SlideShare a Scribd company logo

ISO 27001 for SMEs

FixNix Inc.,
FixNix Inc.,

How ISO 27001 will help SMEs ? An magazine by ISO Organization

Technology
1 of 44
Download to read offline
IMS Vol. 9, No. 1 January-February 2009 ISO Management Systems When Results Count. ISO Standards. ISSN 1680-8096 • ISO 9000 video • ISO 50001 and energy • Standards and sustainability “ Big D ” becomes “ Green D ” IS O/IEC 2 7001 SMEs ISO 22000 and a million daily meals for Ship registry and ISO 9001
© ISO Management Systems, www.iso.org/ims by Roger Frost EDITORIAL You can count on ISO standards The following examples, large and small, cover both management systems and “ other standards ” – and include a striking negative example. • MPEG-2 Y ou may have noticed that there is a slogan under the ISO Management Systems title on the cover page of the The MPEG-2 coding standard has facilitated the worldwide magazine. The slogan reads : “  hen Results Count. ISO W growth of the digital television and DVD industries, including Standards.” the diffusion of some 3.5 billion DVD Given our emphasis machines and 40 billion on ISO’s management DVDs. an estimated system standards and market of USD 2.5 trillion. the results they deliver for users – as reported • Product data by the users themselves exchange – it’s easy to forget that ISO has more than The ISO Standard for 17  4 00 “ other ”  Inter- Exchange of Product national Standards and Data (STEP), which related documents to addresses the exchange offer. of digital product information, has been The sheer scale of calculated as having the implementation the potential to save of some of them, for USD 928 million a year example, the metric by reducing interoper- system, makes it rather ability problems in the difficult, if not impos- automotive, aerospace sible, to come up with and shipbuilding indus- precise, totally accurate tries alone. data on the results they help to achieve. • Freight containers Another complication is that a number It is estimated that more than 90   of the world % of standards, such as for freight container trade in non-bulk goods is transported in dimensions and many information technol- Some standards provide freight containers conforming to ISO specifi- ogy standards, provide benefits not only for spin-off benefits for much cations. Containerization has reduced the time specific users like the transport and IT of the world’s population and cost of moving goods across the oceans to sectors, but potentially for all sectors. market by 84  % and 35  % respectively. Indeed, it could be argued that some stand- ards like these provide spin-off benefits for • Space much of the world’s population. The failure to adhere to the international metric system of It is relatively simple for individual users of ISO manage- measurement (now the ISO 80000 series) cost US taxpayers ment system standards to calculate the benefits that they USD 125 million at the end of September 1999 when bring their organizations. For the reasons given above, it is NASA’s Mars Climate Orbiter was lost in space because often necessary to have recourse to estimations and projec- engineers had failed to make the conversion from Imperial tions to convey an idea of the results delivered by other units to metric, a costly mistake that sent the spacecraft standards. fatally close to the surface of Mars. ISO Management Systems – January-February 2009  1
© ISO Management Systems, www.iso.org/ims EDITORIAL • Oil and gas • Cranes A multinational company calculated that if the systematic Maintenance programmes based on International Standards use of ISO standards could be expected to save 1  % of of the millions of cranes in use around the world are the industry’s annual expenditure, then the saving would estimated to save USD 3 billion annually. amount to USD 180 million and represent a return on investment of 25 to 1. • Petroleum company Average benefits of ISO 9000 implementation were some • Concrete nine times the costs over the first year. It is estimated that the world trade in concrete is USD 13-14 trillion and that implementing ISO standards could • International development bank increase this by 1-2  % over a decade. With an annual An ISO 14001-based resource conservation programme production of concrete estimated to be 15 billion tons helped save over USD 250  0 00 through electricity, water, and about 1 % of the world’s population having jobs that paper, and solid waste reduction at its HQ from 2003 to directly relate to the concrete construction industry, the 2006. value of ISO standards impacting the world trade in concrete, the quality and longevity of concrete and the • City council environmental impact of concrete production is potentially As a result of a combined ISO 9000 and risk management enormous. programme implemented by a city council, its insurer waived an 8  % increase in its premium. • Counting on ISO standards 2  IMS – January-February 2009
© ISO Management Systems, www.iso.org/ims CONTENTS VIEWPOINT 23 5 ISO/TC 207 can get even better Dr. Robert Page, the new Chair of ISO/TC 207, Environmental management, writes : “ISO/TC 207 is built on incredible foundations – its institutional strength, global reach and collective will to develop standards that matter. It is against this backdrop that ISO/TC 207 can get even better, to address calls for greater market IMS 1-2009 E.indd 1 29.12.2008 10:43:29 relevance and more effective tools.” SPECIAL REPORT 6 ISO MANAGEMENT SYSTEMS is published ISO/IEC 27001 for SMEs six times a year Information security management systems for by the Central small and medium-sized enteprises Secretariat of ISO (International Athough many large organizations have been quick to see the benefits of Organization for Standardization) and is available in English, ISO/IEC 27001:2005 – the information security management system standard French and Spanish editions. – many SMEs have been slow adopters because of a lack of basic advice in its implementation. This will change with development of a new ISO Publisher : ISO Central Secretariat, handbook to demystify the process, due for publication in 2009. 1, ch. de la Voie-Creuse, Case postale 56, CH-1211 Geneva 20, ISO INSIDER 10 Switzerland. Tel. + 41 22 749 01 11. ISO publishes new edition of ISO 9001 Fax + 41 22 733 34 30. ISO has published ISO 9001:2008, the latest edition of the International Standard E-mail central@iso.org Web www.iso.org used by organizations in 175 countries as the framework for their quality manage- ment systems (QMS). ISO 9001:2008, Quality management system – Requirements, Editor in Chief : Roger Frost. is the fourth edition of the standard first published in 1987. Contributing Editor : Garry Lambert. ISO launches video clip  : “  he ISO 9000 family – Global management T Artwork : Pascal Krieger and Pierre Granier. standards ” • ISO 50001 – future management system standard for energy • How ISO contributes to a sustainable world • ISO Guide will A one-year subscription (six issues) to ISO MANAGEMENT help reduce environmental impacts of products • Material flow cost SYSTEMS costs 128 Swiss francs. accounting with ISO 14051 Subscription enquiries : Sonia Rosas-Friot, ISO Central Secretariat. INTERNATIONAL 23 19 Tel. + 41 22 749 03 36. Fax + 41 22 749 09 47. The “ Big D ” becomes the “ Green D ” E-mail sales@iso.org Dallas is largely known across the globe for being big…  ig money, b Advertising enquiries : big business, and big hair (the hair styles made famous by the Dallas ISO Central Secretariat, TV series)…and is appropriately nicknamed, “  ig D  . However, B ” Case postale 56, CH-1211 Geneva 20, the “  ig D  is now known as “  reen D  as a result of a three-year B ” G ” Switzerland. ISO 14001 implementation and certification programme across all Contact : Régis Brinster. Tel. + 41 22 749 02 44. major city departments, a first in any US municipal organization. E-mail brinster@iso.org • Isle of Man Ship Registry – anchored to ISO 9001 © ISO, January-February 2009 • ISO 22000 helps India’s Akshaya Patra Foundation feed ISSN 1680-8096 a million needy children daily The views expressed in • Case studies show value of ISO/IEC 27001 conformity ISO MANAGEMENT SYSTEMS are those of the authors. The advertising STANDARDS FOR SERVICES 37 of products, services, events or training courses in this publication • European initiatives for sheltered housing does not imply their approval by ISO. and airport security Cover photo   Montage ISO : NEXT ISSUE 40 ISO Management Systems – January-February 2009  3
© ISO Management Systems, www.iso.org/ims VIEWPOINT It was a great honour for me significant and important institutional strength, global to accept the nomination as contribution to sustainable reach and collective will to the Chair of ISO techni- development. Born out of develop standards that mat- cal committee ISO/TC 207, the 1991 Rio Earth Summit, ter. It is against this back- Environmental management. ISO/TC 207 has epitomized drop that ISO/TC 207 can I have had the pleasure to that Summit’s Agenda 21 get even better, to address know several past Chairs and its focus on how govern- calls for greater market rel- of this eminent committee, ments, enterprises and non- evance and more effective such as George Connell and by Robert Page governmental organisations tools. Daniel Gagnier, and will could co-operate to achieve ISO/TC 207 work to build on their im- sustainable development. portant legacy. While a success against Continuity and It has been over 20 years since Ms. Gro Harlem can get even any measure, ISO/TC 207 and its ISO 14000 family of change should not be viewed as Brundtland  authored Our standards now compete in a competing visions Common Future, the semi- nal report of the United Na- better more crowded market-place addressing a myriad of envi- tions Commission on Envi- ronmental and sustainabil- Continuity and change ronment and Development. Dr. Robert Page has succeeded ity issues. should not be viewed as This report introduced the Mr. Daniel Gagnier as the new competing visions, but as concept of sustainable de- Chair of ISO/TC 207. Dr. Page is velopment to the world as Integrative thinking a necessary and powerful currently the TransAlta Professor reality in today’s world. “ d evelopment that meets of Environmental Management New challenges include the In ISO/TC 207, the axiom the needs of the present and Sustainability, Energy and En- “ f ragmentation ” of environ- “ t hings must change so they without compromising the vironmental Systems Group, Insti- mental issues and analysis – can remain the same ” is an ability of future generations tute for Sustainable Energy, Envi- which needs to be balanced operating principle. to meet their own needs ” . ronment, & Economy, University with integrative thinking of Calgary, Canada, where he is that recognizes inter-rela- Within this context, it is my Ms. Bruntland’s report rec- also an Adjunct Professor in the tionships and cause-effect sincere belief that the col- ognized that sustainable Haskayne School of Business. He relationships. lective expertise, ability and development in practice re- is also the acting Chair of the Go- quired the integration, or a commitment of our stand- vernment of Canada’s National The need for public cred- systems view, of economy, ards experts – from all walks Round Table on the Environment ibility and market relevance society and environment. of life and corners of the and the Economy (NRTEE). has never been greater, but It recognized the needs of world – can and will increase must be balanced against He is known nationally and interna- the “ sustainability footprint ” the world’s poor and the in- the rigour and decentral- herent limitations on what tionally for his work on energy and ized participation inherent of ISO standards. • the environment in areas such as the Earth’s environment in the ISO process. The role climate change, emissions trading, can support. Organizations of developing countries, and biodiversity and protected spaces, large and small, governmen- their active participation, environmental impact assessment, tal, business or non-govern- in ISO and ISO/TC 207 re- and policy and regulation. mental, have been trying to mains critical not only our operationalize the concept Dr. Page has served for the Govern- Contact : ISO/TC 207 Secretary, credibility, but also to find- of sustainable development ment of Canada in international nego- Kevin Boehmer. ing consensus on global en- ever since. tiations on the Conference of the Par- vironmental issues. E-mail kevin.boehmer@csa.ca ties for the Kyoto Protocol, the North Since 1996, ISO/TC 207 American Free Trade negotiations, and ISO/TC 207 is built on in- Web www.tc207.org standards have made a trade and the environment. credible foundations – its Web www.csa.ca ISO Management Systems – January-February 2009  5
© ISO Management Systems, www.iso.org/ims SPECIAL REPORT Information security management systems for small and medium-sized enteprises Although many large organizations have been quick to see the benefits of ISO/IEC 27001:2005 – the information security management system standard – many SMEs have been slow adopters because of a lack of basic advice in its implementation. This will change with development of a new ISO handbook to demystify the process, due for publication by Edward Humphreys in 2009. Visiting Professor Edward Humphreys (FH University of Applied Science, Hagenberg, Upper Austria), is Convenor of ISO/IEC JTC 1, Information technology, subcommittee SC 27, IT security techniques, working group WG 1, Information security management systems. E-mail edwardj7@msn.com 6  ISO Management Systems – January-February 2009
