Archive for the ‘Article’ Category

ISO 9001 and 14001 Certification Audits

Saturday, January 13th, 2018

A notice from the International Accreditation Forum (IAF) that an official resolution has been reached regarding audits performed to ISO 9001:2008 and ISO 14001:2004.

A key aspect of this resolution was the following mandate:

“Effective March 15, 2018, all audits performed to ISO 9001 or ISO 14001 must be performed to the 2015 year revision.”

As the three-year transition for ISO 9001 and ISO 14001 moves into its final year, IAF (the global association for developing the principles and practices for the conduct of conformity assessment) has passed a resolution that as of 15 March 2018, conformity assessment bodies must conduct all ISO 9001 and ISO 14001 initial, surveillance and recertification audits to the new versions – ISO 9001:2015 and ISO 14001:2015.

Any organizations who need to move to the new version of ISO 9001 and ISO 14001 should contact their conformity assessment body as soon as possible to make arrangements for their audit.  Note that failure to achieve certification to the 2015 standard by the deadline means that your certification is no longer valid and this may affect your ability to supply to all markets.   A copy of this resolution can be obtained from the IAF Here.

ISO Management System Standards Certifications Continue to Rise

Sunday, November 5th, 2017

Use of ISO management system standards continues to rise.  The number of valid certificates to ISO management system standards (MSS) rose 8 % in 2016 compared to 2015, according to latest figures of the ISO Survey.  The ISO Survey is an annual survey of valid certifications to ISO management system standards issued by accredited certification bodies worldwide. It is the most comprehensive overview of certifications to these standards currently available.

The ever-popular ISO 9001, Quality management systems – Requirements, and ISO 14001, Environmental management systems – Requirements with guidance for use, were up 7 % and 8 % respectively, with 1,106,356 and 346,189 certificates issued, while more recent additions to the survey, such as ISO 50001 for energy management and ISO/IEC 27001 for information security, rose by 69 % and 21 % respectively, amassing 20,216 and 33,290 certificates worldwide.

As ISO does not perform certification, the figures in the ISO Survey represent the number of valid certificates reported to ISO by accredited certification bodies as at 31 December 2016.  View the executive summary and full results on the ISO Survey page.

ISO/IEC 17025 moves to final stage of revision

Tuesday, September 19th, 2017

Calibration as well as testing and analyzing a sample is the daily practice of more than 60,000 laboratories worldwide, but how can they reassure customers about the reliability of their results?  Over the years, ISO/IEC 17025, General requirements for the competence of testing and calibration laboratories, has become the international reference for testing and calibration laboratories wanting to demonstrate their capacity to deliver trusted results.

However, the laboratory environment has changed dramatically since ISO/IEC 17025 was last published in year 2005.  After 15 years with all the significant changes and market conditions worldwide, it is time for a revised standard. Developed jointly by ISO and IEC in the Committee on conformity assessment (CASCO), the new version of ISO/IEC 17025 will replace the 2005 version and is scheduled for publication at the end of 2017.

For more information on the main changes to the standard, see the article on the ISO Website.

ISO 19011:2018 – Expected Changes

Friday, August 18th, 2017

After the recent meeting of the international committee ISO/PC 302 JWG1, the revised ISO 19011—Guidelines for auditing management systems has become much clearer. Here’s an example of a change:

Risk-based approach:

This has been the most significant addition to ISO 19011 so far.  The High Level Structure requires that planning be done based on the organization’s risks and opportunities (section 6.1), which in turn should be derived from the organizational context and its internal and external issues (sections 4.1 and 4.2). The current ISO 19011:2011 includes risk considerations only in relation to the actual audit program and individual audits, that is the risks of not achieving the audit objectives and the risks to the auditee as a result of the audit activities.  A significant new addition to the text of ISO 19011, starting with the inclusion and definition of a new auditing principle:

“Risk-based approach is an audit approach that considers risks and opportunities. The risk-based approach should substantively influence the planning, conducting, and reporting of audits in order to ensure that audits are focused on matters that are significant for the auditee and for achieving the audit program objectives.”  

This addition in Section 5—Managing the audit program, suggests that consideration be given to the organization’s identified risks and opportunities and the actions taken to address them when preparing the audit program. While the High Level Structure requires internal audits “be conducted at planned intervals,” the new ISO 19011 suggests that audit priority should be given to allocating resources and methods to matters in a management system with higher inherent risk and lower performance.  STAY TUNED…

Configuration Management-2017

Thursday, July 6th, 2017

ISO 10007:2017, “Quality management – Guidelines for configuration management“, provides guidance on the use of configuration management within an organization. It is applicable to the support of products and services from concept to disposal.  The purpose of this third edition of ISO 10007 is to enhance understanding of the subject, promote the use of configuration management, and assist organizations applying configuration management to improve their performance.

If your familiar with the previous version of ISO 10007 Configuration Management, the language, for example, configuration status accounting has been removed, and thank goodness this version is much more clearer for the user and applicable interpretation to your business configuration needs.  Configuration management is a management activity that applies technical and administrative direction over the life cycle of a product and service, its configuration identification and status, and related product and service configuration information. Configuration management documents the product or service configuration. It provides identification and traceability, the status of achievement of its physical and functional requirements, and access to accurate information in all phases of the life cycle.

