▷ About ISO

▷ ISO (International Organization for Standardization) is the world’s largest developer and publisher of International Standards. ISO is a network of the national standards institutes of 162 countries, one member per country, with a Central Secretariat in Geneva, Switzerland, that coordinates the system. ISO is a non-governmental organization that forms a bridge between the public and private sectors. On the one hand, many of its member institutes are part of the governmental structure of their countries, or are mandated by their government. On the other hand, other members have their roots uniquely in the private sector, having been set up by national partnerships of industry associations. Therefore, ISO enables a consensus to be reached on solutions that meet both the requirements of business and the broader needs of society.

▷ Why standards matter

Standards make an enormous and positive contribution to most aspects of our lives. Standards ensure desirable characteristics of products and services such as quality, environmental friendliness, safety, reliability, efficiency and interchangeability – and at an economical cost. When products and services meet our expectations, we tend to take this for granted and be unaware of the role of standards. However, when standards are absent, we soon notice. We soon care when products turn out to be of poor quality, do not fit, are incompatible with equipment that we already have, are unreliable or dangerous. When products, systems, machinery and devices work well and safely, it is often because they meet standards. And the organization responsible for many thousands of the standards which benefit the world is ISO.

▷ Why conformity assessment is important

“Conformity assessment” means checking that products, materials, services, systems, processes or people measure up to the specifications of a relevant standard or specification.Today, many products require testing for conformity with specifications orcompliance with safety, or other regulations before they can be put on manymarkets. ISO guides and standards for conformity assessment represent an international consensus on best practice. Their use contributes to theconsistency of conformity assessment worldwide and so facilitates trade. ▷ What “international standardization” means

When the large majority of products orservices in a particular business or industry sector conform to InternationalStandards, a state of industry-wide standardization exists. The economicstakeholders concerned agree on specifications and criteria to be appliedconsistently in the classification of materials, in the manufacture and supplyof products, in testing and analysis, in terminology and in the provision ofservices. In this way, International Standards provide a reference framework,or a common technological language, between suppliers and their customers.This facilitates trade and the transfer of technology.

SO 9001:2015

▷ Reasons for Use

The global adoption of ISO 9001 may be attributable to a number of factors. A number of major purchasers require their suppliers to hold ISO 9001 certification. In addition to several stakeholders’ benefits, a number of studies have identified significant financial benefits for organizations certified to ISO 9001, with a 2011 survey from the British Assessment Bureau showing 44% of their certified clients had won new business. Corbett et al (2005) showed that certified organizations achieved superior return on assets compared to otherwise similar organizations without certification. Heras et al (2002) found similarly superior performance and demonstrated that this was statistically significant and not a function of organization size. Naveh and Marcus (2007) showed that implementing ISO 9001 led to superior operational performance. Sharma (2005) identified similar improvements in operating performance and linked this to superior financial performance. Chow-Chua et al (2002) showed better overall financial performance was achieved for companies in Denmark. Rajan and Tamimi (2003) showed that ISO 9001 certification resulted in superior stock market performance and suggested that shareholders were richly rewarded for the investment in an ISO 9001 system.
While the connection between superior financial performance and ISO 9001 may be seen from the above, there remains no proof of direct causation, though longitudinal studies, such as those of Corbett et al (2005) may suggest it. Other writers such as Heras et al (2002) have suggested that while there is some evidence of this, the improvement is partly driven by the fact that there is a tendency for better performing companies to seek ISO 9001 certification.
The mechanism for improving results has also been the subject of much research. Lo et al (2007) identified operational improvements (cycle time reduction, inventory reductions, etc.) as following from certification. Buttle (1997) and Santos (2002) both indicated internal process improvements in organizations leading to externally observable improvements. Hendricks and Singhal (2001) results indicate that firms outperform their control group during the post implementation period and effective implementation of total quality management principles and philosophies leads to significant wealth creation. The benefit of increased international trade and domestic market share, in addition to the internal benefits such as customer satisfaction, interdepartmental communications, work processes, and customer/supplier partnerships derived, far exceeds any and all initial investment according to Alcorn.

▷ Background

ISO 9000 was first published in 1987. It was based on the BS 5750 series of standards from BSI that were proposed to ISO in 1979. Its history can however be traced back some twenty years before that when the Department of Defense published its MIL-Q-9858 standard in 1959. MIL-Q-9858 was revised into the NATO AQAP series of standards in 1969, which in turn were revised into the BS 5179 series of guidance standards published in 1974, and finally revised into being the BS 5750 series of requirements standards in 1979, before being submitted to ISO.
BSI has been certifying organizations for their quality management systems since 1978. Its first certification (FM 00001) is still extant and held by the Tarmac company, a successor to the original company which held this certificate. Today BSI claims to certify organizations at nearly 70,000 sites globally. The development of the ISO 9000 series is shown in the diagram to the right.

