ISO STANDARDS
These are the most common:
ISO 9001:2000, ISO 14001, ISO 17025, ISO 17799, ISO 22000, ISO 27001, ISO/PAS 28000, ISO 13485, TS16949, and these non-ISO - AS9100/AS9120 and OHSAS 18001
ISO 9001:2000
ISO 9001:2000 specifies requirements for a quality management system where an organization -
- needs to demonstrate its ability to consistently provide product that meets customer and applicable regulatory requirements, and
- aims to enhance customer satisfaction through the effective application of the system, including processes for continual improvement of the system and the assurance of conformity to customer and applicable regulatory requirements.
All requirements of this International Standard are generic and are intended to be applicable to all organizations, regardless of type, size and product provided.
Where any requirement(s) of this International Standard cannot be applied due to the nature of an organization and its product, this can be considered for exclusion.
Where exclusions are made, claims of conformity to this International Standard are not acceptable unless these exclusions are limited to requirements within clause 7, and such exclusions do not affect the organization’s ability, or responsibility, to provide product that meets customer and applicable regulatory requirements.
Abstract courtesy of International Organization for Standardization. ISO standards may be purchased at www.iso.org or through the American National Standards Institute www.ansi.org
ISO 14001:2004ISO 14001:2004 specifies requirements for an environmental management system to enable an organization to develop and implement a policy and objectives which take into account legal requirements and other requirements to which the organization subscribes, and information about significant environmental aspects. It applies to those environmental aspects that the organization identifies as those which it can control and those which it can influence. It does not itself state specific environmental performance criteria.
ISO 14001:2004 is applicable to any organization that wishes to establish, implement, maintain and improve an environmental management system, to assure itself of conformity with its stated environmental policy, and to demonstrate conformity with ISO 14001:2004 by
a) making a self-determination and self-declaration, or
b) seeking confirmation of its conformance by parties having an interest in the organization, such as customers, or
c) seeking confirmation of its self-declaration by a party external to the organization, or
d) seeking certification/registration of its environmental management system by an external organization.
All the requirements in ISO 14001:2004 are intended to be incorporated into any environmental management system. The extent of the application will depend on factors such as the environmental policy of the organization, the nature of its activities, products and services and the location where and the conditions in which it functions.
ISO 14001:2004 also provides, in Annex A, informative guidance on its use.
Abstract courtesy of International Organization for Standardization. ISO standards may be purchased at www.iso.org or through the American National Standards Institute www.ansi.org
ISO/IEC 17025:2005
ISO/IEC 17025:2005 specifies the general requirements for the competence to carry out tests and/or calibrations, including sampling. It covers testing and calibration performed using standard methods, non-standard methods, and laboratory-developed methods.
It is applicable to all organizations performing tests and/or calibrations. These include, for example, first-, second- and third-party laboratories, and laboratories where testing and/or calibration forms part of inspection and product certification.
ISO/IEC 17025:2005 is applicable to all laboratories regardless of the number of personnel or the extent of the scope of testing and/or calibration activities. When a laboratory does not undertake one or more of the activities covered by ISO/IEC 17025:2005, such as sampling and the design/development of new methods, the requirements of those clauses do not apply.
ISO/IEC 17025:2005 is for use by laboratories in developing their management system for quality, administrative and technical operations. Laboratory customers, regulatory authorities and accreditation bodies may also use it in confirming or recognizing the competence of laboratories. ISO/IEC 17025:2005 is not intended to be used as the basis for certification of laboratories.
Compliance with regulatory and safety requirements on the operation of laboratories is not covered by ISO/IEC 17025:2005.
Abstract courtesy of International Organization for Standardization. ISO standards may be purchased at www.iso.org or through the American National Standards Institute www.ansi.org
ISO/IEC 17799:2005
ISO/IEC 17799:2005 establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization. The objectives outlined provide general guidance on the commonly accepted goals of information security management. ISO/IEC 17799:2005 contains best practices of control objectives and controls in the following areas of information security management:
- security policy;
- organization of information security;
- asset management;
- human resources security;
- physical and environmental security;
- communications and operations management;
- access control;
- information systems acquisition, development and maintenance;
- information security incident management;
- business continuity management;
- compliance.
The control objectives and controls in ISO/IEC 17799:2005 are intended to be implemented to meet the requirements identified by a risk assessment. ISO/IEC 17799:2005 is intended as a common basis and practical guideline for developing organizational security standards and effective security management practices, and to help build confidence in inter-organizational activities.
