ISO STANDARDS

ISO 9001:2015

ISO 9001:2015 is a comprehensive quality management standard designed to align with current industry trends and integrate smoothly with other management systems, such as ISO 14001. It offers a structured framework that benefits organizations of all sizes and industries.

By implementing ISO 9001:2015, organizations can:

1. Streamline processes and enhance efficiency.
2. Foster a culture of continual improvement.
3. Establish a robust quality management system (QMS) that meets international standards.
4. Achieve customer satisfaction by consistently delivering products and services that meet their requirements.
5. Engage employees and management in quality-related activities.
6. Ensure compliance with statutory and regulatory requirements.

The standard follows a plan-do-check-act methodology and emphasizes a process-oriented approach to quality management. Key sections cover:

1. Requirements for establishing a QMS, including documentation and process interactions.
2. Management responsibilities, including resource management and creating a conducive work environment.
3. Product realization, encompassing design, delivery, measurement, analysis, and improvement processes.
4. Continuous monitoring, auditing, and corrective actions to maintain and enhance the QMS.

ISO 9001:2015 is applicable to any organization seeking to demonstrate its ability to consistently deliver quality products and services while prioritizing customer satisfaction. Its requirements are generic and adaptable to organizations of any type, size, or industry, making it a versatile tool for improving operational excellence and competitiveness.

ISO 14001:2015

The recently updated version of ISO 14001:2015 has been released to ensure its relevance in today’s marketplace. It addresses current trends, including the growing recognition among companies of the importance of considering both internal and external factors that impact their environmental footprint, especially in light of climate volatility.

Some key enhancements in the latest version include:

1. Increased leadership commitment.
2. Alignment with strategic goals.
3. Stronger emphasis on proactive environmental initiatives for greater environmental protection.
4. Improved communication strategies.
5. Adoption of life-cycle thinking, considering all stages of a product or service from development to disposal.

ISO 14001:2015 is instrumental in helping organizations achieve their environmental management system goals, providing benefits for the environment, the organization itself, and stakeholders. These goals include:

1. Enhancing environmental performance.
2. Meeting compliance obligations.
3. Achieving environmental objectives.

Organizations can utilize ISO 14001:2015 to systematically enhance their environmental management. However, it’s important to note that claims of conformity to ISO 14001:2015 are valid only when all its requirements are fully integrated into the organization’s environmental management system without any exclusions.

ISO 14001:2015 outlines the requirements for establishing an effective environmental management system to improve environmental performance.

This standard is designed for any organization aiming to manage its environmental responsibilities systematically, contributing to the environmental aspect of sustainability.

ISO 14001:2015 is applicable to organizations of all sizes and types, addressing the environmental aspects of their activities, products, and services as determined by the organization.

OHSAS 18001

OHSAS 18001 is the globally recognized Occupational Health and Safety Management System standard. While applicable to companies of all sizes, it holds particular relevance for those with extensive workforces, manual labor, or high-risk work environments. Prioritizing employee health and safety demonstrates a commitment to safeguarding both personnel and the surrounding environment.

Implementing a systematic and efficient OHSAS management system yields numerous benefits:

1. Decreased personnel injuries by identifying and mitigating workplace hazards.
2. Lowered risk of major accidents.
3. Cultivation of a skilled and motivated workforce by meeting employees’ safety expectations.
4. Reduction of material losses due to accidents and production interruptions.
5. Reduction of insurance and absenteeism costs.
6. Potential for integration with quality and environmental management systems.
7. Compliance with relevant legislation.
8. Enhancement of public image through a strong commitment to occupational health and safety.

OHSAS 18001 aligns seamlessly with ISO 9001 and ISO 14001, facilitating easy integration. Central to OHSAS 18001 are legislative compliance and a culture of continual improvement.

Key elements of OHSAS 18001 include:

1. Establishment of policy and commitment.
2. Identification of hazards, risk assessment, and implementation of controls.
3. Compliance with legal requirements.
4. Setting objectives and implementing programs.
5. Organizational structure and personnel responsibilities.
6. Training, communication, and consultation practices.
7. Documentation and record-keeping.
8. Operational controls.
9. Emergency preparedness.
10. Measurement and monitoring of performance.
11. Investigation of accidents and incidents, and implementation of corrective and preventive actions.
12. Conducting audits and reviews.

By adhering to OHSAS 18001 standards, organizations not only prioritize employee well-being but also enhance operational efficiency and reputation.

ISO 22000 FOOD SAFETY CERTIFICATION

ISO 22000 is a Food Safety Management System applicable across the entire food chain, ensuring safety from farm to fork. Certification to ISO 22000 demonstrates to customers that a company has robust food safety measures in place, fostering trust in their products. With increasing consumer demand for safe food, ISO 22000 certification is crucial for both customer confidence and supplier requirements.

Developed by the International Organization for Standardization (ISO), ISO 22000 integrates the Quality Management System approach with food safety principles, including HACCP and Good Manufacturing Practices (addressed through Prerequisite Programs). Unlike other Food Safety Management Systems, ISO 22000 offers flexibility as it doesn’t mandate specific prerequisite programs, allowing organizations to tailor their approach.

ISO 22000 requires the implementation of effective Prerequisite Programs and a Hazard Analysis and Critical Control Plan to identify and manage food safety hazards. It mandates the establishment of a documented Food Safety Management System, covering various aspects from policy development to operational procedures.

Key requirements of ISO 22000 include:

1. Development of a Food Safety Policy by top management.
2. Setting objectives aligned with the policy.
3. Planning, designing, and documenting the management system.
4. Establishing communication procedures internally and externally.
5. Creating an emergency plan.
6. Conducting management review meetings.
7. Providing adequate resources and training for personnel.
8. Implementing Prerequisite Programs and HACCP principles.
9. Establishing a traceability system.
10. Implementing corrective action and control of nonconforming products.
11. Maintaining documentation for product withdrawal.
12. Controlling monitoring and measuring devices.
13. Implementing an internal audit program.
14. Continual improvement of the Food Safety Management System.

ISO 22000 is a comprehensive standard designed to ensure food safety and promote continuous improvement. For detailed insights into its requirements, refer to ISO 22000 Explained.

IATF 16949

IATF 16949:2016, the successor of ISO/TS 16949:2009, is a Quality Management System (QMS) standard specifically tailored for the automotive industry. Its core focus lies in fostering continual improvement, defect prevention, and waste reduction throughout the automotive supply chain. This standard is aligned with ISO 9001:2015 and cannot stand alone; it must be implemented alongside ISO 9001:2015.

Key Features of IATF 16949:

1. Quality Management System (QMS) Development: IATF 16949 aids in defining how organizations can meet customer and stakeholder requirements, promoting continual improvement and defect prevention.

2. Emphasis on Core Tools: It integrates specific automotive industry tools such as Advanced Product Quality Planning (APQP), Failure Mode and Effects Analysis (FMEA), Statistical Process Control (SPC), Measurement Systems Analysis (MSA), and Production Part Approval Process (PPAP).

3. Reduction of Variation and Waste: The standard promotes the reduction of variation and waste in the automotive supply chain, ensuring consistency and efficiency.

4. Compliance Requirements: IATF 16949 mandates adherence to Customer-Specific Requirements (CSR’s) in addition to its own criteria, ensuring alignment with customer expectations.

5. Customer Focus: It emphasizes a strong customer focus, ensuring that products consistently meet customer requirements and enhance customer satisfaction.

Benefits of IATF 16949 Compliance:

1. Enhanced Customer Satisfaction: By consistently meeting customer requirements, organizations can enhance customer satisfaction and loyalty.

2. Increased Efficiency: Implementing IATF 16949 fosters a culture of continual improvement, leading to increased productivity and efficiency.

3. Access to New Markets: Compliance with IATF 16949 may open doors to new markets, as some sectors and clients require this standard before engaging in business.

4. Risk Management: The standard helps identify and address risks associated with organizational processes, enhancing overall risk management practices.

5. Social Responsibility: Compliance with IATF 16949 demonstrates an organization’s commitment to corporate responsibility, including product safety and customer satisfaction.

Quality-One’s Seven Phase Approach to IATF 16949 Compliance:

1. Executive and Management Overview/Planning
2. Gap Assessment and Planning
3. Documentation
4. Implementation and Training
5. Internal Assessment and Management Review
6. 3rd Party Registration Assessment
7. Sustain and Continual Improvement

Organizations can achieve IATF 16949 compliance through a strategic and systematic approach, ensuring alignment with customer expectations and organizational objectives while fostering continual improvement and customer satisfaction.

ISO 27001

What is ISO 27001?

ISO/IEC 27001:2013 (ISO 27001) is the international standard that describes best practice for an ISMS (information security management system). Achieving accredited certification to ISO 27001 demonstrates that your company is following information security best practice, and provides an independent, expert verification that information security is managed in line with international best practice and business objectives. ISO 27001 is supported by its code of practice for information security management, ISO/IEC 27002:2013.

For advice and guidance on ISO 27001 or to find out more about the solutions we offer, get in touch with one our experts today.

What is an ISMS?

An ISMS is a system of processes, documents, technology and people that helps to manage, monitor, audit and improve your organisation’s information security. It helps you manage all your security practices in one place, consistently and cost-effectively.

At the heart of an ISO 27001-compliant ISMS is business-driven risk assessments, which means you will be able to identify and treat security threats according to your organisation’s risk appetite and tolerance.

Why achieve ISO 27001 certification?

Avoid penalties and financial losses due to data breaches.
Meet increasing client demands for greater data security.
Protect and enhance your reputation.
Get an independently audited proof that your data is secure.
Meet local and global security laws, such as the NIS Directive and the GDPR.

How to implement an ISMS

Implementing an ISO 27001-compliant ISMS will include the following key elements:

Scope the project
Get board commitment and secure budget
Identify interested parties, and legal, regulatory and contractual requirements
Conduct a risk assessment
Review and implement the required controls
Develop internal competence
Develop management system documentation
Conduct staff awareness training
Measure, monitor, review and audit the ISMS
Get certified

Let’s get started on your ISO 27001 project

Having led the world’s first ISO 27001 certification project, we’ve been at the forefront of the cyber security initiative.

Let us share our expertise and support you on your journey to certification.

Browse our range of free resources and easy to use solutions to discover how we can help you achieve certification.

ISO 13485:2003

ISO 13485:2003 specifies requirements for a quality management system where an organization needs to demonstrate its ability to provide medical devices and related services that consistently meet customer requirements and regulatory requirements applicable to medical devices and related services.

The primary objective of ISO 13485:2003 is to facilitate harmonized medical device regulatory requirements for quality management systems. As a result, it includes some particular requirements for medical devices and excludes some of the requirements of ISO 9001 that are not appropriate as regulatory requirements. Because of these exclusions, organizations whose quality management systems conform to this International Standard cannot claim conformity to ISO 9001 unless their quality management systems conform to all the requirements of ISO 9001.

All requirements of ISO 13485:2003 are specific to organizations providing medical devices, regardless of the type or size of the organization.

If regulatory requirements permit exclusions of design and development controls, this can be used as a justification for their exclusion from the quality management system. These regulations can provide alternative arrangements that are to be addressed in the quality management system. It is the responsibility of the organization to ensure that claims of conformity with ISO 13485:2003 reflect exclusion of design and development controls.

If any requirement(s) in Clause 7 of ISO 13485:2003 is(are) not applicable due to the nature of the medical device(s) for which the quality management system is applied, the organization does not need to include such a requirement(s) in its quality management system.

The processes required by ISO 13485:2003, which are applicable to the medical device(s), but which are not performed by the organization, are the responsibility of the organization and are accounted for in the organization’s quality management system.

ISO 50001

Using energy efficiently helps organizations save money as well as helping to conserve resources and tackle climate change. ISO 50001 supports organizations in all sectors to use energy more efficiently, through the development of an energy management system (EnMS).

ISO 50001 is based on the management system model of continual improvement also used for other well-known standards such as ISO 9001 or ISO 14001. This makes it easier for organizations to integrate energy management into their overall efforts to improve quality and environmental management.

ISO 50001:2018 provides a framework of requirements for organizations to:

Develop a policy for more efficient use of energy
Fix targets and objectives to meet the policy
Use data to better understand and make decisions about energy use
Measure the results
Review how well the policy works, and
Continually improve energy management.

Like other ISO management system standards, certification to ISO 50001 is possible but not obligatory. Some organizations decide to implement the standard solely for the benefits it

provides. Others decide to get certified to it, to show external parties they have implemented an energy management system. ISO does not perform certification

ISO 10002

ISO 10002:2014 provides guidance on the process of complaints handling related to products within an organization, including planning, design, operation, maintenance, and improvement. The complaints-handling process described is suitable for use as one of the processes of an overall quality management system.

ISO 10002:2014 is not applicable to disputes referred for resolution outside the organization or for employment-related disputes.

It is also intended for use by organizations of all sizes and in all sectors. Annex A provides guidance specifically for small businesses.

ISO 10002:2014 addresses the following aspects of complaints handling:

enhancing customer satisfaction by creating a customer-focused environment that is open to feedback (including complaints), resolving any complaints received, and enhancing the organization’s ability to improve its product and customer service;
top management involvement and commitment through adequate acquisition and deployment of resources, including personnel training;
recognizing and addressing the needs and expectations of complainants;
providing complainants with an open, effective, and easy-to-use complaints process;
analysing and evaluating complaints in order to improve the product and customer service quality;
auditing of the complaints-handling process;
reviewing the effectiveness and efficiency of the complaints-handling process.

ISO 20001

ISO/IEC 20000-1:2011 is a service management system (SMS) standard. It specifies requirements for the service provider to plan, establish, implement, operate, monitor, review, maintain and improve an SMS. The requirements include the design, transition, delivery and improvement of services to fulfil agreed service requirements.

ISO/IEC 20000-1:2011 can be used by:

an organization seeking services from service providers and requiring assurance that their service requirements will be fulfilled;
an organization that requires a consistent approach by all its service providers, including those in a supply chain;
a service provider that intends to demonstrate its capability for the design, transition, delivery and improvement of services that fulfil service requirements;
a service provider to monitor, measure and review its service management processes and services;
a service provider to improve the design, transition, delivery and improvement of services through the effective implementation and operation of the SMS;
an assessor or auditor as the criteria for a conformity assessment of a service provider’s SMS to the requirements in ISO/IEC 20000-1:2011.