Quality Management Articles - Quality Matters Blog

Watch this Space ...... ISO 9004:2009

2009-11-25T10:21:00.002Z

The ISO 9000 Quality Management series of Standards, although revised together in 2000 now have different revision dates.

Currently :

ISO9000 Vocabulary and Fundamentals re-issued in 2005
ISO9001 Quality Management Standard Requirements re-issued in 2008
ISO9004 Guidelines for quality improvement is still at the original 2000 issue

That is about to change as 9004 is reaching the final stages before publication at the end of 2009. In addition to the re issue it has changed fundamentally; it will be called ISO9004:2009 - Managing for the sustained success of an organisation - A Quality Management Approach, and has a different structure to 9001.

Both ISO9001 and 9004 were originally designed as a consistent pair of standards, but this link has now been broken with 9004 using the principle that retaining ISO9001 certification might need additional elements to be introduced to maintain the continual improvements needed for growth and success.

However, it should be remembered that 9001 is the Standard for certification and 9004 will never be assessed and certificated.

The new 9004 (subject of course to and final changes) will have the following main sections:

Managing for the sustained success of an organization
Strategy for policy formulation, planning and development
Resource management
Process management
Monitoring, measurement, analysis and review
Improvement, innovation, and learning

Quality Matters Ltd

2009-11-10T06:45:00.001Z

Quality Matters was formed in 1991 and has been providing consultancy services in ISO9001 (Quality Management), ISO14001 Environmental Management), and ISO27001 (Information Security Management as well as BS OHSAS 18001 (Health & Safety Management) as well as other less well known management standards The company is proud to say that ALL the Quality Matters Clients' going forward for Certification to these standards passed the formal assessment, and at the first attempt. This 100% result is jealously guarded.

In addition to consultancy, Quality Matters runs a twice yearly public Internal quality/environmental audit course. A bespoke audit course is also available to Clients wishing to have a course on their own premises.

Eighteen years in business and still going strong; If you ask some of our hundreds of Clients they will tell you that our service is excellent (according to our customer satisfaction feedback) and they would recommend our service to others. In fact many have done so.

In order to provide this level of service we undertake regular training to keep abreast of the changes that take place. We carry full Professional Indemnity Insurance as well as the Statutory Insurances to protect our Clients.

Chris Eden is a Fellow of the Institute of Business Consulting and was a former Treasurer of the Institute of Business Advisers in the East of England before it merged with the Institute of Management Consultants to become the Institute of Business Consulting.

As an aside Chris is an ab initio (Latin: from the beginning) glider pilot, as regular blog readers will know.

Quality Matters has been our byword since 1991 and we strive to achieve this in all that we do.

Quality Manual

2009-10-28T11:19:00.001Z

I am often asked about quality manuals and what they should contain. The ISO9001 Standard states that the quality manual should have as a minimum:

The scope of the quality management system, including details of and justification for any exclusions;
The documented procedures established for the quality management system, or reference to them:

Document control;
Control of records;
Internal Audit;
Control of non-conforming product;
Corrective Action;
Preventive Action.

A description of the interaction between processes of the quality management system.

This meets the requirements of ISO 9001 but would have little benefit to the company. It would get the badge on the wall but little else.

I was once asked to produce a quality manual on a single sheet, and I did so, although it was A3 on two sides. The company took my advice and produced a number of work processes to back this up.

The largest quality manual I ever saw was in seventeen lever arch files and was so comprehensive that it even included instruction on how to make tea. It was never used as a serious document and was almost impossible to keep up to date. It was also so specific that it set the user up to fail if he used his left hand rather than his right.

Fortunately we no longer produce documentation by weight.

A modern manual contains the mandatory scope, six procedures, a description of the interaction of the processes, a number of work processes and an index of current forms. This along with records would not only meet the requirements of 9001 but would also be a valuable tool for the company.

My view is that the manual should be as comprehensive as needed but not overly complicated. It should be suitable for the company and not imposed by a consultant. It should be designed to be used and not just stored for use during assessment. And finally it should work for the company and not make the company work for it.

Protect your Computer Systems

2009-10-15T10:14:00.001+01:00

Apparently there is a new and disastrous Trojan waiting to damage our systems. This one is called ZEUS and it waits patiently on our systems for us to enter bank details and then exports these to a collection website for use by the crooks.

It is further worrying that some antivirus programmes have failed to detect this Trojan.
A survey suggests that some:

30% of those systems infected did not run any type of antivirus system at all;
14% had antivirus but it was out of date;
And the remaining 56% did have up to date antivirus but it failed to detect the virus.

One way to defeat this type of Trojan is to rotate passwords regularly and also to run an additional antivirus check periodically. Monitor your bank accounts and watch for any unusual activity. Report any unusual occurrences straight away. The Banks will refund any transaction where you have taken all reasonable precautions but have still been defrauded.

Now that the recession has reached the bottom, crooks are trying a number of new ways to get their hands on our hard earned money. Don’t let them get away with it for lack of care on our part. Put aside some time each week to carry out a review of both security and how we all conduct our transactions and vary the time and method to ensure routine is not detected.

Health and Safety - Gliding

2009-10-03T11:04:00.001+01:00

Readers of this blog will know that I took up gliding in May this year and I have notched up over 40 flights on my way to being allowed to fly solo.

It is fair to say that I may have been a bit optimistic in thinking that I would have mastered all the skills by the end of the summer, but I have improved greatly (according to my instructor).

One particular high point occurred last Friday when I made a perfect landing. On returning to the launch point two of my fellow pilots said "that was a really good landing", praise indeed. I was keen to do it again to prove that it wasn't a fluke and my next landing, although not as good, was acceptable.

I freely admit that landing has been the most difficult of all the tasks and one that I have had to work really hard, and continue to do so to get right. I am still hoping to go solo but before the year end.

Flying a glider is a bit like carrying out a risk assessment:

Is the wind in the right direction and is it gusting?
Do I feel fit to fly?
Has the glider been inspected before flight?
Have I carried out the proper pre-flight checks?
Are there any hazards?
Have I been briefed by my instructor for the flight?

If any of these are negative then I will not fly. My usual instructor is also the Safety Officer for the Club and he has taught me to be very safety aware.

If I kill myself while flying, it is highly likely that he will be killed as well, as he is sitting behind me. (Something he tells me he is keen to avoid). Even an accident means lots of paperwork and the psychological impact both of us could be severe.

I remember that in my Royal Air Force days one fighter squadron had a chipmunk trainer for fun. Some pilots used to think of it as a toy plane. In the cockpit there was a sign that said "All aeroplanes bite fools. There are old pilots and bold pilots but very, very few old bold pilots".

I will remember that.

How Gliding has changed my view of Management Standards.

2009-09-14T13:09:00.002+01:00

Regular readers of this blog will know that I recently started instruction to be a glider pilot.

Things have moved on nicely and the very patient instructors at the Essex and Suffolk Gliding Club have given me both the confidence to continue with the more difficult parts and to show me how not to make the same errors again. I am full of praise for them as they witness some of my worst transgressions with not even the hint of panic. One instructor mentioned that a little more speed during one of my landings would be good as he didn't want to die; he said it in such a quiet measured tone. If that had been me I would probably have raised my voice.

There have been other instances early on, where I failed to lower the nose of the glider when the cable released resulting in the onset of a stall but the Instructor simple said "push the stick forward a little".

I have been allowed to carry out the entire winch launch, fly straight and level on a heading, turn and detect and prevent stalls and finally the hardest part, landing but under supervision and with assistance at the moment. There are other skills I have learned such as ground handling.

I really enjoy the freedom of flying and if I have planned to go to the airfield and a Client suddenly books my services for that day, I must admit to being a little disappointed. But hey, work pays for all of it so I shouldn't complain.

The reason I mention all these things is that gliding is a transfer of knowledge from the Instructors to me and allowing me to make mistakes without criticism; offering help in correcting my errors. This is exactly the same method we employ in the transfer of knowledge about ISO9001 or 14001 to our Clients. It wasn't until a week ago that I realised just how similar these tasks were.

Naturally gliding has the potential to be far more dangerous, if things go really awry, but if our Management Systems knowledge transfer goes really wrong it could damage the Client's business.

In these tough financial times our Clients' need that competitive edge provided by Management Standards and the extra efficiency that can be realised. Once this recession is over these Clients will reap the benefits and I hope by then that I will be allowed to go Solo in a Glider.

Christmas Cards

2009-08-21T08:03:00.002+01:00

It must be mid-summer as I have now received three Christmas card catalogues. I have also been notified that I must book a Christmas party to ensure that there will be space available.

