info@osscertification.com
+91-9910060579 | 9818800579

ISO Certification in Noida

ISO Certification Body in Noida Offer ISO 9001, SIO 14001, ISO 45001 , ISO 27001, ISO 22000, Third Party Inspection and Lead Auditor Training

ISO Certification in Noida, Greater Noida

ISO Certification Body in Noida  and ISO Certification Body Delhi & NCR

We are an accredited ISO Certification Body providing the Certification of ISO 9001, ISO 14001, ISO 27001, ISO 45001, & ISO 22000.

We also provide the Third-Party Inspection and Exemplar Global Certified Lead Auditor Training in Noida , Greater Noida

 

 

About ISO 9001 Certification

Any organization in Noida, Greater Noida looking for ISO 9001 Certification – That organization may be already certified with ISO 9001 old version wants to upgrade the current Management system with New revised ISO 9001 Standard or first time wants to apply for ISO 9001 Certification.

For ISO 9001 Certification the organization follow the following steps, as Given below

  1. Understand the requirements of ISO 9001 by self or with support of expert ISO Consultant in Noida or ISO Consultant Delhi -NCR.
  2. Implement the Quality Management system in the organization, by integrating them with the current business practice of the organization.
  3. Once the Implementation of QMS is completed and a successful internal Audit and Management review meeting is conducted. Apply for ISO 9001 certification to any accredited ISO Certification body in Noida or ISO Certification Body in Delhi -NCR.

 

 

The requirement of ISO 9001 – Quality Management System

ISO 9001 is a Quality Management system standard – the purpose of this standard is consistently supply products and services by meeting the customer requirements and enhancing customer satisfaction.

The Key requirement is given below (but it is not limited)

  • Identification and addressing the Internal and External issues of the organization
  • Understanding the Needs and expectation of Interested Party ( i.e Customer, Supplier, Employee, Regulatory Body etc)
  • Defining the Scope of the organization along with applicability – where the scope is related to organization activities / Product/ Service, Including the Physical location – where the organization performs the activities. Applicability means – which of the requirements of ISO 9001 Standard is applicable to the organization considering the Nature of activities of the organization activities. In ISO 9001 standard there are many requirements, there may be some of the requirements that are not applicable to the organization as per the nature of activities. So, in this case, the organization can Exclude those clauses which are not applicable with valid justification of Exclusion of Clauses.
  • Leadership and commitments – the Top Management of the organization take the Leadership with commitments for QMS of the organization – Establish the Quality Policy & Objective of the organization. Set the Role Responsibility of each employee and commutate. Customer requirements and other requirements communicate with the organization. Be Customer Focused.
  • Address Risk and Opportunity – Do the Risk Analysis of Internal and External issues along with Needs and Expectation of Interested Party. Identify the Significant issues which are affecting the organization’s performance and address them, by taking proper action.  Identify the Opportunity, for improvements of Process. Product, services of the organization.
  • Support – Employee/ People, Infrastructure, System (Documentation) and work Environment for the Operation and Process are the key factors -which are affecting the performance of the organization. Provide the Training to Employee to keep up to date and be competent- with, Training, Knowledge, skill etc. Infrastructure – Machinery, Equipment – do the timely preventing Maintenance / Calibration. including Support Utility – Transport, Computer /Hardware/Software etc. Work Environment for the Operation and Process of the organization – which includes but Not limited – i.e Lighting, Air, water, Humidity, Ventilation etc are to keep UpToDate. Documentation of QMS of the organization – be up to date – which includes – SOP/ Form Formats, Customer Requirements, Specifications, Records etc.
  • Operation – which includes the requirements of Customers, Supplier approval and Evaluation. Product of Product or services. In-process Inspection, Final Inspection of Product and Process. And other related activities – i.e Design, Storage, Identification, handling of Customer Property etc.
  • Monitoring, measurement, analysis, and evaluation– which includes the monitoring of
  • Performance of Product and Process
  • Monitoring of Internal Rejections
  • Monitoring of Customer Satisfaction
  • Monitoring of Supplier Performance
  • Overall performance of the organization
  • Effectiveness of actions taken to address risks and opportunities

Internal Audit – to Monitor the effectiveness of the Implemented Quality Management system

Management Review Meeting – is conducted to ensure its continuing suitability, adequacy, the effectiveness of implemented Quality Management systems of the organization. Including to review the Quality Policy and Objective of the organization

 

 

How to Implement the ISO 9001 -Quality Management system in the organization / Upgrade the current QMS of the organization with new revised ISO 9001 Standard

The Steps of Implementation of ISO 9001 Standard are given below

  • Gap Analysis – QMS requirements VS Organization Current Practice
  • Address the Gap – By developing the Documents
  • Provide the Training to all Concern
  • Implement the new / Revised Documents
  • Monitor the Effectiveness – if it is Ok meeting requirements – Control the document and bring it into the routine Practice.

