P
I've just started implementation of this standard, to which I'm quite new, though familiar with other ISO standards.
An initial gap analysis has revealed those areas where there is some overlap with the existing integrated management system, and where there are huge gaping holes.
The next step is risk assessment. How far is this expected to go? I mean, realistically you could fill 100s of pages and try and cover every eventuality, but end up listing most of it as "chalk it down to experience". For example, use of memory sticks, emailing documents, emailing anything, IT specialists access to s ervers etc? Where do you stop? I don't want to spend the rest of 2009 doing a risk assessment? But at the same time I don't want to gloss over it. Any hints?
Also, in terms of the risk treatment programme (is it possible to just get some tablets for it?) can we make use of the "reasonable practicable" defence, i.e. if it takes an unreasonable amount of time/money to plug a hole, then accept it can't be done.
I realise that's a lot of questions, but any light that can be shed I'd be grateful!
Cheers....
An initial gap analysis has revealed those areas where there is some overlap with the existing integrated management system, and where there are huge gaping holes.
The next step is risk assessment. How far is this expected to go? I mean, realistically you could fill 100s of pages and try and cover every eventuality, but end up listing most of it as "chalk it down to experience". For example, use of memory sticks, emailing documents, emailing anything, IT specialists access to s ervers etc? Where do you stop? I don't want to spend the rest of 2009 doing a risk assessment? But at the same time I don't want to gloss over it. Any hints?
Also, in terms of the risk treatment programme (is it possible to just get some tablets for it?) can we make use of the "reasonable practicable" defence, i.e. if it takes an unreasonable amount of time/money to plug a hole, then accept it can't be done.
I realise that's a lot of questions, but any light that can be shed I'd be grateful!
Cheers....
