Governance, Risk and Compliance Blog

ISO 27001:2013 – How EQMS can help with certification

Posted by Marc Gardner on Fri, Jul 21, 2017

Many organisations find themselves in a digital storm of relentless and continuous change, often brought on by rapidly evolving technology. For this reason, information security can no longer be a once-in-a-while project – it must be central to all your projects and processes.

ISO 27001 provides a framework for managing information security. Based on regular risk assessments that consider ever-changing scenarios, it's at its most effective with a robust and flexible electronic management system working alongside it.

And so to EQMS, Qualsys's solution for managing ISO 27001 documentation, audits, risk and suppliers simply, securely and efficiently.

EQMS Document Manager

Planning an information security management system (ISMS) is a crucial requirement of ISO 27001 accreditation.

ISO 27001 sets out a nine-stage process for doing so. The documentation you generate through this process will define your system's scope (i.e. what information it intends to protect), your organisation's context, and your detailed approach to keeping your information secure. This process needs to be embedded throughout your entire organisation.

With EQMS Document Manager, you can easily share compulsory documents (such as your information security policy, risk assessment methodology and statement of applicability) with the relevant members of your team. EQMS ensures only the most recent version of the documents will be seen and read.

Disseminating information too widely can expose your company to unnecessary risk. With EQMS, you can really lock down your data by reducing to the barest minimum the number of roles that have higher access privileges or levels of authorisation.

And EQMS uses electronic signatures to ensure that your employees confirm they've read and understood your latest operating procedures. This limits the risk of your company being liable for data breaches.

Download the EQMS Document Manager datasheet here

EQMS Risk Manager

Risk assessment is a complex part of ISO 27001 implementation – and the most important step.

EQMS Risk Manager is configured to your risk assessment methodology. How you treat those risks you've identified in your assessment can be managed through a workflow which is traceable at every stage. You'll be able to view real-time risk assessment reports in the KPI Dashboard, allowing you to proactively manage risk from a central system.

Download the EQMS Risk Manager datasheet here

EQMS Audit Manager

EQMS Audit Manager can be configured for both systematic and closed-loop auditing. And you can associate your audits with whatever regulations or standards (such as ISO 27001) might apply to your business.

iEQMS Auditor is an iPad application for mobile auditing. The application works without an internet connection and gives your top-level management complete visibility of how well your information security processes are working.

Download the EQMS Audit and Inspection Manager datasheet here

Request a demo of iEQMS Auditor here

 

What you should do now

For more information about ISO 27001, download our toolkit.

ISO 27001 Toolkit - Updating ISMS

 

Tags: ISO 27001

Global Compliance Management System: How BT Global Services use EQMS

Posted by Emily Hill on Fri, Jul 21, 2017

BT Global Services, who have used EQMS since 2001, considers Qualsys one of their strategic partners. 

Robert Oakley, Commercial Director at Qualsys, has managed the BT Global Services account for the past 17 years. "BT came to us with the requirement to share documentation with their customers in a controlled way," Robert says. "Key to this was making sure customers and internal employees only saw information they had permission to see."

The first system was implemented in 2001. That quickly grew to eight systems, then 16. Within a year there were 64 different EQMS systems within BT. Each EQMS had a separate database, which meant BT could segregate each of the contracts to prevent any from being shared incorrectly.

BT_logo.svg.png


By 2005, BT Global Services's procurement team were envisaging a future in which the system would expand much more widely across the business. They approached Qualsys for a strategic solution, and Qualsys put together a contract to enable BT to procure batches of 25 systems at a time. Now, in 2017, BT has over 500 systems.

EQMS at BT Global Services 

  • Over 16,000 users 
  • 6 audit management systems 
  • Microsoft Word, Excel and Powerpoint integrations 
  • 125 document management systems on BT Global Services Portal 
  • 6 training records systems 

Robert Oakley adds: "We see BT, like many of our customers, as a partner. We've shared ideas about how we provide solutions within BT, and the system has been propelled by BT over the years. They've had a big influence in driving EQMS forward over the years, and invested a lot to get EQMS to the high standard it's reached today."

