New anti-bribery standard addresses growing global concern over bribery in organizations

Public and private sector organizations of all sizes set to benefit from internationally recognized anti-bribery standard

BSI, the business standards company, has launched BS ISO 37001, Anti-bribery management systems: requirements with guidance for use, a standard to aid the prevention and detection of bribery in organizations.

BS ISO 37001 assists organizations with turning the legal requirements of the 2010 UK Bribery Act into practical measures, by providing guidance on how to put the right controls in place. The standard sets out the requirements for an organization or business looking to set up a management system to prevent and detect bribery within an organization – and how to confront bribery should it arise. 

Managing the risks posed by bribery is high on the agenda of many organizations globally. BS ISO 37001 covers the many forms of bribery which can damage an organization, including bribery of individual personnel; bribery of the organization by another party; bribery by the organization itself; and indirect bribery from a third party.

The standard provides a system for organizations to use to avoid funds being misappropriated, and safeguards against projects being undermined and not carried out with due diligence. Critically, BS ISO 37001 sets out how to maintain an effective anti-bribery system once it is in place, and reviewing and improving these safeguards periodically.

The relevance of the standard for different areas of the workplace is far-reaching. BS ISO 37001 will benefit senior leadership within an organization responsible for compliance, legal and governance issues, as well as employees who work in risk and financial management. Human Resources managers and corporate secretaries are also cited as key beneficiaries of the security afforded by the standard. 

Anne Hayes, Head of Market Development for Governance and Resilience at BSI, said: “In a 24 hours news cycle, any association with bribery can be fatal for the reputation of an organization. It’s critical for public and private sector organizations to be seen to have a strong system of leadership in place to weed out corruption, root and branch.

“BS ISO 37001 is a tangible way for organizations of all sizes to demonstrate to their employees, suppliers and the public at large that they are managed with integrity and have the necessary safeguards in place to tackle bribery if it arises.” 

Should an organization fall foul of a bribery scandal by a rogue employee, BS ISO 37001 can be used to demonstrate to clients and contractors that the organization is committed to a comprehensive anti-bribery policy.

The standard follows Annex SL, and was designed to align with other management systems including ISO 9001 (quality), ISO 14001 (environment) and ISO 26000 (sustainability).

Experts from over forty countries were involved in designing this standard. The forerunner to this standard, BS 10500, received coveted support in 2011 from the prestigious Anti-Corruption Standing Committee of the World Federation of Engineering Organizations, an umbrella group which represent over 15 million engineers from over 90 nations. 

New European Standard for Osteopathy Services    

CEN has adopted and issued a European Standard on Osteopathic Healthcare Provision, which has been developed in partnership with the European Federation of Osteopaths (EFO) and the Forum for Osteopathic Regulation in Europe (FORE). This new standard sets a benchmark for high quality clinical practice, education, safety and ethics.

The European Standard on Osteopathic Healthcare Provision (EN 16686) was developed by CEN’s Project Committee on 'Services for Osteopaths' (CEN/TC 414), which included healthcare professionals from more than 10 European countries. This Project Committee was set up in 2011 by CEN in partnership with the European Federation of Osteopaths (EFO) and the Forum for Osteopathic Regulation in Europe (FORE). The secretariat was provided by CEN’s member in Austria (Austrian Standards).

EN 16686 specifies requirements and recommendations regarding the healthcare provision, facilities and equipment, education, and ethical framework for the practice of osteopathy. When correctly applied, the new European Standard will help osteopaths to ensure that they provide a safe environment for patients and high quality treatment. The standard was made available by CEN in July 2015, and has since been published by CEN’s national members in 33 European countries.

Professional osteopath treating a patient [© Norsk Osteopat Forbund]

Osteopathy is a primary contact and patient-centred healthcare discipline, that emphasises the interrelationship of structure and function of the body, facilitates the body’s innate ability to heal itself, and supports a whole-person approach to all aspects of health and healthy development, principally by the practice of manual treatment. Osteopathy is a distinct healthcare profession, with osteopaths providing their services all over Europe.

The new European Standard should contribute to raising awareness and understanding of osteopathic practice throughout Europe, bringing benefits to osteopaths and their patients. EN 16686 is expected to be especially valuable in countries where there are no specific regulations regarding the provision of osteopathic healthcare services.

