ISO STANDARDS

ISO 9001:2015

ISO 9001:2015 is designed to respond to the latest trends and be compatible with other management systems such as ISO 14001.

The new version follows a new, higher level structure to make it easier to use in conjunction with other management system standards, with increased importance given to risk ISO 9001:2015 applies to any organisation, regardless of size or industry.

Because ISO 9001 specifies the requirements for an effective quality management system, organisations find that using the standard helps them:

Organize processes
Improve the efficiency of processes
Continually improve
Organize a QMS
Create satisfied customers, management, and employees
All organisations that use ISO 9001:2008 are encouraged to transition to ISO 9001:2015 as soon as possible. This includes not only organisations that are certified to ISO 9001:2008, but also any organisations involved in training or certifying others.

ISO 9001 is based on the plan-do-check-act methodology and provides a process – oriented approach to documenting and reviewing the structure, responsibilities, and procedures required to achieve effective quality management in an organization.

Specific sections of the standard contain information on topics such as:

Requirements for a quality management system, including documentation of a quality manual, document control, and determining process interactions.
Responsibilities of management include management of resources, including human resources and an organization’s work environment.
Product realization, including the steps from design to delivery include measurement, analysis, and improvement of the QMS through activities like internal audits and corrective and preventive action.

ISO 9001:2015 specifies requirements for a quality management system when an organization:

Needs to demonstrate its ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements, andAims to enhance customer satisfaction through
the effective application of the system, including processes for improvement of the system and the assurance of conformity to customer and applicable statutory and regulatory requirements.

All the requirements of ISO 9001:2015 are generic and are intended to be applicable to any organisation, regardless of its type or size, or the products and services it provides.

ISO 14001:2015

A newly revised version has just been published, to ensure it remains relevant to the marketplace. ISO 14001:2015 responds to the latest trends, such as an increasing recognition by companies of the need to factor in both external and internal elements that influence their impact, including climate volatility.

Other key improvements in the new version include:

A greater commitment from leadership.An increased alignment with strategic direction.
An increased alignment with strategic direction.
Greater protection for the environment, with a focus on proactive initiatives.
More effective communication, driven through a communications strategy.
Life-cycle thinking, considering each stage of a product or service, from development to end-of-life.

ISO 14001:2015 helps an organization achieve the intended outcomes of its environmental management system, which provide value for the environment, the organization itself and interested parties. Consistent with the organization’s environmental policy, the intended outcomes of an environmental management system include:

Enhancement of environmental performance.
Fulfilment of compliance obligations.
Achievement of environmental objectives.

ISO 14001:2015 can be used in whole or in part to systematically improve environmental management. Claims of conformity to ISO 14001:2015, however, are not acceptable unless all its requirements are incorporated into an organization’s environmental management system and fulfilled without exclusion.

ISO 14001:2015 specifies the requirements for an environmental management system that an organization can use to enhance its environmental performance.

ISO 14001:2015 is intended for use by an organization seeking to manage its environmental responsibilities in a systematic manner that contributes to the environmental pillar of sustainability.

ISO 14001:2015 is applicable to any organization, regardless of size, type and nature, and applies to the environmental aspects of its activities, products and services that the organization determine

OHSAS 18001

The OHSAS 18001 is the international Occupational Health and Safety Management System standard. These standards are applicable to companies of any size, but is especially relevant to companies with a large work force, manual and heavy work tasks, and/or high risk work environments. Targeting the health and safety of employees proves that you are actively working to ensure that your operations are safe both for your employees and the surrounding environment.

The benefits of implementing a systematic and effective OHSAS management system include the following

Reducing the number of personnel injuries through prevention and control of workplace hazards.
Reducing the risk of major accidents.
Ensuring a well-qualified and enthusiastic workforce by fulfillment of the increasing expectations of your employees.
Reducing the material loss caused by accidents and in production interruptions.
Reducing insurance costs as well as reducing costs due to absence of employees.
Serving the possibility for an integrated management system including quality, environment and health and safety.
Ensuring that appropriate legislation is addressed and acted upon.
Meeting the increasing importance of OH&S; for public image.

