Bsi bip 0140 2014

I n Ap ri l 2 , I S O u p d a te d i ts d i re cti ve s I n p a rti c u l a r, th e re i s a n e w a n n e x - An n ex S L - i n w h i ch Ap p e n d i x d e fi n e s th e H i g h Le ve l S tru ctu re a n d I d e n ti ca l Co re Te xt fo r a l l n e w a n d re vi s e d m a n a g e m e n t s ys te m s ta n d a rd s Th e co n ce p t i s th a t s o m e re q u i re m e n ts , e g m a n a g e m e n t re vi e w, a re co m m o n to a l l m a n a g e m e n t s ys te m s ta n d a rd s a n d th e re fo re o u g h t to b e i d e n ti ca l l y wo rd e d Th e b o o k e xp l a i n s th e n e w re q u i re m e n ts a n d h o w th e y a re re l a te d to th o s e i n m a n a g e m e n t s ys te m s ta n d a rd s p u b l i s h e d p ri o r to th e a d ve n t o f th e n e w I S O d i re cti ve s I n s o d o i n g i t s h o w s h o w fa m i l i a r c o n ce p ts h a ve m e ta m o rp h o s e d i n to n e w o n e s I t p ro vi d e s fre s h i n s i g h ts i n to u n d e rs ta n d i n g m a n a g e m e n t s ys te m s ta n d a rd s a n d th e re b y g i ve s g u i d a n ce o n h o w to d e ve l o p a m a n a g e m e n t s ys te m fo r th e fi rs t ti m e I t g i ve s a d vi ce o n tra n s i ti o n i n g exi s ti n g m a n a g e m e n t s ys te m s to th e n e w re q u i re m e n ts a n d o n th e c o n s tru cti o n a n d u s e o f i n te g te d m a n a g e m e n t s ys te m s Th e b o o k i s a i m e d p ri m a ri l y a t p e o p l e wh o e n g a g e i n cre a ti n g a n d ru n n i n g m a n a g e m e n t s ys te m s , i n c l u d i n g m a n a g e m e n t s ys te m a d m i n i s tra to rs , co n s u l ta n ts , tra i n e rs a n d a u d i to rs N o p ri o r kn o wl e d g e o f m a n a g e m e n t s ys te m s i s a s s u m e d About the author D r D a vi d B re we r h a s a l o n g h i s to ry o f i n vo l ve m e n t wi th q u a l i ty s ys te m s b e g i n n i n g i n w h e n h e a cte d a s q u a l i ty a s s u n ce s e cti o n l e a d e r o n a l a rg e s o ftwa re i n te n s i ve p ro j e ct H e b e ca m e i n vo l ve d wi th s ta n d a rd s w ri ti n g i n th e l a te s a n d b e ca m e a c o - a u th o r o f th e o ri g i n a l I S M S s ta n d a rd , B S 779 Pa rt , a n d i s n o w a n a c ti ve m e m b e r o f th e U K d e l e g a ti o n to I S O J TC S C2 WG wh i c h i s re s p o n s i b l e fo r th e I S O 70 0 fa m i l y o f s ta n d a rd s ; a n d i s co - e d i to r fo r th e re vi s i o n o f I S O /I E C 70 ( M e a s u re m e n ts ) Understanding the New ISO Management System Requirements Understanding the New ISO Management System Requirements H e h a s p l a ye d a s i g n i fi ca n t ro l e i n th e re vi s i o n o f I S O /I E C 70 a n d i ts c o n fo rm a n ce to th e n e w I S O d i re cti ve s o n H i g h Le ve l S tru ctu re a n d I d e n ti c a l Co re Te xt H e h a s co n d u cte d a wi d e va ri e ty o f c o n s u l ta n cy a s s i g n m e n ts s p a n n i n g ye a rs i n o ve r co u n tri e s H e i s we l l kn o wn fo r h i s wo rk i n ro l l i n g o u t I S O /I E C 70 to th e w h o l e o f th e Ci vi l S e rvi ce i n M a u ri ti u s , w h i ch i s a n exe m p l a r o f h i s I S M S i m p l e m e n ta ti o n m e th o d o l o g y D r B re we r ru n s a n i n te g te d m a n a g e m e n t s ys te m , wh i ch co n fo rm s to th e q u a l i ty, b u s i n e s s co n ti n u i ty a n d i n fo rm a ti o n s e cu ri ty m a n a g e m e n t s ys te m s ta n d a rd s H i s s e m i n a l re s e a rch p a p e rs i n cl u d e 'M e a su rin g th e Effe ctive n e ss o f a n In te rn a l Co n tro l Syste m ', p u b l i s h e d i n 0 a n d 'Exp lo itin g a n In te g te d M a n a g e m e n t Syste m ', p u b l i s h e d i n 0 D a vid B rewe r BSI order ref: BIP 0140 BSI Group Headquarters Ch i s wi ck H i g h R o a d Lo n d o n W 4AL w w w b s i g ro u p c o m © B S I c o p y ri g h t B Understanding the New ISO Management System Requirements David Brewer W F F W U n d e rs t a n d i n g S ys te m th e N ew I SO R e q u i re m e n ts M a n a g em en t U n d e rs ta n d i n g th e N e w I S O M a n a g e m e n t S yste m David Brewer Re q u i re m e n ts F i rs t p u b l i s h e d in th e UK in 01 by B SI S ta n d a rd s Li m i te d 89 C h i swi ck H i g h Lo n d o n © Th e Al l Roa d W4 4AL B ri ti sh S ta n d a rd s I n s ti t u t i o n ri g h ts re se rve d Act 8 , sys te m no a cce p t s n o a n y fo rm wi t h m a y n ot be re l i a n c e in ta ke n on o r b y a n y m e a n s – e l e ct ro n i c, in d e ve l o p i n g made to u ch to wi th re s p o n si b i l i t y fo r th e Th e we b s i te s i s, ri g h t o f D r D a vi d a sse rte d and su ch by h i m in in and ca u s e d , i ts c o n te n t s e xce p t to B re we r to a cco rd a n c e tra ce th e B SI all wri ti n g com pi l i n g a ri si n g th e in a th e to o r wi l l be wi th in th i s p u b l i ca t i o n , e xte n t th a t su ch a b o ve re m a i n , i d e n t i fi e d a n yo n e G re a t B ri ta i n b y Le tt e rp a rt Li m i te d , G re a t B ri t a i n b y B e rfo rt s G ro u p , and a u t h o r o f t h i s Wo rk h a s b e e n 78 o f th e C o p yri g h t , www l e tt e rp a rt co m 8-0-5 80-82 6 -0 fro m th a t o r a p p ro p ri a te www b e rfo rt s co u k fo r th i s b o o k i s a va i l a b l e or d o e s n o t g u a n t e e British Library Cataloguing in Publication Data I SB N cl a i m i n g a d d re ss and a cc u t e a s th e s e cti o n s 7 Typ e se t i n re co rd B SI l i a b i l i ty o r a ccu cy o f U RLs fo r e xt e rn a l t h i s b o o k, P ri n t e d A ca ta l o g u e p u b l i s h e r d i re ctl y o r i n d i re ctl y i n P a te n ts Act 8 in Pa t e n t s re t ri e va l p h o t o c o p yi n g , fro m co p yri g h t h o l d e rs , a t th e p e rsi s te n ce th i rd - p a rt y i n te rn e t we b si t e s re fe rre d a n y co n t e n t o n D esi g n s a n d s to re d l a w e ve ry e ffo rt h a s b e e n