Yellow font on Black background Black font on White background Black font on Cream background
Call us today 01621 857841 or Email us
Quality Matters Logo

"Quality Matters in your Business"

Monday, 26 January 2015

Cyber Essentials and IT security

Last October (2014)  saw another IT assessment system being mandated by Government for anyone wishing  to bid for contracts; this one is designed to protect computer systems from malware, Trojans and other nasties.

There are two levels:

  • Basic level where the CEO or MD of a company self certifies that the following elements have been introduced and tested
    • Boundary firewalls and internet gateways,
    • Secure configuration,
    • Access controls,
    • Malware protection and
    • Patch control.
    • The declaration and completed questionnaire is reviewed by the assessing body.

  • Cyber Essentials Plus where the six elements are introduced and then externally audited and a certificate is issued.

I have heard that these two assessments are more akin to a vehicle MOT and provide the bare essentials for computer safety.

Many organisations have achieved certification to the widely known ISO 27001:2013 Information Security Management Standard and ISO 27002 Code of Practice which cover all of the Cyber Essentials requirements but goes much further and addresses :

  • Information security policies
  • Organisation of information Security
  • Human resource security.
  • Asset management
  • Access control
  • Cryptography
  • Physical and environmental security
  • Operations security
  • Communications security
  • System acquisition, development and maintenance
  • Supplier relationships
  • Information security incident management
  • Information security aspects of business continuity management
  • Compliance

We have yet to hear whether Government will accept ISO 27001 as evidence of IT security or will need one or both as tender entry qualifications. 

Watch this space!!

Monday, 12 January 2015

Another year starts

We at Quality Matters wish our Clients and potential new Clients a Very Happy and Prosperous New Year.

Obviously there are a number of actions to be taken on the first day back at work:

  1. Review the email in box; there are loads to look at; most are junk but it does take time to sort the wheat from the chaff.
  2. Watch out for the inevitable virus attachments; we received a remittance advice from a company in Essex (not one of our Clients) which if opened would have infected our computer system.  In case you wondered, we didn’t open it.
  3. Get prepared for the two main Standards, ISO 9001 and ISO 14001, to progress towards publication. 
We have yet to hear what impact the International DIS being rejected by the USA and one other country will have on the proposed publication dates. 

These proposed dates are June 2015 for ISO 14001:2015 and September for ISO 9001:2015.
Certificated holders of 9001 and 14001 will have a generous transition period once these Standards are published.  If you need help with these then please let us know.

Finally, we suggest that you review your processes and look for ways to make these more efficient and effective.  Continual improvement and awareness of new legislation plus vigilance for cyber issues will ensure that 2015 is a good year. It will also be our 24th year in business.

Quality Matters

P.O.Box 5479

T: 01621 857841
F: 01621 856016
M: 07702 193788

© 2015 Quality Matters Ltd. All rights reserved. Responsive Design