Information security SMS users welcome ISO/IEC 27001
Transcription
Information security SMS users welcome ISO/IEC 27001
Vol. 6, No. 2 IMS March-April 2006 ISO Management Systems When Results Count. ISO Standards. ISSN 1680-8096 Information security • Greenhouse gas accounting • ISO 22000 and world trade • People and quality S-Class and ISO/TR 14062 ISO 9001 in the media ? ISO 9001 in China ISO/IEC 17025:2005. The international accreditation standard for competent laboratories. Confidence in the competence of laboratories is frequently needed Competent laboratories operate to International Standards. • by businesses when testing new products, or ensuring that finished products are fit for sale Competent laboratories operate to ISO/IEC 17025:2005. • by government regulators and trade officials who require assurance about domestic or imported products before they can be placed on the market • by consumers and users of products who need assurance about the quality and reliability of testing and analysis relating to environmental, health or safety hazards. Available from ISO national member institutes (listed with contact details on the ISO Web site : www.iso.org) and from the ISO Central Secretariat Web store at www.iso.org or by e-mail at sales@iso.org. © ISO Management Systems, www.iso.org/ims EDITORIAL by Roger Frost A naked, unashamed marketing blurb A s catchy titles go, how do you rate the following : ISO 14064-1:2006, Greenhouse gases – Part 1 : Specification with guidance at the organization level for the quantification and reporting of greenhouse gas emissions and removals ? Or how about the sequel : ISO 14064-2 :2006, Greenhouse gases – Part 2 : Specification with guidance at the project level for the quantification, monitoring and reporting of greenhouse gas emission reductions and removal enhancements ? Or the concluding episode to the series : ISO 14064-3:2006, Greenhouse gases – Part 3 : Specification with guidance for the validation and verification of greenhouse gas assertions ? ed by the United Kingdom Meteorological Office in February 2005, contends that rising concentrations of greenhouse gases may have more serious impacts than previously believed, and that the poorest countries will be most vulnerable to the harmful effects. In the report’s foreword, British Prime Minister Tony Blair writes that “ it is now plain that the emission of greenhouse gases…is causing global warming at a rate that is unsustainable.” The stakes are high. ISO Secretary-General Alan Bryden has commented : “ Claims made about reductions of the greenhouse gas emissions widely held responsible for climate change may have political and financial implications, in addition to environmental and technical ones. Ensuring their credibility is thus vital.” The scope is both micro- and macroscopic : from local, national and regional to global levels. You’re forgiven if none of them is your idea of the title of a best seller. And yet… So far, ISO 14001 has rather overshadowed the other documents in ISO’s environmental management family. The publication of the ISO 14064 series (see pages 14-16) may change that. I certainly hope so. And this editorial is an unrepentant, bare-faced promotional “ blurb ” for the ISO 14064 series. Its aim is to encourage you to buy the standards and, even more so, to implement them. The dynamics are, to say the least, variable. Emissions and claims about them are likely to become the object of dealings that could range from principled negotiation, fair bargaining and consensus-seeking to pressure tactics, power moves and horse-trading. ISO 14064 and ISO 14065 : buy these standards — and use them ! And the same goes for the complementary ISO 14065 series, due next year, which specifies requirements to accredit or otherwise recognize bodies that undertake greenhouse gas validation or verification. The good environmental management practice distilled in ISO 14001 remains globally relevant. At the same time, to practise good environmental practice, it helps to have a good environment left in which to practise. And that’s where ISO 14064 and ISO 14065 come in. The negative effects on the physical, economic and social environments of an atmosphere rendered unstable by the build-up of greenhouse gas emissions have placed climate change and how to mitigate it as one of the most pressing items on the global agenda. Whatever the context, as the urgency to tackle the problem increases, so will the need intensify for a robust, internationally accepted tool for quantifying greenhouse gas emissions and verifying claims about them. That tool is ISO 14064. The standard has been developed by some 175 international experts from 45 countries and 19 liaison organizations, guided by the four principles of regime neutrality, technical rigour, extensive participation and speed-to-market. They have laboured to provide a variety of users with a flexible, credible and verifiable tool applicable across a variety of voluntary or regulatory greenhouse gas schemes. ISO 14064 and ISO 14065, like all tools, are made to be used. At another time of world crisis, the call, “ Give us the tools and we’ll finish the job ! ” came from a leader, Winston Churchill. This time, the call goes to leaders, political and economic, and could be expressed as, “You’ve got the tools – now please use them to get the job done ! ” A report entitled, Avoiding Dangerous Climate Change, which collates evidence presented by scientists at a conference host- ISO Management Systems – March-April 2006 1 What sort of manager are you ? Type A or Type B ? AB Option A Option B I’m focused on my own short-term goals. The future can take care of itself. Waste, finite resources and the environment are someone else’s problem. Good corporate citizenship is just “ window dressing.” I take the strategic view. My goal is sustainable business – without polluting or depleting the environment. I save money by cutting waste and making efficient use of resources. I respect the environmental concerns of customers, shareholders, employees, regulators, local communities, and society as a whole. If you ticked Option A, then running a business that meets the requirements for sustainable development is your objective. ISO has a road map to get you there : • ISO 14001:2004, Environmental management systems – Specification with guidance for use. • ISO 14004:2004, Environmental management systems – General guidelines on principles,systems and supporting techniques. • Newly revised • Globally relevant • Even clearer • Still more compatible with ISO 9001:2000 For ‘ A ’ class managers ! Available from ISO’s national member institutes (listed with contact details on the ISO Web site : www.iso.org) and ISO Central Secretariat (Web store + sales@iso.org). © ISO Management Systems, www.iso.org/ims CONTENTS VIEWPOINT 5 ISO 22000’s potential impact on world trade in agricultural products According to Raymond Saner and Ricardo Guilherme, ISO 22000, Food safety management systems, has the potential to bridge some of the gaps between the rich importing and the poor would-be exporting countries. The authors are respectively Director and associate trade researcher of the Centre for Socio-Eco-Nomic Development (CSEND). SPECIAL REPORT ISO MANAGEMENT SYSTEMS is published six times a year by the Central Secretariat of ISO (International Organization for Standardization) and is available in English, French and Spanish editions. Publisher : ISO Central Secretariat, 1, rue de Varembé, Case postale 56, CH-1211 Geneva 20, Switzerland. Tel. + 41 22 749 01 11. Fax + 41 22 733 34 30. E-mail central@iso.org Web www.iso.org Editor in Chief : Roger Frost. Contributing Editor : Garry Lambert. Artwork : Pascal Krieger, Pierre Granier. A one-year subscription (six issues) to ISO MANAGEMENT SYSTEMS costs 128 Swiss francs. Subscription enquiries : Sonia Rosas-Friot, ISO Central Secretariat. Tel. + 41 22 749 03 36. Fax + 41 22 749 09 47. E-mail sales@iso.org Advertising enquiries : ISO Central Secretariat, Case postale 56, CH-1211 Geneva 20, Switzerland. Contact : Régis Brinster. Tel. + 41 22 749 02 44. E-mail brinster@iso.org and SOGI Communication, 103, rue La Fayette, 75481 Paris cedex 10, France. Contact : Martin de Halleux. Tel. + 33 (0)1 42 81 94 00. E-mail halleux@qualite-references.com © ISO, March-April 2006. The views expressed in ISO MANAGEMENT SYSTEMS are those of the authors. The advertising of products, services, events or training courses in this publication does not imply their approval by ISO. Cover photo : © ISO 9 Information security – ISMS users welcome ISO/IEC 27001 – the new international benchmark Experienced users of information security management systems (ISMS) are rolling out the red carpet for the recently published ISO/IEC 27001:2005, which is set to become the international benchmark. ISO INSIDER 14 Launching of ISO 14064 for greenhouse gas accounting and verification • ISO studies people aspects in quality management • ISO prevents misuse of its name on Internet to the benefit of consumers INTERNATIONAL 28 Early adopters underline benefits of ISO 22000 Companies among the first in the world to implement ISO 22000 are underlining the benefits of the new International Standard for ensuring safe food supply chains. ISO 9000 in China’s Great March to quality The Chinese Government’s early and forward-looking support for ISO 9000 has paid dividends in integrating Chinese companies with global supply chains. ISO/TR 14062 gives Mercedes road map to designing environmentally friendly car The Mercedes Car Group has introduced the S-Class, a more environmentally friendly vehicle produced via a “Design for Environment” (DfE) programme using ISO/ TR 14062 and other standards in the ISO 14000 family. Breaking news – ISO 9001-based quality management for the media Two media quality management standards based on ISO 9001:2000 are now being rolled out by their first users in Belgium, France, India, Kenya, and Mexico. POM or BOM? The best way to implement ISO 14001 What’s needed ? Performance or balance ? POM BOM STANDARDS FOR SERVICES 44 Israeli standards for telephone billing and for mass events Innovatory service standards developed by the Standards Institution of Israel (SII) include ones to make telephone billing transparent and to ensure the safety of mass public events. NEXT ISSUE 48 ISO Management Systems – March-April 2006 3 ISO 22000 for safe food supply chains. ISO 22000, Food safety management systems – Requirements for any organization in the food chain. Available from ISO national member institutes (listed with contact details on the ISO Web site : www.iso.org) and from the ISO Central Secretariat Web store at www.iso.org. E-mail enquiries to sales@iso.org. Looks good. But is it safe ? © ISO Management Systems, www.iso.org/ims VIEWPOINT Hardly a day goes by without the media reporting on the difficult negotiations w i t h i n t h e Wo r l d Trade Organization (WTO) and the threat to international trade should there be no successful conclusion to the Doha Round. The problem most often reported centers around market access for agricultural products from developing countries that cannot pass the prohibitively high level of tariffs of the industrialized countries. Many of the developing countries suffer from deep poverty. The only products they can sell are agricultural products. Developed countries, on the other hand, are justifiably worried about health risks due to food poisoning and other foodrelated illnesses. The situation seems impossible to solve. However, ISO 22000, Food safety management systems – Requirements for any organization in the food chain, has the potential to bridge some of the gaps between the rich importing and the poor wouldbe exporting countries. Food safety and international trade To give an idea of the global importance of the food and agriculture sector, we can note that the European food industry alone represents a sector valued at USD 700 billion dollars and employment for more than 2,6 million people. 1) by Raymond Saner and Ricardo Guilherme ISO 22000’s potential impact on world trade in agricultural products Efficient and harmonized measures to ensure safe and adequate food supply chains and food management are of paramount importance to the citizens of all countries. For example, the worldwide concerns linked to genetically modified organisms and plants, avian flu or foot-and-mouth disease are examples of how such concerns affect our daily lives. To respond to such concerns, safety measures have been developed by different international organizations like the Food and Agriculture Organization (FAO), the World Health Organization (WHO), the WTO and ISO. Country Raymond Saner is Director of the Centre for Socio-Eco-Nomic Development (CSEND), an independent, non-governmental organization based in Geneva, Switzerland, specializing in capacity building, organizational reform and institutional development, and of its research and development branch, Diplomacy Dialogue. Ricardo Guilherme is associate trade researcher at CSEND, specializing in trade law. E-mail saner@csend.org Web www.csend.org Web www.diplomacydialogue.org While obviously necessary, each measure taken to ensure food safety and to ensure against food-related illnesses has potentially devastating impacts on the exporting countries, especially from developing and poor regions of the world. The importance and potential negative impact of food safety measures is even higher in developing countries, since the share of agriculture in GDP, as well as with regard to total population engaged in agriculture, represents major proportions in many of these often very poor countries (see Table 1). 1) “The Sixth Framework Programme – new research opportunities for SMEs ”, at http://sme.cordis.lu/thematic/ home.cfm (as of 7 December 2005). Share of agriculture in GDP Share of total population engaged in agriculture Bangladesh 30,0 59,6 India 27,0 56,8 Kenya 29,0 77,1 Pakistan 26,0 52,6 Senegal 18,0 75,0 Developing countries (average) 26,3 50,4 Table 1 – The importance of agriculture to wealth and employment in developing countries. FAO, “ Agriculture, Trade and Food Security : Issues and Options in the WTO Negotiations from the Perspective of Developing Countries ”, Geneva, 2000, Volume II (GDP data taken from World Bank, World Development Report, 1998/99). ISO Management Systems – March-April 2006 5 © ISO Management Systems, www.iso.org/ims VIEWPOINT Impact of SPS measures – Kenya The widely publicized case of European Union (EU) restrictions on fish exports from Lake Victoria in Kenya in 1997 gives us a glimpse of how hard food safety requirements and subsequent import restrictions can impact developing countries. The region of Lake Victoria was responsible in 2001 for over 95 % of all Kenyan fish landings (with Nile perch as the dominant species), having experienced a population inflow around the lake border of more than 1,2 million people in just two years. It is also worth noting that in the 1980’s and 1990’s, Kenyan fishery was almost totally exportoriented, mainly to the EU. However, due to several concerns related to hygiene, salmonella detection, pesticide residues and a cholera outbreak in East Africa, the EU practically banned importation of fresh fish from that region in 1997. This caused Nile perch exports to fall from 14 143 tonnes in 1996 to 10 881 tonnes in 1998, with export value dropping dramatically from USD 43,9 million in 1996 to USD 29 million in 1998. ITC and Commonwealth Secretariat, “ Influencing and Meeting International Standards – Challenges for Developing Countries ”, Geneva, 2003. Therefore, long-lasting food safety problems may result in very negative impacts on the economies of poor, developing countries (see box, Impact of SPS measures – Kenya ). The same holds true for stringent food safety compliance requirements – such as water treatment and fumigation requirements, maximum residue limits of pesticides and technical requirements higher than those in international standards – imposed on poorer and smaller nations (see box, Standards and non-tariff barriers ). Ideally, food safety measures should safeguard the lives of ISO 22000 has the potential to bridge some of the gaps between the rich and the poor countries the consumers while minimizing negative impacts on food producers whenever possible. Unfortunately, what is legitimate (food safety) is sometimes mixed up with illegitimate goals (protectionism of local food producers resulting in discrimination against foreign food producers). As the European Union (EU) Trade Commissioner, Peter Mandelson, has asserted, “…future challenges in trade policy [will be] in the so-called non-tariff barriers to trade, to which the question of standards is crucial … If not managed with care, these measures can be impediments to trade which are difficult to justify.” He went on to say, “ [It must be] confusing for a third country to receive one of 25 different national certificates for a product that is subject to harmonized EU rules ”. He added : “…we must not allow our standards to be based on prejudice, or as a response to pressure groups. The basis for them has to be sound scientific analysis .” Standards and non-tariff barriers Standards and non-tariff barriers can prove quasi-insurmountable obstacles when practised against least developed countries and small island nations. The case of Jamaican pepper is an example of how difficult compliance with sanitary and phytosanitary measures (SPS) can become. Jamaican hot pepper is a priority yield suitable for small producers, and directed to both domestic and foreign markets such as the US, Canada and Mexico. However, exports are currently lower than they were a decade ago. Among other factors such as marketing and production problems, food safety issues, like a gall midge infestation in 1997, prompted the US to demand fumigation on all peppers exported from Jamaica, including bell and chili peppers (even though the gall midge pest had been only detected in hot peppers). Quick action was taken by the Jamaican government to solve the issue, but the comprehensive measures requested by the US meant only that production costs would increase for Jamaica. To make matters worse, the Jamaican Hot Pepper Task Force and the US Animal and Plant Health Inspection Services (APHIS) agreed, in 2002, on a 10-point SPS system to remove the fumigation requirements In the event, Jamaica did not implement the system, highlighting the considerable problems that US measures have caused to Jamaican exporters. As the World Bank says, while the Jamaican government has been proactive to respond to the problem, pay-offs were close to zero and exports virtually crumbled. Henson, Spencer, and Jaffee, Steve, “Jamaica’s Trade in Ethnic Foods and Other Niche Products: The Impact of Food Safety and Plant Health Standards”, World Bank, 2005. 6 ISO Management Systems – March-April 2006 © ISO Management Systems, www.iso.org/ims VIEWPOINT In conclusion, the EU Trade Commissioner underlined the need for a continued push “ for harmonization of SPS products and process requirements through the establishment of international rules.” 