces fewer exhaust emissions than its
predecessor. The emission
levels are up to 90 % below
those of the preceding model introduced in 1999.
• The LCA confirmed an 85
gigajoules reduction in overall energy demand compared
to the preceding model, corresponding to the energy content of approximately 2 500
litres of fuel. Over the life
cycle, emissions of the carbon
dioxide greenhouse gas have
been reduced by 7 %, with a
14 % reduction in nitrogen
oxide emissions compared
to the previous S-Class.
• The new S-Class not only
meets the 85 % recycling rate
effective in the EU from 2006,
but will also comply with the
95 % overall recovery rate
applicable from 2015.
• A total of 45 components
with an overall weight of
around 21 kilograms are
made from high quality recycled plastics. This represents
a 4 % increase in the weight
of approved recycled components compared with the
previous model.
• In the new S-Class, 27 components with a combined weight
of around 43 kilograms are
made from natural materials. Compared to the preceding model series, this is
an increase of approximately 73 % in the total weight
of components made from
renewable raw materials.
ISO/TR 14062 –
a useful guideline
Vehicles are complex products that interact with the
environment in very complex ways. Therefore, simple
solutions, (e.g. a focus on fuel
economy or lightweighting),
recycling or single material
strategies only, are bound to
fail. It is a prime task of DfE
and LCA to take this fact
into account and come up
with more intelligent solutions. ISO/TR 14062 is a useful guideline to achieving
intelligent, holistic solutions,
and to providing a credible
means of communicating
the results.
As described in the Environmental Certificate Mercedes-Benz S-Class brochure,
the Mercedes Car Group
comprehensively demonstrates the improvement in
environmental compatibility achieved with the new SClass for the first time. This
car sets new standards not
only in engineering, innovation and driving pleasure,
but its customers can also
take satisfaction from lower
fuel consumption and emissions, and a comprehensive
recycling concept involving a higher percentage of
renewable raw materials and
high-grade secondary raw
materials.
All these factors combine to
give the new S-Class a comprenensively improved environmental profile over its
entire life cycle.
•
About ISO/TR 14062
ISO/TR 14062:2002, Environmental management – Integrating environmental aspects into product design and development, is an ISO Technical Report describing concepts and
current practices, where “ product ” is understood to cover
both goods and services.
ISO/TR 14062 is applicable to the development of sector-specific documents, but is not applicable as a specification for certification and registration purposes. It is intended for use by
all those involved in the design and development of products,
regardless of organization type, size, location and complexity,
and for all types of products whether new or modified.
The Introduction to ISO/TR 14062, part of the ISO 14000
family of International Standards, states that all products
“ have some impact on the environment, which may occur
at any or all stages of the product’s life cycle : raw material
acquisition, manufacture, distribution, use and disposal.”
It reports that the interest of customers, users, developers
and others in the environmental aspects and impacts of products is increasing. “ This interest is also reflected in the economics of various market sectors that are recognizing and
taking advantage of new approaches to product design.
Cost savings
“ These new approaches may result in improved resource
and process efficiencies, potential product differentiation,
reduction in regulatory burden and potential liability, and
cost savings.
“ More organizations are coming to realize that there are
substantial benefits in integrating environmental aspects into
product design and development. Some of these benefits may
include: lower costs, stimulation of innovation, new business
opportunities, and improved product quality.
“ Early identification and planning enables organizations to
make effective decisions about environmental aspects that
they control and to better understand how their decisions
may affect environmental aspects controlled by others, i.e.
at the raw material acquisition or end-of-life stages.”
ISO/TR 14062:2002 is available in PDF and paper versions in
English and French, cost 106 Swiss francs, from ISO national member institutes (listed with contact details on www.iso.
org) and from ISO Central Secretariat ([email protected]).
ISO Management Systems – March-April 2006 33
© ISO Management Systems, www.iso.org/ims
INTERNATIONAL
Breaking news – ISO 9001-based
quality management for the media
Two media quality management standards based on ISO 9001:2000
are now being rolled out by their first users in Belgium, France, India,
Kenya, and Mexico. Developed outside the ISO system, they are now
by Guillaume Chenevière
being proposed to the organization.
© TSR
Guillaume Chenevière is Director
of the Media and Society
Foundation.
The Switzerland-based Media
and Society Foundation, a nonprofit gathering of prominent
media professionals, in collaboration with International Standard and Accreditation Services
(ISAS), a private standardization and accreditation company,
has developed two media quality
management standards based on
ISO 9001:2000 – ISAS BC 9001 for
broadcasters and Internet content
34 ISO Management Systems – January-February 2006
providers and P 9001 for the print
press. They are now approaching
ISO with a view to having the standards adopted as International
Workshop Agreements 1).
Media in crisis
Why should the media industry,
despite its traditional resistance
to any form of external control,
implement quality standards ?
He also chairs the World Radio
and Television Council, a worldwide
civil society initiative for public
service broadcasting. Born in
Geneva in 1937, he was successively a sociologist (European
Centre for Culture), a journalist
(Tribune de Genève), an executive
in the automobile industry
(Chrysler) and a theatre director
(Théâtre de Carouge). In 1975,
he joined TSR, Télévision Suisse
Romande, the French-speaking
national television channel of
Switzerland. He became controller
of programmes of TSR in 1986,
and director general from 1992 to
2001. He was executive director
of the World Electronic Media
Forum organized by UNDPI and
EBU during the World Summit on
the Information Society in 2003.
E-mail [email protected]
Web www.certimedia.org
© ISO Management Systems, www.iso.org/ims
INTERNATIONAL
Thanks for the photos !
