Upload
lamdieu
View
219
Download
2
Embed Size (px)
Citation preview
Contracting – Why
Obtain an ISO
Certification?
1
Virginia Economic Development Partnership
Speaker: Lisa DuBrock, CPA, CBCP, MBCI
Managing Partner
Radian Compliance, LLC
Objectives• Gain an understanding of the domestic and
international contracting landscape and ISO
• ISO Management System Standards – a
background
• Other ISO Standards
• Competitive Continuum
2
ISO – the basics• International Organization of Standardization
• 164 National Standards Bodies
• 19,200 standards and counting
• Standardization facilitates World Trade
• Spread Knowledge, share good management and
conformity assessment practices
• Both Vertical dependent and independent
• Management System vs Industry/product specific
3
ISO – the Bottom Line• Global Impact
o OECD estimates standards and conformity assessments have an impact
on 80% of commodity world trade
o WTO requires members to use ISO standards to avoid technical barriers to
trade
• National Impacto Standardization has directly contributed to 25% of Frances GDP growth
o Standards are estimated to have or will contribute to 2.4 Billion NZD in
annual GDP
o Standards are estimated to have contributed to 9% real GDP growth in
Canada from 1981-2004
• Company Impacto PTT Chemical Thailand – saved 9.4 million USD in 2010
o NTUC Fairprice – Singapore saved 13.6 million SGD over 10 years
4
Closer to Home• DoS requires ISO 27001 compliance to bid on
certain projects
• IDIQ NetSense II and VAVitals - ISO 20000
certification/compliance
• DoD has issued PGI 224.7401requiring compliance
to ANSI/ASIS PSC.1
• UK MoD supported 3 PSC companies obtaining
certification to ANSI/ASIS PSC.1
• Various countries require compliance to ISO
standards
• VA hospital systems – ISO 9001
• Corp - reduced audit time
• CISCO Gold certification5
Excuses to not certify• Too busy
• Too large
• Too small
• Maybe next year
• Reality – Radian has 14 small businesses that have 3
certifications a piece
• Reality – Large Businesses embrace multiple
certifications
6
Management System Standards
• Exampleso ISO 9001
o ISO 20000-1
o ISO 27001
o ISO 14001
o ISO 22301
o ANSI PSC.1
• Common Elementso Management Commitment/Leadership
o Documented information
o Internal Audit
o Management Review
o Continual Improvement
o Typically based on PDCA
7
Management
Systems
ISO 20000-1:2011
IT Service Management
ISO 22301:2011
Business Continuity
Management
ISO 27001:2013
Information
Security
Management
System
ISO 9001:
2008
Quality
Management
System
ISO
14001:2004
Environmental
Management
Say what you do…do what you say…or not
9
ISO 9001• Quality Management System
• Granddaddy of ISO Management Systems
• Frequently used by companies as the foundation of
all management systems
• Key area within the Standard – Product/Service
Realization
• To be updated in 2015 with a new emphasis on risk
10
ISO 20000-1• Service Management System
• Frequently used by companies that want to certify
to an ITIL Service Delivery standard.
• Usually heavily IT or Contact center based
• Key requirements of the system – development and
implementation of a service catalog, availability
and capacity plans
• Process requirements include, incident, problem,
service request and change management
11
ISO 27001• Information Security Management System
• Risk Based Standard
12
The British Standards
Institute defines the goal of
ISO 27001 and ISO 27002 is
to:
Safeguard the confidentiality,
integrity and availability
of written, spoken
and electronic information Annex A
ISO 14001• Environmental Management System
• Key Point – minimize how operations negatively
effect the environment
• Risk based standard
• Integral part of the European Union’s Eco-
Management and Audit Scheme
• Second most popular standard
13
ISO 22301• Business Continuity
Management System
• Key Points –
development of
Business Impact
Analysis, Response and
Recovery Plans
• Significant
requirements for testing
14
ANSI PSC.1• Private Security Management System
• Will become an ISO standard in 2015
• Risk based standard
• Key Point – Human Rights requirements appear
throughout the standard
• Current scope of standard limited to operations in
high risk, complex international environments
• Draft ISO scope to be expanded to include certain
domestic environments
15
The other 19000 plus standards
• Medical Device
• Food Creation and Service
• Telecommunications and Technical
• Industry Specific standards and guidelines
16
Supply Chain• Facilitates World Trade
• Standard adoption is driven by Supply Chain
Adoption
• Increasing emphasis on connectionso Supplier Management Key – in almost all management systems
o It really does ‘take a Village’ to have a successful business
17
Competitive Continuum• ISO - Increasingly Recognized as de
facto standardso +1million ISO 9001 certifications obtained
o ISO 14001 – over 250,000 certifications
o Current environment causing rapid increase in ISO 27001
• Competitive Advantage
• Supply Chain Adoption - Price of Entry
Standard
EstablishedDe Facto Standard
Competitive
Advantage
Supply Chain
Adoption
Where are we on the Continuum?
• Lisa DuBrock
• Managing Partner
• Radian Compliance, LLC
• 847-997-2032
19
Questions?
20
PSC