ISO 27001: The Secure Standard for Implementing & Auditing Your ISMS

iso 27001 2013

The year is 2025. Over 465 exabytes of new data is generated each day. The global cybersecurity market is worth $241 billion. Your managed services provider is still using a process document dated March 2019, and you’re starting to regret not having gone with that ISO 27001 certified provider.

Hell, at this point you’re starting to think even an in-house ISMS (Information Security Management System) implementation would have been a better option.

But I’m getting ahead of myself; let’s return to the present. Is ISO 27001 all it’s cracked up to be? Whatever your stance on ISO, it’s undeniable that many companies see ISO 27001 as a badge of prestige, and using ISO 27001 to implement (and potentially certify) your ISMS may well be a good business decision for you.

In this article, we’ll take a look at the foremost standard for information security management – ISO 27001:2013, and investigate some best practices for implementing and auditing your own ISMS.

Here is a summary of what we’ll cover in this Process Street article:

If you just want the free checklist for implementing and auditing your ISMS, you can grab that here. Otherwise, read on!
Continue Reading

ISO: Everything You Need to Know (Ultimate Guide + Free Templates)

isoISO means standards. A standard is just a set of requirements, decided by experts, for doing something specific.

A lot of standards exist under the banner of ISO, for all sorts of things, from quality management, to environmental and social responsibility guidelines, to how to design medical devices.

They’re useful because they help you to write good processes; how to structure, organize, implement, and improve on them.

At the heart of ISO is the principle of systematizing your approach to process management in your company – simple as that! You might be scared of ISO, but there’s really no need to be intimidated. What’s more, recent changes have made it easier than ever to get started with ISO standards.

In this Process Street article, we’ll look at everything ISO, including (but not limited to):

Let’s start with the basics. What exactly is ISO?
Continue Reading

ISO 9001: The Ultimate QMS Guide (Basics, Implementation, ISO Templates)

Consumer Reports publishes an annual reliability survey, which includes data on over 470,000 cars.

In this report, owners of Tesla’s Model 3 experienced a number of problems, including chassis hardware, paint and trim related faults, indicative of a build quality that fell far shorter than expected standards set across the automotive industry. The Model 3 represents Tesla’s first real attempt at a mass-market electric vehicle, and the issues surrounding its launch created much frustration and controversy among electric vehicle enthusiasts.

This lack of quality assurance has lost at least one major $5 million order of Model 3 vehicles from a rental company, in relation to problems with the service and performance of previously purchased vehicles.

In an email, NextMove wrote:

“Tesla Model 3 vehicles, which NextMove was supposed to take over after payment and only a short examination, sometimes had serious defects: defective tires, paint and body damages, defective charge controllers, wrong wiring harnesses or missing emergency call buttons. Such quality defects would have endangered the safety of the customers and the profitability of NextMove.”

Stefan Moeller, Managing Director of NextMove, went on to say:

“We had to insist on compliance with general quality standards and processes in order to protect our renters and our business model.”

Why did Tesla have so many problems? Crucially, Tesla made the decision to deliver the product to market and sort out the issues later.

Basically, they didn’t have a strong enough system for managing quality.

We call these Quality Management Systems (QMS) – and they work.

The rest of the auto-industry follows a specific quality management system structure. It’s called ISO/TS 16949:2009 and it’s a variant of ISO 9001.

People follow quality management systems for various reasons; they improve quality first and foremost. But they also have a positive impact on the bottom line.

The return on investment (ROI) of a quality management system is typically impressive:

As a guide, a recent study undertaken through the American Society for Quality (ASQ) showed that for every $1 spent on your QMS, you could expect to see an additional $6 in revenue, a $16 reduction in costs, and a $3 increase in profits. On average, they saw that quality management reduced costs by 4.8% – ASQ

In this Process Street article, we’ll be looking at how ISO 9001 can be used to assure quality control across all types of organizations, with benefits like improved company performance, higher demand for products, and a competitive advantage towards increasing market share.

