The International Organization for Standardization (ISO ) is an international standard development organization composed of representatives from the national standards organizations of member countries.
ISO was founded on 23 February 1947, and (Till the date) it has published over 24,500 international standards covering almost all aspects of technology and manufacturing. It has 809 Technical committees and sub committees to take care of standards development. The organization develops and publishes standardization in all technical and nontechnical fields other than electrical and electronic engineering, which is handled by the IEC. It is headquartered in Geneva, Switzerland, and works in 167 countries as of 2022. The three official languages of the ISO are English, French, and Russian. ISO is a voluntary organization whose members are recognized authorities on standards, each one representing one country. Members meet annually at a General Assembly to discuss the strategic objectives of ISO. The organization is coordinated by a central secretariat based in Geneva. The technical management board is responsible for more than 250 technical committees, who develop the ISO standards.
ISO has three membership categories are:
We Power India Services are hoping to their clients to get the ISO Certificates of many standards as per their requirements.
Here we are listing about some important ISO Standards Citification.
What is ISO 9001:2015 Certification?
The ISO 9000 family is a set of five quality management systems (QMS) standards that help organizations ensure they meet customer and other stakeholder needs within statutory and regulatory requirements related to a product or service. ISO 9000 deals with the fundamentals of QMS, including the seven quality management principles that underlie the family of standards. ISO 9001 deals with the requirements that organizations wishing to meet the standard must fulfil. ISO 9002 is a model for quality assurance in production and installation. ISO 9003 for quality assurance in final inspection and test. ISO 9004 gives guidance on achieving sustained organizational success.
Third-party certification bodies provide independent confirmation that organizations meet the requirements of ISO 9001. Over one million organizations worldwide are independently certified, making ISO 9001 one of the most widely used management tools in the world today.
The International Organization for Standardization (ISO) does not certify organizations themselves. Numerous certification bodies exist, which audit organizations and upon success, issue ISO 9001 compliance certificates. Although commonly referred to as “ISO 9000” certification, the actual standard to which an organization’s quality management system can be certified is ISO 9001:2015 (ISO 9001:2008 expired around September 2018). Many countries have formed accreditation bodies to authorize (“accredit”) the certification bodies. Both the accreditation bodies and the certification bodies charge fees for their services. The various accreditation bodies have mutual agreements with each other to ensure that certificates issued by one of the accredited certification bodies (CB) are accepted worldwide. Certification bodies themselves operate under another quality standard, ISO/IEC 17021, while accreditation bodies operate under ISO/IEC 17011.
An organization applying for ISO 9001 certification is audited based on an extensive sample of its sites, functions, products, services, and processes. The auditor presents a list of problems (defined as “nonconformities”, “observations”, or “opportunities for improvement”) to management. If there are no major nonconformities, the certification body issues a certificate. Where major nonconformities are identified, the organization presents an improvement plan to the certification body (e.g., corrective action reports showing how the problems will be resolved); once the certification body is satisfied that the organization has carried out sufficient corrective action, it issues a certificate. The certificate is limited by a certain scope (e.g., production of golf balls) and displays the addresses to which the certificate refers.
An ISO 9001 certificate is not a once-and-for-all award but must be renewed, in accordance with ISO 17021, at regular intervals recommended by the certification body, usually once every three years. There are no grades of competence within ISO 9001: either a company is certified (meaning that it is committed to the method and model of quality management described in the standard) or it is not. In this respect, ISO 9001 certification contrasts with measurement-based quality systems.
Why we should take ISO 9001:2015 Certificate?
The global adoption of ISO 9001 may be attributable to a number of factors. In the early days, the ISO 9001 (9002 and 9003) requirements were intended to be used by procuring organizations, such as contractors and design activities, as the basis of contractual arrangements with their suppliers. This helped reduce the need for subcontract supplier quality development by establishing basic requirements for a supplier to assure product quality. The ISO 9001 requirements could be tailored to meet specific contractual situations, depending on the complexity of the product, business type (design responsibility, manufacture only, distribution, servicing etc.) and risk to the procurer. If a chosen supplier was weak on the controls of their measurement equipment (calibration), and hence QC/inspection results, that specific requirement would be invoked in the contract. The adoption of a single quality assurance requirement also leads to cost savings throughout the supply chain by reducing the administrative burden of maintaining multiple sets of quality manuals and procedures.