OHSAS 18001 has been developed to be compatible with ISO 9001 and ISO 14001 to allow for easy integration. Legislative & regulatory commitment and continual improvement are two important aspects of OHSAS 18001.

The elements of OHSAS 18001 include:

Policy and commitment.
Hazard identification, risk assessment & risk controls.
Legal requirements.
Objectives & Programs.
Organization & personnel.
Training, Communication & Consultation.
Documentation & records.
Operational Controls.
Emergency Readiness.
Measurement & monitoring.
Accident & incident investigation, corrective & preventive action.
Audit & Reviews

ISO 22000 FOOD SAFETY CERTIFICATION

SO 22000 is a Food Safety Management System that can be applied to any organization in the food chain, farm to fork. Becoming certified to ISO 22000 allows a company to show their customers that they have a food safety management system in place. This provides customer confidence in the product. This is becoming more and more important as customers demand safe food and food processors require that ingredients obtained from their suppliers to be safe.

The International Organization for Standardization (ISO) developed the Food Safety Management System Certification: ISO 22000. ISO and its member countries used the Quality Management System approach, and tailored it to apply to Food Safety, incorporating the widely used and proven HACCP principles and Good Manufacturing Principles (addressed by Prerequisite Programs in ISO 22000).

The standard has requirements for Food Safety Management Systems processes and procedures, and requires that the organization implement prerequisite programs and HACCP.

Unlike some of the other Food Safety Management Systems Certification programs (for example FSSC 22000 and SQF) the ISO 22000 does not have specific requirements for prerequisite programs (PRPs), but requires that the organization identifies and implements the appropriate programs. This makes it more flexible, and food organizations of any type can implement and be certified to ISO 22000.

Food processors and manufacturers can use the ISO Technical specification ISO/TS 22002-1 to develop their PRP programs. It outlines the requirements for PRP programs that are applicable to these organizations. The requirements outlined are widely accepted and are equivalent to the requirements in the PAS 220, the publicly available specification used along with ISO 22000 for the FSSC 22000 Certification scheme.

ISO 22000 is not a Global Food Safety Initiative (GFSI) benchmarked standard. This means that if your customer base or market is looking for a GFSI Recognized standard you should look at FSSC 22000, which is the most similar to ISO 22000 or one of the other GFSI recognized certification schemes.

what is FSSC 22000?
what is SQF?
what is GFSI?

What does iso 22000 require?

ISO 22000 requires that you build a Food Safety Management System. This means that you will have a documented system in place and fully implemented throughout your facility that includes:

Effective Prerequisite Programs in place to ensure a clean sanitary environment
A Hazard Analysis and Critical Control Plan developed to identify, prevent and eliminate food safety hazards,
Established documented food safety management system processes to manage food safety throughout your organization – from management and business planning aspects to day to day communication and
operations affecting food safety.

The ISO 22000 standard contains the specific requirements to be addressed by the Food Safety Management System. The standard requires food safety management system processes including:

Having an overall Food Safety Policy for your organization, developed by top management.
Setting objectives that will drive your companies efforts to comply with this policy.
Planning and designing a management system and documenting the system.
Maintaining records of the performance of the system.
Establishing a group of qualified individuals to make up a Food Safety Team.
Defining communication procedures to ensure effective communication with important contacts outside the company (regulatory, customers, suppliers and others) and for effective internal communication.
Having an emergency plan.

Holding management review meetings to evaluate the performance of the FSMS.
Providing adequate resources for the effective operation of the FSMS including appropriately trained and qualified personnel, sufficient infrastructure and appropriate work environment to ensure food safety.
Implementing Prerequisite Programs.

