[Confidence Boost]
Hundreds of thousands of organizations worldwide, their customers, consumers and regulatory authorities stand to benefit from a new ISO/IEC standard designed to increase confidence in management system certification. ISO/IEC 17021:2006, Conformity
assessment – Requirements for bodies providing audit and certification of management systems, places rigorous requirements for competence and impartiality on the bodies that offer audit and certification to standards like ISO 9001:2000 (quality management)
and ISO 14001:2004 (environmental management).
The new standard has a huge potential impact since according to the latest figures, some 888, 000 organizations across 161 countries are independently certified to ISO 9001:2000 and/or ISO 14001:2004. ISO/IEC 17021:2006 is compatible with a further expansion of management system certification. It has been designed as the single source of internationally harmonized requirements for certification bodies and their activities not only in relation to ISO 9001:2000 and ISO 14001:2004, but also to new management standards for food safety (ISO 22000), information security (ISO/IEC 27001:2005) and supply chain security (ISO/PAS 28000:2005), as well as to any others that may be developed.
“[This Standard] will be a common basis for any future work within ISO when a need is perceived to have the effective implementation of a management system standard verified by independent (“third party”) audit and certification. Because this will encourage consistent good practice, the standard provides value for the organizations that implement management systems, for the bodies that provide them with certification services and, ultimately, for customers, consumers and regulators of the products and services covered by the management systems,” says Alister Dalrymple, co-convenor of the group of experts who developed the standard.
Replacing and improving on two ISO/IEC Guides (62 and 66), ISO/IEC 17021:2006 distills an international consensus on the latest in good practice. In addition, it incorporates guidance developed by the International Accreditation Forum (IAF), an international
association of the accreditation bodies set up in many countries to approve (“accredit”) certification bodies as competent.
[ISO 14001’S Changing Geographic]
The ISO survey 2005 illustrated the changing geography of certification. Such statistics create awareness on the evolution of globalization. Japan, China and the Republic of Korea were the top three countries for ISO 14001 growth, closely followed by India - a strong link towards their increasing participation in global supply chains. The US moved away from being in the top ten for ISO 14001, but still retained its place in the top ten for its total number of certifications.
The UK remained ahead of the US, but still moved out of the top ten place. Italy and Spain maintained their strong performance, with France entering the top 10 for growth in ISO 140001, a positive result from a mature economy.
[Call Security]
One of the main challenges facing the international trading system is the security hazard to global supply chains. To combat this ISO is contributing to a solution in the form of two essential reference documents in the ISO 28000 family of standards for supply chain security designed to protect people, goods, infrastructure and equipment, including means of transport, against security incidents and to prevent their potentially devastating effects.
The first of the two new documents is a publicly available specification ISO/ PAS 28001:2006, Security management systems for the supply chain – Best practices for implementing supply chain security – Assessments and plans. This document will enable
organizations to establish and document reasonable levels of security within international supply chains and their components. It will allow organizations to make better risk management decisions.
The second, ISO/PAS 28004:2006, Security management systems for the supply chain – Guidelines for the implementation of ISO/PAS 28000, will assist users to understand and implement ISO/PAS 28000:2005 and therefore help to maximize the benefits. It
includes the complete requirements of ISO/PAS 28000, clause-by clause, followed by relevant guidance.
These two documents form part of a suite of standards being developed by ISO’s technical committee ISO/TC 8, Ships and marine technology, in partnership with other ISO technical committees, several international organizations and regional bodies, to secure intermodal supply chains. “Disruptions to international trade can have drastic consequences for everybody. International problems truly need international solutions to mitigate potential threats.
Unilateral government actions won’t work and are not enforceable globally. ISO is providing a focal point that provides industry with a clear, uniform global approach for implementation of supply chain security requirements,” says Captain Charles Piersall, Chair of ISO/TC 8. “The new documents are designed to enable better monitoring of supply flows, to combat smuggling and to respond to the threat of piracy and terrorist attacks, as well as to create a safe and secure international supply chain regime.”
[No Intruders]
Intentional attacks on information systems are costing businesses worldwide around US$15 billion each year and the cost is rising. In addition, there is the cost of the loss or damage to the corporate reputation, brand names, intellectual property and digital rights of multimedia content (for example, video and audio recordings) of the corporation, customer trust and loyalty, and of course, the price of stocks and shares.
A solution may lie in the framework for the detection of intrusions in computer systems and is contained in a new Standard from ISO and IEC (International Electrotechnical Commission). ISO/IEC 18043:2006, Information technology – Security techniques – Selection, deployment and operations of intrusion detection system, focuses on the security principles behind the intrusion of computer systems by outsiders or unauthorized employees, and how organizations can establish a framework to enable a comprehensive intrusion detection system.
An Intrusion Detection System (IDS) is an important tool for security management used to predict and identify intrusions in computer systems and to raise appropriate alarms during an intrusion attempt. The system enables local collection of information on intrusions, and subsequent consolidation and analysis, as well as analysis of an organization’s normal IT patterns of behaviour and usage.
“One of the problems that businesses have is being able to detect when their systems are being intruded upon in order that effective action can be taken to prevent harm or loss to their assets,” said Ted Humphreys, convenor of the ISO/IEC working group that has developed the Standard. “The development of ISO/IEC 18043:2006 is an important step forward in dealing with the growing problem of intrusions and provides a good basis for progressing solutions and implementations.”
Organizations are vulnerable to various kinds of security threats, such as unauthorized computer access, denial of service attacks and hackers. Typical misuse takes advantage of vulnerabilities in system configuration, user neglect and carelessness, as well as design flaws in software, protocols and operating systems. Outsiders, as well as insiders – disgruntled employees, inside trading, and temporary
employees – can exploit these vulnerabilities. ISO/IEC 18043:2006 provides guidelines to assist organizations in preparing to deploy Intrusion Detection Systems. In particular, it addresses the selection,
deployment and operation of IDS.
It also provides background information from which these guidelines are derived. The new standard is expected to assist IT managers with setting up interoperable intrusion detection systems within their organizations and facilitating collaboration among organizations worldwide where cooperation is desired and/or essential to counter intrusion attempts.
[Knowing Your Facts]
Quality Standard in best practice for market researchers is essential. As they carry out, commission or buy market research, the way they demonstrate best practice is a potent statement to consumers and competitors. A new ISO International Standard for the market research industry will assist to standardize the requirement for market research worldwide and encourage consistency and transparency in the way surveys are carried out. ISO 20252 Market, opinion and social research - vocabulary and service requirements applies the principle of ISO’s quality management standards.
The standard covers all the stages of a research study form the initial contact between the client and service provider through to the presentations of results to the client. The Standard provides guidance and requirements to the way which market research
studies are planned, conducted and reported on. Information attacks on business can be costly and should be prevented wherever possible.
