ISO 50001:2011 Certification

ISO 50001:2011 specifies requirements for establishing, implementing, maintaining and improving an energy management system, whose purpose is to enable an organization to follow a systematic approach in achieving continual improvement of energy performance, including energy efficiency, energy use and consumption.

ISO 50001:2011 specifies requirements applicable to energy use and consumption, including measurement, documentation and reporting, design and procurement practices for equipment, systems, processes and personnel that contribute to energy performance.

ISO 50001:2011 applies to all variables affecting energy performance that can be monitored and influenced by the organization. ISO 50001:2011 does not prescribe specific performance criteria with respect to energy.

ISO 50001:2011 has been designed to be used independently, but it can be aligned or integrated with other management systems.

ISO 50001:2011 is applicable to any organization wishing to ensure that it conforms to its stated energy policy and wishing to demonstrate this to others, such conformity being confirmed either by means of self-evaluation and self-declaration of conformity, or by certification of the energy management system by an external organization.

The main objective of the ISO 50001:2011 standard is to improve energy-related performance and energy efficiency continuously and to identify energy reduction opportunities. This systematic approach will help organizations to establish systems and processes.

Consistent energy management helps organizations to realize untapped energy efficiency potential. They will benefit from cost savings and make a significant contribution to environmental and climate protection, for example by the permanent reduction of CO2 emissions. The ISO 50001:2011 standard should alert employees and in particular the management level to the immediate and long-term energy management gains that can be made. The organization can discover potential savings and competitive advantages. Furthermore, a huge image boost for the organization can be created.

Organizations of all types and sizes increasingly want to reduce the amount of energy they consume. This is driven by the need or desire to:

  • Reduce costs,
  • Reduce the impact of rising costs,
  • Meet legislative or self-imposed carbon targets,
  • Reduce reliance on fossil fuels, and
  • Enhance the entity’s reputation as a socially responsible organization.

In response, a range of energy management standards, specifications and regulations were developed in Australia, China, Denmark, France, Germany, Ireland, Japan, Republic of Korea, Netherlands, Singapore, Sweden, Taiwan, Thailand, New Zealand and the USA.

The structure of ISO 50001:2011 is designed according to other ISO management system standards, in particular ISO 9001 (Quality Management Systems) and ISO 14001 (Environmental Management Systems). Since all three management systems are based on the PDCA cycle, ISO 50001:2011 can be integrated easily to these systems.

There are seven major components to ISO 50001:2011:

  1. General Requirements:
  2. Management Responsibility
  3. Energy Policy
  4. Energy Action Plan
  5. Implementation and Operation
  6. Performance Audits
  7. Management Review

Contact Us Today or send an Enquiry for your ISO 50001:2011 requirements.

ISO 31000:2009- Risk Management

Risks affecting organizations can have consequences in terms of economic performance and professional reputation, as well as environmental, safety and societal outcomes. Therefore, managing risk effectively helps organizations to perform well in an environment full of uncertainty.

ISO 31000:2009 provides generic guidelines for the design, implementation and maintenance of risk management processes throughout an organization..

The scope of this approach to risk management is to enable all strategic, management and operational tasks of an organization throughout projects, functions, and processes to be aligned to a common set of risk management objectives.

Accordingly, ISO 31000:2009 is intended for a broad stakeholder group including:

  • executive level stakeholders
  • appointment holders in the enterprise risk management group
  • risk analysts and management officers
  • line managers and project managers
  • compliance and internal auditors
  • Independent practitioners.

One of the key paradigm shifts proposed in ISO 31000 is a controversial change in how risk is conceptualized. Under the ISO 31000:2009 and a consequential major revision of the terminology in ISO Guide 73, the definition of “risk” is no longer “chance or probability of loss”, but “the effect of uncertainty on objectives” … thus causing the word “risk” to refer to positive possibilities as well as negative ones.

ISO 31000:2009 has been developed on the basis of an existing standard on risk management, AS/NZS 4360:2004 (In the form of AS/NZS ISO 31000:2009). Whereas the initial Standards Australia approach provided a process by which risk management could be undertaken, ISO 31000:2009 addresses the entire management system that supports the design, implementation, maintenance and improvement of risk management processes.

The intent of ISO 31000 is to be applied within existing management systems to formalize and improve risk management processes as opposed to wholesale substitution of legacy management practices. Subsequently, when implementing ISO 31000, attention is to be given to integrating existing risk management processes in the new paradigm addressed in the standard.

The focus of many ISO 31000 ‘harmonization’ programs have centered on:

  • Transferring accountability gaps in enterprise risk management
  • Aligning objectives of the governance frameworks with ISO 31000
  • Embedding management system reporting mechanisms
  • Creating uniform risk criteria and evaluation metrics

Most implications for adopting the new standard concern the re-engineering of existing management practices to conform with the documentation, communication and socialization of the new risk management operating paradigm; as opposed to wholesale re-orientation of management practice throughout an organization. Accordingly, most senior position holders in an enterprise risk management organization will need to be cognizant of the implication for adopting the standard and be able to develop effective strategies for implementing the standard across supply chains and commercial operations.

