29 February- will you marry me?
This is the date when a woman can propose marriage to a man, turning the traditional tables a full 180 degrees. Unfortunately for Microsoft it also meant a full blown outage on its Cloud platform named Azure.
Apparently encrypted data sent between a virtual server and the host system looked up the security certificate to authenticate the message. Certificates are valid for a year so the system sought to validate the certificate as at 29 February 2013. As 29 February comes around every four years, there is no 29/02/2013 and the system crashed. Worse was to follow as the system tried to restart itself and being unable to do so tried to repair and restart on other parts of the system which also failed, causing a cascade failure.
I doubt that the system engineers at Microsoft were in a proposing mood as the outage went on and on for 8 odd hours.
The millennium bug which was supposed to cause such mayhem as the clocks ticked over to 2000 caused little concern, but this four yearly event was different. We have nearly four years to prepare for the next 29 February in 2016. Let us hope we are all ready.
As an aside, many years ago I had a call from a Client on 29 February and she told me that it was the day that women could propose to men and 'what was I going to do about it?' I was somewhat taken aback as I hardly knew the woman and I was already married. Fortunately she used the ploy to get a reduction in her annual contract with my company; how could I refuse?
Apparently encrypted data sent between a virtual server and the host system looked up the security certificate to authenticate the message. Certificates are valid for a year so the system sought to validate the certificate as at 29 February 2013. As 29 February comes around every four years, there is no 29/02/2013 and the system crashed. Worse was to follow as the system tried to restart itself and being unable to do so tried to repair and restart on other parts of the system which also failed, causing a cascade failure.
I doubt that the system engineers at Microsoft were in a proposing mood as the outage went on and on for 8 odd hours.
The millennium bug which was supposed to cause such mayhem as the clocks ticked over to 2000 caused little concern, but this four yearly event was different. We have nearly four years to prepare for the next 29 February in 2016. Let us hope we are all ready.
As an aside, many years ago I had a call from a Client on 29 February and she told me that it was the day that women could propose to men and 'what was I going to do about it?' I was somewhat taken aback as I hardly knew the woman and I was already married. Fortunately she used the ploy to get a reduction in her annual contract with my company; how could I refuse?
Labels: Business continuity
Posted: Monday, 21 May 2012
You don't have to be paranoid
The latest idea to allow you to pay your smaller bills using a mobile phone does not fill me with great confidence. The number of mobile phones stolen each year could mean that a thief could withdraw quite a lot of money, even though it will be in small amounts for each transaction, without any risk.
Contactless or 'pay by wave' credit and debit cards did seem to be a good idea but I recently heard that thieves with hand held scanners were testing them in crowded areas to see if they could identify people carrying them. They would then simply use the scanner to make a transaction or steal the card and use it a number of times before reaching a payment limit or the card being deactivated. It is hard enough to get the banks to deal with phantom cash machine withdrawals let alone phantom contactless payments.
My wife thinks I am becoming paranoid when I purchased a new wallet which has a stainless steel thread covering the outside. It effectively shields any cards in my wallet from scanners. It however does afford some protection and particularly in crowded tubes or the upcoming games.
I know the maximum amount that can be withdrawn is supposed to be £25 but the time and hassle in getting this refunded and a new card issued makes me wonder if it is worth the risks.
There was a similar situation when the first passports were issue with an embedded chip and were waved at a scanner. I haven’t heard of any major problems with those.
It could be that I am overly concerned and it may not be a risk at all, but my gut feel is that the thieves are getting cleverer by the day and this is too much of an easy way to make money that they will simply not be able to ignore.
Contactless or 'pay by wave' credit and debit cards did seem to be a good idea but I recently heard that thieves with hand held scanners were testing them in crowded areas to see if they could identify people carrying them. They would then simply use the scanner to make a transaction or steal the card and use it a number of times before reaching a payment limit or the card being deactivated. It is hard enough to get the banks to deal with phantom cash machine withdrawals let alone phantom contactless payments.
My wife thinks I am becoming paranoid when I purchased a new wallet which has a stainless steel thread covering the outside. It effectively shields any cards in my wallet from scanners. It however does afford some protection and particularly in crowded tubes or the upcoming games.
I know the maximum amount that can be withdrawn is supposed to be £25 but the time and hassle in getting this refunded and a new card issued makes me wonder if it is worth the risks.
There was a similar situation when the first passports were issue with an embedded chip and were waved at a scanner. I haven’t heard of any major problems with those.
