Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

ISO 27001 for SMEs


Published on

How ISO 27001 will help SMEs ?
An magazine by ISO Organization

Published in: Technology
  • Be the first to comment

  • Be the first to like this

ISO 27001 for SMEs

  1. 1. IMSVol. 9, No. 1 January-February 2009 ISO Management Systems When Results Count. ISO Standards. ISSN 1680-8096 • ISO 9000 video • ISO 50001 and energy • Standards and sustainability “ Big D ” becomes “ Green D ” IS O/IEC 2 7001 SMEs ISO 22000 and a million daily meals for Ship registry and ISO 9001
  2. 2. © ISO Management Systems, by Roger Frost EDITORIALYou can count on ISO standards The following examples, large and small, cover both management systems and “ other standards ” – and include a striking negative example. • MPEG-2Y ou may have noticed that there is a slogan under the ISO Management Systems title on the cover page of the The MPEG-2 coding standard has facilitated the worldwidemagazine. The slogan reads : “  hen Results Count. ISO W growth of the digital television and DVD industries, includingStandards.” the diffusion of some 3.5 billion DVDGiven our emphasis machines and 40 billionon ISO’s management DVDs. an estimatedsystem standards and market of USD 2.5 trillion.the results they deliverfor users – as reported • Product databy the users themselves exchange– it’s easy to forget thatISO has more than The ISO Standard for17  4 00 “ other ”  Inter- Exchange of Productnational Standards and Data (STEP), whichrelated documents to addresses the exchangeoffer. of digital product information, has beenThe sheer scale of calculated as havingthe implementation the potential to saveof some of them, for USD 928 million a yearexample, the metric by reducing interoper-system, makes it rather ability problems in thedifficult, if not impos- automotive, aerospacesible, to come up with and shipbuilding indus-precise, totally accurate tries on the results theyhelp to achieve. • Freight containersAnother complication is that a number It is estimated that more than 90   of the world %of standards, such as for freight container trade in non-bulk goods is transported indimensions and many information technol- Some standards provide freight containers conforming to ISO specifi-ogy standards, provide benefits not only for spin-off benefits for much cations. Containerization has reduced the timespecific users like the transport and IT of the world’s population and cost of moving goods across the oceans tosectors, but potentially for all sectors. market by 84  % and 35  % respectively.Indeed, it could be argued that some stand-ards like these provide spin-off benefits for • Spacemuch of the world’s population. The failure to adhere to the international metric system ofIt is relatively simple for individual users of ISO manage- measurement (now the ISO 80000 series) cost US taxpayersment system standards to calculate the benefits that they USD 125 million at the end of September 1999 whenbring their organizations. For the reasons given above, it is NASA’s Mars Climate Orbiter was lost in space becauseoften necessary to have recourse to estimations and projec- engineers had failed to make the conversion from Imperialtions to convey an idea of the results delivered by other units to metric, a costly mistake that sent the spacecraftstandards. fatally close to the surface of Mars. ISO Management Systems – January-February 2009  1
  3. 3. © ISO Management Systems, EDITORIAL• Oil and gas • CranesA multinational company calculated that if the systematic Maintenance programmes based on International Standardsuse of ISO standards could be expected to save 1  % of of the millions of cranes in use around the world arethe industry’s annual expenditure, then the saving would estimated to save USD 3 billion annually.amount to USD 180 million and represent a return oninvestment of 25 to 1. • Petroleum company Average benefits of ISO 9000 implementation were some• Concrete nine times the costs over the first year.It is estimated that the world trade in concrete is USD13-14 trillion and that implementing ISO standards could • International development bankincrease this by 1-2  % over a decade. With an annual An ISO 14001-based resource conservation programmeproduction of concrete estimated to be 15 billion tons helped save over USD 250  0 00 through electricity, water,and about 1 % of the world’s population having jobs that paper, and solid waste reduction at its HQ from 2003 todirectly relate to the concrete construction industry, the 2006.value of ISO standards impacting the world trade inconcrete, the quality and longevity of concrete and the • City councilenvironmental impact of concrete production is potentially As a result of a combined ISO 9000 and risk managementenormous. programme implemented by a city council, its insurer waived an 8  % increase in its premium. • Counting on ISO standards2  IMS – January-February 2009