 

 

 

Benefits of ISO 9001 Certification to organization

There are many benefits of ISO 9001 Certification, some examples are given below

  • Enhance Customer Satisfaction
  • Reduce Internal Rejection
  • Reduce the Customer End Rejection
  • Customer Complain reduced
  • Overall Performance of the organization enhanced
  • The credibility of the organization improved among the customers
  • Opportunity to New Business to organization
  • Overall Profitability of the organization enhance

 

 

 

Environmental Management System – ISO 14001 Certification  in Noida

ISO 14001- Requirements:  Environmental Management system

The purpose of this Standard is to the prevention of Pollution by addressing the Significant Environmental Aspects, Enhancement of the environmental performance of the organization and Compliance to Applicable legal and other requirements related to the environment.

Some of the requirements of ISO 14001 is given below for reference and understanding for the implementation of ISO 14001 – Environmental management system in the organization.

Context of the organization: The organization needs to identify the internal and external issues related to the environment considering its manufacturing/service provisions,

The organization will review –  the activities, requirements, etc – which are the issues affecting the environmental performance of the organization – These such issues may be  Internal and External issues.

Which can be can be reviewed by the organization at the Planing stage or on-going basis and address the significant internal and external issues.

External issues maybe

  • Technological
  • Legal and regulatory
  • Non – availability of alternate -Raw Material /Product / Services
  • Economic Condition
  • Availability of Resouces

Internal issues Maybe

  • Knowledge / Awareness
  • Identification of Environmental aspects  and implementation of Controls
  • Failure of Implementation of Compliance (Legal / Regulatory )
  • Environmental Performance Monitoring

Understanding the needs and expectation of interested parties

The organization identify the needs and expectation of interested parties-

Where the organization needs to identify

Needs of Legal and Regulatory for related to Environmental requirements and its Expectations. Some time the Requirements are provided in Applicable Rule / Regulation. But the Expectation maybe the organization has to identify.

For Example

Monthly submission of Environmental Monitoring Record

Maintain the Record of Hazardous Material Discharge

Compliance to applicable  Legal Requirements related to Environment

Record of Discharge of Water Discharge

Use Raw Material  which can be Recycled after End of Life  / Do not creat the Pollution while Processing

Interested parties can be anyone such as Customer, Supplier, Employee, Regulatory, etc…. anyone related to the environmental requirements.

  Leadership and commitment

Here the organization needs to identify a team leader which the organization needs to appoint who shall take care of the implementation and certification, in such case the person from the Top management is recommended, But in case the Top management personnel is not involved, the organization appoints a MR (Environmental coordinator).

 Environmental  Policy – the organization needs to establish a quality policy which should be appropriate for the purpose of the organization, it should work as a framework for establishing the Environmental objectives, it should have the commitment to comply to the statutory and regulatory requirements, and should be committed for continual improvement the policy should be communicated at the employees level, interested parties as required, the policy can be translated to the local language, subjected there should be a translator during the auditing process.

 

Organizational roles, responsibilities, and authorities :

  1. ABC is responsible for identifying the environmental aspects and monitoring the impacts
  2. XYZ – Responsible for training of the employees wrt Environmental,
  3. EFG – responsible for establishing the operational control,
  4. OPQ – identify the internal, external issues, needs and expectation of interested parties wrt environment and identifying the risk and opportunity,

 

Verified for ABC is responsible for the Process, Ref doc no. Roles, Resp & Auth , Irrespective of the other responsibility ABC Representative is Responsible for the other processes also,

 

Action to address the risk and opportunities  here the organization needs to identify the risk and opportunities identified from internal and external issues, needs and expectation of interested parties

Eg: Significant Physical Hazard – Exposure to Noise.( Machine)

Risk – Health Hazard.

Risk Factor – High.( Disturbance & Permanent Deafness)

Control: Maintenance of Machines periodically, Noise test report.

 

Operational Planning and control: Here the organization is required to establish an operational control

To reduce the environmental impacts, the risk involved due to the manufacturing of the products,  considering the internal and external issue, needs and expectations of interested parties,

Aspect – Procedure for disposal of soil wastage (E wastages.)

Significant aspects – Soil Pollution /Use of Computers, Laptops, CFL Bulbs, electrical & Electronics Accessories)

Control – Hazardous material was sold to authorized vendors, Approved by the Pollution control board. Through manifest.

 

Operational control established is  Control of water Leakage.

– IMP -02 – Documented information for Use of Water, disposal &water Leakage.

Significant aspects –Natural Resource Depilation / Toilets & Taps.

Water Leakage is controlled through effective Preventive maintenance, with dedicated team .Sr Manager Maintenance is a team leader, Plan and monitor the waste consumption, bring awareness among the employees.

