Today, more than ever before, it is important to match your services and products to the needs of your customer. As the international business environment becomes increasingly competitive, customers are more and more demanding where quality is concerned. The adoption of QMS therefore should be a strategic decision by an organization to ensure Delivery of service and/or product that meets customer requirements.
Applies to the processes that create and control the products and services an organization supplies
Prescribes systematic control of activities to ensure that the needs and expectations of customers are met
Is designed and intended to apply to virtually any product or service, made by any process anywhere in the world
Below are some of the benefits that are enjoyed by companies implementing QMS:
ISO 22000:2018 defines what an Operator must do to demonstrate her ability to control food safety hazards and ensure that food, feed or related products are safe for consumption or use. The purpose of ISO 22000:2018 is to empower an Operator to develop a robust Food Safety Management System (FSMS) that drives continuous improvement of all processes with an impact on the safety of end-products.
It specifies requirements for a FSMS to enable an organization that is directly or indirectly involved in the food chain:
When to transit
Due to the changes ISO 22000:2005, the standard will expire in June 2021. We advise our clients to make the transition to ISO 22000:2018 before June 29, 2021 in order to remain certified.
If already certified to ISO 22000, an Operator can make a smooth transition to FSSC 22000 to gain GFSI recognition. Transition to FSSC 22000 can be made by implementing the PRP standard relevant to your industry and the additional requirements set by FSSC.
Kenya Bureau of Standards (KEBS), the National Standards Body of Kenya has been providing service to the Kenyan industry for more than five decades by way of formulation of national standards and operation of product certification scheme.
KEBS launched Environmental Management Systems (EMS) Certification as per IS/ISO 14000 Series of Standards in the wake of increasing public awareness about the environment which has become an important factor in the decision making process of the organizations These standards are adoption of and identical to the internationally accepted ISO 14000 Series of Standards on Environmental Management Systems.
This Scheme envisages grant of Environmental Management Systems Certification License to organizations according to IS/ISO 14001, which is identical with ISO 14001:2004.
Information security management system information
Kenya Bureau of Standards Certification Body (KEBSCB) offers Certification Services on ISO/IEC 27001 Standards- Information Security, Cyber Security, and Privacy Protection Information Security Management Systems among others.
The ISO/IEC 27001 standard provides organizations with a framework for designing, implementing, maintaining, and auditing Information Security Management Systems. It helps organizations in safeguarding the confidentiality, integrity, and availability of their information and information assets, while also ensuring business continuity.
Currently, KEBSCB offers certification services based on the new standard ISO/IEC 27001:2022. Furthermore, it assists organizations previously certified under old standard (ISO/IEC 27001:2013) to transition, either during recertification or surveillance phases of the certification cycle.
ISO/IEC 27001:2022 standard is designed to assist organizations to identify, assess, and mitigate risks associated with loss of confidentiality, integrity, and availability of information including cyber security and privacy protection issues. Annex A of this standard suggests some key controls that can address information security-related risks touching on the organization, people, technology, and physical infrastructure of the organization.
Why adopt an Information Security Management System Standard?
Adopting an Information Security Management System (ISMS) based on the ISO/IEC 27001 standard provides numerous compelling benefits, including the following:
Implementing an ISMS standard helps organizations strengthen their information security posture by providing a structured framework for identifying, assessing, and mitigating information security risks. This can reduce the likelihood and impact of security incidents.
ISO/IEC 27001:2022 standard is built on a risk-based approach, facilitating organizations in systematically identifying, assessing, and prioritizing information security risks for treatment. This ensures a more efficient allocation of resources to tackle the most critical vulnerabilities and threats in alignment with the organization’s risk appetite.
Numerous industries and jurisdictions enforce specific regulations and legal obligations concerning information security, such as the Data Protection Act 2019, the Computer Misuse and Cyber Act 2018, and Access to Information Act 2016. Implementing an ISMS standard enables organizations to align with these requirements, thereby mitigating the risk of non-compliance and associated penalties.
Demonstrating commitment to information security through ISMS standards can bolster customer trust and confidence. It assures customers that their sensitive information is being handled with diligence and security.
In certain industries, possessing ISO/IEC 27001 certification or compliance with other ISMS standards can confer a competitive advantage. It can enhance an organization’s appeal to clients, partners, and stakeholders who prioritize the security of information and related assets.
ISMS standards provide guidelines for incident response and management, aiding organizations in formulating effective strategies for detecting, responding to, and recovering from information security incidents.
