Nick Orchiston, senior consultant at IT Governance, has helped a wide variety of organisations, from SMEs to global corporations, to achieve accredited certification to international management systems standards including ISO 27001 (information security management), ISO 9001 (quality management) and ISO 14001 (environmental management). We asked him to talk us through his experiences.
Quality management systems
“When I started in management systems 20-odd years ago, implementing ISO 9000 (as it then was), there were no real tools or experienced people outside defence and aviation who understood what quality was.
“The quality management system (QMS) was the first management system, so implementing one was a real learning experience. You would do something, and then have to wait for an auditor to come along before you found out whether it was okay or a blind alley – in which case a nonconformity would be raised and you’d have to fix it.
“Implementing a management system this way was a very time-consuming and expensive business.
“Having learnt the hard way by doing it once or twice, I developed a set of tools to help me the next time. These tools were my version of the documentation toolkits. If I’d had them the first time, they would have helped me no end.
“Now, having gone through all of those painful experiences, I can use them to help prevent inexperienced implementers from going up blind alleys. ITGP’s documentation toolkits provide a straightforward solution to the documentation, which is a big part of any management system.”
Information security management
“For ISO 27001, there are two really big chunks of work – the risk assessment, and documenting the processes and controls. For all the other standards, the big chunk of work is the documentation. Having tools for these aspects can be very beneficial and give someone implementing any management system a key to unlock the door.”
Making compliance quicker and easier
ITGP’s documentation toolkits make compliance with management system standards quicker and easier by providing pre-written and fully customisable templates for all of the documents you need.
This takes a big chunk of the work away from anyone implementing a management system standard, and is perfect for IT and compliance managers who are new to standards and want fully compliant, ready-written documentation.
Covering management system standards including ISO 27001, ISO 9001, ISO 14001 and ISO 22301, ITGP’s documentation toolkits can work alone or bolt together with one another to build an integrated management system.