Presentation is loading. Please wait.

Presentation is loading. Please wait.

Günter Griesmayr 29. April 2010

Published byGregory Tucker Modified over 8 years ago

Similar presentations

Presentation on theme: "Günter Griesmayr 29. April 2010"— Presentation transcript:

1 Günter Griesmayr 29. April 2010
K-A AMA Quality Management System (QMS) and Information Security Management System (ISMS) Günter Griesmayr 29. April 2010

2 Agrarmarkt Austria Austrian Paying Agency for CAP (everything but export refunds) AMA was founded 1993 by law 1st and 2nd Pillar of CAP ~ 500 employees 2009: payment of Mio. EUR

3 Organisation Chart

4 1. Relation Reg. 885/2006 and ISO Standards
Framework for the improvement of the implementation of EU requirements under Reg 1663/95 1996 decision for the implementation of ISO 9001 1997 start of the preparation for certification 1999 first certification, since then certified 2005: Reg 465/2005 – new Information Security requirements (ISO 27002, COBIT, Baseline Protection Manual) decision for ISO 27002 certification 2007, since then certified

5 1. Relation Reg. 885/2006 and ISO Standards
Connections of ISO Standards with Reg 885/2006 Annex I

6 2. ISO 9001:2008 / ISO 27001:2005 (1) certification:
The certificate confirms that the organisation has an established, implemented and maintained quality and information security management system. The AMA was certified by Quality Austria (ISO 9001) and CIS (ISO 27001). These ISO-Systems are nearly worldwide accepted.

7 2. ISO 9001:2008 / ISO 27001:2005 (2) The ISO 9001 certificate relates to the quality of the organisation. The ISO certificate confirms the security management (incl. risk management) regarding human resources, physical and environmental security , IT systems, IT stored data and not electronicly stored data.

8 2. ISO 9001:2008 / ISO 27001:2005 (3) requirements:
Management responsibilities customer relationship, quality and security policy and targets, responsibilities, competence and communication, management commitment Resource Management human resources, infrastructure, work environment, budget Documentation management manual, controlled and classified documents and records,... Risk management

9 3. Internal audit ISO 9001 und ISO 27001 (1)
purpose: check compliance with internal regulations and ISO-requirements check compliance of documentation with processes check effectiveness and efficiency of the management system planning: audit programme for 3 years, internal audits of all divisions and locations regard results of passed internal audits define audit method (system or process) and focus fix auditors

10 3. Internal audits ISO 9001 und ISO 27001 (2)
schedule: preliminary talk check documentation audit closing talk reporting continual improvement results of audits run in the process of continual improvement. There controls are fixed and the effectiveness will be checked and documented.

11 4. External audits ISO 9001 und ISO 27001
certification audit Once by accredited certification body (Quality Austria – ISO 9001, Certification & Information Security Services GmbH – ISO 27001) surveillance audit yearly accredited certification body recertification audit every three years certificate extension

12 5. benefits of QMS and ISMS (1)
accreditation as paying agency continued systematic update controllable clear processes transparency and traceability of operations transparent and clear responsibilities secure decisions / clear duties clear competence and interfaces intensification of communication focused resource management standardization if usefull easier handling because of standardization, clear processes and responsibility

13 5. benefits of QMS and ISMS (2)
higher efficiency systematic error prevention internal control system trained employees security / liability better image identification and treatment of risks business continuity management clear rules for information security

Download ppt "Günter Griesmayr 29. April 2010"

Similar presentations

Siemens Healthcare Integrated Management System (Or the journey to it)

Siemens Healthcare Integrated Management System (Or the journey to it)
Integrated Management Framework

Integrated Management Framework
Environmental Management System Implementation

Environmental Management System Implementation
Massachusetts Digital Government Summit October 19, 2009 IT Management Frameworks An Overview of ISO 27001:2005.

Massachusetts Digital Government Summit October 19, 2009 IT Management Frameworks An Overview of ISO 27001:2005.
Department of Environmental Quality Environmental Management System Overview.

Department of Environmental Quality Environmental Management System Overview.
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Environmental Management System (EMS)

Environmental Management System (EMS)
QA Programs for Local Health Departments

QA Programs for Local Health Departments
Tomas Pivoras - EMS experience1 Environmental management systems – experience from Lithuania Tomas Pivoras Kaunas University of Technology.

Tomas Pivoras - EMS experience1 Environmental management systems – experience from Lithuania Tomas Pivoras Kaunas University of Technology.
ENVIRONMENTAL MANAGEMENT SYSTEMS. ENVIRONMENTAL ISSUES Global Warming Climate Change Ozone Layer Resource Depletion Population Growth Waste Disposal Effects.

ENVIRONMENTAL MANAGEMENT SYSTEMS. ENVIRONMENTAL ISSUES Global Warming Climate Change Ozone Layer Resource Depletion Population Growth Waste Disposal Effects.
ISO/IEC 27001 Winnie Chan BADM 559 Professor Shaw 12/15/2008.

ISO/IEC Winnie Chan BADM 559 Professor Shaw 12/15/2008.
The ISO 9002 Quality Assurance Management System

The ISO 9002 Quality Assurance Management System
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Environmental Management Systems Refresher

Environmental Management Systems Refresher
First Practice - Information Security Management System Implementation and ISO 27001 Certification.

First Practice - Information Security Management System Implementation and ISO Certification.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Quality Management.

Quality Management.
OHSAS 18001: Occupational health and safety management systems - Specification Karen Lawrence.

OHSAS 18001: Occupational health and safety management systems - Specification Karen Lawrence.
ISO 9000:2000 Quality system standards adopted in 1987 by International Organization for Standardization; revised in 1994 and 2000 Technical specifications.

ISO 9000:2000 Quality system standards adopted in 1987 by International Organization for Standardization; revised in 1994 and 2000 Technical specifications.
Presented by Katarina NEUSCHLOVA

Presented by Katarina NEUSCHLOVA

Similar presentations

Ads by Google