When you feel you are out on a limb let our staff, who are experienced in the development, implementation, and maintenance of management systems based on a range of standards, come to your assistance. On this occasion we will look at probably the most common management system implemented globally (ISO9001 – Quality), and our main specialization (ISO 27001 – Information Security) which embodies many of the principles and requirements of ISO9001. Our consultancy team are experienced, helpful, and efficient.
ISO9001 is a management system aimed at delivering, for your organisation, customer satisfaction in regard of your products and services. In essence, this standard provides a framework upon which your organisation can develop and implement an effective system of good business management. This standard also forms the core of most ISO standards – but my also be implemented as a solo management system (to which others may be added at a later time).
With regard to ISO9001 in general. Our team has implemented a range of management systems and have the additional benefit of having been international assessors of ISO9001 for a UKAS accredited Certification Body. We will develop an appropriate set of documentation for your business and train you and your staff on how to operate and maintain the system once implemented. It is also our aim to leave you with an effective management system which you and your staff may operate and maintain on your own – though, of course, you are free to engage us to do this for you should you wish.
This standard is one that we specialise in. As indicated above at its core are the principles of ISO9001 so we are really talking about the additional bits here – of which there are quite a few. These extras of ISO27001:2013 are considered by many to be complex, confusing, and thus present as difficult. Information security should not, and is not, unusually difficult. You may find that you are doing many appropriate things already – we help you identify these and reverse engineer these in the developed management system.
For many the most difficult part is the Risk Assessment – it is if you cannot, or do not have the time or resources, to get your head wrapped around it. Firstly, approaching it as a variation on a plain old Health & Safety Risk Assessment is not what is needed. There are a range of commonly accepted approaches to information security risk assessment. As is our way, our team will help you not only develop and implement the risk assessment; we will also aim to leave you feeling confident enough to continue maintaining it on your own (if that would be your wish). Providing cost-effective services.
As there are so many to help, and so little time, our aim is never to build reliance on our services into your management system, or business processes – unless you specifically want that resource. We believe that while on-going work is nice – being there because you are honestly needed is better.