dialog background

Understand ISO Management System Standards and the role of IT in compliance

Posted July 24, 2017
Quote

An effective compliance strategy encompassing people, processes & technology is vital for modern organisations. Understand the compliance codes & discover how Bremmar can help you achieve compliance.

By Rushad Billimoria, Information Systems Manager: Not-for-Profits and Aged Care

In a previous blog, we discussed the basic IT and Data Compliance responsibilities organisations have. Now, let’s dig a little deeper into the ISO codes.

What are ISO Management System Standards (MSS)?

The International Standards Organization (ISO) is the world’s largest developer of standards, with membership spanning Europe, Asia and the Americas.

ISO Management System Standards (MSS) were developed by ISO experts in the fields of international management, leadership strategy, and efficient practices. These standards enhance business performance by defining procedures that can be followed by any organisation to achieve key objectives and foster a culture of continuous improvement. An effective management system leads to a more efficient use of resources, a stronger financial performance, an improved risk management, and an increased ability to deliver exceptional products and services.

MSS defines the methods by which an enterprise controls the interconnected parts of its organisation, in order to drive productivity, improve workplace health and safety, and achieve various other objectives. For small businesses, this may simply mean having a clear direction and strong leadership, but larger and more complex organisations may require extensive processes and documentation to meet their legal obligations and business goals.

Audits are an integral component of the MSS approach, as they enable businesses to verify that objectives are being achieved and standards are being adhered to. To facilitate the audit process, ISO 19011:2011 offers detailed guidance on external and internal MSS audits.

ISO9000 – Quality Management

Some of ISO’s most famous standards are included in the ISO 9000 family, which deals with quality management and provides guidance for businesses that wish to continually improve their products and ensure they exceed customer expectations. There are more than one million global organisations with ISO 9001 certification.

“This standard is based on a number of quality management principles including a strong customer focus, the motivation and implication of top management, the process approach and continual improvement[…] Using ISO 9001:2015 helps ensure that customers get consistent, good quality products and services, which in turn brings many business benefits.” – International Standards Organization.

In accordance with ISO9001 Quality Management Systems, Bremmar offers the following services to help your business deliver a consistently high quality of service:

Document Control

The Bremmar Managed Service includes creation and upkeep of the following client specific process documentation:

  • New user account creation
  • File level access permission change
  • Application access permission change
  • Backup restore test – email and file
  • New device implementation (Windows PC, Windows laptop, iPad)
  • Network security scan and review
  • New site implementation process

ISO/IEC 27000

The ISO/IEC 27000 family of standards help business to secure and protect data such as employee details, financial records, intellectual property, and customer information. There are over a dozen standards in the 27000 family, with the most well-known being 27001. This standard defines the requirements for an Information Security Management System (ISMS), which is a strategy for controlling sensitive business data.

ISO 27001 can be used to track security objectives, ensure that risks are mitigated, comply with regulations and provide relevant IT security information to customers and business partners. Compliance incorporates activities such as data retention (storing files for a specified period of time), high-availability, disaster recovery, revision management, annual process reviews, and task workflows. Any enterprise, government agency, academic institution or non-profit organisation may apply these guidelines to establish a framework for the protection of their digital assets.

In accordance with ISO 27001 – Information Security Management, Bremmar offers the following services to help your organisation stay secure and compliant:

Storage of Records

  • All records are stored in digitally and physically secured server facilities
  • All Cloud Platforms act in a custodian role for client data and records. All data and IP held on the Microsoft Cloud Platform or Bremmar Secure Private Cloud Platform remain the property of clients at all times.
  • Access to Records
  • All systems require either single or two-factor user authentication to access data stored within the platforms
  • All users will be subject to file and application permission level restrictions within the Relevant Solution Components, as dictated by the client’s Information Systems Security Matrix.

Record and Information Retention

  • All information held in “at rest” storage and backups cater for the retention timeframes, as required under the compliance guidelines specified within ISO 27001 standards.

To learn more about how Bremmar can help your business stay on top of its legal and regulatory requirements, contact us today on 1300 991 351 or email help@bremmar.com.au.

By Rushad Billimoria, Information Systems Manager: Not-for-Profits and Aged Care

As a Client Information Systems Manager, I’m the go-to person for Bremmar’s NFP and Aged Care customers.  I help charities, non-profit and Aged Care partners of all sizes transform their digital capabilities and modernise their workplaces, using a targeted and industry-specific approach.

Back to articles

Previous Articles