ISO27001 and the Supplier relationship requirements
ISO 27001 Information Security Management Systems

Like many of the ISO standards ISO27001 for information security management systems needs you to have a relationship with your supplier, that relationship of course should be one of mutual benefit and respect what Annex clause A15 does however set up the requirements for implementing some targets in terms of information security requirements.  ...

  121 Hits
Using 5s in maintenance to avoid burning down the plant
Operational Excellence

I always remember the 1st time I helped implement 5s into a factory. 5s (Sort, Set, Shine, Standardise and Sustain) is one of the many 'tools' used by organisations when moving to taking lean thinking. The driving force was actually from the maintenance department at the time rather than operations, which still surprises some people. People still t...

  155 Hits
ISO27001 and the System acquisition, development, and maintenance Requirement
ISO 27001 Information Security Management Systems

For many organisations having any form of information security system is new, and that can make it a little challenging. It means that you are having to graft your new systems onto what you already have, which is tricky. However, there will come a point that the next system you need isn't one you had before you system, its new and so the very best ...

  226 Hits
AS9100 and the Communication Requirement
AS9100 Aerospace Quality Management

AS9100 clause 7.4 Communication is a small and innocuous clause, there really doesn't seem too much to it on the face of it. This clause in Rev D of the AS9100 standard for Aviation, Space and Defence organisation is all about ensuring that those within your organisation and outside of it get the right level of communication about your quality mana...

  243 Hits
ISO14001 for Environmental Management Systems – What the heck is it about?
ISO14001 Environmental Management

One of the great things that we see happening in the compliance world at the moment is an upsurge in the interest in gaining accreditation to ISO14001 for environmental management systems (EMS). There a lot of factors generating this interest from contractual requirements including the need for environmental sustainability or certification to busin...

  197 Hits
ISO27001 and the Annex Clauses – Clause 13 Communications Security
ISO 27001 Information Security Management Systems

While this annex clause of ISO27001 for Information security management systems (ISMS) is named Communication Security, think of it more as the security linked to how you move your information around both internally and externally of your organisation. The clause is split into two parts which really link to that internal & external thinking. A1...

  355 Hits
If you want to really improve your productivity here is the one question you need to ask first!
Operational Excellence

I overheard a conversation in a café the other day between a few people sitting round a table in what I presume was an off site catch up for the management team. They were discussing some of the challenges that they were having and how tough things had been throughout the covid pandemic for them. They had managed to get through by being really cash...

  365 Hits
AS9100 and the Awareness Requirements
AS9100 Aerospace Quality Management

Although AS9100 REV D requirements for your Quality Management System (QMS) is built on top of the ISO9001:2015 standard, there are a few areas where the requirements of the Aerospace standard are different or there are additional requirements, AS9100D Clause 7.3 for Awareness is one oof those areas.   Clause 7.3 - Awareness  This section...

  611 Hits
ISO27001 and the Annex Clauses – Clause A12 – Operations Security
ISO 27001 Information Security Management Systems

Annex 12 – Operational Security for your ISO27001:2013 Information Security Management System (ISMS) is a pretty substantial clause since it's all about preventing the loss or availability, integrity and importantly confidentiality of your business information. By substantial we mean there are 14 separate elements for you to think about controls th...

  471 Hits
The ultimate employee performance test - Would you rehire them?
Leadership

If I knew then what I know now… The inference from that little phrase is that you would obviously make a different decision and so things would turn out better. Often however that's not the case, certainly not with people at work. We all hire people who aren't suited for the company, they aren't necessarily bad people, it's just they don't fit the ...

  341 Hits
Continuous Improvement or Respect for people - what is more important?
Operational Excellence

This Week's Question  This is a question that comes up a lot in discussions when we're implementing some lean with clients, "If we want to have a lean culture what is more important, respect for people or continuous improvement? Surely, they are both equally important? " The Feedback No! It's kind of chicken in the egg, so if you think about i...

