FAMILY ISO – ISO 9000:2015 QUALITY MANAGEMENT SYSTEM

ISO 9000:2015 QUALITY MANAGEMENT SYSTEM

ISO 9001:2015 is the recognized international standard for quality management (QMS).

• Meets customer requirements
• Follow Annex SL (High Level Structure)

ISO 9001:2015 sets out the criteria for a quality management system and is the only standard of the family that can be certified. It can be used by any organization, big or small, regardless of their field of activity. This standard is based on a number of quality management principles including a strong customer focus, motivation and involvement of top management, process approach and continuous improvement.

Using ISO 9001 helps to ensure that customers receive consistent, good quality products and services, which brings many business benefits.

Internal and external affairs

• Main economic development and market which may affect the organization; Your organization is probably very aware of what is happening in the market but can undertake it in a much more necessary way.
• Technological innovations and developments; this is also a critical area for business success.
• Regulatory developments; a whole range of external regulations are being monitored by your organization. If you miss them then it can seriously hurt your business, or if you catch early intelligence on them you  can realize better opportunities.
• Politics and other volatilities; if for example you rely on raw materials from a particular country which experiences great volatility, your entire business could be at risk; or if there are major ethical concerns about a source of materials or goods.
• Organizational culture and attitudes; An effective and motivated workforce will give you positive impacts, and many organizations receive feedback from employees.

Internal and external parties

• Exercises for the engagement of interested parties; already widely used to consult with stakeholders and identify concerns and issues. It is most often used by larger organizations that engage in corporate social responsibility initiatives.
• Consultative meetings with NGOs on environmental, planning and development issues; these are often used by large industrial plants with significant HSE (health, safety and environmental) risks.
• Meetings and other interactions with regulators; this may include, for example, quality-critical issues on product specifications and conformity, as well as the development of compliance requirements and standards.
• Employee meetings, consultations and feedback activities; this should already be happening, but perhaps this will prompt more effort to improve an area which has been at risk of “empty promises” of ISO 9001:2008.
• Supplier reviews and relationship management; many organizations are trying to get much more out of supplier-customer relationships, which are critical to mutual success.
• Customer/consumer reviews and relationship management; certainly this is a fundamental pillar of all standards and a key to success.
• It may be that when you reflect on how you capture key issues and how many stakeholders you already engage with, you may be pleasantly surprised. It may be that you only engage with a limited number of internal and external parties, but now is the time to start thinking about whether this is enough and whether you are missing out on some good opportunities.

There will be many ways to understand this – and hopefully some improved and new approaches may emerge as this part of the standard is considered.

Approaches may include:

• Summary information from the range of existing approaches used as listed above (eg a short report).
• Information summarized as part of the data for risk and opportunity registers.
• Recorded in a simple table.
• Recorded and maintained in a database.
• Capture and record through key meetings.

These clauses require organizations to think clearly and logically about what may be influencing both inside and outside their management systems and to be in a position to show that this information is being monitored and reviewed. It also requires organizations to elevate discussions to the highest levels, as capturing the above range of information is difficult to achieve without senior management involvement.

Leadership 

This clause includes much of the content that will be familiar from ISO 9001:2008, but it also introduces some significant changes to the overall leadership and commitment and expectations that senior management engage more fully with critical aspects of the system. of quality management.

• Leadership and commitment

This clause includes a series of key activities that senior management needs to “demonstrate leadership and commitment to the management system”. Herein lies one of the bids submitted by the joint HLS – senior management should demonstrate more leadership of the system. of management rather than simply demonstrating commitment to it. The standard is directing oversight of the management system at the highest level of management and making it a key component of the organization and its core business processes and activities. This does not mean that senior management must be able to restate policy or recite objectives – what this means is that internal or external stakeholders must feel entitled to have a leadership discussion about core and critical aspects of the business, because these are at the heart of the management system. Another purpose of this requirement is to fully define market/customer needs and expectations. This information then acts as an input to the definition of strategy, which in turn provides direction and facilitates the development of a management system capable of satisfying the target market or customer. This is an ongoing process, which can be achieved from many different aspects. Although not specified in the documented standard, the information may include market surveys, customer, meeting minutes, questionnaires and other research areas. The customer focus has remained very similar in context to ISO 9001:2008, but has been expanded to include the identification of risks and opportunities that affect the conformity of products and services.

Politics

The Quality Policy is an important document because it acts as a driver for the organization. It provides direction and formally establishes goals and commitment. Senior management must ensure that the policy is appropriate and aligned with the strategic direction. The policy needs to be communicated to all employees and they need to understand the part they have in setting it.

ISO 9001:2015 adds requirements for the policy to be documented and, where appropriate, available to interested parties.

Organizational roles, responsibilities and authorities

For a system to work effectively, those involved need to be fully aware of what their role is. Top management must ensure that key responsibilities and authorities are clearly defined and that everyone involved understands their role. Defining roles is a function of planning, ensuring that awareness is then achieved through communication and training. It is common for organizations to use job descriptions or procedures to define responsibilities and authorities.

In ISO 9001:2015, senior management is identified as responsible for ensuring that these aspects of the system are properly defined, communicated and understood.

The specific role of Management Representative has been removed – the standard still contains all the key activities and responsibilities of those previously identified in the role, but these now sit more directly at the structural core of the organization – including senior management.

Clause 5 contains very familiar content, but with more emphasis on leadership and commitment and expectations that senior management will engage in the management system.