g et i n C o p yri g h t , re p ro d u ce d , – wi th o u t p ri o r p e rm i ss i o n h a s been e xcl u d e d co p yri g h t sh o u l d has no u n d e r th e m a y be l i a b i l i ty fo r a n y l o s s o r d a m a g e co n n e c ti o n B SI in o r o th e rwi se Wh i l s t e ve ry ca re Wh i l e E xce p t a s p e rm i t te d p a rt o f th i s p u b l i ca t i o n o r tra n s m i tt e d re co rd i n g 01 th e B ri t i sh Li b ry D esi g n s Con ten ts F o re wo rd vi i Ackn o wl e d g e m e n t s ix Ch apter – Th e n ew ISO m an ag em en t system req u irem en ts I n t ro d u cti o n M o ti va ti o n High l e ve l I d e n ti ca l s t ru ctu re co re te xt D e vi a ti o n s D i s ci p l i n e - s p e c i fi c te xt Ch apter – M an ag em en t system cepts I n t ro d u cti o n D e fi n i t i o n s Wh a t i s a m a n a g e m e n t s ys t e m ? H o w m a n a g e m e n t s ys te m s wo rk U n d e rs ta n d i n g E vo l u ti o n 1 m a n a g e m e n t s ys te m o f m a n a g e m e n t s ys te m I n t e g t e d s t a n d a rd s co n ce p ts m a n a g e m e n t s ys t e m s 20 Ch apter – U n d erstan d in g th e n ew req u irem en ts I n t ro d u cti o n to P D C A? 23 D i s ci p l i n e - s p e ci fi c re q u i re m e n ts o f th e P o l i cy a n d R i s ks a n d 23 23 Wh a te ve r h a p p e n e d S co p e 25 m a n a g e m e n t s ys t e m 25 o b j e cti ve s 32 o p p o rtu n i t i e s 35 O p e ti o n 36 M o n i to ri n g , Au d i ts a n d m e a s u re m e n t, a n a l ys i s a n d e va l u a ti o n re vi e ws M a n a g em en t a n d I m p l e m e n ta ti o n 38 45 s u p p o rt 51 g u i d a n ce 62 Ch apter – Tran sition in g to th e n ew m an ag em en t system stan d ard s 69 I n t ro d u cti o n 69 Tra n s i ti o n I n t e g te d s tra te g i e s 69 m a n a g e m e n t s ys t e m Are a s re q u i ri n g l i tt l e or n o co n s i d e t i o n s ch a n g e Un dersta n din g th e New ISO Ma n a gem en t System Requirem en ts 70 73 v Areas that potentiall y require a rethink N ew requirements likely to be satisfied already N ew requirements that m ay present a challenge Areas where an organization may take the opportunity to improve Sum mary 75 76 77 78 79 Bibliography 83 83 84 Standards publ ications Other publications vi Un dersta n din g th e New ISO Ma n a gem en t System Requirem en ts Foreword I n Apri l 01 , I SO u pd a ted i ts d i recti ves I n pa rti cu l a r, th ere i s a n ew a n n ex – An n ex SL – i n wh i ch Appen d i x d efi n es th e h i g h l evel stru ctu re a n d i d en ti ca l core text for a l l n ew a n d revi sed m a n a g em en t system sta n d a rd s Th e cept i s th a t som e req u i rem en ts, e g m a n a g em en t revi ew, a re com m on to a l l m a n a g em en t system sta n d a rd s a n d th erefore ou g h t to be i d en ti ca l l y word ed Severa l m a n a g em en t system sta n d a rd s h a ve n ow been pu bl i sh ed i n form a n ce wi th th ese n ew d i recti ves (e g I SO 2 01 : 01 on bu si n ess ti n u i ty a n d I SO /I E C 001 : 01 on i n form a ti on secu ri ty) wh i l e oth ers a re bei n g revi sed (e g I SO 001 on q u a l i ty) Th e i d en ti ca l core text i s very g ood a t d efi n i n g th e essen ti a l fea tu res of a m a n a g em en t system a n d d oes so wi th ou t stra i n i n g org a n i za ti on s to d o th i n g s i n a pa rti cu l a r wa y, wh i ch som e org a n i za ti on s m a y h a ve fel t to be i n a ppropri a te or bu rea u cra ti c M oreover, fa m i l i a r cepts su ch a s PLAN -D O -CH E CK-ACT a n d preven ti ve a cti on h a ve d i sa ppea red a n d h a ve been repl a ced by n ew on es Th e overa l l g oa l i s to m a ke i t ea si er to crea te i n teg ted m a n a g em en t system s a n d to a d a pt m a n a g em en t system sta n d a rd s to th e n a tu re a n d cu l tu re of org a n i za ti on s Th e a i m of th i s book i s to expl a i n th e n ew req u i rem en ts a n d h ow th ey a re rel a ted to th ose i n m a n a g em en t system sta n d a rd s pu bl i sh ed pri or to th e a d ven t of th e n ew I SO d i recti ves; to sh ow h ow fa m i l i a r cepts h a ve m eta m orph osed i n to n ew on es; a n d to g i ve fresh i n si g h ts i n to u n d ersta n d i n g m a n a g em en t system sta n d a rd s Th e book g i ves g u i d a n ce on h ow to d evel op a m a n a g em en t system for th e fi rst ti m e I t g i ves a d vi ce on tra n si ti on i n g exi sti n g m a n a g em en t system s to th e n ew i d en ti ca l core req u i rem en ts a n d on i n teg ted m a n a g em en t system s Th i s book h a s been d esi g n ed so th a t you ca n rea d i t from cover to cover to g a i n a com preh en si ve u n d ersta n d i n g of th e n ew sta n d a rd , a n d th en l a ter u se i t a s a referen ce book I h a ve over yea rs’ worl d wi d e experi en ce i n worki n g wi th m a n a g em en t system s a s a sta n d a rd s m a ker, su l ta n t, a u d i tor, tu tor a n d m a n a g em en t system a d m i n i stra tor, th e pa st severa l yea rs ru n n i n g a n u m ber of i n teg ted m a n a g em en t system s M a n y of th e i n si g h ts th a t I sh a re wi th Th i s i s correct fo r th e rd ed i ti o n H owever, i n J u l y 01 , I SO pu b l i sh ed th e 4th E d i ti o n , i n wh i ch Appen d i x h a s b ecom e Ap pen d i x Un dersta n din g th e New ISO Ma n a gem en t System Requirem en ts vi i Foreword yo u in b y th e th i s b o o k a re I S O /I E C 0 : a ch i e ve e n s u ri n g a i n ve s tm e n t i n vi i i th i s p cti ca l a a wh e re on e and s u p p l e m e n te d i n te rn a ti o n a l o f th e t a s ks wa s to An n e x S L fo r o rg a n i z a ti o n s a n d tra n s i t i o n h a vi n g e xp e ri e n ce , m e m b e r o f th e co n fo rm i ty wi th ‘ m u s t- h a ve ’ s m o o th fro m by bei n g d e ve l o p m e n t t e a m , co n s e n s u s a n d Th i s b o o k i s a D a vi d d e ri ve d i n s i g h t s a ffo rd e d o bta i n i n