Information Security Manager Mentor Spotlight: Paul Shaw

A Q & A with our New Mentor Paul Shaw

Free Forever

Take a look at our compliance management software and start preparing for your next audit today

We are excited to introduce a new quality mentor on, Paul Shaw. Paul is an information security manager, and qualified auditor of an array of ISO standards including 9001, 45001, 27001 and 22301, with over 20 years of experience. Read on to find out more about Paul and his work in quality management, or visit his profile and contact him here.

How did you get involved in Quality? 

I began my career in Quality in 1990 when I implemented a QMS system that conformed to the ISO9001 standard, known then as BS5750, at a construction company.

I was contacted through word of mouth then (before the internet!), by the company accountant whom I had known. This experience helped to catapult me into a long and rewarding career in freelance consultancy.

My career has not been limited to quality standards only, but has branched out to include a range of other areas such as health and safety, environmental, IT and business continuity. 

What are your specialisms as an information security manager?

When there is a clear issue with quality, for example a significant number of complaints on a product, I will look at the processes in place, diagnose any issues, and solve them. Building solutions to problems is one of my key skills.

Once a company takes me on, I will strip them back to the bare bones and look at process design. I commonly find issues with digital processes, even now since businesses have been forced to increase technology to resolve geographical and remote working issues.

In regards to industries, I don’t specialise in any particular one – I have worked in all sorts! I would say the majority of my work currently has been in the insurance banking sector, but I also do a lot for engineering companies. I was trained up originally in engineering, so that helps me there.

However, I also have a masters in computer science which helps me to work with computing companies, but also to solve issues within any company related to IT and computing.

My wide training and experience allows me to be holistic and look at the company as a whole rather than just fix the odd problem. For example, when GDPR was introduced I got a lot of clients who just wanted their data processes sorted out, but once I was there they realised that I could help with so much more.

What is your favourite thing about Quality Management?

Perfectionism has always been a trait of mine, and I believe as a business that you should always be striving for perfection. The benefits of doing so, even if ‘perfection’ is never truly achieved, are remarkable and are what I get a lot of positive client feedback on.

Customer satisfaction has always been key to me, and to nurturing my passion for my career.

What does a typical day of work look like for you as an information security manager?

In the real world, I would normally be on site doing process design. I find it quite funny as a consultant that I am often expected to tell the business what they need to do, rather than make suggestions and have a two-way conversation about it.

The company I was at yesterday told me that they would just go with whatever I said. I asked him what his objectives were, and he asked me what I thought his objectives would be. To work as a consultant, you need to be able to work with the people in the business to create the designs, as they are on the ground everyday and know the business inside and out.

What interests you about becoming a mentor?

I am excited to share knowledge and spread business process designs I have come across with my peers. Our arena is a crowded one, and there are lots of consultants out there who use different methods, so I think it will be great for us all to put our heads together.


What do you think the next big thing will be in Quality?

Business process design has changed massively in the last 3-6 months, and I think it will be changing again. There will be a new phase when furlough ends and companies have to send staff back into work.

When this happens, there will be a clear opportunity ask why things are done the way they are. For example, an engineering company’s staff will mostly have to be on site, but the bookkeeper can continue working from home.

Leave a Reply


Our Compliance QMS Software

Add your quality procedures and processes and tag them against your standards of choice to make audits quick and easy.