ISO 14001 defines criteria for an EMS. It does not state requirements for environmental performance but rather maps out a framework that a company or organization can follow to set up an effective EMS. It can be used by any organization that wants to improve resource efficiency, reduce waste, and reduce costs. Using ISO 14001 can provide assurance to company management and employees as well as external stakeholders that environmental impact is being measured and improved. ISO 14001 can also be integrated with other management functions and assists companies in meeting their environmental and economic goals.
ISO 14001, like other ISO 14000 standards, is voluntary, with its main aim to assist companies in continually improving their environmental performance and complying with any applicable legislation. The organization sets its own targets and performance measures, and the standard highlights what an organization needs to do to meet those goals, and to monitor and measure the situation. The standard does not focus on measures and goals of environmental performance, but of the organization. The standard can be applied to a variety of levels in the business, from the organizational level down to the product and service level.
ISO 14001 is known as a generic management system standard, meaning that it is relevant to any organization seeking to improve and manage resources more effectively. This includes:
• single-site to large multi-national companies
• high-risk companies to low-risk service organizations
• the manufacturing, process, and service industries, including local governments
• all industry sectors, including public and private sectors
• original equipment manufacturers and their suppliers.
ISO 14001 was developed primarily to assist companies with a framework for better management control, which can result in reducing their environmental impact. In addition to improvements in performance, organizations can reap a number of economic benefits, including higher conformance with legislative and regulatory requirements by adopting the ISO standard. By minimizing the risk of regulatory and environmental liability fines and improving an organization’s efficiency, benefits can include a reduction in waste, consumption of resources, and operating costs. Secondly, as an internationally recognized standard, businesses operating in multiple locations across the globe can leverage their conformance to ISO 14001, eliminating the need for multiple registrations or certifications. Thirdly, there has been a push in the last decade by consumers for companies to adopt better internal controls, making the incorporation of ISO 14001 a smart approach for the long-term viability of businesses. This can provide them with a competitive advantage against companies that do not adopt the standard (Potoki & Prakash, 2005). This in turn can have a positive impact on a company’s asset value (Van der Deldt, 1997). It can lead to improved public perceptions of the business, placing them in a better position to operate in the international marketplace. The use of ISO 14001 can demonstrate an innovative and forward-thinking approach to customers and prospective employees. It can increase a business’s access to new customers and business partners. In some markets it can potentially reduce public liability insurance costs. It can also serve to reduce trade barriers between registered businesses. There is growing interest in including certification to ISO 14001 in tenders for public-private partnerships for infrastructure renewal.
List of ISO 14000 series standards
• ISO 14001 Environmental management systems – Requirements with guidance for use
• ISO 14004 Environmental management systems – General guidelines on implementation
• ISO 14005 Environmental management systems – Guidelines for a flexible approach to phased implementation
• ISO 14006 Environmental management systems – Guidelines for incorporating eco-design
• ISO 14015 Environmental management – Environmental assessment of sites and organizations (EASO)
• ISO 14020 to 14025 Environmental labels and declarations
• ISO/NP 14030 Green bonds — Environmental performance of nominated projects and assets; discusses post-production environmental assessment
• ISO 14031 Environmental management – Environmental performance evaluation – Guidelines
• ISO 14040 to 14049 Environmental management – Life cycle assessment; discusses pre-production planning and environment goal setting
• ISO 14050 Environmental management – Vocabulary; terms and definitions
• ISO/TR 14062 Environmental management – Integrating environmental aspects into product design and development
• ISO 14063 Environmental management – Environmental communication – Guidelines and examples
• ISO 14064 Greenhouse gases; measuring, quantifying, and reducing greenhouse gas emissions
• ISO 14090 Adaptation to climate change — Principles, requirements and guideline
ISO 45001 is an ISO standard for management systems of occupational health and safety (OHS), published in March 2018. The goal of ISO 45001 is the reduction of occupational injuries and diseases, including promoting and protecting physical and mental health.
