I Married a Monster from ISO 9000

Thank you Verity

Somewhere there is a hell reserved soley for auditors.

Sir

Good stuff.

My personal ISO9k favourite procedure is to have a web page set up to tell everyone to file everything under '$BIN/'

When auditor asks for contents of $BIN, point to procedure that dictates everything under $BIN is deleted every 6 hours for security.

Never fails :)

Five Nines? I Can...

...do much better than.

Consistantly getting nine fives.

Methinks

that too many of the readers will have difficulty working out the hymns that you so expertly para-phrase!

I do think that security audits can also be a bit of a trial. Can we include them in the hell reserved for ISO 9000 auditors!

ISO 9000 is BS

It was bullshit in the chemical industry in the late 1980s and no doubt is bullshit now too. Thank fully we have nothing to do with the dross.

Excellent!

But - the "contraversial" second verse? Not like you, Ms Stob!

ISO ::spit::

In the mid to late eighties, I worked for a small branch of a large company. We had maybe 20 people in our division, yet we shipped 20% of the company's total sales (repackaged OEM gear that we integrated with our own product).

In 1987ish, a VP convinced the CEO that we had to become ISO certified.

All of a sudden, our small division had 8 new "managers" trying to document everything we were doing. That's a 400% increase in management ... to produce the exact same product.

Our division went from zero(!) power-on field failures over four+ years to an industry acceptable 2.5% ... That's right. We went from perfect to one in forty didn't work on power-up in the field. The folks who shipped our own home-grown kit wound up with a 4% field failure rate (up from just under 1%).

Our "perfect in the field" reputation was ruined, sales dipped, profits dropped, the Board ousted the CEO/President, and we hired MORE middle-management to try to figure out why sales and profits were falling ...

Needless to say, the dude in charge of ISO certification was promoted.

Almost true

Confession: I was an auditor once. Before I went contracting, any reasonably senior engineers got turned into auditors if they wanted to keep a career progression going, and all projects got regular internal audits from them. Which is a good plan, because:

(a) You've been down the pub with the other person, so as an auditor you don't want to totally hang him out to dry, and as an auditee, you've been down the pub with the other person, so being blatantly bolshy will result in something similar, plus you're probably an auditor yourself so you know he's not enjoying it;otherwise they'll manage to forget you in the round next week;

(c) As an auditor, you probably know where the skeletons are hidden bcos you've done it yourself, and as an auditee you know that he probably knows, so a general shortage of skeletons in the first place (or at least skeletons that can't be explained away with a damn good moan about the previous manager that you both hate) is a good plan.

In theory we don't need auditors, bcos it's mostly a case of stating the bleeding obvious. In practise, it's all too common to never get round to the bleeding obvious problems, bcos there's some more immediate fire that needs fighting.

The easiest nit to pick, for example. How often is there one standalone machine which is essential for running a compiler/test tool/analysis program/chip programmer, running some ancient software with an unbacked-up configuration set up by one person five years ago who knew about it at the time? At my current place, there is a majorly flakey 486SX running Win95 which is the only machine capable of compiling and programming for an old product. The hard drive is now suffering bit rot, but they no longer have the CDs for the compiler, and it wouldn't run under XP/Vista anyway, so they're just crossing fingers that they can obsolete the product before the PC dies.

And really don't get me started on traceability, since I took over an automotive on-board diagnostics team a few years ago. The previous bloke had just set people doing things which seemed like a good idea at the time, in spite of the fact that a lot of legislative requirements (which you can't sell your cars if you don't meet them) tell you exactly what to do. It took me the better part of a month to work out how deep the shit was, never mind starting shovelling it out to fix the damn thing. Most of the team didn't even know there were requirements, never mind where to find the documents, and the customers were majorly unhappy.

There may be a circle in hell reserved for auditors, but the same circle is also reserved for muppets who can't be arsed to read a spec. The punishment for auditors is sadness at the inevitability of stupidity mixed with boredom at applying the red-hot irons to a never-ending succession of muppets. And of course, the punishment for the muppets is the red-hot irons plus the knowledge that you knew what you should have done so you didn't need to be on the rack.

Although there's a further circle in hell reserved for companies who produce such arcane or pointless quality documents that no human being can follow them...

We don't make software

At the last place management didn't tell the auditors we actually wrote software.

The ISO9000 people came in, made sure we had written procedures for orders, made sure the orders matched the invoices and delivery notes and gave us the little gold star.

Nobody questioned how we got the stuff we were shipping!