ISO 31000:2009, Risk Management - Principles and Guidelines, can be used by any public, private, or community enterprise, association, group, or individual. It is not specific to any industry or sector.

ISO 31000 can be applied throughout the life of an organization, and to a wide range of activities, including strategies and decisions, operations, processes, functions, projects, products, services, and assets. It can be applied to any type of risk, whatever its nature, whether having positive or negative consequences.

Although ISO 31000 provides generic guidelines, it is not intended to promote uniformity of risk management across organizations. The design and implementation of risk management plans and frameworks will need to take into account the varying needs of the organization and the specific practices employed.

ISO 31000 will be used to harmonize risk management processes in existing and future standards. It provides a common approach in support of standards dealing with specific risks and/or sectors, and does not replace those standards.

ISO 31000 is not intended for the purpose of certification.

ISO 31010:2009, Risk Management - Risk Assessment Techniques, is a supporting standard and provides guidance on the selection and application of systematic techniques for risk assessment. The application of a range of techniques is introduced, with specific references to other international standards where the concept and application of techniques are described in greater detail.

ISO 31000:2009 and ISO 31010:2009 can be ordered at the ANSI Web Store.

The recently issued ISO Survey 2008 reveals that ISO management system certificates are held in 176 countries, demonstrating that the international standards have become essential tools of the world economy. The survey results are summarized below for ISO 9001, ISO 14001, ISO/TS 16949, ISO 13485, and ISO 27001.

ISO 9001:2000/2008 (Quality Management Systems)

By the end of December 2008, at least 982,832 ISO 9001 certificates had been issued in 176 countries and economies. The 2008 total represents an increase of 31,346 (+3 %) over 2007. Services have significantly increased their share of these certificates, with service providers now accounting for 40 % of all ISO 9001 certificates.

Top 10 Countries for ISO 9001 Certificates

1. China = 224,616
2. Italy = 118,309
3. Spain = 68,730
4. Japan = 62,746
5. Germany = 48,324
6. UK = 41,150
7. India = 37,958
8. USA = 32,400
9. France = 23,837
10. Korea = 23,036

According to the survey, the USA has shown a decline in ISO 9001 certificates since 2006:

2005 = 44,270
2006 = 44,883
2007 = 36,192
2008 = 32,400

ISO 14001:2004 (Environmental Management Systems)

Up to the end of December 2008, at least 188,815 ISO 14001 certificates had been issued in 155 countries and economies. The 2008 total represents an increase of 34,243 (+22 %) over 2007. Services accounted for 34 % of certificates.

Top 10 Countries for ISO 14001 Certificates

1. China = 39,195
2. Japan = 35,573
3. Spain = 16,443
4. Italy = 12,922
5. UK = 9,455
6. Korea = 7,133
7. Germany = 5,709
8. USA = 4,974
9. Sweden = 4,478
10. Romania = 3,884

The USA has shown a decline in ISO 14001 certificates since 2006:

2005 = 5,061
2006 = 5,585
2007 = 5,462
2008 = 4,974

ISO/TS 16949:2002 (Quality Management Systems - Automotive)

Up to the end of December 2008, at least 39,320 ISO/TS 16949 certificates had been issued in 81 countries and economies. The 2008 total represents an increase of 4,122 (+12 %) over 2007.

Top 10 Countries for ISO/TS 16949 Certificates

1. China = 10,144
2. USA = 4,239
3. Korea = 3,779
4. Germany = 3,243
5. India = 2,248
6. Japan = 1,189
7. France = 1,183
8. Italy = 1,088
9. Brazil = 1,037
10. Mexico = 1,015

The USA had a slight decline in ISO/TS 16949 certificates in 2008:

2005 = 3,693
2006 = 3,852
2007 = 4,288
2008 = 4,239

ISO 13485:2003 (Quality Management Systems - Medical Devices)

Up to the end of December 2008, at least 13,234 ISO 13485 certificates had been issued in 88 countries and economies. The 2008 total represents an increase of 249 (+2 %) over 2007.

Top 10 Countries for ISO 13485 Certificates

1. Germany = 2,651
2. USA = 2,523
3. China = 1,122
4. Italy = 1,112
5. UK = 901
6. Switzerland = 728
7. France = 709
8. Canada = 443
9. Japan = 393
10. Sweden = 239

The USA had a 15 % increase in ISO 13485 certificates in 2008:

2005 = 1,310
2006 = 2,113
2007 = 2,186
2008 = 2,523

ISO 27001:2005 (Information Security Management Systems)

At the end of 2008, at least 9,246 ISO 27001 certificates had been issued in 82 countries and economies. The 2008 total represents an increase of 1,514 (+20 %) over 2007. Service providers account for by far the largest share of certificates at 94 %.

Top 10 Countries for ISO 27001 Certificates

1. Japan = 4,425
2. India = 813
3. UK = 738
4. Taipei = 702
5. Germany = 239
6. China = 236
7. Italy = 233
8. Spain = 203
9. USA = 168
10. Hungary = 135

The USA had a 44 % increase in ISO 27001 certificates in 2008.

2006 = 69
2007 = 94
2008 = 168

You can see the principal findings of The ISO Survey 2008 at this ISO web page.

The International Accreditation Forum (IAF) and the International Organization for Standardization (ISO) have issued a joint statement on the outcomes to be expected as a result of accredited certification to the ISO 9001 quality standard.

The expected ISO 9001 outcomes are:
(from the perspective of the organization's customers)

"For the defined certification scope, an organization with a certified quality management system consistently provides products that meet customer and applicable statutory and regulatory requirements, and aims to enhance customer satisfaction."

What accredited certification to ISO 9001 means:

To achieve conforming products, the accredited certification process is expected to provide confidence that the organization has a quality management system that conforms to the applicable requirements of ISO 9001. In particular, it is to be expected that the organization:

A. has established a quality management system that is suitable for its products and processes, and appropriate for its certification scope.

B. analyzes and understands customer needs and expectations, as well as, the relevant statutory and regulatory requirements related to its products.

C. ensures that product characteristics have been specified in order to meet customer, statutory, and regulatory requirements.

D. has determined, and is managing, the processes needed to achieve the expected outcomes (conforming products and enhanced customer satisfaction).

E. has ensured the availability of resources necessary to support the operation and monitoring of these processes.

F. monitors and controls the defined product characteristics.

G. aims to prevent nonconformities, and has systematic improvement processes in place to:

1. correct any nonconformities that do occur (including product nonconformities that are detected after delivery).
2. analyze the cause of nonconformities and take corrective action to avoid their recurrence.
3. address customer complaints.

H. has implemented an effective internal audit and management review process.

I. is monitoring, measuring, and continually improving the effectiveness of its quality management system.

What accredited certification to ISO 9001 does not mean:

1) It is important to recognize that ISO 9001 defines the requirements for an organization's quality management system, not for its products. Accredited certification to ISO 9001 should provide confidence in the organization's ability to "consistently provide product that meets customer and applicable statutory and regulatory requirements". It does not necessarily ensure that the organization will always achieve 100% product conformity, though this should of course be a permanent goal.

2) ISO 9001 accredited certification does not imply that the organization is providing a superior product, or that the product itself is certified as meeting the requirements of an ISO (or any other) standard or specification.

You can see the full communiqué on ISO 9001 at this IAF web page.

The intent of the statement is to promote a common focus throughout the entire conformity assessment chain in order to achieve these expected outcomes and thereby enhance the value and relevance of accredited certification.

By Don Dickerson, PE
Environmental Engineer
Whittington & Associates

To talk of money, we must begin with its companion: risk. Risk is whatever affects the prosperity of your organization and by extension, you. Even profit itself arises from risk, being a reward to you and your company for the risk you continue to bear in order to remain in business.

In particular, the success of your company depends on how well it manages risk, a word virtually interchangeable with relationships. In fact, every new relationship serves to add more risk to what an organization already carries as risk.

For example, top shelf companies do not expand into new territories without first becoming keenly aware of how they expect to relate to those new customers, employees, vendors, governments, and community. Whole departments, such as marketing, public relations, legal affairs, human resources, and insurance, devote themselves to trying to predict those relationships.

Why is all of this great care necessary? Because risk and profit are two sides of the same coin.

The relationship between an organization and its natural setting is also a matter of risk. The environment is just one more uncertainty that a company must manage to ensure ongoing profits.

The correlation between environmental success and profitability has not always been clear. After nearly forty years of harsh punitive actions and fines brought by the Environmental Protection Agency (EPA) and Department of Justice, many organizations have been conditioned to dismiss environmental management as a costly legal burden with no profit incentive.

However, more recent experience shows that the environment is simply one more business risk that a company must manage well in order to prosper. As such, good environmental stewardship can actually lower costs and increase profits.

Our global marketplace is now acutely aware of the practical business value of environmental stewardship. As a result of this awareness, the worldwide financial community rewards corporations who properly manage environmental risk.

An environmental management system (EMS) is what every company must develop in order to capture and manage its environmental risk. Nearly 15 years of enduring success indicate that the best EMS is one that is certified to the international standard, ISO 14001.

ISO 14001 is a voluntary commitment to environmental excellence that leaves performance programs, targets, and objectives entirely to the discretion of each company seeking certification. Tens of thousands of organizations have received ISO 14001 certification and in doing so, are positioned to grow their market share, reduce the cost of capitalization, lower operational costs, and improve their standing at the local, state, national, and international levels of public awareness.

By virtue of ISO 14001 certification, companies not only find themselves complying with existing regulations, but also integrating the business element of environmental risk into their daily practices. For more information on how to make an EMS and ISO 14001 certification a reality for your company, please contact Don Dickerson at 770-517-7944 or Don@WhittingtonAssociates.com.

If you are interested in ISO 14001 training, we offer these public courses:

ISO 14001 Requirements (2 days)
Implementing ISO 14001 (2 days)
ISO 14001 Internal Auditor (3 days)
ISO 14001 Lead Auditor (4 days)

Don Dickerson is a new Associate at Whittington & Associates. He is an Environmental Engineer with experience in consulting, engineering, and permitting in pharmaceuticals, petroleum, manufacturing, and specialty chemicals. He has been a registered Professional Engineer (PE) since 1996, and recently became an ISO 14001 Provisional Auditor. You can see his credentials at the Dickerson web page at our web site.

The International Accreditation Forum (IAF) and the International Organization for Standardization (ISO) have issued a joint statement on the outcomes to be expected as a result of accredited certification to the ISO 14001 environmental standard.

The expected ISO 14001 outcomes are:
(from the perspective of the organization's customers)

"For the defined certification scope, an organization with a certified environmental management system is managing its interactions with the environment and is demonstrating its commitment to:

A. preventing pollution.
B. meeting applicable legal and other requirements.
C. continually enhancing its environmental management system in order to achieve improvements in its overall environmental performance."

What accredited certification to ISO 14001 means:

The accredited certification process is expected to ensure that the organization has an environmental management system, suitable for the nature of its activities, products, and services, that conforms to the requirements of ISO 14001, and in particular can demonstrate for the defined scope that the organization:

A. has defined an environmental policy appropriate to the nature, scale, and environmental impacts of its activities, products, and services.

B. has identified the environmental aspects of its activities, products, and services that it can control and /or influence, and determined those that can have a significant environmental impact (including those related to suppliers / contractors).

C. has procedures in place to identify applicable environmental legislation and other relevant requirements, to determine how these apply to its environmental aspects, and to keep this information up to date.

D. has implemented effective controls in order to meet its commitment to comply with applicable legal and other requirements.

E. has defined environmental objectives and targets that are measurable, where practicable, taking into account legal requirements and significant environmental aspects, and has programs in place to achieve these objectives and targets.