Abstract courtesy of International Organization for Standardization. ISO standards may be purchased at www.iso.org or through the American National Standards Institute www.ansi.org
ISO 22000:2005
ISO 22000:2005 specifies requirements for a food safety management system where an organization in the food chain needs to demonstrate its ability to control food safety hazards in order to ensure that food is safe at the time of human consumption.
It is applicable to all organizations, regardless of size, which are involved in any aspect of the food chain and want to implement systems that consistently provide safe products. The means of meeting any requirements of ISO 22000:2005 can be accomplished through the use of internal and/or external resources.
ISO 22000:2005 specifies requirements to enable an organization
– to plan, implement, operate, maintain and update a food safety management system aimed at providing products that, according to their intended use, are safe for the consumer,
– to demonstrate compliance with applicable statutory and regulatory food safety requirements,
– to evaluate and assess customer requirements and demonstrate conformity with those mutually agreed customer requirements that relate to food safety, in order to enhance customer satisfaction,
– to effectively communicate food safety issues to their suppliers, customers and relevant interested parties in the food chain,
– to ensure that the organization conforms to its stated food safety policy,
– to demonstrate such conformity to relevant interested parties, and
– to seek certification or registration of its food safety management system by an external organization, or make a self-assessment or self-declaration of conformity to ISO 22000:2005.
Abstract courtesy of International Organization for Standardization. ISO standards may be purchased at www.iso.org or through the American National Standards Institute www.ansi.org
ISO/IEC 27001:2005
ISO/IEC 27001:2005 covers all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations). ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization’s overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof.
ISO/IEC 27001:2005 is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties.
ISO/IEC 27001:2005 is intended to be suitable for several different types of use, including the following:
- use within organizations to formulate security requirements and objectives;
- use within organizations as a way to ensure that security risks are cost effectively managed;
- use within organizations to ensure compliance with laws and regulations;
- use within an organization as a process framework for the implementation and management of controls to ensure that the specific security objectives of an organization are met;
- definition of new information security management processes;
- identification and clarification of existing information security management processes;
- use by the management of organizations to determine the status of information security management activities;
- use by the internal and external auditors of organizations to determine the degree of compliance with the policies, directives and standards adopted by an organization;
- use by organizations to provide relevant information about information security policies, directives, standards and procedures to trading partners and other organizations with whom they interact for operational or commercial reasons;
- implementation of business-enabling information security;
- use by organizations to provide relevant information about information security to customers.
Abstract courtesy of International Organization for Standardization. ISO standards may be purchased at www.iso.org or through the American National Standards Institute www.ansi.org
ISO/PAS 28000:2005
ISO/PAS 28000:2005 specifies the requirements for a security management system, including those aspects critical to security assurance of the supply chain. These aspects include, but are not limited to, financing, manufacturing, information management and the facilities for packing, storing and transferring goods between modes of transport and locations. Security management is linked to many other aspects of business management. These other aspects should be considered directly, where and when they have an impact on security management, including transporting these goods along the supply chain.
ISO/PAS 28000:2005 is applicable to all sizes of organizations, from small to multinational, in manufacturing, service, storage or transportation at any stage of the production or supply chain that wishes to:
- establish, implement, maintain and improve a security management system;
- assure compliance with stated security management policy;
- demonstrate such compliance to others;
- seek certification/registration of its security management system by an Accredited third party Certification Body; or
- make a self-determination and self-declaration of compliance with ISO/PAS 28000:2005.
There are legislative and regulatory codes that address some of the requirements in ISO/PAS 28000:2005. It is not the intention of ISO/PAS 28000:2005 to require duplicative demonstration of compliance.
Organizations that choose third party certification can further demonstrate that they are contributing significantly to supply chain security.
Abstract courtesy of International Organization for Standardization. ISO standards may be purchased at www.iso.org or through the American National Standards Institute www.ansi.org
ISO 13485:2003
ISO 13485:2003 specifies requirements for a quality management system where an organization needs to demonstrate its ability to provide medical devices and related services that consistently meet customer requirements and regulatory requirements applicable to medical devices and related services.
The primary objective of ISO 13485:2003 is to facilitate harmonized medical device regulatory requirements for quality management systems. As a result, it includes some particular requirements for medical devices and excludes some of the requirements of ISO 9001 that are not appropriate as regulatory requirements. Because of these exclusions, organizations whose quality management systems conform to this International Standard cannot claim conformity to ISO 9001 unless their quality management systems conform to all the requirements of ISO 9001.
All requirements of ISO 13485:2003 are specific to organizations providing medical devices, regardless of the type or size of the organization.
