ISO standards are not just for the large enterprises, they are of benefit to start-ups, micro businesses, SMEs and large undertakings alike.



Similar documents
Quality Management Standard BS EN ISO 9001:

Achieve ISO Certification

Information for Schools and Colleges. So you want to. Know more about the BS EN ISO 9000:2000 family of quality management system standards

ISO/IEC 17021:2011 Conformity assessment Requirements for bodies providing audit and certification of management systems

Preparing yourself for ISO/IEC

WHITE PAPER CQI. Chartered Quality Institute

CQI. Chartered Quality Institute

IAF Mandatory Document for the Transfer of Accredited Certification of Management Systems

Is securing personal information a priority? Reassure clients and achieve data protection compliance with BS 10012

Name: Lynda Cooper Date: November 24th. Revising ISO/IEC to fit the future of service management

How do I gain confidence in an Inspection Body? Do they need ISO 9001 certification or ISO/IEC accreditation?

TRAINING BROCHURE 2015

ISO 9001:2015 Your implementation guide

Need to protect your information? Take action with BSI s ISO/IEC

ISO 27001: Information Security and the Road to Certification

ISO 9001 and the Supply Chain

ISO 9001 REVISION INTRODUCTION TO ISO 9001: 2015

IRCA Briefing note ISO/IEC : 2011

INFORMATION SECURITY: UNDERSTANDING BS BS 7799 is the most influential, globally recognised standard for information security management.

UKAS Guidance for bodies operating certification of Trust Service Providers seeking approval under tscheme

INTRODUCTION TO ISO 9001 REVISION - COMMITTEE DRAFT

ISO 14001:2015 How your ISO audit will be different. Whitepaper

ISO 9001:2015 Revision Frequently Asked Questions

The Information Security Management System According ISO The Value for Services

Standards and accreditation. Tools for delivering better regulation

Want to exceed customer expectations and stand out from the crowd? Third party approval of management systems from BRE Global.

Navigating ISO 9001:2015

NEW SCHEME FOR THE INFORMATION SECURITY MANAGEMENT WITH ISO 27001:2013


ISO 9001 Quality Management System Lead Auditor Training (IRCA)

Basics of Sustainability. Environmental Management Systems (EMS)

Guidance for accreditation of EN 15224:2012 Health care services Quality management systems Requirements based on EN ISO 9001:2008

UK Aerospace Industry Controlled Other Party (ICOP) Auditor Authentication Scheme

IAF Mandatory Document

Cyber Essentials Scheme. Summary

Information Security Management System (ISMS) Overview. Arhnel Klyde S. Terroza

ISO 9001:2015 Draft International Standard Overview

Hidden Supply Chain Risk A Social, Quality, Environmental and Security Challenge

Selection and use of the ISO 9000 family of standards

Need to protect your information? Take action with BSI s ISO/IEC

ISO/IEC 27001:2013 webinar

WHAT MAKES YOUR OCCUPATIONAL HEALTH AND SAFETY SYSTEMS STANDARD BEST-IN-CLASS?

BECOMING A CONSTRUCTIONLINE MEMBER

The Benefits of ISO50001 Energy Management System & Case Study. Becky Toal MD of Crowberry Consulting Ltd and Lead Auditor SGS

National Accreditation Board for Certification Bodies. Accreditation Criteria

AUDITOR GUIDELINES. Responsibilities Supporting Inputs. Receive AAA, Sign and return to IMS with audit report. Document Review required?

HKCAS Supplementary Criteria No. 8

ISO/IEC 27001:2013 Your implementation guide

Quality Management Systems Foundation Training Course

iso20000templates.com

The Translation Service Provider s Guide to BS EN 15038

An introduction to BSI

Management Systems Consultancy & Support Specialists

Certification criteria for. OH&S Management Systems Foundation Training Course

Higher audit threshold for charities

Moving from ISO/IEC 27001:2005 to ISO/IEC 27001:2013

Statement of Guidance: Outsourcing All Regulated Entities

quality, health & safety and environment training and consulting

The ISO standard

IAF Informative Document. IAF Informative Document for the Transition of Management System Accreditation to ISO/IEC 17021:2011 from ISO/IEC 17021:2006

For the latest information on VHP publications, visit our website:

Client information note Assessment process Management systems service outline

AN OVERVIEW OF INFORMATION SECURITY STANDARDS

Memorandum of Understanding

International Organization for Standardization

Document Reference APMG 15/015

your risks Find out more about our affordable, secure shredding and recycling service.