2) or recommendations, where they exist ” 3). The Agreement defines the Codex Alimentarius Commission as the body responsible for establishment of standards, guidelines and recommendations related to food safety, Disparities are not limited to transactions between developed and developing countries ; divergences abound even in North-North and SouthSouth negotiations, corroborating the dire need for harmonization and homogeneous treatment of SPS measures in the international trading environment. In fact, more has to be done in terms of technical assistance and capacity building in poorer countries, particularly under the Standards and Trade Development Facility (STDF)5), a joint initiative by FAO, World Organization for Animal Health (OIE), World Bank, WHO and WTO. In a meeting held 29-30 June 2005 4), the WTO Committee on SPS Measures reported specific examples of trade concerns Harmonization The use of harmonized food safety measures between member countries of the WTO, on the basis of international standards developed by international organizations, constitutes a main goal of the WTO Agreement on the Application of Sanitary and Phytosanitary Measures ( SPS Agreement ). The SPS Agreement attempts to regulate harmonization when it comes to measures applied to protect human, animal or plant life or health, stating that, “to harmonize sanitary and phytosanitary measures on as wide a basis as possible, members shall base their sanitary or phytosanitary measures on international standards, guidelines food additives, veterinary drug and pesticide residues, contaminants, methods of analysis and sampling, and codes and guidelines of hygienic practice. Members are able to employ more stringent levels of protection, provided there is sound scientific justification and a non-discriminatory assessment of risks. But the fact of the matter is that the SPS Agreement sometimes provides for ambivalent flexibility in terms of applicable food safety measures, thus causing several compliance problems especially in the case of developing countries’ agricultural exports (see box, Standards and non-tariff barriers). tha t r an ge d from Australia’s import restrictions on apples from New Zealand, the EU and the United States, to the EU’s private retailers’ EurepGap fruit and vegetable restrictions against least developed countries (LDC’s), or also to Japan’s import suspension on heat-processed straw and forage for feed due to a footand-mouth disease outbreak in China. In the same meeting, China asserted that the “volume of notifications of SPS measures posed a significant problem for developing countries”, in contradiction with special and differential treatment for developing countries, and in particular LDC’s. ISO 22000 – a feasible alternative ? The importance of ISO to the current debate on food safety is clear. ISO has a long-standing and productive cooperation with the Codex Alimentarius Commission with more than 300 ISO standards having 2) Speech by Peter Mandelson at the Conference on EU Exports and Sanitary and Phytosanitary Measures, Brussels, 27 May 2005. 3) WTO Agreement on the Application of Sanitary and Phytosanitary Measures, Article 3.1 (excerpt). 4) WTO Committee on Sanitary and Phytosanitary Measures, summary of the meeting held on 29-30 June 2005 (G/SPS/R/37/Rev.1), 18 August 2005. 5) See www.standardsfacility.org. ISO Management Systems – March-April 2006 7 © ISO Management Systems, www.iso.org/ims VIEWPOINT HACCP steps been adopted by Codex in such areas as food products, water quality, chemistry and conformity assessment 6). This historically tight cooperation between ISO and Codex means that proper harmonization of food safety management systems may not be just a distant ambition, but a viable objective after all under the international trade framework. Food safety problems may result in very negative impacts on the economies of poor, developing countries Accordingly, at a July 2005 session of Codex, several governmental delegations underlined the view that ISO’s activities in providing harmonized international standards for adoption as national standards are important, and that Codex should continue its cooperation with ISO in the relevant areas. The complementary character of ISO and Codex denoted the importance of an optimized coordination between the two bodies 7). ISO 22000, published on 1 September 2005, solidifies a response to an increasingly diverse mesh of domestic food safety regulations, without sidetracking from the wider scope of the ISO 9001:2000 quality management system standard and the Hazard Analysis and Critical Control Point (HACCP) parameters adopted by Codex. 8 ISO Management Systems – March-April 2006 By facilitating the implementation of HACCP guidelines and harmonizing otherwise diverse national regulations, the ISO 22000 standard might be able to respond to legitimate food safety requirements while at the same time help reduce the non-tariff barriers caused by the use of illegitimate (protectionist) SPS measures. ISO 22000 mirrors the HACCP principles and facilitates their practical implementation on a step-by-step basis (see Table 2), striking a homogeneous balance as a food safety standard for countries and private players alike. With its “ food chain/processdriven ” approach, ISO 22000 treats food safety concerns in a holistic manner that efficiently oversees the “ forest ” of safety requirements, while linking individual processes to the whole system and ensuring objective measurement of results. This means that domestic food safety management systems around the world could be subject to equivalent performance evaluations. At the same time, capacity-building efforts, instead of aiming at costly bilateral compliance initiatives, could be more easily implemented in an internationally accepted manner, even if adjustments to regional conditions are to be taken into account. ISO 22000 – strategic step ISO 22000, covering HACCP principles, Codex application steps and the main requirements of private food retail- Equivalent coverage by ISO 22000 ? Hazard Analysis YES Critical Control Point (CCP) Determination YES CCP Limits YES Monitoring of CCPs YES Corrective Action Plan YES System Verification YES Documentation YES Table 2 – Comparison of HACCP and ISO 22000. ers, may play a crucial role in the attainment of a basic food safety standard for producers in developed and developing countries. It thus represents a strategic step towards further harmonization of food safety demands in the global arena. In other words, ISO 22000 would be able to moderate concerns related to trade barrier negotiations and streamline capacitybuilding efforts in developing countries. If properly adopted and implemented by countries, it would reflect universally accepted food safety requirements, demanding fewer disparate efforts by countries and producers on tight budgets. With the potential for increased transparency and traceability measures, ISO 22000 is a useful tool to address the sensitive issue of SPS measures as discriminatory or disguised restrictions in international trade and in access to export markets. ISO 22000 could be the main conduit for SPS trade facilitation, simplifying formalities connected with importation and exportation, and allowing developing countries to create more employment, increase domestic revenue and meet the necessary poverty reduction and millennium development goals in due course 8). And given proper political will by member countries, official endorsement of ISO 22000 and other ISO standards by the SPS Agreement, in cooperation with ISO, national accreditation authorities and the STDF initiative, would finally enable effective WTO negotiations on the harmonization of standards. This would ensure that the food safety interests of most countries do not conflict with the capacity-building and market access needs of poorer nations. • 6) WTO Committee on Sanitary and Phytosanitary Measures, statement by the representative of ISO at the meeting of 29-30 June 2005 (G/SPS/GEN/589), 11 July 2005. One may also mention the newly published ISO/PAS 28000 specification or supply chain security management systems as an additional apparatus to foster smooth and coordinated flows of international trade among countries. 7) Codex Alimentarius Commission, Report of the Twenty-Eighth Session on 4-9 July 2005 (Alinorm 05/28/41), Rome, 2005. 8) See, for instance, Annex E of the Draft Ministerial Text (Doha Work Programme – Preparations for the Sixth Session) of the Ministerial Conference, 2005. © ISO Management Systems, www.iso.org/ims SPECIAL REPORT ISMS users welcome ISO/IEC 27001– the new international benchmark Experienced users of information security management systems (ISMS) are rolling out the red carpet for the recently published ISO/IEC 27001:2005, which is set to become the international benchmark. This Special Report gives voice to the customers of the standard. A follow-up article in the next issue of ISO Management Systems will provide implementation guidance. Information is an all-pervasive asset that drives operations and processes across all business areas. Today, information is considered as a key business commodity and is ascribed business value, utility and importance. by Ted Humphreys Ted Humphreys serves as Convenor of the Joint Technical Committee, ISO/IEC JTC 1, Information Technology, Subcommittee 27, IT Security techniques, Working Group 1, Requirements, services and guidelines. He is also Director of XiSEC, a company specializing in information security management systems. Tel. + 44 1473 626615. E-mail tedxisec@aol.com Web www.xisec.com Recognizing the business value of information is of extreme importance to all organizations. In summary, business needs to make sure it manages its information effectively to get the most value out of it. This means managing information security risks to ensure that information is not : • denied or made unavailable – e.g. this could be a denial of service attack from an external threat, or due to an accidental system failure or overload ; • lost, destroyed or corrupted – e.g. this could be an attack from an external threat, or an accidental system failure or user processing error ; or • leaked, disclosed without authority, or stolen – e.g. this could be an attack from ISO Management Systems – March-April 2006 9 © ISO Management Systems, www.iso.org/ims SPECIAL REPORT an external threat, an accidental system failure, or an insider leaking information to competitors or external colleagues. Without information security, the business is faced with various negative impacts including financial consequences, weakened protection of the organization’s intellectual capital and IPR, loss of market share, poor productivity and performance ratings, ineffective operations, inability to comply with laws and regulations, or loss of image and reputation. Today, information is considered as a key business commodity The recently published standard ISO/IEC 27001:2005, Information technology – Security techniques – Information security management systems – Requirements, provides a basis for designing and deploying a management system for information security. This ISO/IEC standard revises and improves on the hugely successful previous information security management system (ISMS) standard from British Standards Institution (BSI) BS 7799 Part 2:2002, which it replaces. This article provides feedback from some of those thousands of businesses that have already been using an ISMS to manage and protect the critical and important asset of information. BAE Systems Bofors AB, Sweden “ It is vital to be certified both for us and for our customers. Since we also deal with many international contacts, a worldwide certificate of this kind is essential.” Anders Jonsson, Director of Information Technology. BAE Systems Bofors Managing information security As a management tool, ISO/ IEC 27001 relates to the broader roles and responsibilities of an organization such as corporate social responsibility, governance and legal and regulatory obligations. All these aspects can be associated with the increasing dependence of businesses on information systems and information and communication technologies (ICT). ISO/IEC 27001 is a risk-based specification designed to take care of the information security aspects of corporate governance, protection of tangible and non-tangible assets information assets and legal and contractual obligations, as well as the wide range of threats to the organization’s ICT systems and business processes. Applying the ISO/IEC 27001 risk management philosophy as part of the business’s overall risk approach provides the organization with the means to implement effective information security management in compliance with the organ- 10 ISO Management Systems – March-April 2006 ization’s objectives and business requirements. Certification is not a mandatory requirement of ISO/IEC 27001 ISMS certification Tata Steel, India Certification in compliance with BS 7799 Part 2 has been in place for several years now. Certification is not a mandatory requirement of ISO /IEC 27001:2005 (or of BS 7799 Part 2) – it is the decision of the organization whether or not to take the certification route. ISO/IEC 27001:2005 (and previously BS 7799 Part 2) can be used without going for certification. “ Tata Steel felt the need to improve information security due to increased usage and dependence on IT and increased risk perception by its stakeholders. We were certified for fulfilling the requirements of BS7799 Part 2 standard in 2003. However, over 2 000 organizations from over 50 countries have been certified and the growth in this area is increasing rapidly. The International Register of ISMS Certificates is available on the Web at www. ISO27001certificates.com and provides a comprehensive, country-by-country overview of all the organizations that have been certified. The following selection of organizations that did decide to go for certification highlights a number of motivations and benefits. “ By implementation of the controls and framework of BS7799 Part 2, we have been able to reduce information security risks, threats and provide assurance to our stakeholders. It has helped us to build an environment of information security awareness and lay down a focused and structured approach towards security management. “ We welcome the release of ISO/IEC 27001 for providing an international framework for improving information security controls and their implementation.” Raghavendra Mathur Head IT Infrastructure, Tata Steel © ISO Management Systems, www.iso.org/ims SPECIAL REPORT Siemens Business Services GmbH, Vienna, Austria “ We have striven for certification because this standard offers a maximum of security. When making offers, we enclose the certificate according to BS 7799 Part 2. This spares us the necessity to furnish additional evidence on information security – a real competitive advantage ”. Dr. Albert Felbauer, General Manager, Siemens Business Services Range of market sectors The organizations that are already implementing ISO/IEC 27001 cut across a wide range of market sectors, including: telecoms, financial and insurance services, manufacturing sector, utilities (electricity, gas, oil, water), retail industry, service industry, healthcare, police and emergency services, universities and government departments. tion bodies that approve certification bodies are allowing 18 months from the publication of ISO/IEC 27001 (15 October 2005) for the latter to make arrangements with their clients for making the transition to the new standard. User feedback The following feedback on information security management systems comes from a selection of organizations that have already benefited from ISO/IEC 27001, or that are experienced users of BS 7799 Part 2 and are now making the transition to the new International Standard. Larsen & Toubro Limited, India Larsen & Toubro was the first company in the world certified to ISO/IEC 27001:2005. L&T is one of the Asia’s largest engineering and construction con- glomerates with business in the chemical, petrochemical, fertilizer, hydrocarbon, oil and gas, nuclear and hydro power, cement, minerals, automobile, aerospace, ship building and allied sectors. With its joint ventures such as L&T Chiyoda and L&T Sargent & Lundy, its activities include computer-assisted engineering, process technology, basic and detailed engineering, heavy engineering, modular fabrication, project management, procurement, logistics, erection, construction and commissioning. “ Our engineering procurement and construction business environment, dealing with large lump-sum turnkey projects, involves a variety of complex factors such as global level dependencies, co-ordination between players, and location issues, besides technology, competence and business risks. As such, it is only logical for us to leverage the information technology potential to meet our business objectives and grow a breed of satisfied customers. “With the increasing use of IT in our day-to-day business operations, protecting the business’ critical information and information processing assets from all possible threats and vulnerabilities is more important now than ever before, considering the business dependency. Larsen & Toubro (L&T), India, one of the Asia’s largest engineering and construction conglomerates, was the first company in the world certified to ISO/IEC 27001:2005. The feedback coming in from around the world is that businesses have been eagerly waiting for the arrival ISO/IEC 27001 in order to achieve certification to an internationally recognized benchmark. It is expected that this will accelerate the growth in the certification business following on the success of ISO 9001 and ISO 14001. Now that ISO/IEC 27001:2005 has been published, BS 7799 Part 2: 2005 has been withdrawn and all current certificates will need to be upgraded into ISO/IEC 27001 certificates. The national accredita- ISO Management Systems – March-April 2006 11 © ISO Management Systems, www.iso.org/ims SPECIAL REPORT “ IT security concerns have been uppermost in our mind, prompting us to collaborate with both governmental and nongovernmental agencies and professional forums such as ISO/IEC, BSI, ISMS-International Users’ Group (ISMSIUG), etc., besides ensuring compliance to IT security best practices. We are proud to be part of the global developmental efforts on IT security management and to pioneer the trends. K. Venkataramanan, President (Operations) of L&T, India: ‘The ISMS in accordance with ISO/IEC 27001…assures the top management of the consistency of actions and ability to respond to challenging business situations in the event of any disaster.’ “The ISMS in accordance with ISO/IEC 27001 ensures formal structured business risks assessment and guides application of security controls and technology. It assures the top management of the consistency of actions and ability to respond to challenging business situations in the event of any disaster. “ B e s i d e s t h i s, i t h e l p s i n spreading information security awareness and the need for compliance across the organization.” security and provide its customers with the confidence to know that industry best practice was being rigorously followed. K. Venkataramanan, President (Operations) & Member of the Board, L&T “Commitment to the standard has already helped the company win business with a range of local and central government clients in addition to several larger corporate clients within the private sector. Customers appreciated the assurance of Nesco’s regular six-monthly external audits by an independent, accredited third party certification body. Nesco Group, United Kingdom “ As an IT recruitment and training organization, the Nesco Group was experienced in handling sensitive and confidential information. As the business continued to grow and the volume and sensitivity of both internally and externally generated information increased, so did the need for the group to demonstrate a commitment to information security to its customers and prospects alike. “ Certification to BS 7799 has demonstrated that the Nesco Group is a secure organization with which to do business. Achieving BS 7799 is clear demonstration of our commitment to providing the very highest levels of information security.” Tina Holt, Operations Director and Director of Security, Nesco Group “As a significant supplier of services to the public sector, the Nesco Group identified BS 7799 as a key differentiator within this increasingly important market sector. The Nesco Group knew that by being one of the first IT recruitment and training companies to implement an ISMS, certified to BS 7799, this would publicly reaffirm its commitment to data 12 ISO Management Systems – March-April 2006 “ It is vital that the company’s recruitment and training activities are protected from security breaches or interruption. It was primarily for this reason that the company chose to achieve BS 7799. The ISMS ensures that any risk to the group’s internal systems and the data they carry are controlled and the chances of a security breach or interruption are minimized. “ The ISMS features a strict security policy, supported by regular security forums and audits. The regime covers the physical security of all premises and IT assets, provides for back-up systems and a disaster recovery plan and includes ongoing security training for all employees. “ Our recruitment and training customers trust us with their confidential information. Achieving BS 7799 enabled us to reassure them that their trust was well placed.” Brian Wilshaw, Senior Business Development Manager, Nesco Group TDS AG, Germany “ As an IT service provider with a comprehensive outsourcing service spectrum, TDS AG has had information security certifications for many years. These include, for example, the IT Baseline Protection from the German authority for IT security. “ In addition, the company’s data centres were certified in accordance with ISO/IEC 27001 in 2005. To achieve this, it was necessary to carry out risk analyses for all hardware and software systems. “ The new ISO/IEC 27001 was important for TDS because it was easier to integrate with the existing quality and information security management system and it was possible to simplify the documentation. “ The new standard especially demands a measurability of information security. To describe and ‘live’ information security is one thing. To constantly measure it is another, more important undertaking. This resulted in the addition of continual improvement of the ISMS processes. “The biggest advantage of the ISO/IEC 27001 certification for TDS is first and foremost that it is an ISO/IEC standard which is recognized internationally. As TDS operates internationally, this was a very important aspect. “ Additional security also requires the integration of subcontractors during and after the end of the working relationship. So within the ISO/ IEC 27001 requirements that © ISO Management Systems, www.iso.org/ims SPECIAL REPORT Knut Krabbes, Quality and Security Manager of TDS, Germany : ‘ The biggest advantage of the ISO/IEC 27001 certification for TDS is first and foremost that it is an ISO/IEC standard which is recognized internationally.’ ensuring the integrity, accessibility and availability of information to its clients – other governmental departments and police, fire and health services on the island. is important that these organizations know they are handling secure data and that all relevant legislation – such as the Data Protection Act – is being adhered to. “ISD has now made compliance with BS 7799 a contractual obligation for its business critical outsourced services. This policy has already seen Manx Telecom, who manages the government’s wide area network (WAN), achieve certification to BS 7799 for its business. “ Improved management. The move from a technical focus to a more business-led focus has seen some significant changes in working practices. There are now clearer responsibilities and roles and a single repository for information with centralized documentation under strict version control is therefore more easily accessible. “ The benefits of an ISMS include the following : have now been created, these sub-contractors are to be monitored. Through the new standard, an increase in the precision of the requirements has been reached, so that audits also contain informed statements. “ Process improvement. Areas for improvement are now easier to identify. ISD changed the way in which it approached its formal incident procedure which has led to service improvement. “ I am convinced that through the new ISO/IEC 27001 standard, a big step towards more security in the TDS Group has been achieved.” “ A typical example of this would be where a server has failed. Previously, the failure would have been noted, fixed and normal service resumed. Now, it is classified as a corrective action, the reasons for the failure examined more carefully and measures put in place which in turn should help reduce system down-time. Knut Krabbes, Quality and Security Manager, TDS AG Isle of Man Government “Achieving BS 7799 is a cornerstone of the government’s strategy in bringing about fundamental changes in the way it uses IT and in its external positioning as the ‘e-island ’. “The Information Systems Division (ISD) is at the heart of this project, providing a robust and effective technical infrastructure and promoting development of pan-government processes. “Achieving high standards of information security was fundamental to the project and in “ Business assurance. Certification to the standard has raised the profile of the ISD within the government and gives valuable assurance to customers and suppliers that it is following best practice, which is particularly important where data is shared with off-island organizations. “ For example, the island’s police and health services regularly share data with their United Kingdom counterparts. Here, it “This in turn has helped improve communications throughout the division which consists of 150 users spread over three sites. “ BS 7799 has enabled us to drive through a significant business change and improvement programme and will continue to keep us focused on new initiatives and process improvement. “We have recently been assessed against the new and enhanced requirements of ISO/IEC 27001 by our certification body and are currently awaiting our certificate.” Allan Paterson, Director, Information Systems Division, Treasury, Isle of Man Government ISMS success factors It is important that organizations implementing ISO/IEC 27001 : • stay focused on the business needs ; • always consider information security as an integrated part of implementing the business objectives for risk management, governance and deploying cost-effective measures for the organization’s commercial well-being ; • consider information security as a business culture, as proposed by the OECD Security Principles : • make sure information security is an on-going process to achieve effective deployment of an ISMS to ensure the businesses security posture is kept up to date through continual improvement ; • win management commitment early in the process ; and • involve a multi-disciplinary approach across the business as security should not be left to the IT department – it should be regarded as a corporate issue with responsibilities assigned across all levels of management and staff roles. Out-perform ISO/IEC 27001:2005 is already establishing itself as the international benchmark for information security management systems. As users testify, it provides many benefits to businesses, ensuring their security and well-being and allowing them to be successful in today’s riskpervasive environments. The feedback indicates that ISO/IEC 27001 is destined even to out-perform its highly successful forerunner, BS 7799 Part 2, and is set for worldwide implementation across the whole spectrum of markets and business sectors. • ISO Management Systems – March-April 2006 13 © ISO Management Systems, www.iso.org/ims ISO INSIDER Launching of ISO 14064 for greenhouse gas accounting and verification by Chan Kook Weng and Kevin Boehmer in 2002 by the ISO Technical Management Board’s Ad Hoc Group on Climate Change. It observed that governments, business corporations and voluntary initiatives were using a number of approaches to account for organization- and project-level GHG emissions and removals with no generally accepted validation or verification protocols. ISO was preparing to launch its new international greenhouse gas (GHG) accounting and verification standards – the three-part ISO 14064 – when this issue of ISO Management Systems went to press. ISO’s goal in developing the standards is to provide a set of unambiguous and verifiable requirements or specifications to support organizations and proponents of GHG emission reduction projects. When they use ISO 14064 for quantification, reporting and verification, it will ensure that “ a tonne of carbon is always a tonne of carbon .” ISO 14064 has resulted from several years of detailed study and engagement with the international community of governmental and business organizations with a stake in climate Some 175 international experts from 45 countries and 19 liaison organizations participated in developing ISO 14064 In response, the Department of Standards Malaysia (DSM – www.dsm.gov.my) and the Standards Council of Canada (SCC – www.scc.ca) proposed the development of ISO 14064 and have since managed some 175 international experts from 45 countries and 19 liaison organizations through eight international meetings to complete the standard. ISO 14064, Greenhouse gases, comprises three parts, respectively detailing specifications and guidance for the organizational and project levels, and for validation and verification. Organizational level Part 1: Specification with guidance at the organization level for the quantification and reporting of greenhouse gas emissions and removals, details principles and requirements for designing, developing, managing and reporting organizational- or company-level GHG inventories. ISO 14064 objectives are to : change. It has been developed by Working Group (WG) 5 on Climate Change of ISO Technical Committee (TC) 207, which is responsible for the ISO 14000 family of environmental management standards. These high profile standards – which were presented at the United Nations Climate Change Conference in Montreal, Canada, in late 2005 – will provide clarity and consistency between those reporting GHG emissions and stakeholders. ISO 14064 provides a solution to the problem brought to light 14 ISO Management Systems – March-April 2006 • enhance environmental integrity by promoting consistency, transparency and credibility in GHG quantification, monitoring, reporting and verification ; • enable organizations to identify and manage GHGrelated liabilities, assets and risks ; • facilitate the trade of GHG allowances or credits ; and • support the design, development and implementation of comparable and consistent GHG schemes or programmes. Dr. Chan Kook Weng (left) is Convenor, ISO/TC 207 Working Group 5 on Climate Change. He is a Senior Research Fellow with the Malaysian Palm Oil Board. Kevin Boehmer (right) is Secretary, ISO TC/207/WG 5. He is a Programme Manager with the Canadian Standards Association. E-mail kevin.boehmer@csa.ca Web www.csa.ca Web www.tc207.org © ISO Management Systems, www.iso.org/ims ISO INSIDER It includes requirements for determining organizational boundaries, GHG emission boundaries, quantifying an organization’s GHG emissions and removals, and identifying specific company actions or activities aimed at improving GHG management. ISO 14064 will be complemented by ISO 14065 on accreditation of GHG verification or validation bodies Part 1 will be of interest to organizations participating in voluntary GHG registries or regulatory allowance-based schemes, or GHG scheme administrators designing such programmes or schemes. GHG projects or project-based activities specifically designed to reduce GHG emissions or increase GHG removals. It includes principles and requirements for determin- ing project baseline scenarios and for monitoring, quantifying and reporting project performance relative to the baseline scenario and provides the basis for GHG projects to be validated and verified. Part 1 is consistent with best practice established in the Greenhouse Gas Protocol Corporate Accounting Standard developed by the World Business Council for Sustainable Development and the World Resources Institute. Project level It also includes requirements and guidance on inventory quality management, reporting, internal auditing and the organization’s responsibilities in verification activities. Part 2 : Specification with guidance at the project level for the quantification, monitoring and reporting of greenhouse gas emission reductions and removal enhancements, focuses on ISO 14064-1 Design and develop organizational GHG inventories ISO 14064-2 Design and implement GHG projects GHG inventory documentation and Reports GHG project documentation and reports GHG Assertion Verification Verification process Programme specific Level of assurance consistent with needs of intended user ISO 14064-3 GHG Assertion Validation and/or verification Validation and verification process For example ISO 14065 (To be published) Requirements for validation or verification bodies Programme specific Figure 1 – The relationships between the three parts of ISO 14064 and ISO 14065. The Part 2 standard will be of interest to project proponents participating in voluntary programmes or regulatory credit-based schemes, or GHG scheme administrators designing such programmes or schemes. Requirements of the applicable GHG programme or intended users Part 2 of ISO 14064 requires users to select or establish relevant good practice guidance in fulfilling many of its requirements to ensure compatibility with existing (e.g., Clean Development Mechanism) or emerging practice. Validation and verification Part 3 : Specification with guidance for the validation and verification of greenhouse gas assertions, details principles and requirements for verifying GHG inventories and ISO Management Systems – March-April 2006 15 © ISO Management Systems, www.iso.org/ims ISO INSIDER validating or verifying GHG projects. ISO 14064 process principles It describes the process for GHG-related validation or verification and specifies components such as validation or verification planning, assessment procedures and the evaluation of organization or project GHG assertions. Regime neutrality – ISO 14064 is GHG regime or scheme neutral. In other words, the developers of ISO 14064 balanced being “ scheme sensitive ” with becoming “ scheme selective ” or being “ policy relevant ” with becoming “ policy prescriptive ”. ISO 14064 Part 3 can be used by organizations or independent parties to validate or verify GHG assertions and establishes new international best practice for the GHG validation or verification process. Technical rigour – The developers of ISO 14064 recognized that anything short of a technically rigorous standard would loose market credibility and relevance. To this end, each Part of ISO 14064 treats technical best practice in its own way – Part 1 maintains consistency with existing best practice (eg, GHG Protocol), Part 2 is designed to be compatible with existing best practice or allows for the establishment and justification of new best practice, while Part 3 establishes new international best practice. ISO 14065 ISO 14064 will be complemented by ISO 14065, which specifies requirements to accredit or otherwise recognize bodies that undertake GHG validation or verification using ISO 14064 or other relevant standards or specifications. Extensive participation – WG 5 recognized that the credibility of ISO 14064 might be impacted by the extensiveness of participation in the standards development process. The participation of various countries, regions, stakeholder groups and technical experts was therefore encouraged to ensure different perspectives ; needs and expertise were accounted for. ISO 14064 embodies the principles of regime neutrality, technical rigour, extensive participation and speed-to-market ISO 14065 is being developed by the joint Working Group 6, which was set up in 2004 and comprises experts from ISO/ TC 207 and ISO/CASCO, Committee on conformity assessment, managed by the South African Bureau of Standards (SABS – www.sabs.co.za) in partnership with the Standards Council of Canada. The standard is expected to be published in early 2007. Speed-to-market – As a variety of GHG initiatives and schemes have been established, are under development or are being planned, WG 5 committed to an ambitious, but responsible schedule to complete the standard. WG 5 delivered ISO 14064 in about three-and-a-half years. Table 1 – ISO 14064 process principles. Figure 1 (preceeding page) shows the relationships between the three parts of ISO 14064 and ISO 14065. Challenges The developers of ISO 14064, whilst taking advantage of ISO’s reputation and process 16 ISO Management Systems – March-April 2006 strengths, were not immune from the challenges of standardization in this sometimes complex and always political area. To help guide their work, WG 5 established and maintained the four principles of regime neutrality, technical rigour, extensive participation, speed-tomarket (see Table 1). ISO 14064 developers regularly revisited these process principles to help ensure that the standards would provide a variety of users with a flexible, credible and verifiable tool applicable across a variety of voluntary or regulatory GHG schemes. WG 5 is not under the illusion that ISO 14064 will represent a “ total solution ” to GHG accounting and verification needs, but is confident that it represents an important “ building block ” to organizations or project proponents participating in various voluntary or regulatory initiatives, or to administrators responsible for designing and implementing GHG schemes or programmes. Striking example ISO Secretary-General Alan Bryden recently commented: “ Claims made about reductions of the greenhouse gas emissions widely held responsible for climate change may have political and financial implications, in addition to environmental and technical ones. Ensuring their credibility is thus vital. “ ISO is combining its environmental and conformity assessment expertise to develop tools for measuring, validating and verifying such claims. This is a striking example of how ISO’s work can help to provide practical tools for meeting the global challenges that the international community is wrestling with.” • © ISO Management Systems, www.iso.org/ims ISO INSIDER ISO studies people aspects in quality management by Peter Merrill The opening paragraph of ISO 9000:2000, Quality management systems – Fundamentals and vocabulary, contains eight quality management principles which are the basis of the ISO 9000:2000 series. The standard starts by saying that a successful organization is Customer focused. The job of the Leadership is to set direction, create objectives for the organization and Involve people, who are the essence of the organization, in achieving those objectives. The principles continue by saying that most efficient way of using an organization’s resources is through the Proc- Organizations that manage their people well score the highest marks for successful implementation of quality management ess approach and the processes in the organization need to come together as a System. It must be a permanent objective of any organization to seek Continual improvement. If you do not, then your competition will overtake you. The way to drive continual improvement is through a Factual approach to decision making. Finally, Mutually beneficial supplier relationships give the greatest value to the customer and this recognizes that a business system operates in an “ eco-system ” with other businesses. Four of the principles, the Process approach, a System approach to management, Continual improvement and a Factual approach to decision making focus on the “ hard skill ” or “ process ” aspects of an organization. ISO 9001:2000, which gives the requirements for a quality management system, is heavily based on these four principles. The other four principles are about “ people ” and contain phrases such as the following : • “ understanding…needs and expectations ”, • “ create and maintain the internal environment in which people can become fully involved ”, • “ people at all levels are the essence of an organization ”, • “ full involvement (of people) enables their abilities to be used for the organization’s benefit ” and • “ mutually beneficial relationship ”. ISO 9001:2000 standard does not develop these principles to any extent. However, experience shows that organizations that have addressed these “ people ” issues while developing their management system have usually implemented ISO 9001:2000 far more easily and effectively. Evidence Do people matter ? We instinctively know that we do matter, but the doubters still ask for evidence. Evidence of the benefits of people involvement comes from a wide range of sources. Waterstone Human Peter Merrill is leading the ISO/ TC 176 study group on the involvement of people in management systems. He is also a member of the TC 176 Chair’s Strategic Advisory Group with responsibility for Resource Management. President of Quest Management Services, Canada, he is a leading authority on management systems in North America and author of the book Do It Right the Second Time: Benchmarking Best Practices in the Quality Change Process (ISBN: 1563271753). E-mail pmerrill@ questmanagementservices.com Web www. questmanagementservices.com IMS – November-December 2005 17 © ISO Management Systems, www.iso.org/ims ISO INSIDER An American Society Quality survey on people equity in May 2005 2) shows conclusively that organizations with top leadership support, that possess a quality culture and that manage their people well score by far the highest marks for successful implementation of quality management. The ASQ survey authors conclude, “ The message is simple. If an organization is serious about quality, its efforts cannot be confined to a few people with formal quality responsibilities.” The University of Vigo in Spain conducted a study of ISO 9001 implementation 3) from a perspective of “ personnel participation ” and concluded that this participation was “ the key for quality system survival and improvement in the long term .” It also underlines the importance of “teamwork” in small to medium-sized companies. People involvement During the late 1980’s and 1990’s, Europe and North America developed national excellence awards based on the concepts of leadership setting People IMPROVEMENT A strong culture is defined as one which proactively responds to market conditions, cares equally about customers, shareholders and employees and which rewards people and behaviours that create useful change. direction and improvement, being driven by a balance of people and process improvement (see Figure 1). LEADERSHIP Capital in its 2005 study of corporate culture 1) shows that a strong culture correlates directly with financial performance. Processes Figure 1 – The typical national excellence award model. Interestingly, the United Kingdom, which supported ISO 9000:1987 (and before that BS 5750) aggressively through the 1980’s and early 1990’s, found a vacuum in the use of the standard and introduced the Investors in People (IIP) standard in the 1990’s to fill that gap. Over 30 000 organizations have now registered to the standard. Let us look briefly at the “ people ” content of IIP and the excellence awards, Baldrige (USA) and EFQM (Europe). aims and objectives. This is close to the text within paragraphs 5.4, Quality planning and 6.2, Human resources of ISO 9001:2000. IIP requires an organization to have a plan with clear aims and objectives which are understood by its people. The development of people must be in line with these aims and objectives. People also need to understand how they contribute to achieving 18 ISO Management Systems – March-April 2006 The USA pursued their own comprehensive Malcolm Baldrige National Award and “ morphed ” this into various state awards. The Baldrige Award includes “ soft skills ” components. A look at the Baldrige model (see Figure 2) quickly reveals the balance of “ people ” and “ process .” Baldridge addresses the people aspects more fully than ISO 9001:2000. The organization must be committed to the development of its people and managers need to support that development so that people improve their performance. IIP also identifies whether people believe their contribution to the organization is recognized. This thinking “ pushes the envelope ” compared to ISO 9001:2000. 