▷ Quality Management System Process Approach

This International Standard promotes the adoption of a process approach when developing, implementing and improving the effectiveness of a quality management system, to enhance customer satisfaction by meeting customer requirements. Specific requirements considered essential to the adoption of a process approach are included in 4.4.

Understanding and managing interrelated processes as a system contributes to the organization’s effectiveness and efficiency in achieving its intended results. This approach enables the organization to control the interrelationships and interdependencies among the processes of the system, so that the overall performance of the organization can be enhanced.

The process approach involves the systematic definition and management of processes, and their interactions, so as to achieve the intended results in accordance with the quality policy and strategic direction of the organization. Management of the processes and the system as a whole can be achieved using the PDCA cycle (see 0.3.2) with an overall focus on risk-based thinking (see 0.3.3) aimed at taking advantage of opportunities and preventing undesirable results.

The application of the process approach in a quality management system enables:

1. understanding and consistency in meeting requirements;
2. the consideration of processes in terms of added value;
3. the achievement of effective process performance;
4. improvement of processes based on evaluation of data and information.

Figure 1 gives a schematic representation of any process and shows the interaction of its elements. The monitoring and measuring check points, which are necessary for control, are specific to each process and will vary depending on the related risks.

▷ Plan-Do-Check-Act cycle

The PDCA cycle can be applied to all processes and to the quality management system as a whole.
Figure 2 illustrates how Clauses 4 to 10 can be grouped in relation to the PDCA cycle.

The PDCA cycle can be briefly described as follows:

• Plan: establish the objectives of the system and its processes, and the resources needed to deliver results in accordance with customers’ requirements and the organization’s policies, and identify and address risks and opportunities;
• Do: implement what was planned;
• Check: monitor and (where applicable) measure processes and the resulting products and services
  against policies, objectives, requirements and planned activities, and report the results;
• Act: take actions to improve performance, as necessary.

▷ Risk-based thinking

Risk-based thinking (see Clause A.4) is essential for achieving an effective quality management system.
The concept of risk-based thinking has been implicit in previous editions of this International Standard including, for example, carrying out preventive action to eliminate potential nonconformities, analyzing any nonconformities that do occur, and taking action to prevent recurrence that is appropriate for the effects of the nonconformity.

To conform to the requirements of this International Standard, an organization needs to plan and implement actions to address risks and opportunities. Addressing both risks and opportunities establishes a basis for increasing the effectiveness of the quality management system, achieving improved results and preventing negative effects. Opportunities can arise as a result of a situation favourable to achieving an intended result, for
example, a set of circumstances that allow the organization to attract customers, develop new products
and services, reduce waste or improve productivity. Actions to address opportunities can also include
consideration of associated risks. Risk is the effect of uncertainty and any such uncertainty can have positive or negative effects. A positive deviation arising from a risk can provide an opportunity, but not all positive effects of risk result in opportunities

ISO 14001:2015

▷ Development of the ISO 14000 series

▷ ISO14001 Environmental Management Systems Background

• protecting the environment by preventing or mitigating adverse environmental impacts;
• mitigating the potential adverse effect of environmental conditions on the organization;
• assisting the organization in the fulfilment of compliance obligations;
• enhancing environmental performance;
• controlling or influencing the way the organization’s products and services are designed, manufactured, distributed, consumed and disposed by using a life cycle perspective that can prevent environmental impacts from being unintentionally shifted elsewhere within the life cycle;
• achieving financial and operational benefits that can result from implementing environmentally sound alternatives that strengthen the organization’s market position;
• communicating environmental information to relevant interested parties.

▷ Success factors

▷ Plan-Do-Check-Act model

• Plan: establish environmental objectives and processes necessary to deliver results in accordance with the organization’s environmental policy.
• Do: implement the processes as planned.
• Check: monitor and measure processes against the environmental policy, including its commitments, environmental objectives and operating criteria, and report the results.
• Act: take actions to continually improve.

ISO 45001

0.1 Background

At the time of developing this International Standard, the International Labour Organization (ILO) estimates that 2.3 million people die every year from work-related accidents and diseases. An organization is responsible for the health and safety of its workers and that of other persons under its control who are performing work on its behalf, including promoting and protecting their physical and mental health. The adoption of an occupational health and safety (OH&S) management system is intended to enable an organization to improve its OH&S performance in the enhancement of health and safety at work and to manage its OH&S risks.

