ISO 9001:2015 implementation at a manufacturing company

Jönsson, Anna, Berglund, Magnus

January 2016

Martin Ivarsson, manager and part owner at Landeryd’s Mechanical Workshop (LMW), Landeryd, Sweden, initiated this project. This because of a new released ISO 9001 version that LMW has to implement before the 15th of September 2018 to remain certified. Since LMW is ISO 9001:2008 certified the project members only needed to identify the differences among the 2015 and 2008 version to see what LMW has to do to get certified. There are approximately 1.1 million ISO 9001 certificates issued worldwide. An ISO 9001 certification increase organizations ability to satisfy customer needs and customers can rely on that the products and services provided are of consistently good quality. ISO 9001 can also work as a tool to streamline the organization’s processes and make them more efficient. Since the ISO 9001 is reviewed every five year it helps organizations to keep current in an ever- changing world. Landeryd’s Mechanical Workshop has been ISO 9001 certified since 2002 and the “ISO- think” is deeply rooted within the company. LMW is a small owner-controlled company with only 18 employees. ISO 9001:2015 is applicable on different kinds of organizations in various scales. Comparing to previous versions of ISO 9001 the new version is more adaptable. This makes it more beneficial for the organizations but harder for the auditors that certifies. One major conclusion is that LMW will have more freedom of document handling with the new ISO version. This report highlights LMW’s status today in accordance to the new ISO 9001 version, and estimates how much effort that is needed for a successful revision. Readers of this report will benefit from the results, since much is applicable on all types of organizations or companies.

ISO 9001

ISO 9001:2015

ISO 9001:2008

Quality Management System (QMS)

PDCA-Model

Risk based thinking

Triangulation

SIQ evaluation model

Leadership theory

ISO 9001:2015

Kvalitetsledningssystem

Triangulering

Návrh metodiky bezpečnosti informací v podniku / Design of Information Security Methodology in the Company

Bartoš, Lukáš

January 2013

This thesis proposes a design of information security methodology in the company. After the theoretical bases of this thesis is introduced company for which is intended this work. Then is performed analysis of risks based on selected assets and potential threats. Followed by design of the measures to minimize the creation of possible risks in the company.

Ett anpassat ledningssystem för informationssäkerhet : - Hur gör en liten organisation med hög personalomsättning?

Magnus, Crafoord, Henrik, Sahlin

January 2014

This paper aims to find out how to implement an information security management (ISMS) system that is based on ISO/IEC 27001-standard into a small organization with high employee turnover. The standard employs the PDCA-method as a course of action for implementing the standard. The reason for implementing such a system is to introduce information security to the organization and to maintain it despite the changes in management. The paper based it’s survey on a case study of a student nation in Uppsala, Sweden. Data was gathered from documents, organization charts, direct observation and by studying physical artifacts. The result of this study showed that it is possible to base an ISMS on the ISO/IEC 27001-standard and that the PDCA-method of implementing the system works if careful adaptation of the two is applied during its establishment into the organization. This paper concludes that certain aspects has to be considered when using the standard and PDCA-method when working with these kinds of organizations. The leadership has to play an active role in maintaining the work related to information security in order to enable continuity in a high employee turnover-organization. Organization members working on a non-profit basis can enable a higher level of security policy compliance since the relationship between employee and the organization stems from a voluntary basis. Build the ISMS so that it focuses on the core operations of the organization. If the ISMS is made to comprehensive there is a risk of it becoming too big for the organization to manage. There should be no doubts regarding who is responsible for the ISMS. The continuity of the system depends on well-established means of knowledge transfer from the departing responsibility holder to his or her successor.

Implementing ISMS

PDCA-model

information security

small organization

high employee turnover

PDCA-modellen

informationssäkerhet

små organisationer

hög personalomsättning

Information Systems

Návrh a nasazení systému řízení bezpečnosti informací ve výukovém středisku / Design and Deployment of Information Security Management System in Educational Center

Křížová, Romana

January 2014

This Master´s thesis is focused on the security of Educational center running a research aimed at chemical industry. In the first part the theoretical basis followed in the field are defined. The practical part is based on the security of a property considering the technical aspects as well as the suggestions of the trainings of managers and employees and sets respective permissions. A guide price calculation is also essential this project. The practical part evolves the existing analysis of the property.

Zavedení ISMS v malém podniku / The Implementation of ISMS in Small Company

Palarczyk, Vít

January 2015

This master's thesis is focused on the design of the implementation of information security management system (ISMS) into a specific business. In the theoretical part, it provides basic concepts and detailed description of ISMS. There is also described the analysis of a current information security state of the company. In the practical part, it provides a risk analysis and selection of measures to minimize found risks. In the final part is designed a process and a schedule of an implementation of the selected measures.

Návrh změn identity managementu v podniku / Company Identity Management Changes Proposal

Hruška, David

January 2018

This diploma thesis focuses on the proposal to implement changes of identity management into a particular company. In the theoretical part are the basic concepts and a detailed description of the identity management. There is also described an analysis of the current state of information security in the company, risk analysis and selection of measures to minimize the risks found. At the end of this thesis are proposed changes, their procedure and timetable for implementation of selected measures.

Návrh zavedení ISMS ve veřejné správě / The proposal of ISMS implementation in the public administration

Štukhejl, Kamil

January 2019

This diploma thesis focuses on the implementation of information security management system in the public administration based on ISO/IEC 27000 series of standards. The thesis contains theoretical background, introduction of the organization, risk analysis and a proposal of appropriate measures for minimization of these identified risks. In the end, an implementation plan is proposed including an economic evaluation.