ISO 27001 – for the creation and management of Information Management Security Systems – has only gotten more and more popular over the years since its inception. Last revised in 2013, the time has come again for an update to this popular, increasingly relevant standard.

It’s still early days for this transition, which will last until October of 2025, but PJR has already developed several resources for those looking to plan either transitioning their current certification or achieving first-time certification to ISO 27001. PJR also has several future webinars in the works with Alan Calder, Founder of IT Governance and author of several books on the topic of ISMS certification and cybersecurity. Alan has already joined us to present an overview of the updates coming to ISO 27001 and a discussion of the different strategies available to clients.

Briefing – Unpacking your ISO 27001:2022 Transition Strategy

In the meantime, stay tuned for further updates on the ISO 27001:2022 Transition, and reach out to PJR if you have any questions!

In the almost 70 years since the very first ISO standard was published, the world has vastly changed – and so has certification! There are now certification options and standards available for any number of industries and specializations, from standardizing industrial temperature measurements (as determined in the very first ISO standard) to managing information security systems.

The most popular ISO certification option for many years has been ISO 9001, a quality management system standard that can be applied to organizations of any size and type operating in a huge range of industries. Not only tied to the manufacturing and production sphere where it has become commonplace, ISO 9001 may also find applications in the service sector and the growing e-commerce industry.

A standard growing in popularity and demand worldwide is ISO 27001, a framework for the creation and development of an information security management system – an area of growing interest from everyday consumers to c-suite executives as data breaches and cyberattacks become more and more widespread.

Possibly the most flexible part of ISO certification, however, is the straightforward way in which multiple standards can be harmonized into one overall management system. With all facets of a business’s interests covered from quality to environmental health to anti-bribery, systems can work together toward a more productive, successful operation overall. And not only that – audits for many ISO standards can be integrated, streamlining the process of becoming certified and maintaining said certificate. Aside from certifications, businesses can also look into the value of HR department to enhance their productivity and workforce. Hiring outsourced HR support services has given a lot of benefits to companies.

Questions about which certifications might be a match for your business, or how to add a new standard and integrate it with your existing certification? Reach out to PJR today!

The range of standards that PJR can certify your company to has expanded once again with its newest addition, ISO 50001! Here’s the broad points of what you need to know about this certification for energy management:

• Currently in its second edition, launched in 2018
• Aims to establish, implement, and maintain an Energy Management System (EnMS)
1. May reduce costs through energy efficiency
2. May help satisfy/meet carbon emissions targets
3. May reduce reliance on fossil fuels
4. May improve company reputation as “green” or environmentally responsible
• Grouped with other “green” certification standards in the Environmental Health and Safety sector – ISO 14001, R2V3, RIOS, etc.
• Compatible with all other ISO standards to build a comprehensive management system

ISO 50001 is widely applicable to businesses of all sizes and industries – give PJR a call today to see if it could be right for your company!

After an audit has been completed, there is occasionally the need for a concern to be raised by a client and resolved in an organized fashion. Disputes – also known as “appeals” – are officially-filed disagreements on the auditee’s part regarding one or more of the conclusions drawn by their auditor. These usually refer to nonconformances, but there is no strict definition of what can be raised in a dispute.

Regardless of why a dispute is filed (usually they are based in disagreements over evidence or the relevancy of audit criteria), it’s important for PJR clients to know that our auditors are encouraged and trained to be forthright and transparent. This helps the final decision in an audit to be as informed as possible.

Nevertheless, disagreements happen – and the appeal process is clearly outlined in PJR’s PRO-10 procedure, as required by ISO 17021-1:2015. Once the steps of the dispute process are followed, there are three possible outcomes:

1. The disputed nonconformance is upheld.
2. The disputed nonconformance is overturned.
3. The disputed nonconformance is upheld but reduced.

At the end of the day, our goal at PJR is for clients to trust us as partners in their certification process both during the audit and beyond. Offering a straightforward dispute process allows open communication, and maintaining a team of experienced, well-trained auditors reduces the number of disputes we might see; in fact, an average year may only see 20 appeals!

If you have questions about the dispute process or the post-audit relationship with PJR, don’t hesitate to reach out.

For those businesses without an existing QMS or ISO certification, the process can be intimidating – avoiding these nine missteps can smooth the way!

1. Avoid overcomplicating your system. Documentation, forms, and other parts of the QMS are supposed to help daily business, not slow it down or make it harder.
2. Uncommitted management. No QMS can function effectively if upper management is not supportive and involved.
3. Total reliance on one individual. “Dumping” development, execution, and maintenance of your QMS onto one employee is the opposite of the systemic structure that a QMS entails!
4. Rushing. Ensure that your QMS is well-developed and offers provable results before charging head-on into certification.
5. Copy-pasting other companies’ systems. Just like no two businesses are exactly alike, no two QMS should be exactly alike; build around unique strengths and challenges for best results!
6. Insufficient training. Robust training and employee awareness campaigns are a must to ensure awareness of what the QMS is and how it works at all levels of a business.
7. Lack of customer awareness. Customer satisfaction is a key aspect of a QMS; being aware of your customers’ wants and needs should be a no-brainer!
8. Improper corrective action. Though complex and often frustrating, Root Cause Analysis is a cornerstone of a thorough QMS. Not sure how to approach it?
   Check out PJR’s webinar on the topic!
9. Poor internal auditor. Be sure to choose an internal auditor who is experienced and well-trained in your industry and is properly qualified for your certification standard of choice!