  4. 4. © ISO Management Systems, CONTENTS VIEWPOINT 23 5 ISO/TC 207 can get even better Dr. Robert Page, the new Chair of ISO/TC 207, Environmental management, writes : “ISO/TC 207 is built on incredible foundations – its institutional strength, global reach and collective will to develop standards that matter. It is against this backdrop that ISO/TC 207 can get even better, to address calls for greater marketIMS 1-2009 E.indd 1 29.12.2008 10:43:29 relevance and more effective tools.” SPECIAL REPORT 6 ISO MANAGEMENT SYSTEMS is published ISO/IEC 27001 for SMEs six times a year Information security management systems for by the Central small and medium-sized enteprises Secretariat of ISO (International Athough many large organizations have been quick to see the benefits of Organization for Standardization) and is available in English, ISO/IEC 27001:2005 – the information security management system standard French and Spanish editions. – many SMEs have been slow adopters because of a lack of basic advice in its implementation. This will change with development of a new ISO Publisher : ISO Central Secretariat, handbook to demystify the process, due for publication in 2009. 1, ch. de la Voie-Creuse, Case postale 56, CH-1211 Geneva 20, ISO INSIDER 10 Switzerland. Tel. + 41 22 749 01 11. ISO publishes new edition of ISO 9001 Fax + 41 22 733 34 30. ISO has published ISO 9001:2008, the latest edition of the International Standard E-mail Web used by organizations in 175 countries as the framework for their quality manage- ment systems (QMS). ISO 9001:2008, Quality management system – Requirements, Editor in Chief : Roger Frost. is the fourth edition of the standard first published in 1987. Contributing Editor : Garry Lambert. ISO launches video clip  : “  he ISO 9000 family – Global management T Artwork : Pascal Krieger and Pierre Granier. standards ” • ISO 50001 – future management system standard for energy • How ISO contributes to a sustainable world • ISO Guide will A one-year subscription (six issues) to ISO MANAGEMENT help reduce environmental impacts of products • Material flow cost SYSTEMS costs 128 Swiss francs. accounting with ISO 14051 Subscription enquiries : Sonia Rosas-Friot, ISO Central Secretariat. INTERNATIONAL 23 19 Tel. + 41 22 749 03 36. Fax + 41 22 749 09 47. The “ Big D ” becomes the “ Green D ” E-mail Dallas is largely known across the globe for being big…  ig money, b Advertising enquiries : big business, and big hair (the hair styles made famous by the Dallas ISO Central Secretariat, TV series)…and is appropriately nicknamed, “  ig D  . However, B ” Case postale 56, CH-1211 Geneva 20, the “  ig D  is now known as “  reen D  as a result of a three-year B ” G ” Switzerland. ISO 14001 implementation and certification programme across all Contact : Régis Brinster. Tel. + 41 22 749 02 44. major city departments, a first in any US municipal organization. E-mail • Isle of Man Ship Registry – anchored to ISO 9001 © ISO, January-February 2009 • ISO 22000 helps India’s Akshaya Patra Foundation feed ISSN 1680-8096 a million needy children daily The views expressed in • Case studies show value of ISO/IEC 27001 conformity ISO MANAGEMENT SYSTEMS are those of the authors. The advertising STANDARDS FOR SERVICES 37 of products, services, events or training courses in this publication • European initiatives for sheltered housing does not imply their approval by ISO. and airport security Cover photo   Montage ISO : NEXT ISSUE 40 ISO Management Systems – January-February 2009  3
  5. 5. © ISO Management Systems, VIEWPOINTIt was a great honour for me significant and important institutional strength, globalto accept the nomination as contribution to sustainable reach and collective will tothe Chair of ISO techni- development. Born out of develop standards that mat-cal committee ISO/TC 207, the 1991 Rio Earth Summit, ter. It is against this back-Environmental management. ISO/TC 207 has epitomized drop that ISO/TC 207 canI have had the pleasure to that Summit’s Agenda 21 get even better, to addressknow several past Chairs and its focus on how govern- calls for greater market rel-of this eminent committee, ments, enterprises and non- evance and more effectivesuch as George Connell and by Robert Page governmental organisations tools.Daniel Gagnier, and will could co-operate to achieve ISO/TC 207work to build on their im- sustainable development.portant legacy. While a success against Continuity andIt has been over 20 yearssince Ms. Gro Harlem can get even any measure, ISO/TC 207 and its ISO 14000 family of change should not be viewed asBrundtland  authored Our standards now compete in a competing visionsCommon Future, the semi-nal report of the United Na- better more crowded market-place addressing a myriad of envi-tions Commission on Envi- ronmental and sustainabil- Continuity and changeronment and Development. Dr. Robert Page has succeeded ity issues. should not be viewed asThis report introduced the Mr. Daniel Gagnier as the new competing visions, but asconcept of sustainable de- Chair of ISO/TC 207. Dr. Page isvelopment to the world as Integrative thinking a necessary and powerful currently the TransAlta Professor reality in today’s world.