What is ISO certification and why does it matter

Tips
Written By Matthew Wymer

Just Digital have proudly achieved ISO 9001, ISO 14001 and ISO 27001 certification, but what do they mean and why do they matter?

ISO (International Organisation for Standardisation) is an independent, non-governmental international organisation which develops and publishes international standards. The standards ISO develop cover various aspects of business from quality to environmental management.

Each standard has different benefits and requires organisations to meet different criteria.

ISO 9001

ISO 9001 is based on the idea of continual improvement and sets out the requirements for a quality management system (QMS). Based on a number of quality management principles, ISO 9001 ensures businesses are more efficient and improve customer satisfaction.

Organisations that are ISO 9001 certified will have a Quality Management System implemented in core areas of their organisation, including their facilities, people, training, services and equipment. Topics covered for ISO 9001 include:

  • QMS requirements, which include documenting information, planning, processes and management responsibilities

  • Resource management

  • Product design to delivery

  • Measuring, analysing and improving the QMS through methods such as internal audits

What does it mean to be ISO 9001 certified?

A company certified to ISO 9001:

  • Puts customers and their needs first

  • Strives to enhance customer satisfaction

  • Provides high quality products

  • Works efficiently

  • Meets the necessary statutory and regulatory requirements

ISO 14001

ISO 14001 is an environmental management system accreditation. It helps organisations to enhance their environmental performance, fulfil environmental obligations and achieve their environmental objectives.

Being ISO 14001 certified helps organisations reduce waste and improve efficiency and compliance through reductions in stock purchases and reusing or recycling materials.

Being ISO 14001 certified means organisations will have implemented an Environmental Management System (EMS). ISO 14001 helps provide a general framework that will then assist organisations in planning, implementing and improving their EMS and provide a reference for environmental improvement.

There are 5 essential elements to achieve or maintain certification:

  • Commitment and policy

  • Planning (for example setting goals and targets)

  • Implementation (training staff on procedures and communicating this)

  • Evaluation (continuously monitoring and adjusting plans)

  • Review (plans, goals and the EMS should all be reviewed)

What does it mean to be ISO 14001 certified?

Organisations that are ISO 14001 certified:

  • Improve efficiency and reduce environmental impact

  • Continuously monitor and control the environmental impact of their business operations

  • Are compliant with environmental legislation

  • Supply chain environmental performance

ISO 27001

ISO 27001 certification demonstrates that organisations are compliant with information security, and is the only information security management system standard that is accepted globally.

ISO 27001 means that processes are in place where organisations look intently at all assets and assess the risk and impact of an attack or failure and how effective the controls in place are to protect the assets. The processes also help identify what risks need to be addressed and what risks are deemed low priority.

ISO 27001 is a collection of best practices specifically aimed at information security. It doesn’t tell organisations how they should implement information security but guides them to the necessary goals that they need to achieve to be secure.

What does it mean to be ISO 27000 certified?

ISO 27001 certified organisations will have:

  • Security policies including human resources, supplier relationships and communications security

  • Asset management, security incident management and business continuity management

  • Cryptography, operations security and compliance

  • System acquisition, development, maintenance and access control

ISO 27001 means organisations can show to their employees, clients and stakeholders that they are effectively and securely managing client information and their own. ISO 27001 also helps organisations comply with some aspects of the GDPR (General Data Protection Regulation). Data encryption, confidentiality and personal data processing are just some aspects of ISO 27001 requirements that are similar to those of the GDPR. A few examples of what ISO means are:

  • All critical data is secure

  • All information security is up-to-date with new technology

  • Increased customer confidence

  • Proof of abidance to best security practices

Matthew Wymer
Previous

JD Carbon Balance all their paper
Next

How direct mail can increase your ROI