Yellow font on Black background Black font on White background Black font on Cream background
Call us today 01621 857841 or Email us
Quality Matters Logo

"Quality Matters in your Business"

Monday, 19 March 2018

Time is short, Transition deadline looms

According to a survey carried out with certification bodies in the UK, some 60% of organisations holding ISO 9001 and/or ISO 14001 have not transitioned to the 2015 standards.

The deadline for transition is 14 September 2018 ad it is essential that the transition assessment and any findings from that assessment are cleared.

I heard from one certification body that they expect UKAS to extend the deadline; we cannot stress enough that the deadline will NOT be extended under any circumstance and any organisation failing to transition will automatically be withdrawn from the register of certificated companies.

Any organisation that becomes de-certified will have to undergo a fresh application as though they never had a certificate, i.e. a new application then stage one followed by a stage two before the issue of a certificate can take place. Tenders and orders which mandate certification to 9001 and/or 14001 will be at risk.

The aircraft, defence and space standards AS9100, AS9110 and AS9120 also have a deadline date of 14 September 2018 even though the standard was published a year later than the 9001/14001 standards. Again, automatic de-certification will take place unless transition to the new standards is made.

If you have not transitioned yet, we recommend urgent action should be taken to be ready for the deadline. Time is short and of course you may be ready but cannot get an assessor in to do the two stages necessary for compliance. (assessors are incredibly busy and make bookings many months ahead).

Time is short for transition

Monday, 5 March 2018

Scams and other ways to part you from your money

It may be that people are more gullible at this time of year but it seems that the number of scams is on the rise.  We have had a number of telephone calls where the caller is trying to encourage us to buy bitcoins, transfer pensions or invest in various schemes. They are wasting their time, when we mention what we do as Management Consultants in security.

However, they are getting far smarter in their approach.  Masquerading as police, insurance companies, banks and other organisations. Fear of loss is being played upon to persuade us to transfer our money or other valuables in one form or another.

We have also received a number of bogus invoices and these are followed up with chasing emails.  The emails have a link to query the invoice; this link tries to download a virus which can compromise computer systems.

The GDPR has spawned quite a number of scams where you are being asked for details of customers, suppliers and staff ‘ to validate your compliance with GDPR’

And an old scam has raised its head again where an email from a senior member of staff, who is not in the office and not contactable, directs accounts to remit a payment on an urgent basis.  The email address been cloned or hacked and the payment is being made to the scammer.

This is the time of year when a good review of computer security should take place as well as:
  • A review of  antivirus systems
  • A review of  anti-malware systems
  • Training in the identification of bogus callers and scams
  • A review of the systems for processing payments of invoices
  • Training in GDPR to show what is required and conversely what should not be released.

Monday, 19 February 2018

Data Security

ISO 27001:2013 Information Security Management standard calls for controls to be implemented on removable media to stop unauthorised access/ transmission of data.

There have been cases where a disgruntled employee downloads data containing commercial information onto some form of portable memory device just before leaving employment. This can be customer information, product information, designs or drawings.

The compromise of these documents can be very damaging for the employer. It does not matter that the employee has signed a confidentiality agreement because the damage is done. If this data contains sensitive information, then the company can be held liable under the Data Protection Act (GDPR).

Most security minded employers who wish to prevent data downloads can stop any transfer of data from a USB port or other device by incorporating this into the Computer Group Policy, installed from the network during boot up, this disabling of USB ports for this purpose; the ports can still be used for a keyboard or mouse.

I am constantly surprised that companies that are normally careful with computer data have no firm policy on removable or portable memory devices.

A less effective method would be to have a 'No USB memory stick' condition in the Employee's terms and conditions, but this does need to be policed, and is less effective.

I have spoken here about USB sticks but this applies equally to SD cards, i-pods, etc. The relatively large capacity of these devices, often gigabytes in size, does mean that a considerable amount of data can be downloaded.

Security of data must be extended to portable memory devices.

Monday, 5 February 2018

ISO 45001 :2018 – Occupational Health & Safety Standard

The final draft of ISO 45001 was issued towards the end of 2017 and it is widely expected to be published formally at the end of February 2018.

This new standard follows the annex SL format in that it has 10 sections to make it easier to integrate with other management standards:

  1. Scope
  2. Normative References
  3. Terms and definitions
  4. Context of the organisation
  5. Leadership and participation of workers
  6. Planning
  7. Support
  8. Operation
  9. Performance evaluation
  10. Improvement.

There will be a period of three years from date of publication for BS OHSAS 18001 users to migrate to the new standard.  Clearly a transition period was not applicable as this is a new standard.

It is hoped that there will be a greater uptake as it is now an ISO standard and that more companies will look to introduce an integrated management system with Quality (ISO9001) Environmental (ISO 14001) and Occupational Health & Safety (ISO 45001) together.

There are many advantages o this approach, as many of the elements of each standard can be combined to shorten operational staff time and also external certification body man-days.

Quality Matters

P.O.Box 5479

T: 01621 857841
F: 01621 856016
M: 07702 193788

© 2015 Quality Matters Ltd. All rights reserved. Responsive Design