You are on page 1of 52

Vol. 4, No.

4 July-August 2004

ISSN 1680-8096

Oil and gas


sector
Getting started
Software quality
NGOs and ISO 14001

Are you following

the Path to

Successful
Complianc
A subscription to ISO Management Systems
can help you meet that challenge!
ISOs management systems standards are implemented by more
than 610,000 organizations in over 150 countries
ISO Management Systems is the premier magazine devoted to the
critical issues surrounding both quality (ISO 9000) and
environmental (ISO 14000) management systems
ISO Management Systems offers readers a worldwide
overview of the ISO 9000 and ISO 14000 related developments
ISO Management Systems provides an invaluable forum for the
exchange of ideas and access to the latest news and information
ISO Management Systems is available in the U.S. and Canada
through Global Engineering Documents, the retail arm of IHS.
Other countries may subscribe through the ISO Central Secretariat

ISO Management Systems


Subscribe now to this bi-monthly magazine and ensure
that your management system is on the right track!

Contact Global Engineering Documents


Customers within the U.S. or Canada:
15 Inverness Way East
Englewood, CO 80112-5776 USA
800-854-7179(USA) 303-397-7956(Canada)
Fax: 303-397-2740
Email: global@ihs.com
Webstore: global.ihs.com

Customers outside of the U.S. and Canada:


Sonia Rosas, ISO Central Secretariat
Tel: + 41 22 749 03 36
T
Fax: +41 22 749 09 47
Email: sales@iso.org

to get started today!


15 Inverness Way East Englewood, CO 80112-5776 USA
Tel: 800-854-7179 (USA) 303-397-7956 (Canada) Fax: 303-397-2740
T
Email: global@ihs.com Webstore: global.ihs.com

Whether its Autumn or Spring


in your region...
...the environment is global.
001
4
1
ISO

ISO 1
4004

Coming this Winter (or Summer),


the revised ISO 14001* and ISO 14004*.
The global EMS standards.
www.

.org

* Already available as FDIS (Final Draft International Standards)

Discover
tomorrows
standards...
...today
Why wait until tomorrow
to discover ISO standards,
if you can do so today
with the new ISO
CataloguePlus. A new
CD-ROM that allows you to
search through the list of all currently valid
ISO standards plus the complete work
programme of all its technical committees,
quickly and easily.
The ISO CataloguePlus contains all the latest
developments in ISO standardization through
easy-to-use search functions by subject area,
ISO number, technical committee, along with
a complete keyword index to every published
and draft standard.
But thats not all !! Youll also find a list
of ISO members and their addresses, the titles
of technical committees, a list of withdrawn

standards and technical corrigenda, ISO


maintenance agencies and registration authorities,
as well as a list of ISO information publications
and products.
As an added bonus, the ISO CataloguePlus
provides access to complete texts of information
brochures such as ISO 9000 Selection and use,
Quality management principles, Environmental
management The ISO 14000 Family of
International Standards, as well as the latest
ISO Annual Report, giving you good value
for money.
ISO CataloguePlus
ISBN 92-67-01140-5
Price, 46 Swiss francs
Available from ISO national member
institutes and ISO Central Secretariat:
www.iso.org

C on te n t s

Photo Hydro, Kre Foss, Girassol drilling, Angola

Contents
6 Editorial Sport and certification

ISO INSIDER

9 ISO offers free-of-charge ISO 9001:2000


auditing kit

VIEWPOINT

p. 13
Special Report
Taking the first steps...
...in environmental management
This article explains clearly how an
SME can implement an environmental
management system so that the process
is not a series of hurdles, but rather a set
of practical steps towards raising environmental and business performance.

...in quality management


Having taken the decision to implement
a quality management system, small and
medium-sized enterprises in particular
are often unsure just how to get started.
This feature takes SME managers
through the first steps.

SPECIAL RE PORT

11 1 May 2004 and the Czech Republic


13 Taking the first steps
in environmental management
towards a quality management system

ON

THE

WEB

26 ISO 9001:2000-certified Firearms Training


System wins Olympics security contract
Bank of India banks on ISO 9001:2000 Japanese

space agency puts ISO 9001:2000 and ISO 14001


into orbit One-stop shopping for corporate sustainability and responsibility reports Venezuelan
steel giant implements ISO 9001:2000 to boost
competitiveness Phuket hotel first with ISO 9001:
2000 and ISO 14001

INTERNATIONAL

29 ISO/TS 29001 set to become oil and gas


industrys unique QMS standard

34 Huge potential user base for ISO/IEC 90003


the state of the art for improving
quality in software engineering

p. 29
International
Unique QMS standard for oil
and gas industry
A successful partnership between ISO
and the international oil and gas industry
has resulted in the publication of a new
technical specification for implementing
ISO 9001:2000-based quality management systems in the sector.

40 ISO 14001-certified environmental NGOs


give their verdict

44 Galapagos National Park enhances top


ten competitiveness with ISO 9001:2000

B USINESS S TANDARDS

48 Security concerns fuel boom in biometric


technologies

51 Next issue

ISO MANAGEMENT SYSTEMS is published six times a year by the Central Secretariat of ISO (International Organization for
Standardization) and is available in English, French and Spanish editions. Publisher: ISO Central Secretariat, 1, rue de Varemb,
Case postale 56, CH-1211 Geneva 20, Switzerland. Tel. + 41 22 749 01 11. Fax + 41 22 733 34 30. E-mail central@iso.org
Web www.iso.org Editor in Chief: Roger Frost. Contributing Editor: Garry Lambert. Artwork: Pascal Krieger, Pierre Granier. A one-year
subscription (six issues) to ISO MANAGEMENT SYSTEMS costs 128 Swiss francs. Subscription enquiries: Sonia Rosas, ISO Central Secretariat.
Tel. + 41 22 749 03 36. Fax + 41 22 749 09 47. E-mail sales@iso.org
ISO Central Secretariat has mandated SOGI Communication as its advertising representative, not only for the French edition, which
SOGI also distributes in addition to ISOs members, but also for the English and Spanish editions. SOGI Communication, 103, rue La
Fayette, 75481 Paris cedex 10, France. Tel. + 33 (0)1 42 81 94 00. Fax + 33 (0)1 42 81 98 07. Director: Maurice Roboh. Editor in
Chief: Martin de Halleux. E-mail halleux@qualite-references.com
ISO, July-August 2004. The views expressed in ISO MANAGEMENT SYSTEMS are those of the authors. The advertising of products, services,
events or training courses in this publication does not imply their approval by ISO.

ISO Management Systems July-August 2004

Photo : Rafal Frost

Editorial
BY

Editorial

R OGER F ROST

Sport and certification

Rules and requirements


have to be implemented
and that takes people

port is a globally recognized and appreciated area of human endeavour.


Playing to rules, with referees to enforce them has hardly stopped sportsmen and sportswomen from displaying creativity even brilliance on occasions and other human values like courage, initiative and steadfastness.
Sport demonstrates that rules do not rule out achievement. And the corollary
is also true they do not create the achievement either. That takes a meeting of
the rules and the human element. Take ISO 9001:2000 and ISO 14001. The rules
(requirements) set the frame. Rules and requirements have to be implemented
and that takes people taking action.
It takes top managers who walk their talk, champions who keep going when the
going gets tough, middle managers who accept to look beyond the boundaries and
immediate interests of their departments, staff members and work forces who are
prepared to change for the better the way they have got used to doing things.

taking action
Human qualities
Human qualities are as necessary in the office or on the factory floor as they
are on the playing field. This is why human factors like improved motivation and
team spirit have so often been quoted alongside strictly business benefits in the
case studies and surveys of ISO 9000 and ISO 14000 implementations in organizations large and small, in diverse sectors, from around the world reported since
1992 in ISO Management Systems and the journal it replaced, ISO 9000 + ISO
14000 News (originally ISO 9000 News).
While few of us may display prowess in sport, the sense of what it costs to put
in effort to achieve an objective is something many of us will have experienced.
Perhaps this is why faking it is so shocking. The sports hero whose performance
turns out to be fuelled by illicit drugs may certainly transgress our sense of what
is right and what is wrong.
But what should really fuel our anger is that the fake performance negates
the efforts of genuine competitors. More subversive still, unless the possibility of
succeeding by faking is removed, or at least severely reduced what is the point
of honest effort ?
Transposing the situation to ISO 9001:2000 and ISO 14001, what is the point
for the conscientious organization of the undoubted efforts required not only to
implement a management system, but also to have it audited and certified to the
satisfaction of an independent body unless customers can have confidence in ISO
9001:2000 and ISO 14001 certificates ?

ISO Management Systems July-August 2004

Such confidence is eroded when a company pretends to a certificate it does


not possess, when a consultant assists a company to set up a management system
then himself declares it compliant while failing to explain to the client the
difference between this and independent certification, when a certified company
provides poor product or service, fails to respect regulations relevant to its activities, or harms the environment.
For a conscientious certification body, what is the point of offering customers
a further level of assurance by making the effort to achieve accreditation of its
competence to perform certification if the bad apple certification body can
spoil the bunch ?
Protecting the integrity and reputation of management system certification is
clearly in the interests of all those who play by the rules : the conscientious user
organizations, certification and accreditation bodies and ISO, whose reputation can be damaged by ricochet when its management system standards are
misused.
One of the difficulties is that just like the requirements of ISO 9001:2000 and
ISO 14001, the rules of certification and accreditation are voluntary. In most
countries, there are no regulations to enforce their implementation. However, to
return to the sports analogy, players by and large abide by the voluntary rules set
by governing bodies and the system works so well that international competitions
are not only viable, but highly successful.

The return on investment


in individual certificates
also depends on the
good reputation of
certification in general

International cooperation
The framework for successful international cooperation on accreditation was
recently strengthened by the signing of an Memorandum of Understanding on
cooperation and mutual assistance between ISO, the International Accreditation
Forum (IAF) and International Laboratory Accreditation Cooperation (ILAC).
Many positive qualities have been displayed by users of management systems
standards in their implementation and certification programmes. The return
on their investment in their individual certificates also depends on the good
reputation of certification in general and of the accreditation intended to provide
additional confidence in certification.
Who better then than user organizations to input to the international efforts
being deployed on getting everyone to play by the rules creativity, courage,
initiative and steadfastness ?

ISO Management Systems July-August 2004

Looking for an ISO


or an IEC symbol ? Youve
come to the right address
. Common database for
ISO
IEC graphical sym.
bols

www.graphical-symbols.info

ISO INSIDER

ISO offers free-of-charge ISO 9001:2000


auditing kit
BY A LEX E ZRAKHOVICH AND
R ANDY A. D OUGHERTY

Guidance modules on specific


aspects of auditing ISO 9001:2000
quality management systems (QMS)
are available free of charge from ISO
and others are being developed.
Short, easy to read and understand,
the guidance modules that make up
the auditing kit adopt a practical,
how to approach. They have been
developed mainly for certification
body personnel carrying out audits
of quality systems for organizations
seeking an ISO 9001:2000 certificate
ISO/TC 176 interpretations
as independent confirmation of their
of the standards requireimplementation of ISOs well-known
ments, nor do they constistandard.
tute official IAF guidance.
However, they may also be useful
The intent of the documents
to staff carrying out in-house audits
is to assist ISO 9001:2000 users by
to provide assurance to management
providing guidance for auditing that
about the performance of their organis practical, useful and usable.
izations quality system, as well as to
The
documents
consultants, trainers
are available on the
and anyone with an
APG Web site at :
interest in quality.
Short, easy to read
http://isotc176sc2.
The docments are
and
understand,
elysium-ltd.net/
being developed by
APG_index.html.
the ISO 9001:2000
the guides adopt a
Auditing
Practices
Group (APG) estab- practical, how to approach
The documents so
lished by ISO/TC 176
far developed by the
(www.tc176.org), the
APG address the folISO technical committee responsible
lowing specific issues in ISO 9001:2000
for the ISO 9000 family, and the IAF
auditing :
(International Accreditation Forum
The need for a two-stage approach
www.iaf.nu) the grouping of national
to auditing.
accreditation bodies that verify the
Measuring QMS effectiveness and
competence of certification bodies.
improvements.
The guidance modules are not
officially endorsed by ISO and are
Identification of processes.
not a product of its standards-development processes. The documents do
Understanding the process approach
not modify any of the requirements of
Determination of the where approISO 9001:2000 and do not represent
priate processes.

The ISO 9001:


2000 Auditing
Practices Group
at its March
2004 meeting
in Vancouver,
Canada.
Co-convener
and
co-author Alex
Ezrakhovich is
second from
right, front
row.
Insert:
co-convener
and co-author
Randy A.
Dougherty

Alex Ezrakhovich is
co-convener of the ISO 9001:
2000 Auditing Practices Group
representing ISO/TC 176.
As General Manager of SAI
Global Limited, he
brings experience from
the certification side of
the industry, while
Randy A. Dougherty,
co-convener representing IAF,
brings experience of
the accreditation side.
He is Director, Registrar
Accreditation, of the USs
Registrar Accreditation Board
(RAB).
Alex Ezrakhovich
E-mail Alex.Ezrakhovich@saiglobal.com
Web www.sai-global.com
Randy A. Dougherty
E-mail rdougherty@rabnet.com
Web www.rabnet.com

ISO Management Systems July-August 2004

ISO INSIDER

Auditing the where appropriate


requirements.

A link to the documents on the APG


Web site is provided too in the ISO
9000 section on ISOs main Web site
Demonstrating conformity to the
www. iso.org. This section also includes
standard.
the latest versions of the free-of-charge
Linking an audit of a particular
documents comprising the ISO 9000:
task, activity or process to the
2000 Introduction and Support Package
overall system.
another initiative by
Auditing continual The membership of the APG ISO to facilitate the
understanding
and
improvement.
implementation
of
its
represents a wide range
Auditing a QMS
quality system standwhich has miniof organizations that have ards.
mum documentaa stake in ISO 9001:2000
tion.

How to audit top


management processes.
The role and value of the audit
checklist.
Scope of ISO 9001:2000, scope of
QMS and defining scope of certification.
Value-added auditing.
Auditing competence and the
effectiveness of actions taken.
Effective use of ISO 19011:2002,
Guidelines for quality and/or environmental management systems
auditing.
Auditing statutory and regulatory
requirements.
Auditing quality policy and quality
objectives.
Auditing the control of monitoring
and measuring devices.
The APG recently agreed to
develop additional documents on the
three following topics :
Auditing customer satisfaction.
Writing nonconformities that are
understandable, useful and therefore add value.
Reviewing responses to nonconformities to assure correction and
corrective action that is effective.

10

ISO Management Systems July-August 2004

Background

The ISO 9001:2000 Auditing Practices Group was formed in 2002 as


a joint initiative of ISO/TC 176 and
the IAF. Its purpose is to improve the
value of third party certification audits
for organizations and their customers.
At its first meeting (held in Sydney,
Australia, in February 2003), the APG
agreed that the guidance needs to be
written in terms readily understandable by an auditor, so it adopted a
how to approach. The guidance
includes practical examples and tools.
The group has had three meetings
since Sydney : in Geneva, Switzerland
in June 2003 ; in Bucharest, Romania
in October 2003 ; and in Vancouver,
Canada in March 2004.
The APG is led by two co-conveners representing the founding bodies,
ISO/TC 176 and IAF. Members are
appointed from both ISO/TC 176
and IAF and also include, by invitation, individuals from ISO/CASCO,
Committee on conformity assessment ; IATCA (International Auditor
Training and Certification Association
www.iatca.org), and industry. The
membership of the APG represents a
wide range of organizations that have
a stake in ISO 9001:2000 certification :
industry, companies with certified QMS,
standards writers, certification bodies,
accreditation bodies, consultants, trainers, and most importantly, auditors.
Comments already received from
certification bodies, auditors and
other users indicate that the guidance
is proving useful.

VIEWPOINT

On 1 May 2004, the Czech


Republic was one of the 10
countries that became new
members of the European
Union. On this occasion, ISO
Management Systems invited
Otakar Kunc, Director of
the Czech Standards Institute
(CNSI), to comment on the
significance of ISO 9000 and
ISO 14000 to his countrys
economy and businesses.

1 May 2004
and the
Czech Republic
BY

O TAKAR K UNC

bove all, let us state that


both of these standards
have been adopted by the
Czech business community in
the case of ISO 9000, 15 years
ago and since that time the
interest in their implementation
by organizations in the majority
of business sectors business has
been growing exponentially.
In 1991, the first ISO 9001
certificate was issued. The 1 000
mark was exceeded in 1998 and
almost 4 000 certificates had
been issued at the beginning of
the third millennium. As of the
date of the Czech Republics
accession to the EU, the total
approaches 10 000.
Furthermore, it is necessary
to add approximately 300 organizations with quality management systems implemented and
certified according to ISO/TS
16949, the ISO 9001-based quality requirement for the automotive sector.
A similar growth trend is
recorded in the implementation
of ISO 14001, with approximately
100 certificates issued by 2000.
Today, about 600 organizations
have had their environmental
management systems certified,
and the interest of other organizations in ISO 14001 is enormous.
These quantitative indicators
provide evidence that there is

ISOs management system standards are a generally accepted


basis for serious business, rather
than an obstacle. An overwhelming majority of big enterprises
has been working according to
ISO 9000/ISO 14000 for almost
a decade.
Todays growth in the implementation of the management
system standards relates above
all to small and medium-sized
companies. ISO 9001 has penetrated all fields, including public
administration, education, health
care, etc..

ISOs management
system standards
are a generally
accepted basis for
serious business
Further potential

Ing. Otakar Kunc, CSc.,


Director of the Czech Standards
Institute (CSNI), the ISO member
for the country.
E-mail director@csni.cz
Web www.csni.cz

a dynamic growth of interest in


certified management systems in
the Czech Republic.

Management systems and


the economy

At present, there are reserves


in efficiency, in particular of the
management systems implemented according to ISO 9001:2000.
Significant sources of improvement lie in the utilisation of the
process approach and continual
improvement.
We all try to manage the process of improving ourselves. This is
also one of the important results
targeted in the application of the
ISO 9001/ISO 14001 standards in
the Czech Republic along with
a hope that the label Made in
the Czech Republic will be
considered equivalent to Made
in Europe .

Integration into the global


market and with the supply
chains of multinational companies has been achieved by Czech
entrepreneurs relatively easily.

ISO Management Systems July-August 2004

11

ISO 9001
for Small Businesses.
(also useful for small businessmen !)

ISO 9001 for Small


gives the SME
n how to achieve customer satisfaction and continual improvement by implementing a quality management system conforming to
ISO 9001:2000.

ISO 9001 for Small Businesses can help your


enterprise to grow. (And if you buy several copies,
you can also increase your own stature !)

This ISO handbook explains the standard in plain


language with plenty of concrete examples to show how
it works in an SME, whatever its sector of activity.

ISO 9001 for Small Businesses *


English edition : ISBN 92-67-10363-6, 186 pages,
French edition : ISBN 92-67-20363-0, 201 pages
A5 format, hard cover, ring binder
Price, 47 Swiss francs

It was written by the experts who developed


the standard. They give no-nonsense, practical advice.
That includes essential aspects like how to get started
on establishing a quality management system, and on
working with a consultant.

Available from ISO national member institutes


and ISO Central Secretariat : www.iso.org
* A joint publication with the International Trade Centre
UNCTAD/WTO

SPECIAL REPORT

Taking
the
first

This article explains clearly how


an SME can implement an environmental
management system so that the
process is not a series of hurdles, but
rather a set of practical steps towards
raising environmental and business
performance.

in environmental
management
lack of guidance and support on how
mall and medium-sized enterpristo implement an EMS that would
es (SMEs) play a key role in the
meet the requirements of ISO 14001
economies of most countries
and the European Unions Ecoaround the world, making important
Management and Audit Scheme
contributions to economic growth and
(EMAS).
employing significant numbers of people. Collectively, SMEs also cause sigSo how should someone working
nificant impacts on the environment by
in an SME go about
their activities, prodimplementing
an
ucts and services.
SMEs play a key role
EMS ?
Work in the United
Kingdom, commisin the economies of most
sioned by the DepartThe first step
countries
ment of Trade and
Getting and mainIndustry, examined
taining management commitment,
the reasons why SMEs were not engageven if you are a very small company,
ing in the implementing an environis essential for the successful implemental management systems (EMS).
mentation of any management system.
Barriers included :
Because nothing ever runs smoothly,
lack of awareness and/or denial
commitment will be needed to give
that they cause significant environthe EMS status on a par with other
mental impacts ;
business decisions within the organization, so that changes are made and
resource constraints (including
resources allocated even when things
financial, time and personnel) ;
get difficult.
lack of incentives ;
Even in a two-person partnership,
inappropriate tools and techniques
everyone needs a consistent approach
and a lack of skills, and
to the EMS hence commitment .

BY

M ARTIN B AXTER

Martin Baxter is Technical


Director of the Institute of
Environmental Management
and Assessment (IEMA),
United Kingdom, and
participates in the ISO/
TC 207 working group on
environmental communication.
E-mail
Web

m.baxter@iema.net
www.iema.net

ISO Management Systems July-August 2004

13

SPECIAL REPORT

TEPS
IF RST S

About IEMA

IEMA is a not-for-profit
organization, with more
than 8 000 corporate
and individual members
worldwide, established
to promote best practice
standards in environmental management, auditing
and assessment.
Institute of Environmental
Management and
Assessment (IEMA),
St. Nicholas House, 70
Newport, Lincoln LN1 3DP,
United Kingdom.
Web www.iema.net

Do not just think about managers


devolved responsibilities will help
to maximise the benefits of the EMS
by involving people at all stages of
implementation in understanding and
identifying opportunities to drive the
EMS forward.
A common approach is to create an
implementation team, which requires
time and effort from key members of
staff this will be impossible to achieve
without everyones commitment.
Getting and keeping management commitment is fundamental to
implementing a successful EMS. However, getting new initiatives on to
the business management agenda in
the first place may prove to be difficult, even if you are the one writing
the agenda. It will be easier if you can
understand and demonstrate to others
the benefits for your organization. Start
by considering the drivers that could
influence your organization to establish an EMS. These
could be :
Because

Marketing opportunities environmental awareness amongst consumers continues to grow, and providing
the quality and price are right,
opportunities exist for winning new
sales and consolidating existing
business by promoting the environmental characteristics of your
products/services. An EMS provides
the framework for identifying customer requirements, and for establishing eco-design projects or supplier
programmes.

Interested parties internal and


external. From employees to the
local community, investors to activists, all types of people can have an
interest in your activities and influence your success. These interested
parties will have different views of what is
nothing
important in relation
ever runs smoothly,
Cost savings by
to the environment.
focusing on reducAs such, accommocommitment will be
ing resource condating these views will
sumption and waste
needed to give the EMS
be a part of fostering/
outputs,
savings
status on a par with other maintaining good relacan often be realtionships. An EMS
ized. An EMS will
provides a framework
business decisions
help you focus on
for measuring and
potential savings, plan programmes,
monitoring environmental performestablish controls and monitoring,
ance, and communicating informaand work to objectives and targets.
tion. Additionally, an independently
certified EMS can provide credible
Risk management reduce legal,
evidence of your organizations comfinancial, and reputation-related liamitment to environmental issues.
bilities. With increasing environmental legislation, backed by increasingly heavy penalties, it is no longer
prudent to ignore your legal responsibilities. In addition to the direct
costs of non-compliance (fines), and
the indirect costs (legal fees, management time), you also have to
weigh up the potential damage to
your organizations reputation (lost
business). An EMS will help you
identify current and forthcoming
legislation and other requirements, as
well as establishing controls to help
you manage down your risks. In

14

addition, an EMS certified to ISO


14001 or EMAS might even reduce
the level of scrutiny imposed by
environmental regulators.

ISO Management Systems July-August 2004

There are many other drivers, some


relating to business opportunities, others
to business threats. The key issue is to
identify those that are relevant to your
organization and will attract the attention
and support of your senior management.

The baseline assessment


Making any assumptions about
where you start from can easily make
the rest of the journey a fraught
nightmare. This is as true of EMS
implementation projects as it is of

SPECIAL REPORT

anything else in life. For that reason,


it is worth carrying out a thorough,
ground clearing baseline assessment
of your existing management practice
and environmental performance.
Many companies are surprised at
how much they already have in place
though it may not always carry the
label environment and others get
to know how much more they have to
do than originally anticipated.
There are many ways of undertaking a baseline assessment, but activities may include the following :
Establish the scope of your baseline assessment. This will include
the physical boundaries and a
description of the business activities falling under the EMS.
Try mapping out the physical
boundaries of your proposed EMS
include environmental considerations such as a drainage plan (both
surface and foul drains), chemical/
oil storage points, location of waste
skips, chimney stacks from boilers
or process lines, car parks, wind
direction, local neighbours, areas
of frequent pollution/spills etc,
previous uses of the site, potential
contaminated land. This list is not
exhaustive, just an indication of
what could be included.

ing group brainstorming, process


mapping, and input/output charts.

TEPS
IF RST S

Using the outputs from the above


exercise, identify any changes to
the environment that your organization causes (impacts) and the
activities that cause them (aspects).
Use a common sense approach
once again, brainstorming is an
effective method of tackling this
section. Dont forget to use the outputs from the mapping approach or
process flow diagram.
If you are aware of any applicable
environmental legal requirements,
make a note of them in a draft
legal register . Such obligations
may include licences, discharge
consents etc.. A detailed identification and analysis of compliance
can be covered later in your EMS
implementation project.
Finally, your baseline assessment
should include a review of existing
management practices. For example,
you may already have a system for
identifying and recording your training, or use risk identification techniques within your quality management (QM) or occupational health
and safety (OHAS) system. If these
techniques are effective, build them
into your EMS.

If your business
The table overleaf
activities do not
provides a list of
By focusing on reducing
lend themselves to
questions that may
resource consumption
be marked easily
help you to identify
on a site map, try and waste outputs, savings your environmental
to establish your
aspects and impacts.
can often be realized
baseline by using
a series of simple
process flow diagrams. Identify the
Developing a draft environmental
flow of business activities and then
policy
mark on the same diagram their
The environmental policy is what
associated environmentally related
really drives the whole of your EMS,
inputs and outputs.
and when finalized, it becomes a
publicly available declaration of your
ISO 14001 and EMAS ask you to
intentions and commitment to improvidentify not only business procing your environmental performance.
esses that you can control, but also
At this stage of your EMS implethose you can have influence over.
mentation, however, a draft policy
These might not always be immedisimply helps to provide a focus for
ately apparent, so this can best be
the further development of your EMS,
done in a number of ways, includ-

With increasing
environmental
legislation, backed
by increasingly
heavy penalties,
it is no longer prudent
to ignore your legal
responsibilities

ISO Management Systems July-August 2004

15

SPECIAL REPORT

TEPS
IF RST S

Environmental
awareness amongst
consumers continues
to grow

16

and the document does not have to be


Table for Taking the first steps in
seen by anyone outside the organizaenvironmental management
tion. The following points highlight
some issues to consider when producing your initial draft policy.
Developing environmental indicators
Before you begin, identify whether
your organization already has a policy,
Measuring something is not a
or has made environmental commitreplacement for managing it, but withments within other management
out getting some form of reliable feedsystems (e.g. OHAS or quality). Find
back through units of measurement,
out the background to these, and identackling environmental issues can be a
tify with current management whether
formless task that becomes difficult to
these commitments still hold. Rememjustify in terms of time spent.
ber that policies are often developed
Just as with all other areas of your
in response to a specific request or
business, performance data and indichallenge, therefore they may need to
cators help keep everyones eye on
be amended/updated.
the ball, make sure that your efforts
A typical environmental policy
are contributing to the core of the
need not take up more than one
business and can help when it comes
page of A4. It should
to reporting interinclude a list of
nally and externally
broad environmental
on
environmental
Performance data and
commitments
and
matters. Your policy
indicators help keep
intentions. Identifyalready commits the
ing these could be
everyones eye on the ball company to conachieved through a
tinual improvement
group brainstorming
in
environmental
session. Remember that the finalized
performance, so Environmental Perpolicy will need to be endorsed by
formance Indicators (EPI), though
senior management.
not a strict requirement of ISO 14001,
A good environmental policy
can maintain the business relevance of
includes a brief description of the
your EMS.
main activities, products or services
Identify key environmental costs
that the EMS will cover. This provides
and benefits to your organization
the reader with an idea of the nature
(e.g. waste, energy use, water use,
and scale of the company, and hence
other raw material use).
the scope of the EMS.
Identify any other key concerns to
ISO 14001 and EMAS require
your organization or key interested
specific commitments to be included
parties (e.g. potential prosecutions,
in your policy. These include complitopics of complaint, areas of bad
ance with relevant legal and other
publicity).
requirements, continual improvement,
and prevention of pollution. Review
Develop measures of performance
a copy of ISO 14001 (clause 4.2) and
that are achievable (or already in
familiarize yourself with its requireuse), and that accurately reflect
ments. At this early stage, begin to
the area of concern (e.g. litres of
think about what these commitments
water used, tonnes of waste sent
mean to your organization, as these
to landfill, kWh of electricity used,
will be the focus for your EMS and
tonnes of carbon dioxide emitted).
will need to be upheld through actions
Correspond this with levels of
(i.e. do not make promises you cannot
activity (e.g. tonnes of production,
or do not intend to keep).
km travelled, hours worked) where
Try and keep the policy general
appropriate to provide comparable
enough to avoid the need for frequent
figures for the future.
alterations and re-issues.

ISO Management Systems July-August 2004

Air

Boilers ? Generators ? Vehicles


and equipment ? Furnaces, incinerators ? Welding and soldering ?
On-site burning ? Use of solvents ?
Use of fumigation ? Evaporation
of chemicals ? Refrigeration plant
(escape of refrigerant gas) ?
Is exhaust ventilation used ?

Land

Unmade ground or laid to hard standing ? Is hard standing permeable ?


Any history of contamination ?
Discharges of liquid waste across
ground ? Potential for leakage,
spillage, or escape of pollutants into
the ground ? Are vehicles or machinery parked on unprotected ground ?
Are fuels or other chemicals stored
on unprotected ground ? Any burial
of waste ? e.g. pollutants oils,
pesticides, herbicides, fertilisers,
treatments, solid waste.

Water

Drains and grates surface water


where do they go ? Are oil interceptors fitted ? Separation pots,
tanks, or filters ? Reed beds what
checks are done ? Cut-off valves ?
Foul sewers where do they run ?
Inspection cover locations ? Septic
tanks how often are they pumped ?
Water treatment units where do
they discharge to ?
What checks
are done ? Cleaning operations ?
Spraying operations ? De-watering
pumping out water ? Abstraction
of water from water bodies or bore
holes ? Nearby water bodies rivers,
streams ditches, ponds, lakes, underground aquifers, sea ? Note : think also
of water as a resource it costs.

Nuisance

Sample questions for


identifying environmental
aspects and impacts

Waste

Where is waste generated ?


And
in what sort of quantities ? Where
are skips located ?
And what sort
and size are they ? Are there any
hazardous wastes (special waste) e.g.
waste oils, pesticide washings, solvents,
clinical waste, asbestos ? Is there
any recycling of waste materials ? Note
any segregation bins. Are waste skips
covered and/or sealed ? Are waste
skips likely to leak polluting liquids
(e.g. compactors can leak hydraulic
fluids) ? How is waste transported,
handled, and removed from site ?

Hazardous
chemicals
& fuels

Do operations create excessive :


Dust ? Noise ? Odours ?
Fumes ? Light ? Vibration ?
Traffic congestion or obstructions ?

Flora/Fauna
&
archaeology

Protected trees ? Protected


species ? Designated heritage sites,
conservation areas, or sites of special
scientific interest ? Hedgerows ?
Breeding grounds ? Other
noteworthy animal or plant life ?
Archaeological remains on site ?

Resource
consumption

Materials, components ? Packaging ? Cleaning products, and ancillary


products ?
Tools and equipment ?
Energy petrol, diesel, electricity, gas,
solid fuels ? Compressed air, steam ?
Water hot water is often heated by
energy bought in ?

Planning

What storage facilities exist ? Are


these bunded or protected against
leaks, spills or collisions ? Is spill
containment and clean up equipment
provided (e.g. spill kits, booms, mats) ?
Can stop valves be easily located (for
tanks and supply lines) ? Are storage
areas secured against theft or vandalism ? Are storage areas exposed to
the elements ? Are there any signs
of corrosion on containers or tanks ?
If bunds exist, are they impermeable ?
Are there any obvious signs of leaks,
spills or escapes ? Where would any
leaks, spills or escapes go e.g. nearby
ground, surface drains ? Are deliveries supervised ? How are chemicals
or fuel handled ?

Listed buildings ? New structures ? Change of use of existing


structures ?

Other useful
information

Complaints from neighbours or


communities ? Previous environmental
accidents or incidents ? Previous
prosecutions or warnings ? Flooding
ISO Management Systems July-August 2004 17
incidents ? Prevailing wind direction ?

SPECIAL REPORT

TEPS
IF RST S

Develop simple indicators that are


not confusing when you evaluate or
communicate the information.
Identify the actions (including
provision of training and monitoring equipment) required to implement data collection. Think about
exactly what data you need, where
it will be collected from, how, when
and by whom.
Identify how indicator information
will be used (e.g. auditing performance against targets, communicating
performance to workforce, in company business reports, for training
course materials, basis for preparing
business case scenarios). This might
affect your decision on the format in
which to collect or present data.

Improving environmental
performance
A key aspect of environmental
management is the need to apply the
principle of continual improvement
to the organization. Not only does it
recognize that your company is constantly changing and growing, so too
are the needs of your customers and
the dynamics of the market in which
you function.
In environmental terms, continual
improvement is already written into
a lot of environmental legislation
what is acceptable this year may
not be next. Getting into the habit of
continually improving environmental
performance will also ensure that
benefits to the business keep coming
and that everyone maintains their
motivation to do better.
Review the findings of the baseline
assessment find the potential cost
savings and other improvements
and consider how you will achieve
these over time, not just as a series
of one-off initiatives.
Brainstorm with anyone who
has had experience of continual
improvement activity (e.g. quality
or continual improvement managers, production staff).

18

ISO Management Systems July-August 2004

Use existing guidance and case


studies to assist you in identifying
areas for potential savings, and in
prompting ideas for projects and
initiatives.
Ask other
you may
directly, or
box scheme

employees for ideas


be able to ask them
by using a suggestion
for communication.

When you have all your ideas


together, prioritize improvement
programmes that give you the
quick wins . Keep a list of those
to be used later on and check that
they are not mutually exclusive.
Develop indicators which enable
you to track the effectiveness of
any initiatives.
Celebrate your successes and communicate these back to the workforce using your indicators. This is
a great way of generating further
employee involvement and raising
awareness.
It is important to initiate the
process of environmental performance improvement right from the
start by kick-starting some small
improvement projects. This will help
to demonstrate to everyone involved
in the EMS project that it is possible
to reduce environmental impacts
and, if carefully targeted, save money.
Early successes are critical to ensuring
ongoing management commitment to
the project and to raise the morale of
the EMS implementation team.
For many organizations, a fullblown EMS underpinned by accredited certification, might not be appropriate or desirable. For all types of
organization, whatever their size and
economic sector, to engage actively
in improving their environmental performance thats the most important
thing !

SPECIAL REPORT

Taking
the
first

Having taken the decision to implement


a quality management system, small and
medium-sized enterprises in particular
are often unsure just how to get started.
This feature takes SME managers through
the first steps.

towards a quality
management system
This advice comes from the
highly successful handbook ISO
9001 for Small Businesses
developed by ISO/TC 176, the
ISO technical committee responsible for the ISO 9000 standards
for quality management. The
advice is reproduced here largely as it appears in one of the
annexes to the handbook with
only minor editing for publication as an article.

Introduction
There are many ways a small
business can go about implementing
a quality management system. This
advice is intended to provide one such
example of implementation in a small
business. It is provided solely as an
example and should not be regarded
as the only method of implementation
nor the best method of implementation.
There are three stages to the process:
Development Considering what
happens in your business (i.e. your
business processes).
Implementation Putting the
quality management system into
operation.

The idea of a quality

Maintenance Supporting and


improving the quality management
system.

is not to inhibit the

These stages are achieved via a


number of steps, as follows:

management system
academic, intellectual
or creative processes
involved in business

ISO Management Systems July-August 2004

19

SPECIAL REPORT

Stage 1 DEVELOPMENT
Considering What Happens In
Your Business
Now that you have determined you
would like to analyse your business
and would like to work in a more efficient manner, where do you start?

2
1

Step 1 : Consider what your main


business activities are

Anything you exclude


must not be
at the expense of the
quality of your product
or service

You and, if appropriate, your partner or business associates should discuss and jot down what are your main
business activities and who are your
customers. You could use a flowchart
for this purpose.
Before attempting this activity, you
need to stop, think and question : What
are my products or services ? Some
examples are shown below.

Professional consultancy
You might provide initial research
for clients.
You could actually design the
concepts and develop the project
plan.
You might also provide project
management and provide ongoing
consultancy services throughout
the life of the project.
There are other service sectors in
which you may be involved, such as
legal advice,

Manufacturing
If you are a manufacturer, you
might have a single product or you
could have a range of products you
manufacture.

property advice,

You might warehouse and distribute those products.

graphic design,

Stockist/distributor/agent
You could carry a single product or
a product range.

individual specialist consultancy


services.

You might purchase components


and repackage them or assemble
them into varied lots to satisfy
customers needs.
You might supply an information
service on the use of the goods to
clients so, as well as being a provider of raw materials, you are also a
consultancy service.
Wholesaler/warehouse
You might buy a product or warehouse products manufactured by
somebody else.
You could carry a range of products
that are perishable and need to be
monitored and rotated regularly.
You might provide a transport/
distribution service for goods.

20

Repair or after-sales service agency


You might service a range of
products but you need to consider
if your servicing is conducted differently for different clients.
You could also provide equipment
and parts and participate in the
actual delivery of the service.

ISO Management Systems July-August 2004

educational or training,
public relations,
media placement,
specialist electronic design, or

Remember that the idea of a


quality management system is not to
inhibit the academic, intellectual or
creative processes involved in any of
the above businesses
All of the above industries or
service businesses can outsource
components or services required for
their activities (ISO 9001:2000, 4.1).
This needs to be identified and noted
against the relevant process areas
when jotting down your main business
activities as the standard requires you
to manage your suppliers and your
outsourced processes.
Having finished the above you now
need to establish what your people are
doing. An organization chart might
help you do this. Dont forget your
marketing, sales, after-sales, maintenance or other personnel who might

SPECIAL REPORT

not be directly involved in your core


production or service activities.
Step 2 : Listing your business activities
To achieve this next step, you need
to make a list of the main business activities you initially thought through.
It might help at this stage to take
each of the main business activities you
listed originally and produce them in
the form of a flowchart. Display this in
your office or at home for easy reference and look at it regularly to remind you
of what you are attempting to develop a
quality management system around.
The purpose of setting out your business activities like this is so you can
identify the different components
of your business and decide if they
all fit together well,
change something to make the
whole process work better if you
need to, and

identify where and if the requirements of the standard are covered


in your business activities.

TEPS
IF RST S

Dont make any changes yet. This


is covered in Step 5. Rather the idea,
at this stage, is to think about the
framework and structure within which
your business operates and to ensure
all activities are known and repeatable. This will allow you to provide
consistent products and services each
time you deliver to your customers.
Look at the list of main business
activities you have jotted down. Do
any of the activities require you to do
design work?
Design (7.3) means taking raw
ideas or concepts and through design
drawing, computer design or academic
thought processes to the development
of a product, or a service to suit the
needs of your customer.
If you do either design or development, you will need to apply the
requirements of 7.3 of ISO 9001:2000.

ISO 9001 for Small Businesses


The standards institutes of more than a dozen countries
have published or are preparing their national editions
of the ISO handbook, ISO 9001 for Small Businesses.
The English-language edition (ISBN 92-67-10363-6) was
published by ISO in 2002, followed the same year by
a Spanish edition, published by the Spanish national
standards institute AENOR (ISO 9001 para la pequea
empresa ISBN 84-8143-303-9). They have now been
joined by a French edition (ISO 9001 pour les PME
ISBN 92-67-20363-0), published by ISO.
National editions are also available or planned by the
national standards institutes of Bulgaria, Denmark,
Estonia, Finland, Hungary, India, Japan, Republic of
Korea, Norway, Poland, Slovenia, Sweden and Uruguay.
ISO 9001 for Small Businesses explains the standard
in plain language, giving examples to illustrate its
application. In addition, the full text of ISO 9001:2000
is included in boxes, section by section, accompanied
by explanations, examples and implementation
guidance in everyday terms.
The handbook includes the eight quality management
principles on which the ISO 9000:2000 series is based,
plus revised sections on the steps involved in setting
up a quality management system which is reproduced
here in slightly edited form and doing so with or
without the assistance of a consultant.

by ISO and the International Trade Centre (ITC


www.intracen.org) UNCTAD/WTO. They each cost
46 Swiss francs and are available from ISOs national
member institutes (listed with contact details on
ISOs Web site www.iso.org), and the ISO Central
Secretariat (sales@iso.org).
The Spanish edition published by AENOR
(www.aenor.es) costs 31,25 euros and may ordered
from that organization : E-mail comercial@aenor.es ;
tel. + 34 91 432 60 36 ; fax + 34 91 310 36 95.

