An exploratory analysis of quality management audit findings at a nuclear power station

Simons, Rowena Chrystal

January 2016

Thesis (MTech (Quality))--Cape Peninsula University of Technology, 2016. / The quality assurance role is an essential function in high risk industries such as the nuclear power industry where process failures can potentially have catastrophic results. As part of mitigating the risk inherent in such industries, the need for reliable quality assurance cannot be over-emphasised. Underpinning a reliable quality assurance function, lies the need for effective identification of risk; as well as effective decision making processes by competent auditors. A nuclear quality assurance (QA) department has noted an increase in the variability of its audit outcomes, which has resulted in the value of the audit process being questioned by various stakeholders. The research endeavoured to: explore and describe the practice amongst auditors when rating audit findings; potentially identify reasons for inconsistencies amongst auditors when rating findings; and provide recommendations to improve both the consistency amongst auditors when rating audit finding and the overall performance of the audit process. An exploratory study using the Delphi technique was adopted to enable multiple iterations of qualitative and quantitative data collection and analysis, mimicking elements of a sequential exploratory strategy.

Nuclear power plants -- Quality control

Quality control -- Auditing

Um modelo de gerência de configuração de redes locais / A model of local area network configuration management

Schmitt, Marcelo Augusto Rauh

January 1993

Uma rede local necessita ter a sua configuração gerenciada para manter a sua utilidade dentro da organização a qual pertence. Esta gerencia a complicada pela heterogeneidade da rede e pela sua importância dentro da organização. A tentativa de solucionar este problema passa pela utilização de um padrão de gerencia de rede e pelo desenvolvimento de ferramentas que permitam a gerencia eficiente da rede pelo administrador. Este trabalho apresenta uma proposta de gerencia de configuração de redes locais. São apresentados os objetos gerenciados necessários a gerencia de configuração. Parte destes objetos são previamente definidos pela IAB (Internet Activities Board) em normas; e parte 6 definida neste trabalho. Os objetos são definidos de acordo com o formato proposto pela IAB. Entretanto, para que os objetos sejam definidos, é necessário, antes, que as funções de gerencia de configuração_ sejam delineadas. Os objetos são definidos a partir das funções que se deseja executar. Portanto, antes da apresentação dos objetos, são definidas funções de gerencia de configuração. Também é apresentada a implementação de um protótipo de gerente que realiza varias das funções definidas no trabalho, utilizando o padrão SNMP (Simple Network Management Protocol). Este protótipo utiliza o pacote de programas CMU (Carnegie Mellon University) SNMP para a implementação das funções. A partir do protótipo pode-se perceber como se realizam as funções de gerencia e como deve ser a interface de , um gerente de configuração, a fim de que este seja •realmente útil nas tarefas do administrador da rede. Por ultimo, e feita uma modelagem dos objetos gerenciados de acordo com a norma OSI (Open Systems Interconnection). Várias são as modificações decorrentes delta modelagem diferenciada. Silo apresentadas as diferenças que ocorrem na gerencia de configuração quando se utiliza o modelo de dados OSI, em vez do modelo de dados Internet. / In order to keep a LAN useful to its organization, its configuration has to be managed. Heterogenity and importance of networks makes management more difficult. An attempt to solve this problem has to consider the management standards and the development of tools which allow an efficient network management. This work presents a proposal of local area network configuration management. Managed objects necessary to manage configuration are presented. Part of these objects are, previously, define in IAB (Internet Activities Board) standards, and part of them are defined here. Objects are defined according to the format proposed by IAB. However, before the definition of objects, it is necessary to define configuration management functions. Objects are defined according to the functions one wants to implement. Thus, before the presentation of objects, configuration management functions are defined. It is also presented a manager prototype which executes many of the functions defined in this work, using SNMP (Simple Network Management Protocol). The prototype uses CMU (Carnegie Mellon University) SNMP software package to implement functions. It is possible to notice, from the prototype, how functions are realized and which characteristics the interface of a configuration manager must have to be useful in the tasks performed by human manager. Finally, modelling of managed objects is done according to OSI (Open Systems Interconnection) standards. Many changes occur because of this diferent modelling. The changes in configuration management which occurs when one uses OSI data model, instead of Internet data model, are presented.