g i n d i vi d u a l s ke e n m a xi m u m on b e n e fi t fro m th e i r m a n a g e m e n t s ys t e m B re we r Understanding the New ISO Management System Requirements Acknowledgements F i g u re s , 3, and h a ve been re p ro d u ce d b y ki n d p e rm i s s i o n of I M S – S m a rt Li m i t e d Un dersta n din g th e New ISO Ma n a gem en t System Requirem en ts ix In tegra ted m a n a gem en t system sidera tio n s form a n t sta n d a rd i s bei n g d i scu ssed ) th a t th ere a re two types of d ocu m en ted i n form a ti on , Type S a n d Type P a s d efi n ed i n Ch a pter ; refer to d ocu m en ted i n form a ti on of Type S or Type P a s a ppropri a te i f a d i sti n cti on i s bei n g m a d e between d ocu m en ts a n d record s Th e rea son for recom m en d i n g th a t exi sti n g m a n a g em en t system d ocu m en ta ti on i s u pd a ted to u se th e An n ex SL term i n ol og y i s beca u se u l ti m a tel y a l l m a n a g em en t system sta n d a rd s wi l l u se th a t term i n ol og y Preven ti ve a cti on Wh i l e An n ex SL d oes n ot u se th e term ‘preven ti ve a cti on ’, th ere i s a n An n ex SL req u i rem en t (1 b) th a t refers to poten ti a l n on form i ti es) , wh i ch sta tes ‘… d eterm i n i n g i f si m i l a r n on form i ti es exi st, or cou l d poten ti a l l y occu r’ Th u s i t i s th e term p reven tive a ctio n th a t i s d epreci a ted , n ot th e cept of poten ti a l n on form i ti es Req u i rem en t 1 b) a l so sta tes ‘… revi ewi n g th e n on form i ty’ I n form i n g wi th th i s req u i rem en t, u pon d i scovery of a n on form i ty, a n org a n i za ti on wou l d revi ew th a t n on form i ty As pa rt of th a t revi ew th e org a n i za ti on wou l d d eterm i n e wh eth er th ere were a n y a ssoci a ted poten ti a l n on form i ti es I n n on -An n ex SL form a n t sta n d a rd s, th e process m a y wel l th en ti n u e by prod u ci n g a ‘Preven ti ve Acti on Pl a n ’, a s i l l u stra ted i n Fi g u re Th e exi sten ce of th i s pl a n i s effecti vel y ou tl a wed by An n ex SL, com pel l i n g on e to i d en ti fy i ts repl a cem en t To d o th i s, on e si m pl y n eed s to ch a n g e th e n a m e I t cou l d si m pl y be referred to a s a n a cti on pl a n , a s i l l u stra ted i n Fi g u re 1 Fi g u re 0: Fra g m en t of th e preven ti ve a cti on process i n a n on -An n ex SL form a n t sta n d a rd Un dersta n din g th e New ISO Ma n a gem en t System Requirem en ts 71 Chapter – Transitioning to the new management system standards Th u s , tra n s i ti o n i n g re p l a ce d by a to an An n e x S L co n fo rm a n t s t a n d a rd p ro ce s s o f t h e wo u l d be fo rm : Figu re 1 : Replacem en t frag m en t in an Ann ex SL form ant stan d ard In e xp l a i n i n g th i s p ro ce s s , in o rd e r to p re s e rve n o n - An n e x S L co n fo rm a n t s t a n d a rd s , e xp l a i n i t wi l l co n fo rm a n ce h o we ve r b e wi th n e ce s s a ry t o th a t: ‘ i d e n ti fy ri s k’ in th e tra n s i ti o n e d i n t e g te d m a n a g e m e n t s ys te m s a ti s fi e s a n y n o n - An n e x S L co n fo rm a n t re q u i re m e n t fo r ‘ d e t e rm i n i n g p o te n ti a l n o n co n fo rm i t i e s a n d ‘ tre a t ri s k’ i n te g te d and th e i r ca u se s’ ; ‘ i m p l e m e n t a cti o n m a n a g e m e n t s ys te m co n fo rm a n t re q u i re m e n t to p l a n s’ in and th e tra n s i ti o n e d s a ti s fi e s a n y n o n - An n e x S L ‘ d e t e rm i n e and i m p l e m e n t a cti o n n eed ed ’ In a d d i ti o n , e xi s ti n g p ro ce d u re s m a y n e e d n o n co n fo rm i t i e s a n d n o n co n fo rm i t y a n d be re q u i re d to ta ke d ea l th e wi th d e te rm i n e p o te n ti a l l y o ccu r a n d e ffe ct s o f th e to a cti o n , th e In a d d i ti o n , e n s u re th e r t h a n e xi s ti n g n o n co n fo rm i t y a n d re q u i re d to ta ke d ea l th a t co rre ct i ve to a cti o n , th e e n s u re 72 a c ti o n s a re re a c t to co rre ct th e m a y a l so to be a s a p p l i ca b l e , I t i s p o ssi b l e to th a t b u t u n d e r th e a u g m e n te d to co n s e q u e n ce s th a t co rre ct i ve co n tro l h ea d i n g to and re a c t to co rre ct th e Au g m e n ta ti o n a c ti o n s a re re q u i re m e n ts , co rre cti ve o r co u l d a p p ro p ri a te a cti o n n o n co n fo rm i ti e s e n co u n te re d th e r t h a n to and m a y a l so wh e t h e r s i m i l a r n o n co n fo rm i t i e s e xi s t, p ro ce d u re s a l re a d y e xi s t fo r th e s e o f p re ve n ti ve co n tro l Au g m e n ta ti o n re q u i re m e n ts , co rre cti ve wi th d e te rm i n e e ffe ct s o f th e co n s e q u e n ce s p ro ce d u re s m a y n e e d p o te n ti a l l y o ccu r a n d th e a u g m e n te d to n o n co n fo rm i ti e s e n co u n te re d n o n co n fo rm i t i e s a n d be be wh e t h e r s i m i l a r n o n co n fo rm i t i e s e xi s t, p ro ce d u re s a l re a d y e xi s t fo r th e s e o f p re ve n ti ve to a s a p p l i ca b l e , o r co u l d a p p ro p ri a te I t i s p o ssi b l e to th a t b u t u n d e r th e h ea d i n g a cti o n Understanding the New ISO Management System Requirements Areas requiring little or no change Areas requiring little or no change Requirement changes For peopl e fa m i l i a r wi th pre-An n ex SL sta n d a rd s th ere a re i d en ti ca l core text req u i rem en ts th a t m i g h t ei th er l ook q u i te a l i en or l a ck ten t I n d eed , th e word ‘g en eri c’ i s a cri ti ci sm th a t h a s been spoken a g a i n st An n ex SL H owever, th i s i s beca u se of th e d esi re to d efi n e what n ot how To g i ve a n exa m pl e, I SO /I E C 001 : 005 h a s a (d i sci pl i n e-speci fi c) req u i rem en t to i d en ti fy i n form a ti on secu ri ty ri sks Th e req u i rem en t ti n u es by speci fyi n g i n su b-bu l l ets: i d en ti fy a ssets, i d en ti fy ri sks a n d i d en ti fy vu l n era bi l i ti es Th e su b-bu l l ets d escri be j u st on e wa y to i d en ti fy ri sks Th ere a re oth er m eth od s for i d en ti fyi n g ri sk th a t d o n ot d o i t th a t wa y Th u s th e 005 versi on of I SO /I E C 001 sta tes what: i e i d en ti fy how: i e i d en ti fy i n form a ti on secu ri ty ri sks, a n d th en proceed s to speci fy a ssets, i d en ti fy ri sks a n d i d en ti fy vu l n era bi l i ti es Th e 01 versi on of I SO /I E C 001 j u st sta tes i d en ti fy i n form a ti on secu ri ty ri sks, i e th e Th ere i s n o m en ti on of how what I n d eed th e term s a ssets, th rea ts a n d vu l n era bi l i ti es a ppea r n owh ere i n th e sta n d a rd a s a req u i rem en t or even a s a n ote I n th i s ca se, a n i n form a ti on secu ri ty m a n a g em en t system th a t form s to th e ri sk i d en ti fi ca ti on req u i rem en ts of I SO /I E C 001 : 005 m u st a l so form to th ose of I SO /I E C 001 : 01 Th e fa ct th a t th e i d en ti fi ca ti on of a ssets, th rea ts a n d vu l n era bi l i ti es i s n o l on g er a req u i rem en t i s i rrel eva n t For th i s rea son , th ere a re q u i te a n u m ber of a rea s wh ere a n exi sti n g m a n a g em en t system req u i res l i ttl e or n o ch a n g e i n ord er to form to th e correspon d i n g An n ex SL req u i rem en ts Th ese a rea s a re i d en ti fi ed a n d d i scu ssed i n th e fol l owi n g su bsecti on s Policy I n th e ca se of som e pre-An n ex SL m a n a g em en t system sta n d a rd s th ere i s a req u i rem en t to prod u ce a n XXX m a n a g em en t system pol i cy a s opposed to wh a t i s req u i red by An n ex SL, wh i ch i s j u st a n XXX pol i cy I n d eed , I SO /I E C 001 : 005 , for exa m pl e, g oes a s fa r a s sa yi n g th a t th e XXX m a n a g em en t system pol i cy i s a su perset of th e XXX pol i cy (wh ere i n th i s ca se, XXX = i n form a ti on secu ri ty) Th e An n ex SL req u i rem en t on l y to prod u ce a n XXX pol i cy m a y ca u se fu si on ‘Wh a t h a ppen s to th e extra pol i cy m a teri a l th a t wen t i n to th e m a n a g em en t system com pon en t of th e XXX m a n a g em en t system pol i cy?’ i s a q u esti on th a t som e org a n i za ti on s m i g h t a sk Th e a n swer i s a ctu a l l y q u i te si m pl e Th e n a m es th a t a n org a n i za ti on wa n ts to g i ve to th e va ri ou s pa rts of i ts su i te of d ocu m en ted i n form a ti on i s n ot m a n d a ted by An n ex SL I f a n org a n i za ti on h a s a d ocu m en t or web pa g e ca l l ed ‘AB C pol i cy’ th a t ta i n ed a l l th e pol i cy i n form a ti on Understanding the New ISO Management System Requirements 73 Chapter – Transitioning to the new management system standards re q u i re d b y th e p re-An n e x S L ve rsi o n o f th e m a n a g e m e n t syste m sta n d a rd s wi th wh i ch i t cl a i m s co n fo rm a n ce, th e n n o th i n g n e e d s to ch a n g e p ro vi d e d : a th e re i s a re q u i re m e n t to re ta i n su ch i n fo rm a ti o n ; o r b th e o rg a n i za ti o n co n si d e rs th a t i t i s ‘ n e ce ssa ry fo r th e e ffe cti ve n e ss o f th e XXX m a n a g e m e n t syste m ’ ; a n d c th e re a re n o a d d i ti o n a l d i sci p l i n e -sp e ci fi c re q u i re m e n ts fo r d o cu m e n te d p o l i cy i n fo rm a ti o n H o we ve r, o rg a n i za ti o n s m a y fe e l th e n e e d to e xp l i ci tl y a d d sta te m e n ts o f i n ten t i n re g a rd s to S u b cl a u se , th i rd a n d fo u rth b u l l e ts, a n d a d d fu rth e r p o l i cy sta te m e n ts, fo r e xa m p l e , re g a rd i n g e xte rn a l a n d i n te rn a l co m m u n i ca ti o n s I n d e e d , a p o l i cy sta te m e n t i s o fte n a co n ve n i e n t wa y to d o cu m e n t co n fo rm a n ce wi th a re q u i re m e n t Control of documentation N o ch a n g e s o u g h t to b e re q u i re d to e xi sti n g d o cu m e n te d p ro ce d u re s co n ce rn i n g co n tro l o f d o cu m e n ta ti o n a l th o u g h m i n o r a d j u stm e n ts m a y b e re q u i re d to th e e xp l a n a ti o n o f co n fo rm a n ce H o we ve r, o rg a n i za ti o n s sh o u l d ch e ck fo r n e w d i sci p l i n e -sp e ci fi c re q u i re m e n ts a n d d e vi a ti o n s Management review N o ch a n g e s o u g h t to b e re q u i re d to e xi sti n g d o cu m e n te d p ro ce d u re s co n ce rn i n g m a n a g e m en t re vi e w, a p a rt fro m e n su ri n g th a t th e to p i cs l i ste d i n S u b cl a u se s a ) to f) a re co n si d e re d M i n o r a d j u stm e n ts m a y b e re q u i re d to th e e xp l a n a ti o n o f co n fo rm a n ce H o we ve r, o rg a n i za ti o n s sh o u l d ch e ck fo r n e w d i sci p l i n e -sp e ci fi c re q u i re m e n ts a n d d e vi a ti o n s Internal audit N o ch a n g e s o u g h t to b e re q u i re d to e xi sti n g d o cu m e n te d p ro ce d u re s co n ce rn i n g i n te rn a l a u d i t a l th o u g h m i n o r a d j u stm e n ts m a y b e re q u i re d to th e e xp l a n a ti o n o f co n fo rm a n ce H o we ve r, o rg a n i za ti o n s sh o u l d ch e ck fo r n e w d i sci p l i n e -sp e ci fi c re q u i re m e n ts a n d d e vi a ti o n s Terms of reference for top management A ch a n g e m a y b e re q u i re d to a cco m m o d a te th e sp e ci fi c re sp o n si b i l i ti e s g i ve n i n S u b cl a u se s a ) to h ) 74 Understanding the New ISO Management System Requirements Areas that potentially require a rethink Responsibilities A ch a n g e m a y b e re q u i re d to a cco m m o d a te th e sp e ci fi c re sp o n si b i l i ti e s g i ve n i n S u b cl a u se s a ) a n d b ) Awareness A ch a n g e m a y b e re q u i re d to a cco m m o d a te th e re q u i re m e n ts o f S u b cl a u se a s th e p ro ce ss o f cre a ti n g a wa re n e ss m a y b e re g a rd e d a s a fo