ISO 17799 Information Aggregator

How to Kickstart Improvement in Service

Posted: June 20th, 2010 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , , , , , , | No Comments »

A lot of the business our organisation manages is concentrated on the product generation aspects of our clients business. For a manufacturer this means the shop floor procedures where parts are put together in a sequence to build a saleable product. When we talk to a potential client concerning improvement programs or processes the client instantly assumes we are talking of improvement within the manufacturing area, and that improvement – we are told – needs to be centred on workforce concerns, which are centred on pay and benefits!

This is in no sense an overstatement of the way company managers view their employees.

While improvements are clearly possible inside such an environment, it’s also true that a significant percentage of the staff isn’t directly involved with producing saleable products, but with administrative service support. These employees are frequently seen in a different light to the manufacturing group, and it is apparent to us that any improvement process that bypasses administrative functions also misses the opportunity to achieve significant efficiency savings for the employer. However, an improvement program has to capture the imagination of the participants, while providing a mechanism for individuals and work groups to participate and be successful. It is also necessary for managers to encourage individual contributions and contribute their managerial ‘weight’ to the achievement of any improvement. All of this while not seeking to highjack the credit for any performance gain.

While considering the differences of work pattern and culture that is the norm for the administrative and support functions in these businesses, the similarity of work to staff working in service industries became apparent, where much of the activity is clerical and administrative. Whatever solution could be found to enable us to engage with these people would probably work regardless of the nature of the business. We were clear in our minds that long term improvement programs typical of manufacturing facilities would not be appropriate for administrative functions.

For many years we were attracted by the pragmatic teachings of the late Philip Crosby, author of Quality is Free and many similar books. The program defined in that book has been adapted world-wide to the benefit of countless organisations and individuals. Less well know within the same tome is a program he chose to call ‘Make Certain.’ With some effort we adapted Make Certain to a 21st century European culture and sought an opportunity to trial the outcome.

A current client allowed us the opportunity to show its worth within an administrative workforce of 120 staff. Working with groups of around 20 individuals, each with a mixture of skills and department affiliation, we spent time explaining the process and encouraging their involvement and contribution to improve both overall and specific efficiencies and effectiveness. We too learned from this experience and were able to develop the program further.

For our client’s organisation the trial run was a success because for possibly the first time each person understood the nature of their own individual work process, and how this related to – and effected, all of the surrounding processes. This understanding led to a desire to improve, and because local managers and supervisors were participants measurable performance improvements were achived. This initial trial of the ‘Make Certain’ program was a phenomenal success. An estimated 10% increase in efficiency, as measured by the ‘work units’ produced by the staff involved, only 9 months from program implementation.

The up-front cost to the organisation – for training – was equivalent to a loss of 360 hours employed time – probably somewhat less working time! This along with a support expense estimated to be around 20 man-days of management time.

Overall it cost the organisation 65 days of lost time to achieve a saving in the first year of 2700 hours ( 10% of 27000 hours, based on 120 staff and 230 working days per year.) What to do with 10% additional work capacity is a problem that would delight any business manager.

The entire process was initiated with minimum investment, employed no high profile specialists or techniques, and succeeded because the participants had the freedom to believe in themselves and test their own solutions.

Truly, as Phil Crosby said, Quality is Free.

Retrieved from “http://www.articlesbase.com/business-articles/how-to-kickstart-improvement-in-service-898099.html”

Excerpt from: How to Kickstart Improvement in Service

Become Confident in Your ISO 27001 Practices

Posted: June 17th, 2010 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , , , , , | No Comments »

Managers who claim that their organizations comply with ISO/IEC 27001:2005 but that they see no need to go through the bureaucracy of getting the ‘badge on the wall’ are only deceiving themselves. The reality, I suspect, is that the vast majority of organizations that won’t submit their Information Security Management Systems (ISMS) to an external audit against ISO 27001, fear that, when it comes to the push, their systems would fail the test.

Survey after survey tells a depressingly familiar information insecurity story. Most recently, the 10th annual CSI/FBI survey revealed that, amongst the security-conscious, information security control-focused members of the CSI, computer crime continued to have a significant financial impact. The average incident last year cost $204,000, and the top two security breaches were through virus attacks and unauthorized access – both of which are comprehensively controlled through the controls and management systems mandated by ISO 27001.

ISO27001 Effectively Manages Data Security

This evidence, combined with the findings of a recent survey carried out amongst UK-based organizations that ISO27001, suggests – somewhat contradictorily – that securing information is rarely the primary driver for achieving certification. The top reason was commercial advantage, summed up by one respondent who said that a certificate ‘gives customers confidence that our data security is well managed and certified by an independent source.’

And it’s that certification ‘by an independent source’ which is the real benefit of pursuing ISO 27001 in the first place. US regulators implicitly recognized the importance of external validation for information security effectiveness when they observed that: ‘the best way to strengthen US information security is to treat it as a corporate governance issue that requires the attention of boards and CEOs.’

Achieve High Security Standards through ISO 27001

There are sectors in which the ‘badge on the wall’ debate is already history, and in which certification is now becoming a basic business requirement. UK cheque printers, for instance, are required to comply with a sectoral version of ISO27001 and suppliers to the NHS are expected to be on track for certification (there is now a health sector version of ISO17799) – even if the NHS itself still has some way to go. Business Process Outsourcing companies are finding it much simpler to provide a copy of their ISO 27001 certificate in their tender documentation than to answer detailed information security questionnaires.

Some of this might be expected: BS7799 was, after all, a British Standard, and the UK government’s Cabinet Office has, for several years now, driven take-up across the UK public sector. And as more and more local authorities and public-sector organizations become certified, so the pressure for their private-sector suppliers to achieve the standard will increase – and today’s early adopters are clearly stealing a march on their competitors.

Achieve Your Certificate in ISO 27001

Internationalised as http://www.27001.com“>ISO 27001, information security certification can also be a short cut to best-practice compliance with a wide range of data compliance and regulatory requirements, ranging from Data Protection Acts across the EU, privacy and breach legislation across the OECD, and specific legislation such as GLBA, HIPAA and Sarbanes Oxley. Determined outsourced suppliers are increasingly insisting that their certificate be taken into account when preparing for and costing their annual SAS 70 audit, with consequently substantial reductions in both the cost of, and disruption caused by, the audit.

Are organizations beginning to recognize that, in fact, it is the badge on the wall that counts? Yes, as evidenced by the increasing number of badges. It took about seven years (to December 1994) for the first 1,000 certificates to be achieved, but less than two and half years later there are more than 3,500 successes. And certification has a ripple effect: every organization that achieves ISO 27001 will expect its key suppliers to meet the standard. And this means that anyone who thinks the badge doesn’t count will have nowhere to hide when the CEO comes asking why your competitors have stolen your lunch.

Alan Calder is an international authority on IT Governance and information security management. He led the world’s first successful implementation of BS 7799, the information security management standard upon which ISO 27001 is based, and wrote the definitive compliance guide for this standard, ‘IT Governance: A Manager’s Guide to Data Security and BS7799/ISO17799′. The 3rd edition of this book is the basis for the UK Open University’s postgraduate course on Information Security. He has just written, for BSI, a management guide on integrating ISO 27001 and ISO 20000 Management Systems, drawing heavily on ITIL best practice. He is a consultant to companies around the world, including Cisco.

Article Source:

http://EzineArticles.com/?expert=Alan_Calder

Read more here: Become Confident in Your ISO 27001 Practices