Just Digital have proudly achieved ISO 9001, ISO 14001 and ISO 27001 certification, but what do they mean and why do they matter?
ISO (International Organisation for Standardisation) is an independent, non-governmental international organisation which develops and publishes international standards. The standards ISO develop cover various aspects of business from quality to environmental management.
Each standard has different benefits and requires organisations to meet different criteria.
ISO 9001 is based on the idea of continual improvement and sets out the requirements for a quality management system (QMS). Based on a number of quality management principles, ISO 9001 ensures businesses are more efficient and improve customer satisfaction.
Organisations that are ISO 9001 certified will have a Quality Management System implemented in core areas of their organisation, including their facilities, people, training, services and equipment. Topics covered for ISO 9001 include:
A company certified to ISO 9001:
ISO 14001 is an environmental management system accreditation. It helps organisations to enhance their environmental performance, fulfil environmental obligations and achieve their environmental objectives.
Being ISO 14001 certified helps organisations reduce waste and improve efficiency and compliance through reductions in stock purchases and reusing or recycling materials.
Being ISO 14001 certified means organisations will have implemented an Environmental Management System (EMS). ISO 14001 helps provide a general framework that will then assist organisations in planning, implementing and improving their EMS and provide a reference for environmental improvement.
There are 5 essential elements to achieve or maintain certification:
Organisations that are ISO 14001 certified:
ISO 27001 certification demonstrates that organisations are compliant with information security, and is the only information security management system standard that is accepted globally.
ISO 27001 means that processes are in place where organisations look intently at all assets and assess the risk and impact of an attack or failure and how effective the controls in place are to protect the assets. The processes also help identify what risks need to be addressed and what risks are deemed low priority.
ISO 27001 is a collection of best practices specifically aimed at information security. It doesn’t tell organisations how they should implement information security but guides them to the necessary goals that they need to achieve to be secure.
ISO 27001 certified organisation will have:
ISO 27001 means organisations can show to their employees, clients and stakeholders that they are effectively and securely managing client information and their own. ISO 27001 also helps organisations comply with some aspects of the GDPR (General Data Protection Regulation). Data encryption, confidentiality and personal data processing are just some aspects of ISO 27001 requirements that are similar to those of the GDPR. A few examples of what ISO means are: