Monday, 28 January 2013

The PDCA of ISO 50001 EnMS

                     What is the underlying foundation for the
            PLAN-DO-CHECK-ACT (PDCA) continual
Improvement structure of an ISO 50001 energy management system (EnMS)? (Click here for detailed graphic)

Management responsibility Demonstrate top management’s commitment and support to the EnMS and to continual improvement of its Effectiveness and the organization’s energy performance.
Roles, responsibility and authority appoint an energy champion and an energy team, and define and communicate expectations for energy management and energy performance improvement behaviors and actions.
Energy policy Develop and implement top management’s statement of the organization’s commitments related to energy to provide direction for energy performance improvement activities.

What’s addressed in energy PLANning ?

 Legal and other requirements — identify and keep up to date the legal and other requirements applicable to the organization’s energy uses.

Energy review — Analyze energy data, identify the significant energy uses, and prioritize the organization’s opportunities for energy performance improvement.

Energy baseline — Define a period of time to serve as a basis for comparison of energy performance.

Energy performance indicators (EnPIs) — Develop quantitative measures of energy performance.

Objectives and targets — decide on the energy performance improvement goals to be achieved by the organization.

Energy management action plans — Plan the actions, responsibilities and methods needed to achieve and verify the improvements stated in the energy objectives and targets.

How DO the outputs from energy planning get implemented?

Competence, training and awareness — Ensure that employees and contractors are aware of and capable of carrying out their energy management responsibilities.

Communication — Implement processes for internal and external communication about the EnMS and the organization’s energy performance.

Documentation — Maintain documented information on the EnMS.

Control of documents — Establish processes for managing documents to ensure that current and accurate information is available.

Operational control — Plan the operations associated with your significant energy uses, objectives and targets, and action plans to ensure that those operations are resourced and carried out consistently.

Design — consider opportunities for improving energy performance in design activities for new, modified or renovated facilities, equipment, systems and processes.

Procurement — Make energy performance a factor in purchasing decisions when significant energy uses are involved.

What Processes CHECK on how the EnMS is Doing?

Monitoring, measurement and analysis — Monitor, measure and analyze the key characteristics of activities that determine energy performance.

Evaluation of compliance — Assess the status of compliance with applicable legal requirements and other energy requirements adopted by or committed to by the organization.

Internal audit — Verify that the EnMS is functioning properly and generating the planned results.

Nonconformities, correction, corrective and preventive action — Identify and correct actual and potential problems.

Control of records — Maintain information that indicates the results achieved or provides evidence of the activities performed.

How does the management ACT for continual improvement?

Management review — Review the results and performance of the EnMS and take action to ensure its continuing suitability, adequacy, effectiveness and continual improvement in energy performance.



Saturday, 26 January 2013

How to make Implementation of ISO 27001 easier by using ISO 9001

How to make Implementation of ISO 27001 easier by using ISO 9001

Many companies that have implemented ISO 9001 look towards ISO 27001 implementation without knowing they can actually reduce the implementation time by 30%
ISO 27001 and ISO 9001 may seem like quite different standards, but when you take a closer look at both, you can find a lot of similarities. They have the same Plan-Do-Check-Act (PDCA) cycle, four mandatory procedures are the same (Internal audit, Document control, Corrective action and Preventive Action), the role of management is very similar etc

· applies to the processes that create and control the products and services an organisation supplies

· prescribes systematic control of activities to ensure that the needs and expectations of customers are met

· is designed and intended to apply to virtually any product or service, made by any process anywhere in the world

· Identify the requirements of ISO 9001 and how they apply to the business involved.

· Establish quality objectives and how they fit in to the operation of the business.

· Produce a documented quality policy indicating how these requirements are satisfied.

· Communicate them throughout the organisation.

· Evaluate the quality policy, its stated objectives and then prioritise requirements to ensure they are met.

· Identify the boundaries of the management system and produce documented procedures as required.

· Ensure these procedures are suitable and adhered to.

· Once developed, internal audits are needed to ensure the system carries on working.

ISO 27001specifies the management of Information Security. Applicable to all sectors of industry and commerce, it is not confined just to information held on electronic systems, but addresses the security of information in whatever form it is held.

· Customers, employees, trading partners and stakeholders are comforted in the knowledge that your management information and systems are secure.

· Demonstrates credibility and trust.

· Cost savings - even a single information security breach can involve significant expense.

· Establishes that relevant laws and regulations are being adhered to.

· Shows that a commitment to Information Security exists at all levels throughout an organization

· Confidentiality - ensuring that access to information is appropriately authorized

· Integrity - safeguarding the accuracy and completeness of information and processing methods

· Availability - ensuring that authorized users have access to information when they need it Security policy

· Organizational security

· Asset classification and control

· Personnel security

· Physical and environmental security

· Communications and operations management

· Access control

· System development and maintenance

· Business continuity management

· Compliance

By implementing a management system within a legislative and regulatory framework such as ISO 9001, organizations can demonstrate compliance and reduce exposure to risk. In addition, by extending an existing quality management system (QMS) to encompass the requirements of an Information security management system (ISMS), organizations can enhance their compliance and achieve improvement throughout the organization. Extending an existing quality management system (QMS) to encompass the requirements of an Information security management system (ISMS) enables organizations to comply with an increasing Number of legal and regulatory requirements and enables the adoption of an integrated approach to Compliance management