An Introduction to Information Security for the Quality Professional


How important is information security to your quality management system?

Has your organisation identified their risks, assessed the implications and put in place systemised controls to limit security breaches?

It’s becoming ever more important, with a growing cross-over between the topics. As we come to rely more heavily on information technology, the security of that information is becoming a vital component of a quality management system.

Basically, we want our information to:

  • Only be accessed by the right people (Confidentiality)
  • Only be changed by authorised people or processes (Integrity)
  • Be available to read and use whenever we want (Availability).

These 3 principles are often referred to by the acronym CIA (yes, there’s a joke in there somewhere).

The CIA triad of principles forms the basis of information security.

Organizations are trending to implement an ISMS (Information Security Management System) based on the requirements of ISO27001. Even when that is not the case, our increasing reliance on information technology means the security of that information is becoming an important consideration for other management systems – such as those for ISO9001 Quality.

This discussion introduces ISO 27001 and also considers the relevance of information security to a quality management system based on ISO 9001.

Presenter: Alan M. Jones

Alan M. Jones is the CEO of Qudos Management Pty Ltd (Australia) and Managing Director of Qudos Certification Limited (UK).

He is a qualified lead auditor for ISO 9001 Quality, ISO 14001 Environment, AS/NZS 4801, ISO 27001 / CSA Star Information Security. He has conducted certification audits for many years and mentored / evaluated numerous certification auditors.

As a Software Application Developer he has led a team of content specialists and software developers to produce the Qudos 3 software application for integrated management systems.

As a Management consultant, he has developed and implemented quality management systems through to ISO certifications for numerous organisations. He has conducted Internal auditor training for over 15 years.

He has a BA degree in Management and Technology and is a qualified electrical / electronics engineer.