Defines requirements for an information security management system (ISMS).
An ISMS is a framework of controls; policies, procedures legal, physical and technical controls, to manage, and where possible to reduce, risk to an organisation’s information assets.
Defines requirements for an occupational health and safety management system (OH&S).
The ISO 45001 standard includes guidance for use and is a framework that supports organisations to improve OH&S performance, reduce risk, prevent injury and ill-health.
Management System Implementation
We are born into a world of structure, systems and process. From our very first exposure to ‘routine’ as an infant, to the structure, systems and processes of the educational system; it is inevitable that by the time we reach the workplace we are fully indoctrinated to working best in an organised and structured environment. We feel more comfortable and confident when structure and process clearly communicates what is expected of us and provides us with the information and tools to meet those expectations.
It clearly makes sense then, that an organisation that has structure, established systems and a process driven environment will get the best from their people and offer the best outcomes to their customers. Welcome to the world of ISO. Even if your main intention is to achieve the ISO badge for contractual reasons, the fundamentals applied through adopting the ISO management system approach will deliver benefits to your people and business through process control and continual improvement.
"During the entire project, QED were there to hold our hands. We ended up with a robust online solution that our customers and staff value highly"
The journey to ISO Certification
The ISO journey will take you from an initial review of your current management processes against the requirements of the standard (gap analysis) through a programme of improvements (updating existing and implementing new procedures and documentation), internal audits (performance monitoring) to a final review of performance against improvement objectives (management review). This journey is all about risk management and controls, and involves input from all parties that could impact decision making.
Once you have established your management system and completed your first programme of audits you will be ready for assessment by a certification body. It is not mandatory to use a UKAS accredited certification body but if you don’t you run the risk of your certificate being rejected when presented to clients or potential clients.
As an IAF (International Accreditation Forum) member, UKAS is recognised internationally and by Government, and therefore, certification that bears the UKAS tick is also recognised internationally.
We work with a number of UKAS accredited certification bodies. To see who has certified our management systems go to ‘Who we work with’
Just look at the benefits from a certified ISO management system:
- Win new business – the requirement for ISO certification is increasing
- Improve Customer retention – through improved customer experience
- Reduce operating costs – through process consistency, compliance monitoring and performance improvement
- Improve stakeholder relationships – staff, customers and suppliers work better with structure, systems and processes
- Legal compliance – communicate requirements and promote understanding on statutory and regulatory requirements
- Proven business credentials - independent verification against recognised standards
- Improve risk management - all of the above will reduce business risk