If regulatory requirements permit exclusions of design and development controls, this can be used as a justification for their exclusion from the quality management system. These regulations can provide alternative arrangements that are to be addressed in the quality management system. It is the responsibility of the organization to ensure that claims of conformity with ISO 13485:2003 reflect exclusion of design and development controls.
If any requirement(s) in Clause 7 of ISO 13485:2003 is(are) not applicable due to the nature of the medical device(s) for which the quality management system is applied, the organization does not need to include such a requirement(s) in its quality management system.
The processes required by ISO 13485:2003, which are applicable to the medical device(s), but which are not performed by the organization, are the responsibility of the organization and are accounted for in the organization’s quality management system.
Abstract courtesy of International Organization for Standardization. ISO standards may be purchased at www.iso.org or through the American National Standards Institute www.ansi.org
TS 16949
This Technical Specification, in conjunction with ISO 9001:2000, defines the quality management system requirements for the design and development, production and, when relevant, installation and service of automotive-related products.
This Technical Specification is applicable to sites of the organization where customer-specified parts, for production and/or service, are manufactured.
Supporting functions, whether on-site or remote (such as design centres, corporate headquarters and distribution centres), form part of the site audit as they support the site, but cannot obtain stand-alone certification to this Technical Specification.
This Technical Specification can be applied throughout the automotive supply chain.
Abstract courtesy of International Organization for Standardization. ISO standards may be purchased at www.iso.org or through the American National Standards Institute www.ansi.org
AS 9100
Title: Quality Management Systems - Aerospace - Requirements
Issuing Committee:
G-14 Americas Aerospace Quality Group (Aaqg)
Scope:
This standard AS9100 includes ISO 9001:2000 quality management system requirements and specifies additional requirements for a quality management system for the aerospace industry. The additional aerospace requirements are shown in bold, italic text. It is emphasized that the quality management system requirements specified in this standard AS9100 are complementary (not alternative) to contractual and applicable law and regulatory requirements. This International Standard AS9100 specifies requirements for a quality management system where an organization - a) needs to demonstrate its ability to consistently provide product that meets customer and applicable regulatory requirements, and - b) aims to enhance customer satisfaction through the effective application of the system, including processes for continual improvement of the system and the assurance of conformity to customer and applicable regulatory requirements. NOTE: In this International Standard, the term “product” applies only to the product intended for, or required by, a customer.
Abstract courtesy of SAE International. Standard may be purchased at www.sae.org.
AS 9120
Title: Quality Management Systems - Aerospace Requirements for Stockist Distributors
Issuing Committee:
G-14 Americas Aerospace Quality Group (Aaqg)
Scope:
This standard includes ISO 9001:2000 quality management system requirements and specifies additional requirements for a quality management system for the aerospace industry applicable to stockist distributors. The additional aerospace requirements are shown in bold, italic text.
It is emphasized that the quality management system requirements specified in this standard are complementary (not alternative) to contractual and applicable law and regulatory requirements.
This International Standard specifies requirements for a quality management system where an organization
- A. needs to demonstrate its ability to consistently provide product that meets customer and applicable regulatory requirements, and
- B. aims to enhance customer satisfaction through the effective application of the system, including processes for continual improvement of the system and the assurance of conformity to customer and applicable regulatory requirements.
NOTE: In this International Standard, the term “product” applies only to the product intended for, or required by, a customer.
Abstract courtesy of SAE International. Standard may be purchased at www.sae.org.
OHSAS 18001
The Benefits of a Formal Health and Safety Management System
Occupational Health & Safety is a subject that must be addressed by all organizations large and small. The organization’s management system should identify all legislative requirements, identify the hazards and control the risks of the organization.
Progressive businesses will aim to go beyond compulsory measures and promote continuous improvement on health and safety matters.
Managing the health and safety of an organization can be approached using a structured management system and it can be integrated into current systems, to reduce the burden of bureaucracy.
A formal H&S management system will provide the following benefits:
- A system for continually identifying legal and other requirements
- A clear management structure delegating authority and responsibility
- A clear set of objectives for improvement, with measurable results
- A structured approach to risk assessment within the organization
- A planned and documented approach to health and safety
- The monitoring of health and safety management issues, auditing of performance and review of policies and objectives.
Time spent on improving an organization’s health and safety could provide a financial return in terms of:
Progressive businesses will aim to go beyond compulsory measures and promote continuous improvement on health and safety matters.
Managing the health and safety of an organization can be approached using a structured management system and it can be integrated into current systems, to reduce the burden of bureaucracy.
A formal H&S management system will provide the following benefits: