Look at the Certificate

The first thing you need to do when you are evaluating a potential supplier based on their ISO certificate is request them to provide you with a copy of the certificate itself.   If the company is indeed certified, they should not have a problem providing you with a copy of their ISO certificate.  When you have it, then you can take the following steps:

1. Only Registrars are allowed to give ISO certificates. An organization cannot self grant an ISO certificate.

2. Look for the name of the registrar (i.e. DNV, BSI, ABS etc.)

3. Look for the name of the accreditation body (i.e. ANAB, ANSI, UKAS, etc.). If you see an stamp from an accreditation body, you can find out if this accreditation body is a member of the International Accreditation Forum at http://www.compad.com.au/cms/iaf/articles/145

4. If there is no stamp from an accreditation body on the certificate then you can be suspicious as to whether the Registrar is competent to audit. A registrar may opt to not seek accreditation, but that may or may not be an indication of their ability and competency. Here is an excerpt from the ISO website:

   "In most countries, accreditation is a choice, not an obligation and the fact that a certification body is not accredited does not, by itself, mean that it is not a reputable organization. For example, a certification body operating nationally in a highly specific sector might enjoy such a good reputation that it does not feel there is any advantage for it to go to the expense of being accredited. That said, many certification bodies choose to seek accreditation, even when it is not compulsory, in order to be able to demonstrate an independent confirmation of their competence."

5. If there is a registrar name on the certificate, the quickest way to find out if the certificate is valid is to call the Registrar directly and ask them to verify that they have issued such certificate. Explain to their Registrar what you are trying to do and they should be able to put you in touch with the specific department that can help with you with such situations.

6. Bear in mind that if an organization certifies Plant A, it does not mean that Plant B and C are also certified. Usually the certificate will tell you exactly which processes and locations are certified. So if you have a certificate, say for Exxon Mobil La Porte, TX; that would not apply for the Exxon Mobil plant in Lake Charles, Louisiana.

7. Ensure that the certificate has not expired. If it has, then you can ask the company the reason why the certificate is expired. Valid reason could be:

   1. They already had their recertification audit –to renew their certificate- however the Registrar failed to provide the Audit report on time and therefore they were unable to answer the nonconformities on time. In this case you should be able to get a copy of the recertification audit report. Actually I have experienced this situation and the organization truly may not be at fault.

   2. They were not ready for their recertification audit and decided to postpone it. In this case, you should expect to see an audit agenda, describing the new audit date. I have seen this situation also, in this case the organization itself is admitting they have shortcomings. See if they are actually working on improving the system.

Search the Net

If you have some time and access to the internet, you can actually go to the Registrar website directly and look for a list of their clients. Here is a few of them:

• DNV Certification: http://www.dnv.us/services/certification/management_systems/meet_our_customers/customer_reference_list/index.asp
• BSI: http://www.bsigroup.com/en/Assessment-and-certification-services/Client-directory/CertificateClient-Directory-Search/
• ABS: https://www.eagle.org/morsi2/ECert.Abs_ccd1

Not all registrars are created equal

Like it or not, I'm going to have to be sincere, not all registrar stand to the same auditing principles or conform to the same audit standards. Simply put, some registrars are better than others. I'm not being bias but rather speaking from my own experience and what I heard in the ISO world.

Let's put the case of those registrars operating without being accredited or perhaps while their accreditation in under suspension. In either case they are not authorize to give certificates until their auditing practices are up to par with accreditation body auditing practices and ISO auditing standard as well.

When an organization is audited by a registrar who does not have good practices, the only one that stands to lose is the organization, because they are made believe their management system is conforming to the standard, when in fact, such management system may have many opportunities for improvement, in some cases severe. The problem is not just “not conforming to the standard” but rather not getting the full benefit of being certified, which means improving the processes and the business.

Of course all audits are based on a sampling plan, however if a registrar decides to audit less days than the recommended by the International Accreditation Forum or another similar entity, then you may not be able to truly obtain a representative sample from which to audit.

It still smells...

If you have done your homework, looked at the certificate and audited the company and you still think that the processes from your potential supplier do not match the level of quality an ISO certified company should demonstrate, then go with your assessment. Of course if you figure out the certificate is not valid, then don’t bother. Forging a certificate is not professional and should be an indication of other mal practices they may be capable of. A good supplier should be able to help you improve your quality by providing you excellent products and services. If you feel they are not qualified even if they are certified, then trust your instincts.  

About the Author

Miriam Boudreaux is the President of Mireaux Management Solutions, a consulting firm headquartered in Houston, TX. Mireaux's products and services encompass ISO consulting, ISO Training, Internal Auditing, implementation of Web QMS platform and electronic QMS hosting.

Miriam has been a speaker at the ISO 9000 Conference in previous years and is scheduled to speak at the 20th ISO 9000 Conference in Orlando, Florida in March 2012.  Click here to register for the conference.

To get in touch with Miriam Boudreaux please contact her at info@mireauxms.com.

Copyright ©2011 Mireaux Management Solutions

There is not a bigger vicious cycle in this world than that of problem which constantly re-occur because there is no time to stop and solve them correctly. Although we all would like for this cycle to stop, Managers can't afford letting employees waste time with too much researching and employees don't have the time because they are constantly fighting fires. As long as this cycle continues, problems will reoccur and everyone will have to spend more time in what should not have occurred on the first place. How do we get out of this vicious cycle? Through training, dedication and appropriate problem solving techniques.

Why are we always fighting fires?

Is no doubt that time is more than a precious stone, it is not only valuable but once it is gone there is no way to get it back, no matter how much we are willing to pay. At work, time is even more valuable, as we only have 8 hours a day to be productive and achieve our daily tasks and goals. Although we are all well intended, somehow time at work just seems to go by too fast. Between reading emails and fighting fires, the work day is gone and there is no time to look at the big picture or even think of improvements. But why are we fighting fires on the first place? 

If you look at every problem that causes us to stop everything we are doing and dedicate our resources to that problem, chances are you will say that the problem should not have occurred. Not only should the problem not have occurred, but it could have been prevented, very easily. Or furthermore, you could even say that the problem already happened, and therefore there was no reason why it should have happened again. But somehow, somewhere, something broke and all of the sudden the problem resurfaced. 

But usually there is no time to ponder. You don't want to look as if you are not acting or doing something about the problem and therefore you put on your firefighter outfit and go fight the fire along with everyone else. Fortunately you may think, all those fighting the fire are equally smart like you and whether you were there when the problem occurred, you feel that the most intelligent people in the company are the ones putting the problem and the fire down. Little do we know that the smarter people in the company are not always the only people who should be solving the issue, but, is another issue out of many and there is no time to sit and think of other ways to do it, because the problem is critical and we better take care of it because tomorrow we may have another fire and because we don't want to look as if we haven't done enough already.

But the problem is not so much in the fire or the people who caused it, but rather the system who allowed it to happen.

Where is the system?

When I look at organizations that are constantly in fire fighting mode, I see that there is not a system in place to allow improving from mistakes. Either mistakes are not recognized as such, or the organization views mistakes and errors as a detriment to the organization. Employees are scare of bringing problems or potential problems to management's attention in fear of reprisal. Management sees problems as Operator error and considers every problem an opportunity for reorganization. A system of proper root cause analysis is unknown and problem solving is usually handled by a selected few. A lack of a Problem Solving and Continual Improvement system prevents the organization from using those "errors, problems or mistakes" as valuable tools to improve its processes. 

Basically for re-current problems to stop from re-appearing, a system is needed where the vicious cycle cannot be allowed to happen. That can only be achieved when there is a system in place that allows for the following three elements to exist:

1. Company-wide training in Root Cause Analysis Techniques and Problem Solving.
2. Commitment from the organization leadership to continual improvement.
3. A robust yet simple process for conducting Corrective or Preventive actions that includes all elements of a proper Root Cause Analysis and Problem Solving.

Without the 3 elements above, a process for stopping problems from happening again will not exist or will not be able to be sustained over time. These 3 elements ensure that the system in the organization is conducive to continual improvement and that appropriate root cause analysis and problem solving will prevent problems from re-occurring.

Company Wide Training is Essential

Training in Root Causes Analysis and Problem Solving is a basic requirement if you want your organization to move away from fire fighting mode. However training must occur throughout the organization, not just for a few manager or the company auditors. It is imperative that from the top executives of the organization all the way to the floor shop employees or desk clerks, everyone be trained on these techniques. 

An organization may be surprised how much they are losing by depriving their employees from these essential tools. As a consultant and auditor, I see this all the time. Employees thinking they have close out issues, only to find out they were closed on paper, not in real life. After many of these encounters, I have come to believe that is not that they forgot to complete their actions or that somebody misinterpret them, is just that they do not understand the concepts of problem solving. Some people literally think that a problem is solved when you have stated what you are planning to do to solve the problem, while others think that a problem is solved when the specific issue that caused the nonconformity is resolved. Yet others think that problems never really happen and the fire fighting status quo is the norm.

Training is therefore essential to ensuring that everyone understands the process from finding the root causes of the problem and ensuring that the problem does not happen again. In reality, a problem is not resolved when the root cause analysis has been conducted. There are events that must happen before and after in order from the problem to be fully resolved and not re-occur.  Activities like containment, notification, design, mistake proofing, verification, etc. are all part of solving a problem properly.  Of course not all problems are created equal, and therefore employees must be trained adequately in order to understand how to apply the simple problem solving techniques to their everyday problems and challenges.

Equally important is to train top management in the root cause analysis and problem solving techniques. I get puzzled when a manager asks for a problem to be solved correctly yet demands immediate action and not too much investigation: "More doing and less talking", may be a familiar phrase. While we all want to minimize unproductive time, it is necessary that Management understand problem solving techniques so that they can understand that the depth of activities necessary to solve a problem are commensurable to the problem in question and the need to stop the problem from happening again. A return from a customer is a problem that can be easily solved by giving the customer credit back, however to stop that problem from happening again requires a lot more than that.

And because problems happen at all levels of the organization, everyone must be trained.

Leadership Commitment

I would like to think that once the management of an organization has been trained in Root Cause Analysis and Problem Solving techniques, they will be more apt to giving employees the time as well as the resources they need to solve a problem. Problems vary and so does the effort and time allocated to solved them properly. When management understand these concepts and techniques, they will understand than giving a customer credit back is like putting a band aid to a wound: it will not solve the issue of why the wound happened on the first place. Nor would a simple problem solving session be able to capitalize on the lessons learned and cross pollinate within an organization's multiple locations. For that to happen you need time and you need management to be committed to giving that time and allowing all the appropriate manpower resources to share those lessons.

We understand that financial resources are not always available, but well trained employees will learn the proper techniques to find alternative solutions to solve problems, to implement mistake proof systems that may not necessarily be more costly and that may in fact save money. After all, when a problem reoccurs, you are already wasted time, resources and money time and again. Therefore allowing your employees to work on continually improving the system not only saves you time and money but also helps your company improve.

Keep it Simple and Robust...Your corrective and preventive action system

Usually your corrective and preventive action system should be the one where the entire root cause analysis and problem solving is done. Thus, I cannot stress enough that your corrective and preventive action system must be designed with continual improvement in mind, and therefore all your employees should have equal rights to it. You cannot expect employees to use the system for solving problems, when it is not accessible to them or when it is too cumbersome to use.

