Interesting news:

ISO 9001 is about to be revised for 2008! A new version of the standard, or actually amendments to ISO 9001 and revisions to ISO 9004 are in the works by the technical committee (TC 176). We should not be expecting major changes, but we will be informing you as soon as the accurate information is available, so that you can start making the adjustments progressively, rather than having to do the last-minute scramble. The design specification mandates that "any changes to ISO 9001:2000 for the next release of the standard in 2008 be relatively minor in nature with minimal impact and high benefit to the end user."

Medical Device Risk Management - ISO 14971:2007 The Medical Device Directive (MDD), and IEC 60601-1 3rd Edition have been revised and "now require you to demonstrate that you have a documented risk management system in place, no matter what the probability or the severity of the risk is, to show that your device is safe". So as part of your ISO 13485 program you will also need to comply with ISO 14971:2007. You can also be certified to it. This standard provides a framework that a medical device manufacturer can use to develop a risk management system. The standard requires the manufacturer to identify the hazards associated with their products, estimate and evaluate the associated risks, control these risks, and monitor the effectiveness of the controls. The requirements of the standard apply at all stages of the product's life cycle -from concept through post-production - ultimately leading to reduced risk due to possible hazards with the product.

ISO 27001 replaces ISO 17799 as the newstandard for IT security Information ISO 27001 is the new international standard created by the International Standards Organization for Information Security Management Systems. Officially known as ISO/IEC 27001:2005, this standard, published last October, will replace the British BS7799-2 and the ISO 17799 standard; the latter may, however, be renumbered ISO 27002, but ISO has not made a final statement regarding ISO 17799 renumbering yet.
Internationalization of these standards will create a demand for a recognised ISMS certification. Clients in the future may ask whether your organization have achieved ISO 27001 certification. Besides providing "marketing" value, it helps IT managers create a framework, based on a "Plan-Do-Check-Act" approach.
If the Sarbanes-Oxley Act is relevant for your business, ISO 27001 could be your best way to get a framework. If SOX is not yet relevant -- if you live outside of the US, for instance -- you may be less interested in it.
Successful certification requires a methodical approach, careful consideration of scope, and a thorough understanding of your organization information security needs. Achieving the ISO 27001 certification mitigates the risk of human error, by having sound procedures and regulations. The certification process involves several visits from certified external auditors, who review documents and processes. Any non-compliance must be corrected before their next visit. The time the certification process takes can differ greatly, as no two organizations are alike.
There are clear relationships between ISO 27001 and the Sarbanes-Oxley Act's requirement to develop an information security management system that is integrated, comprehensive, and incorporates widely recognized best practices. ISO 27001 is a step toward effecting and demonstrating compliance with the SOX legislation. Getting the ISO 27001 certification also tells your clients that the requirements in SOX section 404 have been successfully passed.

What happened with Chiron?

It sent the Flu vaccination campaign into chaos after announcing it would not be providing 48 million doses because of quality problems (product quality, delivery dates, cost, etc).

The explanation is hard to give without a thorough analysis. But it most certainly lies in one or a combination of scenarios of companies that have quality management systems (QMS) that are registered to the applicable industry standards (ISO 13485, ISO 9001, AS 9100, TL 9000, etc) and compliant to regulatory standards of many countries, (FDA, CE, UL), and yet have serious recurring quality problems. How can that be?

Well, unfortunately you could ask the question: "Are you surprised?" and sound a lot more knowledgeable. Most companies with registered Quality Management Systems fall into one of the following categories.

1/ For companies in highly regulated industries such as pharmaceuticals, biomedical or aerospace, the QMS is often very bureaucratic and cumbersome. It is more designed to generate adequate records than produce quality products. The company will often operate outside or the QMS and backtrack quickly to sweep behind, and generate the adequate records and documentation to maintain compliance.

