+44 7031819582 / +91 9442633074

Reference Standards

ISO 9001:2008 Quality Management System

Demonstrate your commitment to quality and customer satisfaction 

Customers are becoming increasingly quality-conscious. They frequently expect that suppliers pro-actively comply with the highest product and service quality standards. They also want this information up-front, in addition to being assured that your company will continue to meet their needs now and in the long term. That's a challenge. But it's also an opportunity companies can profit from.

Every organization would like to improve the way it operates, whether that means increasing market share, driving down costs, managing risk more effectively & improving customer satisfaction. A quality management system gives us the framework we need to monitor and improve performance in any area we choose.

It helps all kind of organizations to succeed through improved customer satisfaction, staff motivation and continual improvement.

The ISO 9001 Quality Management System certification enables organization's to demonstrate their commitment to quality and customer satisfaction, as well as continuously improving quality systems and integrating the realities of a changing world.

ISO 9000 series of standards

  • ISO 9001 is one of the standards in the series of quality management system standards. It can help bring out the best in organization by enabling them to understand processes for delivering  products/services to their customers. The ISO 9000 series of standards consist of:
  • ISO 9000 - Fundamentals and Vocabulary: this introduces the user to the concepts behind the management systems and specifies the terminology used. 
  • ISO 9001 - Requirements: this sets out the criteria we  shall need to meet if we wish to operate in accordance with the standard and gain certification. Only ISO 9001 is a certifiable standard.
  • ISO 9004 - Guidelines for performance improvement: based upon the eight quality management principles, these are designed to be used by senior management as a framework to guide their organizations towards improved performance by considering the needs of all interested parties, not just customers.

Who is it relevant to?

ISO 9001 is suitable for any organization looking to improve the way it is operated and managed, regardless of size, type or product provided. However, the best returns on investment come from those companies that are prepared to implement it throughout their organization rather than at particular sites, departments or divisions.

Benefits

Competitive advantage

  • ISO 9001 is a top-management led quality initiative, which ensures that senior management take a strategic approach to their management systems.  

Improves business performance and manages business risk

  • ISO 9001 helps  to raise the organization's performance above and beyond competitors who aren't using management systems. Certification also makes it easier to measure performance and manage business risks in a planned and better way. 

Attracts investment, enhances brand reputation and removes barriers to trade

  • Certification to ISO 9001 will boost organization's brand reputation and can be a useful promotional tool. It sends a clear message to all interested parties that the company is committed to high standards and continual improvement. 

Saves  money

  • Evidence shows that there are significant  financial benefits for companies that are  certified for ISO 9001 as it leads to operational efficiencies, increased sales, higher return on assets and greater profitability. 

Streamlines operations and reduces waste

  • The assessment of quality management system focuses on operating processes. This encourages organizations to improve the quality of products and the service provided and helps to reduces waste and customer complaints. 

Encourages internal communication and raises morale

  • ISO 9001 ensures that employees feel more involved through improved communication. Continued Assessment visits can highlight any skills shortages sooner and uncover any teamwork issues. 

Increases customer satisfaction

  • The 'Plan, Do, Check, Act' structure of ISO 9001 ensures that the needs of the customer are being considered and met.

ISO 14001:2004 Environment Management System

Demonstrate organizations'  responsibility to environment.

Customers, consumers and shareholders are increasingly demanding environmentally responsible products and services. They expect companies to comply with environmental standards and demonstrate their commitment to the environment in daily operations. Clients want proof of this commitment, and it is an opportunity for companies to leverage their sincere environmental actions.

ISO 14001 is an internationally accepted standard that sets out a framework of essential elements for putting an effective Environmental Management System (EMS) in place. The standard is designed to address the delicate balance between maintaining profitability and reducing environmental impact. 

The ISO 14001 Environmental Management Systems (EMS) certification enables organizations to demonstrate  commitment to the environment. The standard provides guidance on management of the environmental aspects of business activities more effectively, while taking into consideration environmental protection, pollution prevention and socio-economic needs.

Furthermore, it assists  organization to ensure compliance with environmental legislation and reduces the risk of penalties and possible litigation. Demonstrating commitment to the environment can transform  corporate culture externally by opening up new business opportunities with environmentally aware customers or clients. Internally, it can improve employee ethics and the workplace. ISO 14001 compliance can also provide organization with a better use of energy and resources, and reduce costs over time.

Who is it relevant to?

We all make an impact on the environment, be it from releasing gases into the atmosphere as a result of burning fossil fuels to heat offices and fuel  cars, to the depletion of natural resources such as from water use or paper consumption.

So, ISO 14001 is relevant to every organization, including: 

  • Single site to large multi-national companies 
  • High risk companies to low risk service organizations 
  • Manufacturing, process and the service industries; including local governments 
  • All industry sectors including public and private sectors 
  • Original equipment manufacturers and their suppliers

Benefits : 

Certification to ISO 14001 allows us to:

  • Demonstrate a commitment to achieving legal and regulatory compliance to regulators and government 
  • Demonstrate  environmental commitment to stakeholders 
  • Demonstrate an innovative and forward thinking approach to customers and  employees 
  • Increase  access to new customers and business partners 
  • Better manage environmental risks, now and in the future 
  • Potentially reduce or eliminate public liability insurance costs 
  • Reduce operational costs through reduced energy consumption and use of natural resources 
  • Reduce fines and clean-up costs  
  • Enhance  business reputation

OHSAS 18001:2007 Occupational Health and Safety Management System

Demonstrate your commitment to Occupational Health & Safety

More and more organizations are concerned about demonstrating their commitment to Occupational Health & Safety. This is mainly crucial for employees, but also for customers, stakeholders and the corporate image. In addition, stricter legislation demands that organizations show a clear, pro-active commitment towards health and safety. Clients and employees want proof of this up-front, in addition to being assured that an organisation will continue to meet their needs now and in the long term. That's a challenge but also an opportunity for organisations to reduce risk and provide a safer working environment.

OHSAS 18001 is a specification for Occupational Health & Safety Management Systems (OHSMS) jointly developed by a number of international third party certification bodies, national standards bodies, and other interested parties. It enables organizations to manage operational risks and improve performance. It also provides guidance on how to manage the health and safety aspects of your business activities more effectively, while taking into careful consideration accident prevention, risk reduction and the well-being of employees.

Many organizations are implementing an Occupational Health and Safety Management System (OHSMS) as part of their risk management strategy to address changing legislation and protect their workforce.

An OHSMS promotes a safe and healthy working environment by providing a framework that allows organization to consistently identify and control its health and safety risks, reduce the potential for accidents, aid legislative compliance and improve overall performance.

Demonstrating commitment to Occupational Health & Safety can positively improve the efficiency of internal operations and consequently reduce accidents, danger and downtime. Employee safety and the quality of the working environment are actively improved because objectives and responsibilities are made clearer and all employees are prepared to effectively deal with any future hazards. What's more, OHSAS 18001 ensures compliance with current legal requirements, reducing the risk of penalties or possible litigation.

Who is it relevant to?

OHSAS 18001 can be adopted by any organization willing to implement a formal procedure to reduce the risks associated with health and safety in the working environment for employees, customers and the general public.

Benefits

  • Certifying OHSAS 18001 management system enables organization to prove that it conforms to the specification and provides the following benefits:
  • Potential reduction in the number of accidents 
  • Potential reduction in downtime and associated costs 
  • Demonstration of legal and regulatory compliance 
  • Demonstration to stakeholders, commitment to health and safety 
  • Demonstration of an innovative and forward thinking approach 
  • Increased access to new customers and business partners 
  • Better management of health and safety risks, now and in the future 
  • Potential reduced public liability insurance costs

ISO 13485:2003 Quality Management System - Medical Devices

Ensuring confidence in medical device safety

The medical device industry is affected by a complex array of regulatory systems, national and international standards and other requirements. 

Whatever devices organization's produce, as medical device manufacturer/s, they have the  responsibility to consistently deliver devices that are safe and effective. ISO 13485 is the international standard recognized for medical device regulations around the world.

In the field of medical products, devices and components, regulatory requirements and customer needs regarding quality are becoming ever-more stringent. Legal manufacturers and their global suppliers are expected to pro-actively comply with the highest standards and regulations. Certification is needed before entering new markets or before customers place orders. ISO 13485 is now the foundation for all regulatory requirements. 

Gaining certification to ISO 13485 will help organization do business in this highly regulated sector. Whether organization's are looking to operate internationally or to expand locally to accommodate new business, ISO 13485 will help demonstrate to customers and regulators that they are committed to quality.

The regular assessment process will ensure that processes are continually checked for effectiveness and provide the opportunity to avoid unpleasant regulatory surprises.

Certification to this standard can improve overall performance, remove uncertainty and widen market opportunities with complying to requirements, such as 

  • Basic Quality System requirements with several enhancements 
  • Risk Management Approach to product development and product realization 
  • Validation of processes 
  • Consideration of statutory and regulatory requirements 
  • Tracking and record keeping 
  • Assuring positive product traceability and recall 

Who it is relevant to :

ISO 13485 is relevant to all manufacturers of medical devices (including subcontract manufacturers) to satisfy both regulatory and voluntary requirements.

Benefits :

  • ISO 13485 or in combination with regulatory certification, will be viewed by organization's customers, distributors and authorities as a genuine commitment to the quality of medical devices during the approval or bidding process.
  • Most medical device manufacturers will eventually want to sell their products worldwide. Certification to this standard will help achieve this objective.
  • Regular assessments performed by Zenith will help organization's to monitor and improve their management system and processes. This improves the reliability of operations and products, ensures compliance with regulatory and customer requirements and increases financial performance.

ISO/TS 16949:2009 Quality Management System for Automotive Industry

The ISO/TS 16949 Quality Management System certification standard for the automotive industry enables organizations to demonstrate their commitment to product quality and compliance to customer requirements. In addition, the standard allows to continuously improve quality management systems and related processes. It specifies the quality system requirements for the design/development, production, installation and servicing of automotive-related products. 

The global automotive industry demands world class levels of product quality, productivity and competitiveness as well as continual improvement. To achieve this goal many vehicle manufacturers insist that suppliers adhere to strict technical specifications laid out in a quality management standard for suppliers to the automotive sector, known as ISO /TS 16949.

The international recognition of the ISO/TS 16949 standard increases the credibility of organization when bidding for global sourcing contracts or expanding business locally. Gaining certification also helps to reduce production variations and improve manufacturing efficiency which can positively impact the bottom line. Furthermore, ISO/TS 16949 helps create a common quality system approach to the entire supply chain (for suppliers/subcontractors) and facilitates access to the industry's best practices.

Who is it relevant to?

ISO/TS 16949 is relevant to all types of automotive supply companies, from small manufacturers to multi-site multinational organizations located anywhere in the world. However, it is only applicable to sites where production or service parts are manufactured.

