Management systems according to ISO standards
Degrее Consulting provides to its clients, both public and private sector, with the following consulting services in the field of standards management systems of the International Organization for Standardization, known as ISO standards:
- Diagnosis, audit, functional analysis and maintenance of management systems;
- Training, development, and implementation of management systems according to the following standards:
– ISO 9001:2015 (Quality Management);
– ISO 14001:2015 (Environmental Management);
– ISO/IEC 20000-1:2018 (Information technology. Service management.);
– ISO/IEC 27001:2013 (Information Security Management);
– ISO/IEC 27701:2019 (Security methods. Supplement to ISO/IEC 27001 and ISO/IEC 27002 for information integrity management. Requirements and guidelines);
– ISO 31000:2018 (Risk Management);
– ISO 45001:2018 (Management of health and safety at work).
- In addition to the above listed ISO series, Degree Consulting provides public sector organizations with training and services for the development and implementation of quality and/or information security management systems in accordance with the Ordinance on Administrative Services and the Ordinance on the minimum requirements for network and information security;
- Training, development, and implementation of personal data management systems in accordance with Regulation (EU) 2016/679 (GDPR) and the Personal Data Protection Act. Degree Consulting also provides services as a data protection officer;
- Update and transition of management systems to new versions of standards and/or regulations, which introduce new and/or additional requirements regarding quality, environmental protection, working conditions, information security, etc.;
- Reengineering and integration of management systems according to two or more standards;
- Training of internal auditors of management systems.
In the field of development and implementation of ISO series management systems and the related functional analyzes and trainings, the company has completed over 300 projects in Bulgaria, Macedonia and Romania, including the Ministry of Environment and Water, all national parks directorates, RIEW and Basin Directorates, Ministry of Regional Development and Public Works, Agency for Geodesy, Cartography and Cadaster, Executive Agency „General Labor Inspectorate“, Executive Agency for Promotion of Small and Medium Enterprises, Executive Agency „Automotive Administration“, State Agency for Metrological and Technical Supervision, Patent Office of the Republic of Bulgaria, National Center for Information and Documentation, Municipal Administrations, Central Laboratory at the Customs Agency, State Enterprise „Air Traffic Management“, Sofia Airport EAD, Holding BDZ EAD, South-Eastern District State Enterprise – Blagoevgrad, including all 42 state forestry and hunting farms in its territorial scope, Siemens EOOD, SOC „Kamchia” EAD, Unibank – Macedonia, the Food Agency of the Republic of Macedonia and more than 250 companies in the private sector.
ACTIVITIES AND SCOPE OF SERVICES FOR CONSTRUCTION AND IMPLEMENTATION OF MANAGEMENT SYSTEMS
Performing an internal audit for compliance with the requirements of the relevant ISO series standards and local regulations.
This activity starts with an overview of the existing integrated management practices and internal documents of the organization and interviews with employees to assess which documents and practices meet the requirements of national legislation and ISO series standards. These activities help determine which practices and documents should be supplemented and corrected and what new documents should be prepared and implemented to achieve compliance of the management system with the relevant requirements and its readiness for certification by an accredited conformity assessment body. The internal audit ends with the preparation of an internal audit report, containing results on compliance or non-compliance with the individual requirements of regulations and standards and recommendations to the organization to take documentary, organizational, technological, and technical measures to achieve compliance.
This activity includes identification, assessment, documentation, reporting, monitoring, and updating, planning and implementation of risk control measures in relation to the organization’s management system goal – product quality, environmental protection, improvement of working conditions, safety of information, etc.
Preparation of drafts of internal documents of the management system
During this activity, the drafts of internal documents according to the results from the internal audit report are prepared – policies, manuals, procedures, internal rules, instructions, etc. Also, at this stage, the forms that regulate, service and document the processes in the organization are prepared.
Employees of the organization appointed by the management assist us in obtaining the basic information necessary for the preparation of the documentation system and participate in the discussion, correction and/or supplementation and acceptance of the documents.
Our constant goal at this stage is to meet the requirements of the standards with a minimum number and volume of documentation, as well as to prefer electronic documents whenever possible.
Activities for implementation of management systems
Our consulting team, together with employees of the organization appointed by the management, implements the management system by training key employees to work with the system and its documentation.
Conduct an internal compliance audit. Providing methodological assistance to the management of the organization in making corrections and corrective actions. Providing methodological assistance to the management of the organization in performing the management review.
When planning the audit, we prepare an internal audit plan, and we conduct and document the internal audit of the management system in accordance with the requirements of the standard BDS EN ISO 19011:2018. The internal audit ends with the preparation of an internal audit report containing findings of identified compliance or non-compliance with the individual and specific requirements of the ISO series standards and applicable regulations.
After presenting the internal audit report to the management of the organization, we provide methodological assistance in planning and conducting corrections and corrective actions regarding the identified non-compliance, in case the internal audit has found such, to achieve full compliance and readiness of the management system for a certification audit by a certification body accredited under the National Accreditation of Conformity Assessment Bodies Act.
We will provide methodological assistance to the management in conducting and documenting the management review in accordance with the requirements of the Standard.
Management system certification
The certification of the management system, which we have built and implemented with joint efforts, can be certified by an accredited conformity assessment body, which will issue a certificate of compliance with the relevant ISO standards. The issued certificates can be successfully used in competitive procedures under the Public Procurement Act, in the presence of such a requirement for certification by clients, to be published on the websites of organizations and in any other way to certify to third parties, that you have a management system assessed by an external and independent body that complies with the ISO standard (s). Our support at this stage can be in the selection of a certification body, presence and assistance during the certification audit and elimination of non-conformities in case such are identified and documented.
DEGREE CONSULTING Ltd. takes the responsibility and the obligation, through the implementation of the activities described above, to build and implement in the organization of its client a management system to the degree of suitability and readiness for certification by an accredited body in accordance with the relevant ISO standard, and, for public sector organizations – in accordance with the requirements of the Ordinance on the minimum requirements for network and information security and the Ordinance on administrative services.