Following HACCP principles.
Establishing a traceability system for identification of product.
Establishing a corrective action system and control of nonconforming product.
Maintaining a documented procedure for handling withdrawal of product.
Controlling monitoring and measuring devices.
Establishing and maintaining and internal audit program.
Continually updating and improving the FSMS.
Read about these requirements in more detail at ISO 22000 Explained

IATF 16949

IATF 16949:2016 (replaces ISO/TS 16949:2009) is a standard that establishes the requirements for a Quality Management System (QMS), specifically for the automotive sector. The ISO/TS 16949 was originally created in 1999 to harmonize different assessment and certification schemes worldwide in the supply chain for the automotive sector.

The primary focus of the IATF 16949 standard is the development of a Quality Management System that provides for continual improvement, emphasizing defect prevention and the reduction of variation and waste in the supply chain. The standard, combined with applicable Customer-Specific Requirements (CSR’s), define the QMS requirements for automotive production, service and/or accessory parts. IATF 16949:2016 is an independent QMS standard that is fully aligned with the structure and requirements of ISO 9001:2015. Therefore, the IATF 16949 cannot be implemented alone as a stand-alone document, but must be implemented as a supplement and in conjunction with ISO 9001:2015. After October 01, 2017, audits cannot be conducted to ISO/TS 16949 and organizations must transition to the new IATF 16949 in line with their current audit cycle, according to the allowable timing requirements. Failure to conduct the audit within the allowable timing requirements requires the organization to start over with an initial certification audit. The transition audit shall be the duration of a recertification audit plus additional time for a documentation review. All supporting functions on site or at a remote location shall be included in the transition process.

A Quality Management System based on IATF 16949:

Is a method of defining how an organization can meet the requirements of its customers and other stakeholders
Promotes the idea of continual improvement
Requires organizations to define objectives and continually improve their processes in order to reach them
Emphasizes defect prevention
Includes specific requirements and core tools from the automotive industry
Advanced Product Quality Planning (APQP)
Failure Mode and Effects Analysis (FMEA)
Statistical Process Control (SPC)
Measurement Systems Analysis (MSA)
Production Part Approval Process (PPAP)
Promotes reduction of variation and waste in the supply chain
Requires documented and implemented corporate responsibility polices

The IATF 16949 standard provides guidance and tools for companies and organizations who want to ensure that their products consistently meet customer requirements and that quality and customer satisfaction are consistently improved. Requirements for certification to IATF 16949 are defined in the 2016 Revision 5 of the rules for achieving and maintaining IATF recognition.

The IATF 16949 standard is a supplemental standard and is used in conjunction with the ISO standards:

IATF 16949 – establishes the Automotive supplemental requirements of a quality management system
ISO 9001 – defines the base requirements of a quality management system
ISO 9000 – covers the basic concepts and language
ISO 9004 – focuses on how to make a quality management system more efficient and effective
ISO 19011 – provides guidance on internal (1st party) and external (2nd party) audits of quality management systems
ISO 31000 – outlines risk management principles and guidelines

IATF 16949 defines the criteria for an automotive-based QMS with the goal to become 3rd party registered. It can be used by any supplier, large or small, and should be applied throughout the automotive supply chain. In fact, there over 65,000 suppliers worldwide which are currently certified to ISO/TS 16949. All requirements of IATF 16949 are applicable unless suppliers do not provide product design related functions. Requirements are generic and are intended to be applicable to any supplier providing design and development, production and, when relevant, assembly, installation and services of automotive related products, including products with embedded software. The IATF 16949 standard is applicable to sites of the organization where manufacturing of customer-specified production parts, service parts, and/or accessory parts occur.

