boston_skyline_panorama_dusk

Quality Management 2.0 Blog

Assuring your Quality Management System Leaves Nothing Behind in 2015

Posted by Mary McAtee on Apr 22, 2015 @ 04:00 PM

Preventive Actions: Have they evolved out of existence?

One of the most interesting fallouts of the final draft of the 2015 ISO 9001 Standard proposed revision is a contextual change in “continual Improvement”. The intent to preemptively address likely issues before they manifest as problems has not changed. If anything, there is an explicit toughening of the language and intent to clarify what is expected. Some organizations are choosing to interpret the updated language to significantly reduce the effort they are applying to prevention. It is my opinion that this will prove to be a tactical mistake.

Read More

Topics: Enterprise Risk Management

Cyber Threat Risk Assessment for Products and Consumers

Posted by Mary McAtee on Mar 17, 2015 @ 03:00 PM

Understanding your Role and Responsibility for Risk Assessment and Controls

In almost everything in Quality there are multiple facets of responsibility. The same applies when we talk about cyber security and threat assessment. The last time I spoke about this topic I addressed our responsibility for protecting our own organization’s intellectual property and security. This time I am concerned with how we protect those who depend on the products and services we provide. Market demands for increasingly intelligent products coupled with rapidly evolving software and wireless technology provides the means for companies to deliver exactly what the market demands. What is equally clear is that the ability of companies to assess the risk for the user and their privacy is not coming close to keeping pace with these advances. Just because the capability for smart devices is more readily available is no guarantee that prudent product management decisions are being made. The media is filled with stories about misuse of everything from baby monitors to auto-assist parking in late model vehicles.

Read More

Topics: Risk Management, Risk Assessment & Analysis, quality and compliance, Risk assessment, Mitigation and Controls

Training and Qualification: Work Smarter, Not Harder

Posted by Mary McAtee on Feb 19, 2015 @ 04:38 PM

One of those pronouncements that I have no idea of factual basis or origin concerns developing proficiency. “They” say it takes repeating a task a thousand times before you become an expert. I guess I can understand why they might take this position. Clearly repetition fixes memory. I am trying to think of things I have repeated that many times and it is a short list.

I recently heard a master sushi chef interviewed about his apprenticeship program in Japan. An aspiring chef must study with him for ten years at minimum. They must not marry, they must live at the school and they work for free during their apprenticeship. The jaded New Yorker in me thinks that this master chef has developed a great source of cheap and extremely dedicated labor.  Others will look at this model and point to it with Zen-like certainty that this is how excellence must be cultivated. In practical business terms, training is undeniably invaluable on many levels. It assures competency and consistency that is important for quality and bench marking best practice. In addition to the positive impact on quality it is also fertile ground for identifying opportunities for improvements. It can even serve as the incubator for new ideas and technological advances.

Read More

Topics: Employee Training Software, CompliantPro Training and Qualifications

Cyber Security and Threat Assessment for Risk Assessment

Posted by Mary McAtee on Jan 22, 2015 @ 09:00 AM

One of the positive peripheral results from the flurry of reactions to the movie, “The Interview” was a short-lived media focus on cyber-terrorism.  The recognition of cyber-attacks has been slow to evolve but is gaining traction. In the last major threat assessment document, prepared during the final year of the Bush Administration, the term Cyber Threat was mentioned by name less than ten times. Last year’s assessment prepared by the Obama Administration mentioned Cyber Terrorism less than 100 times. The current joint intelligence threat assessment document just released mentioned Cyber Terrorism more than 1000 times. C-SPAN recently televised the briefing to the House Intelligence committee by the NSA and CIA. As redacted as I am sure it was it was still chilling. Malware (most likely introduced by China years ago) has been identified in several locations in the infrastructure for the nation’s power grid and water purification and delivery systems. While this specific threat has been neutralized, the idea of a foreign government or other groups planting a latent threat that can be activated when and if the mood strikes is very unsettling. These are not simple annoying denial of service attacks. One of the municipal power generation facilities cooperated with the NSA and permitted activating the malware on one turbine generator control system. The program once activated, took control of the turbine and forced it to run out of safe operating limits until it self–destructed. One can easily imagine the impact on a major city and the entire economy if this or similar incidents were to happen.

