How to Set the ISO For Canon EOS 5D Mark II

The technology of ISO settings on digital cameras replicates the rated speeds of the films of yesteryear. In very general terms, ISO is the sensitivity to light of the sensor in the same way that film speeds were more or less sensitive to light. But there are differences between film and digital sensors; specifically, as the sensitivity setting increases on a digital camera, the output of the sensor is also amplified. This was referred to as grain when we used high-speed films. So, although you have the option of increasing the ISO sensitivity at any point in shooting, the tradeoff in increased amplification or the accumulation of an excessive charge on the pixels is an increase in digital noise. And the result of digital noise is an overall loss of resolution and image quality.

Partly because the 5D Mark II has relatively large pixels on the sensor and because Canon has done a fine job of implementing advanced internal noise-reduction processing, the 5D Mark II stands out as the top performer even at high-sensitivity settings, particularly at exposure times of 30 seconds or less.

In this smart mode borrowed from point-and-shoots, Auto ISO controls the sensitivity of your sensor depending on the Shooting mode you ‘re in. In Full or Creative Auto, P, Tv, or Av, the camera selects between a 100-3200 ISO range. Switch to M, B, or add a Speedlite, and Auto ISO locks in at 400. Auto ISO is shown as an A on the LCD panel when selected and is located at the bottom of the scale by rotating the Main dial counterclockwise after pressing the ISO selection button.

ISO range and Custom Function options

The 5D Mark II offers a wide ISO range, including Auto and settings from 100 to 6400 in 1/3-stop increments or 1/2-stop increments, set by using the options in C.Fn I-01. The ISO range can be expanded to include ISO 50 (shown as L), 12800 (shown as H1), and an incredible 25600 (shown as H2) by setting C.Fn I-03 to On. Be aware that ISO 50 reduces the dynamic range in the highlights by approximately 1 stop, which makes this sensitivity less useful in high contrast light. ISO 50 can be useful in a studio setting by providing flexibility in aperture choice.

With the 5D Mark II, Canon offers an option to reduce or eliminate noise in long exposures.

Using the long-exposure noise-reduction option, available by using C.Fn II-01, noise is totally or virtually eliminated by processing in-camera that ‘s very capable but takes almost as long as the exposure to complete.

Setting the ISO and extended range ISO

To change the ISO setting on the 5D Mark II, follow these steps:

1. Press the ISO selection button above the LCD panel. The current ISO setting appears on the LCD panel and in the viewfinder.

2. Turn the Quick Control dial clockwise to set a higher sensitivity or counterclockwise to set a lower sensitivity. The camera displays the ISO settings as you turn the dial. If you have ISO expansion turned on by using C.Fn II-01, then ISO 50 is shown as L, ISO 12800 is shown as H1, and 25600 is shown as H2. The ISO option you select remains in effect until you change it again.

To turn on ISO expansion, follow these steps:

1. Press the Menu button and then tilt the Multi-controller until the Custom Function (orange) menu appears.

2. Press the Set button. The Custom Function screen appears, and the Custom Function number control in the top-right corner of the screen is activated.

3. Turn the Quick Control dial to set the C.Fn I number to 03 and then press the Set button. The ISO expansion control is activated.

4. Turn the Quick Control dial clockwise to select option 1: On and then press the Set button. ISO expansion remains turned on until you change it.

ISO 9001 – A Process Interaction Matrix


One of the requirements of ISO 9001:2000, specified in the paragraph 4.2.2 c), requires a company to develop a quality manual that, among other attributes, shall contain “a description of the interaction between the processes of the quality management system.” Through my experience, as a professional auditor, with dozens of companies around the world, I found that very few businesses had developed practical approaches to address this requirement. Attempts to document process interactions range from busy and hard to read flow charts to establishing cross-reference tables in the quality manual. I observed one of the best tools to address process interaction requirement at Quality Works, a small on-line publishing company.

Initiation of the project

Quality Works, a small Internet-based publishing company, has set a goal to establish compliance with ISO 9001:2000 standard. The Management Team assigned the company’s Business Manager to develop and implement documentation to address new requirements of the standard. While most of the new requirements were simply addressed through preparation of the corresponding procedures and work instructions, documentation of the interaction of the processes created some difficulties. Attempts to document interaction of processes through traditional flow-chart resulted in a hard to read busy document that did not impress the management team.


