ISO 27001 Information Security Management System

ISO 27001 provides a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS). 

The adoption of an ISMS should be a strategic decision for an organisation.

The design and implementation of an organisation’s ISMS is influenced by their needs and objectives, security requirements, the processes employed and the size and structure of the organization. These and their supporting systems are expected to change over time. It is expected that an ISMS implementation will be scaled in accordance with the needs of the organization, e.g. a simple situation requires a simple ISMS solution.

ISO 27001 covers all types of organizations (e.g. commercial enterprises, government agencies, non-profit organisations). And specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving documented ISMS within the context of an organisation’s overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organisations or parts thereof. The ISMS is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties.

For more detail, please refer to ISO 27001 brochure.

OHSAS 18001 Occupational Health and Safety Management System

OHSAS 18001 demonstrates to your stakeholders that you're confident in your organisation's ability to meet health and safety legislation requirements. Not only does it highlight commitment to implementing, maintaining and improving health and safety policy, but it can also provide your organisation with a competitive edge.

BENEFITS OF OHSAS 18001 STANDARD

• Gain competitive advantages in the global market
• Enhance health and safety working environment
• Enhance company image and brand reputation
• Continual improvement of organisational performance
• Encourage organisations to improve working environment with ensured health and safety for employees
• Demonstrate your commitment to health and safety towards company’s stakeholders
• Ensure compliance with the legal and regulatory requirements
• Better management of health and safety risk and potentially reduced public liability

ISO 14001 Environment Management System

ISO 14001:2004 sets out the criteria for an environmental management system and can be certified to. It does not state requirements for environmental performance, but maps out a framework that a company or organization can follow to set up an effective environmental management system. It can be used by any organization regardless of its activity or sector. Using ISO 14001:2004 can provide assurance to company management and employees as well as external stakeholders that environmental impact is being measured and improved.

Benefits of ISO 14001 Standard

• Demonstrate your environmental commitment to stakeholders
• Improve profitability through controlling of raw material usage, energy consumption and disposal cost reduction etc
• Improve process efficiency, business performance and enhance business competence
• Exhibit a level of assurance to achieving legal and regulatory guidelines
• Increase your access to new customers and business partners
• Help to better manage your environmental risks, now and in the future
• Potentially reduces public liability insurance costs

How ISO 9001 can impact and help our business or organization?

ISO 9001:2008 sets out the criteria for a quality management system and is the only standard in the family that can be certified to (although this is not a requirement). It can be used by any organization, large or small, regardless of its field of activity. In fact ISO 9001:2008 is implemented by over one million companies and organizations in over 170 countries.

This standard is based on a number of quality management principles including a strong customer focus, the motivation and implication of top management, the process approach and continual improvement. These principles are explained in more detail in the pdf Quality Management Principles. Using ISO 9001:2008 helps ensure that customers get consistent, good quality products and services, which in turn brings many business benefits.

ISO 9001 Quality Management System

The new standard is process model based and has been developed using a core set of eight quality management principles defined in ISO 9001:2008, Quality Management Systems Fundamentals and Vocabulary, and in ISO 9004:2000, Quality Management Systems Guidelines for Performance Improvements. They are:

• Customer focus: An organisation depends on its customers and should therefore understand current and future customer needs, meet customer requirements and strive to exceed customer expectations.
• Leadership: Leaders establish unity of purpose and direction of an organisation. They should create and maintain the internal environment in which people can become fully involved in achieving an organisation's objectives.
• Involvement: People at all levels are the essence of an organisation and their full involvement enable their abilities to be used for the organisation's benefit.
• Process approach: A desired result is achieved more efficiently when related resources and activities are managed as a process.
• System approach to management: Identifying, understanding and managing a system of interrelated processes as a system contribute to an organisation's effectiveness and efficiency in achieving its objectives.
• Continual improvement: Continual improvement of an organisation's overall performance should be a permanent objective of the organisation.
• Factual approach to decision making: Effective decisions are based on the analysis of data and information.
• Mutually beneficial supplier relationships: An organisation and its suppliers are interdependent and a mutually beneficial relationship enhances the ability of both to create value.

Benefits of ISO 9001 standard

• Improve business performance and enhance business competence
• Attract investment and improve brand reputation
• Encourage internal communication and raise morale
• Increase customer satisfaction
• Strengthen effectiveness and efficiency
• Enhance internal effectiveness and improve productivity performance through elimination of unnecessary costs

How to get ISO certificate?

1. Determine the scope of certification, whether a specific process or the entire operation. Exclusions to parts of section 7 can be considered, but this is only permissible where the requirement does not apply to the organization, meaning if the organization has no design function, there is no design work to be controlled or audited.

2. Appoint a Quality Management Representative (QMR) for ISO 9001 who is responsible for the implementation and management of the ISO System, which includes providing administration and documentation support; developing, implementing, and driving plans to train employees; ensuring all relevant standard, procedures and policies are adhered to by the employees, evaluating the progress and report achievement to top management; and arranging the external  certification body audit.

3. The company can choose to train current employees or hire an experienced management system consultant.

4. Once the management system is developed and documented, communication and training activities occur. It usually takes a minimum of three months for data collection, which needs to be completed before the external site audit can be carried out.

5. Select which certification body to be use

6. You will need to provide some basic information on the certification application, which will be used to confirm the total audit-man days and the dates of the Stage 1 and Stage 2 audits.

7. If the auditor does not find non conformance, they will recommend certification. It usually takes about 6 to 10 weeks to receive the certificate.

8. External auditor will come back on a yearly basis for surveillance audits. The audit man-days will be fewer than Stage 2 audit. The purpose of surveillance audit is to make sure the company align back to the ISO requirements.

9. A re-certification audit will be required when the certificate validation expires. Plan the audit at least two months in advance of the expiration date to prevent your certification from lapsing.

What is UKAS?

UKAS (United Kingdom Accreditation Service) is the sole national accreditation body recognized internationally to assess, against internationally agreed standards, organisations that provide certification, testing, inspection and calibration services.

Accreditation is a formal, third party recognition of competence to perform specific tasks. It provides a means to identify a proven, competent evaluate so that the selection of a laboratory, inspection or  certification body is an informed choice. UKAS accreditation means the evaluator can demonstrate to its customer that it has been successful at meeting the requirements of international accreditation standards.

Usually the reason for getting something independently evaluated is to confirm it meets specific requirements in order to reduce risks. Obvious examples are product failure, health risks, company reputation or to meet legal or customer requirements. Anything or anyone can be evaluated - products, equipment, people, management systems or organisations.

Accreditation by UKAS means that evaluators: testing and calibration laboratories, inspection and certification bodies have been assessed against internationally recognised standards to demonstrate their competence, impartiality and performance capability.

What is ISO Certification Body?

ISO Organization develops International Standards, however, it is not involved in the certification to any of the standards it develops. Certification is performed by external ISO certification bodies (Like DAS Certification), which are largely private. Therefore a company or organization cannot be certified by ISO.

Certification bodies are not a members or employees of the International Organization for Standardization. The external certification body will performs inspections and audits to assess client's company. ISO Certificate will be issue to the company if they able to comply to ISO standards.

How to apply for ISO certification?

What is Standard?

Learn more about standards and what they can do for you...

International Standards make things work. They give world-class specifications for products, services and systems, to ensure quality, safety and efficiency. They are instrumental in facilitating international trade.

ISO has published more than 19500 International Standards covering almost every industry, from technology, to food safety, to agriculture and healthcare. ISO International Standards impact everyone, everywhere.

What is ISO?

ISO is the International Organization for Standardization,  is an independent, non-governmental membership organization that provide state-of-the-art specifications for products, services, and management systems in order to break down barriers to international trade.

The best-known management system standards are ISO 9001 Quality Management System, ISO 14001 Environmental Management System, ISO 27001 Information Security Management System,  OHSAS 18001 Occupation Health & Safety Management System.

The ISO is comprised of members from the national standards bodies of 163 countries. It’s Central Secretariat in Geneva, Switzerland, coordinates the system.