The standard is based on OHSAS 18001, conventions and guidelines of the International Labour Organization, and national standards. It includes elements that are additional to OHSAS 18001 which it is replacing over a three-year migration period from 2018 to 2021. As of March 2021, companies and organizations should have migrated to ISO 45001 to retain a valid certification, although ISO has extended the transition period for up to six months (to 11 September 2021) for organizations adversely affected by COVID-19.
ISO 45001 follows the High-Level Structure of other ISO standards, such as ISO 9001:2015 and ISO 14001:2015, which makes integration of these standards easier..
ISO 45001 is set to replace OHSAS 18001 over three years following its publication in March 2018. BSI will formally withdraw OHSAS 18001 in September 2021, at the end of the extended migration period (due to COVID-19). ISO 45001 uses the management system standard structure guideline Annex SL to allow for simplified integration with other management system standards, such as ISO 9001 and ISO 14001. The International Accreditation Forum has published requirements for migration from OHSAS 18001 to ISO 45001.
Organizations with a pre-existing OHSAS certification that migrate to ISO 45001:2018 can consider both certifications as one. For example, an OHSAS 18001 certification from 2017 that is migrated to ISO 45001:2018 in 2020 will be considered as having run from 2017.
ISO/IEC TS 17021-10:2018 is a technical specification setting out competence requirements for auditing and certification of ISO 45001.
ISO 13485 Medical devices — Quality management systems — Requirements for regulatory purposes is a voluntary standard, published by International Organization for Standardization (ISO) for the first time in 1996, and contains a comprehensive quality management system for the design and manufacture of medical devices. The latest version of this standard supersedes earlier documents such as EN 46001 (1993 and 1996) and EN 46002 (1996), the previously published ISO 13485 (1996 and 2003), and ISO 13488 (also 1996).
The current ISO 13485 edition was published on 1 March 2016
While it remains a stand-alone document, ISO 13485 is generally harmonized with ISO 9001. A principal difference, however, is that ISO 9001 requires the organization to demonstrate continual improvement, whereas ISO 13485 requires only that the certified organization demonstrate the quality system is effectively implemented and maintained. Additionally, the ISO 9001 requirements regarding customer satisfaction are absent from the medical device standard.
Other specific differences include:
• the promotion and awareness of regulatory requirements as a management responsibility. Examples of market-specific regulatory requirements include 21 CFR 820, the Quality System Regulation for medical devices sold in the United States, enforced by the U.S. Food and Drug Administration (FDA), or the Medical Devices Directive 93/42/EEC, required for doing business in the European Union
• controls in the work environment to ensure product safety
• focus on risk management activities and design control activities during product development
• specific requirements for inspection and traceability for implantable devices
• specific requirements for documentation and validation of processes for sterile medical devices
• specific requirements for verification of the effectiveness of corrective and preventive actions
• specific requirements for cleanliness of products
Compliance with ISO 13485 is often seen as the first step in achieving compliance with European regulatory requirements. The conformity of Medical Devices and In-vitro Diagnostic Medical Device according to European Union Directives 93/42/EEC, 90/385/EEC and 98/79/EEC must be assessed before sale is permitted. One of the major requirements to prove conformity is the implementation of the Quality Management System according ISO 9001 and/or ISO 13485 and ISO 14971. Although the European Union Directives do not mandate certification to ISO 9001 and/or ISO 13485 the preferred method to prove compliance to such standards is to seek its official certification which is issued by certifying organizations known as “Registrars”. Several registrars also act as Notified Body. For those medical devices requiring the pre-market involvement of a Notified Body, the result of a positive assessment from the Notified Body is the certificate of conformity allowing the CE mark and the permission to sell the medical device in the European Union. A very careful assessment of the company Quality Management System by the Notified Body, together with the review of the required Technical Documentation, is a major element which the Notified Body takes into account to issue the certificate of conformity to the company product(s).
This standard adopted by CEN as EN ISO 13485:2003/AC:2007 is harmonized with respect to the European medical device directives 93/42/EEC, 90/385/EEC and 98/79/EC.