To address this issue, the management group conducted a brainstorming session to search for a new tool. The group determined that there were two types of the processes: processes related to product realization and processes related to the management system as follows:

Business management processes:

– Documentation management
– Management review
– Internal audit program
– Non-conformity and Corrective & Preventive Action (NC-CAPA) System
– Communication
– Resource management
– Record management
– Information technology

Product realization processes:

– Market analysis
– Product design
– Verification
– Validation
– Product release
– Order processing
– Product delivery
– Customer satisfaction
– Continual improvement

Identification of process interactions

Analyzing system and product realization processes, the management team concluded that virtually all system processes are interrelated. For example, management review may receive inputs from corrective actions, communication, internal audits, etc. Internal audit process receives inputs from all processes within the company and provides feedback or input into all those processes.

Product realization process was found to be more linear than system processes. For example, results of the market analysis initiate product design. Product design leads to verification. If verification is successful, validation of the product takes place. Validation of the product results in product release and finally communication regarding availability of the product. Customer satisfaction and continual improvement close this sequence with a possibility of providing inputs into Product delivery, Order processing, Product release, etc.

To document process interactions, the company elected two tools. The first, top-level definition of the process interaction was documented in the Process Interaction Matrix shown in Figure 1 (see links below). The second tool was a well-known technique of flow-charting for those processes that required graphical illustration.


Use of the Process Interaction Matrix at Quality Works proved that it is a helpful concise method of defining and documenting interaction of processes for an ISO 9001:2000 quality management system. Based on our experience, we also realized that the same matrix might be successfully used for other standards requiring definition of the interaction of the processes, such as ISO 13485:2003, ISO/TS 16949 [3] and others.


The author would like to express his gratitude to Maria Allen, the President of Quality Works, for her willingness to conduct and publish this case study.


[1] ISO 9001:2000 Quality management systems – Requirements

[2] ISO 13485:2003 Medical devises – Quality management systems – Requirements for regulatory purposes

[3] ISO/TS 16949 Quality management systems – particular requirements for the application of ISO 9001:2000 for automotive production and relevant service part organizations.

Copyright Quality Works

Managing Risk in Information Technology

As information technology increasingly falls within the scope of corporate governance, so management must increasingly focus on the management of risk to the achievement of its business objectives.

There are two fundamental components of effective management of risk in information and information technology: the first relates to an organization’s strategic deployment of information technology in order to achieve its corporate goals, the second relates to risks to those assets themselves. IT systems usually represent significant investments of financial and executive resources. The way in which they are planned, managed and measured should therefore be a key management accountability, as should the way in which risks associated with information assets themselves are managed.

Clearly, well managed information technology is a business enabler. Every deployment of information technology brings with it immediate risks to the organization and, therefore, every director or executive who deploys, or manager who makes any use of, information technology needs to understand these risks and the steps that should be taken to counter them.

ITIL has long provided an extensive collection of best practice IT management processes and guidance. In spite of an extensive range of practitioner-orientated certified qualifications, it is not possible for any organization to prove – to its management, let alone an external third party – that it has taken the risk-reduction step of implementing best practice.

More than that, ITIL is particularly weak where information security management is concerned – the ITIL book on information security really does no more than refer to a now very out-of-date version of ISO 17799, the information security code of practice.

The emergence of the international IT Service Management ISO 27001 and Information Security Management (ISO20000) standards changes all this. They make it possible for organizations that have successfully implemented an ITIL environment to be externally certificated as having information security and IT service management processes that meet an international standard; organizations that demonstrate – to customers and potential customers – the quality and security of their IT services and information security processes achieve significant competitive advantages.

Information Security Risk

The value of an independent information security standard may be more immediately obvious to the ITIL practitioner than an IT service management one. The proliferation of increasingly complex, sophisticated and global threats to information security, in combination with the compliance requirements of a flood of computer- and privacy-related regulation around the world, is driving organizations to take a more strategic view of information security. It has become clear that hardware-, software- or vendor-driven solutions to individual information security challenges are, on their own, dangerously inadequate. ISO/IEC 27001 (what was BS7799) helps organizations make the step to sytematically managing and controlling risk to their information assets.

IT Process Risk

IT must be managed systematically to support the organization in achieving its business objectives, or it will disrupt business processes and undermine business activity. IT management, of course, has its own processes – and many of these processes are common across organizations of all sizes and in many sectors. Processes deployed to manage the IT organization itself need both to be effective and to ensure that the IT organization delivers against business needs. IT service management is a concept that embraces the notion that the IT organization (known, in ISO/IEC 20000 as in ITIL, as the “service provider”) exists to deliver services to business users, in line with business needs, and to ensure the most cost-effective use of IT assets within that overall context. ITIL, the IT Infrastructure Library, emerged as a collection of best practices that could be used in various organizations. ISO/IEC 20000, the IT service management standard, provides a best-practice specification that sits on top of the ITIL.

Regulatory and Compliance Risk

All organizations are subject to a range of information-related national and international legislation and regulatory requirements. These range from broad corporate governance guidelines to the detailed requirements of specific regulations. UK organizations are subject to some, or all, of:

* Combined Code and Turnbull Guidance (UK)

* Basel2

* EU data protection, privacy regimes

* Sectoral regulation: FSA (1) , MiFID (2) , AML (3)

* Human Rights Act, Regulatation of Investigatory Powers Act

* Computer misuse regulation

Those organizations with US operations may also be subject to US regulations such as Sarbanes Oxley and SEC regulations, as well as sectoral regulation such as GLBA (4), HIPAA (5) and USA PATRIOT Act. Most organizations are possibly also subject to US state laws that appear to have wider applicability, including SB 1386 (California Information Practice Act) and OPPA (6) . Compliance depends as much on information security as on IT processes and services.

Many of these regulations have emerged only recently and most have not yet been adequately tested in the courts. There has been no co-ordinated national or international effort to ensure that many of these regulations – particularly those around personal privacy and data protection – are effectively co-ordinated. As a result, there are overlaps and conflicts between many of these regulations and, while this is of little importance to organizations trading exclusively within one jurisdiction, the reality is that many enterprises today are trading on an international basis, particularly if they have a website or are connected to the Internet.

Management Systems

A management system is a formal, organized approach used by an organization to manage one or more components of their business, including quality, the environment and occupational health and safety, information security and IT service management. Most organizations – particularly younger, less mature ones, have some form of management system in place, even if they’re not aware of it. More developed organizations use formal management systems which they have certified by a third party for conformance to a management system standard. Organizations that use formal management systems today include corporations, medium- and small-sized businesses, government agencies, and non-governmental organizations (NGOs).

Standards and Certifications

Formal standards provide a specification against which aspects of an organization’s management sytsem can be independently audited by an accredited certification body and, if the management system is found to conform to the specification, the organization can be issued with a formal certificate confirming this. Organizations that are certificated to ISO 9000 will already be familiar with the certification process.

Integrated Management Systems

Organizations can choose to certify their management systems to more than one standard. This enables them to integrate the processes that are common – management review, corrective and preventative action, control of documents and records, and internal quality audits – to each of the standards in which they are interested. There is already an alignment of clauses in ISO 9000, ISO 14001 (the environmental management system standard) and OHSAS 18001 (the health and safety management standard) that supports this integration, and which enables organizations to benefit from lower cost initial audits, fewer surveillance visits and which, most importantly, allows organizations to ‘join up’ their management systems.

The emergence of these international standards now enables organizations to develop an integrated IT management system that is capable of multiple certification and of external, third party audit, while drawing simultaneously on the deeper best-practice contained in ITIL. This is a huge step forward for the ITIL world.


(1)Financial Services Authority

(2)Markets in Financial Instruments Directive

(3)Anti-money laundering regulations

(4)Gramm-Leach-Bliley Act

(5)Health Insurance Portability and Accountability Act

(6)Online Personal Privacy Act

ISO 9001 Consulting – A Risk Management Approach

The Problem With How Consultants Implement ISO 9001 Quality Management Systems

ISO 9001 requires that an organization identify and implement effective controls over its quality management processes. Businesses will typically identify its processes under typical categories such as operational processes, support processes and outsourced processes. Collectively the controls exercised over these processes will make up their quality management system (QMS). Many ISO 9001 Consultants and organizations go about implementing QMS process controls in a very superficial manner resulting in a system that does not provide any value to the organization and consequently any return on the cost of its investment. The main reason they got certification was to satisfy a customer contractual requirement.

But ISO 9001 can do a whole lot more for an organization if implemented the right way. Effective risk management control over each QMS process and the interaction between processes can result in huge improvements in an organizations productivity and bottom line.

The Solution: So how does an organization use risk management to control its processes?

A process typically has inputs, outputs and value-adding activity. Each of these process characteristics use various resources. These resources include manpower, materials, machinery and equipment, facility and environment, methods, management, etc. These resources are all variables and subject to risk in their use.

An organization must identify the nature and degree of such risk and implement appropriate controls over them. Tools such as Fishbone analysis or FMEA’s (Failure Mode and Effects Analysis) may be used to perform this risk analysis. A discussion on how to use these risk analysis tools will be left to another article.