0.2 Aim of an OH&S management system

The purpose of an OH&S management system is to provide a framework for managing the prevention of death, work-related injury and ill health. The intended outcome is to prevent death, work-related injury and ill health to workers, to improve and provide a safe and healthy workplace for its workers and other persons under its control. An organization’s activities can pose a risk of death, work-related injury and ill health, consequently it is critically important for the organization to eliminate or minimize OH&S risks by taking effective preventive measures. When these measures are applied by the organization through its OH&S management system (supported by the use of appropriate controls, methods and tools, at all levels in the organization) they improve its OH&S performance. It can be more effective and efficient to take early action to address potential opportunities for improvement of OH&S performance.

An OH&S management system can enable an organization to improve its OH&S performance by:

1. developing and implementing an OH&S policy and OH&S objectives;
2. ensuring top management demonstrate leadership and commitment with respect to the OH&S management system;
3. establishing systematic processes which consider its context (see A.4.1) and which take into account its risks and its opportunities;
4. determining the hazards and OH&S risks associated with its activities; seeking to eliminate them, or putting in controls to minimize their potential effects;
5. establishing operational controls to eliminate or minimize its OH&S risks;
6. increasing awareness of its OH&S hazards and risks, and associated operational controls, through information, communication and training;
7. evaluating its OH&S performance and seeking to improve it;
8. establishing and developing the necessary competencies;
9. developing and supporting an occupational health and safety culture in the organization;
10. ensuring that workers, and where they exist, workers’ representatives, are informed, consulted and participate.

An OH&S management system can assist an organization to fulfil its applicable legal requirements.

0.3 Success factors

The implementation of an OH&S management system is a strategic and operational decision for an organization. The success of the OH&S management system depends on leadership, commitment and participation from all levels and functions of the organization. The implementation and sustainability of an OH&S management system, its effectiveness and its ability to achieve its objectives are dependent on a number of key factors which can include:

1. top management leadership and commitment;
2. top management developing, leading and promoting a culture in the organization that supports the OH&S management system;
3. participation of workers, and where they exist, workers’ representatives;
4. processes for communication and consultation;
5. allocation of the necessary resources for its sustainability;
6. clear OH&S policies, which are compatible with the overall strategic objectives and direction of the organization;
7. the integration of the OH&S management system into the organization’s business processes;
8. the continual evaluation and monitoring of the OH&S management system to improve OH&S performance;
9. OH&S objectives that align with the OH&S policies and reflect the organization’s OH&S hazards and risks;
10. awareness of its applicable legal requirements and other requirements;
11. effective processes for identification of OH&S hazards, control of the OH&S risks and taking advantage of OH&S opportunities.

This International Standard, like other International Standards, is not intended to increase or change an organization’s legal requirements.

Demonstration of successful implementation of this International Standard can be used by an organization to give assurance to workers and other interested parties that an effective OH&S management system is in place. Adoption of this International Standard, however, will not in itself guarantee optimal outcomes.

The level of detail, the complexity, the extent of documented information, and the resources needed to ensure the success of an organization’s OH&S management system will depend on a number of factors, such as:

General

This International Standard specifies requirements for a quality management system that can be used by an organization involved in one or more stages of the life-cycle of a medical device, including design and development, production, storage and distribution, installation, servicing and final decommissioning and disposal of medical devices, and design and development, or provision of associated activities (e.g. technical support). The requirements in this International Standard can also be used by suppliers or other external parties providing product (e.g. raw materials, components, subassemblies, medical devices, sterilization services, calibration services, distribution services, maintenance services) to such organizations. The supplier or external party can voluntarily choose to conform to the requirements of this International Standard or can be required by contract to conform.

Several jurisdictions have regulatory requirements for the application of quality management systems by organizations with a variety of roles in the supply chain for medical devices. Consequently, this

International Standard expects that the organization:
– identifies its role(s) under applicable regulatory requirements;
– identifies the regulatory requirements that apply to its activities under these roles;
– incorporates these applicable regulatory requirements within its quality management system.

The definitions in applicable regulatory requirements differ from nation to nation and region to region.

The organization needs to understand how the definitions in this International Standard will be interpreted in light of regulatory definitions in the jurisdictions in which the medical devices are made available.

This International Standard can also be used by internal and external parties, including certification bodies, to assess the organization’s ability to meet customer and regulatory requirements applicable to the quality management system and the organization’s own requirements. It is emphasized that the quality management system requirements specified in this International Standard are complementary to the technical requirements for product that are necessary to meet customer and applicable regulatory requirements for safety and performance.

The adoption of a quality management system is a strategic decision of an organization. The design and implementation of an organization’s quality management system is influenced by the:

1. organizational environment, changes in that environment, and the influence that the organizational environment has on the conformity of the medical devices;
2. organization’s varying needs;
3. organization’s particular objectives;
4. product the organization provides;
5. processes the organization employs;
6. organization’s size and organizational structure;
7. regulatory requirements applicable to the organization’s activities.

It is not the intent of this International Standard to imply the need for uniformity in the structure of different quality management systems, uniformity of documentation or alignment of documentation to the clause structure of this International Standard.

There is a wide variety of medical devices and some of the particular requirements of this International Standard only apply to named groups of medical devices. These groups are defined in Clause 3.

• interactive communication;
• system management;
• prerequisite programmes;
• hazard analysis and critical control point (HACCP) principles.

• customer focus;
• leadership;
• engagement of people;
• process approach;
• improvement;
• evidence-based decision making;
• relationship management

Introduction

Move over ISO 9001/2/3. Here come ISO 10001/2/3! With a clear shift from assurance to satisfaction exhibited in the latest version of the ISO 9000 standards, it is hardly surprising that a brand new family of international Customer Satisfaction standards is in the works. Meant to complement an ISO 9001: 2000 Quality Management System (QMS) by providing a set of guidelines for the establishment of a Customer Satisfaction Complaints System (CSCS or (CS)2), this family consists of three standards, numbered ISO 10001, 2 and 3. Unlike the mutually-exclusive and now obsolete ISO 9001/2/3: 1994, ISO 10001/2/3 standards are interrelated, but can also be applied independently of each other and of ISO 9001: 2000 altogether (‘Dee et al., 2004’). The idea, which originally came from the Consumer Policy Committee (COPOLCO) of the International Organization for Standardization (ISO), is to offer advice to companies on developing customer satisfaction codes of conduct (ISO 10001), as well as on handling product-related complaints internally (ISO 10002) and externally (ISO 10003).

ISO 10002: Quality Management Guidelines for Complaints Handling in Organizations which is the latest quality management system standard to be released by the International Organization for Standardization, and focuses singly on processing customer complaints. A new ISO standard offers a solution for organizations on those occasions when the customer is dissatisfied with a product or service – guidelines for handling complaints in a manner that gives optimal results for both the organization and unhappy customer. ISO 10002:2004, Quality Management – Customer Satisfaction – Guidelines for Complaints Handling in Organizations, the standard is complete enough for stand-alone implementation, or in support of other quality management and customer satisfaction tools, including Customer Relation Management and Six Sigma. The standard gives complete guidance – including principles, issues for consideration and structural aspects – for the management of the overall complaints-handling process, with numerous checklists, sample forms, and practical examples.

Objectives:

ISO 10002 – Guidelines for complaints handling in organizations -What will you learn? By the end of the course you will be able to:

● Set out a clear case for measuring customer satisfaction
● Develop a plan to measure customer satisfaction
● Carry out customer measurement using both internal and external approaches
● Use the results from measurement to prioritize and focus change and/or improvement

Contents:

ISO 10002 Guide for Customer Handling, defines, what a “good” complaints handling process should be built upon.

● Define customer satisfaction
● Benefits of managing your customer relationship
● Importance of having clear measurement objectives
● The customer satisfaction measurement framework
● Current approaches to measuring customer satisfaction
● Indicators of customer satisfaction
● The customer survey
● Interpreting and using results
● Planning an approach to measuring customer satisfaction

ISO/IEC 27001 , part of the growing ISO/IEC 27001 family of standards, is an information security management system (ISMS) standard published in October 2005 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Its full name is ISO/IEC 27001:2005 – Information technology — Security techniques — Information security management systems — Requirements.

ISO/IEC 27001 formally specifies a management system that is intended to bring information security under explicit management control. Being a formal specification means that it mandates specific requirements. Organizations that claim to have adopted ISO/IEC 27001 can therefore be formally audited and certified compliant with the standard (more below).

How the standard works

Most organizations have a number of information security controls. However, without an information security management system (ISMS), controls tend to be somewhat disorganized and disjointed, having been implemented often as point solutions to specific situations or simply as a matter of convention. Security controls in operation typically address certain aspects of IT or data security specifically; leaving non-IT information assets (such as paperwork and proprietary knowledge) less protected on the whole. Moreover business continuity planning and physical security may be managed quite independently of IT or information security while Human Resources practices may make little reference to the need to define and assign information security roles and responsibilities throughout the organization.

ISO/IEC 27001 requires that management:

• Systematically examine the organization’s information security risks, taking account of the threats, vulnerabilities, and impacts;
• Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable; and
• Adopt an overarching management process to ensure that the information security controls continue to meet the organization’s information security needs on an ongoing basis.

While other sets of information security controls may potentially be used within an ISO/IEC 27001 ISMS as well as, or even instead of, ISO/IEC 27002 (the Code of Practice for Information Security Management), these two standards are normally used together in practice. Annex A to ISO/IEC 27001 succinctly lists the information security controls from ISO/IEC 27002, while ISO/IEC 27002 provides additional information and implementation advice on the controls.

Organizations that implement a suite of information security controls in accordance with ISO/IEC 27002 are simultaneously likely to meet many of the requirements of ISO/IEC 27001, but may lack some of the overarching management system elements. The converse is also true, in other words, an ISO/IEC 27001 compliance certificate provides assurance that the management system for information security is in place, but says little about the absolute state of information security within the organization. Technical security controls such as antivirus and firewalls are not normally audited in ISO/IEC 27001 certification audits: the organization is essentially presumed to have adopted all necessary information security controls since the overall ISMS is in place and is deemed adequate by satisfying the requirements of ISO/IEC 27001. Furthermore, management determines the scope of the ISMS for certification purposes and may limit it to, say, a single business unit or location. The ISO/IEC 27001 certificate does not necessarily mean the remainder of the organization, outside the scoped area, has an adequate approach to information security management.

Other standards in the ISO/IEC 27001 family of standards provide additional guidance on certain aspects of designing, implementing and operating an ISMS, for example on information security risk management (ISO/IEC 27005).

1. General

• understanding the organization’s needs and the necessity for establishing business continuity management policy and objectives
• implementing and operating controls and measures for managing an organization’s overall capability to manage disruptive incidents
• monitoring and reviewing the performance and effectiveness of the BCMS, and
• continual improvement based on objective measurement

1. a policy
2. people with defined responsibilities
3. management processes relating to 1) policy 2) planning 3) implementation and operation 4) performance assessment 5) management review, and 6) improvement
4. documentation providing auditable evidence: and
5. any business continuity management processes relevant to the organization.

ISO20000-1:2018
Information technology Service Management

Scope

1. General
The document specifies requirements for an organization to establish, implement, maintain and continually improve a service management system (SMS). The requirements specified in this document include the planning, design, transition, delivery and improvement of services to meet the service requirements and deliver value. This document can be used by:

1. a customer seeking services and requiring assurance regarding the quality of those services
2. a customer requiring a consistent approach to the service lifecycle by all its service providers, including those in a supply chain
3. an organization to demonstrate its capability for the planning, design, transition, delivery and improvement of services
4. an organization of monitor, measure and review its SMS and the services
5. an organization to improve the planning, design, transition, delivery and improvement of services through effective implementation and operation of an SMS
6. an organization or other party performing conformity assessments against the requirements specified in this document
7. a provider of training or advice in service management

The term “service” as used in this document refers to the service or services in the scope of the SMS. The term “organization” as used in this document refers to the organization in the scope of the SMS that manages and delivers services to customers. The organization in the scope of the SMS can be part of a larger organization, for example, a department of a large corporation. An organization that manages and delivers a service or services to internal or external customers can also be known as a service provider. Any use of the terms “service” or “organization” with a different intent is distinguished clearly in this document.

2. Application
All requirements specified in this document are generic and are intended to be applicable to all organizations, regardless of the organization’s type or size, or the nature of the services delivered. Exclusion of any of the requirements in clause 4 to 10 is not acceptable when the organization claims conformity to this document, irrespective of the nature of the organization.

Conformity to the requirements specified in this document can be demonstrated by the organization itself showing evidence of meeting those requirements.

The organization itself demonstrates conformity to clause 4 to 5. However, the organization can be supported by other parties. For example, another party can conduct internal audits on behalf of the organization or support the preparation of the SMS.

Alternatively, the organization can show evidence of retaining accountability for the requirements specified in this document and demonstrating control when other parties are involved in meeting the requirements in clause 6 to 10 (see 8.2.3). For example, the organization can demonstrate evidence of controls for another party who is providing infrastructure service components or operating the service desk including the incident management process.

The organization cannot demonstrate conformity to the requirements specified in this document if other parties are used to provide or operate all services, service components or processes within the scope of the SMS.

The scope of this document excludes the specification for products or tools. However, this document can be used to help the development or acquisition of products or tools that support the operation of an SMS.

ISO 10004 Quality management – Customer satisfaction – Guidelines for monitoring and measuring

0.1 General

One of the key elements of organizational success is the customer’s satisfaction with the organization and its products. Therefore, it is necessary to monitor and measure customer satisfaction.
The information obtained from monitoring and measuring customer satisfaction can help identify opportunities for improvement of the organization’s strategies, products, processes and characteristics that are valued by customers, and serve the organization’s objectives. Such improvements can strengthen customer confidence and result in commercial and other benefits.

This Technical Specification provides guidance to the organization on establishing effective processes for monitoring and measuring customer satisfaction.

