HKCTC & HKAS Workshop on ISO 27001 ISMS Certification 2016

The Hong Kong Council for Testing and Certification (HKCTC), Hong Kong Accreditation Service (HKAS) and The Hong Kong General Chamber of Small and Medium Business co-organized a Workshop entitled “Workshop on ISO/IEC 27001 Information Security Management System Certification 2016” on 26 Oct 2016.  Certification of ISMS to ISO/IEC 27001 allows an organization to demonstrate that its information asset is adequately protected against information security risk. The workshop aimed to give an overview of ISO/IEC 27001 and discussed how to get prepared for the certification process.  Hong Kong Society for Quality (HKSQ) and Hong Kong Science and Technology Parks Corporation (HKSTP) are supporting organization.  Ms. Angela Wong (Vice-chairman, HKSQ) and I attended the workshop and took a photo for memory.

In the beginning, Mr. Kesson Lee (Secretary-General, HKCTC) give an opening remarks and he said ISO 27001 was increasing concern to avoid business potential loss and ICT was one of areas in Testing & Certification Industry to be focused.  

And then Dr. YAU Bun, Oliver (Vice President, The Hong Kong General Chamber of Small and Medium Business) gave a welcoming remark. 

All guest speakers took a group photo.

The first speaker was Mr. Ronald Pong (CEO, Nexusguard Consulting Limited (NCL); Adjunct Lecturer, HKU SPACE) and his topic entitled “Practical Implementation of ISO/IEC 27001 in Your Environment”.  Mr. Pong briefed the ISO 27001:2013 and other ISO 27000 series such as ISO 27004, ISO 27005, ISO 27006, ISO 27007, ISO 27013 and ISO 27037, etc.

Then Mr. Ronald Pong introduced ISO 27005:2011 risk management.  He said Risk included Vulnerability and Threat (Environment Factors).  And he discussed the Scope and Objective. Since resource was limited, he suggested to focus on the key business process (major process and sub-process).  Objectives were based on Confidentiality, Integrity and Availability (CIA).  

ISO 27004 was used for risk calculation (measurement) to evaluation the safeguard effectiveness.  He also told us to check the inventory first in which was consisted by fix part and dynamic part.  Such as Network Diagram + Data Flow Diagram.

Finally, Mr. Ronald Pong briefed the development of the Threat Model based on PDCA cycle.  He also discussed impact criteria based on ISO 27005 that Vulnerability Scanning (for individual system) and Penetration Testing (for End to End Business Process) used scenario.  For DR and BCP, he advised to consider Operation Level Agreement (OLA) and Service Level Agreement (SLA).  For security incident, he used ISO 27037 to keep evidences for evaluation.  At the end, he said the awareness training was important but it should use Role-based Approach (e.g. Management, General User and Technical User). 

The second speaker was Mr. Norman PAN (Managing Consultant, Doctor A Security Systems (HK) Ltd.) and his topic named “Getting Certified ISO/IEC 27001 – Experience Sharing”.  Mr. Pan introduced his company first.  They had certified ISO 27001 since 2003 (at that time named BS 7799). He said ISO 27001 included Risk Evaluation plus Management System.

Mr. Norman Pan then shared the case about Firewall & Antivirus against Ransomware.  He said the antivirus was not able to screen the ransomware (0% detection) and the URL scan was only 5% success rate!  He suggested two preventive actions that were:
i)                    Network Separation (e.g. separated File Server and Email Server)
ii)                  Remove all Flash Player in your computers.

After that Mr. Pan shared about Risk Management but he said we needed to understand ISO 27001 management system clause first and then using annex objectives for risk evaluation.  If without risk evaluation, we were not able to complete the Statement of Applicability (SOA).  Finally, he summarized that certified ISO 27001 could be differentiated in the market and got customer confidence.  He also said that top management support could be found if the information security item appeared in the budget.  

Mr. Leung Chi-chiu (Accreditation Officer, HKAS) was the last speaker and his topic named “Hong Kong Accreditation Service (HKAS) – How its Services Help You”.  Mr. Leung introduced that Accreditation which was issuance of conformance statement by a third party (i.e. accreditation body) to a conformity assessment body (i.e. laboratory, inspection body or certification body, validation and verification body) and conveying formal demonstration of its competence to carry our specific conformity assessment tasks (ISO/IEC 17024).

He used the diagram to explain the relationship among Industry, Certification Body and Accreditation Body.  HKAS is followed the ISO/IEC 17021-1 and ISO/IEC 27006 for certification body accreditation.  

The summary of MRA/MLA partners was showed.  Finally, Mr. Leung briefed the benefits of HKAS accreditation included formal recognition of CB competences to enhance reputation and to deliver confidence to their clients.

HKCTC Seminar presentation file - http://www.hkctc.gov.hk/en/work_seminars.html#b44
20150619: HKCTC & HKAS Workshop on ISO 27001 ISMS Certification - https://qualityalchemist.blogspot.hk/2015/06/hkctc-hkas-workshop-on-iso-27001-isms.html

HKSTP Lunch & Learn – Sustainability Team

HKSTP Lunch & Learn activity was proposed by our Marketing Team and it aimed to share our knowledge inter-division/ inter-department so as to enhance our understanding what kind of job and role of our colleagues.  Sustainability Team was assigned to present on 26 Oct 2016.  Before the talk, we took a group photo.

In the beginning, Mr. Kevin Edmund (Senior Manager, Sustainability) was the first speaker had he introduced our sustainability team in which included Quality, Safety, Health and Environment.  Firstly, he briefed the UN Sustainable Development Goal which had met HKSTP vision to create a vibrant innovation and technology ecosystem to deliver social and economic benefits to Hong Kong and the region.  Then he briefed our jobs included sustainability reports and he also introduced HKEX environment, Social, Governance (ESG) reporting guidelines, as well as, Global Reporting Initiative (GRI-G4).

After that Kevin briefed our ISO Management Systems and to be integrated together in 2016/2017.  

I (Quality Manager, Sustainability) was the second speaker and I introduced the quality concept to our colleagues.  Firstly, I asked a question “Which car has a better Quality?” for discussion. 

Then I introduced three quality gurus concept on quality and they were Dr. W. Edwards Deming, Mr. Philip B. Crosby and Mr. Joseph M. Juran.  I mentioned that Quality is like MATRIX which in everywhere that you can feel it but can’t see it directly.  

After that I introduced 7 Waste of LEAN principles which were Movement, Inventory, Transport, Waiting, Over Processing, Over Production and Defects.  The new waste was “Unused Employee Creativity”.  Finally, I told all how to remember this 7 waste by using the word “MIT Wood”!  At the end, I used Samsung Note 7 as example to explain what happened if Quality is not the highest priority.

Mr. Jerry Cheung (Assistant Manager, Sustainability) introduced two topics in which one is Waste and other is Climate Change.  

Jerry introduced that waste generation in Science Park was decreasing since 2013/2014. Moreover, our recycle collection rate had increased yearly.

Then he mentioned some targets for reduction of carbon emission in different countries and areas based on 2005 level.  They included USA was 26%-28% reduction in 2025, China was 60%-65% reduction (Carbon Intensity) by 2030.  Hong Kong set 50%-60% reduction (Carbon Intensity) by 2020.  Finally, Jerry told us our greenhouse gas generations come from Electricity (75%) and from Air Conditioner chemical (25%).  (P.S. Mr. Sunny Lai (Quality Engineer) helped to distribute the gift for winner during Q&A)

Mr. Morris Chan (SHE Manager, Sustainability) was the last speaker and he briefed our OHS targets included Zero occupational injury rate, Zero OHS related prosecution and SHE training.  Then he briefed SHE team routine activities included laboratory inspection, Food Hygiene, Indoor Air Quality (IAQ), SHE Seminar, etc.

After that Morris asked some question to identify any hazard in different situations.  

The talk was successful and venue was in Ideal Lab.  Our CEO also attended this talk (Right Lower Corner).

At the end, Ms. Maria Lam (CMO, HKSTP) held the Q&A session.  Kevin explained some questions from colleagues about saving electricity.

HKSTP Quality Policy - https://www.hkstp.org/hkstp_web/en/what-we-do/catalyse-technological-innovation/labs-support-services/Quality%20Policy


Apply Visa to visit Laos

I am planning to visit Laos in Nov 2016.  Laos is one of One Belt One Road countries that I never visit before.  This time, I will go with my wife to visit her classmate in Warwick Universitqy.  Moreover, I will also visit my ANQ friends’ company to understand more about Laos Quality Movement.  Today, I go to the Consulate General of the Lao People’s Democratic Republic to apply VISA.

Some traditional arts and sculptures were in the office.

And travel information about Laos was also found.

I would like to share the VISA application which cost HK$250 per people.  We add HK$50 per people to get it immediately. (Two people cost totally HK$600.)

I would also like to visit my ANQ friends - Mr. Thongdam Khounoudom (Director, Products Standard Division, Department of Industry & Handicraft, Ministry of Industry & Commerce, Laos) and Mr. Somphong Soulivanh (Deputy Director General of the Department of Industry and Handicraft, Ministry of Industry & Commerce, Laos).  We met in ANQ Congress 2013 in Bangkok.
(Left: I (HKSQ), Mr. Somphong Soulivanh (Laos), Mr. Thongdam Khounoudom (Laos), Dr. Ngo Van Nhon (Chairman, VQAH) and Mr. Ivan Chan (HKSQ))

ANQ Congress 2013 Bangkok – Technical Visit - https://qualityalchemist.blogspot.hk/2013/10/anq-congress-2013-bangkok-technical.html


HKQAA & Shaanxi Province Quality and Technology Supervision Bureau MOU Signing Ceremony

Mr. Peter Fung (Chairman, HKSQ) and I (HKSTP representative & Former Chairman, HKSQ) were honor to be invited by HKQAA to attend the MOU Signing Ceremony of Hong Kong Quality Assurance Agency and Shaanxi Province Quality and Technology Supervision Bureau (SPQTSB) (陝西省質量技術監督局).  Recently, the economy of Shaanxi Province has been accelerating and has played a pivotal role in the “One Belt, One Road” initiative.  HKQAA cooperated with SPQTSB to jointly facilitate the industry development in both Hong Kong and Shaanxi.  In the beginning, we took a photo with Mr. Bryan Peng (Assistant Director, HKQAA) (Left 1) and Mr. Nic Chan (Account Manager, HKQAA) (Right 1).

I also met my old friend Mr. KT Ting (Assistant Director, Market Research Business and Subsidiary Operations) and took a photo for memory.

In the beginning, Mr. Li Wei (李偉) Shaanxi Province representative as the Master of Ceremonies (MC) and introduced speakers for MOU.

Firstly, Mr. Zhang Xiao-ning (張小寧) (省政府副秘書長) gave a welcome remark.  He said the Qin Shi huang (秦始皇) standardized the measurement units during Qin dynasty.  The location of starting is in Shaanxi.  Then he briefed the government’s strategies included One Belt One Road, Thirteen Five-Year Plan, etc.

Then Ir. Dr. Hon Lo Wai-kwok (Chairman, HKQAA) gave welcome speech.  He said customer raised their requirement to the industry on both management level, quality and environment protection.  We would follow China government strategies such as One Belt One Road and CEPA to enhance our competitive edge through One Country Two Systems.  Today’s MOU included 4 strategies cooperation to improve the industry capability in both Hong Kong and Shaanxi.

MOU Signing Ceremony started.

After signed MOU, group photo was taken.  

The first speaker was Mr. PC Chan (Chief Operating Officer, HKQAA) and his presentation named “SPQTSB and HKQAA Strategic Cooperation Program”.  He briefed the objective of this cooperation was to enhance the testing, inspection and certification service in both Hong Kong and Shaanxi so as to improve the quality and brand level.  