Listed below are some of the controls an organization should consider for each of the resources used in any QMS process.


– Inventory management

– Inspections & Tests

– Standards & Specifications

– Supplier Management

– Identification & Traceability

– Turnover & Preservation


– Capability, capacity and & technology

– Engineering & support

– Inspection, measuring & test equipment

– Tools, dies & fixtures

– Maintenance & supplies

– Equipment layout


– Skills, knowledge & experience

– Training

– Responsibility & Authority

– Empowerment, Motivation & Morale

– Adequate staffing

– Health & Safety


– Building & facilities

– Environment controls

– HVAC and other utilities

– Housekeeping, health & safety

– Lighting, air quality & noise

– Contingency/emergency measures


– Systems & Procedures

– Inspection & Tests

– Quality Plans & Checklists

– Work Instructions

– Bill of manufacture/assembly

– Technology/automation/robotics

– operational and administrative software

– Process flowcharts

– FMEA’s & process controls

– Drawings & blueprints


– Objectives/tracking/review/improvement

– Standards/codes/regulations

– Specifications/tolerances/criteria/tolerances

– Operational data/statistics/SPC

– Efficiency & effectiveness

– Customer Satisfaction

– Bench-marking


– Leadership & Planning

– Policies & Objectives

– Commitment & involvement

– Organization & resources

– Follow-up & review

– Communication

How To Use These QMS Process Variables:

– Determine which of these resources variables apply to each process identified in your QMS.

– Determine which combination of controls apply to that process variable – process input, output or value-adding activity.

– Implement the controls you have identified and verify their effectiveness.

This article provides a brief overview to using a risk management approach to effectively implementing ISO 9001 in an organization. Keep in mind that ISO 9001 is a business management tool. So the benefits you get from using it is directly related to how effectively you use it. The risk management approach is a very powerful way to use ISO 9001 to effectively control your business and benefit significantly in terms of customer satisfaction and profitability.

ISO 9001 Vs Six Sigma

I won’t get into the history and background of each process management approach. You only have to Google “Six Sigma” or “ISO 9001” to get your fair share of information. This article will go for the jugular on a topic that has been on my mind for some time. I am not trained in Six Sigma but I have always respected the program from afar and I have researched enough on this topic to give a fairly educated opinion. I can appreciate its call to action and I understand there is a strong group of supporters but I honestly feel like Six Sigma is yesterday’s fad. It has been touted in best-selling business books but that was 10 years ago.

Before I get off-topic, let’s jump straight into a bullet list that lists the problems with Six Sigma:

1. 3M, GE, Home Depot, Ford and other major companies are pulling back on Six Sigma because research shows that customer satisfaction and employee morale has suffered

a. On the other hand, customer Satisfaction is a major theme of ISO 9001 as Customer Focus is one of the eight ISO 9001 management principles.

2. Over analyzing

a. On the other hand, ISO 9001 simply suggests that your business should take a Factual Approach to Decision Making. This means making informed decisions and ensuring data and information are sufficiently accurate and reliable and accessible to those who need it. ISO 9001 wants you to use the facts but to also balance it with experience and intuition.

3. Six Sigma and innovation do not co-exist in the same world

a. Another major theme of ISO 9001 is Continual Improvement. Unlike Six Sigma, ISO 9001 puts innovation squarely on the roadmap for organizational success.

4. It’s all about numbers and not about customers

a. Again, ISO 9001 makes it abundantly clear throughout the standard that Customer Focus is a key element to business success.

5. Six Sigma = cost cutting. Surely, your business exists do to more than just cut costs?

a. ISO 9001 reminds us that in addition to cutting costs, we also have to focus on Mutually Beneficial Supplier Relationships, Leadership, Involvement of People and more.

6. Six Sigma = micromanaging

a. ISO 9001 is anything but micromanaging if it is well-implemented by an experienced consultant. The standard only required six documented procedures. A smooth-running ISO 9001 certified company is one that operates on its own positive, organic momentum.

7. It is elitist. Since when should a company only take direction from Black Belts? Whatever happened to everyone in a company acting as a process improver?

a. Not the case with ISO 9001. Only one central role of Management Representative needs to be assigned. As for the rest of the employees, everyone is encouraged to play their part.

8. It does not incorporate information technology – a huge force that can impact processes

a. There isn’t anything specifically written into ISO 9001 speaking to Information Technology. However, several sections of the standard allow ample opportunity for IT to shine and play a central role.