Redes : Computadores

Redes locais : Computadores

Gerencia : Configuracoes

Padroes : Gerencia

Configuration management

Managed objects

Management standards

A study of standards and the mitigation of risk in information systems

Dresner, Daniel Gideon

January 2011

Organisations from the multinational Organisation for Economic Cooperation and Development through to national initiatives such as the UK's Cabinet Office, have recognised that risk - the realisation of undesirable outcomes - needs a firm framework of policy and action for mitigation. Many standards have been set that implicitly or explicitly expect to manage risk in information systems, so creating a framework of such standards would steer outcomes to desirable results.This study applies a mixed methodology of desk enquiries, surveys, and action research to investigate how the command and control of information systems may be regulated by the fusion and fission of tacit knowledge in standards comprising the experience and inductive reasoning of experts. Information system user organisations from the membership of The National Computing Centre provided the working environment in which the research was conducted in real time. The research shows how a taxonomy of risks can be selected, and how a validated catalogue of standards which describe the mitigation of those risks can be assembled taking the quality of fit and expertise required to apply the standards into account. The work bridges a gap in the field by deriving a measure of organisational risk appetite with respect to information systems and the risk attitude of individuals, and linking them to a course of action - through the application of standards - to regulate the performance of information systems within a defined tolerance. The construct of a methodology to learn about a framework of ideas has become an integral part of the methodology itself with the standards forming the framework and providing direction of its application.The projects that comprise the research components have not proven the causal link between standards and the removal of risk, leaving this ripe for a narrowly scoped, future investigation. The thesis discusses the awareness of risk and the propensity for its management, developing this into the definition of a framework of standards to mitigate known risks in information systems with a new classification scheme that cross-references the efficacy of a standard with the expertise expected from those who apply it. The thesis extends this to the idea that the framework can be scaled to the views of stakeholders, used to detect human vulnerabilities in information systems, and developed to absorb the lessons learnt from emergent risk. The research has clarified the investigation of the security culture in the thrall of an information system and brought the application of technical and management standards closer to overcoming the social and psychological barriers that practitioners and researchers must overcome.

338.0068

The ISO/IEC 27002 and ISO/IEC 27799 information security management standards : a comparative analysis from a healthcare perspective

Ngqondi, Tembisa Grace

January 2009

Technological shift has become significant and an area of concern in the health sector with regard to securing health information assets. Health information systems hosting personal health information expose these information assets to ever-evolving threats. This information includes aspects of an extremely sensitive nature, for example, a particular patient may have a history of drug abuse, which would be reflected in the patient’s medical record. The private nature of patient information places a higher demand on the need to ensure privacy. Ensuring that the security and privacy of health information remain intact is therefore vital in the healthcare environment. In order to protect information appropriately and effectively, good information security management practices should be followed. To this end, the International Organization for Standardization (ISO) published a code of practice for information security management, namely the ISO 27002 (2005). This standard is widely used in industry but is a generic standard aimed at all industries. Therefore it does not consider the unique security needs of a particular environment. Because of the unique nature of personal health information and its security and privacy requirements, the need to introduce a healthcare sector-specific standard for information security management was identified. The ISO 27799 was therefore published as an industry-specific variant of the ISO 27002 which is geared towards addressing security requirements in health informatics. It serves as an implementation guide for the ISO 27002 when implemented in the health sector. The publication of the ISO 27799 is considered as a positive development in the quest to improve health information security. However, the question arises whether the ISO 27799 addresses the security needs of the healthcare domain sufficiently. The extensive use of the ISO 27002 implies that many proponents of this standard (in healthcare), now have to ensure that they meet the (assumed) increased requirements of the ISO 27799. The purpose of this research is therefore to conduct a comprehensive comparison of the ISO 27002 and ISO 27799 standards to determine whether the ISO 27799 serves the specific needs of the health sector from an information security management point of view.

