Yellow font on Black background Black font on White background Black font on Cream background
Call us today 01621 857841 or Email us
Quality Matters Logo

"Quality Matters in your Business"

Monday, 20 December 2010

ISO9001 and Non UKAS Certification Companies

"The United Kingdom Accreditation Service is the sole national accreditation body recognised by government to assess, against internationally agreed standards, organisations that provide certification, testing, inspection and calibration services. Accreditation by UKAS demonstrates the competence, impartiality and performance capability of these evaluators."

A certificate of conformance to ISO9001:2008 issued in the UK by a UKAS Accredited Certification Body guarantees that the organisation meets the requirements of the Standard. It will be accepted by everyone as evidence of compliance. Unfortunately a certificate issued by one of the non-UKAS companies does not.

A prime example of this can be shown where we were asked to carry out a 2nd Party audit of a supplier for a Client of ours. We are IRCA accredited to carry out these type of audits. The Supplier showed us a certificate issued by one of the non-UKAS companies.  We undertook the audit but had to call a halt after finding that no internal audits had been carried out in that year and Management reviews did not cover the elements described in ISO9001. (Major non conformities)  It was clear that this company did not meet the requirements of ISO9001:2008.

Interestingly enough the day after our 2nd Party audit, the non-UKAS company carried out their annual  surveillance visit and declared that they were satisfied that this Supplier met all the requirements of ISO 9001:2008.   I think that says it all. 

 The real pity is that the Supplier believed that they did comply with ISO9001:2008 and are now faced with conflicting information.   The only thing we can say is that if another accredited auditor carried out a 2nd Party audit they would come to exactly the same conclusion as we did, in that this Supplier is non- compliant.

UKAS regulations state that consultancy and certification must be independent from each other.  The non UKAS companies are not governed or regulated, set up the system and then assess it; how could they fail?

We firmly believe that it should be illegal to claim that an organisation meets the requirements of this Standard or any other when it does not;  in the same way that it is illegal to claim that a product does something that it clearly does not (Trade Descriptions Act).

Look for the UKAS mark when selecting a certification body to ensure that your certificate is valid and will be accepted worldwide.

Monday, 29 November 2010

Security at Airports

The recent news with suspect toner cartridges has meant that airport security has been stepped up and perhaps I should have taken this into consideration during my trip back from  Germany.

All was well going out and the usual security check of taking off shoes, jacket. etc  passed off without incident.

The return journey couldn’t have been more different.  The job had been tiring and I had a couple of late nights as well, so I was probably not as alert as I could have been.  I wear a suit and carry a laptop; my grey hair shows that I am a mature man, probably not the profile of your usual suspects.

I approached the security point at the German airport; I had removed my jacket, taken my loose change out of my pockets, put my mobile phone and laptop into the tray, taken off my watch as it has a metal strap and looked at the female security operator as she asked me if I had anything metal on me before I went through the detector arch, I mentioned  that the only metal I had were my braces, but if I removed them my trousers would fall down.  It was supposed to be humorous, but her blank face showed that she was not amused. 

As I walked through the arch she pointed to me and gestured to a colleague.  I was whisked into a small room where I had to take off my shoes, empty all my pockets, open my shirt, switch on my laptop and was subjected to a full scan with that wand thing. Fortunately the rubber glove was not required.   All was in order and I was allowed to go.

As I walked out of the room the same woman security guard walked over to me and said
 "Ah I see your trousers have stayed up" and smiled.    

Lesson learned.  Stupid comments at security are not a good idea.

Monday, 15 November 2010

Environmental Systems and Waste Management

The world has an increasing amount of waste of all types that are put to landfill and other disposal methods.  This waste may take decades or more to degrade so it was particularly pleasing to hear that an innovative company has designed a system to use waste and turn it into energy.

The system is a simple one and has been used by gardeners for many years to turn green waste into compost.  During the composting phase methane and carbon dioxide is given off.  The trick with the new system is to capture the methane, clean it and then either feed it into the gas grid or use it to produce electricity.   The reduction in methane emissions to the atmosphere will pay handsome dividends in the climate change stakes.
There have been other advances where a company in the USA have been turning industrial plastic waste into a useable aircraft fuel.  