2/ Companies operate with a minimal QMS that enables them to pass a registration or surveillance audit and hardly meets the needs for managing quality of the product. Basically, all the employees do the bare minimum for ISO 9000, ISO 13485, GMP or ISO 16949 compliance, and the bulk of the working or control processes are kept outside of the QMS in order to have "maximum flexibility"

3/ The QMS is not aligned with business objectives. This scenario is very frequent with companies that have been in business for a while and the QMS has not been growing or living with the organization. So you end up with obsolete procedures and documented processes, and quality objectives such lead times, and defect levels that cannot be met given the business objectives such as sales volume and targeted growth.

4/ The QMS is well implemented but the work methodologies are inadequate. This is something that should be identified through adequate root-cause analysis as a result of quality problems. Unfortunately, this is often very difficult to accomplish without some expert analysis tools and process expertise. As a result, the company will accept a fairly high and disruptive level of quality problems as an industry reality, while process reengineering is what is really required.

Despite gloomy predictions, the transition to ISO 9001:2000 is further along than previously thought. (Quality Digest)

More than 43 percent of a Quality Digest survey respondents report that theyıve finished the transition to ISO 9001:2000, 38 percent are in the process, 5 percent do not plan on transitioning and about 13 percent have never been registered to an ISO 9000 standard and are registering to ISO 9001:2000 for the first time......

.....In general, the overall value of the registration process is most positively perceived among those who have already completed registration, both first-time registrants and those that transitioned. Those who are in the process of transitioning were more reserved in their responses.

More than 50 percent of those who have completed the transition process agree that the transition was easy, compared to one-quarter of those still transitioning and one-third registered to ISO 9000 for the first time.

The cost of transition seems to be an issue mostly for those registering for the first time. About 44 percent of first-timers think registration is expensive, compared to the 22 percent that transitioned and the 33 percent that are still in the transition process.

There is a certain sense to this: The cost of registering for the first time tends to be more expensive than simply transitioning. Our survey shows that first-time registrants are much more likely to use consultants. They may also require more time from both consultants and registrars before they iron out all nonconformities. Organizations that already have experience with the standards are less likely to use consultants and, given prior knowledge of the standards, will be less likely to have problems with implementation. All this translates directly into dollars.

One of the most outstanding survey results was the perceived value of registration. More than 70 percent of first-time registrants agree or strongly agree that the quality of their products or services has improved as a result of registration, with 19 percent strongly agreeing that this is the case.

For those who have transitioned, about 30 to 40 percent agree or strongly agree that the new standard has improved products and services, and about one-quarter disagree or strongly disagree.


Highest increase in ISO 9000 certificates recorded!

37000 new certificates in the US alone. ISO publishes the survey on the number and growth of ISO 9000 and ISO 14000 registered companies in the world.


ISO 9001 yields financial rewards for registered companies.

"The financial performance of companies registered to ISO 9001 improved compared to companies that have not pursued conformity to the standard, according to researchers from UCLA, the University of Maryland, and the Universidad Carlos II in Madrid. Researchers analyzed the impact of ISO 9001 conformity on publicly traded firms and found a direct correlation with a firmıs return on assets (RIA). "We were shocked by the magnitude of the effects." said David Kirsch of the University of Maryland. While the performance of firms that attained ISO 9001 registration improved, firms that didnıt seek registration experienced deterioration in return on assets, productivity, and sales. The researchers combined databases on registrations with financial information provided to the SEC from 1998 to 1997 to yield a group of 7,598 public firms that received one or more ISO 9001 certificates prior to 1998. Researchers analyzed the two years prior to a companyıs registration because it normally takes about 18 months to implement ISO 9001. The return on assets rate of chemical companies registered to ISO 9001 remained steady at 17.9% for the two years prior to certification. In contrast the ROA for non-registered firms dropped during the same period. Two years prior to registration the difference between the two groups was a 5% increase in ROA. But three years after becoming registered, those companies improved their ROA by 12%.... The researchers made a direct correlation between ISO 9001 registration and improved performance because the control groups started with the same ROA prior to the registration decision. "Something changed specifically at the registered firms in the year prior to the actual registration," researchers said. "In all analyses we conducted, we found significant improvements in ROA. From that perspective, we can answer the original question of Does it pay to seek ISO 9001 certification? with a resounding YES!" RAB News & Notes, spring 2003, Volume 8 Number 2.