In ISO 31000:2009 certain aspects of top management accountability, strategic policy implementation and effective governance frameworks, will require more consideration by organizations that have previously used now redundant risk management methodologies.

In some domains that concern risk management, in particular security and corporate social responsibility, which may operate using relatively unsophisticated risk management processes, more material change will be required, particularly regarding a clearly articulated risk management policy, formalizing risk ownership processes, structuring framework processes and adopting continuous improvement programs.

ISO 31000:2009 gives a list on how to deal with risk:

  1. Avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk
  2. Accepting or increasing the risk in order to pursue an opportunity
  3. Removing the risk source
  4. Changing the likelihood
  5. Changing the consequences
  6. Sharing the risk with another party or parties (including contracts and risk financing)
  7. Retaining the risk by informed decision

Contact Us Today or send an Enquiry for your ISO 31000:2009 requirements.

ISO 20000-1:2011 Certification

ISO  20000-1:2011 is a service management system (SMS) standard. It specifies requirements for the service provider to plan, establish, implement, operate, monitor, review, maintain and improve an SMS. The requirements include the design, transition, delivery and improvement of services to fulfil agreed service requirements.

ISO 20000-1:2011 can be used by:

  • An organization seeking services from service providers and requiring assurance that their service requirements will be fulfilled;
  • An organization that requires a consistent approach by all its service providers, including those in a supply chain;
  • A service provider that intends to demonstrate its capability for the design, transition, delivery and improvement of services that fulfil service requirements;
  • A service provider to monitor, measure and review its service management processes and services;
  • A service provider to improve the design, transition, delivery and improvement of services through the effective implementation and operation of the SMS;
  • An assessor or auditor as the criteria for a conformity assessment of a service provider’s SMS to the requirements in ISO/IEC 20000-1:2011.

Parts

20000-1

Formally: ISO 20000-1:2011 (‘part 1’) includes “the design, transition, delivery and improvement of services that fulfill service requirements and provide value for both the customer and the service provider. This part of ISO 20000-1:2011 requires an integrated process approach when the service provider plans, establishes, implements, operates, monitors, reviews, maintains and improves a service management system (SMS).”. The 2011 version (ISO 20000-1:2011) comprises nine sections:

  1. Scope
  2. Normative references
  3. Terms and definitions
  4. Service management system general requirements
  5. Design and transition of new or changed services
  6. Service delivery processes
  7. Relationship processes
  8. Resolution processes
  9. Control processes

20000-2

ISO 20000-2:2012 provides guidance on the application of service management systems (SMS) based on the requirements in ISO 20000-1:2011. ISO 20000-2:2012 can answer many of the questions organizations and individuals have about implementing an SMS, as well as how to interpret and apply ISO 20000-1:2011 more accurately and therefore use it more effectively.

ISO 20000-2 Standard

20000-3: Service providers

ISO/IEC TR 20000-3:2009 provides guidance on scope definition, applicability and demonstration of conformance for service providers aiming to meet the requirements of ISO/IEC 20000-1, or for service providers who are planning service improvements and intending to use ISO/IEC 20000 as a business goal. It supplements the advice in ISO/IEC 20000-2, which provides generic guidelines for implementing an SMS in accordance with ISO/IEC 20000-1.

20000-4: Process assessment model

ISO/IEC TR 20000-4:2010 is intended to facilitate the development of a process assessment model according to ISO/IEC 15504 process assessment principles. ISO/IEC 15504-1 describes the concepts and terminology used for process assessment. ISO/IEC 15504-2 describes the requirements for the conduct of an assessment and a measurement scale for assessing process capability.

20000-5

ISO/IEC TR 20000-5:2010 is an exemplar implementation plan providing guidance to service providers on how to implement a service management system to fulfil the requirements of ISO/IEC 20000-1 or for service providers who are planning service improvements and intending to use ISO/IEC 20000 as a business goal. It could also be useful for those advising service providers on how to best achieve the requirements of ISO/IEC 20000-1.

Contact Us Today or send an Enquiry for your ISO 2000-1:2011 requirements.

ISO 45001:2018 Occupational Health and Safety

What is ISO 45001:2018

ISO 45001:2018 is an International Standard that specifies requirements for an occupational health and safety (OH&S) management system, with guidance for its use, to enable an organization to proactively improve its OH&S performance in preventing injury and ill-health. ISO 45001:2018 is intended to be applicable to any organization regardless of its size, type and nature. ISO 45001:2018 enables an organization, through its OH&S management system, to integrate other aspects of health and safety, such as worker wellness/wellbeing; however, it should be noted that an organization can be required by applicable legal requirements to also address such issues.

With the introduction of the 2005 Safety, Health and Welfare at Work Act Irish employers are being placed under increased pressures to manage their activities in an approach that effectively maintains a safer workplace by anyone affected by their activities or operations. This includes contractors, customers, visitors and the public. The legal responsibility for Health and Safety firmly on the shoulders of top management and then allows this accountability to filter through the chain of command.

Currently, further pressures are being placed on companies with large customers, suppliers, government and corporate bodies to effectively demonstrate a capable Safety Management System.

In today’s environment, this is even more evident with increased competitiveness in the market companies are turning to Management Systems such as ISO 45001:2018 as a means for ensuring competence in the companies they do business with.

The benefits of Implementing ISO 45001:2018 are endless and when implemented correctly it provides the company with an effective tool that will show a return on investment. With continued increases in insurance premiums, increased injury claims and spiraling health care costs the question companies need to ask themselves is; can they afford not to implement ISO 45001:2018?

We can carry out an audit or gap analysis of your existing health and safety practices and methods of work including compliance with legislative requirements and industry best practice (safety statement, risk assessments, method statements) against the requirements of Irish Health & Safety legislation and regulations.

We also provide a broad range of services to assist companies with their arrangements for health and safety such as preparing safe systems of work, identifying legal requirements, implementing best practice measures and recommending opportunities for improvement.

BENEFITS OF ISO 45001:2018

ISO 45001:2018 is a standard, developed in the same way as other management system standards that emphasize effective, efficient and continual improvement. The standard focuses on the fundamental requirements based on the “plan-do-check-act” method. Organizations will have a wide range of benefits from using this standard, including

  • ISO 45001:2018 puts the organization in an elite category of business which will be internationally recognized.
  • Improved business performance by reducing workplace illness and injury and costs which will result in increased productivity.
  • Creating consistency and establishing “best practices” for occupational health and safety throughout the organization.
  • Improved identification of hazards and risk.
  • Demonstrating effective loss control to attract lower insurance premiums.
  • Reducing accidents, incidents and downtime and improving the efficiency of operations.
  • Providing for the safety of all persons affected by the activities of the organization.
  • Promoting management oversight through monitoring and measuring of key performance indicators in health and safety.
  • Embedding proactive behaviors which focus on prevention rather than reactive post-accident remorse. Encouraging continual improvement.
  • Developing and implementing an OH&S policy and OH&S objectives
  • Establishing systematic processes which consider its “context” and which take into account its risks and opportunities, and its legal and other requirements
  • Determining the hazards and OH&S risks associated with its activities; seeking to eliminate them, or putting in controls to minimize their potential effects
  • Establishing operational controls to manage its OH&S risks and its legal and other requirements
  • Increasing awareness of its OH&S risks
  • Evaluating its OH&S performance and seeking to improve it, through taking appropriate actions
  • Ensuring workers take an active role in OH&S matters
  • Improving its ability to respond to regulatory compliance issues
  • Reducing the overall costs of incidents
  • Reducing downtime and the costs of disruption to operations
  • Reducing the cost of insurance premiums
  • Reducing absenteeism and employee turnover rates
  • Recognition for having achieved an international benchmark (which may in turn influence customers who are concerned about their social responsibilities)

 

Contact Us Today or send an Enquiry for your ISO 45001:2018 requirements.

ISO 9001:2015 Quality Management System (QMS)

SPECTRUM’s ISO process is designed to complement our policy of No Surprises.

  • Our up-front activity reduces the uncertainty of the ISO 9001 assessment.
  • A SPECTRUM ISO 9001 Consultant/auditor becomes an integral part of your team, reducing stress and speeding up the certification process.
  • Our objective is to lead your team by that we can associate with you for other services.
  • Our worksheets and other materials are available to you; they help ensure you are ready.

SPECTRUM’s Superior Ranking among ISO 9001:2015 Consultants speaks volumes.

SPECTRUM has consistently received superior rankings in independent customer surveys of ISO 9001:2015 Certification.

As your ISO 9001:2015 Registrar, SPECTRUM generates valuable feedback that improves your company’s business practices.

ISO 9001:2015 Certification Process:

An essential goal of any ISO 9001:2015 Registrar should be to improve your business’ bottom line. SPECTRUM’s ISO certification process is designed to provide objective, value-added feedback on your system’s performance.

  • The document review process determines if your organization has developed a Quality Management System that meets the requirements of ISO 9001:2015.
  • The initial ISO 9001:2015 assessment is conducted using the process approach. It consists of interviews with multiple personnel and a review of applicable records. This provides objective evidence that your Quality Management System is in conformance with the requirements of ISO certification and is effective at providing defect-free products or service on time. Emphasis is on the linkage and interfaces between interacting and support processes.

During the initial assessment, as well as during subsequent surveillance and re-certification assessments, the assigned ISO 9001:2015 auditor will provide objective feedback on your system’s performance, as well as identify opportunities for improvement to your QMS.

Integrated Systems Assessments for ISO 9001:2015 Certification, ISO 14000:2015 Certification & ISO 45001:2018 Registrar.

ISO 9001:2015 Objectives.

The new ISO 9001:2015 is meant to:

  • ISO 9001:2015 Provide a stable requirements framework.
  • ISO 9001:2015 Addressed in quality management practice, in technology and in the increasingly complex and dynamic work environment to improve practical relevance.
  • ISO 9001:2015 is sufficiently generic & remain relevant to all types and sizes of organizations, regardless of their industry or sector.
  • ISO 9001:2015 Maintain the present focus on an effective process management.
  • ISO 9001:2015 Apply the high level structure to ensure structural compatibility with other management standards.
  • ISO 9001:2015 Simplify the implementation in organizations and the conformity assessment.
  • ISO 9001:2015 Simplify phrasing to ensure identical understanding and consistent interpretation of the requirements.

Who should use the ISO 9001:2015.

ISO 9001:2015 applies to any organization, regardless of size or industry. More than one million organizations from more than 160 countries have applied the ISO 9001 standard requirements to their quality management systems.

Using the ISO 9001:2015 standard helps Organizations of all types and sizes:

  • Organize processes
  • Improve the efficiency of processes
  • Continually improve

ISO 9001:2015 Covers:

ISO 9001 is based on the plan-do-check-act methodology and provides a process-oriented approach to documenting and reviewing the structure, responsibilities, and procedures required to achieve effective quality management in an organization. Specific sections of the standard contain information on topics such as:

  • Requirements for a quality management system.
  • Responsibilities of management.
  • Management of resources.
  • Product realization.
  • Measurement, analysis, and improvement of the QMS.

Benefits of ISO 9001:2015?

Spectrum helps organizations to implement ISO 9001:2015 Quality Management System to ensure their customers consistently receive high quality products and services, which in turn brings many benefits, including satisfied customers, management, and employees.

ISO 9001:2015 specifies the requirements for an effective quality management system, organizations find that using the standard helps them:

  • Organize processes
  • Improve the efficiency of processes
  • Continually improve
  • Organize a QMS
  • Create satisfied customers, management, and employees
  • ISO 9001:2015 implementation ensures that organisation attaches great importance to quality and that it checked regularly by an independent party. This commitment increases confidence in organisation.
  • ISO 9001:2015 implementations ensure higher operating efficiency. Organisation has considered quality management to be an integral part of their business operations usually achieve a higher operating efficiency.
  • A certified ISO 9001:2015 QMS increases the quality of services and raised staff’s awareness.
  • A certified ISO 9001 QMS ensures clear processes and (communication) structures, tasks and responsibilities throughout the entire organisation. This increases the involvement of staff, which improves the working atmosphere and reduces the pressure of work.
  • Organisation can detect and identify problems in good time, which means that organisation can quickly take steps to avoid the same mistakes in the future.
  • Organisation make it clear to their staff, partners, clients and the outside world that customer satisfaction is at the core of your business.
  • A certified ISO 9001 QMS system gives Organisation a positive image, raising Organisation up to the level of competitors or perhaps even a level higher.
  • It is possibly also in Organisation commercial interest, seeing that more and more clients demand that their suppliers work in accordance with a certified ISO 9001 quality management system.

Contact Us Today or send an Enquiry for your ISO 9001:2015 requirements.

ISO 22222:2005 Certification

ISO 22222:2005 Quality Standard for Personal Financial Planners

Personal financial planning is a highly fragmented market, with at least 24,000 Independent Financial Advisers providing services across the UK.

Whether you are an Independent Financial Adviser or work for a financial institution providing personal finance services, it is important to keep up-to-date with the latest best practice guidelines.

Standard ISO 22222:2005 specify the ethical behavior, competences and experience required of a financial planner and to enhance the transparency and efficiency of the process for personal financial planning.

The standard will raise service levels for consumers and set a benchmark for practitioners beyond the current regulatory requirements allowing them to differentiate themselves in the marketplace. It sets requirements for personal financial planners, codifies best practice in financial planning across the world and will help to increase consumer confidence.

One of the major issues reported by consumers when seeking financial advice is uncertainty over whether they can trust their financial advisers. And, with the vast amount of investment schemes and financial planners for customers to choose from, they are often confused about where to turn for advice on planning for retirement or how best to invest their savings.

ISO 22222:2005 plays a crucial role in addressing this by providing an internationally accepted benchmark which enables consumers to identify financial planners who possess the right knowledge, skills, ethics and experience to deliver the desired level of service.