9. It espouses incremental improvement, not radical breakthroughs

a. One of my personal favorite Management Principles of ISO 9001 is Continual Improvement.

10. Read any article about Six Sigma and you are bound to find a disclaimer section addressing concerns or issues with it.

a. ISO 9001 does not generate the same kind of backlash Six Sigma is getting

11. A Fortune 500 article stated that “of 58 large companies that have announced Six Sigma programs, 91% have trailed the S&P 500 since”

a. On the other hand, a Harvard Business School Working Paper by David I. Levine and Michael W. Toffel published on January 18, 2010 concludes that ISO 9001 delivers value, is not a fad, increases sales by roughly 10%, and more. The authors mention “…the strength and consistency of our findings leads us to shift our own priors in favor of the hypothesis that ISO 9001 adoption is more beneficial than we had anticipated.”

12. It is based on arbitrary standards

a. 3.4 defects per million opportunities sounds great for some industries assuming their products are life-threatening or simply cannot endure any margin of error. But would you apply the same strict standard to your typical contact centre or service provider? Why does it need to be six standard deviations? This is not explained. Also, Six Sigma operates on the assumption that process data always conforms to a normal distribution model.

Hopefully this helps shed more light on the controversial subject of comparing Six Sigma to ISO 9001.

ISO Consultants’ Services – Essential to Any Small or Large Industry

International Organization for Standardization or ISO is an autonomous, non-governmental membership group and the largest creator of the voluntary International Standards in the world. International Standards can make things work and provide the first-class specifications for goods, services or the systems, to ensure the quality, security and effectiveness. This group has brought out over 19,500 International Standards including almost every business, from technology, to safety of food, agriculture and also healthcare. These International Standards can impact everyone, in all places.

In the realization of the best management system, some of the organizations are found to depend on their own staff but some make use of the services of any external ISO consultant. The responsibility of a ISO Consultant is to make sure that the ultimate management system is able to meet the planned objectives of organizations in the most efficient and successful way. Even while hiring the services of any such consultant, the concern and dedication of the organizations’ top management are major factors for recognition of a quality management system.

A competent consultant would always be ethical, adaptable, observant, communicative, responsible, decisive, sensible and ISO certified professional. The ISO consultant must also have knowledge of the legal and regulatory requirements related to the companies’ activities, as well as practical information of the organization’s systems, products and also customer expectations before starting the consulting services.

The task of any genuine ISO Consultancy –

The major duties of these ISO Consultants are summed up here –

1. ISO consultants can write an overly complicated or elaborate ISO 9001 quality manual along with quality procedures.

2. Such ISO Consultant Services would recognize the work in areas, which comprise marketing, management as well as accounting.

3. They assist in improving the businesses through evaluating weaknesses and suggesting solutions.

4. Their task may consist of reviewing fiscal statements, assessing competitors and examining business practices.

5. When the research is accomplished, these consultants can build up a new business model or arrange recommendations and offer them.

6. They would make a plan and then carry out an audit in contract with the process as per ISO 19011: 2002. Moreover, they gather intention confirmation by way of diverse techniques and decide on conventionality to the requirements of the Quality Management System.

ISO is beneficial to all SMEs

ISO standards help the industries to find new markets for the goods and make the production and managing of materials more protected. Moreover, this kind of standards can make market access easier, especially for SMEs, because of the reduced cost and time to the market. ISO standards can also improve the brand recognition and offer customers the assurance that a technology is tested and dependable. Besides, in any business, it is always seen that scalability is essential if they are to speed up production and contend with the big players in the market; ISO 9001, ISO 14001 can give them the process control to perform that.

Monitoring the Procedure of ISO Documentation and Quality Management

The ISO (International Organization for Standardization) documentation & quality management is a certification that companies attain to prove their quality standards. It consists of a family of quality management system standards that companies need for recognition and breaking down their barriers of trade. To date, it covers almost all aspects of business and technology, spanning from agriculture to high technology industries.

The idea of maintaining these standards is to ensure that your business and its operations are working under standards recommended by global experts. Hence, certification of the same allows businesses to grow and establish business relationships faster. Every business, regardless of its size, is advised to follow a ‘process approach’ which is the management and control of the interactions between processes. A generic process begins with an input which goes into a set of activities that result into an output. The input and output can be tangible or intangible, but ISO is concerned with the control, monitoring and measurement of the processes.

