Changing Quality Profession and Professionals

Quality is changing, yet the needs remain the same. If this sounds weird, it is.

We have seen how interconnected the world already is. The only thing I can see to slow down this international perspective for quality professionals is serious, serious calamities causing nations and businesses to look inward. Close the shutters and ride out the storms. While that might happen, it do not think it will. But the quality is global theme is a bit trite and nearly universally accepted.

As I have mentioned before, big and powerful forces are shaping our quality profession and professionals.

Integrated management systems, greater emphasis on risk, and accelerating technology change are the big three. These all need lots of study, thought, and exploration. We need conversations in

• Management system common elements
• Practical ways to apply our tools in other areas (safety, environment, etc.)
• Supply chain risks
• Business continuity
• Trade offs between improve (good) and protect (evil)
• Applying the tools we know to nanotechnology
• Quality in a land of DIY biology and new life forms
• to name but a few
  

These are all examples on how our profession (and its professionals) are changing.

Yet, there remains a constant need to refresh the existing knowledge. The most popular ASQ courses and publications (in revenue and demand) deal with the basics. The DOGs (designated old guys) who learned this stuff in the military during the cold war are leaving us. The youngsters still need to pick up the information.

Our profession remains the same.

One might say we need to apply "old tricks to new applications."

Certification of a training function

I was recently asked if there were companies that certify the training function in an organization. Here is my reply:

ISO 10015:1999 (Quality management - Guidelines for training) was published some time ago. It has not been updated, nor does ASQ even carry the standard. (ISO in Geneva sells it for 80 Euros.) ASQ did publish an American standard on training back in 2002: ANSI/ASQ Z1.11 (Application of 9001:2000 to Education and Training Institutes), which is still available through both ASQ and ANSI.

I did a Google search for "iso 10015 certification" which returned a few firms offering that service. The ANAB (ANSI-ASQ National Accreditation Board) does not offer accreditation in this area, so any companies listed are either not accredited (probable) or accredited by the Brits (also probable).

The American Society for Training and Development (ASTD) offers individual certification, like ASQ, but not organizational certification.

Finally, I believe all the common registrars in the USA and elsewhere would be happy to register just your training organization to ISO 9001:2008. This would be a limited-scope registration. If you choose this path, ASQ's Z1.11 standard would help you prepare.

Periods of Quality

When I look back over the history of our profession and the ASQC/ASQ, I see four distinct periods.

1. 1870-1950 was the period of discovery. Focus was on products - materials, machines, and workmanship. As technology advanced (telephone and then war effort) it was necessary to employ inspection. The risk of non-conformance was getting greater. Our professional society was started in 1946 (at the end of this period) to deal with this inspection (product) emphasis. Quality Control.
2. 1950-1990 was the period of organizing. While products were still important, we began to realize - especially in the military and nuclear sectors - the importance of defining the methods and standardizing them. The focus shifted to process. MIL-Q-9858 and its evolution into ISO 9001:1987 were but a couple examples of this "say what you do and do what you say" concept. Registration became popular, but was still focused on paperwork. Most of the regulatory approaches were developed during this time: NRC, FAA, FDA, OSHA all promoted and required Quality Assurance.
3. 1990-2010 was the period of understanding. We began to realize that procedures and training to those procedures don't necessarily result in happy customers and perfect performance. We started listening to Deming and Senge and the need to understand the system(s). How processes are interconnected and need to work together. How language and layout and lunch are also critical to quality. The big "ah-ha" moment came in 2000, when the "new" ISO 9001 hit the streets. Quality Management.
4. 2010-2020 will be the period of integration, as we see that there is no fundamental difference between ways to promote quality, prevent pollution, and increase safety and security. We will focus more on the whole concept of risk. We will emphasize the triple bottom line of people, planet, and profit. While Social Responsibility is the first stab at this understanding, it is not mature and ready for prime time. Management Systems Integration.

Now, I realize that when people use the term quality assurance, they apply it in a contemporary environment. Just like we interchange Social Responsibility, Corporate Social Responsibility, and Sustainability. Most folks think of the last three as tree-hugging green environmentalists, but they are much more (and different). I just believe that our profession needs to remember the past as we approach the future.

By the way, did you notice that the periods above last half as long as the previous one? This is consistent with the idea of accelerating technology change.

Rethinking Green

I recently listened to an audio podcast of Stewart Brand discussing world trends and the environment:

• 5 out of 6 of us live in the developing world.
• The dominant demographic event of the century is screamingly rapid urbanization.
• Urban living promotes an informal economy, which is invisible to authorities, and huge.
• Mumbai is half slums and one-sixth of the gross domestic product of all of India.
• The big event of the next 30 years will be young people in the new cities in the world south. Old people in old cities in the global north.
• Cities are greener than suburbia and way greener than subsistence farming.
• Wealth is coming to the developing world and that requires more energy.
• Coal power is the biggest contributor to climate change.
• Drought is the great civilization killer. Darfur, Australia, and soon the river basins of the Himalayas (where most of the developing world lives).
• The only carbon-free substitutes for coal are nuclear and hydro. Hydro around most of the world has already maxed out.
• Russian warheads are being recycled in nuclear power generating stations around the world. Half of the US nuclear energy comes from these Russian warheads.
• Nuclear waste is tiny compared to coal. The political decision to keep it away from humans for 10,000 years has only led to waste and delay. Protect it for 100 years, when we will probably want it as a resource.
• Coal must be made expensive.
• Micro reactors are cheap and easy to scale. Russia is already building them for Arctic outposts, now that the ice melt has opened the NW Passage shipping lanes.
• Genetically-engineered foods are no different from natural selection taking place in the wild.
• European environmentalists went to enormous lengths to terrify the leaders of African nations that GM foods were poison. People starved for two decades until those leaders wised up.
• There is no good reason for genetically engineered food crops to be controversial.
• Synthetic biology is taking off rapidly.
• Natural ecosystem engineering is happening all over the world. Planned geoengineering will happen soon, as countries respond to climate change. We need debate and governance now, before it happens.

I believe this is the most important lecture I have listened to this entire year. I spent an hour and a half of my time and was well rewarded. I then went to the Fora.tv site and downloaded the video and transcript notes. I intend to watch the video in the evening with my wife.

Some of you may remember that Stewart Brand was the one who came out with the Whole Earth Catalog in the 1970s. With its picture of the Big Blue Marble on the cover, this was a wake up call for the environmental movement in America and around the world. I just placed a request with my local library for his new book, Whole Earth Discipline, when it comes in.

Stewart has many friends who hold the opposite view on several of his opinions. So how do they stay friends? He said it is the difference between the fox and the hedgehog. A hedgehog is focused on one objective. It rules his life. The fox is open to new ideas and approaches. He usually wins. Stewart says he is constantly asking his friends to change his mind. Continuous learning is the key to his friendships.

Social Responsibility Standard

Review of ISO/DIS 26000, Guidance on social responsibility

The essential characteristic of social responsibility is the willingness of an organization to 1) incorporate social and environmental considerations in its decision-making and 2) be accountable for what it does to society and the environment. This implies both transparent and ethical behavior that contributes to sustainable development. Social responsibility a) takes into account the interests of stakeholders, b) is in compliance with applicable law and consistent with international norms of behavior, and c) is integrated throughout the organization and practiced in its relationships.

The standard is written for all organizations, not just corporations. Businesses, non-governmental organizations, community agencies, non-profit groups, trade and labor groups, and governments are all included. The standard is careful to say that governmental agencies may wish to use it, however, the standard in no way changes obligations of the state.

The standard is intended to promote a common understanding in the field of social responsibility. It is not a management systems standard. It is not intended or appropriate for certification purposes or regulatory or contractual purposes. Otherwise, it would contain the word “requirements” in the title.

According to DIS 26000, sustainable development is a widely accepted concept about meeting the needs of society while living within the planet's ecological limits and without jeopardizing the ability of future generations to meet their needs. Sustainable development includes economic, social, and environmental components and is the bigger picture. Social responsibility feeds into and supports sustainable development.

