Yellow font on Black background Black font on White background Black font on Cream background
Call us today 01621 857841 or Email us
Quality Matters Logo

"Quality Matters in your Business"

Monday, 17 December 2012

Merry Christmas and a Happy New Year

Quality Matters has had a very good year with a load of new clients and returning clients using more of our services.  We know that they are happy with the services, because they have told us so.

This year has seen us move offices  (not to be undertaken  lightly) and providing additional consultancy services in the Aerospace Standards AS9100, AS9110 and AS9120.  We have trained new Internal Auditors and supported clients wishing to upgrade their systems to the latest best practice.

Please keep reading our blogs for the latest and informative data.

Consultancy Services:
  • ISO9001 Quality Management
  • ISO14001 Environmental management
  • OHASA 18001  Occupational Health & Safety Management
  • ISO20000 IT Service Management
  • ISO22000 Food safety Management
  • ISO27001  Information Security Management
  • AS9100, 9110, 9120  Aerospace Quality Management
  • ATEX Explosive Atmosphere Quality Management
  • And of course our twice yearly Certificated internal Management System Auditors courses
 We wish all our clients and potential clients a very merry Christmas and a happy prosperous New Year.

Monday, 3 December 2012

Social Engineering

What is social engineering?   

This is a method used by people to gain unauthorised information or access to facilities or data.  One common method is to visit a company and just listen  while waiting in reception.  You will learn a great deal.  The receptionist will  also furnish a great deal of information about the organisation if approached in the correct manner.

"Is Fred Bloggs the IT Manager still here?".  Often the answer will be something like,  "I haven’t been here long but I think the IT Manager is Arthur Redpath".  Of course you looked at the car park spaces outside the building which helpfully have the names of senior staff  printed for all to see.

In just a few moments the social engineer has the names of the senior staff and that of the IT Manager.   
The receptionist will certainly confirm if the senior staff are in today but, by default, an empty car park space usually means that person is not in.

Once been let in to the main building  the social engineer will usually be accompanied but a trip to the washroom will not.  There may be offices or work stations where an employee  has not locked their computer or an unguarded list of telephone numbers with names.

These small pieces of information can be invaluable.  Impersonating an employee on the phone  can often get a response to the question,  "I can’t remember my password can you tell me what it is or can you reset it please?",  "I have a terrible cold at the moment" usually stops further enquiries being made.

Using the persons log in details which are usually first and last name or some other easily guessed combination together with the newly reset password, gains access to the company network.

Listening to mobile phone conversations is always a good source of information, particularly when a computer systems administrator is trying to diagnose a problem remotely.   Trains are ideal for this.
Christmas parties, where alcohol  loosens tongues is  also great for hackers.

I could go on but I think you get the picture. 

Make everyone is aware of social engineering and how easy it is to give away small pieces of information.

These small pieces when collated become a significant amount of information which could be of use to anyone wishing to do some damage or steal information.

Beware of giving vital information away.

Monday, 19 November 2012

ISO 14001 and Hurricane Sandy

There are a growing number of people who are convinced that the freak weather patterns we have been experiencing are down to global warming.  In the UK we have had a severe drought followed by the wettest summer for a hundred years . In the USA hurricane Sandy caused immense damage even when it was downgraded to a storm. 

The President of the United States of America has even admitted that global warming is a reality; it may be that  a pollution reduction plan is on the cards throughout the USA.

In Europe reduction in pollution and recycling has been a feature for many years and an increasing number of industries are adopting the Environmental  Standard  ISO 14001:2004.

Put simply  14001 requires an organisation to address the four 'R's:

Reduce - energy consumption

Recycle - paper, plastics, metal, glass etc

Reuse - refurbish and where possible give it a second life

Repair - fix it don’t throw it away

In addition they must have an EMERGENCY PREPAREDNESS AND RESPONSE PLAN.  The organisation should identify those activities which could potentially impact on the environment if an accident or emergency situation arises.

The organisation should be able to respond to emergencies & accidents and review and revise procedures with the view to mitigating the environmental impacts that are associated with them.

Many organisations are responding to the need for quality and environmental by installing ISO 9001 (Quality) and ISO 14001 (Environmental) Management systems. 

It is becoming the norm when completing quotations and tenders to be asked if you have these Standards in place. if The answer is 'YES' then you just tick the boxes.   If the answer is 'NO; then it requires a lengthy set of questions to be answered.

I suspect that if the shortlist contains companies with the two Standards and companies without them, then those with 9001 and 14001 are going to have a greater chance of success.

Tuesday, 6 November 2012

Quality Management and ISO 9001

The demand for quality management systems has increased recently, perhaps due to the double dip recession making efficiency savings more important, or simply that business owners want to gain access to markets where certification to ISO 9001 is an entry requirement; whatever the reason it makes good sense to follow good business practices as laid down in ISO9001.

