Case Study: RWW and the ISO 27000 Compliance Effort
Case Study: RWW and the ISO 27000 Compliance Efforts
Currently the trend of most of the companies involved or related to technology information is to focus its processes transactions and operations in network.
Continued use of PDCA gives us a solution that really allows us to maintain the competitiveness of our products and services, improve quality, reduce costs, improve productivity, reduce prices, increase market share, survival of the company, provides new jobs, increase profitability (Whitman & Mattord 2010).
There are many reasons why this happens: in some cases is highly dependent the consultant, if this does not appear, the project is paralyzed, no one in the company assumes the leadership.
Or start the process but doesn't have the support of senior management, the manager or owner is not involved. The company starts the process without being convinced of which will result in the end, want to be awarded certification, but their processes do not are ordered, there is much to sort first (Whitman & Mattord 2010).
Is expected to have a box Command, without clarity on strategic assumptions on which will be established indicators, there is no clear definition of customer profile, it is unclear as hope to differentiate themselves from competitors.
The ISO, conveys clearly what to do: "Top management must, at planned intervals, review the system of management quality organization to ensure its suitability, adequacy and effectiveness. The review shall include assessing opportunities for improvement and the need for make changes to the system of quality management, including policy quality and quality objectives.
ISO 27002 is not a norm in the usual sense. Indeed, this is not a standard technical, technological or product-driven, or a methodology for evaluating equipment such as the Common Criteria CC / ISO 15408.