“ISO 22222:2005” specifies requirements and provides a framework that applies to the ethical behaviour, competences and experience of a professional personal financial planner regardless of their employment status.

The standard defines six steps of the Personal Financial Planning process:

  • Establishing and defining the client and personal financial planner relationship
  • Gathering client data and determining goals expectations
  • Analysing and evaluating the client’s financial status
  • Developing and presenting the financial plan
  • Implementing the financial planning recommendations
  • Monitoring the financial plan & the financial planning relationship.

In addition, ISO 22222:2005 describes and addresses the various methods of conformity assessment and specifies requirements applying to each of them.
Conformity assessment of personal financial planners is a complex task requiring access to specialised knowledge, skills and experience.

By adopting ISO 22222:2005 the personal financial planner will be able to demonstrate continued competency following the necessary training programmes and maintaining records of these so that conformity to a high academic standard can be claimed.

Contact Us Today or send an Enquiry for your ISO 22222:2005 Certification requirements.

ISO 27001:2013 Information Security Management System (ISMS)

ISO 27001:2013 – Information Security Management System (ISMS)

Most organizations have a number of information security controls. However, without an ISO 27001:2013 information security management system (ISMS), controls tend to be somewhat disorganized and disjointed, having been implemented often as point solutions to specific situations or simply as a matter of convention. Security controls in operation typically address certain aspects of IT or data security specifically; leaving non-IT information assets (such as paperwork and proprietary knowledge) less protected on the whole. Moreover, business continuity planning and physical security may be managed quite independently of IT or information security while Human Resources practices may make little reference to the need to define and assign information security roles and responsibilities throughout the organization.

ISO 27001:2013 requires that management:

  • Systematically examine the organization’s information security risks, taking account of the threats, vulnerabilities, and impacts;
  • Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable; and
  • Adopt an overarching management process to ensure that the information security controls continue to meet the organization’s information security needs on an ongoing basis.

What controls will be tested as part of certification to ISO 27001:2013 is dependent on the certification auditor. This can include any controls that the organisation has deemed to be within the scope of the ISMS and this testing can be to any depth or extent as assessed by the auditor as needed to test that the control has been implemented and is operating effectively.

Management determines the scope of the ISO 27001:2013 ISMS for certification purposes and may limit it to, say, a single business unit or location. The ISO/IEC 27001 certificate does not necessarily mean the remainder of the organization, outside the scoped area, has an adequate approach to information security management.

Who can go for this Standard?

“ISO 27001:2013” is suitable for any organization, large or small, in any sector or part of the world. The standard is particularly suitable where the protection of information is critical, such as in the finance, health, public and IT sectors.

ISO 27001:2013 is also highly effective for organizations which manage information on behalf of others, such as IT outsourcing companies: it can be used to assure customers that their information is being protected

Risk management and mitigation

Managing ISO 27001:2013 (Information security Management) in essence means managing and mitigating the various threats and vulnerabilities to assets, while at the same time balancing the management effort expended on potential threats and vulnerabilities by gauging the probability of them actually occurring. A meteorite crashing into a server room is certainly a threat, for example, but an information security officer will likely put little effort into preparing for such a threat.

After appropriate asset identification and valuation has occurred, risk management and mitigation of those assets involves the analysis of the following issues:

  • Threats: Unwanted events that could cause the deliberate or accidental loss, damage, or misuse of information assets
  • Vulnerabilities: How susceptible information assets and associated controls are to exploitation by one or more threats
  • Impact and likelihood: The magnitude of potential damage to information assets from threats and vulnerabilities and how serious of a risk they pose to the assets; cost–benefit analysis may also be part of the impact assessment or separate from it
  • Mitigation: The proposed method(s) for minimizing the impact and likelihood of potential threats and vulnerabilities

Once a threat and/or vulnerability has been identified and assessed as having sufficient impact/likelihood to information assets, a mitigation plan can be enacted. The mitigation method chosen largely depends on which of the seven information technology (IT) domains the threat and/or vulnerability resides in. The threat of user apathy toward security policies (the user domain) will require a much different mitigation plan than one used to limit the threat of unauthorized probing and scanning of a network (the LAN-to-WAN domain).

Implementation and education strategy components.

Implementing effective information security management (including risk management and mitigation) requires a management strategy that takes note of the following:

  • Upper-level management must strongly support information security initiatives, allowing information security officers the opportunity “to obtain the resources necessary to have a fully functional and effective education program” and, by extension, information security management system.
  • Information security strategy and training must be integrated into and communicated through departmental strategies to ensure all personnel are positively affected by the organization’s information security plan.
  • A privacy training and awareness “risk assessment” can help an organization identify critical gaps in stakeholder knowledge and attitude towards security.
  • Proper evaluation methods for “measuring the overall effectiveness of the training and awareness program” ensure policies, procedures, and training materials remain relevant.
  • Policies and procedures that are appropriately developed, implemented, communicated, and enforced “mitigate risk and ensure not only risk reduction, but also ongoing compliance with applicable laws, regulations, standards, and policies.”
  • Milestones and timelines for all aspects of information security management help ensure future success.

