Internal Quality / Environmental Auditing
The ISO 9000 and ISO 14001 series of International Standards emphasise the importance of auditing as a management tool for monitoring and verifying the effective implementation of an organisation's policy for quality and/or environmental management.
A Quality or Environmental Audit is a systematic, independent examination of a quality or environmental management system. These audits are typically performed at defined intervals and ensure that the organisation has clearly defined internal quality or environmental monitoring procedures linked to effective action. The checking determines if the management system complies with applicable regulations or standards.
It is not enough to put a quality or environmental system into place; it must be tested on a regular basis, to ensure it is working, . . . . . . . . . . . . AUDITING.
The checks will include:
The timing and frequency of audits will vary depending on the importance of a particular part of the system but is predetermined and recorded. The audits are carried out by responsible persons independent of the activity being audited.
It is useful to have an audit programme spanning a set period.
The results of audits must be documented and should include the following:
Persons conducting audits should be properly trained to carry out the task objectively and effectively. Clearly, it is essential that everyone carrying out internal auditing should audit to the same standard.
Quality Matters has been providing these certificated courses since 1992 and are
designed to provide professional training in the principles and practice of audits of management systems for compliance with ISO 9001:2000, ISO14001:2004 and other standards.
The methodology employed is that set out in the Standard for quality and environmental management systems auditing ISO 19011:2002
The course is not IRCA registered but meets the training requirements of all the certification bodies for competence of Internal Auditors
Delegates who successfully complete the course will have sufficient knowledge of, and skills in, audit techniques to carry out internal audits of quality and/or environmental systems in their own organisations.
The twice yearly courses (April and November) are run locally in Colchester, Essex but bespoke courses can be arranged to be run in-house.
Next course 20 + 21 November 2008
For details and booking on this cost effective course, please see our Internal Audior Course page
A Quality or Environmental Audit is a systematic, independent examination of a quality or environmental management system. These audits are typically performed at defined intervals and ensure that the organisation has clearly defined internal quality or environmental monitoring procedures linked to effective action. The checking determines if the management system complies with applicable regulations or standards.
It is not enough to put a quality or environmental system into place; it must be tested on a regular basis, to ensure it is working, . . . . . . . . . . . . AUDITING.
The checks will include:
- The management system documentation; does it adequately define the needs of the business?
- The documented procedures and processes; are they practical, understood and being followed?
- The training; is it adequate?
The timing and frequency of audits will vary depending on the importance of a particular part of the system but is predetermined and recorded. The audits are carried out by responsible persons independent of the activity being audited.
It is useful to have an audit programme spanning a set period.
The results of audits must be documented and should include the following:
- The non-conformities found;
- The corrective action required;
- The agreed time for corrective action to be carried out.
Persons conducting audits should be properly trained to carry out the task objectively and effectively. Clearly, it is essential that everyone carrying out internal auditing should audit to the same standard.
Quality Matters has been providing these certificated courses since 1992 and are
designed to provide professional training in the principles and practice of audits of management systems for compliance with ISO 9001:2000, ISO14001:2004 and other standards.
The methodology employed is that set out in the Standard for quality and environmental management systems auditing ISO 19011:2002
The course is not IRCA registered but meets the training requirements of all the certification bodies for competence of Internal Auditors
Delegates who successfully complete the course will have sufficient knowledge of, and skills in, audit techniques to carry out internal audits of quality and/or environmental systems in their own organisations.
The twice yearly courses (April and November) are run locally in Colchester, Essex but bespoke courses can be arranged to be run in-house.
Next course 20 + 21 November 2008
For details and booking on this cost effective course, please see our Internal Audior Course page
Labels: Environmental Auditors, Internal Quality, Training
Posted: Wednesday, 6 August 2008
ISO27001 Laptop Security
More and more details are emerging concerning lax security of data and I am becoming increasingly concerned at the absence of even basic precautions to prevent unauthorised disclosure of data.
There have been laptops stolen, lost or simply forgotten at airports which contain sensitive information. Not long ago a Cabinet Minister had a desktop computer stolen, which had data not normally allowed outside Whitehall. The Minister concerned told the Press that it was safe as it was protected by a password. There was incredulity among those present as passwords are so easily overcome. One wag even enquired if the password was 'PASSWORD'.
