Interview with KalPoint.com


KPDC: Please tell us about your family, your educational background and brought up?

Mr. Syed Arshad Hashmi (SAH): We are three brothers and one sister and I am the youngest one. My father passed away in 1999. He was a retired DSP. My mother is a 20-grade officer and I am a great admirer of her. She was in 9th class when she got married. After my birth, she re-started her studies and did her graduation, then continued her education to do LLM and in December 2006 she submitted her thesis for PhD.

About my early education, after Matriculation I went to National College where I did my Intermediate. Afterwards, I went to NED where I did my graduation in Mechanical Engineering in 1995.

When I started by practical career, it was a golden period for these International certifications and at that time only 11 companies were certified to ISO 9000 standard. As I had been involved in teaching during the university days, I was very inclined towards personal interaction and educating the people. I found this standardization a very attractive field and fortunately found a job in a consultancy firm providing consulting services for these International certifications. I worked there for 2 years, got acquainted with the consulting, standardization and certification process and afterwards started my own consultancy firm which is now named as ‘Quest Consultants’.

At that time there were only three types of certifications available; ISO 9000, ISO 14000 and SA 8000. At present, we are providing consulting services on more than 13 different International Standards. These standards and certifications are related to Software Management, Health & Safety Management, Information Security Management, Food Safety Management, Quality Management, etc. It has been 9 years now of my own and 11 years of my total consulting working experience. We have provided our consultancy services to almost every industrial sector

Our recent success is the ISO 27001 Information Security Management System standard which has been achieved by Khanani & Kalia International (Pvt) Ltd (KKI) in Dec. 2006. KKI is the first and only company in Pakistan to achieve the ISO 27001 certification with our consulting services. Thus we are the proud consultants to put the name of Pakistan on the world map of information security.


KPDC: What is the difference between consultancy, training and auditing? And How much responsive do you find companies towards certifications?

SAH: Trainings are conducted and provided to create the awareness and understanding against any specific standard. We offer two types of trainings against any International Standard. Executive training, in which only key issues relevant to the standards are addressed. The other one is the Detailed training in which we prepare a team to implement a certain standards.

Auditing means to find the level of conformance of a company against a particular standard. Auditing is also done to find the ‘gap’ between a company’s existing system and the system required for certification. This type of auditing is called ‘Gap Analysis’

Finally, the consultancy is the turnkey solution against any International Standard till its final Certification. It includes training and auditing both. First of all training phase is initiated, then implementation, auditing and at last the recommendations for the final certification.

As for the second part of the question, I found certain companies very pro-active for consultancy and certifications. But most of the people here are followers. When they see other companies doing well, they take interest and hire us for the consultancy and certification purposes.


KPDC: Do you think companies at Pakistan are performing according to international standards? Where do we lack?

SAH: The performance of the companies in Pakistan is getting better, that’s why they are being awarded certifications. But the proper utilization of these standards to improve the overall performance of organization is something which our companies lack. Most of the companies acquire the certification for the sake of the certificate; which is not the main purpose of these standards and certifications.

These standards represent the best practices in the world in a specific area. The implementation of these standards is the most important thing. If the standards are implemented to the full extent, only then companies can avail the benefits of these certifications in the true sense.


KPDC: How many companies in Pakistan are capable of qualifying for the CMMI appraisal?

SAH: CMMI is a standard for Software Management. I believe that there are certain software houses which have all the talent and capabilities to qualify for the CMMI appraisal. The only hurdle is the cost of these appraisals, as the cost is quite high. Therefore, not every organization can afford to have this standard, unless the Government provides them the subsidy.


KPDC: What are the aims and objectives of Quest Consultants? What are your responsibilities as the CEO of ‘Quest Consultants’?

SAH: Quest Consultants (QC) is dedicated to equip our local companies with the latest international standards, certifications and techniques for improving not just the quality of the product, processes and systems but also enabling them to compete with any company on an international level. We want to aware the business operators in Pakistan of the importance of the international standards since, internationally; a company is recognized on the basis of the standards and certifications it acquires. That’s the main objective of our company to provide consultancy to our local companies so that they obtain the international standards and compete in the international markets.


KPDC: What problems do you face during your consultancy assignment?. What are the limitations in your consultancy services?

SAH: There are all types of people we have to deal with. Some of them are resistant to our consultancy; they are not ready to implement new practices in their organizations. Mostly, we face resistance due to attitude and cultural issues. However, some of our clients put complete faith on us. We have been working for last 11 years, and the basis of our working is truth and honesty. There are people who approach us and show all their faith and confidence on our services. They are ready to transform their organization according to our consultancy. What we need is the commitment from the top management of an organization to implement mechanism we provide to them. Our responsibility is to develop the best and most optimized systems for the company. We can incorporate the best practices of the standard in the company’s existing practices and make things as easy and practical as possible. However, we CANNOT implement those systems and practices, the organization itself can do that.


KPDC: What areas do you cater and do you serve an organization through technical assistance only or do you offer legal assistance also?