Jonathan Bailey-Teyletche, President of the EFO and Chairman of CEN/TC 414, says: "The European Standard on Osteopathic Healthcare Provision provides a benchmark for the level of training that an osteopath should undertake as well as the level of healthcare that should be provided to osteopathic patients throughout Europe. The Standard requires osteopaths to complete relevant education and training to a specified level, as well as following continuing professional development. In addition, the European Standard sets out that scientific rigour and evidence-informed practice are an important part of an osteopath’s approach to patient treatment and case management."  

For more information about CEN activities in relation to services, please 

New European Standard for Osteopathy Services    

CEN has adopted and issued a European Standard on Osteopathic Healthcare Provision, which has been developed in partnership with the European Federation of Osteopaths (EFO) and the Forum for Osteopathic Regulation in Europe (FORE). This new standard sets a benchmark for high quality clinical practice, education, safety and ethics.

The European Standard on Osteopathic Healthcare Provision (EN 16686) was developed by CEN’s Project Committee on 'Services for Osteopaths' (CEN/TC 414), which included healthcare professionals from more than 10 European countries. This Project Committee was set up in 2011 by CEN in partnership with the European Federation of Osteopaths (EFO) and the Forum for Osteopathic Regulation in Europe (FORE). The secretariat was provided by CEN’s member in Austria (Austrian Standards).

EN 16686 specifies requirements and recommendations regarding the healthcare provision, facilities and equipment, education, and ethical framework for the practice of osteopathy. When correctly applied, the new European Standard will help osteopaths to ensure that they provide a safe environment for patients and high quality treatment. The standard was made available by CEN in July 2015, and has since been published by CEN’s national members in 33 European countries.

Professional osteopath treating a patient [© Norsk Osteopat Forbund]

Osteopathy is a primary contact and patient-centred healthcare discipline, that emphasises the interrelationship of structure and function of the body, facilitates the body’s innate ability to heal itself, and supports a whole-person approach to all aspects of health and healthy development, principally by the practice of manual treatment. Osteopathy is a distinct healthcare profession, with osteopaths providing their services all over Europe.

The new European Standard should contribute to raising awareness and understanding of osteopathic practice throughout Europe, bringing benefits to osteopaths and their patients. EN 16686 is expected to be especially valuable in countries where there are no specific regulations regarding the provision of osteopathic healthcare services.

Jonathan Bailey-Teyletche, President of the EFO and Chairman of CEN/TC 414, says: "The European Standard on Osteopathic Healthcare Provision provides a benchmark for the level of training that an osteopath should undertake as well as the level of healthcare that should be provided to osteopathic patients throughout Europe. The Standard requires osteopaths to complete relevant education and training to a specified level, as well as following continuing professional development. In addition, the European Standard sets out that scientific rigour and evidence-informed practice are an important part of an osteopath’s approach to patient treatment and case management."  

For more information about CEN activities in relation to services, please 

Consumers filling their tanks with the right fuel thanks to new EN!

CEN has approved a new European Standard providing harmonized graphic symbols for liquid and gaseous fuels. The standard EN 16942, which will be published by all CEN members by end of April 2017, was developed following a request from the European Commission in 2015.  This EN will provide consumers, inside and outside their countries,  with information on the compatibility between their vehicles and the fuels available in filling stations as established in Article 7 of the Directive 2014/94/EU "on the deployment of alternative fuels infrastructure".

The growing diversity of fuels available on the market indicated an increasing need to provide the rising number of vehicle users with clear and straightforward information on liquid and gaseous fuels sold at filling stations and on which fuel is suitable for their vehicles. 

Article 7 of the Directive recognises this need and requires the Member States to ensure that relevant, consistent and clear information is provided to consumers on the compatibility of their vehicles with the fuels placed on the market. According to the Directive, when available, this information should be based on the provisions of existing European Standards.

EN 16942 ‘Fuels – Identification of vehicle compatibility – Graphical expression for consumer information’ will support the implementation of Article 7 of the Directive. It specifies a graphical symbol placed on both the refuelling point and the vehicle. The standard stipulates the size, shape, colour and the location where the symbol needs to be placed on the refuelling points and on the vehicle.

 “The development of EN 16942 highlights the strength of the Public Private Partnership with the production of a consensus based standard as a timely response to market needs for the benefit of both businesses and consumers.” Elena Santiago Cid, Director General CEN and CENELEC

The standard has been developed by the CEN Technical Committee 441 ‘Fuel labelling’, of which the secretariat is provided by the Dutch Standardization Institute (NEN), in cooperation with the Commission services and stakeholders. The acceptance of EN 16942 demonstrates the effective cooperation between fuel producers, vehicle manufacturers, filling-station equipment manufacturers, public authorities, consumer representatives and other European stakeholders in reaching a consensus on the standard in just over a year.