The writing committee presented several possible benefits to an organization implementing these social responsibility practices:

• More informed decision-making by a greater understanding of society and stakeholder expectations. (This is a fundamental concept of quality management systems.)
• Improved risk management practices. (Already part of quality, safety, and environmental management systems.)
• Enhanced reputation of the organization and greater public trust. (Marketing and sales should like this.)
• Improved competitiveness, including access to finance and preferred partner status. (Basic supply-chain concepts.)
• Improved relationships with stakeholders, resulting in more innovation.
• Enhanced employee loyalty, moral, safety, and retention. (Easier to keep employees than break in new ones.)
• Savings associated with increased productivity and resource efficiency. (This is part of the triple bottom line of people, profit, and planet.)
• Improved reliability and fairness of transactions. (This is a major component of ISO 9001, customer requirements.)
• Fewer consumer complaints about products and services. (We call this customer satisfaction.)
• Long-term viability through sustainable practices. (Companies have lifetimes, like people.)
• Contributing to the public good. Making the world a better place. (White teeth and shiny hair too!)

There are seven principles of social responsibility:

1. Accountability: an organization should be accountable for what it does to society and the environment.
2. Transparency: an organization should be transparent in its decisions and activities that affect society and the environment.
3. Ethical behavior: an organization should behave ethically at all times.
4. Respect for stakeholder interests: an organization should respect, consider and respond to the interests of its stakeholders.
5. Respect for the rule of law: an organization should accept that respect for the rule of law is mandatory.
6. Respect for international norms of behavior: an organization should respect international norms of behavior, while adhering to the principle pf respect for the rule of law.
7. Respect for human rights: an organization should respect human rights and recognize both their importance and their universality.

To support these principles, the DIS 26000 devotes nearly 100 pages to defining, explaining, and offering guidance on seven core subjects:

1. Organizational governance
2. Human rights
3. Labor practices
4. The environment
5. Fair operating practices
6. Consumer issues
7. Community involvement and development

This is the real value of the 26000 standard. Each of the seven core subjects is explained in lay terms, with examples on how to implement. I was pleased to see use of the PDCA (plan-do-check-act) methods. The standard is sensitive to the unique needs of smaller organizations.

In the back, several Tables give examples of how social responsibility is contained within various cross-sector initiatives (government and NGO), multisector initiatives, and single stakeholder initiatives. A lengthy table of sector initiatives includes examples from agriculture to electronics to fisheries to tourism. Unfortunately, these tables will be out-of-date before the standard is published. Want more? There is a list of 133 baseline standards, codes, and agreements used in the development of the document.

This is a BHS – Big Honking Standard! There is nothing light and fluffy here. Implementation will take understanding and willingness to change. It certainly will not eliminate fraud and greed from within government and industry. I see this document as one of many that will guide us towards an integrated approach to management. You can get a copy of the DIS for free by going to the ASQ standards site. Comments to the US technical committee are accepted until Dec. 14.

ISO 9004:2009

The 3rd edition of ISO 9004, Managing for the sustained success of an organization - A quality management approach, was approved by 52 of the 54 committee members voting. It should be released as ISO 9004:2009 by the end of the year. This is not a requirements standard and must not be used for registration or certification. It addresses - but in a small way - the integration of quality, environment, safety, and security into one general management system. While it has little practical use, the new edition will be useful when designing your quality management system for the future. It may be a useful transition from the current quality-only focus to social responsibility.

Major Revisions to Int'l Audit Standard

Background

Eight years ago, the International Standards Organization (ISO) issued the 19011 standard for quality and environmental management system auditing. It combined the separate quality and environmental management system audit standards into one. Good step. Unfortunately, the pressure to do this was coming from the conformity assessment community (sometimes called registration or certification) and the big multinational firms. The first 19011 standard reflected this bias and the USA delegation voted “no.” It passed anyway. About three years later, the USA released a supplement to the international version, giving additional guidance on how to apply these principles to small and medium enterprises (SMEs) and internal (first-party) audits. The ANSI version of 19011, with the supplement, was a market success and outsold the international version by a wide margin.

Shortly after the ANSI version came out, the international committee started its required review of the original 19011. ISO procedures require this every five years, although it is often stretched out longer. The choices are revise, reissue, or reject. It was pretty obvious that the 19011 needed revision. Unfortunately, the international committee was upset with the Americans for making the standard better, so we were ignored for several years. The work stalled until a couple years ago, when some fresh faces joined the group, and USA participation was once more welcomed.

In the mean time, the Conformity Assessment committee decided to take over audit standard development for third-party registration/certification. A new committee (17021) was assigned the task. So the 19011 standard revisions will now cover internal audits and supplier audits. Hurray!