ISO 13485 is now considered to be inline standard and requirement for medical devices even with “Global Harmonization Task Force Guidelines” (GHTF). The GHTF guidelines are slowly becoming universal standards for design, manufacture, export and sales of various medical devices. The GHTF has been replaced in the last few years by the International Medical Device Regulators Forum (IMDRF) and is structured differently from the GHTF as only the regulators, that are primary members of the group, get to make many of the decisions. The IMDRF main membership (the regulators) do want to have non-regulators involved without voting rights and in this way, they are hoping to get the process and documents completed quicker than under the GHTF system (regulators & non-regulators were equal in voting rights) that worked reasonably well, but somewhat slow.
This standard adopted by CEN as EN ISO 13485:2012 is harmonized with respect to the European Medical Devices Directive 93/42/EEC.
ISO/IEC 20000 is the international standard for IT service management. It was developed in 2005 by ISO/IEC JTC1/SC7 and revised in 2011 and 2018. It was originally based on the earlier BS 15000 that was developed by BSI Group.
ISO/IEC 20000, like its BS 15000 predecessor, was originally developed to reflect best practice guidance contained within the ITIL framework, although it equally supports other IT service management frameworks and approaches including Microsoft Operations Framework and components of ISACA’s COBIT framework. The differentiation between ISO/IEC 20000 and BS 15000 has been addressed by Jenny Dugmore.
The standard was first published in December 2005. In June 2011, the ISO/IEC 20000-1:2005 was updated to ISO/IEC 20000-1:2011. In February 2012, ISO/IEC 20000-2:2005 was updated to ISO/IEC 20000-2:2012.
ISO 20000-1 has been revised by ISO/IEC JTC 1/SC 40 IT Service Management and IT Governance. The revision was released in July 2018. From that point certified entities enter a three year transition period to update to the new version of ISO 20000-1.ISO/IEC 20000-1:2018 – Information technology — Service management — Part 1: Service management system requirements.
ISO 22000 is a Food safety management system which is outcome focused, providing requirements for any organization in the food industry with objective to help to improve overall performance in food safety. These standards are intended to ensure safety in the global food supply chain. The standards involve the overall guidelines for food safety management and also focuses on traceability in the feed and food chain.
ISO 22000 is the most popular voluntary food safety international standard in the food industry with 42,937 sites certified (as per the ISO Survey 2021). The ISO 22000 family are international voluntary consensus standards which align to Good Standardization Practices (GSP) and the World Trade Organization (WTO) Principles for the Development of International Standards. Defining the requirements for a Food Safety Management System (FSMS) and incorporating the following elements which as defined as FSMS principles:
• interactive communication
• system management
• prerequisite programs
• HACCP principles
Critical reviews of the above elements have been conducted by many scientists. Communication along the food chain is essential to ensure that all relevant food safety hazards are identified and adequately controlled at each step within the food chain. This implies communication between organizations both upstream and downstream in the food chain. Communication with customers and suppliers about identified hazards and control measures will assist in clarifying customer and supplier requirements.
Recognition of the organization’s role and position within the food chain is essential to ensure effective interactive communication throughout the chain in order to deliver safe food products to the consume
The ISO/IEC 27000-Series (also known as the ‘ISMS Family of Standards’ or ‘ISO27K’ for short) comprises information security standards published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
The series provides best practice recommendations on information security management—the management of information risks through information security controls—within the context of an overall Information security management system (ISMS), similar in design to management systems for quality assurance (the ISO 9000 series), environmental protection (the ISO 14000 series) and other management systems.
The series is deliberately broad in scope, covering more than just privacy, confidentiality and IT/technical/cybersecurity issues. It is applicable to organizations of all shapes and sizes. All organizations are encouraged to assess their information risks, then treat them (typically using information security controls) according to their needs, using the guidance and suggestions where relevant. Given the dynamic nature of information risk and security, the ISMS concept incorporates continuous feedback and improvement activities to respond to changes in the threats, vulnerabilities or impacts of incidents.
He published ISO27K standards related to “information technology – security techniques” are:
1. ISO/IEC 27000 — Information security management systems — Overview and vocabulary
2. ISO/IEC 27001 — Information security, cybersecurity and privacy protection — Information security management systems — Requirements. The 2022 release of the standard specifies requirements for an information security management system in the same formalized, structured and succinct manner as other ISO standards specify other kinds of management systems.
