ISO Certifications – The Significance, Process and Benefits

The International Organization for Standardization is an independent non-governmental organization the members of which are the national standards bodies of the 165 member countries. It is the world’s largest developer of voluntary international standards, and it facilitates world trade by providing common standards among nations. More than twenty thousand standards have been set, covering everything from manufactured products and technology to food safety, agriculture, and healthcare

Tech companies can obtain a holistic approach to managing quality and information security.  Additionally, organizations can integrate the processes common to ISO 9001, ISO 27001, and ISO 27701, such as documented information control, internal audits, management review, control of nonconformance, continual improvement, and corrective action.

What is ISO/IEC 9001:2015 – Quality Management System

ISO 9001:2015 – Specifies requirements for a Quality Management System when an organization:

a) Needs to demonstrate its ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements

b) Aims to enhance customer satisfaction through the effective application of the system, including processes for improvement and the assurance of conformity to customer and applicable statutory and regulatory requirements.

What is ISO/IEC 27001:2013 – Information Security Management System

ISO 27001 is the international standard that is recognised globally for managing risks to the security of information you hold.

Certification to ISO 27001 allows you to prove to your clients and other stakeholders that you are managing the security of your information. ISO 27001:2013 (the current version of ISO 27001) provides a set of standardised requirements for an Information Security Management System (ISMS).

What is ISO/IEC 27701:2019 – Privacy Information Management System (GDPR)

ISO 27701 is the newest standard in the ISO 27000 series, explaining what organisations must do when implementing a Privacy Information Management System (PIMS).

The advice essentially bolts privacy processing controls onto ISO 27001:2019, the international standard for information security, and provides a framework to establish the best practices required by regulations such as  GDPR. Despite how neatly ISO 27701 ties into ISO 27001, they cover different topics. The former addresses organisations’ privacy controls, whereas ISO 27001 addresses information security.

To put it another way:

ISO 27001 relates to the way an organisation keeps data accurate, available, and accessible only to approved employees.

ISO 27701 relates to the way an organisation collects personal data and prevents unauthorised use or disclosure.

AMO Certification

After 12 months of laborious efforts and in-depth preparation, AMO is proud to announce that we are now ISO certified. We have obtained the following certifications:

1. ISO 9001:2015 – Quality Management
2. ISO/IEC 27001 :2013 – Information Security Management System
3. ISO/IEC 27701:2019 – Information Privacy

Certifying to the ISO is a multi-step process that includes:

• Understanding and planning for the standard
• Identifying and adapting the controls the organisation will implement
• internally auditing against the requirements and
• externally auditing against the standard (itself a two-stage process)

Once certified, the system is continually evaluated and improved, with internal and external audits on an ongoing annual basis.

Steps to getting ISO Certifications

The important steps of ISO certifications are:

• Initial consultation
• Producing your organisation’s ISO manual
• Training to adopt the ISO framework
• Submission to a third-party external auditor
• ISO 9001 awarded

What does ISO Certification mean for our customers?

To put it simply the ISO certification provides assurance to our customers that we have privacy, quality, and information security program that has been assessed by a third party to meet an international industry standard aligned to GDPR. This requires us to keep our program under continuous compliance.

These certifications, in addition to the Data Processing Addendum (“DPA”) we make available to our customers, offer them multiple layers of assurance that any personal data that AMO processes will be handled in a way that meets the GDPR’s requirements.

We have implemented these requirements by maintaining strict quality and internal policies restricting the transfer of personal data or information.

This is a major milestone for our company and we are delighted that we got ISO certified in time for our 5th Anniversary!