ISO Standard

Basically to build to good and easy to be accepted IT Security Masterplan, we should cover every IT area. Here is simple checklist to build a sound good IT Security Masterplan

IT Policies

• Education and awareness programs.
• Badge wearing.
• Clean desk policy.
• Visitor and contractor controls.
• Employee involvement and responsibilities.
• When and how to have armed off-duty police officers onsite.

IT Investigations

• Use of hidden cameras along with determining who should be involved in the decision to use them.
• Use of a polygraph for interrogations.
• Whether or not to prosecute employees or others when a crime has been committed (even a minor crime).

Technology

• What technologies might be utilized in the future and when, where, and why

ISO 9000 standards are published by the ISO. The ISO 9000 series consist of the following quality standards:
- ISO 9000
- ISO 9001
- ISO 9002
- ISO 9003
- ISO 9004

ISO 9000 is an overview for selecting the appropriate standard. ISO 9001 covers the 20 elements of an effective quality management system (QMS), which include design, production, servicing, and installation:
1. Management responsibility
2. Quality system
3. Contract review
4. Design control
5. Document and data control
6. Purchasing
7. Control of customer-supplied product
8. Product identification and traceability
9. Process control
10. Inspection and testing
11. Control of inspection measuring and test equipment
12. Inspection and test status
13. Control of a nonconforming product
14. Corrective and preventive action
15. Handling, storage, packaging, preservation, and delivery
16. Control of quality records
17. Internal quality audits
18. Training
19. Servicing
20. Statistical techniques

1. What does Accreditation to ISO/IEC 17025 mean?
ISO/IEC 17025 is applicable to testing and calibration laboratories and covers the use of standard, non-standard and laboratory-developed methods.
Laboratories that can demonstrate compliance with ISO/IEC 17025 at assessment have demonstrated they operate using sound management practices and are technically competent to perform specific tests, calibrations and/or measurements for which they hold accreditation.

The management requirements of the Standard were written to meet the systems requirements of ISO 9000:1994 series. However, accreditation against ISO/IEC 17025 cannot be interpreted to be the same as certification against the ISO 9000 series Standards.

2. What does Certification to ISO 9001 Mean?
From 15th December 2003, the ISO 9000:1994 series of Quality Management Standards becomes obsolescent and will be superseded by a single Standard known as ISO 9001:2000.