rm o f co m m u n i ca ti o n Improvement E n su re th a t e xi sti n g p ro ce d u re s fo r co n ti n u a l i m p ro ve m e n t a re e xte n d e d to co ve r th e su i ta b i l i ty a n d a d e q u a cy o f th e m a n a g e m e n t syste m a s we l l a s i ts e ffecti ve n e ss Areas that potentially require a rethink Nature of challenges Th e re a re two a re a s wh e re th e An n e x S L re q u i re m e n ts a re n o t n e w to m a n a g e m e n t syste m sta n d a rd s, b u t th e wa y th ey a re e xp re sse d m a y ca u se o rg a n i za ti o n s to re th i n k th e i r a p p ro a ch to co n fo rm a n ce Th e fi rst co n ce rn s th e sco p e o f th e m a n a g e m e n t syste m a n d th e se co n d th e XXX o b j e cti ve s Scope of the management system D u ri n g th e co u rse o f re vi si n g I S O /I E C 001 , i t b e ca m e e vi d e n t th a t th e re h a s b e e n a l o n g -re i g n i n g m i su n d e rsta n d i n g o f th e p h se ‘ sco p e o f th e m a n a g e m e n t syste m ’ , wh e re p e o p l e h a d co n fu se d i t wi th ‘ sco p e o f a ce rti fi ca ti o n a u d i t’ Th e re i s a n o te to th e d e fi n i ti o n o f th e te rm ‘ m a n a g e m en t system ’ i n An n e x S L wh i ch sa ys ‘ Th e sco p e o f a m a n a g e m e n t syste m m a y i n cl u d e th e wh o l e o f th e o rg a n i za ti o n , sp e ci fi c a n d i d e n ti fi e d fu n cti o n s o f th e o rg a n i za ti o n , sp e ci fi c a n d i d e n ti fi e d se cti o n s o f th e o rg a n i za ti o n , o r o n e o r m o re fu n cti o n s a cro ss a g ro u p o f o rg a n i za ti o n s’ Th i s m a y u n wi tti n g l y e xa ce rb a te su ch co n fu si o n i f i t i s n o t re a l i ze d th a t th e wo rd s ‘ m a y i n cl u d e ’ sh o u l d b e u n d e rsto o d to i m p l y th a t th e re m a y b e o th e r th i n g s wi th i n th e sco p e , a n d i n p a rti cu l a r th i n g s th a t a re e xte rn a l to th e o rg a n i za ti o n As d i scu sse d i n Ch a p te r , th e sco p e o f th e m a n a g e m e n t syste m wi l l i n cl u d e eve ryth i n g th a t i s o f i n te re st to th e m a n a g e m e n t syste m Th u s, a s e vi d e n ce d b y th e n o te to th e d e fi n i ti o n o f th e te rm ‘ o u tso u rce ’ i n An n e x S L, o u tso u rce d fu n cti o n s a n d p ro ce sse s a re Understanding the New ISO Management System Requirements 75 Chapter – Transitioning to the new management system standards wi th i n th e scope of th e m a n a g em en t system H owever, th ese a re u n l i kel y to be i n cl u d ed wi th i n th e scope of a certi fi ca ti on a u d i t, wh i ch i s g en era l l y j u st th e org a n i za ti on I f, on refl ecti on , th ere a re en ti ti es th a t ou g h t to be i n cl u d ed wi th i n th e scope of th e m a n a g em en t system bu t were previ ou sl y excl u d ed , tra n si ti on i n g to a n An n ex SL form a n t m a n a g em en t system sta n d a rd wi l l provi d e a ven i en t opportu n i ty to red efi n e th e scope XXX o b j e cti ve s Si m i l a rl y, a d i fferen ce of opi n i on exi sts on wh eth er th e term ‘obj ecti ve’ i s a g en era l a i m or a speci fi c g oa l th a t sh ou l d be m et wi th i n a speci fi ed ti m e fra m e H opefu l l y, An n ex SL cl a ri fi es th e fa ct th a t i t ca n be both (i e both i n terpreta ti on s a re correct) by th e u se of th e ph se ‘rel eva n t fu n cti on s a n d l evel s’ i n Su bcl a u se H owever, for a n org a n i za ti on th a t th ou g h t of i ts XXX obj ecti ves a s on l y bei n g ti m el ess pol i cy obj ecti ves, th e req u i rem en t of Su bcl a u se m a y com e a s a sh ock N everth el ess, i t m a y on l y req u i re a ch a n g e to th e wa y form a n ce i s d escri bed a s i t i s l i kel y th a t a n org a n i za ti on a l rea d y sets obj ecti ves a t a l l rel eva n t fu n cti on s a n d l evel s, a n d i t i s on l y j u st a q u esti on of recog n i zi n g th a t i t d oes a n d d escri bi n g h ow i t d oes i t For exa m pl e, i t i s g ood pra cti ce wh en pl a ci n g a cti on s to d efi n e obj ecti ves, a ssi g n respon si bi l i ti es a n d set ta rg et d a tes for com pl eti on I f a n org a n i za ti on a l rea d y d oes th i s, th en i t a l rea d y form s to th i s cl a u se N e w re q u i re m e n ts l i ke l y to b e s a ti s fi e d a l re a d y N a tu re o f ch a l l e n g e s Th ere a re som e n ew req u i rem en ts i n An n ex SL, bu t i t i s l i kel y th a t th ese wi l l a l rea d y be m et by m a n y org a n i za ti on s I n su ch ca ses, a n org a n i za ti on m erel y n eed s to d eterm i n e h ow i t com pl i es a n d th en a d d a sm a l l a m ou n t of d ocu m en ted i n form a ti on , wh i ch ou g h t to be rea d i l y a va i l a bl e, to th e tra n si ti on ed m a n a g em en t system As m en ti on ed i n th e secti on on ‘ch oi ce of d ocu m en ta ti on m ed i a ’ i n Ch a pter , org a n i za ti on s sh ou l d n ot d u pl i ca te th i s i n form a ti on , bu t m erel y referen ce i t I n te re s te d p a rti e s a n d th e i r re q u i re m e n ts Su bcl a u se req u i res a n org a n i za ti on to d eterm i n e th e i n terested pa rti es th a t a re rel eva n t to th e XXX m a n a g em en t system , a n d th ei r req u i rem en t I t i s h i g h l y l i kel y th a t a n org a n i za ti on a l rea d y kn ows th i s 76 Understanding the New ISO Management System Requirements New requirem en ts th a t m a y p resen t a ch a llen ge i n form a ti on For exa m pl e, i n terested pa rti es m a y i n cl u d e cu stom ers a n d su ppl i ers, a n d th ei r req u i rem en ts wi l l be d ocu m en ted i n tra cts, pu rch a se ord ers a n d speci fi ca ti on s, etc Th u s, a l l th a t n eed s to be d on e i s i d en ti fy wh ere th i s i n form a ti on i s d ocu m en ted a n d referen ce i t I t i s a l so h i g h l y l i kel y th a t th e org a n i za ti on a l rea d y m a kes u se of th