By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd

ELECSA and the Fire Industry

MANAGEMENT SYSTEMS WHITE PAPER OF ISO 9001 REVISION. ISO 9001:2015 Revision. Understanding Changes and Preparing for Transition

Implementing ISO 9001

IAF Informative Document for the Transition of Food Safety Management System Accreditation to ISO/TS 22003:201X from ISO/TS 22003:2007

EA IAF/ILAC Guidance. on the Application of ISO/IEC 17020:1998

Improving global standard to be a key driver of innovation. Colin MacNee. 2012, 2013, 2014 Duncan MacNee Limited.

Fire Protection Industry Scheme Reference SP205 Part 1

ISO 9001:2015 Overview of the Revised International Standard

GENERIC STANDARDS CUSTOMER RELATIONSHIPS FURTHER EXCELLENCE CUSTOMISED SOLUTIONS INDUSTRY STANDARDS TRAINING SERVICES THE ROUTE TO

QSS 0: Products and Services without Bespoke Contracts.

TOTAL QUALITY MANAGEMENT II QUALITY AUDIT

Need a system to deliver consistent, efficient and reliable IT services? Use an ISO/IEC compliant management system.

Australian Standard. Information technology Service management. Part 2: Guidance on the application of service management systems

HKCS RESPONSE COMMONLY ACCEPTED AUDIT OR ASSESSMENT MECHANISM TO CERTIFY INFORMATION SECURITY STANDARDS

RG 7 Accreditation for Inspection Bodies Performing Non-Destructive Testing

Discover more about the Homecare UK Franchise Business

ISO 9001: 2008 Boosting quality to differentiate yourself from the competition. xxxx November 2008

ISMS Implementation Guide

How To Comply With The Loss Prevention Certification Board

Need to protect your business from potential disruption? Prepare for the unexpected with ISO

How to develop and maintain an OHSAS Health & Safety Management System faster, better, and smarter

Frequently Asked Questions. Unannounced audits for manufacturers of CE-marked medical devices. 720 DM a Rev /10/02

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

Introduction to the ISO/IEC Series

An Overview of ISO/IEC family of Information Security Management System Standards

PAS 99 Integrated Management. Make your management systems work in harmony Product Guide

Understanding OHSAS 18001:1999 and ANSI Z-10

ISO/IEC Information Security Management. Securing your information assets Product Guide

Procurement Policy Note Use of Cyber Essentials Scheme certification

PROMOTE YOUR BUSINESS FPFREE PACK GREAT FOR DISCOVERING HOW EUROPAGES WORKS. EUROPAGES

Implementation Guidance for ISO 9001:2015

Transcription:

What are ISO Standards? Why are they Important to You? ISO standards are not just for the large enterprises, they are of benefit to start-ups, micro businesses, SMEs and large undertakings alike. Some discerning customers such as Government departments, local authorities, blue-chip companies etc require their suppliers to be ISO certified, regardless of the size of the supplier s business. In some cases it is a pre-requisite and your bid could be disqualified if the required ISO certifications are not held. If you have an ISO certification it tells your customers a lot about your business and gives them an ongoing assurance because maintaining an ISO certification requires ongoing independent auditing to ensure compliance. It allows a small business to punch above its weight when competing with other businesses. So what are ISO standards and what is needed to become certified? Firstly - It is not necessary to purchase the standards in order to read them or learn about them. The Manchester Library allows you to view most ISO and British standards online free of charge. Go to: http://www.manchester.gov.uk/info/200062/libraries/110/online_reference_library/4 Click on British Standards Online. This logs you into the British Standards Online web site where you can view ISO standards. Access is read-only, you can t save, copy or print the standards as that would be a breach of copyright. There are many ISO standards, covering virtually every business sector and industry type. For ICT businesses the most popular ISO standards are:- ISO 9001:2008 Quality Management System ISO/IEC 27001:2013 Information Security Management System ISO/IEC 20000-1:2011 IT Service Management System ISO 22301:2012 Business Continuity Management System Depending on the nature of your organisation, the number of employees and the sites you have, you may have obligations for Health & Safety and/or Environmental Management. A few of the relevant ISO standards are:- ISO 14001:2004 Environmental Management System OHSAS 18001:2007 Occupational Health & Safety Management System ISO 50001:2011 Energy Management System Other popular ISO standards which are relevant include: ISO 31000:2009 Risk Management ISO 26000:2010 Corporate Social Responsibility An organisation can gain certifications against any or all the above standards apart from ISO 31000 and ISO 26000. These two are for guidance only. Most of the above standards, which an organisation can be certified against, have one or more associated guidance documents to help you implement a management system which will comply with the standard. e.g. ISO 22313:2012 is the guidance document for the ISO 22301:2012 business continuity standard. 1

