I remember my session with Peter of FXXP Associates from October 2007 and how simple his BS 7858 and ISO 9001 processes were.
I dig out the folder Peter gave me containing the copies of ISO 9001 and have a look at it. Its 23 sides long and reads like an Act of Parliament. I have no idea how to interpret most of the clauses and no clue as to which ones apply to a secure data destruction company.
To make matters worse, I cannot figure out from the wording which elements are mandatory and which are optional. I refer back to Peter’s processes and forms and can see how they relate to certain clauses of the ISO but that still leaves 80% of the text of the Standard unexplained.
This is like needing a lawyer to interpret a law – as the words can have different meanings and if you don’t have experience of interpreting the clauses then its very hard.
I know I am up against a huge challenge now. I can hardly make head or tail of the ISO 9001 Standard which is supposedly the base or easiest standard, and I haven’t even got copies of ISO 27001 and ISO 14001 yet.
Its time to launch a large salvo of enquiries and research to enable me to move forward and get answers to three key questions:
- What are the minimum compulsory requirements in each standard?
- How are they practically integrated into the procedures and processes of a business?
- How do the different standards fit together?
Based on diary entires