Along with these I have been told that I have won a European Lottery; I have been specially selected to allow a huge sum of money to be paid into my bank account from a disinherited person in Nigeria and of course offered the usual medicaments. While sorting the good emails from the bad is time-consuming, I am constantly reminded that vigilance is needed to stop the bad guys affecting this company.

Our weekly checks include a full virus and malware sweep, a look at the firewall logs to identify any threats and the mandatory password review and change.

I haven't been compromised, or I think I haven't, but even the cleverest of people get hacked or compromised so I never relax.

What I am saying is do not drop your guard for a moment otherwise the company Christmas cards may not be needed.

For those who have returned from holiday I would suggest a thorough check of your systems and those about to go on holiday make sure your systems are ready and able to defend your data while you are away. Finally those who are staying at work, like me, remain vigilant, put the Christmas Card catalogues to one side and get on with it.

Training is key to German Success - ISO9001

2009-07-21T07:00:00.001+01:00

We have Clients in Germany and whenever I carry out audits for them or on their behalf at their suppliers, I am inevitably pleased to see how much more training is provided to workers than a similar company in the UK.

It seems that all workers receive a good level of product knowledge as well as quality and environmental awareness. Where hazardous goods are concerned the level of training is excellent. I also saw that a greater number of first aiders are trained.

There is of course always a downside, and on this occasion I did see a bottle in an eyewash station dated May 2006. The people in the department obviously ignored it but I firmly believe that the eyewash could have caused just as much damage to a person's eye as the chemicals they were trying to dilute.

I don't think that it would have been used as they also had a powerful water eye wash unit powered from the mains water, but the fact that it was there in the first place gives cause for concern. The bottle was consigned to the rubbish bin so no harm was done.

It was probably fortuitous that I carried out a vendor audit when I did rather than wait for a health inspector or even worse, an accident.

Rolls Royce cars are now produced by BMW and I am sure that training has played a big part in the success of German industry and although they are suffering in this recession they will come out of it strong and skilled.

The Environmental Management Standard ISO14001 - Emergency Preparedness and Response

2009-07-06T10:07:00.002+01:00

One of the requirements of the Environmental Standard ISO14001:2004 is that any organisation putting this standard into operation will have a plan to deal with emergency situations and accidents.

The plan sets out the identification of potential environmental impacts and the routine to be performed in the event of an accident or incident to:

Respond to the accident or incident;
Prevent or reduce injury;
Protect or reduce the impact on adjacent businesses, contractor's personnel and people living/working in the vicinity of the company;
Prevent or reduce environmental damage;

The plan aims at prevention and therefore all measures are taken to eliminate or reduce the potential causes of accidents and emergencies.

It is common practice to make a copy of the plan available to the emergency services and a copy kept offsite to ensure that timely action can be taken to mitigate any accident and coordinate a response to the incident.

The organisation should also test the plan to make sure that in an emergency the plan would work. Many organisations that do not practice the actions needed will find that the first major incident that happens for real will identify significant failures in the plan.

Testing should ensure that:

Everyone knows what to do
There is less duplication of effort
The organisation can prevent injury and reduce or prevent pollution
Get the organisation up and running as soon as possible.

The better prepared you are, the better you will deal with an incident

Quality, Environment and Health & Safety in Gliding

2009-06-22T11:02:00.002+01:00

I recently joined a gliding club and with any luck, I should be solo by the end of the summer.

I couldn't help but notice a great deal of the standards (ISO9001, ISO14001 & ISO18001) apply in this discipline as well as in the workplace.

Quality (ISO9001) if you apply best practice and continual improvement then the gliding experience is good, but if the processes are badly applied it results in additional costs (more lessons) and poor customer satisfaction (particularly from other members of the gliding club). I have heard things like "that was a crap landing".

Environmental (ISO14001) A Clean glider performs much better than one covered in squashed insects and good cleaning means that the canopy is clear and not smeared. Environmentally friendly chemicals protect the fabric of the glider and its occupants.

Health and Safety (ISO18001) When I joined the club, a seasoned member mentioned that there were bold glider pilots and old glider pilots but there were no old bold glider pilots. Health and safety practices are essential to allow full enjoyment of this sport without additional risks. The same instructor mentioned that it was probably more dangerous driving to the club than it was flying as all good pilots (and trainees) follow a strict set of rules.

I thought a hobby like this would get me away from work but the principles I use and teach are very evident in this area.