Major Strengths

• The auditing standard now covers all management system auditing: quality, environment, safety, security, etc. This fits right in with the trend of organizations integrating their management approaches. The revision is coming closer to other audit standards, such as the yellow book (US Government Accountability Office – GAO) and the red book (Institute of Internal Auditors – IIA).
• As mentioned above, third-party conformity assessment (registration/certification) audits will have their own new standard: ISO 17021. Publication of the new 17021 will probably occur quite soon, as the people writing it have a common focus and the intended audience is smaller.
• For the first time, the concept of risk appears. This is the risk of performing a bad audit, having incorrect conclusions, and not the risks taken by the auditee. For several decades, the IIA has included the concept of audit risk under their banner called quality assurance. While the concept is only briefly discussed in this 19011 revision, it is a good start for a long journey.
• Guidance on training, competency and evaluation of auditors is greatly improved. Gone are the tables of degree requirements, years of service, audits observed or performed, etc. The discussion is quite rational on what competencies are desired, how to achieve them, and how to measure them. Specific examples for various management systems and business sectors are given in an informative annex. The thoroughness of this information will overwhelm many users who just want to get or maintain their registration certificate.
• Sampling strategy is presented in an informative annex. It covers both statistical and judgment sampling in a non-technical manner.
• Most of the “practical Help” information from the earlier USA additions was transferred to this revision. While the additional material makes the document nearly 70 pages long, it significantly increases the understanding. It should result in better internal and supplier audits.

Major Weakness

• The standard continues to use the term client without clear definition. To say that the audit client is the “organization or person requesting an audit” is unsatisfactory. A clarifying note says, “The audit client may be the auditee organization or any other organization which has the regulatory or contractual right to request an audit.” This makes it sound like the majority of internal or supplier audits are requested by the group about to get audited. My experience says it is just the opposite. We should remove this debris for conformity assessment days and be truthful. Either remove the term or define the client as the person(s) in charge of the audit program.

Next Steps

The international committee has recommended the revision as a Draft International Standard (DIS), meaning all of the heavy lifting is done and the proposal is ready for release to the user community for comment. Our USA delegation meets in November to prepare the USA vote on this advancement to DIS. Unfortunately, the committee team leaders feel the revisions are not ready for the DIS stage. They suggest this draft contains too many new concepts, which may not be accepted by the user community, without stating what might be objectionable. This puts us in a very weak position to affect change. The strengths identified above are needed in today’s world of economic uncertainty, advancing technologies, and ecosystem challenges. Promoting sound management system audits, as described in the draft 19011, will make the world a better place to live and work.

The international working group plans to meet in Guadalajara, Mexico, in early March 2010. Comments will be collected, discussed, and another draft prepared. Once it achieves the DIS (draft international standard) level, ISO rules require it be made available to the public for comment. (Available does not mean free, however.) I am optimistic that the new and improved standard will be released a year from now.

Anti-virus Protection for Free

If you are a MS Windows user, it is time to stop paying those recurring fees to Norton, McAfee, etc. Microsoft has released an anti-virus program that serves home and business users quite nicely.

• It works on Windows XP, Vista, and the new Windows 7
• Once installed, it automatically updates as new virus signatures are released
• It uses system resources (CPU, memory, and hard drive) sparingly, without slowing me down
• Did I mention, it is free?

I trust Microsoft here. Because of the Malicious Software Removal Tool that is run every patch Tuesday (second Tuesday of the month), Microsoft has a tremendous set of data on viruses floating around and in the wild.

The Microsoft AV program does not use heuristics as much as the other guys. As a result, a full and complete scan takes an extremely long time. It examines .exe and .dll files in great detail, not relying on approximate heuristics matches based on patterns. As a result, the number of false positive identifications is quite small. (I have had none in the two weeks I have been running it.) Because the full scan is so slow, I have mine set to run at 2 a.m. on Saturday morning. I do not care if it takes several hours while I am still sleeping.

The hardest thing about using the MS product is removing your existing AV program. They generally make it quite difficult to take off your machine. You will probably have to make a couple of restarts before it is all gone. Do not worry about the warnings on the lack of AV protection during this short time period.

Now go to the MS Security Essentials site: http://www.microsoft.com/Security_Essentials/ and click the download button. (There is an underscore between Security and Essentials in the address.) You must be running a legitimate copy of MS Windows for the program to install. Choose the default settings for your initial installation. After it does a quick (couple of minute) scan, it is ready to go.