Like many of the ISO standards ISO27001 for information security management systems needs you to have a relationship with your supplier, that relationship of course should be one of mutual benefit and respect what Annex clause A15 does however set up the requirements for implementing some targets in terms of information security requirements. ...
I always remember the 1st time I helped implement 5s into a factory. 5s (Sort, Set, Shine, Standardise and Sustain) is one of the many 'tools' used by organisations when moving to taking lean thinking. The driving force was actually from the maintenance department at the time rather than operations, which still surprises some people. People still t...
For many organisations having any form of information security system is new, and that can make it a little challenging. It means that you are having to graft your new systems onto what you already have, which is tricky. However, there will come a point that the next system you need isn't one you had before you system, its new and so the very best ...
AS9100 clause 7.4 Communication is a small and innocuous clause, there really doesn't seem too much to it on the face of it. This clause in Rev D of the AS9100 standard for Aviation, Space and Defence organisation is all about ensuring that those within your organisation and outside of it get the right level of communication about your quality mana...
One of the great things that we see happening in the compliance world at the moment is an upsurge in the interest in gaining accreditation to ISO14001 for environmental management systems (EMS). There a lot of factors generating this interest from contractual requirements including the need for environmental sustainability or certification to busin...
While this annex clause of ISO27001 for Information security management systems (ISMS) is named Communication Security, think of it more as the security linked to how you move your information around both internally and externally of your organisation. The clause is split into two parts which really link to that internal & external thinking. A1...
I overheard a conversation in a café the other day between a few people sitting round a table in what I presume was an off site catch up for the management team. They were discussing some of the challenges that they were having and how tough things had been throughout the covid pandemic for them. They had managed to get through by being really cash...
Although AS9100 REV D requirements for your Quality Management System (QMS) is built on top of the ISO9001:2015 standard, there are a few areas where the requirements of the Aerospace standard are different or there are additional requirements, AS9100D Clause 7.3 for Awareness is one oof those areas. Clause 7.3 - Awareness This section...
Annex 12 – Operational Security for your ISO27001:2013 Information Security Management System (ISMS) is a pretty substantial clause since it's all about preventing the loss or availability, integrity and importantly confidentiality of your business information. By substantial we mean there are 14 separate elements for you to think about controls th...
If I knew then what I know now… The inference from that little phrase is that you would obviously make a different decision and so things would turn out better. Often however that's not the case, certainly not with people at work. We all hire people who aren't suited for the company, they aren't necessarily bad people, it's just they don't fit the ...
This Week's Question This is a question that comes up a lot in discussions when we're implementing some lean with clients, "If we want to have a lean culture what is more important, respect for people or continuous improvement? Surely, they are both equally important? " The Feedback No! It's kind of chicken in the egg, so if you think about i...
Within the AS9100 REV D standard Competency (Clause 7.2) and Awareness(Clause 7.3) are split into 2 separate clauses, that makes sense if you look at competency as purely skill or knowledge based but you do have to ask if it is to have any Competency without Awareness (or Communication!). As an organisation it';s for you to decide how you manage it...
We split ISO27001 for Information Security Management Systems Annex Clause A11 into 2 parts to try and keep it a bit shorter but also to emphasis that you do need to think about both areas as two steps of the process. In Part 1 we talked about Annex Clause A11.1 – Secure Areas, here we'll talk about 11.2 Equipment. It's easy to just think of secure...
Over the years we have talked with many organisations about their mission, vision, and company values, about setting up objectives and people to do well and be aligned to those things and it's gone well. Yet, I've always through there was a bit missing in the puzzle. When we talk about values, we mean the real values your company has, not the buzzw...
This Week's Question A few weeks ago I had a conversation with a few people around how things were going with their business in light of the ongoing uncertainty of the pandemic and day to day business in general. One of the topics that came up was around contingency planning within the company and the various approaches they each had. In one ...
AS9100 REV D Standard Clause 7.1.6 – Organisational Knowledge can be a bit of a challenge for some to get their heads around. Organisations can have differing views internally about what organisational knowledge is, add in the external auditor's 3rd viewpoint and you can have some very interesting discussions about it. Getting clear about clear wha...
When people think about ISO27001 for Information Security Management Systems (ISMS) they tend think about the world of cyberspace, of virtual set ups and protecting their information form someone on a PC hacking in from the other side of the world. That's certainly a part of it and in reality, a small part of it. Your real-world threats are just as...
AS9100 REV D Section 7.1.5 is all about the how you look after measuring devices, calibration and measurement traceability. It's not a massive change from the previous standard but what does it mean and what do you have to do? The Clause is essentially the same as the ISO9001:2015 clause it is based on but does carry some useful additional clarific...
We put the call out to our Newsletter readers, on LinkedIn, Facebook and Twitter for questions. Questions that people are struggling with around ISO, Lean or leadership that they wanted help with and we got some fantastic responses that we have loved reading through and thinking about how we can help. We can't answer everything but we'll do our bes...
When you first think about cryptography and it's uses, it's not hard to just to the realms of James Bond and secret codes that unlock the secrets of organisations and the nation, why would you need to care about it? The answer is simple really, in today's cloud computing environment for example cryptography appears everywhere, in secure computer sy...
We put the call out to our Newsletter readers, on LinkedIn, Facebook and Twitter for questions. Questions that people are struggling with around ISO, Lean or leadership that they wanted help with and we got some fantastic responses that we have loved reading through and thinking about how we can help. We can't answer everything but we'll do our bes...
