Systems Certification

An effective quality management system is essential for grouping complex requirements within your company and achieving business success. Today more than ever, it is vital to react flexibly and quickly to all kinds of changes and needs of customers and markets.

More than one million businesses of all types and sizes rely on ISO 9001 for quality assurance. And for good reason. This standard can help you streamline your processes while ensuring customer satisfaction and your success in the competitive marketplace.

You can create a true foundation for efficient quality management with ISO 9001 certification. All the experience and know-how of TÜV NORD will be at your side.

Benefits of ISO 9001 certification

• Guarantee of sustainable quality and therefore better quality of products and services.
• Identification of potential for improvement and savings.
• Increased customer and employee satisfaction, e.g. by meeting customer-specific requirements.
• Process improvement and therefore greater economic efficiency.
• Compatibility with other management systems.
• Risk minimization.
• Image enhancement.
• Global comparability.
• Increased competitiveness.

Easy integration into existing management systems

Companies often have other management systems in place in addition to quality management, such as environmental, energy, and occupational health and safety management. Through the "High-Level Standards Structure" (HLS), standardized numbering and headings of individual clauses, as well as the standardized use of reference terms and texts, different management systems can be easily combined into an integrated management system (IMS).

The Process: Plan-do-check-act

ISO 9001 specifies the requirements for your quality management system along the entire value chain. It is based on the Plan-Do-Check-Act model, which is divided into four phases. The goal is the continuous improvement of individual processes within the organization and also of the system as a whole. This approach helps avoid business stagnation and encourages adaptation to changing situations.

Strong positioning through active Environmental Management

Growing environmental awareness among the population means that the issue also becomes a more important factor in the economy: companies that make responsibility towards people and nature part of their daily business contribute to sustainability, improve their image and strengthen their own position in the market. Certification to the internationally recognized ISO 14001 standard provides independent confirmation of an environmentally responsible approach. It is suitable for organizations of all sizes and in all industries.

ISO 14001 certification offers you many benefits

• The company saves costs through continuous improvement of environmental performance.
• It saves resources and reduces environmental risks.
• You implement the required environmental protection measures in time.
• You reduce environmental risks.
• You save fees for approval procedures.
• You are assured of a high level of legal compliance with respect to binding commitments.
• It meets the demands of environmentally conscious consumers.
• It improves its image as an environmentally friendly organization.

What does ISO 14001 certification mean?

• ISO 14001 is the most comprehensive environmental management and audit system for the continuous improvement of the environmental performance of companies and organizations and is valid worldwide. It specifies the requirements for its environmental management and includes the entire value chain. The standard is based on the Plan-Do-Check-Act model and assesses the environmental impacts of the certified organization's own processes and products, but also of upstream and downstream processes, such as the use of raw materials and logistics.
• The standard offers additional essential elements, such as continuous improvement of environmental performance and transparency based on environmental reporting. And above all, confirming compliance with legal regulations provides evidence of legal compliance, with positive consequences in terms of accountability and peace of mind for your organization's employees.
• The certification process takes into account the entire life cycles of products and services, and assesses risks and opportunities. Due to its high-level standards (HLS) structure, it can be combined with other certifications in an integrated management system.

Healthy and motivated employees are an important factor for a company's economic success. Occupational health and safety management systems now play an important role in preventing injuries and illnesses at work. They provide companies with a framework to proactively identify, minimize, and eliminate potential and existing risks in the workplace. In this way, companies not only show a sense of responsibility, but also reduce their costs through lower accident and illness rates.

Since 12 March 2018, ISO 45001 has been ensuring continuous improvement in occupational health and safety. It was developed by the International Organization for Standardization (ISO) as the basis for certification of an internationally recognized occupational health and safety management system.

Why ISO 45001? Your Benefits

• Systematic approach and continuous improvement of occupational safety and health.
• Identification of potential risks and hazards and elimination of these.
• Cost savings by reducing accident and illness rates.
• Raise awareness among employees on safety issues.
• Compliance with customer requirements.
• Increased employee motivation and qualification.

Structure and main focus of ISO 45001

The essential goal to optimize processes for companies in all industries to protect the lives and health of employees as much as possible – will also be implemented with the new standard. The most important new aspect is the introduction of the so-called High Level Structure (HLS) with the aim of applying a harmonized structure to all management system standards.

There is now a greater focus on the organization's environment. An important aspect is that working conditions must be considered in the future along the entire value chain in addition to the conditions of the organization's own employees. This means that external employees working within the organization's area of responsibility must also be instructed on relevant occupational health and safety measures.

