Like all ISO Management Systems your ISO 27001:2013 Information Security management System is going to need some documentation. The requirements of exactly what to document however are spread throughout the standard in each clause as requirements for documented evidence or records, typically prefaces with the words shall. Clause 7.5 documented info...

There are a few things you need to know about Business Metrics or KPI's (Key Performance Indicators), firstly its that they are important, anyone who says any different clearly does not really understand how businesses work. KPI's help you understand how your organisation is performing, if you are winning or losing, getting better or getting worse....

With the year almost over a friend of mine got an email from his with a sheet of paper attached asking him to put together his 5 objectives for 2021 and remember they must be SMART! Smart being a SMART Goal which is about being Specific Measurable Achievable Realistic and Time bound. I hate this he said, what is the point, what the heck am I suppos...

The great thing about ISO27001:2013 is that it follows the high-level structure set out by ISO as their preferred way of working through a standard. What that means it that pretty much all the new ISO standards follow the same list of 10 clauses in the same order. It is designed to help you align your various management systems. That's really helpf...

It has been a fair while since ISO27001:2013 for Information Security Management Systems was published yet it's adoption is only really now starting to gain some traction, just in time for the work on the next revision to really get underway. Like all ISO standards there are set requirements about what you must do, ISO list these as "shall" , part ...

ISO2001:2013 clause 7 is all about Support, what do you need, what have you got, does everyone know what they should be doing, have you documented it and a few other things besides that. In this post we are going to cover the first two clauses, clause 7.1 Resources and Clause 7.2 Competence because we think they pretty much go hand in hand, hopeful...

Recently I had the chance to catch up with Craig from Mango QHSE to talk about lean. More specifically Understanding of the Critical Elements in Your Lean Journey, what things need to be in place if you are going to have a successful lean transformation for your organisation.  When it comes to lean people get hooked on the tools, forgetting th...

The phone is ringing and you know it is going to be another unhappy customer, the only question is what are they going to complain about? Their product is late, there are defects in what they got, they got the wrong thing, there were too many or not enough. Every time the phone it is a complaint, another fire to be put out, another thing that you n...

Having objectives is pretty important if you want to achieve something or get somewhere. Organisations (hopefully) have objectives for most things like profitability, sales per year, marketing and even their ISO9001 Quality Management System. It makes sense then that there should be some objectives linked to your ISO27001 Information Security Manag...

The working year has many milestones that are marked on the wall or outlook calendars. Some are looked on with excitement and some, well not so much. The annual break and long weekends would be the big positives, on the other side we have things like monthly budget reviews and of course the annual employee reviews. It does not matter if you are the...

Like many of the latest ISO standards ISO27001 for Information Security Management Systems takes a risk-based approach to things. That makes sense, since it is hard to make something secure, if you do not understand the risks. Clause 6.1 of the standard – Actions to address risk and opportunities is where this risk-based thinking really kicks into ...

Last month I was having a chat with a friend about a problem they were having at their organisation. They had been trying to get their people involved in doing some continuous improvement, or any improvement work. They had sat everyone down and told them that they needed to find ways to get products out quicker. The issue was that their order book ...

Recently I was talking to a group of people (all from different organisations) about Standard Work. That is when organisations have a method of doing things, just one method, everyone does it the same way so you can get repeatable results. However, the important thing about these standard work routines or practices is that they do have to change ov...

If you have already obtained ISO9001 you will recognise the name of this clause because of course they are both aligned to the same high-level structure. The other bonus with already having obtained 9001 is that you are already mostly the way there with achieving the requirements of this clause for your Information security management System. The i...

The other day I watched the movie The Founder with Michael Keeton who plays Ray Kroc the "founder" of the McDonalds restaurant chain. It is a great movie and it is pretty factual as biopics go, and as it turns out technically, he is not the founder of McDonalds, the McDonald brothers were (hence the name) and certainly worth a watch. It brought bac...

Clause 5.2 of ISO27001:2013 is all about your Information Security Management Policy and it is pretty insistent that you have one, in fact its Mandatory. That is a pretty good thing since everything else in your entire Information Security Management System happens because of this policy which make sense if you think about it. Policies sit at the t...

Earlier this week I had to take my daughter to the fracture clinic to get her leg checked out. She had broken it 4 weeks ago and it was check up time. It was interesting when she 1st went to get it check out when it happened. On the original visit hey had asked all sorts of questions, decided on an outcome then thought, actually we should Xray it j...

One of the questions I get asked a lot (and it really is a lot!) is "How does ISO define traceability?" that's always accompanied with: what do they want, what things do I need put in place, will it be expensive and but my customer doesn't care about it! The answer, initially at least is, "It depends!" Obviously, this is not overly helpful, so we n...