The ISO standards are periodically reviewed and revised. That is why the date at the end of the title is significant. For example, in the list above ISO/IEC 27001:2013 is quite new and supersedes ISO/IEC 27001:2005. Any organisation that is certified against ISO/IEC 27001:2005 must transition to ISO/IEC 27001:2013 before October 2015 two years after its publication. Two or three years are allowed for businesses to revise their management systems to bring them into line with the new version. The transition occurs at the next ISO audit and a new certificate is issued. Failure to transition and comply in time will result in the certificate being revoked. The following standards will be superseded with new versions in the next two years:- ISO 22301:2012 has recently been superseded by ISO 22301:2014 ISO 9001:2008 will be superseded by ISO 9001:2015 later this year ISO 14001:2004 will be superseded by ISO 14001:2015 later this year OHSAS 18001:2007 will be superseded by ISO 45001:2016 next year If you are currently working towards gaining ISO 9001:2008 certification you should continue with that version until the ISO 9001:2015 version is finalised and published, which is scheduled for release towards the end of 2015. You will then have three years to transition to the new version. ISO standards are published by the International Organization for Standardization (ISO): www.iso.org Their web site provides information about the standards and what is changing. In general, all new ISO standards are being brought into line with something called Annex SL. This simply means that when they are next revised the ISO standards will have the same structure, clause numbering, and have some standard wording regardless of the subject of the standard. This makes it a lot easier for businesses to comply with multiple ISO standards using a common or integrated management system. Once you have gained certification against one ISO standard it is just an incremental amount of effort to comply with another one, not double the effort. Common themes run through all these ISO standards. They are increasingly becoming riskbased management systems, e.g. managing the risk of an information security breach, managing the risk of not being able to fulfil obligations to customers and managing the risk of a crisis preventing your businesses from operating. Managing risk, as recommended in ISO 31000, is sometimes referred to as Enterprise Risk Management, which underpins compliance with numerous other ISO standards. Another common theme across all these ISO standards is Legal and Regulatory Compliance and compliance with other obligations such as customer contracts, landlord leases and local authority planning consent. The ISO standards require ISO certified businesses to have a process for ensuring they are aware of and comply with applicable legislation and their other obligations. Relying on a professional law firm to keep you informed about every change to UK legislation is costly so a more cost-effective approach is required. A properly implemented ISO compliant management system helps you remain legal and compliant. Applied Risk Management Ltd provides an applicable legislation update service. For further information go to: www.appliedriskmanagement.co.uk The British Standards Institute (BSI) is the organisation which publishes and sells ISO standards within the UK. BS and ISO standards can be purchased from their online shop: http://shop.bsigroup.com/ 2

Note that if you wish to purchase a number of standards within a year, consider registering as a member of BSI in order to get member discounts. You could recoup the membership fee in the savings made on the purchase price when buying more than (typically) three standards in a year. Note that you don t have to buy the standard to become certified. If you choose to gain formal certification against an ISO standard, either through choice or to meet a customer contractual requirement, you should use an accredited certification body (). There are many companies that offer ISO certification services but only accredited certifications are worth having. If you are offered a very low cost for ISO certification, compared to the big reputable certification bodies, beware as they may not be supplying accredited certifications! Accreditation is the term used to indicate that an ISO certification body has been audited and approved (hence accredited) to issue ISO certificates. For example, in the UK it is the United Kingdom Accreditation Service (UKAS) that audits the ISO certification bodies and approves them to issue ISO certificates UKAS audits them against ISO 17021-1:2011 which defines how ISO certification audits are to be conducted. i.e. UKAS audits the auditors, like a regulator. IAF UKAS Membership Accreditation Your Chosen Certification Body Certification Your Organisation On a global basis it is the International Accreditation Forum (IAF) that is the overall authority for accreditation. This body ensures standards are implemented consistently on a global basis thus supporting global trade. An accredited certification in one country is just as valuable as an accredited certification any other. UKAS is a member of the IAF. UKAS is the main body for accrediting (approving) ISO certification bodies to issue ISO certificates in the UK, empowered by law. There are other reputable accreditation bodies in the UK, such as APMG (for ISO/IEC 20000), and there are accreditation bodies based in other countries which are equally reputable. So if you are looking for a reputable organisation to issue you with an ISO certification you should look at the credentials of the certification bodies you are considering using to check they are accredited. Check they are accredited by an organisation that is a member of the IAF, such as UKAS. 3

