IntroductionQuality management

Quality management: Compliance with international standards

The Institute of Biostatistics and Analyses of the Masaryk University (IBA MU) has long-term experience with research and services in the areas of information technology and data analysis. In September 2008, IBA MU obtained the first certificate – ISO/IEC 20000-1:2006 guaranteeing the quality of IT services. Two more certification audits – quality management systems (EN ISO 9001:2009) and information security management system (ISO/IEC 27001:2006) – were successfully passed in September 2009. IBA MU outputs and services are currently guaranteed by the ISO/IEC 27001 certificate. The quality management system as well as the IT service management system remain implemented, and have been maintained according to the latest versions of the respective standards. The Division of Clinical Projects team also focuses on the management of clinical research projects, and has undergone training in the good clinical practice (GCP).

The point of the above-mentioned standard is to map and to monitor all processes taking place in the organisation, which subsequently facilitates their effective management and control. On top of that, introduction of these standards significantly reduces potential risks occurring from providing IT services and processing data, in terms of technical failure, personnel issues, or even natural disasters.

According to the available information, IBA MU is the first academic site in the Czech Republic that holds all three certifications focused on quality management systems, information security management system and IT service management. As part of the Masaryk University, IBA MU has become an elite institution in the field of data processing and IT solutions not only in the academic field but also in the commercial sphere.

The three certifications have logical links and mutually complement each other: EN ISO 9001:2009 is a well-known standard of more general characteristics ensuring effective management of the organisation and high quality of products or services. In contrast, ISO/IEC 20000-1:2006 is a relatively new standard focusing on the quality of IT services, their reliability, availability and support for clients in case of problems. Both standards are supplemented with ISO/IEC 27001:2006, which refers to information security management. As regards the protection of data processing, IBA MU has successfully passed an audit performed by the Office for Personal Data Protection (the Czech data protection authority) in 2012.

Information is often the most important article held by many organisations. This is particularly true in the area of health care, which is the IBA MU’s main area of interest. This is the reason why information and data need to be protected and why the risk of their leakage or misuse needs to be minimised. The above-mentioned standards confirm that IBA MU is able to guarantee all of it.