© ISO Management Systems, www.iso.org/ims SPECIAL REPORT ISO/IEC 27001:2005, Infor- IEC 27001 implementation ISO/IEC 27002 Yes Partial No Comments mation technology – Secu- does not need to be costly or Control Questions rity techniques – Information resource intensive. security management systems Step-by-step ISMS implemen- – Requirements, is one of a tation enables the SME to be Do you have software 4 Not all the family of information security implemented in your computers able to achieve a basic level management systems (ISMS) computers to detect, in the busi- of cost-effective protection prevent and recover from ness have standards (see box) for use by without much effort. And by fol- a malicious code attack this software all organizations regardless of (e.g. from a virus attack) ? installed. lowing two to three more steps, size and sector. the organization can achieve a Do all your staff know 4 Well over 5  000 organizations fully ISO/IEC 27001-conform- about the dangers of ing ISMS when appropriate to malicious code attack (e.g. have already certified their from a virus attack) and ISMS in conformity with ISO/ the business. are they trained in the use IEC 27001, and many more are of the software used to detect, prevent and recover in process of doing so – testi- Basic protection from such attacks ? mony to its broad applicability in helping protect business All organizations need a base- Do you regularly update 4 the software used to assets and information, and the line of security to provide a detect, prevent and recover reason why the ISMS strandard minimum level of protection. from a malicious code has become the common infor- For example, virus attacks can attack (e.g. from a virus attack) ? mation security language within threaten any organization, and between many different including SMEs. They should types of enterprise. have back-up systems in place to protect against information Figure 1 – Example of a typical information security gap analysis. However, while many large loss or destruction, and ensure organizations have been quick physical protection of person- • protection of personnel data Risk assessment to see the benefits, many small nel data and equipment. and company records. to medium sized enterprises The objective of a risk assess- (SMEs) are still slow to adopt Implementing a basic level of ment is to identify the risks the standard because of a lack protection is an appropriate confronting an SME so that an of basic advice on its imple- SMEs are still slow starting point for any SME, appropriate set of information mentation. to adopt ISO/IEC 27001 beginning with a simple gap security controls can be imple- analysis to identify the protec- mented to reduce those risks Help will shortly be at hand tion already in place, and what to an acceptable level. following the development of a it lacks. Above is a typical gap ISO/IEC 27002:2005 provides a Yet risk assessment is seen new ISO handbook designed to analysis checklist using the code of practice that describes by many SMEs as a formida- provide much needed guidance controls listed in ISO/IEC the necessary controls for basic ble and time-consuming task on ISO/IEC 27001 implementa- 27002 (see Figure 1). protection, including  : requiring substantial resources. tion for SMEs from all sectors, due for publication in 2009. This • a policy for high level informa- It does not need to be so. To tion security management ; ISMS policy extend SME information pro- article provides a preview. tection beyond the baseline • user awareness ; An information security policy level requires a risk assessment Two approaches statement can be a one-page • antivirus software ; exercise. However, the steps document from senior manage- involved are quite straight- The handbook will offer a • backup ; ment listing policy objectives forward as explained in the “  tep-by-step  or “  ll-at-once  s ” a ” and commitment, displayed in • access controls ; forthcoming ISO handbook. approach to implementation the organization’s premises. depending on the SME • p h y s i c a l p r o t e c t i o n o f This is a simple but effective The baseline controls men- resources available. It explains premises and commercially daily reminder to employees tioned are designed to reduce that, irrespective of the size sensitive paper-based files of the importance of informa- specific risks – such as anti- and nature of the SME , ISO/ and documents ; tion security. virus software to reduce the ISO Management Systems – January-February 2009  7
© ISO Management Systems, www.iso.org/ims SPECIAL REPORT risk of a virus attack, back-ups to minimize the risk of data The ISO/IEC 27000 family loss through system failures, physical protection to lower the risk of equipment and The ISO/IEC 2700 family of information security management standards currently comprises four documentation theft. publications : ISO/IEC 27001:2005, Information technology – Security techniques – Information security management systems – Requirements ISO/IEC 27001 implementation does not ISO/IEC 27002:2005, Information technology – Security techniques – Code of practice for information need to be costly security management ISO/IEC 27005:2008, Information technology – Security techniques – Information security risk management ISO/IEC 27006:2007, Information technology – Security techniques – Requirements for bodies providing Typical vulnerabilities identi- audit and certification of information security management systems fied by risk assessment can include : The principal standard, ISO/IEC 27001:2005, covers all types of organizations (e.g. commercial enterprises, • On-line information theft government agencies, not-for-profit organizations), and specifies the requirements for establishing, imple- and fraud menting, operating, monitoring, reviewing, maintaining and improving a documented information security management system within the context of the organization’s overall business risks. This inclues on-line auction frauds, “ phishing ” (e-mail It specifies requirements for the implementation of security controls customized to the needs of indi- disguised as official bank vidual organizations or parts thereof. communication), “ 4 19 ” scam ISO/IEC 27001:2005 is designed to ensure the selection of adequate and proportionate security letters, and numerous other controls that protect information assets and give confidence to interested parties, and is intended to deceptions designed to lure be suitable for several different types of use, including the following : users to part with personal information, bank and credit • use within organizations to formulate security requirements and objectives card details, social security numbers or passwords. • use within organizations as a way to ensure that security risks are cost effectively managed • use within organizations to ensure compliance with laws and regulations • System failures • use within an organization as a process framework for the implementation and management of These can can shut down an controls to ensure that the specific security objectives of an organization are met SME’s IT system and disrupt normal business activity for • definition of new information security management processes days with possibly serious • identification and clarification of existing information security management processes effects on revenue and com- petitiveness. • use by the management of organizations to determine the status of information security manage- ment activities • Software problems • use by the internal and external auditors of organizations to determine the degree of compliance These includes bugs, viruses, with the policies, directives and standards adopted by an organization out of date programs and unauthorised access which • use by organizations to provide relevant information about information security policies, directives, can compromise information standards and procedures to trading partners and other organizations with whom they interact for security. operational or commercial reasons • implementation of business-enabling information security • Misuse of company resources • use by organizations to provide relevant information about information security to customers. These can done by external users or SME staff, whether accidental or intentional, and 8  ISO Management Systems – January-February 2009
© ISO Management Systems, www.iso.org/ims SPECIAL REPORT can result in breaches of infor- mation security. • Delayed response to security incidents Immediate reporting of any potential security risks should be routine with measures taken to correct the problem before it can have a negative impact on the organization. The risk assessment should only focus on those areas requiring protection to avoid unnecessary expenditure on information security solutions covering less risky areas of the business. Regardless of the measures taken, it is impossible to reduce information security risks to zero. The SME should imple- ment the necessary controls to reduce the risks to an accept- able residual level without overspending on information security measures. There is a Maintaining an ISMS the new risks. Regular reviews point at which the benefits not only ensure the continuing gained are outweighed by the Implementing the controls set It is impossible to reduce effectiveness of the system, but cost of implementing more and out in ISO/IEC 27001 is an information security risks to can be far more cost effective more security. important aspect of protect- zero than more substantial periodic ing information, but just as system upgrades. important is maintaining the The new handbook will day-to-day effectiveness of Better protection Managing its information demystify the ISMS. If the system is not security enables an SME to regularly managed then the In this article, I have high- ISO/IEC 27001 make system improvements investment in security can be lighted some of the advice and upgrades when necessary wasted. given in the forthcoming ISO to protect its investment in handbook. It will also include security. This involves regular checklists, scorecards and case monitoring, and reviewing studies to help SMEs focus on any changes in operations the key aspects of protecting that might affect the level their business information of protection that has been using ISO/IEC 27001 as the implemented. ISMS tool. In essencethe new If changes in business condi- handbook will help to simplify tions are significant enough to and demystify ISO/IEC 27001 increase information security requirements and give SMEs risks, then the SME will have a clearer understanding of to consider changing the set how best to protect their busi- of ISMS controls to counter nesses. • ISO Management Systems – January-February 2009  9
© ISO Management Systems, www.iso.org/ims ISO INSIDER ISO publishes new edition ISO/TC 176, which is respon- sible for the ISO 9000 fam- Although certification of con- formity to ISO 9001 is not of ISO 9001 ily, unites expertise from 80 participating countries and a requirement of the stand- ard, it is frequently used in 19 international or regional both public and private sec- organizations, plus other tech- tors to increase confidence by Roger Frost nical committees. The review in the products and services of ISO 9001 resulting in the provided by certified organi- 2008 edition was carried out zations, between partners in by subcommittee SC 2 of ISO/ business-to-business relations, TC 176. in the selection of suppliers in supply chains and in the right to tender for procurement User survey contracts. Up to the end of This review has benefited from December 2007, at least 951   86 4 a number of inputs, including ISO 9001:2000 certificates had the following : a justification been issued in 175 countries study against the criteria of and economies. ISO Guide 72:2001, Guidelines for the justification and devel- opment of management system standards ; feedback from the ISO has also developed ISO/TC 176 interpretations an introduction and support process ; a two-year systematic package review of ISO 9001:2000 within ISO/TC 176 / SC2  ; a worldwide user survey carried out by ISO/ ISO (which does not itself ISO has published ISO 9001: experience of implementing TC 176/SC 2, and further data carry out certification) and 2008, the latest edition of the the standard worldwide and from national surveys. the International Accredita- International Standard used by introduces changes intended ISO Secretary-General Alan tion Forum (IAF) have agreed organizations in 175 countries as to improve consistency with Bryden commented : “ T he on an implementation plan to the framework for their quality the environmental manage- revised ISO 9001 results from a ensure a smooth transition of management systems (QMS). ment system standard, ISO structured process giving weight accredited certification to ISO 14001:2$004. ISO 9001:2008, Quality man- to the needs of users and to the 9001:2008. The details of the agement system – Require- All ISO standards – currently likely impacts and benefits of plan are given in a joint com- ments, is the fourth edition of more than 17  400 – are periodi- the revisions. ISO 9001:2008 muniqué by the two organiza- the standard first published in cally reviewed. Several factors is therefore the outcome of a tions which is available on the 1987 and which has become the combine to render a standard rigorous examination confirm- ISO Web site. global benchmark for provid- out of date, such as technologi- ing its fitness for use as the ISO 9001:2008, Quality man- ing assurance about the ability cal evolution, new methods and international benchmark for agement system – Requirements, to satisfy quality requirements materials, new quality and safe- quality management. costs 114 Swiss francs and is ty requirements, or questions and to enhance customer sat- available from ISO national of interpretation and applica- ISO/TC 176/SC 2 has also isfaction in supplier-customer member institutes (listed with tion. To take account of such developed an introduction and relationships. contact details on the ISO Web factors and to ensure that ISO support package of documents ISO 9001:2008 contains no new standards are maintained at the explaining what the differences site www.iso.org) and from ISO requirements compared to the state of the art, ISO has a rule are between ISO 9001:2008 Central Secretariat (sales@iso. 2000 edition, which it replaces. requiring them to be periodi- and the year 2000 version, why org). • It provides clarifications to the cally reviewed and a decision and what they mean for users. existing requirements of ISO taken to confirm, withdraw or These documents are available 9001:2000 based on eight years’ revise the documents. on the ISO Web site. 10  ISO Management Systems – January-February 2009
© ISO Management Systems, www.iso.org/ims ISO INSIDER ISO launches video clip : “  he ISO 9000 T The ISO 9000 family is devel- oped and maintained by ISO 50001 – future family – Global management standards“ technical committee ISO/TC management 176, Quality management and quality assurance. system standard by Roger Frost The video concept was created for energy by Communication Services, ISO Central Secretariat (ISO/ by Edwin Pinero and ISO has just launched a video efficiency and effectiveness of CS). Post-production by Com- Jason Knopes clip in which users share their the ISO 9000 approach. munication and Information perspectives of earlier ISO services (ISO/CS) and Taurus ISO Secretary-General Alan Studio (sound). Geneva, Swit- 9001 editions and other stand- Bryden comments  : “  henever W zerland www.taurus-studio. ards in the ISO 9000 family the ISO 9000 family is evoked, com. Production input by True- which has become the global the emphasis is usually on ISO world Communications, Unit- benchmark for qualtiy manage- 9001 certification. This video is ed Kingdom,www.trueworld. ment systems. refreshing because the users media.officelive.com The ISO 9000 family – Global emphasize the importance and management standards takes benefits of ISO 9000 aspects The ISO 9000 family – Glo- the form of a fictional televi- such as management commit- bal management standards sion business news report on ment, metrics, customer focus, can be downloaded free of ISO 9000 in which real users continual improvement, knowl- charge from ISO’s Web site. speak from their personal edge transfer, cost savings and It is also available (Eng- experience in the varied con- the eight quality management lish only) in high resolu- texts of multinational industry, principles.” tion on DVD in PAL (ISBN a humanitarian aid organiza- 978-92-67-10485-0) and NTSC tion and a police department, (ISBN 978-92-67-10486-7) which ISO says underlines versions for being shown in the combination of flexibility, Users emphasize the conference settings. The DVD importance and benefits version is also free, although of ISO 9000 aspects postage and handling will be charged. It is available from ISO national member institutes (listed with contact The video includes details on the ISO Web site ISO has identified energy interviews with www.iso.org) and from ISO management as one of the ISO 9000 users Central Secretariat (sales@ top five fields 1) meriting the from : the inter- iso.org). • development and promotion national oil and of International Standards. gas industry ; the Effective energy management Cambodia Trust, is a priority focus because of a humanitarian the significant potential to aid organization save energy and reduce green- with headquar- house gas (GHG) emissions ters in the United worldwide. Kingdom, and the Phoenix Police 18.12.20 08 10 :49:00 1) Priorities also include calculation Department, Ari- methods, biofuels, retrofitting and refurbishing, and buildings as zona, USA. determined by the ISO Council Standing - ISO 90 01_clip.i ndd 1 Committee on Strategies Energy Task ace CD Force in 2007. ISO Management Systems – January-February 2009  11 18.12.2008 10:46:52