Today’s media are facing four
major challenges :
• dwindling credibility ;
• manipulation and/or control by government and
industry ;
• strong economic pressures ;
and a
ISO Management Systems
would like to thank our colleagues of Télévision Suisse
Romande (TSR, television
channel of the French-speaking region of Switzerland –
www.tsr.ch) and NZZ (newspaper group based in Zurich,
Switzerland – www.nzz.ch)
for kindly supplying, respectively, the broadcast and print
media photographs used to
illustrate this article.
• changed landscape due to
the introduction of information and communication
technologies (ICT’s).
These four challenges are linked
together in a vicious circle. The
tendency for media owners to
consider media as a business
whose sole object is maximizing profits (or minimizing losses) contributes to lessening the
trust of the general public and
allows governments and industry leaders to feel justified in
either policing or “ spinning ”
(manipulating) the media to carry their messages across.
1) An International Workshop
Agreement (IWA) is one of several types of deliverable offered by
ISO for cases where swift development and publication of an international agreement take priority.
This credibility gap is reinforced
by economic pressures, generally perceived as threatening
editorial quality. High quality
media groups, such as the New
York Times Co., have massively reduced their staff. Even the
most profitable newspaper com-
Pessimists predict that traditional media will become sheer
entertainment providers, or
even disappear altogether. Such
a fate would be damaging not
only to media itself, but to society as a whole.
Media play a key societal role.
Robert Phillis, chairman of the
Guardian Media Group (www.
gmgplc.co.uk), comments :
© Anne Kearney
© TSR
The inclusion of these photographs does not imply a
position by either TSR or
NZZ with regard to the
ISAS BC 9001 or P 9001
standards.
The realization of such control
or manipulation undermines
further the public’s confidence
and coupled with the proliferation of new information and
entertainment sources on the
Internet, mobile phones and
other devices, the mainsteam
media finds it extremely difficult to recover their former
position.
According to Pew Research
2005 ([email protected]),
45 % of US readers believe little
or nothing in their daily newspapers, up from 16 % 20 years ago.
In Switzerland, 77 % of voters
mation according to individual
needs and statistical data.
45 % of US readers believe
little or nothing
in their daily newspapers
panies, such as Knight Ridder,
with a profit margin close to
20 %, see their economic future
in cost reductions.
© NZZ
feel manipulated by the media.
In France, an analysis of voters’
motivations during the referendum on the European Constitution revealed the highest correlation to “ no ” voting as distrust
of the media.
The mushrooming of new
media devices further threatens mainstream media. Today’s
world media landscape is made
of 7 000 metropolitan dailies,
21 000 television chains, 40 000
radio chains, 20 million blogs
and 30 million iPods. Everything
is becoming media ! According to media magnate Rupert
Murdoch, young people want
to control their media rather
than being controlled by it. Exit
media pundits – enter mechanical devices to produce infor-
The credibility gap
is reinforced by
economic pressures
“ Media occupies a unique position in supporting the democratic
process by making information,
knowledge, and a range of opinions openly available and ensuring that public and private institutions are accountable for their
behaviour. This is social responsibility in its highest form .”
Fortunately, it is not too late to
take action and redress the situation, based on three considerations :
ISO Management Systems – March-April 2006 35
© ISO Management Systems, www.iso.org/ims
INTERNATIONAL
1. The right to information is
being widely recognized as
a basic human right.
2. Influential media are an
indispensable tool to good
governance.
tions are catching up with the
idea that editorially independent media are a major partner of governments in bringing about social change without
violence.
3. Media professionals the
world over share the same
values.
The mushrooming
of new media devices
further threatens
mainstream media
Civil society groups are calling
for media to play fully their societal role in the globalized world
by giving a voice to the voiceless, practicing cultural diversity,
providing citizens with a global perspective, etc. Organizations such as OEKOM in Germany (www.oekom-research.
de) are rating media Corporate Social Responsibility, giving low marks to major media
organizations.
Finally, there is the unanimous
call of media professionals for
quality. “ There has never been
a more important moment for
journalists to identify with quality, with standards and with
sound ethical practices ”, says
the International Federation of
Journalists (www.ifj.org).
Even advertisers express the
wish that media carrying their
advertisements regain societal
influence. International institu-
A grass-roots research on five
continents, carried out by the
World Radio and Television
Council in 2002 (www.wrtvc.org),
The Media and Society Foundation
The Switzerland-based, non-profit Media and Society Foundation, a group of independent media professionals and
experts, was founded in 2002 with the help of the Swiss
Development and Cooperation Agency. Its sole purpose is
to promote and implement worldwide quality management
standards for the media industry.
It is chaired by Antonio Riva, former Director General of
the Swiss Broadcasting Corporation. Its Board members
include : Thérèse Gastaut, former Chief of Information of the
United Nations : Joelle Kuntz, lead writer of the Swiss daily
newspaper Le Temps ; Henry J. Muller, former Chief Editor
of Time magazine ; Gerald Sapey, Chairman of Reporters
without Borders (Switzerland) ; Peter Studer, Chairman of
the Swiss Press Council ; Henrikas Yushkiavitshus, adviser
to the UNESCO Director-General, and many other prominent media personalities.
Its collaborators include Alain Modoux, former Assistant
Director General of UNESCO, Information and Communication, and Louis Balme, Vice-President of International
Standardization and Accreditation Services.
confirmed that media quality should be judged from the
point of view of its contribution to social development and
democracy. Identical evaluation criteria were identified by
groups of media professionals,
experts and users in Canada,
Colombia, India, South Africa
and Switzerland.
Other international researches, such as a Commonwealth
Broadcasting Association’s comparison of editorial charters in
17 countries (www.cba.org.uk),
shows that there is little difference in editorial values between
media even though there is a
great difference between the
societies they are serving.
© TSR
36 ISO Management Systems – March-April 2006
© ISO Management Systems, www.iso.org/ims
INTERNATIONAL
QM for the media
Against this background, the
Media and Society Foundation,
in cooperation with ISAS, has
developed quality management
(QM) standards, based on the
ISO 9000 family, specifically
for the media : ISAS P 9001 for
the press and ISAS BC 9001
for broadcasters and Internet
content providers.
The standards are being
deployed as part of a package
that includes training, consul-
tancy and certification (independently performed), that goes
under the collective title of “ the
Certimedia quality management
system ”.
Both standards include all ISO
9001:2000 requirements. Additional requirements, specific to
the media industry, cover the
following aspects :
– ethics ;
– quality of information ;
– quality of content in general ;
– transparence of management,
– human resources ;
– measurement of audience/
readership size and satisfaction ;
– technical infrastructure ;
– work organization ;
– suppliers and subcontractors ;
and, last but not least,
– independence (relations with
owners, the public, announcers, public as well as religious and military authorities, etc.).
The Certimedia process
ment, educational and other content ;
– effective mechanisms for
identifying and correcting
errors ;
– distinction between opinion and fact ;
– responsiveness to feedb a c k f r o m r e a d e r s, l i s teners, viewers and other
stakeholders ;
– widely disseminated guidelines on ethics ; and
– written procedures covering
all identified risks.
© NZZ
The Media and Society Foundation oversees the Certimedia
media quality management and certification process, involving four bodies totally independent from each other.
Standardization Committee. This comprises media professionals and experts from all over the world, representing
the main international media organizations. It is responsible for developing ISAS BC and P 9001 specific requirements which have been added to ISO 9001:2000 for media
companies.
Certification Body. This is Det Norkse Veritas (DNV), in
Oslo, Norway – www.dnv.org), under a non-exclusive contract with the foundation.
Standardization and Accreditation Body. International Standardization and Accreditation Services (ISAS – www.isas.
org) is an independent, non-governmental body, with offices
in Geneva, New York and Tokyo, which is under contract to
the foundation to ensure that certification bodies and their
auditors, as well as the standards themselves, fully comply with
ISO standards for conformity assessment activities.
Consulting network. Optimedia, led by a quality management and training company, Challenge Optimum S.A.
(Geneva, Switzerland – www.optimum.ch), is under exclusive contract to the foundation. Challenge Optimum trains
local consultants in helping media organizations to establish
their quality management system and prepare the certification process. It has a partnership agreement with IMCA,
International Media Consultants Associates (Paris, London, and Berlin).
Media organizations that want to
implement the standards prove
their commitment to integrity,
fairness, and accuracy of information – which are primary
ingredients of media quality.
Some media requirements are
specific to either press or broadcasting, but they are mostly
identical, and both standards
are reviewed by the same Standardization Committee.
They must demonstrate that
they are editorially independent
and transparent with regard to
ownership and other connections that can influence content.
Their internal culture and processes should include :
Internet portals of traditional
media organizations are obviously expected to apply the
same professional standards as
their mainstream vehicles, but
ISAS BC or P 9001 can also be
adopted by independent Internet content providers, including
bloggers, who want to demonstrate their commitment to
quality requirements.
– a clear mission and editorial viewpoint within the
company ;
– an emphasis on reporting
facts accurately and providing quality in entertain-
As the public encounters an
ever-greater flow of data,
ISO Management Systems – March-April 2006 37
© ISO Management Systems, www.iso.org/ims
INTERNATIONAL
information and opinions, it
has more need – not less – for
quality sources it can trust,
be they on traditional or new
media forms and devices.
Influential media are
an indispensable tool to
good governance
The Certimedia quality management system benefits media
professionals, owners and managers as well as the general
public and all concerned stakeholders. Although each group
of beneficiaries has a different
outlook, the Certimedia benefits are based on three global
objectives :
• trust between the media
and all concerned stakeholders ;
• continual media improvement ; and
• quality reconciled with economic requirements.
the media professional standards and by acting as a shield
against interference in editorial matters.
Entering a continual selfimprovement process also benefits all stakeholders. It increases
staff motivation and satisfaction, it stimulates readers, listeners and viewers, and offers
management an efficient tool to
make their organization more
efficient and competitive.
An important asset of the Certimedia quality management system is that it ensures at the same
time better management, cost
reductions, etc. and new quality procedures satisfying journalists and other media professionals. This is an indispensable
tool to reconcile economic and
quality requirements.
Benefits of the standards will
be seen differently in various
parts of the world. In countries
where the democratic transition
is not complete, media will be
The Standardization Committee
The ISAS BC 9001 and P 9001 Standardization Committee,
chaired by the Canadian Pierre Caillibot, former chairman
of the ISO/TC 176 technical committee, responsible for the
ISO 9000 family, gathers media professionals and experts
from around the whole world, representing the leading international media organizations.
It includes the following : Slovenia’s Boris Bergant, VicePresident of the European Broadcasting Union (EBU) ;
Thailand’s Kavi Chongkittavorn, Chairman of South East
Asian Press Alliance (SEAPA) ; Belgium’s Mia Doornaert,
former president of the International Federation of Journalists (IFJ), Kenya’s Wilfred Kiboro, Chairman of the International Press Institute (IPI) ; Peru’s Alejandro Miro Quesada,
Chairman of the Inter American Press Association (IAPA) ;
Brazil’s Jayme Sirotsky, former chairman of the World Association of Newspapers (WAN), as well as many other prominent personalities of the media and academic world.
interested in a tool supporting
clearer relations with authorities and relying on professional values shared worldwide by
the industry.
In industrial democracies, the
accent will be put on restoring
a balance between quality procedures and bottom-line considerations.
Stakeholder benefits
Overcoming the media credibility gap is of obvious advantage to the general public, by
making it easier to recognize
those newspapers, radios, televisions and Internet sites they
can trust.
For media managers and professionals, it is the way to regain a
high level of societal influence.
With regard to the problematic relations between media
and public authorities, adopting a universally recognized
standard, annually submitted to
an independent, neutral, external audit, works both by reassuring political authorities on
38 ISO Management Systems – March-April 2006
© NZZ
© ISO Management Systems,
www.iso.org/ims
INTERNATIONAL
The word “ standard ” tends to
frighten the practitioners of
an industry which is ferociously resistant to any form of outside interference, but adopting
the standards is a voluntary process, which does not imply any
self-limitation. The standards’
requirements are professional
values universally recognized
by the industry itself and the
way to meet them is left entirely to each media organization
to define.
of Mexico ; Prasar Bharati,
India’s national state broadcaster ; VRT, Belgium’s Flemish-speaking public broadcaster ; The Nation media group
of Kenya ; RTV Slovenia ; and
RTM radio news of Malaysia.
Internews Russia, in a programme supported by the European Union, is using the Certimedia quality management
system to train Russian media
professionals.
At a point when media badly needs to repair its image in
society, there is hope for a universal quality standard to be
adopted worldwide by all “ good
ISAS BC and P 9001
to contribute significantly
to better governance within
both media itself and
society as a whole
© TSR
The only “ catch ” is that media
organizations have to spell out
their policies and accept that a
neutral, external body controls
that they are actually doing
what they say they are doing.
If this is the price to pay for
restoring media integrity and
commitment to quality, professionals will go for it.
ISAS BC and P 9001 do not
evaluate content, only organization. We cannot certify that
specific information is true or
entertainment is good – but
we can certify that the information or entertainment has
been produced by a company
which respects universally recognized professional standards
and ethical values.
We are not going to look over
journalists’ shoulders to check
what they are writing. We are
going to make sure that proper training is available to them
and that quality issues are reg-
© TSR
ularly discussed, in a transparent manner based on a clear
charter, during editorial meetings. Ask any professional journalist and you will see whether
this makes sense or not.
First users
Among the first media organizations to tackle the Certimedia quality management process are the following : Canal
11, the education TV channel
guys and gals ” in the industry
and for ISAS BC and P 9001
to contribute significantly to
better governance within both
media itself and society as a
whole.
•
ISO Management Systems – March-April 2006 39
© ISO Management Systems, www.iso.org/ims
INTERNATIONAL
POM or BOM ? The best way to
implement ISO 14001
What’s the best modus operandi for an ISO 14001:2004-based environmental management system ? It depends on your organization’s life
cycle, say the authors. They propose a flexible, quick reaction Performance-Oriented Model (POM) if you are still in the start-up phase, or the
more demanding Balance-Oriented Model (BOM), for a more established entity.
by Jingui Zhong and Dan li Xi
Jingui Zhong (left) is a doctoral
student at DongHua University
studying integrated management systems and works as a
freelance QS-9000 auditor.
He is an experienced quality and
environmental management
system consultant and has
audited some 500 companies on
their ISO 9001:2000 and
QS-9000:1998 conformity.
Co-author Professor Dan li Xi
(right) is a China Education
Administration-qualified Ph. D
student teacher and has worked
in the field of environmental
science for almost 30 years.
He is also an accredited EMS
auditor specialized in clean
manufacture and EMS and QMS
integration, and author of papers
on environment and sustainable
development.
Tel. + 86 21 6252 9049.
Fax + 86 21 6211 4571.
E-mail zhongjingui@encourage.
net.cn
Shanghai, China, home of Dong
Hua University, and to authors
Jingui Zhong and Dan li Xi.
40 ISO Management Systems – March-April 2006
The latest version of the environmental management systems (EMS) standard – ISO
14001:2004 – promotes the process approach, documentation
and the Plan-Do-Check-Act
(PDCA) methodology. However, a modus operandi – operating method – is necessary to
integrate these different disciplines into each EMS process,
to guarantee effectiveness and
efficiency.
In our view, organizations
should adopt a modus operandi to combine PDCA and documentation requirements as a
means of balancing the focus
on operation, advanced planning and results, to manage
each specific EMS process. We
call this the Balance-Oriented
Model (BOM) — see the green
route in Figure 1.
Balance-Oriented Model
(BOM)
By following the green BOM
route, you can plan the input
requirements from stakeholders in a professional way and
convert these into detailed testing and process control requirements. The process outputs can
be monitored and recorded for
© ISO Management Systems, www.iso.org/ims
INTERNATIONAL
further analysis. Advance Product Quality Planning (APQP) is
a typical BOM practice.
Following PDCA methodology
allows you to identify changing
requirements at an early stage
and continuously improve process output to satisfy the stakeholders concerned.
Documentation, which clearly
defines the inputs and outputs of
the process, serves to limit any
EMS variation, thus maintaining
Documentation serves
to limit any EMS variation,
thus maintaining system
stability
system stability. In turn, systematic record generation enables
organizations to analyze previous process performance.
BOM is an ideal modus operandi for EMS process management, although it can consume more system resources
in terms of both quality and
Figure 1 – The organizational
modi operandi.
• Stakeholder requirements,
• Management system requirements
• (ISO 14001:2004)
Plan
• lessons
Planning
records
• experience
Input
• competitive information
• design target
• product characteristic
Do
• who
• when
Check
• competitive information
• design target
• by what
• process requirements
• how
• work flow chart
• product characteristic
• lessons
Act
• experience
Output
Implementation
records
Recording
measurement
and corrective
actions
• competitive information
• design target
• product characteristic
Manufacturing products
in an environmentally
friendly way is
a comparatively
new concept
Performance-Oriented
Model (POM)
• process performance
• experience
BOM is therefore characterized
by stable and documented processes, intensified results analysis, high system resources consumption and inflexibility – and
as such is particularly suited to
helping the more experienced
and wealthy organizations maintain their processes.
Implementation Process
• where
• lessons
quantity. Successful advanced
planning needs highly qualified personnel, and better process control, data collection and
analysis equipment is a must if
the PDCA phases are to be carried out effectively.
Stakeholder
satisfaction
Performance–Oriented Model
Balanced-Oriented Model
Another modus operandi often
exists within ISO 14001-certified
organizations, which operates
directly through the processes
without making much effort to
complete the PDCA cycle or
relevant records systems. This
focuses on process yield. It is
clearly different from BOM, and
we call it the Performance-Oriented Model (POM) — see the
orange route in Figure 1.
POM is characterized by looser process control, quick reaction, an incomplete and unstable
PDCA cycle, few or no records,
lower system resources consumption and more flexibility.
Less developed organizations
often use this model during
IMS – March-April 2006 41
© ISO Management Systems, www.iso.org/ims
INTERNATIONAL
Note : the answers in black type
denote disadvantages
POM
BOM
Partially
Yes
No
Yes
Partially
Yes
Can it limit variation in the process and its outputs ?
No
Yes
Does it help the organization accumulate experience
on identifying EMS aspects and on impact control ?
Yes
Partially
Does it require more people to maintain the
documented EMS and records completion for
subsequent data analysis ?
No
Yes
Does it require more experienced people to control
the product and process planning ?
No
Yes
Does it have substantial requirements for testing
and manufacturing equipment ?
No
Yes
Does it rely mainly on the organization’s knowledge
and experience ?
Yes
Yes
Does it help record generation ?
No
Yes
Does it demand that requirements from interested
parties remain stable ?
No
Yes
Does it offer the organization enough flexibility
to accommodate changes ?
Yes
No
Shorter
Longer
Yes
Yes
Does the modus operandi comply with PDCA
methodology ?
Does it enhance advanced product quality planning ?
Has the PDCA process been documented ?
Reaction time
Does it promote continual improvement ?
Table 1 – POM and BOM – similarities and differences.
their learning curve, although
some environmental impacts
may be ignored or controlled
in an ineffective way.
The similarities and differences between POM and BOM are
summarized in Table 1.
BOM, POM – or both ?
Manufacturing products in an
environmentally friendly way
is a comparatively new concept. The adoption of POM and
BOM represents different stages of development in an EMScertified organization. In the
beginning, provision of system
resources and knowledge of
environmental impact control
42 ISO Management Systems – March-April 2006
are limited. Practice and quick
reactions are the priority targets.
The organization thus needs a
more flexible modus operandi to deal with EMS issues. We
suggest that POM should play a
leading role at this stage.
However, as the organization
evolves it can call on greater
system resources and environmental know-how, enabling
it to manage these resources
in a more optimized way and
address previously ignored environmental issues. Obviously,
BOM can now take effect.
Because of the ever-changing requirements of interested parties, this first adoption of
BOM is likely to reach a plateau, inducing the organization
to enter the next POM cycle. By
© ISO Management Systems, www.iso.org/ims
INTERNATIONAL
BOM extends in many directions but consumes more system resources and is slower to
react to changes. More flexible
POM focuses its limited system
resources on the top priorities
Gateway to the Old Town of
Shanghai.
alternating between POM and
BOM, organizational performance is continuously improved
rather like rolling a wheel up
a slope (see Figure 2). This, of
course, is a requirement of ISO
14001:2004.
From chrysalis to butterfly
The modi operandi we refer to
here are like the controls of a
car, combining complex requirements into each EMS process.
but may overlook some broader
interests. It is a modus operandi
for learning and experiencing
early achievement.
•
They guarantee EMS effectiveness. The organization experiences the change from chrysalis
to butterfly en route to meeting ever-changing customer
requirements while achieving
sustainable development. The
driving force behind this change
is the alternation between POM
and BOM.
Both modules have their pro’s
and con’s. BOM represents the
ideal modus operandi for running an established organization, while POM is a reasonable
choice for the start-up phase.
Old and modern Shanghai rub shoulders and operate in different
ways, rather like the BOM and POM methods of EMS implementation.
Equipment
Continual improvement
Knowledge
POM
BOM
Management
resources
Change in
stakeholder
requirements
Process at
higher level
Process
Figure 2 – Alternating the modi operandi.
ISO Management Systems – March-April 2006 43
© ISO Management Systems, www.iso.org/ims
STANDARDS FOR SERVICES
Israeli innovations include
standards for telephone billing and
for mass events
Innovatory service standards developed by the Standards Institution
of Israel (SII – www.sii.org.il) include ones to make telephone billing
transparent and to ensure the safety of mass public events such as concerts. This overview also looks at the positive results achieved by local
authorities from implementing ISO 9001:2000.
Until recently, it was clear that a
product is a pre-defined object
that can therefore be standardized before delivery to the customer. In addition, the more
control systems are applied to
the product before it is delivered to the customer, the better the product will be.
by Vered Oren
Vered Oren is Spokesperson
and Head of Public Relations
of the Standards Institution
of Israel (SII).
E-mail [email protected]
Web www.sii.org.il
This led to a situation where
if the customer is consulted,
his or her needs can be ascertained and incorporated during
the design process. Manufacturing by modern means, including process control, achieves a
perfected product that meets
the needs of the customer and
reaches him or her on time.
Even if a product is defective
or breaks, it is always possible
to return or repair it.
In marketing terms, a product
is anything that can be offered
to a market to satisfy a tangible
want or need.
Services are a different matter
altogether. According to one
definition, they consist of “the
activities provided by a person
or company to another person
or company that are intangible
44 ISO Management Systems – March-April 2006
Orange has introduced more customer friendly bills to comply with
the new Israel Standard 5262 – Truth in Billing and Proper Disclosure
in Telephone Statements.
and do not relate to a physical
product . . . services have several defining characteristics that
distinguish them from products : intangibility, the buyer
cannot see the service before
it is rendered…” (The Marketing Glossary, ISBN 0971943427,
by Mark N. Clemente).
Service is essentially the processes of manufacturing and
sales combined. It is performed
immediately – on the spot : If it
is poorly provided, one can only
apologize and provide it anew.
Take, for example, telephone
service or a restaurant. If the
customer receives discourteous
treatment, it is likely the customer will seek another provider. It may be impossible to correct the damage immediately.
In recent years, the world has
seen major changes. The rapid
pace of life has blurred the distinction between products and
services. Today, a service must be
seen as a product that is manufactured via special processes –
processes whose result, because
it cannot be physically examined,
needs to incorporate much better manufacturing controls.
A service is innately characterized by the impossibility of
testing it before delivery and
so service providers must be
well trained and solutions created that guarantee successful service.
What happens when a product
and a service come together?
If in the past we made do with
standards for products, today
© ISO Management Systems, www.iso.org/ims
STANDARDS FOR SERVICES
we more and more need standards for services. If for example we make a visit to an amusement park, we will meet up with
a carousel, a Ferris wheel and
other rides (to which product
standards apply). Yet the credit card purchase of entry tickets
through the Internet also exposes us to standards of service.
Recent years have made us
regard service processes as a
product in itself. The emphasis
has moved from the product to
the service, and the competition
is for better service.
Many countries, including Israel, have begun shifting in recent
years from manufacturing to
services. Israel, a small and
young country, has a modern
and developed economy, but
has few natural resources.
As in other Western countries,
much local manufacturing has
been replaced by cheap imports
from the Far East, leading to
significant growth among Israeli organizations that provide
services.
Telephone billing
At the beginning of December 2005, customers of Orange,
one of the large Israeli cellular telephone service providers, received a letter with their
monthly statement. The letter,
entitled “ Explanation of Customer Statement,” described
to customers that the monthly
statement would now be clearer, easier to read and more customer friendly.
It stated : “As an additional step
in our daily efforts to improve
the products and services we
offer to you and to make them
more efficient, we have made
changes in the monthly state-
ment to better reflect your
needs while maintaining simplicity and clarity.”
This appeal to cellular customers followed a new requirement
– effective as of January 2006 –
of the Israeli Ministry of Communications. It requires all communications providers to meet
the requirements of the new
Israel Standard 5262 – Truth in
Billing and Proper Disclosure in
Telephone Statements.
The new standard sets a benchmark for preparing telephone
statements that detail products
and services which the communications companies provide. This benchmark ensures
that full, accurate and truthful
information will be provided
on telephone statements. This
information will help customers
understand all details and data
on the statements they receive
in order to make informed decisions about their consumption
of communication services.
The new standard guarantees
that customer statements will
apply the following principles :
• Clarity – the statement will
be formatted so that every
section will be understood
by the customer.
• Transparency – The statement will be detailed and
will include all information
relevant to each section.
• Accuracy and reliability –
The statement will be accurate and without errors, and
will be based on measuring,
monitoring and recording
systems that are highly accurate and reliable.
The standard also provides
guidelines for contents :
• The statement will include
the customer’s identifying
details, the name of the product being charged, consumption quantity, rate, cost of service, and details of service
broken down into its components.
• The back of the statement
will clearly note the address
and telephone number of the
company’s customer service
department and all other
means of communications,
including Internet site and
e-mail address, through which
it is possible to gain further
details about the statement.
Mass events
Another standard, now in its
final pre-publication stages, is a
standard for mass events.
In the summer of 1995, an annual rock music festival took place
in Arad, in southern Israel.
Thousands of youths arrived
in Arad wanting to see and listen to Israel’s best rock music
groups. After all the tickets had
been sold, the festival’s organizers permitted hundreds of additional youths to enter the very
crowded festival grounds.
The emphasis has
moved from the product to
the service
In a random Internet search I
undertook a few weeks ago, I discovered a number of Israeli companies that specialize in checking
the accuracy of telephone bills.
The companies offered their
services primarily to large and
medium-sized businesses that
have many telephone lines.
These service providers contact
the larger companies, offering
to help them understand their
telephone statements which in
the past they have paid without
having been able to verify that
they had in fact consumed the
telephone companies’ services
in the quantities for which they
had been charged.
The new Israel Standard for
telephone billing is expected to
significantly improve the awareness of the consumption of the
services of Israel’s telecommunications companies.
The city of Ra’anana achieved
certification to both ISO
9001:2000 and ISO 14001 as part
of its efforts to improve services
to its residents. Here, Ziva Patir,
(left) Director General of the
Standards Institution of Israel
(SII), presents the ISO 14001
certificate to the municipality.
When the dust settled, three
youths had paid with their lives
and tens of others had been
injured. The festival will forever
be ingrained in the memories
of anybody who was involved
in the event as a tragedy that
could have been averted had
there been standards for mass
events.
The new standard, SI 5688, Safety
at Mass Events, defines detailed
requirements. The standard is
ISO Management Systems – March-April 2006 45
© ISO Management Systems, www.iso.org/ims
STANDARDS FOR SERVICES
aimed both at the event manager
and at those with other roles and
relates to matters of health and
safety responsibility at events. It
has three levels :
detailed aspects are the following :
Upper level
• safety of electrical installations,
This includes a system to manage event safety based on an
existing standard (SI 18001
– Occupational Health and
Safety Management Systems
Specification) adapted to the
special characteristics of onetime events. Among its detailed
aspects are the following :
• setting of an event’s capacity,
• full registration of all sites at
which mass events are held,
• setting the event’s limits in
terms of place and time, and
expected number of participants,
• examination of the existence
and validity of required permits according to laws and
regulations (police, firefighters and others),
• official designation of those
people tasked with safety
matters, such as first aid providers,
• checking of dangerous elements such as buried pipes,
• a survey of hazards at the
site,
• emergency situation plans,
• post-event improvement processes, and more.
Middle layer
This includes details of all relevant, specific safety aspects for
mass events, and of the existing laws, regulations, standards
and requirements with respect
to each of them. Among its
• fire hazards and prevention
of conflagrations,
• erection of stages and fences,
• lighting, fireworks, projection
screens, emergency exits and
more.
Lower level
This calls up all standards
for every relevant and specific aspect of safety for mass
events.
The standard is meant to serve
organizations interested in staging mass events by eliminating
nonessential risks and by reducing to the lowest degree possible
all remaining dangers to which
people taking part in the event,
or who are in its vicinity, are
exposed. These include direct
participants, viewers, contractors, service providers and their
employees, and passersby.
In order to present a complete
framework that includes all
aspects of mass event safety, an
appendix to the standard contains recommendations for other areas of mass event safety,
including requirements for fire
safety, requirements for food
safety, and law enforcement
requirements for crowd safety.
Quality management and
services
Until about a decade ago, when
we reviewed the mix of organizations certified by SII as
meeting the ISO 9000 standards for quality management
systems, we found that most
of our customers were from
46 ISO Management Systems – March-April 2006
industry and manufacturing.
Today, some 60 % of our ISO
9001:2000 certifications are
service providers.
Service organizations have
undergone a real revolution
in the last few years and their
number continues to grow. If
we take, for example, the cellular telephone company we
discussed earlier and check
its Internet site, we will see a
real change.
A few years ago, we would
have seen on the site’s home
page photos of products such
as telephones, while today we
see the company’s declaration
of the great importance it places on quality.
In a quick search of the site,
we discovered that the company has in recent years – 2002,
2003 and 2004 – won first place
in the competition for customer service held by the Israel Institute of Management.
Furthermore, in 2004 the company also won the prize for
quality in industry. The company is deservedly proud of
its achievements in the field
of service.
ISO 9001 and local
government
One of the striking examples
of improvement in service as a
result of applying quality management standards can be seen
among Israel’s local authorities
– the urban, town and regional
councils that run local affairs
throughout the country.
A citizen dissatisfied with the
service he or she receives from
the local authority cannot
choose another service as the
local authority has no compe-
tition. All the citizen can do is
move to another area.
Israel’s local authorities are not
obliged to be certified to quality management system standards such as ISO 9001:2000.
However, these local authorities saw the benefit of quality
management standards in providing a benchmark by which
to measure customer service
improvements. Today, they
operate as a “ business ” in all
respects, continually improving
their systems and processes.
Ra’anana, just north of Tel
Aviv, is a small Israeli city
that underwent a real revolution in the provision of services to its residents. The city is
today certified to ISO 14001
and ISO 9001:2000. What motivates a city to adopt these standards ?
Ra’anana’s mayor wants to be
chosen over and over again in
the municipal elections and he
wants to show that he is doing
something to warrant the support of the electors. Therefore,
it is particularly noteworthy,
that in the last round of Israeli municipal elections, all mayors and heads of local councils
certified to ISO 9001:2000 were
re-elected. Is there a connection ? It seems there is.
A few years ago, Israel decided
to compensate mayors who succeeded in managing their cities
in a quality manner and who
also managed well the public
funds entrusted to them. This
year, Ra’anana won a large
cash prize. There are those who
attribute this to the city’s adoption of ISO 9001:2000.
© ISO Management Systems, www.iso.org/ims
STANDARDS FOR SERVICES
Transparency
One of the striking features that
comes to the forefront when
local authorities adopt quality
standards is transparency. Public
bodies must work hard to define
and characterize processes and
to make them available to residents – so that residents have
the tools by which to measure
the authority.
Ra’anana, for example, permits
its residents to measure it on
every subject dealt with by its
call center : How often is trash
collected ? How quickly does
the city attend to a dead animal
in the street once it has been
alerted ? How quickly does it
change a spent bulb in the city
street lighting ? When are tree
prunings removed?
Quality management systems in
the local authorities permit the
local council to examine recurring faults. If, for example, a
street light’s bulb was changed
on a given day, and after a few
days the light is again not working, an analysis can be made
to ascertain the nature of the
problem.
A publicly available report is
prepared for every fault. Satisfaction surveys are undertaken regularly among residents, constituting a wonderful
benchmark for dealing with
complaints.
In our technological age, municipal authorities have many
opportunities to shorten bureaucratic processes. For example, at
many authorities today it is
Officials of South Sharon Regional
Council, which implements ISO
9001:2000 in all its management
processes, receive an award for
excellence in managing public funds.
possible to register children
for school, to pay municipal
taxes and enjoy other services
through the Internet.
Preventive actions
Mosquitoes are a difficult problem during Israel’s long summer.
Responsibility for their extermination lies with the local authorities. If in the past the authority
acted every time it received a
complaint from residents about
mosquitoes in a certain area,
today the authority systematically exterminate mosquitoes
in those same areas before the
residents call to complain. These
preventive actions are one of the
most important aspects incorporated into municipalities’ quality management standards.
