Yellow font on Black background Black font on White background Black font on Cream background
Call us today 01621 857841 or Email us
Quality Matters Logo

"Quality Matters in your Business"

Monday, 30 October 2017

ISO 27001:2013 Information Security Management

This standard has been very effective in preventing or mitigating data breaches and the risk of ransomware.

Ransomware is where a virus or other malware is allowed to get onto your server or PC/Laptop/tablet. It searches for any data such as word, excel etc and encrypts them with a large password. The criminal then demands a payment in return for the Password, usually in untraceable Bit Coins.  In some cases the password is not given and you are therefore out of pocket and still faced with systems locked out.   If you don’t have excellent computer backup systems then you are in real trouble.

The recent attacks paralysed the NHS and other organisations around the world.  It was apparent that organisations using Windows XP were particularly vulnerable.

The Information Standard ISO 27001:2013 looks quite easy to achieve on the face of it but the code of practice contained in ISO 27002 shows a different story.   This details how each element of the standard can be achieved.

Having 27001 certificated makes compliance to the new GDPR (General Data Protection Regulation) much easier.

The route to certification to ISO27001 is certainly not cheap but trying to “do it yourself” is fraught with obstacles.

We at Quality Matters have been providing consultancy in ISO27001 for many years and can boast that all our clients moving forward to certification passed the assessment at the first attempt.  We also provide auditing and preparation for GDPR as well.

The risks of data loss or compromise can be very expensive indeed and the costs of putting in a robust system far outweigh the costs of non-compliance.    Damage to reputation can put an organisation out of business, not to mention the GDPR fines which will be up to twenty million Euros or up to 4% of global turnover.

Please contact us if you need any help with ISO27001 and/or GDPR.

Tuesday, 17 October 2017

Guidelines for Auditing Management Systems Standard ISO 19011

Yet another Standard is being revised; it is beginning to look like buses: You wait for ages then several come along.

This time it is the Auditing Standard or more precisely the Guidelines for Auditing Management Systems.  It should be noted that this is not a Requirements Standard but a set of Guidelines. 

Nevertheless, this Standard has been adopted as the norm for auditors.

The reason why this one is being reviewed and updated is that as a 2011 Standard it has not kept up with the changes to main management standards and the wealth of new management standards which follow the Annex SL format.

The proposed 19011:2018 still has 4 main elements:

  • Principles of audits, but with the addition of a new element- Risks and opportunities
  • Managing the audit programme
  • Conducting audits
  • Evaluation of competence.

There are some structural changes and reordering of some clauses to clarify auditing routines in the way that it is done in real life.

A new clause has been added to audit virtual items and elements of ICT as well as allowing professional judgement for auditors when an element is not fully verifiable.

Naturally some of the terminology has been updated to meet the vocabulary in the new standards:
Documented information replaces the term documents and records;

External providers replaces the term suppliers.

The next review will take place in Mexico in November 2017 with an expected formal publication in mid-2018. 

Once the standard is published we will update our Internal Management System Audit course content.

Monday, 2 October 2017

ISO 45001: 2017 Occupational Health and Safety Management Standard

Here we are again, discussing this proposed Standard.  Possibly for the last time.
Once again the ISO members failed to agree unanimously that the Standard should be issued in its present form.

However, there were only three dissenters so it was decided to move to a final draft, probably to be issued in November 2017.

It should mean that (if accepted) the published Standard may see the light of day in the final days of 2017 but if not then early 2018.

Once the Standard has been published there will be a transition period, likely to be three years.
Holders of the existing BS OHSAS 18001 Standard will be able to plan ahead for the transition.     Naturally there will be a time lag before certification bodies qualify (with UKAS)  to carry out assessments. 

Our internal audit courses cover the proposed ISO 45001 standard and will update as the new Standard is published.

Quality Matters

P.O.Box 5479

T: 01621 857841
F: 01621 856016
M: 07702 193788

© 2015 Quality Matters Ltd. All rights reserved. Responsive Design