Featured Product
This Week in Quality Digest Live
Quality Insider Features
James Wells
You can learn a lot from one- and five-star ratings
Bruce Hamilton
Here’s to resilience in 2022
Gleb Tsipursky
Setting up a virtual water-cooler/cubical equivalent
Artem Kroupenev
What is your organization’s digital strategy?
Jeff Dewar
Industry professionals are needed more than ever

More Features

Quality Insider News
Seegrid partners with Applied Intuition to accelerate delivery of next generation material handling automation solutions
Strategic move to maintain high quality while innovating and scaling
Initiatives include collaborations with printer manufacturers pro-beam, Sciaky, DM3D, Gefertec, and Meltio
Providing high-quality semiconductors in challenging times
Blue light scanners utilize optical noncontact technology to quickly capture millions of accurate points in a single scan
Available in 50 mm and 80 mm FOV, they offer the power, speed, efficiency of digital imaging in a compact package
A cybersecurity expert lays out crucial HR practices to amplify attack readiness for modern businesses
Detect macro-geometry (nicks, runout) and micro-geometry (gear-mesh excitation, ghost orders) defects
Features low price-for-performance ratio, excellent in-run bias stability, zero cross-coupling by design, and Allan variances from 5 µg

More News

Quality Digest

Quality Insider

ASQ’s Next Big Thing

Preparedness and continuity

Published: Monday, June 16, 2008 - 21:00

The U.S. Department of Homeland Security (DHS) has solely sourced a grant to the American Society for Quality and the ANSI-ASQ National Accreditation Board (ANAB) to develop a national voluntary conformity assessment accreditation and certification program for private sector emergency preparedness and business continuity. The driver is Public Law 110-53 “Implementing the 9/11 Commission Act of 2007,” specifically Title IX on Private Sector Preparedness.

ASQ and DHS haven’t publicly announced this and its implications. ASQ’s and ANAB’s involvement will create new opportunities for quality professionals and for companies. So, let’s start at the beginning:

ANAB opportunity
Most readers are probably familiar with ANAB. ANAB is the ANSI-ASQ National Accreditation Board. ANAB accredits the management systems certification bodies (think ISO registrars) for ISO 9001 (quality management systems–QMS), ISO 14001 (environmental management systems–EMS), and other national/international standards. Basically, ANAB validates and verifies the integrity of ISO systems in North America.

So, what does this mean to you? More opportunities for training, consulting, internal auditing, and registrations. The DHS accreditation and registration system will first focus on business continuity planning. However, the next step is to develop security management systems (SMS). SMS are parallel management systems to QMS and EMS. ANAB already is the accreditor of ISO 27001 (information security management systems) and ISO/PAS 28000 (specification for the security management systems for the supply chain). Both of these documents fall within the generic security management system (SMS) concept. All have a similar quality look and feel. They are process-oriented, follow a plan-do-check-act (PDCA) model, follow a logical framework, can be registered (audited), are risk-based, and have an enterprise focus. Let’s discuss why this important.

Business-continuity risks
The risk of a supply disruption and the risk of maintaining information availability have become huge issues over the last few months. The Chinese earthquake and Myanmar cyclone have disrupted supply chains. Integrated supply chains based on a lean and just-in-time model can be disrupted much more easily. There’s little buffer inventory. If a plant has a fire or is devastated by an earthquake, then products may not be delivered to customers. Let’s make this personal. In our instant-gratification society, would you come back to a store if it didn’t have the advertised products in stock? Probably not.

Information can be disrupted through viruses and other malignant intrusions. More states have identity-theft statutes that require companies to protect personal information. If a person’s information is compromised, the company is required to notify the affected customers. What happens if the news hits the papers? No good. There’s reputation loss and possible litigation.

Two standards—NFPA 1600 and ISO/PAS 22399
So, what do organizations do? Several standards are available, and we’ll look at two: NFPA 1600 and ISO 22399. The National Fire Protection Association’s NFPA 1600 is called the “Standard on Disaster/Emergency Management and Business Continuity Programs – 2007 Edition.” The standard is free as a download. The standard consists of four pages of mandatory “shalls” and 8 pages of discretionary “shoulds.” The standard is process and risk-based. It is straightforward and relative easy to use.

ISO/PAS 22399 is called “Guidelines for Incident Preparedness and Operational Continuity Management.” You have to purchase the publicly available specification (PAS) from ISO or a registrar, much like ISO 9001. The standard is process- and risk-based. It has the ISO 9001 look and feel. It also follows the conformity assessment model of ISO 9001. Registrars are accredited and companies are registered.

What does this mean for you?
If you’re a consultant or an operational manager, pull NFPA 1600 off the web and buy ISO 22399. Do both. Each has benefits. Let’s look at what these can do:

  • Uncertainty and risk are critical business factors. Both documents provide a process for understanding and quantifying threats to your organization.

  • Both standards use a framework, are process-based, focus on risk-controls, emphasize appropriate documentation, and emphasize continual improvement.

  • Standards provide risk tools for quantifying the impacts, risks, and controls you can use to minimize business disruptions.

  • Risk tools help you focus your attention on areas of highest risks (Pareto).

  • Risk tools help you document threats, risks, and controls.

Many improvement programs focus on tools such as Six Sigma and lean. Business continuity can offer your company additional peace of mind. Business continuity can provide you—the consultant—with an additional source of income.


About The Author

Quality Digest’s picture

Quality Digest

For 40 years Quality Digest has been the go-to source for all things quality. Our newsletter, Quality Digest, shares expert commentary and relevant industry resources to assist our readers in their quest for continuous improvement. Our website includes every column and article from the newsletter since May 2009 as well as back issues of Quality Digest magazine to August 1995. We are committed to promoting a view wherein quality is not a niche, but an integral part of every phase of manufacturing and services.