Security of residents has also
been upgraded with the adoption of quality management
standards. The city examines
and documents break-ins in the
municipality. As a result, the city
augments its security patrols in
exactly those areas and times to
reduce their occurrence.
Another example is seen in playground equipment. An Israeli
Standard defines all child safety
concerns with respect to playground equipment and to children using the playground. Local
authorities must map all playgrounds and their equipment and
prepare a service plan for them.
Some municipalities appeal to
their residents and say: “Our
annual budget is X and the
projects that we suggest for the
coming year are Y. Please provide your opinion on the projects and rank them according to
their importance to you.”
A special example in the municipal sector is the South Sharon
Regional Council. A regional
council represents a number of
types of settlement unique to
Israel, which in the South Sharon
jurisdiction include the semi-collective kibbutz, the moshav – a
type of cooperative rural village,
and the yishuv kehilati, a type of
“ community settlement.”
The South Sharon Regional Council, attempting to find
a common reference framework for dealing with all these
types of settlement, all of which
require the same municipal services, chose to adopt management processes conforming to
ISO 9001:2000. Through these
processes, the council succeeded in achieving a high level of
management of the services
it provides to its various customers.
For example, with the adoption of the standard, the council discovered that each of the
types of settlement within its
jurisdiction had a different kind
of street lighting. Older street
lighting required more frequent
bulb changing while bulbs in the
newer types lasted much longer. It also became clear that
bulbs for the older systems cost
quite a bit more than bulbs for
the newer systems. This may
sound like like a trivial matter,
but is actually very relevant for
a council that represents 32 separate communities.
Certification of processes
The Standards Institution of
Israel has developed a number
of certifications based on ISO
Guide 67, Conformity assessment – fundamentals of product
certification, for processes that
are essentially services.
For example, Israel has a hot
climate and a great number
of its citizens have air conditioning. Over the years, the
number of complaints about
noise from air conditioners and
about defective operation due
to their improper installation
has risen substantially.
Accordingly, Israel Standard
994 for the installation of air
conditioners was prepared and
through it SII certifies air conditioning installers.
A similar system is used with
respect to sealing of roofs.
Leaking roofs are a common
problem during Israel’s winters because most roofs in the
country are flat. SII certifies
contractors who specialize in
sealing flat roofs per Israel
Standard 1752. By engaging
approved contractors to perform this kind of work, the
Israeli consumer receives the
best possible service.
Similar certifications exist in
the areas of maintenance of fire
detection and extinguishing
systems, authorization for the
installation of vehicle protection systems and more.
•
ISO Management Systems – March-April 2006 47
© ISO Management Systems, www.iso.org/ims
NEXT ISSUE
SPECIAL REPORT
VIEWPOINT
Innovation and
standardization
ISO President, Professor
Masami Tanaka, writes :
“ Many a flash of
inspiration, many a
hot, new idea, when
examined in the
cold light of dawn
is found to face serious practical barriers to their implementation.” ISO’s
speciality, he continues, is
developing standards that
provide the link between
creative ideas and practical
implementation as manufacturable and marketable
products.
Consumers surveyed
on attitudes towards
ISO 9000
Wouldn’t it be useful for companies that invest in ISO 9001:2000
implementation and certification to have some hard data on
whether this led to a return in
the form of an improved perception on the part of consumers
of their organization, its products and services ?
Obviously, the answer is “ yes ! ”
It’s therefore curious to note
that while many surveys on the
impacts and benefits of the ISO
9000 standards have been carried out, most have dealt with
business-to-business issues. ISO
Management Systems helps set
the balance straight by report-
48 ISO Management Systems – March-April 2006
ISO 22000 from intent
to implementation
ISO 22000:2005 is the first
management system standard
on food safety to go beyond
the recommendations put forward in 1993 by the Codex Ali-
mentarius Commission. Inevitably, the arrival of this brand
new standard
with its updated approach
is accompanied by issues
of interpretation and how
to meet its
requirements.
of the feedback already gathered from users and gives some
pointers to tackling the issues
they raise.
STANDARDS FOR SERVICES
Focus on Germany
How broad
is the gap
between the
intent of the
standard and its implementation by users ? An expert who
took part in the design and
development of ISO 22000
gives a preliminary overview
INTERNATIONAL
ing on a survey to uncover
awareness of and attitudes to
ISO 9000 – on the part of the
consumer.
World’s biggest oil
company uses
ISO 9001:2000 in giant
SAP roll-out
The SAP Computer Center’s
Training & Change Management
Department of Saudi Aramco,
the world’s largest oil company, has turned to ISO 9001:2000
to provide a backbone for the
deployment of a massive SAP
enterprise resource planning
programme that has already
seen SAP training for 144 609
individuals since 2000 !
State-of-the-art quality management of each SAP implementation is essential because
SAP solutions are expected to
be operating within the company for the next 20 to 30 years
and are therefore critical to
Saudi Aramco’s strategic business objectives.
Trade and ISO 14001
diffusion
International trade can help
spread progressive environmental practices, such as those
specified in ISO 14001, if countries’ major export markets
have adopted this voluntary
standard. This is good news for
the environment because developed countries, which absorb
most of world’s exports, also
have high levels of ISO 14001
adoption among their firms.
Probably, you’ve heard the expression,
“ One good idea can change your life ! ”
Definitely, one good ISO standard could
change your business – for the better
ISO has more than 16 000 great standards for you to choose from !
Fight fires
before they break out.
ISO/IEC 27001:2005.
The systematic approach to managing information security.
People. Processes. Information Technology.
Available from ISO national member institutes (listed with contact
www.iso.org and from the ISO Central
details on the ISO Web site : www.iso.org)
Secretariat Web store at www.iso.org
or by e-mail at [email protected]
[email protected].