This document outlines an agenda for a workshop on ISO 22222 training and gap analysis. The agenda covers an introduction to ISO 22222 standards, how to document a practice management system, creating an implementation plan, and conducting a self-assessment gap analysis. It also discusses how ISO 22222 aims to increase professional standards in financial planning by codifying best practices and assessing adviser competence through methods like file checks and case studies. The workshop will help participants understand how ISO 22222 can improve clarity and transparency for clients around scope of advice services.
Unit 6- spur gears, Kinematics of machines of VTU Syllabus prepared by Hareesha N Gowda, Asst. Prof, Dayananda Sagar College of Engg, Blore. Please write to hareeshang@gmail.com for suggestions and criticisms.
Unit 6- spur gears, Kinematics of machines of VTU Syllabus prepared by Hareesha N Gowda, Asst. Prof, Dayananda Sagar College of Engg, Blore. Please write to hareeshang@gmail.com for suggestions and criticisms.
This was the presentation that I gave at the TC 68 workshop in Amsterdam on Friday 13th May! The world is recognising the importance of quality standards in Financial Services!
ISO 22222 - Achieving A Competitive Edge Presentation 2010Michelle Hoskin
Achieving a competitive edge is the only was to stay ahead. ISO 22222 supports this by allowing professional planners to differentiate and raise the bar for the benefit of themselves and their clients.
ISO certification in Dubai refers to the process of obtaining certification from the International Organization for Standardization (ISO) for adhering to specific quality management standards. ISO is a global standard-setting body composed of representatives from various national standards organizations, and it develops and publishes international standards to ensure the quality, safety, efficiency, and interoperability of products, services, and systems.
different iso certifications, especially ISO 9000.
As well as the importance and the process to be certificated. Moreover the pros and cons of the ISO certificate.
Are you thinking about establishing a Quality Management System in your business?
Not sure about how to get started or the next steps?
BSI presents the basics of ISO 9001: defining the need for a Quality Management System (QMS), staying ahead of common major and minor conformities, and the journey to certification to continual improvement.
With the next revision to ISO 9001 coming out next year, now is the time to plan for establishing a QMS. In this presentation, you can learn:
• What is ISO 9001?
• How is ISO 9001 important to Small and Medium Enterprises?
• What steps are involved in creating a successful QMS?
• What are the benefits of ISO 9001?
• Why certification?
• How to achieve continual improvement with training, tools, and technology
To enroll in a FREE recording of this presentation, sign up in the BSI Learning Marketplace here: http://tinyurl.com/kxvqfo6
Introduction
A recent study of experienced product managers from different companies and industries showed that there are common challenges impacting their effectiveness and productivity.
This discussion will help you understand key tips to differentiate yourself and accelerate you career. It will help you understand how to position yourself to find a new opportunity or get promoted. We will identify how you can increase your skills to enhance your worth. We will also discuss ways to define and sharpen your value proposition.
This discussion is for those of you who want to accelerate your career, obtain a promotion, or find your next job opportunity.
Objectives
• Understand how to answer the question: Why should I hire or promote you over others?
• What's your value proposition as a product manager or marketing manager?
• What can you do to accelerate your career in product management or product marketing?
Description
This discussion will help you understand key tips to differentiate yourself and accelerate you career. Learn how to convince a prospective employer why they should hire you or why they should promote you over others.
We will identify how you can enhance your worth by increasing your transferable skills. We will also discuss ways to identify your unique selling propositions.
Contact me at http:/linkd.in/hdelcastillo for more information regarding AIPMM membership or certification courses in your area.
Let me know how I can help you accelerate your career, or create and implement a product strategy and product planning process successfully to grow your business.
The Professional Consultant, our 3-day core skills course, gives you the ability to transform your clients and their organisations. It leads to the following professional qualifications: The Certificate in Management Consulting Essentials (CMCE) and Diploma in Management Consultancy (DMC). We are fully approved to deliver these qualifications by the Chartered Management Institute, Institute of Business Consulting and Institute of Value Management.
This was the presentation that I gave at the TC 68 workshop in Amsterdam on Friday 13th May! The world is recognising the importance of quality standards in Financial Services!
ISO 22222 - Achieving A Competitive Edge Presentation 2010Michelle Hoskin
Achieving a competitive edge is the only was to stay ahead. ISO 22222 supports this by allowing professional planners to differentiate and raise the bar for the benefit of themselves and their clients.
ISO certification in Dubai refers to the process of obtaining certification from the International Organization for Standardization (ISO) for adhering to specific quality management standards. ISO is a global standard-setting body composed of representatives from various national standards organizations, and it develops and publishes international standards to ensure the quality, safety, efficiency, and interoperability of products, services, and systems.
different iso certifications, especially ISO 9000.