My wife said that I shouldn't take any risks and in that I agree. Common sense and safe flying will be my by-words.

ISO9001 Terms and Conditions of Payment

2009-06-08T09:48:00.001+01:00

The current situation where banks and financial institutions are not lending to industry is causing serious damage to our economy. It has become clear that companies are delaying bill payment until the last possible moment and in turn this is causing cash flow shortages not seen even in the 80's recession.

The inevitable result is that organisations at the end of the purchase chain are being starved of cash and in some cases this cash-flow shortfall is putting viable companies out of business. I have noticed that some companies are unable to accept new orders because they do not have the cash to purchase raw material to service the orders.

The vast amount of cash advanced to the banking industry was designed to allow them to restart lending to industry; instead the banks used this cash to shore up their balance sheets instead of being made available to lend.

We are told that the borrowing by the Government will take up to twenty years to pay back. The pay-back time may be considerably longer if our mainstay industries are no longer there.

Companies that have ISO9001 in place are better placed to weather the downturn as they have a solid set of terms and conditions which include payment terms.
Remember those who shout loudest and have good control of their sales ledgers will the first to be paid; this may be the difference between survival and insolvency.

Data back-up for computer systems

2009-05-20T09:41:00.000+01:00

Like many businesses our computer system is backed up. This ensures that we able to restore vital information in the event of a computer failure or other problem which disables or destroys our servers or desktop/laptops.

We have always backed up regularly and then taken a copy of the back-up off site for security of data. Recently the system proved fallible because one person thought another person had done the back-up and to cut a long story short, no one had done it. Our business was at risk because we only had a week old copy off site. Fortunately nothing happened.

I decided that we couldn't rely on luck and next time we might not be so lucky.
My new bank, Barclays, was offering an automated back-up system, where the entire server was backed up and then an incremental back-up is taken daily and automatically; this means that all our data is available to restore and there is no element of human interaction required.

Is the data secure? Yes, it is encrypted to the same level as credit cards, 128-bit SSL encryption on transfers, 256-bit AES encryption on storage. It is mirrored to another data-centre for additional security.

No one else can access our data, not even the data-centre so we know that it meets our strict data requirements. It is also available to restore, if or when, we need it.

The first data save did take rather a long time, overnight in fact, but the incremental back-up is quick as it only saves changed files.
Is this expensive? No surprisingly it isn't and if or when we really need to restore data in an emergency it will be worth every penny.

Business Continuity - Illness

2009-05-05T10:29:00.002+01:00

The news that swine flu has crossed borders and is affecting an increasing number of countries is most unwelcome.

Organisations that have installed the management standard ISO14001 will have an Emergency Preparedness plan and those that have ISO27001 installed will have a Business Continuity plan in place to mitigate and offset the effects of an outbreak of illness within their companies. The threat of a pandemic could mean that staff are absent from work and those unaffected by the outbreak may not want to go into work just in case they catch the same illness.

The fear of catching the virus may mean that absence from work may be greater than it would be normally. The effects on a company with no advance plan in place may mean that the company is unprepared and may not actually survive the outbreak.

The economic downturn coupled with the pandemic may be the last straw for the unprepared organisation.

UPS - Uninterruptable Power Supply

2009-04-20T09:30:00.002+01:00

What is a UPS?

A UPS is a device connected between then mains electricity supply and your Computer Server or PC. It has two main functions:

It filters the mains supply to remove spikes which can cause failures; these spikes can be a thousand volts or more and last for a brief time; it is during this spike time that real damage can be caused to electronic components.
It takes over the supply of mains in the event that the mains electricity fails or worse goes into a state known as a brown out; this is where the supply falls to an unacceptably low level; it is during this time that disks can crash and data in memory is lost or corrupted.

Recently we suffered a momentary power failure at the building where my office is located. I heard a groan of complaint from other people in the building as their computers stopped working and any work was lost.

All my office equipment is connected to a UPS so all we could hear was the bleep, bleep of the warning signal telling us that the UPS was working correctly. We know that once this signal starts we have 10 minutes of usable time before then system batteries are exhausted. This allows time to complete the piece of work being carried out and shut the system sown in an orderly manner.

Are these UPS devices expensive? No, a couple of hundred pounds. Worth every penny when I hear the bleep, bleep, bleep.

April Fool's Joke?

