SW
Swedwise
[User Login]
← Back to IMS Documents
DraftInternalISO 9001ISO 14001ISO 27001

SW-IMS-TRN-001

IMS Awareness Training - Integrated Management System Overview

Version

1.0

Owner

Quality Lead

Effective Date

2024-01-15

Review Date

2025-01-15

IMS Awareness Training

Integrated Management System Overview

Duration: 45 minutes
Target: All Swedwise staff (mandatory for new hires and annual refresh)

Why This Matters

You might be thinking: "I'm a consultant working at a client site - why do I need to know about management systems?"

Here's the reality: Our IMS is what enables you to focus on the good work. It's how we:

  • Win contracts with major clients (who require ISO certification)
  • Protect our reputation and your work environment
  • Make sure the boring but important stuff actually happens
  • Reduce risks so you can work with confidence

Bottom line: 45 minutes now saves hours of headaches later. Let's make it count.

Part 1: What is an IMS?

The Basics

IMS = Integrated Management System

It's how Swedwise manages three critical areas in one cohesive system:

Standard Focus Why You Care
ISO 9001 Quality Management Keeps customers happy, wins repeat business
ISO 14001 Environmental Management Reduces carbon footprint, meets sustainability goals
ISO 27001 Information Security Protects customer data, prevents breaches

Why Integrated?

Instead of three separate systems with different procedures, audits, and meetings, we combine them:

Old Way:                          Swedwise Way:
Quality audit                     One integrated audit
Environmental audit      →        One management review
Security audit                    One document system
Security review                   One continuous improvement process
Quality review
Environmental review

The benefit: Less bureaucracy, more efficiency. That's "Making Time For The Good."

What This Means for You

  • One set of documents to follow (not three)
  • One place to report issues
  • Shared responsibility - everyone contributes to all three areas
  • Better decision-making - we consider quality, environment, and security together

Part 2: Quality Management (ISO 9001)

What is Quality at Swedwise?

Quality isn't just about "being good." It's about consistently meeting customer expectations and continuously getting better.

Core Principles

1. Customer Focus

Everything we do should create value for customers.

In practice:

  • Consultants: Deliver what the client needs, not just what they asked for
  • Sales: Set realistic expectations, don't oversell
  • Support: Respond promptly, solve problems thoroughly

2. Process Approach

We think in terms of processes, not just tasks.

Example: The customer onboarding process

Input → Activities → Output
Contract signed → Setup, training, handover → Customer productive with our solution

Understanding the full process helps you see where you fit and how to improve.

3. Continuous Improvement (PDCA Cycle)

PlanDoCheckAct → repeat

This isn't just management-speak. Here's how it works:

Stage Your Role
Plan "I notice customers often ask the same questions. I'll create an FAQ."
Do Create and share the FAQ with next three customers
Check Did it reduce questions? Get customer feedback?
Act Refine the FAQ, share with the team, make it standard practice

Key point: Small improvements from everyone add up to major competitive advantage.

Quality Policy (Overview)

Our Quality Policy commits us to:

  • Understanding and meeting customer requirements
  • Delivering professional, reliable services
  • Continuous competence development
  • Data-driven decision making
  • Open communication and learning culture

Your part: Follow procedures, suggest improvements, prioritize customer needs.

Part 3: Environmental Management (ISO 14001)

Why Environmental Management?

Swedwise isn't a factory or a mining company. Why do we care about the environment?

Three reasons:

  1. Procurement requirements - Public sector clients demand environmental management
  2. Climate responsibility - IT has a carbon footprint (data centers, travel, devices)
  3. Our values - Sustainability aligns with being a responsible employer

Environmental Aspects at Swedwise

An "environmental aspect" is how our activities impact the environment.

