ISO (International Organization for Standardization) is the world’s largest developer and publisher of International Standards. ISO is a network of the national standards institutes of 159 countries, one member per country, with a Central Secretariat in Geneva, Switzerland, that coordinates the system. ISO is a non-governmental organization that forms a bridge between the public and private sectors. On the one hand, many of its member institutes are part of the governmental structure of their countries, or are mandated by their government. On the other hand, other members have their roots uniquely in the private sector, having been set up by national partnerships of industry associations. Therefore, ISO enables a consensus to be reached on solutions that meet both the requirements of business and the broader needs of society.
ISO 9001:2008 specifies requirements for a quality management system where an organization
- needs to demonstrate its ability to consistently provide product that meets customer and applicable statutory and regulatory requirements, and
- aims to enhance customer satisfaction through the effective application of the system, including processes for continual improvement of the system and the assurance of conformity to customer and applicable statutory and regulatory requirements.
All requirements of ISO 9001:2008 are generic and are intended to be applicable to all organizations, regardless of type, size and product provided.
ISO 14001:2004 specifies requirements for an environmental management system to enable an organization to develop and implement a policy and objectives which take into account legal requirements and other requirements to which the organization subscribes, and information about significant environmental aspects. It applies to those environmental aspects that the organization identifies as those which it can control and those which it can influence. It does not itself state specific environmental performance criteria.
ISO 14001:2004 is applicable to any organization that wishes to establish, implement, maintain and improve an environmental management system, to assure itself of conformity with its stated environmental policy, and to demonstrate conformity with ISO 14001:2004 by
a) making a self-determination and self-declaration, or
b) seeking confirmation of its conformance by parties having an interest in the organization, such as customers, or
c) seeking confirmation of its self-declaration by a party external to the organization, or
d) seeking certification/registration of its environmental management system by an external organization.
All the requirements in ISO 14001:2004 are intended to be incorporated into any environmental management system. The extent of the application will depend on factors such as the environmental policy of the organization, the nature of its activities, products and services and the location where and the conditions in which it functions.
Many organizations are implementing an Occupational Health and Safety Management System (OHSMS) as part of their risk management strategy to address changing legislation and protect their workforce.
An OHSMS promotes a safe and healthy working environment by providing a framework that allows your organization to consistently identify and control its health and safety risks, reduce the potential for accidents, aid legislative compliance and improve overall performance.
OHSAS 18001 is the internationally recognized assessment specification for occupational health and safety management systems. It was developed by a selection of leading trade bodies, international standards and certification bodies to address a gap where no third-party certifiable international standard exists.
OHSAS 18001 has been designed to be compatible with ISO 9001 and ISO 14001, to help your organization meet their health and safety obligations in an efficient manner.
The following key areas are addressed by OHSAS 18001:
- Planning for hazard identification, risk assessment and risk control
- OHSAS management programme
- Structure and responsibility
- Training, awareness and competence
- Consultation and communication
- Operational control
- Emergency preparedness and response
- Performance measuring, monitoring and improvement
OHSAS 18001 can be adopted by any organization wishing to implement a formal procedure to reduce the risks associated with health and safety in the working environment for employees, customers and the general public.
ISO/IEC 27001:2005 covers all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations). ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization’s overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof.
ISO/IEC 27001:2005 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties.
ISO/IEC 27001:2005 is intended to be suitable for several different types of use, including the following:
- use within organizations to formulate security requirements and objectives;
- use within organizations as a way to ensure that security risks are cost effectively managed;
- use within organizations to ensure compliance with laws and regulations;
- use within an organization as a process framework for the implementation and management of controls to ensure that the specific security objectives of an organization are met;
- definition of new information security management processes;
- identification and clarification of existing information security management processes;
- use by the management of organizations to determine the status of information security management activities;
- use by the internal and external auditors of organizations to determine the degree of compliance with the policies, directives and standards adopted by an organization;
- use by organizations to provide relevant information about information security policies, directives, standards and procedures to trading partners and other organizations with whom they interact for operational or commercial reasons;
- implementation of business-enabling information security;
- use by organizations to provide relevant information about information security to customers.
ISO/IEC 17025:2005 specifies the general requirements for the competence to carry out tests and/or calibrations, including sampling. It covers testing and calibration performed using standard methods, non-standard methods, and laboratory-developed methods.
It is applicable to all organizations performing tests and/or calibrations. These include, for example, first-, second- and third-party laboratories, and laboratories where testing and/or calibration forms part of inspection and product certification.
ISO/IEC 17025:2005 is applicable to all laboratories regardless of the number of personnel or the extent of the scope of testing and/or calibration activities. When a laboratory does not undertake one or more of the activities covered by ISO/IEC 17025:2005, such as sampling and the design/development of new methods, the requirements of those clauses do not apply.
ISO/IEC 17025:2005 is for use by laboratories in developing their management system for quality, administrative and technical operations. Laboratory customers, regulatory authorities and accreditation bodies may also use it in confirming or recognizing the competence of laboratories. ISO/IEC 17025:2005 is not intended to be used as the basis for certification of laboratories.
Benefits of Certification
ISO management system standards put state-of-the-art practices within the reach of all organization.
In a very small organization, there may be no “system”, just “our way of doing things”, and “our way” is probably not written down, but all in the head of the manager or owner.
The larger the organization, and the more people involved, the more the likelihood that there are written procedures, instructions, forms or records. These help ensure that everyone is not just “doing his or her own thing”, and that the organization goes about its business in an orderly and structured way. This means that time, money and other resources are utilized efficiently.
To be really efficient and effective, the organization can manage its way of doing things by systemizing it. This ensures that nothing important is left out and that everyone is clear about who is responsible for doing what, when, how, why and where.
Large organizations, or ones with complicated processes, could not function well without management systems. Companies in such fields as aerospace, automobiles, defence, or health care devices have been operating management systems for years.
ISO’s management system standards make this good management practice available to organizations of all sizes, in all sectors, everywhere in the world.
How Scheema can support companies towards ISO Certification
Scheema is not a Certifying Body, but acts as consultant to prepare systems and guide management with preparing the company for certification by a Third Party.