SAH: Apart from the technical consulting services, we also offer the legal assistance to our clients, if required within the scope of any standard requirement. For example, the standards which include the legal affairs are the Social Security Standard and WRAP (Worldwide Responsible Apparel Production). In the WRAP, there are certain clauses related to Labour Laws. Through our Advisors on Labour and Corporate Laws, we address these issues. When required, we take the advices on these issues from our experts and incorporate them into the process.


KPDC: What benefits can an organization avail after acquiring the ISO 27001 Information Security Management System?

SAH: I think even if an organization doesn’t acquire the certification, but only if it complies with the ISO 27001 requirements, all of its security issues starting from the peon to the CEO will be addressed and nothing will stay un-addressed. There will be a mechanism and back-up for everything. There is not a single issue that can’t be dealt with. In this sense, the major benefit is that you’ll cover everything as far as the security of an organization is concerned, be it physical security, personal security, asset security, record security, visitor’s security, net issues, information systems etc. That’s the major benefit; I believe organizations can obtain by only following the standard.

However, ISO 27001 certification has its own benefits in the form of external party check over a company’s security systems and the International recognition of its security management system.


KPDC: What is the scope of ISO 27001 certifications in Pakistan?

SAH: Information is getting advanced and technology dependant and in the next 5 years or so, if you secure this area you secure everything. Information security is going to be the issue. Everyone is working on it globally but we are late in the business. Most of the companies in Pakistan are doing the things to secure the information in bits and pieces like Business Continuity Planning (BCP) and/or Disaster Recovery Planning (DRP). In that way they may be able to address the information security issues partially but not completely.

They are not aware of the fact that to comprehensively address the issue of information security, there is a need of a complete Information Security Framework which is available in the form of ISO 27001 standard. The BCP and DRP are well covered in this standard along with other vital areas for information security.

KPDC: Any message for the youth of Pakistan?

SAH: I would like to share my personal experience. I tried very hard in my studies in the university for a particular subject. When the results were announced, I obtained just passing marks and those whom I used to teach, attained better numbers. I got very disappointed. Then one of my seniors told me that one who tries hard gets success, that’s what everyone knows, but there are times when you work hard but you don’t succeed. That’s my message to all young people that results are not in our hands, what we can do is just try our best and leave everything else on our Almighty Allah. We should be prepared for the positive and negative both outcomes. If you live with this approach you’ll never get disappointed will immediately move forward.

QUESTION: Hi, my name is Sultan and I reside in Dubai. I am about to start a business soon inshaAllah. I need to know about the ISO certification. What do they mean and on what basis these certificates are awarded to organizations? (Sultan Qureshi, Dubai)


SAH: ISO is an International Organization for Standardization which is responsible to create standards. There are two types of standards; Product standards and Systemic standards.

ISO 9000 is a Quality Management System which focuses upon the quality of an organization; ISO 14000 is the Environmental Management System which focuses on the environmental issues; OHSAS 18000 caters to Occupational Health and Safety. ISO 22000 is the Food Safety Management System and ISO 27000 is an Information Security Management System.

I assume that you want to know about the most common certification, ISO 9001, which is a Quality Management System and it basically focuses upon the product and services quality that you are offering, their specifications and most importantly the consistency in their provision.

Any organization can acquire the ISO 9001 certification. It is awarded on the basis of the compliance to the requirements of the ISO 9001 standard. All the requirements are laid down in the ISO 9001 standard. Some of them are:

 Having a Quality Policy and Quality Objectives.
 Certain do*****ented procedures e.g., for the control of Substandard product or services, Record Control and Do*****ent Control etc.
 The implementation of these systems and other requirements


QUESTION: Assalam-o-Alaikum, my name is Nasir. I have a small running business in textiles and I want to enhance it. How much helpful can your organization be in this regard? (Nasir Junejo, Karachi)


SAH: Our core expertise is towards the certifications and these certifications not only improve the company system but also help in improving the image of the company. For the new companies, we try to make our consultancy very economical and assist them in acquiring the certifications through which they can improve not only their internal system but also their market image.


QUESTION: Hello, I am Salman from Lahore. What benefits can an organization avail after getting a consultant’s consultancy? (Salman khan, Lahore)


SAH: First, I tell you why the consultants are there. If an organization is into a trade, the main focus is upon its core expertise that is the field it’s working in. In addition to the core business expertise, the company requires certain other services which compliment its core business functions like Human Resource services, IT services and legal Services etc.

Since no one person can be an expert in every field so for these other required services expert are required. In this way, the required complimentary services are outsourced to the experts which are called “Consultants”.

As regards to our company, we are working into the field of International standards and certifications. Companies can spend their lot of time in acquiring these certifications themselves but the consultants, being an expert in the field, shorten the time and do the job in a more convenient and better way. Moreover, the consultant has the required body of knowledge and the external experience which also adds value to the existing practices in the company. That’s why people hire consultants to have the expert view over that core area according to their requirements.

KPDC: Thank you so much for being here and enlightening us with your thoughts. C U on Net.

SAH : I also enjoyed being here. C U On Net 2.
----------------------------------------------xxx------------------------------------------------

Top