What is a management system?
A management system is a set of policies, processes, and procedures employed by an organization to ensure its capability to perform tasks essential for achieving its goals. These objectives span various aspects of the organization’s operations, including financial success, safety, product quality, customer relations, legal and regulatory compliance, and human resource management. For instance, an environmental management system enhances an organization’s environmental performance, while an occupational health and safety system allows an organization to manage its occupational health and safety risks.
At Taipuva, we possess extensive experience with various management systems, assisting our customers in their fulfillment. Examples include:
- ISO 9001:2015 Quality Management System
- ISO 13485:2016 Quality Management System for Medical Devices
- ISO 14001:2015 Environmental Management System
- ISO 21434:2021 Road Vehicles – Cybersecurity Engineering
- ISO 27001:2022 Information Security Management System
- ISO 45001:2018 Occupational Health and Safety Management Systems
- ISO 26262 Functional Safety
We are now advancing to not only fulfill these standards but also make them operational through the digitization of management systems. Leveraging our background in systems engineering, with a strong focus on principles outlined in the ISO/IEC 15288:2002 standard – a framework for describing the life cycles of man-made systems.
To create a digitized management system, a conceptual model is imperative. In the following illustration, we present our concept model, offering a conceptual framework that utilizes a common and precise language, thereby facilitating digitization.
Cybersecurity in product development
Cybersecurity legislation affects many industries. For example, the automotive industry must ensure compliance with the new ISO/SAE 21434 standard for Road vehicles — Cybersecurity engineering.
Digitization and Implementation of Management Systems
To practice what we advocate, we are introducing the Information Security Management System (ISMS) in accordance with ISO 27001:2022, utilizing Polarion. We have structured this into two projects within our environment. The first focuses on the documentation of the management system, encompassing policies, procedures, and guidelines. The second concentrates on the operational aspect, emphasizing assets, risks, and risk mitigation. These two projects are closely interconnected with clear traceability.
Information Security Management System
In the documentation project, we have developed a navigable solution incorporating our knowledge of management systems. We generate process maps, as shown in the image below, based on documentation, and the links between processes and deliverables include roles and directions, mirroring the structure in Polarion for requirements verified by test cases.
ISO 27001 Operational
In the operational project, we employ Nextedy RiskSheets for tasks such as asset management, risk assessment, and risk mitigation. The advantage of having both the management system and the operational tools in Polarion is the ability to link information seamlessly. In the screenshot below, we visualize the process description directly in the tool, listing all assets.
What is NIS2?
The NIS2 Directive is the EU’s latest network and information security directive aiming to improve collective cybersecurity across the Union, with the goal of improving the resilience and ability to respond to malicious security incidents, both in the public and private sectors, but also in the EU as a whole.