Bio digesters can turn almost anything organic into its hydrocarbon and methane components thereby reducing our dependence on fossil fuels.  We all know that fossil fuels cannot last too much longer and will never be reformed while waste will be on-going. 

I can envisage the day when all waste is  recycled into energy and we will be self sufficient once again.   Importing vast amounts of gas from anywhere is fought with risks, especially if the supplier can shut off the supply as a bargaining chip in any conflict.

Monday, 1 November 2010

Computer Security and ISO27001

Last week while travelling by train I witnessed a severe breach of security by one of my fellow passengers.

He was obviously angry as he spoke on his mobile phone. He seemed to be speaking to one of his colleagues who was having a problem with one of their computer servers and wasn't sure what to do.

The conversation went something like this...

"You need to log in as an administrator to gain access to the xxxxxxx operating system config file".
"What do you mean you can't remember the administrator password".... For God's sake it is $%^mGGtss76".
"Now you are in the system you should run the yyyyy utility. did that work?"
"Ok now go into the ttttttttt company server called ryytruuuuuuuuy enter the high level administrator password ... letmeinagain8! and run the backup exec file and all should be well. ...If not Barry call me again".

The chap clearly ignored the rest of us and assumed that we were not listening to his conversation.

I asked him if he realised what he had done and that I had sufficient information to hack into his company server. He looked shocked, he hadn't given it a thought.

He used his mobile again.

"Barry, you will need to reset the passwords on both systems now as I seemed to have broadcast them to the entire carriage on this train"
"Yes *********** all right..... I know, see you later. Don't mention any of this to Harry".

The morale here is to ensure that you don't give away sensitive information and certainly not disclose passwords.

Monday, 11 October 2010

ISO14001:2004 Environmental Management Standard

Today, the emphasis seems to be concentrating on the Environment and the way in which all organisations and individuals can do their bit to protect the planet.

Now that the saga of the BP oil leak is beginning to fade and vehicle manufacturers are producing more hybrid and electric cars, it seems that our long dependence on oil may be waning.

If manufacturers can produce a truly carbon neutral car then we will be well on the way to finishing our reliance on fossil fuels.

Unfortunately bio fuel, which had so much promise has backfired in converting food producing areas into bio fuel production. It would be disastrous if we generate hectares of bio fuel crops and create food shortages.

Some of the energy producing efforts which include wind, wave and solar power have the potential to supplement our power generation but will never be able to replace our conventional power stations.

Nuclear power is a good option but is feared by many people.

Today I read about a proposal to use geothermal energy from deep wells bored into granite which would provide enough energy to power 5 million homes and also provide hot water to nearby dwellings.

Monday, 27 September 2010

ISO9001:2008 Quality Management Standard

Arguably the most recognised Standard in the world, it has stood the test of time. The Standard, which started as BS5750 was developed from the Defence Standards and AQAP (Allied Quality Assurance Publications) to fit with commercial organisations.

The early versions concentrated on the fulfilment of a contract between buyer and seller and made little mention of customer satisfaction. Indeed you could attain certification if your product was not all that good provided you made all of them the same way.

Later versions looked at the requirement to satisfy the customer while maintaining product conformance. The 2008 version was a tidy up operation rather than a revision and it is anticipated that the next version will include far more risk based actions. The ISO tend to revise standards each five year so and we can look forward to ISO9001:2013.

Many of the additional standard use ISO9001 as their guiding light, these include TickIt (Software production), AS9100 (Aerospace quality) and TS 16949 (Automotive quality)

Monday, 13 September 2010

AS9100 Quality Management Standards for Aerospace

ISO9001 has been a good quality standard across many industries and has been used in aerospace to great effect, albeit with additions.

To meet the exacting standards  in aerospace the major aircraft manufacturers and IAQG (International Aerospace Quality Group) developed AS9100; based on ISO9001:2008 this standard fills the gap between military standards and the commercial ISO9001 quality management standard.  It makes good sense to have one aerospace standard for conformity to best practice; AS9100 is that standard.