 

Emergency Preparedness and Response – this clause requires the organization to identify the potential emergency situation within the organization considering the environment emergency, situations may be Fire – general fire, fire at storage,& electrical fire, Workforce disruption/strikes, Medical Emergency /incident at workplace/ Earthquakes, & Flood, Tremor etc…, Considering the above situations the organization has to conduct mock drill one in a year assuming every situation, They shall verify the resource required for handling the emergency situations Fire Hydrant System, Emergency Routes, emergency exit, fire buckets, sand buckets etc…

Monitoring, measurement, analysis, and evaluation – Here the clause requires the organization to monitor and measure all the process required for the compliances of the environmental requirements such as, Applicable compliances, Air Pollution/ Bacteria control Air, Disposal of Hazardous Waste, Waste oil collection, Hazardous waste manifesto, Water Consumption, Electricity Consumption, stack emission, Noise level, water test report etc…

 

the organization should identify the applicable legal regal requirements considering the environmental regulation, internal and external issues, needs and expectation of interested parties, Risk and Opportunity, environmental aspect and its impact,

The organization is required to maintain a legal register and monitor its compliances, and review the same at planned intervals, examples as under.

Factory Licensee.

Labor Licensee from Asst Commissioner of labor,

ESIC Registration.

EPF Registration,

State Pollution Control Board Consent to operate,

Hazard waste manifesto,

 

Nonconformity and corrective action – This clause requires identifying the Nonconformity related to the environmental impacts, incidents which can be considered an example.

Nature of NC – Leakage of water from tap in the toilet was observed.

Root Cause – Tap Thread was slipped.

Corrective Action – Tap Replaced.

 

Occupational Health and Safety Management System – ISO 45001 Certification

 

ISO 45001 Requirements: (Occupational Health and Safety Management System).

 

Context of the organization:

Here the organization needs to identify the internal and external issues related to the environment considering its manufacturing/service provisions,

Then it needs to be reviewed at planned intervals for its adequacy, and the organization will identify a team for conducting the review,

Internal issue – hazards are not properly identified, the participation of workers is neglected, increase in incidents, the investigation is not properly handled, the strategic direction of the organization, its policies, and objectives, working conditions, the environment is not work-friendly,

External issues: coordination from the regulatory body is minimal, regulatory requirements are unknown, external training for firefighting is not available, outsourced HIRA is not conducted.

 

Understanding the needs and expectation of interested parties

– in this case, the organization needs to identify the needs and expectation of interested parties, interested parties can be anyone such as Owners, shareholders, parent company, Suppliers, contractors and subcontractors, Workers’ representatives such as safety representatives /safety councils/health and safety committee, Trade unions and employers’ organizations, Clients, Visitors, Local community and neighbours of the organization, The general public, Medical and emergency services, The media, Non-governmental organizations (NGOs), Occupational health and safety organizations such as IOSH, Occupational safety, and health-care professionals

Needs And Expectations Of Workers – Safe Working Environments, Job Security, Competitive Salary, Training And Development, Participations, Consultancy, Communication, And Reconization And Reward.

 

 Leadership and commitment

Here the organization needs to identify a team leader which the organization needs to appoint who shall take care of the implementation and certification, in such case the person from the Top management is recommended, But in case the Top management personnel is not involved, the organization appoints a safety officer.

 

OH&SMS Policy

the organization needs to establish an OH&SMS policy which should be appropriate for the purpose of the organization, it should work as a framework for establishing the OH&SMS objectives, Promoting a culture of good Health & Safety practices, Effective management & control of all health & safety-related risks, Proactive prevention of occupational incidents, injuries, & diseases, Adherence to our ISO 45001 systems & procedures, Continual Improvement of our OHS systems & procedures, compliance with all relevant legal & other requirements, Continually investing in the raising of awareness of health & safety within the organization.

Organizational roles, responsibilities, and authorities :

  1. ABC is responsible for identifying the occupational
  2. XYZ – Responsible for training of the employees wrt Environmental,
  3. EFG – responsible for establishing the operational control,
  4. OPQ – identify the internal, external issues, needs and expectation of interested parties wrt environment and identifying the risk and opportunity,

 

Verified for ABC is responsible for the Hazard identification and risk assessment, Roles, Resp & Auth , Irrespective of the other responsibility ABC Representative is Responsible for the other processes also,

 

Action to address the risk and opportunities

here the organization needs to identify the risk and opportunities identified from internal and external issues, needs and expectation of interested parties

Eg:

Activity: Drilling Operation.

Hazard/Concern: Excessive Dust Levels,

Impact Explanation: May Happen.

Rating: 6 (Moderate)

Existing control: Wet drilling arrangement on drills and use of dust masks by the person.

Proposed Risk Control Measures/ Actions: Ensure Precautions as per Procedure.

Legal / Regulatory requirement:  Comply to CPCB Regulations,

 

  • Hazard identification and assessment of risk and opportunities – Here the requirements states the organizations needs to identify the hazards involved in the workplace during various manufacturing/service activities, and assessment of risk and opportunities,
  • Activity: Storage, Handling, transport, and use of explosives.
  • Hazard/Concern: Explosion,
  • Impact Explanation: injury/loss of life/damage to property.
  • Existing control: All operations are being carried out under the direct supervision of competent persons; Explosives are stored in a licensee magazine and transported by explosive van approved by the chief controller of explosive.
  • Proposed Risk Control Measures/ Actions: Ensuring strict compliance to all provisions of rules and regulations relating to storage, handling, transport, and use of explosives (JRP/OCP/0907 & 0908).
  • Legal / Regulatory requirement: Comply to Mine Regulations

 

Determination of legal requirements

Here the organization needs to identify the applicable legal and other requirements, which shall be driven from  HIRA, internal-external issues, needs and expectation of interested parties, RISK assessment etc,,, and the organization shall maintain a Legal Register,

  • Factory Act Rules.
  • Water Act 1974 & Air Act 1981.
  • Site & Building Plan approval.
  • Boiler Act Registration.
  • Apprenticeship Act 1961.
  • ESIC Registration.
  • EPF Registration.
  • GST Registration.
  • Standing Order Act1946.

 

 Operational Planning and Control:

Here the organization is required to establish an operational control

To reduce the work Hazards, the risk involved due to the manufacturing of the products,  considering the internal and external issue, needs and expectations of interested parties,

Activity: Storage, Handling, transport, and use of explosives.

Hazard/Concern: Explosion,

Impact Explanation: injury/loss of life/damage to property.

Existing control: All operations are being carried out under the direct supervision of competent persons, Explosives are stored in a license magazine and transported by explosive van approved by the chief controller of explosive.

Proposed Risk Control Measures/ Actions: Ensuring strict compliance to all provisions of rules and regulations relating to storage, handling, transport, and use of explosives (JRP/OCP/0907 & 0908).

Legal / Regulatory requirement:  Comply to Mine Regulations,

 

Operational control may also include the resource available for emergency preparedness – Fire Extinguishers, Detector, Hooter, MCP , Control Panel, Battery, Fire Hydrant Point, Fire Monitor,  Riser installation, Sprinklers.

OCP can be developed for smooth operations, agreements with contractors, sub-contractors can be done to reduce the impact,

 

Procurement:

this clause defines the externally provided services or product, its control for outsources and purchased products, product, and process information required for the execution of the services.

Eg : Suppliers selection criteria,

  • Suppliers assessment
  • Suppliers evaluation record,
  • Outsourcing processes.
  • Receiving inspection records,
  • Supplier Purchase order information-carrying such as product/process requirements, rates, quantity, etc…

 

Emergency Preparedness and Response

this clause requires the organization to identify the potential emergency situation within the organization considering the environment emergency, situations may be Fire – general fire, fire at storage,& electrical fire, Workforce disruption/strikes, Medical Emergency /incident at workplace/ Earthquakes, & Flood, Tremor, the release of gases, explosion, accidents, bursting of pipes and cylinders  etc…, Considering the above situations the organization has to conduct mock drill one in a year assuming every situation, They shall verify the resource required for handling the emergency situations Fire Hydrant System, Emergency Routes, emergency exit, fire buckets, sand buckets etc…

Monitoring, measurement, analysis, and evaluation

Here the clause requires the organization to monitor and measure all the process required for the compliances of the OH&SMS requirements such as Applicable compliances, Monitoring consumption of Water on a monthly basis, Verified the Electricity Monthly Basis, Accident incident records, Monitoring of Stack Emission, Sampling Location, Boiler, Ambient Air Quality Monitoring Report, Ambient Noise Level Monitoring Report, STP water Report, an inspection of safety equipment, earth pit testing etc… and shall maintain records for the same,

Evaluation of compliance:

the organization should identify the applicable legal regal requirements considering the factory act, Factory rules,  internal and external issues, needs and expectation of interested parties, Risk and Opportunity, HIRA and their legal requirements,

The organization is required to maintain a legal register and monitor its compliances, and review the same at planned intervals, examples as under.

  • Factory Act Rules.
  • Water Act 1974 & Air Act 1981.
  • Site & Building Plan approval.
  • Boiler Act Registration.
  • Apprenticeship Act 1961.
  • ESIC Registration.
  • EPF Registration.
  • GST Registration.
  • Standing Order Act1946.

 

Incident, nonconformity, and corrective action :

Here the organization maintains a record of the incidents taken place at the workplace/ temporary site (Accidents and Near Misses), identify the root cause, makes the correction and takes the corrective against to eliminate the root cause of the incident.

First establish a panel for handling such incidents,

Minor First aid : Local Department HOD

MLC / LTI : HOD and safety Officer,

Fatal Accident: Special Committee,

 

Investigation record should contain minimum these information,

Verified the accident incident record,

Date – time of the incident .

Name of injured.

Designation,

Department.

Location.

Fact-Finding .

Root cause analysis for Accident.

Corrective action / Recommendation  for improvement

 

Food Safety Management System  ISO 22000:2018

 

ISO  22000 Requirements

 

Context of the organization :

The organization needs to identify the internal and external issues related to the food safety management system, issues such as :

  • Internal: Shortage Of Skilled Chiefs
  • No Medical Attention Toward Food Handlers
  • APEDA Regulations Are Not Followed.
  • Food Grade Packaging Material Not Used For Packaging Of Agricultural Products .
  • Hygiene Procedures Are No Followed.
  • Food Waste Storage Area Is Not specified and In fracture Is Lees.
  • Facility layout and design and production equipment

External Issue –

  • Violation of APEDA/ FASSI Regulation / Non Renewal of APEDA/ FASSI \License.
  • Non Clearance From Local Municipal Corporation For Disposal of Food Wastages,
  • Non-availability of food-grade material in local area/shops/dealers.

 Understanding the needs and expectation of interested parties –

 

in this case, the organization needs to identify the needs and expectation of interested parties, interested parties can be anyone such as Owners, shareholders, parent company, Suppliers, contractors and subcontractors, Workers, Clients, Visitors, Local community and neighbors of the organization,

Example: Customer Requirements – Provided Clean, Hygienic, Safe Food, To Employees, Use All Food Grade

Regulatory Bodies – Compliance With Applicable Requirements And Industry Standards / Submission Of Reports.

Government – Environmental Protection/Ethical Behavior/ Growth In Business And Taxes To Build Infrastructure To Support Community Services, Activities, And Institutions.

 Leadership and commitment

Here the organization needs to identify a Food safety team leader (FSTL), which the organization needs to appointed who shall take care of the implementation and certification, in such case the person from the Top management is recommended, But in case the Top management personnel is not involved, the organization appoints a safety officer.

 

FSMS Policy – the organization needs to establish a FSMS policy which should be appropriate for the purpose of the organization, it should work as a framework for establishing the FSMS objectives, it should confirm to the statutory and regulatory requirements and with mutually agreed food safety requirements of the customer, the policy should be communicated at all levels, and can be translated to local language for ease of understanding,

Action to address the risk and opportunities

 

here the organization needs to identify the risk and opportunities identified from internal and external issues, needs and expectation of interested parties

Eg:  Medical Attention Toward Food Handlers

Potential Risk – Food Contamination.

Opportunity – To Comply To The FSMS Requirements.

Food Waste Storage Area Is Not specified and In fracture Is Lees.

Potential Risk  – Not meeting the customer requirement

Opportunity – Specify Location As Per Regulations.

 

Hygiene Procedures Are No Followed.

Potential Risk  – Not meeting the customer requirement

Opportunity  – Trained the people accordingly

 

Violation of APEDA Regulation / Non-Renewal Of APEDA License

Potential Risk  – Not meeting the customer requirement

Opportunity  – Trained the people accordingly

 

Operational Planning and Control:

 

Here the organization is required to establish an operational control for the food hazards identified at workplace,

Food Grade Packaging Material Not Used For Packaging Of Food Products

  • Food Waste Storage Area Is Not specified and In fracture Is Lees.
  • Hygiene Procedures Are No Followed.
  • Violation of APEDA / FASSI Regulation / Non-Renewal Of APEDA/ FASSI License
  • Non Clearance From Local Municipal Corporation For Disposal Of Food Wastages,
  • Non-availability of food-grade material in local area/shops/dealers

SOP Procedure to follow up FSMS in the organization under defined departments such as

  • Production Planning and Control Procedure (XXX/PRO/01)
  • Equipment Maintenance Procedure (XXXX/MAINT/01)
  • HACCP Plan Procedure (XXXXX/PRO/04)
  • PRP’S Control Procedure (XXXXX/PRO/02)
  • OPRP’S control Procedure (XXXX/PRO/03)
  • Planning for Food Analysis Procedure (XXXXX/QUALITY/01)
  • Sampling Procedure (XXXXX/QUALITY/02)
  • Sampling Analysis Procedure (XXXX/QUALITY/03)
  • Calibration Procedure (XXXXX/QUALITY/04
  • Pest Control Procedure (XXXX/PRO/06)

Prerequisite programmes (PRPs).

  • PRP Means prerequisite programe : basic conditions and activities that are necessary to maintain a hygienic environment through the food chain suitable for the production, handling, and provision of safe end products and safe food for human consumption.
  • Example, control of health hazard,
  • Measures of controls,
  • Acceptable criteria,
  • Factory Design as per GMP Guidelines
  • Sewage disposal Design as per GMP Guidelines
  • Pest Control Design and their Programme
  • Operation and Facilities:
  • Sanitation Requirement
  • Production and handling of Equipment are appropriate to the manufacturing of Food Products in different Flavors.

 

 Traceability system –

traceability is required to verify the history of the product, it can be done through lot no / batch no / manufacturing date/ expiry date etc…

Example : Item: Fresh onion

Supplier: XXXXXXXX and Sons,

Address:  ABC , Maharashtra,

Pack Size: 25 Kg

Packed Date: XX/DD/YY

Best Before: 6 Months.