Desktops and laptops often store system passwords in cmos which is a volatile store chip within the computer and is kept alive by a small coin type battery on the motherboard. This same chip holds the date and other start-up data. If you remove the battery and leave it for a few minutes, this data is lost and the password is removed. The other type of start-up password is held in an encrypted form on hard disk.
It is relatively easy to boot the computer from a CD or alternative operating system, access the password files and delete them. Rebooting the computer in the normal way shows that the password has been removed.
I am no computer expert, but this easy routine is readily available on the internet and it beggars belief that anyone, let alone, those in Government think that their data is secure when 'protected' in this flimsy way.
In my job I travel widely and I have a laptop which is protected by a password but the data I carry is on a separate removable drive which is encrypted at file level so that even if the drive was stolen and put into another laptop the data could not be accessed.
I use Folder Lock to secure my data. There are many other programmes available but I like this one.
Folder Lock is a fast file-security program that can password-protect, lock, hide and encrypt any number of files, folders, drives, pictures and documents in seconds. Protected files are hidden, undeletable, inaccessible and highly secure. It hides files from anyone other than the authorised user, safeguards them from viruses, trojans, worms and spy ware, and even protects them from networked PCs, cable users and hackers. Files can also be protected on USB Flash Drives, Memory Sticks, CD-RW, floppies and notebooks. Protection works even if files are taken from one PC to another on a removable disk, without the need to install any software. It locks files in Windows, DOS and even Safe Modes.
I know that my sensitive files are protected and that my Clients data is protected.
There have been laptops stolen, lost or simply forgotten at airports which contain sensitive information. Not long ago a Cabinet Minister had a desktop computer stolen, which had data not normally allowed outside Whitehall. The Minister concerned told the Press that it was safe as it was protected by a password. There was incredulity among those present as passwords are so easily overcome. One wag even enquired if the password was 'PASSWORD'.
Desktops and laptops often store system passwords in cmos which is a volatile store chip within the computer and is kept alive by a small coin type battery on the motherboard. This same chip holds the date and other start-up data. If you remove the battery and leave it for a few minutes, this data is lost and the password is removed. The other type of start-up password is held in an encrypted form on hard disk.
It is relatively easy to boot the computer from a CD or alternative operating system, access the password files and delete them. Rebooting the computer in the normal way shows that the password has been removed.
I am no computer expert, but this easy routine is readily available on the internet and it beggars belief that anyone, let alone, those in Government think that their data is secure when 'protected' in this flimsy way.
In my job I travel widely and I have a laptop which is protected by a password but the data I carry is on a separate removable drive which is encrypted at file level so that even if the drive was stolen and put into another laptop the data could not be accessed.
I use Folder Lock to secure my data. There are many other programmes available but I like this one.
Folder Lock is a fast file-security program that can password-protect, lock, hide and encrypt any number of files, folders, drives, pictures and documents in seconds. Protected files are hidden, undeletable, inaccessible and highly secure. It hides files from anyone other than the authorised user, safeguards them from viruses, trojans, worms and spy ware, and even protects them from networked PCs, cable users and hackers. Files can also be protected on USB Flash Drives, Memory Sticks, CD-RW, floppies and notebooks. Protection works even if files are taken from one PC to another on a removable disk, without the need to install any software. It locks files in Windows, DOS and even Safe Modes.
I know that my sensitive files are protected and that my Clients data is protected.
Labels: data, ISO27001 security, laptop
Posted: Monday, 28 July 2008
BS OHSAS 18001:2007 Occupational Health & Safety Management
There has been a considerable increase in the number of enquiries that I have received for BS OHSAS 18001 certification. It seems that businesses are increasingly aware of the need not only to meet current legislation but to keep employees safe and morale high by demonstrating the 'OH' part (Occupational Health) as well as the safety element.
I have been offering Quality, Environmental and information security consultancy for many years but it became clear that I would need to include Health & Safety Management Consultancy as part of the service offered to Clients.