BS EN ISO 9001:2008  requires 5 main sections to be addressed, these are: 
  1. Quality Management System;
  2. Management Responsibility;
  3. Resource Management;
  4. Product Realisation;
  5. Measurement, Analysis and Improvement
Each section is subdivided as required and covers all elements of the business having an impact on quality.

Here is the quality model contained in the Standard:

Put simply it requires you to turn customer requirements into customer satisfaction by meeting customer requirements,  Sounds simple,  and so it is. We all want our customers to be happy with the products or services we have provided.  In this way those satisfied customers tell others and this reputation for quality is a vital asset.

We at Quality Matters work hard at our reputation, which goes back to 1991. We are delighted that our very first customer still uses our services and has recommended our services to others again and again.

Consultancy is our main service and our emphasis on success is enviable. In fact we guarantee a successful outcome to all our consultancy assignments.

Our internal audit courses held twice each year also attract both new and old customers.  They tell us that our courses are both interesting and informative, without being dry.  They also say the courses are very cost effective.

Monday, 22 October 2012

Why carry out Internal Audits?

All of the Management Systems require internal audits to be carried out at least once a year; these audits provide confidence to the top management that the management system is performing as it should, or it identifies elements that are not conforming.  In my experience I have found that organisations that do not carry out audits properly or don’t do them at all are lulling themselves into a false sense of security.  Audits should not be considered an unnecessary overhead but a method of ensuring that things are as they should be.

 I visited a company that had largely ignored the auditing process and had been audited by one of their major customers as party of a review.  The customer's auditor was not at all pleased with what he saw; in fact he said that unless some major improvement was achieved within three months he would recommend that the supplier/customer relationship would be at an end.

This is where Quality Matters was appointed to help and get the quality management system back on track.  So far we have updated policies and procedures, set up KPI's to measure how well each department is doing and finally we will carry out a full management system audit to ensure full compliance.

The company will, of course, need to maintain the system in future and they have decided to send their internal auditors to one of our certificated internal management audit courses to update their knowledge and ensure that the company quality system is maintained.  

The good news is that the company’s supplier has renewed their contract for another year.
Internal audits are an essential part of any company’s management strategy;   they should not be a battle-ground; they should be able to show compliance with systems documented procedures and processes. 

An auditor should not set out to find things wrong but is there to confirm that things are right. If an area is not performing well then the auditor will, of course, point this out and get the person or department being audited to put it right.

In these troubled times it is essential that organisations get the very best out of their management systems and auditing is one way of making this happen.

Monday, 8 October 2012

Wet is not nearly accurate enough

I have been spending a fair amount of time in the north of England and recently the weather conditions have been atrocious.  At one stage I wondered  if a boat would have been a better mode of transport.

One of my car journeys was particularly memorable, It was just getting dark when a car coming towards me began flashing his headlights;  possibly a police speed trap?  I rounded a bend in the road and realised the true meaning of the flashing.  The road was more of a lake than a road,  should I risk it and drive through or find an alternative route.  I decided that it might be better to follow the locals and turn around.  The flood could have been very deep in the middle and being marooned was not my idea of fun.

I mention this situation as I found out later that two of my clients had been flooded out of their premises.  Their server rooms were on the ground floor and although the servers were in racks, the cabling and connections were not sufficiently high to escape the deluge.

Fortunately both clients have robust business continuity and disaster recovery plans.  It took one client two days and the other three days to have a temporary home and get systems up and running, thus proving the benefit of this type of disaster planning.

The Met Office said that these were the worst storms for 30 years.  Our business continuity systems were written to cope with most emergencies   and I am glad that  my Clients were able to 'weather the storm',  literally in these cases.

ISO27001 specifies a business continuity procedure should be in place and  BS ISO 22301:2012 Societal security  business continuity management system (which replaces BS 25999) also requires a robust business continuity and disaster recovery plan to be in place.

Tuesday, 25 September 2012

Internal Auditing

The revised Standard ISO19011:2011 has changed the way we present our twice yearly audit training courses.  We now address more standards than the previous two; ISO9001:2008 and ISO14001:2004.  The two day courses we run now address the following Standards on day 1:
  • ISO 9001 Quality Management
  • ISO14001 Environmental  Management
  • OHSAS 18001 Occupational Health and Safety Management
  • ISO27001 Information Security Management.
  • Other Standards can be covered as required.
Day 2 of the course covers all aspects of setting up an audit programme, preparing for an audit, conducting audits, auditing top management, reporting audit non-conformities and follow up.

In addition, the course examines some aspects of non-verbal communication and identification.  Finally there is a live audit practice and tests of competence.

We have been running Internal Auditing courses since 1991 and a number of companies have sent their staff on successive courses.  These are some of the comments we have received:

"cost effective and very enjoyable",  
"It could have been a very dry subject, but the instructor’s style made the content  interesting",  
"I will be sending more people on this course in the future".            
"The hotel conference room was very comfortable and the lunches were great, apart from the course which was most interesting".