2009-03-30T08:49:00.002+01:00

There has been a certain amount of publicity recently about the CONFICKER super worm which has infected hospitals, Royal Navy warships, industry and the latest news from a leaked memo says that our Parliament has also been infected.

The conficker worm spreads through several update mechanisms, a well-known Windows vulnerability and tainted USB drives being just two. Once it secures a foothold on an infected network, the worm can spread widely across network shares by exploiting weak password security, a major factor in its high prevalence within corporate systems.

Researchers have reverse engineered the worm and it is apparent that an event is targeted for April 1st (April Fools day) and while most April Fool's jokes are harmless this one may not be.

Conficker has been polling 250 different domain names every day to download and run an update program. On April 1st, the latest version of Conficker will start to poll 500 out of 50,000 domains a day to do the same thing. What effect that will have is at present unknown.

How can you protect your systems from the Conficker worm? This can be achieved through good security practices, including those defined in ISO27001:2005, The information Security Standard.

If you are worried about your systems and suspect that yours are infected there are a number of good detection tools available.

One indication that you may be infected is the inability to connect to various security web-sites, Conficker prevents your system gaining access.

We employ several layers of protection, including McAfee anti virus, anti spam/malware and email filtering so I was not unduly worried, but we did run a scan of all our systems just to be on the safe side.

We ran http://support.f-secure.com/enu/home/onlineservices/fsec/fsec.shtml, which is a free scan and this confirmed we were conficker free.

Don't be caught out and be an April Fool

It Isn't rocket science!

2009-03-17T16:10:00.004Z

I visit a fair number of businesses each year and I am often surprised by the real lack of security for computer systems. Many businesses either don't know about security or think that a security incident won't affect them.

Here are 10 basic security precautions for Windows machines :

Always set the option to force a user to press CTL-ALT-DEL before logging on
Passwords should be at least six characters long and contain letters and numbers
Don't use your name, your partners name or the name of a pet as a password
Don't write the password on a post-it note and stick it to the screen or under the keyboard
Passwords should be changed regularly
Don't share your password with anyone
Use ant-ivirus software and keep it up to date
Use an anti-spyware programme regularly
Turn on the inbuilt firewall (Windows XP and later machines)
When leaving the desktop or laptop unattended, lock the system by pressing the windows button and L

Simple steps can save real problems

Disability Discrimination Act

2009-03-04T20:21:00.003Z

A little while ago I was called by a man who claimed that he was having difficulty accessing my website and on further investigation it turned out that he was visually impaired. Apparently, and I must admit I was totally unaware of this requirement, all web-sites which offer goods or services to then public must take into account that some people wishing to access these sites may have disabilities.

I discussed this with Debbie Harrison of DVH Design, who looks after my website, and she has done a great deal of research and is in the process of upgrading my website to comply with this requirement.

Some people have difficulty reading the standard font used on sites and it should be possible for a user to select an enlarged font or a greatly enlarged font. In addition I understand that some users find difficulty reading black on a light background so the user should be able to select a different colour background.

The other requirement is for the user to be able to use a keyboard instead of a mouse.

I ran an internal quality auditing course some years ago where three partially sighted men from Action for Blind People, attended. They requested that I provide the written material for them in 36 point Times Roman instead of 12 point as had been the case for other delegates. This was easily provided and all three delegates not only passed then course but said that they had really enjoyed the two day.

It is a pity that those of us who have no such disabilities do not automatically think of those less fortunate and make then necessary adjustments need to allow easy access to our material.

I am certainly no expert but if you need any help with this may I suggest that you contact Debbie at DVH Design

Data Protection

2009-02-11T09:51:00.001Z

Following hard on the heels of the loss of 25 million child benefit records the Government agency, HMRC is to introduce some strict measures to prevent this type of loss in future; some would say this is shutting the stable door but better late than never is what I say.

The new measures put data protection firmly on the map for Government, no longer can they simply download data onto a DVD and put it in the post; measures actually prevent this taking place; equally the ubiquitous memory stick is barred.

Government is catching up quickly on the rest of us who had these sort of preventive measures in place already and were speechless when then loss occurred. It was even more surprising that the first batch of disks went missing and a second and third set were sent before someone owned up to it.

It is interesting to note that the revised ISO9001:2008 now mentions the protection of both intellectual property and personal data under the clause 7.5.4 Customer property. It is an indication of just how important this type of data protection is and how we should all treat it.

The Data Protection act covers personal data for living people only; it does not cover company data, unless this data applies to a person within that company.

