Management systems and Productivity tools

Management systems

 

ISO 9001

Quality management systems — Requirements

ISO 9001:2015 specifies requirements for a quality management system when an organization:
a) needs to demonstrate its ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements, and
b) aims to enhance customer satisfaction through the effective application of the system, including processes for improvement of the system and the assurance of conformity to customer and applicable statutory and regulatory requirements.
All the requirements of ISO 9001:2015 are generic and are intended to be applicable to any organization, regardless of its type or size, or the products and services it provides.
-----------------

ISO 14001 

Environmental management systems — Requirements with guidance for use

ISO 14001:2015 specifies the requirements for an environmental management system that an organization can use to enhance its environmental performance. ISO 14001:2015 is intended for use by an organization seeking to manage its environmental responsibilities in a systematic manner that contributes to the environmental pillar of sustainability.
ISO 14001:2015 helps an organization achieve the intended outcomes of its environmental management system, which provide value for the environment, the organization itself and interested parties. Consistent with the organization's environmental policy, the intended outcomes of an environmental management system include:
· enhancement of environmental performance;
· fulfilment of compliance obligations;
· achievement of environmental objectives.
ISO 14001:2015 is applicable to any organization, regardless of size, type and nature, and applies to the environmental aspects of its activities, products and services that the organization determines it can either control or influence considering a life cycle perspective. ISO 14001:2015 does not state specific environmental performance criteria.
ISO 14001:2015 can be used in whole or in part to systematically improve environmental management. Claims of conformity to ISO 14001:2015, however, are not acceptable unless all its requirements are incorporated into an organization's environmental management system and fulfilled without exclusion.
-----------------

ISO/IEC 27001

Information security, cybersecurity and privacy protection — Information security management systems — Requirements

This document specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. This document also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in this document are generic and are intended to be applicable to all organizations, regardless of type, size or nature. Excluding any of the requirements specified in Clauses 4 to 10 is not acceptable when an organization claims conformity to this document.
-----------------

ISO/IEC 17025

General requirements for the competence of testing and calibration laboratories

ISO/IEC 17025:2017 specifies the general requirements for the competence, impartiality and consistent operation of laboratories.
ISO/IEC 17025:2017 is applicable to all organizations performing laboratory activities, regardless of the number of personnel.
Laboratory customers, regulatory authorities, organizations and schemes using peer-assessment, accreditation bodies, and others use ISO/IEC 17025:2017 in confirming or recognizing the competence of laboratories.
-----------------

ISO 22000

Food safety management systems — Requirements for any organization in the food chain

This document specifies requirements for a food safety management system (FSMS) to enable an organization that is directly or indirectly involved in the food chain:
a) to plan, implement, operate, maintain and update a FSMS providing products and services that are safe, in accordance with their intended use;
b) to demonstrate compliance with applicable statutory and regulatory food safety requirements;
c) to evaluate and assess mutually agreed customer food safety requirements and to demonstrate conformity with them;
d) to effectively communicate food safety issues to interested parties within the food chain;
e) to ensure that the organization conforms to its stated food safety policy;
f) to demonstrate conformity to relevant interested parties;
g) to seek certification or registration of its FSMS by an external organization, or make a self-assessment or self-declaration of conformity to this document.
All requirements of this document are generic and are intended to be applicable to all organizations in the food chain, regardless of size and complexity. Organizations that are directly or indirectly involved include, but are not limited to, feed producers, animal food producers, harvesters of wild plants and animals, farmers, producers of ingredients, food manufacturers, retailers, and organizations providing food services, catering services, cleaning and sanitation services, transportation, storage and distribution services, suppliers of equipment, cleaning and disinfectants, packaging materials and other food contact materials.
This document allows any organization, including small and/or less developed organizations (e.g. a small farm, a small packer-distributor, a small retail or food service outlet) to implement externally-developed elements in their FSMS.
Internal and/or external resources can be used to meet the requirements of this document.
-----------------

ISO 50001

Energy management systems — Requirements with guidance for use

This document specifies requirements for establishing, implementing, maintaining and improving an energy management system (EnMS). The intended outcome is to enable an organization to follow a systematic approach in achieving continual improvement of energy performance and the EnMS.
This document:
a) is applicable to any organization regardless of its type, size, complexity, geographical location, organizational culture or the products and services it provides;
b) is applicable to activities affecting energy performance that are managed and controlled by the organization;
c) is applicable irrespective of the quantity, use, or types of energy consumed;
d) requires demonstration of continual energy performance improvement, but does not define levels of energy performance improvement to be achieved;
e) can be used independently, or be aligned or integrated with other management systems.
-----------------

ISO 26000

Guidance on social responsibility

ISO 26000:2010 provides guidance to all types of organizations, regardless of their size or location, on:

• concepts, terms and definitions related to social responsibility;
• the background, trends and characteristics of social responsibility;
• principles and practices relating to social responsibility;
• the core subjects and issues of social responsibility;
• integrating, implementing and promoting socially responsible behaviour throughout the organization and, through its policies and practices, within its sphere of influence;
• identifying and engaging with stakeholders; and
• communicating commitments, performance and other information related to social responsibility.