0.2 Relationship with ISO 9001:2008

This Technical Specification is compatible with ISO 9001:2008, whose objectives it supports by providing guidance on monitoring and measuring customer satisfaction. This Technical Specification can help address specific clauses in ISO 9001:2008 related to customer satisfaction, namely those listed below.

a) ISO 9001:2008, 5.2, on customer focus: “Top management shall ensure that customer requirements are determined and are met with the aim of enhancing customer satisfaction.”

b) ISO 9001:2008, 6.1, b), on resource management: “’The organization shall determine and provide the resources needed (…) to enhance customer satisfaction by meeting customer requirements.”

c) ISO 9001:2008, 8.2.1, on customer satisfaction: “As one of the measurements of the performance of the quality management system, the organization shall monitor information relating to customer perception as to whether the organization has met customer requirements. The methods for obtaining and using this information shall be determined.”

d) ISO 9001:2008, 8.4, on analysis of data: “The organization shall determine, collect and analyse appropriate data to demonstrate the suitability and effectiveness of the quality management system and to evaluate where continual improvement of the effectiveness of the quality management system can be made. This shall include data generated as a result of monitoring and measurement and from other relevant sources. The analysis of data shall provide information relating to (…) customer satisfaction (…).”

This Technical Specification can also be used independently of ISO 9001.

0.3 Relationship with ISO 9004:2009

This Technical Specification is also compatible with ISO 9004:2009, which provides guidance on managing for the sustained success of an organization. This Technical Specification supplements the following guidance given in:

– ISO 9004:2009, Clause B.2, on customer focus, and
– ISO 9004:2009, 8.3.1 and 8.3.2, on determining needs, expectations and satisfaction of customers.

0.4 Relationship with ISO 10001, ISO 10002, ISO 10003

ISO 10001 contains guidance on codes of conduct for organizations related to customer satisfaction. Such codes can decrease the likelihood of problems arising and can eliminate causes of complaints and disputes which can decrease customer satisfaction.

ISO 10002 contains guidance on the internal handling of product-related complaints. This guidance can help to preserve customer satisfaction and loyalty by resolving complaints effectively and efficiently.

ISO 10003 contains guidance on the resolution of disputes regarding product-related complaints that could not be satisfactorily resolved internally. ISO 10003 can help to minimize customer dissatisfaction stemming from unresolved complaints.

Collectively, ISO 10001, ISO 10002 and ISO 10003 provide guidance which can help to minimize customer dissatisfaction and enhance customer satisfaction.

This Technical Specification complements ISO 10001, ISO 10002 and ISO 10003 by providing guidance on the monitoring and measuring of customer satisfaction. The information gained can guide the organization to take actions which can help to sustain or enhance customer satisfaction.

ISO/TS 29001 Petroleum, petrochemical and natural gas industries

0.1 General

Ever since the first oil-well was drilled in 1859, oil production has become a continuously complex and detailed process.

The ISO/TS 29001:2010 is quality management system that provides requirements for the design, development, production, installation, and service of products for the petroleum, petrochemical, and natural gas industries. This standard is designed to help these organizations ensure that they meet all requirements of customers and stakeholders.

The ISO/TS 29001:2010 standard is based on ISO 9001, and includes supplementary requirements highlighting defect prevention and the reduction of deviation and waste from service providers.

The ISO/TS 29001:2010 was developed as the result of cooperation between the American Petroleum Institute (API) and ISO technical committee ISO/TC 67

The adoption of a quality management system should be a strategic decision of an organization. The design and implementation of an organization’s quality management system is influenced by varying needs, particular objectives, the products provided, the processes employed and the size and structure of the organization. It is not the intent of this International Standard to imply uniformity in the structure of quality management systems or uniformity of documentation.
The quality management system requirements specified in this International Standard are complementary to requirements for products. Information marked “Mote” is for guidance in understanding or clarifying the associated requirement.

This International Standard can be used by internal and external parties, including certification bodies, to assess the organization’s ability to meet customer, regulatory and the organization’s own requirements.

The quality management principles stated in ISO9000 and ISO9004 have been taken into consideration during the development of this International Standard.

0.2 Process approach

This International Standard promotes the adoption of a process when developing, implementing and improving the effectiveness of a quality management system, to enhance customer satisfaction by meeting customer requirements.

For an organization to function effectively. It has to identify and manage numerous linked activities. An activity using resources, and managed in order to enable the transformation of inputs into outputs into outputs, can be considered as a process. Often the output from one process directly forms the input to the next

The application of a system of processes within an organization, together with the identification of these processes, and their management, can be referred to as the “process approach”.

An advantage of the process approach is the ongoing control that it provides over the linkage between the individual processes within the system of processes, as well as over their combination and interaction.

When used within a quality management system, such an approach emphasizes the importance of
a) understanding and meeting requirements,
b) the need to consider processes in terms of added value,
c) obtaining results or process performance and effectiveness, and
d) continual improvement of processes based on objective measurement.

The model of a process-based quality management system shown in Figure 1 illustrates the process linkages presented in clauses 4 to 8. This illustration show that customers play a significant role in defining requirements as inputs. Monitoring of customer satisfaction requires the evaluation of information relating to customer perception as to whether the organization has met the customer requirements. The model shown in Figure 1 covers all the requirements of this International Standard, but does not show processes at a detailed level.

ISO 21500 Guidance on project Management

▷ Introduction

This International Standard provides guidance on concepts and processes of project management that are important for, and have impact on, the performance of projects.

The target readership for this International Standard is the following:

• senior managers and project sponsors, in order to provide them with a better understanding of the principles and practice of project management and to help them give appropriate support and guidance to their project managers, project management teams and project teams;
• project managers, project management teams and project team members, so that they have a common basis upon which to compare their project standards and practices with those of others;
• developers of national or organizational standards, for use in developing project management standards, which are consistent at a core level with those of others.

▷ Overview

ISO 21500 was developed to offer guidance on the concepts and processes of project management with the goal of implementing processes and best practices to improve project management performance. While, the standard describes important concepts and processes of project management it does not provide detailed guidance and general management topics are limited to relevant aspects of project management. The standard as developed by the ISO was modeled on the Project Management Institute’s Body of Knowledge (PMBoK), although there are some key differences.
The ISO project management standard is only 47 pages long and is limited to the introduction of the processes, their inputs, and their outputs. The PMI standard is more than 450 pages in length and describes processes, inputs, outputs and associated tools and techniques. Both organizations use the concept of process as an integral part of project management. ISO and PMI segregate project processes into five process groups with some minor variances in labeling. The differences between the two standards is minimal with respect to process groups and subjects/knowledge areas. The substantive difference in the two standards is with the detail and description of tools and techniques, because ISO 21500:2012 do not provide it. Another major change is the introduction of a new subject by ISO, namely, “stakeholder management”

The guidance provided by this International Standard can be used by any type of organization, including public, private or community organizations, and for any type of project, irrespective complexity, size or duration.

Even though the projects are placed in the context of program and project portfolios, this International Standard does not provide detailed guidance on the management of program and project portfolios.

It provides a better understanding of the principles and practice of project management.
The target readership of ISO 21500 is the following:

• Senior managers and project sponsors
• Project managers, project management teams and project team members
• Developers of national or organizational standards

▷ Key Clauses of ISO 21500:2013

ISO 21500 is organized into the following main clauses:
Clause 3: Project Management Concepts
Clause 4: Project Management Processes

▷ Clause 3: Project Management Concepts

This clause describes key concepts applicable to most projects and environments in which they are performed.
The key concepts in project management according to ISO 21500 are:

• Project
• Project management
• Organizational strategy and projects
• Project environment
• Project governance
• Projects and operations
• Stakeholders and project organization
• Competencies of project personnel
• Project life cycle
• Project constraints
• Relationship between project management concepts and processes

▷ Clause 4: Project Management Processes

This clause identifies the recommended project management processes to be used during a project as a whole, for individual phases or both.
The project management processes can be viewed from two different perspectives, as:

1. Process groups for the management of the project;
   Each process group consists of processes that are applicable to any project phase or project. These processes, defined in terms of purpose, description and primary inputs and outputs, are interdependent .The process groups are independent of application area or industry focus
2. Subject groups for collecting the processes by subject
   Each subject group consists of processes applicable to any project phase or project. These processes are defined in terms of purpose, description and primary inputs and outputs, and are interdependent. Subject groups are independent of application area or industry focus.

The five process groups are

1. Initiating: processes performed to define a new project or a new phase of an existing project by obtaining authorization to start the project or phase.
2. Planning: Those processes required to establish the scope of the project, refine the objectives, and define the course of action required to attain the objectives that the project was undertaken to achieve.
3. Executing: Those processes performed to complete the work defined in the project management plan to satisfy the project specifications
4. Monitoring and Controlling: Those processes required to track, review, and regulate the progress and performance of the project; identify any areas in which changes to the plan are required; and initiate the corresponding changes.

ISO37001:2016 Anti-bribery management systems

Introduction

Bribery is a widespread phenomenon. It raises serious social, moral, economic and political concerns, undermines good governance, hinders development and distorts competition. It erodes justice, undermines human rights and is an obstacle to the relief of poverty. It also increases the cost of doing business, introduces uncertainties into commercial transactions, increases the cost of goods and services, diminishes the quality of products and services, which can lead to loss of life and property, destroys trust in institutions and interferes with the fair and efficient operation of markets.

Governments have made progress in addressing bribery through international agreements such as the Organization for Economic Co-operation and Development Convention on Combating Bribery of Foreign Public Officials in International Business Transactions and the United Nations Convention against Corruption and through their national laws. In most jurisdictions, it is an offence for individuals to engage in bribery and there is a growing trend to make organizations, as well as individuals, liable for bribery.

