Presentation is loading. Please wait.

Presentation is loading. Please wait.

Making the Connection ISO Master Class An Overview.

Published byRoberta Owens Modified over 6 years ago

Similar presentations

Presentation on theme: "Making the Connection ISO Master Class An Overview."— Presentation transcript:

1 Making the Connection ISO Master Class An Overview

2 What is ISO? Making the Connection What does ISO stand for?
International Standards Organisation World wide recognised body for standardisation Why is ISO important? International standard recognised by other countries Defined and measured standards on which organisations can be measured and compared Do we need ISO accreditation? Simply put NO we don’t However some sectors require certain standards, e.g. Governments, Financial Services, Insurance What ISO Standards are required? Depends on what type of business we are Key standards are; ISO – Business Continuity ISO 9001 – Quality Management ISO – Information Security ISO – Non-governmental organisation Formed in 1926 and reformed in 1947 164 member countries Over 20,000 standards including manufacturing, technology, food safety, agriculture and healthcare Iso term used for a cd image based on iso 9260

3 ISO 22301 – Business Continuity
Making the Connection What is ISO Business Continuity Management? ‘Specifies the requirements for a management system to protect against, reduce the likelihood of and ensure your business recovers from disruptive incidents’ What does that mean? ’If there is a disruption to the business what do we about it’ Do we need ISO 22301? No we don’t, but it would be good to know what we would do in case of a disruption And, if we are doing that, why shouldn’t we follow good practise Do other organisations look for ISO 22301? Again it depends on the organisation, most will ask for Business Continuity Plan (BCP) Not many ask for ISO accreditation Business Continuity covers three key elements Resilience – ensure critical business functions and supporting infrastructure are designed and engineered to be unaffected by most disruptions Recovery – arrangement are made to recover or restore critical and less critical business functions that may have failed Contingency – establish a general capacity and readiness to cope effectively with major incidents or disasters occur

4 ISO 9001 – Quality Management
Making the Connection What is ISO 9001 – Quality Management System? ‘A management system to continually monitor and manage quality across all operations, outlines ways to achieve and benchmark consistent performance and service’ What does that mean? How do we become a better business, save money, increase profit, win more business and satisfy customers Do we need ISO 9001? No we don’t need it, but we should do it if we’re serious about quality Do other organisations look for ISO 9001? Yes they do, its one of the most widely recognised standards Lots of sectors adopt ISO 9001, including Manufacturing, Government, Pharmaceuticals Over 1 Million companies world wide accredited Most widely recognised standard in the world Covers all areas of a business including; Facilities People Training Services Equipment

5 ISO 27001 – Information Security
Making the Connection What is ISO – Information Security Management System? ‘A management system to identify risks to your important information and put in place appropriate controls to help reduce the risk’ What does that mean? How we manage, process and protect data within our business Do we need ISO 27001? Yes we do, because we are a data processor Do other organisations look for ISO 27001? Yes they do, its another widely recognised standard Lots of sectors adopt ISO 27001, including Financial services, Insurance and Government Information Security Simply the process of keeping information secure Confidentiality Protecting data from being disclosed to unauthorised parties Integrity Protecting information from being changed by unauthorised parties Availability Provision of information to authorised parties only when requested

6 Data Protection What is Data Protection?
Making the Connection What is Data Protection? ‘ There are strict rules called the data protection principles, to make sure information is used fairly and lawfully, use for limited stated purpose, used in a way which is adequate, relevant and not excessive, accurate and kept safe and not transferred outside the EU’ What does that mean? ‘It is the controls put in place on how your personal information is used by an organisation, business or government’ What’s the difference between Data Protection and ISO27001? ISO is about systems, processes and controls in place to handle data Data Protection is about what the data is used for Personal data shall be processed fairly and lawfully Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further process in any manner incompatible with that purpose Personal data shall be adequate, relevant and not excessive Personal data shall be accurate and kept up to date Personal data processed for any purpose shall not be kept for longer than is necessary Personal data shall be processed in accordance with rights of the data subject Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data Personal data shall not be transferred to a country outside the European Economic Area unless it ensures adequate level of protection

7 European Data Protection Regulation
Making the Connection What is the European Data Protection Regulation (EDPR)? ‘It is a pan-European standard set of rules for personal data protection.’ What are the changes from current legislation? Single set of rules, across EU Increased responsibility and accountability for organisations processing personal data Will only have to deal with ‘local’ data protection authority (ICO) People will have easier access to their own data and able to transfer to other organisations A ’right to be forgotten’ Rules apply to any company who handles personal data in the EU When does it come into effect? Beginning of 2018

8 Summary What is ISO? Why do we have International Standards?
Making the Connection What is ISO? Why do we have International Standards? What are the standards for Business Continuity? Quality Management? Information Security? What is EDPR? What are the key ideas? How does it affect me?

Download ppt "Making the Connection ISO Master Class An Overview."

Similar presentations

Administrative Systems and the Law What you need to know to produce an oral presentation for Unit 7 When the presentations will take place Resources you.

Administrative Systems and the Law What you need to know to produce an oral presentation for Unit 7 When the presentations will take place Resources you.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Data Protection & Freedom of Information The Practical Implications of Data Protection and Freedom of Information Caroline Dominey Data Protection Officer.

Data Protection & Freedom of Information The Practical Implications of Data Protection and Freedom of Information Caroline Dominey Data Protection Officer.
University of Sunderland Professionalism and Personal Skills Unit 11 Professionalism and Personal Skills Computer Legislation.

University of Sunderland Professionalism and Personal Skills Unit 11 Professionalism and Personal Skills Computer Legislation.
Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.

Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview

Data Protection Overview
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
The Information Commissioner’s Office David Evans.

The Information Commissioner’s Office David Evans.
Health & Social Care Apprenticeships & Diploma

Health & Social Care Apprenticeships & Diploma
EHRs and the European Union – current legislation and future directions. Dr Richard Fitton.

EHRs and the European Union – current legislation and future directions. Dr Richard Fitton.
Research Paper Presentation Software Engineering in agent systems.

Research Paper Presentation Software Engineering in agent systems.
Computers, the law and ethics  Lesson Objective: Understand some of the legal & ethical issues in developing computer systems  Learning Outcome: Know.

Computers, the law and ethics  Lesson Objective: Understand some of the legal & ethical issues in developing computer systems  Learning Outcome: Know.
The Data Protection Act 1998 The Eight Principles.

The Data Protection Act 1998 The Eight Principles.
Professional Values and Basic Business Legislation.

Professional Values and Basic Business Legislation.
OCR Nationals Level 3 Unit 3.  To understand how the Data Protection Act 1998 relates to the data you will be collecting, storing and processing  To.

OCR Nationals Level 3 Unit 3.  To understand how the Data Protection Act 1998 relates to the data you will be collecting, storing and processing  To.
GEOG3025 Confidentiality and social implications.

GEOG3025 Confidentiality and social implications.
Data Protection Act AS Module 1 10.8 Heathcote Ch. 12.

Data Protection Act AS Module Heathcote Ch. 12.
Data Protection Corporate training 2012. Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.

Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
The Data Protection Act 1998. What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;

The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;

Similar presentations

Ads by Google