benefits of certification for gas tso
TRANSCRIPT
M A R C H 2 0 1 9 / I G U M E E T I N G A B U D H A B I
BENEFITS OF CERTIFICATION FOR GAS TSO
ASHAR HASAN
01 02 03INTRODUCTION SOME POPULAR STANDARDS ASSET MANAGEMENT
SYSTEMS
SUMMARY
Slide / 2
04INFORMATION SECURITY MANAGEMENT SYSTEMS
INTRODUCTIONBUREAU VERITAS CERTIFICATION
01
Slide / 3
CERTIFICATION
Slide / 4
As an independent certification body, BV certifies that
the QHSE management systems utilized by clients comply
with international standards, usually ISO norms,
or with national, “industry-wide” segment or large
company-specific standards
B V ’ S R O L E
Small – medium –
large companies
&
Their suppliers
C L I E N T S
G R O U P R E V E N U E
8%
Competitive advantage
90,000+ customers worldwide
6,400+ auditors
120,000+ certificates issued / year
70+ accreditations worldwide
Service type
QHSE audits
Supply chain audits
Sustainability audits
Training
QHSE
Customized Solutions
& Training
Supply Chain
& Sustainability
F O R
BUREAU VERITAS CERTIFICATION SERVICES
Slide / 5
CERTIFICATION - SCOPE OF ACTIVITIES
► Sector specific standards
Food Safety (ISO 22000, BRC, IFS, FSSC
22000, etc.)
Security in IT and Logistics (ISO 27001, ISO
28000)
Forestry management (FSC, PEFC, etc.)
Aerospace (AS/EN 9100, etc.)
Transportation (TS 16949, IRIS, etc.)
► Management System Certification
Quality (ISO 9001)
Environmental (ISO 14001)
Health & Safety (OHSAS 45001)
Information Security (ISO 27001)
► Sustainability and Corporate Social
Responsibility
Assurance of CSR Reports
Organic food & sustainable agriculture
Carbon footprint and Carbon credit
verification (CDM / JI / VCS)
Energy management systems (ISO 50001)
Biomass and biofuel sustainability
► International Certification Programs
Multi-sites
Multi-schemes
► Auditing programs based on customer-
specific standards for:
Suppliers
Network
► Training
Specific approach for large companies
Added value
Recognized by more than 50 national and international
accreditation bodies
Over 6,300 skilled auditors
A dedicated web space:
BV Net
HOW BV CAN SUPPORT
GET YOU
INFORMED
ASSESS
READINESS
GET
SYSTEM
CERTIFIED
GAP
ASSESSMENT
TOOL
GAP
ASSESSMENT
ONSITE
IRCA
TRAININGS
ONGOING
AUDITS
E-LEARNING
PRE-AUDIT
CERTIFICATION
AUDIT
BUREAU VERITAS CERTIFICATION SERVICES
GET TRAINED AT YOUR OWN TIME, PACE & CONVENIENCE
E-LEARNING COURSES
BUREAU VERITAS CERTIFICATION SERVICES
Slide / 7
SOME POPULAR STANDARDS
02
Slide / 8
SOME POPULAR STANDARDS
Slide / 9
ISO
9001
ISO
14001
ISO
45001
QUALITY MANAGEMENT
SYSTEM
ENVIRONMENTAL
MANAGEMENT SYSTEM
OCCUPATIONAL HEALTH
& SAFETY MANAGEMENT
SYSTEM
BUREAU VERITAS CERTIFICATION SERVICES
SOME POPULAR STANDARDS
Slide / 10
ISO
27001
ISO
50001
ISO
22301
INFORMATION SECURITY
MANAGEMENT SYSTEM
ENERGY MANAGEMENT
SYSTEM
BUSINESS CONTINUITY
MANAGEMENT SYSTEM
BUREAU VERITAS CERTIFICATION SERVICES
SOME POPULAR STANDARDS
Slide / 11
ISO
37001
ISO
29001
ISO
55001
ANTI-BRIBERY
MANAGEMENT SYSTEMQUALITY OIL & GAS
ASSET MANAGEMENT
SYSTEM
BUREAU VERITAS CERTIFICATION SERVICES
ASSET MANAGEMENT SYSTEMS
03
Slide / 12
ISO 55001 AMSASSET MANAGEMENT SYSTEMS
14
1. GOAL OF ASSET MANAGEMENT (AM)
STRUCTURAL MANAGEMENT OF COMPANY ASSETS:
Creating value out of assets (resources) through the
achievement of company goals
Finding the optimal balance between performance, cost
and acceptable business risks
Achievement of balance between financial, environmental
and social costs, risks, quality of service and asset
performance
BUREAU VERITAS CERTIFICATION SERVICES
15
2. KEY CONCEPTS & DEFINITIONS
ASSET:
‘Thing or entity having potential or actual value for an
organization’
MATERIAL ASSETS:
Material / physical assets / tangible means / resources eg:
real estate, car fleet, installation
IMMATERIAL ASSETS:
Intangible / non-physical / resources eg: license,
intellectual property
BUREAU VERITAS CERTIFICATION SERVICES
16
2. KEY CONCEPTS & DEFINITIONS
ASSET MANAGEMENT:
Coordinated activities by an organization in order to create
value out of assets
ASSET PORTFOLIO:
Assets within the scope of application of the Asset
Management System (AMS)
SAMP (Strategic Asset Management Plan):
Documented information indicating how to translate
organizational goals into Asset Management goals and
plans and the role of the supporting system
BUREAU VERITAS CERTIFICATION SERVICES
4. ISO 55000 STANDARDS
Overview, Principles & Terminology
Introduction to Asset Management
ISO 55000
Management System & Requirements
Basic requirements and mandatory clauses
ISO 55001
Guidelines for Application ISO 55001
Explanation and context clauses
ISO 55002
17
BUREAU VERITAS CERTIFICATION SERVICES
Management of company assets (resources) based on High Level Structure
ESSENCE OF ISO 55001:2014
5. A CLOSER LOOK AT ISO 55001
4
Context of the organization
5
Leadership
6
Planning
7
Support
8
Operation
9
Performance evaluation
10