“ d evelopment that meets of Environmental Management New challenges include the In ISO/TC 207, the axiomthe needs of the present and Sustainability, Energy and En- “ f ragmentation ” of environ- “ t hings must change so theywithout compromising the vironmental Systems Group, Insti- mental issues and analysis – can remain the same ” is anability of future generations tute for Sustainable Energy, Envi- which needs to be balanced operating meet their own needs ” . ronment, & Economy, University with integrative thinking of Calgary, Canada, where he is that recognizes inter-rela- Within this context, it is myMs. Bruntland’s report rec- also an Adjunct Professor in the tionships and cause-effect sincere belief that the col-ognized that sustainable Haskayne School of Business. He relationships. lective expertise, ability anddevelopment in practice re- is also the acting Chair of the Go-quired the integration, or a commitment of our stand- vernment of Canada’s National The need for public cred-systems view, of economy, ards experts – from all walks Round Table on the Environment ibility and market relevancesociety and environment. of life and corners of the and the Economy (NRTEE). has never been greater, butIt recognized the needs of world – can and will increase must be balanced against He is known nationally and interna- the “ sustainability footprint ”the world’s poor and the in- the rigour and decentral-herent limitations on what tionally for his work on energy and ized participation inherent of ISO standards. • the environment in areas such asthe Earth’s environment in the ISO process. The role climate change, emissions trading,can support. Organizations of developing countries, and biodiversity and protected spaces,large and small, governmen- their active participation, environmental impact assessment,tal, business or non-govern- in ISO and ISO/TC 207 re- and policy and regulation.mental, have been trying to mains critical not only ouroperationalize the concept Dr. Page has served for the Govern- Contact : ISO/TC 207 Secretary, credibility, but also to find-of sustainable development ment of Canada in international nego- Kevin Boehmer. ing consensus on global en-ever since. tiations on the Conference of the Par- vironmental issues. E-mail ties for the Kyoto Protocol, the NorthSince 1996, ISO/TC 207 American Free Trade negotiations, and ISO/TC 207 is built on in- Web www.tc207.orgstandards have made a trade and the environment. credible foundations – its Web ISO Management Systems – January-February 2009  5
  6. 6. © ISO Management Systems, SPECIAL REPORT Information security management systems for small and medium-sized enteprises Although many large organizations have been quick to see the benefits of ISO/IEC 27001:2005 – the information security management system standard – many SMEs have been slow adopters because of a lack of basic advice in its implementation. This will change with development of a new ISO handbook to demystify the process, due for publication by Edward Humphreys in 2009. Visiting Professor Edward Humphreys (FH University of Applied Science, Hagenberg, Upper Austria), is Convenor of ISO/IEC JTC 1, Information technology, subcommittee SC 27, IT security techniques, working group WG 1, Information security management systems. E-mail edwardj7@msn.com6  ISO Management Systems – January-February 2009
  7. 7. © ISO Management Systems, SPECIAL REPORTISO/IEC 27001:2005, Infor- IEC 27001 implementation ISO/IEC 27002 Yes Partial No Commentsmation technology – Secu- does not need to be costly or Control Questionsrity techniques – Information resource management systems Step-by-step ISMS implemen-– Requirements, is one of a tation enables the SME to be Do you have software 4 Not all thefamily of information security implemented in your computers able to achieve a basic levelmanagement systems (ISMS) computers to detect, in the busi- of cost-effective protection prevent and recover from ness havestandards (see box) for use by without much effort. And by fol- a malicious code attack this softwareall organizations regardless of (e.g. from a virus attack) ? installed. lowing two to three more steps,size and sector. the organization can achieve a Do all your staff know 4Well over 5  000 organizations fully ISO/IEC 27001-conform- about the dangers of ing ISMS when appropriate to malicious code attack (e.g.have already certified their from a virus attack) andISMS in conformity with ISO/ the business. are they trained in the useIEC 27001, and many more are of the software used to detect, prevent and recoverin process of doing so – testi- Basic protection from such attacks ?mony to its broad applicabilityin helping protect business All organizations need a base- Do you regularly update 4 the software used toassets and information, and the line of security to provide a detect, prevent and recoverreason why the ISMS strandard minimum level of protection. from a malicious codehas become the common infor- For example, virus attacks can attack (e.g. from a virus attack) ?mation security language within threaten any organization,and between many different including SMEs. They shouldtypes of enterprise. have back-up systems in place to protect against information Figure 1 – Example of a typical information security gap analysis.However, while many large loss or destruction, and ensureorganizations have been quick physical protection of person- • protection of personnel data Risk assessmentto see the benefits, many small nel data and equipment. and company medium sized enterprises The objective of a risk assess-(SMEs) are still slow to adopt Implementing a basic level of ment is to identify the risksthe standard because of a lack protection is an appropriate confronting an SME so that anof basic advice on its imple- SMEs are still slow starting point for any SME, appropriate set of informationmentation. to adopt ISO/IEC 27001 beginning with a simple gap security controls can be imple- analysis to identify the protec- mented to reduce those risksHelp will shortly be at hand tion already in place, and what to an acceptable level.following the development of a it lacks. Above is a typical gap ISO/IEC 27002:2005 provides a Yet risk assessment is seennew ISO handbook designed to analysis checklist using the code of practice that describes by many SMEs as a formida-provide much needed guidance controls listed in ISO/IEC the necessary controls for basic ble and time-consuming taskon ISO/IEC 27001 implementa- 27002 (see Figure 1). protection, including  : requiring substantial resources.tion for SMEs from all sectors,due for publication in 2009. This • a policy for high level informa- It does not need to be so. To tion security management ; ISMS policy extend SME information pro-article provides a preview. tection beyond the baseline • user awareness ; An information security policy level requires a risk assessmentTwo approaches statement can be a one-page • antivirus software ; exercise. However, the steps document from senior manage- involved are quite straight-The handbook will offer a • backup ; ment listing policy objectives forward as explained in the“  tep-by-step  or “  ll-at-once  s ” a ” and commitment, displayed in • access controls ; forthcoming ISO handbook.approach to implementation the organization’s premises.depending on the SME • p h y s i c a l p r o t e c t i o n o f This is a simple but effective The baseline controls men-resources available. It explains premises and commercially daily reminder to employees tioned are designed to reducethat, irrespective of the size sensitive paper-based files of the importance of informa- specific risks – such as anti-and nature of the SME , ISO/ and documents ; tion security. virus software to reduce the ISO Management Systems – January-February 2009  7
  8. 8. © ISO Management Systems, SPECIAL REPORT risk of a virus attack, back-ups to minimize the risk of data The ISO/IEC 27000 family loss through system failures, physical protection to lower the risk of equipment and The ISO/IEC 2700 family of information security management standards currently comprises four documentation theft. publications : ISO/IEC 27001:2005, Information technology – Security techniques – Information security management systems – Requirements ISO/IEC 27001 implementation does not ISO/IEC 27002:2005, Information technology – Security techniques – Code of practice for information need to be costly security management ISO/IEC 27005:2008, Information technology – Security techniques – Information security risk management ISO/IEC 27006:2007, Information technology – Security techniques – Requirements for bodies providing Typical vulnerabilities identi- audit and certification of information security management systems fied by risk assessment can include : The principal standard, ISO/IEC 27001:2005, covers all types of organizations (e.g. commercial enterprises, • On-line information theft government agencies, not-for-profit organizations), and specifies the requirements for establishing, imple- and fraud menting, operating, monitoring, reviewing, maintaining and improving a documented information security management system within the context of the organization’s overall business risks. This inclues on-line auction frauds, “ phishing ” (e-mail It specifies requirements for the implementation of security controls customized to the needs of indi- disguised as official bank vidual organizations or parts thereof. communication), “ 4 19 ” scam ISO/IEC 27001:2005 is designed to ensure the selection of adequate and proportionate security letters, and numerous other controls that protect information assets and give confidence to interested parties, and is intended to deceptions designed to lure be suitable for several different types of use, including the following : users to part with personal information, bank and credit • use within organizations to formulate security requirements and objectives card details, social security numbers or passwords. • use within organizations as a way to ensure that security risks are cost effectively managed • use within organizations to ensure compliance with laws and regulations • System failures • use within an organization as a process framework for the implementation and management of These can can shut down an controls to ensure that the specific security objectives of an organization are met SME’s IT system and disrupt normal business activity for • definition of new information security management processes days with possibly serious • identification and clarification of existing information security management processes effects on revenue and com- petitiveness. • use by the management of organizations to determine the status of information security manage- ment activities • Software problems • use by the internal and external auditors of organizations to determine the degree of compliance These includes bugs, viruses, with the policies, directives and standards adopted by an organization out of date programs and unauthorised access which • use by organizations to provide relevant information about information security policies, directives, can compromise information standards and procedures to trading partners and other organizations with whom they interact for security. operational or commercial reasons • implementation of business-enabling information security • Misuse of company resources • use by organizations to provide relevant information about information security to customers. These can done by external users or SME staff, whether accidental or intentional, and8  ISO Management Systems – January-February 2009
  9. 9. © ISO Management Systems, SPECIAL REPORTcan result in breaches of infor-mation security.• Delayed response to security incidentsImmediate reporting of anypotential security risks shouldbe routine with measures takento correct the problem beforeit can have a negative impacton the organization.The risk assessment should onlyfocus on those areas requiringprotection to avoid unnecessaryexpenditure on informationsecurity solutions covering lessrisky areas of the business.Regardless of the measurestaken, it is impossible to reduceinformation security risks tozero. The SME should imple-ment the necessary controls toreduce the risks to an accept-able residual level withoutoverspending on informationsecurity measures. There is a Maintaining an ISMS the new risks. Regular reviewspoint at which the benefits not only ensure the continuinggained are outweighed by the Implementing the controls set It is impossible to reduce effectiveness of the system, butcost of implementing more and out in ISO/IEC 27001 is an information security risks to can be far more cost effectivemore security. important aspect of protect- zero than more substantial periodic ing information, but just as system upgrades. important is maintaining the The new handbook will day-to-day effectiveness of Better protection Managing its information demystify the ISMS. If the system is not security enables an SME to regularly managed then the In this article, I have high- ISO/IEC 27001 make system improvements investment in security can be lighted some of the advice and upgrades when necessary wasted. given in the forthcoming ISO to protect its investment in handbook. It will also include security. This involves regular checklists, scorecards and case monitoring, and reviewing studies to help SMEs focus on any changes in operations the key aspects of protecting that might affect the level their business information of protection that has been using ISO/IEC 27001 as the implemented. ISMS tool. In essencethe new If changes in business condi- handbook will help to simplify tions are significant enough to and demystify ISO/IEC 27001 increase information security requirements and give SMEs risks, then the SME will have a clearer understanding of to consider changing the set how best to protect their busi- of ISMS controls to counter nesses. • ISO Management Systems – January-February 2009  9
  10. 10. © ISO Management Systems, ISO INSIDERISO publishes new edition ISO/TC 176, which is respon- sible for the ISO 9000 fam- Although certification of con- formity to ISO 9001 is notof ISO 9001 ily, unites expertise from 80 participating countries and a requirement of the stand- ard, it is frequently used in 19 international or regional both public and private sec- organizations, plus other tech- tors to increase confidenceby Roger Frost nical committees. The review in the products and services of ISO 9001 resulting in the provided by certified organi- 2008 edition was carried out zations, between partners in by subcommittee SC 2 of ISO/ business-to-business relations, TC 176. in the selection of suppliers in supply chains and in the right to tender for procurement User survey contracts. Up to the end of This review has benefited from December 2007, at least 951   86 4 a number of inputs, including ISO 9001:2000 certificates had the following : a justification been issued in 175 countries study against the criteria of and economies. ISO Guide 72:2001, Guidelines for the justification and devel- opment of management system standards ; feedback from the ISO has also developed ISO/TC 176 interpretations an introduction and support process ; a two-year systematic package review of ISO 9001:2000 within ISO/TC 176 / SC2  ; a worldwide user survey carried out by ISO/ ISO (which does not itselfISO has published ISO 9001: experience of implementing TC 176/SC 2, and further data carry out certification) and2008, the latest edition of the the standard worldwide and from national surveys. the International Accredita-International Standard used by introduces changes intended ISO Secretary-General Alan tion Forum (IAF) have agreedorganizations in 175 countries as to improve consistency with Bryden commented : “ T he on an implementation plan tothe framework for their quality the environmental manage- revised ISO 9001 results from a ensure a smooth transition ofmanagement systems (QMS). ment system standard, ISO structured process giving weight accredited certification to ISO 14001:2$004.ISO 9001:2008, Quality man- to the needs of users and to the 9001:2008. The details of theagement system – Require- All ISO standards – currently likely impacts and benefits of plan are given in a joint com-ments, is the fourth edition of more than 17  400 – are periodi- the revisions. ISO 9001:2008 muniqué by the two organiza-the standard first published in cally reviewed. Several factors is therefore the outcome of a tions which is available on the1987 and which has become the combine to render a standard rigorous examination confirm- ISO Web benchmark for provid- out of date, such as technologi- ing its fitness for use as the ISO 9001:2008, Quality man-ing assurance about the ability cal evolution, new methods and international benchmark for agement system – Requirements,to satisfy quality requirements materials, new quality and safe- quality management. costs 114 Swiss francs and is ty requirements, or questionsand to enhance customer sat- available from ISO national of interpretation and applica- ISO/TC 176/SC 2 has alsoisfaction in supplier-customer member institutes (listed with tion. To take account of such developed an introduction andrelationships. contact details on the ISO Web factors and to ensure that ISO support package of documentsISO 9001:2008 contains no new standards are maintained at the explaining what the differences site and from ISOrequirements compared to the state of the art, ISO has a rule are between ISO 9001:2008 Central Secretariat (sales@iso.2000 edition, which it replaces. requiring them to be periodi- and the year 2000 version, why org). •It provides clarifications to the cally reviewed and a decision and what they mean for users.existing requirements of ISO taken to confirm, withdraw or These documents are available9001:2000 based on eight years’ revise the documents. on the ISO Web site.10  ISO Management Systems – January-February 2009
  11. 11. © ISO Management Systems, ISO INSIDER ISO launches video clip : “  he ISO 9000 T The ISO 9000 family is devel- oped and maintained by ISO 50001 – future family – Global management standards“ technical committee ISO/TC management 176, Quality management and quality assurance. system standard by Roger Frost The video concept was created for energy by Communication Services, ISO Central Secretariat (ISO/ by Edwin Pinero and ISO has just launched a video efficiency and effectiveness of CS). Post-production by Com- Jason Knopes clip in which users share their the ISO 9000 approach. munication and Information perspectives of earlier ISO services (ISO/CS) and Taurus ISO Secretary-General Alan Studio (sound). Geneva, Swit- 9001 editions and other stand- Bryden comments  : “  henever W zerland www.taurus-studio. ards in the ISO 9000 family the ISO 9000 family is evoked, com. Production input by True- which has become the global the emphasis is usually on ISO world Communications, Unit- benchmark for qualtiy manage- 9001 certification. This video is ed Kingdom,www.trueworld. ment systems. refreshing because the users The ISO 9000 family – Global emphasize the importance and management standards takes benefits of ISO 9000 aspects The ISO 9000 family – Glo- the form of a fictional televi- such as management commit- bal management standards sion business news report on ment, metrics, customer focus, can be downloaded free of ISO 9000 in which real users continual improvement, knowl- charge from ISO’s Web site. speak from their personal edge transfer, cost savings and It is also available (Eng- experience in the varied con- the eight quality management lish only) in high resolu- texts of multinational industry, principles.” tion on DVD in PAL (ISBN a humanitarian aid organiza- 978-92-67-10485-0) and NTSC tion and a police department, (ISBN 978-92-67-10486-7) which ISO says underlines versions for being shown in the combination of flexibility, Users emphasize the conference settings. The DVD importance and benefits version is also free, although of ISO 9000 aspects postage and handling will be charged. It is available from ISO national member institutes (listed with contact The video includes details on the ISO Web site ISO has identified energy interviews with and from ISO management as one of the ISO 9000 users Central Secretariat (sales@ top five fields 1) meriting the from : the inter- • development and promotion national oil and of International Standards. gas industry ; the Effective energy management Cambodia Trust, is a priority focus because of a humanitarian the significant potential to aid organization save energy and reduce green- with headquar- house gas (GHG) emissions ters in the United worldwide. Kingdom, and the Phoenix Police 18.12.20 08 10 :49:00 1) Priorities also include calculation Department, Ari- methods, biofuels, retrofitting and refurbishing, and buildings as zona, USA. determined by the ISO Council Standing - ISO 90 01_clip.i ndd 1 Committee on Strategies Energy Taskace CD Force in 2007. ISO Management Systems – January-February 2009  11 18.12.2008 10:46:52