Computer security

Využití projektového řízení při vývoji nového produktu / Use of Project Management - Launch of New Product

Maroušková, Lucie

January 2010

The topic of the thesis is use of project management in information and communication technologies with further focus on - Launch of New Product and Evaluation of Investment Effectiveness involving not only specifics of project management, individual phases of life product cycle or introduction of main characteristics of IT project but also a detailed description of common standards which are often used in the area of IT project management. Practical part of the thesis is furthermore aimed at the analysis of activities regarding to development and launch of new product on the market and the evaluation of investment effectiveness from financial side. For the purpose of the analysis it was chosen an investment project from banking area whose target is first of all to find out problems during preparation and realization of this project and prove the importance of financial indicators for decision process whether to realize a particular project or not.

Dirección de proyecto para el montaje de tanque de almacenamiento WS2-T-001A, de la empresa el Sol S.A.C., bajo el estándar de la guía del PMBOK® Sexta edición

Burgos Abanto, Victor Raul, Cigueñas Ramírez, Ralhp Brayan, Ito Cervantes, Luis Josset, Riquelme Condor, Alexander Máximo

31 July 2019

El proceso de madurez de la dirección de proyectos en la empresa, que por razones de confidencialidad llamaremos en adelante “El Sol S.A.C.”, sugiere la necesidad de contar con un plan para la dirección de proyectos que busque influir positivamente en los resultados actuales, aprovechando la oportunidad de maximizar los beneficios de ejecutar proyectos exitosos. El plan para la dirección de proyectos propuesto obedece a las necesidades identificadas en el análisis de contexto de “El Sol S.A.C.” y se basa en los procesos de dirección de proyectos de la Guía del PMBOK®, Sexta Edición y la Extensión de Construcción de la Guía del PMBOK®, 2016. Los procesos que se incluyen en el plan para la dirección de proyectos están debidamente justificados de acuerdo a la naturaleza y características del proyecto “MONTAJE DE TANQUE DE ALMACENAMIENTO WS2-T-001A”. El presente trabajo de investigación tiene como objetivo aplicar los estándares globales seleccionados del PMI®, para demostrar que al aplicarlos en la gestión de los procesos de iniciación y planificación del proyecto se logrará un incremento de la probabilidad de éxito del proyecto. Entre los principales beneficios de la aplicación del presente documento se encuentran: mejora de la eficacia de la planificación, mejora de la eficacia en la gestión de riesgos y calidad. Basándonos los indicadores financieros obtenidos en la evaluación después de impuestos, se concluye que la ejecución del proyecto “MONTAJE DE TANQUE DE ALMACENAMIENTO WS2-T-001A” bajo el plan propuesto es factible. / The process of maturity of project management in the company, which for reasons of confidentiality we will call "El Sol S.A.C.", suggests the need to have a plan for project management that seeks to positively influence current results, taking advantage of the opportunity to maximize the benefits of executing successful projects. The proposed project management plan obeys the needs identified in the context analysis of "El Sol S.A.C." and is based on the project management processes of the PMBOK® Guide, Sixth Edition and the PMBOK® Guide Construction Extension, 2016. The processes included in the project management plan are duly justified according to the nature and characteristics of the project "STORAGE TANK ASSEMBLY WS2-T-001A". The objective of this research work is to apply the selected global standards of the PMI®, to demonstrate that applying them in the management of the processes of initiation and planning of the project will achieve an increase in the probability of success of the project. Among the main benefits of the application of this document are: improved effectiveness of planning, improved effectiveness in risk management and quality. Based on the financial indicators obtained in the after-tax assessment, it is concluded that the implementation of the project "STORAGE TANK ASSEMBLY WS2-T-001A" under the proposed plan is feasible. / Trabajo de investigación

Dirección de proyectos

Estándares de gerencia

Gestión de riesgos

PMBOK

Project management

Management standards

Risk management

Modelo de gestión de riesgos de seguridad de TI para pymes del sector comercial que dependen de proveedores críticos

Flores Huamani, Vladimir, Chavez Rios, Manuel Junior

02 July 2020

La seguridad de la información se ha convertido en un área importante, ya que las organizaciones diariamente administran activos de TI valiosos que dependen de proveedores críticos; tales como: bases de datos, servicios, aplicaciones, hardware, etc. Estos activos están sometidos a riesgos de una gran variedad, como: desastres naturales, ciberataques, fraudes, etc. que pueden afectar de forma crítica a la organización. Estudios realizados sobre organizaciones en Europa y EE. UU revelan que las Pymes se caracterizan por la falta de la dedicación necesaria a la seguridad de TI. Esto debido principalmente a que la seguridad de la información no forma parte de sus necesidades internas. En el Perú, las empresas no se encuentran preparadas para afrontar situaciones de riesgo, debido a que la mayoría de las organizaciones carecen de políticas de seguridad y sistemas de evaluación de riesgos. El presente proyecto plantea el desarrollo de un modelo de gestión de riesgos de seguridad de TI que tiene como objetivo incrementar el nivel de madurez y disminuir el nivel de riesgo en los procesos y activos de TI de las Pymes que dependen de proveedores críticos. Esto mediante una serie de controles y planes de seguridad basados en la metodología Magerit y estándares de seguridad como la ISO/IEC 27001:2013. Con esto, buscamos cubrir la principal necesidad identificada en las Pymes, la cual es reducir el nivel de impacto ocasionado por los riesgos que afectan los activos y procesos de TI soportados por terceros, y que además puedan contar con un adecuado plan de continuidad. / Information security has become an important area as organizations daily manage valuable IT assets that depend on critical providers; such as: databases, services, applications, hardware, etc. These assets are subject to risks of a wide variety, such as: natural disasters, cyberattacks, fraud, etc. that can critically affect the organization. Studies carried out on organizations in Europe and USA reveal that SMEs are characterized by the lack of dedication necessary to IT security. This is mainly because information security is not part of their internal needs. In Peru, companies are not prepared to face risk situations, since most organizations lack security policies and risk assessment systems. This project proposes the development of an IT security risk management model that aims to increase the level of maturity and decrease the level of risk in the IT processes and assets of SMEs that depend on critical providers. This through a series of controls and security plans based on the Magerit methodology and security standards such as ISO / IEC 27001: 2013. With this, we seek to cover the main need identified in SMEs, which is to reduce the level of impact caused by the risks that affect IT assets and processes supported by third parties, and that may also have an adequate continuity plan. / Tesis

Gestión del riesgo

Estándares de gestión del riesgo

Magerit

Pymes

Risk management

Risk management standards

Competencies as a predictor of work performance for branch managers in a banking institution

Pema-Mistry, Deepa

January 1900

An essential blend between competencies, personality and skill is sought after for successful branch managers in today’s banking world in order to achieve a high level of quality, on-time delivery, as well as customer and employee satisfaction and loyalty. In this study the predictive relationship between competencies (as a portrayal of personality and abilities) and work performance was investigated among the branch managers. The scores on the essential Universal Competency Framework competencies, the Person- Job Match and performance data for three years were used to conduct correlation and regression analyses. The study was conducted among 95 branch managers at a banking institution in South Africa. A theoretical relationship was determined, and this was supported by the significant relationship that was evident between the identified essential competencies of the branch managers and their work performance. The regression model summary indicated significance when using all essential competencies combined against the overall criterion score. / Industrial & Organisational Psychology / M.A. (Industrial and Organisational Psychology)

Banking institution

Branch managers

Work performance

Positive psychology

Competencies

Personality

Ability

658.31250243321

Core competencies

Performance standards

Bank management -- Standards

A feasibility study on applying benchmarking in measuring corporate environmental performance of the concreting industry in Hong Kong

Chan, Yau-man, Calvin., 陳有文。.

January 1999

published_or_final_version / Environmental Management / Master / Master of Science in Environmental Management

Is ISO14001 a sustainable EMS solution for SMEs in Hong Kong?

林碧華, Lam, Pik-wah, Jocelyn.

January 2007

published_or_final_version / Environmental Management / Master / Master of Science in Environmental Management

ISO 14001 Standard - China - Hong Kong.