Purpose of Monitoring and Quality Management:

The purpose of monitoring is manifold. Monitoring a process means conducting a sequence of planned measurements or observations to ensure whether control measures are operating as required. Conducting this activity enables the entity to take multiple actions:

Identify those critical limits in operations where process adjustments need to be triggered

  • Identify those deviations which lead to a loss of control
  • Create a printed documentation of the process control system

In a normal course of business, a typical monitoring and quality management activity could be:

  • Measuring temperature of a liquid
  • Marking the time it takes to complete a task
  • Observing pH levels of a solution
  • Measuring moisture levels of a product or packaging
  • Recording behaviour of chemicals over a period of time/aging

These monitoring activities are essentially conducted by an apparatus or the appropriate equipment such as a:

  • Timer
  • Thermometer
  • Weight scales
  • Chemical testing equipment

Process of Monitoring
Monitoring is done by two broad procedures, depending on practicality.

  1. Continuous
  2. Discontinuous

A continuous inspection is generally carried out by machines or equipment, sensors or testers that monitor the process at all times. This means that every product is tested and tried before it is sent to the output stage of the process. E.g. a light bulb manufacturing concern tests every bulb before packaging by a tester and then sorted in the end to ensure zero tolerance policy at all times.

A discontinuous process or inspection means that sampling is done at a certain frequency to ensure quality assurance of the product. It is done for those concerns where the output is at a very large scale or monitoring every delivery becomes more costly than the process itself. E.g. a plastic film manufacturing concern that produces plastic films continuously; or, a call center where all calls are recorded but a random few are counter-checked for behavior. This is more cost-effective but also cannot guarantee a zero tolerance policy on finished goods/services rendered.

Process of Quality Management.

A continual quality management system involves a repetitive process of ensuring constant customer satisfaction. A generic process begins with an input which is processed in to an output. The output reaches the customer but either via customer feedback or the monitoring process the product/service in measured and improved until management decision is required. If there is an improvement required then the cycle restarts from the input stage so that a better output materializes.

Corporate Manuals

Corporate manuals for ISO documentation & quality management are practical for every kind of business. Every business runs a common generic process that includes an input, process and finally and output. Monitoring merely ensures control measures are in order and quality management procedures minimize customer dissatisfaction at all times. Industry specific tools are however available to avoid unnecessary costs of wastage and errors. These manuals carry an important role in developing a level playing field for smaller companies to access other markets and ensure fair global trade.

ISO 9001 Okay Now You Have It How Do You Market It?

Marketing ISO 9001 2000.

Lately we’ve been seeing a lot of press releases from wineries and suppliers touting their ISO certifications. “We’ve obtained ISO 9001: 2000,” they trumpet. Great! But what exactly does that mean?

In simple terms, ISO certification verifies a company’s compliance to a set of globally accepted s tandards for quality management and operational systems. The name ISO refers to both the Greek word for equal, and the International Organization for Standardization, a worldwide federation established in 1947 with a mission to facilitate the international exchange of goods and services. More than 90 countries use the ISO standard.

According to Anke Varcin, head of public relations for ISO, the organization’s function is to develop the standards that auditors use to evaluate companies seeking certification. “ISO … does not audit organizations and does not issue certificates attesting to the fact that they conform to ISO standards,” Varcin explained. “Certification is carried out independently of ISO by some 750 certification bodies around the world. ISO does not control their activities.”

How does ISO determine its standards? “What happens is that the need for a standard is felt by an industry or business sector which communicates the requirement to one of ISO’s national members,” Varcin said. “The latter then proposes the new work item to ISO as a whole. If accepted, the work item is assigned to an existing technical committee. Proposals may also be made to set up technical committees to cover new scopes of technological activity. In order to use resources most efficiently, ISO only launches the development of new standards for which there is clearly a market requirement.”

There are many different types of certification, depending on the company’s function and the year in which certification was issued. “Previously, ‘ISO 9000-certified’ organizations were actually certified to one of the three standards in the 1994 version of the ISO 9000 series: ISO 9001, ISO 9002 and ISO 9003,” Varcin said. “The scope of these standards differed, but they were of equal rank.” (For more information about the various certifications, visit the ISO Web site:

In 2000, the revised and improved ISO 9001:2000 standard was introduced to replace the 1994 versions. Organizations certified to the 1994 versions were given until Dec. 15, 2003, to upgrade to ISO 9001:2000. Both ISO 9000 and ISO 14000 concern the way a company goes about its work–but not directly the result of this work. However, the way in which a company manages its processes will obviously affect its final product.