Likewise you cannot have a corrective and preventive action system that is disjoint or that does not encourage employees to think about containment, root causes analysis and verification for example.  The entire system of problem solving should be embedded in your corrective and preventive action system, so that there are no other systems out there duplicating efforts. Moreover, management must believe in the system, encourage its use and use it themselves. This will create a sense of trust in the system that employees will see and therefore follow.

Finally, your corrective and preventive action system must be designed so that anyone who has encountered a problem or a potential problem feels empower to bring it up to management's attention. The system should also be simple enough for everyone to follow and robust so that you don't have to hire extra people just to maintain the system.  The idea is that whatever paper or electronic tool you use, it must be easy to maintain and sustain.

So is it going to be 1 or 8 hours?

So now that you understand what is needed to stop firefighting and foster an organization that values continual improvement, are you ready to dedicate 1 hour of your day to it?

About the Author

Miriam Boudreaux is the President of Mireaux Management Solutions, a consulting firm headquartered in Houston, TX. Mireaux's products and services encompass ISO consulting, ISO Training, Internal Auditing, implementation of Web QMS platform and electronic QMS hosting.

Miriam has been a speaker at the ISO 9000 Conference in previous years and is scheduled to speak at the 20th ISO 9000 Conference in Orlando, Florida in March 2012.  Click here to register for the conference.

To get in touch with Miriam Boudreaux please contact her at info@mireauxms.com.

Copyright ©2011 Mireaux Management Solutions

If you see this post it means that BlogEngine.NET 2.0 is running and the hard part of creating your own blog is done. There is only a few things left to do.

Write Permissions

To be able to log in to the blog and writing posts, you need to enable write permissions on the App_Data folder. If you’re blog is hosted at a hosting provider, you can either log into your account’s admin page or call the support. You need write permissions on the App_Data folder because all posts, comments, and blog attachments are saved as XML files and placed in the App_Data folder. 

If you wish to use a database to to store your blog data, we still encourage you to enable this write access for an images you may wish to store for your blog posts.  If you are interested in using Microsoft SQL Server, MySQL, SQL CE, or other databases, please see the BlogEngine wiki to get started.

Security

When you've got write permissions to the App_Data folder, you need to change the username and password. Find the sign-in link located either at the bottom or top of the page depending on your current theme and click it. Now enter "admin" in both the username and password fields and click the button. You will now see an admin menu appear. It has a link to the "Users" admin page. From there you can change the username and password.  Passwords are hashed by default so if you lose your password, please see the BlogEngine wiki for information on recovery.

Configuration and Profile

Now that you have your blog secured, take a look through the settings and give your new blog a title.  BlogEngine.NET 1.4 is set up to take full advantage of of many semantic formats and technologies such as FOAF, SIOC and APML. It means that the content stored in your BlogEngine.NET installation will be fully portable and auto-discoverable.  Be sure to fill in your author profile to take better advantage of this.

Themes and Widgets

One last thing to consider is customizing the look of your blog.  We have a few themes available right out of the box including two fully setup to use our new widget framework.  The widget framework allows drop and drag placement on your side bar as well as editing and configuration right in the widget while you are logged in.  Be sure to check out our home page for more theme choices and downloadable widgets to add to your blog.

Try Out New Features

BlogEngine now supports code syntax highlighting and HTML5 video out of the box. To add a video, click the "Insert video" button just above the post editor. Once your video is uploaded, use the following syntax to show it: [­video src="be-sample.mp4"]. Make sure to add "video/mp4" as a MIME type to your IIS.

You can add formatted code by pressing the "Insert Code" button on the post editor toolbar. Here is a small sample:

// Hello1.cs
public class Hello1
{
   public static void Main()
   {
      System.Console.WriteLine("Hello, World!");
   }
}

On the web

You can find BlogEngine.NET on the official website. Here you'll find tutorials, documentation, tips and tricks and much more. The ongoing development of BlogEngine.NET can be followed at CodePlex where the daily builds will be published for anyone to download.

Good luck and happy writing.

The BlogEngine.NET team