Revealing person data in contravention of the act makes the person releasing then data personally liable. They cannot claim vicarious liability (putting the blame onto the company). If the data commissioner prosecutes it can be very serious, with custodial sentences for serious breaches.

Efficiency and the Credit Crunch

2009-01-28T21:57:00.004Z

You probably think that these two items, efficiency and credit crunch have little in common, but you would be wrong. Any downturn in the economy will put some businesses over the edge into insolvency but a sound business can, with some help, often capitalise on the opportunities available.
Here are a few ways to increase efficiency as well as saving money:

Look at your expenditure on energy - you have been meaning to replace those tungsten light bulbs with the more efficient energy saving bulbs - do it now;
Look at windows and doors - is there a draught coming through? - buy some draught excluders and you will save on heating;
Get people to dress for winter - summer clothes are for summer;
Get people to boil only enough water for hot drinks to serve immediate needs;
Check the office thermostat - one degree down will save a considerable amount of money without freezing everyone;
Look at your energy supplier - can you get a better deal?
If you use a company car or your own car to visit customers, plan your route to minimise the distance and combine visits if possible;

There are other ways to increase efficiency:

These include working from home if possible, video conferencing instead of face to face meetings and better planning of schedules.

If cash-flow is a problem and your Bank won't help then ask your suppliers if you can extend your credit terms.

Order only what you need, buffer stocks are costly in terms of space used and cash tied up.
And finally get someone who is not involved in your business to review your systems. A consultant may cost you a few hundred pounds but may identify improvements that will help you through then tough times. Remember a good consultant will be able to advise you on best practice and will be up to date with the latest technology and methods.

ISO9001, the Quality Standard can guide you to accepted best practice

ISO14001, the Environmental Standard can help you reduce pollution and save energy.

There are many more efficiency savings but using just these few can have a significant effect on your business.

Happy New Year

2009-01-04T10:23:00.002Z

We, at Quality Matters Limited, wish our readers a very happy and prosperous New Year.

For those seeking methods to secure a successful future we are pleased to give an outline of the most common standards in use today:

ISO9001:2008 The most recognisable standard. This is a Quality Management Standard and addresses best practice for all processes within a business, be it small, medium or large. This is often an entry point to many tenders. Without 9001 you may not get past the starting gate;

ISO14001:2004 The Environmental Management Standard. This standard is used to show that you are protecting the environment, as well as saving money, by using practices that ensure your aspects (anything that interacts with the environment) are as kind to the planet as possible. You should be able to demonstrate that you take care not to pollute and use energy as efficiently as possible. This is often the second entry point to tenders and contracts that specify environmental protection as a requirement;

ISO27001:2005 The Information Security Management Standard. This standard is fast becoming the standard that companies are seeking. Those holding data or information that requires protection can show that the systems in place can ensure data is confidential, integrity is protected and available to authorised users;

BSOHSAS 18001:2007 The Occupational Health and Safety Standard. This standard will provide the evidence that Health and Safety procedures are established and operated to ensure staff are protected from potential accidents and are fully engaged in this process.

There are other standards that apply to specific areas:

Food Safety (ISO22000)
IT Service Management (ISO20000)
BRC (British Retail Consortium Standard)
BBA ( British Board of Agreement Product Standard)

It is important that these standards are tested on a regular basis for continued suitability and conformance. This requires Internal Audit to be carried out.

Quality Matters is able to provide Professional Internal Auditor Training at an acceptable cost to allow your staff to carry out this function. See our Website for our next course venue and date.

These standards will prove that you are ahead of the competition and are following Industry best practice.

Security and the Credit Crunch

2008-12-23T21:22:00.002Z

The credit crunch has made the criminal fraternity even more determined to separate us from our hard earned cash.

Some of the latest scams are cleverer than ever; take the email currently doing the rounds, it says the most destructive virus ever is coming so email this warning to everyone you know, If you receive an email from someone you know with POSTCARD FROM HALLMARK, do not open it otherwise your hard disk will be totally erased. It is a hoax of course but people have been forwarding this email to their entire address book, unfortunately they have been sending the email to their address book as cc rather than then hidden bcc. The effect is that millions of email addresses are circulating the internet. Then bad guys then harvest these emails and use them as direct targeted email. This may entice us to part with passwords etc.

Emails sent from our banks asking for log-in and passwords to re-activate an account are again spurious as no bank would ever ask for this information in an email.

Prize winning emails which only require us to give bank details, full name, date of birth and usually a mother’s maiden name risk us being victims to identity fraud.

The one I think is particularly clever is the email supposedly from the HMRC saying that I had overpaid my tax and if I would care to send them my bank details they would credit the amount directly into my account.

And finally a word of caution about credit and debit cards; never let your credit or debit card out of your sight. If a chip and pin machine is used always insert the card yourself and NEVER tell the shop or other supplier your pin number. If you buy online always check that you are entering your details into a secure web-site. If there is a padlock shown and the site is https and not http.

I hope you can spend your money on those you choose and not let the criminals steal it.

Happy Christmas shopping.

ISO9001 Quality Management Standard

2008-11-18T20:51:00.003Z

This standard was last updated in the year 2000 and should have been reviewed last year but this was delayed until 2008.

The main changes in IS9001:2008 are as follows:

Clause 0.2 (Process approach)
Text added to emphasise the importance of processes being capable of
achieving desired outputs

Clause 1.1 (Scope)

Clarification that product also includes intermediate product
Information regarding statutory, regulatory and legal requirements

Clause 4.1 (General requirements)

Notes added to explain more about outsourcing
Types of control that may be applied to outsourced processes
Relationship to clause 7.4 (Purchasing)
Clarification that outsourced processes are still responsibility of the organisation and must be included in the quality management system

Clause 4.2.1 (Documentation)

Clarification that QMS documentation also includes records
Documents required by the standard may be combined
ISO 9001 requirements may be covered by more than one documented Procedure

Clause 4.2.3 (Document control)
Clarification that only external documents relevant to the QMS need to be
Controlled

Clause 4.2.4 (Control of records)
Editorial changes only (better alignment with ISO 14001)

Clause 5.5.2 (Management representative)
States that this must be a member of the organisation's own management

Clause 6.2.1 (Human resources)
Clarification that competence requirements are relevant for any personnel who
are involved in the operation of the quality management system

Clause 6.3 (Infrastructure)
Includes information systems as example

Clause 6.4 (Work environment)
Clarifies that this includes conditions under which work is performed and Includes (for example physical, environmental and other factors such as noise,
Temperature, humidity, lighting, or weather)

Clause 7.2.1 (Customer related processes)
Clarifies that post-delivery activities may include:

Actions under warranty provisions
Contractual obligations such as maintenance services
Supplementary services such as recycling or final disposal

Clause 7.3.1 (Design & development planning)
Clarifies that design and development review, verification and validation have
distinct purposes. These may be conducted and recorded separately or in any combination as suitable for the product and the organisation

Clause 7.3.3 (Design & development outputs)
Clarifies that information needed for production and service provision includes
preservation of the product

Clause 7.5.4 (Customer property)
Explains that both intellectual property and personal data should be considered
as customer property

Clause 7.6 (Now called Control of Monitoring and Measuring equipment)
Explanatory notes added regarding the use of computer software:
"Confirmation of the ability of computer software to satisfy the intended
application would typically include its verification and configuration management
to maintain its suitability for use."

Clause 8.2.1 (Customer satisfaction)
Note added to explain that monitoring of customer perception may include input
from sources such as customer satisfaction surveys, customer data on delivered
product quality, user opinion surveys, lost business analysis, compliments, and
dealer reports

Clause 8.2.3 (Monitoring / Measurement of process)
Note added to clarify that when deciding on appropriate methods, the organisation should consider impact on the conformity to product requirements and on the effectiveness of the quality management system.

The changes are so minor and no new requirements have been introduced that little effort will be required by users of the standard to achieve certification to the 2008 standard.

Health & Safety & BS OHSAS 18001

2008-11-03T20:13:00.002Z

My office is in a Business Park but on of my windows looks out on to some houses. Last week I was treated to an exhibition of all the things that builders shouldn't do.

Let me explain, the householder has sensibly decided to have cavity wall insulation installed but the workmen who arrived to do the job were rather cavalier in their attitude to health and safety. At one point one of them was standing on the apex of the attached garage leaning precariously out while holding a masonry drill; as he attempted to drill holes in the outer wall he kept losing his balance and I am amazed that he didn't fall. Some of the places he needed to drill were too high even for him and he proceeded to get a ladder from his van. Instead of using a scaffold tower, as required by law; he climbed up the ladder using one hand while dragging the electric drill with the other. I expected that, at the very least, his partner would have held the bottom of the ladder but no, he was preparing the equipment for injecting the foam insulation.

