Contracting – Why

Obtain an ISO

Certification?

1

Virginia Economic Development Partnership

Speaker: Lisa DuBrock, CPA, CBCP, MBCI

Managing Partner

Radian Compliance, LLC

Objectives• Gain an understanding of the domestic and

international contracting landscape and ISO

• ISO Management System Standards – a

background

• Other ISO Standards

• Competitive Continuum

2

ISO – the basics• International Organization of Standardization

• 164 National Standards Bodies

• 19,200 standards and counting

• Standardization facilitates World Trade

• Spread Knowledge, share good management and

conformity assessment practices

• Both Vertical dependent and independent

• Management System vs Industry/product specific

3

ISO – the Bottom Line• Global Impact

o OECD estimates standards and conformity assessments have an impact

on 80% of commodity world trade

o WTO requires members to use ISO standards to avoid technical barriers to

trade

• National Impacto Standardization has directly contributed to 25% of Frances GDP growth

o Standards are estimated to have or will contribute to 2.4 Billion NZD in

annual GDP

o Standards are estimated to have contributed to 9% real GDP growth in

Canada from 1981-2004

• Company Impacto PTT Chemical Thailand – saved 9.4 million USD in 2010

o NTUC Fairprice – Singapore saved 13.6 million SGD over 10 years

4

Closer to Home• DoS requires ISO 27001 compliance to bid on

certain projects

• IDIQ NetSense II and VAVitals - ISO 20000

certification/compliance

• DoD has issued PGI 224.7401requiring compliance

to ANSI/ASIS PSC.1

• UK MoD supported 3 PSC companies obtaining

certification to ANSI/ASIS PSC.1

• Various countries require compliance to ISO

standards

• VA hospital systems – ISO 9001

• Corp - reduced audit time

• CISCO Gold certification5

Excuses to not certify• Too busy

• Too large

• Too small

• Maybe next year

• Reality – Radian has 14 small businesses that have 3

certifications a piece

• Reality – Large Businesses embrace multiple

certifications

6

Management System Standards

• Exampleso ISO 9001

o ISO 20000-1

o ISO 27001

o ISO 14001

o ISO 22301

o ANSI PSC.1

• Common Elementso Management Commitment/Leadership

o Documented information

o Internal Audit

o Management Review

o Continual Improvement

o Typically based on PDCA

7

Management

Systems

ISO 20000-1:2011

IT Service Management

ISO 22301:2011

Business Continuity

Management

ISO 27001:2013

Information

Security

Management

System

ISO 9001:

2008

Quality

Management

System

ISO

14001:2004

Environmental

Management

Say what you do…do what you say…or not

9

ISO 9001• Quality Management System

• Granddaddy of ISO Management Systems

• Frequently used by companies as the foundation of

all management systems

• Key area within the Standard – Product/Service

Realization

• To be updated in 2015 with a new emphasis on risk

10

ISO 20000-1• Service Management System

• Frequently used by companies that want to certify

to an ITIL Service Delivery standard.

• Usually heavily IT or Contact center based

• Key requirements of the system – development and

implementation of a service catalog, availability

and capacity plans

• Process requirements include, incident, problem,

service request and change management

11

ISO 27001• Information Security Management System

• Risk Based Standard

12

The British Standards

Institute defines the goal of

ISO 27001 and ISO 27002 is

to:

Safeguard the confidentiality,

integrity and availability

of written, spoken

and electronic information Annex A

ISO 14001• Environmental Management System

• Key Point – minimize how operations negatively

effect the environment

• Risk based standard

• Integral part of the European Union’s Eco-

Management and Audit Scheme

• Second most popular standard

13

ISO 22301• Business Continuity

Management System

• Key Points –

development of

Business Impact

Analysis, Response and

Recovery Plans

• Significant

requirements for testing

14

ANSI PSC.1• Private Security Management System

• Will become an ISO standard in 2015

• Risk based standard

• Key Point – Human Rights requirements appear

throughout the standard

• Current scope of standard limited to operations in

high risk, complex international environments

• Draft ISO scope to be expanded to include certain

domestic environments

15

The other 19000 plus standards

• Medical Device

• Food Creation and Service

• Telecommunications and Technical

• Industry Specific standards and guidelines

16

Supply Chain• Facilitates World Trade

• Standard adoption is driven by Supply Chain

Adoption

• Increasing emphasis on connectionso Supplier Management Key – in almost all management systems

o It really does ‘take a Village’ to have a successful business

17

Competitive Continuum• ISO - Increasingly Recognized as de

facto standardso +1million ISO 9001 certifications obtained

o ISO 14001 – over 250,000 certifications

o Current environment causing rapid increase in ISO 27001

• Competitive Advantage

• Supply Chain Adoption - Price of Entry

Standard

EstablishedDe Facto Standard

Competitive

Advantage

Supply Chain

Adoption

Where are we on the Continuum?

• Lisa DuBrock

• Managing Partner

• Radian Compliance, LLC

• 847-997-2032

• ldubrock@radiancompliance.com

19

Questions?

20

PSC