Subject matter experience in various domains
Services T & C’s: Services Terms & Conditions
ICT specific competence
– Technology Advice
– Project Management
– Interim Management
– Organisational Advice
– Quality Care
– Information Governance & Security
Governance, Risk Management and Compliance related competence
– Advise best practice for auditing & risk management (maturity based) and coach the practical implementation
– Support structuring of the universe with it’s assessment components and related mathematical assessment logic
– Implementation of working templates and management reporting
– Design of decision systems based on measurements and bridging with ICT systems (both ways)
References of international GRC and Privacy related implementation work, training and consulting is available here.
Information & Communication Technology
IT Auditing
Perform IT Control Diagnostics in terms of performance, risk, responsibilities and service level agreements.
Engagement Scoping
Analyse fitness of IT governance processes and associated controls, including identification of minimum controls.
Resource Assessment
Assess resource balancing versus management control objectives.
Risk Assessment
Evaluation of IT domain risk factors in terms of Technology Concerns to Management as defined by Gartner Group.
We can help you
1 – To assess your current performance in dealing with
Office Work
Internal team collaboration
Client Relationship Management
Use of website communication technology
Electronic order and invoice processing
Mobile Efficiency
Your capability to deal with your business activity while people are away from the office
Business continuity & security
Your capability to deal with
Information backup and restore practices
Information loss protection against physical, logical and human error threats
Capability to survive without ICT
ICT strategy
Your vision on efficiency, competitivity, cost & time savings
Maintenance and IT related work; suppliers and ( out )sourcing
Long-term vision and budget to get there
2 – To choose the pragmatic way forward in function of your actual level of maturity
3 – With provision of the appropriate support to implement the desired course of action
Some of the above services are performed using CobiT™ Framework based methodology.
Executive CobiT™ information and IT Governance reference materials are available from the Information Systems Audit & Control Association
Process set-up, analysis and remodedeling activities are performed using SAP’s Solution Composer. Click here for a sample. (Functions correctly only with older browsers). Alternatively we use ARIS BPM.
CobiT™ is a TradeMark of the Information Systems Audit and Control Foundation.
Interim Management
Management Approach
QPMC has adopted a methodology based on joint experience of subject matter experts it encountered long before QPMC was established as a company.
The specific techniques are documented in PRAGMA which stands for “Pragmatic and Rational Approach to Governance Management Advice”.
Governance gets defined in the encyclopaedia as “The action of developing and managing consistent, cohesive policies, processes and decision rights for a given area of responsibility”. Pragmatic means “The compromising of one’s ideals to better deal with the specifics of a situation”, and rational is as simple as ”characterized by truth or logic”.
The focus of the Pragma approach is aimed at assisting Decision Makers in implementing governance systems in a practical way in their the day-to-day operations, using the POLICE approach of Plan, Organize, Lead, Inform, Control, Evaluate
Bridging people management gaps
IS/IT Competence management
Change management
Project Management
Core focus for managing projects
– Large project orientation
– Concentrated on methodological approach
– Including organizational advice
– Project Office know-how
Q-Project applies knowledge, skills, tools and techniques to project activities to meet or exceed stakeholder needs and expectations from a project.
This involves balancing competing demands among:
– Scope, time, cost & quality;
– Stakeholders with differing needs and expectations;
– Identified requirements (needs) and unidentified requirements (expectations).
Q-Project practices Industry recognised approaches for Integration, Scoping, Timing, Costing, Quality Control, Resourcing, Communications, Risk Management and Procurement.
Q-Project understands the relationship of Project Management and Practice to General Management Knowledge and Practice and Application Area Knowledge and Practice.
Organization
Organizational advice focus
– Vast experience with operational issues in different business sectors
– Concentrated around organizational assessment and guidance for implementation of adequate solutions
Objectives:
– Analyse presumed problem area processes and practices and identify actions required to resolve unveiled anomalies.
– Provide a simple follow through mechanism for Management to monitor Improvement Action Plan implementation progress.
Quality Care
Quality Care Focus
Generic processes
– Implementation of basic “conformance to requirements” systems like “Zero Defects”, Phil Crosby approach
– Extension of basic systems with benchmarking and loop-back
– Up to assessment and business improvement based on the Baldridge Quality Criteria
Governance, Risk Management & Compliance
GRC related Competence
– Advise best practice for auditing & risk management (maturity based) and coach the practical implementation
– Support structuring of the universe with it’s assessment components and related mathematical assessment logic
– Implementation of working templates and management reporting
– Design of decision systems based on measurements and bridging with ICT systems (both ways)
References of international GRC and Privacy related implementation work, training and consulting is available here.