© ISO Management Systems, www.iso.org/ims ISO INSIDER Existing ISO standards for A pressing need International framework quality management systems The future ISO 50001 will estab- (ISO 9000 series) and envi- lish an international frame- The authors ronmental management sys- work for industrial and com- tems (ISO 14000 series) have mercial facilities, or entire successfully stimulated sub- companies, to manage all stantial, continual efficiency aspects of energy, includ- improvements within organi- ing procurement and use. zations around the globe. An The standard will provide energy management standard organizations and com- is expected to similarly achieve panies with technical and major, long-term increases in management strategies to energy efficiency – 20  % or “  he urgency to reduce T increase energy efficiency, more in industrial facilities 2). GHG emissions, the reality reduce costs, and improve of higher prices from reduced environmental performance. Edwin Pinero Jason Knopes availability of fossil fuels, is Chair of is Secretary of Based on broad applicability ISO 50001 will provide and the need to promote ISO/PC 242. ISO/PC 242. across national economic sec- strategies to increase energy efficiency and the use of tors, the standard could influ- efficiency, reduce costs, renewable energy sources ence up to 60 % of the world’s and improve environmental provide a strong rationale energy demand3). Corporations, It is envisioned that the future for developing this new performance supply chain partnerships, utili- standard will provide organi- standard, building on the most advanced good practices ties, energy service companies, zations and companies with and existing national or and others are expected to use a recognized framework for Early on, the United Nations regional standards.” ISO 50001 as a tool to reduce integrating energy efficiency Industrial Development Organ- energy use and carbon emis- into their management prac- ization (UNIDO) recognized Alan Bryden sions in their own facilities tices. Multi-national organi- industry’s need to mount an ISO Secretary-General (as well as those belonging zations will have access to a effective response to climate 2003-2008 to their customers or suppli- single, harmonized standard change and to the proliferation ers) and to benchmark their for implementation across the of national energy manage- achievements. organization with a logical and Discussions between US ment standards. consistent methodology for experts and ISO’s US mem- As part of the standard devel- In March 2007, UNIDO hosted identifying and implementing ber, the American National opment process, ISO/PC 242 a meeting of experts, includ- energy efficiency improve- Standards Institute (ANSI) led will define relevant terms and ing representatives from the ments. The standard will also : to a formal proposal for ISO to develop management system ISO Central Secretariat and establish a committee on this requirements along with pro- • a s s i s t o r g a n i z a t i o n s i n nations that have adopted subject. In February 2008, the viding guidance for use, imple- making better use of their energy management standards. ISO Technical Management mentation, measurement, and existing energy-consuming That meeting led to submission Board (TMB) approved the metrics associated with the assets ; of a UNIDO communication establishment of a new project standard. • offer guidance on bench- to the ISO Central Secretariat committee, ISO/PC 242, Energy To provide compatibility and marking, measuring, doc- requesting that ISO consider management, to develop the integration opportunities with umenting, and reporting undertaking work on an inter- future ISO 50001 management other management systems, it energy intensity improve- national energy management system standard for energy. is anticipated that the standard ments and their projected standard. ANSI is serving as the commit- will foster the same manage- impact on reductions in tee Secretariat in partnership ment system principles of con- GHG emissions ; 2) McKane, et al, 2007 in UNIDO with ISO’s national member tinual improvement and use publication, Policies for Promoting for Brazil, Associação Bra- the Plan-Do-Check-Act cycle 3) International Energy Agency Industrial Energy Efficiency in International Energy Outlook 2007, Developing Countries and Transition sileira de Normas Técnicas employed in ISO 9001 and industrial and commercial world energy Economies, V.08-52434-April 2008. (ABNT). ISO 14001. use 12  ISO Management Systems – January-February 2009
© ISO Management Systems, www.iso.org/ims ISO INSIDER • create transparency and facilitate communication on country’s national mirror com- mittee which will coordinate How ISO contributes the management of energy the country’s participation to a sustainable world resources ; in developing the standard. Contact information for ISO • promote energy manage- by Roger Frost members in each country is ment best practice and rein- available on ISO’s Web site force good energy manage- www.iso.org. ment behaviour ; Countries wishing to actively ISO has just published a new The brochure is entitled How • assist facilities in evaluating participate and send repre- brochure providing a concise ISO’s technical programme and and prioritizing the imple- sentatives to ISO/PC 242 meet- overview of how ISO’s techni- standards contribute to a sus- mentation of new energy- ings should confirm their par- cal programme, which has so tainable world. It explains how efficient technologies ; ticipation status with the ISO far produced more than 17 400 International Standards of the • provide a framework for Central Secretariat (contact International Standards, contrib- type developed by ISO, based promoting energy efficien- Trevor Vyze – vyze@iso.org) ute to a sustainable world. on a double level of consen- cy throughout the supply and should also inform the sus, between stakeholders and chain ; ISO – a multi-sector, multi-stake- ISO/PC 242 Secretary, Jason between countries, contribute to holder international organization • facilitate energy manage- Knopes, of ANSI (JKnopes@ the three dimensions of sustain- – is the leader for the production ment improvements in the ansi.org) and Co-Secretary able development – economic, of consensus-based International context of GHG emission Felipe Viera, of ABNT, (Felipe. environmental and social. They : Standards. ISO’s membership reduction projects. Vieira@abnt.org.br). • comprises the national standards • support the facilitation of The first meeting of ISO/PC bodies of 157 countries. This net- global trade, the dissemina- 242 was held on 8-10 Septem- work is complemented by more tion of new technologies, ber 2008 near Washington D.C. than 600 international and good business practices and The meeting was attended by regional partners and the partici- the relations between eco- more than 80 delegates from 25 pation of close to 100 000 experts. nomic actors ; ISO national member bodies from all regions of the world, as well as representation from UNIDO, which has liaison status with ISO/PC 242. Excellent progress was made in the technical discussions and a first working draft has already been circulated for comment. A major point of discussion is the need to ensure compatibility with the existing suite of ISO management system standards. The committee therefore took the key decision to base the draft on the common elements found in all of ISO’s manage- ment system standards. The 2nd ISO/PC 242 meeting will take place in Rio de Janeiro, Brazil in March 2009. Energy leaders are encour- aged to participate in their Brochure_sustainable_world.indd C1 29.09.2008 17:26:03 ISO Management Systems – January-February 2009  13
© ISO Management Systems, www.iso.org/ims ISO INSIDER ISO Guide will help reduce environmental impacts of products 7:06 08 17:2 by Sandrine Tranchard, 29.09.20 able_wo rld.indd 9 Communication Officer, ISO Central Secretariat _sustain Brochure Brochure _sustaina ble_world .indd 2 ISO has published an up- This Guide is intended for 29.09.20 08 17:2 6:26 dated edition of its guide to use by all those involved in Brochure_sustainable_world.indd 6 29.09.2008 17:26:40 reducing the potential envi- the drafting of product stand- ronmental impact of products ards. Standards writers are • support good environmental tees developing standards for by taking environmental as- not expected to become en- practice and information, energy, food, water, the environ- pects into account in product vironmental experts but, by energy efficiency and the ment, health, fire safety, building, standards. using this Guide, they are en- dissemination of new, eco- transport, nanotechnologies, couraged to : friendly and energy per- social responsibility and people Every product has an impact formance technologies ; with disabilities. on the environment during all • identify and understand stages of its life-cycle, from basic environmental aspects • contribute to consumer It also describes how ISO’s extraction of resources to and impacts related to the protection, safety at work, standardization work benefits end-of-life treatment and the product under considera- healthcare, security and from strategic management and need to reduce the potential tion ; and other social interests which policy inputs that also contribute adverse impacts on the envi- may require technical or to sustainability. These inputs • determine when it is pos- ronment of a product is rec- management standards for come from the TMB and ISO sible and when it is not ognized around the world. the related products and policy development committees possible to deal with an services. for consumer affairs, develop- The newly published ISO environmental issue through ing countries and conformity Guide 64:2008, Guide for a product standard. ISO Secretary-General Alan assessment. addressing environmental is- Bryden commented  : “While sues in product standards, is However, the identification of the content of the majority of How ISO’s technical pro- a practical tool for address- these aspects and the pre- ISO standards is technical, their gramme and standards contrib- ing these issues, as well as diction of their impacts is a implementation goes beyond ute to a sustainable world, 20 a contribution to sustainable complex process. When writ- solving technical problems to pages, A5 landscape format, international trade. ing a product standard, it is delivering positive results in is available in English (ISBN economic, environmental and 978-92-67-10484-3) and French societal spheres.” (ISBN 978-92-67-20484-0) edi- tions, free of charge, from ISO Survey national member institutes (list- ed with contact details on the The new brochure is based on ISO Web site www.iso.org) and a survey launched in 2007 by from ISO Central Secretariat the ISO Technical Management (sales@iso.org). It can also be Board (TMB) of the technical downloaded as a PDF file from committees that development the ISO Web site. • ISO standards.  They were asked how they felt their standards contributed to sustainable development. The brochure gives a selection of examples provided by commit- 14  ISO Management Systems – January-February 2009
© ISO Management Systems, www.iso.org/ims ISO INSIDER important to ensure that an evaluation as to how products potential adverse environ- mental impacts at different Material flow cost accounting can affect the environment at stages of the entire product with ISO 14051 different stages of their life- life-cycle ; cycle is carried out as early • emphasize that taking into as possible in the process of by Katsuhiko Kokubu, Marcelo Kos Silveira Campos, Yoshikuni account environmental developing the standard. Furukawa, and Hiroshi Tachikawa issues in product standards is a complex process and Step-by-step requires balancing compet- ing priorities ; ISO Guide 64:2008 proposes a step-by-step approach, based • recommend the use of life- on the principle of life-cycle cycle analysis when defining analysis, in order to promote environmental provisions a reduction of potential ad- for a product for which a verse environmental impacts standard is being drafted ; caused by products. and The implementation of ISO • to promote the future devel- Guide 64:2008 will help to opment of relevant sector make standards writers aware guides for addressing envi- of how it is possible to make ronmental issues in prod- an effective contribution to uct standards by standards environmental improvement writers, consistent with the through a product standard, principles and approaches and how to reduce potential of this Guide. adverse environmental im- pacts of products. Taking into account Through a helpful tool (the environmental issues environmental checklist), the in product standards writer of product standards is complex can assess the relevant prod- uct environmental aspects, based on the availability of ISO Guide 64: 2008, Guide environmental information, for addressing environmental product and environmental issues in product standards, knowledge and the applica- was developed by the Work- tion of life-cycle analysis. Material flow cost account- ment, is currently working on ing Group, Inclusion of envi- ing (MFCA), an environmen- the development of ISO 14051, Primarily intended for prod- ronmental aspects in product tal management accounting Environmental management – uct standards writers, the ob- standards, ISO/TC 207, En- developed in Germany in the Material flow cost accounting jectives of ISO Guide 64:2008 vironmental management. It late 1990s and since adopted – General framework, targeted are to : costs 132 Swiss francs and is widely in Japan, focuses on trac- for publication early in 2011. available from ISO national • outline the relationship ing waste, emissions and non- member institutes (listed with ISO 14051 will be complemen- between the provisions in products, and can help boost an contact details on the ISO tary to the ISO 14000 fam- product standards and the organization’s economic and Web site www.iso.org) and ily of environmental manage- environmental aspects and environmental performance. from ISO Central Secretariat ment system standards (EMS), impacts of the product ; (sales@iso.org). • To standardize MFCA practices, including life cycle assessment • assist in drafting or revis- working group (WG) 8 of ISO (ISO 14040, ISO 14044), envi- ing provisions in product technical committee ISO/TC ronmental performance evalu- standards in order to reduce 207, Environmental manage- ation (ISO 14031), and the ISO Management Systems – January-February 2009  15
ISO 27001 for SMEs
ISO 27001 for SMEs
ISO 27001 for SMEs
ISO 27001 for SMEs
ISO 27001 for SMEs
ISO 27001 for SMEs
ISO 27001 for SMEs
ISO 27001 for SMEs
ISO 27001 for SMEs
ISO 27001 for SMEs
ISO 27001 for SMEs
ISO 27001 for SMEs
ISO 27001 for SMEs
ISO 27001 for SMEs
ISO 27001 for SMEs
ISO 27001 for SMEs
ISO 27001 for SMEs
ISO 27001 for SMEs
ISO 27001 for SMEs
ISO 27001 for SMEs
ISO 27001 for SMEs
ISO 27001 for SMEs
ISO 27001 for SMEs
ISO 27001 for SMEs
ISO 27001 for SMEs
ISO 27001 for SMEs
ISO 27001 for SMEs

