International ISO and OHSAS standards include requirements and/or recommendations for proper and effective work. These requirements or recommendations are created based on studies of the most successful global companies. According to the requirements, the organization/company implementing such standards will develop relevant activity management systems.
Basically these are a set of written rules, compliance with which ensures consistency of activities performed in any company and relating to the production of goods or services.
ISO Standard (International Organization for Standardization)
- ISO 9001:2000(since 2016 ISO 9001:2015) is an international standard setting specific requirements to the management systems, whereas an organization should demonstrate its ability to continuously provide a service or a product meeting all legal requirements and satisfying customers.
The standard is a worldwide federation of national standardization bodies from different countries. The requirements of the ISO 9000 family are the result of an international consensus on good management practice. Their goal is an organization demonstrating readiness for delivering products/services that consistently meet customer requirements in terms of quality.
This practice is summarized in a quality management system (QMS), regardless of what the specific company produces, how big it is and who its owner is.
The system standardizes customer requirements in terms of quality management and enables monitoring whether manufacturers comply with these requirements.
Essentially QMS is a set of written rules, compliance with which ensures consistency of activities performed in any company and relating to the production of goods or services.
SOT EOOD was assessed and ISO 9001:2000 certified in 2004 and is the first security company in the country having this standard. The company was subsequently recertified under the ISO 9001:2015 version.
ISO/IEC 27001:2005/2013 Standard
(Information technology – Security techniques – Information security management systems – Requirements) ISMS
This International Standard is designed to ensure information security within the organization. Information security is achieved through specialized management systems. They are part of the general management system of the organization and include requirements for any development, implementation, use, monitoring, review, maintenance, and improvement procedures of the information security management systems (ISMS).
Information security means providing, maintaining and developing at least the flowing three quality characteristics of information services and processing:
- Confidentiality: a characteristic feature enabling to make information inaccessible and not to disclosed it to unauthorized persons, entities or processes.
- Integrity: a characteristic feature enabling to achieve, ensure, protect and safeguard the accuracy and completeness of assets.
- Availability: the characteristic feature of information to be accessible and able to be used when needed by an authorized body or person.
Information is an asset which, like other important business assets, adds value to the organization activity and, therefore, should be protected.
NOTE: “Information” shall mean the diversity of forms and carriers in which it exists, i.e. hard copies, on technical devices, sent by mail (regular or electronic), texts, diagrams, tables, charts, photographs, videos, transmitted/received by telephone or in a direct conversation, and other forms and carriers.
In general, this information covers people, processes and IT systems.
Like any other standardized management system, ISMS includes elements, such as organizational structure, policies, planning activities, responsibilities and powers, processes, procedures and resources. It is focused on ensuring confidentiality and integrity of information assets of the organization, managing reliable access to them and optimizing their storage resources.
Protection of information becomes a critical factor for the status of organizations. An organization can collapse quickly due to poor overall management or low quality of products and services. In case of information security breakthrough, even the best organization having perfect management can be ruined only for a day.
ISMS covers the main aspects in the management of any organization. It identifies all vulnerable points, potential threats and expected consequences in case of information security breakthroughs. It also selects the respective defenses, generally in separate groups, according to the type of threat to be counteracted.
SOT EOOD was assessed and ISO/IEC 27001:2005 (2013) certified in 2014.
Certification of SOT EOOD under those three standards was implemented by SGS Bulgaria EOOD, a subsidiary of SGS S.A., Geneva/Switzerland. With over 39,000 employees, 1,000 offices and laboratories in 150 countries, SGS is the world leader in the control and certification of goods and services. Founded in 1878, SGS is recognized as the benchmark for quality and integrity.
The Quality, Occupational Health and Safety Management System (QOHSMS) and the Information Safety Management System (ISMS) developed in SOT EOOD and combined in an Integrated Management System (IMS) set out the rules for operation by summarizing legal and regulatory framework and internal rules and regulations in written procedures and mandatory rules for operation management.
The annual audits by the certification organization, SGS, confirm that QOHSMS and ISMS comply with the requirements of ISO 9001, OHSAS 18001, and ISO 27001, and are effectively implemented in the company’s operations. They are developed in accordance with the standards in order to achieve the policy and objectives of the organization.
The processes are identified, the objectives and duties of the respective operations and structural units/departments are determined.