Registration Number: XXXXXXXXXXXXX,

 

Emergency Preparedness and Response –

this clause requires the organization to identify the potential emergency situation within the organization considering the environment emergency, situations may be Biological Tampering Or Terrorism service Disruption Or Contamination, Pest Control In A Disaster, chemical contamination, General salvage considerations,  product Reconditioning, the organization shall conduct mock drill for verifying the effectiveness of the same, for this the organization and develop a food emergency handling team, headed by the Top management personnel,

 Characteristics of raw materials, ingredients and product contact materials

Here the requirement is similar to ISO 9001, the organization needs to verify the quality of the raw material against the audit criteria,

Example : Raw Material: ABC

Supplier: XXXXXX

Sr. No. Test Result Unit Test Method
1 pH 7.25 Mg/lit IS 3025  Pt II
2 TDS 402 Mg/lit IS 3025  Pt II
3 Hardness 388.08 Mg/lit IS 3025  Pt II
4 Alkalinity 147.20 Mg/lit APHA 4500 PT 32
5 Chlorides 137.61 Mg/lit IS 3025  Pt II
6 Sulphate 29.38 Mg/lit APHA 4500 – SO4E
7 Nitride 3.87 Mg/lit APHA 4500 – NO3-B
8 Fluoride 0.10 Mg/lit APHA 4500 – F-D
9 Iron 0.042 Mg/lit APHA 4500 – FE – D
10 Arsenic Less than 0.005 Mg/lit APHA 21ST Ed.3114B

 

Characteristics of end products

Here the organization needs to demonstrate the compliances to the FASSI requirements, Product characteristics / its requirements,

Example: Sample details: Plain Rice, Samber, Plain Dal, Chicken curry, Fish Curry.

Test Results – Found Evident.

Physical characteristic – Normal.

Test for coloring matter – Negative.

Microbiological test facilitators are not available.

Found complying with the Standard laid down under food safety and standard regulation

 

Intended use – this describes for the immediate use of the product after supply such as ready to eat products – take home, prepare and consume, expiry dated / best before use XZY period.

 

Hazard identification and determination of acceptable levels – Physical, Chemical, Microbiological, Contamination through employees Hand, Finished Products identified hazards are:-

Chemical and Microbiological, Contamination through the Packing material, Contamination through employees Hand.- Preparation formulae,

 

Validation of control measure(s) and combinations of control measures – This a calibration requirements for the monitoring and measuring equipment used in the organization,

Hazard control plan (HACCP/OPRP plan)
The HACCP Plan shall contain the following

  • CCP checklist for production
  • CCP Sample Collection Point Form, for Production.
  • Test Report Form for On-line Sample.
  • Test Report Analysis Report
  • Risk Level Identification (Low, Medium, High)
  • Critical Limits and control measure, monitoring Form Number.
  • Critical limit for Physical, Chemical and Microbial
  • Critical limits Follow up (What, How, When, Who is Responsible)
  • Corrective and Corrective Action (In case of Exceed the Critical Limit)
  • Verification: Inspection of the random sample

Example HACCP PLAN :

Process Step – Packaging of Commodities.

Hazard type – P: Physical contamination like- thread, fragments of grading molds, wires, hair, stone etc.

Control measure -Prerequisite program in place for sieving.

– Proper checking of Sorting and grading machine before use.

– Control hygienic condition of food handlers.

-Ensure proper cleaning of equipment & production area by using sanitizer

C: Oil, Grease, paint etc.-Flavors migration from one ingredient to others.

Control measure – – Proper checking of grinder & sieving machine.

-Ensure proper labeling

-Ensure proper cleaning of equipment & production area by using sanitizer.

B: Microbial contamination through food handlers.

Control measure – -Use of protective gears such as gloves, caps etc. while handling RM & Packaged Food

-Ensure proper personal hygiene

Determination of critical limits and action criteria – A critical control point (CCP) is a point, step, or procedure in a food manufacturing process at which control can be applied and, as a result, a food safety hazard can be prevented, eliminated, or reduced to an acceptable level

Example – Temperature log sheet for Refrigerator, Temperature Log sheet for thermometer, Roasting, Sieving there where critical point is there and there is the possibility of Hazard entering the food products / Commodities.

 

Handling of potentially unsafe products – These are the non-conforming products which cannot be sold/ dispatched/ used at any point of time, the handling should be very careful as in case the material there may be due contamination to the product/ product may not be consumed by the customers.

 

Evaluation for release – Same as of 8.6 of the ISO 9001 – but here the organization shall retest the material and dispatch it in case it’s acceptable.

 

 Disposition of non-conforming products – Here the organization needs to identify the method of disposing of the rejected commodities/products in a proper manner so, there is no mixing or any type of contamination is seen,

Withdrawal / Recall – this means there is any product sent to the market and the organization finds some issues with the product, then a recall is made, the full amount of product is recalled from every part of the market, wholesalers, retailers, consumers etc…

This is demonstrated via mock drill also.

 

Information Security Management System

ISO 27001  Certification  – ISMS Certification

ISO 27001 Requirements

 

Context of the organization: Here the organization needs to identify the internal and external issues related to information security management system, issues such as –

Example – External Risk:-Vulnerabilities/ Flaws in existing software, Data Sabotage, Network Sabotage, Information leaks/sharing of data by staff, Virus attack, Worms, use of personal mail , sharing the data from personal mail , sharing the data from Mobile etc.

Internal Issues: – Use of USB  Devices , Password sharing Problem, Use of CD Drive , Use of Social networks, Access card entry, No Use of BioMatrix , Socially engineered theft by employees, Theft of Mobile devices(GSP Lones, Tablets, Laptops), Theft of other hardware devices, Outdated services packs, criminal damage, etc. The it needs to be reviewed at planned intervals for its adequacy, and the organization will identify a team for conducting the review,

Understanding the needs and expectation of interested parties – in this case, the organization needs to identify the needs and expectation of interested parties, interested parties can be anyone such as Customer, Supplier, Employee, Regulatory etc…. anyone,

Eg. Interested Party: Customer

Requirements – Services Level and Support, Obligations and responsibilities of the Parties Confidentiality of data and records, Use of Intellectual property.

 

Scope of Certification and Statement of Applicability: Here based on the activities in the organization, the Scope of certification needs to be identified,

Statement of Applicability: There 114 controls as per the standard, the organization needs to identify the applicability and define what are controls are not applicable, The SOA needs to be reviewed time to time, along with the SOA the Justification is also required for non-applicability of the controls,

 

Example SOA – Statement of applicability document no:-ABC/ISMS/SOA/01, Rev No:- 00, Date:- 20.12.2018. Scope and statement of applicability is addressed in the ISMS manual, Doc Ref No:-ACB/ISMS/MP/01, , Rev:- 00, date:- 20.12.2018,

 

 Leadership and commitment – Here the organization needs to identify a team leader which the organization needs to appoint who shall take care of the implementation and certification, in such case the person from the Top management is recommended, But in case the Top management personnel is not involved, the organization appoints a MR (management Representative).

 

ISMS  Policy – the organization needs to establish an ISMS policy which should be appropriate for the purpose of the organization, it should work as framework for establishing the ISMS objectives, it should have the commitment to comply to the statutory and regulatory requirements, and should be committed for continual improvement the policy should be communicated at the employees level, interested parties as required, the policy can be translated to local language.

ISMS Policy should consider the following points,

  1. Confidentiality Of All Data Is To Be Maintained Through Discretionary And Mandatory Access Controls.
  2. Access to Data on All Laptop Computers Is to Be Secured through Password or Other means, to provide confidentiality of data in the event of loss or theft of equipment.
  3. Only authorized and licensed software may be installed, and installation may only be performed by I.T. Department staff.
  4. Data may only be transferred for the purposes determined in the Organization’s data protection policy.
  5. All diskette drives and removable media from external sources must not be allowed in office premises. Only IT department will be asked to provide any such requirement.
  6. The employee must sign the confidentiality agreement at the time of joining
  7. The login password of every employee should be changed in every 7 days.
  8. For disposal of removable media
  • Other policies can be mobile device policy, Acceptable use of assets policy, Access control policy, IS policy of Supplier relationship, Organization Ethics policy, Organization personal Security policy, Organization crime prevention & security awareness policy, Information Security Risk Assessment Policy, IT Policy, Personal Information Handling Policy, and Exit Policy,

 

 

 Action to address the risk and opportunities  here the organization needs to identify the risk and opportunities identified from internal and external issues, needs and expectation of interested parties,

Eg: Verified the Objective risk to take control measures to reduce/ manage/ treat ISMS risks and bring them to an acceptable level.  Risk scoring has rivaled power failure as the higher risk score is 16. The risk is that due to power failure the CCTV shall not be functional and that may be Physical theft of confidential data. The following controls were verified for the risk due to power failure. Generator:- a.16.2.1 UPS:- a.11.2.2, Server Room:- a.11.2.4.

Other risk like accidental leaks though email, sms have the risk score of 12 but suitable controls for risk treatment have been take by the organization. Email los are being maintained.

 

Information security risk assessment – Here the organization needs to establish the method and criteria for assessment of the risks such as – a. Normal 1-12, b.    Medium13-16 , c.     High- 17-25, Risk rating of 13 to 16 for medium risk and 17 to 25 for high risk. Score of 13 and 17 may to be Physible by multiplication of Probability Risk (PR) &Impact Risk (IR).

Some of the risk can be : Malicious Attacks by employee, Data Sabotage, control, phyla sing attack, Theft of other Hardware, Virus, warms, Spyware & other malicious program.

Example : Data Sabotage , Owner:- Tech Support,  PR;- 1, IR:- 4 , Risk Rating:- 1*4=4,  Impact Explanation :-  Loss of data &  intellectual property,  Existing Measures:- Firewall, Access control, Proposed Risk Controls:- A.9.2., A.9.2.3, A.9.2.4, A9.3.1, A.9.4.2, After control Establishment PR;- 1, IR:- 2 Risk Rating:- 2.

Operational Planning and control: The organization here needs to plan for the resource required for the compliance to the ISMS requirements, the controls applied,

 

Eg such as: Machine planning, production planning, design planning, manpower planning, project planning, purchase planning, process plan, cutting plan etc… The organization needs to control-planned changes and reviews the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary.