As well as the importance and the process to be certificated. Moreover the pros and cons of the ISO certificate.
Are you thinking about establishing a Quality Management System in your business?
Not sure about how to get started or the next steps?
BSI presents the basics of ISO 9001: defining the need for a Quality Management System (QMS), staying ahead of common major and minor conformities, and the journey to certification to continual improvement.
With the next revision to ISO 9001 coming out next year, now is the time to plan for establishing a QMS. In this presentation, you can learn:
• What is ISO 9001?
• How is ISO 9001 important to Small and Medium Enterprises?
• What steps are involved in creating a successful QMS?
• What are the benefits of ISO 9001?
• Why certification?
• How to achieve continual improvement with training, tools, and technology
To enroll in a FREE recording of this presentation, sign up in the BSI Learning Marketplace here: http://tinyurl.com/kxvqfo6
Introduction
A recent study of experienced product managers from different companies and industries showed that there are common challenges impacting their effectiveness and productivity.
This discussion will help you understand key tips to differentiate yourself and accelerate you career. It will help you understand how to position yourself to find a new opportunity or get promoted. We will identify how you can increase your skills to enhance your worth. We will also discuss ways to define and sharpen your value proposition.
This discussion is for those of you who want to accelerate your career, obtain a promotion, or find your next job opportunity.
Objectives
• Understand how to answer the question: Why should I hire or promote you over others?
• What's your value proposition as a product manager or marketing manager?
• What can you do to accelerate your career in product management or product marketing?
Description
This discussion will help you understand key tips to differentiate yourself and accelerate you career. Learn how to convince a prospective employer why they should hire you or why they should promote you over others.
We will identify how you can enhance your worth by increasing your transferable skills. We will also discuss ways to identify your unique selling propositions.
Contact me at http:/linkd.in/hdelcastillo for more information regarding AIPMM membership or certification courses in your area.
Let me know how I can help you accelerate your career, or create and implement a product strategy and product planning process successfully to grow your business.
The Professional Consultant, our 3-day core skills course, gives you the ability to transform your clients and their organisations. It leads to the following professional qualifications: The Certificate in Management Consulting Essentials (CMCE) and Diploma in Management Consultancy (DMC). We are fully approved to deliver these qualifications by the Chartered Management Institute, Institute of Business Consulting and Institute of Value Management.
2. How to get the most out of the day..
Learning Styles.
Light
Bulb
Moment
M t
DO Think
Plan Write
Talk
Raising the standards…
3. Agenda
• ISO 22222 - The story so far.
• ISO 22222 - An insight.
• What makes ISO 22222 different.
• The Key El
Th K Elements.
t
• How to document your practice management system.
• How to create an implementation plan.
• Self Assessment Gap Analysis
Analysis.
• What happens next?
• Any Questions?
Raising the standards…
4. Who we are
• Established in June 2007 (Pilot Scheme launched in April 2006).
• Independent leaders in the market place.
• UKAS Accredited Certification Body
Body.
• We work with the profession’s leading advisers.
• Pioneering Best Practice.
• Privately Owned - Unique Offering.
• Work done so far:
o Awareness Campaigns - Professional and Consumer
Consumer.
o Articles, Features, Presentations and The Book.
o Partnerships - P f i Wide.
P t hi Profession Wid
o The Approved Associate Programme (AAC) .
Raising the standards…
5. What are ISO Standards?
• More common to the business market.
• ISO – International Standards Organisation
• Demonstrate the ability to consistently provide a product or service
that meets customer requirements in line with regulatory
requirements and…
• Addresses customer satisfaction through the effective application of
the system, developing processes for continual improvement and the
prevention of errors and mistakes.
Raising the standards…
6. Why have national and international standards?
• The Kitemark • The CE Mark
• They help businesses to:
o Identify d
Id tif and meet th needs and expectations of it customers
t the d d t ti f its t
and other interested parties, e.g. employees, suppliers, owners,
societies, to achieve a competitive advantage and to do this in an
effective and efficient manner
manner.
o Achieve, maintain and improve overall performance and
capabilities.
capabilities
Raising the standards…
7. Why have an ISO standard for financial planners?
• Increased pressure to demonstrate professionalism.
• Demand from clients, professional associations and the regulator.
• 2000 ANSI contacted BSI (British St d d I tit t ) who t
t t d (B iti h Standards Institute) h turned t th
d to the
FSA for guidance.
• A UK Committee was formed – headed by David Jackman (Head of
Industry and T i i )
I d d Training).
• Development supported by 17 other worldwide committees.