1) 2005 Canadian Corporate Culture Study, by Waterstone Human Capital. E-mail culture@waterstonehc.com The organization then needs to improve in performance of its teams and individuals. People must also understand the impact of their development on the performance of the organization. Finally, the organization gets better at developing its people. This links very closely to Section 8, Measurement, analysis and improvement of ISO 9001:2000. 2) “ People Equity : The Hidden Driver of Quality ,” by Kostman and Scheimann, Quality Progress, May 2005. Web www.asq.org. 3) “ Quality Management and Personnel Participation, ” by Prado, Gonzales and Lorenzo ; University of Vigo, Spain, Human Factors and Ergonomics in Manufacturing, Vol. 14 (3) 2004. E-mail ajfdez@uvigo.es. Organizational profile : Investors in People IIP focuses very strongly on people involvement and has four sections: commitment, planning, action and evaluation. With some restructuring, the content can be aligned quite closely with the PlanDo-Check-Act Cycle of ISO 9001:2000. Baldrige Environment, relationships, and challenges 2 5 Strategic planning Human resource focus 7 Results 1 Leadership 3 6 Customer and market focus Process management 4 Measurement, analysis and knowledge management Figure 2 – The Malcolm Baldrige National Quality Award. © ISO Management Systems, www.iso.org/ims ISO INSIDER ENABLERS EFQM The European Quality Award, which is based on the EFQM Model, again reflects the balance of people and process (see Figure 3). The EFQM 2005 Recognition Book again shows how successful organizations emphasize people development and involvement, leadership, continual learning, and other people-oriented aspects. People in ISO and national standards The Canadian Standards Association has performed a survey of people-based standards. The data has been analyzed by Dr. Anne Wilcock, of the University of Guelph, and reveals a sharp increase in the issuing of people-related standards over the last five years. At the international level, ISO/ TC 176, which is the ISO technical committee responsible for the ISO 9000 family, has developed ISO 10002, which focuses on complaints handling at the customer interface, ISO 10019 on selecting consultants, and ISO 19011, which among other issues addresses auditor competency. These all have an impact on human issues inside and outside an organization. In addition, the excellent ISO 10015 addresses training from a system perspective. Many national standard bodies are addressing the people-processes gap in different ways. Australia has developed AS 5037 on knowledge management ; Sweden’s SS 624070 provides a framework for development of a compe- RESULTS People Leadership Policy and strategy The strategy for developing a “ people standard ” has been for the study group to take the “ people ” principles from ISO 9000:2000, quoted at the beginning of this article, and to use them as a base for further development. It is also using principles proposed by Japan as additional input. Peole results Processes Partnerships and resources Customer results Key performance results Society results INNOVATION AND LEARNING Many national standard bodies are addressing the people-processes gap Figure 3 – The EFQM Model used as the basis for the European Quality Award. tence management system, and Portugal has recently proposed a European Standard on human resources. Also at the international level, the International Atomic Energy Authority (IAEA), in its draft Standard DS 338 is including knowledge management content, recognizing that not all knowledge can be codified but must also be transferred between people as tacit knowledge. The industry sees this need with the pending retirement of many of its key people. Last but far from least, ISO’s key mission is to be the “leading value-adding platform and partner for...global and market relevant International Standards covering...management and organizational practices.” ISO/TC 176 clearly needs to address the “ people issues ” of quality management more effectively. As has been shown above, much attention to the people aspects is paid in national standards, in award schemes, and in several ISO standards. But the overall context is missing and the information remains scattered in “ islands ”. Therefore, ISO/TC 176 Subcommittee (SC) 3, Supporting technologies, resolved at its 2004 annual meeting in Kuala Lumpur to establish a study group to address the need, desirability and feasibility of guidance documents to help organizations to develop competencies and people aspects for quality management. ISO Guide 72, Guidelines for the justification and development of management system standards, will be used to establish the “ business case ”. People Aspects Study Group The People Aspects Study Group had its first meeting in Panama in October 2005. The group is composed of representatives from all regions of the world, and from both large and small and medium-sized enterprises, as well as from academia. ISO/TC 176/SC 3 has also invited ISO/TC 207, Environmental Management, and ISO/CASCO, Committee on conformity assessment, to join the study group. “ People aspects ” address issues such as change, teamwork, recognition, competence, communication and the learning organization and these are being examined to decide whether they should be within the scope of the future standard. Although the group’s early work has indicated value in a people standard, it plans to carry out a survey in each delegate’s country to identify more precisely the need and desirability for such a standard. It is also making an analysis of awards and standards already issued that appear to address people aspects. The group planned to examine the results of the survey and analysis at its next meeting in March 2006 in Delft, The Netherlands. The People Aspects Study Group will present its final report to ISO/TC 176/SC 3 plenary meeting in Busan, Korea, in November 2006. • ISO Management Systems – March-April 2006 19 © ISO Management Systems, www.iso.org/ims ISO INSIDER ISO prevents misuse of its name on Internet to the benefit of consumers by Roger Frost ISO has recently scored new successes in its fight to prevent its name being misused on the Internet to mislead people into buying products or services that they believe are endorsed by ISO. The Arbitration and Mediation Center of WIPO (World Intellectual Property Organization) ruled that the following Internet domain names, which had been registered by companies with no connection to ISO, be transferred to ISO : tem standards which at the end of 2004 were implemented by some 760 900 organizations in 154 countries The success of ISO’s standards has been accompanied by the growth of organizations offering related products and services such as certification of conformity, consultancy, training, publications and software. Vigorous The majority operates in a business-like manner without infringing ISO trademarks, but some make use of ISO’s name in a way that could confuse potential customers into believing that these organizations are part of ISO, or that they, their products or services are endorsed by ISO. This has led ISO to take even more vigorous action in recent • iso1stop.com, iso9000commerce.com, isoeasy.com, isoeasy.org, isoeasy.info, isonet.net and isotraining.net. WIPO upheld ISO’s contention that the inclusion of “ iso” in the domain names gave the misleading impression that the Web sites were sponsored by ISO, or affiliated to it. The WIPO arbitrators found that the domain names had been registered with a view to commercial gain by the registrants since Internet users could be attracted to the sites mistakenly believing them to be connected to ISO. ISO has published more than 16 000 International Standards including the ISO 9000 and ISO 14000 management sys- years to protect Internet users from making such abusive purchases and to pursue organizations refusing to comply with ISO’s policy on the use of its name and logo. José Checa, Legal Adviser at ISO Central Secretariat, commented : “ To date, ISO has successfully filed several cases with the WIPO Center, in addition to some court actions in several countries. These decisions have confirmed that ISO is a famous mark protected in most countries and that any unauthorized registration as an Internet domain name of the mark ISO – alone or in combination with other words – in the context of standardization and related activities should not be permitted.” Some make use of ISO’s name in a way that could confuse potential customers ISO’s policy on the use of its name and logo can be consulted on its Web site, along with guidelines on publicizing certification to its ISO 9001: 2000 and ISO 14001: 2004 standards. • José Checa, Legal Adviser at ISO Central Secretariat : ‘ Any unauthorized registration as an Internet domain name of the mark ISO – alone or in combination with other words – in the context of standardization and related activities should not be permitted.’ 20 ISO Management Systems – March-April 2006 © ISO Management Systems, www.iso.org/ims INTERNATIONAL Early adopters underline benefits of new ISO standard for safe food supply chains by Roger Frost Companies among the first in the world to implement ISO 22000 are underlining the benefits of the new International Standard for ensuring safe food supply chains. At least 50 countries look set to have adopted it within only six months of its publication. Early adopters of ISO 22000, the new International Standard on food safety management systems, have provided favourable comments and expressed positive reactions in response to an informal enquiry from ISO Central Secretariat to gauge the worldwide reaction to ISO 22000, which ISO published on 1 September 2005. Thirty-four countries around the world were already reporting various ISO 22000 deployment activities by the end of 2005, while the standard had also been published as a Euro- pean Standard, to be followed by adoption as a national standard by the 29 countries that are members of the European Committee for Standardization (CEN). This indicates that ISO 22000 will have been adopted by 50 ISO Management Systems – March-April 2006 21 © ISO Management Systems, www.iso.org/ims INTERNATIONAL countries or more – or be in the process of adoption – within six months of its publication. An edited selection of the replies follows with firstly, comments from companies that have already been certified to ISO 22000, and secondly a brief overview of worldwide developments. to guarantee the quality of the product – like those included in the seven Hazard Analysis and Critical Control Points (HACCP) principles. “ All these are simplified into one quality and safety management system that meets all the requirements of many customers, covering ISO 9001:2000, GMP, HACCP, BRC, IFS and similar frameworks. choice there is an organization working day after day to achieve one of the main objectives of our winery – continual improvment.” The voice of the ISO 22000 user ARGENTINA Bodega Familia Schroeder – vineyard and winery Silvina Sassin, Head of Quality Control : “ Implementing ISO 22000 in our organization means an advantage over other schemes as it offers management tools – like those offered by ISO 9001:2000 – but better adapted to the food industry. ISO 22000 also gives guidelines “ On top of this comes the added prestige brought by this certification to an ISO standard, and the considerable support we have received as a result amply justifies this recent venture. “ O uAn r ENEL g r e amedium t e s t svoltage atisfact i o noverhead s t e m s line. from the fact that behind the consumers’ 22 ISO Management Systems – March-April 2006 Hedelab – manufacturer of dietary supplements AUSTRALIA Vinpac International – wine bottling and packaging “ With the implementation of ISO 22000, we guarantee safe products and the effectiveness of the production process. It also allows us to improve the relationship with the international market in order to grow industrially and commercially. “We believe that the implementation of a food safety management system brings significant benefits. First of all, it gives our customers greater confidence when buying and drinking our wines. At the same time, it instills in all of us here at the firm a sense of satisfaction and ease of mind from the knowledge that what we are doing is being done well – and not only from the point of view of quality. Finally, doing things properly is beneficial to society in that it helps to preserve jobs in a healthy organization. BELGIUM Ben Bowering, Quality, Health, Safety and Environmental Manager : “ This standard has the potential to turn the onerous task of meeting multiple, often duplicated or even contradictory requirements from various different safety and quality guidelines into one meaningful system. “ I believe that in terms of its international recognition, its rigour and its capacity to improve safety along the entire food chain, the ISO 22000 standard is exactly that – something that will offer benefits for everyone concerned.” Implementing ISO 22000 means an advantage over other schemes Gilles Gernaey, Scientific Director : “ For us, the objective of ISO 22000 is to allow the harmonized implementation, no matter what the country or product concerned, of the HACCP method, recognized by experts as the best tool currently available for guaranteeing food safety for the consumer. ISO 22000 allows the harmonized implementation of the HACCP method “ Since the significant increase of various food safety crises, certain countries, as well as certain food industry groups and companies, have established their own safety standards, resulting in more than 2 0 c o e x i s t i n g s t a n d a r d s. Thanks to the international consensus which led to the development of ISO 22000, certification to this standard is destined to become the international benchmark for food quality.” © ISO Management Systems, www.iso.org/ims INTERNATIONAL DENMARK FINLAND Danisco Sugar – sugar factory of one of the world’s leading producers of ingredients for food and other consumer products Caternet – fresh food logistic services Henrik Solkær, Vice President responsible for sustainable development : “ As a manufacturer of food ingredients and feed, product safety has top priority and we find it natural that we’re front runners in this important area. We constantly strive to improve our safety efforts and we’ve long been awaiting a global standard covering both food and feed as an alternative to many industry standards. “ We have a strong focus on safety management and communication up through the supply chain – from suppliers to customers – to ensure the highest possible food and feed safety standard. The new ISO standard thus fits our approach perfectly. The ISO 22000 certification is an important milestone in our year-long effort, and we see it as a clear signal to the world of our stance on food and feed safety.” Michael Weckström, Managing Director (right), and Jaakko Repo, Quality Manager : “All our operations are now based on ISO 22000 and on the ISO 9001:2000 quality management standard. ISO 22000 is a useful additional tool to the quality management system that emphasizes the organization’s responsibility for food safety, increases the efficiency of our previous system and improves our working methods. “ It has already drawn interest among our customers. In the future, we see ISO 22000 as bringing credibility to the company image and improving our competitiveness.” lia Eau Ile-de-France/Centre produces and supplies drinking water. ISO 22000 provides an answer to its core concern : to control all sanitary hazards. Before starting our approach towards ISO 22000 certification, we had already introduced an HACCP system and an ISO 9001:2000-certified quality management system. “ Once it became available, ISO 22000 was able to merge seamlessly with the two existing systems. Today, ISO 22000 enables us to identify the risks associated with our activity, to foresee them and to more effectively contain any emergency that may occur. “ For a group like Veolia Eau, this certification means that we can guarantee the reliability of our organization, not only to our local customers – community groups, for instance – but also at international level.” PALESTINE Al-Haya Food Industries Co. – meat processing to prove that commitment to produce safe food and to comply with International Standards is not limited to big companies and has nothing to do with the location of the company. “We have managed to develop the ISO 22000:2005 system by building on our existing ISO 9001:2000 and HACCP system in a country with a destroyed economy and bad security situation. “ We believe that this new standard is very comprehensive, well established and very systematic. It has helped us in gathering all different systems and programmes under ‘one umbrella’ and achieving a focused approach to control the safety of our products. Certification to this standard is destined to become the international benchmark “ We now we feel much more confident in the products’ safety and we have achieved an excellent reputation in the country for being the first to adopt such a new standard. FRANCE Veolia Eau Ile-de-France/Centre – manager of public utilities involved in the production and supply of drinking water Gabrielle Coat – QualityEnvironment Manager : “ Veo- Nahed A. Sabri, Quality Assurance Manager : “ As a small meat processing company in Jerusalem, we have managed “We very much encourage food organizations to adopt such a comprehensive standard which will have a positive impact on the overall food safety status and company reputation – and we highly appreciate ISO for taking the initiative to develop this standard.” ISO Management Systems – March-April 2006 23 © ISO Management Systems, www.iso.org/ims INTERNATIONAL PORTUGAL M.A. Silva Cortiças Lda. – wine cork producer link in the food supply chain and to show the world the advantages of using a natural product to seal wine bottles.” SWITZERLAND UNITED KINGDOM Chocolats & Cacaos Favarger – chocolate manufacturer CROWN Speciality Packaging – manufacturer of decorative tinplate containers for food, promotional and pharmaceutical products SPAIN Angulas Aguinaga – manufacturer of food products based on fish and surimi Manuel Silva, President and Managing Director : “ M.A.Silva is a leading Portuguese cork producer whose mission is to produce reliable, high quality corks for bottles of fine wines created around the world. It was the first company in Portugual to be certified to ISO 22000:2005 “ As a global player, we welcome ISO 22000:2005 because we had felt the need to have a normative reference that could be recognized and accepted worldwide. Previously, our dilemma was deciding which of the existing local norms we should adopt to meet the demands of different markets on food safety. “ The beauty of ISO 22000 is that we did not need to overload our documentation system, indeed the standard’s integration with our quality management system certified to ISO 9001 for over 10 years was quite harmonious. “ This ISO 22000 certification is the perfect tool to offer our customers the guarantee that our natural corks are a strong Javier Cañada Millán, Director, Quality and R&D : “ In 2005, Angulas Aguinaga received the prize for innovation from the Ministry of Agriculture and Fisheries of the Spanish Government. “ The main reason why we implemented ISO 22000 is that it deals specifically with food safety and because it is a standard with international reach, developed by a scientifically based committee with broad experience in the field of food and public health. “ The deployment of this standard required us to strengthen our existing HACCP team, enabled us to develop a better structure and a better definition of our corporate quality policy in relation to food safety and, as a result of this implementation, we have been able to move forward significantly in the study of Critical Control Points (CCP).” 