CE Marking. ISO 9001 Certification. A Lesson

30th October 2017 ISO 9001 , ISO 9001:2015 no comments

CE Marking – Does it apply to your product, or not? Even after a quarter of a century in the quality and standards business, I occasionally get caught out.

So Far, So Good.

I wrote a Quality Management System for someone recently against ISO 9001, 2015. The senior management team knew their business, market and customers well, and had that mature, no-fuss demeanour which comes with experience and confidence.

Enter The Auditor

A professional, friendly chap. He did exactly as I would have done, wandering into the assembly area, spying incomplete assemblies, and asking “What legislation apply to these products” “None”, said the customer. (“I’ve been down this road, there are no issues. We’re almost home and dry.” I thought). Now comes the next question…

What About CE Marking, Then?”

The customer said “I don’t think it applies”, (“Hang on a minute, he gave a definitive “NO” when I asked…!”) The auditor, knowing the product, asks “what about (X)?”

Instantly, I knew I’d messed up – it was obvious that the legislation mentioned would apply, and the goods therefore needed CE marking. In my defence I had asked the question, and he’d said it didn’t apply. (After all, he would know his own business and products, wouldn’t he?)

What I Learnt Today…

So for anyone out there who isn’t sure if CE marking applies to their products here are two hints:-

Help is At Hand On-Line

First of all, try going here. It may be a government web site, but the explanation is pretty good and the English doesn’t seem to have been written by a lawyer previously employed by “Yes Minister”.

You Will Need A Technical File

Start compiling a Technical File for the product.

If you find from this that CE marking DOES apply then a key piece of documentation you will need to create is the Technical File

If you don’t have the required data to create this, you probably shouldn’t be selling into this market !

The content of a technical file is described through UK and European legislation. It should be a document which fully specifies the technical performance of the product and how it complies with the applicable European Directives. As a general guide, it should include:

  • An outline description of the product, possibly supported by a photograph or diagram.

  • Electrical content – circuit or wiring diagrams etc.

  • An outline diagram, often a General Assembly drawing

  • A full list of the applicable legislation and standards

  • Details of how you have ensured the product meets those standards, such as risk assessment & testing

  • Details of any controls or logic which enables the equipment’s functionality

  • Technical specifications for any sub-assemblies or bought in components.

  • A Bill of Materials or Parts List for the equipment

  • Diagrams showing markings and labelling applied to the product

  • A set of user instructions and any maintenance needs

  • Reports covering the functional testing of the product.

  • Commissioning or Quality Control requirements

  • And finally, a Declaration of Conformity, stating what directives and standards the product meets and authorised by a senior member of the company management team.

CE Marking is a complex and difficult subject, so this brief post is not intended to be an exhaustive guide to its implementation. However, knowing the applicable legislation for your products, and knowing how its performance has been verified is fairly important, so I hope this helps those with questions.

We’re Not Far Away

Meanwhile, we’re here to help, of course.

The Search for The ISO 27001 PDF Free Download. Some News.

30th October 2017 ISO 27001 no comments

Google tells us that the search term ISO 27001 PDF Free Download remains very popular indeed. Folks are clearly looking for “short-cuts”…

Some time ago, we held the view that there was utterly, completely no way that ISO 27001 certification could be achieved by anything other than some good old-fashioned consultancy time from a skilled ISO Consultant. There was much that was free, useful, (and occasionally both) downloadable from cyberspace. However, this standard, because of it’s business-critical nature, wasn’t one of them.

Furthermore, the shortcomings of a “get a free template and fill it in” approach are glaringly obvious to any ISO assessor. Our senior consultant was once one of them. A failed DIY attempt is easy to spot.

We must confess, however, that we’ve had a major change of heart. Realising that businesses will be on different stages of a standards “journey”, we’re now offering a menu of solutions for a business seeking ISO 27001 certification…

Face-to-Face Consultation.

If you really do not have a clue where to start, then we’re happy to spend time on attainment of the required standard from start to finish. This addresses the age-old “is it cheaper to hire a specialist or tie up resources in climbing a steep learning curve” conundrum. We deal with understanding your real-life needs and transferring these into a workable Quality Management System (QMS). Meanwhile, you simply get on with running you business. This approach is where we started many years ago, so we know it very well. But this is only one aspect of our services, and way beyond the ISO 27001 PDF free download approach.