• Developed over nearly 7 y
p y years and in March 2006 – ISO 22222 was
launched!
• April 2006 – SI launched their ISO 22222 Pilot Scheme.
• Research carried out by Which? – consumers confused about where to
turn for the right financial planning advice.
• ISO 22222 – Addresses this, which is why Which? fully support any work
to increase professional standards
standards.
Raising the standards…
8. Why have an ISO standard for financial planners?
Raising the standards…
9. Adviser Quotes
“Going through the ISO process has enabled us to look at our business in
way never before possible. The net result for
the consumer is a more efficient and transparent process
in receiving holistic financial planning advice”
Andrew Reeves, The Investment Coach Limited
“ISO 22222 certification process was the best available overall
assessment of knowledge, competency and fair customer
treatment
treatment”
Robin Keyte, director of Towers of Taunton
Raising the standards…
10. ISO 22222 – An Insight
• Enables consumers to identify financial planners who possess the right
knowledge, skills, ethics and experience to deliver their desired level of
service.
• Codifies professional best practice in financial planning from across the
world, and will help to increase consumer confidence.
• Not another qualification.
• Exemption from AF5 – Financial Planning Process (CII).
• Not a “tick box” exercise – assessment methods include:
tick box
File checks / Role Plays / Case Studies / On the job observation.
Certification Awarded to the individual within a firm.
• Ongoing assessment (encourages internal audits).
Raising the standards…
11. Where does ISO 22222 fit in with the
current and future landscape?
• Four key documents to review:
o Consultation P
C lt ti Paper – CP09/31 Delivering th R t il Di t ib ti
D li i g the Retail Distribution
Review (December 2009).
o Policy St t
P li Statement # 1 – 10/6 Di t ib ti of retail i
t Distribution f t il investments
t t
(March 2010).
o Consultation and f db k statement # 2 – (A t
C lt ti d feedback t t t (Autumn 2010)
2010).
o Remuneration Code – (Quarter 2 2010).
• Key Objective:
o Forcing best business principles to professionals who primarily are
seen as doing a job.
Raising the standards…
12. Key Themes - Proposals
1. Improve the clarity with which firms describe their services to
clients.
2. Address the potential for adviser remuneration to distort
consumer outcomes; and
3. Increase the professional standard of advice.
Raising the standards…
13. Key Themes - Proposals
1. Improve the clarity with which firms describe their services to
clients.
• Description of advice • Clarity of - Scope of service,
services (Independent or service level agreements,
restricted).
restricted) brochures, marketing website,
brochures marketing, website
personal profile, company
letters and literature.
• Plus: client authorisation.
Raising the standards…
14. Key Themes - Proposals
2. Address the potential for adviser remuneration to distort
consumer outcomes.
• Introduction of Adviser • Undervaluing knowledge, wisdom
Charging. and experience. Value of services
delivered, what is charged for and
when, clarity of message and
literature. Ongoing services!
• Setting your own charging
• How calculated, fair!
tariffs.
• Individual adviser • Targets KPIs (quality) and pay
Targets,
remuneration. structure.
15. Key Themes - Proposals
3. Increase the professional standards of advice.
• More focus on setting, • In-depth assessment methods,
monitoring and enforcing scope of service understood,
standards of competence competence and CPD activity
and ethical b h
d h l behavior. li d
aligned.
• Need to “prove” initial • Assessment report and
and ongoing feedback,
feedback independently
competence. assessed annually!
Raising the standards…
16. Key Themes – Proposals cont…
3. Increase the professional standards of advice.
• Increase in quality and • How selected, recorded
control over CPD activity. and implemented.
• Increase level of • Already a requirement of
q
qualification to Q
QCF eligibility.
eligibility
Level 4.
• Vi ibl adhere t th
Visibly dh to the • Ethi l principles assessed
Ethical i i l d
required ethical and evidenced.
standards.
Raising the standards…
17. ISO 22222 - Key Differentiators
1. All about Best Practice – not just about regulatory adherence.
2. The rules coming out now were already introduced in 2000 with
the ISO.
3. Supports your existing compliance provision.
4. Identifies opportunities for improvement – good business
principles (IS, BC, CI).
5. Not limited to UK rules – internationally recognised and
respected.
respected
Raising the standards…
18. Financial Planner Benefits
• Improved performance.
• Simplified and effective processes and documentation.
• Standardisation of good working practices.
• Improved communication (internally/externally).
• P
Promotes awareness of quality and professionalism, b tt public
t f lit d f i li better bli
awareness and public image.
• Improved sales and marketing opportunities.
p g pp
• Reduced risk = potential reduced insurance costs.
• Supports regulatory requirements.
• The acquisition of a symbol representing
the internationally recognised
quality standard
standard.
Raising the standards…
19. Consumer Benefits
• Receive a value added service.
• Assurance of quality through independent third-party
certification.
ifi i
• Assurance that regulatory requirements are being adhered to and
monitored.
• Evidence that continual improvement and their needs are core to
the business.
• Confidence in the sustainability of the business.
y
• Confidence that the adviser has the right level of knowledge and
skills to deliver their desired level of service.
Raising the standards…
20. ISO 22222 – The Key Elements
1. The Six Steps of the Financial Planning Process.
• Establishing and defining the client and personal financial planner
relationship.
• Gathering client data & determining goals and expectations.
• Analysing and evaluating the client s financial status.
client’s status
• Developing and presenting the financial plan.
• Implementing the financial planning recommendations.
• Monitoring the financial plan and the financial planning relationship.
2. Ethical Behaviour and Ethical Financial Planning.
3. Information Security, Client Confidentiality and Data Protection.
4. Risk Management and Business Continuity.
5. Continual Improvement.
Raising the standards…
22. ISO 22222 – The Six Steps
1. Establishing and defining the client and personal financial planner
relationship.
p
2. Gathering client data & determining goals and expectations.
3. Analysing and evaluating the client’s financial status.
y g g
4. Developing and presenting the financial plan.
5.
5 Implementing the financial planning recommendations.
recommendations
6. Monitoring the financial plan and the financial planning relationship.
Raising the standards…
23. ISO 22222 – The Financial Plan
1. Key Areas:
• Financial Statement Analysis, Investment Planning, Tax Planning, Risk
Management and insurance, Retirement Planning and Estate Planning.
2. To include, but not limited to:
• Client data - including a schedule of investments, client goals, assumptions,
balance sheet/net worth statement, current cash flow statement -
incorporating an income tax assessment, statement of financial position in
the event of death and disability, retirement planning analysis, investment
analysis, analysis of other specific future monetary goals, estate planning,
l l f h f f l l
recommendations, implementation programme, periodic review and
plan update strategy.
Raising the standards…
25. The 10 Key Ethical Principles
• Behaving with integrity.
• Putting clients’ interests first.
• Exercising due care and diligence.
• Working within regulatory and legislative frameworks.
• Carefully and comprehensively managing conflicts of interest.
• Communicating in a clear and appropriate manner.
• Providing suitable and objective recommendations.
• Protecting client confidentiality.
• Making all material disclosures.
• Demonstrating and maintaining appropriate competence.
Raising the standards…
26. What is ethical financial planning?
• Using a client centred approach.
• Understanding what the client’s real concerns are.
• Using screened and environmentally focussed investments.
• Being aware of and considering ethical implications of all financial.
g g p
products and providers – mortgage, protection, etc.
• Balancing ethical and investment objectives.
g j
Raising the standards…
27. Issues for advisers
• Assessing ethical profiles.
o Client discussions.
o Profiling forms and software (synaptics).
o Negative and positive screening.
o Asset allocation.
o Balancing, risk, objectives and values.
Raising the standards…
28. Why are ethics important?
• It’s the client money.
• Their values - not yours.
• Acting in the interest of your client.
• Ethical clients are more ‘connected’.
connected .
• … it’s the professional thing to do.
Raising the standards…
29. Life as an ethical planner
• Not all clients are eco warriors.
• … or treehuggers.
• Interesting.
• Varied.
• Challenging
Challenging.
• Rewarding.
Raising the standards…
30. Life as an ethical planner
• Clients tend to be:
o Caring professions.
o Academics
Academics.
o 3rd sector.
o Independently wealthy.
• They are also:
o Loyal.
o Sticky.
o and well connected.
Raising the standards…
31. For more information
• UKSIP – Advisers Toolkit and training materials – www.uksif.org
• EIA – Quarterly conferences, IFA Directory –
www.ethicalinvestments.org.uk
• EIRiS – ethical funds research – www.eiris.org
• National Ethical Investment Week – 7-13 November 2010 – www.neiw.org
Raising the standards…
32. The Ethical Question
Q: Do you have any social, ethical, environmental or religious
considerations that you would like us to take into account
in our work for you ?
Raising the standards…
34. Introduction
• “The blunt truth is that all organisations need to take the protection
of customer data with the utmost seriousness. I have made clear
publicly on several occasions over the past year that organisations
holding individuals’ data must in particular take steps to ensure that
it is adequately protected from loss or theft. There have been
several high-profile incidents of data loss in public and private
sectors during that time which have highlighted that some
organisations could do much better. The coverage of these incidents
has also raised public awareness of how lost or stolen data can be
used for crimes like identity fraud. Getting data protection wrong
can bring commercial, reputational, regulatory and legal penalties.
Getting it right brings rewards in terms of customer trust and
confidence”.
Richard Thomas – I f
Ri h d Th Information C
i Commissioner
i i
Raising the standards…
35. Data protection
Principles of the Data Protection Act 1998
The eight principles require that personal information:
1. shall be processed fairly and lawfully and, in particular, shall not be processed unless specific
conditions are met;
2. shall be obtained only for one or more specified and lawful purposes, and shall not be further
processed in any manner incompatible with that purpose or those purposes;
3. shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they
are processed;
4.
4 shall be accurate and where necessary kept up to date;
and, necessary,
5. shall not be kept for longer than is necessary for the specified purpose(s);
6. shall be processed in accordance with the rights of data subjects under the Act;
7.
7 should be subject to appropriate technical and organisational measures to prevent the unauthorised or
unlawful processing of personal data, or the accidental loss, destruction, or damage to personal data;
8. shall not be transferred to a country or territory outside the European Economic Area unless that
country or territory ensures an adequate level of protection for the rights and freedoms of data
subjects in relation to the processing of personal data.
Raising the standards…
36. FSA Principles for Businesses
Principle 2 – Skill, care and diligence
• A firm must conduct its business and organise its affairs with due
skill, care and diligence. This will include arranging adequate
protection for customers’ assets when responsible for them.
• The concept of ‘care’ includes care towards customers: to the
extent that the firm owes duties to its customers, it must discharge
those duties with care. What is ‘adequate’ will, of course, depend
on the nature of the firm and it counterparties and th b i
th t f th fi d its t ti d the business it
undertakes.
http://www.fsa.gov.uk/pubs/cp/cp13.pdf
htt // f k/ b / / 13 df
Raising the standards…
37. Information Security is critical for SMEs
The F t
Th Facts:
• 52% of organisations reported misuse of internet resources. The two most common being
access to inappropriate websites (41%) and excessive web surfing (36%) - (DTI
Information Security Breaches survey)
• Employees waste more than 2 hours a day on recreational computer activities – research
by AOL & Salary.com
• 30 percent to 40 percent of Internet use in the workplace is unrelated to business. (IDC)
• 70 percent of all Internet porn traffic occurs during the 9 to 5 workday. (Sextracker)
• 85% of all malware threats are delivered by visiting infected websites, three quarters of
which are legitimate websites.
• over 90% of cyber attacks exploit known security flaws for which remediation is available
through timely patch management. (Gartner Research)
• Phishing attacks are increasing by 25% month on month. (Symantec 2009) – rogue anti
virus, banking details, promised tax rebates, email account details, etc.
http://www.silicon.com/publicsector/0,3800010403,39582315,00.htm?s_cid=235
38. Information security is critical for SMEs
The Facts:
h
• 53 % of staff say they would take sensitive information from their
employers if they were fired or made redundant
• 40%+ of emails at work are non-business related (IDC research)
• A staggering 8500 mobile devices were lost at UK airports in 2007,
with 400 laptops lost at London airports alone. Even more worrying, a
Ponemon Institute report in 2008 found that 49% of European business
travellers said their laptops contained confidential information and
p p
42% said their data was not backed up, or encrypted.
• 67% of UK organizations do nothing to prevent confidential data from
leaving on USB sticks and other removable devices even though 57%
devices,
had serious data breach incidents in 2008.
Raising the standards…
39. What are the risks?
• Lost productivity and billing time – irresponsible browsing can be
costing tens of thousands of pounds for even the smallest
organisation.
• Damage to reputation – can you be trusted to keep my information
confidential?
• Loss of business – 50% of any loss due to a data breach is the result
of clients moving their custom elsewhere.
• Loss of competitive advantage – your client database could well be
in the hands of a competitor, or worse a criminal.
competitor worse, criminal
• Disclosure of intellectual property – how long have you been
developing and protecting that new project?
• Fines or even closure – The Information Commissioners Office and
regulatory bodies are taking a much tougher stance on those who are
negligent, whatever the size or profile of the organisation.
Raising the standards…
40. What are the risks?
• An unencrypted laptop containing details on 109,000 pension schemes
members with UK pension funds service provider, The Pensions Trust, has
been stolen from a third-party office in Marlow, Buckinghamshire.
• The laptop theft is believed to have been targeted, and was carried out at
The Pensions Trust’s software provider, NorthgateArinso’s offices.
NorthgateArinso, a global human resources software and services provider,
says the laptop was stored in a locked room and that the machine itself had
y p p
password protection. The lost data, however, which includes names,
addresses, national insurance numbers, and bank details for those already
receiving their pension, was not encrypted.
• Skipton Financial Services has been found in breach of the Data Protection
Act for not encrypting the information of 14,000 customers on a laptop
that was stolen.
• The laptop - which contained names, dates of birth, national insurance
numbers and investment amounts - was stolen from a contractor in December
last year.
Raising the standards…
41. What are the risks?
• Capita Financial Administrators limited were fined £300,000 in 2006 for
£300 000
failing to conduct its business with due skill, care and diligence in
considering the risks posed by financial crime and by failing to take
reasonable care to organise and control its affairs responsibly and
g p y
effectively.
• Merchant Securities Group Limited were fined £110,000 in 2008 for not taking
reasonable care to establish and maintain effective systems and controls for
y
countering the risk that customer information held by the Firm might be
compromised by theft, loss or unauthorised alteration.
• The UK branch of Zurich Insurance has reported the loss of a back-up data
p p
tape in South Africa that contained the details of 51,000 general insurance
customers. It claimed that it had written to the customers and ‘other
parties in the UK' to inform them of the loss and the remedial actions
being taken
taken.
• Do not think you are too small to be affected – from April 2010 the ICO will
have greater powers to impose sanctions, financial or otherwise, on those
organisations involved in “The knowing or reckless misuse of personal data”
data”.
http://www.fsa.gov.uk/Pages/library/ Raising the standards…
43. The solution - a 14 point plan
1 Governance
• Develop a security policy document that everyone from senior
management t junior members of staff can ‘b i t ’
t to j i b f t ff ‘buy into’
2 Training and awareness
• Make everybody aware of the risks
o Innovative training programmes
o Wall posters
o Screensavers
o Newsletters
Raising the standards…
44. The Solution – a 14 point plan
3 Servers, desktops and laptops
• If customer data is stored on a laptop, desktop or a file server, you need
to have the following security precautions in place:
o Firewall
o Antivirus and antispyware software
o Full disk encryption
o Removable device encryption
yp
o Encrypted backups
Raising the standards…
45. The Solution – a 14 point plan
4 Password protection
• Password protection for all computers is essential!!!
o Your password should be at least 8 characters long
o It should include letters, numbers, capitals and other symbols,
for example: P@nD4b34R
o It should be easy to remember but hard to guess
o Avoid any work in the dictionary, personal information such as a
child or partner’s name or a football team common names and
partner s team,
slang
o Try playing on normal words such as England – 3enG1@Nd!
o Do not write passwords d
d down
o Do not tell anyone else your passwords
o Change your p
g y password every 90 days at the very least!
y y y
Raising the standards…
46. The Solution – a 14 point plan
5 Email security
• All emails containing customer data must be secure
• Avoid spam and email borne viruses and malware
• Police your email usage policy to avoid data leakage and litigation
6 Physical
Ph i l security
i
• Physical security is a key factor in securing your data
• Your file database and e mail servers should all be kept in a locked
file, e-mail
cabinet within a secure room to prevent casual access
• External hard drives that contain customer data should be locked
away when not in use
Raising the standards…
47. The Solution – a 14 point plan
7 Backups
• Full backups of all critical date should be standard practice:
o Backup media should be locked away securely while not in use
o Only authorised personnel should have access to backup media
o Backup
B k media should be h ld off site f di
di h ld b held ff i for disaster recovery
o If the media is held off site it should be transported and stored
securely i.e. a lock box or safe
y
o Back up media needs to be encrypted
Raising the standards…
48. The Solution – a 14 point plan
8 Access control
• Users should only have permission to access confidential information
they need to do their job
o You should review access permissions for every user at regular
intervals
o Each employee should have their own logon account
o Employee access should be revoked as soon as they leave the
company or are suspended
d d
o Locations where sensitive or confidential information is stored
should be audited
Raising the standards…
49. The Solution – a 14 point plan
9 Data transfer
• Any movement of data outside of your secure environment eg USB or CD,
needs to follow these guidelines:
o Encrypt all portable media using a suitable encryption technique
o Use device control software to control and detect unauthorised
access to external media such as CDs and USB devices
o Keep a record of all of these devices and which personnel are
allowed to use them and for which purpose
10 Asset management
• You need to keep a record of all computers, laptops, USB devices,
external hard drives that exist in your business
• You need to maintain a record of all data copied onto media moving
outside your secure environment and the reason for doing so
Raising the standards…
50. The Solution – a 14 point plan
11 Data destruction
• Data removal and destruction is an important part of keeping your
clients
clients’ information secure
o Paper records need to be shredded in house or by an approved
agency that must be vetted
o Hard drives should be disposed of securely ensuring all data is
destroyed
o Certificates h ld be bt i d from agencies confirming
C tifi t should b obtained f i fi i
destruction of data from hard drives and recycled computer
systems
Raising the standards…
51. The Solution – a 14 point plan
12 Remote access
• Remote access to your network needs to be secure
• Remote access and VPN software needs to be configured properly for the
highest possible security level
• Home workers need to ensure that any wireless network is encrypted to
the highest possible standards
• Home workers need to prevent unauthorised access to their computer
systems through password protection at l t
t th h d t ti t least
Raising the standards…
52. The Solution – a 14 point plan
13 Staff recruitment
• Where legally possible carry out every background check on staff who
will be exposed to confidential information:
o Credit references
o CRB checks
o CIFAS staff fraud database
o References
o CV validation
o Assess regularly if staff in higher-risk positions may be susceptible to
coercion
Raising the standards…
53. The Solution – a 14 point plan
14 Email and internet access
• Implement monitoring controls for email and internet activity to
identify potential data leakage
• Filter access to content that allows web based communication such as
webmail (Hotmail, Gmail, Yahoo, MSN instant messaging) social
networking sites like Facebook and Myspace
• Restrict or block access to file sharing site
Raising the standards…
54. The Solution – a 14 point plan
14 Email and internet access (continued)
• Why?
• More than 60% of companies have disciplined – and more than 30% have
terminated – employees for inappropriate use of the internet in the workplace
• 80% of companies reported that employees had abused internet privileges, such
as downloading pornography or pirated software
• 70% of all pornographic downloads occur between 9:00am and 5:00pm
• 25% of employees admit to spending between 10 and 30 minutes per day surfing
non-work related websites. 22% admit to spending between 30 minutes and 1
hour. 12% said they spent between 1 and 2 hours online and 13% admitted to
spending more than 2 hours per day visiting non-work related websites
• 46% of online shopping during the Christmas period occurs at work – is this your
busiest time of the year?
Raising the standards…
56. Business Continuity and Risk Management
An Holistic Management Process.
• Identifying areas of potential risk.
• Evaluate the possible threats;
• Choose appropriate strategies to reduce the likelihood and impact of
incidents;
• Choose appropriate strategies that provide for the continuity or recovery
of the critical activities
activities.
Possible Risks
Key Persons, Information Technology (IT), Data and Information, Financial Resources,
Persons (IT) Information Resources
Human Resources, Service, Money Laundering, Data Protection and Processing,
Q
Quality and Suitability of Advice, Accounts and Commissions, The Economy, Regulation,
y y , , y, g ,
Complaints, Training and Competence Requirements, Location and Premises and
Health and Safety.
57. Business Continuity and Risk Management
Write a Plan.
• Team Lists and Alert Procedure.
• Plan for Major Incidents – Fire, Flood or Attack.
• Business Critical Systems.
• Key Contacts and Business Partners.
• Emergency Procedure – Meeting Place.
Test and Communicate.
Raising the standards…
59. Continual Improvement
• Two Areas of Continual Improvement.
o Business
o Personal
• PDCA
o Plan,
o Do,
o Check &
o Act.
• Client feedback – Positive and negative.
Raising the standards…
60. Continual Improvement
Training and Competence
• FSA current focus on outputs from firms to demonstrate
effectiveness and to ensure customers are protected.
• No formal requirement from FSA for a written T&C scheme but,
• FSA d
does require adequate procedures, records and effective
d d d d ff
management controls to be in place.
• All of these achieved by T&C scheme. A good T&C scheme is central
to ensuring that customers are treated fairly.
• A Training Needs Analysis is essential to its success (plugs the GAP).
Raising the standards…
61. Continual Improvement
What should be covered in a T&C scheme?
• Scope - types of staff and activities of firm. Include non-
authorised as well as authorised.
th i d ll th i d
• Achieving competence - stages of competence, training needs,
regulatory exams.
• Maintaining competence - keeping relevant knowledge, skills and
understanding of the market up to date.
• Supervision - additional knowledge and skills requirements, level
of supervision, spans of control.
• Record keeping - regulatory requirements, methods.
Raising the standards…
62. Continual Improvement
Achieving and Maintaining Competence
• What does competence look like? Job description, accountability
profile and person specification.
• Stages required in achieving competence and standards to be
reached at each stage
stage.
• Use of KPIs in driving standards and further training needs.
• Qualification requirements - FSSC list
list.
• Ongoing assessment - what and how, assessment type, failure
p
policy, core and specialist areas.
y, p
Records
• Meet regulatory requirements and achieve g
g y q good p
practice.