What we’ll cover:

For the uninitiated, what is ISO 9001, as simply as possible?
Continue Reading

What is ISO 9000? The Beginner’s Guide to Quality Management System Standards (Free ISO 9001 QMS Template)

What is ISO 9000? The Beginner's Guide to Quality Management System Standards (Free ISO 9001 QMS Template)

In 2018, Apple rolled out their brand new iPad Pro; top-of-the-line, cutting-edge, very slightly bent- wait, slightly bent?

Customers on social media and several on the MacRumors forums have discovered their iPad Pros exhibited this slight bend straight out of the box.

Of course, Apple’s response was that this was completely normal, and absolutely not a defect.

Despite the publicity Apple gives its “ultra precise” quality manufacturing process, more and more issues like these are appearing. The bendy iPad Pro is looking less like an exception, and more like an increasingly problematic trend.

Here’s a comprehensive quality breakdown (quite literally) of the iPad Pro in question:

It’s interesting to note that while Apple is bragging about premium materials such as the sapphire camera lens cover, tests like the scratch durability test done in the video above pose glaring questions to Apple’s quality standards.

Other quality management blunders from Apple’s recent track record include:

  • iPhone X: Major factory defect on phone screen making it unresponsive to touch;
  • iPhone XS/XS Max: A repeat of antennagate, except this one might be un-fixable with software;
  • Apple Watch: Batteries will swell and crack or detach the screen.
  • iPad Pro 2017: An older iPad model sold until November 2018 reportedly develops strange screen glitches;
  • MacBook Pro: Users have reported and Apple has admitted to serious defects (resulting in data loss and failure) with the solid-state drives inside 13-inch models, as well as severe performance issues with i9 CPUs and sound distortion at low volume;
  • Macbook/Macbook Pro: Defective keyboards in models from 2015 to 2017.
  • That’s a lot of issues for a company that continues to charge top dollar, push prices up, and boast a reputation as a pioneer in quality assurance.

    Obviously, and for whatever reason, there is a problem somewhere in Apple’s quality management process.

    Quality control and management is important to ensure the customer gets the value they deserve, and quality management standards like those defined by the ISO 9000 family exist to make quality management work better.

    Although Apple has received certification for ISO 27001 (an information security management standard), it doesn’t appear that they have any ISO 9000 certification for quality management. Who knows, if they had, perhaps they wouldn’t have so many QC issues?

    In this article, I’ll be looking at the ISO 9000 family of quality management standards, breaking down the basics and giving you a few free checklist templates to get you started with your own quality management system.

    Here’s exactly what I’ll be covering:

    Continue Reading

    ISO 50001: The Ultimate Guide to Energy Management Systems (EnMS)

    What is ISO 50001 the ultimate guide to energy management systems (EnMS)

    If there was a list of the “Top Ten Problems” facing humanity in the next few decades, what do you think would be at the top?

    Well, it turns out Richard E. Smalley made such a list in 2003, and placed predictions about a looming global energy crisis at the top.

    His prediction focused on the problem of the amount of energy being consumed, against the amount of energy being produced (as well as available sources of energy production) alongside the projected boom of human population to around 8-10 billion by 2050.

    In recent years, there has been a resurgence of attention placed on the topic of energy efficiency and the relationship between energy consumption and climate change.

    It is an undeniable fact that our global climate is rising in temperature. The science is there to prove it; the United Nations Intergovernmental Panel on Climate Change (IPCC) and many other international organizations have acknowledged that recent years have been the hottest since records began.

    As a result, intense weather like heat waves, hurricanes, heavy rains, tropical storms, and rising sea levels all becoming more and more commonplace.

    Despite the rising tide of climate crisis, the demand for energy supply is at an all-time high. The global economy is insatiable in its demand for energy to sustain economic growth and development.

    How should organizations prepare themselves for the inevitable challenge of sustainable adaptation, and for ensuring they have the tools in place to facilitate the systematic energy management approach that will be the core of efforts to improve energy efficiency in the future.

    “Energy efficiency is the most promising means to reduce greenhouse gases in the short term,” – Yvo de Boer, Former Executive Secretary of the United Nations Framework Convention on Climate Change (UNFCCC).

    A systems-scale approach is necessary if organizations want to seriously engage with difficult problems facing sustainable business and adapt for the future of energy management.

