Join us for a FREE training session on “Risk-based-Thinking in ISO 9001” on Oct 28, 2020 | 5:30 PM – 8:00 PM EST. Visit our News & Events page to Register!

Tag - ISO 27001 certification

iso-14001-certification
29 Oct

Guide to ISO 14001 Certification

Environmental interaction has become an emphasized concept for every organization. Over the years, the need to raise voice for environment sustainability and regulatory requirements has increased over the years. It has been witnessed that companies are putting an increased effort and emphasis in order to manage their environmental impact due to gradually changing customer expectations. This can be a difficult and complex process and standards can help the companies to do better. Certifications to those standards can serve as a complimentary perk.

This read comprises a comprehensive guide to ISO 14001 certification for the organizations. 

ISO 14001 Certification

ISO 14001 is one of the leading standards for environmental organizations among ISO 27001 Certification and ISO 9001 Certification to manage environmental management systems. It describes the requirements which an organization can follow to meet their environmental needs. The standard can be applied to all the products, activities, and services which are supposed to be controlled or considered. The ISO 1400 also provides a systematic way to execute their plan and policy of goals in accordance with the rules and regulations of the company.

Criteria of ISO 1400 Certification

This certification does not comply with any specifications in terms of size, sector, nature and performance. Any organization can apply and use this international standard. This includes private and government both organizations. The standard can be applied in part or as whole both ways. Having the certification helps an organization to provide evidence to outside parties that it meets all the standards of an effective environmental management system. 

About an EMS

The EMS of an organization is influenced and maintained according to the requirements of the organization using it. Every EMS has a unique vibe but most of them consider the major issues, for example, water pollution, air pollution, wastewater discharge, loss of biodiversity, waste management, climate change and mitigation and soil contamination.

An EMS should also aim to achieve sustainable development, which requires a balance between the environment, society and the economy. Sustainable development meets the needs of the present without compromising the ability to meet needs in the future. An organization may also consider transparency and accountability related to environmental impacts as a part of its EMS.

How to become ISO Certified?

Getting a certification leads you to explore and get the most out of the ISO 14001. Becoming certified makes you eligible to all the benefits that the third parties offer and comprehends you as fully occupied and well-versed with your EMS. Following are the steps you can follow to attain an ISO 1400 Certification.

  • Application

Fill a quote request form as an application for the certification along with ISO 14001 required documents. You can also search for ISO 14001 Canada to explore more about it in the country.

  • Assessment

Next, your organization will undergo several audits to confirm compliance to ISO 14001. You must be able to show that your EMS has been completely operative for at least three months and that you have completed a full cycle of internal audits of the system.

  • Certification

If there will not be any non-compliance issues found, your organization will be awarded with the ISO 1400 Certification. After every three months, your organization will require audits in order to stick with the certification.

 

By Blog , , , , 0 Comments
Read more...
ISO-27001-Consultants
09 Sep

MINIMUM DOCUMENTED INFORMATION FOR ISO 27001:2013

An Overview of ISO 27001:2013

ISO 27001 is an international standard that specifies the requirements to establish, implement, maintain, and continually improve an Information Security Management System (ISMS). The Information Security Management System preserves the confidentiality, integrity, and availability of information by applying a risk management process and gives confidence to interested parties that risks are adequately managed. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization.

What is Documented Information?

The “documented information” is defined as the information required to be controlled and maintained by an organization and the medium on which it is contained. The example of documented information can be a record, specification, procedure, drawing, report, standard, etc.

The term “document” is defined as information created in order for the organization to operate e.g. procedures, instructions, specifications, guidelines, and criteria, etc. The term “record” is defined as a document that provides evidence of results achieved or activities performed e.g. evidence of training, operational control, corrective action, internal audit, and management review activities, etc. A set of documented information, for example, specifications and records, is frequently called “documentation”.

ISO 27001:2013 uses a standardized term “documented information” to refer to both documents and records. ISO 27001 uses the term “retain documented information” to describe a record (e.g. retain the results of corrective actions) and “maintain documented information” to describe a document (e.g. maintain the scope of Information Security Management System). The document is live information and needs to be updated as required while a record is a history of an event, activity, or action.

Clause 7.5 of ISO 27001:2013 describes the requirements of the documented information. Documented information can be in any format and media and from any source. The medium can be paper, magnetic, electronic or optical computer disc, photograph or master sample, or combination thereof.

What is the minimum documented information required by the ISO 27001:2013?

Every organization has to produce the minimum documented information required by ISO 27001 standard to demonstrate the conformance to the standard requirements. All the requirements of minimum documented information listed below might not be applicable to every organization depending on its operations and activities and shall be listed as an exclusion in the scope statement of the Information Security Management System (ISMS).

ISO-27001

ISO-27001

How to determine the requirement for ISO 27001 Documentation?

Clause 7.5 of ISO 27001 describes the requirements for documented information. To demonstrate the conformance to the requirements of ISO 27001, an organization may need to produce more documents and records than the minimum required by the standard because according to the Clause 7.5, the organization’s Information Security Management System (ISMS) shall include:

  1. documented information required by ISO 27001 (as listed above)
  2. documented information determined by the organization as being necessary for the effectiveness of Information Security Management System (ISMS) e.g. policies, procedures, instructions, guidelines, and relevant records other than the minimum required. It is quite common that for an effective Information Security Management System (ISMS), organizations establish procedures for hazard identification, risk assessment, compliance obligations, corrective actions, control of documented information and operational control, etc.

The extent of documented information for ISO 27001 may differ from one organization to another due to:

  • the size of the organization and its type of activities, processes, products, and services
  • the complexity of processes and their interactions
  • the competence of persons

The rule of thumb for an organization is to use a risk-based approach to determine the requirement for documented information other than the minimum documented information e.g. an organization may decide that due to lack of documented procedures and work instructions, there might be a risk to information security. The organizations also establish procedures and other documented information to establish controls as a result of a risk assessment or to address a nonconformity.

G-Certi provides ISO registration/certification services in Canada and 50 other countries for a number of ISO Standards including but limited to ISO 9001, ISO 14001, ISO 27001, ISO 27001 and ISO 22301, etc. The auditors of G-Certi ensure that your organization is conforming to the requirements of ISO 27001. Please feel free to visit gcerti.ca and contact one of our representatives for a complimentary pre-assessment to ensure that your organization is ready for ISO 27001 registration/certification.

 

By Blog , , , , 0 Comments
Read more...