Area of Responsibility
A.ISO 9001Quality Management System (QMS)
1.Design, Development and Implementation
- Design, implement and maintain QMS in accordance with ISO 9001 standards
- Develop and document quality policies, procedures and processes which are aligned with prevailing ISO 9001 standards.
2.Monitoring and Auditing
- Conduct regular interval audits to ensure ISO 9001 Compliance
- Monitor key performance indicators(KPIs) to access and improve effectiveness of QMS
- Lead continuous improvement initiatives in quality management
3.Training and Awareness
- Provide training on ISO 9001 standards and quality management best practices
- Ensure all employees understand their role within the QMS framework
B.ISO 27001 Information Security Management System (ISMS)
1.Development and Implementation
- Establish, implement the ISMS standards as per ISO 27001
- Develop and maintain robust information security policies, procedures and controls.
2.Risk Management
- Conduct risk assessments to identify potential threats to information security.
- Implement appropriate security measures to mitigate identified risks.
3.Monitoring and Auditing
- Conduct regular interval audits to ensure ISO 27001 Compliance
- Address any non-conformities identified during audits and ensure continuous improvement
4.Incident Management
- Develop and manage an incident response plan for handling security breaches.
- Lead investigation into security incidents and coordinate remedies efforts.
C.ISO 27701 Privacy Information Management System (PIMS)
1.Development and Implementation
- Establish, implement the PIMS standards as per ISO 27701
- Develop and maintain robust personal data protection policies, procedures and controls
2.Data security and Privacy
- Regularly review and update data protection policy to align with changing regulation
- Implement appropriate data protection measures, ensuring that personal data is secured and handled ethically.
3.Monitoring and Auditing
- Conduct regular interval audits to ensure ISO 27701 Compliance
- Address any non-conformities identified during audits and ensure continuous improvement
4.Transparency and Accountability
- Maintain transparent data practices, clearly communicating how personal data is used and stored.
- Ensure that the organization can demonstrate compliance with data protection principles and respond effectively to data principles request.
5.Training and Awareness
- Provide training on ISO 27701 standards and train employees on data protection laws DPDP Act 2023, emphasizing their roles and responsibilities as data handlers
- Promote a culture of privacy and data protection within the organization
D. Compliance Management
1.Regulatory Compliance
- Ensure the organization complies with all relevant legal and regulatory requirements related to quality, privacy information and information security
- Keep up-to date with changes in legislation and standards that impact ISO 9001, ISO 27001 and ISO 27701
2.Documentation and Reporting
- Maintain comprehensive record of compliance activity, include audit findings, corrective actions and management reviews
- Prepare and present compliance and quality reports to senior management
E. Continuous Improvement
1.Process Optimization
- Identify opportunities for process improvements for across quality, information security and data protection functions
- Lead initiatives to enhance organizational practices and promote a culture of continuous improvement
2.Stakeholder Engagement
- Collaborate with internal and external stakeholders to ensure alignment with these ISO 90001, ISO 27001 and ISO 27701 requirements.
- Act as a primary contact for all compliance certification such as quality, information security and data protection related matters.
Qualification:
- Bachelor Degree, relevant certifications( ISO 9001 lead auditor, ISO 27001 Lead Auditor, Data Protection Officer)