Recommended

Euma spain managing remote teams victor duart
Euma spain managing remote teams victor duartEuma spain managing remote teams victor duart
Euma spain managing remote teams victor duartPilar de Torres Gimeno
 
Global Power Plant Services Industry
Global Power Plant Services IndustryGlobal Power Plant Services Industry
Global Power Plant Services IndustryReportLinker.com
 
Session 2: International conference "Tracking the future"
Session 2: International conference "Tracking the future"Session 2: International conference "Tracking the future"
Session 2: International conference "Tracking the future"Tecnoalimenti S.C.p.A.
 
Unified Communications International deployment. Risk to overcome and lessons...
Unified Communications International deployment. Risk to overcome and lessons...Unified Communications International deployment. Risk to overcome and lessons...
Unified Communications International deployment. Risk to overcome and lessons...Agustin Argelich Casals
 
Creating the Smarter, Leaner & Greener Workplace of the Future
Creating the Smarter, Leaner & Greener Workplace of the FutureCreating the Smarter, Leaner & Greener Workplace of the Future
Creating the Smarter, Leaner & Greener Workplace of the FutureStanford Graduate School of Business
 
Bsi iso27001-mapping-guide
Bsi iso27001-mapping-guideBsi iso27001-mapping-guide
Bsi iso27001-mapping-guidefloora_jj
 
Key considerations for an appropriate scope for all management systems
Key considerations for an appropriate scope for all management systemsKey considerations for an appropriate scope for all management systems
Key considerations for an appropriate scope for all management systemsPECB
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?PECB
 

Recommended

Euma spain managing remote teams victor duart
Euma spain managing remote teams victor duartEuma spain managing remote teams victor duart
Euma spain managing remote teams victor duartPilar de Torres Gimeno
 
Global Power Plant Services Industry
Global Power Plant Services IndustryGlobal Power Plant Services Industry
Global Power Plant Services IndustryReportLinker.com
 
Session 2: International conference "Tracking the future"
Session 2: International conference "Tracking the future"Session 2: International conference "Tracking the future"
Session 2: International conference "Tracking the future"Tecnoalimenti S.C.p.A.
 
Unified Communications International deployment. Risk to overcome and lessons...
Unified Communications International deployment. Risk to overcome and lessons...Unified Communications International deployment. Risk to overcome and lessons...
Unified Communications International deployment. Risk to overcome and lessons...Agustin Argelich Casals
 
Creating the Smarter, Leaner & Greener Workplace of the Future
Creating the Smarter, Leaner & Greener Workplace of the FutureCreating the Smarter, Leaner & Greener Workplace of the Future
Creating the Smarter, Leaner & Greener Workplace of the FutureStanford Graduate School of Business
 
Bsi iso27001-mapping-guide
Bsi iso27001-mapping-guideBsi iso27001-mapping-guide
Bsi iso27001-mapping-guidefloora_jj
 
Key considerations for an appropriate scope for all management systems
Key considerations for an appropriate scope for all management systemsKey considerations for an appropriate scope for all management systems
Key considerations for an appropriate scope for all management systemsPECB
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?PECB
 
Greening our Planet, our Industry, our Community and our Company – a goal we ...
Greening our Planet, our Industry, our Community and our Company – a goal we ...Greening our Planet, our Industry, our Community and our Company – a goal we ...
Greening our Planet, our Industry, our Community and our Company – a goal we ...Rally Software
 
IDGA Irregular Warfare COTS Deck
IDGA Irregular Warfare COTS DeckIDGA Irregular Warfare COTS Deck
IDGA Irregular Warfare COTS Deckrgiuntini
 
ECR Europe Forum '05. Get the most out of communication standards upstream
ECR Europe Forum '05. Get the most out of communication standards upstreamECR Europe Forum '05. Get the most out of communication standards upstream
ECR Europe Forum '05. Get the most out of communication standards upstreamECR Community
 
E invoicing, stakeholders’ perspective on the cii
E invoicing, stakeholders’ perspective on the ciiE invoicing, stakeholders’ perspective on the cii
E invoicing, stakeholders’ perspective on the ciiFriso de Jong
 
Bringing automation to hedge funds
Bringing automation to hedge fundsBringing automation to hedge funds
Bringing automation to hedge fundsKoen Vierendeels
 
Curated Computing
Curated Computing Curated Computing
Curated Computing Dr. Jimmy Schwarzkopf
 
Automation of call detail record management system using newgen’s ecm suite
Automation of call detail record management system using newgen’s ecm suiteAutomation of call detail record management system using newgen’s ecm suite
Automation of call detail record management system using newgen’s ecm suiteNewgen Software Technologies Limited
 
A step forward to product lifecycle
A step forward to product lifecycleA step forward to product lifecycle
A step forward to product lifecycleCORETECHNOLOGIE
 
Star storage m cloud week
Star storage m cloud weekStar storage m cloud week
Star storage m cloud weekE-Government Center Moldova
 
IDC MarketScape Virtual Tape Library
IDC MarketScape Virtual Tape LibraryIDC MarketScape Virtual Tape Library
IDC MarketScape Virtual Tape Libraryarms8586
 
Unilog 2011 core services sanitized
Unilog 2011 core services sanitizedUnilog 2011 core services sanitized
Unilog 2011 core services sanitizedbasuchit
 
ITW Rocol - Case Study
ITW Rocol - Case StudyITW Rocol - Case Study
ITW Rocol - Case Study369 Consulting Ltd
 
Maximo and a roadmap for your IoT journey
Maximo and a roadmap for your IoT journeyMaximo and a roadmap for your IoT journey
Maximo and a roadmap for your IoT journeyHelen Fisher
 
IRJET - A Research on Eloquent Salvation and Productive Outsourcing of Massiv...
IRJET - A Research on Eloquent Salvation and Productive Outsourcing of Massiv...IRJET - A Research on Eloquent Salvation and Productive Outsourcing of Massiv...
IRJET - A Research on Eloquent Salvation and Productive Outsourcing of Massiv...IRJET Journal
 
Oportunidades y riesgos en los mercados de Carbono
Oportunidades y riesgos en los mercados de CarbonoOportunidades y riesgos en los mercados de Carbono
Oportunidades y riesgos en los mercados de CarbonoEOI Escuela de Organización Industrial
 
Avaya%20data%20solutions%20 %20creating%20a%20fit%20for%20purpose%20network
Avaya%20data%20solutions%20 %20creating%20a%20fit%20for%20purpose%20networkAvaya%20data%20solutions%20 %20creating%20a%20fit%20for%20purpose%20network
Avaya%20data%20solutions%20 %20creating%20a%20fit%20for%20purpose%20networkSteven J. Bocker, MBA
 
Software System Scalability: Concepts and Techniques (keynote talk at ISEC 2009)
Software System Scalability: Concepts and Techniques (keynote talk at ISEC 2009)Software System Scalability: Concepts and Techniques (keynote talk at ISEC 2009)
Software System Scalability: Concepts and Techniques (keynote talk at ISEC 2009)David Rosenblum
 
FACE-ing Reality: Maintaining our Military Edge in the Modern World
FACE-ing Reality: Maintaining our Military Edge in the Modern WorldFACE-ing Reality: Maintaining our Military Edge in the Modern World
FACE-ing Reality: Maintaining our Military Edge in the Modern WorldReal-Time Innovations (RTI)
 
BSI BIM Conference 2016
BSI BIM Conference 2016 BSI BIM Conference 2016
BSI BIM Conference 2016Opentree Ltd
 
S5rud
S5rudS5rud
S5rudArnold Rudorfer
 
RBI Cyber Security Guidelines- FixNix GRC
RBI Cyber Security Guidelines- FixNix GRCRBI Cyber Security Guidelines- FixNix GRC
RBI Cyber Security Guidelines- FixNix GRCFixNix Inc.,
 
FoFN Friends of FixNix Partner briefing - Aug 2nd
FoFN Friends of FixNix Partner briefing - Aug 2ndFoFN Friends of FixNix Partner briefing - Aug 2nd
FoFN Friends of FixNix Partner briefing - Aug 2ndFixNix Inc.,
 

More Related Content

Similar to ISO 27001 for SMEs

Greening our Planet, our Industry, our Community and our Company – a goal we ...
Greening our Planet, our Industry, our Community and our Company – a goal we ...Greening our Planet, our Industry, our Community and our Company – a goal we ...
Greening our Planet, our Industry, our Community and our Company – a goal we ...Rally Software
 
IDGA Irregular Warfare COTS Deck
IDGA Irregular Warfare COTS DeckIDGA Irregular Warfare COTS Deck
IDGA Irregular Warfare COTS Deckrgiuntini
 
ECR Europe Forum '05. Get the most out of communication standards upstream
ECR Europe Forum '05. Get the most out of communication standards upstreamECR Europe Forum '05. Get the most out of communication standards upstream
ECR Europe Forum '05. Get the most out of communication standards upstreamECR Community
 
E invoicing, stakeholders’ perspective on the cii
E invoicing, stakeholders’ perspective on the ciiE invoicing, stakeholders’ perspective on the cii
E invoicing, stakeholders’ perspective on the ciiFriso de Jong
 
Bringing automation to hedge funds
Bringing automation to hedge fundsBringing automation to hedge funds
Bringing automation to hedge fundsKoen Vierendeels
 
Automation of call detail record management system using newgen’s ecm suite
Automation of call detail record management system using newgen’s ecm suiteAutomation of call detail record management system using newgen’s ecm suite
Automation of call detail record management system using newgen’s ecm suiteNewgen Software Technologies Limited
 
A step forward to product lifecycle
A step forward to product lifecycleA step forward to product lifecycle
A step forward to product lifecycleCORETECHNOLOGIE
 
IDC MarketScape Virtual Tape Library
IDC MarketScape Virtual Tape LibraryIDC MarketScape Virtual Tape Library
IDC MarketScape Virtual Tape Libraryarms8586
 
Unilog 2011 core services sanitized
Unilog 2011 core services sanitizedUnilog 2011 core services sanitized
Unilog 2011 core services sanitizedbasuchit
 
Maximo and a roadmap for your IoT journey
Maximo and a roadmap for your IoT journeyMaximo and a roadmap for your IoT journey
Maximo and a roadmap for your IoT journeyHelen Fisher
 
IRJET - A Research on Eloquent Salvation and Productive Outsourcing of Massiv...
IRJET - A Research on Eloquent Salvation and Productive Outsourcing of Massiv...IRJET - A Research on Eloquent Salvation and Productive Outsourcing of Massiv...
IRJET - A Research on Eloquent Salvation and Productive Outsourcing of Massiv...IRJET Journal
 
Avaya%20data%20solutions%20 %20creating%20a%20fit%20for%20purpose%20network
Avaya%20data%20solutions%20 %20creating%20a%20fit%20for%20purpose%20networkAvaya%20data%20solutions%20 %20creating%20a%20fit%20for%20purpose%20network
Avaya%20data%20solutions%20 %20creating%20a%20fit%20for%20purpose%20networkSteven J. Bocker, MBA
 
Software System Scalability: Concepts and Techniques (keynote talk at ISEC 2009)
Software System Scalability: Concepts and Techniques (keynote talk at ISEC 2009)Software System Scalability: Concepts and Techniques (keynote talk at ISEC 2009)
Software System Scalability: Concepts and Techniques (keynote talk at ISEC 2009)David Rosenblum
 
FACE-ing Reality: Maintaining our Military Edge in the Modern World
FACE-ing Reality: Maintaining our Military Edge in the Modern WorldFACE-ing Reality: Maintaining our Military Edge in the Modern World
FACE-ing Reality: Maintaining our Military Edge in the Modern WorldReal-Time Innovations (RTI)
 
BSI BIM Conference 2016
BSI BIM Conference 2016 BSI BIM Conference 2016
BSI BIM Conference 2016Opentree Ltd
 

Similar to ISO 27001 for SMEs (20)

Greening our Planet, our Industry, our Community and our Company – a goal we ...
Greening our Planet, our Industry, our Community and our Company – a goal we ...Greening our Planet, our Industry, our Community and our Company – a goal we ...
Greening our Planet, our Industry, our Community and our Company – a goal we ...
 
