ISO 9001 Quality Management System Certification
The ISO 9001 standard "Quality management systems - Requirements" is the most famous and widespread standard for quality improvement. It is the standard chosen by all those organizations that intend to equip themselves with a work tool aimed at continuous and constant improvement, who want to increase their efficiency, reduce costs, and increase customer loyalty.
A company with an ISO 9001 certified quality system is a company that offers the guarantee of a solid structure, evaluated by a body above the parties, organized in such a way as to keep all aspects of its activity under control and guarantee reproducibility of the performance and therefore of the maintenance but also of the continuous improvement of the quality standards provided.
ISO 14001– Certification of the Environmental Management System
The ISO 14001 standard represents the regulatory reference point for companies and organizations equipped with, or intending to adopt, an Environmental Management System. The standard defines an "Environmental Management System" as part of the company management system aimed at managing environmental aspects, meeting the obligations of legislative compliance and addressing and evaluating risks and opportunities.
The Environmental Management System is therefore characterized by the development and implementation of the environmental policy and the objectives that commit the organization to full mandatory (legislative) and voluntary compliance (with respect to additional voluntary requirements or dictated by the market to which it belongs). The organization itself, therefore, subscribes to these requirements in order to establish or integrate in its internal organizational system the rules for effective management with reference to the significant environmental aspects. The environmental management system must be developed with reference to the requirements specified in the UNI EN ISO 14001 standard. The degree of application depends on factors such as: the environmental policy of the organization, the nature of its activities, products and services, location and conditions under which the organization operates.
The ISO 14001 standard applies to environmental aspects that the organization identifies as those that it can keep under control and as those over which it can exert influence. It does not in itself establish any specific environmental performance criteria.
ISO 45001 “Management systems for health and safety at work
ISO 45001 specifies the requirements for the design and implementation of an occupational health and safety management system (OHSAS), in order to enable organizations to provide safe and healthy workplaces, preventing work-related injuries and illnesses, as well as proactively improving its OHSAS performance.
This standard, within three years of its publication, which took place on 12-03-2018, will definitively replace the BS OHSAS 18001: 2007 standard. In this period, in fact, the OHSAS 18001 certifications will have to migrate to ISO 45001 as at the end of the three-year period they will no longer be valid.
In order to improve alignment with other international standards (ISO 9001, 14001, etc.), ISO 45001 has been developed according to the guidelines of the High Level Structure (HLS), so as to facilitate the adoption of Integrated Management.
ISO / IEC 27001 Information Security Management System
This standard does not only concern information security (IT sector) but is applicable in all contexts in which it is desired to safeguard, through a management system, the confidentiality, integrity and availability of information managed by the Organization. It is particularly effective for organizations that manage information on behalf of third parties, such as IT outsourcing companies, and can be used as a guarantee of protection for their customers' information.
The standard is structured in two parts:
the first part contemplates the requirements and defines the processes for managing information security,
the second part, on the other hand, offers a catalog of security countermeasures (controls), to be applied downstream of the risk analysis, with instructions on how to apply them. One of the most direct ways to carry out a "Risk Treatment" is to reduce it to an acceptable level by adopting security controls. The "control objectives" and "controls", listed in Annex A of the standard.