Tags Posts tagged with "ISO Standards"

ISO Standards

1 296
Predict, Survive, Grow - ISOUpdate.com

ISO 31000 is a standard on risk management developed by the International Organization for Standardization firstly in 2009 and updated in 2018. It is the international codification of the principles and guidelines of risk management, which emerged as a necessity to have one international standard which applied to all industries and organizations of all sizes. In other words, because there were a number of standards on risk management that different organizations in different industries were implementing, experts deemed it necessary for a new family of standards to emerge and to unify all the concepts in one single standard which would provide guidelines and strategies for implementing risk management. Later on, we will discover how ISO 31000 and ISO 22301 can be intertwined, and how can ISO 31000 deepen the risk management control in an organization that has already implemented ISO 22301 – business continuity management system.

Uncertainty is an inseparable part of every business, and as such, every company has to tackle the risks associated with uncertainty in every dimension of business operations. First, risks have to be identified, after which they are categorized and preventive and responsive measures for each identified risk are implemented. The nature of risk nowadays has evolved into unprecedented complexity, because the amount of data that goes in and out of companies is rapidly increasing. As such, unsurprisingly, contracts and insurance companies require mechanisms in place which make sure that the company is identifying and tackling risks.

ISO 31000 helps organizations protect their assets as well as increase the likelihood of achieving objectives by providing direction and risk management strategies. It is adaptable to the context of every organization and it helps mitigate risk within the organization by implementing risk-based decision-making and risk-based corporate culture. That is to say that both employees and stakeholders make decisions by always bearing in mind the risks associated with each decision, but at the same time, apart from seeing negative consequences, it helps a company also identify positive opportunities.

On the other hand, one of the most famous international standards which deal with the continuation of business operations and business security is ISO 22301. This is a standard on business continuity management and it is widely-implemented in organizations of all sizes and all industries. Differing from ISO 31000, ISO 22301 does lead a company to certification if the latter proves to have implemented the standard and its requirements.

The main goal of this standard is to offer a management system which makes sure that in case of incidents, of every nature, an organization can continue its crucial business operations – in other words, it can survive. Incidents can have a very different nature from each other, ranging from natural disasters to cyber-attacks, and ISO 22301 includes all of these kinds of incidents. It also helps a company to mitigate risk and to evaluate which risks are more imminent and more probable.

Based on these factors, and a proper understanding of the organization and its context, a Business Continuity Plan should be developed (BCP). This plan includes actions and measures to be taken in case of different scenarios, the persons in charge of every scenario and how to contact these persons in case that one of the scenarios happens. In other words, a BCP should be composed, but there should also be instruments to activate the BCP and responsible managers should be appointed for every situation, and the information should be communicated clearly so that every employee is aware of who to contact in different scenarios.

So, among other things, risk assessment and risk management are integral parts of business continuity, and this is where ISO 31000 and ISO 22301 intersect. In ISO 22301 there are two important clauses which deal specifically with risk: close 6.1 on “Actions to address risks and opportunities” and clause 8.2 on “Business impact analysis and risk assessment”.

Every business is exposed to risk, ranging from market risks, investment (or stock) risks, natural risks, cyber risks and so on. Depending on the scale of risk exposure, a company might choose to implement and get certified against ISO 22301, but at the same time have ISO 31000 as a guiding tool for risk-based thinking, risk strategies and risk-based corporate culture. It is a very good integration (but not an integrated management system, since ISO 31000 does not offer requirements but guidance) of two standards which can produce a very detailed and accurate platform, that can serve a business well in difficult times – and as history has often proved, it can help a company stay in business when faced with risks and challenges.

It is often argued that civilization started when the first humans learned to domesticate plants and were able to farm and harvest. In order to be able to farm, one must at least be able to recognize and know seasons, humidity and temperature as minimum requirements to be successful. So, in other words, it was the event of being able to predict which marked the beginning of civilization and its continuation and evolution to this point. We have developed immaculate methods (e.g. scientific method) to predict and forecast in order to survive, thrive and evolve. The same concepts apply to a business if you see it as thinking, living organism which is striving to evolve and thrive, but which also has to deal with the bad days where survival is the main objective. We can consider standards such as ISO 22301 and ISO 31000 as the scientific methods of the world of management, which help a business as a living organism to survive in these bad days while helping them reach their objectives and grow in good times.

About PECB

PECB is a certification body for persons, management systems, and products on a wide range of international standards. As a global provider of training, examination, audit, and certification services, PECB offers its expertise on multiple fields, including but not limited to Information Security, Business Continuity, Resilience and Recovery, Governance, Risk Management, and Compliance, Quality Management, IT Governance & Service Management, Health, Safety, and Sustainability.

About the Author

Julian Kuci is the Marketing Quality Assurance Manager at PECB. He is an honour graduate of RIT in Economics & Statistics and Public Policy & Governance. Julian holds a diploma in Transitional Justice from the Regional School of Transitional Justice and is certified against ISO 9001 – Quality Management and ISO/IEC 27001- Information Security Management.

0 535
AS9100 & The Importance of OASIS - ISOUpdate.com

As competition grows, the need for quality management is becoming more and more critical for every industry. Many industries have taken the backbone to all quality management system standards, ISO 9001, and added elements to ensure it works perfectly for them. The Aviation, Space and Defence industry was one of the first to do this when they released their own unique management systems standard in 1999. If you have been working in the aerospace industry, you understand the importance and criticality that the AS9100 standard now plays.

Defining AS9100

AS9100, which can also be written as EN 9100, was released in October of 1999, by the Society of Automotive Engineers and the European Association of Aerospace Industries. The intent was to create an aerospace standard that would ensure the safety of the consumer and provide the best quality to the customer. Almost all major aerospace companies have adopted these standards in their operations as well as throughout their supply chains.

AS9100 has also been endorsed by the major regulators in the industry: The Federal Aviation Administration (FAA), The U.S. Department of Defense (DoD) and National Aeronautics and Space Administration (NASA).

The AS9100 series of quality standards adds over 100 requirements to the ISO 9001 standard that apply specifically to the aerospace industry, including the following:

  • Additional configuration management
  • Special risk management
  • Industry-critical items
  • Increased focus on timely delivery
  • Focus on product management
  • Approval process and scope for suppliers
  • Prevention of counterfeit parts

Did you know? The AS9100 document was originally introduced by the American Society of Automotive Engineers and the European Association of Aerospace Industries. The document was subsequently picked up by the IAQG as a method of maintaining industry quality levels on a global scale. – Source

What are the Benefits of AS9100 to you as a Business Owner?

AS9100 is an effective way to promote that your organization is consistently capable of providing products and services that meet customer requirements and comply with all relevant and regulatory requirements. AS9100 also demonstrates your organization’s ability to enhance customer satisfaction and improve both processes and practices, and products and/or services.

Engagement in Employees

Understanding the value of engaging employees and having conversations directly about QMS and quality can improve not only the processes they are actively involved in but also the quality of their workmanship. ISO 9001 and AS9100 work to make the most efficient improvements throughout your organization, but engaging employees creates employees who are fully absorbed by and enthusiastic about their work and so take a positive action to further the organization’s reputation and interests. – Source

Engaged employees are more likely to: positively influence other employees; be more productive and profitable; provide better customer service; be more enthusiastic about their work; be comfortable staying in their role; offer positive suggestions for the organization, and offer word of mouth promotion for your organization.

Read a more detailed look into employee engagement.

Customer Satisfaction

Being customer-centric means you are able to extract and fulfil customer requirements and then follow up with feedback and steps that act upon that feedback. Happy customers are repeat customers, and in a study by Bain & Company detailing e-commerce shoppers, the study demonstrated that repeat customers can actually increase their profitability by attracting more clients to your organization through referrals.

Lower Costs

A study undertaken through the American Society for Quality (ASQ) showed that for every $1 spent on your QMS, you could expect to see an additional $6 in revenue, a $16 reduction in costs, and a $3 increase in profits. On average, they saw that quality management systems reduced costs by 4.8%.

Another study undertaken by the Harvard Business School showed that companies that adopted ISO 9001 had the following benefits:

  • Higher rates of survival
  • Increased Sales
  • Growth in employment
  • Increased wages
  • Less waste
  • Improved worker productivity

Read more about the ROI of Quality


The AS9100 Certification Process

AS9100 certification is conducted through an external and impartial audit by an accredited certification body. AS9100D certification is for 3 years, with your first audit being the certification audit, and 2 surveillance audits happening each consecutive year after certification. Every 3 years, if your organization wishes to continue to be certified to AS9100, your certification body will conduct a recertification audit and 2 surveillance audits in this same order.

It is important to note that before the certification audit can take place, your organization will need to internally assess that all AS9100 requirements are met. Consider this in layman’s, the period your organization needs to prepare for and study for a test.

You should also note that because of the complementary nature of ISO 9001 and AS9100, any organization seeking AS9100:2016 certification must first comply with ISO 9001:2015.

More on the Relationship Between ISO 9001 and AS9100

Some of the most important alterations between the 2008 and 2015 iterations of ISO 9001 that directly relate to AS9100 include:

  • A 10 clause structure based on the Annex SL formatting model
  • An increased focus on external processes, products and services
  • An expanded focus on stakeholder satisfaction and company performance
  • An improved approach to risk-based thinking and risk mitigation

Source

The AS9100 Certification Process starts with your organization understanding the guidelines that have been set out by AS9100 and ensuring the requirements are being met. Your organization might want to consider looking for a Consultant to help implement processes. To remain impartial, your AS9100 auditor and your Certification Body cannot offer suggestions to help you pass requirements, you will need to work with a third party to ensure success for your certification.


