Yellow font on Black background Black font on White background Black font on Cream background
Call us today 01621 857841 or Email us
Quality Matters Logo

"Quality Matters in your Business"

Monday, 10 July 2017

When is ISO 9001 Certificated but of no value?

Hardly a day goes by without some organisation announcing that they can get you through ISO 9001 or other Standards cheaply and in double quick time.

There is a single accreditation body in the UK, this is UKAS, the UK Government decided that there should be only one body tasked with authorising certification bodies.  There are a good number of these and the certificates they issue bear the UKAS tick and crown logo.

These certification bodies must reach, and maintain a high standard to continue to claim that they are in fact an accredited certification body.   Regular and strict audits are carried out.  One principle is that no certification body can offer consultancy; this would be a conflict of interest and is prohibited.

On the other side non accredited organisations issue certificates claiming to meet the requirements of which ever standard is covered.  Some even show a logo claiming to be accredited by some other accreditation agency.  This is designed to fool anyone gullible enough to believe it.

UKAS is not a regulator and has no powers to stop these organisations carrying on.

A good number of these non accredited organisations have sprung up; some offer consultancy and certification as a package.  I often say to people who contact me “how can they fail to certify you when they have set up the system?   The sad truth daws on these people when they submit a certificate claiming to show compliance with a Standard only to find that it is not recognised, except by the issuing authority.

One other fact is clear; you cannot set up a system and get it certificated in 30 days (or less in one case) as clearly an assessor must be able to audit what you have done not what you are planning to do.  Evidence is just not there under these timescales.

Beware of non accredited organisations.  If it seems too good to be true it probably isn’t any good.

Monday, 26 June 2017

Another Cyber attack warning

It seems that cyber attacks are a bit like buses: Nothing for a period of time and then three come along at once.

This one is slightly unusual as it aimed at people who use USB sticks.  The criminals leave USB sticks at places where there are lots of people.  The sticks, some of which are branded, launch a ransomware or other virus once plugged into a laptop or other device.  If the device is part of a domain then the virus is transferred to the domain as well.

The one I have seen looks like a blank USB stick but the virus works in the background and in one instance the virus is not activated for up to 48 hours. This could allow an infected set of data to be backed up.  This could prevent a restore of good data in the event of a ransomware attack.

USB sticks are so cheap nowadays it is sheer folly to plug an unknown stick into your system.

Monday, 12 June 2017

EternalRocks Worm

If you thought the Wannacry Ransomeware worm which brought a vast number of computer systems to their knees was a major disaster, then watch out for this next one.  EternalRocks uses 7 leaked NSA hacking tools.  These were developed by the American Security Agency to hack into enemy systems, however the leaked versions are now being used to extort money worldwide.

This new one doesn’t alert the user that the system is infected until 24 hours later, hoping that a backup of the infected system will have been made and make restore more difficult.
The worm does not have a ‘kill switch’ which halted the spread of Wannacry.  It is looking for systems to infect and then demand a fee for the decrypt key. The vulnerability uses unpatched SMB ports.

We understand that systems which have the latest operating systems and are patched should be ok.    Certificated users with ISO 27001 will be aware of the requirements for this.

It is vital that organisations have good backups of data and that these backups are fully verified so that they can be installed in case of a problem. It is too late when a restore fails through an unverified backup or the backup is corrupted.

Cyber Crime is fast becoming the number one risk.

Tuesday, 30 May 2017

Latest news about ISO 45001 Occupational Health & Safety Standard

The latest draft of this Standard has been issued and is due to be voted on at the end of May 2017.  This is an important vote as it will determine if the revised draft can go through to publication or will need to be further amended and then move to a final draft.

There have been some serious changes since the last effort which resulted in an avalanche of objections.  The main areas were the involvement of workers and their representatives at every step.  Many countries thought that this was really over the top and would hamper operation of businesses.   Clearly there needs to be input from workers, usually in the form of H&S works committees and safety is paramount.

The implementation of Health & Safety across the world  is significantly different and producing a Standard to satisfy all these was always going to be challenging.  An example I saw was in Belgium where road works were in progress; they didn’t close off vast stretches of the road to effect these roadworks as we do in this country, but merely put cones around the actual work.
If the latest draft is accepted without significant changes required it could be published as soon as September.  If however it requires amendment and moves to a final draft then it is unlikely to be published this year.

I know that a  number of organisations planning to incorporate OHSAS system are trying to decide whether to go for OHSAS 18001 or wait until ISO 45001 is published.

We will keep you up to date with developments

Quality Matters

P.O.Box 5479

T: 01621 857841
F: 01621 856016
M: 07702 193788

© 2015 Quality Matters Ltd. All rights reserved. Responsive Design