Improvement
18
BUREAU VERITAS CERTIFICATION SERVICES
Improvement in financial performance (improved R.O.I., cost reduction, efficiency & functionality)
Improvement in information & knowledge management (financial, operational, business risks)
Management of business risks (financial, operational, Health & Safety, environmental, corporate
reputation and image)
Demonstrable compliance (compliance with legislation)
Improvement in customer satisfaction (quality of service)
Basis for CSR policy (stakeholder management, environment, CO2 emission, energy consumption, life
cycle management, transparency)
6. BENEFITS OF ISO 55001
BENEFITS OF ASSET MANAGEMENT & ISO 55001
19
BUREAU VERITAS CERTIFICATION SERVICES
INFORMATION SECURITY MANAGEMENT SYSTEM
04
Slide / 20
ISO 27001INFORMATION SECURITY MANAGEMENT SYSTEM
Information is:
‘An asset that, like other important
business assets, is essential to an
organization’s business and
consequently needs to be suitably
protected.’
Source: ISO/IEC 27000:2016 Section 3.2.2
22
1. INFORMATION
2. INFORMATION SECURITY MANAGEMENT SYSTEM
Information Security Management System (ISMS)
That part of the overall management system, based on a business risk
approach, to establish, implement, operate, monitor, review, maintain and
improve information security
Is a Management Process and Not a technological process
Strategic decision of an organization
Design and implementation
Needs and objectives
Security requirements
Processes employed
Size and structure of the organization
Scaled with ‘needs’
24
3. ISO 27001 – INFORMATION SECURITY
ISO 27001 is one of the fastest growing Management Systems
certification schemes worldwide. It sets out the requirements for
secure information management for organizations of all sizes and
sectors.
New areas like cloud computing and personal data privacy, a
continuing stream of high profile corporate data breaches and
increasingly stringent regulation are driving the evolution of information
security.
Protect the confidentiality, integrity and
availability of your company’s information
Inspire trust in your business and protect your
reputation
Comply with data protection legislation
Apply risk-based thinking to help you define
critical information and identify appropriate
controls
129auditors in 42
countries
>27,000Certificates
Worldwide
1,159Certificates
issued by BV
Awaiting figures from Mike
25
Information must be protected throughout its entire lifecycle:
Creation
Storage
Processing
Distribution
Information must be protected independent from its format or media
Not only IT
Paper document (on desks, in waste bins, left on photocopiers)
Whiteboards conversations overheard or left un wiped
Conversations on public transports
………
People
4. INFORMATION SECURITY NOT IT SECURITY
5. INFORMATION SECURITY FACTS
Large organisations are targeted by attackers on a
regular basis
SME’s are increasingly becoming the more valuable
targets for attackers
Organisations are becoming more complex in the
global supply chain
Without a structured approach information security
cannot be managed effectively
26
There are two closely related standards:
ISO/IEC 27001 is a standard specification for requirements of an Information
Security Management Systems (ISMS).
ISO/IEC 27002 is the standard code of practice and can be regarded as a
comprehensive catalogue of good security things to do.
ISO/IEC 27001
Specifies requirements:
For establishing, implementing, operating, monitoring, reviewing, maintaining
and improving a documented ISMS
Designed to:
Ensure adequate security controls to protect information assets, documenting
ISMS
Give confidence to customers & interested parties
6. ISO 27001 STANDARD
27
7. BENEFITS OF ISMS
Corporate governance and oversight
Risk management decisions based on strategic
business objectives
Defined level of assurance
Focus on critical information in any form
Digital data, paper documents, video, voice
Greater visibility of information security
‘spend'
Enhanced information security metrics and reporting
Recognize effectiveness and continuous improvement
of controls
Avoids “silo” approach to implementing controls
Comprehensive view of implementation of controls
Avoid “re-inventing-the-wheel” syndrome
Independent 3rd party validation of due diligence
Proactively address information security with potential
customers
Compress customer audit process (contractual)
Achieves definable ROI for information security
Discounts on professional liability insurance
CERTIFICATION PROCESS
Planning
Implementing & operating
Monitoring & reviewing
Maintaining & improving
Pre-audit
(optional)
Stage 1
audit
Definition of
certification
scopeCorrective
action
(if necessary)
Corrective
action
(if necessary)
Surveillance auditsCertificate
issued
Certification
audit
Stage 2
audit
29
BUREAU VERITAS CERTIFICATION SERVICES