Significant Aspects for Consultants

Activity Environmental Impact What You Can Do
Business travel CO2 emissions Choose train over flight when reasonable; combine trips
Client site work Energy consumption Turn off equipment when not in use; use power-saving modes
Remote work Energy, e-waste Optimize home office energy; properly recycle old devices
Procurement Resource use Choose sustainable suppliers; consider product lifecycle
Digital services Data center energy Optimize code/systems for efficiency; delete unused data

Office-Based Activities

Activity Environmental Impact What You Can Do
Office energy Electricity consumption Lights off, adjust heating/cooling, shut down workstations
Waste Landfill, recycling Sort waste correctly; reduce printing
Purchasing Resource depletion Buy durable equipment; choose eco-labeled products

Life-Cycle Perspective

We think about environmental impact across the full lifecycle:

Procurement → Use → End of Life
     ↓          ↓         ↓
Choose eco-   Efficient  Recycle/
friendly      operation  reuse
suppliers

Example: When we buy laptops, we consider:

  • Manufacturer's environmental practices
  • Energy efficiency during use
  • Recyclability at end of life

Environmental Policy (Overview)

Our Environmental Policy commits us to:

  • Minimizing environmental impact of operations
  • Complying with environmental legislation
  • Preferring sustainable travel and procurement
  • Continuous environmental improvement
  • Transparent reporting

Your part: Make environmentally conscious choices; suggest green improvements.

Part 4: Information Security Management (ISO 27001)

Why Information Security?

As consultants, you handle:

  • Customer data
  • Business-critical systems
  • Confidential project information
  • Credentials and access rights

One breach can: Destroy trust, trigger legal liability, lose contracts, damage our reputation.

Information security is everyone's job.

The CIA Triad (Not the Spy Agency)

Information security protects three things:

Principle Meaning Example
Confidentiality Only authorized people access information Customer contracts aren't shared publicly
Integrity Information is accurate and unaltered Code changes are reviewed and versioned
Availability Information is accessible when needed Systems have backups; uptime is monitored

Risk-Based Approach

We identify risks and apply appropriate controls.

Risk scenario: Consultant works at client site using public Wi-Fi

  • Risk: Data interception, unauthorized access
  • Controls: VPN required, encrypted connections, screen privacy filters

You don't need to be a security expert, but you do need to:

  • Follow security procedures
  • Recognize suspicious activity
  • Report incidents immediately
  • Ask when unsure

Common Security Scenarios for Consultants

Scenario 1: Client Site Access

Situation: You're given admin access to a client system.

Your responsibilities:

  • Use access only for authorized purposes
  • Don't share credentials
  • Log out when leaving workstation
  • Report any unusual activity
  • Return/disable access when project ends

Scenario 2: Remote Work

Situation: Working from home or coffee shop.

Your responsibilities:

  • Use VPN for all Swedwise/client systems
  • Lock screen when away from device
  • Don't discuss confidential matters in public
  • Secure your home network (strong Wi-Fi password)
  • Keep devices encrypted and password-protected

Scenario 3: Email and Phishing

Situation: Receive unexpected email asking for credentials or urgent action.

Your responsibilities:

  • Verify sender before clicking links or opening attachments
  • Never provide credentials via email
  • Report suspicious emails to IT/CISO
  • When in doubt, ask

Information Security Policy (Overview)

Our Information Security Policy commits us to:

  • Protecting confidentiality, integrity, and availability of information
  • Risk-based security controls
  • Compliance with legal and contractual requirements
  • Security awareness and training
  • Incident response and continuous improvement

Your part: Follow security procedures; report incidents; think before you click.

Part 5: How the IMS Works at Swedwise

Document Structure

Think of the IMS as a pyramid:

             [Policies]
              ↓
         [Procedures]
              ↓
         [Guidelines]
              ↓
      [Forms & Templates]
Document Type Purpose Example When You Need It
Policies High-level commitments approved by management Information Security Policy Understand overall approach
Procedures Step-by-step instructions for key processes Incident Management Procedure When handling an incident
Guidelines Best practices and recommendations Secure Coding Guideline Looking for advice
Forms Templates for consistent documentation Nonconformity Report Form Reporting an issue

Where to Find Documents

IMS Portal: [Internal URL - to be added]

All documents are organized by:

  • Standard (Quality, Environmental, Security)
  • Type (Policy, Procedure, Guideline, Form)
  • Topic (Risk management, Incident handling, etc.)

Search tip: Use document IDs (e.g., SW-ISMS-PRO-002) for quick access.

Reporting Issues and Suggestions

We have several channels depending on what you need:

What to Report Where to Report Response Time
Security incident CISO immediately Urgent
Quality nonconformity Quality Lead or manager 2 business days
Environmental concern Environmental Lead 1 week
Improvement suggestion Your manager or directly in IMS portal Next management review
Urgent customer issue Account manager + Quality Lead Immediate

Remember: Reporting isn't about blame. It's about improvement.

