Quality, Environment and Health & Safety in Gliding
I recently joined a gliding club and with any luck, I should be solo by the end of the summer.
I couldn't help but notice a great deal of the standards (ISO9001, ISO14001 & ISO18001) apply in this discipline as well as in the workplace.
Quality (ISO9001) if you apply best practice and continual improvement then the gliding experience is good, but if the processes are badly applied it results in additional costs (more lessons) and poor customer satisfaction (particularly from other members of the gliding club). I have heard things like "that was a crap landing".
Environmental (ISO14001) A Clean glider performs much better than one covered in squashed insects and good cleaning means that the canopy is clear and not smeared. Environmentally friendly chemicals protect the fabric of the glider and its occupants.
Health and Safety (ISO18001) When I joined the club, a seasoned member mentioned that there were bold glider pilots and old glider pilots but there were no old bold glider pilots. Health and safety practices are essential to allow full enjoyment of this sport without additional risks. The same instructor mentioned that it was probably more dangerous driving to the club than it was flying as all good pilots (and trainees) follow a strict set of rules.
I thought a hobby like this would get me away from work but the principles I use and teach are very evident in this area.
My wife said that I shouldn't take any risks and in that I agree. Common sense and safe flying will be my by-words.
I couldn't help but notice a great deal of the standards (ISO9001, ISO14001 & ISO18001) apply in this discipline as well as in the workplace.
Quality (ISO9001) if you apply best practice and continual improvement then the gliding experience is good, but if the processes are badly applied it results in additional costs (more lessons) and poor customer satisfaction (particularly from other members of the gliding club). I have heard things like "that was a crap landing".
Environmental (ISO14001) A Clean glider performs much better than one covered in squashed insects and good cleaning means that the canopy is clear and not smeared. Environmentally friendly chemicals protect the fabric of the glider and its occupants.
Health and Safety (ISO18001) When I joined the club, a seasoned member mentioned that there were bold glider pilots and old glider pilots but there were no old bold glider pilots. Health and safety practices are essential to allow full enjoyment of this sport without additional risks. The same instructor mentioned that it was probably more dangerous driving to the club than it was flying as all good pilots (and trainees) follow a strict set of rules.
I thought a hobby like this would get me away from work but the principles I use and teach are very evident in this area.
My wife said that I shouldn't take any risks and in that I agree. Common sense and safe flying will be my by-words.
Labels: Workplace Standards and Hobbies
Posted: Monday, 22 June 2009
ISO9001 Terms and Conditions of Payment
The current situation where banks and financial institutions are not lending to industry is causing serious damage to our economy. It has become clear that companies are delaying bill payment until the last possible moment and in turn this is causing cash flow shortages not seen even in the 80's recession.
The inevitable result is that organisations at the end of the purchase chain are being starved of cash and in some cases this cash-flow shortfall is putting viable companies out of business. I have noticed that some companies are unable to accept new orders because they do not have the cash to purchase raw material to service the orders.
The vast amount of cash advanced to the banking industry was designed to allow them to restart lending to industry; instead the banks used this cash to shore up their balance sheets instead of being made available to lend.
We are told that the borrowing by the Government will take up to twenty years to pay back. The pay-back time may be considerably longer if our mainstay industries are no longer there.
Companies that have ISO9001 in place are better placed to weather the downturn as they have a solid set of terms and conditions which include payment terms.
Remember those who shout loudest and have good control of their sales ledgers will the first to be paid; this may be the difference between survival and insolvency.
The inevitable result is that organisations at the end of the purchase chain are being starved of cash and in some cases this cash-flow shortfall is putting viable companies out of business. I have noticed that some companies are unable to accept new orders because they do not have the cash to purchase raw material to service the orders.
The vast amount of cash advanced to the banking industry was designed to allow them to restart lending to industry; instead the banks used this cash to shore up their balance sheets instead of being made available to lend.
We are told that the borrowing by the Government will take up to twenty years to pay back. The pay-back time may be considerably longer if our mainstay industries are no longer there.
Companies that have ISO9001 in place are better placed to weather the downturn as they have a solid set of terms and conditions which include payment terms.
Remember those who shout loudest and have good control of their sales ledgers will the first to be paid; this may be the difference between survival and insolvency.
Labels: iso9001, terms and conditions
Posted: Monday, 8 June 2009
Data back-up for computer systems
Like many businesses our computer system is backed up. This ensures that we able to restore vital information in the event of a computer failure or other problem which disables or destroys our servers or desktop/laptops.
We have always backed up regularly and then taken a copy of the back-up off site for security of data. Recently the system proved fallible because one person thought another person had done the back-up and to cut a long story short, no one had done it. Our business was at risk because we only had a week old copy off site. Fortunately nothing happened.
I decided that we couldn't rely on luck and next time we might not be so lucky.
My new bank, Barclays, was offering an automated back-up system, where the entire server was backed up and then an incremental back-up is taken daily and automatically; this means that all our data is available to restore and there is no element of human interaction required.
Is the data secure? Yes, it is encrypted to the same level as credit cards, 128-bit SSL encryption on transfers, 256-bit AES encryption on storage. It is mirrored to another data-centre for additional security.
No one else can access our data, not even the data-centre so we know that it meets our strict data requirements. It is also available to restore, if or when, we need it.
The first data save did take rather a long time, overnight in fact, but the incremental back-up is quick as it only saves changed files.
Is this expensive? No surprisingly it isn't and if or when we really need to restore data in an emergency it will be worth every penny.
We have always backed up regularly and then taken a copy of the back-up off site for security of data. Recently the system proved fallible because one person thought another person had done the back-up and to cut a long story short, no one had done it. Our business was at risk because we only had a week old copy off site. Fortunately nothing happened.
I decided that we couldn't rely on luck and next time we might not be so lucky.
My new bank, Barclays, was offering an automated back-up system, where the entire server was backed up and then an incremental back-up is taken daily and automatically; this means that all our data is available to restore and there is no element of human interaction required.
Is the data secure? Yes, it is encrypted to the same level as credit cards, 128-bit SSL encryption on transfers, 256-bit AES encryption on storage. It is mirrored to another data-centre for additional security.
No one else can access our data, not even the data-centre so we know that it meets our strict data requirements. It is also available to restore, if or when, we need it.
The first data save did take rather a long time, overnight in fact, but the incremental back-up is quick as it only saves changed files.
Is this expensive? No surprisingly it isn't and if or when we really need to restore data in an emergency it will be worth every penny.
Posted: Wednesday, 20 May 2009
Business Continuity - Illness
The news that swine flu has crossed borders and is affecting an increasing number of countries is most unwelcome.
Organisations that have installed the management standard ISO14001 will have an Emergency Preparedness plan and those that have ISO27001 installed will have a Business Continuity plan in place to mitigate and offset the effects of an outbreak of illness within their companies. The threat of a pandemic could mean that staff are absent from work and those unaffected by the outbreak may not want to go into work just in case they catch the same illness.
The fear of catching the virus may mean that absence from work may be greater than it would be normally. The effects on a company with no advance plan in place may mean that the company is unprepared and may not actually survive the outbreak.
The economic downturn coupled with the pandemic may be the last straw for the unprepared organisation.
Organisations that have installed the management standard ISO14001 will have an Emergency Preparedness plan and those that have ISO27001 installed will have a Business Continuity plan in place to mitigate and offset the effects of an outbreak of illness within their companies. The threat of a pandemic could mean that staff are absent from work and those unaffected by the outbreak may not want to go into work just in case they catch the same illness.
The fear of catching the virus may mean that absence from work may be greater than it would be normally. The effects on a company with no advance plan in place may mean that the company is unprepared and may not actually survive the outbreak.
The economic downturn coupled with the pandemic may be the last straw for the unprepared organisation.
Posted: Tuesday, 5 May 2009
UPS - Uninterruptable Power Supply
What is a UPS?
A UPS is a device connected between then mains electricity supply and your Computer Server or PC. It has two main functions:- It filters the mains supply to remove spikes which can cause failures; these spikes can be a thousand volts or more and last for a brief time; it is during this spike time that real damage can be caused to electronic components.
- It takes over the supply of mains in the event that the mains electricity fails or worse goes into a state known as a brown out; this is where the supply falls to an unacceptably low level; it is during this time that disks can crash and data in memory is lost or corrupted.
