ENVIRONMENTAL MANAGEMENT SYSTEMS

ISO 14001 is the international standard that specifies requirements for an effective environmental management system (EMS). It provides a framework that an organization can follow, rather than establishing environmental performance requirements. Part of the ISO 14000 family of standards on environmental management, ISO 14001 is a voluntary standard that organizations can certify to. Integrating it with other management systems standards, most commonly ISO 9001, can further assist in accomplishing organizational goals.

The International Organization for Standardization (ISO) defines an environmental management system as “part of the management system used to manage environmental aspects, fulfill compliance obligations, and address risks and opportunities.” The framework in the ISO 14001 standard can be used within a plan-do-check-act (PDCA) approach to continuous improvement.

What topics does ISO 14001:2015 cover?

At the highest level, ISO 14001:2015 covers the following topics with regard to environmental management systems:

• Context of the organization
• Leadership
• Planning
• Support
• Operation
• Performance evaluation
• Improvement

WHAT ARE THE BENEFITS OF ISO 14001:2015?

Using ISO 14001:2015 has many benefits for organizations with environmental management systems. Organizations and companies find that using the standard helps them:

• Improve resource efficiency
• Reduce waste
• Drive down costs
• Provide assurance that environmental impact is being measured
• Gain competitive advantage in supply chain design
• Increase new business opportunities
• Meet legal obligations
• Increase stakeholder and customer trust
• Improve overall environmental impact
• Manage environmental obligations with consistency

ISO 14001 CERTIFICATION

Organizations that have already achieved ISO 14001 certification are encouraged to transition to the 2015 version. Organizations will have a three-year transition period to update their environmental management systems to the new standard.

To get started with ISO 14001:2015:

• Review existing quality management system requirements (ISO 9001:2015)
• Purchase ISO 14001:2015
• Get ISO 14001 training
• Certify to ISO 14001

Occupational health and safety management systems

ISO 45001:2018 specifies requirements for an occupational health and safety (OH&S) management system, and gives guidance for its use, to enable organizations to provide safe and healthy workplaces by preventing work-related injury and ill health, as well as by proactively improving its OH&S performance. ISO 45001:2018 is applicable to any organization that wishes to establish, implement and maintain an OH&S management system to improve occupational health and safety, eliminate hazards and minimize OH&S risks (including system deficiencies), take advantage of OH&S opportunities, and address OH&S management system nonconformities associated with its activities. ISO 45001:2018 helps an organization to achieve the intended outcomes of its OH&S management system. Consistent with the organization's OH&S policy, the intended outcomes of an OH&S management system include:

a) continual improvement of OH&S performance;

b) fulfilment of legal requirements and other requirements;

c) achievement of OH&S objectives.

ISO 45001:2018 is applicable to any organization regardless of its size, type and activities. It is applicable to the OH&S risks under the organization's control, taking into account factors such as the context in which the organization operates and the needs and expectations of its workers and other interested parties. ISO 45001:2018 does not state specific criteria for OH&S performance, nor is it prescriptive about the design of an OH&S management system. ISO 45001:2018 enables an organization, through its OH&S management system, to integrate other aspects of health and safety, such as worker wellness/wellbeing. ISO 45001:2018 does not address issues such as product safety, property damage or environmental impacts, beyond the risks to workers and other relevant interested parties. ISO 45001:2018 can be used in whole or in part to systematically improve occupational health and safety management. However, claims of conformity to this document are not acceptable unless all its requirements are incorporated into an organization's OH&S management system and fulfilled without exclusion.

What are the benefits of ISO 45001?

An ISO 45001 based OH&S management system will enable an organisation to improve its OH&S performance by:

• Developing and implementing an OH&S policy and OH&S objectives

• Establishing systematic processes which consider its “context” and which take into account its risks and opportunities, and its legal and other requirements

• Determining the hazards and OH&S risks associated with its activities; seeking to eliminate them, or putting in controls to minimize their potential effects
• Establishing operational controls to manage its OH&S risks and its legal and other requirements

• Increasing awareness of its OH&S risks

• Evaluating its OH&S performance and seeking to improve it, through taking appropriate actions

• Ensuring workers take an active role in OH&S matters In combination, these measures will ensure that an organisation’s reputation as a safe place to work will be promoted, and can have more direct benefits, such as:
• Improving its ability to respond to regulatory compliance issues
• Reducing the overall costs of incidents
• Reducing downtime and the costs of disruption to operations
• Reducing the cost of insurance premiums
• Reducing absenteeism and employee turnover rates
• Recognition for having achieved an international benchmark

What topics does ISO 45001:2018 cover?

• Scope
• Nominated Reference
• Terms and Definitions
• Context of the Organization
• Leadership and Worker Participation
• Planning
• Support
• Operation
• Performance Evaluation
• Improvement

ISO 45001 CERTIFICATION

Certification Review & Decision includes; granting, refusing, maintaining, renewing, suspending, restoring or withdrawing certification or expanding or reducing the scope of the certification. Once ISO 45001 is released Certification will last for three years and is subject to mandatory audits every year to ensure that you are compliant. At the end of the three years, you will be requested to complete a reassessment audit in order to become recertified to the standard.

Food safety management systems — Requirements for any organization in the food chain

ISO 22000 is the international standard that specifies requirements for a food safety management system (FSMS). ISO 22000 Food Safety Management System is a process control system designed to identify and prevent physical, microbial and chemical hazards in food production and entire food chain. ISO 22000 uses the principles of HACCP system for Food Safety.

The benefits of ISO 22000:2018

Each one’s life quality will be benefited from the rules and regulations of ISO 22000 by the following provisions.

• Enhanced utilization of resources in the world level
• Improved profits in companies
• Greater quality jobs in the food industry
• Improved economic growth
• Safer food insurance
• Reduced rates in food borne disease
• Effective documentation of techniques, procedures and methods
• A potential harmonization of national food standards is provided
• This is an effective international standard
• For regulators, it is the most appropriate system

What topics does ISO 22000:2018 cover

• Scope
• Nominated Reference
• Terms and Definitions
• Context of the Organization
• Leadership and Worker Participation
• Planning
• Support
• Operation
• Performance Evaluation
• Improvement

ISO 22000 CERTIFICATION

The certification process shall contain the following key points

• Application and Contract review
• Initial Audit Certification: Audit Stage 1 & 2
• Decision of certification
• Surveillance audit
• Renewal audit
• Suspending, withdrawing, extending, and or decreasing the scope of certification

Information Security Management System

SO 27001 is the international standard that specifies requirements for a information security management system (ISMS). An Information Security Management System provides a systematic and pro-active approach to effectively managing risks to the security of your company’s confidential information. An ISO 27001 certification is applicable to any business of any size across the world.

The benefits of ISO 27001:2013

• Increased reliability and security of systems and information
• Improved customer and business partner confidence
• Increased business resilience
• Alignment with customer requirements
• Improved management processes and integration with corporate risk strategies

What topics does ISO 27001:2013 Cover ?

ISO 27001 uses a topdown, risk-based approach and is technology-neutral. The specification defines a six-part planning process:

• Define a security policy.
• Define the scope of the ISMS.
• Conduct a risk assessment.
• Manage identified risks.
• Select control objectives and controls to be implemented.
• Prepare a statement of applicability.

The specification includes details for documentation, management responsibility, internal audits, continual improvement, and corrective and preventive action. The standard requires cooperation among all sections of an organisation.

ISO 27001:2013 CERTIFICATION

When you are satisfied that your documentation and processes are in place, you are then ready for your first audit. The auditor will review your documentation and make sure that procedures are being followed throughout the organisation.

If there are any areas that need to be rectified, these will have to be done before your ISO 27001 certificate is issued.

Risk Management

ISO 31001 is an international standard published in 2009 that provides principles and guidelines for effective risk management. It outlines a generic approach to risk management, which can be applied to different types of risks (financial, safety, project risks) and used by any type of organization. The standard provides a uniform vocabulary and concepts for discussing risk management. It provides guidelines and principles that can help to undertake a critical review of your organization’s risk management process.

• it provides a new definition of risk as the effect of uncertainty on the possibility of achieving the organization’s objectives, highlighting the importance of defining objectives before attempting to control risks, and emphasizing the role of uncertainty
• it introduces the (sometimes controversial) notion of risk appetite, or the level of risk which the organization accepts to take on in return for expected value
• it defines a risk management framework with different organizational procedures, roles and responsibilities in the management of risks
• it outlines a management philosophy where risk management is seen as an integral part of strategic decision-making and the management of change

The benefits of ISO 31001:2018

• Help to set successful strategy and governance
• Help to foster a good culture
• Help achieve good (risk-informed) decision-making
• Assist new innovation and technological change
• Ensure there is an appropriate level of organisational resilience
• Help operations and projects to achieve successful outcomes

What topics does ISO 31001 Cover ?

The risk management process outlined in the ISO 31000 standard includes the following activities:

• Risk identification:identifying what could prevent us from achieving our objectives.
• Risk analysis:understanding the sources and causes of the identified risks; studying probabilities and consequences given the existing controls, to identify the level of residual risk.
• Risk evaluation:comparing risk analysis results with risk criteria to determine whether the residual risk is tolerable.
• Risk treatment: changing the magnitude and likelihood of consequences, both positive and negative, to achieve a net increase in benefit.
• Establishing the context:this activity, which was not included in earlier risk management process descriptions, consists of defining the scope for the risk management process, defining the organization’s objectives, and establishing the risk evaluation criteria. The context comprises both external elements (regulatory environment, market conditions, stakeholder expectations) and internal elements (the organization’s governance, culture, standards and rules, capabilities, existing contracts, worker expectations, information systems, etc.).
• Monitoring and review: this task consists of measuring risk management performance against indicators, which are periodically reviewed for appropriateness. It involves checking for deviations from the risk management plan, checking whether the risk management framework, policy and plan are still appropriate, given organizations’ external and internal context, reporting on risk, progress with the risk management plan and how well the risk management policy is being followed, and reviewing the effectiveness of the risk management framework.
• Communication and consultation. This task helps understand stakeholders’ interests and concerns, to check that the risk management process is focusing on the right elements, and also helps explain the rationale for decisions and for particular risk treatment options.

What topics does ISO 31001:2018 Cover

• Scope
• Normative references
• Terms and definitions
• Principles
• Framework
• Process

 ISO 31001:2018 CERTIFICATION

The certification process shall contain the following key points

• Application and Contract review
• Initial Audit Certification: Audit Stage 1 & 2
• Decision of certification
• Surveillance audit
• Renewal audit
• Suspending, withdrawing, extending, and or decreasing the scope of certification

Energy Management System

As an international standard, ISO 50001 specifies the requirements for organizations to develop, implement, and improve Energy Management Systems. This allows organizations to follow a specific framework that helps them achieve continual improvement in energy performance, efficiency, usage, and consumption. This framework specifies the measurements, documents, and reports, which enable organizations to monitor the progress of their processes and employees towards energy performance. ISO 50001 requires organizations to establish new policies for an efficient use of energy, to set aims and objectives to meet those policies and review their impacts; genuinely attempting to achieve continuous improvements of energy management

The benefits of ISO 50001:2018

By becoming ISO 50001 certified, you will be able to:

• Increase energy efficiency
• Contribute to cost reduction
• Gain competitive advantage
• Increase effectiveness
• Promote best energy practices
• Improve energy performance
• Help the organization to improve its reputation
• Assist the organization in energy management
• Contribute to the organization’s continuous improvement

What topics does ISO 50001:2018 Cover

The structure incorporates the following contents and format.

