Yellow font on Black background Black font on White background Black font on Cream background
Call us today 01621 857841 or Email us
Quality Matters Logo

"Quality Matters in your Business"

Sunday, 28 October 2007

Myths Surrounding ISO27001 Information Security

This week I am carrying the series of myths forward and this time surrounding Information Security (ISO27001).

  1. Information Security is for big companies

    False Most small companies (and individuals) are targeted at
    some time.

  2. My computer has virus control software so I am safe.

    False Anti-Virus software is only one area of protection.

  3. I have turned off the Microsoft Automatic Update to protect my computer.

    False Auto-update provides security patches to help protect your computer.

  4. I always tear up sensitive paper information before putting it in the dustbin to
    protect myself.

    False tearing up paper is never as secure as shredding.

  5. Cutting a credit card in half makes it useless to a thief.

    False Shred any non required credit cards as a thief can copy the detail and your signature.

  6. Email is a secure method of communication.

    False Unless you encrypt your email, it is visible.

  7. I can't remember complex passwords so I use my dog's name, but that is secure.

    False A hacker will run a dictionary test to find easy passwords like this.

  8. My company insists on 8 digit passwords so I have to write them down – but this is safe.

    False Writing down passwords is a bad idea and is full of risk.

  9. In my company we all share a generic password but this is secure.

    False If there is s problem with a generic password is it almost impossible to find out who is responsible.

  10. When we get new computers we always format the old hard disks to ensure they cannot be hacked.

    False Hard disks should be physically destroyed otherwise data can be recovered, sometimes by simply un-formatting.

Information security is everyone's responsibility.

Sunday, 21 October 2007

ISO9001 Quality Management System Myths

There are loads of myths concerning ISO9001 and most are perpetrated by those who are ignorant of the true facts, nevertheless I hear these repeated as though they were absolute gospel.

Here are just some of these:

ISO9001 is a bureaucratic system which requires a piece of paper for everything.

False. The system should work for the organisation and not the other way round. If set up correctly ISO9001 will prove highly beneficial. Paper heavy systems are really out of date.

Dictates how any business must be run.

False. The standard states that all businesses are different and that the standard should be adapted to fit the business and not be prescriptive so that the business has to fit the standard. However the main elements are parts of any good practice system and there is no 'Rocket Science' involved.

Inflexible system.

False. If correctly set up the system will allow for unexpected events and can be as flexible as you need it to be.

Directors only must sign off all released work.

False. It is usual for identified job functions to release work but these do not have to be Directors. Most good systems will allow deputies to release work if the primary release person is unavailable.

Costs a fortune to set up and run.

False. The actual assessment and certification fees vary between certification bodies and of course the size of your company but these can be very reasonable.

As far as setting up your system, you could do it yourself. It could be more effective in the longer term to employ the services of a qualified consultant who will utilise best practice.

Requires huge quality manuals.

False. The days when manuals filled a bookcase and were almost too heavy to lift are long gone

Requires procedures for everything.

False. The standard specifies only six mandatory procedures;
Documents control, control of records, internal audit, Control of Non-conforming product/service, Corrective action & preventive action. Most businesses will have other process orientated elements documented but these are decided by the management of the business

You can produce faulty products and still meet ISO9001 provided you do it all the time.

False. Customer satisfaction is a primary measure. Poor quality products would mean dissatisfied customers and not meet ISO9001

Does not allow for quick turnaround of urgent work.

False. ISO9001 does not hinder fast turnaround of orders, in fact it ensures that records are kept to show what has been done and when

Must answer a phone by the third ring.

False. There is no mention of this in ISO9001. Some call centres have this as a requirement but it is certainly not specified in the standard.

The standard says "Say what you do - do what you say and prove it".

True. The standard uses the PDCA model - Plan, Do, Check, Act.

Most good businesses are already doing most of the requirements of ISO9001.

True. Enough said?

Sunday, 14 October 2007

Security of Credit Cards

The criminal fraternity are again turning their sights on credit cards, not just in the UK where face to face sales and chip and pin have made considerable reductions in fraud, but in 'Customer not present' transactions, often on the internet where fraud has risen.

The real growth area for fraud has been in overseas transactions, particularly where chip and pin has not been fully implemented. These transactions use the magnetic stripe on the back of the card and a signature for evidence of card ownership. There are a great number of counterfeit cards doing the rounds and these net the thieves a considerable bounty.

We all pay the costs of these frauds in card charges and interest rates, so it is in all of our interests to combat this fraud wherever possible.

There are various systems which can help to prevent these frauds but most rely on cardholders taking responsibility:

  • Ensure that your card does not get taken away for scanning (it could be copied)

  • Always shield the keypad when entering your four digit pin (opportunists can see your pin)

  • Never tell anyone your pin number (that is just plain stupid

  • Never lend your card to anyone else (that is worse)

  • Take receipts for ATM transactions away and not put them in the bin provided by the ATM owner (the information contained on these slips could be useful to thieves)

  • If you are suspicious about a transaction tell the card issuer (common sense)

  • Tell your card issuer if you are going abroad so they don't suspend your card for unusual transactions (prevents embarrassment)

Taking these sensible precautions could help stop these unscrupulous people from taking your money.

Protect your Cards from Fraud

Quality Matters

P.O.Box 5479

T: 01621 857841
F: 01621 856016
M: 07702 193788

© 2015 Quality Matters Ltd. All rights reserved. Responsive Design