3. ISO/IEC 27002 — Information security, cybersecurity and privacy protection — Information security controls (essentially a detailed catalog of information security controls that might be managed through the ISMS)
4. ISO/IEC 27003 — Information security management system implementation guidance
5. ISO/IEC 27004 — Information security management — Monitoring, measurement, analysis and evaluation
6. ISO/IEC 27005 — Information security, cybersecurity and privacy protection — Guidance on managing information security risks
7. ISO/IEC 27006 — Requirements for bodies providing audit and certification of information security management systems
8. ISO/IEC 27007 — Guidelines for information security management systems auditing (focused on auditing the management system)
9. ISO/IEC TR 27008 — Guidance for auditors on ISMS controls (focused on auditing the information security controls)
10. ISO/IEC 27009 — Information technology — Security techniques — Sector-specific application of ISO/IEC 27001 — Requirements
11. ISO/IEC 27010 — Information security management for inter-sector and inter-organizational communications
12. ISO/IEC 27011 — Information security management guidelines for telecommunications organizations based on ISO/IEC 27002
13. ISO/IEC 27013 — Guideline on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1
14. ISO/IEC 27014 — Information security governance. ISO/IEC TR 27015 — Information security management guidelines for financial services (now withdrawn)
15. ISO/IEC TR 27016 — information security economics
16. ISO/IEC 27017 — Code of practice for information security controls based on ISO/IEC 27002 for cloud services
17. ISO/IEC 27018 — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors
18. ISO/IEC 27019 — Information security for process control in the energy industry
19. ISO/IEC 27021 — Competence requirements for information security management systems professionals
20. ISO/IEC TS 27022 — Guidance on information security management system processes – under development
21. ISO/IEC TR 27023 — Mapping the revised editions of ISO/IEC 27001 and ISO/IEC 27002
22. ISO/IEC 27028 — Guidance on ISO/IEC 27002 attributes
23. ISO/IEC 27031 — Guidelines for information and communication technology readiness for business continuity
24. ISO/IEC 27032 — Guideline for cybersecurity
25. ISO/IEC 27033 — Information technology — Security techniques — Network security
26. ISO/IEC 27033-1 — Network security – Part 1: Overview and concepts
27. ISO/IEC 27033-2 — Network security – Part 2: Guidelines for the design and implementation of network security
28. ISO/IEC 27033-3 — Network security – Part 3: Reference networking scenarios — Threats, design techniques and control issues
29. ISO/IEC 27033-4 — Network security – Part 4: Securing communications between networks using security gateways
30. ISO/IEC 27033-5 — Network security – Part 5: Securing communications across networks using Virtual Private Networks (VPNs)
31. ISO/IEC 27033-6 — Network security – Part 6: Securing wireless IP network access
32. ISO/IEC 27033-7 — Network security – Part 7: Guidelines for network virtualization security
33. ISO/IEC 27034-1 — Application security – Part 1: Guideline for application security
34. ISO/IEC 27034-2 — Application security – Part 2: Organization normative framework
35. ISO/IEC 27034-3 — Application security – Part 3: Application security management process
36. ISO/IEC 27034-4 — Application security – Part 4: Validation and verification (under development)
37. ISO/IEC 27034-5 — Application security – Part 5: Protocols and application security controls data structure
38. ISO/IEC 27034-5-1 — Application security — Part 5-1: Protocols and application security controls data structure, XML schemas
39. ISO/IEC 27034-6 — Application security – Part 6: Case studies
40. ISO/IEC 27034-7 — Application security – Part 7: Assurance prediction framework
41. ISO/IEC 27035-1 — Information security incident management – Part 1: Principles of incident management
42. ISO/IEC 27035-2 — Information security incident management – Part 2: Guidelines to plan and prepare for incident response
43. ISO/IEC 27035-3 — Information security incident management – Part 3: Guidelines for ICT incident response operations
44. ISO/IEC 27035-4 — Information security incident management – Part 4: Coordination (under development)
45. ISO/IEC 27036-1 — Information security for supplier relationships – Part 1: Overview and concepts
46. ISO/IEC 27036-2 — Information security for supplier relationships – Part 2: Requirements
47. ISO/IEC 27036-3 — Information security for supplier relationships – Part 3: Guidelines for information and communication technology supply chain security
48. ISO/IEC 27036-4 — Information security for supplier relationships – Part 4: Guidelines for security of cloud services
49. ISO/IEC 27037 — Guidelines for identification, collection, acquisition and preservation of digital evidence
50. ISO/IEC 27038 — Specification for Digital redaction on Digital Documents
51. ISO/IEC 27039 — Intrusion prevention
52. ISO/IEC 27040 — Storage security
53. ISO/IEC 27041 — Investigation assurance
54. ISO/IEC 27042 — Analysing digital evidence
55. ISO/IEC 27043 — Incident investigation
56. ISO/IEC 27050-1 — Electronic discovery — Part 1: Overview and concepts
57. ISO/IEC 27050-2 — Electronic discovery — Part 2: Guidance for governance and management of electronic discovery
58. ISO/IEC 27050-3 — Electronic discovery — Part 3: Code of practice for electronic discovery
59. ISO/IEC 27050-4 — Electronic discovery — Part 4: Technical readiness
60. ISO/IEC TS 27110 — Information technology, cybersecurity and privacy protection — Cybersecurity framework development guidelines
61. ISO/IEC 27701 — Information technology — Security Techniques — Information security management systems — Privacy Information Management System (PIMS).