Configuration management can be used to meet the product and service identification and traceability requirements specified in ISO 9001:2015, 8.5.2.  Purchase  the ISO 10007:2017 Standard here.

Feedback Sought for ISO Standards Survey

Monday, June 12th, 2017

The American National Standards Institute (ANSI) is seeking stakeholder feedback to gather information for the future International Organization for Standardization (ISO) survey, focused on service standards and management system standards.

The responses will be considered for a survey that highlights ISO’s strategy for service standardization, which was adopted in February 2016 to accomplish multifaceted results:

  • Increase ISO’s visibility as a developer of International Standards for services;
  • Support ISO members during challenges associated with the development of standards for services;
  • Gain a better understanding of market interests and trends in the services sector.

You can fill out the ANSI survey via This Link by the deadline of Friday, June 30, 2017.

 

New ISO 20400 Standard for Procurement Processes

Monday, May 8th, 2017

A new standard published in April 2017, ISO 20400, Sustainable Procurement-Guidance, will help organizations integrate sustainability into their procurement processes. The standard, intended for stakeholders involved in or impacted by procurement processes and decisions, will be released after a nearly four-year development process with 37 countries participating through voting and/or comment. Procurement plays a large role in any organization, large or small.

Who an organization buys from has just as big an impact on its performance as what it buys. Ensuring suppliers have sound and ethical practices – across everything from working conditions and risk management to their environmental impact – has the potential to not only make businesses work better, but to improve the lives of everyone in the communities where they are situated. ISO 20400 provides guidelines for integrating sustainability into an organization’s procurement policy strategy and process, defining the principles of sustainable procurement such as accountability, transparency, respect for human rights and ethical behavior.

The ISO 20400 standard can be purchased from your national ISO member or through the ISO Store.

 

The Silver Haired Economy

Wednesday, March 22nd, 2017

The world’s population is changing in ways that could barely be imagined a generation ago, and at a pace that is faster than any in recorded history. A recent United Nations World Population Ageing report cites that between 2015 and 2030, the number of people in the world aged 60 years or over is projected  – to grow by 56 %, from 901 million to 1.4 billion.

This brings us neatly on to the new prospects of the silver economy – the market for goods and services for people aged 65 and over. This is the “other” side of the coin of the ageing population: it offers many industries an opportunity to target a whole new customer base.

So how is YOUR Business pursuing this potentially lucrative market? In fact, many companies are well on their way to showing the rest of the world through example how to leverage this growing market. Some are embedding “ageing” as a key strategic driver of their commercial goals. Equally, some businesses have positioned ageing as an opportunity to develop products and services for older consumers, while others are capitalizing on the knowledge and skills of an ageing workforce.  The truth is, there’s a tremendous opportunity for business to grow and expand market reach. But that’s not all. If exploited effectively, this key demographic can drive higher sales – and more.

 

Transition Time Becoming Shorter

Friday, February 24th, 2017

During recent conversations we have identified that not all companies are aware of the ever reducing timeline for achieving a successful transition. Whether you are  transitioning for example to ISO 9001:2015, AS 9100D, ISO 14001:2015, or IATF 16949, you have very little time to implement the new requirements.

Here are dates you need to know:

  • All ISO 9001 audits after June 2017 will be to ISO 9001:2015
  • All AS 9100 audits after June 15, 2017 will be to the new revision D
  • All ISO/TS 16949 audits after October 1, 2017 will be to IATF 16949:2016

What are the Steps for Success with Transitioning your Current Management System?

  1. Identify the gaps needing to be addressed with the new requirements.
  2. Develop an effective implementation plan.
  3. Provide appropriate training and awareness for all parties that have an impact on organizational effectiveness.
  4. Update your existing documented management system to meet the requirements and provide verification of effectiveness.
  5. Conduct and document a complete system internal audit to ensure all internal requirements are being met, which includes the new standard requirements, customer, and any applicable business regulatory requirements.
  6. Communicate with your CB for transition schedule and arrangements.

 

Measuring Information Security Effectiveness

Friday, December 30th, 2016

security

You simply can’t be too careful when it comes to information security. Protecting personal records and commercially sensitive information is critical. But how can you tell that your ISO/IEC 27001 information security management system (ISMS) is making a difference? A new ISO/IEC International Standard can help you out.

The recently updated ISO/IEC 27004:2016, Information technology – Security techniques – Information security management – Monitoring, measurement, analysis and evaluation, provides guidance on how to assess the performance of ISO/IEC 27001. It explains how to develop and operate measurement processes, and how to assess and report the results of a set of information security metrics.

ISO/IEC 27004:2016 shows how to construct an information security measurement programme, how to select what to measure, and how to operate the necessary measurement processes. It includes extensive examples of different types of measures, and how the effectiveness of these measures can be assessed.

Among the many benefits to organizations of using ISO/IEC 27004 are:

  • Increased accountability
  • Improved information security performance and ISMS processes
  • Evidence of meeting requirements of ISO/IEC 27001, as well as applicable laws, rules and regulations

ISO/IEC 27004:2016 replaces the 2009 edition; it has been updated and extended to align with the revised version of ISO/IEC 27001 to provide organizations with greater added value and confidence.  For more information visit the iso.org website.