Quality management and information security

Ensure the quality of your processes with certified systems!
I would like a free consultation!

WHY SHOULD YOU IMPLEMENT MANAGEMENT SYSTEMS?

Senior management of organisations and those responsible for management systems (quality management, environmental management, information security, etc.) have a legitimate expectation that the company, the specialised areas concerned, are managed by a well-defined, regulated, independent organisation operate according to certified, continuously monitored and improved processes and daily practices. This need is addressed by the various management and integrated management systems, which, either separately or in an integrated way, guarantee that organisational processes, objectives, products and services are implemented in accordance with internal requirements and defined external standards.

ISO standards (international standards issued by the International Organization for Standardization) are designed to strengthening the trust of customers and other stakeholders, to provide the performance necessary for the production and operation of quality, environmentally sound products and services that meet information security requirements. This system operation is independent of industry, organisational size or core business, and can add significant value in terms of effectiveness and efficiency, in addition to certification. 

What happens after contacting us?

We believe that processes and documents describing management systems are not made for the account. In our work, we focus on mapping and improving real processes!

1. Free consultation: understanding needs, goals, options

2. Preparation and presentation of the offer

3. Conclusion of the contract

4. Support within a commonly agreed framework:

  • System development, development of regulations
  • Operation and maintenance of existing systems
  • Training, regular and ad hoc internal briefings
  • Preparing, conducting and evaluating internal, supplier and customer audits
  • Supporting role in independent audits, personal involvement
Let's do it!

Our Featured Experts

János Szendi Joó

János Szendi Joó

CISM
Béla Czimbalmos

Béla Czimbalmos

Domonkos Végh

Domonkos Végh

CAPM, PMP
Csaba Kecskés

Csaba Kecskés

quality management and iso

How can we help?

Near 20 years of experience in process development, certification and independent auditing we can develop, build, train and audit a variety of management systems.

We believe that such a certified system can be valuable if it is consistent with daily practice and its elements are implemented in an effective, practice-oriented way on a daily basis.

In our opinion, an ISO-based system development, operation or audit adds significant value to the to improve processes, increase efficiency and effectiveness, and not incidentally about this organisational value certifying certification is ad. Whether we are talking about ISO 9001 quality management, ISO 27001 information security, ISO 14001 environmental management, ISO 45001 occupational safety or their integrated systems, our staff can help you achieve this goal by understanding requirements and developing and operating processes to meet them.

Survey, introduction
and education

  • Assessment of leadership, management, core and support activities
  • Creating a flow map,
  • Review of processes, regulatory documents
  • Benchmarking of existing processes against requirements
  • Preparing proposals for process improvements
  • Development and adoption of regulations
  • Training new process elements

Regular audits and system monitoring

  • Setting annual objectives for the management system, drawing up quality plans
  • Certification of suppliers, subcontractors
  • Customer satisfaction measurement aggregation, organisational level performance evaluation
  • Documentation review, continuous process improvement
  • Regular internal audits, review of the functioning of the system
  • Holding mandatory internal training
  • Implement corrections following certification, review audits

Quality management system design (ISO 9001)

Although the process and content of system builds may vary depending on the characteristics and activities of the organisation concerned, we most often follow the following process in our work:

Review of current operations of the sites concerned, review of regulatory documents

  • Identification and mapping of management, governance, core and support processes
  • Review of regulatory documents
  • Identification and incorporation of process improvement proposals
  •  Developing a regulatory framework

Designing a regulatory environment

  • Drafting, amending, commenting on and approving top-level regulatory documents
  • Process consulting, process optimisation, making processes more efficient
  • Development of work instructions, expert advice
  • Communicating standard requirements and company-specific content to stakeholders
Support for system operation  
  • Identification of non-compliances, improvement proposals and preventive measures following consultations
  • Preparing, conducting and evaluating internal audits
  • Preparing the management review, preparing management and key stakeholders for a successful certification audit
Contact us!

Information security system design (ISO 27001)

In the field of information security, we work broadly along the following steps, which of course depends on the systems and processes operating at the Client:

  • IT security situation assessment
    We will review existing IT security policies as well as unregulated, practice-based IT security processes. Interviews will be conducted as part of the situation assessment, based on which a GAP analysis will be carried out against the standard requirements.
  • Definition and development of information security policy and strategy
    We define the organisation's information security objectives in the light of current legislation, the place and role of the information security area in the organisation, and the strategic methods for achieving these objectives.
  • Preparation of an information security policy
    We record procedures that meet the requirements set out in standards and relevant legislation (e.g. Act L of 2013).
  • Preparation of an IT Business Continuity Plan (BCP)
    We define the processes that ensure the continuity of IT services in the organisation.
  • IT Disaster Recovery Framework and Plan (DRP)
    We will develop a policy for the IT tasks to be performed by the organisation in the event of a disaster, and assess the disaster recovery plans already in place for the services provided by the organisation.

GDPR compliance

On 25 May 2018, European data protection legislation came into effect, setting a new global benchmark for personal data, security and compliance. This was followed by the harmonisation of Hungarian laws, including the Act CXII of 2011.

The General Data Protection Regulation - GDPR - is all about protecting and enabling the protection of individuals' data. The Regulation does not set out specific measures, only expectations (with the prospect of sanctions), so it is necessary to examine data management individually and determine the necessary responses from the organisation.

According to the Hungarian Data Protection Authority (NAIH), companies should review their data protection systems every time there is a change in the way they handle personal data, but at least every 3 years. The Data Protection Regulation affects any business that processes personal data of employees or customers. Personal data is any data that can be used to identify someone. In the light of the above it affects almost all organisations, and the expected fines can be as high as 2-4% of annual turnover.

Assessment, implementation and training

  • Detecting the flow and storage of personal data
  • Keeping a register of personal data, establishing the legal basis
  • Data protection measure mapping
  • Action plan to improve inadequate practices
  • Developing a data protection policy
  • Design of the information sheets concerned
  • Data protection incident management, drafting a complaints procedure
  • Preparation of data protection education material
  • Data protection addendum to subcontracts, partner contracts
  • Preparation of a data processing contract
  • Modification of related procedures, training and workshops on demand
  • Alignment with other organisational regulations

Data protection audits and system monitoring, DPO services

  • Regular internal audits to review the functioning of the system
  • Regular information on NAIH resolutions and proposed actions concerning the system
  • Consultations on data protection
  • In the event of a complaint or incident, we will help you identify actions to be done from the organisation's side.
  • Making recommendations for continuous improvement, improvement measures, legal support if needed

Occupational health and safety (MEB) management system building (ISO 45001)

The establishment, implementation and operation of an ISO 45001 management system ensures that the risk to workers and occupants is minimised, thereby avoiding health hazards, reducing associated costs and increasing business performance by ensuring that production is carried out with a full workforce and without downtime, and that the organisation's image in the marketplace reflects its responsibility towards its employees.

Main points of the MEBIR implementation:

  • Health and safety assessment, initial screening
  • Development and implementation of MEB policy
  • MEBIR system deployment, documentation
  • Operation of the implemented MEBIR system, continuous improvement - PDCA
  • MEBIR training, MEBIR training
  • MEBIR internal audit
  • MEBIR management review
  • Certification process support

Contact us!

info@promanconsulting.hu

+36 30 663 2069

H-1118 Budapest, Kelenhegyi str. 29/b.