"And that value has been passed on to our other customers. It's a true partnership, and our relationship goes from strength to strength. As we speak, a new EQMS system has been launched for a major European bank, and BT Contracting are managing the relationship there."

During the EQMS User Group, Carl Butler, Key Controls Manager at BT Global Services, spoke of how BT are using EQMS for compliance and how the system adds value to their business. Below, you can read the transcript of Carl's presentation. 

The 'cloud of clouds'

We made a strategic decision to silo our business into different divisions. BT Global Services looks after global customers.

My team of subject matter experts looks after heavily regulated pharmaceutical companies in North America. At the moment, the team is based in Canada and we look after both their document management and their training management.

One of our key drivers at the moment is the 'cloud of clouds'. While everyone knows what the cloud is, few organisations have the technology, human and financial resources to manage cloud-based information well. BT are great at this.

EQMS User group 2.jpg

[EQMS User Group]

EQMS has become embedded in BT Global Services 

Security is critical for us. We have the overarching administration system, EQMS, which determines who can administer and see certain documents. EQMS has become embedded in BT Global Services.

EQMS helps us to make sure our relationship with the customer is transparent and that we're sharing the right information at the right time. The customer always has access to their service level agreement, billing information and manuals.

There's always a record of activity, which is essential when managing heavily regulated contracts, such as global pharmaceuticals which are regulated by the FDA. As we're essentially an outsourced business service, the compliance burden falls on us, so EQMS helps demonstrate these compliance requirements.

[EQMS for document and policy control]

The EQMS team

BT Global Services have document control distribution. This is a subject matter expert who manages document control for many critical accounts. This subject matter expert is accountable for all document management. The subject matter expert controls who sees what, and whether a document should be seen by the customer or kept for internal use only. It's an incredibly important role.

We have a number of subject matter experts for whom this is their sole responsibility. We're now in the phase where we're developing the team, whereby the back office are the subject matter experts for the whole team.

My team are being retrained to be more consultancy-based. This means they'll spend more time with the customer, capturing client information and ensuring we deploy EQMS to the best of our ability. If our sales team need any consultancy, the subject matter expert will be able to provide value to the customer.

Great for careers

We're upskilling our team. This is great for their careers because if you've been doing document management or training management for several years using EQMS, the organisation can use your knowledge as a value-added service.

[EQMS Training Matrix]

The value of EQMS at BT

One of the things we've been discussing with Qualsys is what is the value of EQMS?

If you look at all of the industry sectors – banking, aerospace, gas, pharmaceuticals the unit I work for goes right across the organisation. We're growing rapidly and that means we have lots of new recruits. It's critical that behind all of that is EQMS. Without the automation of EQMS, we couldn't cope.

Before EQMS, it would have been spreadsheets. For BT, managing training records on a spreadsheet when there are hundreds and thousands of employees is impossible. To be a 'qualified person' such as a project manager, technician or Cisco computer expert in a heavily regulated organisation, you have to have a valid training course to work on the contract. With EQMS Training Records Manager, it makes it much faster to manage, retrieve and update training records. 

Everything is documented. So when we're audited by the FDA, or another regulator, we can quickly answer questions such as "What kind of network do you have?" and "Who looks after it?". EQMS gives our customers confidence that we're compliant.

Business case for EQMS Tool

Going forward

In the future, EQMS is only going to grow within BT Global Services. For example, we have a customer who wants to share the risk of the system. There is a lot of trust involved in that.

Value-added services

In all large organisations, stakeholder management is a minefield. With Qualsys, we're currently getting results by articulating the value of the system very well.

To give you an idea of the scale of the operation, Heinz, Mars, Barclays, Deutsche Bank, Microsoft and BMW are all using EQMS. Each of those systems is shared with BT. We can provide further value to our customers by encouraging them to use the system internally and up their supply chains. 

 

What you should do now 

If you need a business management system, EQMS is a proven solution not just for large global organisations, but for hundreds of medium-sized organisations. Start by requesting a call back below. One of our team will call you to learn a bit more about your objectives. We have a "fail-fast promise" – so if EQMS is not a good fit for you, we won't continue to contact you. 

