Disasters Waiting to Happen
As I write this, the world is just hearing about the earthquake in Pakistan. I live north of Houston and have just weathered Hurricane Rita and associated evacuations. In fact, we will all remember 2005 as a year of too many disasters--from the tsunami and earthquake in southern Asia to Hurricanes Katrina and Rita and a plague of smaller problems thrown in for good measure. All of these set me to thinking about the column I wrote for Quality Digest's December 2004 issue ("Plan Ahead for Preventive Action").
Don't think I'm planning to deliver an "I told you so" column. No, as I pointed out last year, preventing every possible bad event is exorbitantly expensive, and guessing where disaster will strike next is, more often than not, educated guesswork. But if you live in an area prone to earthquakes, you'd be prudent to use appropriate codes and standards for your buildings. If you live near the Gulf Coast of the United State, you might consider spending hurricane season in Minnesota (just kidding). Some preventive measures are practical, and some aren't. What I find fascinating is that many organizations still haven't adequately thought through the potential problems that could beset their businesses and acted on those issues for which action is prudent.
At a workshop Charlie Cianfrani and I conducted following the recent Outlook on Quality Systems Conference in Miami, we were asked about disaster planning in relation to ISO 9001. Now, I'm the first to admit that ISO 9001 doesn't use the word "disaster." It also doesn't use the term "risk management." ISO 9001 also applies "…only to the product intended for, or required by, a customer." So ISO 9001 doesn't address all aspects of a business, and it doesn't require a formal plan for continuing operations during or following a disaster. But let's look at what it does say about customer requirements, planning and preventing problems.
First of all, the scope of ISO 9001 specifies quality management system requirements for an organization that "…aims to enhance customer satisfaction through the effective application of the system, including processes for continual improvement of the system and the assurance of conformity to customer and applicable regulatory requirements."
Second, clause 5.2 requires that top management "…ensure customer requirements are determined and are met…." It's important to know whether customers expect your organization to be able to provide products and services during or after an emergency. If they do, you should plan ahead.
Third, clause 7.1 requires that planning of product realization must take into account "…quality objectives and requirements for the product." These requirements could include the ability to deliver products consistently regardless of emergency operating conditions. Clause 7.5.1 requires the organization to "…plan and carry out production and service provision under controlled conditions…." Thus, if the ability to operate under emergency conditions is needed, the organization should think through how to maintain control during an emergency.
Fourth, clause 8.5.3 requires the organization to "…determine action to eliminate the causes of potential nonconformities to prevent their occurrence." It also states: "Preventive actions shall be appropriate to the effects of the potential problems." Thus, if you're in an emergency situation and your inability to deliver on time or meet requirements would severely affect your customers, you should probably have a fairly comprehensive plan for such an emergency.
Last but not least, some industries have also mandated requirements for planning continued product or service delivery in emergencies. In other cases, these requirements could be part of customers' purchase orders or contract requirements.
Having a plan to deal with disasters might be required or expected by your customers, but there could be even more important reasons to think through your disaster plans. If your organization relies on consistent product or service delivery to provide needed cash flow, it might be a matter of organizational survival.
It's also useful to remember that ISO 14001 has a more direct reference to being prepared for emergencies. It requires that the organization claiming conformity to ISO 14001 "… shall establish, implement and maintain a procedure(s) to identify potential emergency situations and potential accidents that can have an impact(s) on the environment and how it will respond to them."
We should all give some thought to our plans for emergency situations. Our customers might not require it, but they're likely to want us to do it. Even if our customers don't care, a comprehensive and well-deployed disaster recovery plan could be important to an organization's survival.
John E. (Jack) West is a consultant, business advisor and author with more than 30 years of experience in a wide variety of industries. He is chair of the U.S. TAG to ISO TC 176 and lead delegate for the United States to the International Organization for Standardization committee responsible for the ISO 9000 series of quality management standards.
|
