June, 2002

This e-newsletter is in HTML format and may not be displayed properly by some email programs. Please click on our web site address above to see the e-newsletter with its proper formatting.

Note: The prices of our Atlanta classes in June have been cut by 20%. If you send three or more students from the same company, the prices for those classes are reduced by 50%.
 

June Articles

Training Spotlight

1. Benjamin Franklin and ISO 9001:2000  2. Sharing Information on ISO 9000 Complaints 3. Conformity, Conformance, or Compliance? 4. Lean Directions E-Newsletter  5. QS-9000 Certificates Expire in 2006  6. Information Needed About ISO 9001:2000  7. ISO 17799 for Information Security Management 8. Class Schedule: June, 2002 - August, 2002 9. Schedule of Quality Events To see previous articles, go to Newsletter Archives.

Atlanta, Georgia ISO 9001:2000 Auditor Refresher August 22-23, 2002 ISO 9001:2000 Internal Auditor June 17-19, 2002 August 19-21, 2002 ISO 9001:2000 Lead Auditor July 22-26, 2002 Implementing ISO 9001:2000 June 10-11, 2002 ISO 9001:2000 Conversion July 18-19, 2002 Quality System Documentation June 12-13, 2002 Training Classes in Other Cities

 

1. Benjamin Franklin and ISO 9001:2000

Benjamin Franklin said, "Tell me and I forget. Teach me and I remember. Involve me and I learn."

According to ISO 9001:2000 clause 6.2.2, an organization must:

• determine competency needs
• provide the necessary training
• evaluate training effectiveness

• the relevance and importance of their activities
• how they contribute to achieving quality objectives

ISO (International Organization for Standardization) and the IAF (International Accreditation Forum) have announced they will begin sharing information on complaints received about ISO 9000 certification and the actions taken regarding the complaints.

Pooling information on complaints will help protect the image and integrity of conformity assessment. The groups said in their efforts to protect the customers and users from unethical or inappropriate practices, they had identified three kinds of problems:

1. Malpractice (unethical and dishonest practices) by conformity assessment bodies (registrars);

2. Misleading advertising of the status of conformity assessment results, including misuse of marks of conformity;

3. Confusion in the market-place between "certification" and "accreditation".

They said a number of steps are being taken to deal with these problems. One action is to publicize the existence of complaint handling systems and to encourage dissatisfied customers to use them.  When accreditation bodies have proof that an accredited conformity assessment body has behaved inappropriately, they will take the necessary action, including the suspension or withdrawal of accreditation.

In the USA, you can complain to the Registrar Accreditation Board (RAB) at: <http://www.rabnet.com/f_complaint.shtml>. The complaints received by the RAB for the past three years are listed at their site. The total complaints by category for 2001 and 2002 are:
 

Types of Complaints	Complaints
Registrar - Auditor	2
Registrar - Conflict of Interest	8
Registrar - Marketing	12
Registrar - Use of Mark	11
Registrar - Service	3
Registrar - Other	11
Registered Company - Use of Mark	9
Registered Company - Product or Service	3
Registered Company - Other	3
RAB - Service	1
RAB - Other	1
Total	64

The ISO and IAF announcement defined certification and accreditation as

"Certification" is when a conformity assessment provider gives written assurance in the form of a certificate that a product, service, system, process or material conforms to specific requirements. The most well known examples are the certification of quality management systems and environmental management systems as conforming, respectively, to ISO 9000 and ISO 14000 standards. Certification is known in some countries as "registration". The providers of these services are known as "certification bodies",  "registration bodies", or "registrars".

"Accreditation" is the procedure by which an authoritative body gives formal recognition that a body or person is competent to carry out specific tasks. In the ISO 9000 or ISO 14000 context, it relates to the work of the accreditation bodies that have been set up in a number of countries to evaluate the competence of certification bodies. An accreditation body will accredit - approve - a conformity assessment body as competent to carry out ISO 9000 or ISO 14000 certification in specific business sectors. Accreditation is also carried out of testing laboratories, inspection bodies, and product certification bodies.
 

3. Conformity, Conformance, or Compliance?

Do you say conformity or compliance?  Is it okay to use conformance instead of conformity?  Does it matter?

The ISO 9000:2000 Fundamentals and Vocabulary standard defines conformity as the fulfillment of a requirement. A note says conformance is synonymous, but deprecated (meaning use of that term is considered obsolete). ISO 9000 defines nonconformity as the non-fulfillment of a requirement. It doesn't define compliance.

Although QS-9000 doesn't define conformity, it does define nonconformity as a "process" which does not conform to a quality system requirement. It makes the distinction that a nonconformance is a "product or material" which does not conform to customer requirements or specifications. So, QS-9000 uses both conformity (process) and conformance (product). However, ISO 9000 uses conformity as fulfilling either process or product requirements.

ISO/TS 16949:2002 (the replacement for QS-9000 by 2006) uses the ISO 9000:2000 definitions for conformity and nonconformity. It dropped the QS-9000 use of nonconformance.