62. ISO 27799 — Information security management in health using ISO/IEC 27002 (guides health industry organizations on how to protect personal health information using ISO/IEC 27002)
SO/IEC 27001 is an international standard to manage information security. The standard was originally published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005, revised in 2013, and again most recently in 2022. There are also numerous recognized national variants of the standard. It details requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) – the aim of which is to help organizations make the information assets they hold more secure. Organizations that meet the standard’s requirements can choose to be certified by an accredited certification body following successful completion of an audit. The effectiveness of the ISO/IEC 27001 certification process and the overall standard has been addressed in a large-scale study conducted in 2020.
Most organizations have a number of information security controls. However, without an information security management system (ISMS), controls tend to be somewhat disorganized and disjointed, having been implemented often as point solutions to specific situations or simply as a matter of convention. Security controls in operation typically address certain aspects of information technology (IT) or data security specifically; leaving non-IT information assets (such as paperwork and proprietary knowledge) less protected on the whole. Moreover, business continuity planning and physical security may be managed quite independently of IT or information security while Human Resources practices may make little reference to the need to define and assign information security roles and responsibilities throughout the organization.
ISO/IEC 27001 requires that management:
• Systematically examine the organization’s information security risks, taking account of the threats, vulnerabilities, and impacts;
• Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable; and
• Adopt an overarching management process to ensure that the information security controls continue to meet the organization’s information security needs on an ongoing basis.
What controls will be tested as part of certification to ISO/IEC 27001 is dependent on the certification auditor. This can include any controls that the organisation has deemed to be within the scope of the ISMS and this testing can be to any depth or extent as assessed by the auditor as needed to test that the control has been implemented and is operating effectively.
Management determines the scope of the ISMS for certification purposes and may limit it to, say, a single business unit or location. The ISO/IEC 27001 certificate does not necessarily mean the remainder of the organization, outside the scoped area, has an adequate approach to information security management.
Other standards in the ISO/IEC 27000 family of standards provide additional guidance on certain aspects of designing, implementing and operating an ISMS, for example on information security risk management (ISO/IEC 27005).
ISO 50001 Energy management systems – Requirements with guidance for use, is an international standard created by the International Organization for Standardization (ISO). It supports organizations in all sectors to use energy more efficiently through the development of an energy Management System. The standard specifies the requirements for establishing, implementing, maintaining and improving an energy management system, whose purpose is to enable an organization to follow a systematic approach in achieving continual improvement of energy performance, including energy efficiency, energy security, energy use and consumption.
The standard aims to help organizations continually reduce their energy use, and therefore their energy costs and their greenhouse gas emissions.
ISO 50001 was originally released by ISO in June 2011 and is suitable for any organization, whatever its size, sector or geographical location. The second edition, ISO 50001:2018 was released in August 2018.
The system is modelled after the ISO 9001 Quality Management System and the ISO 14001 Environmental Management System (EMS) and the 2018 version has clauses modular with both.