i s i n form a ti on th ereby provi d i n g form a n ce wi th oth er su bcl a u ses su ch a s I n te g ti o n Th e An n ex SL i n teg ti on req u i rem en t i s i n Su bcl a u se (‘en su ri n g th e i n teg ti on of th e XXX m a n a g em en t system req u i rem en ts i n to th e org a n i za ti on ’s bu si n ess processes’) I f th e bu si n ess fu n cti on s of a n org a n i za ti on a re represen ted by a set of on e or m ore work fl ow d i a g m s th en i f th e a cti vi ti es th a t correspon d to th e m a n a g em en t system req u i rem en ts a re sprea d th rou g h ou t su ch work fl ow d i a g m s, th en th e i n teg ti on req u i rem en t i s proba bl y m et Con versel y, i f th e m a n a g em en t system req u i rem en ts a re ta i n ed i n a si n g l e work fl ow wh i ch ta i n s n oth i n g el se, th en th e i n teg ti on req u i rem en t i s proba bl y n ot m et I n th e fi rst ca se, i t i s th en a q u esti on of h ow best to d em on stra te form a n ce I f work fl ow d i a g m s exi st, or ca n be vi su a l i zed , e g th rou g h a softwa re i n terfa ce, th en th a t wou l d be a n ea sy wa y to d em on stra te form a n ce I f th e i n teg ti on req u i rem en t i s n ot m et, th en th e work fl ow cept m a y provi d e a rou te to a ch i evi n g form a n ce N e w re q u i re m e n ts th a t m a y p re s e n t a ch a l l e n g e N a tu re o f ch a l l e n g e s Fol l owi n g on from a bove, th ere a re som e n ew req u i rem en ts for wh i ch th e req u i red d ocu m en ted i n form a ti on proba bl y d oes n ot exi st a n d req u i res som e th ou g h t a n d perh a ps l a tera l th i n ki n g to crea te i t Th ere a re two a rea s th a t fa l l i n to th i s ca teg ory: i ssu es, a n d m on i tori n g , m ea su rem en t, a n a l ysi s a n d eva l u a ti on I s su e s I t i s l i kel y th a t th e i ssu es referred to i n Su bcl a u se wou l d be wel l -kn own to a n org a n i za ti on , bu t n ot n ecessa ri l y wri tten d own a n d certa i n l y n ot i n a wa y wh i ch wou l d rea d i l y d em on stra te form a n ce An i m porta n t i ssu e for m ost org a n i za ti on s wou l d be i ts m oti va ti on for h a vi n g a m a n a g em en t system An org a n i za ti on wou l d , of cou rse, kn ow Un dersta n din g th e New ISO Ma n a gem en t System Requirem en ts 77 Chapter – Transitioning to the new management system standards wh a t th a t wa s a n d i t wou l d h a ve been a m a j or d ri ver i n h ow th e ori g i n a l m a n a g em en t system h a s been d esi g n ed N ote th a t th i s m oti va ti on m a y h a ve ch a n g ed over ti m e: th e ori g i n a l m oti va ti on bei n g su persed ed by a n oth er a s th e ben efi ts of h a vi n g a m a n a g em en t system a re rea l i zed An oth er i m porta n t i ssu e wou l d be th ose cern ed wi th th e XXX d i sci pl i n e i tsel f, e g q u a l i ty i ssu es or en vi ron m en ta l i ssu es I f th ese a re u n kn own or th e org a n i za ti on i s oth erwi se u n certa i n of th em , i t m a y be possi bl e to reverse en g i n eer th em from a si d era ti on of th e XXX pol i cy, obj ecti ves a n d th e respon ses to pa rti cu l a r d i sci pl i n e-speci fi c req u i rem en ts (e g pl a n n i n g of prod u ct rea l i za ti on for I SO 001 , bu si n ess i m pa ct a n a l ysi s for I SO 2 01 a n d i n form a ti on secu ri ty ri sk a ssessm en t a n d ri sk trea tm en t for I SO /I E C 001 ) O th er i ssu es, wh i ch a re l i kel y to h a ve a l rea d y been a d d ressed by a n org a n i za ti on wou l d rel a te to th e opera ti on of th e m a n a g em en t system , su ch a s m a n a g em en t com m i tm en t a n d sta ff m oti va ti on Fi n a l l y, org a n i za ti on s sh ou l d si d er l ooki n g th rou g h m a n a g em en t m eeti n g m i n u tes a n d i ts record s of preven ti ve a cti on s for fu rth er i ssu es M o n i to ri n g , m e a su re m e n t, a n a l ysi s a n d e va l u a ti o n Th e req u i rem en ts of Su bcl a u se a re fa r m ore d eta i l ed a n d exa cti n g th a n a n yth i n g th a t m a y be d eem ed si m i l a r i n a n y pre-An n ex SL form a n t m a n a g em en t system sta n d a rd I f th ere a re d i sci pl i n e-speci fi c req u i rem en ts, su ch a s cu stom er feed ba ck i n I SO 001 , th a t a re l a rg el y u n ch a n g ed i n th e revi sed sta n d a rd , th en th ese a re cl ea r ca n d i d a tes for som eth i n g th a t th e org a n i za ti on ca n d ecl a re a topi c for m on i tori n g , m ea su rem en t, a n a l ysi s a n d eva l u a ti on a s i t i s som eth i n g th a t i t a l rea d y d oes Sta ff com peten ce i s a n oth er exa m pl e H owever, Ch a pter recom m en d s th a t org a n i za ti on s d o n ot m on i tor a n d m ea su re j u st beca u se th e org a n i za ti on h a s th e ca pa bi l i ty to d o so: th ere m u st be a rea son a n d th a t, a s expl a i n ed i n Ch a pter , i s th e i n form a ti on n eed O rg a n i za ti on s a re th erefore stron g l y a d vi sed to fol l ow th e a d vi ce g i ven i n Ch a pter Are a s wh ere a n org a n i za ti on m a y ta ke th e op p ortu n i ty to i m p rove D u ri n g th e cou rse of tra n si ti on i n g , a n org a n i za ti on m a y fi n d on e or m ore opportu n i ti es for i m provem en t Th ese a re j u st a s, i f n ot m ore, l i kel y to rel a te to d i sci pl i n e-speci fi c req u i rem en ts a s th ey a re to th e i d en ti ca l core text req u i rem en ts O n ce i d en ti fi ed , org a n i za ti on s n eed to d eci d e wh eth er to m a ke th e ch a n g es i m m ed i a tel y, or h i g h l i g h t th em a s opportu n i ti es for i m provem en t wi th th e i n ten ti on of m a ki n g th e ch a n g es a t a n a ppropri a te ti m e i n th e fu tu re 78 Understanding the New ISO Management System Requirements Sum m a ry Th e fi rs t co u rs e t n s i ti o n i f th e as a o f a cti o n re a s o n o rg a n i z a ti o n i s