Is ISO Certification Mandatory?
Blog Article | ISO | ISO Consultant

Share this

Share On Facebook
Share On Twitter
Share On Linkedin
Share On Pinterest

 

 

Is ISO Certification Mandatory?

Short answer: nobody is required to be ISO 27001 certified, but this standard can be extremely useful if your organisation is looking to protect against cyberattacks and reassure customers that their private information is in safe hands.

ISO 27001 – is the global standard for information security management systems. Organisations of all sizes and across all sectors can obtain ISO 27001 certification by implementing a compliant information security management system (ISMS) and verifying it through an accredited certification body.

 

ISO Publishes ‘Climate Action Amendments’ for Management System Standards

On 23rd February 2024, ISO published a pair of ‘Climate Action Amendments’ for their Management Systems Standards (MSS).

These amendments affect a number of existing standards, and they will also be present in all new standards that are currently in development or under revision.

 

What has changed?

Two new statements have been added to the Harmonised Structure that is used for all ISO management standards:

 

4.1 Understanding the organisation and its context.

The organisation shall determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended result(s) of its management system.

The organisation shall determine whether climate change is a relevant issue.

 

4.2 Understanding the needs and expectations of interested parties.

The organisation shall determine:

  • the interested parties that are relevant to the management system.
  • the relevant requirements of these interested parties.
  • which of these requirements will be addressed through the management system.

NOTE: Relevant interested parties can have requirements related to climate change.

 

A recent note that ISO standards “have always included the need for all issues affecting the management systems to be considered by the organisation”. So it’s certainly possible that your existing management systems already take the issue of climate change into account, especially if climate concerns have the potential to impact your business in a major way.

 

What is the purpose of these amendments?

The two additional statements aim to…

  • honor ISO’s commitment to climate action: the London Declaration to combat climate change through standards
  • prompt organisations to consider the impact climate change might have on their management system(s)
  • emphasise the important of climate considerations

Note that the goal of these amendments is not to disproportionately prioritise climate change above all other considerations, but merely to encourage organisations to bear climate change in mind when identifying relevant issues and requirements.

 

Which standards are affected?

The amendments apply to more than 30 existing standards, including the current versions of:

 

 

 

OIP 54 1

Recent Comments

    Submit a Comment

    Your email address will not be published. Required fields are marked *