Introduction

1. Scope

2. Normative references

3. Terms and definition

4. Context of the organisation

4.1 Understanding the organisation and its context

4.2 Understanding the needs and expectations of interested parties

4.3 Determining the scope of the energy management system

4.4 Energy management system

5. Leadership

5.1 Leadership and commitment

5.2 Energy policy

5.3 Organisation roles, responsibilities and authorities

6. Planning

6.1 Actions to address risks and opportunities

6.2 Objectives, energy targets and planning to achieve them

6.3 Energy review

6.4 Energy performance indicators

6.5 Energy baseline

6.6 Planning for collection of energy data

7. Support

7.1 Resources

7.2 Competence

7.3 Awareness

7.4 Communication

7.5 Documented information

7.5.1 General

7.5.2 Creating and updating

7.5.3 Control of documented information

8. Operation

8.1 Operational planning and control

8.2 Design

8.3 Procurement

9. Performance evaluation

9.1 Monitoring, measurement, analysis and evaluation

9.2 Internal audit

9.3 Management review

10. Improvement

10.1 Nonconformity and corrective action

10.2 Continual improvement

ISO 50001:2018 CERTIFICATION

Certification proves that the energy management system meets the requirements of ISO 50001. This gives customers, stakeholders, employees and management more confidence that the organization is saving energy. It also helps to ensure that the energy management system is working throughout the organization. Another advantage of a certification is its emphasis on continual improvement. The organization will continue to get better at managing its energy. Additional cost savings can be generated over several years. Furthermore, certifying an organization shows your public commitment to energy management.

Petroleum, petrochemical and natural gas industries — Sector-specific quality management systems — Requirements for product and service supply organizations

The international standard ISO 29001 is designed to enable a high level of development and performance of quality management systems in the organization related to the oil and gas industry, including suppliers of products and services for petroleum, petrochemical and natural gas industries organizations. Implementation of quality management system according to the ISO 29001 and the corresponding certification will demonstrate to the interested parties (customers, partners, investors, public organizations, etc.) the availability of an effective tool to ensure the release of quality products and the provision of services at a high level.

The benefits of ISO 29001:2020

• Follow the international practice of oil and gas enterprises.
• Improve competitiveness of the organization in national and world markets.
• Confirm quality of products and services and professionalism of a company.
• Improve image of the organization.
• Demonstrate company’s competitive advantages to the partners, investors and customers.
• Opportunity to participate in state, municipal, commercial tenders’ procedures on better terms.
• Receive orders from foreign companies.
• Additional leverage for banks and insurance companies for better terms of lending and insurance.

What topics does ISO 29001:2020 Cover

• Scope
• Normative references
• Terms and definitions
• Context of the organization
• Leadership 6. Planning
• Support
• Operation
• Performance evaluation
• Improvement

ISO 29001:2020 CERTIFICATION

Certification to ISO 29001 demonstrates to potential customers your organisation’s ability to meet their requirements and needs. This results in: Enhanced customer confidence and satisfaction, which in turn can lead to increased business. A significant competitive advantage because more and more companies require management system certification from suppliers and sub-contractors in order to conduct business with them. To be certified, you need to implement an effective management system complying with the requirements of the standard.

Supply Chain Safety Management Systems

This standard is named as Supply Chain Security Management Systems and security issues or other events that are rised in supply chain may affect organizations negatively. Supply Chain Security Management System defines requirements and designs management model in order for organizations who are willing to implement this system. It intends to manage risk efficiently by integrating management systems such as ISO 9001, ISO 14001, ISO 22000, ISO 27001 etc with Supply Chain Security Management System.

ISO 28000:2007 is applicable to all sizes of organizations, from small to multinational, in manufacturing, service, storage or transportation at any stage of the production or supply chain that wishes to establish, implement, maintain and improve a security management system. ISO 28000 is the formal international security standard against which organizations may seek independent certification of their supply chain security management system. It specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Supply Chain Security Management System (SCSMS), using a continual improvement approach. The ISO 28000 standard is formally known as "Specifications for Security Management Systems in the Supply Chain". ISO 28000:2007 is a management system standard which has been developed specifically for logistics companies and organisations that manage supply chain operations. For organisations working within, or relying on, the logistics industry, certification to the ISO 28000:2007 supply chain management standard provides a valuable framework. It will help minimise the risk of security incidents and so help provide problem-free 'just in time' delivery of goods and supplies.

The benefits of ISO 28001:2007

• Integrated enterprise resilience
• Improved partner, customer and stakeholder confidence
• Increased credibility and trust
• Organizational and trading partner assurance
• Competitive advantage and market differentiation
• Improved supply chain performance
• Greater compliance processes
• Reduced regulation costs
• Systematized management practices
• Enhanced credibility and brand recognition

What topics does ISO 28001:2007 Cover?

• Scope
• Normative references
• Terms and definitions
• Field of application
• Statement of application
• Business partners
• Internationally accepted certificates or approvals
• Business partners exempt from security declaration requirement
• Security reviews of business partners
• Supply chain security process
• Identification of the scope of security assessment
• Conduction of the security assessment
• Development of the supply chain security plan
• Execution of the security plan
• Documentation and monitoring of the security process
• Continual improvement
• Methodology for security risk assessment and development of countermeasures
• Step one – Consideration of the security threat scenarios
• Step two – Classification of consequences
• Step three – Classification of likelihood of security incidents
• Step four – Security incident scoring
• Step five – Development of countermeasures
• Step six – Implementation of countermeasures
• Step seven – Evaluation of countermeasures
• Step eight – Repetition of the process
• Continuation of the process
• Guidance for obtaining advice and certification
• Demonstrating conformance with ISO 28001 by audit
• Certification of ISO 28001 by third party certification bodies
• Bibliography

ISO 28001:2007 CERTIFICATION

The certification process shall contain the following key points

• Application and Contract review
• Initial Audit Certification: Audit Stage 1 & 2
• Decision of certification
• Surveillance audit
• Renewal audit

Information technology — Service management

Service management systems (SMS, ITSM) supports management of the service life cycle, from planning to delivery and improvement, offering more favorable conditions for both customers and service providers. It gives transparency and allows to constantly improve efficiency and effectiveness.

Developed by ISO and International Electrotechnical Commission (IEC) the leading standard of ISO/IEC 20000 series of standards helps organizations implement a service life cycle strategy by providing best practices for managing their service portfolio to ensure that they remain current.

The ISO/IEC 20000 series of standards is the only one available to measure compliance, support of the certification and assure customers that their services are effectively managed.

The ISO/IEC 20000 series of standards can be useful to everyone who provides services to customers, whether it is an entire company or a separate department, by improving their service and ensuring that service management activities are aligned with business needs and objectives.

According to a Forbes report, IT Service Management is very important for most executives. The lack of an approach to service management harms competitiveness, because a large amount of time and money is spent on ongoing maintenance and management, rather than on new initiatives.

The benefits of ISO 20000-1:2018

One of the major benefits of adopting the ISO 20000-1 standard is that it allows organisations to demonstrate its commitment to service delivery and customer satisfaction by meeting and ultimately exceeding the industry’s requirements. Additionally, the benefits of implementing ISO 20000-1 include:

• Improved supplier-based relationships
• The easy alignment and integration of ISO 20000-1:2018 with business strategies.
• Global recognition by complying with the standard and staying ahead of the competition.
• An increase in credibility which leads to customer confidence.
• A decrease in incidents and outages.
• A reduction in costs.
• Proactive service management and ongoing organisational improvement.

What topics does ISO 20000-1:2018 Cover

• Scope
• Normative references
• Terms and definitions
• Context of the organization
• Leadership
• Planning
• Support of the Service Management System
• Operation of the Service Management System
• Performance Evaluation
• Improvement

ISO 20000-1:2018 CERTIFICATION

The certification process shall contain the following key points

• Application and Contract review
• Initial Audit Certification: Audit Stage 1 & 2
• Decision of certification
• Surveillance audit
• Renewal audit