Request a call back here:

 

Tags: Case Studies

ISO 27001:2013: Context of the organisation

Posted by Marc Gardner on Thu, Jul 20, 2017

When it was revised back in 2013, ISO 27001 adopted the Annex SL format, a generic framework for ISO standards that uses several identical sections of wording and a lot of similar terminology.

One of the core Annex SL clauses is clause 4, which concerns the context of the organisation. It's an important part of the standard, and it requires you to consider the internal and external issues that can impact on your strategic objectives and how you plan your information security management system (ISMS).

Your organisation should focus particularly on factors and conditions that can affect your products, services, investments and on your interested parties. Context becomes an important consideration and helps to ensure that your ISMS is designed and adapted for your organisation rather than taking a 'one size fits all' approach.

Determining the context (step by step)

There's no prescribed method for determining the context of your organisation in relation to ISO 27001, but you could take this simple and pragmatic four-step approach:

  1. Identify the internal issues that can affect your organisation's products, services, investments and interested parties.
  2. Identify the external issues that can affect your organisation's products, services, investments and interested parties.
  3. Identify who are the interested parties and what are their requirements.
  4. Regularly review and monitor those internal issues, external issues and interested parties you have identified.

1 – Internal issues

Your organisation's internal context is the environment in which you aim to achieve your objectives. Internal context can include your approach to governance, your contractual relationships with customers, and your interested parties.

Internal issues can include your:

  • regulatory requirements
  • strategies to conform to your policies and achieve your objectives
  • relationship with your staff and stakeholders, including partners and suppliers
  • resources and knowledge (e.g. capital, people, processes and technologies)
  • risk appetite
  • assets
  • product or service
  • standards, guidelines and models adopted by the organisation
  • information systems

2 – External issues

To understand your external context, consider issues that arise from your social, technological, environmental, ethical, political, legal and economic environment.

External issues may include:

  • government regulations and changes in the law
  • economic shifts in your market
  • your competition
  • events that may affect your corporate image
  • changes in technology

3 – Interested parties

Your interested parties include your customers, partners, employees and suppliers. When developing your ISMS, you only need to consider interested parties that can affect your:

  • ability to consistently provide a product or service that meets your customers' needs and any statutory requirements and regulations
  • continual improvement process
  • ability to enhance customer satisfaction through effectively applying your system
  • your process for ensuring you conform to your customers' requirements and any statutes or regulations that apply

4 – Regular reviews and monitoring

You must regularly review and monitor those internal or external issues you've identified. Understanding your internal context means your management can carry out a 'PEST' (political, economic, social and technological) analysis to determine which factors will affect how you operate.

While you have no control over external issues, you can adapt to them. PEST factors can be classified as 'risks' and 'opportunities' in a SWOT (strengths, weaknesses, opportunities, threats) analysis or other alternative methods.

 

What you should do now

ISO 27001 Toolkit - Updating ISMS
 
IMAGE CREDIT: http://www.e-lgs.sthk.nhs.uk/PublishingImages/Pages/Security-and-Information-/Fotolia_41908523_Subscription_Monthly_XL.jpg
 

Tags: ISO 27001

ISO 27001 and information security – An introduction

Posted by Marc Gardner on Thu, Jul 20, 2017

Simply put, ISO 27001 is about information security, and how you manage it in an ever-changing world. You're not only having to contend with the effects of digitisation, big data and the Internet of Things, but the growing demands of globalisation, regulation, and protection against cyber threats.

What ISO 27001 gives you is a best-practice method of implementing an information security management system (ISMS). Having this system in place, and achieving ISO certification, means you can demonstrate to your customers and partners that you're committed to information security. And you'll have an advantage when it comes to winning tenders with government clients or large corporate clients, who often demand that their suppliers comply with the standard.

Already in 2017, several large organisations – the NHS, Wonga and Three, to name a few – have fallen victim to serious security breaches. The Government's Cyber Security Breaches Survey revealed that 7 out of 10 large businesses had suffered some form of breach or attack, costing them, on average, around £20,000, and in many cases much, much more.

So how exactly does ISO 27001 help you to more effectively manage your information security? And what does implementing an ISMS actually entail?

