All About ISO Certification, ISO 9001 14001 17025

ISO or International Organization for Standardization happens to be the biggest developer and propagator of various international standards. This international organization is a network of various institutes of national standards among one hundred and sixty two countries with one member representing each country. The ISO has its headquarters in Switzerland. The Central Secretariat of the organization in Geneva coordinates the whole system of these 162 countries.

The International Organization for Standardization is a type of non-governmental organization that actually creates a link between the private and public sectors. However, there are many institutes within ISO that are authorized and operated by government of their countries. But majority of the institutes of ISO have their base within the private sectors with a nationalized partnership among the associated industries. Thus, ISO certification helps the society to have an agreement on the basis if requirement between the business and the consumers in the society.          

The ISO 9001 standards are generic management system standards that ensure quality of a particular type of industry. The ISO 9001 is generally based on eight principles of quality management. These principles act as a fundamental for fair business practices and thus it helps a company to focus on systematic management services, goal orientation and constant improvisation of performance. The organization focuses on:

• Leadership
• Customer satisfaction
• Involvement of resources and skilled personnel
• Process management for better and higher output
• Constant improvement and growth
• Inter relationship management of an independent process
• Mutual benefits between business partners
• Decision making based on actual facts

All these eight principles have been structured in another five sections that puts high emphasis on continuous improvement of the company and customer satisfaction. These five major sections include:

• Management responsibility
• Quality management system
• Resource management
• Measurement, analysis, and improvement
• Product realization

ISO 9001 training courses are available with many institutes all over the world. The training course includes:

• What is ISO 9001 quality management system?
• What are the requirements of ISO 9001?
• Why an organization does get involved with 9001 certification?
• Why do you need auditing?
• How ISO 9001 does impacts on quality?

There are various other standards of ISO certification. Some of them are ISO 22000, ISO 27001 and ISO 17025. The OHSAS 18001 is the standardization for health and safety management system.
ISO consultants certainly play a major role in the overall efficiency of the management system of ISO. ISO certification is just not a mere paper that is displayed on a company's wall. Nowadays it has become a corporate culture that ensures the standard and quality of the organization.
The most popular business management strategy called Six Sigma was first introduced by none other the Motorola. The Six Sigma is actually based on accurate planning and unrelenting application that can be planned uniquely as the requirement of a particular business.    

Documentation requirements for ISO 27001

Documentation requirements for ISO 27001:

 
1) Documented statements of the ISMS policy and ObjectivesPolicy:- Information security policy set matching the characteristics of the business, the organization, its location, [information] assets and technology, being a "superset of" (i.e.including) both of the following: 

An ISMS policy defining the objective-setting management framework for the ISMS, giving it an overall sense of direction/purpose and defining key principles. The ISMS policy must:

Take account of information security compliance obligations defined in laws, regulations and contracts;

Align with the organization's strategic approach to risk management in general;

Establish information security risk evaluation criteria (the "risk appetite");

Be approved by management.; and


2) The scope of the ISMSISMS scope defining the boundaries of the ISMS in relation to the characteristics of the business, the organization, its location, [information] assets and technology. Any exclusion from the ISMS scope must be explicitly justified.


3) Procedures and controls in support of the ISMSInformation security procedures i.e. written descriptions of information security processes and activities e.g. procedures for user ID provisioning and password changes, security testing of application systems, information security incident management response etc.

Controls documentation e.g. technical security standards, security architectures/designs etc. and probably referencing ISO/IEC 27002


4) A description of the risk assessment methodologyRisk assessment methods i.e. policies, procedures and/or standards describing how information security risks are assessed, probably referencing ISO?IEC TR 1335-3 and/or ISO/IEC 27005.


5) The risk assessment report
Risk assessment reports documenting the results/outcomes/recommendations of information security risk assessments using the methods noted above. For identified risks to information assets, possible treatments are applying appropriate controls; knowing and objectively accepting the risks (if they fall within the risk appetite); avoiding them; or transferring them to third parties.

