Our ISO 9001 related question for May was "how can you control your suppliers?", as per Clause 4.1 of ISO 9001:2008.
The final meeting of our 2012-13 Session is on Thursday of next week, when Andrew Ralston, Director Of IT Services at Wolfson Microelectronics will talk to us about ISO/IEC 27001:2005, "Information Security Management" and its importance in preserving the integrity, security and retrievability of information assets held by a company, whether owned by the company or relating to its clients; he will also lead us through his company's journey to implementation of an ISO/IEC27001 system.
How many of us use our own ‘personal devices’ for work purposes? Included within that term are items such as smartphones, laptops, tablets etc. I guess the answer would be ‘quite a lot of us’ and a recent survey commissioned by the ICO (Information Commissioner’s Office suggests that many employers haven’t really grasped the significance of this and the relationship to the Data Protection Act.
One of the key changes to the ISO 9001 standard when it was up-issued in 2008 was the inclusion of personal data within the context of ‘customer property’ (clause 7.5.4). That clause requires ‘organisations to exercise care with customer property whilst it is under the organisation’s control or being used by the organisation’. The change was welcomed by many after some very well publicised ‘lap top left on train’ incidents.
Significant numbers of senior managers are not interested in internal company audits of their quality management systems – even though they can be hugely valuable in identifying potential business improvements.
That was the surprising result of a survey carried out when it was revealed that 30 per cent of senior managers are indifferent or negative to their own in-house audits.
There are two enlightening documents which ensure that we don't leave judging the character of an auditor to chance, or personal opinion: the international standards ISO 19011:2011 and ISO 17021:2015.