TL 9000 Release 3.0 refers to the ISO 9000:2000 definitions for conformity and nonconformity. The Release 2.5 definition of compliance has been dropped. The prior release defined compliance as an affirmative indication or judgment that a product has met the requirements of the relevant specifications, contract or regulation; also the state of meeting the requirements.

ISO/IEC Guide 2:1996 defines conformity as "fulfillment by a product, process, or service of specified requirements".

The American Heritage Dictionary defines conformity as acting or behaving in accordance with socially accepted standards, conventions, rules, or laws. It defines compliance as the disposition or tendency to yield to the will of others.

Conformity can be viewed as internally driven, such as our voluntary, consensus-based standards. Compliance can be viewed as externally imposed. So, we should use conformity, not conformance or compliance, when referring to fulfilling product and process requirements. Of course, if customers impose conformity to ISO 9001, your organization may feel like it has to comply rather than conform.
 

4. Lean Directions e-Newsletter

The Society of Manufacturing Engineers (SME) has introduced a free e-Newsletter called Lean Directions. Each monthly issue offers five highly focused articles for a quick and easy way to stay up-to-date with one of today's hottest topics -- Lean Manufacturing.

You can subscribe to Lean Directions at SME e-Newsletters. You can also subscribe to their free 6-Sigma e-Newsletter.
 

5. QS-9000 Certificates Expire in 2006

The QS-9000 Task Force and the International Automotive Task Force have announced that adherence to ISO/TS 16949:2002 will become a requirement after December 15, 2006 for all suppliers subject to QS-9000. Special permission has been granted for QS-9000 to continue using ISO 9001:1994 until that date.

However, earlier dates may be established by the original equipment manufacturers, for example, BMW has set December 15, 2003 for its suppliers to have ISO/TS 16949:2002 registration. Also, suppliers that are required by their non-automotive customers to be registered to ISO 9001:2000 will still have to make the transition before the ISO 9001:1994 withdrawal on December 16, 2003.

Organizations moving to ISO/TS 16949:2002 certificates will see a more rigorous approval process for registrars, more process-oriented auditing, and more emphasis on meeting customer requirements. How well customer needs are being met will be evaluated through measures such as delivered part quality performance, customer disruptions, delivery schedule performance, and special status customer notifications related to quality or delivery issues.

Registrars must be accredited to issue both ISO 9001:2000 and ISO/TS 16949:2002 certificates. However, they will be able to issue an ISO/TS 16949:2002 certificate without an accompanying ISO 9001:2000 certificate. As a result, suppliers will have to negotiate with their registrars if for business reasons they want to also receive an ISO 9001:2000 certificate.

According to the International Automotive Oversight Bureau (IAOB), suppliers will need to provide their registrar with a list of customers and the current customer ratings before each ISO/TS 16949:2002 audit. Suppliers will also need to provide their registrars with performance data for the past 12 months, a list of internal auditors, and their internal audit results. Joe Bransky, the GM representative, is quoted as saying he will fly any where in the world to buy a steak dinner for the first auditor that refuses to perform an audit due to inadequate client preparation with regard to customer data.

Auditors may have relied too heavily on checklists for QS-9000 audits. They will now be expected to rely more on control plans, failure mode effects analysis, and part approval ratings for ISO/TS 16949 audits. Also, more focus will be placed on determining if the customer-specific requirements are being met.

Auditors will follow the processes from department to department instead of assessing each clause of the standard in isolation from the rest of the system. Checklists should be used to verify the audit completeness, not limit the audit coverage..

For more information about ISO/TS 16949:2002, see "New Edition of ISO/TS 16949:2002 Published" in our May 2002 e-newsletter.

If you have any questions about ISO/TS 16949:2002 requirements, send them to the Sanctioned Interpretations Fax Mail Box (248-799-3943) set up by the IAOB (which includes DaimlerChrysler, Ford Motor Company, General Motors, and the Automotive Industry Action Group).
 

6. Information Needed About ISO 9001:2000

A recent Inside Quality survey by Quality Digest identified six key areas where companies making the transition to ISO 9001:2000 would like more information. The survey respondents should look at the back issues of our e-newsletter for guidance:

1. ISO 9001:2000 and customer satisfaction
(See our December 2001 article on customer satisfaction)

2. ISO 9001:2000 and management participation
(See our October 2001 article on ways to show management commitment)

3. Auditing to ISO 9001:2000
(See our October 2001 article on ten tips for auditing to ISO 9001:2000)

4. Interpretation issues related to ISO 9001:2000
(See our February 2001 article on interpretations)

5. ISO 9001:1994 to ISO 9001:2000 transition
(See our June 2001 issue on ten tips for moving to ISO 9001:2000)

6. Comparison between ISO 9001:1994 and ISO 9001:2000
(See our February 2002 article on the differences)

If you would like to see other topics in one of our upcoming e-newsletters, please let me know.
 

