SYSTEM CERTIFICATIONS

ISO 9001:2015 :

ISO 9001:2015 specifies requirements for a quality management system where an organization
• needs to demonstrate its ability to consistently provide product that meets customer and applicable statutory and regulatory requirements, and
• aims to enhance customer satisfaction through the effective application of the system, including processes for continual improvement of the system and the assurance of conformity to customer and applicable statutory and regulatory requirements.

All requirements of ISO 9001:2015 are generic and are intended to be applicable to all organizations, regardless of type, size and product provided.

Where any requirement(s) of ISO 9001:2015 cannot be applied due to the nature of an organization and its product, this can be considered for exclusion.

Where exclusions are made, claims of conformity to ISO 9001:2015 are not acceptable unless these exclusions are limited to requirements within Clause 8, and such exclusions do not affect the organization's ability, or responsibility, to provide product that meets customer and applicable statutory and regulatory requirements.

ISO 14001:2015 :

ISO 14001:2015 specifies requirements for an environmental management system to enable an organization to develop and implement a policy and objectives which take into account legal requirements and other requirements to which the organization subscribes, and information about significant environmental aspects. It applies to those environmental aspects that the organization identifies as those which it can control and those which it can influence. It does not itself state specific environmental performance criteria.

ISO 14001:2015 is applicable to any organization that wishes to establish, implement, maintain and improve an environmental management system, to assure itself of conformity with its stated environmental policy, and to demonstrate conformity with ISO 14001:2015 by
• making a self-determination and self-declaration, or
• seeking confirmation of its conformance by parties having an interest in the organization, such as customers, or
• seeking confirmation of its self-declaration by a party external to the organization, or
• seeking certification/registration of its environmental management system by an external organization.

All the requirements in ISO 14001:2015 are intended to be incorporated into any environmental management system. The extent of the application will depend on factors such as the environmental policy of the organization, the nature of its activities, products and services and the location where and the conditions in which it functions.

ISO 22000:2018 :

ISO 22000:2018 specifies requirements for a food safety management system where an organization in the food chain needs to demonstrate its ability to control food safety hazards in order to ensure that food is safe at the time of human consumption.

It is applicable to all organizations, regardless of size, which are involved in any aspect of the food chain and want to implement systems that consistently provide safe products. The means of meeting any requirements of ISO 22000:2018 can be accomplished through the use of internal and/or external resources.

ISO 22000:2018 specifies requirements to enable an organization
• to plan, implement, operate, maintain and update a food safety management system aimed at providing products that, according to their intended use, are safe for the consumer,
• to demonstrate compliance with applicable statutory and regulatory food safety requirements,
• to evaluate and assess customer requirements and demonstrate conformity with those mutually agreed customer requirements that relate to food safety, in order to enhance customer satisfaction,
• to effectively communicate food safety issues to their suppliers, customers and relevant interested parties in the food chain,
• to ensure that the organization conforms to its stated food safety policy,
• to demonstrate such conformity to relevant interested parties, and
• to seek certification or registration of its food safety management system by an external organization, or make a self-assessment or self-declaration of conformity to ISO 22000:2018.

ISO 13485:2016 :

ISO 13485:2016 specifies requirements for a quality management system where an organization needs to demonstrate its ability to provide medical devices and related services that consistently meet customer requirements and regulatory requirements applicable to medical devices and related services.

The primary objective of ISO 13485:2016 is to facilitate harmonized medical device regulatory requirements for quality management systems. As a result, it includes some particular requirements for medical devices and excludes some of the requirements of ISO 9001 that are not appropriate as regulatory requirements. Because of these exclusions, organizations whose quality management systems conform to this International Standard cannot claim conformity to ISO 9001 unless their quality management systems conform to all the requirements of ISO 9001.

All requirements of ISO 13485:2016 are specific to organizations providing medical devices, regardless of the type or size of the organization.

If regulatory requirements permit exclusions of design and development controls, this can be used as a justification for their exclusion from the quality management system. These regulations can provide alternative arrangements that are to be addressed in the quality management system. It is the responsibility of the organization to ensure that claims of conformity with ISO 13485:2016 reflect exclusion of design and development controls.

If any requirement(s) in Clause 7 of ISO 13485:2016 is(are) not applicable due to the nature of the medical device(s) for which the quality management system is applied, the organization does not need to include such a requirement(s) in its quality management system.

The processes required by ISO 13485:2016, which are applicable to the medical device(s), but which are not performed by the organization, are the responsibility of the organization and are accounted for in the organization's quality management system.

ISO 27001

ISO/IEC 27001 covers all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations). ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof.

ISO/IEC 27001 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties.

ISO/IEC 27001 is intended to be suitable for several different types of use, including the following:
• use within organizations to formulate security requirements and objectives;
• use within organizations as a way to ensure that security risks are cost effectively managed;
• use within organizations to ensure compliance with laws and regulations;
• use within an organization as a process framework for the implementation and management of controls to ensure that the specific security objectives of an organization are met;
• definition of new information security management processes;
• identification and clarification of existing information security management processes;
• use by the management of organizations to determine the status of information security management activities;
• use by the internal and external auditors of organizations to determine the degree of compliance with the policies, directives and standards adopted by an organization;
• use by organizations to provide relevant information about information security policies, directives, standards and procedures to trading partners and other organizations with whom they interact for operational or commercial reasons;
• implementation of business-enabling information security;
• use by organizations to provide relevant information about information security to customers.

Understand the basics:

Understand the basics: This section explains what generic management system standards are.

Generic: Generic means that the same standard can be applied to any organization, large or small, whatever its product or service, in any sector of activity, and whether it is a business enterprise, a public administration, or a government department.

Management system: Management system refers to what the organization does to manage its processes, or activities, so that its products or services meet the objectives it has set itself, such as:

• satisfying the customer's quality requirements,

• complying with regulations, or

• meeting environmental objectives.

• Management system standards

Management system standards provide a model to follow in setting up and operating a management system. This model incorporates the features on which experts in the field have reached a consensus as being the international state of the art.

Plan - Do - Check - Act :

The Plan – Do – Check – Act (PDCA) cycle is the operating principle of ISO's management system standards.

Plan – establish objectives and make plans (analyze your organization's situation, establish your overall objectives and set your interim targets, and develop plans to achieve them).

Do – implement your plans (do what you planned to).

Check – measure your results (measure/monitor how far your actual achievements meet your planned objectives).

Act – correct and improve your plans and how you put them into practice (correct and learn from your mistakes to improve your plans in order to achieve better results next time).

Benefits :

This section explains how ISO management system standards put state-of-the-art practices within the reach of all organization.

In a very small organization, there may be no "system", just "our way of doing things", and "our way" is probably not written down, but all in the head of the manager or owner.

The larger the organization, and the more people involved, the more the likelihood that there are written procedures, instructions, forms or records. These help ensure that everyone is not just "doing his or her own thing", and that the organization goes about its business in an orderly and structured way. This means that time, money and other resources are utilized efficiently.

To be really efficient and effective, the organization can manage its way of doing things by systemizing it. This ensures that nothing important is left out and that everyone is clear about who is responsible for doing what, when, how, why and where.

Large organizations, or ones with complicated processes, could not function well without management systems. Companies in such fields as aerospace, automobiles, defence, or health care devices have been operating management systems for years.

ISO's management system standards make this good management practice available to organizations of all sizes, in all sectors, everywhere in the world