Consumers filling their tanks with the right fuel thanks to new EN!

CEN has approved a new European Standard providing harmonized graphic symbols for liquid and gaseous fuels. The standard EN 16942, which will be published by all CEN members by end of April 2017, was developed following a request from the European Commission in 2015.  This EN will provide consumers, inside and outside their countries,  with information on the compatibility between their vehicles and the fuels available in filling stations as established in Article 7 of the Directive 2014/94/EU "on the deployment of alternative fuels infrastructure".

The growing diversity of fuels available on the market indicated an increasing need to provide the rising number of vehicle users with clear and straightforward information on liquid and gaseous fuels sold at filling stations and on which fuel is suitable for their vehicles. 

Article 7 of the Directive recognises this need and requires the Member States to ensure that relevant, consistent and clear information is provided to consumers on the compatibility of their vehicles with the fuels placed on the market. According to the Directive, when available, this information should be based on the provisions of existing European Standards.

EN 16942 ‘Fuels – Identification of vehicle compatibility – Graphical expression for consumer information’ will support the implementation of Article 7 of the Directive. It specifies a graphical symbol placed on both the refuelling point and the vehicle. The standard stipulates the size, shape, colour and the location where the symbol needs to be placed on the refuelling points and on the vehicle.

 “The development of EN 16942 highlights the strength of the Public Private Partnership with the production of a consensus based standard as a timely response to market needs for the benefit of both businesses and consumers.” Elena Santiago Cid, Director General CEN and CENELEC

The standard has been developed by the CEN Technical Committee 441 ‘Fuel labelling’, of which the secretariat is provided by the Dutch Standardization Institute (NEN), in cooperation with the Commission services and stakeholders. The acceptance of EN 16942 demonstrates the effective cooperation between fuel producers, vehicle manufacturers, filling-station equipment manufacturers, public authorities, consumer representatives and other European stakeholders in reaching a consensus on the standard in just over a year.

First wind turbine certificate issued to Vestas

Geneva, Switzerland, 2016-10-31 – Monday, the first wind turbine certificate has been issued by the IECRE, the IEC System for Certification to Standards Relating to Equipment for Use in Renewable Energy Applications.

Developed by industry players, including equipment manufacturers, power producers, insurance companies, test laboratories and certifying bodies, the System streamlines a complex process and benefits not only the wind, but other renewable energy industries such as solar and marine.

“The IECRE System for certifying wind turbines harmonizes the process and makes it less costly, so that one certificate is valid for multiple markets. It’s what the whole wind community has been waiting for. Based on mutual recognition, all stakeholders will have confidence and trust that devices are built to International Standards and perform as promised”, said Kerry McManama – Executive Secretary of the IECRE Conformity Assessment System.

IECRE certificates are valued in many of the world’s largest wind power markets, including China, Germany and other European countries, the United States, and elsewhere.

Simplifying a complex process

Previously, wind turbines had to be certified in each country by private certification bodies, according to different criteria. This was more costly, time consuming and required repeat testing. It also took much longer to get product to market. Additionally, the IECRE System provides a common language for a very technical product, which gives greater clarity to standards developers, product manufacturers, authorities and users, as to what is being certified. The IECRE also enables broader industry stakeholder participation in defining the certification process, which guarantees the certificates will meet the needs of the broader industry.

The first certificate was issued to Vestas, a wind power solutions company, which designs, manufactures, installs, and services wind turbines around the world. Anders Vedel, Vegas Chief Technology Officer commented, “What is unique about the IECRE System is that end-users, mainly our customers, together with equipment manufacturers and other stakeholders have substantially contributed to defining the new standards against which wind turbines are evaluated. Vestas began work in 2012 with other stakeholder to create such a System, so we are especially pleased that the first certificate has been issued for a Vestas turbine”.

From the Certification Body testing lab perspective, DNV GL as one of the first approved Renewable Energy Certification Bodies (RECBs), was instrumental in both the development of the IECRE and the certification body that issued the first IECRE Certificate to Vestas. See thecertificate.

About the IECRE

IECRE has been created in recognition that the ever-increasing demand for electricity and the need to reduce the share of fossil fuels in power generation have led to rapid development and growth of the renewable energy (RE) sector.

The System aims to facilitate international trade in equipment and services for use in RE in the Solar PV Energy, Wind Energy and Marine Energy sectors, while maintaining the required level of safety. Each of these sectors will be able to operate IECRE Schemes that cover products, services and personnel, to provide testing, inspection and certification.

Currently IECRE focuses on these three energy sectors; however, the door remains open for consideration of other technologies such as concentrated solar power (CSP), geothermal energy and fuel cells.

First wind turbine certificate issued to Vestas

Geneva, Switzerland, 2016-10-31 – Monday, the first wind turbine certificate has been issued by the IECRE, the IEC System for Certification to Standards Relating to Equipment for Use in Renewable Energy Applications.

Developed by industry players, including equipment manufacturers, power producers, insurance companies, test laboratories and certifying bodies, the System streamlines a complex process and benefits not only the wind, but other renewable energy industries such as solar and marine.

“The IECRE System for certifying wind turbines harmonizes the process and makes it less costly, so that one certificate is valid for multiple markets. It’s what the whole wind community has been waiting for. Based on mutual recognition, all stakeholders will have confidence and trust that devices are built to International Standards and perform as promised”, said Kerry McManama – Executive Secretary of the IECRE Conformity Assessment System.

IECRE certificates are valued in many of the world’s largest wind power markets, including China, Germany and other European countries, the United States, and elsewhere.

Simplifying a complex process

Previously, wind turbines had to be certified in each country by private certification bodies, according to different criteria. This was more costly, time consuming and required repeat testing. It also took much longer to get product to market. Additionally, the IECRE System provides a common language for a very technical product, which gives greater clarity to standards developers, product manufacturers, authorities and users, as to what is being certified. The IECRE also enables broader industry stakeholder participation in defining the certification process, which guarantees the certificates will meet the needs of the broader industry.

The first certificate was issued to Vestas, a wind power solutions company, which designs, manufactures, installs, and services wind turbines around the world. Anders Vedel, Vegas Chief Technology Officer commented, “What is unique about the IECRE System is that end-users, mainly our customers, together with equipment manufacturers and other stakeholders have substantially contributed to defining the new standards against which wind turbines are evaluated. Vestas began work in 2012 with other stakeholder to create such a System, so we are especially pleased that the first certificate has been issued for a Vestas turbine”.

From the Certification Body testing lab perspective, DNV GL as one of the first approved Renewable Energy Certification Bodies (RECBs), was instrumental in both the development of the IECRE and the certification body that issued the first IECRE Certificate to Vestas. See thecertificate.

About the IECRE

IECRE has been created in recognition that the ever-increasing demand for electricity and the need to reduce the share of fossil fuels in power generation have led to rapid development and growth of the renewable energy (RE) sector.

The System aims to facilitate international trade in equipment and services for use in RE in the Solar PV Energy, Wind Energy and Marine Energy sectors, while maintaining the required level of safety. Each of these sectors will be able to operate IECRE Schemes that cover products, services and personnel, to provide testing, inspection and certification.

Currently IECRE focuses on these three energy sectors; however, the door remains open for consideration of other technologies such as concentrated solar power (CSP), geothermal energy and fuel cells.

Security toolbox protects organizations from cyber-attacks

Geneva, Switzerland, 2015-12-17 – Cyber-attacks are among the greatest risks an organization can face. Having standards and systems in place to keep information safe has therefore never been more important than in today’s digital world. This is why the ISO/IEC 27000 series on security techniques for information technology has been updated to provide organizations with that added value and confidence.

In a global survey conducted by ISACA in 129 countries, only 38 % of respondents felt they were prepared for a cyber-attack – even though 83 % believed these are among the top three threats facing organizations today. With so much personal and sensitive information being handled electronically, there is a lot at stake if it were to be compromised.

Prof. Edward Humphreys, convenor of ISO/IEC Joint Technical Committee (JTC) 1 SC 27: IT security techniques, WG 1: Information security management systems (ISMS), emphasizes, “To ensure security in today’s digital landscape, all organizations, irrespective of size, should put in place a management framework as a starting point to manage cyber risks. ISO/IEC 27001 was designed to help organizations do just that. The Standard is the world’s ‘common language’ when it comes to assessing, treating and managing information-related risks.”

Below are the latest revisions and additions to the ISO/IEC 27000 series – all published in 2015 – which form part of the ISO/IEC 27001 “cyber risk toolbox”, to help keep these risks in check.

Protecting information in the cloud (ISO/IEC 27017)

A new code of practice for information security controls for cloud services, ISO/IEC 27017, has just been published. The cloud is one of the most widely used innovations in today’s fast-paced world of commerce and business. As the service gains currency, users are demanding assurances that data stored and processed in the cloud is safe. Because of its very nature, the marketplace for cloud services is global, with providers dispersed across wide geographical areas, and data is routinely transferred across national boundaries. International guidance is therefore key.

According to Satoru Yamasaki, one of editors who worked on the Standard, “ISO/IEC 27017 will help service providers come to a common understanding with their customers regarding adequate security controls and their implementation guidance. This International Standard for cloud security controls will facilitate the development and expansion of secure cloud computing systems.”

The new guidelines are the result of a joint initiative by the world’s main developers of International Standards – IEC, ISO, and ITU – to guarantee maximum outreach.

Integrated solutions for services (ISO/IEC 27013)

More organizations are choosing to combine an information security management system (ISO/IEC 27001) with a service management system (ISO/IEC 20000-1). An integrated system means an organization can efficiently manage the quality of its services, handle customer feedback and solve problems, while keeping information safe. ISO/IEC 27013 offers a systematic approach to facilitate the integration of an information security management system with a service management system, which results in lower implementation costs and avoids duplication efforts as only one audit, instead of two, is needed when seeking certification.

Inter-sector and inter-organizational communications (ISO/IEC 27010)

When an organization shares information with another organization, how can they be sure that their data will be kept safe? ISO/IEC 27010 is a sector-specific addition to the ISO/IEC 27000 toolbox, which guides the initiation, implementation, maintenance and improvement of information security in inter-organizational and inter-sector communications. It includes general principles on how to meet these requirements using established messaging and other technical methods. The Standard is expected to encourage the growth of global information-sharing communities.

As Dr. Mike Nash, an editor of ISO/IEC 27010, explains, “ISO/IEC 27010 basically customizes and applies ISO/IEC 27001 and ISO/IEC 27002 to communication between organizations. Having the Standard in place gives an organization confidence that the information it has shared with another organization will not be inadvertently disclosed.”

The Standard is particularly relevant for the protection of critical national infrastructure, where exchanging sensitive information securely is of utmost importance. It is also widely used by security incident response teams.

Detecting and preventing cyber-attacks (ISO/IEC 27039)

How can organizations detect and prevent cyber intrusions to their networks, systems and applications? Best practice shows that they have to be able to know when, if and how an intrusion into their network, system or application occurs. They should also be ready to identify what vulnerability was exploited and what controls should be implemented to prevent similar intrusions from taking place in the future. One way to do this is through an Intrusion Detection and Prevention Systems (IDPS).

ISO/IEC 27039 gives guidelines to prepare and deploy an IDPS, covering such crucial aspects as selection, deployment and operation. The Standard is particularly useful in today’s market where there are many commercially available and open-source IDPS products and services based on different technologies and approaches. ISO/IEC 27039 will guide organizations throughout the process.

Audit and certification (ISO/IEC 27006)

More and more organizations are turning to third-party certification audits to demonstrate that they have in place a solid information security management system (ISMS) that conforms to the requirements of ISO/IEC 27001. ISO/IEC 27006 gives the requirements that certification and registration bodies need to meet to be accredited, so they can offer ISO/IEC 27001 certification services.

“ISO/IEC 27006 is an accreditation benchmark for certification bodies that offer ISO/IEC 27001 services,” explains Prof. Humphreys, adding, “This is important because accreditation of certification bodies provides added confidence in the audit process and credibility in the certificate they award.”

About JTC1 ISO/IEC

JTC 1 is the Joint Technical Committee of IEC and ISO for International Information Technology Standards. Created in 1987, JTC 1 currently has 20 Subcommittees, one Study Group and three Working Groups. It has published more than 2800 International Standards. JTC 1 is a consensus-based, globally relevant, voluntary International Standards group. Since 1987, it has brought about a number of very successful and relevant information and communication technologies (ICT) International Standards in many fields: IC cards (smart cards), automatic identification and data capture (AIDC) technologies, information security, biometrics, cloud computing, multimedia (MPEG), database query and programming languages as well as character sets, to name just a few.