Combining Quality + Information Security – like required by ISO 27001 or GDPR – with BPA Quality on SharePoint/Office 365.
There are a lot of similarities in ISO clauses/chapters for quality (9001), environment (14001), information security (27001), health and safety (45001) and others. This means organizations can use the same tools to setup a “global compliance system”.
Continual improvement is best described by the Deming’s wheel (Plan-Do-Check-Act). Processes, objectives, risks, documents, audits, etc. are the tools to support continual improvement regardless the standards in place.
Let’s follow the PDCA approach to integrate an information asset register with your existing QMS, like required by ISO 27001 or GDPR regulations. For each value-added process, it’s required to identify data/document flows, what kind of data/document is stored and how.
This video presents a scenario to integrate information security with BPA Quality on Office 365, by simple configuration with no code.
In this example, we start from the overall value-added process map and drill down a process to view related compliance documents, audits, indicators, etc. The process data flow has been published in the QMS document library.
The information asset register has been created in the BPA app starting from an existing Excel register. Information assets are added with their required attributes, like data classification, retention and others. Significant assets with sensitive customer data requires a risk analysis. Controls need to be applied for assets with sensitive data.
The same approach can be used for environmental aspect, health and safety registers.
As a conclusion, it is possible to extend your QMS to a global compliance system by integrating new processes. Using a digital app like BPA, you can convert any spreadsheet to a new data register and connect it with the existing modules for continual improvement.