I enrolled in the BSI Certificate on Occupational Health & Safety Course, which is a distance learning system. There are eight modules provided on 3 CDs. Each module is concluded by an assignment. The assignments are marked by A BSI Tutor and the next module is commenced. The course material, both on the CD and in paper format was very good and gave me all the information I needed to pass the assignments. My Tutor was very complimentary about my assignments and there was only one instance where I needed to resubmit information.
Last Friday I received my Certificate and I am delighted that my knowledge has been greatly improved. I can see that the Standard 18001 is not just about Safety but also encompasses Health and wellbeing.
All in all I am very pleased with the result.
I have been offering Quality, Environmental and information security consultancy for many years but it became clear that I would need to include Health & Safety Management Consultancy as part of the service offered to Clients.
I enrolled in the BSI Certificate on Occupational Health & Safety Course, which is a distance learning system. There are eight modules provided on 3 CDs. Each module is concluded by an assignment. The assignments are marked by A BSI Tutor and the next module is commenced. The course material, both on the CD and in paper format was very good and gave me all the information I needed to pass the assignments. My Tutor was very complimentary about my assignments and there was only one instance where I needed to resubmit information.
Last Friday I received my Certificate and I am delighted that my knowledge has been greatly improved. I can see that the Standard 18001 is not just about Safety but also encompasses Health and wellbeing.
All in all I am very pleased with the result.
Labels: BS OHSAS 18001:2007, BSI, Certificate
Posted: Tuesday, 15 July 2008
Integrated Management Systems
The old favorite ISO9001, quality Management Standard, is often combined with ISO14001, Environmental Management Standard and more and more a three way integration is being called for. The third element is BS OHSAS 18001, Occupational Health & Safety Standard. The advantage of having a truly integrated system is that there are elements of all three Standards that are similar or the same:
It is clear with this amount of synergy, the effort in putting the standards into place can be greatly reduced, as can the costs. The benefits to the organisation can be immense and the incorporation of an integrated management system says a great deal about you:
And finally that you are sufficiently confident to get these systems externally tested and certificated.
Many Companies looking to place contracts and purchase goods are looking for organisations that have ISO9001 and increasingly have green credentials as well and look after their staff and can demonstrate it.
An Integrated System is the answer.
- All three Standards have a document control requirement;
- The control of records is specified in all three Standards;
- Training, competence & awareness is seen in all three Standards;
- All three Standards have a requirement for internal auditing;
- Management review is seen as the lynch pin for all the Standards;
- Monitoring and measuring devices are used in each Standard;
- Continual Improvement is key to all three;
- Corrective action and Preventive Action are prime requirements.
It is clear with this amount of synergy, the effort in putting the standards into place can be greatly reduced, as can the costs. The benefits to the organisation can be immense and the incorporation of an integrated management system says a great deal about you:
- It says in clear and unequivocal terms that you care about the quality of your products and/or services.
- You care about the degree to which your customers are satisfied.
- You care about the environment and the effect your operation is having on the planet.
- You care about the health, safety and welfare of your employees, contractors and visitors.
And finally that you are sufficiently confident to get these systems externally tested and certificated.
Many Companies looking to place contracts and purchase goods are looking for organisations that have ISO9001 and increasingly have green credentials as well and look after their staff and can demonstrate it.
An Integrated System is the answer.
Labels: integrated management systems
Posted: Monday, 30 June 2008
Environmentally sound and safe as well
I drive many thousands of miles each year and to protect the environment I purchased a Honda Hybrid car in May 2007. This car uses a small petrol engine and an electric motor in an integrated propulsion unit.
The car returns some 45-50MPG and in addition is exempt from the London congestion charge. There is also a considerable saving in the car tax disc which is only £15 per year. All in all, I have been delighted with this car and recommended it to others.
Honda engineering also saved my life this week when I was involved in a crash which wrote off the car. The car was badly damaged but the driver's protection cell remained fully intact. My fear was that the car would catch fire, particularly with the high power batteries used within the car. My fears were unfounded. The Fire and Rescue Service cut the roof off the car so that they could slide me out on a spinal board. There was some concern that I may have had a whiplash injury. The Paramedics cut my suit off so that they could put a canula into my arm ready for any actions the hospital may need to carry out. The ambulance service took some Polaroid photographs of the scene and I was amazed that after being checked over at the hospital I was able to leave with no more that a bruise where the seat belt had been.
Had my car been an old one or one of a less robust nature then I doubt whether I would be writing this blog
Will I buy another Honda Hybrid?
I have already bought a new one to replace my one year old friend. I can drive it with confidence, knowing that in addition to doing my bit for the planet, Honda is doing all it can to ensure that I am safe in my car and even if the worst happens I have the best chance of surviving.
Thank you Honda
The car returns some 45-50MPG and in addition is exempt from the London congestion charge. There is also a considerable saving in the car tax disc which is only £15 per year. All in all, I have been delighted with this car and recommended it to others.
Honda engineering also saved my life this week when I was involved in a crash which wrote off the car. The car was badly damaged but the driver's protection cell remained fully intact. My fear was that the car would catch fire, particularly with the high power batteries used within the car. My fears were unfounded. The Fire and Rescue Service cut the roof off the car so that they could slide me out on a spinal board. There was some concern that I may have had a whiplash injury. The Paramedics cut my suit off so that they could put a canula into my arm ready for any actions the hospital may need to carry out. The ambulance service took some Polaroid photographs of the scene and I was amazed that after being checked over at the hospital I was able to leave with no more that a bruise where the seat belt had been.
Had my car been an old one or one of a less robust nature then I doubt whether I would be writing this blog
Will I buy another Honda Hybrid?
I have already bought a new one to replace my one year old friend. I can drive it with confidence, knowing that in addition to doing my bit for the planet, Honda is doing all it can to ensure that I am safe in my car and even if the worst happens I have the best chance of surviving.
Thank you Honda
Labels: car safety, Environment
Posted: Monday, 16 June 2008
Security of Passwords ISO27001
Each year, just before the INFOSEC (Information Security Exhibition) a test is carried out to asses the level of security placed upon workplace passwords.
This year your password could be exchanged for a chocolate bar. It is still shocking that some 64% of people challenged outside Liverpool Street railway station in Central London, were prepared to give their passwords away for a paltry chocolate bar. The findings were further segmented when the split of sexes was added into the equation; more of those giving away their passwords were women.
Where the questions were extended to ask for telephone numbers, place of work and dates of birth in exchange for the chance to win a holiday then results were down but still more women than men gave their details but only just.
The only crumb of consolation is that the total numbers prepared to compromise their personal or work security is down on last year by about 20%.
Government and big business continues to exhibit a less than satisfactory level of care with our security; indeed another case where there had been a problem with email attachments resulted in a disc being sent by normal post. The disc contained important information but was only protected by a basic password, which the company admitted, could be broken in a matter of minutes. The disc did not arrive.
It is not known how many of the security details given away at Liverpool Street Station were genuine and how many were simply wrong, but working on the 70:30 principle a good number were genuine. It is fortunate that details obtained were not used for any unauthorised use.... but they could have been.
Vigilance is required to ensure security of all our systems
This year your password could be exchanged for a chocolate bar. It is still shocking that some 64% of people challenged outside Liverpool Street railway station in Central London, were prepared to give their passwords away for a paltry chocolate bar. The findings were further segmented when the split of sexes was added into the equation; more of those giving away their passwords were women.
Where the questions were extended to ask for telephone numbers, place of work and dates of birth in exchange for the chance to win a holiday then results were down but still more women than men gave their details but only just.
The only crumb of consolation is that the total numbers prepared to compromise their personal or work security is down on last year by about 20%.
Government and big business continues to exhibit a less than satisfactory level of care with our security; indeed another case where there had been a problem with email attachments resulted in a disc being sent by normal post. The disc contained important information but was only protected by a basic password, which the company admitted, could be broken in a matter of minutes. The disc did not arrive.
It is not known how many of the security details given away at Liverpool Street Station were genuine and how many were simply wrong, but working on the 70:30 principle a good number were genuine. It is fortunate that details obtained were not used for any unauthorised use.... but they could have been.
