The Benefits Of Iso Standards

Published Date: 02 Nov 2017

For this assignment, you can select one of the following IT business sectors: (IT training centre, IT and computer sales, IT support and maintenance, etc). Or maybe you have your own business idea which could be discussed with your tutor

TASK 1

Discuss how this system compliance against national and international standards, you need to show evidences how to meet quality standards including ISO standards.

You need to address extra costs involved to meet quality standards in different areas (design, testing, insurance etc)

I have chosen an IT computer sales centre business which will be offering facilities for its users. To have a computer sales system the company needs to implement good standards in order to run the business successfully. To meet high standards for my business I have to make sure that the following national and international standards are implemented.

British standards

BSI Standards is the UK's National Standards Body (NSB) and was the world's first. It represents UK economic and social interests across all of the European and international standards organizations and through the development of business information solutions for British organizations of all sizes and sectors. BSI Standards works with manufacturing and service industries, businesses, governments and consumers to facilitate the production of British, European and international standards. (http://www.bsigroup.com)

BS 10012.2009

Data protection. Specification for a personal information management system

In a computer sales business, the company has both the staff and customer details and personal information kept on record. This standard specifies the requirement of a personal information management system (PIMS), to provide an infrastructure for compliance with data protection act DPA 1998

BS OHSAS 18001

BS OHSAS 18001 is the internationally recognised standard for occupational health and safety management systems. It gives a framework to recognize manipulation and cut the dangers associated alongside health and safety in your workplace

It can be used to develop the occupational health and safety policy, taking into account specific legal requirements and risks related to your industry. 

If you have already carried out audits to assess the effectiveness of your policy, these may not give you the confidence that your health and safety management system meets legal and policy requirements. (http://www.iosh.co.uk)

Why choose BS OHSAS 18001

With BS OHSAS 18001 you can increase your opportunities to tender for new business, which can result in preferred supplier status. You can also benefit from the following advantages of BS OHSAS 18001:

Identify and control health and safety risks

Reduce the potential for accidents

Reduce sick days as a consequence of work-related injuries and ill-health

Generate greater staff engagement

Reduce insurance premiums

Ensure compliance

Avoid fines and lost productivity.

ISO STANDARDS

ISO (International Organization for Standardization) is the developer and publisher for more than 19 200 voluntary International Standards bringing benefits for business, government and society (http://www.iso.org)

Benefits of ISO standards

ISO international Standards safeguard that products and services are harmless, reliable and of good quality. For organisations, they are crucial instruments that cut prices by minimizing rubbish and errors and rising productivity. They aid firms to admission new marketplaces, level the playing field for growing countries and enable free and fair globe transactions.

ISO 27001

An Information Security management system (‘ISMS’) is a systematic way to grasping confidential or sensitive company data so that it stays safeguard (which way obtainable, confidential and alongside its integrity intact). It encompasses people, procedures and IT systems.

Information security is not just concerning anti-virus software, implementation of the latest firewall or locking down your laptops or web servers. The finished way to data protection ought to be crucial as well as operational, and various protection initiatives ought to be prioritised, consolidated and cross-referenced to safeguard overall effectiveness.

An Information Security Management System (ISMS) helps you coordinate all protection efforts – both electronic and physical – logically, consistently and cost-effectively.

ISO 27001 is the best practice specification that helps businesses and organisations throughout the world to develop a best-in-class Information Security Management System (ISMS). The Standard was published jointly by the International Security Office (ISO) and the International Electro-technical Commission (IEC). The British standard BS7799-2 was the forerunner for ISO 27001. (http://www.itgovernance.co.uk)

ISO27001 can help organisations create a framework for compliance with many regulatory standards. All UK business must comply with:

Telecommunications Regulations Act 1998

Data Protection Act 1998

Computer Misuse Act 1990

The Human Rights Act 1998

The Regulation of Investigatory Powers Act 2000

The Copyright, Designs and Patent Act 1998

The Freedom of Information Act 2000(UK public sector)

ISO31000

ISO 31000:2009 provides principles and generic guidelines on risk management. It can be utilized by each area, confidential or community enterprise, association, cluster or individual. Therefore, ISO 31000:2009 is not specific to each industry or sector. This standard will be flawless for my company in computer sales

ISO 31000:2009 can be applied across the existence of an organisation, and to an expansive scope of activities. These activities contain strategies and decisions, procedures, procedures, purposes, undertakings, produce, services and assets

ISO 31000:2009 can be requested to each kind of chance, whatever its nature, whether possessing affirmative or negative consequences.

ISO 31000:2009 is made to be utilised to harmonise risk management procedures in continuing and upcoming standards. It provides a common way in support of standards dealing alongside specific dangers and/or sectors, and does not substitute those standards.

Extra costs needed to meet the quality standard

We need extra cost to meet the quality standards in the organisation. Additional costs can be found in the following areas

Market research – market research is is a very important component of business strategy Market research is a key factor to get supremacy over competitors. Market research provides vital data to recognize and examine the marketplace demand, marketplace size and competition.

Market research includes opinion and social research, and is the systematic gathering and clarification of data concerning people or associations employing statistical and analytical methods and methods of the applied social sciences to gain vision or support decision making.

Design/development cost – the IT centre should have a manageable design structure for users of the system. implementation and training is very important. Employees will need proper training in order to maintain quality and reduce further costs. Development of the business/system

Insurance cost- due to the company spending on computer equipment, insurance will be needed for all the stock. In case of fire, theft or accidental damage my property will be fully covered and I should be able to make a claim for the affected items

Summary

In my opinion national and international standards play an important role in the success of a business. The businesses registered under these standards provide quality assurance, which in turn can increase the reputation of the organisation

TASK 2

Identify and access the risks involved with the development of your system (technical risks, business risks etc) and you need to show how to measure and manage those risks to protect and avoid your system from failure (this could include investigating the causes off system failure)

Risk is a function of the likelihood of a given threat-source’s exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organization.

As my business is an IT and computer sales organisation, there are various risks which can lead to the failure of the business. The following are risks that are seen in my business

Health and safety risks

Strategic risks

Environmental risks

Technical risks

Health and safety risks

Employers have responsibilities for the health and safety of their employees. They are also responsible for any visitors to their premises such as customers, suppliers and the general public. Find out more about your employer's duty of care.

The Health and Safety at Work Act

The Health and Safety at Work etc Act 1974 is the primary piece of legislation covering work-related health and safety in the United Kingdom. It sets out a lot of your employer’s responsibilities for your health and safety at work.

The Health and Safety Executive is responsible for enforcing health and safety at work.

Health and safety is very important in my business for both employees and customers. It is my duty to identify, access and control this risk

(Alan Dix,Janet Filey , Gregory Abowd, Russel Beale, 1998)

Identify

Identification of risks is known by understanding the nature of risks. Some risks are rated high and some low. In my business health and safety risks can be identified by physically inspecting the premises and asking the employees about hazards in the work environment. Hazards can be checked by reading manuals of equipments which are installed in the company. It can also be identified by checking the old records in which any previous health hazard was recorded.

Assessment

The nature of the risk can vary from moderate to severe, because I am dealing with computer equipment I will need to make sure that all the manufacturing machines are correctly installed and also make sure that no one can suffer any risk from electric shock due to the fact that electricity will be a major factor. Electric shocks can occur from exposed wires so I will make sure all wires are safe. Employee safety in the workshop will need to be accesses e.g. use of lifts, heaters and boilers in the business. Business equipment will need to be ideal for the users to avoid health problems for the employees

Control

We can control severe risks of electric shock by removing old wires and replacing them with new. High voltage cables need to be hidden from the users working environment. Adjustable chairs and clear computer screens will also be required to reduce the employee health risks. Regular monitoring and training can minimise risks.

ISO13.260 is a standard that Protection against electric shock. Live working including tools for working with voltages

According to David Amess, LDA Risk Management "your safety management systems need not be complex, they should reflect your business and your circumstances"

Operational risks

An operational risk is, a risk arising from execution of a company's business functions. It is a very broad concept which focuses on the risks arising from the people, systems and processes through which a company operates. It also includes other categories such as fraud risks, legal risks, physical or environmental risks. (www.riskglossary.com/articles/operational_risk.htm)

Identifying

Operational risks can be identified by the regular checking of systems and monitoring of the staff performances. Threats such as viruses can affect the system and business performance.

Assessment

Loss of valuable data in the system and unauthorised access can cause severe risk to the business. This can be accessed by constant monitoring of employees who are using the computer systems and authority should be allocated to the employees who are trained to use the system.

Control

This can be controlled by the use of back-up systems and the recovery systems. Installations of necessary software will be required to fight against threats like viruses and other security threats. To manage the business efficiently training to the staff will be required in order to utilise systems efficiently and handle accounting controls.

Technical Risks

Technical risks can cause severe disruption to the business functionality. Technical risks usually lead to improper functionality and performance of the system; they are caused by lack of advance technology or continuous change of requirements.

Identifying

The technical risks can be identified for example if a customer wants additional products in their computer the technician will need to make sure everything is installed properly. To avoid technical risks I will make sure that the ordered computer system is running and working fine

Assessment

Further costs will need to be avoided by making sure the system is correctly installed. If the hardware is not installed properly a major risk of damaging the whole system will lead to added costs will make sure that all the technicians are well trained to reduce risks.

Control

These risks can be managed by checking the end product and by monitoring the performance over and over again. Close monitoring will make sure that the system is running perfectly and that no errors are found ready for delivery to the customer.

TASK 3

Discuss the service level agreement of your system; you need to demonstrate your understanding the level service requirements and show how to plan, schedule, and measure and control facilities to agreed levels of service

A service-level agreement (SLA) is a part of a service contract where the level of service is formally defined. In practice, the term SLA is sometimes used to refer to the contracted delivery time (of the service) or performance. As an example, internet service providers will commonly include service level agreements within the terms of their contracts with customers to define the level(s) of service being sold in plain language terms. ( http://en.wikipedia.org/wiki/Service-level_agreement)

For my business the following SLA levels will be seen

Customer-based SLA Agreement with an individual client cluster, covering all the services they use. E.g , an SLA between a supplier (IT service provider) and the finance department of a colossal association for the services such as finance arrangement, payroll system, billing arrangement, procurement/purchase system, etc.

Service-based SLA: An agreement for all clients using the services being offered by the service provider.

Multilevel SLA: The SLA is split into various levels, each addressing different set of clients for the same services, in the same SLA.

Corporate-level SLA: Covering every generic service level management (often abbreviated as SLM) issues appropriate to every client throughout the organization. These issues are likely to be less volatile and so updates (SLA reviews) are less frequently required.

Customer-level SLA: covering all SLM problems relevant to the particular client group, regardless of the services being offered.

Service-level SLA: covering every SLM problem that’s relevant to the specific services, in relation to this specific client group.

Planning

The main point of service level agreement is to define, negotiate and monitor the quality of the services. If the services which we are providing do not satisfy the customers need, then there is lack and the business is responsible for the consequences. The following questions need to be addressed

Who is providing the services?

What services are we providing the customers?

How are we providing these services?

What are the customer’s needs?

Do we have appropriate level of services agreed on the service level agreement (SLA)?

Scheduling

The second phase after planning is scheduling. At this stage we make an outline in which all the services which we will be providing to our customers are addressed. There can be different types of customers coming to me to get these services. We need to make a prototype of the actual system in which we discuss

Terms and conditions of the services

Responsibilities of both parties

Duration of the services

Charging and collection methods

measure and control

This is the final stage of service level agreement. At this stage our service is introduced to the customer. Once the service is in use it requires constant management and control to ensure the highest level of quality is achieved. Experiences from previous assignments are taken into consideration so previous problems can be avoided.

SLA should be renewed every six months for changing and improvements. I will ensure that my customers are satisfied with their purchase and appreciate the services being provided. Success of a business hugely depends on the quality of products/services it offers to customers. I will also ensure that my staff are skilled and well trained to use the software and products