AS9100  v  ISO 9001

Manufacturing an item as complicated and critical as an aircraft or space vehicle requires special attention during all the production processes.  A great deal of attention is placed on documentation and drawing control to ensure that the current revision of engineering drawings, part lists and test and inspection specifications is being used.  This 'configuration control'  is covered in far more depth than ISO9001,  as is identification and traceability.  The paperwork trail is vital following an incident or accident and these documents are always quarantined immediately by an accident or incident board of enquiry.

The AS9100 standard provides guidance for key characteristic management in both material, and process control. Clearly there is a good deal of emphasis on the design and development of the final structure as well as components used in that structure, the AS9100 standard includes additional references in design and development functions.   Explanatory notes are included for both design and development verification and validation highlighting traditional areas of emphasis. Additionally,  AS9100 provides information on areas of verification documentation and validating testing and results.

One area which receives greater attention is the inspection area, particularly the first off in a batch of items.  This is called first article inspection in AS9100.  The standard also gives guidelines for actions to be taken when it all goes wrong.  Any faulty part, which is scrap, must be put beyond use before disposition.

This standard can be applied in the following forms:
  • AS 9100 - Quality Management System requirements for Design and/or manufacture of aerospace products
  • AS 90110 - Quality Management System requirements for maintenance and repair operations
  • AS 9120 - Quality Management System requirements for Stockists and distributors
Assessment and certification is carried out by properly accredited and competent assessors. The assessment is of necessity, more in depth than ISO9001 and the reporting is far stricter.  The assessor scores each item against a prepared score card; at the end of the assessment the scores are totalled and a decision to pass or require additional work to be carried out is made.  One major difference in the assessment is that no corrective action may take place during the assessment, unlike ISO9001.  Any CAP (corrective action plan) must take place afterwards.

Inevitably main suppliers who achieve certification to AS9100 will then require their sub-contractors and suppliers to achieve the standard as well.

Once accredited these organisations are featured in OASIS (the IAQG  Online Aerospace Supplier Information System).

Quality Matters can assist organisations to achieve certification to these standards.

Tuesday, 31 August 2010

Another Successful Certification

Last week saw yet another successful assessment for a client. One of our proud boasts is that our clients pass the assessment process, and at the first attempt. Fortunately the assessment, which covered three days, was a complete success with only three OFI's (Opportunity for Improvements).

Our unbroken record shows commitment to our 'Quality Matters in your Business' slogan.

The environmental management system is harder to get than ISO9001 and differs from the quality management standard in that continual improvement must be carried out.

There can be no sliding back. The assessor made the point fairly well: 'You have set the bar at this level and the only way you can progress is to improve on it'.

It is a well-known fact that many organisations insist on 9001 and 14001 as an entry qualification for tenders. This client already has 9001 and now has added 14001. These two qualifications will allow tendering for contracts to be far more successful.

This client can also reap the benefits of ISO14001 and the three R's:

  • Repair - where possible, rather than scrap
  • Re-use – if this is possible
  • Recycle- ensure that waste is recycled
  • Reduce – energy and resource usage

Tuesday, 3 August 2010

New Auditing Standard ISO 19011- A Preview

The latest version of the ISO19011  "Guidelines for Auditing Management Systems" is due to be published next year. Users of this standard will note that the title, which was "Guidelines of quality and/or environmental management systems auditing"  now reflects the need to audit ALL  management systems, and not just quality and environmental systems.

Providers of Internal Audit Courses have concentrated predominately on Quality and Environmental management systems, but it is becoming clear that 18001 (the Health and Safety Standard), ISO27001   (the Information Security Standard), ISO20001 (The IT Service Management Standard) plus the automotive Standard TS 16949 and the Aerospace Standard AS9100  and many others are featuring more and more. These need to be audited on a regular basis.

Our own internal auditing course will be updated to reflect these changes, once the standard is published.
The new auditing Standard focuses far more on RISK, including the risk of not carrying out audits correctly, either through inappropriately defined audit objectives, insufficient competence of auditors or inadequate risk evaluation methods.