Vigilance is required to ensure security of all our systems
Labels: information security management, ISO27001
Posted: Monday, 2 June 2008
Corporate Manslaughter Act 2007 and BS OHSAS 18001
This Act of Parliament brings into law an offence of Corporate Manslaughter where a Company, Partnership or Owner can be found guilty of causing death by gross negligence. Previously it was necessary to prove that someone within a Company, Partnership or Owner was guilty of gross negligence.
Far from bringing relief to Company Director, Managing Partners and Owners, this could be a double edged sword as the organisation can be prosecuted as well as the Senior individual and Health and Safety Officer.
Here is part of the Act which gives guidelines for Jurors to consider when trying a case brought under the Corporate Manslaughter Act:
(1)(a) it is established that an organisation owed a relevant duty of care to a person, and
(b) it falls to the jury to decide whether there was a gross breach of that duty.
(2) The jury must consider whether the evidence shows that the organisation failed to comply with any health and safety legislation that relates to the alleged breach, and if so:
(a) how serious that failure was;
(b) how much of a risk of death it posed.
(3) The jury may also:
(a) consider the extent to which the evidence shows that there were attitudes, policies, systems or accepted practices within the organisation that were likely to have encouraged any such failure as is mentioned in subsection (2), or to have produced tolerance of it;
(b) have regard to any health and safety guidance that relates to the alleged breach.
(4) This section does not prevent the jury from having regard to any other matters they consider relevant.
(5) In this section "health and safety guidance" means any code, guidance, manual or similar publication that is concerned with health and safety matters and is made or issued (under a statutory provision or otherwise) by an authority responsible for the enforcement of any health and safety legislation.
Clearly under "any other matters that the Jury considers relevant" could include a defence that the organisation had 'taken all reasonable steps'; this could include a good Health & Safety Management System.
If this system complies with BS OHSAS 18001:2007 and is assessed and accepted by an accredited certification body then this defence is valid and should result in the jury finding that the accident was exactly that, 'an accident'.
The costs of incorporating 18001 and then having it formally assessed can be fully justified as an insurance against conviction against Corporate Manslaughter. It will also allow Directors, Managing Partners and Owners to sleep soundly in their beds, knowing that they have done everything possible to avoid death or injury in their enterprise.
Far from bringing relief to Company Director, Managing Partners and Owners, this could be a double edged sword as the organisation can be prosecuted as well as the Senior individual and Health and Safety Officer.
Here is part of the Act which gives guidelines for Jurors to consider when trying a case brought under the Corporate Manslaughter Act:
(1)(a) it is established that an organisation owed a relevant duty of care to a person, and
(b) it falls to the jury to decide whether there was a gross breach of that duty.
(2) The jury must consider whether the evidence shows that the organisation failed to comply with any health and safety legislation that relates to the alleged breach, and if so:
(a) how serious that failure was;
(b) how much of a risk of death it posed.
(3) The jury may also:
(a) consider the extent to which the evidence shows that there were attitudes, policies, systems or accepted practices within the organisation that were likely to have encouraged any such failure as is mentioned in subsection (2), or to have produced tolerance of it;
(b) have regard to any health and safety guidance that relates to the alleged breach.
(4) This section does not prevent the jury from having regard to any other matters they consider relevant.
(5) In this section "health and safety guidance" means any code, guidance, manual or similar publication that is concerned with health and safety matters and is made or issued (under a statutory provision or otherwise) by an authority responsible for the enforcement of any health and safety legislation.
Clearly under "any other matters that the Jury considers relevant" could include a defence that the organisation had 'taken all reasonable steps'; this could include a good Health & Safety Management System.
If this system complies with BS OHSAS 18001:2007 and is assessed and accepted by an accredited certification body then this defence is valid and should result in the jury finding that the accident was exactly that, 'an accident'.
The costs of incorporating 18001 and then having it formally assessed can be fully justified as an insurance against conviction against Corporate Manslaughter. It will also allow Directors, Managing Partners and Owners to sleep soundly in their beds, knowing that they have done everything possible to avoid death or injury in their enterprise.
Labels: BS OHSAS 18001:2007, corporate manslaughter, health and safety
Posted: Tuesday, 20 May 2008
0 Comments:
Post a Comment