Name: Sherif Mohamed Adel

ID: 20206173 (dual)

Subject : Quality assurance of information system
Assignment one

What Is the International Organization for

Standardization (ISO)?

The International Organization for Standardization (ISO) is an

international nongovernmental organization made up of national
standards bodies; it develops and publishes a wide range of
proprietary, industrial, and commercial standards and is comprised of
representatives from various national standards organizations.

ISO 9001:2015 Quality management system (QMS):

ISO 9001 is the internationally recognized Quality Management System (QMS)

standard that can benefit any size organization, and is designed to be a powerful
business improvement tool.
An ISO 9001 quality management system will help you to continually monitor and
manage quality across your business so you can identify areas for improvement.
It's recognized as the world’s most widely adopted Quality Management System
(QMS) - it is the quality system of choice!
When you certify to ISO 9001 you will join over a million organizations globally
who have improved their businesses with this management system standard.
ISO 9001 is the only standard in the ISO 9000 series to which organizations can
certify. Achieving ISO 9001:2015 certification means that an organization has
demonstrated the following:
1) Follows the guidelines of the 9001 standard
2) Fulfills its own requirements
3) Meets customer requirements and statutory and regulatory requirements
4) Maintains documentation
Benefits of ISO 9001:

 Continually improve, streamline operations and reduce costs

 Win more business and compete in tenders
 Satisfy more customers
 Be more resilient and build a sustainable business
 Show you have strong corporate governance
 Work effectively with stakeholders and your supply chain

ISO 14001:2015 Environmental Management Systems (EMS):

ISO 14001 is the international standard that specifies requirements for an
effective environmental management system (EMS). It provides a framework that
an organization can follow, rather than establishing environmental performance
requirements.
Part of the ISO 14000 family of standards on environmental management, ISO
14001 is a voluntary standard that organizations can certify to. Integrating it with
other management systems standards, most commonly ISO 9001, can further
assist in accomplishing organizational goals.

To get started with ISO 14001:2015:

 Review existing quality management system requirements (ISO 9001:2015)
 Purchase ISO 14001:2015
 Get ISO 14001 training
 Certify to ISO 14001
 ISO 14001 Environmental Management Systems (EMS) Framework

Benefits of ISO 14001:

Using ISO 14001:2015 has many benefits for organizations with environmental
management systems. Organizations and companies find that using the standard
helps them:
1. Improve resource efficiency
2. Drive down costs
3. Provide assurance that environmental impact is being measured
4. Gain competitive advantage in supply chain design
 5. Increase new business opportunities
6. Meet legal obligations
7. Increase stakeholder and customer trust
8. Improve overall environmental impact. Manage environmental obligations
with consistency

ISO 45001 is an occupational health and safety (OH&S) management

system.

ISO 45001 is an international standard that specifies requirements for

an occupational health and safety (OH&S) management system. It provides a
framework for organizations to manage risks and improve OH&S performance.

The standard establishes criteria for an OH&S policy, objectives, planning,

implementation, operation, auditing and review. Key elements include leadership
commitment, worker participation, hazard identification and risk assessment,
legal and regulatory compliance, emergency planning, incident investigation and
continual improvement.

ISO 45001 utilizes the Plan-Do-Check-Act methodology to systematically manage

health and safety risks. It applies to organizations of all sizes and can be

integrated with other ISO management system standards.

Benefits of ISO 45001:

 Framework to systematically manageOH&S risks

 Reduced workplace incidents and injuries
 Demonstrated commitment to worker health and safety
 Ensured compliance with OH&S regulations
 Increased organizational resilience
 Continual improvement of OH&S performance

ISO 22000: Food Safety Management Systems:

ISO 22000:2018, is a food safety standard for businesses in the global food
chain. The International Organization for Standardization (ISO) developed the
standard ISO 22000:2018, Food safety management systems – Requirements for
any organization in the food chain.

ISO 22000 describes requirements for a food safety management system and sets
out what requirements an organization must meet to demonstrate it can control
food safety hazards. ISO 22000 industries can get certified to the standard.

ISO 22000 covers organizations across the whole food chain, from the farm to the
table. It is designed to ensure fair competition and provide for communication
within and between organizations along the food chain.
The standard incorporates and complements the main elements of ISO 9001, the
standard for quality management systems, as well as hazard analysis and critical
control points (HACCP), a preventive approach to food safety.

The standard provides a framework for organizations to develop, implement,

monitor and continually improve a food safety management system, or FSMS,
within the context of their overall business risks. To comply with the standard,
businesses must meet all applicable food safety-related statutory and regulatory
requirements.

Organizations that want to create an FSMS that is more focused, coherent and
integrated than what the law requires can benefit from ISO 22000. It helps
organizations with aspects of their operations such as food safety, hazard
controls, their supply chain, HACCP, their business strategy and food traceability.

The primary elements of an FSMS, as described in ISO 22000, are:

 Interactive communication across the organization

 System management that includes documentation
 Prerequisite programs, which ensure a clean, sanitary environment
 HACCP principles, which help identify, prevent and remove food safety
hazards

 Customer focus
 Leadership
 Engagement of people
 Process approach
 Improvement
Benefits of ISO 22000:

 Help meeting regulatory requirements— Compliance with regulatory

requirements is required to achieve certification to ISO 22000. Having an
FSMS in place can help companies meet these requirements and
understand how they impact the organization and its customers.
 Help meeting other standards and guidelines — ISO 22000 links to various
other international standards and guidelines and can help organizations
meet the requirements of these systems as well.
 Enhanced transparency — ISO 22000 helps organizations improve the
traceability of their products and achieve greater transparency regarding
operations.
 Improved response to risks — Having an FSMS in place can help
organizations respond more quickly and efficiently to issues that may
compromise food safety, helping them stop potential contamination before
it occurs.
 Reduced investigation time — If contamination does occur, an FSMS helps
organizations reduce the time it takes to investigate any food safety
breaches, solving the problem faster.

ISO 27001 International Electrotechnical Commission (IEC):

ISO 27001 is the leading international standard focused on information security. It
was published by the International Organization for Standardization (ISO), in
partnership with the International Electrotechnical Commission (IEC).

ISO/IEC 27001 is the world’s best-known standard for information security

management systems (ISMS). It defines the requirements an ISMS must meet.

Conformity with ISO/IEC 27001 means that an organization or business has put in
place a system to manage risks related to the security of data owned or handled
by the company, and that the system respects all the best practices and principles
enshrined in this International Standard.
The ISO/IEC 27001 standard provides companies of any size and from all sectors
of activity with guidance for establishing, implementing, maintaining, and
continually improving an information security management system.

The ISO 27001 standard aims to secure people, processes, and

technology via three main guiding principles: confidentiality, integrity,
and availability (commonly referred to as the C-I-A triad) :

1. Confidentiality translates to data and systems that must be protected

against unauthorized access from people, processes, or unauthorized
applications. This involves use of technological controls like multifactor
authentication, security tokens, and data encryption.
Confidentiality means only the right people can access the information held
by the organization.
Risk example: Criminals obtain client login details and sell them on the
Darknet.
2. Integrity means verifying the accuracy, trustworthiness, and completeness
of data. It involves use of processes that ensure data is free of errors and
manipulation, such as ascertaining if only authorized personnel has access
to confidential data.
Information integrity means data that the organization uses to pursue its
business or keep safe for others is reliably stored and not erased or
damaged.
Risk example: A staff member accidentally deletes a row in a file or
database during processing.
3. Availability typically refers to the maintenance and monitoring of
information security management systems (ISMSs). This includes removing
any bottlenecks in security processes, minimizing vulnerabilities by
updating software and hardware to the latest firmware, boosting business
continuity by adding redundancy, and minimizing data loss by adding back-
ups and disaster recovery solutions.
Availability of data means the organization and its clients can access the
information whenever it is necessary so that business purposes and
customer expectations are satisfied.
Risk example: enterprise database goes offline because of server problems
and insufficient backup.
 Benefits of ISO 27001:

 Reduce your vulnerability to the growing threat of cyber-attacks.

 Respond to evolving security risks.
 Ensure that assets such as financial statements, intellectual property,
employee data, and information entrusted by third parties
remain undamaged, confidential, and available as needed.
 Provide a centrally managed framework that secures all information in one
place.
 Prepare people, processes and technology throughout your organization to
face technology-based risks and other threats.
 Secure information in all forms, including paper-based, cloud-based and
digital data.
 Save money by increasing efficiency and reducing expenses for ineffective
defense technology.

The most famous quality certificate in the educational field:

Among all ISO certifications, ISO 9001certification is the system that is widely
implemented in the education industry. The implementation of ISO 9001 can help
the education industry to improve the quality and improve its performance.