Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Business process modeling
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
=== Certification of the management system according to ISO === [[File:ISO_Logo_(Red_square).svg|thumb|International Organization for Standardization (''ISO'' and official logo are registered trademarks)]] With ISO/IEC 27001:2022, the standard requirements for management systems are now standardized for all major ISO standards and have a process character. ==== General standard requirements for management systems with regard to processes ==== In the ISO/IEC 9001, [[ISO 14001|ISO/IEC 14001]], ISO/IEC 27001 standards, this is anchored in Chapter 4.4 in each case: {| class="wikitable" ! ISO/IEC 9001:2015 Clause 4.4 Quality management system and its processes !| ISO/IEC 14001:2015 Clause 4.4. Environmental management systems !| ISO/IEC 27001:2022 Clause 4.4 Information security management system |} Each of these standards requires the organization to establish, implement, maintain and continually improve an appropriate management system "including the processes needed and their interactions".<ref name="ISO-9001">ISO 9001:2015: ''Quality management systems - Requirements'', Fifth edition 2015-09, [https://www.iso.org/standard/62085.html ISO, the International Organization for Standardization] 2015.</ref><sup>, </sup><ref>ISO 14001:2015: ''Environmental management systems - Requirements with guidance for use'', Third edition 2015-09, [https://www.iso.org/standard/60857.html ISO, the International Organization for Standardization] 2015.</ref><sup>, </sup><ref>ISO 27001:2022: ''Information security, cybersecurity and privacy protection Information security management systems - Requirements'', Third edition 2022-10, [https://www.iso.org/standard/27001 ISO, the International Organization for Standardization] 2022.</ref> In the definition of the standard requirements for the ''processes needed and their interactions'', ISO/IEC 9001 is more specific in clause 4.4.1 than any other ISO standard for management systems and defines that "the organization shall determine and apply the processes needed for"<ref name="ISO-9001"/> an appropriate management system throughout the organization and also lists detailed requirements with regard to processes: * Determine the inputs required and the outputs expected * Determine the sequence and interaction * Define and apply the criteria and methods (including monitoring, measurement, and related performance indicators) for effective operation and control * Determine the resources needed * Assign the responsibilities and authorities * Address the risks and opportunities * Evaluate these processes and implement any changes needed for effective operation and control * Improve In addition, clause 4.4.2 of the ISO/IEC 9001 lists some more detailed requirements with regard to processes: * Maintain documented information * Retain documented information for correct implementation The standard requirements for ''documented information'' are also relevant for business process modelling as part of an ISO management system. ==== Specific standard requirements for management systems with regard to documented information ==== In the standards ISO/IEC 9001, ISO/IEC 14001, ISO/IEC 27001 the requirements with regard to ''documented information'' are anchored in clause 7.5 (detailed in the respective standard in clauses "7.5.1. General", "7.5.2. Creating and updating" and "7.5.3. Control of documented information"). The standard requirements of ISO/IEC 9001 used here as an example ''include'' in clause "7.5.1. General" * Documented information by the standard requirements; and * Documented information on the effectiveness of the management system must be included; ''Demand'' in clause "7.5.2. Creating and updating" * Labelling and description (e.g. with title, date, author or reference number); * Suitable format (e.g. language, software version, graphics) and medium (e.g. paper, electronic); and * Review and approval And ''require'' in clause "7.5.3. Control of documented information" * To ensure suitable and available at the place and time as required; * To ensure protection (e.g. against loss of confidentiality, improper use or loss of integrity); * To consider distribution, access, retrieval,and use; * To consider filing/storage and preservation (including preservation of readability); * To perform monitoring of changes (e.g. version control); and * To consider storage and disposition of further whereabouts. Based on the standard requirements, * To determine and continuously improve the ''required processes and their interactions'' * To determine and maintain the content of the ''documented information'' deemed necessary and * To ensure the secure handling of ''documented information'' (protection, access, monitoring, and maintenance) Preparing for ISO certification of a management system is a very good opportunity to establish or promote business process modelling in the organisation.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)