• AQI
  • ABSTRACTS
  • Mitigating Risk by Protecting your Data and Information

ISO 9000 & AUDITS WORLD CONFERENCE ABSTRACT 

Mitigating Risk by Protecting your Data and Information

Presenter:

John DiMaria, Global Champion Information Security and Business Continuity, BSI, Herndon, VA, USA

Co-Presenter: Katie Warlick; Business Development Management; BSI Group, Herndon, VA, USA

Keywords:

High Risk Audits, Improved Audit Tools, Process Auditing, Risk-Based Thinking

Industry:

Aviation/Space

Level:

Intermediate

The revised version of ISO 9001, and corresponding industry-related standards like the AS9100-series and IATF 16949, ensured that risk and quality are woven throughout the management system and the organization. Today, one of the greatest risks organizations face is a cyber-attack. Data breaches and unauthorized access can jeopardize not only the quality of the product, but the proprietary intellectual property that makes the product unique. With GDPR and the other privacy protection regulations now in place, failure to recognize or report a breach can also be financially catastrophic.

With ISO’s new High-Level Structure, incorporating an information security framework within the quality management system has never been easier, nor more necessary.

The common structure, facilitates integrating information security with the quality management system and enables the organization to increase compliance. This holistic approach allows for greater flexibility to meet increasing regulatory and legislative requirements.

Applying a robust system to managing information can protect an organization and reduce risk. ISO/IEC 27001 provides the framework necessary to protect product quality and can offer additional business benefits. Recent surveys reveal that of those who have adopted the ISO/IEC 27001 framework:

  • 80% have advised it inspires trust in their business
  • 75% believe it reduces business risk
  • 71% believe it protects their business

An integrated system reduces the duplication of efforts and streamlines common processes such as documentation and record control, internal audits, management review, control of non-conformances and the management of corrective action.

Certification to both ISO 9001 and ISO/IEC 27001 requires commitment and involvement from the organization’s leadership team. Top management are responsible for the system’s effectiveness and for making sure the whole organization understands how they contribute. Creating a culture where the importance of information security and quality are promoted and embraced avoids confusion and provides clarity.

ISO/IEC 27001 and ISO 9001 both help organizations to identify and manage risks relevant to their management system and continually evaluates its effectiveness. This is particularly important when technology is constantly changing and new threats can arise suddenly.

Achieving certification to both ISO 9001 and ISO/IEC 27001 demonstrates that an organization has taken the necessary steps to safeguard the quality of their product and the data that makes it possible. It shows “due diligence” and a “standard of care” which creates trust with customers, investors and other stakeholders.

REGISTRATION OPEN 
Please select the relevant Registrant Type from: a) Conference & Workshops; b) Exhibits & Sponsorship; c) Speakers & Co-Speakers

SPEAKERS' CORNER
Submit your PowerPoint by
January 31, 2019
Speakers’ Orientation Meeting:
Sunday, March 10, 2019, 6 PM-7 PM
Please download the Speaker Instructions here

Conference Chair's Message

Robert Freeman

The 2019 ISO 9000 & AUDITS WORLD CONFERENCE is focused on providing you and your organization with the information and tools needed to continue this drive toward excellence. This year’s conference will not only continue to prove relevant topics with leading experts in their respective fields, but it is.....read more