Remote Consultation.

If you are currently holding other standards, know the landscape of a QMS, and have the in-house resource to do some of the spadework in-house, then our remote solution may be the optimum solution. You can book on-line sessions with one of our experienced professionals to “fill in the blanks” or solve problems. Typically, smaller businesses with some relevant experience or existing standard choose this option.

DIY with Video Training.

When your business already holds ISO accreditation, hence understands the process to achieve them, then we can provide all the necessary forms, documents, and guides along with a credit for on-line web-based consultation. We will also give access to a growing library of tutorial videos specifically related to the standard. This allows clients to work through to accreditation at their own speed with their own resources. Organisations with their own quality management staff and/or an existing core of systems benefit best from this solution.

Where do you want to start? We’ve listed some of our products (and prices) here. We’ve explained a bit more here, too. We are aware from the number of searches for ISO 27001 PDF Free Download that there’s a demand for a “tool kit” approach to accreditation.

Please get in touch! , and we’ll start to explore how we can work together.

What is ISO 27001? Could it have prevented the BA IT problem?

30th October 2017 ISO 27001 no comments

Many folks ask Google “What is ISO 27001” Opinions vary. Some think it is a kind of ISO wrap-around for your IT security issues. They would be vaguely right.

On the other hand, sceptics say that it’s another bureaucratic set of wish-list principles and guidelines. Largely ignored, like the “hold the handrail” notices on many a staircase, someone’s idea of due diligence. Meanwhile we race up and down in mid-text…

A Bad Day at Heathrow

Taking a recent very high profile incident, how useful is ISO 27001 in the real world? For example, could it have prevented the IT systems failure at BA that will allegedly cost £80M. Well, Yes and probably Yes.

There is a very useful in-depth (but readable) analysis of the chain of events here. In short, normal power supply to their very large data centre was overridden during a switch-over from live supply to battery backup. Power was restored at the wrong time and in the wrong way. Vital hardware was cooked. Of three data centres, one was “fried”, the second mirrored corrupt data from the first, and the third one simply didn’t want to play. Oh dear me. Some queues at check in today, then…

Considering that “What is ISO27001” question is important here.

It’s primarily a cyber security standard, stopping your company’s data getting into the wrong hands, However, it does have some controls that will stop other bad things happening. A couple of them being:-

When operating platforms are changed, business critical applications shall be reviewed and tested to ensure there is no adverse impact on organizational operations or security.” (Section A14.2 Statement of Applicability for ISO27001)

The organisation shall supervise and monitor the activity of outsourced system development.” (A14.2.7)

Could ISO 27001 have helped? On the one hand “yes”.

There are suggested steps intended to prevent very bad things happening as a result of poorly-executed maintenance or change procedures. It’s a small but important part of the standard and the Information Security System (ISMS).

On the other hand, “Yes” as well. Why?

Because, although procedures did exist, they weren’t followed. Nobody was “assessing and monitoring” to make sure they were being followed. A standard is only as good as its application, regardless of how many guidelines it contains. However, if you don’t bother checking they are followed, it’s just another catastrophe waiting to happen.

How to Live In The Real World

Whenever we write a security system for a customer, we always ensure that it is not abstract and theoretical.  It must be applicable to everyday business. We make sure it’s usable, monitored, and actually works (BA, if you need to get in touch, please use our contact page. Can I have payment up front please you seem to have a large debt).

What Next?

What is ISO 27001? A system to prevent breaches in cybersecurity and protect your business from bad procedure and nasty events. Can it help your business? Well, most probably. Contact us to find out more!

ISO 9001 2015 Transition in A Day? (Seriously?)

8th March 2017 ISO 9001:2015 no comments
ISO 9001 2015 Transition

If you’d asked us around two years ago if ISO 9001 2015 transition in a day was possible, we’d have said “no”. We would suggest that you didn’t quite understand how different the 2015 revision was from its 2008 forerunner. Or you’d read one of those motivational paperbacks. The ones which claim you can do anything, anytime, anywhere. They are probably not written by an ISO Auditor.

Meanwhile, we are well into our stride of ISO 9001:2015 transition work for customers. It’s turning out to be much easier and quicker than we first thought.

