Quality and Information Security, only with certification!

We live surrounded by risks, uncertainties, and ambiguities. Based on our experiences, we develop our way of acting, which is structured and supported by how we perceive and assess the quality of the environment around us.

In economics, however, having an idea of what is good and desirable is not enough. The ability to establish norms allows actions and their outcomes reach a desirable state - one that can and should be shared as an example to follow, opening up a world of possibilities for us. By doing so, we ensure the efficiency of our processes, products, and operational management, ultimately earning the trust of partners, suppliers, and, most importantly, customers.

Today, November 14th, marks World Quality Day. In Portugal, this day is often linked to the International Organization for Standardization (ISO) and ISO 9001, the most globally recognized standard, which governs the implementation of a Quality Management System. In fact, the significance of this day goes beyond that. The United Nations first celebrated the date, and even earlier, the CQI (Chartered Quality Institute), the world’s first official quality professionals' organization, had already commemorated 'World Quality Week.'

More than an abstract concept, it celebrates the victory of humanity over risk. While it can never be completely eradicated, implementing an Internal Quality System and ensuring compliance with the associated standards enables us to actively manage risks by identifying and mitigating them.

Plan – Execute – Check – Act. This methodology, which drives the creation and improvement of processes, is essential for achieving maximum profitability and efficiency in any business. It is applicable to all organizations, as well as to more specific fields of activity, such as Information Security, where the reference standard is different: ISO 27001, created in 2005.

In both cases, and although the areas of expertise are quite distinct, having an internationally recognized methodology to reach a high level of performance makes a significant difference.

However, a quick search of the Portuguese Accreditation Institute shows that only 6.348 of the 1.45 million active businesses in Portugal (based on INE data) are certified to ISO 9001, and only 196 are certified to ISO 27001. How come there are so few in both cases? Two words—time and resources—hold the key to the solution.

Time is crucial: there are diagnoses to be made, obstacles to overcome, measures to be implemented, and even after certification, a management system to sustain, all within a continuous improvement cycle. The ISO 9001:2015 will be revised in 2026. In 2025, only the ISO 27001:2022 will be valid. The obsolescence of standards, in a form of selective evolution, Darwinian-style, dictates that only the fittest continue their path – certified - in a marathon of discipline, quality, and the integration of these with innovation.

The following resources are required: dedicated personnel for the process, budget audits, and ongoing investments in people, technology, and an operational mindset. In a country where SMEs make up 96% of the business environment, a company's size can play a significant role in obtaining certification.

In sectors such as IT, Healthcare, Finance, Consulting, and Telecommunications, Information Quality and Security are unquestionable. Therefore, it is essential to encourage companies to adopt a stronger strategic focus on this key pillar of sustainability, ensuring the implementation and certification of Quality. This not only provides a competitive advantage in the market but also enhances the reputation and credibility of the products and services delivered to customers. Creating synergies and sharing best practices – both internally and across the entire business community - is essential for ensuring continuous improvement with all stakeholders and adopting a single selection criterion: "Only with certification!".

News: Exame Informática