Quality of products and services
Tieto’s quality focus embraces the whole organization. The work is guided by business and customer needs, and evaluated against high international standards. In 2016, Tieto continued expanding its certification coverage and developing its quality roadmap to be able to create increasing business value and service experience for customers.
The cornerstones of ensuring good quality of products and services include establishing good governance of processes, constant measuring of performance, and adherence to relevant regulatory systems and industry standards. Tieto’s Quality Policy applies to all operations and employees, and states the benefits of maintaining high quality, the company’s objectives regarding quality, and how Tieto understands customers’ experiences of perceived quality.
92% of Tieto’s operations covered by our ISO 14001 based Environmental Management System.
Tieto’s quality system, Tieto Way, contains the most important business processes: Offering Development, Sales and Customer Relationship Management, Project Delivery, and Continuous Service Delivery. These processes constitute the main vehicle for strategy realization through Tieto’s operating model, including the roles, tools and competences. Together, they form end-to-end business processes needed for developing, selling and delivering products and services to customers. The management aspects of quality, risk, security and compliance are embedded into each business process.
The Tieto Way is continuously benchmarked and compliant with many international standards and frameworks. In addition to the ISO 14001 environmental management, ISO 9001 quality management, and ISO 27001 information security management standards, the Tieto Way complies with ITIL (IT Service Management), PMBOK (Project Management Book of Knowledge), and CMMI (Capability Maturity Model Integration). Furthermore, compliance is ensured with selected industry standards, such as ISO 13485 for medical devices, PCI-DSS for payment card data security, PA-DSS for payment application data security, and ISAE 3402 standard on Assurance Engagements.
Progress in ISO certification coverage
In 2016, Tieto made progress in extending the ISO certification coverage. We completed a certification roadmap based on business needs, and added new sites to our ISO certified network. For example, both Sweden and Norway completed country-level certification audits for the environmental management standard ISO 14001, which is increasingly a requirement from customers.
A total of 56 audits were planned and completed in 2016 for the maintenance of existing ISO certificates and certificate extensions. Currently, 77% of Tieto’s operations are covered with ISO 9001 and 48% with ISO 27001 certifications, hence meeting the target to maintain ISO certificates based on business needs. In addition, 92% of our operations are covered with ISO 14001 certifications, hence reaching the target to have all sites with more than 50 employees covered with this ISO standard. Coverage is measured in terms of number of employees.
Our aim is to have all non-conformities to be closed as per the requirements. In 2016, our external certification partner, DNV GL, reported ten major non-conformities. These were in the areas of information security objectives not defined, management reviews not planned/conducted, identification of security requirements of interested parties not done, risk analysis for customer requirements, and planning/conducting internal audits. Five non-conformities had a closure period in 2016 and have been closed. Five have a closure period in 2017. Tieto has done root cause analysis and identified corrective - preventive actions which were accepted by DNV. Implementation of corrective actions is in progress and these will be closed in the requested time period.
In these audits, DNV GL also identified a number of strengths across Tieto, such as high corporate culture related to environmental management, monitoring of energy consumption and focus on energy savings, regular monitoring of customer feedback at management and operational levels, improved customer survey methods and coverage, and systematic risk management within projects
In 2017, Tieto will continue to improve on quality aspects to provide business value for customers, and other customer experience improvements. The aim is also to maintain existing ISO certificates and add new certificates or sites based on business and customer requirements. Furthermore, we will initiate activities and audits to transition all existing ISO 9001 and 14001 certificates to the 2015 revised versions.