Management Review and Audits

Management Review

  • Frequency: Quarterly
  • Purpose: Review IMS performance, make decisions
  • Your input: Suggestions and improvement ideas are always welcome

Internal Audits

  • Frequency: Annually (minimum)
  • Purpose: Check IMS is working, find improvement opportunities
  • Your role: Be honest, share real experiences (not just what you think auditors want to hear)

External Audits (Certification)

  • Frequency: Annual surveillance, full re-certification every 3 years
  • Purpose: Independent verification we meet ISO standards
  • Your role: Cooperate honestly, demonstrate how you follow procedures

Audit tip: Audits aren't exams. If you don't know something, say so and ask where to find the answer.

Part 6: Your Responsibilities

Every Swedwise Employee Must:

1. Know and Follow Policies

  • Read the key policies (Quality, Environmental, Information Security)
  • Understand how they apply to your role
  • Follow procedures relevant to your work

When you're unsure: Ask your manager, Quality Lead, or CISO.

2. Report Incidents and Nonconformities

Nonconformity: Anything that doesn't meet a requirement (policy, procedure, customer expectation, legal obligation).

Examples:

  • Security incident (lost device, suspected breach)
  • Customer complaint or dissatisfaction
  • Environmental spill or violation
  • Process not followed, causing problems
  • Equipment failure affecting service

How to report:

  1. Immediate safety/security issues: Report to manager and CISO NOW
  2. Other nonconformities: Use the Nonconformity Report Form (SW-IMS-FRM-001)
  3. Minor suggestions: Continuous improvement suggestion box or manager

Why report:

  • Prevents small problems from becoming big ones
  • Helps us improve processes
  • Protects you, colleagues, and customers
  • Required for ISO certification

3. Embrace Continuous Improvement

You're on the front lines. You see what works and what doesn't.

Ways to contribute:

  • Suggest process improvements
  • Share lessons learned from projects
  • Participate in improvement initiatives
  • Challenge the status quo constructively
  • Share knowledge with colleagues

Remember: Swedwise is a learning organization. Your insights matter.

4. Maintain Competence

The IMS requires you to:

  • Complete required training (like this one)
  • Keep skills current in your discipline
  • Understand procedures relevant to your role
  • Ask questions when you don't know

Your manager's responsibility: Ensure you have the competence and resources to do your job.

5. Think Holistically

When making decisions, consider:

  • Quality: Does this meet customer needs? Will it work reliably?
  • Environment: What's the environmental impact? Is there a greener option?
  • Security: Am I protecting information? Are there security risks?

This doesn't mean every decision requires deep analysis. But develop the habit of considering all three.

Part 7: Quick Reference

Key Contacts

Area Contact When to Reach Out
Quality Management Quality Lead Nonconformities, customer complaints, quality questions
Environmental Management Environmental Lead Environmental concerns, sustainability questions
Information Security CISO Security incidents, access issues, security questions
General IMS Your manager First point of contact for most IMS questions

Common Scenarios - Quick Guide

"I lost my work laptop"

  1. Immediately notify CISO and your manager
  2. Change passwords for all accounts
  3. File incident report (SW-ISMS-FRM-002)

"A customer is unhappy with our service"

  1. Listen and document the complaint
  2. Notify account manager and Quality Lead
  3. Work with team to resolve
  4. File nonconformity report if warranted

"I found a way to improve our process"

  1. Document the suggestion clearly
  2. Discuss with your manager or team
  3. Submit via IMS improvement process

"I'm not sure if I should report something"

Rule of thumb: When in doubt, report it. It's better to over-report than miss something important.

Document ID Title Key Use
SW-IMS-POL-001 Integrated Management System Policy Overall IMS framework
SW-QMS-POL-001 Quality Management Policy Quality commitments
SW-EMS-POL-001 Environmental Management Policy Environmental commitments
SW-ISMS-POL-001 Information Security Policy Security commitments
SW-IMS-FRM-001 Nonconformity Report Form Reporting issues
SW-ISMS-PRO-002 Incident Management Procedure Handling security incidents

Check Your Understanding

This assessment verifies you understand the key concepts. You need 80% (8/10 correct) to pass.

You have 3 attempts. Good luck!