Benefits : 

Licence to trade

For most vehicle manufacturers, certification is a mandatory requirement that is internationally recognized - helping  to do business worldwide. 

Reduces waste and prevents defects

The specification is based on ISO 9001 and encourages a process approach. Understanding the inter-relationship of processes through the use of the standard can enable improved product and process quality and ultimately avoids variation in the supply chain. 

Flexible and easy to adopt

ISO /TS 16949 is based on ISO 9001, making the process approach easy to adopt and integrate with other key management systems including ISO 14001 Environment and OHSAS 18001 Occupational Health and Safety. It also complements many existing business improvement tools, such as FMEA, PPAP and Six Sigma. 

Brand reputation

Certification can provide additional confidence and consistency to all interested parties in global sourcing, enabling greater business opportunities and attracting more investment prospects.

Saves money by avoiding duplication

For suppliers to a number of different vehicle manufacturers, certification to ISO/TS 16949 avoids the need for multiple certificates, thereby eliminating duplication in preparation and documentation as well as second- and third-party audits.

ISO 22000 Food Safety Management System and HACCP

ISO 22000 is an international standard that defines the requirements of a food safety management system covering all organizations in the food chain from "farm to fork".

Increasing consumer demand for safe food has led many companies to develop food quality management systems and food safety management systems. ISO 22000 Certification creates a harmonised food safety standard that is accepted the world over. By integrating multiple principals, methodologies and applications, ISO 22000 is easier to understand, apply and recognise. That makes it more efficient and effective as an entry-to-market tool than previous combinations of national standards.

It speeds and simplifies processes without compromising other quality or safety management systems and can be used by all organisations in the supply chain, from farming to food services, to processing, transportation and storage, through to packaging and retail.

Who is it relevant to?

ISO 22000 is a truly international standard suitable for any business in the entire food chain, including inter-related organizations such as producers of food grains, food processors, food warehouses, food processing equipments, food packaging materials, food cleaning agents, food additives and food ingredients. 

Benefits 

  • Certifying food management system against the requirements of ISO 22000 will bring the following benefits to organizations:
  • Applicable to all organizations in the global food supply chain 
  • A truly global international standard 
  • Provides potential for harmonization of national standards 
  • Covers the majority of the requirements of the current retailer food safety standards 
  • Complies with the Codex HACCP principles 
  • Provides communication of HACCP concepts internationally 
  • An auditable standard with clear requirements which provides a framework for third-party certification 
  • Suitable for regulators 
  • The structure aligns with the management system clauses of ISO 9001 and ISO 14001 
  • Enables communication about hazards with partners in the supply chain

More specific benefits include:

  • System approach, rather than product approach 
  • Resource optimization - internally and along the food chain 
  • All control measures are subjected to hazard analysis 
  • Better planning - less post process verification 
  • Improved documentation 
  • Systematic management of prerequisite programmes 
  • Increased due diligence 
  • Dynamic communication on food safety issues with suppliers, customers, regulators and other interested parties 
  • A systematic and proactive approach to identification of food safety hazards and development and implementation of control measures

HACCP

The Hazard Analysis and Critical Control Points (HACCP) certification enables to demonstrate commitment to food HACCP safety and customer satisfaction, as well as continuously meeting the expectations of a changing world.

HACCP is an international principle defining the requirements for effective control of food safety. HACCP compliance/ HACCP certification helps organisations focus on the hazards affecting food safety and hygiene and also identifies them by setting up control limits at critical points during the food production process.

here are clear benefits associated with HACCP-based adoption and certification:

  • Enables organizations to demonstrate a commitment to food safety 
  • Conveys a degree of confidence required by consumers, retailers and buyers within the food industry 
  • Provides buyers, consumers, government enforcement and trade agencies with justified assurance that control systems are in place to assure the safe production of food 
  • It is based on the internationally-recognized Codex Alimentarius standards and guidelines and other national standards 
  • Regular assessments help you to continually monitor their food safety system

WHO-GMP

WHO-GMP is an acronym for WORLD HEALTH ORGANIZATION – GOOD MANUFACTURING PRACTICE is the specifications derived by world health organization.

GMP refers to the Good Manufacturing Practice Regulations promulgated by the US Food and Drug Administration under the authority of the Federal Food, Drug, and Cosmetic Act (See Chapter IV for food, and Chapter V, Subchapters  A, B, C, D, and E for drugs and devices.) These regulations, which have the force of law, require that manufacturers, processors, and packagers of drugs, medical devices, some food, and blood take proactive steps to ensure that their products are safe, pure, and effective. GMP regulations require a quality approach to manufacturing, enabling companies to minimize or eliminate instances of contamination, mixups, and errors.  This in turn, protects the consumer from purchasing a product which is not effective or even dangerous. Failure of firms to comply with GMP regulations can result in very serious consequences including recall, seizure, fines, and jail time.

GMP regulations address issues including recordkeeping, personnel qualifications, sanitation, cleanliness, equipment verification, process validation, and complaint handling. Most GMP requirements are very general and open-ended, allowing each manufacturer to decide individually how to best implement the necessary controls. This provides much flexibility, but also requires that the manufacturer interpret the requirements in a manner which makes sense for each individual business.

GMP is also sometimes referred to as "cGMP". The "c" stands for "current," reminding manufacturers that they must employ technologies and systems which are up-to-date in order to comply with the regulation. Systems and equipment used to prevent contamination, mixups, and errors, which may have been "top-of-the-line" 20 years ago, may be less than adequate by today's standards. 

