ISO 27001:2013 – This is an international standard to manage information security. The ISO/IEC 27001 standard provides companies of any size and from all sectors of activity with guidance for establishing, implementing, maintaining and continually improving an information security management system. Conformity with ISO/IEC 27001 means that an organization or business has put in place a system to manage risks related to the security of data owned or handled by the company, and that this system respects all the best practices and principles enshrined in this International Standard. (This standard has recently had a revision to 27001:2022)
ISO 20000-1:2018 – This specifies the requirements for an organization to establish, implement, maintain and continually improve a service management system (SMS). The requirements specified in this document include the planning, design, transition, delivery and improvement of services to meet the service requirements and deliver value. It is aligned with ITIL methodology.
ISO 9001: 2015 This sets out the criteria for a quality management system. It can be used by any organization, large or small, regardless of its field of activity. This standard is based on a number of quality management principles including a strong customer focus, the motivation and implication of top management, the process approach and continual improvement. Using ISO 9001 helps ensure that customers get consistent, good-quality products and services, which in turn brings many business benefits.
ISO 45001:2018 – This specifies requirements for an occupational health and safety (OH&S) management system, and gives guidance for its use, to enable organizations to provide safe and healthy workplaces by preventing work-related injury and ill health, as well as by proactively improving its OH&S performance. ISO 45001:2018 is applicable to any organization regardless of its size, type and activities.
ISO 31000:2018 – This provides principles, a framework and a process for managing risk. It can be used by any organization regardless of its size, activity or sector. Using ISO 31000 can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats and effectively allocate and use resources for risk treatment (ISO 31000 cannot be used for certification purposes)
ITIL (Information Technology Infrastructure Library) – ITIL is a widely accepted set of best practices that is designed to support an organization in gaining optimal value from IT, by aligning IT services with business strategy. The Information Technology Infrastructure Library is a set of detailed practices for IT activities such as IT service management and IT asset management that focus on aligning IT services with the objectives of the business.
COBIT (Control Objectives for Information and Related Technologies) – This is an IT governance framework for businesses wanting to implement, monitor and improve IT management best practices. The framework is business focused and defines a set of generic processes for the management of IT. Based around COBIT 5 principles – Principle 1: Meeting stakeholder needs, Principle 2: Covering the enterprise end to end, Principle 3: Applying a single integrated framework, Principle 4: Enabling a holistic approach, Principle 5: Separating governance from management.