All my office equipment is connected to a UPS so all we could hear was the bleep, bleep of the warning signal telling us that the UPS was working correctly. We know that once this signal starts we have 10 minutes of usable time before then system batteries are exhausted. This allows time to complete the piece of work being carried out and shut the system sown in an orderly manner.
Are these UPS devices expensive? No, a couple of hundred pounds. Worth every penny when I hear the bleep, bleep, bleep.
Labels: Computer system security ISO27001 Information Security Management
Posted: Monday, 20 April 2009
April Fool's Joke?
There has been a certain amount of publicity recently about the CONFICKER super worm which has infected hospitals, Royal Navy warships, industry and the latest news from a leaked memo says that our Parliament has also been infected.
The conficker worm spreads through several update mechanisms, a well-known Windows vulnerability and tainted USB drives being just two. Once it secures a foothold on an infected network, the worm can spread widely across network shares by exploiting weak password security, a major factor in its high prevalence within corporate systems.
Researchers have reverse engineered the worm and it is apparent that an event is targeted for April 1st (April Fools day) and while most April Fool's jokes are harmless this one may not be.
Conficker has been polling 250 different domain names every day to download and run an update program. On April 1st, the latest version of Conficker will start to poll 500 out of 50,000 domains a day to do the same thing. What effect that will have is at present unknown.
How can you protect your systems from the Conficker worm? This can be achieved through good security practices, including those defined in ISO27001:2005, The information Security Standard.
If you are worried about your systems and suspect that yours are infected there are a number of good detection tools available.
One indication that you may be infected is the inability to connect to various security web-sites, Conficker prevents your system gaining access.
We employ several layers of protection, including McAfee anti virus, anti spam/malware and email filtering so I was not unduly worried, but we did run a scan of all our systems just to be on the safe side.
We ran http://support.f-secure.com/enu/home/onlineservices/fsec/fsec.shtml, which is a free scan and this confirmed we were conficker free.
Don't be caught out and be an April Fool
The conficker worm spreads through several update mechanisms, a well-known Windows vulnerability and tainted USB drives being just two. Once it secures a foothold on an infected network, the worm can spread widely across network shares by exploiting weak password security, a major factor in its high prevalence within corporate systems.
Researchers have reverse engineered the worm and it is apparent that an event is targeted for April 1st (April Fools day) and while most April Fool's jokes are harmless this one may not be.
Conficker has been polling 250 different domain names every day to download and run an update program. On April 1st, the latest version of Conficker will start to poll 500 out of 50,000 domains a day to do the same thing. What effect that will have is at present unknown.
How can you protect your systems from the Conficker worm? This can be achieved through good security practices, including those defined in ISO27001:2005, The information Security Standard.
If you are worried about your systems and suspect that yours are infected there are a number of good detection tools available.
One indication that you may be infected is the inability to connect to various security web-sites, Conficker prevents your system gaining access.
We employ several layers of protection, including McAfee anti virus, anti spam/malware and email filtering so I was not unduly worried, but we did run a scan of all our systems just to be on the safe side.
We ran http://support.f-secure.com/enu/home/onlineservices/fsec/fsec.shtml, which is a free scan and this confirmed we were conficker free.
Don't be caught out and be an April Fool
Labels: conficker virus, information security
Posted: Monday, 30 March 2009
It Isn't rocket science!
I visit a fair number of businesses each year and I am often surprised by the real lack of security for computer systems. Many businesses either don't know about security or think that a security incident won't affect them.
Here are 10 basic security precautions for Windows machines :
Here are 10 basic security precautions for Windows machines :
- Always set the option to force a user to press CTL-ALT-DEL before logging on
- Passwords should be at least six characters long and contain letters and numbers
- Don't use your name, your partners name or the name of a pet as a password
- Don't write the password on a post-it note and stick it to the screen or under the keyboard
- Passwords should be changed regularly
- Don't share your password with anyone
- Use ant-ivirus software and keep it up to date
- Use an anti-spyware programme regularly
- Turn on the inbuilt firewall (Windows XP and later machines)
- When leaving the desktop or laptop unattended, lock the system by pressing the windows button and L
Labels: information security management, ISO27001
Posted: Tuesday, 17 March 2009
0 Comments:
Post a Comment