International ISO standards include requirements and/or recommendations for proper and effective work. These requirements or recommendations are created based on studies of the most successful global companies. According to the requirements, the organization/company implementing such standards will develop relevant activity management systems.
Basically these are a set of written rules, compliance with which ensures consistency of activities performed in any company and relating to the production of goods or services.
ISO Standard (International Organization for Standardization)
- ISO 9001:2000(since 2016 ISO 9001:2015) is an international standard setting specific requirements to the management systems, whereas an organization should demonstrate its ability to continuously provide a service or a product meeting all legal requirements and satisfying customers.
The standard is a worldwide federation of national standardization bodies from different countries. The requirements of the ISO 9000 family are the result of an international consensus on good management practice. Their goal is an organization demonstrating readiness for delivering products/services that consistently meet customer requirements in terms of quality.
This practice is summarized in a quality management system (QMS), regardless of what the specific company produces, how big it is and who its owner is.
The system standardizes customer requirements in terms of quality management and enables monitoring whether manufacturers comply with these requirements.
Essentially QMS is a set of written rules, compliance with which ensures consistency of activities performed in any company and relating to the production of goods or services.
SOT EOOD was assessed and ISO 9001:2000 certified in 2004 and is the first security company in the country having this standard. The company was subsequently recertified under the ISO 9001:2015 version.
ISO/IEC 27001:2005/2017 Standard
(Information technology – Security techniques – Information security management systems – Requirements) ISMS
This International Standard is designed to ensure information security within the organization. Information security is achieved through specialized management systems. They are part of the general management system of the organization and include requirements for any development, implementation, use, monitoring, review, maintenance, and improvement procedures of the information security management systems (ISMS).
Information security means providing, maintaining and developing at least the flowing three quality characteristics of information services and processing:
- Confidentiality: a characteristic feature enabling to make information inaccessible and not to disclosed it to unauthorized persons, entities or processes.
- Integrity: a characteristic feature enabling to achieve, ensure, protect and safeguard the accuracy and completeness of assets.
- Availability: the characteristic feature of information to be accessible and able to be used when needed by an authorized body or person.
Information is an asset which, like other important business assets, adds value to the organization activity and, therefore, should be protected.
NOTE: “Information” shall mean the diversity of forms and carriers in which it exists, i.e. hard copies, on technical devices, sent by mail (regular or electronic), texts, diagrams, tables, charts, photographs, videos, transmitted/received by telephone or in a direct conversation, and other forms and carriers.
In general, this information covers people, processes and IT systems.
Like any other standardized management system, ISMS includes elements, such as organizational structure, policies, planning activities, responsibilities and powers, processes, procedures and resources. It is focused on ensuring confidentiality and integrity of information assets of the organization, managing reliable access to them and optimizing their storage resources.
Protection of information becomes a critical factor for the status of organizations. An organization can collapse quickly due to poor overall management or low quality of products and services. In case of information security breakthrough, even the best organization having perfect management can be ruined only for a day.
ISMS covers the main aspects in the management of any organization. It identifies all vulnerable points, potential threats and expected consequences in case of information security breakthroughs. It also selects the respective defenses, generally in separate groups, according to the type of threat to be counteracted.
SOT EOOD was assessed and ISO/IEC 27001:2005 (2013) certified in 2014.
SOT EOOD has been issued an ISO 45001:2018 certificate by the certification company SGS on 30.09.2020 and replaces OHSAS 18001:2007, thus becoming the ISO standard for occupational health and safety management systems (OHSMS).
The ISO 45001:2018 standard focuses on continuous improvement by increasing the occupational health and safety (OHS) efficiency, encouraging OHS culture, encouraging the involvement of workers, reporting the OHS results. There is a new requirement to maintain and safe keep the documented information as an evidence for continuous improvement.
During the transition from OHSAS 18001:2007 to ISO 45001:2018 solutions about the OHSMS suitability, adequacy and efficiency, the opportunities for improvement and need of changes of OHSMS, and the integration of OHSMS with the organisation’s business processes have been included, which have consequences for the strategic development of the organisation.
Certification of SOT EOOD under those three standards was implemented by SGS Bulgaria EOOD, a subsidiary of SGS S.A., Geneva/Switzerland. With over 39,000 employees, 1,000 offices, and laboratories in 150 countries, SGS is the world leader in the control and certification of goods and services. Founded in 1878, SGS is recognized as the benchmark for quality and integrity.
The Quality, Occupational Health and Safety Management System (QOHSMS) and the Information Safety Management System (ISMS) developed in SOT EOOD and combined in an Integrated Management System (IMS) set out the rules for operation by summarizing legal and regulatory framework and internal rules and regulations in written procedures and mandatory rules for operation management.
The annual audits by the certification organization, SGS, confirm that QOHSMS and ISMS comply with the requirements of ISO 9001, and ISO 27001, and are effectively implemented in the company’s operations. They are developed in accordance with the standards in order to achieve the policy and objectives of the organization.
The processes are identified, and the objectives and duties of the respective operations and structural units/departments are determined.
Private Security Operations Management System
The standard defines requirements and gives guidance to organisations conducting or contracting security operations. It contains the principles and requirements for the security operations management system (SOMS) and provides a framework for establishing, implementing, maintaining and improving the security operations.
What is the standard’s objective?
The objective of this international standard is to improve and to demonstrate consistency and predictability of operations for maintaining the security and safety of clients and other stakeholders, in order to ensure respect for human rights and accountability to national and international law.
Who is it appropriate for?
This international standard applies to each type of organization that conducts security operations, especially in contexts where management or the rule of law might prove to be vulnerable due to human or other naturally provoked events. Such organisations, in coordination with clients and government authorities, adopt and implement standards in order to ensure that the human rights and fundamental freedoms are respected, with the main purpose to protect life and ownership. They manage the use of tactics, techniques, procedures and equipment, including arms, under the conditions of manageable risk.
What are the benefits from the implementation of security operations management system?
ISO 18788 gives the opportunity to differentiate organisations that are able to provide services in accordance with the highest professional standards and in compliance with the needs and rights of stakeholders.
The protection of tangible and intangible assets (physical, human, and information assets, image and reputation) of the companies and their customers is an important task for the vitality, profitability and sustainability of all types of organisations (public, private and non-profit).
What does the development and implementation of SOMS provide?
- It takes into account and applies the applicable legal requirements to the operations;
- It creates and maintains a framework for transparent management, in order to detect, monitor, identify and prevent repeated accidents that have adverse impact on the human rights and fundamental freedoms;
- It defines the risks for security, their management in compliance with the applicable regulations, the strategic and operational goals of the organization;
- It carries out overall internal and external risk assessments related to safety and security, and risks for the human rights;
- It carries out classification and training of individuals working for the organisations;
- It carries out identified risk-based operational control, which improves the health, safety and wellbeing of all individual who work for the organisation;
- It applies risk controls that are subject to the rule of law, the respect for human rights of stakeholders, the protection of the interests of the organization and its customers, and the provision of professional services; and
- It assesses the characteristics of provided services and the achievement of goals.
The security operations management system can be easily integrated with other management systems or to be compatible with them and with the processes in the organisation.