It could be that I am overly concerned and it may not be a risk at all, but my gut feel is that the thieves are getting cleverer by the day and this is too much of an easy way to make money that they will simply not be able to ignore.
Labels: bank security, information security, Personal security
Posted: Tuesday, 8 May 2012
Non Accredited v Accredited Certification Bodies
Certification to the various Management Standards such as ISO 9001 (the Quality management Standard and 14001 (the Environmental management standard) have been recognised worldwide as viable qualifications.
The UK Government has appointed a sole Accreditation Body to accredit certification bodies to issue certificates of compliance to management standards.
Accreditation by UKAS demonstrates the competence, impartiality and performance capability of these evaluators.
UKAS is a non-profit-distributing private company, limited by guarantee. UKAS is independent of Government but is appointed as the national accreditation body by the Accreditation Regulations 2009 (SI No 3155/2009) and operates under a Memorandum of Understanding with the Government through the Secretary of State for Business, Innovation and Skills."
This company asked me to look through their Quality Manual; it was riddled with errors and did not comply with ISO 9001. It was confused and woolly, it did not address the six mandatory procedures required by 9001 and did not even reference the correct Standard. The Company, quite rightly, feel that they have wasted their money and will now have to expend more money to gain proper certification.
These non-accredited certification companies should be severely censured if they do not provide the promised outcome. I also believe that UKAS and or Trading Standards should act and prosecute where they can see misrepresentation has taken place.
To be absolutely sure that your certificate gives confidence that your systems actually meet the requirements of the Standards and will stand up to external scrutiny then insist on a UKAS Accredited Certification Body. If in doubt, look at the UKAS web-site http://www.ukas.com/about-accreditation/accredited-bodies/certification-body-schedules.asp
The UK Government has appointed a sole Accreditation Body to accredit certification bodies to issue certificates of compliance to management standards.
"The United Kingdom Accreditation Service is the sole national accreditation body recognised by government to assess, against internationally agreed standards, organisations that provide certification, testing, inspection and calibration services.
Accreditation by UKAS demonstrates the competence, impartiality and performance capability of these evaluators.
UKAS is a non-profit-distributing private company, limited by guarantee. UKAS is independent of Government but is appointed as the national accreditation body by the Accreditation Regulations 2009 (SI No 3155/2009) and operates under a Memorandum of Understanding with the Government through the Secretary of State for Business, Innovation and Skills."
I was contacted recently by a company that had been 'certificated' to both the standards by a non UKAS certification body. The company believed that they met the requirements of the two standards because year after year their 'Assessor' told them that they were compliant. Imagine how they felt when one of their major customers carried out a vendor audit on them and told them that their certifications were worthless and they were far from compliant with 9001 and 14001.
It makes my blood boil when I see these so called certification companies issuing certificates purporting to show that full compliance to the international standards has been achieved when in fact they do nothing of the sort.
This company asked me to look through their Quality Manual; it was riddled with errors and did not comply with ISO 9001. It was confused and woolly, it did not address the six mandatory procedures required by 9001 and did not even reference the correct Standard. The Company, quite rightly, feel that they have wasted their money and will now have to expend more money to gain proper certification.
These non-accredited certification companies should be severely censured if they do not provide the promised outcome. I also believe that UKAS and or Trading Standards should act and prosecute where they can see misrepresentation has taken place.
To be absolutely sure that your certificate gives confidence that your systems actually meet the requirements of the Standards and will stand up to external scrutiny then insist on a UKAS Accredited Certification Body. If in doubt, look at the UKAS web-site http://www.ukas.com/about-accreditation/accredited-bodies/certification-body-schedules.asp
Labels: accredited certification bodies, Certification for Standards
Posted: Monday, 23 April 2012
Quality Matters has moved
We have moved offices on 1st April 2012. It is not an April Fool's joke. The move to our new offices in the Heybridge Business Centre in Heybridge, Maldon in Essex are somewhat overdue; we have been in our existing offices for over ten years and in that time accumulated an awful lot of unnecessary things which were kept ‘just in case’. It was either pack it and take it to the new office or throw it away, in the end we decided to throw most of it away.
Apart from the physical items we decided to get rid of a lot of archived files going back to 1991. The shredder worked overtime and we managed to fill 30 bags of shredded paper!!.
Our new offices have a manned (womaned) reception and the receptionist, Patty will take messages and direct calls when we are all out of the office.