F. ensures that people working for, or on behalf of, the organization are aware of the requirements of its environmental management system and are competent to perform tasks that have the potential to cause significant environmental impacts.

G. has implemented procedures for communicating internally, as well as, responding to and communicating (as necessary) with interested external parties.

H. ensures that those operations associated with significant environmental aspects are carried out under specified conditions, and monitors and controls the key characteristics of its operations that can have a significant environmental impact.

J. has established and (where practicable) tested procedures to address and respond to emergencies that can have an effect on the environment.

K. periodically evaluates its compliance with applicable legal and other requirements.

L. aims to prevent nonconformities, and has procedures in place to:

1. correct any nonconformities that do occur.
2. analyze the cause of any such nonconformities and take corrective action to avoid their recurrence.

M. has implemented effective internal audit and management review procedures.

What accredited certification to ISO 14001 does not mean:

1) ISO 14001 defines the requirements for an organization's environmental management system, but does not define specific environmental performance criteria.

2) Accredited certification to ISO 14001 provides confidence in the organization's ability to meet its own environmental policy, including the commitment to comply with applicable legislation, to prevent pollution, and to continually improve its performance. It does not ensure that the organization is currently achieving optimal environmental performance.

3) The ISO 14001 accredited certification process does not include a full regulatory compliance audit and cannot ensure that violations of legal requirements will never occur, though full legal compliance should always be the organization's goal.

4) Accredited certification to ISO 14001 does not necessarily indicate that the organization will be able to prevent environmental accidents from occurring.

You can see the full communiqué on ISO 14001 at this IAF web page.

The intent of the statement is to promote a common focus throughout the entire conformity assessment chain in order to achieve these expected outcomes and thereby enhance the value and relevance of accredited certification.

Root Cause Analysis

ISO 9001:2008
Understanding ISO 9001:2008 (1 Day)
ISO 9001:2008 Requirements (2 Days)
Implementing ISO 9001:2008 (2 Days)
Quality System Documentation (2 Days)
ISO 9001:2008 Internal Auditor (3 Days)
ISO 9001:2008 Lead Auditor (4 Days)

ISO 9001:2008 Internal Auditor (2 Days - Onsite Only)

ISO 14001:2004
ISO 14001:2004 Requirements
Implementing an EMS
ISO 14001:2004 Internal Auditor
ISO 14001:2004 Lead Auditor

ISO/TS 16949:2002
ISO/TS 16949:2002 Internal Auditor
ISO/TS 16949:2002 Lead Auditor
Understanding and Implementing ISO/TS 16949:2002

Core Tools
Advanced Product Quality Planning
Design Failure Modes Effects Analysis
Process Failure Modes Effects Analysis
Production Part Approval Process
Statistical Process Control
Measurement System Analysis

AS9100B:2004
AS9100 Internal Auditor
Implementing AS9100
AS9100 Lead Auditor

ISO 27001:2005
ISO 27001 - Understanding an ISMS
ISO 27001 - ISMS Implementation
ISO 27001 - ISMS Internal Auditor
ISO 27001 - ISMS Lead Auditor

ISO 20000-1:2005
Understanding ISO 20000
Implementing ISO 20000
ISO 20000 Internal Auditor

ISO 13485:2003
Understanding ISO 13485:2003
ISO 13485:2003 Internal Auditor
Implementing ISO 13485:2003
ISO 9001 Lead Auditor - ISO 13485 Emphasis

Capability Maturity Model Integration
Introduction to CMMI v1.2

Six Sigma
Introduction to Statistics
Green Belt Certification
Black Belt Certification

© 2000-2010 Whittington & Associates, LLC

You can view the selected quality, environmental, and six sigma book abstracts by clicking on one of the categories below:

• ISO 9001
• AS9100
• ISO/TS 16949
• ISO 14001
• Documentation
• Improvement
• Customer Satisfaction
• Internal Auditing
• Six Sigma

The books can be ordered online via Amazon if you decide to buy a copy.

email: larry@whittingtonassociates.com

phone: 770-517-7944

web: http://www.whittingtonassociates.com