The standard is based on seven Quality Management Principles, including a strong customer focus, the motivation and implication of top management, the process approach and continual improvement. These Quality Management Principles are defined as follows:

Customer focus
Leadership
Engagement of people
Process approach
Improvement
Evidence-based decision making
Relationship management

Implementing IATF 16949 ensures that customers receive consistent, good quality products and services, which in turn may bring many business benefits. IATF 16949 specifies requirements for a Quality Management System when an organization wants to:

Demonstrate its ability to consistently provide products that meet customer and applicable statutory, regulatory and product safety requirements
Enhance customer satisfaction through the effective application of the system
Implement processes for improvement of the system
Define overall context, who is affected and what they expect
Clearly state objectives and identify new business opportunities
Put customers first, making sure their needs are consistently met and enhance their satisfaction
Have repeat customers, increase customer loyalty, add new clients and increase business
Expand into new markets, as some sectors and clients require IATF 16949 before doing business
Identify and address the risks associated with your organization
Work in a more efficient way to increase productivity and efficiency, bringing internal costs down
Become more socially responsible through the documentation and implementation of corporate responsibility polices

Compliance to the IATF 16949 standard can be done at any time but is typically used when:

• Customers specify this requirement as part of the contract
• Organizations want to improve their products and customer satisfaction

Organizations’ deciding to develop and implement any new or improved QMS is a strategic decision. All efforts should be focused on the identification and minimization of risk while meeting and exceeding customer and organizational goal and objective requirements.

Organizations should make a commitment to:

Recognize direct and indirect customers as those who receive value from the organization
Understand customers current and future needs and expectations
Link the organization’s objectives to customer needs and expectations
Communicate customer needs and expectations throughout the organization
Plan, design, develop, produce, deliver and support products to meet customer needs and expectations
Measure and monitor customer satisfaction and take appropriate actions
Determine and take actions on interested parties needs and expectations that can affect customer satisfaction
Actively manage relationships with customers to achieve sustained success
Become more socially responsible
Provide necessary resources to ensure product safety requirements are met

IATF 16949 Compliance can be achieved through Quality-One’s Seven Phase Approach:

1. Executive and Management Overview / Planning
2. Gap Assessment and Planning
3. Documentation
4. Implementation and Training
5. Internal Assessment and Management Review
6. 3rd Party Registration Assessment
7. Sustain and Continual Improvement

ISO 27001

What is ISO 27001?

ISO/IEC 27001:2013 (ISO 27001) is the international standard that describes best practice for an ISMS (information security management system). Achieving accredited certification to ISO 27001 demonstrates that your company is following information security best practice, and provides an independent, expert verification that information security is managed in line with international best practice and business objectives. ISO 27001 is supported by its code of practice for information security management, ISO/IEC 27002:2013.

For advice and guidance on ISO 27001 or to find out more about the solutions we offer, get in touch with one our experts today.

What is an ISMS?

An ISMS is a system of processes, documents, technology and people that helps to manage, monitor, audit and improve your organisation’s information security. It helps you manage all your security practices in one place, consistently and cost-effectively.

At the heart of an ISO 27001-compliant ISMS is business-driven risk assessments, which means you will be able to identify and treat security threats according to your organisation’s risk appetite and tolerance.

Why achieve ISO 27001 certification?

Avoid penalties and financial losses due to data breaches.
Meet increasing client demands for greater data security.
Protect and enhance your reputation.
Get an independently audited proof that your data is secure.
Meet local and global security laws, such as the NIS Directive and the GDPR.

How to implement an ISMS

Implementing an ISO 27001-compliant ISMS will include the following key elements:

Scope the project
Get board commitment and secure budget
Identify interested parties, and legal, regulatory and contractual requirements
Conduct a risk assessment
Review and implement the required controls
Develop internal competence
Develop management system documentation
Conduct staff awareness training
Measure, monitor, review and audit the ISMS
Get certified

Let’s get started on your ISO 27001 project

Having led the world’s first ISO 27001 certification project, we’ve been at the forefront of the cyber security initiative.

Let us share our expertise and support you on your journey to certification.

Browse our range of free resources and easy to use solutions to discover how we can help you achieve certification.

ISO 13485:2003

ISO 13485:2003 specifies requirements for a quality management system where an organization needs to demonstrate its ability to provide medical devices and related services that consistently meet customer requirements and regulatory requirements applicable to medical devices and related services.