IDGA Irregular Warfare COTS Deck
IDGA Irregular Warfare COTS DeckIDGA Irregular Warfare COTS Deck
IDGA Irregular Warfare COTS Deck
 
ECR Europe Forum '05. Get the most out of communication standards upstream
ECR Europe Forum '05. Get the most out of communication standards upstreamECR Europe Forum '05. Get the most out of communication standards upstream
ECR Europe Forum '05. Get the most out of communication standards upstream
 
E invoicing, stakeholders’ perspective on the cii
E invoicing, stakeholders’ perspective on the ciiE invoicing, stakeholders’ perspective on the cii
E invoicing, stakeholders’ perspective on the cii
 
Bringing automation to hedge funds
Bringing automation to hedge fundsBringing automation to hedge funds
Bringing automation to hedge funds
 
Curated Computing
Curated Computing Curated Computing
Curated Computing
 
Automation of call detail record management system using newgen’s ecm suite
Automation of call detail record management system using newgen’s ecm suiteAutomation of call detail record management system using newgen’s ecm suite
Automation of call detail record management system using newgen’s ecm suite
 
A step forward to product lifecycle
A step forward to product lifecycleA step forward to product lifecycle
A step forward to product lifecycle
 
Star storage m cloud week
Star storage m cloud weekStar storage m cloud week
Star storage m cloud week
 
IDC MarketScape Virtual Tape Library
IDC MarketScape Virtual Tape LibraryIDC MarketScape Virtual Tape Library
IDC MarketScape Virtual Tape Library
 
Unilog 2011 core services sanitized
Unilog 2011 core services sanitizedUnilog 2011 core services sanitized
Unilog 2011 core services sanitized
 
ITW Rocol - Case Study
ITW Rocol - Case StudyITW Rocol - Case Study
ITW Rocol - Case Study
 
Maximo and a roadmap for your IoT journey
Maximo and a roadmap for your IoT journeyMaximo and a roadmap for your IoT journey
Maximo and a roadmap for your IoT journey
 
IRJET - A Research on Eloquent Salvation and Productive Outsourcing of Massiv...
IRJET - A Research on Eloquent Salvation and Productive Outsourcing of Massiv...IRJET - A Research on Eloquent Salvation and Productive Outsourcing of Massiv...
IRJET - A Research on Eloquent Salvation and Productive Outsourcing of Massiv...
 
Oportunidades y riesgos en los mercados de Carbono
Oportunidades y riesgos en los mercados de CarbonoOportunidades y riesgos en los mercados de Carbono
Oportunidades y riesgos en los mercados de Carbono
 
Avaya%20data%20solutions%20 %20creating%20a%20fit%20for%20purpose%20network
Avaya%20data%20solutions%20 %20creating%20a%20fit%20for%20purpose%20networkAvaya%20data%20solutions%20 %20creating%20a%20fit%20for%20purpose%20network
Avaya%20data%20solutions%20 %20creating%20a%20fit%20for%20purpose%20network
 
Software System Scalability: Concepts and Techniques (keynote talk at ISEC 2009)
Software System Scalability: Concepts and Techniques (keynote talk at ISEC 2009)Software System Scalability: Concepts and Techniques (keynote talk at ISEC 2009)
Software System Scalability: Concepts and Techniques (keynote talk at ISEC 2009)
 
FACE-ing Reality: Maintaining our Military Edge in the Modern World
FACE-ing Reality: Maintaining our Military Edge in the Modern WorldFACE-ing Reality: Maintaining our Military Edge in the Modern World
FACE-ing Reality: Maintaining our Military Edge in the Modern World
 
BSI BIM Conference 2016
BSI BIM Conference 2016 BSI BIM Conference 2016
BSI BIM Conference 2016
 
S5rud
S5rudS5rud
S5rud
 

More from FixNix Inc.,

RBI Cyber Security Guidelines- FixNix GRC
RBI Cyber Security Guidelines- FixNix GRCRBI Cyber Security Guidelines- FixNix GRC
RBI Cyber Security Guidelines- FixNix GRCFixNix Inc.,
 
FoFN Friends of FixNix Partner briefing - Aug 2nd
FoFN Friends of FixNix Partner briefing - Aug 2ndFoFN Friends of FixNix Partner briefing - Aug 2nd
FoFN Friends of FixNix Partner briefing - Aug 2ndFixNix Inc.,
 
Fix nix GRC DEMO FOR RISK TEAM MPHASIS
Fix nix GRC DEMO FOR RISK TEAM MPHASISFix nix GRC DEMO FOR RISK TEAM MPHASIS
Fix nix GRC DEMO FOR RISK TEAM MPHASISFixNix Inc.,
 
FixNix corporate profile
FixNix corporate profileFixNix corporate profile
FixNix corporate profileFixNix Inc.,
 
New Business Model v1
New Business Model v1New Business Model v1
New Business Model v1FixNix Inc.,
 
Business model israel_v1.0
Business model israel_v1.0Business model israel_v1.0
Business model israel_v1.0FixNix Inc.,
 
Fixnixbusinessmodelv1.0
Fixnixbusinessmodelv1.0Fixnixbusinessmodelv1.0
Fixnixbusinessmodelv1.0FixNix Inc.,
 
Fix nix business model for npc
Fix nix business model for npcFix nix business model for npc
Fix nix business model for npcFixNix Inc.,
 
Fixnix GRC Suite A Glance
Fixnix GRC Suite A GlanceFixnix GRC Suite A Glance
Fixnix GRC Suite A GlanceFixNix Inc.,
 
FixNix 17 products1.0
FixNix 17 products1.0FixNix 17 products1.0
FixNix 17 products1.0FixNix Inc.,
 
Choosing an open source log management system for small business
Choosing an open source log management system for small businessChoosing an open source log management system for small business
Choosing an open source log management system for small businessFixNix Inc.,
 
Lets understand the GRC market well with Ponemon analysis- FixNix
Lets understand the GRC market well with Ponemon analysis- FixNixLets understand the GRC market well with Ponemon analysis- FixNix
Lets understand the GRC market well with Ponemon analysis- FixNixFixNix Inc.,
 
GRC 101 ISACA Bengaluru on 28th Dec 2013
GRC 101 ISACA Bengaluru on 28th Dec 2013GRC 101 ISACA Bengaluru on 28th Dec 2013
GRC 101 ISACA Bengaluru on 28th Dec 2013FixNix Inc.,
 

More from FixNix Inc., (20)

RBI Cyber Security Guidelines- FixNix GRC
RBI Cyber Security Guidelines- FixNix GRCRBI Cyber Security Guidelines- FixNix GRC
RBI Cyber Security Guidelines- FixNix GRC
 
FoFN Friends of FixNix Partner briefing - Aug 2nd
FoFN Friends of FixNix Partner briefing - Aug 2ndFoFN Friends of FixNix Partner briefing - Aug 2nd
FoFN Friends of FixNix Partner briefing - Aug 2nd
 
Fix nix GRC DEMO FOR RISK TEAM MPHASIS
Fix nix GRC DEMO FOR RISK TEAM MPHASISFix nix GRC DEMO FOR RISK TEAM MPHASIS
Fix nix GRC DEMO FOR RISK TEAM MPHASIS
 
FixNix corporate profile
FixNix corporate profileFixNix corporate profile
FixNix corporate profile
 
Vc us v4.0
Vc us v4.0Vc us v4.0
Vc us v4.0
 
Fixnix us vc_v3.0
Fixnix us vc_v3.0Fixnix us vc_v3.0
Fixnix us vc_v3.0
 
Fix nix, inc.
Fix nix, inc.Fix nix, inc.
Fix nix, inc.
 
New Business Model v1
New Business Model v1New Business Model v1
New Business Model v1
 
Business model israel_v1.0
Business model israel_v1.0Business model israel_v1.0
Business model israel_v1.0
 
Fix nix, inc
Fix nix, incFix nix, inc
Fix nix, inc
 
Fixnixbusinessmodelv1.0
Fixnixbusinessmodelv1.0Fixnixbusinessmodelv1.0
Fixnixbusinessmodelv1.0
 
Fix nix business model for npc
Fix nix business model for npcFix nix business model for npc
Fix nix business model for npc
 
Fixnix GRC Suite A Glance
Fixnix GRC Suite A GlanceFixnix GRC Suite A Glance
Fixnix GRC Suite A Glance
 
FixNix 17 products1.0
FixNix 17 products1.0FixNix 17 products1.0
FixNix 17 products1.0
 
FixNix GRC suite
FixNix GRC suiteFixNix GRC suite
FixNix GRC suite
 
Choosing an open source log management system for small business
Choosing an open source log management system for small businessChoosing an open source log management system for small business
Choosing an open source log management system for small business
 
Lets understand the GRC market well with Ponemon analysis- FixNix
Lets understand the GRC market well with Ponemon analysis- FixNixLets understand the GRC market well with Ponemon analysis- FixNix
Lets understand the GRC market well with Ponemon analysis- FixNix
 
Fix Nix deck
Fix Nix deckFix Nix deck
Fix Nix deck
 
FixNix Pitch
FixNix PitchFixNix Pitch
FixNix Pitch
 
GRC 101 ISACA Bengaluru on 28th Dec 2013
GRC 101 ISACA Bengaluru on 28th Dec 2013GRC 101 ISACA Bengaluru on 28th Dec 2013
GRC 101 ISACA Bengaluru on 28th Dec 2013
 

Recently uploaded

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusZilliz
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 

Recently uploaded (20)