Competence of auditors in the Standards being audited features in the new annex A to 19011 and details the discipline- specific knowledge and skills of auditors for:
  • Quality
  • Environmental
  • Information Security
  • Resilience, Security, Preparedness and Continuity (RSPC)
  • Transportation  Safety
One revolutionary part deals with distance or remote auditing by video or telephone link.   A marked change and one recognising the use of technology to reduce travel times and maximise auditor resource usage.

Where sampling of systems takes place, e.g where it is not practical nor cost effective to examine 100% of the items, a representative sample of the population may be used to provide sufficient evidence that the sample is truly representative of the whole population.  Annex C provides an informative strategy for auditors.  This section also recognises that the  "Auditor’s nose" can be used to choose a sample based on size, selection, methodology and previous experience.  Where extensive sampling is required the Standard refers the reader to Sampling Plan Standards (e.g. ISO 2859)

And finally there is far more emphasis on the evaluation of auditors/team leaders to ensure competence, skills, knowledge and personal behaviour. 

This update is well overdue as the original standard was produced in 2002 and we can look forward to its publication in 2011.

Tuesday, 20 July 2010

Welcome Back to Gliding

At long last the weather has improved and I have been able to schedule my client visits to allow me to fly again.

My break had lasted since November last year and I wondered if I would remember exactly how it was done.  My instructor looked at my log book and mentioned that it had been quite a while since my last flight, but he would allow me to do most of the flight routines while monitoring me closely.

The take-off was pretty uneventful and my instructor prompted me a few times to keep pressure on the stick in the climb and to remember to keep the wings level.  At the top of the wire we were released and free.  There were lots of thermals and with a fair amount of help we were at 5,000 feet.  I was able to practice co-ordinated turns and keep to a given heading despite efforts of the winds to throw me off.

After 20 minutes I began to relax and my instructor said that it was improving, I just needed to fly the glider and adjust the  trim rather  than fight with the controls .  It was becoming enjoyable again and with the height we had gained there was no panic to return to the airfield. 

The flight was all too soon in the region of 50 minutes and it was time to return to the circuit to prepare for landing.  I have always been apprehensive about landing as there is not so much a process as a judgement call to get it all right and in the right order.  As a Management Consultant processes are second nature to me,  judgement is a little harder.

I was downwind and my instructor asked me if I was happy with our position.  One look at the runway told me that I was not in a good position, too close and running parallel to it.  Clearly I was far too close.   He made the downwind radio call, that I had forgotten, as I moved  further out and made my diagonal turn;  speed was good , height was good, my adrenaline level  was high and I turned onto the final approach.  What had I forgotten?   "Air brakes perhaps" said the instructor just as I deployed them.

We were on a reasonable glide approach and needed just a little less airbrake, the ground was rushing up to meet us as I flared the glider and it just kissed the grass and then touched down.   I was feeling rather pleased with myself when I was jolted back to reality, "keep the wings level, we don’t want to ground loop do we?",  said my instructor as we slid gently to a halt.

The flight had lasted 56 minutes and as my instructor wrote some complimentary notes in my log book, I vowed not allow such a long break in future. 

While we packed the aircraft away in the hanger I reflected on my flight and how my confidence had been restored.  My sleepless night had been unjustified and with a little help from my instructors I will be back and hopefully going solo this year.

Tuesday, 6 July 2010

Risk Assessments

I recently purchased my third Honda Civic Hybrid and I am very happy with it.  My love affair with the Hybrid started in earnest when my first one saved my life in a head-on smash.   The car was wrecked, especially once the Fire Service had cut off the roof,  but I was unhurt.  I went out and bought a second one straight away.

My most recent hybrid celebrated its second week by being shunted in the rear by a young man who was "fiddling with his phone";  he was most apologetic  and fortunately he was insured.  I suppose technically I should have called the Police as his actions could be seen as careless driving, but his attitude was remorseful and as he had passed his test only a month or two previously, I thought that he would have learned much more by having to explain to his parents and his Insurance Company.