Without sufficient budgetary considerations for all the above—in addition to the money allotted to standard regulatory, IT, privacy, and security issues—an information security management plan/system can not fully succeed.

Benefits of ISO 27001:

Certifying your ISMS against ISO 27001:2013 can bring the following benefits to your organization:

  • Demonstrates the independent assurance of your internal controls and meets corporate governance and business continuity requirements
  • Independently demonstrates that applicable laws and regulations are observed
    Provides a competitive edge by meeting contractual requirements and demonstrating to your customers that the security of their information is paramount
  • Independently verifies that your organizational risks are properly identified, assessed and managed, while formalizing information security processes, procedures and documentation
  • Proves your senior management’s commitment to the security of its information
    The regular assessment process helps you to continually monitor your performance and improve

Contact Us Today or send an Enquiry for your ISO/IEC 27002 requirements.

ISO 13485:2016 Certification

What is ISO 13485:2016?

ISO 13485 Medical devices — Quality management systems — Requirements for regulatory purposes is an International Organization for Standardization (ISO) standard, published in 2003, The current ISO 13485 effective edition was published on 1st March 2016, that represents the requirements for a comprehensive “management system for the design and manufacture of medical devices”. While it remains a stand-alone document, “ISO 13485” is generally harmonized with ISO 9001. A fundamental difference, however, is that ISO 9001 requires the organization to demonstrate continuous improvement, whereas ISO 13485:2016 requires only that they demonstrate the quality system is implemented and maintained.

ISO 13485:2016 provides a harmonized set of quality management system requirements for medical device manufacturers. Based on a process approach to quality management, it focuses on what the manufacturer does to provide safe and effective medical devices.

Your ISO 13485:2016 certificates can help you enter into EU market.

While it is based on ISO 9001:2008, ISO 13485:2016 does not include the customer satisfaction and continual improvement clauses – so an organization certified to ISO 13485:2016 does not automatically meet the requirements of ISO 9001 unless it is assessed against that standard separately. Compliance with ISO 13485:2016 also does not equate compliance with regulatory requirements, although in many cases it can facilitate the audit process for those requirements.

Why should my organization become certified to ISO 13485:2016?

Your quality system’s conformity with ISO 13485:2016 can help you reap the benefits of:

  • Expanded market access
    National regulatory authorities require, or strongly prefer, that manufacturers marketing medical products in their countries have a third-party audited and certified quality system in place. Investing in such a system speeds access into those countries that require it, and expedites market entry into the others.
  • Reduced cost of sales
    your certification establishes your company’s credibility and commitment to quality from day one. Because the task of explaining the specifics and demonstrating the effectiveness of your quality system is more straightforward, it takes less time to earn your prospective customers’ trust and confidence.
  • Improved overall performance
    Based on a uniform and widely accepted system of process control, your certified QMS helps you improve your products and processes. This can foster improved relationships with your suppliers, business partners and customers, and give your business a real advantage in the marketplace.

Other specific differences include:

  • The promotion and awareness of regulatory requirements as a management responsibility. An example of market specific regulatory requirements is 21 CFR 820 Quality System Regulation for Medical Devices sold in the United States.
  • controls in the work environment to ensure product safety
  • Focus on rick management activities and design transfer activities during product development
  • specific requirements for inspection and traceability for implantable devices
  • specific requirements for documentation and validation of processes for sterile medical devices
  • Specific requirements for verification of the effectiveness of corrective and preventive actions.
  • Full documentation and traceability of production processes
  • Compliance with regulatory requirements in regard to EU, US and other national directives about medical devices (MD), in vitro Diagnostics (IVD) or medicinal products
  • ISO 13485 compliant quality management system (QMS) is in line with the Food and Drug Administration’s (FDA) QSR standards

Key requirements of ISO 13485

ISO 13485 focuses strongly on the compliance of manufactured products and production processes with EU directives for MD or IVD such as:

  • Provision of technical documentation (medical device file / technical product file)
  • Specific design & development requirements
  • Labelling, packaging and installation
  • Sterile MD / IVD
  • Implementation of a risk management process
  • Health, safety and staff hygiene requirements
  • Change management, market observations and procedures for product recall

The compliance with ISO 13485 is achieved through certification by an approved certification body and independent internal audits.

Reason for use

While it remains a stand-alone document, ISO 13485:2016 is generally harmonized with ISO 9001. A principal difference, however, is that ISO 9001 requires the organization to demonstrate continual improvement, whereas ISO 13485:2016 requires only that the certified organization demonstrate the quality system is effectively implemented and maintained. Additionally, the ISO 9001 requirements regarding customer satisfaction are absent from the medical device standard.

Other specific differences include:

  • Controls in the work environment to ensure product safety
  • Focus on risk management activities and design control activities during product development
  • Specific requirements for inspection and traceability for implantable devices
  • Specific requirements for documentation and validation of processes for sterile medical devices
  • Specific requirements for verification of the effectiveness of corrective and preventive actions

Contact Us Today or send an Enquiry for your ISO Certification requirements.

ISO 22000:2005 / HACCP Certification

What is ISO 22000:2005 / HACCP ?

Food Safety is linked to the presence of food-borne hazards in food at the point of consumption. Since food safety hazards can occur at any stage in the food chain it is essential that adequate control be in place. Therefore, a combined effort of all parties through the food chain is required.

The HACCP seven principles

Principle 1: Conduct a hazard analysis. Plans determine the food safety hazards and identify the preventive measures the plan can apply to control these hazards. A food safety hazard is any biological, chemical, or physical property that may cause a food to be unsafe for human consumption.

Principle 2: Identify critical control points. A Critical Control Point (CCP) is a point, step, or procedure in a food manufacturing process at which control can be applied and, as a result, a food safety hazard can be prevented, eliminated, or reduced to an acceptable level.

Principle 3: Establish critical limits for each critical control point. A critical limit is the maximum or minimum value to which a physical, biological, or chemical hazard must be controlled at a critical control point to prevent, eliminate, or reduce to an acceptable level.

Principle 4: Establish critical control point monitoring requirements. Monitoring activities are necessary to ensure that the process is under control at each critical control point. In the United States, the FSIS is requiring that each monitoring procedure and its frequency be listed in the HACCP plan.

Principle 5: Establish corrective actions. These are actions to be taken when monitoring indicates a deviation from an established critical limit. The final rule requires a plant’s HACCP plan to identify the corrective actions to be taken if a critical limit is not met. Corrective actions are intended to ensure that no product injurious to health or otherwise adulterated as a result of the deviation enters commerce.

Principle 6: Establish record keeping procedures. The HACCP regulation requires that all plants maintain certain documents, including its hazard analysis and written HACCP plan, and records documenting the monitoring of critical control points, critical limits, verification activities, and the handling of processing deviations.

Principle 7: Establish procedures for ensuring the HACCP system is working as intended. Validation ensures that the plants do what they were designed to do; that is, they are successful in ensuring the production of safe product. Plants will be required to validate their own HACCP plans. FSIS will not approve HACCP plans in advance, but will review them for conformance with the final rule.

Verification ensures the HACCP plan is adequate, that is, working as intended.

Verification procedures may include such activities as review of HACCP plans, CCP records, critical limits and microbial sampling and analysis. FSIS is requiring that the HACCP plan include verification tasks to be performed by plant personnel. Verification tasks would also be performed by FSIS inspectors. Both FSIS and industry will undertake microbial testing as one of several verification activities. Verification also includes ‘validation’ – the process of finding evidence for the accuracy of the HACCP system (e.g. scientific evidence for critical limitations).

The standard combines generally recognized key elements to ensure food safety along the food chain, including:

  • Interactive communication
  • System management
  • Control of food safety hazards through pre-requisite programmes and HACCP plans
  • Continual improvement and updating of the food safety management system

Who can go for HACCP Standard?

ISO 22000 is a truly international standard suitable for any business in the entire food chain, including inter-related organizations such as producers of equipment, packaging material, cleaning agents, additives and ingredients.

ISO 22000:2005 / HACCP is also for companies seeking to integrate their quality management system, for example ISO 9001:2008, and their food safety management system.

Benefits of ISO 22000:2005 / HACCP:

Certifying your food management system against the requirements of ISO 22000 will bring the following benefits to your organization:

  • An auditable standard with clear requirements which provides a framework for third-party certification
  • Suitable for regulators
  • The structure aligns with the management system clauses of ISO 9001 and ISO 14001
  • Enables communication about hazards with partners in the supply chain
  • System approach, rather than product approach
  • Applicable to all organizations in the global food supply chain
  • Systematic management of prerequisite programmes
  • Increased due diligence
  • Dynamic communication on food safety issues with suppliers, customers, regulators and other interested parties A truly global international standard
  • Provides potential for harmonization of national standards
  • Covers the majority of the requirements of the current retailer food safety standards
  • Complies with the Codex HACCP principles
  • Provides communication of HACCP concepts internationally
  • A systematic and proactive approach to identification of food safety hazards and development and implementation of control measures
  • Resource optimization – internally and along the food chain
  • All control measures are subjected to hazard analysis
  • Better planning – less post process verification
  • Improved documentation

Contact Us Today or send an Enquiry for your ISO Certification requirements.

ISO 14001:2015 Environmental Management Safety (EMS)

ISO 14001:2015 Environmental Management System.

ISO 14001:2015 is a series of environmental management standards developed and published by the International Organization for Standardization (ISO) for organizations. The ISO 14000:2015 standards provide a guideline or framework for organizations that need to systematize and improve their environmental management efforts.

The ISO 14001:2015 standard is the most important standard within the ISO 14000 series. ISO 14001:2015 specifies the requirements of an environmental management system (EMS) for small to large organizations. An EMS is a systemic approach to handling environmental issues within an organization. The ISO 14001 standard is based on the Plan-Check-Do-Review-Improve cycle.

The Plan cycle deals with the beginning stages of an organization becoming ISO 14001:2015 compliant. The Check cycle deals with checking and correcting errors. The Do cycle is the implementation and operation of the ISO 14001:2015 standard within an organization. The Review cycle is a review of the entire process by the organization’s top management. And the Improve cycle is a cycle that never ends as an organization continually finds ways to improve their EMS.

What is an environmental management system?

An environmental management system helps organizations identify, manage, monitor and control their environmental issues in an “aggregate” manner. This means that ISO 14001:2015 can be integrated easily into any existing ISO management system. ISO 14001:2015 is suitable for organizations of all types and sizes, be they private, not-for-profit or governmental. It requires that an organization considers all environmental issues relevant to its operations, such as air pollution, water and sewage issues, waste management, soil contamination, climate change mitigation and adaptation, and resource use and efficiency. Like all ISO management system standards, ISO 14001:2015 includes the need for continual improvement of an organization’s systems and approach to environmental concerns. The standard has recently been revised, with key improvements such as the increased prominence of environmental management within the organization’s strategic planning processes, greater input from leadership and a stronger commitment to proactive initiatives that boost environmental performance.

What benefits will it bring to my business or organization?

There are many reasons why an organization should take a strategic approach to improving its environmental performance. Users of the standard have reported that ISO 14001:2015 helps:

  • Demonstrate compliance with current and future statutory and regulatory requirements Increase leadership involvement and engagement of employees
  • Improve company reputation and the confidence of stakeholders through strategic communication
  • Achieve strategic business aims by incorporating environmental issues into business management
  • Provide a competitive and financial advantage through improved efficiencies and reduced costs
  • Encourage better environmental performance of suppliers by integrating them into the organization’s business systems
  • Increased demand for their services and products through a marketing advantage;
  • Lowering business costs through reducing resource consumption and waste production;
  • Improving their environmental performance, reducing their environmental impact and controlling environmental risk;
  • Achieving their environmental commitments and environmental policy requirements;
  • Meeting their environmental legal requirements;
  • Committing to social responsibilities;
  • Promoting a positive image with stakeholders, customers and employees; and
  • Retaining environmental knowledge and ensuring information is effectively communicated.

ISO 14001:2015 Revisions

The 2015 revision of ISO 14001:2015 introduces a number of changes from previous versions. All ISO standards are reviewed and revised regularly to make sure they remain relevant to the marketplace. ISO 14001:2015 will respond to the latest trends, including the increasing recognition by companies of the need to factor in both external and internal elements that influence their environmental impact, such as climate volatility and the competitive context in which they work. The changes also ensure that the standard is compatible with other management system standards.

10 major areas of impact of the 2015 revision:

  1. Expansion in EMS coverage and scope
  2. Required interactions with external parties
  3. New requirements for leadership engagement
  4. Expanded legal compliance requirements
  5. Need for risk-based planning and controls
  6. New documentation requirements
  7. Expanded operational control requirements
  8. Changes in competence and awareness requirements
  9. Impacts on the internal audit program
  10. Increased certification costs

The ISO 14001:2015 requirements are broadly separated into 10 sections (called ISO 14001 clauses), with clauses one through three describing the standard and clauses four through 10 containing the requirements for an EMS: Context of the organization (clause 4), Leadership (clause 5), Planning (clause 6), Support (clause 7), Operation (clause 8), Performance evaluation (Clause 9) and Improvement (clause 10). Clauses 1 through 3 include no requirements, but instead deal with the scope of the standard, normative references to understand the standard better, and terms and definitions used in the standard.

The element of ISO 14001:2015

Within the standard there are numerous elements of ISO 14001:2015 that are required to be met by organizations seeking formal recognition for their EMS. General requirements include:

  • Development of an Environmental Policy that reflects an organization’s commitments;
  • The appointment of a person(s) responsible for the EMS’s coordination;
  • Identification of how the organization interacts with the environment;
  • Identification of actual and potential environmental impacts;
  • Identification of Environmental compliance requirements;
  • Establishment of environmental objectives, targets and programs;
  • Monitoring and measurement of the progress to achieve its objectives;
  • Reviewing the system and environmental performance; and
  • Continuous improvement of the organization’s environmental performance.

Contact Us Today or send an Enquiry for your ISO 14001:2015 requirements.