Integration between Quality Management System(QMS) with ISMS (Information Security Management System)

ISO 9001 illustrates a crystal-clear holistic approach about Quality Management System and emphasizes on the importance of ensuring to deliver nothing else than high quality products and services to the customers. In order to ensure security of the information system of any organization, ISO 27001 comes into action by giving a systematic approach to secure company’s data by filling the loopholes in current management system that may lead to data lost and hacking of may be even complete company’s system and gives guidelines about managing security risks.

Finding Similarities to start integration of ISO 9001 and ISO 27001

ISO 9001  and ISO 27001, both ISO standards have detailed guidelines and clauses covering different scope areas. The best practice to start integration of both the systems will be considering their common factors first. Following are the common grounds of ISO 9001 and ISO 27001:

  • Defining scope, policy and company’s objectives: Start with defining company’s profile, mission statement, goals and objectives.
  • Documentation system and its effectiveness: Everything occurring physically in your system must be documented having a revision number and review date. The documents made should be properly implemented to the physical system and should be made effective.
  • Management reviews: Management review meetings should be conducted timely (means monthly, quarterly and annually) and properly (which means having documented minutes of meeting with agenda and names of the participants being mentioned. The actions mutually decided in the management review meetings should be closed timely and closure report should be made and signed off by the stakeholders).
  • Internal audits being conducted in-house: Internal audits should be conducted timely by the auditors and auditees’ team should fully ensure to conduct internal audits on time. The role of the senior management here is to give support to auditors and auditees (where necessary).
  • Identifying corrective actions and getting corrective actions done within deadlines: After identifying gaps and corrective actions during internal audit exercise being conducted, both the ISO standards emphasize on getting the gaps closed within decided timelines and corrective actions should be in place.
  • Minimization of Non-conformance (Major and Minor): If any non-conformities being identified in internal audit (be it major or minor), the closure of those non-conformities must be ensured.
  • Continual Improvement via Project Initiatives: Continuous improvement cycle is part and parcel for both the ISO standards. The opportunities for improvements (if identified) must be catered in improvement based projects

Comments

Post a Comment

Popular posts from this blog

Introduction to Information Security

<script data-ad-client="pub- 3586778643484088" async src=" https://pagead2. googlesyndication .com/pagead/js/adsbygoogle.js " ></script>   Information security , sometimes shortened to   infosec , is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or at least reducing the probability of unauthorized/inappropriate access to data, or the unlawful use, disclosure, disruption, deletion, corruption, modification, inspection, recording or devaluation of information. [1]   It also involves actions intended to reduce the adverse impacts of such incidents. Protected information may take any form, e.g. electronic or physical, tangible (e.g. paperwork) or intangible (e.g. knowledge). Information security's primary focus is the balanced protection of the confidentiality, integrity and availability of data (also known as the CIA triad) while maintaining a focus on ...
Read more

Introduction to Quality in corporate affairs

QUALITY, a word to express conformance to requirements. This is something that we all equipped with somehow or other in our corporate affairs for successful businesses. Our key value assets "CUSTOMERS" having an eye on the shore of the business/set-ups which can given them quality services and assure providing defect free environment.  Having said, quality plays a vital role in delivering and sustaining businesses in the market world. Companies who possessed International Organization for Standardization(ISO) in Quality Management System(QMS) proved to have manifold benefits from the services and products they are into. Current, QMS ISO 9001:2015 standard completely serves the purpose of attaining such goal to achieve and enhance Customer Experience. Me, Maninder Sehmbi worked as a Quality Assurance Lead paving the way of success in helping the organizations to get ISO 9001:2015 certification and attain exposure of maintaining set of policies, procedures, guidelines for bette...
Read more