Why ISO matters: Bringing quality and trust into the supply chain

Factory-worker in hard-hat looking at factory floor

Caroline Tung speaks to printer manufacturer Lexmark and ISO consultancy Anitech about protecting IP and quality management for maintaining strong supply chains.


Printers typically sit quietly within an organisation, but the role they play is often central to supporting the core business.

With a high volume of data passing through printers each day, they can also become a point of intrusion for hackers, according to Lexmark managing director for Australia and New Zealand, Stephen Bell.

In the modern workplace, where printers often play an important role in company processes, protecting data and the integrity of products is one reason why implementing ISO standards can help protect manufacturers. This is why Bell believes it is important for businesses, including Lexmark, to have a standard to refer to, as it improves overall efficiency, cuts cost and leads to better products and services for the customer.

In the case of Lexmark, incorporating security technology into firmware in printers has enabled the company to quickly deal with emerging threats and respond to changes in the market.

“For us, by owning the technology, we can incorporate it into the design,” Bell said. “People recognise our devices for the hardware component and printing, but the technology is becoming part of that IT infrastructure to drive workflow and productivity.”

The company has developed the Secure Software Development Life Cycle, which covers a wide scope of the whole product life cycle from product development, to manufacturing and distribution.

Last year, Lexmark was the first printer manufacturer in the world to be recognised with the ISO 20243 Information technology — Open Trusted Technology Provider Standard. The certification adopts the open trusted technology provider version 1 standard to address threats related to maliciously tainting or counterfeiting products.

A set of guidelines, requirements, and recommendations address specific threats to the integrity of the hardware and the software, referred to as off the shelf information and communication technology products.

“Largely, it’s related to the customers. We’ve got longstanding relationships with a lot of the most security conscious organisations in the world, and we have a similar customer base here in Australia,” Bell said.

Bell explained that protecting data is not only about the device.

“We’ve got data moving through the devices, we’ve got hard drives, firmware and software on the devices. We need to encrypt that data, encrypt the hard disk, and then we need to be able to securely wipe information from the devices during and after the device life.”

A constant challenge working with customers like those in government, healthcare, and banks is what Bell calls “locking down” points of intrusion.

“We need to dynamically respond to that,” Bell explained. “You need to make sure your devices are secure, that the information does not end up moving outside of the user group or the organisation that owns that data.”

“These sorts of standards give us a framework within with to operate to make sure that we protect our customers,” he said.

Bell pointed out that customers spend millions of dollars on securing their networks, and some of them don’t always consider a printer as a point of vulnerability.

“If we can do that heavy lifting for them, then without a doubt, that’s one less thing they need to be concerned about,” he said. “There’s that information security piece, but I think the standard itself that we comply with goes even more broadly than that.”

 Incorporating security technology into firmware has enabled Lexmark to quickly deal with emerging threats and respond to changes in the market. Image credit: Lexmark

Success comes when the customer wins

“We’ve done our own research that shows that non-genuine or counterfeit parts, toners, and even poor-quality remanufactured items lead to poor customer experience,” Bell explained.

“Customers want to know if they’re making investments in equipment that supports their core business processes; that they’re going to get quality out of it. Through the standard, and through the way we manage our business, we make it easy for people to do that.”

One of the business philosophies Lexmark follows is the concept of “best together”.

The reliable performance of its devices is key because some of its large managed serviced customers have tens of thousands of devices.

“These devices are using parts – the best of all those genuine components, which is brought together,” Bell said. “When you look at it in terms of the standards, that incorporates things like supply chain and management. With this, customers then have confidence that the genuine Lexmark devices will drive the product reliability that they need in order to run their business.”

Retail is another big part of the company’s market, where a lot of customers operate their devices in areas where there is no redundancy, and the type of work they are performing with these devices is critical to their business.

Whether its store reporting or generating invoices, the performance of the devices is directly linked to the revenue generation of the core business that they’re trying to provide. And, the ISO 20243 information technology O-TTPS standard incorporates that. It goes beyond securing the device to securing the supply chain more broadly, so that customers can have a sense that what they are buying is genuine.

Being part of that IT infrastructure, Bell said that the company needs to be able to provide solid security around the products it puts to the market because they sit within that infrastructure.

“In some cases, it’s not just about intellectual property as such,” he said. “If we come back to the standard, it’s about safeguarding our customers’ information, and privacy is critical.”

“Product performance is a risk when IP is compromised, security can be a risk, and also general information.”

Subhead: Benefits of ISO certification for the manufacturer

A quality management system is a program that introduces controls for various risks within a business. These can include business risks, manufacturing process risks, or it could be their customer risks.

Director of ISO consultancy Anitech, Anita Patturajan, said quality management is about putting in risk mitigation plans around these different risks.

“The primary reason it is valuable to business is that they can manage these risks internally. Therefore, as part of the supply chain, they reduce the next risk to their customers,” she said.

One of the ways the ISO 9001 quality management system adds value to an organisation is that it does not only focuses risk management, but also compliance. It provides a non-prescriptive framework and defines a blueprint through which a business can model its quality management system.

“The real benefits to businesses are that you can set controls around management, services to your customers, and the supply chain so you can define the risks and manage them,” she said.

“When you reduce your risks to your end customer, that makes you attractive, because you’re inwardly and outwardly focused,” Patturajan explained. “You’ve got a product or service that delivers to your customers. The biggest piece of the quality management system objective is to support customers.”

The quality management system associated with Lean Manufacturing traditionally began with companies like Toyota, who introduced processes to cut cost and reduce waste.

Patturajan said in the 70s and 80s, businesses became more innovative and less costly to run. In the modern quality systems standard like the ISO 9001, processes become more enhanced and more focused on each business looking at their own business model and managing risks. This also expanded out of manufacturing to all the services.

Expert knowledge counts

Anitech employs specialist consultants who are engineers and business managers from a wide range of backgrounds and different industries. It assists small-to-medium enterprises, as well as large business, including national and international corporations.

After 15 years in ISO consulting, Patturajan said strong working relationships between all parties and good organisational structure are key to a successful and quality supply chain.

“This relationship is built upon factors such as the sharing of knowledge, trust, and the development of clear incident reporting processes,” she said.

“Businesses need to take steps such as following through commitment from leadership, training staff on their responsibilities, and conducting regular audits of their systems to ensure it continues to meet the standards.”

Patturajan said the companies that stand the highest chance of achieving certification to these standards demonstrate a commitment to quality to their staff, stakeholders, and customers.

A strong quality system can reduce waste and decrease costs associated with re-work. It leads to improvements in the quality of product or service to customers, customer satisfaction, supplier management, and on-time delivery.

“This then improves the business bottom line, which helps sustain the business, and allows for more focus on business improvement initiatives than putting out fires,” she said.