15th December, 2016 | by Tom Barham
ISO 27001 helps organisations to keep secure both their information assets and those of their customers.
Organisations of all types and sizes collect, process, store and transmit information in many forms. This information is valuable to an organisation’s business and operations.
14th December, 2016 | by Andrew Barham
We’ve just developed and run our first Performance Auditing course designed specifically for businesses and people who want to get more out of their audits and auditing. This course is for those of you who want to go beyond the ‘tick and flick’ approach and writing the same report each time. It is for those who want to drive real change within their organisation.
5th December, 2016 | by Andrew Barham
Emergency testing is a criteria for a number of the standards. Being prepared is crucial for both businesses and employees to ensure the best response is taken in the event of an emergency. This article goes beyond the standard fire drill when talking about emergency preparedness.
16th November, 2016 | by Andrew Barham
There is increasing focus and interest in information security. Just think of recent events here in Australia… the census crashing because of overseas hackers; the almost continual reporting of people’s private information being compromised; phone hacking by unscrupulous news reporters desperate for the latest big story; and of course, people posting information they shouldn’t on social media.
Whilst all these major stories are centred around the failure of some aspect of information technology, ISO 27001 (the International Standard for information security management systems) does include many requirements for non-IT security of information… and that is what we are going to talk about here.
What can you do to keep your information secure that does not involve the IT department? We’ve picked nine specific ISO 27001- Information Security controls which are listed specifically in Annex A and have been directly derived from, and align with, ISO 27002. We also briefly explain what each means.
7th November, 2016 | by Andrew Barham
Recently I had a lovely email from a past student saying that she missed our blogs. We have been a little slack and I must admit that we haven’t published one for about three months! Sorry.
Well I rang her and asked if she had any topics in particular that she would like us to write about. A little later I received an email offering two topics which had come about from findings by her employer’s external certification auditor. These were:
- Being proactive in preventative action
- Emergency Preparedness & Response (going beyond a fire drill).
I’m going to address the first topic in this post and I’ll talk about the other in ‘Emergency testing- It’s more than just a fire drill’
25th October, 2016 | by Andrew Barham
It’s almost a year since ISO 14001 was updated to the 2015 version, so most systems should now be well on the way to addressing the changed requirements.
Just to make sure that you haven’t missed any of the key points, we have put together 6 of the big ticket items we believe auditors will be focusing on – all from the first half of 14001!
27th July, 2016 | by The Auditor
16th May, 2016 | by Tom Barham
Here at PwC’s Auditor Training & Certification, we train a lot of people who want to become auditors.
Because we like a bit of data analysis, we thought we’d crunch some numbers to see who it is that wants to become an auditor.
The results aren’t too surprising, but they do help to confirm a few things that most of us were probably thinking.
4th May, 2016 | by Andrew Barham
In Australia and New Zealand, we have had AS/NZS 4801 since 2001, and in the world of management system standards that is quite a long time. Whilst the British did come up with OHSMS 18001 in 1999, last reviewed in 2007, this has been treated as a more international standard than 4801 however, it is still not an ISO standard. But the wait is nearly over – ISO 45001 is on its way. But it asks the question – what is different in ISO 45001?
6th April, 2016 | by Andrew Barham
Verification and validation are two terms that we often see within management system standards, such as in the design and development section of ISO 9001, however the two are often confused. Both are used as part of the process of checking, verification ensures that the subject meets its requirements or specifications, while validation checks that it is fit for purpose. In the simplest terms, verification could be expressed as ‘are we building it right?’, whereas validation is ‘did we build the right thing?’