Managing information security means preserving the confidentiality, integrity and availability of your information and the facilities you use to process it. That could be your IT systems, infrastructure, or the actual buildings in which your organisation is based.

Confidentiality Ensuring information isn't made available to people or organisations who don't have authorisation to see it  
Integrity Ensuring the information is both accurate and complete  
Availability Ensuring the information can be made available and used when an authorised person or organisation demands it  


It might be that you've been so focused on keeping information confidential that you've overlooked integrity and availability. You're not alone! But now IT and digital data are – or are likely to become – such vital elements of your business, you need to be mindful of all three aspects

And this is where an ISMS comes in.

It's a system of processes, documents, technology and people that helps to manage, monitor, audit and improve your information security. With an ISMS you can manage all your security practices consistently and cost-effectively.

But it's important not to see information security as solely your IT team's responsibility – 'information' isn't just confined to your computer files and IT networks. Information security must be a concern of your entire organisation, embedded in all practices, policies and procedures and communicated clearly to every employee.

And as is the case with all quality management systems, without buy-in from top management and the people who'll implement and maintain the system, you'll likely struggle to reach the level of diligence you need to achieve certification to the ISO standard.

Bear in mind that it's neither a quick nor temporary process. Embedding ISO 27001 practices into your organisation is complicated, and involves making often substantial changes to your strategy, operations and company culture. If you're a small business, you may need 4–5 months to prepare for an audit; larger organisations might need more than a year. And don't rest on your laurels: you're operating in a rapidly changing business environment, and your ISMS must continually evolve and improve to remain effective.

 

What you should do now

For more information about ISO 27001, download our toolkit.

ISO 27001 Toolkit - Updating ISMS

 

Tags: ISO 27001

ISO/DIS 19011:2017 Revision

Posted by Emily Hill on Fri, Jul 14, 2017

ISO 19011 is an International Standard which provides guidance on auditing management systems. It is applicable to all organisations that need to conduct internal or external MS audits or manage audit programmes.

In this webinar, Richard Green, Managing Director of quality, audit and risk consultancy Kingsford Consultancy Services Ltd, discusses the changes to ISO 19011. Richard is an established expert in all quality and auditing matters.

Richard is on the International Committee for ISO 19011, so he’s able to provide more insight than most into what the changes are and how to prepare for them.

Please find the video below or read the transcript: 

 

ISO 19011 covers: 

  1. the principles of auditing – ‘moral values which underpin the profession’ - integrity, fair presentation, due professional care, confidentiality, independence, evidence based approach.
  2. managing an audit programme – designing, implementing, monitoring and reviewing & improving the programme
  3. the conducting of management system audits (initiating the audit to final reporting and follow up)
  4. the evaluation of competence of individuals involved in the audit process, including the person managing the audit programme, auditor team leaders and individual auditors.

As a guidance standard it is not something an organisation can seek certification against. Despite this, it has been universally embraced as the definitive blueprint for MS assessment. 

 

Why review the standard? 

ISO 19011 was first introduced in 2002 as guidelines for quality and/or environmental systems auditing - at that time these were the only ISO management system standards available.

By 2011 we were starting to see an expansion beyond quality and environment, so there was consequently a need to make the standard more generic.

Since then we’ve seen the introduction of a new breed of management system standards based on annex SL. This means they share a common high level structure, identical core text and common terms and core definitions. Going forwards all new ISO MSS will be annex SL based, and existing MSS will become annex SL based when they are next revised.

ISO 19011 therefore needed to be updated to reflect both the structure and contents of these new MS standards.

 

Key anticipated changes to ISO 19011?

Most significantly, we see the introduction of a seventh audit principle. ‘Risk-based approach: an audit approach that considers risks and opportunities’.

old vs new requirements.png

This risk-based approach should substantively influence the planning, conducting and reporting of audits in order to ensure that audits are focused on matters that are significant for the auditee and for achieving the audit programme objectives. Indeed, the need to consider risks (and opportunities) is prevalent in all sections of the document, from design of the programme to determining who should be on the audit team, from conducting the audit itself through to drawing audit conclusions, through considering what is communicated at the closing meeting and what is ultimately contained in the audit report.