  

6) The risk treatment plan

Risk treatment plan i.e.a [project?] plan describing how the identified information security control objectives are to be satisfied, with notes on funding plus roles and responsibilities.


7) Documented procedures needed by the organization to ensure the effective planning, operation and control of its information security process and describe how to measure effectiveness of controlsISMS operating procedures i.e. written descriptions of the management processes and activities necessary to plan, operate and control the ISMS e.g. policy review and approvals process, continuous ISMS improvement process.

Information security metrics describing how the effectiveness of the ISMS as a whole, plus key information security controls where relevant, are measured, analyzed, presented to management and ultimately used to drive ISMS improvements.
8) Records required by this International Standard"Records" means information security paperwork such as user ID authorizations, and electronic documents such as system security logs, that are used routinely while operating the ISMS and should be retained and made available for the certification auditors to sample and check.Collectively, these prove that the ISMS has been properly designed, mandated by management and put into effect by the organization.


9) The Statement of Applicability
Statement of Applicability stating the information security control objectives and controls that are relevant and applicable to the ISMS, generally a consolidated summary of the results of the risk assessments, cross-referenced to the control objectives from ISO/IEC 27002 that are in scope.


Article Source: http://bit.ly/16obC5S  

 

Six mandatory procedures in ISO 9001 standard

1) Control of Documents Procedure:-

This is one of the "Mandatory Procedure" requires by the ISO 9001. Any documents required by the ISO 9001 system must be controlled. Documents include:

• Internal documents (like Quality Policy, Quality Objective, Quality Manual, Quality Procedure, Work Instruction, BOM, Inspection Standard and etc)
• External documents (like Law Book related to organization, Customer Drawing, Customer Specification Requirement and etc).
• Records, in ISO 9001 system, Quality Records and Forms (like Inspection record, Production Record and etc) are a special type of document, and the control must follow the Clause 4.2.4 "Control of Records"

2) Control of Records Procedure:-

Records are generated to provide evidence of implementation, monitoring and control of Quality Management System processes. The control method must include:

• To ensure identification of record, in common practice, we will assign a form number to identify it.
• To ensure the storage methods able to prevent damage, lost and able to retrieved by other
• To ensure the retention of records are identify clearly.
• To ensure the disposition of records are identify clearly.
• To ensure records are remain legible to other.

3) Internal Audit Procedure

Internal audits carried out at planned intervals to ensure the maintenance, improvement and integrity of QMS and its processes.
4) Control of Non-conforming Product Procedure

If any Nonconformity found during the internal audit, the management of the organization is responsible to ensure any necessary corrections and corrective actions are taken without undue delay to eliminate the nonconformities and their causes. This ensures that product which does not conform to product requirements is identified and controlled to prevent its unintended use or delivery.


5) Corrective Action Procedure

ISO 9001 requires organization to take action to eliminate the causes of nonconformities in order to prevent recurrence. The corrective actions taken must able to address the nonconforming root cause.

• The organization must establish a procedure to define:
• Reviewing the nonconformities including customer complaints
• To determine the causes of the nonconformities
• Determining and implementing necessary action needed to correct the nonconformities.
• To review the action taken and effectiveness of the actions to ensure that nonconformities do not recur.
• Record result of correction action

6 )Preventive action Procedure

ISO 9001 document requires organization to take action to eliminate the causes of potential nonconformities in order to prevent their occurrence. The preventive actions taken must able to address the potential problems.

• The organization must establish a procedure to define:
• Reviewing the potential nonconformities and their causes
• Determining and implementing necessary action needed to prevent occirrence of nonconformities.
• To review the action taken and effectiveness of the actions.
• Record result of preventive action

Article source: http://www.articlesbase.com/project-management-articles/six-mandatory-procedures-in-iso-9001-standard-4689395.html