  12. 12. © ISO Management Systems, ISO INSIDERExisting ISO standards for A pressing need International frameworkquality management systems The future ISO 50001 will estab-(ISO 9000 series) and envi- lish an international frame- The authorsronmental management sys- work for industrial and com-tems (ISO 14000 series) have mercial facilities, or entiresuccessfully stimulated sub- companies, to manage allstantial, continual efficiency aspects of energy, includ-improvements within organi- ing procurement and use.zations around the globe. An The standard will provideenergy management standard organizations and com-is expected to similarly achieve panies with technical andmajor, long-term increases in management strategies toenergy efficiency – 20  % or “  he urgency to reduce T increase energy efficiency,more in industrial facilities 2). GHG emissions, the reality reduce costs, and improve of higher prices from reduced environmental performance. Edwin Pinero Jason Knopes availability of fossil fuels, is Chair of is Secretary of Based on broad applicability ISO 50001 will provide and the need to promote ISO/PC 242. ISO/PC 242. across national economic sec-strategies to increase energy efficiency and the use of tors, the standard could influ- efficiency, reduce costs, renewable energy sources ence up to 60 % of the world’s and improve environmental provide a strong rationale energy demand3). Corporations, It is envisioned that the future for developing this new performance supply chain partnerships, utili- standard will provide organi- standard, building on the most advanced good practices ties, energy service companies, zations and companies with and existing national or and others are expected to use a recognized framework forEarly on, the United Nations regional standards.” ISO 50001 as a tool to reduce integrating energy efficiencyIndustrial Development Organ- energy use and carbon emis- into their management prac-ization (UNIDO) recognized Alan Bryden sions in their own facilities tices. Multi-national organi-industry’s need to mount an ISO Secretary-General (as well as those belonging zations will have access to aeffective response to climate 2003-2008 to their customers or suppli- single, harmonized standardchange and to the proliferation ers) and to benchmark their for implementation across theof national energy manage- achievements. organization with a logical and Discussions between USment standards. consistent methodology for experts and ISO’s US mem- As part of the standard devel-In March 2007, UNIDO hosted identifying and implementing ber, the American National opment process, ISO/PC 242a meeting of experts, includ- energy efficiency improve- Standards Institute (ANSI) led will define relevant terms anding representatives from the ments. The standard will also : to a formal proposal for ISO to develop management systemISO Central Secretariat and establish a committee on this requirements along with pro- • a s s i s t o r g a n i z a t i o n s i nnations that have adopted subject. In February 2008, the viding guidance for use, imple- making better use of theirenergy management standards. ISO Technical Management mentation, measurement, and existing energy-consumingThat meeting led to submission Board (TMB) approved the metrics associated with the assets ;of a UNIDO communication establishment of a new project standard. • offer guidance on bench-to the ISO Central Secretariat committee, ISO/PC 242, Energy To provide compatibility and marking, measuring, doc-requesting that ISO consider management, to develop the integration opportunities with umenting, and reportingundertaking work on an inter- future ISO 50001 management other management systems, it energy intensity improve-national energy management system standard for energy. is anticipated that the standard ments and their projectedstandard. ANSI is serving as the commit- will foster the same manage- impact on reductions in tee Secretariat in partnership ment system principles of con- GHG emissions ;2) McKane, et al, 2007 in UNIDO with ISO’s national member tinual improvement and usepublication, Policies for Promoting for Brazil, Associação Bra- the Plan-Do-Check-Act cycle 3) International Energy AgencyIndustrial Energy Efficiency in International Energy Outlook 2007,Developing Countries and Transition sileira de Normas Técnicas employed in ISO 9001 and industrial and commercial world energyEconomies, V.08-52434-April 2008. (ABNT). ISO 14001. use12  ISO Management Systems – January-February 2009
  13. 13. © ISO Management Systems, ISO INSIDER• create transparency and facilitate communication on country’s national mirror com- mittee which will coordinate How ISO contributes the management of energy the country’s participation to a sustainable world resources ; in developing the standard. Contact information for ISO• promote energy manage- by Roger Frost members in each country is ment best practice and rein- available on ISO’s Web site force good energy manage- ment behaviour ; Countries wishing to actively ISO has just published a new The brochure is entitled How• assist facilities in evaluating participate and send repre- brochure providing a concise ISO’s technical programme and and prioritizing the imple- sentatives to ISO/PC 242 meet- overview of how ISO’s techni- standards contribute to a sus- mentation of new energy- ings should confirm their par- cal programme, which has so tainable world. It explains how efficient technologies ; ticipation status with the ISO far produced more than 17 400 International Standards of the• provide a framework for Central Secretariat (contact International Standards, contrib- type developed by ISO, based promoting energy efficien- Trevor Vyze – ute to a sustainable world. on