ISO 26000:2010 is intended to assist organizations in contributing to sustainable development. It is intended to encourage them to go beyond legal compliance, recognizing that compliance with law is a fundamental duty of any organization and an essential part of their social responsibility. It is intended to promote common understanding in the field of social responsibility, and to complement other instruments and initiatives for social responsibility, not to replace them.
In applying ISO 26000:2010, it is advisable that an organization take into consideration societal, environmental, legal, cultural, political and organizational diversity, as well as differences in economic conditions, while being consistent with international norms of behaviour.
ISO 26000:2010 is not a management system standard. It is not intended or appropriate for certification purposes or regulatory or contractual use. Any offer to certify, or claims to be certified, to ISO 26000 would be a misrepresentation of the intent and purpose and a misuse of ISO 26000:2010. As ISO 26000:2010 does not contain requirements, any such certification would not be a demonstration of conformity with ISO 26000:2010.
ISO 26000:2010 is intended to provide organizations with guidance concerning social responsibility and can be used as part of public policy activities. However, for the purposes of the Marrakech Agreement establishing the World Trade Organization (WTO), it is not intended to be interpreted as an “international standard”, “guideline” or “recommendation”, nor is it intended to provide a basis for any presumption or finding that a measure is consistent with WTO obligations. Further, it is not intended to provide a basis for legal actions, complaints, defences or other claims in any international, domestic or other proceeding, nor is it intended to be cited as evidence of the evolution of customary international law.
ISO 26000:2010 is not intended to prevent the development of national standards that are more specific, more demanding, or of a different type.
-----------------

ISO 45001

Occupational health and safety management systems — Requirements with guidance for use

ISO 45001:2018 specifies requirements for an occupational health and safety (OH&S) management system, and gives guidance for its use, to enable organizations to provide safe and healthy workplaces by preventing work-related injury and ill health, as well as by proactively improving its OH&S performance.
ISO 45001:2018 is applicable to any organization that wishes to establish, implement and maintain an OH&S management system to improve occupational health and safety, eliminate hazards and minimize OH&S risks (including system deficiencies), take advantage of OH&S opportunities, and address OH&S management system nonconformities associated with its activities.
ISO 45001:2018 helps an organization to achieve the intended outcomes of its OH&S management system. Consistent with the organization's OH&S policy, the intended outcomes of an OH&S management system include:
a) continual improvement of OH&S performance;
b) fulfilment of legal requirements and other requirements;
c) achievement of OH&S objectives.
ISO 45001:2018 is applicable to any organization regardless of its size, type and activities. It is applicable to the OH&S risks under the organization's control, taking into account factors such as the context in which the organization operates and the needs and expectations of its workers and other interested parties.
ISO 45001:2018 does not state specific criteria for OH&S performance, nor is it prescriptive about the design of an OH&S management system.
ISO 45001:2018 enables an organization, through its OH&S management system, to integrate other aspects of health and safety, such as worker wellness/wellbeing.
ISO 45001:2018 does not address issues such as product safety, property damage or environmental impacts, beyond the risks to workers and other relevant interested parties.
ISO 45001:2018 can be used in whole or in part to systematically improve occupational health and safety management. However, claims of conformity to this document are not acceptable unless all its requirements are incorporated into an organization's OH&S management system and fulfilled without exclusion.
-----------------

ISO 13485

Medical devices — Quality management systems — Requirements for regulatory purposes

ISO 13485:2016 specifies requirements for a quality management system where an organization needs to demonstrate its ability to provide medical devices and related services that consistently meet customer and applicable regulatory requirements. Such organizations can be involved in one or more stages of the life-cycle, including design and development, production, storage and distribution, installation, or servicing of a medical device and design and development or provision of associated activities (e.g. technical support). ISO 13485:2016 can also be used by suppliers or external parties that provide product, including quality management system-related services to such organizations.
Requirements of ISO 13485:2016 are applicable to organizations regardless of their size and regardless of their type except where explicitly stated. Wherever requirements are specified as applying to medical devices, the requirements apply equally to associated services as supplied by the organization.
The processes required by ISO 13485:2016 that are applicable to the organization, but are not performed by the organization, are the responsibility of the organization and are accounted for in the organization's quality management system by monitoring, maintaining, and controlling the processes.
If applicable regulatory requirements permit exclusions of design and development controls, this can be used as a justification for their exclusion from the quality management system. These regulatory requirements can provide alternative approaches that are to be addressed in the quality management system. It is the responsibility of the organization to ensure that claims of conformity to ISO 13485:2016 reflect any exclusion of design and development controls.
-----------------

ISO 31000

Risk management — Guidelines

ISO 31000:2018 provides guidelines on managing risk faced by organizations. The application of these guidelines can be customized to any organization and its context.
ISO 31000:2018 provides a common approach to managing any type of risk and is not industry or sector specific.
ISO 31000:2018 can be used throughout the life of the organization and can be applied to any activity, including decision-making at all levels.
-----------------

ISO 15189

Medical laboratories — Requirements for quality and competence

This document specifies requirements for quality and competence in medical laboratories.
This document is applicable to medical laboratories in developing their management systems and assessing their competence. It is also applicable for confirming or recognizing the competence of medical laboratories by laboratory users, regulatory authorities and accreditation bodies.
This document is also applicable to point-of-care testing (POCT).
-----------------

ISO 22301

Security and resilience — Business continuity management systems — Requirements

This document specifies requirements to implement, maintain and improve a management system to protect against, reduce the likelihood of the occurrence of, prepare for, respond to and recover from disruptions when they arise.
The requirements specified in this document are generic and intended to be applicable to all organizations, or parts thereof, regardless of type, size and nature of the organization. The extent of application of these requirements depends on the organization's operating environment and complexity.
This document is applicable to all types and sizes of organizations that:
a) implement, maintain and improve a BCMS;
b) seek to ensure conformity with stated business continuity policy;
c) need to be able to continue to deliver products and services at an acceptable predefined capacity during a disruption;
d) seek to enhance their resilience through the effective application of the BCMS.
This document can be used to assess an organization's ability to meet its own business continuity needs and obligations.
-----------------

ISO 20121

Event sustainability management systems — Requirements with guidance for use

ISO 20121:2012 specifies requirements for an event sustainability management system for any type of event or event-related activity, and provides guidance on conforming to those requirements.
ISO 20121:2012 is applicable to any organization that wishes to:

• establish, implement, maintain and improve an event sustainability management system;
• ensure that it is in conformity with its stated sustainable development policy;
• demonstrate voluntary conformity with ISO 20121:2012 by
  • first party (self-determination and self-declaration),
  • second party (confirmation of conformance by parties having an interest in the organization, such as clients, or by other persons on their behalf), or
  • an independent third party (e.g. a certification body).

ISO 20121:2012 has been designed to address the management of improved sustainability throughout the entire event management cycle.

-----------------

ISO 28000

Security and resilience — Security management systems — Requirements

This document specifies requirements for a security management system, including aspects relevant to the supply chain.
This document is applicable to all types and sizes of organizations (e.g. commercial enterprises, government or other public agencies and non-profit organizations) which intend to establish, implement, maintain and improve a security management system. It provides a holistic and common approach and is not industry or sector specific.
This document can be used throughout the life of the organization and can be applied to any activity, internal or external, at all levels.

-----------------

ISO/IEC 17065

Conformity assessment — Requirements for bodies certifying products, processes and services

This International Standard specifies requirements, the observance of which is intended to ensure that certification bodies operate certification schemes in a competent, consistent and impartial manner, thereby facilitating the recognition of such bodies and the acceptance of certified products, processes and services on a national and international basis and so furthering international trade. This International Standard can be used as a criteria document for accreditation or peer assessment or designation by governmental authorities, scheme owners and others.
The requirements contained in this International Standard are written, above all, to be considered as general criteria for certification bodies operating product, process or service certification schemes; they may have to be amplified when specific industrial or other sectors make use of them, or when particular requirements such as health and safety have to be taken into account. Annex A contains principles relating to certification bodies and certification activities that they provide.
This International Standard does not set requirements for schemes and how they are developed and is not intended to restrict the role or choice of scheme owners, however scheme requirements should not contradict or exclude any of the requirements of this International Standard.
Statements of conformity to the applicable standards or other normative documents can be in the form of certificates and/or marks of conformity. Schemes for certifying particular products or product groups, processes and services to specified standards or other normative documents will, in many cases, require their own explanatory documentation.
While this International Standard is concerned with third parties providing product, process or service certification, many of its provisions may also be useful in first- and second-party product conformity assessment procedures.

Productivity tools

• 5S
• KPI
• LEAN
• 6 Sigma
• Kaizen
• TQM
• QCC
• 7 Tools
• SPC
• TPM