What is ISO 27001 ISMS?

Performance Improvement Solutions for Your Business Needs October 2010

In this issue

  • What is ISO 27001 ISMS?
  • TL 9000 Delivers Better Quality Products
  • World Quality Day Nov 11, 2010
  • In The News
  • Training Courses
  • Greetings!

    Welcome to Sustaining Edge Solutions Performance Improvement

    Our newsletters provide guidance on
    operational and quality systems ISO 9001, AS9100,
    ISO/TS 16949, ISO 27001, ISO 13485, ISO 14001, and
    This includes internal auditing techniques and
    process improvement methods Lean Enterprise, Six
    Sigma, and other topics of interest
    to our readers.

    you have a topic of interest for a future newsletter,
    please let us know.

    Newsletter Sign-up

    What is ISO 27001 ISMS?

    Unprotected systems are vulnerable to all kinds of threats, such as computer-assisted fraud, sabotage and viruses. These threats can be internal or external, and both accidental or malicious. Breaches in information security can allow vital information to be accessed, stolen, corrupted or lost. How confident are you that your company has the appropriate controls and procedures in place to avoid such incidents?

    ISO 27001 Information Security Management System (ISMS) is a standard for the management of Information Security. It is applicable to all sectors of industry and commerce and is not confined to information just held on computers or servers. It addresses the security of information. The information may be printed or written on paper, stored electronically, transmitted by email, shown or spoken in conversation. Whatever form the information takes, or means by which it is shared or stored, ISO 27001 helps an organization ensure it is always appropriately protected.

    Information security can be characterized as the preservation of:

    • Confidentiality – ensuring that access to information is appropriately authorized
    • Integrity – safeguarding the accuracy and completeness of information and processing methods
    • Availability – ensuring that authorized users have access to information when they need it.

    Information is now globally accepted as being a vital asset for most organizations and businesses. As such, the confidentiality, integrity, and availability of vital corporate and customer information is essential to maintain competitive edge, cash-flow, profitability, legal compliance and commercial image.

    ISO 27001 contains a number of control objectives and controls. These include:

    • Security policy
    • Organizational security
    • Asset classification and control
    • Personnel security
    • Physical and environmental security
    • Communications and operations management
    • Access control
    • System development and maintenance
    • Business continuity management
    • Compliance

    Developing an ISMS that satisfies the requirements of ISO 27001 involves three major steps:

    (1). A management framework for information. This sets the direction, aims, and objectives of information security and defines a policy which has management commitment.
    (2). Identification and assessment of security risks. Security requirements are identified by a methodical assessment of security risks. The results of this assessment will help guide and determine the appropriate management action and priorities for managing information security risks.
    (3). Selection and implementation of controls. Once security requirements have been identified, controls should be selected and implemented. The controls need to ensure that risks are reduced to an acceptable level and meet an organization’s specific security objectives. Controls can be in the form of policies, practices, procedures, organizational structures and software functions.

    Documented benefits of an ISO 27001 ISMS include:

    • Provides policies & procedures in accordance with internationally recognized criteria, structure and methodology.
    • Demonstrates the independent assurance of your internal controls and meets corporate governance and business continuity requirements.
    • Provides a competitive edge by meeting contractual requirements and demonstrating to your customers that the security of their information is paramount.
    • Increased security delivers lower costs: fraud, inefficiency and errors reduced.

    Contact Us for more detailed information on 27001 ISMS and for all your ISMS training, documentation development, and internal auditing needs.

    TL 9000 Delivers Better Quality Products

    Cust Sat

    QuEST Forum unveiled its second report in a series on the state of the communications technologies industry quality at the 2010 Americas Best Practices Conference, Sept. 21-22 in Atlanta. The study, which covered a two-year period from 2008 to 2009, utilized TL 9000 sustained performance data and focused on the “number of problem reports” (NPR) and “fix response time” (FRT) for the “switching” product family.

    The TL 9000 QMS has provided this environment and as shown by the data presented in this study, certified
    companies that have adopted and are using the
    TL 9000 Measurements and Performance Data
    Reports have demonstrated improvement.

    There was significant improvement across the product family in reducing the number of critical and major problem reports over the two-year period. The number of critical problem reports decreased by more than 33 percent, and the industry average for the number of major problem reports improved by just over 32 percent.