The primary objective of ISO 13485:2003 is to facilitate harmonized medical device regulatory requirements for quality management systems. As a result, it includes some particular requirements for medical devices and excludes some of the requirements of ISO 9001 that are not appropriate as regulatory requirements. Because of these exclusions, organizations whose quality management systems conform to this International Standard cannot claim conformity to ISO 9001 unless their quality management systems conform to all the requirements of ISO 9001.

All requirements of ISO 13485:2003 are specific to organizations providing medical devices, regardless of the type or size of the organization.

If regulatory requirements permit exclusions of design and development controls, this can be used as a justification for their exclusion from the quality management system. These regulations can provide alternative arrangements that are to be addressed in the quality management system. It is the responsibility of the organization to ensure that claims of conformity with ISO 13485:2003 reflect exclusion of design and development controls.

If any requirement(s) in Clause 7 of ISO 13485:2003 is(are) not applicable due to the nature of the medical device(s) for which the quality management system is applied, the organization does not need to include such a requirement(s) in its quality management system.

The processes required by ISO 13485:2003, which are applicable to the medical device(s), but which are not performed by the organization, are the responsibility of the organization and are accounted for in the organization’s quality management system.

ISO 50001

Using energy efficiently helps organizations save money as well as helping to conserve resources and tackle climate change. ISO 50001 supports organizations in all sectors to use energy more efficiently, through the development of an energy management system (EnMS).

ISO 50001 is based on the management system model of continual improvement also used for other well-known standards such as ISO 9001 or ISO 14001. This makes it easier for organizations to integrate energy management into their overall efforts to improve quality and environmental management.

ISO 50001:2018 provides a framework of requirements for organizations to:

Develop a policy for more efficient use of energy
Fix targets and objectives to meet the policy
Use data to better understand and make decisions about energy use
Measure the results
Review how well the policy works, and
Continually improve energy management.

Like other ISO management system standards, certification to ISO 50001 is possible but not obligatory. Some organizations decide to implement the standard solely for the benefits it

provides. Others decide to get certified to it, to show external parties they have implemented an energy management system. ISO does not perform certification

ISO 10002

ISO 10002:2014 provides guidance on the process of complaints handling related to products within an organization, including planning, design, operation, maintenance, and improvement. The complaints-handling process described is suitable for use as one of the processes of an overall quality management system.

ISO 10002:2014 is not applicable to disputes referred for resolution outside the organization or for employment-related disputes.

It is also intended for use by organizations of all sizes and in all sectors. Annex A provides guidance specifically for small businesses.

ISO 10002:2014 addresses the following aspects of complaints handling:

enhancing customer satisfaction by creating a customer-focused environment that is open to feedback (including complaints), resolving any complaints received, and enhancing the organization’s ability to improve its product and customer service;
top management involvement and commitment through adequate acquisition and deployment of resources, including personnel training;
recognizing and addressing the needs and expectations of complainants;
providing complainants with an open, effective, and easy-to-use complaints process;
analysing and evaluating complaints in order to improve the product and customer service quality;
auditing of the complaints-handling process;
reviewing the effectiveness and efficiency of the complaints-handling process.

ISO 20001

ISO/IEC 20000-1:2011 is a service management system (SMS) standard. It specifies requirements for the service provider to plan, establish, implement, operate, monitor, review, maintain and improve an SMS. The requirements include the design, transition, delivery and improvement of services to fulfil agreed service requirements.

ISO/IEC 20000-1:2011 can be used by:

an organization seeking services from service providers and requiring assurance that their service requirements will be fulfilled;
an organization that requires a consistent approach by all its service providers, including those in a supply chain;
a service provider that intends to demonstrate its capability for the design, transition, delivery and improvement of services that fulfil service requirements;
a service provider to monitor, measure and review its service management processes and services;
a service provider to improve the design, transition, delivery and improvement of services through the effective implementation and operation of the SMS;
an assessor or auditor as the criteria for a conformity assessment of a service provider’s SMS to the requirements in ISO/IEC 20000-1:2011.