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 

ISO 27001 for SMEs

  • 1. IMS Vol. 9, No. 1 January-February 2009 ISO Management Systems When Results Count. ISO Standards. ISSN 1680-8096 • ISO 9000 video • ISO 50001 and energy • Standards and sustainability “ Big D ” becomes “ Green D ” IS O/IEC 2 7001 SMEs ISO 22000 and a million daily meals for Ship registry and ISO 9001
  • 2.
  • 3. © ISO Management Systems, www.iso.org/ims by Roger Frost EDITORIAL You can count on ISO standards The following examples, large and small, cover both management systems and “ other standards ” – and include a striking negative example. • MPEG-2 Y ou may have noticed that there is a slogan under the ISO Management Systems title on the cover page of the The MPEG-2 coding standard has facilitated the worldwide magazine. The slogan reads : “  hen Results Count. ISO W growth of the digital television and DVD industries, including Standards.” the diffusion of some 3.5 billion DVD Given our emphasis machines and 40 billion on ISO’s management DVDs. an estimated system standards and market of USD 2.5 trillion. the results they deliver for users – as reported • Product data by the users themselves exchange – it’s easy to forget that ISO has more than The ISO Standard for 17  4 00 “ other ”  Inter- Exchange of Product national Standards and Data (STEP), which related documents to addresses the exchange offer. of digital product information, has been The sheer scale of calculated as having the implementation the potential to save of some of them, for USD 928 million a year example, the metric by reducing interoper- system, makes it rather ability problems in the difficult, if not impos- automotive, aerospace sible, to come up with and shipbuilding indus- precise, totally accurate tries alone. data on the results they help to achieve. • Freight containers Another complication is that a number It is estimated that more than 90   of the world % of standards, such as for freight container trade in non-bulk goods is transported in dimensions and many information technol- Some standards provide freight containers conforming to ISO specifi- ogy standards, provide benefits not only for spin-off benefits for much cations. Containerization has reduced the time specific users like the transport and IT of the world’s population and cost of moving goods across the oceans to sectors, but potentially for all sectors. market by 84  % and 35  % respectively. Indeed, it could be argued that some stand- ards like these provide spin-off benefits for • Space much of the world’s population. The failure to adhere to the international metric system of It is relatively simple for individual users of ISO manage- measurement (now the ISO 80000 series) cost US taxpayers ment system standards to calculate the benefits that they USD 125 million at the end of September 1999 when bring their organizations. For the reasons given above, it is NASA’s Mars Climate Orbiter was lost in space because often necessary to have recourse to estimations and projec- engineers had failed to make the conversion from Imperial tions to convey an idea of the results delivered by other units to metric, a costly mistake that sent the spacecraft standards. fatally close to the surface of Mars. ISO Management Systems – January-February 2009  1
  • 4. © ISO Management Systems, www.iso.org/ims EDITORIAL • Oil and gas • Cranes A multinational company calculated that if the systematic Maintenance programmes based on International Standards use of ISO standards could be expected to save 1  % of of the millions of cranes in use around the world are the industry’s annual expenditure, then the saving would estimated to save USD 3 billion annually. amount to USD 180 million and represent a return on investment of 25 to 1. • Petroleum company Average benefits of ISO 9000 implementation were some • Concrete nine times the costs over the first year. It is estimated that the world trade in concrete is USD 13-14 trillion and that implementing ISO standards could • International development bank increase this by 1-2  % over a decade. With an annual An ISO 14001-based resource conservation programme production of concrete estimated to be 15 billion tons helped save over USD 250  0 00 through electricity, water, and about 1 % of the world’s population having jobs that paper, and solid waste reduction at its HQ from 2003 to directly relate to the concrete construction industry, the 2006. value of ISO standards impacting the world trade in concrete, the quality and longevity of concrete and the • City council environmental impact of concrete production is potentially As a result of a combined ISO 9000 and risk management enormous. programme implemented by a city council, its insurer waived an 8  % increase in its premium. • Counting on ISO standards 2  IMS – January-February 2009
  • 5. © ISO Management Systems, www.iso.org/ims CONTENTS VIEWPOINT 23 5 ISO/TC 207 can get even better Dr. Robert Page, the new Chair of ISO/TC 207, Environmental management, writes : “ISO/TC 207 is built on incredible foundations – its institutional strength, global reach and collective will to develop standards that matter. It is against this backdrop that ISO/TC 207 can get even better, to address calls for greater market IMS 1-2009 E.indd 1 29.12.2008 10:43:29 relevance and more effective tools.” SPECIAL REPORT 6 ISO MANAGEMENT SYSTEMS is published ISO/IEC 27001 for SMEs six times a year Information security management systems for by the Central small and medium-sized enteprises Secretariat of ISO (International Athough many large organizations have been quick to see the benefits of Organization for Standardization) and is available in English, ISO/IEC 27001:2005 – the information security management system standard French and Spanish editions. – many SMEs have been slow adopters because of a lack of basic advice in its implementation. This will change with development of a new ISO Publisher : ISO Central Secretariat, handbook to demystify the process, due for publication in 2009. 1, ch. de la Voie-Creuse, Case postale 56, CH-1211 Geneva 20, ISO INSIDER 10 Switzerland. Tel. + 41 22 749 01 11. ISO publishes new edition of ISO 9001 Fax + 41 22 733 34 30. ISO has published ISO 9001:2008, the latest edition of the International Standard E-mail central@iso.org Web www.iso.org used by organizations in 175 countries as the framework for their quality manage- ment systems (QMS). ISO 9001:2008, Quality management system – Requirements, Editor in Chief : Roger Frost. is the fourth edition of the standard first published in 1987. Contributing Editor : Garry Lambert. ISO launches video clip  : “  he ISO 9000 family – Global management T Artwork : Pascal Krieger and Pierre Granier. standards ” • ISO 50001 – future management system standard for energy • How ISO contributes to a sustainable world • ISO Guide will A one-year subscription (six issues) to ISO MANAGEMENT help reduce environmental impacts of products • Material flow cost SYSTEMS costs 128 Swiss francs. accounting with ISO 14051 Subscription enquiries : Sonia Rosas-Friot, ISO Central Secretariat. INTERNATIONAL 23 19 Tel. + 41 22 749 03 36. Fax + 41 22 749 09 47. The “ Big D ” becomes the “ Green D ” E-mail sales@iso.org Dallas is largely known across the globe for being big…  ig money, b Advertising enquiries : big business, and big hair (the hair styles made famous by the Dallas ISO Central Secretariat, TV series)…and is appropriately nicknamed, “  ig D  . However, B ” Case postale 56, CH-1211 Geneva 20, the “  ig D  is now known as “  reen D  as a result of a three-year B ” G ” Switzerland. ISO 14001 implementation and certification programme across all Contact : Régis Brinster. Tel. + 41 22 749 02 44. major city departments, a first in any US municipal organization. E-mail brinster@iso.org • Isle of Man Ship Registry – anchored to ISO 9001 © ISO, January-February 2009 • ISO 22000 helps India’s Akshaya Patra Foundation feed ISSN 1680-8096 a million needy children daily The views expressed in • Case studies show value of ISO/IEC 27001 conformity ISO MANAGEMENT SYSTEMS are those of the authors. The advertising STANDARDS FOR SERVICES 37 of products, services, events or training courses in this publication • European initiatives for sheltered housing does not imply their approval by ISO. and airport security Cover photo   Montage ISO : NEXT ISSUE 40 ISO Management Systems – January-February 2009  3
  • 6.
  • 7. © ISO Management Systems, www.iso.org/ims VIEWPOINT It was a great honour for me significant and important institutional strength, global to accept the nomination as contribution to sustainable reach and collective will to the Chair of ISO techni- development. Born out of develop standards that mat- cal committee ISO/TC 207, the 1991 Rio Earth Summit, ter. It is against this back- Environmental management. ISO/TC 207 has epitomized drop that ISO/TC 207 can I have had the pleasure to that Summit’s Agenda 21 get even better, to address know several past Chairs and its focus on how govern- calls for greater market rel- of this eminent committee, ments, enterprises and non- evance and more effective such as George Connell and by Robert Page governmental organisations tools. Daniel Gagnier, and will could co-operate to achieve ISO/TC 207 work to build on their im- sustainable development. portant legacy. While a success against Continuity and It has been over 20 years since Ms. Gro Harlem can get even any measure, ISO/TC 207 and its ISO 14000 family of change should not be viewed as Brundtland  authored Our standards now compete in a competing visions Common Future, the semi- nal report of the United Na- better more crowded market-place addressing a myriad of envi- tions Commission on Envi- ronmental and sustainabil- Continuity and change ronment and Development. Dr. Robert Page has succeeded ity issues. should not be viewed as This report introduced the Mr. Daniel Gagnier as the new competing visions, but as concept of sustainable de- Chair of ISO/TC 207. Dr. Page is velopment to the world as Integrative thinking a necessary and powerful currently the TransAlta Professor reality in today’s world. “ d evelopment that meets of Environmental Management New challenges include the In ISO/TC 207, the axiom the needs of the present and Sustainability, Energy and En- “ f ragmentation ” of environ- “ t hings must change so they without compromising the vironmental Systems Group, Insti- mental issues and analysis – can remain the same ” is an ability of future generations tute for Sustainable Energy, Envi- which needs to be balanced operating principle. to meet their own needs ” . ronment, & Economy, University with integrative thinking of Calgary, Canada, where he is that recognizes inter-rela- Within this context, it is my Ms. Bruntland’s report rec- also an Adjunct Professor in the tionships and cause-effect sincere belief that the col- ognized that sustainable Haskayne School of Business. He relationships. lective expertise, ability and development in practice re- is also the acting Chair of the Go- quired the integration, or a commitment of our stand- vernment of Canada’s National The need for public cred- systems view, of economy, ards experts – from all walks Round Table on the Environment ibility and market relevance society and environment. of life and corners of the and the Economy (NRTEE). has never been greater, but It recognized the needs of world – can and will increase must be balanced against He is known nationally and interna- the “ sustainability footprint ” the world’s poor and the in- the rigour and decentral- herent limitations on what tionally for his work on energy and ized participation inherent of ISO standards. • the environment in areas such as the Earth’s environment in the ISO process. The role climate change, emissions trading, can support. Organizations of developing countries, and biodiversity and protected spaces, large and small, governmen- their active participation, environmental impact assessment, tal, business or non-govern- in ISO and ISO/TC 207 re- and policy and regulation. mental, have been trying to mains critical not only our operationalize the concept Dr. Page has served for the Govern- Contact : ISO/TC 207 Secretary, credibility, but also to find- of sustainable development ment of Canada in international nego- Kevin Boehmer. ing consensus on global en- ever since. tiations on the Conference of the Par- vironmental issues. E-mail kevin.boehmer@csa.ca ties for the Kyoto Protocol, the North Since 1996, ISO/TC 207 American Free Trade negotiations, and ISO/TC 207 is built on in- Web www.tc207.org standards have made a trade and the environment. credible foundations – its Web www.csa.ca ISO Management Systems – January-February 2009  5
  • 8. © ISO Management Systems, www.iso.org/ims SPECIAL REPORT Information security management systems for small and medium-sized enteprises Although many large organizations have been quick to see the benefits of ISO/IEC 27001:2005 – the information security management system standard – many SMEs have been slow adopters because of a lack of basic advice in its implementation. This will change with development of a new ISO handbook to demystify the process, due for publication by Edward Humphreys in 2009. Visiting Professor Edward Humphreys (FH University of Applied Science, Hagenberg, Upper Austria), is Convenor of ISO/IEC JTC 1, Information technology, subcommittee SC 27, IT security techniques, working group WG 1, Information security management systems. E-mail edwardj7@msn.com 6  ISO Management Systems – January-February 2009