Through proactive identification and mitigation of security risks, organizations can potentially evade costly security breaches, downtime, and data loss. Prevention of incidents is frequently more cost-effective than managing the aftermath.
Efficient information security management plays a pivotal role in ensuring business continuity by mitigating the impact of disruptions stemming from security incidents. This enables organizations to sustain operations even amidst security challenges.
ISO/IEC 27001 and comparable standards are progressively demanded by customers from their suppliers and vendors. Conformance to these standards can foster more seamless business relationships and partnerships, addressing information security concerns in supplier relations.
ISO/IEC 27001 is a globally recognized standard. Obtaining certification can serve as a valuable credential for organizations with global operations.
FAQs;
Ans. – An organization must have established and implemented ISMS based on ISO/IEC 27001:2022 standard.
Ans.
Based on stage 2 audit recommendations, a certification decision process is undertaken to certify a client on ISMS for 3 years.
Q- What are the factors to consider when determining the certification cost?
Ans.
The cost varies depending on several factors:
Ans. The certification body shall sign a certification contract with the client for three years.
Ans. Kenya Bureau of Standards under the National Quality Institute (NQI) offers training services for various management systems such as ISO/IEC 27001:2022, ISO 9001:2015, ISO 22301:2019, etc.
For more information contact NQI via nqi@kebs.org or refer training calendar on the KEBS website https://www.kebs.org/training-calendar-2/
Ans. Please access the transition guide through this link https://www.kebs.org/wp-content/uploads/2023/12/Transition-Guide-IEC-27001-Issue-1.pdf
Contacts Information.
Tel: +254 (20) 694 8000 or 6005550 or +254 (20) 6948263
Email: certification@kebs.org or kimutaid@kebs.org
FSSC 22000 is based on the widely recognized Food Management System Standard ISO 22000, the industry relevant Pre-Requisite Program (PRP) and FSSC defined additional requirements (which includes food defense, food fraud prevention and allergen management among others).
The Scheme is owned by an independent non-profit organization and it is GFSI benchmarked. KEBS CB is licensed to offer FSSC 22000 certification for both food manufacturing and food packaging sectors
FSSC published version 5.1 of FSSC 22000 on 20 November 2020. The main reasons for publishing a revised version included:
The standard method for conducting FSSC 22000 audits is either through full on-site audits as described in Part 3 of the Scheme or partial on-site audits using the ICT Audit Approach as described in Annex 9, both of which are GFSI recognized options.
The FSSC 22000 full remote option is an accredited, non-GFSI recognized, voluntary option that can only be utilized where access to the premises of the certified organization is not possible as a direct result of a serious event (refer Appendix 1 of the Scheme), supported by a risk assessment. Mutual agreement between the CB and the certified organization is required prior to conducting the full remote audit.
A full remote audit is defined as an audit that takes place entirely at a location other than that of the certified organization through the use of ICT.
Good Manufacturing Practices are procedures and best practices undertaken to remove, reduce and control physical, chemical and biological hazards in the processing setting. The practices are important enrichment to an Operators’ food safety management system, increasing customers’ confidence in your commitment to producing and trading in safe products. GMP can form a foundation upon which Operators could develop and implement other food safety systems such as HACCP and ISO 22000. GMP certification ensures the integrity of an Operators food manufacturing processes as well as compliance with food safety regulations.
We also offer hygiene certification for food establishments and restaurants based on KS 2573. This certification helps hotels, restaurants and catering establishments to implement and operate a food safety scheme based on good hygiene practices to ensure they offer safe food to their customers at all times. Certification to this scheme basically helps such establishments demonstrate commitment offer safe products to their customers.
The purpose of an OH&S management system is to provide a framework for managing OH&S risks. The intended outcomes of the OH&S management system are to prevent work-related injury and ill health to workers and to provide safe and healthy workplaces; consequently, it is critically important for the organization to eliminate hazards and minimize OH&S risks by taking effective preventive and protective measures. When these measures are applied by the organization through its OH&S management system, they improve its OH&S performance. An OH&S management system can be more effective and efficient when taking early action to address opportunities for improvement of OH&S performance.
Implementing an OH&S management system conforming to this document enables an organization to manage its OH&S risks and improve its OH&S performance. An OH&S management system can assist an organization to fulfil its legal requirements and other requirements.
ISO 45001:2018 ADDRESSES THE FOLLOWING KEY AREAS:
Other Certification Schemes Offered Include :