Fortunately, the days when quality systems were both cumbersome and rigid, are over. Modern manufacturers and service delivery companies have quality and customer satisfaction built in to every stage of the process. It is no longer an overhead but an integral part of the company, essential for the delivery of the product or service and vital for the success of the company.
ISO9001:2000, which is the latest incarnation of the BS5750 quality management system, is simpler and far more effective than the original which came out of the military. ISO9001 contains no magic formula and no 'rocket science' is specified; just good business practice and common sense.
ISO9001 ensures that companies are customer focussed and efficient.
Posted: Tuesday, 19 December 2006
We are being bombarded with information about climate change and its potential effects on our environment at the moment and in response most companies have some regard for environmentally friendly practices, but we could do more.
ISO14001 introduces a standard that guides any organisation along best practices for business. The introduction of the standard can bring benefits, both financial and in efficiency:
- Reduction of energy consumption;
- Reduction in waste going to landfill;
- Better control of materials;
- Awareness of chemicals that can interact with the environment;
- Preparation for emergencies and disaster recovery;
- Qualification for some quotes.
The list goes on.
The main beneficiary inevitably will be the planet.
Environmental Management makes sound sense in business.
Posted: Monday, 11 December 2006
Yesterday, we were targeted by fraudsters in the USA, who tried to draw money on our Company Credit Card. They also placed bets on an online betting internet site.
Fortunately using a combination of our own Information Security Systems and our Bank, this attack was defeated with no loss to our company.
Security awareness saved the day. But this true story also serves as proof that our Information Security System does the job its supposed to.
Labels: bank, fraud, information security system
Posted: Sunday, 3 December 2006
Information is the lifeblood of all organisations and can exist in many forms. It can be printed or written on paper, stored electronically, transmitted by mail or by electronic means, shown in films, or spoken in conversation.
In today's competitive business environment, such information is constantly under threat from many sources. These can be internal, external, accidental, or malicious. With the increased use of new technology to store, transmit, and retrieve information, we have all opened ourselves up to increased numbers and types of threats.
Threats
There is a need to establish a comprehensive Information Security Policy within all organisations. You need to ensure the confidentiality, integrity, and availability of both vital corporate information and customer information. The standard for Information Security Management System (ISMS) ISO27001, has fast become one of the world's established biggest sellers.
What is an Information Security Management System?
An Information Security Management System (ISMS) is a systematic approach to managing sensitive company information so that it remains secure. It encompasses people, processes and IT systems. BSI has published a code of practice for these systems, ISO/IEC 17799, which is now being adopted internationally.
Where do I Start?
Develop an information security policy and identify your organisation's key information assets. Purchase the standard, ISO/IEC 17799 & ISO27001 to help you do this.
- Carry out a risk assessment and build your ISMS. Training of key staff will help to ensure its successful implementation.
- Once your management system is fully implemented you can register to ISO27001 with one of the accredited certification bodies
What is ISO27001?
ISO27001 is a standard setting out the requirements for an Information Security Management System. It helps identify, manage and minimise the range of threats to which information is regularly subjected.
- Annex A of BS 7799 identifies 10 controls:
Security policy - This provides management direction and support for information security - Organisation of assets and resources - To help you manage information security within the organisation
- Asset classification and control - To help you identify your assets and appropriately protect them
- Personnel security - To reduce the risks of human error, theft, fraud or misuse of facilities
- Physical and environmental security - To prevent unauthorised access, damage and interference to business premises and information
- Communications and operations management - To ensure the correct and secure operation of information processing facilities
- Access control - To control access to information
- Systems development and maintenance - To ensure that security is built into information systems
- Business continuity management - To counteract interruptions to business activities and to protect critical business processes from the effects of major failures or disasters
- Compliance - To avoid breaches of any criminal and civil law, statutory, regulatory or contractual obligations, and any security requirements.
Labels: annex a, bs7799, information security management, ISO27001
Posted: Saturday, 2 December 2006
0 Comments:
Post a Comment