This young man will have learned the hard way that full attention is required when driving and that a telephone call or text is never so urgent that it requires instant attention.

He will, in future, even if he doesn't realise it, carry out a risk assessment on his driving and in particular to his mobile.

My car is going to be repaired and I have the use of a hire car in the interim.  It is mildly inconvenient, but no one was hurt and that is the main thing.

Tuesday, 22 June 2010

Document Control

I have used Microsoft Office is its various forms for many years and have found it to be very useful for documents, spreadsheets etc, and recently upgraded to the latest version 2010.   I expected it to do all the things that the older versions did and was pleasantly surprised to see that Digital Rights Management, although in the 2007 version, now works well.

Let me explain what DRM (Digital Rights Management) does for me:

  • It allows me to control who can read, write and change documents I have produced;
  • It allows me to stop my document being printed by someone else;
  • It allows me to stop my documents being copied or 'cut and pasted';
  • It allows me to encrypt a document or to require a password to open the piece.
These are very useful in ISO9001 (Quality Management Systems)  for document control and also in ISO27001 ( Information Security Management) to ensure restricted circulation documents remain restricted.

I particularly like the one page overview of properties which shows details of the author, date created, changes and last modified dates. These are all requirements for a good document control or document configuration management systems used in the Management Standards, including the Aerospace and automotive standards.

The other elements include the revised PowerPoint, Publisher, One Note, Infopath, Visio, Project and others.

In short, I like the newest of the Microsoft Office packages.

Thursday, 10 June 2010

What is an Internal Audit?

I am often asked this question and I always use the shorthand answer "A check to see that you do what you say".  This sounds simple, and so it is, if carried out correctly.

The first requirement is that the person(s) carrying out the audit actually know what they are doing.  The various standards specify that  persons carrying out audits must have received training are competent to do so.  This normally requires attendance at a recognised course of training which is based on the quality/environmental standard ISO19011:2002.   Our own course fills this requirement and is normally held twice a year in Spring and Autumn.

The routine of the audit starts with notification to your organisation that an audit is to be carried out and on what date.  It makes good sense to give at least a months notice to ensure the people you need to audit are available.

The first part of the audit is to carry out a document review to see if the quality/environmental manual exists and covers the requirements of the standards.  Once this is successful you can then concentrate on the company processes.

The audit proper starts with an opening meeting where you can prepare the organisation for the audit and explain how this is going to proceed.  It is an essential part of the audit and sets the scene for the work.

An audit checklist helps to keep the auditor on track and prevents things being missed.

The audit of the organisation processes looks at the process and compares it with the actual work being carried out.  They should be the same.  Look for evidence that this is so.

Any non-conformities should be recorded and any actions proposed by the auditee.

Non-conformities  are classified as Major or Minor; Major nonconformity is one where  a whole part or a significant part of a process is missing or not being followed. Minor nonconformities occur where someone has slipped up or something which is usually compliant has been missed.

Once the process audit has been completed a closing meeting is held to discuss the findings of the audit.

And finally an audit report is produced.

Sound straight forward, but I am constantly amazed at the standard of auditing, particularly by untrained auditors, who usually have no idea that the effort they have expended has little or no value.

Answer:  Train the auditor and get the auditor to carry out frequent audits to hone their skills.
........................................Simples (as the advert says).

Friday, 21 May 2010

How can you get certificated to ISO9001?

There are a number of steps required to ensure a successful certification to ISO9001 and probably the best way is to get some help from someone who has done it before.  This way you do not have to reinvent the wheel.

Step one is to purchase a copy of the Standard; this sets out the framework for you to follow.

Step two is to see what you have in place already and check that it compares favourably with the Standard.
It is likely that you have some systems in place and these may just need some tweaking to make them fit the quality model.

Step three is to produce a quality manual; the manual is usually in three parts:

  • A policy manual, which reflects the iSO 9001 standard;
  • A procedures section which shows the 6 mandatory procedures

    • Document control
    • Control of Records
    • Internal audit
    • Control of non-conforming product/service
    • Corrective action
    • Preventive action

  • A process section which shows all the processes within your organisation having an impact on quality. Note finance is normally excluded.