    This report was compiled using the data from
    certified TL 9000 companies. While the team
    surmises that the overall industry has improved,
    the data only substantiates that the companies
    using the TL 9000 QMS improved. Regardless,
    being able to provide objective evidence of
    substantive quality improvement during a period
    where suppliers were forced to aggressively
    reduce their costs underscores the value of
    TL 9000. As customers become more aware of
    the improvements driven by TL 9000, it is expected
    that they will seek to purchase products and
    services only from TL 9000 certified organizations.

    The best-in-class trend for the number of critical problem reports shows that the top performers continued to improve. Three of the six reporting product categories displayed perfect performance or zero critical problem reports reported throughout the two-year period.

    Click here to obtain a complete PDF copy of the report and contact us for your TL9000 needs.

    World Quality Day Nov 11, 2010

    In a global economy where success depends on quality, innovation, and sustainability, World Quality Day on Nov. 11 offers an ideal opportunity to focus on the importance of quality and reinforce these concepts as the foundations of your business. Organizations from all over the world will be holding activities as part of World Quality Day, which was introduced by the United Nations in 1990 to increase worldwide awareness of the important contribution that quality makes toward a nation’s and an organization’s growth and prosperity.

    This year’s theme, “Out of the Crisis,” will focus on what a fit organization looks like and the role that quality management professionals play in facilitating fitness, from aligning the organization’s processes to its strategic goals, to ensuring that the organization and its people consistently understand and can deliver on stakeholder needs, to helping the organization look at processes, and prioritize and deliver improvement.

    Organizations that will come out of the crisis are those that focus on current and potential customers, and have the flexibility to innovate and change to meet their requirements. They are determined to look at the ways they can improve their business processes to maximize use of resources, increase efficiency, and reduce redundancy and waste.

    For quality to become an important focus of business, it must be valued by the whole organization. Make employees aware of what quality means to your organization and show them how they can contribute!

    For more information, visit CQI’s World Quality Day web page.

    In The News

    Sustaining Edge Solutions is a proud Sponsor and Exhibitor of the 2010 Southern California Quality Conference, October 23, 2010 at Cal Poly University, Pomona CA. Conference theme is “Current State of Quality in American Industry.” The Keynote speaker is David Spong, President of the American Society of Quality and sits on the Board of the Baldrige Foundation. See the Conference Website for more detail and program plan. See you there!

    Manufacturing Technology Consumption Up 58.9% in 2010. U.S. manufacturing technology consumption totaled $266.08 million, according to the American Machine Tool Distributors’ Association (AMTDA) and The Association for Manufacturing Technology (AMT). This total, as reported by companies participating in the USMTC program, was up 10.1 percent from June and up 72.6 percent from the total of $154.13 million reported for July 2009. With a year-to-date total of $1.4 billion, 2010 is up 58.9 percent compared with 2009. U.S. manufacturing technology consumption is also reported on a regional basis for five geographic breakdowns of the United States. For more information see the AMT website.

    22nd Annual National Forum on Quality Improvement in Health Care. The National Forum on Quality Improvement in Health Care, Dec. 5-8, at the World Center Marriott in Orlando, Florida, is the premier “meeting place” for people committed to the mission of providing safe, effective patient care at a reasonable cost. This annual event draws approximately 5,500 health care leaders from around the world in person and thousands more via satellite broadcast. There are more than 200 sessions offered at the National Forum. See the National Forum brochure in PDF for complete conference information.

    Training Courses


    To see the course description, schedule, and
    registration click on the course title below. We do provide onsite and custom training.

    View all our Courses

    View Our Web Based E-Training Courses

    Understanding and Implementing

    9001:2008 Process Based Internal Auditor

    Documenting Your Quality Management System

    Understanding and Implementing AS9100C:2009

    AS9100C:2009 Process Based Internal Auditor-

    Documenting Your Quality Management System

    Understanding and Implementing
    ISO/TS16949:2009 Automotive

    ISO/TS16949:2009 Process Based Internal

    Documenting Your Quality Management System

    Understanding and Implementing
    ISO14001:2004 Environmental

    ISO14001:2004 Process Based Internal Auditor

    The Five Pillars of a Lean Workplace

    Continuous Process

    Lean Six Sigma
    8 Disciplines (8D) of
    Problem Solving

    Understanding and Implementing ISO 13485:2003
    Medical Devices

    13485 Process Based Internal Auditor

    Understanding and Implementing ISO 27001:2005
    Information Security

    27001 Process Based Internal Auditor

    All courses can be delivered at your company.
    see a course, location, or date that fits
    your needs?

    Contact Us

    Quick Links

    888-572-9642 Toll Free

    Leave a Reply