benefits of certification for gas tso

M A R C H 2 0 1 9 / I G U M E E T I N G A B U D H A B I

BENEFITS OF CERTIFICATION FOR GAS TSO

ASHAR HASAN

01 02 03INTRODUCTION SOME POPULAR STANDARDS ASSET MANAGEMENT

SYSTEMS

SUMMARY

Slide / 2

04INFORMATION SECURITY MANAGEMENT SYSTEMS

INTRODUCTIONBUREAU VERITAS CERTIFICATION

01

Slide / 3

CERTIFICATION

Slide / 4

As an independent certification body, BV certifies that

the QHSE management systems utilized by clients comply

with international standards, usually ISO norms,

or with national, “industry-wide” segment or large

company-specific standards

B V ’ S R O L E

Small – medium –

large companies

&

Their suppliers

C L I E N T S

G R O U P R E V E N U E

8%

Competitive advantage

90,000+ customers worldwide

6,400+ auditors

120,000+ certificates issued / year

70+ accreditations worldwide

Service type

QHSE audits

Supply chain audits

Sustainability audits

Training

QHSE

Customized Solutions

& Training

Supply Chain

& Sustainability

F O R

BUREAU VERITAS CERTIFICATION SERVICES

Slide / 5

CERTIFICATION - SCOPE OF ACTIVITIES

► Sector specific standards

Food Safety (ISO 22000, BRC, IFS, FSSC

22000, etc.)

Security in IT and Logistics (ISO 27001, ISO

28000)

Forestry management (FSC, PEFC, etc.)

Aerospace (AS/EN 9100, etc.)

Transportation (TS 16949, IRIS, etc.)

► Management System Certification

Quality (ISO 9001)

Environmental (ISO 14001)

Health & Safety (OHSAS 45001)

Information Security (ISO 27001)

► Sustainability and Corporate Social

Responsibility

Assurance of CSR Reports

Organic food & sustainable agriculture

Carbon footprint and Carbon credit

verification (CDM / JI / VCS)

Energy management systems (ISO 50001)

Biomass and biofuel sustainability

► International Certification Programs

Multi-sites

Multi-schemes

► Auditing programs based on customer-

specific standards for:

Suppliers

Network

► Training

Specific approach for large companies

Added value

Recognized by more than 50 national and international

accreditation bodies

Over 6,300 skilled auditors

A dedicated web space:

BV Net

HOW BV CAN SUPPORT

GET YOU

INFORMED

ASSESS

READINESS

GET

SYSTEM

CERTIFIED

GAP

ASSESSMENT

TOOL

GAP

ASSESSMENT

ONSITE

IRCA

TRAININGS

ONGOING

AUDITS

E-LEARNING

PRE-AUDIT

CERTIFICATION

AUDIT


GET TRAINED AT YOUR OWN TIME, PACE & CONVENIENCE

E-LEARNING COURSES


Slide / 7

SOME POPULAR STANDARDS

02

Slide / 8


Slide / 9

ISO

9001

ISO

14001

ISO

45001

QUALITY MANAGEMENT

SYSTEM

ENVIRONMENTAL

MANAGEMENT SYSTEM

OCCUPATIONAL HEALTH

& SAFETY MANAGEMENT

SYSTEM



Slide / 10

ISO

27001

ISO

50001

ISO

22301

INFORMATION SECURITY

MANAGEMENT SYSTEM

ENERGY MANAGEMENT

SYSTEM

BUSINESS CONTINUITY

MANAGEMENT SYSTEM



Slide / 11

ISO

37001

ISO

29001

ISO

55001

ANTI-BRIBERY

MANAGEMENT SYSTEMQUALITY OIL & GAS

ASSET MANAGEMENT

SYSTEM


ASSET MANAGEMENT SYSTEMS

03

Slide / 12

ISO 55001 AMSASSET MANAGEMENT SYSTEMS

14

1. GOAL OF ASSET MANAGEMENT (AM)

STRUCTURAL MANAGEMENT OF COMPANY ASSETS:

Creating value out of assets (resources) through the

achievement of company goals

Finding the optimal balance between performance, cost

and acceptable business risks

Achievement of balance between financial, environmental

and social costs, risks, quality of service and asset

performance


15

2. KEY CONCEPTS & DEFINITIONS

ASSET:

‘Thing or entity having potential or actual value for an

organization’

MATERIAL ASSETS:

Material / physical assets / tangible means / resources eg:

real estate, car fleet, installation

IMMATERIAL ASSETS:

Intangible / non-physical / resources eg: license,

intellectual property


16

2. KEY CONCEPTS & DEFINITIONS

ASSET MANAGEMENT:

Coordinated activities by an organization in order to create

value out of assets

ASSET PORTFOLIO:

Assets within the scope of application of the Asset

Management System (AMS)

SAMP (Strategic Asset Management Plan):