m o re fo r m a ki n g h a s a d o p te d typ i ca l i f th e o rg a n i z a t i o n o th e r ch a n g e s , a wh i l e th e m i n i m a l i s ti c tra n s i ti o n i s u si n g s e co n d th e i s u se d s t te g y Summary Transition strategy Tra n s i ti o n i n g q u i ckl y, and u si n g g i ve n re q u i re m e n ts i n tra n s i ti o n l a te s t p o s s i b l e u n d e rwa y, m a ke a a s so o n th e th e m i n i m a l i s ti c s tra t e g y ca n i m p ro ve m e n t l i ke l y to re vi s e d s t a n d a rd , a s th e y ca n ti m e H o we ve r, o n ce i m p ro ve m e n ts , wh i ch a cco m p l i s h e d e n co u g e d p u t o ff tra n s i t i o n i n g d e ta i l e d pl a n n i n g e n co u n te r a n q u i te d i s ci p l i n e - s p e ci fi c o rg a n i z a ti o n s a re th e r th a n o rg a n i z a ti o n s m a y we l l be th e to to th e fo r tra n s i ti o n o ve rwh e l m i n g is d e s i re to i s g ood Documented information Th e ch a n g e re fe re n ce to o f n o m e n cl a tu re d o cu m e n t s i n ca n be re a d i l y re s o l ve d b y re a l i z i n g n o n - An n e x S L s t a n d a rd s a re i n t e n t wh e re a s re co rd s co n ce rn e vi d e n ce th a t s t a te m e n ts o f o f p a s t p e rfo rm a n ce Preventive action E xi s ti n g p ro ce d u re s wi l l co m b i n e d ‘ a cti o n wi th p l a n s’ th e n eed to be re vi s e d ch a n g e s fo r co rre ct i ve t h e r th a n ‘ p re ve n ti ve H o we ve r, a ct i o n , a cti o n a si m pl e wo u l d be to ch a n g e , re fe r to p l a n s’ Document names I t d o e s n o t m a tte r wh a t th e i te m o f d o cu m e n te d a n o th e r n a m e , s ta n d a rd i n fo rm a ti o n p ro vi d e d th e An ca l l s a d o cu m e n t o r re fe rs to o rg a n i z a ti o n re l a ti o n s h i p ca n a l wa ys ca l l an i t by i s kn o wn XXX policy Th e re and a re a d d i ti o n a l fo r a l l re q u i re m e n ts fo r th e XXX p o l i cy, o rg a n i z a ti o n s o u g h t n o t e xce e d on e wh i c h A4 p a g e a re si m p l e , o f te xt i n Un dersta n din g th e New ISO Ma n a gem en t System Requirem en ts tota l 79 Chapter – Transitioning to the new management system standards Co n tro l o f d o cu m e n ta ti o n a n d i n te rn a l a u d i t No ch a n g e s o u g h t to re q u i re d sh o u l d to th e be re q u i re d , e xp l a n a ti o n a l th o u g h m i n o r a d j u s tm e n ts m a y b e o f co n fo rm a n ce H o we ve r, o rg a n i z a ti o n s ch e ck fo r n e w d i s ci p l i n e - s p e ci fi c re q u i re m e n ts a n d d e vi a t i o n s Te rm s o f re fe re n ce fo r to p m a n a g e m e n t, m a n a g e m e n t re vi e w, re sp o n si b i l i ti e s, a wa re n e ss a n d i m p ro ve m e n t M i n o r ch a n g e s a n d a d d i ti o n s a re l i ke l y to be re q u i re d in th e se a re a s S co p e o f th e m a n a g e m e n t syste m I t i s p o ssi b l e th a t e xi s ti n g m a n a g e m e n t s ys t e m scope of the management system R e s o l u ti o n o f s u ch co n fu s i o n wi th th e d o cu m e n t a ti o n co n fu s e s scope of a certification audit i s s tra i g h tfo rwa rd O b j e cti ve s At fi rs t vi e w th i s m a y a p p e a r to o rg a n i z a ti o n H o we ve r, i s u se d o n l y to i t i s l i ke l y t h a t th e re l e va n t fu n ct i o n s a n d n e e d s to be a s e tt i n g s i g n i fi ca n t ch a n g e high l e ve l re q u i re m e n t to l e ve l s i s a l re a d y m e t , if an t i m e l e s s p o l i cy o b j e ct i ve s e s ta b l i s h and all o b j e cti ve s a t an o rg a n i z a ti o n i s d o cu m e n t wh a t i t d o e s I n te re ste d p a rti e s I t i s h i g h l y l i ke l y th a t a n i n fo rm a t i o n o rg a n i z a ti o n th a t i d e n ti fi e s t h e re q u i re m e n ts Al l th a t i s th e n a l re a d y h a s d o cu m e n t e d i n te re s te d n eed ed p a rti e s a n d i s to re fe re n ce d o cu m e n t s th e i r i t I n te g ti o n Th e to i n te g ti o n th e re q u i re m e n t wi l l m a n a g e m e n t s ys te m be m e t i f th e re q u i re m e n ts a re o rg a n i z a ti o n ’s b u s i n e s s fu n cti o n a cti vi ti e s t h a t co rre s p o n d s p re a d th ro u g h o u t th e wo rk fl o ws I ssu e s I s s u e s a re 80 th e l i ke l y to be d i s co ve re d th ro u g h a co n s i d e ti o n o rg a n i z a ti o n ’s m o t i va ti o n s fo r h a vi n g a o f: m a n a g e m e n t s ys te m ; Understanding the New ISO Management System Requirements Sum m a ry i s s u e s co n ce rn e d e n vi ro n m e n ta l i s s u e s re l a ti n g wi th th e XXX d i s ci p l i n e i t s e l f, e g q u a l i ty i s s u e s o r i ssu e s; to th e o p e ti o n o f th e m a n a g e m e n t co m m i tm e n t a n d m a n a g e m e n t m e e ti n g re c o rd s o f p re ve n ti ve m a n a g e m e n t s ys te m , s u ch as s ta ff m o ti va ti o n ; m i n u te s; and a cti o n s M o n i to ri n g , m e a su re m e n t, a n a l ysi s a n d e va l u a ti o n Th i s i s l i ke l y to be a d vi ce Ch a p te r g i ve n in m o n i tor a n d so : th e re m e a s u re m u st be re q u i re m e n ts i n wh i ch i s to b y fa r th e g re a te s t ch a l l e n g e sh o u l d be j u s t b e ca u s e a va l i d S u b cl a u s e fo l l o we d , th e a re t h e re and n eed to t n s i ti o n in o rg a n i z a ti o n i n fo rm a ti o n a s s e s s XXX p e rfo rm a n ce of a and h a s th e a s th e Th e p a rti cu l a r n o t to ca p a b i l i ty t o fi rs t fe w s u p p o rt t h e fi n a l re q u i re m e n t , XXX m a n a g e m e n t s ys t e m e ffe cti ve n e s s O p p o rtu n i ti e s fo r i m p ro ve m e n t D u ri n g th e co u rs e o f tra n s i ti o n i n g , o p p o rt u n i ti e s fo r i m p ro ve m e n t ch o s e n tra n s i ti o n an o rg a n i z a ti o n Tre a t th e s e in m a y fi n d a cco rd a n ce on e wi th o r m o re th e s tra te g y Un dersta n din