When we are talking to our clients about steps, they can be taking to improve their management system is stressing the need to capture any incidents that have occurred and improvements that they have made. Rather than thinking about these things as negatives because something was not right, and it created an incident or needed improvement, we help ...

Clause 7.5 - Documented Information within the AS9100 REV D standard highlights what is required when creating and controlling documentation that is required to support your Quality Management System for Aviation, Space, and Defence Organisations. The requirements for how you manage and control your documented information have changed since technol...

Like many of the ISO standards, ISO27001 for information security management systems needs you to have a relationship with your supplier. That relationship, of course, should be one of mutual benefit and respect. What Annex clause A15 does however, is set up the requirements for implementing some targets in terms of information security requirement...

I always remember the 1st time I helped implement 5S into a factory. 5S (Sort, Set, Shine, Standardise and Sustain) is one of the many 'tools' used by organisations when moving to lean thinking. The driving force was actually from the maintenance department at the time rather than operations, which still surprises some people. People stil...

For many organisations having any form of information security system is new, and that can make it a little challenging. It means that you are having to graft your new systems onto what you already have, which is tricky. However, there will come a point that the next system you need isn't one you had before you system, its new and so the very best ...

AS9100 clause 7.4 Communication is a small and innocuous clause, there really doesn't seem too much to it on the face of it. This clause in Rev D of the AS9100 standard for Aviation, Space and Defence organisation is all about ensuring that those within your organisation and outside of it get the right level of communication about your quality mana...

One of the great things that we see happening in the compliance world at the moment is an upsurge in the interest in gaining accreditation to ISO14001 for environmental management systems (EMS). There a lot of factors generating this interest from contractual requirements including the need for environmental sustainability or certification to busin...

While this annex clause of ISO27001 for Information security management systems (ISMS) is named Communication Security, think of it more as the security linked to how you move your information around both internally and externally of your organisation. The clause is split into two parts which really link to that internal & external thinking. A1...

I overheard a conversation in a café the other day between a few people sitting round a table in what I presume was an off site catch up for the management team. They were discussing some of the challenges that they were having and how tough things had been throughout the covid pandemic for them. They had managed to get through by being really cash...

Although AS9100 REV D requirements for your Quality Management System (QMS) is built on top of the ISO9001:2015 standard, there are a few areas where the requirements of the Aerospace standard are different or there are additional requirements, AS9100D Clause 7.3 for Awareness is one oof those areas.   Clause 7.3 - Awareness  This section...

Annex 12 – Operational Security for your ISO27001:2013 Information Security Management System (ISMS) is a pretty substantial clause since it's all about preventing the loss or availability, integrity and importantly confidentiality of your business information. By substantial we mean there are 14 separate elements for you to think about controls th...

If I knew then what I know now… The inference from that little phrase is that you would obviously make a different decision and so things would turn out better. Often however that's not the case, certainly not with people at work. We all hire people who aren't suited for the company, they aren't necessarily bad people, it's just they don't fit the ...

This Week's Question  This is a question that comes up a lot in discussions when we're implementing some lean with clients, "If we want to have a lean culture what is more important, respect for people or continuous improvement? Surely, they are both equally important? " The Feedback No! It's kind of chicken in the egg, so if you think about i...

Within the AS9100 REV D standard Competency (Clause 7.2) and Awareness(Clause 7.3) are split into 2 separate clauses, that makes sense if you look at competency as purely skill or knowledge based but you do have to ask if it is to have any Competency without Awareness (or Communication!). As an organisation it';s for you to decide how you manage it...

We split ISO27001 for Information Security Management Systems Annex Clause A11 into 2 parts to try and keep it a bit shorter but also to emphasis that you do need to think about both areas as two steps of the process. In Part 1 we talked about Annex Clause A11.1 – Secure Areas, here we'll talk about 11.2 Equipment. It's easy to just think of secure...

Over the years we have talked with many organisations about their mission, vision, and company values, about setting up objectives and people to do well and be aligned to those things and it's gone well. Yet, I've always through there was a bit missing in the puzzle. When we talk about values, we mean the real values your company has, not the buzzw...

This Week's Question  A few weeks ago I had a conversation with a few people around how things were going with their business in light of the ongoing uncertainty of the pandemic and day to day business in general. One of the topics that came up was around contingency planning within the company and the various approaches they each had. In one ...

AS9100 REV D Standard Clause 7.1.6 – Organisational Knowledge can be a bit of a challenge for some to get their heads around. Organisations can have differing views internally about what organisational knowledge is, add in the external auditor's 3rd viewpoint and you can have some very interesting discussions about it. Getting clear about clear wha...

When people think about ISO27001 for Information Security Management Systems (ISMS) they tend think about the world of cyberspace, of virtual set ups and protecting their information form someone on a PC hacking in from the other side of the world. That's certainly a part of it and in reality, a small part of it. Your real-world threats are just as...

AS9100 REV D Section 7.1.5 is all about the how you look after measuring devices, calibration and measurement traceability. It's not a massive change from the previous standard but what does it mean and what do you have to do? The Clause is essentially the same as the ISO9001:2015 clause it is based on but does carry some useful additional clarific...

We put the call out to our Newsletter readers, on LinkedIn, Facebook and Twitter for questions. Questions that people are struggling with around ISO, Lean or leadership that they wanted help with and we got some fantastic responses that we have loved reading through and thinking about how we can help. We can't answer everything but we'll do our bes...

When you first think about cryptography and it's uses, it's not hard to just to the realms of James Bond and secret codes that unlock the secrets of organisations and the nation, why would you need to care about it? The answer is simple really, in today's cloud computing environment for example cryptography appears everywhere, in secure computer sy...

We put the call out to our Newsletter readers, on LinkedIn, Facebook and Twitter for questions. Questions that people are struggling with around ISO, Lean or leadership that they wanted help with and we got some fantastic responses that we have loved reading through and thinking about how we can help. We can't answer everything but we'll do our bes...

We put the call out to our Newsletter readers, on LinkedIn, Facebook and Twitter for questions. Questions that people are struggling with around ISO, Lean or leadership that they wanted help with and we got some fantastic responses that we have loved reading through and thinking about how we can help. We can't answer everything but we'll do our bes...

AS9100 REV D Section 7, Support, is probably a little bit more detailed than the clause in rev C, and that's a good thing. Clause 7.1 – Resources especially, has a chunk more detail than the previous version. Resources required around your Quality Management System have always been a bit poorly defined in the past and varied wildly, now, however, t...

We put the call out to our Newsletter readers, on LinkedIn, Facebook and Twitter for questions. Questions that people are struggling with around ISO, Lean or leadership that they wanted help with and we got some fantastic responses that we have loved reading through and thinking about how we can help. We can't answer everything but we'll do our bes...

We put the call out to our Newsletter readers, on LinkedIn, Facebook and Twitter for questions. Questions that people are struggling with around ISO, Lean or leadership that they wanted help with and we got some fantastic responses that we have loved reading through and thinking about how we can help. We can't answer everything but we'll do our bes...

It's probably fair to say that when people think about information security and ISO27001 they rightly think about passwords, access control and who can see what information. Your Information Security Management System (ISMS) is clearly more than that, but it is a very important part and you do need to spend a large part of your time getting the req...

It is important to remember that your AS9100D Quality Management System (QMS) is a living and evolving system. That means that over time you and your team will make changes to the system either because of a new idea, a client requirement, a business change, a new system, new staff or as a result of a management review of a process, the list of reas...

In 1926 Henry Ford wrote the book Today and Tomorrow. It's a fascinating book and it's littered with insights that wouldn't be out of play in any modern lean discussion, little wonder since Taiichi Ohno took a lot of inspiration from what Ford did originally as part of a trip to the US, where he was also taken with the way US supermarkets operated ...

Compliance systems can be a pain, all that extra work, the paperwork, the audits, the forms, and reviews. The time that you waste chasing people up to do things they don't feel they should do and of course, getting ready for the big audit from the customer or the certification body when you could be doing your real work right? Chances are if you or...

Often companies when you start talking about asset management you find that companies don't really have a proper asset list, sure they may have a list of capitalised items they have bought that have been added to the 'asset list' but all that is, in reality, is just a set up in the finance ledger to capture depreciation – that's not an asset list. ...

The AS9100 rev D standard for Quality Management Systems for Aviation, Space and Defence organisation's Clause 6.2 is all about setting your quality objectives for the organisation. It is another of the sections which is a "shall" i.e. you must do this to comply with the standard. Interestingly this clause doesn't say "Top Management" will … it say...