24 ISO Management Systems – March-April 2006 Philippe de Korodi, General Manager : “ Favarger recognizes that the quality and safety of its products are the condition for its long-term growth. Customers increasingly need ‘trust marks’ to make decisions in the face of complex choices. In addition to ISO 9001:2000, ISO 22000 brings the necessary focus on safety. Complying with International Standards is not limited to big companies “ The international and ‘neutral’ nature of ISO 22000 certification makes it an attractive and economically sound management target compared to other regional food safety standards. For an SME like Favarger, the cost and energy required to obtain an ISO 22000 certification cannot be taken for granted. However, the benefits far outweigh the investment.” James Barnett, Plant Manager : “ Crown Carlisle is very proud to have achieved another major milestone with the attainment of our ISO 22000 food safety management certification. This significant accomplishment underscores the company’s continued commitment to deliver best-in-class service and quality to our clients. “ Companies within our sector are increasingly recognizing the important role of accredited systems in order to protect consumers and enhance the manufacture of product to meet more demanding standards. The certification enables us to demonstrate the result of our activities to customers, suppliers and other interested organizations.” ISO 22000 will have been adopted by 50 countries or more © ISO Management Systems, www.iso.org/ims INTERNATIONAL UNITED KINGDOM The Wrigley Company – manufacturer of chewing and bubblegum, and confectionery “We have combined ISO 22000 with our own internal standards and this has not only provided a robust guideline for our food safety management system, but it has also allowed us to promote a culture of continual improvement in our manufacturing practices.” European Standard. According to CEN rules, this means that all CEN members (29 countries at present) have to adopt this standard as national standard within six months after its publication and withdraw any national standard which is contradictory with it. • The benefits far outweigh the investment ISO 22000 worldwide overview Alan Richards, Production Director : “ Food safety standards are of the highest priority for the Wrigley Company. We want to be 100 % confident at all times that we have the very best systems in place to ensure that nothing could leave our factory that could be harmful to the consumer. It integrates food safety management with our ISO 9001:2000 system “ After extensively reviewing existing standards and the new ISO 22000, we were convinced that this new standard would help us ‘ raise the bar ’ to an even higher level. The benefit of ISO 22000 is that it audits and verifies our food safety management system according to HACCP principles and that it integrates food safety management with our ISO 9001:2000 quality management system. By the end of 2005, activities at various stages related to the deployment of the standard were already being reported in 34 countries. These activities range from the translation and adoption of ISO 22000 as a national standard to the establishment of accreditation and certification systems, to promotion, training, implementation, certification, preparation for certification audits, or to waiting for certificates to be issued following successful audits. In response to the informal survey carried out by ISO Central Secretariat, one or several of such activities were reported to be in process in the following countries: Argentina, Australia, Belgium, Brazil, Canada, China, Cuba, Denmark, Estonia, Egypt, Finland, France, Hungary, India, Israel, Jordan, Latvia, Lithuania, Malaysia, Morocco, Palestine, Philippines, Portugal, Serbia and Montenegro, Singapore, Slovakia, Slovenia, South Africa, Spain, Thailand, Ukraine, United Arab Emirates, United Kingdom, USA. As ISO 22000:2005 was developed in cooperation with the CEN, it was also published as a ISO Management Systems – March-April 2006 25 © ISO Management Systems, www.iso.org/ims INTERNATIONAL ISO 9000 in China’s Great March to quality China’s dynamic economic growth is being driven by booming industrial production much of which is exported to the West. The Chinese Government’s early and forward-looking support for ISO 9000 has paid dividends in integrating Chinese companies with global supply chains. An example from the telecom sector is provided by Huawei Technologies which records rising customer satisfaction thanks to ISO 9001 implementation. by Wu Tian and Ming Yang As the largest developing country in the world, China plays a major role in the global economy. With growth far outstripping that of the leading Western nations, China has become, in effect, the world’s workshop. Therefore, it is more important than ever that Chinese business organizations operate in accor- 26 ISO Management Systems – March-April 2006 dance with International Standards such as ISO 9001:2000. The Chinese Government was an early supporter of ISO 9000 and has long encouraged Chinese organizations to implement quality management systems (QMS) in line with the ISO 9000 family of standards. It has established pro- Huawei Technologies Co. Ltd., a leading Chinese telecoms manufacturer, has seen customer satisfaction improve significantly since implementing ISO 9001. QMS policies, and introduced many quality-related actions, especially in helping organizations make the transition to ISO 9001:2000. © ISO Management Systems, www.iso.org/ims INTERNATIONAL Quality infrastructure In 1989, the China National Technical Committee on Quality Management and Quality Assurance (SAC/TC 151) was established by the national standards body, the China State Bureau of Technical Supervision (CSBTS) in order to create the necessary quality infrastructure. In April 2001, as part of the governmental reforms, the State Council of China decided to set up the General Administration of Quality Supervision, Inspection and Quarantine of the People’s Republic of Chi- nationonal standards body, along with the Certification and Accreditation Administration of the People’s Republic of China (CNCA), both answering to AQSIQ. SAC/TC 151 is the national “ mirror committee ” to ISO/ TC 176, Quality management and quality assurance, and its responsibility is to mobilize Chinese quality management experts in providing ISO 9001:2000-based QMS training and research to help local organizations. The standards making up the ISO 9000 series, first pub- first accreditation body, now known as the China National Accreditation Board for Certifiers (CNAB – www.cnab.org. cn), was also set up in 1992. An ISO 9001:2000 transition working group (WG) was established by SAC/TC 151 and CNAB in 1998. The WG comprised members from government, the accreditation and certification bodies, technical experts and business organizations. It selected ten representative certified organizations as pioneers in transitioning their QMS to ISO 9001:2000. Following this lead, the WG prepared the way for others to follow, based on the transition guidelines agreed by ISO and the International Accreditation Forum (IAF – www.iaf.nu), aided by research, study and discussion, document updating, and training of QMS auditors and company quality managers in ISO 9001:2000 requirements. In addition, articles and books, such as Implementing ISO 9001:2000 in the Manufacturing, Service, Software and Construction Sectors and Understanding and Applying ISO 9001:2000 were published to help organizations establish and maintain a QMS based on the International Standard. na (AQSIQ – www. aqsiq.cn) by merging CSBTS and the State Bureau of Import and Export Inspection and Quarantine (CIQSA). At the same time, the State Council established the Standardization Administration of the People’s Republic of China (www.sac.gov.cn) as the new lished in 1987, were adopted as China national standards in 1992. Subsequently, the 1994 and 2000 versions of the ISO 9000 were adopted in the same years. China’s first certification body was established in 1992 and the country’s first ISO 9001 certificate was issued that year. The Quality initiatives As a result of these initiatives, some 138 042 ISO 9001:2000 certificates had been awarded by Chinese certification bodies by 30 June 2005. Of these, the electrical and optical equipment sector was most strongly represented, followed by basic metals and fabricated metal products, construction, and machinery and equipment. Since China is a developing country, these sectors are considered as basic and fundamental industries that need rapid development before other associated sectors can develop in turn. Wu Tian (left) is Secretary of SAC/TC 151 (Chinese ‘ mirror committee ’ to ISO/TC 176). She has ten years’ experience as a certified QMS and EMS auditor, and currently works for the China National Institute of Standardization (CNIS). China National Institute of Standardization. (CNIS), 4 Zhichun Road, Haidian District, Beijing 100088, China. E-mail tianwu@cnis.gov.cn Web www.cnis.gov.cn Ming Yang (right) is Director of the Accreditation Management Division of the China National Accreditation Board for Certifiers (CNAB) and is a QMS, OHSMS (occupational health and safety management system), FSMS (food safety management system), TL 9000 (telecoms industryspecific QMS) and CMMI (capability maturity model integration) lead assessor. E-mail ym@cnab.org.cn Web www.cnab.org.cn ISO Management Systems – March-April 2006 27 © ISO Management Systems, www.iso.org/ims INTERNATIONAL Survey conducted by the 3rd party annually-Gallup and NFO (TNS) In that endeavour, both the Chinese Government and direct customers require these industries to demonstrate they can meet requirements by achieving ISO 9001:2000 certification. As the certification statistics indicate, these sectors have indeed been active in upgrading their quality management capabilities. The Chinese Government was an early supporter of ISO 9000 Manufacturing sector organizations play a key role in the development of the Chinese economy. By conforming to ISO 9001:2000, these manufacturers can demonstrate their ability to provide products that consistently meet customer needs and applicable regulatory requirements. Many now accept that the QMS approach and the concept of continual improvement can ensure conforming products and services, and enhance customer satisfaction. In particular, they recognize the Continual improvement of customer satisfaction 85 84 83,4 % 83 82 81 80 79,8 % 79,5 % 79 % 79 78 77 76 Figure 1 – Gallup/TNS survey of Huawei customer satisfaction 2001-2004 importance of good documentation and employee training in achieving these goals. Rural organizations have also made a great contribution to economic development and social stability in China. ISO 9001:2000 implementation can also help these township and village entities follow good QMS practice. Reaping the benefits Huawei Technologies Co. Ltd. is an excellent example of a company that embraced ISO 9001 and has reaped the benefits in improved customer satisfaction. A leading manufacturer of electrical and telecommunication equipment, Huawei employs 22 000 people and achieved 2004 revenues of CNY 46,2 billion (about USD 5,5 billion). The company has branches and research institutes throughout China, including Beijing, Shanghai and Nanjing, plus eight regional companies, 55 branches and technical service centres around the world. 28 ISO Management Systems – March-April 2006 Many international telecoms operators such as BT, Telephonic, FT, SingTel, AIS, MTN and Telemar use Huawei products in their networks. By conforming to ISO 9001:2000, manufacturers demonstrate their ability to provide products that consistently meet customer needs Huawei first implemented an ISO 9001-based QMS in 1993, and made the transition to ISO 9001:1994 in 1996, being awarded certification in China, USA and the United Kingdom. The company upgraded to ISO 9001:2000 and TL 9000 (the telecom sector-specific version) in 2002. Since customer focus is the core of its quality management policy, customer satisfaction is the key measurement of QMS improvement. To determine changes in this vital parameter, Huawei enlisted Gallup and Transaction Network Services, Inc. (TNS) to survey levels of customer satisfaction from 2001 2004 2003 2002 2001 to 2004. The findings indicate a steady improvement from 79 % to 83,4 % level of customer satisfaction over the period (see Figure 1). Future development Yet despite such successes, the ISO 9001:2000 implementation picture in China still has room for improvement. Statistical data from 2002 to 2005 shows that certification in the high risk nuclear fuel and pharmaceuticals sectors in China has been very slow. Huawei Technologies is an excellent example of a company that embraced ISO 9001 and has reaped the benefits This is also true of the recycling, electricity supply and gas supply industries, where sluggish development is reflected in little motivation to achieve ISO 9001:2000 certification. Nevertheless, this may well change since the dynamic overall growth of the Chinese economy is expected to positively impact all sectors in future. • © ISO Management Systems, www.iso.org/ims INTERNATIONAL ISO/TR 14062 gives Mercedes road map to designing environmentally friendly car The Mercedes Car Group has introduced the S-Class, a more environmentally friendly vehicle produced via a “ Design for Environment ” (DfE) programme using ISO/TR 14062 and other standards in the ISO 14000 family. An impressive list of features includes lower fuel consumption, reduced noise and noxious emissions, and an increase in components made from by Matthias Finkbeiner The author, Matthias Finkbeiner, is Manager-Design for Environment, DaimlerChrysler AG, Mercedes Car Group Development. DaimlerChrysler AG, Mercedes Car Group Development, HPC X602, D-71059 Sindelfingen, Germany. E-mail matthias.finkbeiner@ daimlerchrysler.com Web www.daimlerchrysler.com recycled plastics and renewable raw materials. Environmental protection is a fundamental corporate objective of the DaimlerChrysler Group, and an integral component of a business strategy geared to long-term value enhancement. Design for Environment (DfE) is one of the key elements in reaching this target. The DfE process at the Mercedes Car Group takes the entire product life cycle into account, from design through production and use, to recycling and disposal. DfE has been firmly established in the development process for Mercedes passenger cars since 1995. The new Mercedes S-Class, a more environmentally friendly vehicle produced via a ‘Design for Environment’ (DfE) programme using ISO/TR 14062 and other standards in the ISO 14000 family. A team of specialists from the fields of life cycle assessment, dismantling and recycling planning, materials and process engineering, as well ISO Management Systems – March-April 2006 29 © ISO Management Systems, www.iso.org/ims INTERNATIONAL as design and production, accompanies the development of each model right from the start, defines the ecological requirements and ensures that DfE principles are strictly adhered to. The aim is to make environmental compatibility both objectively measurable and perceptible to the customer. The new S-Class Embodied in DaimlerChrysler’s environmental protection guidelines is the principle that we develop highly environmentally responsible products – and that we inform the public about the company’s environmental protection activities. The new S-Class and the publication of a comprehensive 44-page brochure, Environmental Certificate Mercedes-Benz S-Class, are examples of how these guidelines are put into practice for the benefit of customers and shareholders as well as stakeholders inside and outside the company. Credibility and acceptance by different stakeholders were the main drivers to achieving compliance with the relevant environmental management standards of the ISO 14000 family. The main focus was the integration of environmental aspects into product design and development according to ISO/TR 14062:2002, Environmental management – Integrating environmental aspects into product design and development. DaimlerChrysler was actively involved in the development of this Technical Report, and the content was found useful in evaluating and improving the company’s DfE process. In addition to ISO/TR 14062, the international life cycle assessment standards – ISO 14040, ISO 14041, ISO 14042, ISO 14043 – and environmental labels and declarations standards ISO 14020 and ISO 14021, were considered as well. The DfE process at Mercedes takes the entire product life cycle into account The development process, the environment-related data and compliance with the relevant environmental management standards of the ISO 14000 family, as well as the contents of the related S-Class brochure, were reviewed and verified by independent specialists of the TÜV certification body (www.tuev-sued.de). Even though ISO/TR 14062 in particular is an ISO Technical Report which is not intended for certification purposes, the Mercedes Car Group decided to seek independent verification and certifica tion of the above elements of its S-Class programme. This additional effort was deliberately engaged upon because the independent “ third-party ” verification by TÜV was seen as providing confirmation of the reliability of the results affirmed, and therefore increasing acceptance and credibility. 