Organizations are also expected to identify opportunities to improve workplace safety within a specific process. In addition, important functions and requirements within the framework of occupational safety and health management are extended and transferred to higher levels of management.

There are many good reasons to pay attention to your company's energy efficiency. Globally, it helps with much-needed reductions in greenhouse gas emissions. An energy management system certified according to ISO 50001 also has advantages in terms of profitability for your company.

Because an energy management system certified according to ISO 50001 helps you in the continuous improvement of your energy-related performance, i.e. in the improvement of energy efficiency, energy use and energy consumption. This leads to the constant and sustainable reduction of energy costs, which increases their competitiveness. In addition, their public image will be improved.

ISO 50001 certification gives you these benefits

• Your company systematically takes care of your energy-related performance, recognises and uses the potential for energy savings.
• It raises awareness among its employees and suppliers about the sustainable use of energy resources.
• Save costs through lower energy consumption.
• It supports overall climate protection goals by reducing CO2 emissions and conserving resources.
• It is exempt from energy audits according to the Energy Regulation for companies with a minimum of 250 employees or those with a turnover of more than 50 million euros and that, in turn, have a balance sheet of more than 43 million euros or groups of companies that meet the conditions of large company.
• Its external impact will be positively charged.
• In short, it will increase your competitiveness.

"Plan-Do-Check-Act"-Model as the basis of your energy management system

Model as the basis of your energy management system ISO 50001 is based on the "Plan-Do-Check-Act" model. This is divided into four phases and should be understood as a process of continuous improvement. The continuous improvement process aims to avoid paralysis and ensure that companies adapt to changing situations in time and open up new savings potentials for themselves.

Plan: First, an energy assessment is carried out: the initial energy situation is determined, energy performance indicators (ENPIs) are defined, energy goals and policies are developed, as well as action plans.

Do: In this phase, the energy management system (EnMS) is introduced and implemented for the first time. In addition to creating structures, this includes, for example, establishing communication and documentation processes and training employees. They must demonstrate both technical and energy awareness skills.

Verify: The verification phase focuses on monitoring, measuring, and analyzing energy-related performance. The conclusion of this phase is the management review. Improvements are then made: Measures completed, modified, or firmly implemented.

Act: Finally, new measures are decided for the continuous improvement of performance related to energy and EnMS. If necessary, corrections should also be made, e.g. to energy targets, NDEs, starting points or energy policy.

What is ISO 27001

 ISO 27001 is the globally recognised International Security Management Standard in the field of information security and prescribes the requirements for an Information Security Management System (ISMS).

The General Personal Data Regulation (GDPR) is European-wide and as such it is important to comply with the requirements.

By obtaining the ISO 27001 standard your business demonstrates to customers, clients and stakeholder that it complies with all requirements relating to information security and the Personal Data Protection Act.

In this way ISO 27001 is a powerful business tool protecting your business and all personal data against any data breaches in order to minimise financial and reputational risk.

What is an ISMS

 An information security management system (ISMS) is a set of policies and procedures designed for the management of your business sensitive data and information. As mentioned in the ISO 27001 benefits, the aim of an ISMS is to minimise risks and to instantly alert you and protect you against data breaches.

An ISMS addresses not only technical controls, it also addresses your employees awareness and behaviour. The basis of your ISMS is a risk assessment that considers both internal and external risks. This risk assessment enables your business to take action on the specific risks that face your business.

Once, the ISMS is embedded in a company’s culture, the next step is to seek certification to ISO 27001 the globally recognised information security standard.

ISO 27001 benefits

 Each step in your business process chain deals with data and information, some of which is highly sensitive. Given the challenging, data-driven environment, for companies it is a balancing act, both to protect personal data and to give access when needed.

This is the critical point where an effective Information Security Management System (ISMS) can minimise risk and provide the following business benefits;

• Minimise risks

An implemented ISMS never sleeps. It instantly alerts you in case of security risks. You can react immediately to security alerts and prevent hazardous consequences.

• Reliability and trust

ISO 27001 gives your stakeholders the confidence to do business with a reliable partner who protects highly sensitive data and information from attack and disruption.

• Avoid financial penalties

With respect to the Cost of a Data Breach Study conducted by Ponemon, the average costs of a data breach costs your business $3.86 million. In addition, companies can be fined up to 4% of annual global turnover or 20 million Euros for non-compliance with GDPR (Whichever is the highest)

• Security as a business component

ISO 27001 and there information security applies to each level/department of your business. All employees/internal staff want to work for an employer which protects their data

• Sharpen the competitive advantage

As you know, ISO 27001 provides transparent proof of a professional approach to information security. With whom would your clients rather do business? With a company who manages and protects its data or with a company which does not?

What is TISAX?

TISAX is a programme for assessing the information security systems of companies in the automotive sector. It is targeting data protection and integrity as well as availability in both in the automotive manufacturing process and during vehicle operation. Behind TISAX stands an Information Security Management System (ISMS) similar to that defined by the International Standard ISO 27001. Based on this standard, the German Association of the Automotive Industry (VDA) developed a set of catalogues of requirement (ISA) for the specific needs of the automotive industry.

The effectiveness of an ISMS can be demonstrated by successfully passing an independent assessment, by an authorized audit partner, for example TÜV NORD. If so, ENX*, the organisation which administers and manages the TISAX programme, issues a TISAX label on its online platform.

This label is recognised by all VDA members and vehicle manufacturers such as Audi, BMW, Mercedes Benz and Volkswagen, thus making it easier to participate in future tenders. Participants – there are active and passive ones – in the TISAX programme exchange information on the status of information security by applying the online-portal. Alongside contacting each other the exchange of assessment data via the portal generates confidence and trust within the entire supply chain. Registration on the TISAX portal is essential for those wishing to participate.

Benefits of TISAX

• The assessment criteria are particularly relevant for the automotive sector
• The assessment and assessment results are consistent and of high quality
• The assessment and assessment report procedures are standardised
• The results are highly comparable and meaningful
• Double and multiple assessments are avoided
• A risk management system is established and risks are reduced
• The scheme enjoys broad acceptance in the automotive sector
• There is consistent focus on the requirements of the customer

ISO 20121 is the internationally recognized standard for event sustainability management:

• An event is a planned public or social occasion. It doesn't matter if it's a festival or a fair, an outdoor public event or a concert in a sports hall, a company conference or a happy hour in a small bar. ISO 20121:2012 is applicable to any type of event, regardless of the type, frequency, size and breadth of the target audience.

ISO 20121 is aimed at organizations that wish to adopt a sustainable management system for an event, encompassing ethical, environmentally responsible and economic impacts. It is not the event itself that is audited, but the management system.

The three categories of stakeholders are:

• Direct organisers, e.g. planning firms, booking agencies for concerts and theatrical performances, corporate event offices (for marketing purposes) and in the public administration (for cultural and territorial promotion purposes), cultural associations, conference centres;
• Managers of venues suitable for holding events, e.g. clubs, sports stadiums, fairgrounds, hotels, stadiums, theatres, parks, streets and public squares;
• Service providers that enable events to take place, e.g. audio-visual services, catering, cleaning and transport companies, on-call and butler services, and temp agencies.

ISO 20121 shares many similarities and requirements in common with ISO ISO 9001, ISO 14001 and ISO 45001. It also incorporates many requirements contained in ISO 26000. The scheme requires the organization to define its continuous improvement goals in terms of environmental, economic, and social impacts. and prepare a management system to achieve them.

Main elements and content of the standard:

• 10-paragraph structure shared with the 2015 revisions of ISO 9001, ISO 14001 and 45001 (high-level structure).
• Plan-Do-Check-Act plan as reflected in the event lifecycle.
• Definition of purpose and scope (in the case of organizers, a single event, a series of events, all events covered, or the organization can be mentioned)
• Stakeholder analysis and engagement.
• Sustainability Policy
• Careful analysis of relevant environmental, economic and social aspects and actions to address them.
• General & Industry Legislative Compliance
• Analysis and management of risks and identification of opportunities.
• Supply chain management design.
• Continuous Improvement

Benefits:

• Easy integration with other management systems
• Integrated approach to organizational event management.
• Improved reputation and adoption of best practices.
• Competitive advantage, e.g. tenders, new business.
• Reduced costs (through reduced waste, reduced energy consumption, and equipment reuse)
• Risk reduction
• Improvement of corporate and brand image.
• Greater control of objectives and performance.

Certification Process: The Certification process consists of the following steps:

Request for Proposal

• Contract between the company and the Certification Body
• Submission to the Certification Body of the necessary documentation to start the certification process

Annual Surveillance Audit

• Two surveillance visits per year are mandatory In the third year, a Recertification Audit will be carried out and the Certificate will be renewed.

Issuance of the certificate

• Issuance of a certificate of compliance with the requirements of the Standard. The certificate is valid for 3 years.

Audit Report

• Preparation and review of the report.

Evaluation of documentation

• (Stage 1) Verification of the documentary requirements necessary for certification
• (Stage 2) Certification audit - verification of the efficiency of the Sustainability Management System through dialogue with managers and analysis of documentation

More and more organizations/companies are willing and/or forced to disclose data on their greenhouse gas emissions into the atmosphere. For example, CO2 emissions are proving to be an increasingly decisive criterion in investors' decisions.

You can increase your credibility and transparency by independently verifying your voluntary claims on greenhouse gas emissions; This service is offered by TÜV NORD through certification according to the international standard ISO 14064 (part 3).

ISO 14064 is a family of three standards (which can be used separately):

• ISO 14064-1:2012 ("Greenhouse Gases – Part 1: Specifications and Guidance, at the Organization Level, for the Quantification and Reporting of Greenhouse Gas Emissions and Their Elimination"), which specifies the requirements for the design and development of organizations' greenhouse gas emissions. Inventories;
• ISO 14064-2:2012 ("Greenhouse Gases – Part 2: Specifications and guidance, at project level, for the quantification, monitoring and reporting of greenhouse gas emissions or increased removal"), which defines the requirements for quantifying, monitoring and reporting on greenhouse gas reductions and removals from the atmospheric sector;
• ISO 14064-3:2012 ("Greenhouse Gases – Part 3: Specifications and Guidance for the Validation and Verification of Greenhouse Gas-Related Claims"), which specifies requirements and guidelines for conducting the validation and verification of greenhouse gas information (by certification bodies).

Greenhouse gases (referred to by the acronym GHG) include all the gases that contribute according to their GWP (Global Warming Potential) to the phenomenon of global warming, as established by the Kyoto protocol: carbon dioxide (CO2), methane (CH4), nitrous oxide (N2O), hydrofluorocarbons (HFCs), perfluorocarbons (PFCs) and sulfur hexafluoride (SF6). GHG emissions make up approximately 50% of the total environmental impact generated by humans on the planet.

The calculation of the environmental indicator "carbon footprint" can refer to the entire organization/company or to individual divisions, construction sites, production sites, contracts, services, etc. or it can quantify the carbon footprint of a product, a service, an event or any system (with defined limits).

The limits of the system to which the calculation relates and the emission sources examined and therefore subject to certification are agreed prior to the audit and documented in the certificate. The carbon footprint expresses the totality of those calculated with an inventory approach.

In accordance with ISO 14064-1, and consistent with the GHG Protocol, the gas inventory must take into account the following emission areas:

SCOPE 1 – direct emissions;

SCOPE 2 – indirect emissions from energy consumption;

SCOPE 3 – other indirect emissions.

The calculation of the carbon footprint can be carried out by the organization/company itself or by an external consultant.

Benefits of Certification

Measuring the carbon footprint is a very useful and current action in terms of environmental responsibility; It affects at the operational level the possible actions that follow the identification of emission sources and their actual intensity, as well as their possible inefficiencies.

• The verification and validation of the calculation by an impartial body such as TÜV NORD provides convincing arguments in the search for investors to demonstrate that the company/organization represents an innovative force in climate protection and in dealing with its customers.

  In addition, it is reasonable to expect far-reaching emissions measures and obligations to be enacted in the future, as is already the case with European Emissions Trading (EU ETS). Certified companies/organizations will already be perfectly prepared.

  In addition, ISO 14064 certification allows you to:

• Promote consistency, transparency, and corporate credibility in quantifying and reporting your carbon footprint
• create a baseline from which improvement in emissions performance can be monitored;
• facilitate the development of greenhouse gas emissions management plans;
• identify and manage liabilities, investments and risks related to greenhouse gases;
• facilitate the exchange of greenhouse gas emission credits or allowances;
• voluntarily contribute to the implementation of international climate protection agreements (referred to in the landmark Kyoto Protocol);
• support corporate CSR (Corporate Social Responsibility);
• improve the "green corporate reputation";
• report corporate GHG emissions in accordance with the non-financial reporting requirements required by the Legislative Decree. 254/16.

The Certification Process

TÜV NORD offer based on the information provided Certification order to TÜV NORD Calculation by the organization/company of a GHG inventory that complies with the requirements of the standard to be verified and validated. Drafting by the organization/company of a GHG data management procedure, to be included in the company's ISO 14001 Management System, with which ISO 14064 can be perfectly integrated. Creation by the organization/company of a GHG report intended to inform Preliminary meeting: agreement on operating conditions, such as certification targets, calculation standards, level of insurance (limited or reasonable), system limits, materiality, feasibility assessment (conducted by TÜV NORD) Drafting of a verification and sampling plan (by TÜV NORD) Audit: review of carbon footprint calculations and documentation, on-site audit to check evidence and emission sources, correction phase (by TÜV NORD) Report and issuance of the certificate, valid for 1 year (by TÜV NORD) Annual follow-up audits if required (by TÜV NORD)