DaimlerChrysler Mandates ISO/TS 16949 to its suppliers

A letter, dated July 2002, has just been released from DaimlerChrysler, requiring registration to ISO/TS 16949. To view the letter in its entirety, please click on the following link.


RAB Warns: Don't Delay Transition to ISO 9001:2000 anymore.

"The three-year window to make the transition from ISO 9000:1994 to ISO 9000:2000 is almost half over, but it's estimated that no more than 30% of registered organizations have made the transition. It's important to anticipate the December 2003 deadline now.

"It's not just a matter of avoiding the final registration crush. There are numerous operational benefits in being registered to the revised standard," Randy Dougherty, RAB's director registrar programs said. Smart companies will move now to avoid problems later. Early adopters may also be in a position to gain a market advantage.

A notable difference in the 2000 revision is a greater focus on continual improvement, customer satisfaction, resource management, and business results. ISO 9001:2000 provides for an evolutionary approach to improved organizational performance. In short, there is real value for organizations making the transition to ISO 9001:2000 as soon as possible.

Because the 2000 revision was a substantial one, organizations need to consider their potential need for education and training prior to making the transisiton. RAB advises companies to be sure to allow time with their registrars for planning and conversion of their registrations." RAB News & Notes, Winter 2002, Volume 7 Number 1.


ISO 9000 and ISO 14000 certifications reach record levels in 2001

Record increases took place in 2001 in the number of certificates of conformity issued to organizations implementing quality management or environmental management systems that meet the requirements of, respectively, the International Standards ISO 9000 and ISO 14000. This development is revealed in the 11th cycle of The ISO Survey of ISO 9000 and ISO 14000 Certificates, which has just been published by ISO (International Organization for Standardization). The annual survey provides a snapshot of the worldwide impact of ISO's best-known standards.

ISO 9000: Up to the end of December 2001, at least 510 616 ISO 9000 certificates had been awarded in 161 countries and economies, an increase of 101 985 certificates (+ 24,96 %) over the end of December 2000, when the total stood at 408 631 in 157 countries. This is by far the highest increase recorded in all 11 cycles of the survey carried out since January 1993.

ISO 9001:2000: Of the ISO 9000 total, 44 388 were certificates of conformity to ISO 9001:2000, the single standard which is replacing the 1994 versions of ISO 9001, ISO 9002 and ISO 9003 (organizations have up to 15 December 2003 to migrate to the new version). The revised standard therefore accounted for 43,53 % of certificates awarded in 2001 and 8,70 % of the overall total.

ISO 14000: Up to the end of 2001, at least 36 765 ISO 14000 certificates had been awarded in 112 countries or economies, an increase of 13 868 (+ 60,57 %) over the end of December 2000 when the total stood at 22 897 in 98 countries. This is by far the highest increase recorded in the seven cycles of the survey in which ISO 14000 has been includedŠ. "International Organization of Standardization, 19 July 2002.


The USDA recommends a Total Quality System Audit approach integrating HACCP and ISO 9000. see link.


USDA mulling food safety measures for meat plants - By Randy Fabi

WASHINGTON (Reuters) - The U.S. Agriculture Department, trying to repair its image after the second-largest recall in history, is considering new regulations that would require meat companies to implement more food safety safeguards, consumer groups said Wednesday. USDA has asked consumers groups and the meat industry to provide suggestions on how it could avoid a repeat of ConAgra Foods Inc. massive beef recall earlier this month. Twenty-eight people in seven states have fallen ill in the past six weeks after eating meat tainted with E. coli. Public health groups have criticized USDA on its handling of the ConAgra recall, saying lax oversight of meat plants and inconsistent enforcement allowed the contamination to occur. "Its shocking how many holes in the safety net there are," said Tony Carbo, senior policy analyst for the Washington-based Government Accountability Project. The Bush administration has strongly defended its food safety system as the best in the world, but admits there may be room for improvement. "I do think there is a lot of Monday morning quarterbacking now on what happened with (ConAgra's recall)," Agriculture Secretary Ann Veneman told reporters. "We're going to try to go through this entire thing and see where we need to make changes in the system," she said. ConAgra on July 19 recalled 18.6 million pounds of ground beef products from its Greeley, Colorado plant after USDA inspectors found samples that tested positive for E. coli O157:H7. The bacteria can be deadly for young children and the elderly, but can be avoided by proper cooking.