 

 

Information security risk assessment – example: some risks and its control establishment in the organizational statement of applicability along with the applicable controls,

  • Malicious Attacks by employee. control ref No:- A.9.2.3, A.9.2.4, A.9.2.5, A.9.4.2
  • Data Sabotage, control ref No:- A.12.2.1, A.12.5.1, A.12.6.1, A.12.6.2, A.12.7.1.
  • Phasing attack, A.9.2.1, A.9.2.1, A.9.4.2, A.12.4.1.
  • Theft of other Hardware , control ref No:- A.11.2.1, A.11.21.5, A.11.1.4
  • Virus, warms, Spyware & other malicious program control ref No:- A.9.2.3, A.9.2.4, A.9.2.5, A.9.4.2.

 Information security risk treatment – Risk assessment Example

Risk Identify: – Virus, Warms, Spyware and other malicious Program.

Established Control: – Installed antivirus and anti spam.

Antivirus update process :- Automatic

Identified Virus  Version :-

Spyware definition  version :-

Verified the History

Detected item Browser modifier/wn32/Duple gem, Alert level:- High, date:-

 

Monitoring, measurement, analysis and evaluation – Here the organization needs to monitor the Risk and its controls maintained.

  • Example of Risk Monitoring : Server Monitoring process

In the Server Room a TFT Screen was displayed the connectivity of used Switches, Networks, Local Servers, Internet and other network attached devices.

Used application name:- GWBPL Networking mentoring System.

Under Control of IT Department with the request of other department.

Verified the  treble in IP Address 172.16.86.2,  Network  not established with the server.

Reason:-  Because  the IT and other department was not using that server.

 

IT Department –  will monitor  to control the access of Cloud servers , computers, mobiles, networks , maintenance of computer system and other it related equipments.\

 

Information Security Controls – ISMS Control

This is the one of the most Important requirements to be considered by the organization , when Implementing ISO 27001 in the organization for ISO 27001 Certification

A.6.1.1 Information security roles and Responsibilities – A written statement should be made to manage the roles and responsibility should be structured during the appointment,

A.6.2.1 Mobile device policy – Wifi protected for external devices other than organization’s equipments found it is complying the requirements.

A.7.2.2 Information security awareness, education and training – regular training sessions for every employees on security awareness. Employees should be often taught on how to secure their passwords.

A.7.2.3 Disciplinary process – Organization has disciplinary process in code of conduct, Procedure shuld be developed  for the same,

A.7.3 Termination and change of employment – Organization has developed the exit policy for all employees at the time of termination or resignation to control the risk after termination of employee .

A.7.3.1 Termination or change of employment responsibilities – Termination letter should be issued when serious in-disciplinary activity is committed by staff and through formal procedure like 3 formal warning letter and later termination letter is issued.

A.8.3.2 Disposal of media – organization using shredders. Drives/CDs are crushed/destroyed and then burnt to control the risk from disposal of media.

A.8.3.3 Physical media transfer – The organization shall appoint a security officer who will be assigned during the media transfer. A contract will be signed with those persons who will be transferring the media.

A.9 Access control – should be monitored through the login id and passwords,

A.9.1.1 Access control policy – organization should access all devices in the network. Employees have restricted access to their machines. All have access to a common shared drive in the network to share files between them.

A.9.4.3 Password management system – Strong password policy and expires automatically after 30 days.

A.11.1.1 Physical security perimeter – organization shall verify the implementation of the Biometrics and CCTV cameras to control the physical and environments security.

A.11.2.5 Removal of assets – organization should verify the implementation of the Records is maintained and proper exit policies like blocking accounts and password change are implemented. Assets shall be  formatted/destroyed by burning.

A.11.2.6 Security of equipment and assets off-premises – organization should implementation of the Data is encrypted and the password of the machine is shared only with the specific user. VPN access is provided for users out of office.

A.11.2.7 Secure disposal or re-use of equipment – organization should verify the  implementation of the  Disk wiping/formatting before allotting the device to new employee. Formatting and then destroying the media by burning for disposal.

A.12.4 Logging and monitoring – organization may implemented firewall to control the event logging and it is useful to monitor the logging.

A.12.6 Technical vulnerability management – Risk based patch management and hardening of operating systems, databases etc..

A.12.5 Control of operational software – the organization should implement and see that there are no install software in any PC/laptop without getting help of IT department.

A.12.6.2 Restrictions on software installation – Password protected and daily monitoring through firewall.

A.13.1.1 Network controls – Users will be restrict to access other machines. All machines in the network should be password protected. Employees shall have limited access in the network. Only a shared drive can be accessed by employees within the network which contains insensitive data.

A.14.1.2 securing application services on public networks – Software firewall will be place which ensures that confidential services are restricted for public access.  firewall is configured in such a way that no office machines can be accessed from outside without a VPN.

A.14.2.1 Secure development policy – All employees shall have limited access to code repository such that all events are logged. Code repositories are IP restricted and web traffic is carried over SSL.

A.14.2.3 Technical review of applications after operating platform changes – Only IT person shall have the authority to review of application s after operating platform changes.

A.15.1.3 Information and communication technology supply chain – The flow of products and information between supply chain member’s organizations are well documented. This ensures that the standard ITSCM policies are followed.

A.18.1.4 Privacy and protection of personally identifiable information – Employees are restricted to access other’s machines by password protecting all machines and having limited access on their own allocated machines.