ISO 9001:2015 – Shifting Gears in the New Quality Management Standard

Moving from ISO 9001:2008 to ISO 9001:2015

ISO 9001 is a standard designed for organizations looking to optimize their operational excellence. It helps businesses and organizations to be more efficient and improve customer satisfaction. A new version of the standard, ISO 9001:2015, has just been launched, taking over the previous version.


ISO standards are reviewed every five years and revised if needed to ensure that it maintains its significance in today’s market place. This revision will also serve to bring ISO 9001 up to relevancy with regard to both challenges and opportunities that arise from changing technologies, globalization, and a reinforcement of a risk based approach, as well as structuring the standard to deal with future changes.

What are the Major Differences?

The new ISO 9001 standard aligns with high-level organizational structure, requiring all new ISO management system standards to be aligned on a high-level structure with a set of common requirements. Additionally, there is a greater emphasis on risk-based thinking as a basis for the management system, more focus on achieving value for the company and its customers, increased flexibility regarding use of documentation, and a more approachable structure for service businesses.

There are 10 clauses within the standard and here are the changes clause by clause:

Clause 1 is very similar to the 2008 version covering the scope of the standard and there has been very little change to this clause.

Clauses 2 and 3 cover normative references and term and definitions, both these clauses reference ISO 9000, Quality Management System – Fundamental and vocabulary which provides valuable guidance.

The remainder of the clauses includes some new key elements which need to be considered when implementing the new standard.

Clause 4: Context of the Organization

This is a new clause that in part addresses the depreciated concept of preventive action and in part establishes the context for the QMS.

Clause 5: Leadership

This clause places requirements on top management to demonstrate commitment to the QMS through taking accountability for the effectiveness of the QMS, establishing policies, objectives and promotion of continual improvement.

Clause 6: Planning

When planning the QMS, the organization will need to consider the external and internal issues along with needs and expectations of interested parties.

Clause 7: Support

The organization shall determine and provide the necessary resources to establish, implement, maintain and continually improve the QMS.

Clause 8:  Operation

This clause deals with the execution of the plans and processes that enables organization to meet their quality policy and quality objectives.

Clause 9:  Performance Evaluation

This clause sublimates all requirements for monitoring and measurement related to quality performance and effectiveness of their QMS.

Clause 10:  Improvement

The organization must determine the opportunities for improvement to continually improve the organization’s QMS.


Impact of the New Standard

ISO 9001:2015 is now taking off to replace ISO 9001:2008. Organizations who are already ISO 9001 certified should begin tracking their progress of the revision process and familiarize themselves with the various changes made. To maintain your certification to ISO 9001, you will need to upgrade your quality management system to the new edition of the standard and seek certification to it. You have a three-year transition period from the date of publication (September 2015) to move to the 2015 version. This means that, after the end of September 2018, a certificate to ISO 9001:2008 will no longer be valid.

According to the International Accreditation Forum (IAF), there are a number of recommended actions that organizations can take to successfully transition to the new requirements of ISO 9001:2015. These include:

  • Conduct a gap analysis

Identifying the gaps between current practices and the new requirements is the most effective way to evaluate the changes that are required in your current QMS.

  • Develop an implementation plan and timetable

A formal implementation plan and schedule will help your organization address the required changes within the anticipated three-year transition period.

  • Provide appropriate training for all parties

Ongoing education and training for all relevant personnel are critical to achieving the goals of your transition plan. More important, educated stakeholders are vital in ensuring ongoing compliance once the transition is complete.

  • Update existing QMS documentation

Clear and thorough documentation is essential to demonstrate compliance with the requirements of the revised standard and to help reduce the risk of nonconformities.

  • Involve your certification partner early in the process

An experienced certification body can provide invaluable assistance in the process of transitioning to the requirements of ISO 9001:2015. Its early involvement can help your organization save time and money.


In a nutshell, there are new areas that organization need contemplate in the implementation of the new standard, but it provides opportunity to review your current approach and modify it if necessary. This can help your business to grow, increase profitability and increase customer satisfaction. It is now a powerful business improvement tool for all sizes and types of organizations to help them remain irrepressible and achieve sustainable growth.



Confidence on the Cloud – A New Cloud Privacy Standard (ISO 27018)

The Cloud Today

The growing marketplace of cloud computing.

Cloud computing’s growth in use and popularity has been soaring at a great pace! According to Gartner (2013), the marketplace for cloud computing will grow ~20% to USD 131 billion in 2017 from USD 111 billion in 2012.

What’s more?

2016 will be a defining year for cloud as this cutting-edge technology will just get more sophisticated in the next few years.

The Cloud Landscape

Cloud computing started as an in-house infrastructure established by companies such as Microsoft, Google and Amazon to serve their individual business needs. This consists of a set of technologies and service models that focus on Internet-based use and delivery of IT applications, processing capability, storage and memory space.

But now it has evolved into a platform that most part of our daily life is dependent on. While public and private cloud offers one means to differentiate the infrastructure sharing options, SaaS (Software as a Service), PaaS (Platform as a Service) and IaaS (Infrastructure as a Service) have come to define the extent and level of control held by the cloud service provider (CSP) vs. the cloud user.

According to National Institute of Standards and Technology (NIST), the “cloud” is composed of five essential characteristics.

  1. the on-demand self-service which implies that a customer can order service via the web or some other method at any point in time, to become immediately available for his or her use.
  2. the broad network access, in the sense that services are available over the network and are accessed through standard mechanisms (mobile phone, tablet, laptop, etc.).
  3. Other characteristics are the rapid elasticity of the cloud capabilities and the fact that it is a measured service – means additional capacity remains available and accessible on an ‘as needed’ basis and customers are automatically billed for their consumption.
  4. Last but not least, resource pool, meaning the provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand.

The Confidence for Tomorrow – ISO 27018

The massive courses of data across cloud computing services are becoming ever more complex. Identifying and protecting personal data in those flows is becoming a daunting issue for many cloud service providers and cloud users. Given the substantial data protection risks, cloud computing measures need to be undertaken in order to mitigate their effect to the benefit of the cloud computing industry and its clients.

While there are several laws and regulations around it, a common benchmark or standard was lacking for some time. ISO 27018:2014 – Information technology — Security techniques — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors is the first set of international privacy controls launched.

Following and using the privacy controls foreseen in ISO 27018 offers greater assurance for service providers that they are doing the right thing and doing everything recommended to protect customers’ personal information. This mechanism also offers beneficial effect for both cloud providers and cloud users – if a consumer is buying cloud services, it can help them to identify the requirements for selecting a cloud provider and in defining contractual clauses and for cloud service provider, it can provide them with a unique selling proposition to potential clients because as more clients become familiar of the standard, the more that they will see it in their request proposal.

ISO 27018 has taken into account as a public policy from around the world as it integrates input from many regional regulators. A cloud service provider and it’s conformation to the standard makes the whole job of compliance to particular legislation in one country or region that much easier. The standard provides a common set of guidelines for the whole industry and adds needed protections to improve PII security and defiance in an increasingly cloud-based information environment.

ISO 27018 – Quick Overview

Key Elements of the Standard

ISO 27018 is a standard out forward by Internal Organization for Standardization (ISO) that seeks to create a common set of security categories and controls that can be implemented by a public cloud computing service provider acting as a data processor. In order to fulfill the standard, cloud service providers must understand the following key elements:

  1. Personally Identifiable Information (PII) instead of Personal Data

Scope of “personal data” is not only about the information that “can be used” or “linked” to a PII principal/ data subject, but “any information” relating to an identifiable natural person 

  1. Cloud Providers as Data Processors

In ISO/IEC 27018 the client is regarded as PII controller and the cloud service provider is the PII processor.

  1. Personal Data Protection Principles

The ISO/IEC 27018 contains a comprehensive set of controls regarding:

  • Information security policies
  • Organization of information security
  • Human resource security
  • Asset management
  • Asset control
  • Cryptography
  • Physical and environmental security
  • Operations and communications security
  • System acquisition, development and maintenance
  • Supplier relationships
  • Compliance
  • Information security aspects of business continuity management.

As the PII processor enables the cloud service client to comply with its regulatory obligations (data protection), through this controls, PII processor conforms to its own obligations, either legal or contractual.

  1. Accountability and Certification

Elements of the principle of accountability are incorporated into the standard, in particular the data breach notification, privacy by design, audits and certifications. In general, the standard may be seen as an instrument that assists the PII processor to comply with the principle of accountability requirements. Key to the demonstration of compliance in the context of the principle of accountability is third party certification. The cloud service provider that implements the new standard may ask for a conformity assessment, in order to be certified for complying with the standard.

In order to comply with the standard, participating cloud service providers must provide transparency in the following practices:

  • only process personal data in accordance with the customer’s instructions;
  • only process personal data for marketing or advertising purposes with the customer’s express consent;
  • be transparent around the use of sub-processors (which will include providing the names of, and any possible locations where the data may be processed by, any sub-processors);
  • ensure that staff who have access to personal data enter into confidentiality agreements and receive appropriate staff training;
  • make required disclosures to law enforcement authorities and/or regulators only when legally bound to do so;
  • assist cloud customers to comply when individuals assert their access rights; and
  • help cloud customers comply with their notification obligations in the event of a data breach.

Top 10 Things to Know about Cloud Security and ISO 27018

Way Forward

The current landscape for cloud security standard is best characterized as immature but emerging. ISO 27018 provides a transparent guidance for cloud service providers to establish privacy protection and allows businesses to make careful decisions about the cloud. But even with the present guidelines that ISO 27018 provides, it can also serve as reference point for standards’ future improvement. As the first international standard dedicated for cloud privacy, it initiated CSPs interchange of ideas on providing the best practice on data privacy and security.  ISO 27018 is an important step to protecting PII in the cloud, it emerges from previous ISO guidelines and it will continue to evolve along with cloud service providers’ technology to provide more secure services for the growth and success of businesses.

ECC International is a leading process improvement solutions provider in Southeast Asia, focused on process consulting, automation solutions and learning outsourcing services. We help companies achieve performance excellence by assisting them implement management systems and international standards/best practices across multiple domains and industries.

Our partnerships with nest-in-class technology companies help drive sustained excellence for our customers. As a solutions provider with instructional design capability and subject matter expertise in niche areas, we help organizations implement learning strategies and design learning content for improved performance.

APEX Global (The Academy for Professional Excellence) is the learning solutions arm of ECCI – the leading process improvement solutions provider in Southeast Asia.

Our sole aim is to promote performance excellence among professionals. We help our customers achieve greater success through effective, experiential and result – oriented training delivery.

Empowered with a strong pool of expert trainers and facilitators having expertise in a niche array of domains and a strong regional presence, we provide an extensive portfolio of excellent industry specific and functional programs coupled with high quality training materials to provide best –in – class services for professionals around.

We are a market leader when it comes to Information Security and Risk Management solutions (in the form of training, consulting and GRC solutions- in SE Asia.

To learn more about cloud security, ISO 27018 guidelines and requirements, correlation with existing standards such as ISO 27001 and EU Data Protection Laws, join us at the Confidence on the Cloud- Data Security Best Practices based on ISO 27018 training program.




On The Road to Sustainability

ISO’s current portfolio of nearly 19,000 standards provides solutions in all three dimensions of sustainable development – environmental, economic and societal.

Here are some examples of achievements by the international community, represented at Rio+20, working within the ISO system. The examples illustrate how ISO standards serve as tools in the three dimensions of sustainable development.


Environmental Management

One of the concrete results following on from the United Nations Conference on Environment and Development, in Rio de Janeiro, in 1992, was the development by ISO of the ISO 14000 family of standards for environmental management which translates into action ISO’s commitment to support the objective of sustainable development discussed at the first Earth Summit. In essence, the ISO 14000 family provides a framework for organizations large and small, in manufacturing and services, in public and private sectors, in industrialized, developing and transition economies, to : Minimize harmful effects on the environment caused by their activities:

Meet regulatory requirements

Achieve continual improvement of their environmental performance

Improve business performance through more efficient use of resources.

Has the ISO 14000 family actually made a difference?

The increasing number of users is an important element in the answer. At the end of December 2010, 14 years after publication of the first edition of ISO 14001, which gives the requirements for environmental management systems, the standard was being implemented by users in 155 countries and economies. These include both public and private sector organizations, large and small, in manufacturing and services, in developed and developing economies. In addition to ISO 14001, the ISO 14000 family includes 25 other standards addressing specific challenges such as lifecycle analysis, environmental labelling and greenhouse gases (see next section).

Climate change

The ISO 14064:2006 series and the ISO 14065:2007 standard provide an internationally agreed framework for measuring greenhouse gas (GHG) emissions and verifying claims made about them so that “ a tonne of

carbon is always a tonne of carbon ”. They support programmes to reduce GHG emissions as well as emissions trading programmes. Beyond their welcome by the United Nations Framework Convention on Climate Change, they are now being implemented on a day-today basis by users as varied as a New Zealand printer, a Norwegian shipping company, an Indian construction company and the Spanish organization that is one of the world’s largest transport infrastructure providers.

ISO and the Environment

The ISO 14000 family is the most visible part of ISO’s work for the environment. In naddition, however, ISO offers a wide-ranging portfolio of standardized sampling, testing and analytical methods to deal with specific environmental challenges. It has developed more than 650 International Standards for the monitoring of aspects such as the quality of air, water, soil and nuclear radiation. These standards are tools for providing business and government with scientifically valid data on the environmental effects of economic activity. They may also be used as the technical basis for environmental regulations. Other environment related work includes standards for designing buildings, or retrofitting existing ones, for improved energy efficiency.


ISO standards provide solutions and achieve benefits for almost all sectors of activity, including agriculture, construction, mechanical engineering, manufacturing, distribution, transport, healthcare, information and communication technologies, food, water, the environment, energy, quality management, conformity assessment and services.

Efficiency, Effectiveness, Innovation

These standards contribute to sustainable economic development by increasing efficiency, effectiveness and, therefore, conserving resources. They keep the wheels of industry turning by providing specifications, dimensions, requirements and testing and maintenance regimes for engineering, construction, production and distribution.

They ensure compatibility and interoperability of the information and communications technologies that have become the backbone of almost every sector. They speed up the time to market and diffusion of products and services derived from innovation, such as nanotechnologies and vehicles powered by electrical batteries or hydrogen. They facilitate trade, providing a basis for agreement between business partners and the technical support for regulation.

Economic Benefits

Several studies have found that the economic benefits of standardization represent about 1 % of gross domestic product. This shows that standards make an annual contribution of GBP 2.5 billion to the economy, and attribute 13 % of the growth in labour productivity. Standards and related conformity assessment (checking that products and services measure up to standards) have an impact on 80 % of the world’s trade in commodities.

Management Standards

ISO 14001, referred to above, is a management system standard like the pioneer in this field, ISO 9001 for quality management. These are among ISO’s best-known 14001 has since been followed by other standards for the needs of specific sectors, or to address specific issues.

They include:

Information security (ISO/IEC 27001)

Food safety (ISO 22000)

Supply chain security (ISO 28000)

Energy management (ISO 50001)

Road traffic safety management

(ISO 39001 – under development).

Although the ISO 31000 standard for risk management is not a management system standard, it shares with this category the attribute of being generic, providing benefits for any organization in the public or private sector.

 These benefits may be economic, environmental or societal, making it an important tool for sustainability.

Social Responsibility

1 November 2010 saw the publication of ISO 26000 which gives organizations guidance on social responsibility, with the objective of sustainability. The standard was eagerly awaited, as shown by the fact that a mere four months after its publication, a Google search resulted in nearly five million references to the standard. This indicates there is a global expectation for organizations in both public and private sectors to be responsible for their actions, to be transparent, and behave in an ethical manner. ISO 26000, developed with the engagement of experts from 99 countries, the majority from developing economies, and more than 40 international organizations, will help move from good intentions about social responsibility to effective action.


ISO offers more than 1 400 standards for facilitating and improving healthcare. These are developed within 19 ISO technical committees addressing specific aspects of healthcare that bring together health practitioners and experts from government, industry and other stakeholder categories. Some of the topics addressed include health informatics, laboratory equipment and testing, medical devices and their evaluation, dentistry, sterilization of healthcare products, implants for surgery, biological evaluation, mechanical contraceptives, prosthetics and orthotics, quality management and protecting patient data. They provide benefits for researchers, manufacturers, regulators, healthcare professionals, and, most important of all, for patients. The World Health Organization is a major stakeholder in this work, holding liaison status with 61 of ISO’s health related technical committees (TCs) or subcommittees (SCs).


There are some 1 000 ISO food-related standards benefitting producers and manufacturers, regulators and testing laboratories, packaging and transport companies, merchants and retailers, and the end consumer. In recent years, there has been strong emphasis on standards to ensure safe food supply chains. At the end of 2010, five years after the publication of ISO 22000, the standard was being implemented by users in 138 countries. At least 18 630 certificates of conformity attesting that food safety management systems were being implemented according to the requirements of the standard, had been issued by the end of 2010, an increase of 34 % over the previous year. The level of inter-governmental interest in ISO’s food standards is shown by the fact that the UN’s Food and Agriculture Organizations has liaison status with 41 ISO TCs or SCs.


The goals of safe water and improved sanitation are ingrained in the UN Millennium Development Goals. ISO is contributing through the development of standards for both drinking water and wastewater services and for water quality. Related areas addressed by ISO include irrigation systems and plastic piping through which water flows. In all, ISO has developed more than 550 water-related standards. A major partner in standards for water quality is the United Nations Environment Programme.

*This article was originally published in ISO Focus Magazine. The text is based on the brochure, Rio+20 – Forging action from agreement – How ISO standards translate good intentions about sustainability into concrete results.


Energy Efficiency Standards Ensures Savings for Green Buildings

Rising energy consumption has always been a cause of concern for the Malaysian government in the last few years. The appearances of green building constructions and developments confirm the need for more environmentally friendly buildings in the country – especially to conserve the high usage of energy and electricity in buildings for a modern country such as Malaysia.

In a previous report by the Energy Commission of Malaysia, the country has steadily increased its electricity usage by compound annual growth rate (CAGR) of 3.9% from 2005 – 2009. It is even more alarming to note that 78% of the electricity consumed was by Industrial and Commercial sectors for infrastructure operations in 2009.

Why Green Building in Malaysia?

One of the biggest advantages of constructing green buildings is the cost-saving benefits both in the short and longer term. Utilisation of recycled materials to construct the building immediately lowers your short term cost whilst putting in place longer term solution such as energy saving devices helps lower the longer term cost impact of building maintenance and repairs.

On top of the obvious cost-savings benefits, many construction and developers firm are also constructing greener; more sustainable building simply because of the market’s higher valuation on such properties. Both residential and commercial properties stand to gain a higher resale value since buyers are aware that maintenance cost in the longer term will be lower than non-sustainable developments.

The government’s incentive also proves to be effective in driving the development of green buildings in Malaysia. In 2009, the Ministry of Energy, Green Technology and Water published a guidebook on various incentives for developers and encouraging the industry to obtain Green Building Index (GBI) certification. Attractive incentives includes 100% tax exemption on any GBI qualifying expenses (QE) until 2014 and also stamp duty exemption for purchases incurred on such accredited GBI properties in Malaysia.

Realizing the cost savings potential of green buildings, many property developers in Malaysia are actively turning green to join the race. Corporation such as Teliti International has plans to build a 120,000 sq ft green datacentre whilst Faber Group Berhad will spearhead a pilot project to conduct energy audit at five local government hospitals in Malaysia for efficient energy usage.

Whilst qualifying for tax and stamp duty exemption may be a credible reason for adopting GBI; there are other longer term solutions for building cost management. Even if the organisation does not plan on adopting GBI, there are alternatives for cost reduction such as adopting a good energy management system that can help the organisation lower its overall long term maintenance and energy cost.


Developed by BSI, the BS EN 16001 Energy Management System (EnMS) standard has provided many organisations with the necessary framework to manage, monitor and react to its own energy consumption patterns. It allows management to plan for the reduction of energy usage thus saving costs from daily building maintenance and operations. The framework also helps to boost productivity of staff members by identifying critical points of energy wastage and affecting behavioural changes to effectively reduce energy consumption in the organisation.

SAVING Cost with a Good Energy Management System

However, the real value of the BS EN 16001 EnMS standard is not only in the implementation of the framework but rather on the certification to the standard. Certifying against BS EN 16001 EnMS induces
critical self-assessment upon the organisation management through periodic auditing to constantly evaluate and monitor the energy consumption of the organisation. BSI Group auditors are qualified to  organise annual audit sessions to ensure that the organisation is not merely complying to a minimum standard for energy reduction but pushing beyond to save more by being efficient with their energy consumption through a formal ‘plan, do, act and check’ cycle.

The recent launch of a new energy management standard by the International Standards Organisation (ISO) also provides organisations with a further option. Experts from the BSI Group were actively involved in the formulation of the ISO 50001 Energy Management System standard which is planned to supersede the BS EN 16001 EnMS by 2012 as the international standard for energy management.

While green-friendly devices can help reduce energy wastage and unnecessary consumption; it is often people and entrenched practices that prevent optimal energy usage. After all, a green building is only just another building if not for those whom chooses to go green in their everyday practice. BSI Group’s BS EN 16001 EnMS and the recently launched ISO 50001 EnMS standards offer a formalised energy policy management framework to help ensure that green buildings are not only built green but continue to be operated in an environmentally friendly manner.

This article is republished with permission from our Knowledge Partner, BSI.


Bill Shock ISO 14452! Customer complaints down, satisfaction up!

This article originally appeared in ISO Focus magazine, written by Bill Dee – Convenor of the ISO/COPOLCO, Danny Ilan – Secretary of ISO/TC 239, and Neil Avery – consumer and public interest representative with the British Standards Institution and Editor of ISO 14452.

How many times have you found your bills confusing, overloaded or simply inaccurate? Have you ever had problems paying, or been unclear about how to switch suppliers? Billing problems are a major cause of complaints made to utilities and utility industry ombudsmen. While the market has never fully addressed this failure itself, a new International Standard  – ISO 14452, Network services billing – promises to make billing clearer, more customer friendly and better all round.

Against a background of market failure to resolve ongoing billing issues, and following
related surveys, the ISO Committee on consumer policy (ISO/COPOLCO)
stepped in. ISO/COPOLCO’s working group on consumer protection in the global marketplace highlighted a need for an International Standard on this critical consumer matter.

ISO 14452 aims to provide a market based, market sensitive way of dealing with
customer concerns about billing. The problem Customers often experience problems
such as :
• Bill shock
• Bills that are complicated, overloaded with information and confusing
• Unclear pricing
• Inaccurate bills
• Difficulties with payment methods
• Unclear information on offers and how to switch suppliers.

Billing problems occur for many reasons.

These include :
• Poor pre-billing processes, for example in customer service, tariff and
data management, meter reading and informing customers about billing
• Unsatisfactory billing procedures and practices, leading to delayed or inaccurate bills
• Poorly presented, unclear bills and statements
• Ineffective post-billing processes to deal with disputes and inquiries, payment
and debt collection, vulnerable consumers and final bills for customers changing supplier
• Inappropriate customer expectations, based on confusing advertising or promotional materials, and on complicated tariffs.

Restoring confidence
Clearer bills help customers verify the accuracy of charges and make them more
confident about their bills and their supplier’s performance. In competitive markets, this
also helps customers to choose the best and most suitable supplier.

Utilities benefit from ISO 14452 too – for a start, they should receive fewer
complaints. This will reduce their operating costs, improve debt recovery, and increase
customer satisfaction and loyalty. In addition, by using a common International
Standard and billing practices, multinational utility companies can reduce their costs.

ISO 14452 helps utilities ensure that they provide their customers with clearly
comprehensible, accurate, timely and complete bills, giving them enough information
to verify their charges. In this respect the standard :
• Defines the minimum requirements for billing and payment collection
• Prevents or reduces complaints by tackling key issues
• Ensures that suppliers assist customers by billing appropriately and
• Creates and sustains a fairer, longer term supplier-customer relationship
• Provides benchmarks for customer expectations
• Allows for the implementation of smart metering technology and the provision of improved customer information
• Facilitates innovation in billing, enabling suppliers to differentiate their services.

The solution
ISO 14452 is aimed at utility bills which include an element of metered or measured
consumption. However, many of its key principles apply to all forms of billing and
the standard states that suppliers should adopt its requirements even if usage is not
metered or otherwise measured. Regional or national factors may require the standard to be adapted to meet prevailing cultural, social, economic, regulatory and even climatic conditions.

ISO 14452’s scope specifies minimum billing requirements for all consumptionbased
utility network services to domestic customers. This includes the processes
required to produce the bill and address any issues after it has been sent out. It also
provides guidelines for the content of the billing document or statement.

The standard applies to services which are unmetered, metered at the point of delivery,
or metered remotely (for example at the supplier’s own premises). It covers any
unmetered or unmeasured charges appearing on the same bill as metered or measured
charges, as well as flat-rate charges. The standard does not cover pricing, except as a requirement to provide information to customers. It applies only to billing for consumption-based utility network services, and to all bills or statements for such services in which there is an ongoing supplier-customer account relationship, regardless of the payment method used.

The scope of the standard includes : bills for metered consumption ; bills where a
formula is used to estimate consumption (for example, water bills based on the
number of persons per household or the size of the house) ; and flat fees charged
regardless of consumption (for example, telephony or internet bills where the tariff
allows unlimited usage).

It also applies to pre-payment customers where a supplier bill or account is needed for
in advance with the cost of consumption; or where the customer expects to receive a bill
based on point of sale or other advertising (for example, mobile telephony and energy
metering) in which codes, keys, electronic dongles or electronic cards are used to load
and reload the service and to indicate what was purchased.

The standard does not cover unbilled services (mobile telephony paid for by prepurchased
SIM cards that are unmetered, for example) and unbilled services funded directly by the taxpayer.

Putting customers first
The standard recognizes that effective policies and procedures are needed to
identify and then manage the needs of vulnerable customers. Procedures include
detailed guidance to help staff to identify vulnerable customers and ensure that
specialist support is provided when a customer cannot understand advice given or
take the necessary action.

Processes exist to ensure that customers can contact their supplier easily, make
complaints and obtain appropriate redress where necessary. In competitive utility markets it is also important that customers can easily end the contract and/or switch suppliers. The standard ensures there are no unnecessary barriers to switching and that transfers are completed within agreed timescales.

Finally, ISO 14452 also stipulates that compliance and continual improvement systems need to be developed and implemented. This is to ensure that billing procedures are regularly reviewed and updated  to reflect customer feedback and external best practice.


Building blocks – ISO standards as powerful tools for taking action

This article originally appeared in ISO Focus magazine, written by Martin Danvers representing the UK on the ISO Technical Management Board.

Recently it was reported that the world’s population had reached seven billion. Although a rough estimate, of only arbitrary significance, the figure is a pointed reminder of the rapidly growing pressure that is threatening the ability of humans to live safely and comfortably with each other, with other species with which we share our habitat and, of course, with the habitat itself.

Although we cannot reliably predict when and how this pressure will result in an irreversible collapse of our ability to coexist with our environment, it has for some time been clear to most informed opinion that radical changes in our behaviour are needed to prevent this breakdown. In essence, this is what sustainability is all about.

The concept is easy to understand, but elusive to define or to underpin with a coherent and exclusive set of principles. This can be a problem for those of us in the ISO community whose instinct as professional standardizers is to define, codify and classify.

One view on sustainability is grounded in the concept of “ sustainable development ” summarized in the 1987 report of the Brundtland Commission : “ …meeting the needs of the present without compromising the ability of future generations to meet their own needs ”.

Whilst it goes on to discuss the eradication of poverty, it fails to reflect the fundamental cultural reality that one person’s needs may be vain aspirations for many, and nonnegotiable demands for others. This takes us into a realm of socio-economic relativism that can be unfamiliar and uncomfortable territory for some.
Three pillars

This view of sustainability goes beyond its roots in physical environmental concerns, so that it is now perceived as being supported by three distinct but essential pillars : environmental, economic and societal.

The economic pillar comprises the established global trading system, seen as a political inevitability and as a driver for rising standards of living. From a standardization perspective it is often taken for granted, since standardization originated as a tool for supporting commerce and enhancing economic growth.

The environmental pillar reflects the need to use the earth’s resources, both finite and renewable, so that future generations can be supported effectively, safely and harmoniously. For standardization this is now fairly familiar territory, and standards such as the ISO 14000 series on environmental management have been making a worthwhile impact for over a decade.

The societal pillar is constructed around the idea that the economic and environmental pillars will inevitably fail unless attention is given to a more equitable distribution of wealth and opportunity. It acknowledges that competition within a rapidly expanding human population for increasingly scarce natural resources will eventually lead to cataclysmic conflict from which nobody and nowhere will be immune.

These social concerns are complex and pose considerable challenges to traditional standardization techniques. It was met successfully with the publication ISO 26000:2010, Guidance on social responsibility. It is significant that the title does not reflect the more familiar “ corporate social responsibility ” term. Whilst large organizations have the potential to make a greater impact by their actions, social responsibility is regarded as being too important a principle to be restricted solely to corporations.

The intention behind ISO 26000 is that it reflect appropriate behaviours for organizations of all types and sizes (and therefore, by implication, by individuals) to bring about the fundamental changes in human social interactions necessary to support a sustainable future.

Obviously, the mere existence of a voluntary standard will not cause these changes to take place. However, ISO 26000 is becoming increasingly influential. Not only is it surpassing many of the expectations of its original proponents, but is serving as a credible reference point for initiatives by national governments and international agencies.
ISO’s contribution

ISO standards that broadly address some aspects of sustainability have been with us for many years. Indeed, there is a strong argument that a significant long-term contribution towards the achievement of a sustainable future has been made by the very existence of ISO : a global, self-financing, non-governmental body that, using a consensual decision-making model, involves a wide range of relevant stakeholders to establish formal, structured codifications on which common expectations can reliably be based.

As ISO evolves its processes for simpler and wider engagement in its work, the grounds for that assertion will inevitably become stronger. However, it has to be emphasized that ISO is not, in the narrow sense, a political movement. Its principal task is to produce standards that are attractive, authoritative and practical tools for voluntary application by those who wish to use them.

During the last five years, sustainability has become more prominent in the collective consciousness of public, governmental and commercial organizations. As a result, an explicit commitment to sustainability has been reflected in standards for those areas of economic activity where it is most pressing, notably construction and the management of water, waste and energy.

For the near future it is likely that standards addressing supply chain issues, employment and, in the widest sense, management systems, will become established as popular and effective tools for codifying common expectations, underpinning regulatory measures and demonstrating commitment.

In the longer term, we can expect sustainability to become a fundamental principle for ISO standards in just the same way as market relevance. Those parts of the global market that conclude that sustainability is not market relevant might well find themselves without a market.


Strategic CSR – Creating Shared Value

After successful organizations in Manila, Bangkok, Kuala Lumpur, Jakarta, Ho Chi Minh City, and Singapore, the 2011 Asian Forum on Corporate Social Responsibiltiy (AFCSR) returned to its roots in the Philippines to celebrate its 10th year of running the AFCSR with a new thrust for the next decade. Held last October 18 & 19, 2011 at the Edsa Shangri-La Hotel, this year’s theme is Strategic CSR – Creating Shared Value.

 This is supported by an overriding framework and five core topics.

1. ASSESSMENT and FORMULATION of the firm and its internal and external “environment” – culture, capabilities, industry structure, etc.
2. IMPLEMENTATION that focuses on the advantages and disadvantages of efforts to sustain company CSR projects.

The new FRAMEWORK positions CSR within the companies’ value chain in relation to the roles and responsibilities of both internal and external shareholders and stakeholders with regard to company CSR projects and programs.

In one of the special tracks for Monitoring and Evaluation, ECCI Country Manager, Karthik Subburaman shared his thoughts on the importance of integrating ISOs for Environment, Risk Management and CSR.

CSR is going the way of TQM where standards are now being considered as CSR expands globally.  Consider only the ISO structure: the relatively recent ISO 26000 covers still voluntary guidelines on social responsibility. However, ISO 26000 overlaps and is related to other ISOs: 31000 on Risk Management, 50001 on Energy Management, 14000 on Environmental Management, as well as the long-standing ISO 9000 on Quality Management. As more companies around the world undertake CSR initiatives, it is useful to assess the relationship among the different ISOs and highlight commonalities and differences.

Karthik gave some key points on how to become a sustainable enterprise:

  • Understand the cases for CSR and address the SHEAR zones
  • Know your strategic options and make the best choice based on the needs
  • Comprehend the extent of applicability and tolerance in your business to sustainability issues before integrating it.

But most importantly, it is vital to remember that integrating existing business units for effective operations is a struggle in itself and looking for an immediate solution is no effective way to achieve sustainability.