One item of concern were the telephone numbers/fax numbers as we have had these for a long period and we wanted to take them with us. Unfortunately BT would not be able to do this as we would be on a different sub exchange. It finally became possible when we were able to port our numbers into the cloud and then these redirect automatically to our new phone /fax lines. This means that we will not have to reprint all our stationery.
Our existing P.O.Box address will still be in use as will our email and web-site.
New location address:
Heybridge Business Centre,
110 The Causeway,
Heybridge,
Maldon
Essex
CM9 4ND.
Our postal address remains the same:
P.O.Box 5479,
Maldon,
Essex
CM9 8GG
Telephone number: 01621 868767
Fax Number: 01621 968767
Website: www.quality-matters.com
Email: info@quality-matters.com
Our service to our Clients was unaffected by the move.
Apart from the physical items we decided to get rid of a lot of archived files going back to 1991. The shredder worked overtime and we managed to fill 30 bags of shredded paper!!.
Our new offices have a manned (womaned) reception and the receptionist, Patty will take messages and direct calls when we are all out of the office.
One item of concern were the telephone numbers/fax numbers as we have had these for a long period and we wanted to take them with us. Unfortunately BT would not be able to do this as we would be on a different sub exchange. It finally became possible when we were able to port our numbers into the cloud and then these redirect automatically to our new phone /fax lines. This means that we will not have to reprint all our stationery.
Our existing P.O.Box address will still be in use as will our email and web-site.
New location address:
Heybridge Business Centre,
110 The Causeway,
Heybridge,
Maldon
Essex
CM9 4ND.
Our postal address remains the same:
P.O.Box 5479,
Maldon,
Essex
CM9 8GG
Telephone number: 01621 868767
Fax Number: 01621 968767
Website: www.quality-matters.com
Email: info@quality-matters.com
Our service to our Clients was unaffected by the move.
Labels: moves offices, New address, Quality Matters ltd
Posted: Tuesday, 10 April 2012
WEEE Directive & ISO27001
Quality Matters has always considered data security as a prime requirement and security of client data is paramount. To ensure that data security is achieved we use firewalls, anti virus and anti malware systems as well as encryption to Mil Standards and physical security measures.
Every time a PC, Server or Laptop is retired the hard drives are removed and the residual hardware broken down and disposed of in accordance with the WEEE directive (WEEE is the Waste Electrical, Electronic Equipment Directive).
Recently we realised that we had quite a number of hard drives which had been removed from old equipment; these drives contain data, which could be recovered. In the past we have wiped the data from disks and sometimes reformatted them. We believed that this rendered the data unrecoverable. However we stopped doing this some years ago when it became apparent that forensic data recovery was possible even though we had carried out wiping and reformatting.
What should we do with the ever growing store of used hard drives?
We are based in Maldon in Essex and happened to visit one of our Clients and found almost by accident a company that would deal with our drives in a failsafe manner.
This company EOL IT Services (www.eolitservices.co.uk) based on the Baltic Wharf in Station Road Maldon has the answer. Hard drives can be securely wiped or destroyed. Destruction is totally secure as the hard drive is rendered into granules. The granules are then recycled.
In addition this company will take away redundant IT equipment and pay any residual value; any non functional equipment is broken down and recycled. EOL IT Services has a zero landfill policy and nothing is exported to third world for recovery of metals etc.
We were very pleased with the speed, efficiency and cost effectiveness shown by staff at this company. We will use them again and have passed their details to some of our Clients.
Every time a PC, Server or Laptop is retired the hard drives are removed and the residual hardware broken down and disposed of in accordance with the WEEE directive (WEEE is the Waste Electrical, Electronic Equipment Directive).
Recently we realised that we had quite a number of hard drives which had been removed from old equipment; these drives contain data, which could be recovered. In the past we have wiped the data from disks and sometimes reformatted them. We believed that this rendered the data unrecoverable. However we stopped doing this some years ago when it became apparent that forensic data recovery was possible even though we had carried out wiping and reformatting.
What should we do with the ever growing store of used hard drives?
We are based in Maldon in Essex and happened to visit one of our Clients and found almost by accident a company that would deal with our drives in a failsafe manner.
This company EOL IT Services (www.eolitservices.co.uk) based on the Baltic Wharf in Station Road Maldon has the answer. Hard drives can be securely wiped or destroyed. Destruction is totally secure as the hard drive is rendered into granules. The granules are then recycled.
