ISO 9001 Certification in Saudi Arabia If you’ve been reading my journal, you almost certainly assume I’m convinced ISO 9001 in Saudi Arabia is that the most excellent document ever written. That’s not true – operating with my purchasers and teaching on the topic, sometimes identical weaknesses of this commonplace emerge. Here there, along with my suggestions a way to resolve them:
Ambiguous terms
Some of the wants within the commonplace area unit rather unclear:
ISO 9001 Services in Saudi Arabia Clause four.3.1 c) needs that ISMS documentation should include… “procedures and controls in support of the ISMS” – will that mean that a document should be written for every of the controls that area unit applied (there area unit one33 controls in Annex A)? In my read, that's not necessary – I sometimes advise my purchasers to write down solely the policies and procedures that area unit necessary from the operational purpose of read and for decreasing the risks. All different controls are often in short delineated within the Statement of relevancy since it should embody the outline of all controls that area unit enforced N(Un)documented policies and procedures – in several controls from Annex A, policies and procedures area unit mentioned while not the word “documented”. In effect, this implies that such policies and procedures don't have to be compelled to be written down, however this can be not clear to ninety fifth of the readers of the quality. External parties / third parties – these terms area unit used interchangeably, which can confuse. it'd be far better if one term was used.
Organization of the quality
ISO 9001 consultant in Saudi Arabia a number of the wants within the commonplace area unit either scattered, or surplus duplicated: Some controls area unit merely settled during a wrong place – as an example, A.11.7 Mobile computing and telecommuting is found in section A.11 Access management. though once coping with mobile computing one should beware of access management, section A.11 isn't the foremost natural place to outline problems associated with mobile computing and telecommuting. problems associated with external parties area unit scattered round the commonplace – during a.6.2 External parties, A.8 Human resources security and A.10.2 Third party service delivery management. With the advance of cloud computing and different styles of outsourcing, it's well to collect all those rules in one document or one set of documents which might touch upon third parties.ISO 9001 in Dubai nation worker awareness and coaching is needed each in clause five.2.2 of the most a part of the quality, and up to speed A.8.2.2. Not solely is that this duplication surplus, however it additionally causes further confusion – on paper, every management from Annex A may well be excluded, thus you will find yourself excluding a demand that's truly impractical to exclude as a result of it's needed by the most a part of the quality. identical factor happens with Internal audit (clause vi of the most a part of the standard) and management A.6.1.8 freelance review of knowledge security. Some of the controls from Annex A are often applied extremely loosely, and that they will embody different controls – for instance, control A.7.1.3 Acceptable use of assets is thus general so it will protect example A.7.2.2 (Handling classified information), A.8.3.2 (Return of assets upon termination of employment), A.9.2.1 (Equipment protection), A.10.7.1 (Management of removable media), A.10.7.2 (Disposal of media), A.10.7.3 (Information handling procedures) etc. I sometimes advise my purchasers to create one document that will cowl all those controls.
Problems or not?
ISO 9001 Certification in Dubai Here area unit many problems that area unit sometimes delivered to attention as problematic, but I ail them:
The standard is just too obscure, it doesn't come in enough detail – if it did come in additional detail concerning the technology that's to be used, it'd presently be outdated; if it did come in additional detail concerning the strategies and/or structure solutions, it wouldn’t apply to any or all sizes and kinds of organizations – an outsized bank should be organized quite otherwise than atiny low promoting agency, but each ought to be able to implement ISO 9001 Services in Saudi Arabia .The standard permits an excessive amount of flexibility – by this the critics mean the idea of risk assessment wherever sure security controls are often excluded if there are not any connected risks. so that they raise – “How would it not be potential to exclude backup or anti-virus protection?” truly, with the progress of technologies like cloud computing, this sort of protection won't be the responsibility of the organization implementing ISO 9001 in urban center. (However, in such case the risks of outsourcing would be rather high thus different reasonably security controls would be necessary.)
Now what?
ISO 9001 consultant in Dubai This commonplace will definitely have to be compelled to amendment – the present version of ISO/IEC 9001:2005 is currently six years previous, and hopefully following revision (expected in 2012 or 2013) can address most of the on top of problems. though these shortcomings will usually confuse, I believe that positive sides of the quality outweigh the negative ones in giant live. And yes, i am convinced this commonplace is far and away the simplest framework for data security management.
How to get ISO 9001 Consultant in Saudi Arabia?
Are you looking to get certified the new version of ISO 9001 in Saudi Arabia? Certvalue is Having Top Consultant to give ISO 9001 Consultancy in Saudi Arabia .it helps the organization to meet its Customer Requirements. After getting Certified under ISO 9001 Services in Saudi Arabia it helps to get more income and business for new customers. We are the top Certvalue Service provider for each one of your necessities. Feel free to send an inquiry to certvalue.com