g th e New ISO Ma n a gem en t System Requirem en ts 81 B i bl i og ph y Standards publications B S 7 9 -2 : 002 , In form a tion security m a n a gem en t system s — Pa rt 2: Specifica tion with guida nce for use B S 9 -2 : 007 , Business tinuity m a n a gem en t — Pa rt 2: Specifica tion I SO 001 : 000 a n d 008, Qua lity m a n a gem en t system s — Requirem en ts I SO 4001 : 004, En vironm enta l m a na gem en t system s — Requirem ents with guida n ce for use I SO /I E C 0000-1 : 005, In form a tion tech nology — Service m a n a gem ent — Pa rt : Specifica tion I SO 2 000: 005 , Food sa fety m a n a gem en t system s — Requirem en ts for a n y orga n iza tion in the food ch a in I SO 2 01 : 01 , Societa l security — Business tin uity m a n a gem en t system s — Requirem en ts I SO /I E C 001 : 005 a n d 01 , Inform a tion techn ology — In form a tion security m a na gem en t system s — Requirem ents I SO /I E C 004: 009 , Inform a tion techn ology — Security tech niques — Inform a tion security m a n a gem ent m ea surem en ts I SO /I E C 01 : 01 , Inform a tion techn ology — Security tech niques — Guida nce on th e in tegra ted im plem enta tion of ISO/IEC 27001 a nd ISO/IEC 20000-1 I SO /I E C D i recti ves, Pa rt — Con solida ted ISO Supplem en t (3 rd E d i ti on ) PAS 9 : 01 , Specifica tion of com m on m a n a gem en t system requirem en ts a s a fra m ework for in tegra tion Understa nding th e New ISO Ma n a gem en t System Requirem en ts 83 Bibliography Other publications [a]Brewer, D.F.C., Nash, M.J and List, W (2005) Exploiting an integrated management system, available at: http://www.gammassl.co.uk/research/MSExploitation.pdf [accessed September 201 3] [b] Brewer, D.F.C (2004) A tale of BS 7799-2 certification, available at: http://www.gammassl.co.uk/research/archives/ISMS/Certification%20 v02.pdf [accessed September 201 3] 84 Understanding the New ISO Management System Requirements I n Ap ri l 2 , I S O u p d a te d i ts d i re cti ve s I n p a rti c u l a r, th e re i s a n e w a n n e x - An n ex S L - i n w h i ch Ap p e n d i x d e fi n e s th e H i g h Le ve l S tru ctu re a n d I d e n ti ca l Co re Te xt fo r a l l n e w a n d re vi s e d m a n a g e m e n t s ys te m s ta n d a rd s Th e co n ce p t i s th a t s o m e re q u i re m e n ts , e g m a n a g e m e n t re vi e w, a re co m m o n to a l l m a n a g e m e n t s ys te m s ta n d a rd s a n d th e re fo re o u g h t to b e i d e n ti ca l l y wo rd e d Th e b o o k e xp l a i n s th e n e w re q u i re m e n ts a n d h o w th e y a re re l a te d to th o s e i n m a n a g e m e n t s ys te m s ta n d a rd s p u b l i s h e d p ri o r to th e a d ve n t o f th e n e w I S O d i re cti ve s I n s o d o i n g i t s h o w s h o w fa m i l i a r c o n ce p ts h a ve m e ta m o rp h o s e d i n to n e w o n e s I t p ro vi d e s fre s h i n s i g h ts i n to u n d e rs ta n d i n g m a n a g e m e n t s ys te m s ta n d a rd s a n d th e re b y g i ve s g u i d a n ce o n h o w to d e ve l o p a m a n a g e m e n t s ys te m fo r th e fi rs t ti m e I t g i ve s a d vi ce o n tra n s i ti o n i n g exi s ti n g m a n a g e m e n t s ys te m s to th e n e w re q u i re m e n ts a n d o n th e c o n s tru cti o n a n d u s e o f i n te g te d m a n a g e m e n t s ys te m s Th e b o o k i s a i m e d p ri m a ri l y a t p e o p l e wh o e n g a g e i n cre a ti n g a n d ru n n i n g m a n a g e m e n t s ys te m s , i n c l u d i n g m a n a g e m e n t s ys te m a d m i n i s tra to rs , co n s u l ta n ts , tra i n e rs a n d a u d i to rs N o p ri o r kn o wl e d g e o f m a n a g e m e n t s ys te m s i s a s s u m e d About the author D r D a vi d B re we r h a s a l o n g h i s to ry o f i n vo l ve m e n t wi th q u a l i ty s ys te m s b e g i n n i n g i n w h e n h e a cte d a s q u a l i ty a s s u n ce s e cti o n l e a d e r o n a l a rg e s o ftwa re i n te n s i ve p ro j e ct H e b e ca m e i n vo l ve d wi th s ta n d a rd s w ri ti n g i n th e l a te s a n d b e ca m e a c o - a u th o r o f th e o ri g i n a l I S M S s ta n d a rd , B S 779 Pa rt , a n d i s n o w a n a c ti ve m e m b e r o f th e U K d e l e g a ti o n to I S O J TC S C2 WG wh i c h i s re s p o n s i b l e fo r th e I S O 70 0 fa m i l y o f s ta n d a rd s ; a n d i s co - e d i to r fo r th e re vi s i o n o f I S O /I E C 70 ( M e a s u re m e n ts ) Understanding the New ISO Management System Requirements Understanding the New ISO Management System Requirements H e h a s p l a ye d a s i g n i fi ca n t ro l e i n th e re vi s i o n o f I S O /I E C 70 a n d i ts c o n fo rm a n ce to th e n e w I S O d i re cti ve s o n H i g h Le ve l S tru ctu re a n d I d e n ti c a l Co re Te xt H e h a s co n d u cte d a wi d e va ri e ty o f c o n s u l ta n cy a s s i g n m e n ts s p a n n i n g ye a rs i n o ve r co u n tri e s H e i s we l l kn o wn fo r h i s wo rk i n ro l l i n g o u t I S O /I E C 70 to th e w h o l e o f th e Ci vi l S e rvi ce i n M a u ri ti u s , w h i ch i s a n exe m p l a r o f h i s I S M S i m p l e m e n ta ti o n m e th o d o l o g y D r B re we r ru n s a n i n te g te d m a n a g e m e n t s ys te m , wh i ch co n fo rm s to th e q u a l i ty, b u s i n e s s co n ti n u i ty a n d i n fo rm a ti o n s e cu ri ty m a n a g e m e n t s ys te m s ta n d a rd s H i s s e m i n a l re s e a rch p a p e rs i n cl u d e 'M e a su rin g th e Effe ctive n e ss o f a n In te rn a l Co n tro l Syste m ', p u b l i s h e d i n 0 a n d 'Exp lo itin g a n In te g te d M a n a g e m e n t Syste m ', p u b l i s h e d i n 0 D a vid B rewe r BSI order ref: BIP 0140 BSI Group Headquarters Ch i s wi ck H i g h R o a d Lo n d o n W 4AL w w w b s i g ro u p c o m © B S I c o p y ri g h t B Understanding the New ISO Management System Requirements David Brewer W F F W

Định dạng
Số trang	96
Dung lượng	1,46 MB