Question 1

What does IMS stand for?

A) International Management Standard
B) Integrated Management System
C) Information Management Security
D) Internal Monitoring System

Correct Answer: B

Question 2

Which three ISO standards does Swedwise's IMS integrate?

A) ISO 9001, ISO 14001, ISO 45001
B) ISO 27001, ISO 20000, ISO 22301
C) ISO 9001, ISO 14001, ISO 27001
D) ISO 9000, ISO 14000, ISO 27000

Correct Answer: C

Question 3

You're working remotely from a coffee shop and need to access a client system. What should you do?

A) Connect directly - the coffee shop Wi-Fi is probably fine
B) Use your mobile hotspot instead of public Wi-Fi
C) Connect using VPN to protect the connection
D) Wait until you're back at home or the office

Correct Answer: C

Explanation: VPN encrypts your connection, protecting data even on untrusted networks. While mobile hotspot (B) is also more secure than public Wi-Fi, VPN is the required control for accessing sensitive systems remotely.

Question 4

What does the "P" in the PDCA cycle stand for?

A) Prepare
B) Plan
C) Process
D) Perform

Correct Answer: B

Explanation: PDCA = Plan, Do, Check, Act - the continuous improvement cycle.

Question 5

Which of the following is an example of a nonconformity that should be reported?

A) A colleague is 5 minutes late to a meeting
B) You disagree with a management decision
C) A customer's data was accidentally sent to the wrong recipient
D) The coffee machine is broken

Correct Answer: C

Explanation: Sending customer data to the wrong recipient is a security incident and quality nonconformity - it violates both confidentiality and customer requirements. This must be reported immediately.

Question 6

What are the three principles of information security (the CIA triad)?

A) Confidentiality, Integrity, Availability
B) Control, Inspection, Audit
C) Compliance, Integration, Assessment
D) Communication, Investigation, Action

Correct Answer: A

Question 7

You notice that a process at Swedwise could be improved. What should you do?

A) Nothing - process improvement is management's job
B) Complain to colleagues but don't formally suggest anything
C) Document the suggestion and discuss with your manager or submit via the IMS improvement process
D) Just start doing it your way without telling anyone

Correct Answer: C

Explanation: Swedwise is a learning organization. Your improvement ideas are valuable and should be shared through proper channels so they can be evaluated and potentially implemented for everyone.

Question 8

Which environmental aspect is most significant for Swedwise consultants?

A) Manufacturing waste
B) Business travel (CO2 emissions)
C) Water pollution
D) Agricultural runoff

Correct Answer: B

Explanation: As an IT consultancy, our most significant environmental impact comes from business travel. Manufacturing waste, water pollution, and agricultural runoff aren't relevant to our business activities.

Question 9

You receive an email that appears to be from IT, asking you to verify your password by clicking a link. What should you do?

A) Click the link - it's from IT
B) Reply with your password
C) Ignore it completely
D) Verify with IT/CISO before clicking; report as potential phishing

Correct Answer: D

Explanation: This is a classic phishing scenario. Legitimate IT will never ask for passwords via email. Always verify suspicious requests and report them.

Question 10

What is the primary purpose of the IMS at Swedwise?

A) To create bureaucracy and paperwork
B) To pass audits and get certifications
C) To systematically manage quality, environmental, and security aspects while enabling continuous improvement
D) To restrict employee autonomy

Correct Answer: C

Explanation: While certifications are a benefit, the IMS's real purpose is to provide a framework for managing quality, environment, and security effectively while supporting our learning organization culture. It should enable good work, not create barriers.

Congratulations!

You've completed the IMS Awareness Training.

What happens next:

  1. Complete the assessment (if you haven't already)
  2. Certificate of completion will be issued upon passing
  3. This training is valid for 12 months
  4. You'll receive a reminder when it's time to refresh

Remember:

  • IMS documents are always available in the IMS Portal
  • Questions? Contact Quality Lead, Environmental Lead, or CISO
  • Your suggestions for improvement are always welcome

Thank you for investing this time. Now, go make time for the good!

Need Help?

Question About Contact
Quality management Quality Lead
Environmental management Environmental Lead
Information security CISO
This training course Quality Lead
Technical issues with LMS IT Support

IMS Portal: [URL to be added]
Training Support: training@swedwise.se

Related Documents