Kitchen Chat and more…
Kitchen Chat and more…
ISO 27001 is an internationally recognized structured methodology dedicated to information security and the only auditable international standard which defines the requirements for an Information Security Management System (ISMS). The ISO 27000-series comprises information security standards published jointly by the International Organisation for Standardization (ISO) and the International Electro technical Commission (IEC).
The series provides best practice recommendations on information security management, risks and controls within the context of an overall Information Security Management System (ISMS), similar in design to management systems for quality assurance (the ISO 9001) and environmental protection (the ISO 14001).
The series is deliberately broad in scope, covering more than just privacy, confidentiality and IT or technical security issues. It is applicable to organisations of all shapes and sizes. All organisations are encouraged to assess their information security risks, and then implement appropriate information security controls according to their needs, using the guidance and suggestions where relevant. Given the dynamic nature of information security, the ISMS concept incorporates continuous feedback and improvement activities, summarized by Deming’s “plan-do-check-act” approach, that seek to address changes in the threats, vulnerabilities or impacts of information security incidents.
ISO 27001:2013 has the following sections:
Annex A Reference control objectives and controls, little more in fact than a list of titles of the control sections in ISO 27002. The annex is ‘normative’, implying that certified organisations are expected to use it, but they are free to deviate from or supplement it in order to address their particular information security risks.
Certified compliance with ISO 27001 by an accredited and respected certification body is entirely optional but is increasingly being demanded from suppliers and business partners by organisations that are concerned about the security of their information, and about information security throughout the supply chain or network.
Based on ISO survey 2013, more than 22,000 of ISO 27001 certificates have been issued all over the world. Out of these certificates, Australian share was only 140 certificates. However, based on the information security attacks and vulnerabilities reports which are published every year, we can see the need for Australian corporations to consider the ISO 27001 as the best practice. There should be some reasons why Australian rate of using ISO 27001 is so much lower than developed countries. Some of those reasons could be:
Please contact us if you need more details on how our expert team can assists you in training and developing a new or updating your current ISMS in compliance with ISO 27001:2013 standard.
After three years of revision work, the ISO 9001:2015, the most popular management system standard with over 1.1 million certificates globally issued, has published now. Similar to ISO 14001:2015 which was published mid-September, it has been also restructured based on High Level Structure (HLS) to be aligned with other management systems.
The new version is adapted with 21st century circumstances with more focus on performance and process approach and less requirements for documentation and compliance.
The process approach which is introduced as a “requirement” now will challenge both organisations and auditors how to restructure the existing functional approach to a process-based mindset throughout the whole organisation in design, implementation and auditing.
Need to understand the context of the organisation and the needs and expectations of interested parties helps the organisations to establish and implement a quality management system which is tailor-made to add value to the organisation and its interested parties rather than a bunch of document to tick the boxes and satisfy the auditors.
The risk-based thinking is a real masterpiece in the 2015 version. It will help the organisations to consider both adverse and beneficial impacts of its processes, products and services internally and externally.
Change management is also a breakthrough in this version which reduce the risk of unplanned changes which can potentially cause even more issues. Any changes are supposed to be reviewed and analysed in advance considering the risks and impacts to internal and external interested parties.
Regarding the changes in the new version such as “Design & Development” and “Measuring equipment” clauses, it is more understandable and adaptable for service sector.
International Accreditation Forum (IAF) has provided a guidance for the transition from ISO 9001:2008 to ISO 9001:2015. ISO 9001:2008 certifications will not be valid after three years from publication of ISO 9001:2015.
Please contact us if you need our hands to assist you in the journey of transition to the new version of standard. We will help you assess the gaps between your existing system and the requirements of the new version and also assist you in filling the gaps and getting ready for ISO 9001 certification.
ISO 14001, Environmental Management System, as one of the most popular management system standard with about 300000 certificates globally issued every year is published now. ISO 14001 was the first standard which restructured based on High Level Structure (HLS) aligned with other two standards ISO 9001, quality management system and ISO 45001, occupational health and safety management system which are expected to be published in 2015 and 2016, respectively.
The key positive changes in this version include:
Aligned with the High Level Structure (HLS), ISO 14001:2015 is structured as:
2. Normative Reference
3. Terms & Definitions
4. Context of the Organisation
9. Performance Evaluation
Aligned with other management system standards, the framework introduced in the new version is integrated into the Plan-Do-Check-Act (PDCA) Model to emphasize the importance of process approach and continual improvement. The below figure depicts the integration of PDCA and ISO 14001:2015 framework.
Please contact us if you need our hands to assist you in the journey of transition to the new version of standard. We will help you assess the gaps between your existing system and the requirements of the new version and also assist you in filling the gaps and getting ready for ISO 14001 certification.
Level 5, 7 Eden Park Drive, Macquarie Park, NSW 2113 Australia
(+61) 02 8935 9472
Level 9, 440 Collins St., Melbourne VIC 3000 Australia
(+61) 03 9190 8986