BRC 

The BRC Global Standards are a suite of four industry-leading Technical Standards that specify requirements to be met by an organization to enable the production, packaging, storage and distribution of safe food and consumer products. Originally developed in response to the needs of UK members of the British Retail Consortium, the Standards have gained usage world-wide and are specified by growing numbers of retailers and branded manufacturers in the EU, North America and further a field. Certification to a Global Standard, which is achieved through audit by a third party Certification Bodies, reassures retailers and branded manufacturers of the capability and competence of the supplier, and reduces the need for retailers and manufacturers to carry out their own audits, thereby reducing the administrative burden on both the supplier and the customer.

The technical content and operation of the Global Standards is governed by the BRC Governance and Strategy Committee consisting of Senior Technical representatives of international businesses. The Global Standards are closely managed by the Global Standards Technical Team based in London who license auditing against the Standards to Certification Bodies who must be both accredited by a National Accreditation Body and meet strict BRC requirements. Information relating to BRC-approved Accreditation and Certification Bodies is available on the BRC Directory.

Kosher Certificates:

Kosher certification allows companies to have an edge over their competitors and allows them to sell to more clients than previously and creates export opportunities that previously did not exist to them. It opens up the American market in particular where Kosher is almost a market pre-requisite in order to get ones products into the American market. In Israel it is a market requirement and we find that Europe is also following the trend in America so it is a very fast growing market. Kosher Certification is also taken out by many clients even if they are not selling into the Kosher marketplace or to Jewish people as it is seen as a sign of quality and reassurance. Our clients will range from the large multinationals like Proctor & Gamble & Unilever right down to small companies and right across the globe from the UK to Indonesia etc.

Kosher certification is very different to ISO, HACCP, BRC, & ORGANIC certifications as it is based on our religion rather than on health and safety aspects. We always must use one of our Rabbis for the Initial Inspections, Audits or supervision as a requirement to comply with Kosher regulation and Kosher law. 

However I must point out that there is a vast difference between Kosher Agencies and the validity and acceptance of Kosher Certificates. Kosher certification is very different from other certifications in that it all depends on who is giving the certification. If it is a small agency or a local Rabbi or a non recognized agency then the Kosher certificate will not be recognized and the company will find that their certificates are being rejected. Unfortunately we get many companies who come to us after they have already taken out Kosher certification with a local Jewish community or unrecognized kosher agency and then request us to give them kosher certification so that they will get the worldwide universal recognition that they require. These companies are then upset at the amount of time and expense that they have wasted because they went to the local Rabbi or Jewish community that provided them certification for a low price. Companies must only go to the large & respectable Kosher Agencies that can give them universal and international acceptance.

ISO 27001:2005 Information Security Management System

Organization's core business processes is supported are information systems. Any disruption in the information quality, quantity, distribution or relevance puts business at risk. Information is critical to the operation and perhaps even the survival of organization. Being certified to ISO 27001 will help us to manage and protect valuable information assets.

ISO 27001 is the only auditable international standard which defines the requirements for an Information Security Management System (ISMS). The standard is designed to ensure the selection of adequate and proportionate security controls.

This helps organization to protect information assets and give confidence to any interested parties, especially our customers. The standard adopts a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving our ISMS.

ISO 27001 covers twelve sections:

  • Security Policy 
  • Organisation of Information Security 
  • Asset Management
  • Human Resources Security
  • Physical and Environmental Security
  • Communications and Operations
  • Management
  • Access Control
  • Information Systems Acquisition, Development and Maintenance
  • Information Security Incident Management
  • Business Continuity Management
  • Compliance

Who is it relevant to?

ISO 27001 is suitable for any organization, large or small, in any sector or part of the world. The standard is particularly suitable where the protection of information is critical, such as in the finance, health, public and IT sectors.

ISO 27001 is also highly effective for organizations which manage information on behalf of others, such as IT outsourcing companies: it can be used to assure customers that their information is being protected.

Benefits :

Certifying  ISMS against ISO 27001 can bring the following benefits to organization:

  • Demonstrates the independent assurance of internal controls and meets corporate governance and business continuity requirements 
  • Independently demonstrates that applicable laws and regulations are observed 
  • Provides a competitive edge by meeting contractual requirements and demonstrating to organization's customers that the security of their information is paramount 
  • Independently verifies that organizational risks are properly identified, assessed and managed, while formalizing information security processes, procedures and documentation 
  • Proves senior management's commitment to the security of its information 
  • The regular assessment process helps to continually monitor performance, and improve.

ISO 27001 Information Security Management Systems:

Information is an important asset & is valuable to an organization and hence needs to be suitably protected. Information leaks enhance risk.ISMS outlines the best practices that one should follow to protect informational assets.

ISMS is the only method that specifically addresses the protection of information. It provides detailed guidelines on how a secure management framework should be implemented. Recent high profile information security breaches and the value of information are highlighting the ever increasing need for organizations to protect their information. An Information Security Management Systems (ISMS) is a systematic approach to managing sensitive company information so that it remains secure. It encompasses people, processes and IT systems. 

Benefits: Comforts customers, employees, trading partners and stakeholders – in the knowledge that your management information and systems are secure. 

Credibility, trust and confidence: Your customers can feel confident of your commitment to keeping their information safe.

Cost Savings: The cost of a single information security breach can often be in excess of $100,000. Registration reduces the risk of such cost being incurred and this is important to stakeholders and other investors in your business.