30 ISO Management Systems – March-April 2006 ISO/TR 14062 and DfE at Mercedes Car Group ISO/TR 14062 was used to analyse the Mercedes DfE process by identifying gaps and potential for improvement. It addresses strategic, management and product considerations as well as the product design and development process as such. In this article, I provide examples of how these issues were implemented at the Mercedes Car Group. Strategic considerations cover, for example, organizational and product-related issues, and communication. One of the product-related issues is early integration, i.e. addressing the environmental aspects early in the design and development process. The Mercedes Car Group adheres to the notion that the sooner DfE is integrated into the development process, the greater the benefit will be in terms of minimizing environmental load and cost. This means “ building” environmental protection into the products from the very beginning, along with implementing environmental aspects and environmental targets in the development process. As part of management considerations, ISO/TR 14062 deals with the management role, proactive and multidisciplinary approaches, support from existing management systems to supply chain management. The multidisciplinary approach is a core element in the Mercedes development process. Indeed, the success of integrating environmental aspects into product design and development in an organization © ISO Management Systems, www.iso.org/ims INTERNATIONAL firmed by a critical review. These standards serve both as a useful guidance in conducting LCA as well as an important reference for the credibility of the results. Measuring environmental performance Measuring environmental performance at Mercedes follows a multi-criteria approach. Taking the S-Class as an example, the team of experts at the Mercedes-Benz Technology Center in Sindelfingen created a four-point plan with specific requirements : depends on the involvement of relevant disciplines and organizational functions such as design, engineering, marketing, environment, production, quality, purchasing and service delivery. Supply chain management is also an important element of the Mercedes DfE Process. For example, environmental issues like recycling concepts and collaboration in the field of life cycle assessment (LCA) are addressed in the purchase conditions. Section 7, Product considerations of ISO/TR 14062 addresses Product-related environmental aspects and impacts ; Early integration; Product life cycle ; Functionality ; Multi-criteria concept ; Trade-offs; Strategic product-related environmental objectives such as Conservation of resources, recycling and energy recovery ; Preven- tion of pollution, waste and other impacts, and finally Design approaches. At Mercedes Car Group, the product life cycle is addressed by performing LCA’s on the complete vehicle level as well as decisions between different concepts for individual parts. The calculation of the LCA for the new S-Class – from the production of materials and components to a service life of 300 000 kilometres and eventual disposal – took over 40 000 individual processes into consideration. The overall result includes a total of more than 200 “ input ” factors (resources) and around 300 “ output ” parameters (emissions). These LCA’s comply with the requirements of the life cycle assessment standards ISO 14040, ISO 14041, ISO 14042 and ISO 14043, as con- 1. Compliance with the European end-of-life vehicle directive must be assured by a recycling concept with high rates of re-use, observance of prohibited substances and optimization of the product concept with a view to recycling compliant design. 2. Greater use of recycled materials compared to the preceding model. 3. Components made from renewable materials must have a total weight of at least 23 kilograms. 4. All major environmental burdens which are caused during the lifecycle of the S-Class must be recorded in an LCA. Other goals such as achieving a reduction in fuel consumption or lowering exhaust and noise emissions were also defined in the book of development specifications. The final Section 8 of ISO/ TR 14062, Product design and development process contains a general model of how environmental aspects can be integrated into the different phases of the process from Planning ; Conceptual design ; Detailed design ; Testing/prototype; Production Market launch, to Product review. The aim is to make environmental compatibility both objectively measurable and perceptible to the customer In the early days of DfE implementation at companies, numerous concepts and tools were discussed, but real and systematic implementation as standard practice in the industry was rather limited for two key reasons : • There was a lack of tools for fast, reliable supply of appropriate data and information. • There was a lack of practical, efficient concepts for implementation into the organization’s development process. We found the solution to these issues at Mercedes-Benz by using the DfE concept to implement a procedure based on “simultaneous engineering ”. This comprised three main elements : 1. A methodological procedure, which allows integration of environmental targets and measures into the Mercedes-Benz Product Development System. This procedure defines interfaces with ISO Management Systems – March-April 2006 31 © ISO Management Systems, www.iso.org/ims INTERNATIONAL development phases and employs a formalized Plan, Do, Check, Act (PDCA) cycle. and functions, and teams with cross-sectional functions – quality management, project management, etc. from an environmental angle, checking on their accomplishment and, if necessary, initiating improvement measures. 2. Tools and databases to assist the DfE procedure in simulating and evaluating the environmental performance of future vehicles or parts. One of the cross-sectional teams was the DfE team, comprising experts from life cycle assessment, dismantling and recycling planning, materials and process engineering, as well as design and production. The integration of DfE in the process organization of the S-Class development project ensured that environmental aspects were taken into account at the earliest stage of development. Pertinent objectives were coordinated in good time and reviewed at the quality gates in the development process. 3. An organizational structure that formalizes the integration of DfE into the development process. The DfE process at Mercedes takes the entire product life cycle into account Tools and databases are continuously developed, maintained and optimized. Examples are tools for product modeling, recycling and dismantling modelling/ planning, database for restricted substances, material database and LCA software and database. Apart from the data, process integration plays the most important role. Each DfE team member is also the person responsible for all environmental issues and tasks on the respective development team. This guarantees complete integration of the DfE process in the vehicle development project. The member’s duties consist of defining objectives for individual vehicle modules Chart shows the materials composition of the new Mercedes S-Class — a mix of steel, iron, light alloys, recycled plastics, polymers and natural materials that has made the car lighter, more recyclable and environmentally friendly. The responsibility for improving environmental compatibility was an integral part of the organization of the SClass development project. The management of the overall project appointed people to manage development, production, procurement, sales and other functions. In addition, there are development teams, such as bodyshell, drive system, interior equipment, etc., that correspond to the key car subassemblies 32 ISO Management Systems – March-April 2006 From the interim results, the need for further action until the next quality gate was determined and implemented by collaboration among the development teams. The development process for the S-Class “ Design for Environment ” meets all ISO/ TR 14062 criteria for the inclusion of environmental aspects in product development. All the targets in the four-point plan and the specifications were met, and in addition, independent spe- cialists examined the environment-related data for the S-Class model and confirmed their accuracy. Product results : the real benchmark The process of integrating environmental aspects in product development is only effective if it leads to an improved product. Actual environmental improvements achieved on the product are the “ real ” benchmark of whether the DfE process is successful. As far as the new S-Class is concerned, the following results clearly confirm that this was achieved : • Th e n e w S 3 5 0 r e m a i n s more than 85 % below the current EU emission limits for nitrogen oxides, and around 75 % below for hydrocarbons. • The new six-cylinder saloon consumes about 9 % less fuel than the previous S 350. Driving noise has also been reduced by two decibels. © ISO Management Systems, www.iso.org/ims INTERNATIONAL • Due to its newly developed engine and the inclusion of a particulate filter as standard, the new S 320 CDI diesel model also produces fewer exhaust emissions than its predecessor. The emission levels are up to 90 % below those of the preceding model introduced in 1999. • The LCA confirmed an 85 gigajoules reduction in overall energy demand compared to the preceding model, corresponding to the energy content of approximately 2 500 litres of fuel. Over the life cycle, emissions of the carbon dioxide greenhouse gas have been reduced by 7 %, with a 14 % reduction in nitrogen oxide emissions compared to the previous S-Class. • The new S-Class not only meets the 85 % recycling rate effective in the EU from 2006, but will also comply with the 95 % overall recovery rate applicable from 2015. • A total of 45 components with an overall weight of around 21 kilograms are made from high quality recycled plastics. This represents a 4 % increase in the weight of approved recycled components compared with the previous model. • In the new S-Class, 27 components with a combined weight of around 43 kilograms are made from natural materials. Compared to the preceding model series, this is an increase of approximately 73 % in the total weight of components made from renewable raw materials. ISO/TR 14062 – a useful guideline Vehicles are complex products that interact with the environment in very complex ways. Therefore, simple solutions, (e.g. a focus on fuel economy or lightweighting), recycling or single material strategies only, are bound to fail. It is a prime task of DfE and LCA to take this fact into account and come up with more intelligent solutions. ISO/TR 14062 is a useful guideline to achieving intelligent, holistic solutions, and to providing a credible means of communicating the results. As described in the Environmental Certificate Mercedes-Benz S-Class brochure, the Mercedes Car Group comprehensively demonstrates the improvement in environmental compatibility achieved with the new SClass for the first time. This car sets new standards not only in engineering, innovation and driving pleasure, but its customers can also take satisfaction from lower fuel consumption and emissions, and a comprehensive recycling concept involving a higher percentage of renewable raw materials and high-grade secondary raw materials. All these factors combine to give the new S-Class a comprenensively improved environmental profile over its entire life cycle. • About ISO/TR 14062 ISO/TR 14062:2002, Environmental management – Integrating environmental aspects into product design and development, is an ISO Technical Report describing concepts and current practices, where “ product ” is understood to cover both goods and services. ISO/TR 14062 is applicable to the development of sector-specific documents, but is not applicable as a specification for certification and registration purposes. It is intended for use by all those involved in the design and development of products, regardless of organization type, size, location and complexity, and for all types of products whether new or modified. The Introduction to ISO/TR 14062, part of the ISO 14000 family of International Standards, states that all products “ have some impact on the environment, which may occur at any or all stages of the product’s life cycle : raw material acquisition, manufacture, distribution, use and disposal.” It reports that the interest of customers, users, developers and others in the environmental aspects and impacts of products is increasing. “ This interest is also reflected in the economics of various market sectors that are recognizing and taking advantage of new approaches to product design. Cost savings “ These new approaches may result in improved resource and process efficiencies, potential product differentiation, reduction in regulatory burden and potential liability, and cost savings. “ More organizations are coming to realize that there are substantial benefits in integrating environmental aspects into product design and development. Some of these benefits may include: lower costs, stimulation of innovation, new business opportunities, and improved product quality. “ Early identification and planning enables organizations to make effective decisions about environmental aspects that they control and to better understand how their decisions may affect environmental aspects controlled by others, i.e. at the raw material acquisition or end-of-life stages.” ISO/TR 14062:2002 is available in PDF and paper versions in English and French, cost 106 Swiss francs, from ISO national member institutes (listed with contact details on www.iso. org) and from ISO Central Secretariat (sales@iso.org). ISO Management Systems – March-April 2006 33 © ISO Management Systems, www.iso.org/ims INTERNATIONAL Breaking news – ISO 9001-based quality management for the media Two media quality management standards based on ISO 9001:2000 are now being rolled out by their first users in Belgium, France, India, Kenya, and Mexico. Developed outside the ISO system, they are now by Guillaume Chenevière being proposed to the organization. © TSR Guillaume Chenevière is Director of the Media and Society Foundation. The Switzerland-based Media and Society Foundation, a nonprofit gathering of prominent media professionals, in collaboration with International Standard and Accreditation Services (ISAS), a private standardization and accreditation company, has developed two media quality management standards based on ISO 9001:2000 – ISAS BC 9001 for broadcasters and Internet content 34 ISO Management Systems – January-February 2006 providers and P 9001 for the print press. They are now approaching ISO with a view to having the standards adopted as International Workshop Agreements 1). Media in crisis Why should the media industry, despite its traditional resistance to any form of external control, implement quality standards ? He also chairs the World Radio and Television Council, a worldwide civil society initiative for public service broadcasting. Born in Geneva in 1937, he was successively a sociologist (European Centre for Culture), a journalist (Tribune de Genève), an executive in the automobile industry (Chrysler) and a theatre director (Théâtre de Carouge). In 1975, he joined TSR, Télévision Suisse Romande, the French-speaking national television channel of Switzerland. He became controller of programmes of TSR in 1986, and director general from 1992 to 2001. He was executive director of the World Electronic Media Forum organized by UNDPI and EBU during the World Summit on the Information Society in 2003. E-mail guillaume@certimedia.org Web www.certimedia.org © ISO Management Systems, www.iso.org/ims INTERNATIONAL Thanks for the photos ! Today’s media are facing four major challenges : • dwindling credibility ; • manipulation and/or control by government and industry ; • strong economic pressures ; and a ISO Management Systems would like to thank our colleagues of Télévision Suisse Romande (TSR, television channel of the French-speaking region of Switzerland – www.tsr.ch) and NZZ (newspaper group based in Zurich, Switzerland – www.nzz.ch) for kindly supplying, respectively, the broadcast and print media photographs used to illustrate this article. • changed landscape due to the introduction of information and communication technologies (ICT’s). These four challenges are linked together in a vicious circle. The tendency for media owners to consider media as a business whose sole object is maximizing profits (or minimizing losses) contributes to lessening the trust of the general public and allows governments and industry leaders to feel justified in either policing or “ spinning ” (manipulating) the media to carry their messages across. 1) An International Workshop Agreement (IWA) is one of several types of deliverable offered by ISO for cases where swift development and publication of an international agreement take priority. This credibility gap is reinforced by economic pressures, generally perceived as threatening editorial quality. High quality media groups, such as the New York Times Co., have massively reduced their staff. Even the most profitable newspaper com- Pessimists predict that traditional media will become sheer entertainment providers, or even disappear altogether. Such a fate would be damaging not only to media itself, but to society as a whole. Media play a key societal role. Robert Phillis, chairman of the Guardian Media Group (www. gmgplc.co.uk), comments : © Anne Kearney © TSR The inclusion of these photographs does not imply a position by either TSR or NZZ with regard to the ISAS BC 9001 or P 9001 standards. The realization of such control or manipulation undermines further the public’s confidence and coupled with the proliferation of new information and entertainment sources on the Internet, mobile phones and other devices, the mainsteam media finds it extremely difficult to recover their former position. According to Pew Research 2005 (info@people-press.org), 45 % of US readers believe little or nothing in their daily newspapers, up from 16 % 20 years ago. In Switzerland, 77 % of voters mation according to individual needs and statistical data. 45 % of US readers believe little or nothing in their daily newspapers panies, such as Knight Ridder, with a profit margin close to 20 %, see their economic future in cost reductions. © NZZ feel manipulated by the media. In France, an analysis of voters’ motivations during the referendum on the European Constitution revealed the highest correlation to “ no ” voting as distrust of the media. The mushrooming of new media devices further threatens mainstream media. Today’s world media landscape is made of 7 000 metropolitan dailies, 21 000 television chains, 40 000 radio chains, 20 million blogs and 30 million iPods. Everything is becoming media ! According to media magnate Rupert Murdoch, young people want to control their media rather than being controlled by it. Exit media pundits – enter mechanical devices to produce infor- The credibility gap is reinforced by economic pressures “ Media occupies a unique position in supporting the democratic process by making information, knowledge, and a range of opinions openly available and ensuring that public and private institutions are accountable for their behaviour. This is social responsibility in its highest form .” Fortunately, it is not too late to take action and redress the situation, based on three considerations : ISO Management Systems – March-April 2006 35 © ISO Management Systems, www.iso.org/ims INTERNATIONAL 1. The right to information is being widely recognized as a basic human right. 2. Influential media are an indispensable tool to good governance. tions are catching up with the idea that editorially independent media are a major partner of governments in bringing about social change without violence. 