From: Pat Dey
Subject: RE: Registrar Customer Feedback & Data /Dey/Kohn/Dey
> From: Brian Charles Kohn
> Subject: RE: Registrar Customer Feedback & Data /Dey/Kohn
>
> > From: "Pat Dey"
> > What precisely is the link between Registrars and the Customers which they
> > and ISO9k auditors claim to represent? How do Customers influence what
> > Registrars do?
>
> Excellent question, Pat. The end-customer, the true beneficiary of ISO 9000
> registration, is represented in the registration system by the national
> accreditation body, which is typically, but not always, an agency of the
> national government. The accreditation body is responsible for assuring
> that registrars operate in a fair and compliant manner themselves, for the
> good of the companies that rely on their attestations.
>
> Many of the accreditation bodies have significant participation from, and
> often are substantially controlled by, representatives of these end-customers.
Hmmm ... well let's look at the US body, RAB at https://www.rabnet.com/
"RAB is a private-sector organization that grew out of the U.S. voluntary standards community. As such, RAB does not report to ISO, the U.S. government or any other specific organization. RAB exists to serve the conformity assessment needs of business and industry as well as individual auditors."
I can't find anywhere on the site data which justifies the belief that "conformity is good for you". Nor can I find any data showing regular feedback from business and industry on its assessment needs and how well RAB is meeting them. (Maybe it exists but is not published on the website: if so, it should be.)
Compare this with the SEI's website at
https://www.sei.cmu.edu
(sorry, suitable for software quality management only).
The SEI are funded by the US Department of Defense - yet they have a whole section on their site devoted to collaboration: it's easy to find evidence that they listen to their user community which is much broader than defense suppliers alone.
Further there is a whole section of data: "The Software Engineering Information Repository (SEIR) compliments the Software Engineering Institute's (SEI) Web site. While the SEI Web site is a good source of information on practices and methods leading to improvement, the SEIR provides data and information on the experiences, benefits and use of these practices and methods in the field." So skeptics can find data which indicates the success or otherwise of their approach. Some might say the data are weak - but at least there's an attempt to gather, analyse and publish it.
So in summary: ISO 9k is just a model (a useful one at that). Compliance with it is an act of faith undertaken with no supporting data and with nobody trying to gather it. Control by customers is unclear. The SEI's program, by way of comparison, invites participation of all and publishes data on its effectiveness. (This is not a plug for the SEI in particular by the way, I'm using them as an example of how a quality program ought to generate data to justify its existence. There are other good programs in the software industry and I assume elsewhere.)
> > How do Registrars get data from Customers showing how effective
> > Registration is?
>
> Registrars should never be in the business of encouraging, or even defending,
> ISO 9000 registration. That, in itself, has the appearance of a conflict of
> interest.
>
> When I was a manager for a registrar, I would always present my services in
> the most professional matter possible, highlighting (perhaps) my strengths
> *over my competitors*, but I would never allow myself to be put in the
> position of defending ISO 9000 registration myself. I would simply say that
> if the client wanted registration we were the registrar to use; if they
> didn't want registration then that was fine with me.
>
> I would be very suspicious of any registrar who is actively trying to sell
> you on ISO 9000 registration. That's your customer's job, not your
> registrar's.
The problem with this is that there is no forum where customers come together to determine if the benefits of registration justify the costs. There is no forum for gathering and analysing the data on effectiveness. I had imagined Registrars would do this, since its their industry, but apparently they do not. I don't accept the conflict of interest argument: if they really wanted to, they could invent a way of measuring their effectiveness in a way which we all believed was credible.
So how do we know if compliance is, indeed, a good thing - something which helps us all do business more effectively. Without data on its effectiveness, ISO 9k certification is indeed, as someone remarked, no more than a marketing tool.
Regards,
Pat
Subject: RE: Registrar Customer Feedback & Data /Dey/Kohn/Dey
> From: Brian Charles Kohn
> Subject: RE: Registrar Customer Feedback & Data /Dey/Kohn
>
> > From: "Pat Dey"
> > What precisely is the link between Registrars and the Customers which they
> > and ISO9k auditors claim to represent? How do Customers influence what
> > Registrars do?
>
> Excellent question, Pat. The end-customer, the true beneficiary of ISO 9000
> registration, is represented in the registration system by the national
> accreditation body, which is typically, but not always, an agency of the
> national government. The accreditation body is responsible for assuring
> that registrars operate in a fair and compliant manner themselves, for the
> good of the companies that rely on their attestations.
>
> Many of the accreditation bodies have significant participation from, and
> often are substantially controlled by, representatives of these end-customers.
Hmmm ... well let's look at the US body, RAB at https://www.rabnet.com/
"RAB is a private-sector organization that grew out of the U.S. voluntary standards community. As such, RAB does not report to ISO, the U.S. government or any other specific organization. RAB exists to serve the conformity assessment needs of business and industry as well as individual auditors."
I can't find anywhere on the site data which justifies the belief that "conformity is good for you". Nor can I find any data showing regular feedback from business and industry on its assessment needs and how well RAB is meeting them. (Maybe it exists but is not published on the website: if so, it should be.)
Compare this with the SEI's website at
https://www.sei.cmu.edu
(sorry, suitable for software quality management only).
The SEI are funded by the US Department of Defense - yet they have a whole section on their site devoted to collaboration: it's easy to find evidence that they listen to their user community which is much broader than defense suppliers alone.
Further there is a whole section of data: "The Software Engineering Information Repository (SEIR) compliments the Software Engineering Institute's (SEI) Web site. While the SEI Web site is a good source of information on practices and methods leading to improvement, the SEIR provides data and information on the experiences, benefits and use of these practices and methods in the field." So skeptics can find data which indicates the success or otherwise of their approach. Some might say the data are weak - but at least there's an attempt to gather, analyse and publish it.
So in summary: ISO 9k is just a model (a useful one at that). Compliance with it is an act of faith undertaken with no supporting data and with nobody trying to gather it. Control by customers is unclear. The SEI's program, by way of comparison, invites participation of all and publishes data on its effectiveness. (This is not a plug for the SEI in particular by the way, I'm using them as an example of how a quality program ought to generate data to justify its existence. There are other good programs in the software industry and I assume elsewhere.)
> > How do Registrars get data from Customers showing how effective
> > Registration is?
>
> Registrars should never be in the business of encouraging, or even defending,
> ISO 9000 registration. That, in itself, has the appearance of a conflict of
> interest.
>
> When I was a manager for a registrar, I would always present my services in
> the most professional matter possible, highlighting (perhaps) my strengths
> *over my competitors*, but I would never allow myself to be put in the
> position of defending ISO 9000 registration myself. I would simply say that
> if the client wanted registration we were the registrar to use; if they
> didn't want registration then that was fine with me.
>
> I would be very suspicious of any registrar who is actively trying to sell
> you on ISO 9000 registration. That's your customer's job, not your
> registrar's.
The problem with this is that there is no forum where customers come together to determine if the benefits of registration justify the costs. There is no forum for gathering and analysing the data on effectiveness. I had imagined Registrars would do this, since its their industry, but apparently they do not. I don't accept the conflict of interest argument: if they really wanted to, they could invent a way of measuring their effectiveness in a way which we all believed was credible.
So how do we know if compliance is, indeed, a good thing - something which helps us all do business more effectively. Without data on its effectiveness, ISO 9k certification is indeed, as someone remarked, no more than a marketing tool.
Regards,
Pat