• The organization must monitor and review information about internal and external issues (clause 4.1).
• The organization must monitor and review information about stakeholders and their respective requirements (clause 4.2).

ISO 14001:2015

Environmental management system — Requirements with instructions for use

This standard was last revised and confirmed in 2021.

ABSTRACT

ISO 14001:2015 specifies the requirements for an environmental management system that an organization can use to improve its environmental performance. ISO 14001:2015 is intended for use by an organization seeking to manage its environmental responsibilities in a systematic manner that contributes to the environmental pillar of sustainability.

ISO 14001:2015 helps an organization achieve the intended results of its environmental management system, which provide value to the environment, the organization itself and stakeholders. In accordance with the organization’s environmental policy, the intended results of an environmental management system include:

• improvement of environmental performance;
• fulfilment of compliance obligations;
• achieving environmental objectives.

ISO 14001:2015 is applicable to any organization, regardless of size, type and nature, and applies to the environmental aspects of its activities, products and services that the organization determines it can control or influence taking into account the life cycle perspective vital. ISO 14001:2015 does not define specific environmental performance criteria.

ISO 14001:2015 can be used in whole or in part to systematically improve environmental management. Conformity requirements to ISO 14001:2015, however, are not acceptable unless all its requirements are included in an organization’s environmental management system and are met without exception.

ISO 14004:2016

Environmental management system

General guidelines for implementation.

ISO 14004:2016 provides guidance for an organization to establish, implement, maintain and improve a robust, reliable environmental management system. The guidance provided is intended for an organization seeking to manage its environmental responsibilities in a systematic manner that contributes to the environmental pillar of sustainability.

This international standard helps an organization achieve the intended results of its environmental management system, which provides value for the environment, the organization itself and stakeholders.

In accordance with the organization’s environmental policy, the intended results of an environmental management system include:

– improvement of environmental performance;

– fulfillment of compliance obligations;

– achieving environmental objectives.

The guidelines in this International Standard can help an organization improve its environmental performance and enable elements of the environmental management system to be integrated into its core business process.

The environmental management system is not intended to manage occupational health and safety issues, these may be included when an organization seeks to implement an integrated occupational health and safety management system.

ISO 14004:2016 is applicable to any organization, regardless of size, type and nature, and applies to the environmental aspects of its activities, products and services that the organization determines it can control or influence, taking into account a perspective of life cycle.

The guidance in this International Standard can be used in whole or in part to systematically improve environmental management. It serves to provide additional explanations of concepts and requirements.

While the guidance in this International Standard is consistent with the ISO 14001 environmental management system model, it is not intended to provide interpretations of the requirements of ISO 14001.

ISO 14005:2019

Environmental management system

Guidelines for a flexible approach to phased implementation.

This document provides guidance on a phased approach to establishing, implementing, maintaining and improving an environmental management system (EMS) that organizations, including small and medium-sized enterprises (SMEs), can adopt to improve performance their environmental.

The phased approach provides flexibility that allows organizations to develop their EMS at their own pace, in a number of phases, according to their circumstances. Each stage consists of six consecutive stages. The maturity matrix of the system at the end of each phase can be characterized using the five-level maturity matrix given in Annex A.

This document is applicable to any organization, regardless of their current environmental performance, the nature of the activities undertaken or the locations in which they occur.

The phased approach enables an organization to develop a system that ultimately meets the requirements of ISO 14001.

The guidance does not cover those elements of specific systems that go beyond ISO 14001 and is not intended to provide interpretations of the requirements of ISO 14001.

ISO 14000 defines the criteria for an environmental management system that can be certified. It designs a structure that a company or organization can follow to set up an effective environmental management system.

Designed for any type/type of organization, regardless of their activity or sector, it can provide security in the management of the company and employees, as well as the external interested party whose environmental impact is measured and improved.

What does the ISO 14000 family cover?

Other standards focus on specific approaches such as audits, communications, labeling and life cycle analysis, as well as environmental challenges such as climate change. ISO 14001 has more than 300,000 certifications in 171 countries around the world.

ISO 27000:2018 INFORMATION TECHNOLOGY

Security for any type of digital information.

ISO/IEC 27000:2018 provides the overview of information security management systems (ISMS). It also provides terms and definitions commonly used in the ISMS family of standards. This document is applicable to all types and sizes of organizations (e.g commercial enterprises, government agencies, non-profit organizations).

ISO/IEC 27001:2022

Information security, cyber and privacy protection.

This document specifies the requirements for the establishment, implementation, maintenance and continuous improvement of an information security management system within the context of the organization. This document also includes requirements for assessing and handling information security risks tailored to the needs of the organization. The requirements set out in this document are general and are intended to apply to all organisations, regardless of type, size or nature. Exemption from any of the requirements specified in points 4 to 10 is not acceptable when an organization claims conformity with this document.

ISO/IEC 27002:2022

Information security controls

This document provides a reference set of general information security controls, including implementation guidelines. This document is intended for use by organizations:

1. a) within the context of an information security management system (ISMS) based on ISO/IEC27001;
2. b) for the implementation of information security controls based on internationally recognized best practices;
3. c) for the development of information security management guidelines specific to the organization.

ISO/IEC 27001

IT security, cyber security and privacy protection are vital to today’s company and organizations. ISO 27001 is well known in the world as the information security standard for security management, and their requirements.