ISO Management Systems July-August 2004

21

SPECIAL REPORT

STEPS
FIRST

Do not create
unnecessary paperwork

7
6
5
4
3

If you dont design, and the manufacturing activities or service delivery


is done against tried and previously
developed standards or specifications,
then you can claim 7.3 as an exclusion
(see 1.2).
If you are responsible for design
but outsource the design process,
you will need to describe how you
control the process of accepting that
the design meets the specification
requirements (see 4.1).
If in your business you have the
skills and expertise to approve the
design, you could include 7.3 in your
quality management system and carry
out the approval within the business.
Alternatively, you could outsource
the approval process to an independent design consultant in whom you
have confidence. In this case you
would need to demonstrate how you
control the process (e.g. using records
of your supplier).
Are there other activities in clause 7
which your business does not do ? These
too can be considered for exclusion
as per 1.2. Remember, anything you
exclude must not be at the expense of
the quality of your product or service.
You will also have to justify these
exclusions in your quality manual (see
4.2.2).

STAGE 2 IMPLEMENTATION
Putting The Quality Management
System Into Operation

a) If it is a job done by a trained person or specialist, it may well be that


you only need to reference the type
of person and the qualifications,
rather than detailed descriptions
of the job ; for example, welder,
professional consultant, graphic
designer, etc.
b) Another specialized situation is
in research work, where people
keep notes on what they did and
what the results were. You need to
ensure that your research workers
make details of their work available, so that others in your business
can make use of them.
c) If, however, the work is done by
casual labour, or there are specific
in-house requirements, more detail
might be required.
d) The sequence of the activities
might still need to be defined, for
example :
How is the initial enquiry recorded ?
How is a file initiated ?
How does the work get started ?
Who monitors the progress ?
How is the work processed and
inspected ?
Who decides when the work is
finished ?
How is delivery made ?

Step 3 : Get people involved by writing


down what their jobs cover

What follow-up action is needed


and who does it ?

Now is the time to get everyone


concerned involved in writing down
how they carry out the parts of the
business activities they are responsible for, stating

What records are kept and who


keeps them ?

who is responsible for performing


and checking activities,
where the activity takes place,
when it will happen, and
what happens, i.e. how the activity
is performed.

22

Some important points you will


need to think about are :

ISO Management Systems July-August 2004

e) If in your organization, these details


are already written down as operating or work instructions, your job
is half done. Do not rewrite what
is already documented. Make a
note of the name and title of the
document so it can be controlled
and, if necessary, referenced in
other quality management system
documentation at a later date.

SPECIAL REPORT

f) You will also need to consider how


information is passed between people. If there is a risk of this information being forgotten, misunderstood or inadvertently changed, you
will need to insist on a way to avoid
this. Suitable methods include written or electronic transfer.
g) Most important Keep written
documentation simple !

Step 5 : Identify where the standard


and this list of your business activities
link together
You or your management representative need to go through the
documents you have written with a
copy of the standard beside you and
determine if you have met
the requirements of the standard,
and

TEPS
IF RST S

A realistic approach
and steady progress
will build confidence and
maintain enthusiasm

your business requirements.


Step 4 : Collate this in sequences relevant
to the list of business activities (Step 2)
Once everyone has written down
(or collected previously written) work
instructions relevant to their part of
the activity or particular job responsibilities, you, as the manager, should
take time out with someone else from
the business
to look at what has been written,
to satisfy yourself that it all fits
together, and
to deal with any gaps or inconsistencies.
You also need to record your
quality policy and objectives and
then ensure that everything that has
been written is in accordance with the
policy and objectives.
By appointing someone to assist
you, you have basically appointed
a management representative or, if
you are doing most of this yourself
as manager, you have assumed the
role of management representative.
You have now addressed one of the
principal management requirements
of the standard.
By collating all these documents,
you now have a basis for your
documented procedures and other
documentation that you will need. If
you adopt a consistent style for these
documents which you and your people are comfortable with, this would
provide an opportunity to review and
improve the procedures themselves.

If you identify an area of the standard you have not addressed you will
need to consider how your business
covers that particular requirement.
You might need to add some detail
to one of the existing procedures
to ensure the requirement is met. It
could require some additional documentation, but be careful, make sure
it is relevant to your organization.
If you use external documents in
your business activities, (such as dealers manuals, maintenance manuals
and installation manuals), it is not
necessary to rewrite these to include
them in your quality management system. All that is needed is to make an
appropriate reference to the process
control document in your manual.
Step 6 : Apply the standard and the
quality management system
If you continue to involve others
in your organization, they are more
likely to grow with the quality management system and have input. The
quality management system will then
reflect reality rather than become
irrelevant paperwork. The following
points should be noted.
a) Do not create unnecessary paperwork, forms, and the like. Look at
what is currently done and write
down your procedures or define
your processes to show how the job
is being done. The procedure needs
to be factual and not indicate how
you wish it were done. If you find
that the procedure does not reflect
the way the work is done, you need
to either revise your procedure or
ISO Management Systems July-August 2004

23

SPECIAL REPORT

STEPS
FIRST

It is important

develop a new one. Only create


a form if it is going to capture a
critical activity or is going to help
someone. A signature on or an
extension to an existing form may
suffice.

to remember to measure b) Remember, keep a record when


your progress
a problem arises,
a good suggestion is raised, or
a customer or employee expresses a need for action.
NOTE: If the business is a partnership, this
could just be a notepad which each partner
looks at regularly. They can then discuss and
agree on appropriate action for the situations which arise.

c) To implement the quality management system, everybody needs to


have access to the documentation
that relates to their activities. They
need to be given some insight into
how the quality management system works and why, for example,
document control ensures that
they have the latest copies of information relevant to their jobs and
can rely on up-to-date information
when making decisions.
d) Everybody needs to be trained to
understand how to keep the quality management system up-to-date
themselves, if changes take place in
areas for which they are responsible. They also need to know how to
make changes to the quality management system as well as noting
problems and putting forward
ideas for improvement. Remember
that you need to approve any changes before they are put in place.
It is important to plan and carry
out an internal audit programme
and to regularly ensure the quality
management system is being maintained and supported throughout your
organization. It is not always easy to
schedule the time required by internal
auditors, but internal audits can be a
most effective tool to keep everybody
engaged in the quality management
system and they often identify opportunities for improvement.

24

ISO Management Systems July-August 2004

Step 7 : Keep the quality management


system simple, functional and relevant
to the business operations
The following points are worth
noting.
a) The purpose of implementing a quality management system is to ensure
that the business activities are operating in a controlled manner and the
people responsible for the various
activities know and understand their
roles and responsibilities.
b) Quality
management
system
documentation should be a ready
reference point to identify how,
when, where and sometimes why
a job should be done, or an activity managed. For that reason, the
wording should be simple and in
the language used in the workplace
on a daily basis.
c) If job details have to be extensive
or complex, then the use of a
checklist could be the way to make
sure that everything is done and in
the correct sequence. Airline pilots,
for example, use a checklist for this
very reason.
d) Dont forget that people also need
to know what to do when things
go wrong and need to have the
information readily available. For
example, a car owners manual
should sit in the glove box.
e) Documentation should be in a
format that is easily used in the
organization. For example
if computers are available, it
could be easier to have a computerized system, rather than a
paper system; and
where there are language or
other differences in the workforce, it could be necessary to
use pictures or several translations of the documents.
f) Documentation should reflect
what is currently happening in the
business. During the audit process,
questions will be asked and objective evidence sought to show that

SPECIAL REPORT

personnel use and understand the


quality management system. This
objective evidence is provided by
the records and other documentation.

9
8
STAGE 3
MAINTENANCE

Supporting And Improving The Quality


Management System
An effective quality management
system uses feedback loops to improve
how things are done in your business,
which in turn should lead to an improvement in product or service quality.
Step 8 : Consider the feedback of
information from the quality management
system to lead to improvement
in ideas and activities
Many small businesses do not consider they are in a position to take on
major quality improvement programmes. You are in fact able to commence
these activities in your own time and
in your own way.
By noting areas of concern from
corrective action activities and internal audits (Step 6), you will gather
data, or note trends that you can look
at and consider for improvement.
Improvements can be simple and
easily achieved in the initial stages
but could become more challenging
once the obvious opportunities for
improvement have been taken. It
is worthwhile persevering with a

systematic approach to quality improvement, since the benefits can be


considerable.
Normally, improvements are adopted over a period of time as money
and resources become available. A
realistic approach and steady progress
will build confidence and maintain
enthusiasm.

TEPS
IF RST S

Step 9: Monitor and measure the changes


so you know what you have gained

Small steady

It is important to remember to
measure your progress. One way of
doing this is to monitor mistakes and
their cost. This gives you the opportunity to identify areas where cost
savings could be made.
Measurements can also be obtained by noting how long or how many
resources are spent on an activity or
service delivery. This should always be
recorded on any activity that has been
chosen for improvement, prior to commencement and compared again at the
end, even though the activity might be
small and simple.
The various requirements of ISO
9001 should combine to support the
achievement of your businesss quality
objectives. However, it could be useful
for you to categorize these according
to their particular relevance to different aspects of the business, since this
could influence the order in which you
introduce these requirements.

to improvements,

changes, leading
well thought through
and effective,
are going to have long
term advantages

Conclusion
Remember : Small steady changes,
leading to improvements, well thought
through and effective, are going to
have long term advantages.
These nine steps can help you take
advantage of the quality management
system approach and allow it to contribute to the growth of your business.

ISO Management Systems July-August 2004

25

o n t he Web

ISO 9001:2000-certified Firearms Training


Systems wins Olympics security contract
fied Firearms Training
Systems, Inc. (FATS), of
Georgia, USA, was awarded
a USD 429 000 contract
by the Hellenic Police to
upgrade its police training
systems in time for the

Athens Olympics, starting


August 2004.
A security budget of at
least USD 820 million, the
largest in Olympic history,
was established by Greeces
Minister of Public Order
to finance the police in
planning security
and security force
coordination at the
Games.
Greek police are
being trained in
small arms skills
as part of largest
security programme
in Olympic history.

Bank of India
banks on
ISO 9001:2000

he Bank of India has


decided to implement
an ISO 9001:2000based quality management
system in a move to
improve overall efficiency
and ensure better customer
service, according to Chairman and Managing Director
Mr. M. Venugopalan.
He said that quality
management system certification would also help
ensure that procedures were
followed systematically and
much more quickly.
The first 100 of its 2 550

26

FATS CEO Ron Mohling


said, Our relationship with
the Greek Police began over
a decade ago, and were
honoured that our systems
will help the Greek forces
better secure the Olympic
Games.
The contract called for
the provision of multiple
Small Arms Trainers, sim-

Japanese space
agency puts
ISO 9001:2000
and ISO 14001
into orbit

he Japan Aerospace
Exploration Agency
branches throughout India
(JAXA), formerly the
were expected to be certiNational Space Developfied before the end of
ment Agency of Japan
the 2003-2004 fiscal
(NASDA), has achieved
year.
ISO 9001:2000 by Lloyds
Register Quality Assurwww.bankofindia.com
ance (LRQA). JAXA is also
certified to ISO 14001.
Patrick Gunn, LRQA Asia
area manager for Japan,
presenting the ISO 9001:
2000 certificate to Mr. S.
Yamanouchi, president of
JAXA, said, This was of
course a team effort, uniting many different skills
from within the organization, but the quality
management system can
Mr. M. Venugopalan,
be considered as the guidChairman and Managing
Director of the Bank of India. ing light that leads all the

ISO Management Systems July-August 2004

ulated weapons, and scenario-based training that


include less than lethal and
lethal uses of force. FATS
was certified to ISO 9001:
2000 in July 2003 by certification body ABS Quality Evaluations, Inc.

FATS :
www.fatsinc.com
ABS :
www.abs-qe.com
efforts
in the
right
direction.
JAXA is the result of
the merger of NASDA
with the Institute of Space
and Aeronautical Science
(ISAS) and the National
Aerospace Laboratory (NAL)
on 1 October 2003.
NASDA was established
in 1969 to advance space
exploration and utilization,
and facilitate their practical
applications on Earth in the
interests of peace. Since
2000, the organization has
successfully launched five
satellites into orbit from
Tanegashima Space
Centre in Southern
Japan.
JAXA :
www.jaxa.jp
LRQA :
www.lrqa.com

o n t he Web
One-stop shopping for corporate
sustainability and responsibility reports

orporate sustainability
and responsibility reporting is growing rapidly.
Thousands of companies now
produce such reports to identify themselves as socially
responsible organizations.
But the challenge is to track
who is doing what, and identify the reports available.
A Web site is meeting
that challenge by providing
an increasingly comprehensive service. www.Corporate
Register.com is already the

worlds largest online directory of published corporate


and social reports. This free
resource, which covers thousands of companies across 50
countries, has been developed as an information tool
for stakeholders in the field
of environmental and social
reporting.
Registration is simple and instantaneous, and
opens the door via a powerful search engine to thousands of reports already in

Venezuelan steel giant implements


ISO 9001:2000 to boost competitiveness
Sidor, Venezuelas
largest steelmaker,
has achieved
ISO 9001:2000
certification

e n e z u e l a s
state standards and certification body Fondonorma
has awarded ISO 9001:2000
certification to Sidor, the
countrys largest steelmaker,
covering quality control of its
flat products line.
Certification provides
important backing to Sidors
competitiveness in overseas
markets, a company spokesperson said, confirming that
the organization plans to
invest USD 300 million over
five years in environmental
and technology projects to
increase steel production

capacity from the current 3,5


million tonnes to four million
tonnes annually.
Sidor is 60 %-owned by
the Amazonia consortium,
comprising Hylsamex and
Tamsa of Mexico, Siderar of
Argentina, Usiminas of Brazil,
and Sivensa of Venezuela. The
Venezuelan state owns
the remaining 40 %.
Sidor :
www.sidor.com
Fondonorm :
www.fondonorma.org.ve

existence. The service will


search for hard copy and PDF
reports via combinations of
company name, year published, business sector, and
so on. Individual profiles
of each hard copy report
and PDF can be found and
downloaded directly from
the site. Hard copies can
then be ordered from the
listed company contact. A
range of additional services is offered, including direct feeds, lists of recent and
forthcoming reports, links,
statistics and awards details.
By providing this free service, CorporateRegister.com
aims to encourage further
growth across new sectors
and countries, particularly as
reports become more easily
identified and obtained. It is
also hoped that best practice will progress as more
reports are read and compared. Companies are invited to send in their reports if
these are not already listed.
An article by Paul Scott,
Director of Next Step Consulting, which maintains
CorporateRegister.com, contributed an article to the Special
Report on Management Systems
and Sustainable Development
that appeared in the SeptemberOctober 2003 issue of ISO
Management Systems, under the
title of The moving goalposts
from environmental to corporate
responsibility. The article can
be accessed free of charge at
the ISO Management Systems
section on ISOs Web
site: www.iso.org

Phuket hotel first


with ISO 9001:2000
and ISO 14001

he Katathani Hotel,
which recently celebrated its 20th anniversary
by upgrading to five-star
luxury hotel status, claims to
be the first hotel in Phuket,
Thailand, to achieve ISO
9001:2000 and ISO 14001
certification. The complex,
which includes an 8,5 km
private beach, was renamed
the Katathani Phuket Beach
Resort in a THB 300 million
(USD 7,7 million) renovation
programme.
In accordance with its
ISO 9001:2000-based quality
management system, Sombat Atiset, chief executive
officer of the Katathani
Group, said, Modern management and good marketing are not enough. We have
to focus on service by
responding to the customers
needs. We want to make our
guests feel relaxed and
see our hotel as their
second home.
www.phuket.com/
katathani/

www.CorporateRegister
.com

ISO Management Systems July-August 2004

27

When your customer is mad as hell...

You can breathe deeply and count to 10... or

Count on ISO 10002,


Guidelines for complaints handling!
Open and responsive approach aiming for customer satisfaction and process improvement
Synergizes international expertise from two domains : quality management and consumer issues
Stand-alone or integrated with ISO 9001:2000 QMS, CRM, Six Sigma, EFQM
Principles, issues, structure, management with numerous checklists, sample forms and practical examples

ISO 10002 how to get you and your customer from mad to Zen !

INTERNATIONAL

Photo Hydro

ISO/TS 29001 set to become oil


and gas industrys unique QMS standard

A successful partnership between ISO and the international oil and gas industry has
resulted in the publication of a new technical specification for implementing ISO 9001:
2000-based quality management systems in the sector.

SO/TS 29001:2003, Petroleum,


petrochemical and natural gas
industries Sector-specific quality management systems Requirements for product and service supply
organizations, is envisaged to become
the common and unique basis for the
oil and gas industrys quality management system requirements worldwide.
ISO/TS 29001 1) is available for
use by manufacturers of oil and gas
industry equipment and materials
(upstream and downstream), service
providers to the oil and gas industry,
purchasers of equipment, materials,
and services. The document can also

be used for organizations to perform


auditing and certification. This single worldwide system will replace the
need for multiple systems, audits and
certifications.

Why industry specific ?


Why does the oil and gas industry need an industry-specific quality management system ? The current
worldwide standard for quality management systems, ISO 9001:2000, is
a generic one that must satisfy the
needs of many types of industry and
organization. It reflects feedback on

BY K EN P EURIFOY AND
L ANNY G OOKIN

1) ISO/TS 29001:2003, Petroleum,


petrochemical and natural gas
industries Sector-specific quality
management systems Requirements
for product and service supply
organizations, costs 108 Swiss francs
and is available from ISO national
member institutes (see the complete
list with contact details on ISOs Web
site : www.iso.org) and ISO Central
Secretariat : sales@iso.org.

ISO Management Systems July-August 2004

29

INTERNATIONAL

the previous ISO 9000 versions that


Supplementary requirements
the requirements were not flexible
enough and did not allow for adapA technical specification, ISO/TS
tation for software companies, man29001 incorporates the verbatim text
ufacturers of simple consumer prodof ISO 9001:2000 and includes detailed,
ucts, and services such as insurance
sector-specific requirements for design,
and banking.
development, production, installation
In contrast, due to the critical
and service of products. To assist users
needs of the international oil and gas
of the document, the requirements of
industry, this sector requires rigorous
ISO 9001:2000 are given in boxed text,
conformity to engineering, user and
followed by specific guidance and supregulatory requireplementary requirements. The industry
ments for its impleISO/TS 29001:2003
handles fluids (liqmentation within the
uids and gases), often
industry. Although
is envisaged to become
at high pressures,
some of the supplethe common and unique
through a variety of
mentary requirements
products and procmay be viewed as
basis for the oil and
esses. Considerations
not specific to the
gas industrys quality
for the safety of peroil and gas indussonnel, including the
try, they are needed
management system
public, are of parain ISO/TS 29001 in
requirements worldwide
mount importance.
order to ensure that
Additionally, protecthe requirements are
tion of the environment and of busimore explicit and can be more readily
ness continuity (maintenance of reveverified/audited.
nue streams, both for companies and
The supplementary requirements
for national economies) require a high
of ISO/TS 29001 make the document
level of operational integrity.
undeniably more prescriptive. These
supplementary requirements help to
ensure that additional preventive
actions are taken by the organizations
manufacturing goods and/or performing services for use in the oil and gas
industry, which are often subjected to
very harsh and demanding environments.
Supplementary requirements that
are very appealing to purchasers, engineers and users within the oil and gas
industry are detailed below.

Objectivity, impartiality and


independence
A key element in the assurance of
product and service safety and business continuity is the quality management system implemented by goods
suppliers and service contractors.
Industries in which the results of catastrophic failure are intolerable have
traditionally embraced and required
quality management system standards
that are more prescriptive.

30

ISO Management Systems July-August 2004

ISO 9001:2000 requires the objectivity and impartiality of the audit


process . ISO/TS 29001 also requires
the same objectivity plus independence with regard to both design
reviews and final acceptance of product. These requirements are key to
ensuring additional safeguards for
purchased products and services.

INTERNATIONAL

Design reviews. ISO/TS 29001,


Design and development review
Supplementary , requires... A
final design review shall be conducted and documented. Individual(s)
other than the person or persons
who developed the design shall
approve the final design.
Final acceptance. ISO/TS 29001,
Final acceptance of product ,
requires... Personnel other than
the persons who performed or
directly supervised the production
of the materials or products shall
perform final acceptance and product release.
Internal audits. To further enhance
the objectivity and impartiality of the internal audit process,
ISO/TS 29001:2003 goes even further than ISO 9001:2000 to require
that internal auditors are personnel independent of those who performed or directly supervised the
activity being audited .
By requiring that independent
persons perform these tasks, ISO/TS
29001 goes a step further to ensure
the objectivity and impartiality of the
end results of the processes.

ISO/TS 29001 addresses nonconforming product that is detected after


delivery or use has started as field
nonconformities and requires the
organizations procedure for managing nonconforming product to include
field nonconformities. A vital, key
aspect of quality management systems for the oil and gas industry is
the requirement for organizations to
track and analyze field failures/field
nonconformities. Although in some
instances, field failures cannot be
retrieved for analysis, field failures
can often provide invaluable information which an organization can use to
develop and implement effective corrective and preventive actions.

Photo Hydro

Field nonconformity analysis

Frequency of management activities

A key element in the

ISO 9001:2000 requires management reviews and internal audits to


be performed at planned intervals.
ISO/TS 29001 requires specific minimum frequencies for these management activities. By requiring specific frequencies of certain process and
that specific response times are identified, ISO/TS 29001 helps to ensure
these processes are performed in a
timely manner.

assurance of product
and service safety and
business continuity is
the QMS implemented
by goods suppliers and
service contractors

Management review. To ensure


that management reviews are performed at planned intervals that
are not too infrequent, ISO/TS
ISO Management Systems July-August 2004

31

INTERNATIONAL

Co-author

Ken Peurifoy served as


Project Leader of the
ISO/TC 67 Project Task
Group that developed
ISO/TS 29001:2003
and was Chairman
of the American
Petroleum Institutes
C4/SC18 Task Group
that developed
the API version
of ISO/TS 29001,
API Specification
Q1 7th Edition. A
former Chair of APIs
Committee on Quality
for eight years, he is
also a member of the
US Technical Advisory
Group to ISO/TC 176.
Mr. Peurifoy has been a
quality professional for
over 27 years. He is Vice
President and Senior
Consultant of Quality
Support International,
Inc. in Spring, Texas,
that provides quality
consulting and support
primarily to the oil and
natural gas industry.
Tel.
+ 1 281 370 6065.
Fax
+ 1 281 251 5477.
E-mail ckpeurif@flash.net

32

29001:2003 requires, The management review shall be conducted at


least annually.

changes to the age demographics of


the work force in the industry. Within the next few years, many workers in
the oil and gas industry will be reach Internal audits. ISO 9001:2000
ing retirement age and younger workrequires that organizations conduct
ers will need to rely on documented
internal audits at planned intervals
methods to perform processes and
to determine whether the quality
convey lessons learned.
management system conforms to
The changing average age and
requirements and is effectively
loss of experienced workers in the oil
implemented and maintained. ISO/
and gas industry has prompted many
TS 29001 requires that internal
organizations in the sector to actively
audits shall be scheduled and conpursue knowledge management (KM)
ducted at least annually . In addition,
technologies and ensure that valuISO/TS 29001 requires, Response
able experience is documented and
times for submission of an action
retained for future employees. Docuplan to address detected nonconmented control features help ensure
formities shall be identified.
that KM is preserved for those organizations that utilize
ISO/TS 29001 as the
ISO/TS 29001 requires
Control features
basis for their quality
management system.
specific minimum
While ISO 9001:
2000 has reduced
frequencies for
the number of docCooperation between
umented procedures
management reviews and
ISO/TC 67 and the
required to six, addiAPI
internal audits
tional documented
The new docurequirements have
ment was the result of collaboration
been required in ISO/TS 29001 as
between the American Petroleum
control features. ISO/TS 29001 defines
Institute (API) and ISO technical com control features as an organizamittee ISO/TC 67, Materials, equiptions documented method to perform
ment and offshore structures for petroan activity under controlled condileum, petrochemical and natural gas
tions to achieve conformity to speciindustries.
fied requirements . This definition is
In addition to being the Secretarikey to a number of the supplementary
at of ISO/TC 67, API has a long historequirements of ISO/TS 29001.
ry of cooperation and support for ISO/
For many industries, the reduction
TC 67. The relationship goes back to
in the number of procedures required
the reactivation ISO/TC 67 in 1989.
to specify process requirements was
Shortly thereafter, ISO/TC 67 fast
a welcome relief. However, in the oil
tracked a number of API standards
and gas industry, the need for procethat were then adopted as ISO Interdures or documented methods to pernational Standards.
form processes under controlled conWhen it came time for the API
ditions is considered necessary. A
(Quality) Subcommittee 18 to revise
documented method to perform procAPI Specification Q1, Specification
esses assists personnel in performing
for Quality Programs for the Petroleprocess tasks consistently to ensure
um, Petrochemical and Natural Gas
the activities are performed in conIndustry, developing a joint API-ISO
formity with specified requirements.
version of the longstanding QMS
Documenting the best way to perstandard was a major priority.
form a process, as well as documenting
According to John Modine, Directhe required acceptance criteria for
tor of Certification Programs for the
the process, will be key to many indusAmerican Petroleum Institute (API),
tries, particularly with the upcoming

ISO Management Systems July-August 2004

INTERNATIONAL

ISO/TS 29001 is expected to result in


increased international acceptance
of time-tested, sector-specific quality
system requirements on a broad scale
for the worldwide oil and gas industry . He defines it as : One industry
one standard.
He adds : The API Quality Committee knew that API Spec Q1 (6th
Edition) contained extremely valuable quality system requirements to
the international oil and gas industry. The committee concluded that
the best way to increase international acceptance would be to draft the
next version of API Spec Q1 (7th Edition) with a joint API/ISO committee
with the final result being a joint publication of API Spec Q1 and ISO/TS
29001. The ultimate goal is to obtain
worldwide acceptance and use of the
standard.

Liaison with ISO/TC 176


Early on, ISO/TC 67 requested
and received liaison with ISO/TC 176
(the ISO committee responsible for
ISO 9001:2000). Mr. Jim Pyle (London Quality Centre) was appointed
as the ISO/TC 176 liaison member to
Work Group 2 and he attended several meetings of the group both in the
US and in Europe. Having been a key
participant within ISO/TC 176 and
the development of ISO 9001:2000,
Mr. Pyle was extremely helpful in providing valuable insight and suggestions on how the Work Group should
approach various issues and supplementary requirements that are the
trademark of the document.

Development of ISO/TS 29001


After the publication of ISO 9001:
2000, the API Quality Committee
determined that many of the requirements that were deleted from the ISO
9001:1994 version were still desirable
for the oil and gas industry. Particularly desirable were the requirements
for some documented procedures
for quality elements that were relinquished by ISO 9001:2000.

The initiative to develop ISO/TS


29001 began during the API Subcommittee 18 and Committee 4 on Qualitys January 2002 winter meetings in
Tampa, Florida. The final intent was to
publish the seventh edition of Q1 as a
joint API/ISO standard. API submitted a New Work Item (NWI) to ISO/
TC 67 in April and it was accepted on
16 June 2002.

Co-author

Identical documents
ISO/TS 29001:2003 was published
on 15 September 2003 and the API
version, API Specification Q1, seventh Edition was published on 15 June
2003, becoming effective and mandatory on 15 December 2003. The documents are identical except for one
additional requirement in the API
document relating to API administration.
These documents add to the continuing list of ISO/API standards that
are developed by joint work groups
and committees and are published by
both ISO and API to serve the oil and
gas industry.