Read More

Topics: Risk Assessment & Analysis

Leveraging Risk Assessment to Avoid Crisis

Posted by Mary McAtee on Jan 16, 2015 @ 11:33 AM

People who know me are very aware of how much I love boats and getting out on the water. My father was a Merchant Seaman and my spouse and close friends tend to all have seawater in their veins.  This love of the water includes a deep respect for the power and unpredictable nature of the ocean. Most misadventures at sea seem to be a case study in the precise definition of a “Cluster F&$@”.  Every major and even minor disaster at sea seems to always involve several of the fates conspiring together to allow the progress of a bad situation to become worse. Let’s take just one recent example from the news. Rob Konrad, a former player for the Miami Dolphins, was several miles offshore on his 36 foot fishing boat. He fell overboard and ended up swimming over 9 miles through shark infested waters to reach shore in Palm Beach. Several contributing factors put him in that water swimming for his life. Almost any other person would have become another sad obituary but his physical conditioning overcame some really bad decisions on his part:

Read More

Topics: Risk Management, Risk Assessment Software

ISO 9001:2008 Surveillance Audits

Posted by Mary McAtee on Dec 19, 2014 @ 11:06 AM

Old Dog, New Tricksold-dog-new-tricks

Last week was our annual ISO 9001:2008 surveillance Audit. Thousands of companies have depended on us for advice and support in achieving and maximizing the value of their registration efforts. It was to be expected that we would do well and we did. Lapses in compliance could not be blamed on ignorance of the requirements or not understanding what the auditor’s expectations would be. This was a particularly challenging year for IBS as a company. Siemens completed their acquisition of IBS and began the exciting but demanding process of integrating us into the “Digital Factory” Group. This integration resulted in new systems and processes to learn and master. The impact rippled through documentation updates, training requirements, Assessment criteria and almost every facet of our Quality Management System and business processes. We have been registered for over 15 years and we have enough Lead Assessors on staff to populate our own Registrar. It is easy to fall into a compliance rut, same process, same training, etc. This year under the leadership of a new CEO, who understood the value as well as the challenge of organizational change, we were encouraged to form teams to rethink processes and people. Everyone in the organization moved out of their comfort zone to accept new responsibilities and to update and redefine almost every business and quality process. Utilizing the Management Review process we defined a framework of measureable quality objectives that mapped to our business plan goals for the year.

Read More

Topics: 9001 Software

Emergency Drills for Environmental Health & Safety

Posted by Mary McAtee on Dec 04, 2014 @ 10:00 AM

It was a blessedly slow news cycle over the Thanksgiving holidays. Buried in the stories about the awful travel weather, the Turkey pardons and Black Friday craziness was a story that caught my interest here in New York. In New Jersey, land of chemical companies and refineries, a large producer of a highly flammable chemical, found themselves at the center of an unsettling news story. The company failed to provide local Emergency Services with information concerning the types of chemicals and the volumes produced at their facility, as mandated under New Jersey law. To make matters worse, they were also found to have failed to develop threat assessment and Risk Analysis records with supporting contingency plans. The plant in the story was located less than two miles from an Elementary school in a primarily residential area. They were ultimately fined four thousand dollars, the maximum penalty provided for under New Jersey law. Sadly, a spokesman for the state indicated that recent audits of New Jersey refineries and chemical producers uncovered many plants that were not meeting minimum requirements in these areas. In particular, the spokesman was concerned that the failure to notify local Emergency Services such as Fire and Police could lead to greater risk for first responders and less effective action in the case of an emergency event. Although not specifically mandated by law, the official pointed out that notifying regional Emergency Services, in addition to the closest local Fire and Police responders is a proven best practice. Regional Emergency Services will almost certainly be called upon for support in the event of an incident or emergency. Not understanding the chemicals produced, the likely resulting health and environmental threats to both the first responders and surrounding community puts everyone involved at greater and needless risk.

Read More

Topics: EH&S

Proactive Threat Assessment and Risk Mitigation

Posted by Mary McAtee on Nov 19, 2014 @ 12:46 PM

Contingency Planning

Proactive Threat Assessment and Risk Mitigation

Maybe it is because I am a New Yorker and lived through both 9/11 and Superstorm Sandy but I have an ingrained set of memories related to both events. I remember the scramble to pluck people off of the shoreline after the Towers had fallen. Thousands of people were crammed between the Hudson River and safety. Everything that floated and could get close to shore became a rescue vessel. It was the most massive water evacuation since Dunkirk. Among the responding vessels were ferries, tugs, recreational crafts, Police and Fire Boats not to mention everything that the USCG could deploy for the effort. With the exception of the professional rescue vessels, all the responders were pretty much making it up as they went along, yet they still managed to save thousands. What emerged from the experience was the realization that there needed to be coordinated rescue plans and training for urban water disasters. Less than a decade later that training and contingency planning effort was put to good use. Within three minutes of Sully hitting the water in what became known as the “Miracle on the Hudson” a very well-coordinated flotilla of ferries and working vessels were off-loading survivors. During Superstorm Sandy, no one expected a storm surge that would flood the Midtown and Battery Tunnels all the way to their ceilings. The same inundation of floodwaters swamped the basements of hospitals and other critical infrastructure facilities. The unforeseen consequence of 30 feet of floodwater in the basements of major hospitals and emergency planning facilities was the total submerging and destruction of emergency power generation equipment. Every critical building had redundant power generating equipment and thousands of gallons of fuel all of which was located in basements and sub-basements and were totally rendered useless and in many cases added fuel spills to compound the problem. Millions have been spent to relocate generators and fuel supplies to roofs and underground tank systems. These are just two cautionary tales about the failure to identify and mitigate risk.

Read More

Topics: Risk Assessment & Analysis, risk mitigation

A Quality Management System for Those Who Served

Posted by Mary McAtee on Nov 11, 2014 @ 10:00 AM

Duty, Honor, Country

Veteran’s Day is this week. I always find myself thinking about family, friends and colleagues that have or are currently serving in our military. I think about my father John, a Merchant Marine in WWII and a Sargent in the Army during the Korean War. I think about my Father-in-law, Stanley who was a decorated B17 Navigator. His plane was called the Vargas Virgin and the photo of the smiling crew kneeling under the racy nose art and mission markings is a view back to another era. They were emblematic of the young citizen soldiers that have routinely gone above and beyond what anyone has a right to expect in defense of our freedom.

Yesterday, I watched an interview with John McDonald, the recently appointed Veteran Affairs Secretary.  He is a West Point graduate and was serving as CEO of Proctor & Gamble at the time of his appointment. The mindset and perspective he displayed during the interview really grabbed my attention. Perhaps the most thought provoking point in the interview was his very intentional decision to change Veterans Affairs nomenclature to begin referring to veterans as “customers”. This fundamental altering of the relationship between the veteran, the service providers and the actual way in which the Government and public view each other, realigns the balance and respect inherent in the exchange. I think this is a sensibility that McDonald brings to the office from his CEO leadership style at P&G.  

Read More

Topics: quality and compliance

An Ocean Can’t Protect You from Compliance Fallout

Posted by Mary McAtee on Nov 05, 2014 @ 10:00 AM

REACH

There is a great book by a fellow named SQuire Rushnell called “When God Winks”.  He and I share prettyflaming_shots
Read More

Topics: Compliance Software

Subscribe to email blog updates

About IBS

IBS has the solution for those who need to integrally address quality process management, traceability, production quality-data management, and compliance requirements. 

Contact us to request a consultation today.

Follow Me

Browse by Tag

The Latest Quality Management News 

Catch up on the latest news in Quality Management with the IBS America, Inc. daily newspaper - a collection of quality articles from multiple authors and quality specialists.

quality management news

Read today's edition of "Quality Management 2.0 Daily"