7. ISO 17799 for Information Security Management

Organizations of all sizes and from all sectors have a common problem - the inherent vulnerability of their information systems. If your information is not safe, your future is not secure.

No matter how well protected an organization may seem, sensitive data can be lost or leaked without you realizing it. Information security is not just an issue for computer experts. A single breach of security could severely reduce profits and damage your image and reputation.

All information in all departments, whether in computer systems, paper files, or employee minds, is at risk from very real threats. With the increase in reported information security breaches, the need has intensified for a structured approach to managing information security.

The ISO 17799 standard for information security management deals with the confidentiality, integrity, availability, and accountability of all kinds of sensitive information. The standard was developed to make sure organizations have the most appropriate controls and systems in place to manage the storage and exchange of information, whether it is in paper or electronic form.

The ISO 17799 Code of Practice for Information Security Management has chapters on:

• Security Policy
• Security Organization
• Asset Classification and Control
• Personnel Security
• Physical and Environmental Security
• Communications and Operations Management
• Access Control
• Systems Development and Maintenance
• Business Continuity Management
• Compliance

To enroll in any of these public classes, go to the Class Schedule at our web site, or call us at 800-404-7585. The classes taught by Larry Whittington are shown in gold.

Note: The prices of our Atlanta classes in June have been cut by 20%. If you send three or more students from the same company, the prices for those classes are reduced by 50%.

ISO 9001:2000 Lead Auditor (ANSI/RAB-NAP Accredited) - CEEM, Inc.

June	July	August
10-14  San Diego, CA	15-19  Reston, VA	05-09  Orlando, FL
17-21  Charlotte, NC	22-26  Dallas, TX	12-16  Houston, TX
24-28  Chicago, IL	22-26  Atlanta, GA	19-23  Reston, VA
- -	29-02  San Jose, CA	- -

ISO 9001:2000 Internal Auditor (ANSI/RAB-NAP Accredited) - CEEM, Inc.

June	July	August
12-14  Reston, VA	July 08-10  Reston, VA	14-16  Reston, VA
17-19  Atlanta, GA	- -	19-21  Atlanta, GA

ISO 9001:2000 Auditor Transition (RAB-Approved)
* Auditor Refresher (same content as Auditor Transition)

June	July	August
10-11  Reston, VA	16-17  Dallas, TX	08-09  Reston, VA
- -	- -	22-23  Atlanta, GA
- -	- -	26-27  San Diego, CA

Implementing ISO 9001:2000 (for New Systems)

June	July	August
10-11  Atlanta, GA	18-19  Dallas, TX	12-13  Reston, VA
- -	- -

ISO 9001:2000 Conversion (for Existing Systems)
Note (*): Special two-day version of our three-day Conversion course.

June	July	August
05-07  Reston, VA	18-19  Atlanta, GA (*)	07-09  Houston, TX
- -	- -	28-30 San Diego, CA

Quality System Documentation (Revised for ISO 9001:2000)

June	July	August
12-13  Atlanta, GA	11-12  Reston, VA	- -

To arrange an economical on-site class, please call us at 800-404-7585.
 

9. Schedule of Quality Events

Quality Expo Detroit
June 12-13, 2002 in Novi, MI

Conference On Quality In Commercial Aviation
September 22-25, 2002 in Dallas, TX

11th Annual Service Quality Conference
September 23-24, 2002 in Las Vegas, NV

QuEST Forum Best Practices Conference
September 24-25, 2002 in Dallas, TX

10th National Quality Education Conference
September 28 - October 1, 2002 in  Columbus, OH

World Quality Congress
September 29 - October 2, 2002 in Harrogate, United Kingdom

22nd Southeastern Quality Conference
October 21-22, 2002 in Atlanta, GA
(Larry Whittington will speak on ISO 19011:2002)

APICS International Conference and Exposition
October 27-30, 2002 in Nashville, TN

12th International Conference on Software Quality
October 28-30, 2002 in Ottawa, Canada

Society for Advancement of Material and Process Engineering
34th International Technical Conference
November 4-7, 2002 in Baltimore, MD

Customer-Supplier Division Conference
November 5-6, 2002 in Louisville, KY

ASQ's 3rd Six Sigma Conference
January 27-28, 2003 in Palm Springs, CA

ASQ Quality Management Division Conference
March 12-14, 2003 in Phoenix, AZ

25th International Conference on Software Engineering
May 3-10, 2003 in Portland, OR

57th Annual ASQ Quality Conference
May 19-21, 2003 in Kansas City, MO

Copyright © 2000 - 2007  Whittington & Associates, LLC.
All Rights Reserved.
242 Highlands Drive, Woodstock, GA 30188
770-517-7944 or fax 770-517-7945

 
Whittington & Associates provides training, consulting and auditing services for quality systems based on
ISO 9001, ISO/TS16949, TL9000, AS9100, ISO 13485, as well as, ISO 27001, ISO 20000, ISO 22000, and ISO 14001.