Find a Consultant here.


After you’re satisfied that your efforts will meet AS9100 requirements, your organization will then appoint an internal auditor that periodically checks whether those standards are being conformed to or not. In the case that an internal employee with the capability or experience does not exist, outsourcing to an auditor should be considered.

After your organization is satisfied with your capacity to achieve certification, you will want to start finding quotes from AS9100 Certification Bodies. Consider your choice of Certification Body carefully as you will be working with them consistently through the certification process, and at least once per year during recertification and surveillance audit periods.

It is important to note that if you are dissatisfied with your current CB, you can transfer your certificate to a different Certification Body at any time during the process. There is a transfer fee involved in moving your certificate, and to transfer your data in OASIS. However, you might find it is worth the investment.


You can find a Registrar here.  


What is OASIS

OASIS or Online Aerospace Supplier Information System, is an online directory of members of the IAQG that houses information on certified suppliers and their audits, accredited certification bodies, AQMS auditors, accreditation bodies, and participating National Aerospace Industry Associations (NAIA). – Source

The IAQG website defines themselves as “a cooperative organization within the aerospace & defence industry comprised of 3 sectors (Americas – AAQG, Asia/Pacific – APAQG and Europe – EAQG)” … and their purpose is defined to “establish and maintain a dynamic cooperation based on trust between aerospace & defence companies on initiatives to make significant improvements in quality performance and reductions in cost throughout the value stream”. – Source

The Importance of OASIS

Online Aerospace Supplier Information System (OASIS) is a database used to assist in the management and transparency of AS9100. OASIS is free to join and provides organizations with access to a list of CB’s, training providers, and accreditation bodies. OASIS can also be used to find other certified organizations or auditors who can perform AS audits.

Did you know? Through OASIS, you can check other organizations’ certification status and additional information regarding their certification such as approval status and the date of their last audit. The results of an organization’s audit can also be requested through OASIS.

While OASIS is a free database, it is mandatory. If any aerospace certified supplier refuses to be a part of OASIS or refuses to set up an OASIS administrator, Certification Bodies are required by the IAQG to revoke their certificate of registration. Your CB will be responsible for collecting and uploading information, including certificates, pertaining to individual aerospace companies into OASIS.


Why is AS9100 and its regulation so important? Consider the relationship you have and want to portray to your customers, suppliers, clients, and major interested parties. Certification to AS9100 is a way to demonstrate to these bodies that you are taking an active interest in promoting quality and efficiency in your industry. AS9100 is a cost-effective ROI, a confidence builder, and employee engaging solution to your inefficiency problems.

Get a Quote for AS9100D Certification

0 668

If your organization implements multiple ISO Standards and Quality Systems, automating and integrating these systems with an Integrated Management System is critical for maximizing business efficacy and eliminating workload duplication.

When an organization does not utilize an Integrated Management System the following issues may arise:

  • No simple and automated system to raise a finding which results in:
    • Recurrence of non-conformities
    • Products and services losing quality and credibility to stakeholders
    • Management systems losing all their preventive and corrective efficacy
  • Delays in the management and consolidation of indicators leading to:
    • A loss in productivity
    • A loss of credibility of information reporting systems
    • Erroneous decision making through incorrect data
  • Workload duplication causing:
    • Management Coordinators spends too much time managing the system.
    • A reduction in time-oriented improvement
    • Low motivation due to excessively bureaucratic work
  • Limited communication of system changes which leads to:
    • A lack of control, disorganization, lack of communication
    • Non-conformity in the system produced by documentary errors.
    • Low credibility of our management system against employees, management, customers, suppliers and other stakeholders.
  • Little control of the information generated in the different locations resulting in:
    • Decrease in control by the manager of the management system.
    • Inability to integrate information
  • Excessive time to apply surveys to customers
  • Revenue loss due to reoccurrence of errors
  • Lack of exhaustive analysis of the records and information generated by the system

    Automating and integrating ISO management systems have extensive business benefits including:

    • Simplifies document management which facilitates the deletion of redundant information and prevents duplication of documents and tasks.
    • Facilitates unification of the methods defined by the organization both for internal and external communication,
    • Unification of Training Plan methodologies
    • Streamlines processes for assessments and certification
    • Strengthens the foundations of continuous improvement
    • Reduction of the time spent in conducting audits

    To find a consultant who can assist your business with the integration of multiple standards into an Integrated Management System visit the Consultants Listings page on ISO Update http://isoupdate.com/consultant-listing