Furthermore, we’ve also introduced a new way of working to bring faster and more economical ISO 9001 2015 transition. Why and how?
read more

Rapid Certification Through an ISO 27001 Template PDF Download

7th March 2017 ISO PDF Template Download no comments
ISO 27001 PDF Download Template

According to Google, searches for an ISO 27001 Template PDF Download are frequent.  Yet the “ISO Free PDF Downloads” we’ve seen are often incomplete and/or overly complex. Sadly, lots of the right words won’t impress an auditor.  Our senior consultant was once one. Therefore, he can spot a “cheap quick fix” fast.  But does this mean the “template approach” has no value?

Recently, we’ve worked with some Far Eastern clients . Their budgets have not stretched to cover the cost of a visit. What could we do?
read more

Fast and Effective Approval Through ISO 9001:2015 Template PDF Download

7th March 2017 ISO PDF Template Download , Uncategorised no comments
ISO 9001:2015 Template PDF Download

In the past, we’ve been quite sceptical of the ISO 9001:2015 Template PDF Download approach to standards . However, we’ve had a change of heart and direction. In dealing with some Far Eastern and Australasian enquiries, it’s not been feasible to visit the organisation.  But there is an alternative solution…
read more

Reliable and Rapid Approval via ISO 14001:2015 Template PDF Download

7th March 2017 ISO PDF Template Download , Uncategorised no comments
ISO 14001:2015 Template PDF Download

Many internet users search for ISO 14001:2015 Template PDF Download. We’ve always been suspicious of the “one size fits all” approach. Plenty of ISO Free PDF Downloads appear incomplete, inconsistent, and ultimately inadequate. As I was once a certification auditor, I can assure readers that these DIY attempts are very easy to spot.

However, there are situations where the PDF template approach is ideal. And we’ve begun to use it.
read more

The Search for a ISO 14001:2015 Migration Free PDF Download, and Some Help

2nd December 2016 ISO 14001 , ISO 14001 :2015 no comments
ISO 14001:2015 migration free PDF download

Like many internet searchers, if you’re here looking for an ISO 14001:2015 migration free PDF download, then you’ve found one (downloadable here) .

It’s probably not quite what you were looking for, but that’s not necessarily a bad thing if it makes a clear point:- that PDF download is about as much as we’d want to ever give you, free-of-charge, because there’s much that’s different about the 2015 revision.

Breaking News! We Now Have Our Own PDF Download Shop.

Meanwhile we do offer ISO 14001:2015 PDF template download here. It’s not that we’re necessarily against them in the right context. And our specialist knowledge (and individual help desk support) is not free. Sorry. Buy the templates and our experienced help comes along with them.

However, my main concern in this blog is to clear up some common misconceptions, and the reason why some think the migration to ISO 14001:2015 can be done cheaply Or even for free.  This revision is far more than a few bolt-ons and tick-boxes added to your current system.

So what’s different?
read more

ISO 27001 Certification Cost. Hopefully Less Than £400,000…

7th October 2016 ISO 27001 no comments

I’m told that ISO 27001 Certification Cost is one of the most searched terms relating to ISO 27001 on the internet.

How much does certification cost? It’s worth reflecting on the cost of not having it. For TalkTalk in October 2016, the “failure to implement the most basic cyber security measures” cost around £400,000 in fines.

Some of TalkTalk’s IT security measures were probably very good indeed. But they were probably the wrong ones for the threat. And it’s highly likely that they even held ISO 27001 certification.
read more

FAQ:- An ISO 45001 PDF Download. And a Consultant Advises on Migration.

5th October 2016 ISO 45001 , ISO PDF Download , ISO PDF Free Download no comments
ISO 45001 PDF Download

Because of significant on-line interest, we’ve put together an ISO 45001 PDF Download (downloadable here).  It address some of the questions asked about migration from OHSAS18001 to ISO 45001

Meanwhile, to add some context, Rob Govier, Sales and Marketing Consultant, asked Colin Brown, Senior Consultant about the changes.

RG:- Why has the standard been revised?

CB:- All standards are revised every six or so years. This one is delayed because of a change to the master document which defines the standard template/format of all management system standards (ISO 9001:2015ISO 14001:2015, etc), known as Annex SL.

RG:- Are there any looming deadlines?
read more