ISO CERTIFICATIONS: 20.000, 27.001 y 22.301
How ISO certifications can approach your organization to excellence, improve your efficiency and report higher benefits; reducing costs and being more competitive.
Its mission is to elaborate standards in multiple fields and disciplines with the aim of reducing cultural gaps and homogenizing concepts, vocabularies and establishing good practices and common obligations at the international level. The set of rules explained here (20,000, 27,001 and 22,301) share important aspects that offer independently and as a whole the corporate benefits that will bring you closer to excellence while increasing the value of your business:
Standards and good practices accepted and adopted internationally
allows your organization to know what to do, being able to introduce its know-how, its own culture and its own idiosyncrasies in how to do it. Maintaining your identity to provide value, but knowing that nothing is left on the road to reach excellence.
Efficiency and effectiveness
Standards 20,000, 27,001 and 22,301 share a common element among themselves. All of them are based on the principle of continuous improvement. This principle is achieved with the execution of the Deming cycle.
Better improvement: individual and collective
The decision to adopt an ISO standard must be made with the awareness of achieving two objectives: Fit for purpose (Fit for purpose - UTILITY of what is done) and Fit for use (Adequate to use - GUARANTEE that it is done well) .
Business value: Facilitated item
Providing the ISO standards certifications means having successfully implemented all the requirements for certification and these have been evaluated and audited by independent specialists authorized by the ISO itself.
ISO 20.000 – Service Management
Service is understood as the means of delivering value to a customer, making it easier for them to achieve the results they want to obtain. The service is usually intangible and a unique property, they must be consumed at the time it occurs (can not be stored)
The objective of the ISO-20.000 standard is to establish the necessary means through the definition of different processes based on good international practices so that the service delivered to the client complies with the expected results. The norm is the specific development of the concept of quality transferred to the provision and support of services. Identifying for this work a set of processes and requirements that guarantee a provision of quality service guaranteeing
Supply chain for each service.
Changes in services and the inclusion of new services do not affect the services in progress.
The customer gets what he has bought.
ISO 27.001 – Management of information security
Information is one of the most valuable assets of any organization. Establishing effective mechanisms to protect it is the main objective of rule 27.001.
Protecting information means that:
It is available to those who need it when they need it (availability).
It is only available to whoever is authorized. And it can only perform with it the allowed actions (confidentiality).
It is truthful, complete and updated.
It has been generated by whoever claims to have done it (authenticity).
Decision making facilitator (measure, decide)
It is possible to determine who, when, how and from where it was created, read, updated and deleted (traceability).
The standard establishes a process that, through risk analysis and cost / benefit analysis, defines action plans to mitigate the effect of the threat catalog, prioritizing according to reproducible criteria over time, always according to business criteria and not exclusively technological.
ISO 22.301 – Management of business continuity
The management of business continuity has the difficult objective of:
Analyze the impact on the business of the cessation of activities.
Identify critical activities.
Design and implement the appropriate strategies.
Reestablish business activities after a disaster.
Minimize the causes of possible disasters.
The standard 22.301 establishes a working framework that allows the elaboration of protection plans for all resources (human, material, technological, logistic, ...) that allow the correct development of business activities, guaranteeing all interested parties -including their clients. - the continuity of the same in cases of serious incidents, unforeseen events and disasters.