Compliance: Registration helps to show the authorities that you comply with all the relevant laws and regulations.

Commitment: Registration helps to ensure and demonstrate commitment at all levels of the organization.

ISO 20000-1:2005 IT Service Management System

Demonstrate commitment to IT quality assurance

ISO 20000 certification (Information Technology certificate) enables organization to show commitment to a reliable IT infrastructure with the support from professionals. The ISO 20000 standard (IT quality control standard) focuses on managing IT issues via a helpdesk.

Standardization in IT service management considers system capacity, levels of management required when the system changes, financial budgeting, software control and distribution.

IT is essential to  today's business, however, concerns are increasingly being raised about IT services, both internal and outsourced, not aligning with the needs of businesses and customers.

A recognized solution to this problem is to use an IT Service Management System (ITSMS) based on ISO 20000, the international standard for IT service management. Certification to this standard enables organization's to independently demonstrate to their customers that they meet best IT business practices.

ISO 20000 consists of two main parts.

ISO 20000-1 is a formal specification and defines the requirements for an organization to deliver managed services of an acceptable quality for customers. 

The scope of certification includes:

  • Requirements for a management system
  • Planning and implementing service management
  • Planning and implementing new or changed services
  • Service delivery process
  • Relationship, Resolution, Control & Release  processes

ISO 20000-2 is a Code of Practice that describes the best practices for Service Management processes within the scope of specification. The Code of Practice is particularly useful for organizations preparing for an audit against ISO 20000-1 or planning service improvements.

Who is it relevant to?

ISO 20000 is applicable to any organization, large or small, in any sector or part of the world which relies on IT services. The standard is particularly suitable for internal IT service providers, such as IT departments, and external IT service providers, such as IT outsourcing organizations.

The standard is already making a positive impact in some of the leading IT-dependent sectors, such as the business process outsourcing, telecommunications, finance and public sectors.

Benefits 

Some of the key benefits are listed below:

  • IT service providers become more responsive to services which are business led rather than technology driven 
  • External service providers can use certification as a differentiator and win new business as this increasingly becomes a contractual requirement 
  • Gives ability to select and manage external service providers more effectively 
  • More opportunities to improve the efficiency, reliability and consistency of IT services impacting costs and service 
  • Certification audits enable the regular evaluation of the service management processes, which helps to maintain and improve effectiveness 
  • The certification process can reduce the amount of supplier audits, thereby reducing costs.

ISO/IEC 15408-1 : 2009 - Evaluation Criteria for Information Technology Security

With the rise of security breaches and the running of technology at its highest gear on the information superhighway, protection of confidential and vital information never has been more crucial. The needs to have some kind of assurance that the products and the systems used, that provide an adequate security to the security objective started since the "Orange Book"- TCSEC (1985), in the US. Various countries then began their initiatives to develop evaluation criteria that builds upon the concepts of TCSEC; in Europe - ITSEC (1991), Canada - CTCPEC (1993), US - Federal Criteria (Draft 1993).

The Common Criteria - ISO/IEC 15408 - Evaluation Criteria for Information Technology Security represents the outcome of series of efforts to develop criteria for evaluation of IT Security that are broadly useful within the international community.

Overview.

The CC document consists of:

Part 1 - Introduction and General Model. Part 1 defines general concepts and principles of IT security evaluation and presents a general model of evaluation. This part also presents the constructs for expressing IT security objectives, for selecting and defining IT security requirements, and for writing high-level specifications for products and systems. In addition, it provides the usefulness of each part of the CC in terms of each of the target audiences.

Part 2 - Security Functional Requirements. This part establishes a set of security functional components as a standard way of expressing the security requirements for IT products and systems. The catalog is organized into classes, families, and components.

Part 3 - Security Assurance Requirements. This part produces a catalog of establishes set of assurance components that can be used as a standard way of expressing the assurance requirements for IT products and systems. The Part 3 catalog is organized into the same class - family - component structure. Part 3 also defines evaluation criteria for PPs and STs. Part 3 presents the seven Evaluation Assurance Levels (EALs), which are predefined packages of assurance components that make up the CC scale for rating confidence in the security of IT products and systems. Consumers' use of CC - Consumer use of CC relates to the specification of functional and assurance requirements of products and systems under procurements. Part 2 of the CC is used when specifying the security functional requirements, and Part 3 is used when specifying the assurance requirements. Consumer can then use this statement of requirements as a specification to vendors of products or system integrators.

Developers' use of CC - The CC should be used to produce deliverables to meet the (CC) requirements. They may specify the functional and assurance requirements in a Security Target, or may have them specified by the consumer in the form of a Protection Profile. The functional requirements, specified using Part 2 of CC, are those with which the products are required to conform. Part 3 of the CC contains developer actions that are to be followed when formulating deliverables for evaluations to a particular set of assurance requirements.

Evaluators use of CC - CC contains mandatory statements of evaluation criteria that used when determining whether a Target of Evaluation (TOE) meets its claimed security functionality and assurance requirements. Guidance on the application of the CC is given in the Common Evaluation Methodology (CEM).

ISO 28000:2007

ISO 28000 standards specifies the requirements for a supply chain security management system, linking security management to many other aspects of business management. For organisations working within, or relying on, the logistics industry, certification to the ISO 28000:2007 supply chain management standard provides a valuable framework. It will help minimise the risk of security incidents and so help provide problem-free 'just in time' delivery of goods and supplies. ISO 28000 standard sets in place mechanisms and processes to address security vulnerabilities at strategic and operational levels, as well as establish preventive action plans. ISO 28000 is suitable for all sizes and types of organisation that are involved in purchasing, manufacturing, service, storage, transportation and/or sales processes, and wish to implement and maintain a secure management system for its supply chain.