3. Media professionals the world over share the same values. The mushrooming of new media devices further threatens mainstream media Civil society groups are calling for media to play fully their societal role in the globalized world by giving a voice to the voiceless, practicing cultural diversity, providing citizens with a global perspective, etc. Organizations such as OEKOM in Germany (www.oekom-research. de) are rating media Corporate Social Responsibility, giving low marks to major media organizations. Finally, there is the unanimous call of media professionals for quality. “ There has never been a more important moment for journalists to identify with quality, with standards and with sound ethical practices ”, says the International Federation of Journalists (www.ifj.org). Even advertisers express the wish that media carrying their advertisements regain societal influence. International institu- A grass-roots research on five continents, carried out by the World Radio and Television Council in 2002 (www.wrtvc.org), The Media and Society Foundation The Switzerland-based, non-profit Media and Society Foundation, a group of independent media professionals and experts, was founded in 2002 with the help of the Swiss Development and Cooperation Agency. Its sole purpose is to promote and implement worldwide quality management standards for the media industry. It is chaired by Antonio Riva, former Director General of the Swiss Broadcasting Corporation. Its Board members include : Thérèse Gastaut, former Chief of Information of the United Nations : Joelle Kuntz, lead writer of the Swiss daily newspaper Le Temps ; Henry J. Muller, former Chief Editor of Time magazine ; Gerald Sapey, Chairman of Reporters without Borders (Switzerland) ; Peter Studer, Chairman of the Swiss Press Council ; Henrikas Yushkiavitshus, adviser to the UNESCO Director-General, and many other prominent media personalities. Its collaborators include Alain Modoux, former Assistant Director General of UNESCO, Information and Communication, and Louis Balme, Vice-President of International Standardization and Accreditation Services. confirmed that media quality should be judged from the point of view of its contribution to social development and democracy. Identical evaluation criteria were identified by groups of media professionals, experts and users in Canada, Colombia, India, South Africa and Switzerland. Other international researches, such as a Commonwealth Broadcasting Association’s comparison of editorial charters in 17 countries (www.cba.org.uk), shows that there is little difference in editorial values between media even though there is a great difference between the societies they are serving. © TSR 36 ISO Management Systems – March-April 2006 © ISO Management Systems, www.iso.org/ims INTERNATIONAL QM for the media Against this background, the Media and Society Foundation, in cooperation with ISAS, has developed quality management (QM) standards, based on the ISO 9000 family, specifically for the media : ISAS P 9001 for the press and ISAS BC 9001 for broadcasters and Internet content providers. The standards are being deployed as part of a package that includes training, consul- tancy and certification (independently performed), that goes under the collective title of “ the Certimedia quality management system ”. Both standards include all ISO 9001:2000 requirements. Additional requirements, specific to the media industry, cover the following aspects : – ethics ; – quality of information ; – quality of content in general ; – transparence of management, – human resources ; – measurement of audience/ readership size and satisfaction ; – technical infrastructure ; – work organization ; – suppliers and subcontractors ; and, last but not least, – independence (relations with owners, the public, announcers, public as well as religious and military authorities, etc.). The Certimedia process ment, educational and other content ; – effective mechanisms for identifying and correcting errors ; – distinction between opinion and fact ; – responsiveness to feedb a c k f r o m r e a d e r s, l i s teners, viewers and other stakeholders ; – widely disseminated guidelines on ethics ; and – written procedures covering all identified risks. © NZZ The Media and Society Foundation oversees the Certimedia media quality management and certification process, involving four bodies totally independent from each other. Standardization Committee. This comprises media professionals and experts from all over the world, representing the main international media organizations. It is responsible for developing ISAS BC and P 9001 specific requirements which have been added to ISO 9001:2000 for media companies. Certification Body. This is Det Norkse Veritas (DNV), in Oslo, Norway – www.dnv.org), under a non-exclusive contract with the foundation. Standardization and Accreditation Body. International Standardization and Accreditation Services (ISAS – www.isas. org) is an independent, non-governmental body, with offices in Geneva, New York and Tokyo, which is under contract to the foundation to ensure that certification bodies and their auditors, as well as the standards themselves, fully comply with ISO standards for conformity assessment activities. Consulting network. Optimedia, led by a quality management and training company, Challenge Optimum S.A. (Geneva, Switzerland – www.optimum.ch), is under exclusive contract to the foundation. Challenge Optimum trains local consultants in helping media organizations to establish their quality management system and prepare the certification process. It has a partnership agreement with IMCA, International Media Consultants Associates (Paris, London, and Berlin). Media organizations that want to implement the standards prove their commitment to integrity, fairness, and accuracy of information – which are primary ingredients of media quality. Some media requirements are specific to either press or broadcasting, but they are mostly identical, and both standards are reviewed by the same Standardization Committee. They must demonstrate that they are editorially independent and transparent with regard to ownership and other connections that can influence content. Their internal culture and processes should include : Internet portals of traditional media organizations are obviously expected to apply the same professional standards as their mainstream vehicles, but ISAS BC or P 9001 can also be adopted by independent Internet content providers, including bloggers, who want to demonstrate their commitment to quality requirements. – a clear mission and editorial viewpoint within the company ; – an emphasis on reporting facts accurately and providing quality in entertain- As the public encounters an ever-greater flow of data, ISO Management Systems – March-April 2006 37 © ISO Management Systems, www.iso.org/ims INTERNATIONAL information and opinions, it has more need – not less – for quality sources it can trust, be they on traditional or new media forms and devices. Influential media are an indispensable tool to good governance The Certimedia quality management system benefits media professionals, owners and managers as well as the general public and all concerned stakeholders. Although each group of beneficiaries has a different outlook, the Certimedia benefits are based on three global objectives : • trust between the media and all concerned stakeholders ; • continual media improvement ; and • quality reconciled with economic requirements. the media professional standards and by acting as a shield against interference in editorial matters. Entering a continual selfimprovement process also benefits all stakeholders. It increases staff motivation and satisfaction, it stimulates readers, listeners and viewers, and offers management an efficient tool to make their organization more efficient and competitive. An important asset of the Certimedia quality management system is that it ensures at the same time better management, cost reductions, etc. and new quality procedures satisfying journalists and other media professionals. This is an indispensable tool to reconcile economic and quality requirements. Benefits of the standards will be seen differently in various parts of the world. In countries where the democratic transition is not complete, media will be The Standardization Committee The ISAS BC 9001 and P 9001 Standardization Committee, chaired by the Canadian Pierre Caillibot, former chairman of the ISO/TC 176 technical committee, responsible for the ISO 9000 family, gathers media professionals and experts from around the whole world, representing the leading international media organizations. It includes the following : Slovenia’s Boris Bergant, VicePresident of the European Broadcasting Union (EBU) ; Thailand’s Kavi Chongkittavorn, Chairman of South East Asian Press Alliance (SEAPA) ; Belgium’s Mia Doornaert, former president of the International Federation of Journalists (IFJ), Kenya’s Wilfred Kiboro, Chairman of the International Press Institute (IPI) ; Peru’s Alejandro Miro Quesada, Chairman of the Inter American Press Association (IAPA) ; Brazil’s Jayme Sirotsky, former chairman of the World Association of Newspapers (WAN), as well as many other prominent personalities of the media and academic world. interested in a tool supporting clearer relations with authorities and relying on professional values shared worldwide by the industry. In industrial democracies, the accent will be put on restoring a balance between quality procedures and bottom-line considerations. Stakeholder benefits Overcoming the media credibility gap is of obvious advantage to the general public, by making it easier to recognize those newspapers, radios, televisions and Internet sites they can trust. For media managers and professionals, it is the way to regain a high level of societal influence. With regard to the problematic relations between media and public authorities, adopting a universally recognized standard, annually submitted to an independent, neutral, external audit, works both by reassuring political authorities on 38 ISO Management Systems – March-April 2006 © NZZ © ISO Management Systems, www.iso.org/ims INTERNATIONAL The word “ standard ” tends to frighten the practitioners of an industry which is ferociously resistant to any form of outside interference, but adopting the standards is a voluntary process, which does not imply any self-limitation. The standards’ requirements are professional values universally recognized by the industry itself and the way to meet them is left entirely to each media organization to define. of Mexico ; Prasar Bharati, India’s national state broadcaster ; VRT, Belgium’s Flemish-speaking public broadcaster ; The Nation media group of Kenya ; RTV Slovenia ; and RTM radio news of Malaysia. Internews Russia, in a programme supported by the European Union, is using the Certimedia quality management system to train Russian media professionals. At a point when media badly needs to repair its image in society, there is hope for a universal quality standard to be adopted worldwide by all “ good ISAS BC and P 9001 to contribute significantly to better governance within both media itself and society as a whole © TSR The only “ catch ” is that media organizations have to spell out their policies and accept that a neutral, external body controls that they are actually doing what they say they are doing. If this is the price to pay for restoring media integrity and commitment to quality, professionals will go for it. ISAS BC and P 9001 do not evaluate content, only organization. We cannot certify that specific information is true or entertainment is good – but we can certify that the information or entertainment has been produced by a company which respects universally recognized professional standards and ethical values. We are not going to look over journalists’ shoulders to check what they are writing. We are going to make sure that proper training is available to them and that quality issues are reg- © TSR ularly discussed, in a transparent manner based on a clear charter, during editorial meetings. Ask any professional journalist and you will see whether this makes sense or not. First users Among the first media organizations to tackle the Certimedia quality management process are the following : Canal 11, the education TV channel guys and gals ” in the industry and for ISAS BC and P 9001 to contribute significantly to better governance within both media itself and society as a whole. • ISO Management Systems – March-April 2006 39 © ISO Management Systems, www.iso.org/ims INTERNATIONAL POM or BOM ? The best way to implement ISO 14001 What’s the best modus operandi for an ISO 14001:2004-based environmental management system ? It depends on your organization’s life cycle, say the authors. They propose a flexible, quick reaction Performance-Oriented Model (POM) if you are still in the start-up phase, or the more demanding Balance-Oriented Model (BOM), for a more established entity. by Jingui Zhong and Dan li Xi Jingui Zhong (left) is a doctoral student at DongHua University studying integrated management systems and works as a freelance QS-9000 auditor. He is an experienced quality and environmental management system consultant and has audited some 500 companies on their ISO 9001:2000 and QS-9000:1998 conformity. Co-author Professor Dan li Xi (right) is a China Education Administration-qualified Ph. D student teacher and has worked in the field of environmental science for almost 30 years. He is also an accredited EMS auditor specialized in clean manufacture and EMS and QMS integration, and author of papers on environment and sustainable development. Tel. + 86 21 6252 9049. Fax + 86 21 6211 4571. E-mail zhongjingui@encourage. net.cn Shanghai, China, home of Dong Hua University, and to authors Jingui Zhong and Dan li Xi. 40 ISO Management Systems – March-April 2006 The latest version of the environmental management systems (EMS) standard – ISO 14001:2004 – promotes the process approach, documentation and the Plan-Do-Check-Act (PDCA) methodology. However, a modus operandi – operating method – is necessary to integrate these different disciplines into each EMS process, to guarantee effectiveness and efficiency. In our view, organizations should adopt a modus operandi to combine PDCA and documentation requirements as a means of balancing the focus on operation, advanced planning and results, to manage each specific EMS process. We call this the Balance-Oriented Model (BOM) — see the green route in Figure 1. Balance-Oriented Model (BOM) By following the green BOM route, you can plan the input requirements from stakeholders in a professional way and convert these into detailed testing and process control requirements. The process outputs can be monitored and recorded for © ISO Management Systems, www.iso.org/ims INTERNATIONAL further analysis. Advance Product Quality Planning (APQP) is a typical BOM practice. Following PDCA methodology allows you to identify changing requirements at an early stage and continuously improve process output to satisfy the stakeholders concerned. Documentation, which clearly defines the inputs and outputs of the process, serves to limit any EMS variation, thus maintaining Documentation serves to limit any EMS variation, thus maintaining system stability system stability. In turn, systematic record generation enables organizations to analyze previous process performance. BOM is an ideal modus operandi for EMS process management, although it can consume more system resources in terms of both quality and Figure 1 – The organizational modi operandi. • Stakeholder requirements, • Management system requirements • (ISO 14001:2004) Plan • lessons Planning records • experience Input • competitive information • design target • product characteristic Do • who • when Check • competitive information • design target • by what • process requirements • how • work flow chart • product characteristic • lessons Act • experience Output Implementation records Recording measurement and corrective actions • competitive information • design target • product characteristic Manufacturing products in an environmentally friendly way is a comparatively new concept Performance-Oriented Model (POM) • process performance • experience BOM is therefore characterized by stable and documented processes, intensified results analysis, high system resources consumption and inflexibility – and as such is particularly suited to helping the more experienced and wealthy organizations maintain their processes. Implementation Process • where • lessons quantity. Successful advanced planning needs highly qualified personnel, and better process control, data collection and analysis equipment is a must if the PDCA phases are to be carried out effectively. Stakeholder satisfaction Performance–Oriented Model Balanced-Oriented Model Another modus operandi often exists within ISO 14001-certified organizations, which operates directly through the processes without making much effort to complete the PDCA cycle or relevant records systems. This focuses on process yield. It is clearly different from BOM, and we call it the Performance-Oriented Model (POM) — see the orange route in Figure 1. POM is characterized by looser process control, quick reaction, an incomplete and unstable PDCA cycle, few or no records, lower system resources consumption and more flexibility. Less developed organizations often use this model during IMS – March-April 2006 41 © ISO Management Systems, www.iso.org/ims INTERNATIONAL Note : the answers in black type denote disadvantages POM BOM Partially Yes No Yes Partially Yes Can it limit variation in the process and its outputs ? No Yes Does it help the organization accumulate experience on identifying EMS aspects and on impact control ? Yes Partially Does it require more people to maintain the documented EMS and records completion for subsequent data analysis ? No Yes Does it require more experienced people to control the product and process planning ? No Yes Does it have substantial requirements for testing and manufacturing equipment ? No Yes Does it rely mainly on the organization’s knowledge and experience ? Yes Yes Does it help record generation ? No Yes Does it demand that requirements from interested parties remain stable ? No Yes Does it offer the organization enough flexibility to accommodate changes ? Yes No Shorter Longer Yes Yes Does the modus operandi comply with PDCA methodology ? Does it enhance advanced product quality planning ? Has the PDCA process been documented ? Reaction time Does it promote continual improvement ? Table 1 – POM and BOM – similarities and differences. their learning curve, although some environmental impacts may be ignored or controlled in an ineffective way. The similarities and differences between POM and BOM are summarized in Table 1. BOM, POM – or both ? Manufacturing products in an environmentally friendly way is a comparatively new concept. The adoption of POM and BOM represents different stages of development in an EMScertified organization. In the beginning, provision of system resources and knowledge of environmental impact control 42 ISO Management Systems – March-April 2006 are limited. Practice and quick reactions are the priority targets. The organization thus needs a more flexible modus operandi to deal with EMS issues. We suggest that POM should play a leading role at this stage. However, as the organization evolves it can call on greater system resources and environmental know-how, enabling it to manage these resources in a more optimized way and address previously ignored environmental issues. Obviously, BOM can now take effect. Because of the ever-changing requirements of interested parties, this first adoption of BOM is likely to reach a plateau, inducing the organization to enter the next POM cycle. By © ISO Management Systems, www.iso.org/ims INTERNATIONAL BOM extends in many directions but consumes more system resources and is slower to react to changes. More flexible POM focuses its limited system resources on the top priorities Gateway to the Old Town of Shanghai. alternating between POM and BOM, organizational performance is continuously improved rather like rolling a wheel up a slope (see Figure 2). This, of course, is a requirement of ISO 14001:2004. From chrysalis to butterfly The modi operandi we refer to here are like the controls of a car, combining complex requirements into each EMS process. but may overlook some broader interests. It is a modus operandi for learning and experiencing early achievement. • They guarantee EMS effectiveness. The organization experiences the change from chrysalis to butterfly en route to meeting ever-changing customer requirements while achieving sustainable development. The driving force behind this change is the alternation between POM and BOM. Both modules have their pro’s and con’s. BOM represents the ideal modus operandi for running an established organization, while POM is a reasonable choice for the start-up phase. Old and modern Shanghai rub shoulders and operate in different ways, rather like the BOM and POM methods of EMS implementation. Equipment Continual improvement Knowledge POM BOM Management resources Change in stakeholder requirements Process at higher level Process Figure 2 – Alternating the modi operandi. ISO Management Systems – March-April 2006 43 © ISO Management Systems, www.iso.org/ims STANDARDS FOR SERVICES Israeli innovations include standards for telephone billing and for mass events Innovatory service standards developed by the Standards Institution of Israel (SII – www.sii.org.il) include ones to make telephone billing transparent and to ensure the safety of mass public events such as concerts. This overview also looks at the positive results achieved by local authorities from implementing ISO 9001:2000. Until recently, it was clear that a product is a pre-defined object that can therefore be standardized before delivery to the customer. In addition, the more control systems are applied to the product before it is delivered to the customer, the better the product will be. by Vered Oren Vered Oren is Spokesperson and Head of Public Relations of the Standards Institution of Israel (SII). E-mail vered@sii.org.il Web www.sii.org.il This led to a situation where if the customer is consulted, his or her needs can be ascertained and incorporated during the design process. Manufacturing by modern means, including process control, achieves a perfected product that meets the needs of the customer and reaches him or her on time. Even if a product is defective or breaks, it is always possible to return or repair it. In marketing terms, a product is anything that can be offered to a market to satisfy a tangible want or need. Services are a different matter altogether. According to one definition, they consist of “the activities provided by a person or company to another person or company that are intangible 44 ISO Management Systems – March-April 2006 Orange has introduced more customer friendly bills to comply with the new Israel Standard 5262 – Truth in Billing and Proper Disclosure in Telephone Statements. and do not