• Use technology. Record keeping should not become a burden!
63. Continual Improvement
Continual Professional Development (CPD)
• Importance – Helps to maintain competence, Relevant and
interesting, include regulatory changes i.e TCF.
• CPD – Should be planned and include objectives and success
criteria.
criteria
• Records – activity undertaken, time spent, objectives met or not!,
further development needs, how the knowledge has been applied
and what are the benefits!.
• Signed off against objectives!
Raising the standards…
64. Continual Improvement
Continual Professional Development (CPD) - Methods
• Web Research & Online Tutorials and Webinars.
• Exam Study & Books
Books.
• Newspapers/Broadsheets & Newsletters.
• Current Affairs.
• Professional/technical seminars, workshops and events – Internal.
• Professional/technical seminars, workshops and events – External.
• Technical product and provider presentation – Internal
Technical, Internal.
• Professional/business and personal development seminars,
workshops and events.
• Audio CDs.
Must change when:
• Environment Changes, O g i ti Ch g and th
E i t Ch g Organisation Changes d there are
individual performance issues.
Raising the standards…
65. How can firms maximise both internal
and external learning?
Internal: External:
g
• Formal training. • Formal training course
course.
• Work shadowing. • Exam preparation.
• One to one coaching.
• Distance learning.
• Job rotation
rotation.
• Case studies.
• Role play.
• Conferences.
• Accompanied call.
• Mentoring.
Raising the standards…
66. Continual Improvement
Maximise your learning by:
• Teaching Others.
• Writing Articles, White Papers and Books.
• Get involved with the profession.
• Get involved with local universities, schools and your community.
Raising the standards…
67. Continual Improvement – Client Feedback
Internal and External Feedback
• Client Feedback – Manual or Electronic.
• Client Advisory Board.
Key Considerations
• Establish current feedback methods and process.
• Review current success, outputs and response rates.
• Identify any gaps in the system, define and agree your wish list.
• Research market and available options.
• Select chosen methods and tools.
l h h d d l
• Update or create operational procedures and supporting documents.
• Record monitor measure and ACT!
Record, monitor,
Raising the standards…
68. Documenting your Practice Management System
Two Main Levels
• Level 1 – Guidelines.
• Level 2 – Processes.
Raising the standards…
69. Documenting your Practice Management System
Key Steps
• Identify who does what
what.
• What is your desired outcome?
• How best should it be documented?
• Who is currently responsible for the process?
• What tools support the process? – Software systems
systems.
• Roll Out, Test and Amend.
• Include in your Practice Management System
System.
Raising the standards…
70. Documenting your Practice Management System
• Meet contractual, statutory and regulatory guidelines.
• Unique reference number, authorisation.
• Clear and concise, simple and understandable, tested and amended,
, p , ,
quality controlled and well communicated.
• Quality at the core.
Q y
• Interrelated and interactive processes.
• Create a library of templates, letters emails and forms
templates letters, forms.
Raising the standards…
71. Documenting your Practice Management System
Examples….
• Telephone and email enquiries
enquiries.
• First meeting confirmation and information.
• Conducting a first meeting and follow up.
• Information gathering.
• Creating a financial plan.
• I l
Implementing th solutions and strategies.
ti the l ti d t t i
Raising the standards…
72. Documenting your Practice Management System
Creating A Process Improvement Culture
• Have all key p
y processes been identified and documented?
• Are they effective in producing the desired results?
• A th available i b th h d and soft copy f
Are they il bl in both hard d ft formats?.
t ?
• Have they been effectively implemented?
• Have they been logged and quality controlled?
Raising the standards…
73. How to prepare for an assessment
• Review your gap analysis.
• Identify your gaps
gaps.
• Set yourself an assessment deadline.
• All
Allocate “Gap Manager” and agree ti f
t “G M ” d timeframes.
• Brief the rest of the team.
• Work through tasks, roll out to the team.
• Engage with a SI Approved Associate Consultant (AAC).
• Collate Evidence ready for the assessment.
Raising the standards…
75. Welcome Back
ISO 22222 - Gap Analysis
Raising the standards…
76. What happens next?
• Assessment Preparation.
• Assessment.
o Portfolio of Evidence: case studies, testimonials,
client feedback. client files, business processes.
• De-brief.
o OBS, MiNC, MaNC
• Assessor Sub ts Report.
ssesso Submits epo t.
• Independent Assessment – HQ.
• If Happy - Confirmation of Certification
Certification.
• If not Happy – Rebook Assessment.
• Certification Awarded – Guideline and Letter.
Raising the standards…