a double level of consen- cy throughout the supply and should also inform the sus, between stakeholders and chain ; ISO – a multi-sector, multi-stake- ISO/PC 242 Secretary, Jason between countries, contribute to holder international organization• facilitate energy manage- Knopes, of ANSI (JKnopes@ the three dimensions of sustain- – is the leader for the production ment improvements in the and Co-Secretary able development – economic, of consensus-based International context of GHG emission Felipe Viera, of ABNT, (Felipe. environmental and social. They : Standards. ISO’s membership reduction projects. • comprises the national standards • support the facilitation ofThe first meeting of ISO/PC bodies of 157 countries. This net- global trade, the dissemina-242 was held on 8-10 Septem- work is complemented by more tion of new technologies,ber 2008 near Washington D.C. than 600 international and good business practices andThe meeting was attended by regional partners and the partici- the relations between eco-more than 80 delegates from 25 pation of close to 100 000 experts. nomic actors ;ISO national member bodiesfrom all regions of the world,as well as representation fromUNIDO, which has liaisonstatus with ISO/PC 242.Excellent progress was made inthe technical discussions and afirst working draft has alreadybeen circulated for comment. Amajor point of discussion is theneed to ensure compatibilitywith the existing suite of ISOmanagement system standards.The committee therefore tookthe key decision to base thedraft on the common elementsfound in all of ISO’s manage-ment system standards. The2nd ISO/PC 242 meeting willtake place in Rio de Janeiro,Brazil in March 2009.Energy leaders are encour-aged to participate in their Brochure_sustainable_world.indd C1 29.09.2008 17:26:03 ISO Management Systems – January-February 2009  13
  14. 14. © ISO Management Systems, ISO INSIDER ISO Guide will help reduce environmental impacts of products 7:06 08 17:2 by Sandrine Tranchard, 29.09.20 able_wo rld.indd 9 Communication Officer, ISO Central Secretariat _sustain BrochureBrochure _sustaina ble_world .indd 2 ISO has published an up- This Guide is intended for 29.09.20 08 17:2 6:26 dated edition of its guide to use by all those involved in Brochure_sustainable_world.indd 6 29.09.2008 17:26:40 reducing the potential envi- the drafting of product stand- ronmental impact of products ards. Standards writers are • support good environmental tees developing standards for by taking environmental as- not expected to become en- practice and information, energy, food, water, the environ- pects into account in product vironmental experts but, by energy efficiency and the ment, health, fire safety, building, standards. using this Guide, they are en- dissemination of new, eco- transport, nanotechnologies, couraged to : friendly and energy per- social responsibility and people Every product has an impact formance technologies ; with disabilities. on the environment during all • identify and understand stages of its life-cycle, from basic environmental aspects • contribute to consumer It also describes how ISO’s extraction of resources to and impacts related to the protection, safety at work, standardization work benefits end-of-life treatment and the product under considera- healthcare, security and from strategic management and need to reduce the potential tion ; and other social interests which policy inputs that also contribute adverse impacts on the envi- may require technical or to sustainability. These inputs • determine when it is pos- ronment of a product is rec- management standards for come from the TMB and ISO sible and when it is not ognized around the world. the related products and policy development committees possible to deal with an services. for consumer affairs, develop- The newly published ISO environmental issue through ing countries and conformity Guide 64:2008, Guide for a product standard. ISO Secretary-General Alan assessment. addressing environmental is- Bryden commented  : “While sues in product standards, is However, the identification of the content of the majority of How ISO’s technical pro- a practical tool for address- these aspects and the pre- ISO standards is technical, their gramme and standards contrib- ing these issues, as well as diction of their impacts is a implementation goes beyond ute to a sustainable world, 20 a contribution to sustainable complex process. When writ- solving technical problems to pages, A5 landscape format, international trade. ing a product standard, it is delivering positive results in is available in English (ISBN economic, environmental and 978-92-67-10484-3) and French societal spheres.” (ISBN 978-92-67-20484-0) edi- tions, free of charge, from ISO Survey national member institutes (list- ed with contact details on the The new brochure is based on ISO Web site and a survey launched in 2007 by from ISO Central Secretariat the ISO Technical Management ( It can also be Board (TMB) of the technical downloaded as a PDF file from committees that development the ISO Web site. • ISO standards.  They were asked how they felt their standards contributed to sustainable development. The brochure gives a selection of examples provided by commit- 14  ISO Management Systems – January-February 2009