QualityMentors Blog

This blog is a membership based discussion forum on Project Management, Software Quality, CMMI® for development, ISMS and associated subjects. It provides a common platform for our training participants and others to share views and obtain expert opinion on issues related to above subjects. Also, it is used by QualityMentors training participants to upload their personal details in a secured manner in line to the guidelines laid down in ISO/IEC 17024:2003. This blog draws its strength from its members who are welcome to share professional and personal experiences, comments, articles and reference links to make it a preferred knowledge repository for their collective use. It encourages fact based decision making as an success enabler for projects in member organizations.

Where is information security in ISO 9001:2008?

A friend asked me this  question yesterday…

If you search for the term ‘security’ in ISO 9001:2008, it is not there. If I were to map information security to ISO 9001, only clause I can map it is 6.4: Work Environment which reads like: “The organization shall determine and manage the work environment to achieve conformity to product requirements”. With IT increasingly being part of everyday business, a secured work environment to protect businesses from loss of confidentiality, integrity and availability becomes a prerequisite. Information security works around identification of risks, planning for their mitigation and effectively implementing those plans. The 2008 version of ISO 9001 has included ‘risks associated with environment’ right in the beginning, in its clause 0.1a: Introduction.

Comments are closed.

%d bloggers like this: