HMRC disaster could have been avoided with a quality management system

• Qualityworld
• Quality FAQs
• Information
• Journal of Quality
• Jobs
• Press
• Links

Press release - 23 November 2007

By adopting the basic and proven principles of quality management, the disaster at HM Revenue and Customs (HMRC) which came to light yesterday, could have been avoided, says the Chartered Quality Institute (CQI).

Businesses which use quality management systems in the private and public sector regularly use the appropriate quality tools to arrive at risk-assessed decisions and provide a process based environment. This does not allow for the kind of mistake made at HMRC where 25 million names, addresses, NI numbers and bank account details were lost in the post.

Mike Debenham, executive director of policy and professional affairs at the CQI stated that:

'Even if this debacle was down to an individual not doing his job properly, it could still have been avoided if a stringent information security management system was in place. Appropriate processes could have prevented the information being downloaded and removed from the building.'

The international standard ISO/IEC 27002 is an information security standard which provides a framework to safeguard sensitive company information and encompasses staff, processes and the IT system. ISO/IEC TR 10032 could also have served as a reference model for data management to provide guidance for HMRC.

About the CQI

The CQI (previously the Institute of Quality Assurance) exists to provide leadership, education and assessment in the field of quality in the UK and globally. The CQI's 11,000 members and IRCA's 14,000 certificated auditors are located in over 120 countries making it the leading international quality membership organisation and the largest international auditor certification body in the world.
www.thecqi.org
www.irca.org

CQI's message to industry and the government is that the UK needs to compete on four key issues if it is to succeed in the global market:

• Quality
• Technical excellence and innovation
• Integrity and delivery
• Brand

- ends -

Notes for editors

Data management has long been a subset of quality management systems and the fundamentals are used widely across British industry.

Technical Report ISO/IEC TR 10032, First edition 2003-11-01 - Information technology - Reference Model of Data Management is freely downloadable from the ISO website

ISO/IEC 27002 is an information security standard published by the International Organization for Standardization (ISO) Information technology - Security techniques - Code of practice for information security management.

ISO/IEC 27002 provides best practice recommendations on information security management for use by those who are responsible for initiating, implementing or maintaining information security management systems (ISMS). Information security is defined within the standard as:

• the preservation of confidentiality (ensuring that information is accessible only to those authorised to have access)
• integrity (safeguarding the accuracy and completeness of information and processing methods)
• availability (ensuring that authorised users have access to information and associated assets when required)

For all press enquiries, please contact:

Michael Debenham
Executive director of policy and professional affairs mdebenham@thecqi.org
The Chartered Quality Institute
12 Grosvenor Crescent
London SW1X 7EE
T: 020 7245 8537

Press Releases index