ISO certification preparation

certified v2Before taking the road to certification, it is important to define the “business case” that drives the organization trough the requirements and details of the standard.

In this phase ITSM CENTER assists the customer to define a strategic approach to Certification.  ITSM CENTER defines scope and eligibility for the organization together with the Business and IT, since it is important to relate the objectives to the Business results. After defining the objectives, ITSM CENTER defines the master plan and organizes an awareness campaign with Managers, Staff involved, Customers and Suppliers, in order to obtain the maximum consensus and establish the readiness for a successful certification program. This approach has the following deliverables:

  • Eligibility Report Certification Scope (Customers, IT Services, Locations)
  • Certification Roadmap with time and estimated resources
  • Business Case with Objectives for IT and the Business
  • Awareness Campaign
  • Project Organization

The duration of this phase could be from 10 to 30 days, depending of the size and geography of the company.

The base for the Design and Implementation phase consists of the assessment results and the goals agreed upon in the Business Case.

ISO and other standards specialization

  • ISO 9001 - Quality Management System

    Quality Management System will help your organization develop and improve performance, demonstrate high levels of service and shows that your organization follows internationally recognised quality management principles. ISO 9001 also allows you to become a more consistent competitor in your marketplace. Quality Management System is efficient way of working and helps you save time, money and resources.

    ISO 9001 is the internationally recognized standard for the quality management of businesses worldwide. Businesses go for ISO 9001 certification as it brings various benefits for them. When a company is said to be ISO 9001 certified, it means that the company has passed a physical ISO 9001 certification audit which ensures the quality of management of that business entity.

    The quality standard is applicable to companies of any size or sector who is seeking to improve their internal management and operational processes. We recommend that companies who are completing ISO 9001 certification apply the standard throughout their organisation, as opposed to at a particular department, site or divisions of the company.

  • ISO/IEC 27001 - Information Security Management System

    The ISO/IEC 27000 family of standards helps organizations keep information assets secure.

    Using this family of standards will help your organization manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by third parties.

    ISO/IEC 27001 is the best-known standard in the family providing requirements for an information security management system (ISMS).

  • ISO/IEC 20001 - IT Service Management System

    ISO/IEC 20000-1:2011 is a service management system (SMS) standard. It specifies requirements for the service provider to plan, establish, implement, operate, monitor, review, maintain and improve an SMS. The requirements include the design, transition, delivery and improvement of services to fulfil agreed service requirements.

    ISO/IEC 20000-1:2011 can be used by:

    • an organization seeking services from service providers and requiring assurance that their service requirements will be fulfilled
    • an organization that requires a consistent approach by all its service providers, including those in a supply chain
    • a service provider that intends to demonstrate its capability for the design, transition, delivery and improvement of services that fulfil service requirements
    • a service provider to monitor, measure and review its service management processes and services
    • a service provider to improve the design, transition, delivery and improvement of services through the effective implementation and operation of the SMS
    • an assessor or auditor as the criteria for a conformity assessment of a service provider's SMS to the requirements in ISO/IEC 20000-1:2011

  • ISO 22301 - Business Continuity Management System

    ISO 22301:2012 specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise.

    The requirements specified in ISO 22301:2012 are generic and intended to be applicable to all organizations, or parts thereof, regardless of type, size and nature of the organization. The extent of application of these requirements depends on the organization's operating environment and complexity.

  • ISO 14001 - Environment Management System

    The ISO 14000 family of standards provides practical tools for companies and organizations of all kinds looking to manage their environmental responsibilities.

    ISO 14001:2015 and its supporting standards such as ISO 14006:2011 focus on environmental systems to achieve this. The other standards in the family focus on specific approaches such as audits, communications, labelling and life cycle analysis, as well as environmental challenges such as climate change.

  • eIDAS - electronic ID and Trust Services

    eIDAS oversees electronic identification and trust services for electronic transactions in the European Union's internal market. It regulates electronic signatures, electronic transactions, involved bodies and their embedding processes to provide a safe way for users to conduct business online like electronic funds transfer or transactions with public services. Both the signatory and recipient have access to a higher level of convenience and security. Instead of relying on traditional methods, such as mail, facsimile service, or appearing in person to submit paper-based documents, they may now perform transactions across borders, e.g., using “1-Click” technology.

    eIDAS has created standards for which electronic signatures, qualified digital certificates, electronic seals, timestamps and other proof for authentication mechanisms enable electronic transactions with the same legal standing as transactions performed on paper.

    The eIDAS Regulation came into effect in July 2014 as a means to facilitate secure and seamless electronic transactions within the European Union. EU member states are required to recognize electronic signatures that meet the standards of eIDAS.