Yellow font on Black background Black font on White background Black font on Cream background
Call us today 01621 857841 or Email us
Quality Matters Logo
"Quality Matters in your Business"

Monday, 20 June 2011

Hot Standards - ISO27001 and AS9100

I am often asked about the trends for companies wishing to incorporate Management Standards and how this impacts on the UK. 

Recently there has been a major shift in requirements from the traditional Quality Management Standard ISO9001 and Environmental Management Standard ISO14001 to the Information Security Management Standard ISO27001 and the Aerospace and Defence Standard AS 9100 (or EN9100).

Are these harder to get (and keep) ?   The clear answer is yes they are. I often use the comparison that if ISO9001 is a mole hill then ISO27001 is Mount Everest.

AS9100 is similar and covers all the requirement of ISO9001 plus 80 additional requirements.  It is a huge undertaking.

Why are these two Standards becoming so popular?

The loss of data and personal information through hacking, theft and in some cases sheer stupidity has prompted organisations to look for a method to secure their data and protect it from unauthorised disclosure.  Even a minor loss could damage an organisation's reputation and in a worst case scenario result in the Information Commissioner levying heft fines.  The publicity alone can cause a loss of confidence by customers and potential customers.  ISO27001, if properly used, can prevent this happening.  It also shows that an organisation takes this element very seriously.

Organisations supplying goods and services to the Aerospace and Defence industries are increasingly being asked to incorporate AS9100.   The latest revision 'C' is a substantial piece of work, requiring organisations to put many additional controls into place to ensure that any goods or services are fit for purpose in this highly regulated industry.  AS9100 or as it is sometimes known in Europe as EN9100 is the Standard that major aircraft and aerospace manufacturers are putting into place and requiring their suppliers to do the same.

How long does it take to put these Standards into place?

Very much depends on the size and complexity of the organisation but it is likely that from start to certification may take 12, 18 or 24 months to achieve.

Remember before the first (stage 1) assessment any organisation must have been working to the Standard for at least 3 months; we normally recommend 6 months to ensure any difficulties are ironed out.

This includes all the new documentation, procedures, processes, work instructions and records must be working, have been internally audited and are ready for external assessment.

Once Stage 1 has been completed and any non-conformities cleared the Stage two can be undertaken.  This on site assessment will be an in depth audit against both the Standard and organisation declared documentation.

If all goes to plan, any non-conformities are rectified and a certificate of compliance can be issued. 

Is this the end of story?    No, the Certification Body will make surveillance visits to check that the organisation remains compliant.  If there are serious breaches the certificate may be suspended or withdrawn.

Why is it so difficult?   I usually say that 'if it was easy to get then everyone would have it and if it was easy to get then it probably would not have such positive benefits'.

How does this impact on the UK?  

ISO27001 certifications are increasing rapidly, Japan, India and China lead the way with the UK in fourth place.

AS9100 lead by the major aircraft manufacturers in the USA but becoming a requirement for UK suppliers.

No comments:

Quality Matters

P.O.Box 5479

T: 01621 857841
F: 01621 856016
M: 07702 193788

© 2015 Quality Matters Ltd. All rights reserved. Responsive Design