Using ISO 27001 to support DORA compliance
TheDigital Operational Resilience Act (DORA)is a new regulation in the European Union that aims...
Easy! “The customer is king”. That’s what we say, isn’t it? Well, up to a point.
Obviously if you don’t keep your customers satisfied, you’re not going to be in business for too long. But you have to balance keeping your customers satisfied with retaining your staff; You can’t deliver customer satisfaction without them.
Local government, national government, and regulatory bodies also have an interest in your business. Compliance with the law and various regulations is essential. Since ignorance of the law is not a defence, you also need to ensure that you keep abreast of new and amended rules.
Your ability to win new customers may also be affected by your wider reputation. This can be impacted by the way you interact with your neighbours or wider community, or what you and your staff say on social media
The newer generation of ISO standards talk about “Interested Parties”. When we’re implementing our quality, environmental, information security, or other ISO certified systems we need to do it with a clear understanding of who our Interested parties are, and what their expectations are.
We were ruminating on this notion of “…just who is an Interested Party, and what do I do about it?” over with a new client, recently. Essentially, in our interconnected world where everyone seems to have to have an opinion on everything, just whose interests should a business consider?
Businesses need to be able to focus on who is truly relevant to them; their Relevant Interested Parties (RIP). The ISO 9000:2015 guidelines provides a useful definition of a Relevant Interested Party:
“The relevant interested parties are those that provide significant risk to organisational sustainability if their needs and expectations are not met.”
…which sounds like a very genteel threat. But business is a balancing act, and we need to keep the right people happy at the right times. That is, we have to manage our interested parties, and that means understanding who they are, how interested they are in us, and how much power they have.
Understanding the Power/Interest dynamic allows us to plot our interested parties on a simple grid that suggests which management strategy is most appropriate for each area. For instance, a key customer is “Very Interested” and “Very Powerful”; you don’t want to lose them, and you don’t want to take a reputational hit from losing them. On the other hand, your local authority are mostly “Not Very Interested” but still “Very Powerful”; you need to keep abreast of what they require from businesses, but you don’t need to actively court favour. Finally, remember that even though a party may be “Interested” but not “Powerful” on their own, if they collaborate – say, in a user group – their collective power and interest multiplies.
ISO 9000: Guide, liferaft, sage When you’re stuck in a “What do they mean by that?” moment in your ISO 9001 implementation, you could always do a lot worse than refer to the ISO 9000 standard. Whereas ISO 9001 provides a set of requirements for a certified Quality Management System, ISO 9000 provides the fundamentals and principles of quality management. |
You don’t have to document how you decided who your interested parties are, but it’s useful if you do. Documenting how you reached a decision will help whoever is involved in future decision-making to keep things consistent.
The ISO standards for Quality Management, Environmental Management, Information Security Management, Business Continuity Management, and Organisational Health & Safety Management all require you to understand your Interested Parties and their requirements. That means that the same procedure and record can be applied across multiple systems and standards. All the more reason to put the effort into getting it right.
We can help you to define your Interested Parties and understand their requirements as a single facilitated workshop, or as part of a broader certification programme. If you’d like to discuss these in more depth, complete the contact form, and we’ll call you back.
TheDigital Operational Resilience Act (DORA)is a new regulation in the European Union that aims...
We all know that our flights cost more when we want more comfort than is offered by economy...