relate to a physical product . . . services have several defining characteristics that distinguish them from products : intangibility, the buyer cannot see the service before it is rendered…” (The Marketing Glossary, ISBN 0971943427, by Mark N. Clemente). Service is essentially the processes of manufacturing and sales combined. It is performed immediately – on the spot : If it is poorly provided, one can only apologize and provide it anew. Take, for example, telephone service or a restaurant. If the customer receives discourteous treatment, it is likely the customer will seek another provider. It may be impossible to correct the damage immediately. In recent years, the world has seen major changes. The rapid pace of life has blurred the distinction between products and services. Today, a service must be seen as a product that is manufactured via special processes – processes whose result, because it cannot be physically examined, needs to incorporate much better manufacturing controls. A service is innately characterized by the impossibility of testing it before delivery and so service providers must be well trained and solutions created that guarantee successful service. What happens when a product and a service come together? If in the past we made do with standards for products, today © ISO Management Systems, www.iso.org/ims STANDARDS FOR SERVICES we more and more need standards for services. If for example we make a visit to an amusement park, we will meet up with a carousel, a Ferris wheel and other rides (to which product standards apply). Yet the credit card purchase of entry tickets through the Internet also exposes us to standards of service. Recent years have made us regard service processes as a product in itself. The emphasis has moved from the product to the service, and the competition is for better service. Many countries, including Israel, have begun shifting in recent years from manufacturing to services. Israel, a small and young country, has a modern and developed economy, but has few natural resources. As in other Western countries, much local manufacturing has been replaced by cheap imports from the Far East, leading to significant growth among Israeli organizations that provide services. Telephone billing At the beginning of December 2005, customers of Orange, one of the large Israeli cellular telephone service providers, received a letter with their monthly statement. The letter, entitled “ Explanation of Customer Statement,” described to customers that the monthly statement would now be clearer, easier to read and more customer friendly. It stated : “As an additional step in our daily efforts to improve the products and services we offer to you and to make them more efficient, we have made changes in the monthly state- ment to better reflect your needs while maintaining simplicity and clarity.” This appeal to cellular customers followed a new requirement – effective as of January 2006 – of the Israeli Ministry of Communications. It requires all communications providers to meet the requirements of the new Israel Standard 5262 – Truth in Billing and Proper Disclosure in Telephone Statements. The new standard sets a benchmark for preparing telephone statements that detail products and services which the communications companies provide. This benchmark ensures that full, accurate and truthful information will be provided on telephone statements. This information will help customers understand all details and data on the statements they receive in order to make informed decisions about their consumption of communication services. The new standard guarantees that customer statements will apply the following principles : • Clarity – the statement will be formatted so that every section will be understood by the customer. • Transparency – The statement will be detailed and will include all information relevant to each section. • Accuracy and reliability – The statement will be accurate and without errors, and will be based on measuring, monitoring and recording systems that are highly accurate and reliable. The standard also provides guidelines for contents : • The statement will include the customer’s identifying details, the name of the product being charged, consumption quantity, rate, cost of service, and details of service broken down into its components. • The back of the statement will clearly note the address and telephone number of the company’s customer service department and all other means of communications, including Internet site and e-mail address, through which it is possible to gain further details about the statement. Mass events Another standard, now in its final pre-publication stages, is a standard for mass events. In the summer of 1995, an annual rock music festival took place in Arad, in southern Israel. Thousands of youths arrived in Arad wanting to see and listen to Israel’s best rock music groups. After all the tickets had been sold, the festival’s organizers permitted hundreds of additional youths to enter the very crowded festival grounds. The emphasis has moved from the product to the service In a random Internet search I undertook a few weeks ago, I discovered a number of Israeli companies that specialize in checking the accuracy of telephone bills. The companies offered their services primarily to large and medium-sized businesses that have many telephone lines. These service providers contact the larger companies, offering to help them understand their telephone statements which in the past they have paid without having been able to verify that they had in fact consumed the telephone companies’ services in the quantities for which they had been charged. The new Israel Standard for telephone billing is expected to significantly improve the awareness of the consumption of the services of Israel’s telecommunications companies. The city of Ra’anana achieved certification to both ISO 9001:2000 and ISO 14001 as part of its efforts to improve services to its residents. Here, Ziva Patir, (left) Director General of the Standards Institution of Israel (SII), presents the ISO 14001 certificate to the municipality. When the dust settled, three youths had paid with their lives and tens of others had been injured. The festival will forever be ingrained in the memories of anybody who was involved in the event as a tragedy that could have been averted had there been standards for mass events. The new standard, SI 5688, Safety at Mass Events, defines detailed requirements. The standard is ISO Management Systems – March-April 2006 45 © ISO Management Systems, www.iso.org/ims STANDARDS FOR SERVICES aimed both at the event manager and at those with other roles and relates to matters of health and safety responsibility at events. It has three levels : detailed aspects are the following : Upper level • safety of electrical installations, This includes a system to manage event safety based on an existing standard (SI 18001 – Occupational Health and Safety Management Systems Specification) adapted to the special characteristics of onetime events. Among its detailed aspects are the following : • setting of an event’s capacity, • full registration of all sites at which mass events are held, • setting the event’s limits in terms of place and time, and expected number of participants, • examination of the existence and validity of required permits according to laws and regulations (police, firefighters and others), • official designation of those people tasked with safety matters, such as first aid providers, • checking of dangerous elements such as buried pipes, • a survey of hazards at the site, • emergency situation plans, • post-event improvement processes, and more. Middle layer This includes details of all relevant, specific safety aspects for mass events, and of the existing laws, regulations, standards and requirements with respect to each of them. Among its • fire hazards and prevention of conflagrations, • erection of stages and fences, • lighting, fireworks, projection screens, emergency exits and more. Lower level This calls up all standards for every relevant and specific aspect of safety for mass events. The standard is meant to serve organizations interested in staging mass events by eliminating nonessential risks and by reducing to the lowest degree possible all remaining dangers to which people taking part in the event, or who are in its vicinity, are exposed. These include direct participants, viewers, contractors, service providers and their employees, and passersby. In order to present a complete framework that includes all aspects of mass event safety, an appendix to the standard contains recommendations for other areas of mass event safety, including requirements for fire safety, requirements for food safety, and law enforcement requirements for crowd safety. Quality management and services Until about a decade ago, when we reviewed the mix of organizations certified by SII as meeting the ISO 9000 standards for quality management systems, we found that most of our customers were from 46 ISO Management Systems – March-April 2006 industry and manufacturing. Today, some 60 % of our ISO 9001:2000 certifications are service providers. Service organizations have undergone a real revolution in the last few years and their number continues to grow. If we take, for example, the cellular telephone company we discussed earlier and check its Internet site, we will see a real change. A few years ago, we would have seen on the site’s home page photos of products such as telephones, while today we see the company’s declaration of the great importance it places on quality. In a quick search of the site, we discovered that the company has in recent years – 2002, 2003 and 2004 – won first place in the competition for customer service held by the Israel Institute of Management. Furthermore, in 2004 the company also won the prize for quality in industry. The company is deservedly proud of its achievements in the field of service. ISO 9001 and local government One of the striking examples of improvement in service as a result of applying quality management standards can be seen among Israel’s local authorities – the urban, town and regional councils that run local affairs throughout the country. A citizen dissatisfied with the service he or she receives from the local authority cannot choose another service as the local authority has no compe- tition. All the citizen can do is move to another area. Israel’s local authorities are not obliged to be certified to quality management system standards such as ISO 9001:2000. However, these local authorities saw the benefit of quality management standards in providing a benchmark by which to measure customer service improvements. Today, they operate as a “ business ” in all respects, continually improving their systems and processes. Ra’anana, just north of Tel Aviv, is a small Israeli city that underwent a real revolution in the provision of services to its residents. The city is today certified to ISO 14001 and ISO 9001:2000. What motivates a city to adopt these standards ? Ra’anana’s mayor wants to be chosen over and over again in the municipal elections and he wants to show that he is doing something to warrant the support of the electors. Therefore, it is particularly noteworthy, that in the last round of Israeli municipal elections, all mayors and heads of local councils certified to ISO 9001:2000 were re-elected. Is there a connection ? It seems there is. A few years ago, Israel decided to compensate mayors who succeeded in managing their cities in a quality manner and who also managed well the public funds entrusted to them. This year, Ra’anana won a large cash prize. There are those who attribute this to the city’s adoption of ISO 9001:2000. © ISO Management Systems, www.iso.org/ims STANDARDS FOR SERVICES Transparency One of the striking features that comes to the forefront when local authorities adopt quality standards is transparency. Public bodies must work hard to define and characterize processes and to make them available to residents – so that residents have the tools by which to measure the authority. Ra’anana, for example, permits its residents to measure it on every subject dealt with by its call center : How often is trash collected ? How quickly does the city attend to a dead animal in the street once it has been alerted ? How quickly does it change a spent bulb in the city street lighting ? When are tree prunings removed? Quality management systems in the local authorities permit the local council to examine recurring faults. If, for example, a street light’s bulb was changed on a given day, and after a few days the light is again not working, an analysis can be made to ascertain the nature of the problem. A publicly available report is prepared for every fault. Satisfaction surveys are undertaken regularly among residents, constituting a wonderful benchmark for dealing with complaints. In our technological age, municipal authorities have many opportunities to shorten bureaucratic processes. For example, at many authorities today it is Officials of South Sharon Regional Council, which implements ISO 9001:2000 in all its management processes, receive an award for excellence in managing public funds. possible to register children for school, to pay municipal taxes and enjoy other services through the Internet. Preventive actions Mosquitoes are a difficult problem during Israel’s long summer. Responsibility for their extermination lies with the local authorities. If in the past the authority acted every time it received a complaint from residents about mosquitoes in a certain area, today the authority systematically exterminate mosquitoes in those same areas before the residents call to complain. These preventive actions are one of the most important aspects incorporated into municipalities’ quality management standards. Security of residents has also been upgraded with the adoption of quality management standards. The city examines and documents break-ins in the municipality. As a result, the city augments its security patrols in exactly those areas and times to reduce their occurrence. Another example is seen in playground equipment. An Israeli Standard defines all child safety concerns with respect to playground equipment and to children using the playground. Local authorities must map all playgrounds and their equipment and prepare a service plan for them. Some municipalities appeal to their residents and say: “Our annual budget is X and the projects that we suggest for the coming year are Y. Please provide your opinion on the projects and rank them according to their importance to you.” A special example in the municipal sector is the South Sharon Regional Council. A regional council represents a number of types of settlement unique to Israel, which in the South Sharon jurisdiction include the semi-collective kibbutz, the moshav – a type of cooperative rural village, and the yishuv kehilati, a type of “ community settlement.” The South Sharon Regional Council, attempting to find a common reference framework for dealing with all these types of settlement, all of which require the same municipal services, chose to adopt management processes conforming to ISO 9001:2000. Through these processes, the council succeeded in achieving a high level of management of the services it provides to its various customers. For example, with the adoption of the standard, the council discovered that each of the types of settlement within its jurisdiction had a different kind of street lighting. Older street lighting required more frequent bulb changing while bulbs in the newer types lasted much longer. It also became clear that bulbs for the older systems cost quite a bit more than bulbs for the newer systems. This may sound like like a trivial matter, but is actually very relevant for a council that represents 32 separate communities. Certification of processes The Standards Institution of Israel has developed a number of certifications based on ISO Guide 67, Conformity assessment – fundamentals of product certification, for processes that are essentially services. For example, Israel has a hot climate and a great number of its citizens have air conditioning. Over the years, the number of complaints about noise from air conditioners and about defective operation due to their improper installation has risen substantially. Accordingly, Israel Standard 994 for the installation of air conditioners was prepared and through it SII certifies air conditioning installers. A similar system is used with respect to sealing of roofs. Leaking roofs are a common problem during Israel’s winters because most roofs in the country are flat. SII certifies contractors who specialize in sealing flat roofs per Israel Standard 1752. By engaging approved contractors to perform this kind of work, the Israeli consumer receives the best possible service. Similar certifications exist in the areas of maintenance of fire detection and extinguishing systems, authorization for the installation of vehicle protection systems and more. • ISO Management Systems – March-April 2006 47 © ISO Management Systems, www.iso.org/ims NEXT ISSUE SPECIAL REPORT VIEWPOINT Innovation and standardization ISO President, Professor Masami Tanaka, writes : “ Many a flash of inspiration, many a hot, new idea, when examined in the cold light of dawn is found to face serious practical barriers to their implementation.” ISO’s speciality, he continues, is developing standards that provide the link between creative ideas and practical implementation as manufacturable and marketable products. Consumers surveyed on attitudes towards ISO 9000 Wouldn’t it be useful for companies that invest in ISO 9001:2000 implementation and certification to have some hard data on whether this led to a return in the form of an improved perception on the part of consumers of their organization, its products and services ? Obviously, the answer is “ yes ! ” It’s therefore curious to note that while many surveys on the impacts and benefits of the ISO 9000 standards have been carried out, most have dealt with business-to-business issues. ISO Management Systems helps set the balance straight by report- 48 ISO Management Systems – March-April 2006 ISO 22000 from intent to implementation ISO 22000:2005 is the first management system standard on food safety to go beyond the recommendations put forward in 1993 by the Codex Ali- mentarius Commission. Inevitably, the arrival of this brand new standard with its updated approach is accompanied by issues of interpretation and how to meet its requirements. of the feedback already gathered from users and gives some pointers to tackling the issues they raise. STANDARDS FOR SERVICES Focus on Germany How broad is the gap between the intent of the standard and its implementation by users ? An expert who took part in the design and development of ISO 22000 gives a preliminary overview INTERNATIONAL ing on a survey to uncover awareness of and attitudes to ISO 9000 – on the part of the consumer. World’s biggest oil company uses ISO 9001:2000 in giant SAP roll-out The SAP Computer Center’s Training & Change Management Department of Saudi Aramco, the world’s largest oil company, has turned to ISO 9001:2000 to provide a backbone for the deployment of a massive SAP enterprise resource planning programme that has already seen SAP training for 144 609 individuals since 2000 ! State-of-the-art quality management of each SAP implementation is essential because SAP solutions are expected to be operating within the company for the next 20 to 30 years and are therefore critical to Saudi Aramco’s strategic business objectives. Trade and ISO 14001 diffusion International trade can help spread progressive environmental practices, such as those specified in ISO 14001, if countries’ major export markets have adopted this voluntary standard. This is good news for the environment because developed countries, which absorb most of world’s exports, also have high levels of ISO 14001 adoption among their firms. Probably, you’ve heard the expression, “ One good idea can change your life ! ” Definitely, one good ISO standard could change your business – for the better ISO has more than 16 000 great standards for you to choose from ! Fight fires before they break out. ISO/IEC 27001:2005. The systematic approach to managing information security. People. Processes. Information Technology. Available from ISO national member institutes (listed with contact www.iso.org and from the ISO Central details on the ISO Web site : www.iso.org) Secretariat Web store at www.iso.org or by e-mail at sales@iso.org sales@iso.org.