    ISO 50001 is a standard designed to help organizations establish efficient and effective energy management systems (EnMS) and improve energy performance.

    Based on the principles of continuous improvement and popularized by the ISO 9001 and ISO 14001 management system standards, by implementing these standards companies stand to reduce energy efficiency costs, lower carbon dioxide emissions and prioritize the preservation and sustainable engagement with the environments in which they operate.

    This article will provide an introduction to the ISO 50001 standard, with a simple explanation and tips for getting started with an implementation of your own using Process Street.

    Thankfully, recent changes have made it easier than ever to implement ISO 50001 (and any ISO management system standard), so that will be a big focus of this article.

    Here’s a breakdown of what I’ll be covering here:

    Continue Reading

    ISO 19011:2018 Basics (8 Free Management System Audit Checklists)

    internal audit

    What exactly is an “audit“?

    The International Organization for Standardization defines it as:

    “[the] systematic, independent and documented process for obtaining objective evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled.” – ISO, from ISO 19011:2018 – Guidelines for Auditing Management Systems

    That’s another way of saying someone takes a look at what you’re doing, gathers some evidence, and compares that evidence to what you’re supposed to be doing (in other words, a set of clearly documented requirements).

    In the case of ISO, these requirements are known as standards. ISO 9001 is a standard. ISO 14001 is a standard.

    Importantly, this understanding of audit implies that there are a few main things being considered by the auditor:

    • What’s documented by the company (e.g. internal processes, policies, and SOPs)
    • Evidence gathered to support how these policies, procedures, and SOPs are implemented in practice
    • The requirements defined by the ISO standard being audited against (e.g. ISO 9001)

    Audits performed by companies to assess and analyze their own management systems are known as internal audits. Many resources for guiding companies on how to perform internal audits exist, and foremost of these is the ISO 19011 standard.

    For most management system standards, internal audits are an important requirement. Even guideline standards like ISO 26000 for social responsibility depend on reports to evidence the success of their implementations.

    As such, ISO 19011 defines a set of guidelines; a framework for companies to plan, implement, and improve upon their audit programs, for auditing the implementation of management systems.

    Since the first edition of ISO 19011 was published in 2002, many new management system standards have been published.

    These standards often share a common structure, including certain requirements, terms, and definitions being used. That means ISO 19011 can be used to devise highly economic audit programs, wherein knowledge and processes can be shared and applied across various management systems.

    By considering how they might take a broader approach to management system auditing and integration, companies implementing ISO management systems stand to save time, money, and confusion when preparing for and implementing internal audits.

    The goal of this post is to provide a spring-board for understanding ISO 19011, and how to get started with internal ISO auditing. In this post, I’ll cover:

    • What is ISO 19011
    • 7 principles of ISO auditing
    • Different types of ISO audit
    • Key elements of an ISO audit
    • 8 free ISO audit templates

    If you just want the free ISO audit templates, then here they are:

    Continue Reading

    ISO 13485: Basics and How to Get Started (QMS for Medical Devices)

    iso 13485 checklist

    In today’s business world, owners are constantly grappling with concerns and surmounting obstacles, the least of which is actually staying afloat financially in what can be an unforgiving economy.

    However, the struggle to turn a profit pales in comparison to some of the harsher consequences of failing to comply with certain regulatory requirements.

    Take HRIS broker Zenefits for example. Failure to comply with several licencing regulations issued by the California Department of Insurance landed them a $7million fine.

    That’s just the tip of the iceberg; more severe penalties extend to include government bodies compelling you to dissolve your company, and ultimately the endangerment of the lives and well-being of individuals your organization is servicing.

    “On a global scale, we are all being asked to do more with less—and for less. At some point soon, the current internal systems will not be able to hold back the deluge, and companies will be faced with a stark decision—consistently improve or perish” – Erik Myhrberg and Joseph Raciti, Practical Field Guide for ISO 13485

    Often, these kinds of requirements take the form of the ISO 13485 standard for medical device manufacturers.

    In this article, I’ll break down the ISO 13485 standard, from a basic introduction to suggestions and resources for implementing it in your business or organization.

    Continue Reading

    Get a free Process Street account
    and take control of your workflows today.

    No Credit Card Required