Conclusion
Due to the critical nature of products, services and processes within the
petroleum, petrochemical and natural
gas industry, additional requirements
were needed for quality management
systems of goods suppliers and service contractors within the sector. The
development of ISO/TS 29001 has
fulfilled that need and has brought a
more comprehensive quality management system to this critical industry.
In order to best serve the interests
of the industry, and as a method of
better ensuring the safety of personnel and the environment, engineers,
purchasers, users, manufacturers, service organizations and suppliers should
adopt this standard as the basis for oil
and gas industry quality management
systems.

Lanny Gookin is the


ranking consultant
member of API
Subcommittee 18,
the Subcommittee
on Quality that
controls API Spec Q1.
A registered Lead
Quality Management
System Auditor and
ASQ Certified Quality
Engineer, he has
authored numerous
articles and given
presentations on
quality in the oil and
gas industry over the
past 20 years.
Mr. Gookin is President
and Senior Consultant
of QMR Consulting,
Inc. in Houston, Texas,
a quality consulting,
training, and auditing
organization that
has established QMS
for oilfield users,
engineering companies,
manufacturers, and
suppliers throughout
the world.
Tel.
Fax
E-mail
Web

+ 1 713 974 1872.


+ 1 713 974 6336.
lanny@qmrc.com
www.qmrc.com

ISO Management Systems July-August 2004

33

INTERNATIONAL

Huge potential user base for ISO/IEC 90003


the state of the art for improving
quality in software engineering
ISO/IEC 90003:2004, Software engineering Guidelines for the application of ISO 9001:
2000 to computer software, is a new ISO/IEC standard that has a huge worldwide potential due to the penetration of just about every business sector, as well as many aspects
of social life, by information technology.
BY
V ICTORIA

34

W ITOLD S URYN ,
A. H AILEY AND
A NDY C OSTER

SO/IEC 90003:2004 covers all aspects


of software quality, from acquisition to supply, including development, operation, and maintenance of
computer software, and provides guidance on how to implement the highly
successful ISO 9001:2000 process
approach in a software environment.

ISO Management Systems July-August 2004

The publication of ISO/IEC 90003 1)


heralds an important era for the
software engineering community by
bringing a consolidated approach to
the development and the application
of software engineering standards. In
recent years, the adoption of such an
approach has become crucial due to

INTERNATIONAL

the multitude of standards developed


that were becoming more willingly
embraced by both the industry and
the users of its products.

Notice the addition of computer


as a descriptor of software. Software
had evolved to a degree significant
enough to need this clarification. With
this 1997 revision, the guidance contained in ISO 9000-3 was structured to
Background to ISO/IEC 90003
match each and every requirement of
The first ISO 9000 standards were
ISO 9001:1994.
published in 1987, but it was not until
By this time, ISO/IEC 12207:1995
1991 that a software
had been published
guidance document
and since it was
ISO/IEC 90003 heralds
was created for the
generally accepted
industry.
ISO/IEC
internationally as the
an important era
90003s history is a
baseline for software
colourful one, startfor the software
processes, the guiding in 1991. At that
ance information in
engineering community
time, there were few
ISO 9000-3 was based
software engineering
heavily on ISO/IEC
standards documents and even fewer
12207 content. Users were happier
documents related to software quality.
with the usability of the revised ISO
The creators of what was then ISO
9000-3 since they could relate each
9000-3, part of the ISO 9000 family
ISO 9001:1994 requirement to ISO/
and under the wing of ISO technical
IEC 12207 and their own needs.
committee ISO/TC 176, disagreed
When ISO 9001:2000 was published
with the structure of ISO 9001:1987
in December 2000, the software engibecause it did not reflect a software
neering standards community had
life cycle. They therefore decided to
progressed significantly, with addicreate a document which mirrored
tional core standards being available
the processes that should be followed
to support ISO 9001:2000s requirewhen creating quality software.
ments. ISO then took the decision
They recognized early on that for
to transfer ISO 9000-3 to the joint
quality to be built into software, the
technical committee ISO/IEC JTC 1,
necessary processes that were part
Information technology, in which the
of the software life cycle had to be
specific expertise of subcommittee SC
identified and developed. At that time,
7 is software engineering.
ISO/IEC 12207:1995, Software life
This has permitted the guidance to
cycle processes, had yet to be written,
be synchronized with the most current
so the authors of the earliest version
developments within the software
of ISO 9000-3 were somewhat ahead
community. New standards have been
of their time.
developed to support various aspects
Unfortunately, users of the early
of quality, such as ISO/IEC 15504
ISO 9000-3 had a difficult time match(process assessment), ISO/IEC 9126
ing up to the requirements of ISO
(product quality), ISO/IEC 14598
9001/2/3:1987 and so the structure
(product quality evaluation), ISO/IEC
became a contentious issue when ISO
15939 (measurement process), ISO/
9001 was revised in 1994. In 1997, ISO
IEC 14764 (software maintenance),
9000-3 was revised to align it with ISO
ISO/IEC 12119 (software packages
9001:1994 and was subsequently pubrequirements and testing), and ISO/
lished as ISO 9000-3, Quality manageIEC 14143 (functional size measurement and quality assurance standards
ment), among others.
Part 3: Guidelines for the application
With the revision of ISO 9000-3
of ISO 9001:1994 to the development,
and the adoption of its own ISO/IEC
supply and maintenance of computer
number, 90003, this software guidance
software.
has became an independent software
engineering document able to direct

This standard offers


practical guidance for
the implementation of
an ISO 9001:2000 quality
system that is dedicated
to software engineering

1) ISO/IEC 90003:2004 costs 150


Swiss francs and is available from
ISO national member institutes (a
complete list with contact details is
posted on ISOs Web site : www.iso.org)
and from ISO Central Secretariat
(sales@iso.org). It was developed
by the joint technical committee
established by ISO (International
Organization for Standardization) and
the IEC (International Electrotechnical
Committee) ISO/IEC JTC 1, Information
technology, subcommittee SC 7,
Software and system engineering,
working group WG 18, Quality
management.

ISO Management Systems July-August 2004

35

INTERNATIONAL

Figure 1: The structure


of ISO/IEC 90003

the user to rich sources of advice. ISO/


aims to enhance customer satisfaction
IEC 90003 makes extensive use of these
through the effective application of the
other documents by cross-referencing,
system, including processes for continwhere available, the applicable supual improvement of the system and the
porting standards, rather than repeatassurance of conformity to customer
ing these software
and applicable regulabest practices. This
tory requirements.
Guidance is provided
approach
provides
From the perspecin the core process areas
guidance where needtive of the user, both the
ed and offers detailed
of software realization and content and structure
sources from which
in measurement, analysis, of this standard offer
to incorporate better
practical guidance for
quality practices.
the
implementation
and improvement
of an ISO 9001:2000
quality system that is dedicated to software
Content and structure
engineering. This particular approach has
The best description of the content
well-founded merit: software engineering
of ISO/IEC 90003 is a direct quote
rapidly gains its value as a socially critifrom its Scope clause :
cal engineering discipline, and, as such,
requires appropriate guidance and support
This International Standard specifies
in the form of dedicated standards.
requirements for a quality management
A first glance at the structure of
system where an organization
the standard (Figure 1) demonstrates
needs to demonstrate its ability to
the comprehensiveness of the five
consistently provide product that
perspectives from which the applicameets customer and applicable
tion of quality in software engineering
regulatory requirements, and
is addressed.

ISO/IEC
90003
Quality
Management
System

Management
Responsibility

Resource
Management

Product
Realization

Measurement,
Analysis and
Improvement

General
requirements
(for quality
system)
Documentation
requirements

Management
commitment
Customer focus
Quality policy
Planning
Responsibility,
authority and
communication
Management
review

Provision of
resources
Human resources
Infrastructure
Work
environment

Planning of
product
realization
Customer related
processes
Design and
development
Purchasing
Production and
service provision
Control of
monitoring and
measuring
devices

General
Monitoring and
measurement
Control of
nonconforming
product
Analysis of data
Improvement

36

ISO Management Systems July-August 2004

INTERNATIONAL

1. The systemic perspective (Quality Management System) helps the


user in verifying and/or establishing
the structure and type of processes,
together with necessary documentation, required and appropriate
for the organization to build an
effective quality system.
2. The
management
perspective
(Management
Responsibility)
allows for identifying, defining and
setting up the corporate policy and
culture that supports the overall
objective of producing quality
products.
3. The resource perspective (Resource
Management) focuses on dedicated
quality resources (a very pioneering
approach) indicating to users of the
standard those specific issues that
should be taken into consideration
when building a professional team
of quality specialists.
4. The product perspective (Product
Realization) goes into exhaustive
detail on establishing the matrix of
processes that support the creation
of the software product (generic
development process, purchasing),
the planning and management of
the realization process, the relationship with the customer and
the production and post-delivery
support.
5. Finally, the improvement perspective (Measurement, Analysis and
Improvement) helps identify the
monitoring, measurement and
analysis activities required to
maintain and improve the quality
of products.
The above five perspectives give
the user a complete and relatively
simple analysis mechanism allowing
for rather precise definition of quality-related process requirements that,
when satisfied, should result in an
effective corporate quality system for
high quality software products.
For each of these perspectives,
ISO/IEC 90003 provides guidelines
on the topics that are important to

3
59

wa re m e a s u
re m
e
Available guidance :

ft
, So

nt

ISO 9001:2000
ISO/IEC 90003, Software

9126, Product quality

14143, Functional size measurement

16326, Project management


15504, Supplier
selection/management
15846/10007,
Configuration management

12207,
Software
life cycle
processes

15026, Systems and software integrity levels


14764, Software
maintenance

15504, Process
improvement
14598, Software product
evaluation

14102, Evaluation and


selection of case tools

15910, Software user


documentation process

software engineers, including planning, configuration management and


software testing, supported by cross
references to other ISO/IEC standards
(see Figure 2).
Figure 2 shows how the standards
interrelate: ISO/IEC 12207 software
life cycle processes are the core of the
software engineering model since they
typify the processes and best practices
that should be used to develop good
software. ISO/IEC 12207 processes are
then supported by the best practice
guidance in the available standards,
such as ISO/IEC 15939, ISO/IEC
14143, ISO/IEC 15504.
A measurement programme can
be established for ongoing monitoring
of products, processes and services to
ensure that each process is achieving
its objectives. The ISO/IEC 15504
process assessment model provides a
repeatable framework for determining
the maturity or capability of the entire
set, or of individual processes.
ISO/IEC 90003 in turn provides
the overall software guidance needed
to interpret and meet the requirements of ISO 9001:2000 as the overall
generic quality model.

Figure 2: Model showing


the relationships between
ISO/IEC software engineering
standards and ISO 9001:
2000. ( Victoria A. Hailey
reprinted with permission)

ISO Management Systems July-August 2004

37

INTERNATIONAL

Applicability, uses and benefits

focus on these aspects of a quality


management system.
ISO/IEC 90003 is applicable to
Guidance is provided in the core
software that forms part of either a
process areas of software realization
commercial contract or part of a prodand in measurement, analysis, and
ucts development (including where
improvement, together with the softit is embedded in systems), as well
ware aspects of human and infrastrucbeing useful as guidance for process
ture resources, which should all be of
improvement and service delivery.
benefit in defining or refining business
For software that is part of a comprocesses.
mercial contract with
ISO/IEC
90003
another
organizahas some applicabilIt is the first document
tion, ISO/IEC 90003
ity to service delivery
is clearly applicain providing the guidto integrate the various
ble, since ISO 9001:
ance about software
aspects that must be
2000 was originally
development useful
conceived to fit this
in the provision of
considered in order
requirement.
This
software services and
to build quality into
was one of the main
also specific advice
intended applications
on operation and
software
products
of ISO/IEC 12207
maintenance services.
Service development
as well. Both ISO/
and delivery aspects are not specifiIEC 12207 and ISO/IEC 90003 are
cally covered.
oriented toward (software) projects.
ISO/IEC 90003 helps
Among the many uses for ISO/IEC
the software organi90003, the following should be recogzation focus on softnized as the most important :
ware
requirements
guidance in the interpretation of
and customer satisISO 9001:2000, particularly to
faction by providing
support the certification process
detailed guidance on
for an organization ;
the requirements of
ISO 9001:2000.
process improvement programme :
For software being
as a model to compare the organideveloped as a product
zations processes against organiavailable for a market
zational development (similar to
sector, since ISO/IEC
improvement but for organiza90003 is life cycle indetional aspects such as resources
pendent, it is equally
and infrastructure) ; and
applicable to projects
and product acquisi professional development : to gain
tion,
development,
an appreciation of good practice
operation, and maintenance.
and the factors affecting quality
For software embedded in a hardsoftware development, operation,
ware product, ISO/IEC 90003 can be
and maintenance.
used for the software development
The benefits of both using and
since the relationship to ISO 9001:
applying ISO/IEC 90003 standard are
2000 is strong and provides linkages
multiple, with some being of special
to the system in which the software
importance. The following examples
may be embedded.
should be tremendously appreciated
Additionally, ISO/IEC 90003 may
by the standards users :
be used to support, develop and
improve the processes of an organiza the interpretation of ISO 9001:2000
tion, especially since the requirements
for software that is in the language
of ISO 9001:2000 place such a heavy
of software specialists ;

38

ISO Management Systems July-August 2004

INTERNATIONAL

About the authors


Andy
Coster was
international
project
editor for
the ISO/IEC
90003 project
and has
participated in
international
software and
systems standards for the past 15
years. He is Managing Director of
CosterA Consulting Ltd.,
a United Kingdom organization
specializing in quality
management and related
consultancy.
E-mail

mail@acoster.fsnet.co.uk

Victoria A.
Hailey was
the Convenor
ISO/IEC
JTC 1/SC 7
Working Group
18, Quality
management,
that
developed
ISO/IEC 90003.
She is a Certified Management
Consultant and Senior Consultant
of VHG, The Victoria Hailey Group
Corporation, which focuses on
helping the software, systems,
and service industries manage
their own and their supplier
risk, as well as improving their
processes via standards such as
SPICE (ISO/IEC 15504), ISO 9000,
and CMM.
Tel. + 1 416 410 3400.
E-mail vah@vhg.com

a process framework that can be


tailored to suit business needs, while
fitting all kinds of organization ;
a basis for communication and
coordination of software development, operation and maintenance
that reduces development risk.
This world-class approach to software engineering and software quality
management, integrated with ISO/IEC
12207s software life cycle management
and other ISO/IEC JTC 1/SC 7 software standards, offers the mechanisms
to improve the processes of quality for
software design, development, operations and maintenance and helps an
organization to improve customer
focus and satisfaction.

