How many times have you heard that a new process or a business change was being done to align to 'best practice'? Other phrases in the same mould are 'that this new process or methodology has worked in many organisation before it'll work here' or even better, 'we work to 'industry standard'? They are all the same thing when it boils down to it, a s...

ISO27001:2013 Annex A for Information Security Management Systems may seem like a bit of a long list of controls, there are 114 of them after all! However, it is fair to say that Annex A of the standard is quite possibly the most important section of the standard because it list's the controls that you need to consider and where appropriate have in...

When you read through AS9100 D you will notice that where ISO9001:2015 may hint at something or assume you understand what it means, AS9100D is far better at being explicit in what it's talking about. Right off the bat in the scope of the standard for example it states "If there is a conflict between the requirements of this standard and customer o...

Over the weekend I send some time down in Twizel which is in middle of New Zealand South Island. It is nestled not far from Mount Cook, NZ's highest peak and Queenstown, the adventure capital and is home to some of the most traumatic scenery and stunning views around, especially in autumn as the leaves turn golden and start to fall to the ground. I...

I remember sitting in Biology back in high school (admittedly a long time ago) and the teacher explaining that our bodies were just a big battery for our brain. Sure, we have arms for reaching out and grabbing things, typically food, legs make us mobile so we can run away from the sabre tooth tiger and of course eyes to see the same sabre tooth tig...

Clause 10 of ISO27001 Information Security Management Systems (ISMS) is where you get some serious value for your organisation. Along the way to implementing your ISMS you have planned things out, you have implemented your information security management policy, implemented various new processes and systems and in your internal auditing process you...

It does not matter if you are working to achieve or already have your International Standards Organisation (ISO) certification internal auditing is a key element you need to master. Internal auditing seems to be one of the areas of real trepidation and confusion around the requirements for internal auditing programs. When we talk with clients who a...

ISO27001 for Information Security Management Systems clause 9 Performance Evaluation is full of that favourite ISO term "shall" which as we all know means you must do what they are asking. Clause 9 is split into 3 subclauses to help focus you onto the things that really drive the performance evaluation requirements in any management: 9.1 Monitoring...

The world of compliance is changing, it has had to change. The days of printing a forest worth of trees for your management systems and then keeping them, all safely tucked into a in a folder on the top shelf, is not something you can do today. COVID-19 has surely put paid to that myth once and for all? The idea of looking them it the week before a...

Going through university I studied manufacturing systems which is a fancy title for industrial engineering. We were the guys who learned lots about figuring out how to be productive. After university I landed a great job in an electronics company working as, you guessed it, a production engineer. Our focus, we were told was to create processes and ...

Pretty much everyone in industry at some level have heard of ISO 9001, it is the world's benchmark for Quality Management Systems, not as many however have heard of AS9100D or AS9100:2016 Rev D to give it it's full title. So, what exactly is it and why talk about it alongside ISO9001? AS9100D is the Quality Management Systems - Requirements for Avi...

ISO27001 for information Security Managements Systems Clause 8 Operation is where the rubber starts to meet the road, this is the part of the standard that requires to you to do what you have so far said you will do. If you think about the structure of the standard and apply the Plan Do Check Act (or Adjust) approach that the standard takes then th...

Even for the experienced ISO Systems manager, audits can be a nervous time. The second guessing of what you have created in your systems and what your ISO certification auditor is going to be looking for can lead to over thinking things and even on extremes the odd restless night. It does not matter if you are certifying to ISO9001 for quality mana...

Like all ISO Management Systems your ISO 27001:2013 Information Security management System is going to need some documentation. The requirements of exactly what to document however are spread throughout the standard in each clause as requirements for documented evidence or records, typically prefaces with the words shall. Clause 7.5 documented info...

There are a few things you need to know about Business Metrics or KPI's (Key Performance Indicators), firstly its that they are important, anyone who says any different clearly does not really understand how businesses work. KPI's help you understand how your organisation is performing, if you are winning or losing, getting better or getting worse....

With the year almost over a friend of mine got an email from his with a sheet of paper attached asking him to put together his 5 objectives for 2021 and remember they must be SMART! Smart being a SMART Goal which is about being Specific Measurable Achievable Realistic and Time bound. I hate this he said, what is the point, what the heck am I suppos...

The great thing about ISO27001:2013 is that it follows the high-level structure set out by ISO as their preferred way of working through a standard. What that means it that pretty much all the new ISO standards follow the same list of 10 clauses in the same order. It is designed to help you align your various management systems. That's really helpf...

It has been a fair while since ISO27001:2013 for Information Security Management Systems was published yet it's adoption is only really now starting to gain some traction, just in time for the work on the next revision to really get underway. Like all ISO standards there are set requirements about what you must do, ISO list these as "shall" , part ...