1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Quality ISO 9001:2008 in IT Service Delivery and Support Organization

Discussion in 'ISO 9001:2008 - Quality Management Systems' started by Padym, Oct 26, 2015.

?

ISO 9001:2008 in context to IT Delivery and Support

Poll closed Nov 2, 2015.
  1. Applicability is not straight forward as compared to Manufacturing Industry

    83.3%
  2. Applicability is relatively easier compared to Manufacturing industry

    16.7%
  3. Not experienced.

    0 vote(s)
    0.0%
  1. Padym

    Padym Active Member

    Joined:
    Oct 19, 2015
    Messages:
    55
    Likes Received:
    8
    Trophy Points:
    7
    Hi All,
    I have created this new thread specific to issues,discussion and share our experience related to how ISO 9001:2008 is applied to IT service Delivery and Support Organization.
    Example : A Managed IT Service Company providing products in the form of Links,server setup, cloud infrastructure, software development and supporting it as post delivery activities,warranties.
     
  2. Somashekar

    Somashekar Well-Known Member

    Joined:
    Jul 30, 2015
    Messages:
    114
    Likes Received:
    98
    Trophy Points:
    27
    Delivery and support is a process unlike delivery of tangible product. Consider Delivery = Install, set-up, run, watch, customize further, move to online support, move to AMC. So Delivery does not happen and end. It keeps on happening.
     
  3. Sidney Vianna

    Sidney Vianna Well-Known Member

    Joined:
    Jul 30, 2015
    Messages:
    127
    Likes Received:
    172
    Trophy Points:
    42
  4. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    I agree with Sidney. One of the reasons for creating ISO 20000 is that ISO 9001 is a difficult "fit" for an IT style of organization. Much better to employ that and not ISO 9001.
     
  5. Padym

    Padym Active Member

    Joined:
    Oct 19, 2015
    Messages:
    55
    Likes Received:
    8
    Trophy Points:
    7
    Thanks Somashekar, Sidney, and Andy. How do we identify the correct process in IT Service Delivery/Support organization for clause 7.5.1 Control of production and service provision and Clause 7.5.2 Validation of processes for production and service provision?

    Example : Consider a process which supports issues/requests logged by customer issues (Service desk, 2nd level network / server teams)and does actions based on pro-active monitoring. These actions are essentially post -delivery activities as agreed in the client contractual agreement. Few clarifications :

    1. Am I correct saying 7.5.2 clause applies to these type of processes ? (as the output cannot be monitored unless the service is delivered )
    2. Customer logged issues, and those issues observed by pro-active monitored can be considered as Non-conforming product and it should satisfy Clause 8.3
    (If this statement holds true, the practical suggestions to handle hundreds of such tickets on day-to-day basis)
    3. Which other specific clause applicable for such type of processes ?

    Seek your further inputs.
     
  6. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Can I ask if you've considered ISO 20000? Since you are struggling to understand how to meet ISO 9001, maybe THAT's a clue about why ISO 20000 might be a more appropriate option...
     
    Jennifer Kirley likes this.
  7. Padym

    Padym Active Member

    Joined:
    Oct 19, 2015
    Messages:
    55
    Likes Received:
    8
    Trophy Points:
    7
    Hi Andy, We have not considered ISO 20000 as of now, however we have few functions structured in accordance to ITIL for Incident, problem and change. But it is still long way to go before we come up together to start a project or thought process.

    As we are already certified for the ISO 9001, can you share your viewpoint on my query.
     
  8. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    I'm a little confused by your question. Your organization has an ISO 9001 compliant management system, but you're asking for guidance on what should be done to comply? Odd. What's the real issue here?
     
  9. Padym

    Padym Active Member

    Joined:
    Oct 19, 2015
    Messages:
    55
    Likes Received:
    8
    Trophy Points:
    7
    Hi Andy,
    There is no issue at hand, but my question comes as a thought on the appropriateness and applicability of this particular clause specific to a Support process. Hence I have sighted a specific example.
     
  10. Padym

    Padym Active Member

    Joined:
    Oct 19, 2015
    Messages:
    55
    Likes Received:
    8
    Trophy Points:
    7
    Hello All, Can anyone of you share your thoughts my specific example ?
     
  11. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    It's unlikely you'll get much more response. Don't forget that you're trying to apply a standard which isn't really set up for use in such an organization - witness the fact that ISO 20,000 exists to do just that, instead of "force fitting" ISO 9001...
     
  12. Padym

    Padym Active Member

    Joined:
    Oct 19, 2015
    Messages:
    55
    Likes Received:
    8
    Trophy Points:
    7
    Agreed Andy that ISO 20000 is an ideal applicable standard, but I am sure many such types of organization still certified to ISO 9001. The standard itself does not restrict its application to any specific type of industry.
    Any ways my post is not to challenge its applicability but rather to discuss and share views among our members on how they have interpreted, applied to conform to requirements and spotted a specific example in question for discussion.
    I prefer to keep this thread open for next seven days before it is closed.
     
  13. Deepak Kadam

    Deepak Kadam New Member

    Joined:
    Dec 14, 2015
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Hi all,
    Can someone please throw some light on applicability calibration clause (7.6 in 9001:2008) for IT company. Some examples will be really helpful.
     
  14. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Yes, indeed. You should be able to exclude it. I rather doubt that any measurements you make really need "calibration" to be part of ensuring they are accurate.
     
  15. drgnrider

    drgnrider Member

    Joined:
    Nov 30, 2015
    Messages:
    44
    Likes Received:
    17
    Trophy Points:
    7
    Location:
    Kansas, USA
    Thinking back to my telephony days, these were some of the items we would need calibrated today, so check the applicability to your business: load traffic simulator/generator, line noise/loss, power level, SWR. If resident software does these, the software will need verified.
     
  16. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    1,071
    Likes Received:
    722
    Trophy Points:
    112
    Location:
    USA
    TC 176 has issued the guidance document ISO/TC 176/SC 2/N 524R6 that explains exclusions. This guidance may also be useful when considering "relevance" in the 2015 version.

    I hope this helps!
     
    Somashekar likes this.
  17. Sandra T

    Sandra T Member

    Joined:
    Sep 4, 2015
    Messages:
    12
    Likes Received:
    6
    Trophy Points:
    2
    Location:
    Shropshire, England
    We have been certified to 9001 since 1996. We have always classed ourselves as a service provider(although then we created a product from the service) We have moved on in the tech world and are now a company that has both production and IT providing services. We are still audited to 9001 and also to 27001 (Information Security)
    I have not researched 20000, but maybe we should?!
     
  18. Nick1

    Nick1 Member

    Joined:
    Jan 27, 2016
    Messages:
    49
    Likes Received:
    20
    Trophy Points:
    7
    Some great points have been discussed already. I would like to point out that even in the conventional industries a lot of companies are plain service providers. There are a lot of companies in several heavy industries who never deliver a product but just maintain the installation on request. I don't think these services are any different than the ones an IT company provides, though of course the markets are completely different.

    I have implemented an ISO9001 management system at a industrial maintenance company which core business was providing services to heavy industry companies. The company just provided the service on request of the customer and just sent a mechanic to the side. This company didn't deliver any products, just man hours. You can use these type of companies as an example and find the common denominators with your situation.
     
  19. Kamran ali

    Kamran ali New Member

    Joined:
    Mar 5, 2019
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    I agree as well. ISO 20000 is a more relevant standard for IT industry and if your purpose is data safety then ISO 27000 is a better choice
     
    Last edited by a moderator: Mar 19, 2019
  20. Aegis Services LLC

    Aegis Services LLC New Member

    Joined:
    Jan 21, 2021
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Doha, Qatar
    ISO 9001 is also a good option