Yellow font on Black background Black font on White background Black font on Cream background
Call us today 01621 857841 or Email us
Quality Matters Logo

"Quality Matters in your Business"

Monday, 17 June 2013

Social Engineering and Security

Last week I received a telephone call from our bank;  the caller explained that before discussing the matter in hand she would need to take me through some security questions.  Naturally I wanted to help and before volunteering information I said I wanted to positively identify the caller.  I first asked for my account number,  this apparently could not be given until I  formally identified myself, as the Date Protection Act would be breached.

I tried to explain that I would be breaching our security management system by giving sensitive information to any caller; she rang off.

I think I should explain what was going on here, we do not bank with Santander so the caller was certainly not genuine. She wouldn’t answer any of my identifier questions, so even if she had been from our own bank she failed the first part.  I always ask for some information not readily available to a member of the public.  When I have any doubts I always take the person’s name and number and then call them back but on the number I have on file.

The number of phishing telephone calls and emails seem to be on the increase and anyone unwittingly supplying information could then find themselves out of pocket when money is taken or identify fraud takes place.

A genuine caller will be more than willing to identify themselves and would not attempt to use the Data Protection Act ploy to hide behind.

The other increasing trend seems to be the emails which seem “too good to be true”.

Here is the latest one I received:

"My wife Violet and I Allen Large won $11.3 million in a lottery 6-49 in July, 2010 and we have decided to donate the sum of $2,000,000.00 USD to you. Contact us via our personal email for more details ( ). You can verify our story by visiting the web page below."

If you click on the link it shows:

"The phone hasn't stopped ringing at Allen and Violet Large's home in Lower Truro, N.S., since news spread that the elderly couple has given away almost all their $11.2 million lottery win.
It is real shame that the couple’s generosity has been hijacked by crooks for fraudulent activity.  You may notice that the couple apparently won $11.3 million but the email claims this is $11.2 million,  inevitably the crooks attention to detail is poor, so be aware and stay safe."

Monday, 3 June 2013

Entry Level for Tenders

We get several calls each week from prospective clients saying that they are getting nowhere with tenders which require applicants to have a certificated quality management system, such as ISO9001. If they don’t have a qualifying system then their tenders are relegated to the state of  "also- rans".  Inevitably these enquirers want to know how quickly it can be incorporated into their business, and of course, how much it will cost.

I explain that ISO9001 as well as other management standards, needs to be set up and then operated for three months before undergoing formal assessment.  I will often be asked if this time-frame can be reduced.  My answer is always the same; an assessor can only assess what you are doing and not what you planning to do in the future.  This is why the three month operational requirement is so important. 

In addition to this, a business will have to have undertaken an internal audit, carried out by suitably trained auditors, and a management review must have taken place.    If any one of these has not taken place then the assessment will fail.

The costs of preparing for assessment will vary from business to business and whether external help is employed.  In my experience businesses “doing it themselves” often make fundamental errors and are surprised when the assessment fails and results in a re-visit because it does not meet the requirements of the standard.  At the other end of the spectrum is the business that has procedures for everything and very prescriptive procedures at that (an example would be "take screwdriver in right hand, insert the blade into the screw head and turn clockwise" . No consideration has been made for left-handers, cross point screws or left-hand threads.  Making procedures so prescriptive actually sets you up to fail, while insulting the intelligence of operators.  It is often better to state “using an appropriate screwdriver tighten the screw to the correct torque”.

External consultants are often a cost effective method of achieving compliance to ISO9001; not only have they done it all before, you will have a simple workable system and you are guaranteed to pass.
We, at Quality Matters have a large sign in the office K.I.S.S (Keep It Simple Stupid) which makes us realise that any quality system we produce has to be easy to use by our clients and effective. 

Quality Matters

P.O.Box 5479

T: 01621 857841
F: 01621 856016
M: 07702 193788

© 2015 Quality Matters Ltd. All rights reserved. Responsive Design