In addition this company will take away redundant IT equipment and pay any residual value; any non functional equipment is broken down and recycled. EOL IT Services has a zero landfill policy and nothing is exported to third world for recovery of metals etc.
We were very pleased with the speed, efficiency and cost effectiveness shown by staff at this company. We will use them again and have passed their details to some of our Clients.
Labels: data security, recycling
Posted: Monday, 26 March 2012
ISO 9001 Certification
Green shoots of economic recovery seem a long way off as companies try to cut costs and improve efficiency. Increases in fuel and other costs are making this even tougher. The proposed increases in postal charges along with the ever escalating insurance costs mean that company directors and owners need to squeeze every last drop of efficiency savings.
ISO9001 has always been a simple method to increase effectiveness and efficiency by cutting out or reducing costs of errors and failure. ISO9001 has at its centre the need to turn "Customer Requirements" into "Customer Satisfaction" while making improvements to achieve the goal of continual improvement.
The costs of setting up the quality system to meet the requirements of ISO9001 are usually recovered quickly and the bonus is the exposure to potential customers requiring 9001 as a tender requirement, through the Dti register of quality competent organisations.
The business review, which is part of the initial setting up process, will often throw up opportunities for improvement and cost savings when carried out by a skilled consultant.
Companies that have so far survived the downturn need the advantage that a certification to an International Standard can bring:
ISO9001 has always been a simple method to increase effectiveness and efficiency by cutting out or reducing costs of errors and failure. ISO9001 has at its centre the need to turn "Customer Requirements" into "Customer Satisfaction" while making improvements to achieve the goal of continual improvement.
The costs of setting up the quality system to meet the requirements of ISO9001 are usually recovered quickly and the bonus is the exposure to potential customers requiring 9001 as a tender requirement, through the Dti register of quality competent organisations.
The business review, which is part of the initial setting up process, will often throw up opportunities for improvement and cost savings when carried out by a skilled consultant.
Companies that have so far survived the downturn need the advantage that a certification to an International Standard can bring:
- Entry qualification to some tenders
- Recognised worldwide;
- Reduction in errors;
- Improved staff morale through relevant training;
- Reductions in waste (get it right first time);
- Measurable levels of customer satisfaction;
Labels: iso9001, Quality Management Certification
Posted: Monday, 12 March 2012
BS OHSAS 18001:2007 Factsheet
What is BS OHSAS 18001?
An Occupational Health & Safety (OH&S) Management System for managing health and safety activities and eliminating or reducing hazards within the workplace. Where an incident has occurred the system to investigate, analyse and identify any OHS&S deficiency.What are the benefits of 18001 Certification?
Health and Safety Legislation and Regulation require an organisation to prove that it has taken all necessary and reasonable steps to provide a healthy and safe environment in the workplace that minimises risks to people and interested parties.This Standard provides such assurance. It is externally assessed and certificated.
What is covered by BS OHSAS 18001?
This Standard requires 6 main sections to be addressed, these are:- OH& S General requirements;
- OH&S Policy;
- Planning;
- Implementation & Operation;
- Checking;
- Management Review.
What documentation is required?
A health and safety manual and procedures for operating the Occupational Health and Safety Management System.Who can carry out the Assessment?
There are a number of Certification Bodies Accredited by UKAS to carry out this work.Once the certificate is issued what happens next?
The certification authority will carry out surveillance visits each year to ensure continuing complianceSections of BS OHSAS 18001:2007
- Scope
- Referenced Publications
- Terms and Definitions
- OHSAS Requirements
- General Requirements
- OH&S Policy
- Planning
- Hazard identification, Risk Assessment and Determining Controls
- Legal and Other Requirements
- Objectives and Programme(s)
- OH&S Management Programme(s)
- Implementation and Operation
- Resources, Roles Responsibility, accountability and Authority
- Competence, Training and Awareness
- Communication, Participation and Consultation
- Documentation
- Control of Documents
- Operational Control
- Emergency Preparedness and Response
- Checking
Performance Measurement and Monitoring
Evaluation of Compliance
Incident Investigation, Nonconformity, Corrective and Preventive Action
Control of Records
Internal Audit
- Management Review
Labels: BS OHSAS 18001, health and safety, Health and Safety Management, Health Safety Standard BS OHSAS 18001, Occupational Health and Safety Management, OHSAS 1800:2007
Posted: Monday, 27 February 2012
0 Comments:
Post a Comment