Creating flow in your operation is the ideal state if you want to have a lean process. Anything that stops you flowing product (or services) from start to finish in your organisation is something you want to eliminate, if you can't eliminate it completely then you need to minimise it. It is fair to say that in general terms anything that stops your...

One of the things that happen when organisation start to build towards implementing their ISO management systems is that they look at the standard and try to figure out where to start. As people tend to do, they move towards the familiar, the bits they believe they know what to do and start there. They implement non-conformance processes, or risk p...

When organisations think about Information Security and what things need to be in place to achieve their ISO27001 Information Security Management System (ISMS) certifications for some reason they mostly forget about the Human Resources function. That is a little strange when you think about it, your relationship with employees and contractors for t...

As we have mentioned before AS9100 REV D is very much focused on understanding the Risks in your Quality Management System and to your organisation plus how you will handle them. It makes sense, working in the aviation, space and defence industries is risky and the products that come out of those industries are perhaps the some of the highest risk ...

Free Template - Process Tracking Letters Template   We have put together a collection of daily Process tracking letters that you can use to track all of your key business processes daily and monthly. This allows you to have a great visual management tool to measure improvement across your organisation. They are really easy to use - print ...

What would you do if one day your accountant walked in and said Ok boss, we have no money and the bank is going to have to step in. They are going to keep us afloat and let us trade out of the problem, but we need to improve what we do. They want us to increase our productivity, reduce our money tied up in WIP & stock, oh, and they will not let...

The interesting thing about the leadership clause of any standard is that it is one many organisation do not pay enough attention to. It tends to be an area where people still believe it is the quality or the safety or the compliance manager's role and so the senior management team take a hands-off approach leaving things to the person they have ha...

Clause A6, Organisation of Information Security, of the ISO 27001 is about providing guidance on the management framework of your Information Security Management System (ISMS). Clause A6 is split into two sections, A6.1 covers the Internal Organisation while clause A6.1 covers Mobile Devices and Teleworking (remote working) which is particularly on...

The great thing about lean is that there is always more to learn, there is always improvement in the thinking, the methodologies, the approaches, and the tools that get used. However, the underlying idea never changes, people somehow manage to complicate it when trying to explain what lean is and that perhaps is one of the things that make people t...

How many times have you heard that a new process or a business change was being done to align to 'best practice'? Other phrases in the same mould are 'that this new process or methodology has worked in many organisation before it'll work here' or even better, 'we work to 'industry standard'? They are all the same thing when it boils down to it, a s...

ISO27001:2013 Annex A for Information Security Management Systems may seem like a bit of a long list of controls, there are 114 of them after all! However, it is fair to say that Annex A of the standard is quite possibly the most important section of the standard because it list's the controls that you need to consider and where appropriate have in...

When you read through AS9100 D you will notice that where ISO9001:2015 may hint at something or assume you understand what it means, AS9100D is far better at being explicit in what it's talking about. Right off the bat in the scope of the standard for example it states "If there is a conflict between the requirements of this standard and customer o...

Over the weekend I send some time down in Twizel which is in middle of New Zealand South Island. It is nestled not far from Mount Cook, NZ's highest peak and Queenstown, the adventure capital and is home to some of the most traumatic scenery and stunning views around, especially in autumn as the leaves turn golden and start to fall to the ground. I...

I remember sitting in Biology back in high school (admittedly a long time ago) and the teacher explaining that our bodies were just a big battery for our brain. Sure, we have arms for reaching out and grabbing things, typically food, legs make us mobile so we can run away from the sabre tooth tiger and of course eyes to see the same sabre tooth tig...

Clause 10 of ISO27001 Information Security Management Systems (ISMS) is where you get some serious value for your organisation. Along the way to implementing your ISMS you have planned things out, you have implemented your information security management policy, implemented various new processes and systems and in your internal auditing process you...

It does not matter if you are working to achieve or already have your International Standards Organisation (ISO) certification internal auditing is a key element you need to master. Internal auditing seems to be one of the areas of real trepidation and confusion around the requirements for internal auditing programs. When we talk with clients who a...

ISO27001 for Information Security Management Systems clause 9 Performance Evaluation is full of that favourite ISO term "shall" which as we all know means you must do what they are asking. Clause 9 is split into 3 subclauses to help focus you onto the things that really drive the performance evaluation requirements in any management: 9.1 Monitoring...