Documented information indicating how to translate

organizational goals into Asset Management goals and

plans and the role of the supporting system


4. ISO 55000 STANDARDS

Overview, Principles & Terminology

Introduction to Asset Management

ISO 55000

Management System & Requirements

Basic requirements and mandatory clauses

ISO 55001

Guidelines for Application ISO 55001

Explanation and context clauses

ISO 55002

17


Management of company assets (resources) based on High Level Structure

ESSENCE OF ISO 55001:2014

5. A CLOSER LOOK AT ISO 55001

4

Context of the organization

5

Leadership

6

Planning

7

Support

8

Operation

9

Performance evaluation

10

Improvement

18


Improvement in financial performance (improved R.O.I., cost reduction, efficiency & functionality)

Improvement in information & knowledge management (financial, operational, business risks)

Management of business risks (financial, operational, Health & Safety, environmental, corporate

reputation and image)

Demonstrable compliance (compliance with legislation)

Improvement in customer satisfaction (quality of service)

Basis for CSR policy (stakeholder management, environment, CO2 emission, energy consumption, life

cycle management, transparency)

6. BENEFITS OF ISO 55001

BENEFITS OF ASSET MANAGEMENT & ISO 55001

19


INFORMATION SECURITY MANAGEMENT SYSTEM

04

Slide / 20

ISO 27001INFORMATION SECURITY MANAGEMENT SYSTEM

Information is:

‘An asset that, like other important

business assets, is essential to an

organization’s business and

consequently needs to be suitably

protected.’

Source: ISO/IEC 27000:2016 Section 3.2.2

22

1. INFORMATION

2. INFORMATION SECURITY MANAGEMENT SYSTEM

Information Security Management System (ISMS)

That part of the overall management system, based on a business risk

approach, to establish, implement, operate, monitor, review, maintain and

improve information security

Is a Management Process and Not a technological process

Strategic decision of an organization

Design and implementation

Needs and objectives

Security requirements

Processes employed

Size and structure of the organization

Scaled with ‘needs’

24

3. ISO 27001 – INFORMATION SECURITY

ISO 27001 is one of the fastest growing Management Systems

certification schemes worldwide. It sets out the requirements for

secure information management for organizations of all sizes and

sectors.

New areas like cloud computing and personal data privacy, a

continuing stream of high profile corporate data breaches and

increasingly stringent regulation are driving the evolution of information

security.

Protect the confidentiality, integrity and

availability of your company’s information

Inspire trust in your business and protect your

reputation

Comply with data protection legislation

Apply risk-based thinking to help you define

critical information and identify appropriate

controls

129auditors in 42

countries

>27,000Certificates

Worldwide

1,159Certificates

issued by BV

Awaiting figures from Mike

25

Information must be protected throughout its entire lifecycle:

Creation

Storage

Processing

Distribution

Information must be protected independent from its format or media

Not only IT

Paper document (on desks, in waste bins, left on photocopiers)

Whiteboards conversations overheard or left un wiped

Conversations on public transports

………

People

4. INFORMATION SECURITY NOT IT SECURITY

5. INFORMATION SECURITY FACTS

Large organisations are targeted by attackers on a

regular basis

SME’s are increasingly becoming the more valuable

targets for attackers

Organisations are becoming more complex in the

global supply chain

Without a structured approach information security

cannot be managed effectively

26

There are two closely related standards:

ISO/IEC 27001 is a standard specification for requirements of an Information

Security Management Systems (ISMS).

ISO/IEC 27002 is the standard code of practice and can be regarded as a

comprehensive catalogue of good security things to do.

ISO/IEC 27001

Specifies requirements:

For establishing, implementing, operating, monitoring, reviewing, maintaining

and improving a documented ISMS

Designed to:

Ensure adequate security controls to protect information assets, documenting

ISMS

Give confidence to customers & interested parties

6. ISO 27001 STANDARD

27

7. BENEFITS OF ISMS

Corporate governance and oversight

Risk management decisions based on strategic

business objectives

Defined level of assurance

Focus on critical information in any form

Digital data, paper documents, video, voice

Greater visibility of information security

‘spend'

Enhanced information security metrics and reporting

Recognize effectiveness and continuous improvement

of controls

Avoids “silo” approach to implementing controls

Comprehensive view of implementation of controls

Avoid “re-inventing-the-wheel” syndrome

Independent 3rd party validation of due diligence

Proactively address information security with potential

customers

Compress customer audit process (contractual)

Achieves definable ROI for information security

Discounts on professional liability insurance

CERTIFICATION PROCESS

Planning

Implementing & operating

Monitoring & reviewing

Maintaining & improving

Pre-audit

(optional)

Stage 1

audit

Definition of

certification

scopeCorrective

action

(if necessary)

Corrective

action

(if necessary)

Surveillance auditsCertificate

issued

Certification

audit

Stage 2

audit

29


benefits of certification for gas tso

Documents