  1. Structurally there have been some changes. The order of the sub-clauses under 6.4 ‘conducting the audit activities’ has been amended. 
  2. The role ICT now plays in audit, not just in terms of where evidence is stored but also in terms of how it is being employed to facilitate the audit process. 
  3. An interesting addition in clause 6.4.7 is text recognising that in the new annex SL world (based on documented information and not documents and records) not all information can be verified 100%. This introduces the concept of Professional Judgement which an auditor now needs to employ to determine the extent to which they can rely on such information.
  4. The old annex A has been deleted. This contained sector specific examples of the knowledge and skills required to audit particular types of industry. This may be reintroduced however there is very much a difference of opinion over this one.
  5. The old annex B now becomes annex A. This has been substantively reworked. This provides specific guidance for auditors in key topics. The range of topics has now been expanded to include; methods of auditing, professional judgement, performance outcomes, verifying information, auditing risks and opportunities and life cycle plus some significant changes to existing clauses (statistical sampling, guidance on visiting the auditee’s location).
  6. In addition, auditors must understand the application of management system standards in the post annex SL world and the relationships and interactions between the components of a management system in the light of annex SL.
  7. Audit team leaders are now expected to possess the competence to discuss strategic issues with top management.
  8. Throughout, terminology has been revised to reflect that latest definitions (audit criteria, audit team, technical expert, audit scope, risk, management system have all be revised). Also, suppliers has been replaced with external providers, documents and records by documented information.
  9. There remains an ongoing discussion as to whether ‘audit plan’ should become audit planning output and ‘audit report’, audit reporting output but as the former are such commonly used terms it is unlikely they will be changed.

 

Any advice for internal auditors?

I don’t expect to see training providers offering any form of ISO 19011 transition training and I’m not expecting any of the professional bodies for auditing to be mandating this for their members either. That said, these changes are significant and I’d expect organisations operating in the MS audit arena to be providing details on these to their clients.

IRCA are currently considering whether some form of mandatory CPD is required for IRCA certified auditors, perhaps in the form of required reading, and also whether revisions are necessary to their auditor training course criteria. Going forwards expect to see future auditing courses based on ISO 19001:2018, just as existing courses are based on ISO 1901:2011.

I’d expect there to be a lot of reading material out there for those who are genuinely interested in this area.

If you are serious about your role as an internal auditor (or indeed an external auditor) then you’ll want to know about these changes and how they will affect you.

  1. Study the draft. It’s not too early to start looking at the contents. Whilst this is still work in progress the substantive content is unlikely to change that much. Take a look at what is being proposed, then take an objective look at yourself and ask ‘is there any self- development required?’ For most of us the answer will be ‘yes’.
  2. Comment on the draft. If you think the changes go too far or don’t go far enough then have your say – everyone’s comment carries equal weight when they are reviewed. You could just make the world of audit a better place!
  3. Be prepared to challenge your organisation – if your unhappy with the way your organisation currently manages and conducts its audit programme this revision will provide an opportunity to effect change. There are real cost and efficiency benefits to be enjoyed from the deployment of an appropriately structure audit programme. Use this document to persuade top management that this is the case.

 

What is next? 

All international standards go through a well-established process on their journey from concept though to finished article. We are currently at the Draft International Standard (or DIS stage).

This is the point where the ‘ordinary person on the street’ for want of a better expression is able to comment on the proposed content via there national standards body – in the UK, this is BSI.

The ballot closes in October.  There is then a meeting of the AUS/1 committee (the ISO committee revising this standard) w/c 6th November in Mexico City. This meeting will consider the comments received and will amend the draft if deemed necessary.

Depending on the extent and nature of the comments received the committee will then either move to publish the new standard or, if there is still work to be done, it will create a final draft international standard (FDIS) as an interim step before full publication.

We will know for sure after the Mexico City meeting however ISO are currently quoting ‘mid 2018’. I think this is a fair representation.

 

 

Managing Audits using EQMS

Qualsys provide a range of auditing solutions which make it easy for auditors and management teams to identify trends in information and to see when something goes wrong.

In this article, we’ve listed 5 benefits of using our Audit Manager software.

 

advantages of using eQMS 2.png

 

Tags: Audit Management Software, ISO 19011

10 Reasons You Should Enter the CQI's International Quality Awards

Posted by Emily Hill on Tue, Jul 11, 2017

The CQI's International Quality Awards is now accepting applications for awards in the following categories: 

Quality Professional of the Year 

Emerging Talent Award 

Leadership Award 

Quality Team of the Year 

Quality Professional in a New Project

If you're not sure whether to enter, here are 10 reasons why you definitely should. 

Quality Awards.png

1) Why shouldn't you win?  

Many people feel they have to wait to be recognised: to be promoted, to be hired, to be selected for an award. 

The most successful people look for ways to accelerate their career. Make the most of the opportunity the International Quality Awards presents. It's a chance for you to talk about what you do best. After all, why shouldn't you win?

2) Promote yourself or your team


We know you do some truly transformational work. We see it every day. It's about time you got recognised for all your hard work. 

To inspire you to get started, here are some examples of projects we've witnessed: 

3) Demonstrate your leadership potential

CQI Competency Framework

The CQI's Competency Framework has leadership as one of its core competencies. Part of a leader's role is to communicate the importance of quality and the value it can bring. ISO 9001:2015, for example, requires leadership to:

  • Inform stakeholders of the importance of the quality management system
  • Tell stakeholders why they should participate in its effective implementation
  • Promote risk-based thinking in respect of their organisation’s quality management system

There probably isn't a better opportunity to tell, inform and promote quality in your organisation than entering an award with the CQI. 

4) Plan, do, check, act

Just by entering the awards, you're taking the opportunity to reflect on your achievements and plan how you can improve. Set aside a couple of hours or a "Lunch and Learn" session to think about what you and your team have done really well and use the awards application form as a framework. By the end of the session, you'll have a completed application form you can send off to the CQI. 

Furthermore, by getting involved with the International Quality Awards, you'll be able to reflect and learn from hundreds of other quality professionals. You'll then be able to apply their war stories to your own organisation. 

5) Meet the Qualsys team

Qualsys are sponsoring the awards! That means you'll get to meet our team at the awards ceremony in November.

The Qualsys team

Don't worry, we're much better at developing quality management solutions than forming a 'Q' shape... 

6) Look at the venue!

Yes, the application will take some effort. But while you're writing it, why not have half an eye on the drinks reception for the event! You and your colleagues could be here in November (thanks to you!):

Merchant Taylors courtyardMerchant Taylors Hall

This is Merchant Taylors Hall – Sponsored by Qualsys 

7) Define the profession 

It's an exciting time to be in quality. Unlike many other professions, there isn't a clearly defined career path. By showing your support and entering the awards (for free), you'll be helping to share knowledge across the industry. 

8) Your marketing and sales team will love you

Quality World magazine

By entering the awards, you'll be sending a clear message to your organisation, supplier and customers that your organisation is good at quality. The winners of the awards will have an article featuring their achievements in Quality World magazine, which is sent every month to over 20,000 quality professionals. That's certainly one way to get the attention of your marketing and sales team!

9) Engage your team with quality 

Qualsys talks to hundreds of quality professionals every week. One common theme that arises is they struggle to engage others in what they are doing. Usually the feedback is: "No-one seems to be interested in what I'm saying." 

The honest response is: You're right!

Growing companies can be chaotic. Keeping up can feel impossible for a management team. It's not uncommon for everyone to remain in their own bubble and not set aside time for anything or anyone else. Promoting an achievement such as entering an award galvanises others to bring their ideas out into the open and ensure future efforts can learn from it.

10) Boost your career

 The opportunity to connect with others, learn and even possibly win an award will help accelerate your career. 

 

What you should do now 

Applications close on 31 July 2017 – so hurry!

 

 CQI Quality Awards

Tags: CQI

Could you tweet your quality strategy?

Posted by Emily Hill on Mon, Jul 10, 2017

We've talked a lot recently about engaging employees with quality and the quality management system, so we're always looking for innovative ways to get the message out there. 