However, the law alone is not sufficient to solve this problem. Organizations have a responsibility to proactively contribute to combating bribery. This can be achieved by an anti-bribery management system, which this document is intended to provide, and through leadership commitment to establishing a culture of integrity, transparency, openness and compliance. The nature of an organization’s culture is critical to the success or failure of an anti-bribery management system.

Scope

This document specifies requirements and provides guidance for establishing, implementing, maintaining, reviewing and improving an anti-bribery management system. The system can be stand alone or can be integrated into an overall management system. This document addresses the following in relation to the organization’s activities:

• bribery in the public, private and not-for-profit sectors;
• bribery by the organization;
• bribery by the organization’s personnel acting on the organization’s behalf or for its benefit;
• bribery by the organization’s business associates acting on the organization’s behalf or for its benefit;
• bribery of the organization;
• bribery of the organization’s personnel in relation to the organization’s activities;
• bribery of the organization’s business associates in relation to the organization’s activities;
• direct and indirect bribery (e.g. a bribe offered or accepted through or by a third party).

ISO 21001

ISO 21001:2018 – Educational organizations – Management systems for educational organizations – Requirements with guidance for use

This EOMS entails the following management principles:

1. Focus on learners and other beneficiaries – The primary focus of the EOMS is to meet learner and other beneficiary requirements and to exceed their expectations.
2. Visionary leadership – Visionary leadership is to engage all learners and other beneficiaries in creating, writing, and implementing the organization mission, vision and objectives.
3. Engagement of people – It is essential for the organization that all individuals involved are competent, empowered and engaged in delivering value.
4. Process approach – Consistent and predictable results are achieved more effectively and efficiently when activities are understood and managed as interrelated processes that function as a coherent system, including input and output.
5. Improvement – Successful organizations have an ongoing focus on improvement.
6. Evidence-based decisions – Decisions and curricula based on the analysis and evaluation of data and information are more likely to produce desired results.
7. Relationship management – For sustained success, organizations manage their relationships with interested parties, such as providers.
8. Social responsibility – Socially responsible organizations are sustainable and ensure long-term success.
9. Accessibility and equity – Successful organizations are inclusive, flexible, transparent and accountable, in order to address learners’ individual and special needs, interests, abilities and backgrounds.
10. Ethical conduct in education – Ethical conduct relates to the ability of the organization to create an ethical professional environment where all interested parties are dealt with equitably, conflicts of interests are avoided, and activities are conducted for the benefit of the society.
11. Data security and protection – The organization creates an environment where all interested parties can interact with the educational organization in full confidence that they maintain control over the use of their own data, and that the educational organization will treat their data with appropriate care and confidentiality.

ISO/PAS 45005:2020

Introduction

This document is a response to the COVID-19 pandemic and the increased risk this disease presents to the health, safety and well-being of people in all settings, including those working at home or in mobile settings, and workers and other interested parties in physical workplaces.

Governments, regulators and other professional bodies across the world have published guidance on working safely during the COVID-19 pandemic. This document provides a single generic set of guidelines that complements this information and supports the principles that:

— reasonable measures to manage the risks arising from COVID-19 are, or will be, implemented to protect the health and safety of workers and other relevant interested parties;

— workers should not be required to work unless these measures have been implemented.

This guidance includes practical recommendations to organizations and workers on how to manage these risks and is suitable for organizations resuming operations, those that have been operational throughout the pandemic, and those that are starting operations.

The guidance is generic and applicable to organizations regardless of the nature of business, service provision, size or complexity. It recognizes that many smaller organizations do not have dedicated departments for functions such as occupational health and safety (OH&S), facilities management or human resources. More detailed information for specific functions is available from professional bodies and a wide range of national and international standards.

By implementing the guidance in this document, the organization will be able to:

a) take effective action to protect workers and other relevant interested parties from the risks related to COVID-19;

b) demonstrate that it is addressing risks related to COVID-19 using a systematic approach;

c) put in place a framework to enable effective and timely adaptation to the changing situation.

Organizations using ISO 45001 can use this document to inform their OH&S management system by relating the relevant clauses to the Plan-Do-Check-Act (PDCA) cycle, as outlined below. Taking a systems approach facilitates the coordination of resources and efforts that is so important in managing COVID-19.

— Plan: Plan what needs to be done for the organization to work safely (see Clauses 4 to 8).

— Do: Do what the organization has planned to do (see Clauses 9 to 12).

— Check: See how well it is working (see Clause 13).

— Act: Fix problems and look for ways to make what the organization is doing even more effective (see Clause 14).

This document is not intended to be a single step-by-step set of recommendations. It provides a framework in which the PDCA cycle outlined above should be repeated, with all parts active at all times, to enable ongoing continual improvement and to ensure the organization responds to changes during the different phases of the pandemic.