standards-expert
Included with Lifetime
$97 forever
Expert-level ISO standards, quality management, compliance, and certification
professionalisostandardsquality-managementcompliancecertification
What this skill does
# ISO Standards and Quality Management Expert
Expert guidance for ISO standards, quality management systems, compliance, and certification processes.
## Core Concepts
### ISO Standards
- ISO 9001 (Quality Management)
- ISO 27001 (Information Security)
- ISO 14001 (Environmental Management)
- ISO 45001 (Occupational Health & Safety)
- ISO/IEC 17025 (Testing and Calibration)
- ISO 22000 (Food Safety)
### Quality Management
- Plan-Do-Check-Act (PDCA) cycle
- Process approach
- Risk-based thinking
- Continuous improvement (Kaizen)
- Quality objectives and metrics
- Management review
### Compliance & Certification
- Gap analysis
- Internal audits
- Corrective actions
- Document control
- Management system documentation
- Certification audits
## ISO 9001 Quality Management System
```python
from dataclasses import dataclass
from datetime import datetime
from typing import List, Optional
from enum import Enum
class ProcessCategory(Enum):
MANAGEMENT = "management"
OPERATIONAL = "operational"
SUPPORT = "support"
@dataclass
class QualityProcess:
process_id: str
name: str
category: ProcessCategory
owner: str
inputs: List[str]
outputs: List[str]
resources: List[str]
kpis: List[str]
risks: List[str]
class ISO9001QMS:
"""ISO 9001 Quality Management System"""
def __init__(self, organization: str):
self.organization = organization
self.processes: Dict[str, QualityProcess] = {}
self.quality_objectives = []
self.risks = []
self.opportunities = []
def define_process(self, process: QualityProcess):
"""Define a quality process"""
self.processes[process.process_id] = process
def define_quality_objective(self, objective: Dict):
"""Define quality objective"""
self.quality_objectives.append({
'objective': objective['description'],
'target': objective['target'],
'measurement': objective['measurement'],
'owner': objective['owner'],
'deadline': objective['deadline'],
'status': 'active'
})
def conduct_pdca_cycle(self, process_id: str) -> Dict:
"""Conduct PDCA cycle for process"""
return {
'plan': self._plan_phase(process_id),
'do': self._do_phase(process_id),
'check': self._check_phase(process_id),
'act': self._act_phase(process_id)
}
def _plan_phase(self, process_id: str) -> Dict:
"""PDCA Plan phase"""
process = self.processes.get(process_id)
return {
'objectives': 'Define objectives and processes',
'resources': process.resources if process else [],
'risks_identified': process.risks if process else []
}
def _do_phase(self, process_id: str) -> Dict:
"""PDCA Do phase"""
return {
'action': 'Implement the processes',
'documentation': 'Document execution'
}
def _check_phase(self, process_id: str) -> Dict:
"""PDCA Check phase"""
return {
'monitoring': 'Monitor and measure processes',
'analysis': 'Analyze results against objectives'
}
def _act_phase(self, process_id: str) -> Dict:
"""PDCA Act phase"""
return {
'improvements': 'Implement improvements',
'corrective_actions': 'Take corrective actions'
}
```
## ISO 27001 Information Security
```python
class RiskLevel(Enum):
LOW = "low"
MEDIUM = "medium"
HIGH = "high"
CRITICAL = "critical"
@dataclass
class InformationAsset:
asset_id: str
name: str
description: str
owner: str
classification: str # public, internal, confidential, restricted
value: int # 1-5 scale
@dataclass
class SecurityRisk:
risk_id: str
asset_id: str
threat: str
vulnerability: str
likelihood: int # 1-5 scale
impact: int # 1-5 scale
risk_level: RiskLevel
controls: List[str]
residual_risk: RiskLevel
class ISO27001ISMS:
"""ISO 27001 Information Security Management System"""
def __init__(self, organization: str):
self.organization = organization
self.assets: Dict[str, InformationAsset] = {}
self.risks: Dict[str, SecurityRisk] = {}
self.controls = {}
def register_asset(self, asset: InformationAsset):
"""Register information asset"""
self.assets[asset.asset_id] = asset
def assess_risk(self, asset_id: str, threat: str,
vulnerability: str, likelihood: int, impact: int) -> SecurityRisk:
"""Assess security risk"""
risk_score = likelihood * impact
if risk_score >= 20:
risk_level = RiskLevel.CRITICAL
elif risk_score >= 12:
risk_level = RiskLevel.HIGH
elif risk_score >= 6:
risk_level = RiskLevel.MEDIUM
else:
risk_level = RiskLevel.LOW
risk = SecurityRisk(
risk_id=f"RISK-{len(self.risks) + 1:03d}",
asset_id=asset_id,
threat=threat,
vulnerability=vulnerability,
likelihood=likelihood,
impact=impact,
risk_level=risk_level,
controls=[],
residual_risk=risk_level
)
self.risks[risk.risk_id] = risk
return risk
def implement_control(self, risk_id: str, control: str,
effectiveness: int):
"""Implement security control"""
if risk_id in self.risks:
risk = self.risks[risk_id]
risk.controls.append(control)
# Recalculate residual risk
reduced_score = (risk.likelihood * risk.impact) * (1 - effectiveness/10)
if reduced_score >= 20:
risk.residual_risk = RiskLevel.CRITICAL
elif reduced_score >= 12:
risk.residual_risk = RiskLevel.HIGH
elif reduced_score >= 6:
risk.residual_risk = RiskLevel.MEDIUM
else:
risk.residual_risk = RiskLevel.LOW
def generate_soa(self) -> Dict:
"""Generate Statement of Applicability"""
# Annex A controls from ISO 27001
controls = {
'A.5': 'Information security policies',
'A.6': 'Organization of information security',
'A.7': 'Human resource security',
'A.8': 'Asset management',
'A.9': 'Access control',
'A.10': 'Cryptography',
'A.11': 'Physical and environmental security',
'A.12': 'Operations security',
'A.13': 'Communications security',
'A.14': 'System acquisition, development and maintenance',
'A.15': 'Supplier relationships',
'A.16': 'Information security incident management',
'A.17': 'Business continuity management',
'A.18': 'Compliance'
}
return {
'organization': self.organization,
'controls': controls,
'implementation_status': 'To be determined per control'
}
```
## Audit Management
```python
class AuditType(Enum):
INTERNAL = "internal"
EXTERNAL = "external"
CERTIFICATION = "certification"
SURVEILLANCE = "surveillance"
@dataclass
class AuditFinding:
finding_id: str
audit_id: str
type: str # 'non_conformity', 'observation', 'opportunity'
severity: str # 'major', 'minor'
description: str
clause_reference: str
evidence: str
corrective_action: Optional[str] = None
due_date: Optional[datetime] = None
status: str = 'open'
class AuditManager:
"""Manage quality audits"""
def __init__(self):
self.audits = {}
self.findings: Dict[str, AuditFinding] = {}
def plan_audit(self, audit_id: str, audit_type: AuditType,
scope: List[str], auditors: List[str],
date: datetime) -> Dict:
Related in professional
finops-expert
IncludedExpert-level cloud financial operations, cost optimization, and cloud economics
professional
accountant-expert
IncludedExpert-level accounting, tax, financial reporting, and accounting systems
professional
banking-expert
IncludedExpert-level banking systems, core banking, regulations, and banking technology
professional
lawyer-expert
IncludedExpert-level legal systems, contracts, compliance, and legal technology
professional