John Oakland, founder of the Oakland Institute and author of several books on quality management, urges quality professionals to apply their quality knowledge to drive the strategy. During the Qualsys User Group, John said: "We [quality professionals] don't come to this game with a very good reputation. So you need to start thinking, 'If I did get the 60 seconds in the lift with my top management team, what would I say?'

"Quality professionals can help organisations as a statistician, if you apply your thinking, your tools and techniques in the right way and in the right areas. If you start talking about distribution, it's going to be a big turn-off. And that's a challenge we all face in this space of quality, helping as professionals in the area.

Time-poor teams 

In the same vein, Richard Chambers, Global CEO of The Institute of Internal Auditors, recently asked his Twitter followers whether internal auditors could condense their audit findings to a single tweet:

 He received a mixed response. Some followers agreed responses should be succinct, others believed there's more value provided in the detail. 

Gemma Baldan, Key Account Manager at Qualsys Ltd, says many quality teams can communicate short 'tweet-like' broadcasts using EQMS

"It's important that we don't throw the book at teams," Gemma says. "It's much easier to get the message across if it's short and succinct. 

"We've increasingly found that EQMS administrators are making the most of the broadcasts feature. These broadcasts are, by default, less than 100 characters and can be shared instantly with all employees. Our customers use the broadcasts to report issues and findings but also to shout about their successes. By keeping it short, those who want to read more can investigate further." 

What about you? Could you get your audit findings, quality plans or quality strategy under 140 characters? Comment below or tweet @QualsysEQMS. 

 

Tags: Quality Culture

The International Quality Awards: Interview with Vince Desmond, CEO at CQI

Posted by Emily Hill on Mon, Jul 10, 2017

Marc Gardner and Emily Hill from Qualsys Ltd recently interviewed Vince Desmond, acting CEO at the Chartered Quality Institute (CQI), to learn more about the CQI's goals and vision, how the quality profession is changing, and the new CQI Quality Awards. 

In this blog, Vince talks about what the CQI Quality Awards aim to achieve. Alternatively watch more of the interviews here. 

Vince Desmond, CQI's Acting CEO

Raising quality's profile

We need to work on the image of quality, that image that suggests "we're going to check your homework".

We really need to reposition quality as a business partner who's going to help you to make the business better. This message is much more attractive for the business and it's much more effective to achieve the purpose of the profession.

We've identified that one of the key weaknesses of the profession, and the CQI, is marketing. We need to celebrate the profession's amazing achievements. 

This is the first International Quality Awards, which we're delighted Qualsys is supporting. We need to know what projects quality managers are working on and celebrate their successes.

The International Quality Awards can only be good for careers, businesses and for the CQI.

CQI Quality Awards

Get recognised. Build your organisation's reputation. Define the profession. 

The International Quality Awards are an interesting thing.

The first thing is that the quality profession can shine a light on what it does. This will help raise the profile of quality. The awards are going to help other parts of the organisation understand what we do, and encourage and recognise success. Helping quality professionals to get recognition is important. 

It's important as well because organisations can demonstrate to their suppliers, customers and partners that they're good at quality and they're a good organisation to work with.

From the partner's perspective, we're all swimming in the same pond. CQI and Qualsys share an aspiration that organisations benefit from really exemplary quality management.

We have great organisations standing shoulder to shoulder. We have employers, recruiters and technology companies. We're all trying to solve a complex puzzle on how we improve the quality profession. With our partners, this message is more powerful that the International Quality Awards is not just the CQI. It's a message from the entire community that this is really important.

Start now – Applications close 31 July 2017

There are five category awards: 

  • Quality Professional of the Year
  • Emerging Talent
  • Leadership 
  • Quality Team
  • New Project 

You don't have to be a member of the CQI to enter the awards.

 

CQI Quality Awards

 

Tags: CQI

ISO 9004 Overview

Posted by Marc Gardner on Thu, Jul 06, 2017

ISO 9004 is currently under revision and the draft international standard is now available for public comment. In this article, we spoke to Richard Green, founder of Kingsford Consultancy Services Ltd and former Technical Director at IRCA, who shared what the standard is about and how you can get involved. 