The next course is to be run in Colchester, Essex on 22 & 23 November 2012.  See our web-site for details

Monday, 10 September 2012

Business Continuity and Power Systems

We take data security very seriously indeed and it was a real wakeup call when the UPS (uninterruptable power supply) decided to go on the blink; instead of the familiar bleep, bleep  indicating that the batteries had taken over and that it would be some 20 minutes before everything went dead, there was just a single bleep then silence.  Of course this also meant that screens went off, as did the server. Some rude words were said!

After what seemed an eternity the  power was restored.  Fortunately a data integrity check showed that all our data was intact and not corrupted.  The piece I was working on when the power went off was,  of course, lost.

We carry out daily, weekly and monthly checks on our systems to ensure our equipment is ok. We, however did not check the UPS batteries capacity;  we simply switch off the power and see that the UPS cuts in.

With the power of hindsight we should have let the UPS run for longer to check that the batteries were able to sustain the power to our systems. 

Looking back at our records I noticed that the UPS was over five years old and it still had the original batteries fitted.  These batteries are lead acid type and I know from experience with car batteries that they tend to last about 4 years before capacity becomes reduced.  It is normally on the day after a hard frost that the car won't start, requiring a battery replacement.

I ordered a set of batteries and the following day they arrived.  Very heavy and hidden in the bowels of the UPS are the batteries.  I isolated the power and took out the old units.  They were thick with dust.

Fitting the new batteries into the unit was relatively simple, I connected them up and turned on the power.  I did not know whether the batteries were fully charged or just had a minimal charge, so I left it some 8 hours before testing the whole unit. 

The new batteries kept the power on for 24 minutes after I disconnected the mains supply. 

All is well again at Quality Matters.

A lesson learned though, you should not take your UPS for granted. It will be tested at least monthly.

I have also set up an alert to replace the batteries again in four years  time.

Tuesday, 28 August 2012

Anti Virus Systems

Quality Matters have used McAfee anti-virus and anti-malware for many  years and have found the systems to be effective and sound, so it was something of a shock to find that over the Bank Holiday weekend something had gone wrong.

A red banner announced that my desktop machine was at risk.  I tried to upload the latest patch from the McAfee site but to no avail.  I tried to contact McAfee by email but it seemed that my connection to the internet was not functioning.

I finally managed to get the internet connection working again but the red banner remained.

Eventually, after some searching, I found a reference to this problem and a workaround.  I had to remove McAfee completely from my system and reload it from their site, and then ran a full scan.

Apparently a software upgrade had caused all these problems and McAfee were working to get a patch to all those affected.   I wasted several hours doing all this.

I think we all take our anti-virus software for granted.  It sits there silently protecting our systems.  It is something like ten minutes spent online without antivirus protection before your systems can be infected, I am told. 

Happily I can report that all the Quality Matters Systems are reported to be virus free.

By Monday morning McAfee had issued a further upgrade to eliminate the problem.  Phew!!

We do seem to be having a spate of software related issues lately or is it just that we are becoming more reliant on them?

Monday, 13 August 2012

The Internet and Data

Recent failures in data centres for major institutions have  been a headache with the NatWest/RBS online failure which prevented financial transaction for several days.  This was followed by O2 with an unsuccessful failover preventing many from using their phones for calls and data.

Have we become so reliant on the internet that a day, or more, causes major disruption? 

Sadly the internet now plays such a big part in our daily lives that even a short disruption causes much pain.

We were unaffected by the NatWest/RBS outage , except for two of our clients, who were unable to settle their invoices on time, however the O2 outage did mean that I had no access to our email as I was away from my office.  Of course I also had no voice calls either.  I must admit that it felt like having an important part of my body being cut off.  We have all become so used to instant communication that this sort of disconnection is alarming.

I hope that the organisations like ours were able to operate their business continuity plans and found them to be stable and efficient.

Following these incidents we have received far more enquiries for ISO27001 (Information Security Management Standard). This signifies that there were a lot of organisations that were unprepared.
Business continuity should be incorporated into all businesses.

Monday, 16 July 2012

Quality & Environmental Management

We are finding that more and more organisations are opting for a combined management system with ISO9001 and ISO 14001 as a complementary pair.

The introduction of these two management standards together has many cost savings, including combined manuals and combined management reviews and audits.

