公告&动态 第208页

Guidelines for optimizing use of management consultancies just published

From improving processes to boosting profits, management consultancies can make a huge difference to the organizations they work with. Clarity and transparency are the keys to success -for both parties. A new standard just published aims to help.

Offering specialist sector knowledge and experience, it is no wonder more and more organizations are turning to management consultancies. Whether it be bringing a product to market, training staff or advising on an organizational overhaul, management consultancies offer a wide range of services and support. Their use has grown dramatically in recent years as businesses and governments look to improve their performance and processes.

ISO 20700, Guidelines for management consultancy services, draws on research and experience from a wide range of management consultancies worldwide and aims to increase transparency and effectiveness for both client and consultancy.

Robert Bodenstein, Chair of ISO/PC 280, Management Consultancy, the ISO project committee that developed the standard, whose secretariat is held by UNI, ISO’s member for Italy, said that it brings together industry best practice to help make management consultancies more effective.

“Management consultancies can bring valuable expertise to an organization, with their in-depth knowledge and broad experience of an industry, to help clients bring about growth or change more effectively. In this way, they make a strong contribution to the economy,” he said.

“This new standard is aimed at not only helping consultancies work even more effectively and efficiently, but helping with the development of the profession.”

ISO 20700 gives practical guidelines based on outcomes and emphasizes the importance of understanding clients’ needs. It is useful to all management consultancies, regardless of size, and maintains a focus on innovation, differentiation and ethical behaviour. It is also useful for clients in that it helps them better understand what they can expect from a management consultant in a consultancy project.

International standard on occupational health and safety reaches second draft for public comment stage

BSI, the business standards company, has published the second draft of ISO 45001 Occupational health and safety management systems – Requirements.

The yet-to-be launched international standard specifies requirements for an occupational health and safety (OH&S) management system, with guidance for its use, to enable an organization to provide safe and healthy working conditions for the prevention of work-related injury and ill health.

The latest draft is now available on the BSI shop, ahead of the formal commenting period which beings on 19 May. From this date the draft will be accessible, enabling those with an interest to submit comment: http://shop.bsigroup.com/ProductDetail?pid=000000000030358994

Two million people die yearly from work-related incidents and the number of people suffering life altering health conditions caused by their work is exponentially higher. These harrowing figures are in spite of widespread adoption of International Labour Standards, indicating a pressing need for a standard specifically designed to ensure organizations manage the risk and improve their OH&S to protect workers at all levels.

ISO 45001 includes the development and implementation of an OH&S policy and objectives which take into account applicable legal requirements and other requirements to which the organization subscribes.

The international standard will help provide a single, clear framework for organizations of all types and sizes who wish to improve their OH&S performance and protect those working on their behalf or who may be affected by the organization’s activities. This includes any organization beyond that of sole trader – and those organizations working with multiple contractors, multiple sites, volunteers or temporary staff, etc.

Benefits of ISO 45001 include:

A single internationally-agreed standard suitable for all organizations worldwide

Alignment with other key management system standards

Requirements which direct organizations to design a management system uniquely suited to each organization’s occupational health and safety needs

ISO 45001 has been developed using a collaborative, consensus-based approach, taking into account the views of large and small organizations, government bodies, trades unions and worker representative organizations. It will eventually replace OHSAS 18001, an existing standard which sets out the minimum requirements for occupational health and safety management best practice. Although OHSAS 18001 is widely used both in the UK and internationally it is not a full international standard.

Anne Hayes, Head of Governance and Resilience at BSI, oversees the sector which develops health and safety standards.

Anne Hayes, Head of Governance and Resilience at BSI, has engaged with BSI’s core markets regarding ISO 45001. She said: “Occupational health and safety is a serious matter for all businesses worldwide, regardless of their size or sector. BSI is proud to be involved with developing a clear framework for businesses wishing to maintain or improve safety within their workplaces.

“It is important that ISO 45001 works in alignment with other management system standards, such as ISO 9001 and ISO 14001. Therefore the common text and structure in which ISO 45001 is written will ensure these management system standards are broadly aligned."

The international committee which developed ISO 45001 includes experts from over 50 countries and 20 liaison bodies, all with knowledge and practical experience of occupational health and safety issues and the challenges faced. The new standard is based on the core structure and common text developed by ISO for all of its management system standards (MSS), taking into account the requirements of the current OHSAS 18001, other national standards (including those from the US, China and Canada) and the ILO instruments – OH&S guidelines adopted by hundreds of countries across the world.

Publication of the final standard is anticipated towards the end of 2017. 

Sustainable procurement in supply chains addressed by new international standard

BSI, the business standards company, has launched ISO 20400:2017 Sustainable procurement – Guidance. Designed to assist organizations to meet their sustainability responsibilities, ISO 20400 outlines what sustainable procurement is, and how an organization can implement sustainable procurement practically.

The overarching concern of the new international standard is to make the supply chain integral to an organization’s sustainability goals. ISO 20400 outlines in detail the sustainability impacts and considerations that should be incorporated across the different aspects of procurement activity, and is applicable to any organization, either public or private, irrespective of its size or location.

ISO 20400 replaces BS 8903:2010 Principles and framework for procuring sustainably. Guide, and one of the key changes in the new standard is a section dealing specifically with integrating sustainability into the procurement process. It has been updated to take into consideration new concepts such as life cycle analysis, due diligence, complicity and global cost.

With organizations increasingly driven to demonstrate their environmental, social and economic impact, adoption of ISO 20400 is a tangible signal that the organization prioritizes sustainable procurement as integral to its day-to-day operations. Supply chains are a critical consideration for any organization aiming to bolster their environmental credentials, and adopting ISO 20400 would likely boost the reputation of an organization amongst their customers, stakeholders and the wider public.

David Fatscher, Head of Market Development for Sustainability at BSI, said: “As the need for supply chain transparency grows, the global benefits of sustainable procurement are more evident than ever. ISO 20400 has captured best practice from experts from over 40 countries on six continents and delivers a global solution to a global challenge. It has been closely modelled on the existing British standard BS 8903, which should place UK organizations at an advantage in its early adoption.”

Sectors particularly likely to benefit from implementing ISO 20400 include construction; facilities management; hospitality; catering; clothing; food; public procurement; manufacturing; timber; print and paper; and packaging.

Users most likely to benefit from ISO 20400 include senior procurement and purchasing professionals; commercial directors; finance directors; contract, tender and supply managers; supply chain managers; sustainability managers; environment/waste managers; operations managers; and facilities managers.

Importantly, while the standard outlines how an organization can integrate efficient procurement steps into its existing procurement methods, it does not make recommendations for changing the procurement methods themselves. 

As well as experts from over 40 participating countries, ISO 20400 was created with additional input from leading international organizations including the Organization for Economic Co-operation and Development (OECD); United Nations Environment Programme (UNEP); the Sustainable Purchasing Leadership Council (SPLC); Independent International Organization for Certification; and the International Trade Union Confederation (ITUC). 

 -4月20日，产品安全审议委员会对事故预防安全标准修改案进行审议-

□产业通商资源部国家技术标准署（署长郑东熙）于2017年4月20日组织召开产品安全审议委员会会议，邀请与会专家就家具、汽车玻璃清洁液（玻璃水）等产品的安全标准修正案进行审议。

□本次会议中审议的产品，均为去年消费者认为会造成人身危害或易引发事故的产品。为降低此类产品的影响、提高产品的安全系数，国标院召开了本次审议委员会。

○家具方面，去年发生抽屉柜倾倒，对儿童造成伤害的事件出现的频率增高，但韩国国内没有相应标准规定，因此采用了美国的相关标准，对产品进行了安全系数调查并（对有问题的产品）进行了召回。

○玻璃清洁液方面，玻璃水在使用时，其中的甲醇成分可能会进入车厢内部对人体造成伤害，消费者对此表示了忧虑。

□国家技术标准署从消除消费者顾虑的角度出发，从去年下半年开始就安全标准修订问题进行了多次审议，收集有关各方的意见，并公布了立案预告。本次修订的安全标准主要事项如下：

○鉴于儿童有攀爬的可能性，因此要求家具中高度超过762mm的抽屉柜在负重23kg时 ，也不会发生倾倒。

*鉴于儿童有攀爬的可能性，引用美国ASTM规则。

○汽车用玻璃清洁液甲醇含量不能超过0.6%。

○鉴于百叶窗易引发窒息事故，因此百叶窗下端应距地面80cm以上。

*但是，在百叶窗使用固定装置时，百叶窗下端应距地面120cm以上。

Seeking comments on go-karts standard

The Australian Standard AS 3533.4.4, Amusement rides and devices—Specific requirements—Concession go-karts, is now open for a third round of public comment.

 The current draft was developed following further consultation with the go-kart industry and the relevant technical committee ME-051, Amusement Rides and Devices. 

 Following this consultation a new draft of AS 3533.4.4 was developed. Key changes to the draft include:

• Provisions covering crash test protocol are now informative, providing recommendations rather than necessary requirements • Performance requirements are separated from test criteria and test methods

 Public comment ensures that the broader community has an opportunity to review the draft prior to completion. We encourage everyone with an interest to comment on the document. 

 Instructions on how to submit a comment can be found through this link. The closing date for public comment is 19 June 2017. 

You are what you buy – the first International Standard for sustainable procurement just published

Sustainable purchasing can improve supplier relations – and your business. ISO 20400 for sustainable procurement has just been published to help organizations make sustainable purchasing a way of life.

Procurement plays a large role in any organization, large or small. Who an organization buys from has just as big an impact on its performance as what it buys. Ensuring suppliers have sound and ethical practices – across everything from working conditions and risk management to their environmental impact – has the potential to not only make businesses work better, but to improve the lives of everyone in the communities where they are situated.

Sustainable procurement entails making purchasing decisions that meet an organization’s needs in a way that benefits them, society and the environment. It involves ensuring that a company’s suppliers behave ethically, that the products and services purchased are sustainable and that such purchasing decisions help to address social, economic and environmental issues.

ISO 20400, Sustainable procurement – Guidance, is the world’s first International Standard for sustainable procurement and aims to help organizations develop and implement sustainable purchasing practices and policies.

Jacques Schramm, Chair of ISO/PC 277, the project committee that developed the standard, says the benefits of sustainable procurement can be far-reaching. “It is no longer enough for businesses to rely on suppliers to provide them with what they want, no questions asked. Organizations benefit greatly from getting to know their suppliers – understanding what their requirements are as well – to ensure their demands are not unrealistic and that the suppliers they work with have good, ethical practices,” he explains.

“The risks of not understanding and managing practices throughout the whole supply chain are great. At best, poor quality products or ruptures of stock can result. At worst, disasters like the Rana Plaza in Bangladesh in 2013 can happen. Sustainable procurement helps to minimize risks such as these by encouraging buyers and suppliers to work closely together for a better result for all.”

ISO 20400 provides guidelines for integrating sustainability into an organization’s procurement policy strategy and process, defining the principles of sustainable procurement such as accountability, transparency, respect for human rights and ethical behaviour.

ISO tackles loud traffic noise

Anyone living near a busy road will agree that traffic noise is a serious nuisance. According to the World Health Organization (WHO), it can also affect our health and lead to premature death.

Traffic-related noise pollution accounts for over one million healthy years of life lost annually to ill health, disability or early death in the western countries of the European Region, states a WHO report on the subject. But this problem is not limited to Europe as it affects any country with traffic areas and high vehicle usage.   

One of the biggest contributors to this issue is the sound created when a tyre touches the pavement. The worst type of tyre/road interaction occurs at speeds of, or above, 50 km/h. For light vehicles, it starts at speeds as slow as 30 km/h while, for the otherwise quiet electric vehicles, it happens at every speed range.

The United Nations Economic Commission for Europe has issued legal limits to control tyre noise and these are in place in most industrialized countries. However, road surfaces are also an important variable, influencing traffic noise as much as tyres and vehicles do.

A few countries have started to modify road surfaces in areas vulnerable to high noise, but there is still a long way to go. Negotiations are currently underway to legally limit how much noise a road surface should generate, a move that is also backed by vehicle and tyre manufacturers. 

But in order to put these requirements into practice, we need International Standards to uniformly and reliably measure and monitor the influence of road surfaces on traffic noise. ISO published a first standard in 1997, but advances in technology and changing needs have led to the development of a new methodology in ISO 11819-2, Acoustics – Measurement of the influence of road surfaces on traffic noise – Part 2: The close-proximity method.

Ulf Sandberg, Project Leader for the new standard, says that “the new methodology is much more practical and easier to use, especially for long stretches of road”.

This new method led to the development of technical specification ISO/TS 11819-3 on reference tyres. Sandberg explains: “We were developing the new ISO 11819-2 when we realized that we also needed to identify tyres correctly to give reliable and reproducible data, so we created ISO/TS 11819-3.”

However, the ISO committee developing these standards went even further. Recent research has shown that temperature influences noise emission as much as tyres and road surface. A new document, ISO/TS 13471-1, was developed to account for the influence of temperature when measuring tyre/road noise.

“The need to control road noise is getting more and more attention. The European Commission, for example, now requires that member states regularly report traffic noise emission along major roads and that they develop abatement programmes if these are found to be excessive,” says Sandberg. “The three new documents offer a solid toolbox for identifying the contribution of road surfaces to noise pollution.”

Measuring effectiveness of information security

ISO/IEC 27004 explains how to develop, assess and report results of information security metrics

By Claire Marchand

You simply can’t be too careful when it comes to information security. Protecting personal records and commercially sensitive information is critical. But how can you tell that your ISO/IEC 27001 information security management system (ISMS) is making a difference? A new ISO/IEC International Standard can help you out.

information security

ISO/IEC 27004 explains how to develop measurement processes and how to assess and report results of information security metrics

New edition of ISO/IEC 27004

The recently updated ISO/IEC 27004:2016, Information technology – Security techniques – Information security management – Monitoring, measurement, analysis and evaluation, provides guidance on how to assess the performance of ISO/IEC 27001:2013, Information technology — Security techniques — Information security management systems — Requirements. It explains how to develop and operate measurement processes, and how to assess and report the results of a set of information security metrics.

Prof. Edward Humphreys, Convenor of the working group that developed the standard (ISO/IEC JTC 1/SC 27), says: “Cyber-attacks are among the greatest risks an organization can face. This is why the much improved version of ISO/IEC 27004 provides essential and practical support to the many organizations that are implementing ISO/IEC 27001 to protect themselves from the growing diversity of security attacks that business is facing today.”

Insights into effectiveness of ISMS

Security metrics can provide insights regarding the effectiveness of an ISMS and, as such, have taken centre stage. Whether you’re an engineer or consultant responsible for security and reporting to management or an executive who needs better information for decision making, security metrics have become an important vehicle for communicating the state of an organization’s cyber risk posture.

In Prof. Humphreys’ own words, “Organizations need help to address the question of whether the organization’s investment in information security management is effective, fit for purpose to react, defend and respond to the continually changing cyber-risk environment. This is where ISO/IEC 27004 can provide numerous advantages.”

Many benefits

ISO/IEC 27004:2016 shows how to construct an information security measurement programme, how to select what to measure, and how to operate the necessary measurement processes. It includes extensive examples of different types of measures, and how the effectiveness of these measures can be assessed.

Among the many benefits to organizations of using ISO/IEC 27004 are:

Increased accountability

Improved information security performance and ISMS processes

Evidence of meeting requirements of ISO/IEC 27001, as well as applicable laws, rules and regulations

ISO/IEC 27004:2016 replaces the 2009 edition; it has been updated and extended to align with the revised version of ISO/IEC 27001:2013 to provide organizations with greater added value and confidence.

ISO/IEC 27004:2016 was developed by Subcommittee 27: IT security techniques, of ISO/IEC Joint Technical Committee (JTC) 1, Information technology.

Measuring effectiveness of information security

ISO/IEC 27004 explains how to develop, assess and report results of information security metrics

By Claire Marchand

You simply can’t be too careful when it comes to information security. Protecting personal records and commercially sensitive information is critical. But how can you tell that your ISO/IEC 27001 information security management system (ISMS) is making a difference? A new ISO/IEC International Standard can help you out.

information security

ISO/IEC 27004 explains how to develop measurement processes and how to assess and report results of information security metrics

New edition of ISO/IEC 27004

The recently updated ISO/IEC 27004:2016, Information technology – Security techniques – Information security management – Monitoring, measurement, analysis and evaluation, provides guidance on how to assess the performance of ISO/IEC 27001:2013, Information technology — Security techniques — Information security management systems — Requirements. It explains how to develop and operate measurement processes, and how to assess and report the results of a set of information security metrics.

Prof. Edward Humphreys, Convenor of the working group that developed the standard (ISO/IEC JTC 1/SC 27), says: “Cyber-attacks are among the greatest risks an organization can face. This is why the much improved version of ISO/IEC 27004 provides essential and practical support to the many organizations that are implementing ISO/IEC 27001 to protect themselves from the growing diversity of security attacks that business is facing today.”

Insights into effectiveness of ISMS

Security metrics can provide insights regarding the effectiveness of an ISMS and, as such, have taken centre stage. Whether you’re an engineer or consultant responsible for security and reporting to management or an executive who needs better information for decision making, security metrics have become an important vehicle for communicating the state of an organization’s cyber risk posture.

In Prof. Humphreys’ own words, “Organizations need help to address the question of whether the organization’s investment in information security management is effective, fit for purpose to react, defend and respond to the continually changing cyber-risk environment. This is where ISO/IEC 27004 can provide numerous advantages.”

Many benefits

ISO/IEC 27004:2016 shows how to construct an information security measurement programme, how to select what to measure, and how to operate the necessary measurement processes. It includes extensive examples of different types of measures, and how the effectiveness of these measures can be assessed.

Among the many benefits to organizations of using ISO/IEC 27004 are:

Increased accountability

Improved information security performance and ISMS processes

Evidence of meeting requirements of ISO/IEC 27001, as well as applicable laws, rules and regulations

ISO/IEC 27004:2016 replaces the 2009 edition; it has been updated and extended to align with the revised version of ISO/IEC 27001:2013 to provide organizations with greater added value and confidence.

ISO/IEC 27004:2016 was developed by Subcommittee 27: IT security techniques, of ISO/IEC Joint Technical Committee (JTC) 1, Information technology.