 ISO 9004 in focusBackground

First published in 1994, ISO 9004 was updated in 2000 and more recently in 2009. It stands apart from ISO 9001 but is aligned to it where it makes sense to do so.

Because ISO 9004 wasn't revised alongside ISO 9001 in 2015, it needed to be updated to meet the new requirements of that standard. A project to revise ISO 9004 was approved in December 2015 and a technical committee is currently developing a working draft.

The title and scope of ISO 9004 have changed, and there's now a self-assessment tool to evaluate how best to implement the standard's recommendations. For example:

  • The standard now explains the difference between 'Mission', 'Vision', 'Objectives' and 'Policy', and it applies to all organisations, no matter what their size or sector.
  • The title of ISO 9004 was previously "Managing for the sustained success of an organization – A quality management approach." It'll now be titled "Quality of an organization – Guidance to achieve sustained success."

What does it mean by 'sustained success'? 

Richard Green explains: "There are still questions as to what constitutes sustained success. There haven't been any studies in this area since Jim Collins's "Good to Great" 30 years ago, but overall the feeling is that ISO 9004 is going in the right direction.

"ISO 9004 offers guidance as to how organisations can enhance their overall quality by improving their maturity level, and provides a framework for strategy, leadership, resources and processes."

good to great article.png

http://www.jimcollins.com/article_topics/articles/good-to-great.html#articletop 

Should our organisation work to ISO 9004? 

ISO 9004 is recommended as a guide for organisations to extend the benefits of ISO 9001 and develop their performance through continual improvement.

Richard says: "Should you go for 9004 if you already have 9001? I’d say that depends on your motives for going for 9001. If you went for 9001 simply to get onto tender lists and you've no aspirations for seeking to operate an efficient and effective business, then no. If you genuinely want to develop yourselves, then yes."

Is ISO 9004 taken up less than ISO 9001? 

Low awareness, and competition with other methodologies, might go some way to explaining why there seems to be less talk about ISO 9004 than its bigger sister ISO 9001.

"I think lack of take-up is partly down to people not appreciating it exists," Richard says. "Or if they have heard of it, not understanding what it sets out to achieve. Also there's stiff competition out there in terms of improvement methodologies, most of which are sexier – lean, six sigma, Kanban and so on." 

Kanban kick-start example

ISO 9004 is currently being reviewed, and the draft is now available for public comment. Download a copy of the standard here: https://www.iso.org/standard/70397.html

Alternatively, subscribe to the Qualsys newsletter for regular updates on standards, regulations and quality career development. 

EQMS-GRC-Newsletter

Tags: ISO 9004

Quality Professionals: Sign Up for Free Events to Share, Learn & Network

Posted by Marc Gardner on Thu, Jun 29, 2017

A lot of quality professionals tell us that they sometimes feel they're ploughing a lonely furrow, and it's networking events and meetings that give them the inspiration they need to drive their projects forward.

In response to this, Qualsys Ltd, Kingsford Consultancy Services and Blackmores have set up a Meetup community you can join for free to share, learn and network. 

What are the events? Will you benefit? And how can you get involved? Read on below!

Free events for GRC professionals in Yorkshire

What are Meetups? 

We've created the Meetup community as a way of making life easier for you, the quality professional. By providing a forum for people in governance, risk and compliance roles to come together and simply talk, we hope we can give you positive, useful ideas to take back to your organisations to put into practice.

Whether it's methods for improving health and safety, tactics for getting senior management to buy in to quality management, or suggestions for how best to comply with certain ISO standards and regulations, we want you to get as much as you can from our Meetups. 

How can I get involved? 

There are lots of ways: 

Do I have to be an EQMS customer to attend?

Not at all. We welcome quality professionals from all sectors and industries and want to involve as many people as we can. 

Discussion forum

Where will the events be held?

They'll initially be based near the sponsor's locations – South Yorkshire, the West Country and Hertfordshire. However, if you'd like to host an event at your office, email hello@qualsys.co.uk for more information. 

Can my company become a sponsor? 

Absolutely. Just email hello@qualsys.co.uk and we'll tell you how. 

How can I join the community?

Sign up here! 

Meetup page

 

Join the Meetup for free here!

 

Tags: Events