4.45k likes | 8.93k Views
Integrated Management System (ISO 9001:2015, ISO 14001:2015, ISO 27001:2013, ISO 45001:2018) 2-days Awareness Training Programme (30-Apr-2019 and 01-May-2019). By: ALLIED BOSTON CONSULTANTS INDIA PVT. LTD. Welcome to All Participants. At: POSOCO – NERLDC, Shillong. AGENDA. Day-1.
E N D
Integrated Management System (ISO 9001:2015, ISO 14001:2015, ISO 27001:2013, ISO 45001:2018) 2-days Awareness Training Programme (30-Apr-2019 and 01-May-2019) By: ALLIED BOSTON CONSULTANTS INDIA PVT. LTD. Welcome to All Participants At: POSOCO – NERLDC, Shillong
AGENDA Day-1 Day-2 Session-1: 09:30 – 11:00 • Introductions • Course Overview & Learning Objectives • Introduction to ISO • Structure of ISO Standard (Annex SL) • Introduction to all the 4 standards • Integration of the standards • Session-2: 11:15 – 12:45 • Clause 4 and Clause 5 [All 4 standards] • Session-3: 12:45 – 13:30, 14:30 – 15:15 • Clause 6 [All 4 standards] • Session-4: 15:15 – 16:00, 16:15 – 17:00 • Risk Management Principles and Guidelines • Risk Management Framework • Clause 7 [All 4 standards] • Session-5: 17:00 – 18:00 • Clause 9 [All 4 standards] • Clause 10 [All 4 standards]…. Continue next day • DAY-END • Session-5: Continued… 09:30 – 10:00 • Clause 10 [All 4 standards] • Session-6: 10:00 – 11:30 • Clause 8 [for ISO 9001 standard] • Clause 8 [for ISO 14001 standard] • Session-7: 11:45 – 13:15 • Clause 8 [for ISO 45001 standard] • Clause 8 [for ISO 27001 standard] • Session-8: 14:15 – 15:45 • ISMS Controls – Understanding & Implementing • Session-9: 16:00 – 17:30 • Overview of POSOCO IMS and implementation perspective • Participant Feedback • Vote of Thanks • DAY-END
Session-1 I n t r o d u c t i o n s
Introduction to ISO • ISO – International Organization for Standardization • Derived from a Greek word ‘isos’ meaning ‘equal’ • ISO Purpose: • To formulate and promote the use of international standards for all industries. ISO Central Secretariat, Geneva (Switzerland) • ISO Functioning: • A world wide federation of “Member Bodies”, HQ at Geneva, Switzerland. • Member Body is the National Body - representing his country. • National Body is the Governmental Institution or Organization incorporated by Public Law. • ISO is a non-governmental organization having representation from 164+ countries, one member per country. • India is represented by Bureau of Indian Standards (BIS) - a Statutory Institution established under the Bureau of Indian Standards Act, 1986. • Draft copy of the work is carried out through Technical Committees and circulated to Member Bodies for Voting. Publication happens as an International Standard if 75% of Member Bodies cast vote.
Structure of ISO Standard (Annex SL) Auditable Clauses
Structure of ISO Standard (Annex SL) • Context of the Organization • Talks about • Internal and External issues relevant to its purpose and strategic direction • Needs and Expectations of interested parties Determining the Scope of the Management System ISO 9001 expects a risk-based thinking • Planning • Includes • Risk Management ISO 14001 expects perform Aspect-Impact analysis ISO 45001 expects Hazard identification and risk analysis ISO 27001 expects Information Security risk analysis • Performance evaluation • Talks about • Internal Audit • Management Review • Improvement • Talks about • Corrections & Corrective Actions • Continual Improvement
Quality Management System [Cl 4] Organization and its Context (i.e., External & Internal Issues) Support [Cl 7] Operation [Cl 8] Customer satisfaction PLAN DO Customer Requirements Results of the QMS Planning [Cl 6] Leadership [Cl 5] Performance Evaluation [Cl 9] Needs and expectations of relevant interested parties Products & Services CHECK ACT Improvement [Cl 10] Introduction to all the 4 standards Quality Management System The ISO 9001:2015 Structure (Source: ISO 9001 Quality Management Systems - Requirements, Fifth edition, 2015-09-15; Published by ISO at Geneva, Switzerland)
Introduction to all the 4 standards Environment Management System Environmental management system (EMS) refers to the management of an organization's environmental programs in a comprehensive, systematic, planned and documented manner. It includes the organizational structure, planning and resources for developing, implementing and maintaining policy for environmental protection.
Introduction to all the 4 standards Occupational Health & Safety Management System • An occupational health and safety (OHS) management system encompasses more than just your health and safety program. It includes health and safety policies, systems, standards, and records, and involves incorporating your health and safety activities and program into your other business processes. • A health and safety management system is a process put in place by an employer to minimize the risk of injury and illness. This is made possible by identifying, assessing and controlling risks to workers in all workplace operations. ... Identification and analysis of health and safety hazards at the work site • There are 2 basic categories of hazard: • Acute hazard – those that have an obvious and immediate impact, e.g., slippery floor where there is immediate danger of someone slipping and being injured. • Chronic hazard – these have a more hidden, cumulative, long-term impact, e.g., workplace bullying where the long-term impact may result in stress or other psychological injury.
ISMS Management assurance mechanism for security of business information assets from potential security breach. Processed Stored Transferred Archived Destroyed ISMS determines how information is ISO 27002:2013 ISO 27001:2013 Auditing Standard for Certification Code of Practice (Implementation Guidance document) Introduction to all the 4 standards Information Security Management System Relates to all types of information, be it paper based or electronic, and information processing facilities Secure information is one that ensures Confidentiality, Integrity and Availability Appropriate Selection of Controls
Integration of the Standards OH&SMS – Hazard Identification & Risk Assessment EMS – Aspect Impact QMS Process End Start ISMS – Information Security Risk Management
Clause 4 [All 4 standards] Definition of “Worker” in ISO 45001: person performing work or work-related activities that are under the control of the organization Note 1 : Persons perform work or work-related activities under various arrangements, paid or unpaid, such as regularly or temporarily, intermittently or seasonally, casually or on a part-time basis. Note 2 : Workers include top management, managerial and non-managerial persons. Note 3 : The work or work-related activities performed under the control of the organization may be performed by workers employed by the organization, workers of external providers, contractors, individuals, agency workers, and by other persons to the extent the organization shares control over their work or work related activities, according to the context of the organization.
Risk Management Principles and Guidelines • Risk – effect of uncertainty on objectives • An effect is a deviation from the expected – positive and/or negative • Objectives can have different aspects (e.g., financial, health & safety, and environmental goals) and can apply at different levels (e.g., strategic, organization-wide, project, product and process). • Risk is often characterized by reference to potential events and consequences, or a combination of consequences of an event (including changes in circumstances) and the associated likelihood of occurrence.
Risk Management Framework • Risk management framework – set of components that provide the foundations and organizational arrangements for designing, implementing, monitoring, reviewing and continually improving risk management throughout the organization. • The foundation include the policy, objectives, mandate and commitment to manage risk. • The organizational arrangements include plans, relationships, accountabilities, resources, processes and activities. • The risk management framework is embedded within the organization’s overll strategic and operational policies and practices.
Clause 8 [For ISO 9001 standard] Red colour indicates clause is excluded 8.5.1 Control of production and service provision (f) the validation, and periodic revalidation, of the ability to achieve planned results of the processes for production and service provision, where the resulting output cannot be verified by subsequent monitoring or measurement; 8.5.2 Identification and traceability 8.5.3 Property belonging to customers or external providers 8.5.4 Preservation 8.5.5 Post-delivery activities 8.5.6 Control of changes
14 Domains 35 Control Objectives Specifies Requirements Satisfies Objectives 114 Controls ISMS Controls – Understanding and Implementing The 14 Domains in Annexure-A of ISMS standard • A.5 Information Security policies • A.6 Organization of information security • A.7 Human resource security • A.8 Asset management • A.9 Access control • A.10 Cryptography • A.11 Physical & environmental security • A.12 Operations security • A.13 Communications security • A.14 Systems acquisition, development and maintenance • A.15 Supplier relationships • A.16 Information security incident management • A.17 Information security aspects of Business continuity management • A.18 Compliance
Participant Feedback Vote of Thanks