The ISO 9001 standard defines the requirements for a quality management system for an organization. The requirements expressed are of a general nature and can be implemented by any type of organization. ISO 9001 is the reference standard for those who want to submit their production process to quality control in a cyclical way, starting from the definition of the customers' requirements, expressed and not, and going as far as monitoring the entire production path/process. The customer and his satisfaction are at the center of ISO 9001; every activity, application and monitoring of the activities/processes is in fact aimed at determining the maximum satisfaction of the end user. The application phases of the standard start from the definition of the procedures and records for each single process or macro-process identified within the corporate organization. In public tenders, ISO 9001 is mandatory and therefore also constitutes an opportunity to increase work
The ISO 14001 standard identifies an environmental management standard (EMS) which establishes the requirements of an "environmental management system" of any organization and is part of the ISO 14000 series. The standard can be used for certification or simply as a guideline to establish, implement and improve an environmental management system. It is also important to note that ISO 14001 certification does not certify a particular environmental performance, nor does it demonstrate a particularly low impact, but rather demonstrates that the certified organization has an adequate management system to keep the environmental impacts of its operations under control. activities, and systematically seek improvement in a coherent, effective and above all sustainable way. It is useful to underline again that ISO 14001 is not a product certification. The requirements set out in the standard are completely general, applicable to any type of organization and can be schematised according to the continuous improvement model defined by the Deming Cycle Plan-Do-Check-Act, «Plan-Implement-Verify-Act».
This International Standard specifies requirements for an occupational health and safety (OSH) management system and provides guidance for its use, to enable organizations to provide safe and healthy workplaces, preventing injury and illness related to work, as well as proactively improving their OSH performance. This International Standard is applicable to any organization, regardless of size, type and activity, that wishes to establish, implement and maintain a management system to improve occupational health and safety, eliminate hazards and minimize risks to OSH ( including system deficiencies), seize OH&S opportunities and address OH&S management system non-conformances associated with its activities. This International Standard facilitates the organization in achieving the intended results of its OH&S management system.
The ISO 27001:2022 standard establishes the requirements for the Information Security Management System (ISMS). The main objective is to establish a system for risk management and protection of information and ICT assets. The standard is applicable to all private or public companies, as it does not depend on a specific business sector or on the organization of the company. However, it must be kept in mind that the adoption and management of an ISMS requires a significant commitment of resources and therefore must be followed by a specific office, which generally coincides with the Organization and Quality office. "It specifies requirements for setting up, implementing, using, monitoring, reviewing, maintaining, and improving a documented system within a context of risks related to the organization's core business. It also details requirements for custom security controls based on the needs of an individual organization or a part thereof. The system is designed to ensure the selection of appropriate and proportionate security controls."
ISO/IEC 27701 - Privacy Information Management SystemThe ISO 27701 certification for a Privacy Information Management System (PIMS), is the privacy extension of the ISO 27001 certification for an Information Security Management System (ISMS). The design intent of ISO 27701 is to enhance the existing ISMS with additional controls in order to establish, implement, maintain and continuously improve a PIMS. The certification outlines the framework within which data controllers (including co-processors of personal data) and data processors (including those using subcontractors) must manage and maintain personally identifiable information ( PII) to reduce the risk associated with risks to an individual's privacy.
Organizations working towards ISO 27701 certification should already have ISO 27001 certification. In addition, organizations should be aware that the scope of the PIMS may sometimes require a revision of the scope of the ISMS, due to the extended interpretation of "information security" in ISO 27701.
This standard is the official English-language version of the European standard EN ISO 22301 (July 2019 edition). The standard contains the terms and definitions applicable to the company's security domain in order to establish a shared understanding and consistent use of the same.
It is divided into various parts, among which ISO 20000-1 establishes the requirements for the adoption of a service management system (SMS).
These are mandatory requirements that organizations must meet to be compliant with ISO 20000. This service standard is widely accepted to measure IT service management processes within an organization. Compliance with the ISO 20000 standard certifies that the organization adopts the best practices for the provision of quality IT services.
Certificazione ISO 37001:2016: Anti Bribery
The ISO 37001 standard is the international standard developed with the aim of supporting companies in adopting a management system aimed at tackling and preventing possible cases of corruption, promoting an ethical corporate culture in compliance with mandatory legislation.
It represents a significant evolution for organizations that intend to responsibly manage the risks deriving from corruption phenomena, including a program of measures and controls that constitute "good practice" in the field of anti-corruption.
From the point of view of the anti-corruption management system, the meaning of "corruption" must be understood in a broader sense than the corresponding crime envisaged by the mandatory legislation, since the organization can include in its field of application other dishonest and malpractice activities and all those which, although formally lawful, present themselves as an obstacle to the pursuit of purposes of general interest.
The standard is set according to the High Level Structure, the typical structure that also characterizes other management systems, such as ISO 9001:2015 (quality), ISO 14001:2015 (environment), ISO 45001:2018 (safety).
The standard can therefore be applied independently, or it can be integrated with other management systems already in use within the organization, for example it can be part of the organizational model adopted in accordance with Legislative Decree 231, or be integrated into the quality, environment, safety, etc. systems.