Step four is to make it all happen and adjust the processes as necessary.

Step five is to carry out an internal audit to check that everything is as it should be

Step six is to get an Accredited Certification Body to assess your system.

Step seven is where you can take a bow, as this is the award of your certificate of compliance to ISO9001.
If you need help, we can give you as much or as little as you need.

Monday, 10 May 2010

Secure Systems

Most company directors use laptops or netbooks to keep data available when away from their offices, but many do not have any sort of security installed.

Most will have anti virus software installed and many will have a password to log-in. A few will have basic  systems in place to prevent data being exported to a memory stick or CD.  Some may even have encrypted files.

The main security should ensure that the machine is physically secure. i.e. not left unattended.

The second level must include a secure log-in procedure, i.e. a complex password system, changed regularly.

The third level should ensure that any sensitive data is protected by a second  level of security. i.e encryption or second factor authentication.

One of the best methods is to have the laptop as a dumb terminal, holding no data and used to access data in the cloud or on a company server.  This does however require a secure internet connection. i.e https:/   but today the loss or corruption of data can have very serious consequences.

My own laptop is kept in a secure location; it has a steel cable attaching it to an immovable object when out of my sight. I use two levels of password and my sensitive data drive is fully encrypted.

I know that a good hacker could get round all my security but I have made it less attractive.  There is a balance to be made; really tight security means it is difficult to do anything; too lax and it is possible to lose or compromise data.  Somewhere in between must be the aim.

Tuesday, 27 April 2010

Internal Quality/Environmental Auditing

All of the management standards require regular internal audits be carried out by properly authorised and trained auditors.  There are many courses available and with varying costs.

Our own certificated auditing course is run twice each year and represents excellent training in the subject and cost effective.  Each delegate will be able to carry out internal audits in his or her own organisation following a successful participation in the course.
Our next course is due to be held in Colchester, Essex on 13th and 14th May 2010 and covers:

  • ISO 9001: 2008 and ISO 14001:2004
  • Management System documentation
  • ISO 19011:2002 - Auditing Standard
  • The audit cycle and schedules
  • Preparation and planning of an audit
  • Conducting an audit
  • Auditing top management
  • Reporting non-conformities
  • Qualification & training of auditors
  • Non verbal communication
  • Live audit practice
  • Tests of competence of delegates

Cost of the course is only £305.00 plus VAT

See our web-site for further details and a booking form

Tuesday, 13 April 2010

Business comes out of Recession

Readers of this blog will know that I started to learn to fly gliders last year and all went well until the foul weather hit.  Some of my colleagues at the Gliding Club said that I was a fair weather member, and I can't argue with that.  I fail to see what enjoyment can be had from being cold wet and covered in mud.

As I am writing this the sun is shining and the temperature is warmer than of late, my mind turns to the sheer joy of gliding.  All I need is the time to enjoy it.  I used to allow a day a week to get to the club but increasingly the emergence from recession has created far more work than I anticipated.

I am reluctant to turn work away so my diary is filling rapidly. 

More and more contracts are placing Quality Management at the heart of any requirements and any bidder not holding a certification to ISO9001 is simply not getting through to the final stages. Often I am contacted by organisations wanting to put a quality management system into place and stating that they must have it  in three weeks, three months or some other impossibly short time scale.

It normally takes 6-8 months to get a system into place and have it ready to assess.  After all any assessment body will want to see that a company is working to the system  and not just planning to work to it.

If it was just a matter of producing a quality manual and saying that it will be implemented, the ISO9001 standard would be valueless.  Fortunately the organisations wanting a good quality system also want the advantages that this brings in terms of efficiency and best practice.

Monday, 29 March 2010

Risk Assessment and ISO27001

 Last week I travelled to one of my clients in Kent; then traffic was awful and my sat nav took me on a slightly different route.  There was still a good deal of delay and at one point we sat in a queue for some ten minutes, then lorry in front of me suddenly reversed striking my car on the bonnet.  He lorry driver apologised and gave me details of his insurance, registration number etc.  Now I had a damaged car and was very late for my appointment. I was also very irritated that this unnecessary incident had happened.

Could I have prevented it? I don’t think so.  Should I have ignored my sat nav and used my usual route?  Again I don't think it would have been sensible. 

I was going to my client to initiate some risk assessments for their emerging Information Security Management System ISO27001 and it struck me that the data I had concerning the other driver, the accident, his vehicle, his employer and insurance company details were governed by the Data Protection Act and this information would be held by me temporarily but then dealt with by his insurers, my insurers, the repair garage and if there had been any injuries, which fortunately there were none, by Solicitors.  All this information would be held on databases and would be available to a great many organisations.  No wonder I thought about a risk assessment covering all of this, albeit in retrospect.

I  hope to get my car back soon.

Monday, 15 March 2010

Internal Quality/Environmental Auditing

All of the management standards require regular internal audits be carried out by properly authorised and trained auditors.   There are many courses available and with varying costs.

Our own certificated auditing course is run twice each year and represents excellent training in the subject and cost effective.

Each delegate will be able to carry out internal audits in his or her own organisation following a successful participation in the course.  

Our next course is due to be held in Colchester, Essex on 13th and 14th May 2010 and covers:

  • ISO 9001: 2008 and ISO 14001:2004
  • Management System documentation
  • ISO 19011:2002 - Auditing Standard
  • The audit cycle and schedules 
  • Preparation and planning of an audit
  • Conducting an audit
  • Auditing top management
  • Reporting non-conformities
  • Qualification & training of auditors
  • Non verbal communication
  • Live audit practice
  • Tests of competence of delegates

Cost of the course is only £305.00 plus VAT

See our web-site For further details and a booking form.

Saturday, 6 March 2010

This blog has moved

This blog is now located at
You will be automatically redirected in 30 seconds, or you may click here.

For feed subscribers, please update your feed subscriptions to

Security Risks and Social Networks

MySpace, Facebook, Linkedin and Twitter, used by millions yet the risks are not fully understood or appreciated.  Apart from the obvious threats from Trojans, viruses, stolen passwords and other malware, there is also the human risk of hurried messaging which has resulted in embarrassment and security threats to organisations.  The big problem with social networks and email to the same extent is that once sent, the message or information is 'in the wild' and could, if the experts are to be believed, stay on the internet in one form or another indefinitely.  How many of us had wished that they could recall an email one sent?

There are many people who believe that these social sites are secure.  If you are foolish enough to publish details of your address, interests and other personal information you are providing sufficient data to allow your identity to be stolen or misused.

Unfortunately, the information you post today, about a subject you  hold dear, may very well haunt you in years to come.  A future employer may 'Google' your name and all that information could be recovered.  This might be the difference between getting that job or being rejected.

Many companies are barring employees from using these networking sites as it has been shown that some company sensitive bits of information end up being discussed on these sites.  During the last war the enemy used to gather information by listening in to casual conversations in pubs and sporting venues.  A little bit here and a little bit there soon added up to a considerable amount of data once collated. 

The same applies to company blogs and instant messaging systems of all types, indeed a Microsoft employee apparently let slip that the new 2010 office package would be available in March.  This was swiftly denied by an official spokesman, but the damage has been done.

I always advise my clients that the internet is about as secure as writing the same information  on a piece of paper and fixing it to a public notice board in the middle of a busy town.  In short it is not secure at all, unless some elaborate encryption is used. 

One final word on social network sites, if you must use them, please, PLEASE do not use the same passwords that you use on secure sites such as bank, shopping or business networks and think once and think once again before pressing  SEND.

Enough said?

Monday, 22 February 2010

No Gliding- worse luck

The weather hasn't been too good and it seems that my services are needed when the weather has been suitable for flying; whatever  the reason I haven't  been able to go gliding recently.   I have resigned myself to waiting for the mad rush to die down.  I was hoping that after the Christmas period I would be able to get up in the air, but still no such luck.