As mentioned above, increasingly, Government departments require their suppliers to be ISO certified by a UKAS accredited certification body. For more information about accreditation and what it means for ISO certification, go to the UKAS web site: www.ukas.com The UKAS web site lists the names of the ISO certification bodies that are UKAS accredited. It also lists the bodies that have lost their accreditation for various reasons! So if you want to choose a reputable and respected organisation to audit your business and issue your ISO certifications, which your customers will accept and respect, begin by looking at the list of accredited certification bodies (s) on the UKAS web site. Note that there are other reputable accreditation bodies in addition to UKAS. Beware of certification bodies offering unaccredited ISO certifications. You may be wasting your money. Assuming you have chosen which ISO standard(s) are of interest to you, your business and your customers, and you have chosen a reputable accredited certification body () to audit your business and issue your ISO certificates, the next step is to get your business ready for ISO certification. Note that one of the golden rules is that the accredited certification body you use to audit your business and issue your ISO certificates is not allowed to advise or assist you in getting ready for certification. Beware of organisations offering to provide both consultancy and certification! To get your organisation or business ready for certification you can either read the ISO standard(s) and attempt to make your business compliant yourself, or you can seek assistance from an independent ISO management systems consultant who has experience of defining and implementing ISO compliant management systems. If you have a certification deadline to meet you ll want to get it right first time. ISO 10019 provides guidance on selecting a consultant to help you become certified. As mentioned above, you can read this standard via the Manchester Library s web site. Choosing a reputable consultant to help you define and implement your ISO compliant management system is tricky unless you know what to look for. The International Register of Certificated Auditors (IRCA) was established as a way of registering and approving ISO auditors. The IRCA web site lists the IRCA registered auditors and lets you search for auditors and verify their credentials: www.irca.org Auditors who are registered by IRCA are bound by the IRCA Code of Conduct which is also available via the IRCA web site. A mandatory part of gaining and maintaining an ISO certification is Internal Auditing, or 1 st party auditing. This is where the ISO certified business checks itself for continued compliance and self-improvement. The ISO standards do not allow a person to audit their own work, so the business needs to have enough people to achieve that, or they can outsource internal auditing to an independent auditor. Similarly, an ISO certified business has an obligation to manage its suppliers. If the supplier is also ISO certified you could trust that. If they aren t certified you could audit your suppliers but you may prefer to use an independent auditor, particularly for high value supply contracts where an independent view is more likely to be trusted and respected by both parties. Supplier auditing is also called 2 nd party auditing. ISO certification audits by an accredited certification body are usually called external audits or 3 rd party audits. 4

The following diagram shows a typical supply-chain auditing regime: 1 st Party Supplier 1 Supplier 2 Not 1 st Party 2 nd Party Your Organisation Customer Lead Supplier 3 Sub-contracted Supplier 3a Not 2 nd Party 1 st Party 1 st Party If you wish to find out more about reputable Accredited Certification Bodies, ISO standards, ISO certifications, ISO auditing (1 st, 2 nd or 3 rd party), Governance, Risk, Compliance, Applicable Legislation Update Services or just need some help defining and implementing effective policies, processes and management systems without going as far as formal ISO certification, contact: Andrew Mills BSc CEng MIET MBCI IRCA Applied Risk Management Limited c/o Ross Building Adastral Park Martlesham Heath Ipswich IP5 3RE Mobile: 07773 402952 E-mail: andy.mills@appliedriskmanagement.co.uk Web: www.appliedriskmanagement.co.uk Applied Risk Management Ltd can provide ISO standards and management systems consultancy on half-day or daily rates. Contact us now for a no-obligation quote. An electronic copy of this article, in PDF format, is available free from Applied Risk Management Ltd. Ask about our Applicable Legislation Update service too! End 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information