  • 9. © ISO Management Systems, www.iso.org/ims SPECIAL REPORT ISO/IEC 27001:2005, Infor- IEC 27001 implementation ISO/IEC 27002 Yes Partial No Comments mation technology – Secu- does not need to be costly or Control Questions rity techniques – Information resource intensive. security management systems Step-by-step ISMS implemen- – Requirements, is one of a tation enables the SME to be Do you have software 4 Not all the family of information security implemented in your computers able to achieve a basic level management systems (ISMS) computers to detect, in the busi- of cost-effective protection prevent and recover from ness have standards (see box) for use by without much effort. And by fol- a malicious code attack this software all organizations regardless of (e.g. from a virus attack) ? installed. lowing two to three more steps, size and sector. the organization can achieve a Do all your staff know 4 Well over 5  000 organizations fully ISO/IEC 27001-conform- about the dangers of ing ISMS when appropriate to malicious code attack (e.g. have already certified their from a virus attack) and ISMS in conformity with ISO/ the business. are they trained in the use IEC 27001, and many more are of the software used to detect, prevent and recover in process of doing so – testi- Basic protection from such attacks ? mony to its broad applicability in helping protect business All organizations need a base- Do you regularly update 4 the software used to assets and information, and the line of security to provide a detect, prevent and recover reason why the ISMS strandard minimum level of protection. from a malicious code has become the common infor- For example, virus attacks can attack (e.g. from a virus attack) ? mation security language within threaten any organization, and between many different including SMEs. They should types of enterprise. have back-up systems in place to protect against information Figure 1 – Example of a typical information security gap analysis. However, while many large loss or destruction, and ensure organizations have been quick physical protection of person- • protection of personnel data Risk assessment to see the benefits, many small nel data and equipment. and company records. to medium sized enterprises The objective of a risk assess- (SMEs) are still slow to adopt Implementing a basic level of ment is to identify the risks the standard because of a lack protection is an appropriate confronting an SME so that an of basic advice on its imple- SMEs are still slow starting point for any SME, appropriate set of information mentation. to adopt ISO/IEC 27001 beginning with a simple gap security controls can be imple- analysis to identify the protec- mented to reduce those risks Help will shortly be at hand tion already in place, and what to an acceptable level. following the development of a it lacks. Above is a typical gap ISO/IEC 27002:2005 provides a Yet risk assessment is seen new ISO handbook designed to analysis checklist using the code of practice that describes by many SMEs as a formida- provide much needed guidance controls listed in ISO/IEC the necessary controls for basic ble and time-consuming task on ISO/IEC 27001 implementa- 27002 (see Figure 1). protection, including  : requiring substantial resources. tion for SMEs from all sectors, due for publication in 2009. This • a policy for high level informa- It does not need to be so. To tion security management ; ISMS policy extend SME information pro- article provides a preview. tection beyond the baseline • user awareness ; An information security policy level requires a risk assessment Two approaches statement can be a one-page • antivirus software ; exercise. However, the steps document from senior manage- involved are quite straight- The handbook will offer a • backup ; ment listing policy objectives forward as explained in the “  tep-by-step  or “  ll-at-once  s ” a ” and commitment, displayed in • access controls ; forthcoming ISO handbook. approach to implementation the organization’s premises. depending on the SME • p h y s i c a l p r o t e c t i o n o f This is a simple but effective The baseline controls men- resources available. It explains premises and commercially daily reminder to employees tioned are designed to reduce that, irrespective of the size sensitive paper-based files of the importance of informa- specific risks – such as anti- and nature of the SME , ISO/ and documents ; tion security. virus software to reduce the ISO Management Systems – January-February 2009  7
  • 10. © ISO Management Systems, www.iso.org/ims SPECIAL REPORT risk of a virus attack, back-ups to minimize the risk of data The ISO/IEC 27000 family loss through system failures, physical protection to lower the risk of equipment and The ISO/IEC 2700 family of information security management standards currently comprises four documentation theft. publications : ISO/IEC 27001:2005, Information technology – Security techniques – Information security management systems – Requirements ISO/IEC 27001 implementation does not ISO/IEC 27002:2005, Information technology – Security techniques – Code of practice for information need to be costly security management ISO/IEC 27005:2008, Information technology – Security techniques – Information security risk management ISO/IEC 27006:2007, Information technology – Security techniques – Requirements for bodies providing Typical vulnerabilities identi- audit and certification of information security management systems fied by risk assessment can include : The principal standard, ISO/IEC 27001:2005, covers all types of organizations (e.g. commercial enterprises, • On-line information theft government agencies, not-for-profit organizations), and specifies the requirements for establishing, imple- and fraud menting, operating, monitoring, reviewing, maintaining and improving a documented information security management system within the context of the organization’s overall business risks. This inclues on-line auction frauds, “ phishing ” (e-mail It specifies requirements for the implementation of security controls customized to the needs of indi- disguised as official bank vidual organizations or parts thereof. communication), “ 4 19 ” scam ISO/IEC 27001:2005 is designed to ensure the selection of adequate and proportionate security letters, and numerous other controls that protect information assets and give confidence to interested parties, and is intended to deceptions designed to lure be suitable for several different types of use, including the following : users to part with personal information, bank and credit • use within organizations to formulate security requirements and objectives card details, social security numbers or passwords. • use within organizations as a way to ensure that security risks are cost effectively managed • use within organizations to ensure compliance with laws and regulations • System failures • use within an organization as a process framework for the implementation and management of These can can shut down an controls to ensure that the specific security objectives of an organization are met SME’s IT system and disrupt normal business activity for • definition of new information security management processes days with possibly serious • identification and clarification of existing information security management processes effects on revenue and com- petitiveness. • use by the management of organizations to determine the status of information security manage- ment activities • Software problems • use by the internal and external auditors of organizations to determine the degree of compliance These includes bugs, viruses, with the policies, directives and standards adopted by an organization out of date programs and unauthorised access which • use by organizations to provide relevant information about information security policies, directives, can compromise information standards and procedures to trading partners and other organizations with whom they interact for security. operational or commercial reasons • implementation of business-enabling information security • Misuse of company resources • use by organizations to provide relevant information about information security to customers. These can done by external users or SME staff, whether accidental or intentional, and 8  ISO Management Systems – January-February 2009
  • 11. © ISO Management Systems, www.iso.org/ims SPECIAL REPORT can result in breaches of infor- mation security. • Delayed response to security incidents Immediate reporting of any potential security risks should be routine with measures taken to correct the problem before it can have a negative impact on the organization. The risk assessment should only focus on those areas requiring protection to avoid unnecessary expenditure on information security solutions covering less risky areas of the business. Regardless of the measures taken, it is impossible to reduce information security risks to zero. The SME should imple- ment the necessary controls to reduce the risks to an accept- able residual level without overspending on information security measures. There is a Maintaining an ISMS the new risks. Regular reviews point at which the benefits not only ensure the continuing gained are outweighed by the Implementing the controls set It is impossible to reduce effectiveness of the system, but cost of implementing more and out in ISO/IEC 27001 is an information security risks to can be far more cost effective more security. important aspect of protect- zero than more substantial periodic ing information, but just as system upgrades. important is maintaining the The new handbook will day-to-day effectiveness of Better protection Managing its information demystify the ISMS. If the system is not security enables an SME to regularly managed then the In this article, I have high- ISO/IEC 27001 make system improvements investment in security can be lighted some of the advice and upgrades when necessary wasted. given in the forthcoming ISO to protect its investment in handbook. It will also include security. This involves regular checklists, scorecards and case monitoring, and reviewing studies to help SMEs focus on any changes in operations the key aspects of protecting that might affect the level their business information of protection that has been using ISO/IEC 27001 as the implemented. ISMS tool. In essencethe new If changes in business condi- handbook will help to simplify tions are significant enough to and demystify ISO/IEC 27001 increase information security requirements and give SMEs risks, then the SME will have a clearer understanding of to consider changing the set how best to protect their busi- of ISMS controls to counter nesses. • ISO Management Systems – January-February 2009  9
  • 12. © ISO Management Systems, www.iso.org/ims ISO INSIDER ISO publishes new edition ISO/TC 176, which is respon- sible for the ISO 9000 fam- Although certification of con- formity to ISO 9001 is not of ISO 9001 ily, unites expertise from 80 participating countries and a requirement of the stand- ard, it is frequently used in 19 international or regional both public and private sec- organizations, plus other tech- tors to increase confidence by Roger Frost nical committees. The review in the products and services of ISO 9001 resulting in the provided by certified organi- 2008 edition was carried out zations, between partners in by subcommittee SC 2 of ISO/ business-to-business relations, TC 176. in the selection of suppliers in supply chains and in the right to tender for procurement User survey contracts. Up to the end of This review has benefited from December 2007, at least 951   86 4 a number of inputs, including ISO 9001:2000 certificates had the following : a justification been issued in 175 countries study against the criteria of and economies. ISO Guide 72:2001, Guidelines for the justification and devel- opment of management system standards ; feedback from the ISO has also developed ISO/TC 176 interpretations an introduction and support process ; a two-year systematic package review of ISO 9001:2000 within ISO/TC 176 / SC2  ; a worldwide user survey carried out by ISO/ ISO (which does not itself ISO has published ISO 9001: experience of implementing TC 176/SC 2, and further data carry out certification) and 2008, the latest edition of the the standard worldwide and from national surveys. the International Accredita- International Standard used by introduces changes intended ISO Secretary-General Alan tion Forum (IAF) have agreed organizations in 175 countries as to improve consistency with Bryden commented : “ T he on an implementation plan to the framework for their quality the environmental manage- revised ISO 9001 results from a ensure a smooth transition of management systems (QMS). ment system standard, ISO structured process giving weight accredited certification to ISO 14001:2$004. ISO 9001:2008, Quality man- to the needs of users and to the 9001:2008. The details of the agement system – Require- All ISO standards – currently likely impacts and benefits of plan are given in a joint com- ments, is the fourth edition of more than 17  400 – are periodi- the revisions. ISO 9001:2008 muniqué by the two organiza- the standard first published in cally reviewed. Several factors is therefore the outcome of a tions which is available on the 1987 and which has become the combine to render a standard rigorous examination confirm- ISO Web site. global benchmark for provid- out of date, such as technologi- ing its fitness for use as the ISO 9001:2008, Quality man- ing assurance about the ability cal evolution, new methods and international benchmark for agement system – Requirements, to satisfy quality requirements materials, new quality and safe- quality management. costs 114 Swiss francs and is ty requirements, or questions and to enhance customer sat- available from ISO national of interpretation and applica- ISO/TC 176/SC 2 has also isfaction in supplier-customer member institutes (listed with tion. To take account of such developed an introduction and relationships. contact details on the ISO Web factors and to ensure that ISO support package of documents ISO 9001:2008 contains no new standards are maintained at the explaining what the differences site www.iso.org) and from ISO requirements compared to the state of the art, ISO has a rule are between ISO 9001:2008 Central Secretariat (sales@iso. 2000 edition, which it replaces. requiring them to be periodi- and the year 2000 version, why org). • It provides clarifications to the cally reviewed and a decision and what they mean for users. existing requirements of ISO taken to confirm, withdraw or These documents are available 9001:2000 based on eight years’ revise the documents. on the ISO Web site. 10  ISO Management Systems – January-February 2009
  • 13. © ISO Management Systems, www.iso.org/ims ISO INSIDER ISO launches video clip : “  he ISO 9000 T The ISO 9000 family is devel- oped and maintained by ISO 50001 – future family – Global management standards“ technical committee ISO/TC management 176, Quality management and quality assurance. system standard by Roger Frost The video concept was created for energy by Communication Services, ISO Central Secretariat (ISO/ by Edwin Pinero and ISO has just launched a video efficiency and effectiveness of CS). Post-production by Com- Jason Knopes clip in which users share their the ISO 9000 approach. munication and Information perspectives of earlier ISO services (ISO/CS) and Taurus ISO Secretary-General Alan Studio (sound). Geneva, Swit- 9001 editions and other stand- Bryden comments  : “  henever W zerland www.taurus-studio. ards in the ISO 9000 family the ISO 9000 family is evoked, com. Production input by True- which has become the global the emphasis is usually on ISO world Communications, Unit- benchmark for qualtiy manage- 9001 certification. This video is ed Kingdom,www.trueworld. ment systems. refreshing because the users media.officelive.com The ISO 9000 family – Global emphasize the importance and management standards takes benefits of ISO 9000 aspects The ISO 9000 family – Glo- the form of a fictional televi- such as management commit- bal management standards sion business news report on ment, metrics, customer focus, can be downloaded free of ISO 9000 in which real users continual improvement, knowl- charge from ISO’s Web site. speak from their personal edge transfer, cost savings and It is also available (Eng- experience in the varied con- the eight quality management lish only) in high resolu- texts of multinational industry, principles.” tion on DVD in PAL (ISBN a humanitarian aid organiza- 978-92-67-10485-0) and NTSC tion and a police department, (ISBN 978-92-67-10486-7) which ISO says underlines versions for being shown in the combination of flexibility, Users emphasize the conference settings. The DVD importance and benefits version is also free, although of ISO 9000 aspects postage and handling will be charged. It is available from ISO national member institutes (listed with contact The video includes details on the ISO Web site ISO has identified energy interviews with www.iso.org) and from ISO management as one of the ISO 9000 users Central Secretariat (sales@ top five fields 1) meriting the from : the inter- iso.org). • development and promotion national oil and of International Standards. gas industry ; the Effective energy management Cambodia Trust, is a priority focus because of a humanitarian the significant potential to aid organization save energy and reduce green- with headquar- house gas (GHG) emissions ters in the United worldwide. Kingdom, and the Phoenix Police 18.12.20 08 10 :49:00 1) Priorities also include calculation Department, Ari- methods, biofuels, retrofitting and refurbishing, and buildings as zona, USA. determined by the ISO Council Standing - ISO 90 01_clip.i ndd 1 Committee on Strategies Energy Task ace CD Force in 2007. ISO Management Systems – January-February 2009  11 18.12.2008 10:46:52