Conclusions
The publication of ISO/IEC 90003
heralds an important and new era of
development in software engineering
since it is the first document to integrate the various aspects that must
be considered in order to build qual-

Dr. Witold
Suryn is
Secretary of
ISO/IEC JTC 1/
SC 7, Software
engineering.
He is a
Professor at
the cole de
technologie
suprieure,
Montreal, Canada (engineering
school of the Universit du
Qubec network of institutions)
where he teaches graduate
and undergraduate software
engineering courses and conducts
research in the domain of
software quality engineering,
software engineering body
of knowledge and software
engineering fundamental
principles.
Tel. + 1 514 396 8652.
E-mail wsuryn@ele.etsmtl.ca
Web www.ele.etsmtl.ca/prof/wsuryn/

ity into software products.


The complexity of software
demands both more rigour
in the approach to its development, as well as a higher
benchmark toward which organizations must strive as they operate its
processes.
As users of software become more
demanding, more sophisticated and
less forgiving of defects, the benchmarks will continually be raised as
reflected in the increasingly more
mature demands that ISO 9001:2000
places on adherents to its philosophy.
The evolution of software quality is evident throughout ISO/IEC
90003 as more emphasis is placed on
the determination and satisfaction of
customers requirements. Moreover,
it is no longer acceptable to maintain
the status quo. The quality of software
products and software processes must
continually improve. That is the everadvancing benchmark that the software organization seeks to surpass.
With ISO/IEC 90003 as a guide, the
task becomes easier.

The quality of software


products and software
processes must
continually improve.
With ISO/IEC 90003 as
a guide, the task
becomes easier

ISO Management Systems July-August 2004

39

INTERNATIONAL

ISO 14001-certified
environmental NGOs
give their verdict
In the past, some environmental NGOs have seen ISO 14001 certification as a soft
option for businesses. However, a number of environmental NGOs have since themselves implemented the standard. Has there been a change of heart ? IMS interviews
NGOs in the United Kingdom, Switzerland and Pakistan.

I
BY

G ARRY L AMBERT

Garry Lambert is Contributing


Editor to ISO Management
Systems.

40

John Bishop, IT/Administration


n the December 2001 issue of ISO
Manager and Environmental Systems
Management Systems, Dr. Chris
Representative for ISO 14001 at the
Elliot, Director, Forests for Life,
Forum, responded to three questions :
WWF International (World Wide
Fund for Nature), discussed the value
What concrete benefits have
of ISO 14001 implementation. While
Q 1. you experienced from ISO
citing benefits among the innovative
14001 certification ?
forest product companies cooperating
The benefits can be seen on many
with his organization, he suggested
levels. Firstly, it has helped us identhat some companies use ISO 14001
tify our key environmental impacts,
certification as an ecolabel for greenallowing us to prioritize our work and
washing , implying environmental
be more efficient. Another, and just as
improvement that does not occur.
important benefit for an organization
However, a number of environmenlike ours, is that through achieving
tal nongovernmental organizations
certification we show that we do walk
(NGOs) have themselves become ISO
the talk . We believe in leading by
14001-certified and so ISO Management
example and work
Systems investigated
hard to ensure that
by interviewing three
ISO 14001 certification
our own operations
of them in the Uniare sustainable.
ted Kingdom, Switzerhelps us measure impacts
Being committed
land and Pakistan.
and identify areas where
to sustainability and
we need to improve further managing our enviForum for the Future
ronmental impacts is
not something alien
Forum for the
to us, and our staff are committed to
Future is a charity founded in 1996 by
individual sustainability making the
three of the United Kingdoms leading
work of the ISO 14001 Group a lot
advocates of sustainable development
easier ! So, why do we think having
Jonathon Porritt, Sara Parkin and
a formal system in place is necesPaul Ekins. Its mission is to accelesary ? Well, the combination of carrot
rate the building of a sustainable way
(minimal environmental impacts
of life, taking a positive, solutionsand walking the talk) and stick (BSI
oriented approach . The Forum was
audits) work well together to keep the
certified to ISO 14001 in July 2001
organization on track.
by BSI (British Standards Institution
www.bsi-global.com).

ISO Management Systems July-August 2004

INTERNATIONAL

Having an EMS has enabled us to


not the definitive answer to all of the
adopt a systematic approach to deachallenges on the path to sustainability,
ling with our environmental impacts.
or indeed to the environmental challenges. Therefore, we are
Whether the actual
currently looking to
improvement of our
If we, as a small
expand the system to
environmental perencompass our social
formance can be attriorganization, are able
impacts, and would
buted to ISO 14001
welcome a further
certification may be
to implement ISO 14001
development of standifficult to say, but it
anyone should be
dardized management
has certainly helped
systems to address the
raise awareness and
able to do it!
wider issues of sustaienthusiasm. For a
nability.
small organization of
It is also important that the need
70 employees, ISO 14001 implemenfor a framework for efficient manatation can at times be very resource
gement is balanced with vision and
demanding in terms of documentation,
allows for opportunities
audits and formal processes, but we
to innovate. A good
feel the benefits justify the demands
EMS would encourage
on our resources.
innovation rather than
just being a tick-box
Has ISO 14001 certification
Q 2. helped to further your envi- administrative exercise.
Forum
for
the
ronmental goals ?
Future is one of three
In our internal environmental
partners
developing
policy, we state a commitment to conthe SIGMA guidelines
tinually improve our environmental
(www.projectsigma.com)
performance, including prevention of
a sustainability manapollution ; to achieve and maintain
gement system the others are BSI
ISO 14001 certification ; to use our
and AccountAbility. We are confident
resources, including research, developSIGMA will become a British Stanment and capital to meet this commitdard in the future, paving the way
ment in a manner that reinforces our
for more comprehensive management
activities, and measure our progress
systems. As an organization, we aim
in pursuing this policy and report
to transform our EMS to an SMS
annually to our stakeholders.
(Sustainability Management System)
ISO 14001 certification helps us
again reflecting our belief in leading
measure impacts and identify areas
by example.
where we need to improve further. It
also helps us to allocate our resources
to where we have the most impact/best
WWF-Switzerland
opportunity to create change. Being
The mission of WWF, encompascertified and able to show that we oursing all its offices around the world,
selves do what we ask from our paris to stop the degradation of the
tners lends weight to our arguments. If
planets natural environment and to
we, as a small organization, are able to
build a future in which humans live
implement ISO 14001 anyone should
in harmony with nature, by conserbe able to do it !
ving the worlds biological diversity,
ensuring that the use of renewable
Does certification represent
natural resources is sustainable, and
Q 3. a changing attitude to ISO
promoting the reduction of pollution
14001 ?
and wasteful consumption.
WWF-Switzerland was awarded
While we are proud of our achieISO 14001 certification by SGS
vements, we know that an EMS is

(Left to right) John Bishop,


IT/Administration Manager
and Environmental Systems
Representative for ISO 14001,
Forum of the Future, and
Rupert Howes, Director of
the Sustainable Economy
Programme.
Forum for the Future (contact :
Patti Whaley, Director of Resources),
227a City Road, London EC1VJT,
United Kingdom.
Tel.
E-mail
Web

+ 44 20 7251 6070.
info@forumforthefuture.org.uk
www.forumforthefuture.org.uk

Thomas Vellacott,
Programme Director and EMS
Representative to the Board
of Directors, WWF-Switzerland.
WWF-Switzerland, Hohlstrasse 110,
P.O.Box, CH-8010 Zurich, Switzerland.
Tel.
Fax
E-mail
Web
Web

+ 41 1 297 2286.
+ 41 1 297 2100.
christian.som@wwf.ch
www.wwf.ch
www.panda.org

ISO Management Systems July-August 2004

41

INTERNATIONAL

Being certified is like (Socit Gnrale de Surveillance


practicing
what we preach

WWF-Pakistan receives its


ISO 14001 certification : (from
left to right) Hania Aslam,
Environmental Officer for the
Environmental Pollution Unit
of WWF-Pakistan ; Hammad
Naqi, Director, Environmental
Pollution Unit WWF-P ; Ali
Hassan Habib, CEO WWF-P ;
Syed F. Mazhar, Managing
Director SGS Pakistan, and Ali
Akhtar Khan, Manager SGS
Pakistan.

WWF-Pakistan, Ferozepur Road, Lahore


54600, India.
Tel.
Fax
E-mail
Web
Web

42

+ 92 42 586 2360.
+ 92 42 586 2358.
epu@wwf.org.pk
www.wwfpak.org
www.panda.org

Does certification represent


www.sgs.com) in January 2001, its
Q 3. a changing attitude to ISO
primary objective being to commit
14001 ?
the organization to control and
WWF works with companies
continually reduce its environmental
to improve their environmental
impacts , the most significant of
performance in absolute terms. To
which was paper
this end, WWF has
consumption.
been instrumental in
Our
EMS
focus
has
Thomas Vellacott,
establishing industry
Programme Director
recently shifted more
standards such as
and EMS Representhose certified by the
towards product
tative to the WWFForest Stewardship
Switzerland Board of environmental performance
Council. ISO 14001
Directors, responded
certification requires
to IMS :
that the EMS operated by the management complies with the standards
What concrete benefits have
requirements, but does not provide
Q 1. you experienced from ISO any guarantees about the environ14001 certification ?
mental performance of the companys
product.
According to Mr. Vellacott, key
For example, an engineering
benefits to date include ongoing
company
that coordinates the estamonitoring of consumption of paper,
blishment
of large river dams, or a
electricity, travel, etc., with improvecompany involved in large scale forest
ment of performance in some sectors,
clearcutting may obtain ISO 14001
and increased staff awareness of envicertification based on its internal proronmental performance.
cedures for waste and energy management, despite the highly detrimental
Has ISO 14001 certification
Q 2. helped to further your envi- effects of its business practices on the
environment.
ronmental goals ?
Monitoring and improvement
of WWF-Switzerlands
organizational environmental
performance
within the ISO 14001
framework is already
well established. It
offers scope for some
specific, though limited
improvement in the
areas of energy, waste
and material flows.
Our EMS focus
has recently shifted
more towards product
environmental
performance,
i.e.
measuring the environmental impact
of our projects. This led to establishing
an institutionalized monitoring and
evaluation process of WWF-Switzerlands conservation targets that will
support us in setting effective goals
and achieving them efficiently.

ISO Management Systems July-August 2004

WWF-Pakistan
WWF-Pakistan was certified to
ISO 14001 by SGS in December
2003, having launched its Greening
the Head Office initiative in March
2003. It established an EMS team to
develop programmes for solid waste
reduction, paper usage minimization,
air and noise emission monitoring of
vehicles and generators, fire hazard
assessment, and efficient head office
energy consumption.
Hania Aslam, Environmental Officer for the Environmental Pollution
Unit of WWF-Pakistan, answered
IMS :

Q 1.

What concrete benefits have


you experienced from ISO
14001 certification ?

WWF-Pakistan is a major conservation NGO in the country. As its

INTERNATIONAL

activities are related to project management and office-related general


tasks, without production or related
processes, our significant environmental aspects were quite simple to
identify.
We targeted office paper reduction, with the objective of converting
it into a paperless or e-office . Our
accounts department has since calculated some encouraging monetary
benefits from the programme. We also
worked on reducing energy consumption and are currently monitoring
consumption patterns.

Q 2.

Has ISO 14001 certification


helped to further your environmental goals ?

Q 3.

Does certification represent


a changing attitude to ISO
14001 ?

I think it would be right to say


that WWF-Pakistan has realized the
importance of ISO 14001 certification
and it has resulted in creating a positive change. I believe we have made a
good start. The EMS was developed by
the core EMS team which comprises
staff members from each department.
Therefore, a sense of ownership developed during the whole process and
we hope that it will contribute to an
attitude change.

WWF-Pakistan is running
a project in the north of
the country to promote
sustainable trophy hunting
that will allow only limited
numbers of abundant species
to be taken. The protected
species shown here is the
markhor, a member of the
goat family that can weigh
up to 110 kg.

WWF-Pakistan is a conservation
NGO with a mission to reduce pollution. We have been communicating
our environmental concerns to the
business and industrial communities
at numerous forums, with the recommendation that they go for an environmental standard such as ISO 14001.
This prompted many questions about
whether our offices were ISO 14001
certified. Therefore, being certified is
like practising what we preach.

The snow leopard,


a threatened
species endemic
to Pakistan which
WWF-Pakistan is
trying to conserve.
ISO Management Systems July-August 2004

43

INTERNATIONAL

Galapagos National Park


enhances top ten competitiveness
with ISO 9001:2000
The Galapagos National Park and Marine Reserve, Ecuador, home to the famous giant
tortoise and many other unique species of flora and fauna, now manages its ecosystems
and biological diversity with an ISO 9001:2000-based quality management system.
BY

E DWIN A RMIJOS

A ranger surveys
Isabela Island, one of
three populated islands
within the Galapagos
National Park.

If you dont change,


you will become extinct. Spencer Johnson *

Edwin Armijos, is quality


manager of the Galapagos
National Park, Ecuador.
Quito address : Pasaje Donoso de
Barba #226, y Jos Tobar Vicentina,
Quito, Ecuador.
Galapagos address: Parque Nacional
Galapagos, Avenida Charles Darwin
s/n Galpagos, Ecuador.
Tel. + 593 5 52 6189 ext. 230.
Tel. + 593 98 43 1488.
E-mail earmijos@spng.org.ec
E-mail edwinarmijos@hotmail.com
Web www.galapagospark.org

44

cuadors Galapagos National Park and Marine Reserve


(GNPS), a governmental institution responsible for the management of the protected areas of the
Galapagos archipelago, is rated among
the ten most important World Heritage Sites. It dates back to 1959, when
first designated as a protected area,
and today welcomes more than 90 000
tourists per year.
The GNPS employs some 250 people in the daily management of the

ISO Management Systems July-August 2004

park with the objective of protecting


and conserving the ecosystems and
biological diversity of the archipelago
for the benefit of humanity, the local
population, science and education .
This article outlines our experiences in implementing a quality management system (QMS) for a national
park, based on ISO 9001:2000, as we
ready ourselves for the certification
audit next October.
* Spencer Johnson is author of numerous books
on management and change, including The One
Minute Manager and Who Moved My Cheese An
A-Mazing Way to Deal with Change in Your Work
and in Your Life.

