Free webinar: 5 steps to ISO 9001 certification

Free webinar: 5 steps to ISO 9001 certification

Webinar
Hey, folks! I regularly receive questions about the steps a company would need to take to be successful in becoming ISO 9001 certified. If you have been charged with the responsibility of getting your organization registered/certified, or would be interested to find out more about what it would entail then this will be a great opportunity to ask questions and get started on planning your own project. In this one hour webinar, I'll be walking through the implementation process from beginning to end, from project initiation to accredited certification. If you have specific questions or any topics you would like covered, let me know in the comments below. I'll be announcing dates and details soon, so get your name down now by signing up with your email and I'll be sure to keep…
Read More
GDPR and ISO 27001. Is my ISMS enough?

GDPR and ISO 27001. Is my ISMS enough?

Law and Regulation
The new European General Data Protection Regulation (GDPR) will come into full force in May 2018. Apparently, the implications are global, meaning that any company that processes personal data of natural persons within the EU, no matter where they reside in the world, will fall within the scope of the GDPR. A question being asked by many ISO 27001 certified organizations is, "if we already have ISO 27001, are we covered for the GDPR?". This is a good question, and if you want the short answer, it is probably, "no". For a longer answer, feel free to read on. GDPR vs. ISO 27001 The general response I am seeing from most experts when asked this question is, "no, the GDPR is much bigger and broader than that." They go on to…
Read More
Context of the Organization: External issues

Context of the Organization: External issues

Management Systems Implementation
Next up, on the subject of business context as the foundation that a management system is built upon, is the need to determine your external issues. Clause 4 "Context of the Organization" specifies this requirement and pertains to the things outside of the organization that can affect or have an impact on our goals and objectives. In this post, I will be suggesting what things should be considered when determining your external issues and giving you some ideas on how to go about it. What should be considered? External issues are about things outside of the company. I.e. things that you do not have direct control over. They can be anything that is relevant to the intended outcome or purpose of your management system. Here is a list of considerations to get you…
Read More
Context of the organization: Internal issues

Context of the organization: Internal issues

Management Systems Implementation
In my last post, I talked in general about the meaning and intent of the management system clause 4 requirement which covers Context of the Organization. In this post, I'll be talking about one aspect of this process which requires the organization to determine its "internal issues". So what does it mean, "internal issues"? And how might we go about doing it? The word 'issues', in my book, implies a more negative connotation to the subject at hand. But this is not necessarily the literal meaning here. Issues can be thought of as being the source of both risk and opportunity, and I prefer to think about this activity as identifying current business challenges or the current situation. What should be considered? Internal issues are about things inside of the…
Read More