  438 Hits
AS9100 and the Competence Requirement
AS9100 Aerospace Quality Management

Within the AS9100 REV D standard Competency (Clause 7.2) and Awareness(Clause 7.3) are split into 2 separate clauses, that makes sense if you look at competency as purely skill or knowledge based but you do have to ask if it is to have any Competency without Awareness (or Communication!). As an organisation it';s for you to decide how you manage it...

  538 Hits
ISO27001 and the Annex Clauses – Clause A11 Physical and Environmental Security Pt2 - Equipment
ISO 27001 Information Security Management Systems

We split ISO27001 for Information Security Management Systems Annex Clause A11 into 2 parts to try and keep it a bit shorter but also to emphasis that you do need to think about both areas as two steps of the process. In Part 1 we talked about Annex Clause A11.1 – Secure Areas, here we'll talk about 11.2 Equipment. It's easy to just think of secure...

  496 Hits
Defining what you are and what you are not
Leadership

Over the years we have talked with many organisations about their mission, vision, and company values, about setting up objectives and people to do well and be aligned to those things and it's gone well. Yet, I've always through there was a bit missing in the puzzle. When we talk about values, we mean the real values your company has, not the buzzw...

  388 Hits
Should we be doing contingency planning for my ISO Management System?
Thursday Q&A

This Week's Question  A few weeks ago I had a conversation with a few people around how things were going with their business in light of the ongoing uncertainty of the pandemic and day to day business in general. One of the topics that came up was around contingency planning within the company and the various approaches they each had. In one ...

  468 Hits
AS9100D and the Organisational Knowledge Clause
AS9100 Aerospace Quality Management

AS9100 REV D Standard Clause 7.1.6 – Organisational Knowledge can be a bit of a challenge for some to get their heads around. Organisations can have differing views internally about what organisational knowledge is, add in the external auditor's 3rd viewpoint and you can have some very interesting discussions about it. Getting clear about clear wha...

  556 Hits
ISO27001 and the Annex Clauses – Clause A11 Physical and Environmental Security
ISO 27001 Information Security Management Systems

When people think about ISO27001 for Information Security Management Systems (ISMS) they tend think about the world of cyberspace, of virtual set ups and protecting their information form someone on a PC hacking in from the other side of the world. That's certainly a part of it and in reality, a small part of it. Your real-world threats are just as...

  621 Hits
AS9100D and the monitoring and measuring resources requirement
AS9100 Aerospace Quality Management

AS9100 REV D Section 7.1.5 is all about the how you look after measuring devices, calibration and measurement traceability. It's not a massive change from the previous standard but what does it mean and what do you have to do? The Clause is essentially the same as the ISO9001:2015 clause it is based on but does carry some useful additional clarific...

  602 Hits
Takt Time Vs Cycle Time - Which is more important for your lean journey?
Thursday Q&A

We put the call out to our Newsletter readers, on LinkedIn, Facebook and Twitter for questions. Questions that people are struggling with around ISO, Lean or leadership that they wanted help with and we got some fantastic responses that we have loved reading through and thinking about how we can help. We can't answer everything but we'll do our bes...

  397 Hits
ISO27001 and the Annex Clauses – Clause A10 Cryptography
ISO 27001 Information Security Management Systems

When you first think about cryptography and it's uses, it's not hard to just to the realms of James Bond and secret codes that unlock the secrets of organisations and the nation, why would you need to care about it? The answer is simple really, in today's cloud computing environment for example cryptography appears everywhere, in secure computer sy...

  664 Hits
Understanding the Compliance Register & why you need one
Thursday Q&A

We put the call out to our Newsletter readers, on LinkedIn, Facebook and Twitter for questions. Questions that people are struggling with around ISO, Lean or leadership that they wanted help with and we got some fantastic responses that we have loved reading through and thinking about how we can help. We can't answer everything but we'll do our bes...

  673 Hits

Subscribe to Our Newsletter

To Get Regular Updates on ISO | Lean | Free Resources
Sorry we need your name
Invalid Input - Sorry we need your last name here
Sorry Can you just check your email address as well
Invalid Input

Latest Blog Post

Trees That Count
memeber of New Zealand Institute of Directors