INTERNATIONAL

Meeting future challenges

The QMS implementation process

In this age of change, we accept


that our managerial projects and concepts must be in a permanent state of
development to meet future challenges and to create a common vision for
the future. It is time for managers of
protected areas such as national parks
to move beyond the traditional technical-scientific models of the 80s and
90s. Many modern-thinking national
parks are now adopting social and
eco-systematic managerial concepts,
with the capacity for technical and
financial self-management, in addition
to those traditional systems.
The principle that the only permanent thing is change is a reminder
of the changing environment and the
instability of organizations in the new
millennium. This has motivated us to
design and implement a new model
of institutional management for the
GNPS, to enhance its competitive
position worldwide.
The pursuit of competitiveness,
continual improvement, employee
commitment, customer satisfaction,
and community participation in
the management of the Galapagos
eco-systems are the challenges that
have driven GNPS administration.
We have worked on ISO 9001:2000
implementation and certification since
October 2002 with the support of the
Environmental Programme for the
Galapagos Islands, and in consultation
with Bureau Veritas 1).

Client satisfaction and continual


improvement were the key objectives
behind ISO 9001:2000-based QMS
implementation at GNPS. We adapted
some of the requirements to suit the
particular needs of a national park,
principally in training, the system of
evaluation, writing of conservation
procedures, the institutional mission,
and in adopting a new management
Indira Medina, coordinator
model.

of tourism monitoring at ISO

Diagnosis. A QMS implementation 9001:2000-certified Galapagos


feasibility study took place in October National Park.
2002, with the help of Bureau Veritas.
This included interviews with institution personnel and revision of existing
documentation.
Implementation planning. Once
we had decided to go ahead, we
drew up an implementation plan for
the areas and sub-areas governed by
our four technical offices : located on
the islands of Isabela, San Cristobal,
Floreana and Santa Cruz. The system
covers all areas of management,
including marine and land resources,
tourism, environmental education,
communication, control and patrolling,

Many modern-thinking
national parks are now
adopting social and
eco-systematic
managerial concepts

GNP rangers
monitor one of the
famous Galapagos
tortoises, some
weighing up to
200 kg, and living
200 years.

GNPS mission
Our mission at GNPS is to be the
leading institution worldwide in the
eco-system management of protected areas, involving the community,
using investigation and technological
innovation to ensure the sustainability of its natural resources, and the
environmental services generated by
the National Park and the Galapagos
Marine Reserve, for the benefit of
present and future generations .

1) Bureau Veritas
(contact: Marco
Esparza), Avenida
Republica de El
Salvador N35 182 y
Portugal, Piso 3, Quito,
Ecuador.
Tel.
+ 593 2 227 3190.
Fax
+ 593 2 225 8437.
E-mail marco.esparza@
ec.bureauveritas.com

ISO Management Systems July-August 2004

45

INTERNATIONAL

2) SGS-Socit Gnrale de
Surveillance (contact: Mauricio
Rodriguez), Avenida Republica de
El Salvador N35 182 y Suecia edif.
Almirante Colon, Piso 2, Quito,
Ecuador.
Tel. + 593 2 225 2300 ext. 515.
E-mail Mauricio_Rodriguez@sgs.com
* Ray Bradbury is author of over 500
hundred published works including
The Martian Chronicles, The Illustrated
Man and Fahrenheit 451.

We plan to implement
an ISO 14001-based
environmental
management system

institutional development, financial


management, directorship and general
management.

prepared for its certification audit by


Socit Gnrale de Surveillance S.A.
(SGS) 2) in October 2004.

The corporate launch. In November 2003, we presented the framework


of the ISO 9001:2000-based QMS to
the GNPS technical committe, and
publicized it on notice boards, via
e-mail and through meetings with the
area and sub-area offices.

Continual improvement: In our


endeavours to ensure continual improvement, suggestion boxes have been
placed around the park office areas
for use by both internal and external
clients, and park wardens are also
encouraged to suggest improvements.
Thus the local community benefits
from the enhanced quality service
carried out by the GNPS.

Training and education. Park


Warden training workshops were held
from January 2003 covering the QMS
and its documentation and implementation, management processes, continual improvement, technical statistics
and internal quality audits.
ISO 9001:2000 documentation. Following the advice of Bureau Veritas, we
drew up quality, process and continual
improvement manuals, and developed
61 ISO 9001:2000 procedures.
Implementation. Following the
training and documentation steps,
we were now ready to apply the new
system to the everyday operation of
the organization.
Evaluation and monitoring. We
verified the extent to which the system
fulfilled ISO 9001:2000 requirements
from staff feedback and by monitoring
procedures, in the run-up to internal
and external auditing.
Internal quality audits. Some 21
GNPS internal auditors carried out
three internal quality audits, These
audits identify opportunities for
improvement.

GNP rangers maintain tourist


footpaths as part of the ISO
Certification. Following the imple9001:2000-based quality
mentation
process, GNPS is fully
programme.

Park rangers participate in


a quality and continual
improvement workshop.
46

ISO Management Systems July-August 2004

The future
Should we be successful in achieving ISO 9001:2000 certification,
GNPS will become one the first national parks in the world to enjoy such
recognition. It would undoubtedly be
a source of great pride and encouragement for all at GNPS, and a spur to
continue our vital conservation work
at this World Heritage Site.
What is more, we plan to implement
an ISO 14001-based environmental
management system (EMS) to raise
awareness of our responsibility in
offering a quality service in conservation. It is also important for us to communicate. I would welcome contact
with other national parks or protected
areas of the world to exchange our
experiences in this area.
To quote author Ray Bradbury *:
We continue to be imperfect, dangerous and terrible, yet at the same time
marvellous and fantastic. But we ARE
learning to CHANGE.

ISO.The source of ISO 9000, ISO 14000


and more than 14300 International Standards for
business, government and society.

B U S I N E S S S TA N D A RD S

Security concerns fuel boom


in biometric technologies
From identity theft to the fight against global terrorism, a variety of threats have moved
security issues to the top of business and government agendas. Biometric technologies
promise fast, easy-to-use, accurate, reliable and less expensive identity authentication
for a wide range of security applications.
Photo : Pascal Krieger

BY

E LIZABETH G ASIOROWSKI -D ENIS

The Business Standards


column is edited by Elizabeth
Gasiorowski Denis, a journalist
in the Public Relations
department of ISO Central
Secretariat,
E-mail

48

gasiorowski@iso.org

iometrics uses personal characBenefits


teristics to identify users. These
include but are not limited
Biometrics can be used in almost
to a persons face, fingerprints, hand
any application that requires the accugeometry, handwriting, iris, retinal,
rate identification of an individual,
vein and voice recognition. For examfrom computers where a fingerprint
ple, digitized voiceprints made from a
scan on the mouse can verify the idenpersons speech samples can be stored
tity of a user to nuclear power plants
on a smart card or passport. Identity is
where various biometric applications
verified by matching speech patterns
are used to restrict access to the critithat are unique to each individual.
cal systems. Following the September
The growing demand for biometric
11 terrorist attacks, security concerns
technologies has put the spotlight on
sparked increased interest in using
h i g h - p e r f o r m a n c e,
biometric technolointeroperable standgies to identify indiThe
growing
demand
ards and is one of the
viduals.
driving forces behind
Compared to trafor biometric technologies
the
establishment
ditional
identificain 2002 of ISO/IEC
has put the spotlight
tion methods such as
joint technical compasswords, biometon high-performance,
mittee JTC 1, Inforric technologies are
mation technology,
relatively new. They
interoperable standards
subcommittee (SC)
emerged in the 1970s,
37, Biometrics.
when early installa Consumers need biometric-based
tions were expensive and therefore
high performance, interoperable syslimited to very high security applicatems developed in a timely fashion for
tions such as nuclear facilities. Recent
a number of applications, says Ferntechnological advances have resulted
ando Podio, Chair of ISO/IEC JTC
in better products and significant price
1/SC 37. SC 37 was formed to ensure
reductions. According to Frost & Sullia high priority, focused, and comprevans World Biometrics Market : Update
hensive approach worldwide for the
(www.frost.com), fingerprint scanners,
rapid development and approval of
for example, can now be purchased
formal generic biometric standards to
for as little as USD 100 per unit. These
meet these customers needs.
changes have made biometrics increasingly attractive for business.
Another advantage of biometric
technologies is that they are far harder
to abuse or evade than old-fashioned

ISO Management Systems July-August 2004

B U S I N E S S S TA N D A RD S

password-or document-based forms


of identification, which can be easily
compromised and forgotten. With biometric technologies, there is nothing
to carry or remember since positive
authentication is based on the unique
physical traits of each individual.

Multiple uses

national and industry consortia such as the BioAPI


consortium and the International Biometric Industry
Association, in an effort to
meet the urgent needs of
industry and end-users. Mr.
Podio commented : SC 37
offers the community and
end-users an international
venue to accelerate and harmonize formal international
biometric standardization.

According to the subcommittees


business plan, market opportunities
for biometrics include enterprise-wide
network security infrastructures, the
protection of buildings from unauthorBusiness need
ized individuals, electronic banking,
investing and other financial transacA recent survey Identions, retail sales, law enforcement as
tity Theft Survey Report
well as health and social services.
(September 2003) by the
In order to ensure that future
Federal Trade Commission
standards-based systems and applica(FTC www.ftc.org) of
tions are more interoperable, scalable,
the USA estimates that 27,3 million
reliable and secure,
Americans have been
ISO/IEC JTC 1/SC
victims of identity
Biometrics uses
37 brings together
theft in the last five
personal characteristics
national delegations
years, including 9,9
from 24 countries (19
million people in
to identify users
participants and 5
the last year alone.
observers), including
According to the
experts from a variety of IT industries
survey, identity theft losses to busisuch as biometrics, security, system
nesses and financial institutions in
integrators and developers, and users
2002 totalled nearly USD 48 billion
of biometric-based personal authentiand consumer victims reported USD 5
cation and information systems.
billion in out-of-pocket expenses.
It has six working groups now
addressing the following aspects :

Fernando Podio, Chair of the


ISO/IEC biometrics subcommittee
says that it offers an international
venue to accelerate and
harmonize formal international
biometric standardization.
Fernando Podio, ISO/IEC
JTC 1/SC 37 Chair, National
Institute of Standards and
Technology, 100 Bureau Drive,
Stop 8930, Gaithersburg,
MD 20899-8930, USA.
Tel.
E-mail

+ 1 301 975 2947


fernando.podio@nist.gov

Harmonized biometric vocabulary


and definitions.
Biometric Data Interchange formats.
Profiles for biometric applications.
Biometric testing and reporting.
Cross-jurisdictional and societal
aspects. This could include the safe
operation of biometric systems, the
use of technical measures such as
privacy maintaining and enhancing
technologies, and development of
codes of practice.
In addition to its national delegations, SC 37 is working in close
collaboration with MasterCard InterISO Management Systems July-August 2004

49

B U S I N E S S S TA N D A RD S

As the level of securithese needs, says Fernando Podio.


ty breaches and transaction
The subcommittees rapid developfraud increases, businesses
ment and approval of a portfolio of
and governments are looking
technically sound consensus standards
to biometric
will help ensure that
technologies
future standards-based
for
highly
systems and applica27,3 million Americans
secure identions are more interhave been victims of
tification
operable, scalable, reliand personal
identity theft in the last able and secure.
verification
Mr. Podio said that
five years
solutions.
he anticipates that
A d o p some of the data intertion of biochange format and
metric-based high performinterface standards will reach Final
ance, interoperable systems
Draft International Standard status
will depend in part on the
by the end of 2004, with publication as
timely availability of the
International Standards in 2005.
required biometric standards. SC 37 working groups are working very quickly and efficiently to meet

50

ISO Management Systems July-August 2004

Next issue
ISO Insider

Complaints handling for organizations


When the customer isnt satisfied, you can breathe deeply
and count to 10...or count on ISO 10002, Guidelines for
complaints handling in organizations, one of a suite of three
standards that provide the framework for a comprehensive
customer complaints management system.

Management systems for ensuring integrity


of food supply chain
Failures in food supply can be dangerous and cost plenty.
The new standard ISO 22000 for food safety management
systems is intended to provide security by ensuring that
there are no weak links in the food supply chain.

Special Report

Consultants choosing and using them


Like the little girl in the nursery rhyme, it could be said of
consultants that when they are good, they are very, very good
and when they are bad they are horrid ! The fact remains
that many organizations turn to consultants for help in set-

Author Matthias Gelber


has led the INEM
(International Network
of Environmental
Management) delegation to ISO/TC 207 for
many years and he has
recently been appointed
to serve on the TC 207
Future Vision Task Force.
In addition, Matthias has
comprehensive experience of helping a range
of public and private
sector clients with EMS
implementation.

ISO 14001 implementation

money if you hire a consultant


and what are the criteria you
should use for choosing one ?

QMS consultants
instructions for use

ants, questions that arise include :

Author Giancarlo Colferai


is well placed to supply

the answers as he is
project leader of the
ISO/TC 176 working
group developing the

new standard ISO 10019,


bad surprise ?
Guidelines for the selection of quality manage What are tasks of the consultant and those of the
ment system consultants
organizations employees ?
and the use of their
services.

Pick y

our

onsul
ow n c

tant

ISO Management Systems July-August 2004

51

EFQM
1 page

You might also like