You can see from the table below that there is a great deal of synergy between the quality management standard ISO9001 and the environmental management standard ISO 14001.
Correspondence between ISO9001 and ISO14001 Standards
ISO 9001:2008 Clause No ISO 14001:2004
Quality Management System (title only) 4 4 Environmental Management System
General requirements 4.1 4.1 General requirements
Documentary requirements (title only) 4.2
General 4.2.1 4.4.4 Documentation
Quality Manual 4.2.2
Control of documents 4.2.3 4.4.5 Control of documents
Control of records 4.2.4 4.5.4 Control of records
Management responsibility (title only) 5
Management commitment 5.1 4.2
Environmental Policy
Resources, roles, responsibilities & authority
Customer Focus 5.2 4.3.1
Customer Focus/Business Development
Legal & other requirements
Management review
Quality Policy 5.3 4.2 Environmental Policy
Planning 5.4 4.3 Planning
Quality objectives 5.4.1 4.3.3 Objectives, targets & programme(s)
Q.M.S Planning 5.4.2 4.3.3 Objectives, targets & programme(s)
Responsibility, Authority & Communication 5.5
Responsibility & authority 5.5.1 4.4.1 Resources, roles, responsibilities & authority
Management representative 5.5.2 Resources, roles, responsibilities & authority
Internal communication 5.5.3 4.4.3 Communication
Management review (title only) 5.6
General 5.6.1 4.6 Management review
Review input 5.6.2 4.6 Management review
Review output 5.5.3 Management review
Resource management (title only) 6
Provision of resources 6.1 4.4.1 Resources, roles, responsibilities & authority
Human resources (title only) 6.2
General 6.2.1 4.4.2 Competence, training & awareness
Infrastructure 6.3 4.4.1 Resources, roles, responsibilities & authority
Work Environment 6.4 Work Environment
Product realisation 7 4.4 Implementation & operation
Planning of product realisation 7.1 4.4.6 Operational control
Customer related processes (title only) 7.2
Review of requirements related to the product 7.2.2 4.3.1
Environmental aspects
Operational control
Customer communication 7.2.3 4.4.3 Communication
Design & Development (if applicable) 7.3 4.4.6 Operational control
Purchasing 7.4
Purchasing process 4.4.6 4.4.6 Operational control
Purchasing information 7.4.2 4.4.6 Operational control
Verification of purchased Product 7.4.3 4.4.6 Operational control
Product provision (title only) 7.5
Control of product provision 7.5.1 4.4.6 Operational control
Control of product provision 7.5.1 4.4.6 Operational control
Validation of processes for product provision 7.5.2 4.4.6 Operational control
Identification & traceability 7.5.3
Customer property 7.5.4
Preservation of product 7.5.5 4.4.6 Operational control
Control of monitoring and measuring equipment 7.6 4.5.1 Monitoring & measurement
Measurement, analysis & improvement (title only) 8 4.5 Checking
General 8.1 4.5.1 Monitoring & measurement
Customer satisfaction 8.2.1
Internal audit 8.2.2 4.5.5 Internal audit
Monitoring & measurement of processes 8.2.3 4.5.1
Monitoring & measurement
Evaluation of compliance
Monitoring & measurement of product 8.2.4 4.5.1
Monitoring & measurement
Evaluation of compliance
Control of non-conforming product 8.3 4.4.7
Emergency preparedness & response
Nonconformity, corrective and preventive action
Analysis of data 8.4 4.5.1 Monitoring & measurement
Improvement (title only) 8.5
Continual improvement 8.5.1 4.2
Environmental policy
Objectives, targets & programme(s)
Management review
Corrective action
Preventive action
4.5.3 Nonconformity, corrective & preventive action

The two standards are the entry point for tenders on most government contracts. Sadly if you are not able to tick the two boxes:
  • Have you a certificated quality management system in use? And
  • Have, you a certificated environmental management system in use? Then it is likely your tender will not progress the initial criteria.
It is also vital that your certifications stand up to scrutiny; non UKAS certifications in the UK are unlikely to meet the minimum requirements.

Monday, 2 July 2012

Business Continuity Planning

The recent flash floods have proved that a sound business continuity plan is essential.
Any disaster recovery plan that has not been tested is pretty useless, as those affected by the deluge of rain have now realised.

The previous Standard BS 25999 has now been replaced by a truly international Standard:  ISO 22301; this Standard contains much of the old 25999 but has detail more added.  

Organisations that have the Information Security Standard ISO27001 will already have a business continuity plan as part of their overall system.  Testing of these systems is often seen as a chore and carried out in haste as a table-top exercise where assumptions are made. The on-going belief that any event can be covered is misplaced unless detailed tests of the business continuity plan are undertaken.

Some years ago one of our Clients carried out a simulated power failure and it was clear that the UPS would soon run down and the company would be left with no IT or telephones.  Most of the senior management were away from the office and the HR manager took the lead in the plan.  She announced that the company had an emergency generator stored in a lock-up garage nearby and that had this been a real power failure the generator would be collected and connected to the emergency socket on the wall outside the server room.