CDG is at the leading edge of supply chain security management system certification. We have experience of security assessments gained from carrying out audits of many exporters, warehouses & ICD's.

Key Elements of ISO 28000 certification

- Establish, implement, maintain and improve a security management system. 

- Assure conformance with security management policy

- Demonstrate such conformance 

- Seek certification/registration of conformance by an accredited third-party organisation 

- Make a self-determination and self-declaration of conformance with ISO 28000.

Benefits of ISO 28000 Certification

- Allows security to be managed as a process so that the effectiveness of security 

  management can be measured and improved;

- Allows management to focus resources and efforts on areas with high-risk concerns (through 

  a security risk assessment);

- Allows management to benchmark its security management efforts with international 

  standards; and

- Demonstrates to stakeholders the commitment to enforce a systematic security management.

ISO 29001:2007 Oil and Gas

ISO 29001 defines the quality management system requirements for the design, development, production, installation and service of products for the petroleum, petrochemical and natural gas industries. ISO 29001 specifically focuses on the oil and gas supply chain. 

The ISO 29001 standard is based on ISO 9001 and incorporates supplementary requirements emphasising defect prevention and the reduction of variation and waste from service providers.

These requirements have been developed separately to ensure that they are clear and auditable. They also provide global consistency and improved assurance in the supply quality of goods and services from providers. This is particularly important when the failure of goods or services have severe ramifications for the companies and industries involved. 

Who is it relevant to?

This standard is for all organizations working within the oil and gas industry supply chain. 

Benefits :

Certification to ISO 29001 ensures standardization and improvement within the sector. 

A licence to trade in the oil and gas industry

For many organizations within the oil and gas supply chain, certification to this standard is necessary to secure valuable contracts and gain competitive advantage. 

Enhanced brand reputation

Certification proves commitment to industry best practice and enables to stand out above the crowd. 

Flexibility

The standard has been designed to be compatible with other existing management systems standards making integration of  your systems easier. 

Cost savings

Third-party certification to this technical standard will help to reduce multiple supplier audits and any associated costs. 

Managed business risk

Based as it is on ISO 9001, certification also makes it easier to measure performance and better manage business risk. 

Streamlined operations and reduced waste

The assessment focuses on operating processes, which encourages to improve the quality of  products and service and helps to reduce waste, rejections and customer complaints. 

Encourages communication

Like ISO 9001, this requirement scheme ensures that employee/s feel more involved through improved communication. Continued assessment visits can highlight any problems and uncover any issues that may be present

ISO 30000 Ships and marine technology. Ship recycling management systems. Specifications for management systems for safe and environmentally sound ship recycling facilities

ISO 30000 has been developed in response to demand from industry for a ship recycling standard. It is applicable to any ship recycling facility that wishes to:

  • Establish, implement, maintain and improve a safe and environmentally sound management system for the recycling of ships 
  • Assure itself of conformity with its stated safe and environmentally sound management policy 
  • Demonstrate conformity with this standard by

- Making a self-determination and self-declaration, or

- Seeking confirmation of its conformance by parties having an interest in the facility such as customers, or 

  • Seeking confirmation of its self-declaration by a party external to the organization, or 
  • Seeking certification/registration of its management system by an external organization.

All the requirements of ISO 30000 are intended to be incorporated into the management systems of any ship recycling facility. In order to be in compliance with ISO 30000, the management systems will address all requirements.

ISO 30000 specifies requirements for a management system to enable a ship recycling facility to develop and implement procedures, policies and objectives in order to be able to undertake safe and environmentally sound ship recycling operations in accordance with national and international standards. 

ISO 10002:2004

ISO 10002:2004 Complaints Management System provides guidance on the process of complaints handling related to products within an organization, including planning, design, operation, maintenance and improvement. The complaints handling process described is suitable for use as one of the processes of an overall quality management system.

ISO 10002 is relevant to any organization that wishes to exceed customer expectations, a basic requirement for businesses of all types and sizes, whether they're in the private, public or voluntary sectors.

"A complaint is an expression of dissatisfaction made to an organization, related to its products, or the complaints handling process itself, where a response or resolution is explicitly or implicitly expected."  Definition from ISO 10002:2004

Key Elements of ISO 10002 certification

  • enhancing customer satisfaction by creating a customer-focused environment that is open to 
  • feedback (including complaints), resolving any complaints received, and enhancing the 
  • organization's ability to improve its product and customer service;
  • top management involvement and commitment through adequate acquisition and deployment of 
  • resources, including personnel training;
  • recognizing and addressing the needs and expectations of complainants;
  • providing complainants with an open, effective and easy-to-use complaints process;
  • analysing and evaluating complaints in order to improve the product and customer service quality;
  • auditing of the complaints-handling process;
  • reviewing the effectiveness and efficiency of the complaints-handling process

Benefits of ISO 10002 

  • Customer retention
  • Brand reputation
  • Operational efficiency
  • Improved internal communications and relations
  • Flexibility
  • Continual improvement
  • Enhancing customer satisfaction by creating a customer-focused environment that is open to  feedback (including complaints), resolving any complaints received, and enhancing the organization's ability to improve its product and customer service;
  • Top management involvement and commitment through adequate acquisition and deployment of - resources, including personnel training;
  • Recognizing and addressing the needs and expectations of complainants;
  • Providing complainants with an open, effective and easy-to-use complaints process;
  • Analysing and evaluating complaints in order to improve the product and customer service quality;
  • Auditing of the complaints-handling process;
  • Reviewing the effectiveness and efficiency of the complaints-handling proces

SA 8000

SA 8000 is an international certification standard that encourages organizations to develop, maintain and apply socially acceptable practices in the workplace. It was created in 1989 by Social Accountability International (SAI), an affiliate of the Council on Economic Priorities, and is viewed as the most globally accepted independent workplace standard.