I am fairly sure that these two were not operating their company health and safety policies but were just lazy.

I had to go out to visit a client so I do not know how it all ended. I hope that it did not end in tears.

It is hardly surprising to know that the majority of industrial accidents occur on building sites and most involve some sort of powered tool.

I wish these two lads a long and healthy life but if their performance recently was anything to go by, I think that very optimistic. While I realise that youth seem to think they are totally invulnerable, I was young once myself after all, the safeguards offered by the modern health and safety legislation are not designed to restrict personal freedom, they can, and often do, save lives.

Before undertaking any work of this type they should have carried out a risk assessment, not a huge job given then task in hand. Then they should have used the correct protective equipment and safe working practices.

Environmental Measures and Common Sense

2008-10-20T21:24:00.005+01:00

Readers of this blog will know that I always advocate environmentally friendly measures and it is becoming increasingly clear that these measures are becoming the norm rather that the exception.

Measure 1 - I drive a Hybrid car - Not only does this car give me a good miles per gallon figure, it is comfortable, I pay only £15 per year road tax and I am exempt from congestion charges;

Measure 2 - By reducing my speed from 70 to 65 miles per hour, I have found that I now get between 55-60 miles per gallon. With fuel cost now becoming a significant expense this is a considerable saving.

Measure 3 - By reducing the thermostat by one to two degrees my heating bill will be reduced; it may not offset the huge rises in energy costs but it must go part way.

Measure 4 - I now turn off lights that are really not needed during the day; I open the blinds to let in natural daylight. The savings may not be great but contribute to then overall saving even with energy saving lighting.

Measure 5 - No equipment is left on standby; to do so would be wasting energy and money.

Measure 6 - If I feel cold; I put on a jumper rather than turning up the heat; I am often staggered to see people in summer clothes complaining about feeling chilly.

Measure 7 - I have changed Banks- not only because my previous Bank gave me such rotten service but my new Bank is within walking distance. No Car needed.

Measure 8 - We recycle as much as we can to reduce our impact on the environment.

Measure 9 - We buy in season food to reduce then air miles that our food travels; some of our food has travelled 10's of miles rather than hundreds.

Measure 10 - We buy our goods and services locally, wherever we can to reduce our carbon footprint.

Am I a crank, or just gloating at saving money (and the Planet)? I suspect that 10 years ago I may have been considered a crank but nowadays I am perfectly normal, and richer.

Data Security & You

2008-10-06T20:11:00.001+01:00

There has been considerable interest, and dismay, at the number of times sensitive data has been lost or stolen, indeed the amount of data lost seems directly proportional to the technological advances in devices and perhaps the stupidity or arrogance of their owners.

Desktop computers - these are sitting on our desks giving access to vast amounts of data, yet many people get up and leave their desks without a thought to the risk they are taking. I always lock my desk computer before leaving it, even for a few minutes, because I understand that a moments inattention could put my data at risk and seriously damage my reputation as a security conscious individual.

Laptop computers - these are becoming smaller and smaller. My latest acquisition has an 8.9 inch screen, no hard drive and is small enough to slip into my briefcase. The down side of this is that it is even easier to lose. I encrypt my data so that would not be a problem but the loss of the thing would be very inconvenient. The data is, however, safe.

Memory sticks and SDHC cards - probably the greatest threat to data known today. These tiny devices can hold giga bytes of data and yet can slip easily into a pocket. These devices should always be encrypted, but sadly many are not. All my data sticks have the ability to lock and encrypt data.

Mobile phones and PDA devices - most people do not activate the pin number lock to prevent unauthorised access and a s such they risk having their phone numbers taken, their email contacts list taken and if secret pin numbers and passwords are stored, then these are at risk. Add to that the ability of many devices to access business based systems and email remotely then it is easy to see what a major security threat these unprotected devices can pose.

I use a pin to protect my PDA and have set a pin to protect the sim card as well. If my device was lost or stolen, I can send it a text message which locks the PDA and no amount of fiddling will unlock it, even if a new sim card is inserted and the factory defaults enabled.

A recent survey mounted by the BBC shows just how many electronic devices are left in cabs. The number is staggering. The value of data and equipment is vast.

Moral - keep devices safe, encrypt data, activate pin numbers on phones and PDAs.