I suggested that it would be a good idea to collect the generator and run it to ensure that it could cope with the load.  Reluctantly she agreed and after about ten minutes a Land Rover towing a small trailer appeared.  I suggested that it should be connected to the socket.  This is where the problem of not testing the plan became obvious; the generator was a single phase unit with a three pin plug. The emergency socket was three phase with a five pin configuration.  Had this been a real power failure the whole system would have been down.  Our simulation declared that a main power cable to the industrial park had been severed and power would not be restored for about three days.  Clearly all the local hire shops would be besieged with requests for generators and none would be available for our company.

Wednesday, 6 June 2012

DNS Changer Malware

There have been a number of scare stories in the past, remember the millennium bug which promised to bring down every computer in the world, but this one seems far more plausible.

The notification came through the FBI in the USA and has the potential to bring down the entire internet.  This would dwarf any attempts so far to disrupt business worldwide.

This bug affects only Windows and Mac machines (at the moment) Linux, android and IOS are ok.  Essentially this Trojan infects machines and alters the way that computers resolve internet addresses. 

When you type in a web address  for example  DNS servers  look up the internet reference, in this case it resolves it to 92-15-193-76  and connects the user to our web-site.  The bug changes the way this is done and directs the user to a criminals web site.  It may be that the site looks similar to the original and in the case of financial institutions will prompt the user for username and password.  The bug also disables antivirus and anti malware software so that the user is pretty defenceless.

The FBI have arrested a number of the criminals (Six Estonian Nationals) already and have used their own resources to set up web addresses that the criminals have used. 

Will this affect me?  There is a way to test your own system to see if it is infected.

Type in If your machine is OK then it will show a green background; if not it will be red.

The one thing I haven’t mentioned yet is the date on which this will all happen;

Let us hope that it was all a hyped up issue and the date passes without incident. I am  prepared – are you?

Monday, 21 May 2012

29 February - will you marry me?

This is the date when a woman can propose marriage to a man, turning the traditional tables a full 180 degrees.  Unfortunately for Microsoft it also meant a full blown outage on its Cloud platform named Azure.

Apparently encrypted data sent between a virtual server and the host system looked up the security certificate to authenticate the message.  Certificates are valid for a year so the system sought to validate the certificate as at 29 February 2013.  As 29 February comes around every four years,  there is no 29/02/2013 and the system crashed.  Worse was to follow as the system tried to restart itself and being unable to do so tried to repair and restart on other parts of the system which also failed, causing a cascade failure.

I doubt that the system engineers at Microsoft were in a proposing mood as the outage went on and on for 8 odd hours.

The millennium bug which was supposed to cause such mayhem as  the clocks ticked over to 2000 caused little concern, but this four yearly event was different.  We have nearly four years to prepare for the next  29 February  in 2016.  Let us hope we are all ready.

As an aside, many years ago I had a call from a Client on 29 February and she told me that it was the day that women could propose to men and 'what was I going to do about it?'  I was somewhat taken aback as I hardly knew the woman and I was already married.  Fortunately she used the ploy to get a reduction in her annual contract with my company;   how could I refuse?

Tuesday, 8 May 2012

You don't have to be paranoid

The latest idea to allow you to pay your smaller bills using a mobile phone does not fill me with great confidence.  The number of mobile phones stolen each year could mean that a thief could withdraw quite a lot of money, even though it will be in small amounts for each transaction, without any risk.

Contactless or 'pay by wave' credit and debit cards did seem to be a good idea but I recently heard that thieves with hand held scanners were testing them in crowded areas to see if they could identify people carrying them.  They would then simply use the scanner to make a transaction or steal the card and use it a number of times before reaching a payment limit or the card being deactivated.  It is hard enough to get the banks to deal with phantom cash machine withdrawals let alone phantom contactless payments.

My wife thinks I am becoming paranoid when I purchased a new wallet which has a stainless steel thread covering the outside.  It effectively shields any cards in my wallet from scanners.  It however does afford some protection and particularly in crowded tubes or the upcoming games.

I know the maximum amount that can be withdrawn is supposed to be £25 but the time and hassle in getting this refunded and a new card issued makes me wonder if it is worth the risks.

There was a similar situation when the first passports were issue with an embedded chip and were waved at a scanner.  I haven’t heard of any major problems with those.

It could be that I am overly concerned and it may not be a risk at all, but my gut feel is that the thieves are getting cleverer by the day and this is too much of an easy way to make money that they will simply not be able to ignore.

Monday, 23 April 2012

Non Accredited v Accredited Certification Bodies

Certification to the various Management Standards such as ISO 9001 (the Quality management  Standard and 14001 (the Environmental management standard) have been recognised worldwide as viable qualifications.

The UK Government has appointed a sole Accreditation Body  to accredit certification bodies to issue certificates of compliance to management standards.

"The United Kingdom Accreditation Service is the sole national accreditation body recognised by government to assess, against internationally agreed standards, organisations that provide certification, testing, inspection and calibration services.

Accreditation by UKAS demonstrates the competence, impartiality and performance capability of these evaluators.

UKAS is a non-profit-distributing private company, limited by guarantee. UKAS is independent of Government but is appointed as the national accreditation body by the Accreditation Regulations 2009 (SI No 3155/2009) and operates under a Memorandum of Understanding with the Government through the Secretary of State for Business, Innovation and Skills."

I was contacted recently by a company that had been 'certificated' to both the standards by a non UKAS certification body.  The company believed that they met the requirements of the two standards because year after year their 'Assessor' told them that they were compliant.  Imagine how they felt when one of their major customers carried out a vendor audit on them and told them that their certifications were worthless and they were far from compliant with 9001 and 14001. 

It makes my blood boil when I see these so called certification companies issuing certificates purporting to show that full compliance to the international standards has been achieved when in fact they do nothing of the sort.

This company asked me to look through their Quality Manual; it was riddled with errors and did not comply with ISO 9001.  It was confused and woolly, it did not address the six mandatory procedures required by 9001 and did not even reference the correct Standard.  The Company, quite rightly, feel that they have wasted their money and will now have to expend more money to gain proper certification.

These non-accredited certification companies should be severely censured if they do not provide the promised  outcome.  I also believe that UKAS and or Trading Standards should act and prosecute where they can see misrepresentation has taken place.

To be absolutely sure that your certificate gives confidence that your systems actually meet the requirements of the Standards and will stand up to external scrutiny then insist on a UKAS Accredited Certification Body.   If in doubt, look at the UKAS web-site

Tuesday, 10 April 2012

Quality Matters has moved

We have moved offices on 1st April 2012.  It is not an April Fool's joke.   The move to our new offices in the Heybridge Business Centre in Heybridge, Maldon in Essex  are somewhat overdue;  we have been in our existing offices for over ten years and in that time accumulated an awful lot of unnecessary things which were kept ‘just in case’.  It was either pack it and take it to the new office or throw it away, in the end we decided to throw most of it away.

Apart from the physical items we decided to get rid of a lot of archived files going back to 1991.  The shredder worked overtime and we managed to fill 30 bags of shredded  paper!!.

Our new offices have a manned (womaned) reception and the receptionist, Patty will take messages and direct calls when we are all out of the office.

One item of concern were the telephone numbers/fax numbers  as we have had these for a long period and we wanted to take them with us.  Unfortunately BT would not be able to do this as we would be on a different sub exchange.  It finally became possible when we were able to port our numbers into the cloud and then these redirect automatically to our new phone /fax lines. This means that we will not have to reprint all our stationery.

Our existing P.O.Box address will still be in use as will our email and web-site.

New location address:

Heybridge Business Centre,
110 The Causeway,
CM9 4ND.

Our postal address remains the same:                       

P.O.Box 5479,
CM9 8GG  

Telephone number: 01621 868767                                                                               
Fax Number:   01621 968767

Our service to our Clients was unaffected by the move.

Monday, 26 March 2012

WEEE Directive & ISO27001

Quality Matters has always considered data security as a prime requirement and security of client data is paramount.  To ensure that data security is achieved we use firewalls, anti virus and anti malware systems as well as encryption to Mil Standards and physical security measures.

Every time a  PC, Server or Laptop is retired the hard drives are removed and the residual hardware broken down and disposed of in accordance with the WEEE directive (WEEE is the Waste Electrical, Electronic Equipment Directive).

Recently we realised that we had quite a number of hard drives which had been removed from old equipment; these drives contain data, which could be recovered.  In the past we have wiped the data from disks and sometimes reformatted them.  We believed that this rendered the data unrecoverable. However we stopped doing this some years ago when it became apparent that forensic data recovery was possible even though we had carried out wiping and reformatting.

What should we do with the ever growing store of used hard drives?  

We are based in Maldon in Essex and happened to visit one of our Clients and found almost by accident a company that would deal with our drives in a failsafe manner.  

This company EOL IT Services ( based on the Baltic Wharf in Station Road Maldon has the answer.  Hard drives can be securely wiped or destroyed.  Destruction is totally secure as the hard drive is rendered into granules.  The granules are then recycled.

In addition this company will take away redundant IT equipment and pay any residual value; any non functional equipment is broken down and recycled.  EOL IT Services has a zero landfill policy and nothing is exported to third world for recovery of metals etc.

We were very pleased with the speed, efficiency and cost effectiveness shown by staff at this company.  We will use them again and have passed their details to some of our Clients.

Monday, 12 March 2012

ISO 9001 Certification

Green shoots of economic recovery seem a long way off as companies try to cut costs and improve efficiency.  Increases in fuel and other costs are making this even tougher.  The proposed increases in postal charges along with the ever escalating insurance costs mean that company directors and owners need to squeeze every last drop of efficiency savings.