Gliding does become slightly addictive and I must admit that I have missed the freedom of being like a bird, albeit only for a short time.  The M25 has been my tether and however hard I try to day-dream my journeys on that motorway I cannot escape the feeling of being restricted.

Enough of my ramblings!  The economy is showing mixed data; although the media have declared that we are officially out of recession it does still seem very much in evidence.

Whatever the economy is doing, sensible business owners and managers are trying to increase efficiency and drive down costs.  The lower costs are derived by 'getting it right first time'. This also has a morale boost for the staff as clearly repeating a job or dealing with complaints is wearing.

Happy staff are also more efficient.

Wednesday, 3 February 2010

Continual Improvement and ISO9001

Could it be that we are coming out of recession?  The messages are rather mixed at the moment, with one publication saying that we are still mired in recession and other saying that these mystical green shoots of recovery are showing.

One indication that we may be coming to the end of recession is the increasing interest in ISO9001 by companies of all types.  It is pleasing to note that manufacturing companies are seeing an increase in demand for their products and want to maximise this effect.  Continual improvement is the slogan for 2010 along with increased efficiencies. 

ISO9001 has been the single most successful standard throughout the world, with more certifications that any other standard.  Companies without ISO9001 are now looking to achieve certification to remain competitive.  Indeed ISO9001 is an entry qualification for a good number of tenders/PQQ's (pre qualification questionnaires).

Then process for achieving 9001 is reasonable straight forward and if set up correctly will enhance the company's activities, provide structured reporting and enable the company to compete on equal terms.
Here at Quality Matters we have been putting quality systems into place since 1991 and our proud boast is that every company using our services has achieved an ISO 9001 pass at assessment and at the first attempt.
We are pleased to discuss your requirements and explain how 9001 can help you and your organisation, together with costs and a timescale.

Tuesday, 19 January 2010

ISO27001 and loss of data

Once again there have been cases where sensitive data has been left on trains or in restaurants and most of these are either laptops, or memory devices.  The sheer volume of data loss is reaching epidemic proportions.
ISO27001 is a good system to have in place but it must be enforced vigorously, otherwise it is just too easy to allow data to be lost or removed.

The prime method for theft of data remains the USB stick and this seems to be the method of choice for those wishing to steal data from systems.

There are a couple of things you can do to protect your data:

  • Set up computers and laptops to exclude USB devices and CD/DVD writers.  It may seem harsh for laptop users not to be able to use the USB port, apart from a mouse but if the data you hold is sensitive then this level of protection is justifiable. 
  • Using group policy to prevent the export of data by email or other attachment. 
  • Enforce the encryption policy to make sure that any data stored on a laptop is secure; password protection alone is not enough.
  • You could also set up your laptop systems to be 'thin client', that is to have all data stored on a server and using the laptop to connect to the server.  No data can be stored on the laptop,  so the laptop cannot be compromised.
  • And finally ensure that paper documents are protectively marked if they are sensitive and enforce security protocols for restricted, confidential and secret documents.

Let us all make sure that 2010 is not going to be a year when we lose data.

Monday, 4 January 2010

Customer Satisfaction

May we wish you all a Very Happy and Prosperous New Year.

We, at Quality Matters want to ensure that our customers are very satisfied with the services we supply, indeed if any of our customers report that they are only satisfied, we carry out an internal investigation to find out why. 

The company was established in 1991 and during that time we have received only one dissatisfaction report.  On investigation it turned out to be a misunderstanding, however we apologised and refunded the fee in full;  our customer was rather taken aback at this and said that he merely wanted to register his comment. The misunderstanding resolved this customer has recommended our services to others and used our services a number of times himself.

We believe that to achieve this level of customer satisfaction we need to go way beyond satisfaction and this we strive to achieve.  This customer care ethic has been a primary driver for nineteen years and as we enter on yet another decade we are quietly confident that our customers will continue to maintain their association with Quality Matters.

Quality Matters

P.O.Box 5479

T: 01621 857841
F: 01621 856016
M: 07702 193788

© 2015 Quality Matters Ltd. All rights reserved. Responsive Design