So why seek ISO certification? “Deciding to have an independent audit of a management system … is a decision to be taken on business grounds,” Varcin said. Companies may decide to seek ISO certification for any number of reasons, including market requirements, customer preferences or staff motivation. Companies that adhere to ISO standards may benefit from increased demand for their products, more positive customer feedback and a reduction in costs.

On the subject of cost, there is no set price for certification. According to Varcin, it varies depending on such factors as the company’s current quality management system, the size and complexity of the organization and the attitude and commitment of the top management.

Setting An Example

If anyone knows how the ISO certification process works, it’s Lisa Farrell, director of communications for New York’s Canandaigua Wine Company. Two of Canandaigua’s wineries–Mission Bell, in Madera, Calif., and New York’s Widmer’s Wine Cellars–have obtained ISO 9001:2000, and several more of the company’s California, New York and Washington wineries are scheduled to follow.

“Canandaigua Wine is making a concerted effort toward standardizing its processes throughout the production environment to gain discipline and sustainability,” Farrell explained. “The ISO certification provides us with standard operating procedures, which include valuable communication and system feedback loops among Canandaigua Wine and its customers, employees and managers. It helps us document and control our manufacturing processes to help exceed customer expectations and ensure quality processes within our production environment.”

To get the process rolling, Canandaigua worked with Dr. Judy Luchsinger, who consulted with Fetzer during its ISO certification in 1994. With Luchsinger’s help, Mission Bell and Widmer’s completed the following steps leading to their ISO 9001:2000 certifications.

Applied to approved ISO-certifying bodies and selected Lloyd’s Register Quality Assurance for auditing toward certification

Formation of ISO leadership teams at both wineries

Kick-off meetings held with employees at both wineries

Quality manuals created at both wineries

Employee training at both wineries

Audit and certification process, including all areas of production, bottling and distribution, including internal and external audits conducted by an assessor representing Lloyd’s Register Quality Assurance.

“After the external audit, the assessor then makes a recommendation for or against certification, which is reviewed by the management team of (the certifying body),” Farrell said. Both Mission Bell and Widmer’s were approved after about a year.

“The (certification) standards are challenging to meet,” Farrell said. “To pursue them, you must follow standard operating procedures as outlined in your quality manual and have the discipline and focus needed to follow these consistently and in a highly efficient manner. This process demands strong leadership from senior management and a sense of commitment and teamwork among employees at all levels.”

Is Getting Certified Worth The Effort?

To get the inside scoop, we asked wine industry suppliers (listed in the W & V Buyer’s Guide/Directory) to tell us why their companies took the plunge, and whether or not they’re happy with the results. This partial list represents a random sampling.

Supreme Corq, Inc. Kent, Wash.

According to marketing manager Joyce Steers-Greget, Supreme Corq decided to pursue ISO certification “to ensure a consistent, quality product … to ensure continuing customer satisfaction and effective process controls … and to receive a globally recognized quality process certification.” The company earned ISO 9001:2000 in July of 2002. “Our customers are pleased that we have taken this proactive step … Some larger wineries or grocers require compliance to quality and food standards to be an approved supplier. As the wine industry becomes more global, ISO certification will likely be necessary to compete in this international arena.”

M.A. Silva Corks, USA Santa Rosa, Calif.

“Our supplier in Portugal felt that the market was looking for companies that had that certification, that (it would give them) some sort of competitive advantage. They also felt that it would greatly improve the company’s performance and (help it to) operate at a better standard,” said company representative Neil Foster. After meeting the requirements for ISO 9001, Foster said, the company’s product improved and business increased. “And also new markets opened up for us…and we noticed that we saw increasing business from (existing) customers. It’s a positive thing, without a doubt.”

Novembal San Francisco, Calif.

Though Novembal itself is not ISO certified, its supplier–TetraPak Plastics in Mexico–obtained ISO 9001:2000 in Nov., 2002. “We (felt) that is was important for our company to adopt a quality system like ISO, because this system permits us to integrate all of the company’s processes–human resources, maintenance and management,” said TetraPak ISO coordinator Adriana Flores. Since adopting ISO standards, Flores said, her company’s clients feel more secure and the company’s processes run more smoothly. “The most important improvement is the process standardization.”

Scott Laboratories, Inc. Petaluma, Calif.