  • 14. © ISO Management Systems, www.iso.org/ims ISO INSIDER Existing ISO standards for A pressing need International framework quality management systems The future ISO 50001 will estab- (ISO 9000 series) and envi- lish an international frame- The authors ronmental management sys- work for industrial and com- tems (ISO 14000 series) have mercial facilities, or entire successfully stimulated sub- companies, to manage all stantial, continual efficiency aspects of energy, includ- improvements within organi- ing procurement and use. zations around the globe. An The standard will provide energy management standard organizations and com- is expected to similarly achieve panies with technical and major, long-term increases in management strategies to energy efficiency – 20  % or “  he urgency to reduce T increase energy efficiency, more in industrial facilities 2). GHG emissions, the reality reduce costs, and improve of higher prices from reduced environmental performance. Edwin Pinero Jason Knopes availability of fossil fuels, is Chair of is Secretary of Based on broad applicability ISO 50001 will provide and the need to promote ISO/PC 242. ISO/PC 242. across national economic sec- strategies to increase energy efficiency and the use of tors, the standard could influ- efficiency, reduce costs, renewable energy sources ence up to 60 % of the world’s and improve environmental provide a strong rationale energy demand3). Corporations, It is envisioned that the future for developing this new performance supply chain partnerships, utili- standard will provide organi- standard, building on the most advanced good practices ties, energy service companies, zations and companies with and existing national or and others are expected to use a recognized framework for Early on, the United Nations regional standards.” ISO 50001 as a tool to reduce integrating energy efficiency Industrial Development Organ- energy use and carbon emis- into their management prac- ization (UNIDO) recognized Alan Bryden sions in their own facilities tices. Multi-national organi- industry’s need to mount an ISO Secretary-General (as well as those belonging zations will have access to a effective response to climate 2003-2008 to their customers or suppli- single, harmonized standard change and to the proliferation ers) and to benchmark their for implementation across the of national energy manage- achievements. organization with a logical and Discussions between US ment standards. consistent methodology for experts and ISO’s US mem- As part of the standard devel- In March 2007, UNIDO hosted identifying and implementing ber, the American National opment process, ISO/PC 242 a meeting of experts, includ- energy efficiency improve- Standards Institute (ANSI) led will define relevant terms and ing representatives from the ments. The standard will also : to a formal proposal for ISO to develop management system ISO Central Secretariat and establish a committee on this requirements along with pro- • a s s i s t o r g a n i z a t i o n s i n nations that have adopted subject. In February 2008, the viding guidance for use, imple- making better use of their energy management standards. ISO Technical Management mentation, measurement, and existing energy-consuming That meeting led to submission Board (TMB) approved the metrics associated with the assets ; of a UNIDO communication establishment of a new project standard. • offer guidance on bench- to the ISO Central Secretariat committee, ISO/PC 242, Energy To provide compatibility and marking, measuring, doc- requesting that ISO consider management, to develop the integration opportunities with umenting, and reporting undertaking work on an inter- future ISO 50001 management other management systems, it energy intensity improve- national energy management system standard for energy. is anticipated that the standard ments and their projected standard. ANSI is serving as the commit- will foster the same manage- impact on reductions in tee Secretariat in partnership ment system principles of con- GHG emissions ; 2) McKane, et al, 2007 in UNIDO with ISO’s national member tinual improvement and use publication, Policies for Promoting for Brazil, Associação Bra- the Plan-Do-Check-Act cycle 3) International Energy Agency Industrial Energy Efficiency in International Energy Outlook 2007, Developing Countries and Transition sileira de Normas Técnicas employed in ISO 9001 and industrial and commercial world energy Economies, V.08-52434-April 2008. (ABNT). ISO 14001. use 12  ISO Management Systems – January-February 2009
  • 15. © ISO Management Systems, www.iso.org/ims ISO INSIDER • create transparency and facilitate communication on country’s national mirror com- mittee which will coordinate How ISO contributes the management of energy the country’s participation to a sustainable world resources ; in developing the standard. Contact information for ISO • promote energy manage- by Roger Frost members in each country is ment best practice and rein- available on ISO’s Web site force good energy manage- www.iso.org. ment behaviour ; Countries wishing to actively ISO has just published a new The brochure is entitled How • assist facilities in evaluating participate and send repre- brochure providing a concise ISO’s technical programme and and prioritizing the imple- sentatives to ISO/PC 242 meet- overview of how ISO’s techni- standards contribute to a sus- mentation of new energy- ings should confirm their par- cal programme, which has so tainable world. It explains how efficient technologies ; ticipation status with the ISO far produced more than 17 400 International Standards of the • provide a framework for Central Secretariat (contact International Standards, contrib- type developed by ISO, based promoting energy efficien- Trevor Vyze – vyze@iso.org) ute to a sustainable world. on a double level of consen- cy throughout the supply and should also inform the sus, between stakeholders and chain ; ISO – a multi-sector, multi-stake- ISO/PC 242 Secretary, Jason between countries, contribute to holder international organization • facilitate energy manage- Knopes, of ANSI (JKnopes@ the three dimensions of sustain- – is the leader for the production ment improvements in the ansi.org) and Co-Secretary able development – economic, of consensus-based International context of GHG emission Felipe Viera, of ABNT, (Felipe. environmental and social. They : Standards. ISO’s membership reduction projects. Vieira@abnt.org.br). • comprises the national standards • support the facilitation of The first meeting of ISO/PC bodies of 157 countries. This net- global trade, the dissemina- 242 was held on 8-10 Septem- work is complemented by more tion of new technologies, ber 2008 near Washington D.C. than 600 international and good business practices and The meeting was attended by regional partners and the partici- the relations between eco- more than 80 delegates from 25 pation of close to 100 000 experts. nomic actors ; ISO national member bodies from all regions of the world, as well as representation from UNIDO, which has liaison status with ISO/PC 242. Excellent progress was made in the technical discussions and a first working draft has already been circulated for comment. A major point of discussion is the need to ensure compatibility with the existing suite of ISO management system standards. The committee therefore took the key decision to base the draft on the common elements found in all of ISO’s manage- ment system standards. The 2nd ISO/PC 242 meeting will take place in Rio de Janeiro, Brazil in March 2009. Energy leaders are encour- aged to participate in their Brochure_sustainable_world.indd C1 29.09.2008 17:26:03 ISO Management Systems – January-February 2009  13
  • 16. © ISO Management Systems, www.iso.org/ims ISO INSIDER ISO Guide will help reduce environmental impacts of products 7:06 08 17:2 by Sandrine Tranchard, 29.09.20 able_wo rld.indd 9 Communication Officer, ISO Central Secretariat _sustain Brochure Brochure _sustaina ble_world .indd 2 ISO has published an up- This Guide is intended for 29.09.20 08 17:2 6:26 dated edition of its guide to use by all those involved in Brochure_sustainable_world.indd 6 29.09.2008 17:26:40 reducing the potential envi- the drafting of product stand- ronmental impact of products ards. Standards writers are • support good environmental tees developing standards for by taking environmental as- not expected to become en- practice and information, energy, food, water, the environ- pects into account in product vironmental experts but, by energy efficiency and the ment, health, fire safety, building, standards. using this Guide, they are en- dissemination of new, eco- transport, nanotechnologies, couraged to : friendly and energy per- social responsibility and people Every product has an impact formance technologies ; with disabilities. on the environment during all • identify and understand stages of its life-cycle, from basic environmental aspects • contribute to consumer It also describes how ISO’s extraction of resources to and impacts related to the protection, safety at work, standardization work benefits end-of-life treatment and the product under considera- healthcare, security and from strategic management and need to reduce the potential tion ; and other social interests which policy inputs that also contribute adverse impacts on the envi- may require technical or to sustainability. These inputs • determine when it is pos- ronment of a product is rec- management standards for come from the TMB and ISO sible and when it is not ognized around the world. the related products and policy development committees possible to deal with an services. for consumer affairs, develop- The newly published ISO environmental issue through ing countries and conformity Guide 64:2008, Guide for a product standard. ISO Secretary-General Alan assessment. addressing environmental is- Bryden commented  : “While sues in product standards, is However, the identification of the content of the majority of How ISO’s technical pro- a practical tool for address- these aspects and the pre- ISO standards is technical, their gramme and standards contrib- ing these issues, as well as diction of their impacts is a implementation goes beyond ute to a sustainable world, 20 a contribution to sustainable complex process. When writ- solving technical problems to pages, A5 landscape format, international trade. ing a product standard, it is delivering positive results in is available in English (ISBN economic, environmental and 978-92-67-10484-3) and French societal spheres.” (ISBN 978-92-67-20484-0) edi- tions, free of charge, from ISO Survey national member institutes (list- ed with contact details on the The new brochure is based on ISO Web site www.iso.org) and a survey launched in 2007 by from ISO Central Secretariat the ISO Technical Management (sales@iso.org). It can also be Board (TMB) of the technical downloaded as a PDF file from committees that development the ISO Web site. • ISO standards.  They were asked how they felt their standards contributed to sustainable development. The brochure gives a selection of examples provided by commit- 14  ISO Management Systems – January-February 2009
  • 17. © ISO Management Systems, www.iso.org/ims ISO INSIDER important to ensure that an evaluation as to how products potential adverse environ- mental impacts at different Material flow cost accounting can affect the environment at stages of the entire product with ISO 14051 different stages of their life- life-cycle ; cycle is carried out as early • emphasize that taking into as possible in the process of by Katsuhiko Kokubu, Marcelo Kos Silveira Campos, Yoshikuni account environmental developing the standard. Furukawa, and Hiroshi Tachikawa issues in product standards is a complex process and Step-by-step requires balancing compet- ing priorities ; ISO Guide 64:2008 proposes a step-by-step approach, based • recommend the use of life- on the principle of life-cycle cycle analysis when defining analysis, in order to promote environmental provisions a reduction of potential ad- for a product for which a verse environmental impacts standard is being drafted ; caused by products. and The implementation of ISO • to promote the future devel- Guide 64:2008 will help to opment of relevant sector make standards writers aware guides for addressing envi- of how it is possible to make ronmental issues in prod- an effective contribution to uct standards by standards environmental improvement writers, consistent with the through a product standard, principles and approaches and how to reduce potential of this Guide. adverse environmental im- pacts of products. Taking into account Through a helpful tool (the environmental issues environmental checklist), the in product standards writer of product standards is complex can assess the relevant prod- uct environmental aspects, based on the availability of ISO Guide 64: 2008, Guide environmental information, for addressing environmental product and environmental issues in product standards, knowledge and the applica- was developed by the Work- tion of life-cycle analysis. Material flow cost account- ment, is currently working on ing Group, Inclusion of envi- ing (MFCA), an environmen- the development of ISO 14051, Primarily intended for prod- ronmental aspects in product tal management accounting Environmental management – uct standards writers, the ob- standards, ISO/TC 207, En- developed in Germany in the Material flow cost accounting jectives of ISO Guide 64:2008 vironmental management. It late 1990s and since adopted – General framework, targeted are to : costs 132 Swiss francs and is widely in Japan, focuses on trac- for publication early in 2011. available from ISO national • outline the relationship ing waste, emissions and non- member institutes (listed with ISO 14051 will be complemen- between the provisions in products, and can help boost an contact details on the ISO tary to the ISO 14000 fam- product standards and the organization’s economic and Web site www.iso.org) and ily of environmental manage- environmental aspects and environmental performance. from ISO Central Secretariat ment system standards (EMS), impacts of the product ; (sales@iso.org). • To standardize MFCA practices, including life cycle assessment • assist in drafting or revis- working group (WG) 8 of ISO (ISO 14040, ISO 14044), envi- ing provisions in product technical committee ISO/TC ronmental performance evalu- standards in order to reduce 207, Environmental manage- ation (ISO 14031), and the ISO Management Systems – January-February 2009  15