The four strategic cooperation programs included:
i)                  Quality Certification Service
ii)                Quality Assessment Service
iii)               Quality Training Service
iv)                Brand Building and Influence Power Enhancement.

After that the industrial representatives in both Hong Kong and Shaanxi were shared their experience. The second speaker was Mr. Xiao Yu long (肖玉龍) (陜西省外經貿實業集團有限公司). He said they would like to establish the integrated service platform for SME.

Mr. Wong (黃家和) (金百加集團主席) was next speaker and he was also broad director of HKQAA and Chairman of Hong Kong Brand Development Council.  He said good brand was very important and he hoped the activities between Hong Kong and Shaanxi would increase in near future.

Mr. Chow (富士達) said they were one of key suppliers from Huewai and ZTE. He said the competition in future should be on Quality and Brand.

Last speaker was Mr. Henry Ho (President, Hong Kong Wine Merchants' Chamber of Commerce) and he shared the cooperation with Shaanxi Wine Associations.

At the end, Dr Michael Lam (CEO, HKQAA) gave the close remarks.  He briefed different MOU in the past included CSR index (2008), HKQAA-HKJC Carbon Disclosure e-Platform (CDeP) (2013), Hang Seng Corporate Sustainability Index (2014) and HKQAA Registration – Startup with HKSTP (2015), etc.

陝西省質量技術監督局 - http://www.snqi.gov.cn/


HKCTC Seminar on Professional Integrity in Testing and Certification

The Hong Kong Council for Testing and Certification (HKCTC) and Hong Kong Accreditation Service (HKAS) co-organized a seminar entitled “Accreditation for Medical Laboratory – The Road Towards Quality and Competence” on 12 Oct 2016.  Medical laboratories provide essential support to the medical sector.  Accurate and reliable laboratory services are crucial for proper clinical diagnosis and treatment.  It is important for medical laboratories in Hong Kong to obtain formal recognition of their testing competence and standard through laboratory accreditation.  The seminar aims to introduce the medical testing accreditation and share the experience of obtaining accreditation and its benefits. 

The first speaker was Ms. Bella Ho (Senior Accreditation Officer, HKAS) and her topic entitled “Accreditation Service for Medical Laboratories”. She said the first launch of HOKLAS based on ISO 15189 was on 16 Feb 2004.  Before that accreditation was employed ISO 17025 included NATA.  The ISO 15198 Particular requirement for quality and competence of medical laboratories was published in Dec 2003. 

There were six disciplines of accreditation scope included Anatomical Pathology, Chemical Pathology, Immunology, Haematology, Microbiology and Medical Genetics.  Bella found that no regulatory requirement on the operation of a medical laboratory.  Categories of accredited laboratory was separated into “P” and “S” according to the whether the Laboratory Director is a “Pathologist” or a “Scientist”.  For approved Signatories, only qualified pathologists in the relevant pathology discipline can be signatories of these tests. 

It has only regulated the personnel working in a medical laboratory under the Supplementary Medical Professions Ordinance (SMPO) (CAP 359) which started from early 1990s. The brief of SMPO is showed in the following diagram.  

Then Bella mentioned some statistics to us such as total number of medical laboratories accredited since 2004.

And the table of the progress of the medical programme which included HOKLAS, NATA, and CAP.

Finally, Bella summarized the changes in the medical testing field after introduction of medical accreditation programme as follows:
-          More educational opportunities,
-          More reference resources,
-          More platforms for information exchanges.
The second speaker was Dr. QUE Tak-Lun (Chief of Service, Department of Clinical Pathology, Tuen Mun Hospital) and his topic named “Benefits of Accreditation to the Community”.  Firstly, he shared with us different types of food he cooked.  He said a good cook depends on cooker, manual, raw material, equipment, etc. 

Then he shared the common factors between Cooker and Pathologist in the following table.  Both career should ensure the quality and had risk management.  

At the end, he said accreditation was not from western.  It could be traced to the first emperor in China.  

Before tea break, all guest speakers took a group photo.

Mr. Stanley Leung (Director of Clinical Laboratories, Hong Kong Adventist Hospital (HKAH)) was the third speaker and his topic was “Value of Laboratory Accreditation on Top of Hospital Accreditation”.  Their group had two hospitals in Hong Kong and they located in Tsuen Wan and Stubbs Road.  HKAH-SR specialized in cancer & heart treatment, and HKAH-TW as a community hospital in Territory West which provided sub-acute care.

Then Mr. Leung briefed their history of accreditation included UK, JCI, ACHS, WHO and HOKLAS, etc.

After that Mr. Leung told us the three criteria, which was focus on Hospital Accreditations, were “Hospital Safety”, “Staff Competency” and “Overall Quality of Patient Care”. Moreover, criterial of functions included 1) Clinical, 2) Support and 3) Corporate.

Mr. Stanley Leung mentioned that most Hospital Accreditation was focused on Blood Bank.  Therefore, good blood transfusion practice was very important.  HKAH had accredited Clinical Chemistry, Haematology and Blood Banking, Microbiology, Histopathology and Cytology by HOKLAS, CAP and NATA.

Finally, he showed the sample analysis cycle from test ordered to result reported.  They got accreditation because of their values that were Excellence, Service & Care Integrity.  He said Laboratory Accreditation (HOKLAS) is equal to Commitment to Quality.

The fourth speaker was Ms. Cordelia Leong (Pathology Department Manager, Alice Ho Miu Ling Nethersole Hospital and North District Hospital) and her topic named “Culture in Laboratory: A Change After Accreditation”.  Firstly, she said they had many different requirement and systems before laboratory accreditation. At the time, it was not bad, but greatly depended on a highly competent leader to put all the things together.  

However, accreditation based on ISO 15189 brought a structured quality management system into the hospital.  It included Management, Man, Machine, Material and Method requirements as following diagrams.

After accreditation, staff changed their culture that QMS elements as part of their daily work. The benefits would be systematic approach, better documentation, traceability, result accuracy and staff competence, continual improvement and learning opportunities.

Finally, Ms. Cordelia Leong use the diagram to explain the Accreditation role from Pull (increase the management level) before got accreditation and then to be Push (maintenance the existing level) after accreditation.  The future Pull role is come from “Benefits to the Lab & Staff”.  

The last speaker was Mrs. Marianne Leung (Laboratory Director, Pathlab Medical Laboratories Ltd.)  and her presentation topic entitled “How Accreditation Helps in Business, from a Commercial Laboratory’s View”.  Firstly, Mrs. Leung introduced her laboratory which established since 1975. Now, PathLab has about 140 employees which 50% technical and 50% auxiliary.   

She explained why her laboratory did accreditation.  Because HOKLAS allowed non-pathologist scientists able to be Lab Directors (S Lab) and staff morals which was not good / bad but stagnant.  But she quoted “Do something today that your future self will thank you for.”  Mrs. Leung analyzed areas of business in a commercial laboratory included Internal Problems, Staff Moral & Hiring, New Areas of Business, Reputation and Legal Protection, as well as Business Growth.  

Then she explained some internal problems they had overcome.
A.    Pre-analytical
-          Phlebotomy side effects and Client’s errors on sample collection & handling (not labeling tubes, no date or time, name mismatch, no individual bags, etc.)
B.     Analytical
-          Multidiscipline MLT Training
C.     Reporting
-          Signatory duties
D.    Management & Business
-          Financial matters

Finally, Mrs. Leung concluded some benefits about accreditation included “Staff Morale and Hiring Ability Improvement”, “Chance to Bid for New Business – Clinical Trials”, “Better Reputation & Legal Protection”.  At the end, she showed their lab business growth after accreditation.

During the Q&A, Bella answered some question about accreditation period and preparation time.  She said it was about 10 month after initial assessment to get the accreditation.  For preparation time, it should be at least from 1 year to 1.5 year to prepare all documentation.



Related Posts with Thumbnails