“In order for our growing company to continually improve we needed a good documented quality management system,” said ISO lead auditor Mary Ann Changnon. “Also some of our customers were requiring ISO certification from their vendors.” The company’s cork and laboratory sectors were awarded ISO 9000:1994 in July of 1999, and all company sectors obtained ISO 9001:2000 in August of 2001. “We use ISO certification as a sales tool. We open our quality system to our customers so they can see our commitment to continually improve both our products and services. We have noticed improvements in many of our products due to improved processes as a result of customer input.”

A Few Basics of Digital Camera Technology

Digital camera technology has made a huge step forward over past few years. Digital cameras became advanced with a number of enhanced features, and easier to use at the same time. Photography has become more fun with the possibility of taking pictures without using a film, previewing them on a liquid crystal display screen before printing them, and storing all the pictures in a computer or laptop. Digital camera technology also made taking photos less expensive than it was with the film-based cameras.

New terminology used in digital camera technology may seem too complicated and hard to learn, especially for those who spent years learning and using film cameras. However, while the terminology may be new, it is not that difficult to understand the principles of digital camera technology, if you are willing to learn a few basics.

For example, the term pixel, in digital camera technology, means picture element and is the leading indicator of how smooth the picture will look when printed. Digital cameras are all rated in pixels and inform the user how many millions of tiny square make up the picture. A one mega-pixel camera will have one million squares included in it, while a five mega-pixel camera will contain five million. In simpler terms, the more mega-pixels (MP) a picture has, the smoother it will appear.

Color is rendered in a combination of colors, noted as one to 255 in each pixel. Each pixel is defined by a combination of red, blue and green and a different shade of each color combined to provide accuracy. For example, a pixel defined in the digital camera technology of 125-blue, 37-red and 76-green would show as Navy blue. This color rendering is used in each pixel that makes up the color photograph, and provides over 16 million combinations for each color.

When working with film, it was rated for speed, or light-gathering capability. The higher was the ISO number, which used to refer to as ASA, the less light was needed to take the picture. In digital camera technology there are similar capabilities, expressed in the same ISO ratings. Most digital cameras have a pre-set ISO rating of 400. Meaning it will take decent pictures in the ISO ranges of 100, 200 and 400. Above that, the lack of light will affect the picture quality. More expensive digital cameras, may offer settings up to 6,400 ISO. Cameras of this type are normally used by professionals who work in a variety of lighting conditions.

Digital camera technology has advanced zoom capability in optical and digital zoom. Digital zoom may seem to be somewhat the same as optical zoom, but in fact it doesn’t bring objects closer – it is merely enlarging the entire picture and selecting a section from it to make bigger. Usually, with the use of digital zoom the picture loses its quality.

Are You Meeting ISO 27000 Standards for Information Security Management?

The ISO 27000 standard was developed by The International Electrotechnical Commission (IEC) and International Standards Organization (ISO). The ISO 27000 is an industry standard and internationally accepted for information security management.

The ISO 27000 family provides an extensive list of requirements and codes of practice. Of which, ISO 27001 is a specification that sets out the specific requirements that must be followed that a companies information security management system (ISMS) can be audited and certified against. All the other ISO 27000 standards are codes of practice. Therefore ISO 27002, 27003, 27004, 27005, and 27006 will provide non-mandatory but considered as best practice guidelines that companies can choose to follow as required.

With the surge of hack’s and website breaches that have involved many large organizations and their customers information being obtained and leaked has cause for many to realize that no matter how protected you think you are it may require much more consideration than previously thought. This is why there is legislation and requirements in place to help protect that data and all consumers from having their data stolen. As such all companies dealing with sensitive information must comply with the following regulations.

The ISO 27001 currently will help any organization to protect information and is increasingly being adopted and many are now choosing to be compliant regardless of the implementation costs that may be required.

There are many agencies that exist who will perform independent and expert reviews on current systems in place to help show pitfalls and compare against the current industry standards. The benefits of becoming compliant for a business can be that after any iso 27001 gap analysis, based on the information that is obtained from the review an information security framework can be established and recommendations can be made to help bring the security levels up to an industry standard and being accredited with certification can be very advantageous for customers. Once the security levels have been raised there will be an option to educate internal staff with the knowledge to help maintain and progress the internal security infrastructure.

Although being compliant with the ISO 27001 requirements there are other legislative requirements that exist for any company who are store, process or transmit payment card data must be compliant within the following areas of information security management known as the Payment Card Industry Data Security Standard (DSS PCI).

This is just the beginning of the requirements on not just companies but local councils and anyone who is dealing with sensitive information. As technology is ever advancing and changing the legislation and requirements are updating and keep up-to-date to ensure that there is minimal risk to users information.