ISO9001 has always been a simple method to increase effectiveness and efficiency by cutting out or reducing costs of errors and failure.   ISO9001 has at its centre the need to turn "Customer Requirements" into "Customer Satisfaction" while making improvements to achieve the goal of continual improvement.

The costs of setting up the quality system to meet the requirements of ISO9001 are usually recovered quickly and the bonus is the exposure to potential customers requiring 9001 as a tender requirement, through the Dti register of quality competent organisations.

The business review, which is part of the initial setting up process, will often throw up opportunities for improvement and cost savings when carried out by a skilled consultant.

Companies that have so far survived the downturn need the advantage that a certification to an International  Standard  can bring:
  • Entry qualification to some tenders
  • Recognised  worldwide;
  • Reduction in errors;
  • Improved staff morale through relevant training;
  • Reductions in waste (get it right first time);
  • Measurable levels of customer satisfaction;
The process required to achieve certification to ISO9001 is often not complicated because companies still in business after the worst economic downturn since the 1930's must be doing a lot of things right.  Imagine what the benefits of an ISO9001 certification can bring.

Monday, 27 February 2012

BS OHSAS 18001:2007 Factsheet

What is BS OHSAS 18001?

An Occupational Health & Safety (OH&S) Management System for managing health and safety activities and eliminating or reducing hazards within the workplace.  Where an incident has occurred the system to investigate,  analyse and identify any OHS&S deficiency. 

What are the benefits of 18001 Certification?

Health and Safety Legislation and Regulation require an organisation to prove that it has taken all necessary and reasonable steps to provide a healthy and safe environment in the workplace that minimises risks to people and interested parties.

This Standard provides such assurance. It is externally assessed and certificated.

What is covered by BS OHSAS 18001?

This Standard requires 6 main sections to be addressed, these are:
  1. OH& S General requirements;
  2. OH&S Policy;
  3. Planning;
  4. Implementation & Operation;
  5. Checking;
  6. Management Review.
Each section is sub-divided and covers OH&S activities having an impact on workplace health and safety.

What documentation is required?

A health and safety manual and procedures for operating the Occupational Health and Safety Management System.

Who can carry out the Assessment?

There are a number of Certification Bodies Accredited by UKAS to carry out this work.

Once the certificate is issued what happens next?

The certification authority will carry out surveillance visits each year to ensure continuing compliance

Sections of BS OHSAS 18001:2007

  1. Scope
  2. Referenced Publications
  3. Terms and Definitions
  4. OHSAS Requirements
    1. General Requirements
    2. OH&S Policy
    3. Planning
      1. Hazard identification, Risk Assessment and Determining Controls
      2. Legal and Other Requirements
      3. Objectives and Programme(s)
      4. OH&S Management Programme(s)
    4. Implementation and Operation
      1. Resources, Roles Responsibility, accountability and Authority
      2. Competence, Training and Awareness
      3. Communication, Participation and Consultation
      4. Documentation
      5. Control of Documents
      6. Operational Control
      7. Emergency Preparedness and Response
    5. Checking
      Performance Measurement and Monitoring
      Evaluation of Compliance
      Incident Investigation, Nonconformity, Corrective and Preventive Action
      Control of Records
      Internal Audit
  5. Management Review

Tuesday, 14 February 2012

Cloud Computing

We at Quality Matters have like other businesses to carry out data back-up as a routine , but there are times when the auto back-up fails or is missed for some other reason.

Any missed back-up could cause a problem if it is needed and you can bet on it that it will be needed when the missed back-up  failed to capture some vital information.

What is the answer?    We recently signed up to a system called  Dropbox.  Put simply it takes all your data and stores it securely in the cloud.  The cloud being a datacentre with all the security, connectivity and redundancy built in.  

Data security is important and the Dropbox system encrypts the data during  upload and download and then stores it securely.

A quote from the Dropbox website ‘Today, more than 45 million people across every continent use Dropbox to always have their stuff at hand’.

The data is automatically updated as soon as it is used.  The real beauty of this system is that I can access any live data from anywhere in the world.  If I open a file and need to change it, the  new data is saved into Dropbox.  I can also recover a deleted file as needed.

The one down-side is that you do need an internet connection to make a change, but you can work off-line on the copy stored locally on a pc or laptop and any changes are uploaded when an internet connection is available.

I started with a 2GB trial free of charge then updated to 50GB for a very reasonable price.  There is a 100GB version and the top tier gives you 1TB.

I know that I can recover all my data when I need it.  Back-up …..One more task that I don’t have to worry about.

Monday, 30 January 2012

ISO 19011:2011 Guidelines for Auditing Management Systems

The Standard has been published, finally.  There has been some confusion as to the content but a final draft for public discussion was issued in July 2011 and accepted.  The Revised Standard was then formally published in October 2011.  The 2002 Standard is now withdrawn.