USDA SEEKS FEEDBACK

In the past two weeks, USDA has distributed a questionnaire to the meat industry and consumer groups asking if federal E. coli testing was effective and whether plants should implement more safeguards. "We want to come up with a strategy that will certify a higher degree of safety," said Steve Cohen, spokesman for USDA's Foods Safety and Inspection Service. "Testing alone is not sufficient, no matter how much you do, to guarantee you will not have E. coli," he said. Consumer advocates, which met privately with top USDA officials on Wednesday, said the department was mulling over regulations requiring that meat companies implement new technology to kill harmful bacteria in food. Carol Tucker Foreman, food policy director for the Consumer Federation of America, said one option USDA was looking into was mandatory irradiation of meat for certain plants. Irradiation, which exposes foods to low doses of electrons or gamma rays in order to destroy microorganisms, is accepted scientifically as a processing technique, but some consumer groups have raised fears about foods subjected to any radiation. Gary Weber, director of regulatory affairs for the National Cattlemen's Beef Association, said the group was planning to issue a set of food safety recommendations to USDA by September. See (See USDA link) on HACCP and ISO 9000 compliance.

07/31/02 17:13 ET

The Nasdaq Stock Market Inc. gets ISO 9001:2000 certified:

The Nasdaq claims to be the first US stock market to earn ISO 9001:2000 certification. Its Chief Information Officer, Gregor Bailar, predicts registration might one day be required by the Securities and Exchange Commission (SEC) as a prerequisite to becoming listed: "You could see it being an SEC requirement some day....It is not far off being a possibility." On reports needed to compile Nasdaq annual SEC profile, "They [SEC] actually sent us back a note that said it was the best they have seen...For us, being a technology company, ISO 9000 was an inevitable goal. Frank Parrioti, director in the computer operations of Nasdaq, says that the company did not have to make significant changes to its procedures to accommodate the requirements of ISO 9001. We simply put them into compliance by the way of the standard," he says.


Over 400,000 ISO 9000 certificates worldwide:

The Organization for Standardization (ISO ) in Geneva has reported that the ISO 9000 registrations have exceeded 400,000 this year. China, Italy, Japan, Korea, Spain and the Czech republic have experienced the highest percentage growth. The ISO 9000 registrations in North America reached 49,399 at the end of July 2001, with 36,395 in the US. Michigan is the state that holds the most certificates (4,314) followed by California with 3,457


Interesting story on the PETROBRAS disaster: At times all of us complain about having a "Quality Management System." We think we could do things quicker if we did not always have set procedures to follow, and we feel we could be much more efficient if we "cut corners" to get our jobs done. The following a quote from a PETROBRAS official, praising the benefits of cutting quality assurance and inspection costs on the large floating oil rig which PETROBRAS constructed. At some time after making his comments, the P36 rig sunk in the South Atlantic Ocean off Brazil.

QUOTE: "Petrobras has established new global benchmarks for the generation of exceptional shareholder wealth through an aggressive and innovative program of cost cutting on its P36 production facility. Conventional constraints have been successfully challenged and replaced with new paradigms appropriate to the globalize corporate market place. Through an integrated network of facilitated workshops, the project successfully rejected the established constricting and negative influences of prescriptive engineering, onerous quality requirements, and outdated concepts of inspection and client control. Elimination of these unnecessary straitjackets has empowered the project's suppliers and contractors to propose highly economical solutions, with the win-win bonus of enhanced profitability margins for themselves. The P36 platform shows the shape of things to come in unregulated global marketeconomy of the 21st Century."


 




CALISO Consulting, LLC
1516 Oak Street, Ste. 312 - Alameda - CA 94501 - Tel .510.864.0463
E-mail: Tiout@calsoconsulting.com     Copyright & legal information