The standard is based on a number of existing international human rights' standards including the United Nation's Universal Declaration of Human Rights and the UN Convention on the Rights of the Child.

It is the most widely recognized global standard for managing human rights in the workplace is Social Accountability International’s SA 8000. It is the first auditable standard, suitable for organizations of all sizes anywhere in the world, and provides a framework for assuring all of your stakeholders that social accountability is being stewarded by your management.

SA 8000 certification enables you to demonstrate your commitment to social accountability standards as well as employee and customer satisfaction.

Benefits of SA 8000 Certification

SA 8000 compliance proves your company’s commitment to social accountability and to treating your employees ethically and in compliance with global standards, Also:

  • It helps in opening new Markets
  • Transparency to stakeholders
  • Helps in attracting new customers 
  • Brand image and reputation 

REACH Certification

Evaluation Process

The evaluation process has three purposes:

  • The first purpose is for authorities to evaluate the testing proposals made by industry to ensure the safety of their products and thereby ensuring that animal testing is kept to a minimum. 
  • The second purpose is to check compliance with the requirements of the regulation. 
  • The third purpose is to examine any suspicion of risks to human health and the environment arising from substances. 
  • Evaluation provides a means for the authorities to require registrants, and in very limited cases downstream users, to provide further information. 
  • There are two types of evaluation: dossier evaluation and substance evaluation: 

Dossier evaluation is conducted by authorities to examine proposals for testing to ensure that unnecessary animal tests and costs are avoided, and to check the compliance of registration dossier with the registration requirements.

Substance evaluation is performed by authorities when there is a reason to suspect that a substance presents a risk to human health or the environment (e.g. because of its structural similarity to another substance). Therefore, all registration dossiers submitted for a substance are examined together and any other available information is taken into account.

AUTHORISATION

The REACH proposal sets up a system under which the use of substances with properties of very high concern and their placing on the market can be made subject to an authorisation requirement.

This authorisation requirement ensures that risks from the use of such substances are either adequately controlled or justified by socio-economic grounds, having taken into account the available information on alternative substances or processes.

The substances selected for the authorisation system have hazardous properties of such very high concern that the Community needs to decide about the adequacy of the control of risks arising from their uses or about the socio-economic benefits of the uses of such substances that justify risks arising from their use:

Category 1 and 2 CMR substances have effects on humans which are generally so serious and cannot normally be reversed, and PBT and vPvB substances accumulate in living organisms, which cannot normally be reversed, either. To provide a security net, other substances with serious and irreversible effects of an equivalent level of concern as the CMR, PBT and vPvB substances, can be identified on a case-by-case basis. This could for example be endocrine disrupters which are not already covered by the CMR criteria.

The authorisation provisions require those using or making available substances with properties of very high concern which are included into the system to apply for an authorisation for each use, regardless of the quantity of the substance used, within deadlines set by the Commission.

The burden of proof is placed on the applicant to demonstrate that the risk from the use is adequately controlled or that the socio-economic benefits outweigh the risks. In the latter case, applicants need to submit a substitution plan along with a socio-economic analysis.

The Agency, via its Committees for Risk Assessment and Socio-economic Analysis provides opinions on the applications, which the Commission will use for its decisions on applications. 

In particular the Authorisation process ensures that:

  • The burden of proof to demonstrate that the risk from the use is adequately controlled or that the socio-economic benefits outweigh the risks are placed on the applicants for authorisation.
  • The Commission and the MS authorities can monitor the progress;
  • The Commission, the MS authorities and industry can focus their resources by starting with those substances that are considered to pose the greatest current risk and to deliver the 'Highest Expected Regulatory Outcome' (Hero).

RESTRICTIONS

The restrictions procedure is a safety net for substances posing an unacceptable risk to human health or the environment arising from its manufacture, use or placing on the market, which need to be addressed on a Community wide basis.

The basis of the demonstration of the unacceptable risk to human health or the environment on a Community wide basis, will be a risk assessment. This will be different from the CSR of the individual dossiers as they usually won’t deal with regional ‘exposure’, aggregate volumes, and multiple exposures.

A restriction of a substance is any condition for, or prohibition of, its manufacture, use or placing on the market. Restrictions enable risk management measures beyond those already implemented by manufacturers, importers and downstream users, to be introduced across the Community where they are shown to be necessary. Restrictions can also impose a harmonised level of risk management measures. Restrictions apply to all manufacturers, importers, downstream users and distributors of a substance if the manufacture, use or placing on the market (activity) of this substance is included in Annex XVII.

Annex XVII contains restrictions on the manufacture, placing on the market and use of certains dangerous substances, preparations and articles; a consolidation of the restrictions contained in Directive 76/769/EC.

Activities with the substances not included in Annex XVII are allowed, provided there is no restriction in other, sector specific Community legislation, and the substance is not subject to authorisation (Annex XIV).

All substances on their own, in preparations or in articles may be subject to restrictions, regardless of any duty to register the substance. Restrictions apply to activities regardless of the quantity, unless the annex specifies thresholds. However, use of a restricted substance in scientific research and development, as well as product and process oriented research and development activities in quantities below 1 tonne per year, is exempted.

The restrictions also do not apply to substances that are waste being treated in a waste treatment installation within the conditions of a permit.

CE Mark

The CE mark demonstrates that the product meets the requirements of relevant European directives. It is mandatory for a wide range of products sold within or exported to the European market.

CE mark on a product:

  • Indicates to government/s that the product can be legally sold within the European Union (EU) and the European Free Trade Area (EFTA). 
  • Ensures the product can move freely throughout the European Single Market 
  • Indicates to customers that the product meets designated  safety standards. 
  • Promotes public health and safety 
  • Enhances product credibility 
  • Leads to improved sales and greater customer satisfaction 

CE Mark is the manufacturer's claim that the product meets the essential requirements of all relevant European Directives. CE Mark compliance is legally enforced  requirement for the European Union member states and the European Economic Area countries. The countries are Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lichtenstein, Lithuania, Luxemburg, Malta, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, The Netherlands, UK. Other countries are most likely  to adopt the directives in  the near future. To sell products in any of these countries CE mark is an essential requirement. 

The following European Directives requiring the affixing of a CE Mark are currently in force, which apply to the respective industries  :

  • Directive 2009/48/EC Safety of toys
  • Directive 2006/42/EC Machinery 
  • Directive 2006/95/EC Low Voltage / LVD / Electrical safety
  • Directive 2004/108/EC Electro Magnetic Compatibility (EMC) 
  • Directive 89/686/EC Personal protective equipment (PPE)  
  • Directive 97/23/EC Pressure Equipment
  • Directive 93/42/EC Medical devices 
  • Directive 90/385/EC Active implantable medical devices
  • Directive 98/79/EC  In Vitro Diagnostic medical devices 
  • Directive 1999/5/EC Telecommunications Terminal Equipment 
  • Directive 2009/105/EC Simple Pressure Vessels 
  • Directive 2009/142/EC Appliances burning gaseous fuels 
  • Directive 95/16/EC Lifts  
  • Directive 94/25/EC Recreational craft 
  • Directive 94/9/EC Equipment explosive atmosphere (ATEX)  
  • Directive 90/384/EC Non-automatic weighing  
  • Directive 2000/9/EC Cableways
  • Directive 89/106/EC Construction products  
  • Directive 93/15/EC Explosives for civil uses  
  • Directive 92/42/EC New hot-water boilers fired BOILERS FIRED with liquid or gaseous fuels 
  • Directive 2004/22/EC  Measuring Instruments
  • Directive 2009/125/EC Eco-design requirements for energy related products
  • Directive 92/75/EC Energy labelling of household appliances 
  • Directive 99/36/EC Transportable pressure equipment Directive 
  • Directive 2000/14/EC Noise emission in the environment by equipment for use outdoors 

Benefits :

Market access & development :

Enter into new markets  and maximize the potential of existing markets with  appropriate CE certified products

Risk management: 

Mitigate the risks and liabilities in your chosen markets and achieve secure and robust decision making through the management of risk and ensure regular compliance.

Product differentiation: 

Through independent testing and certification your products will stand out from your competitors

Competitive edge: 

Recognized  all over the globe.

Customer confidence:

Trusted independence and reputation achieve consumer confidence and business assurance.

CE MARKING:

After successful completion of testing of product, we shall establish a technical documentation (Technical File) for the products to be covered for CE marking. 

The technical documentation must allow assessment of conformity of the product with the requirement of respective directives.

It must include:

  • A general description of the product including any variants planned.
  • Design, drawings, methods of manufacture envisaged, diagrams of the components, sub assemblies, etc.
  • Description and explanation necessary to understand above mentioned drawings, diagrams of operation of the products.
  • Result of risk analysis and list of standards referred description of solutions adopted to meet essential requirements of directives (if the standards are not applied in full).
  • In case of the products placed in the market in a sterile condition, description of the methods used. (If Applicable)
  • Result of design calculations and of the inspections carried out etc.
  • Test reports and where appropriate.
  • The label and instruction for use.
  • Operational Manual

In general the documentation must be made available until 5 years after the manufacture of last product to the national govt. of the country in which the product is placed on the market.

The Technical file is reviewed for it’s adequacy in line to requirements of respective Directive

ROAD MAP TO GET CE CERTIFICATION

CE MARKING:

After successful completion of testing of product, we shall establish a technical documentation (Technical File) for the products to be covered for CE marking. 

The technical documentation must allow assessment of conformity of the product with the requirement of respective directives.

It must include:

  • A general description of the product including any variants planned.
  • Design, drawings, methods of manufacture envisaged, diagrams of the components, sub assemblies, etc.
  • Description and explanation necessary to understand above mentioned drawings, diagrams of operation of the products.
  • Result of risk analysis and list of standards referred description of solutions adopted to meet essential requirements of directives (if the standards are not applied in full).
  • In case of the products placed in the market in a sterile condition, description of the methods used. (If Applicable)
  • Result of design calculations and of the inspections carried out etc.
  • Test reports and where appropriate.
  • The label and instruction for use.
  • Operational Manual

In general the documentation must be made available until 5 years after the manufacture of last product to the national govt. of the country in which the product is placed on the market.

The Technical file is reviewed for it’s adequacy in line to requirements of respective Directive