Overview
Corporate Social Responsibility (CSR) functions as a built-in, self-regulating mechanism whereby a business monitors and ensures its active compliance with the spirit of the law and ethical standards.
The term CSR came into common use in the late 1960s and early 1970s after many multinational corporations formed the term stakeholder, meaning those on whom an organisation’s activities have an impact. It was used to describe corporate owners beyond shareholders.
Scheme
Asset Management ISO 55001
Asset management is a systematic process of deploying, operating, maintaining, upgrading, and disposing of assets cost-effectively. The Asset Management Council also defines the asset management as “The life cycle management of physical assets to achieve the stated outputs of the enterprise”.
In 2014 the ISO 55001:2014 has been published, which is the requirements specification for an integrated, effective management system for asset management. This is the criteria set to ensure a good asset management system has been developed and implemented to maximise value-for-money and satisfaction of stakeholders’expectations related to the asset. It may apply to both tangible assets and to intangible concepts.
There are two other important documents:
• ISO 55000: Overview, principles and terminology
• ISO 55002: Guidelines for the application of ISO 55001
The requirements for an asset management system, within the context of the organisation have been specified within the International Standard ISO 55001:2014. ISO 55001 also links with the risk management principles of ISO 31000.
Organisations also need to develop and make available documented information (policies, procedures and records) to demonstrate it has planned and implemented an effective risk management program. The audit and certification by Global-Mark ensures the program is complete, well maintained, implemented and compliant.
The certification process is based on a Stage 1, Stage 2 process, offers the opportunity to integrate other standards. Post Certification reviews are based on an annual cycle and re-certification is every 3 years.
Business Continuity ISO 22301
Business continuity is an increasing requirement and expectation from Clients. With the increasing reliance on IT systems, clouds, and electronic transaction, the level of dependency on systems remaining live and operational is significant. When down, it is not only unpleasant but can have enormous impacts on Clients, suppliers or the community.
The approach to business continuity, is based on other ISO/EMS standards which follows management systems, and risk management.
The BCI Supply Chain Survey 2014 identified that the top 5 causes impacting on business continuity are:
• Loss of telecommunications
• Extreme weather events
• Service failure by outsourcer
• Cyber Attack
• Data Breach
Whilst your organisation may identify other adverse events, have you considered these?
Organisations also need to develop and make available documented information (policies, procedures and records) to demonstrate it has planned and implemented an effective business continuity program.The audit and certification by Global-Mark ensures the program is complete, well maintained, implemented and compliant.
The certification scope is generally limited in scope and cannot be granted “company wide”. The certification process is based on a Stage 1, Stage 2 process, offers the opportunity to integrate other standards. Post Certification reviews are based on an annual cycle and re-certification is every 3 years.
Information Security Management ISO 27001
With the increasingly important reliance on IT systems, security should be considered a key aspect of the IT infrastructure. IT breaches, hackers are making daily news for all the wrong reasons.
IT security is not only about passwords and firewalls, but also requires a system approach to its management. ISO 27001 provides a framework for developing and implementing Information Security Management Systems, and organisations like Global-Mark are able to certify compliance with these standards.
This provides your organisation, its Board, staff, and customers assurance that proper systems and accountabilities are in place and can be relied upon.
The standards are entirely technology independent, and focus on the management of security using a systems approach. They require organisations to have and maintain a documented Information Security Management System compliant with ISO 27001 in place, and systems (policies, procedures and records) to control the following:
• Security policy
• Security organisation
• Security of third party access
• Outsourcing
• Asset classification and control
• Personnel security
• Physical and environmental security
• Communication and operations management
• Access control
• Systems development and maintenance
• Business continuity management
• Compliance (legal, review of policy and technical compliance, system audit)
The certification process is based on a Stage 1, Stage 2 process, offers the opportunity to integrate other standards. Post Certification reviews are based on an annual cycle and re-certification is every 3 years.
Risk Management ISO 31000
Risk management is at the heart of all the recent management systems standards published by ISO/IEC or Standards Australia.
The approach to risk management can be based on ISO 31000.
The standard provides a systems approach to deal with hazards, adverse events, but also opportunities. These are identified, documented, assessed, quantified, and then if needed treated.
The standards also requires organisations to have support tools and systems to ensure the effort is sustainable and involves all key levels and functions within an organisation.
Organisations also need to develop and make available documented information (policies, procedures and records) to demonstrate it has planned and implemented an effective risk management program. The audit and certification by Global-Mark ensures the program is complete, well maintained, implemented and compliant.
The certification scope is generally limited in scope and cannot be granted “company wide”. The certification process is based on a Stage 1, Stage 2 process, offers the opportunity to integrate other standards. Post Certification reviews are based on an annual cycle and re-certification is every 3 years.