Information Security & Privacy
Information Security expertise
– Built within several domains over time
Consult the overview on the top of this page
Quote from ISO International Organization for Standardization October 2024:
ISO/IEC 27001 for business readiness and resilience
ISO/IEC 27001 is the world’s best-known standard for information security management systems (ISMS). It is being used globally in almost all business sectors by organizations big and small. The standard has brought positive change to the way information security is addressed, empowering organizations to conduct their business securely.
When the ISO /IEC 27001 requirements are fulfilled, your organization is able to operate an ISMS to protect its valuable, commercially sensitive and private information. The key feature of the standard is a set of processes that help to manage the risks from cyber-attacks. It also helps you keep your information security measures up to date by continually reviewing and improving the ISMS to deal with changes to the business environment and the risks you face.
By implementing ISO/IEC 27001, you protect your information assets and your reputation, increase customer trust and enhance market relevance.
Check your information security maturity: How ready are you for ISO/IEC 27001?
In order to get effective, appropriate and suitable protection from ISO/IEC 27001 for your organization and be able to claim conformance, it is mandatory to address all requirements of the standard. The following sample questions can help you assess your information security maturity and get ready to implement the world’s best-known information security management standard, ISO/IEC 27001.
Business context
- • Is your ISMS design and implementation based on an analysis of your organization’s business context? To ensure you get the full benefit and value, the scope and configuration need to match your specific circumstances.
- • Have you analysed the needs and expectations of interested parties, i.e. both internal and external stakeholders? Any needs in terms of confidentiality, integrity and availability of information must be addressed by the ISMS.
Management leadership and commitment
- • Is top management demonstrating leadership and commitment – for example, by taking an active role in engaging, promoting, monitoring and reviewing the performance and effectiveness of the ISMS?
- • Does your organization have a documented information security policy? If so, is this policy reviewed and updated regularly to ensure it remains relevant and effective?
- • Have sufficient resources (financial, human and technical) been allocated to support the implementation process?
- • Has top management assigned the relevant ISMS roles and responsibilities to managers and employees?
Risk assessment and risk treatment
- • Have you conducted a comprehensive risk assessment to identify, analyse and evaluate the risks you face in terms of loss of confidentiality, integrity and availability of information? This is a crucial and manadatory process for all organizations.
- • Are the results of the risk assessment used to determine the best option for mitigating the risks? A common approach is to select an appropriate set of information security controls to reduce the risks. These can either be taken from a standard set of controls or be developed by the organization.
- • Are the controls regularly reviewed and updated to make sure that your information security remains effective?(See performance evaluation below.)
Competence, awareness and training
- • Does your organization ensure it has competent managers and employees for the tasks or activities relevant to the ISMS?
- • Have all employees received awareness training on the importance of information security and to understand the role they play in protecting the organization’s information assets? Is everyone’s training appropriate for their respective role?
Performance evaluation
- • Do you conduct regular monitoring, measurement, analysis and evaluation of your ISMS? This enables managers to answer the ever-present question: “Is our information safe?” Evaluation also ensures that you will make improvements to the ISMS when necessary to keep it up to date.
- • Does your organization conduct impartial internal audits of your ISMS to ensure that it is effectively implemented and maintained?
- • Does top management conduct management reviews on the overall performance of your ISMS in order to determine if it is:
- o Suitable ⇒ Does the ISMS still serve its purpose?
- o Adequate ⇒ Is the ISMS still sufficient?
- o Effective? ⇒ Does the ISMS still achieve the intended results?
Take action
Congratulations! By starting to identify the gaps between your current information security processes and the requirements of ISO/IEC 27001, you are adopting a cyber-resilient mindset and taking a critical step to protect your information assets from threats and vulnerabilities.
Remember, only when all requirements are met – not just the fundamental principles outlined above – will you benefit fully from the protection that implementation of the ISO/IEC 27001 standard can offer.
Need more guidance on how to develop an ISMS implementation program? Check out ISO/IEC 27003!
Best regards,
Your ISO Team
Cras mattis nisl auctor tellus maximus, id consectetur nulla suscipit. Praesent consequat elit vitae ipsum porttitor, at facilisis enim hendrerit. Morbi tincidunt ornare scelerisque. Maecenas et iaculis libero, in volutpat arcu. Vestibulum ac sagittis felis. Aenean tempor tellus id felis finibus, quis aliquam sem pretium.
Id consectetur nulla suscipit. Praesent consequat elit vitae ipsum porttitor, at facilisis enim hendrerit. Morbi tincidunt ornare scelerisque.