A significant feature in ISO 50001 is the requirement to “… improve the EnMS and the resulting energy performance”. The other standards mentioned here (ISO 9001 and ISO 14001) both require improvement to the effectiveness of the Management System but not to the quality of the product/service (ISO 9001) or to environmental performance (ISO 14001). It is anticipated that by implementing ISO 9001 and 14001 together an organization would improve quality and environmental performance, but the standards do not currently specify this as a requirement.
ISO 50001, therefore, has made a major leap forward in ‘raising the bar’ by requiring an organization to demonstrate that they have improved their energy performance. There are no quantitative targets specified – an organization chooses its own then creates an action plan to reach the targets. With this structured approach, an organization is more likely to see some tangible financial benefits.
Reasons for use
The main objective of the standard is to improve energy-related performance and energy efficiency continuously and to identify energy reduction opportunities. This systematic approach will help organizations to establish systems and processes.
Consistent energy management helps organizations to realize untapped energy efficiency potential. They will benefit from cost savings and make a significant contribution to environmental and climate protection, for example by the permanent reduction of CO2 emissions. The standard should alert employees and in particular the management level to the immediate and long-term energy management gains that can be made. The organization can discover potential savings and competitive advantages. Furthermore, a huge image boost for the organization can be created.
ISO 37001 Anti-bribery management systems – Requirements with guidance for use, is a management system standard published by International Organization for Standardization (ISO) in 2016. As the title suggests, this standard sets out the requirements for the establishment, implementation, operation, maintenance, and continual improvement of an anti-bribery management system (ABMS). It also provides guidance on the actions and approaches organizations can take to adhere to the requirements of this standard.
This management system standard has been developed by ISO Project Committee ISO/PC 278, Anti-bribery management systems. More recently, technical committee ISO/TC 309 Governance of organizations has been created and the maintenance and future development of ISO 37001 will be undertaken by members of this committee.
An anti-bribery management system intends to help organizations in the fight against bribery, by establishing the procedures, policies and controls that help foster a culture of integrity, transparency and compliance.
ISO 37001 is applicable only to bribery, and the ABMS intended to improve the organization’s ability to prevent, detect, and respond to bribery and comply with anti-bribery laws and commitments that the organization had adhere to. Furthermore, ISO 37001 does not specifically address fraud, cartels, money-laundering, or other activities related to corrupt practices .
The anti-bribery management system can be stand-alone system or integrated into an already implemented management system such as the Quality Management System ISO 9001. An organization can choose to implement the anti-bribery management system in conjunction with or as part of other systems, such as those relating to the quality, environment and safety.
IATF 16949:2016 is a technical specification aimed at the development of a quality management system which provides for continual improvement, emphasizing defect prevention and the reduction of variation and waste in the automotive industry supply chain and assembly process. It is based on the ISO 9001 standard and the first edition was published in June 1999 as ISO/TS 16949:1999. IATF 16949:2016 replaced ISO/TS 16949 in October 2016.
The standard was prepared by the International Automotive Task Force (IATF) and the “Technical Committee” of ISO. It harmonises the country-specific regulations of quality management systems.
About 30 percent of the more than 100 existing motorcar manufacturers follow the requirements of the norm but especially the large Asian manufacturers have differentiated and have their own requirements for the quality management systems of their corporate group and their suppliers.
ISO/TS 16949 applies to the design/development, production and, when relevant, installation and servicing of automotive-related products.
The requirements are intended to be applied throughout the supply chain. For the first time vehicle assembly plants will be encouraged to seek ISO/TS 16949 [certification].
The ISO/TS 16949 can be applied throughout the supply chain in the automotive industry. Certification takes place on the basis of the certification rules issued by the International Automotive Task Force (IATF). The certificate is valid for three years and must be confirmed annually (as a minimum) by an IATF certified auditor (3rd Party Auditor) of an IATF recognized certification body. Re-certification is required at the expiry of the three-year period. Certification pursuant to ISO/TS 16949 is intended to build up or enforce the confidence of a (potential) customer towards the system and process quality of a (potential) supplier. Today, a supplier without a valid certificate has little chance of supplying a Tier 1 supplier and certainly no chance of supplying a car manufacturer with standard parts, if indeed that OEM is a participating member of the IATF (most Japan OEM are members of JAMA and not members of the IATF)