The original 2002 Standard was aimed at Quality and Environmental Auditing but it soon became clear that there were quite a number of other Management Standards that required auditing these include :

  • ISO9001:2008 Quality Management
  • ISO14001:2004 Environmental Management
  • AS9100:2009 Aerospace and Defence Management Standard
  • OHSAS 18001:2007 Occupational Health & Safety Management Standard
  • ISO20000-1:2011  IT Service Management Standard
  • ISO22000:2005 Food Safety Management Standard
  • ISO27001:2005 Information Security Management Standard
  • Highways/Transportation Safety Management and  Sector schemes
  • ATEX ( Equipment used in Explosive Atmospheres)
  • Various Product Standards.

For the first time  it has been recognised there are two standards for auditing:

  • ISO19011:2011 Guidelines for auditing Management Systems
  • and ISO 17021 :2006 External Assessment for Conformity Certification.

This new Standard recognises a number of elements that have been used by seasoned auditors but not formally approved, these include:

  • Combined audits where two or more Standards are audited at the same time
  • Risk based auditing Particularly in Health and Safety and information security management systems
  • Remote audits where auditing is carried out by video conference, telephone or other means.
  • Sampling audits this is used where it is impractical to audit all available information;  the use of a statistically accurate sample plan should be used to ensure the results are effective
  • Judgement based sampling  relies on the knowledge, skills and experience of the audit team or auditor.
  • Guides and Observers the roles of both guides and observers are recognised for the first time.

There are a number of areas where modern terminology replaces that used in the 2002 version and incorporates new guidelines on the competence and evaluation of auditors.

All in all the new Standard will be a useful tool in the management of Standards in use by organisations both large and small.

Monday, 16 January 2012

Another Aerospace certification success

We are delighted that another of our clients has achieved a certification to the Aerospace and Defence AS9120 Standard.  This was achieved at the first attempt and without adverse comments or non-conformities.

Our Client, Princeps Electronics, based in Harlow on the Harlow Business Centre in Coldharbour Lane is an independent  supplier of electronic components and associated items.  They supply items from manufacturers and franchised distributors as well as sourcing components that are obsolete or hard to get. The thing that sets Princeps apart is their counterfeit avoidance service which gives customers confidence that the items supplied are genuine and new.

We have been consultants to Princeps since they started in 2006 and have helped them move from an unaccredited quality mark through to a UKAS accredited Quality Management System ISO9001 and now to AS9120:2009.

Dan Hughes the M.D believes that Princeps is one of only 3 or 4 independent component suppliers in the UK that  have achieved this hard won AS9120 Standard.  He said "Our Quality Manager,  Ian Walker,  has really put in an enormous amount of work to get us through the AS9120 Standard and we are all very pleased at our achievement."

Their Consultant from Quality Matters, Chris Eden says "AS9120 is a huge undertaking  and is awarded only to organisations that than can prove that they meet this  very exacting Standard.  Moreover to attain a clean sheet at both the Stage one and Stage two assessment is very rare and a tribute to everyone at Princeps." 
Well done.

Tuesday, 3 January 2012

Another year closes

We, at Quality Matters,  wish all our Clients  and blog readers a happy Christmas and a prosperous New Year.

I think it fair to say that 2011 has been a challenging year;  the economic upturn hasn't quite made it; the currency markets, particularly the Euro have been trying and inflation has been felt throughout the UK. 

Never the less we have achieved 100% success again for all our clients who were assessed against various Standards and those already certificated and reassessed have retained their certifications.

  • ISO9001 Quality Management
  • ISO14001 Environmental Management
  • AS9100 Aerospace Quality Management
  • ISO27001 Information  Security Management
  • OHSAS 18001 Health and Safety Management
  • ISO20000 IT  Service Management
  • ISO22000 Food Safety Management
  • ATEX  Explosive Atmosphere Safety Standard
  • BBA British Board of Agreement  for building products

We conducted a number of internal audits on behalf of our Clients, where those Clients  chose not to carry out their own internal audits. We also held two public Internal Quality/Environmental Auditing courses and all those attending are now certificated auditors.

2012 will, I am sure, be rewarding in all sorts of ways; our existing Clients can rely on us to provide the very best support, and they know help is an email or phone call away, where required.

We look forward to finalising the quotations recently issued and getting those new Clients established into the chosen Standards, and of course maintain our 100% pass rate at the first attempt.

Since we started in 1991 we have seen many changes in both the Standards and the way the UK has fared;  some good, some not so good but as we move towards a new year we are confident that the trust and reputation we have developed over then years will be maintained and enhanced.

Our very best wishes for 2012

Quality Matters

P.O.Box 5479

T: 01621 857841
F: 01621 856016
M: 07702 193788

© 2015 Quality Matters Ltd. All rights reserved. Responsive Design