kspciso changed
TRANSCRIPT
-
8/6/2019 Kspciso Changed
1/8
Part 3FOOD SAFETY MANAGEMENT SYSTEM ISO
22000:2005
To Ensure Integrity of Food Supply Chain
1. AIM:-I. Control food safety hazards in order to consistently provide safe end
products that meet both requirements agreed with the customerand those of applicable food safety regulation.
II.Enhance customer satisfaction through the effective control of foodsafety hazards.
2. APPLICABILITY: - all type of organisations within the food chain
(Farm to fork)
Feed producers
Primary producers
Food Manufacturers
Transport and storage operators
Subcontractors
Retail and food service outlets (Hotels and caterers)
Manufacturers of Equipment, packing material, cleaning agents&
Additives, Ingredients.
3. FOOD SAFETY: -Preventing food borne hazards at the point ofconsumption
4. METHODOLOGY: - Combine HACCP plans and pre requisite
programmes (PRPs) to ensure hazard control. PRPs are further divided
into infrastructure and maintenance (PRPs) and operational PRPs.
Identify the risks evaluate the risks and take action. Keep improving
through verification of effectiveness.
5. BENEFITS:-
Increased Due Diligence
More Efficient And Dynamic Food Safety Hazard Control
All Control Measures Subjected To Hazard Analysis
Fill The Gap Between ISO 9001:2000 And HACCP.
-
8/6/2019 Kspciso Changed
2/8
System Approach Rather Than Product Approach.
Covers the entire Food chain.
Make the organization ready to meet the requirements of new FOOD
SAFETY ACT.
Easier to meet the new food safety bill requirements Better traceability
6. STEPS IN IMPLEMENTATION
1. Training of top management
2. Identification ofFOOD SAFETY POLICY AND OBJECTIVES
3. Formation of inter disciplinary FOOD SAFETY TEAM & appointment
of Team Leader.
4. Development ofdocumentation of the Quality Manual, Food Safety
Manual and procedures. ( Including the following lower level
documents )
i. Emergency preparedness and response plan
ii. Product description including raw materials ingredients and
food contact materials [also covering statutory & regulatory
requirements]
iii. Prerequisite Programmes (PRP)
iv. Quality Plan
v. Flow diagram, process steps, control measures, traceability
system
vi. Hazard assessment
vii. Selection and assessment of control measures
viii. HACCP Planix. Operational Prerequisite programmes
x. Withdrawal programme(Product recall procedure)
xi. Formats
5. Training of Internal Auditors.
6. Implementation of the system
7. Internal Audits (Food Safety) as per the system and follow up
activities8. Management Review Meetings
-
8/6/2019 Kspciso Changed
3/8
9. Pre-assessment audit by third party auditor
10. Audit of third party auditor and clearance of certification audit in
two phases
10.1 Pre assessment
10.2 Certification (valid for three years)
Part 4INFORMATION SECURITY MANAGEMENT SYSTEM
(ISMS) ISO 27001
1) AIM: - A comprehensive information security management
system (ISMS) plays a critical role in ensuring the ability of your
organization to successfully face information security threats
from a wide range of sources and continue your operations. It is
so due to the present day trend of paperless office and
businesses being too dependent on internet/e-mail
communication/wide area networks etc. Being online can
sometimes be a nightmare. The sources of these threats may
include sabotage, espionage, vandalism, fraud, hacking etc
(remember the Gurgaon or the Bangalore BPO: Bank fraud
cases?)
The standard ISO 27001 lays down the principal elements and policies of
the organizations information security system. These include risk
assessment and management, objectives for control of
information security practices and business continuity
management processes. The standard also seeks the organization to
establish a set of comprehensive and balanced system of measurements
to monitor and review the performance of information security
management system. The risk management and business continuity
management form the most important elements of the standard. Thesehelp the management to determine the priorities for managing
information security risks and identify appropriate actions to address
these risks and to meet the requirements and expectations of interested
parties.
2) BENEFITS
Commitment: certification serves as a guarantee of the
effectiveness of the effort put into rendering the organization secureat all levels, and demonstrates the due diligence of itsadministrators.
-
8/6/2019 Kspciso Changed
4/8
Compliance: certification demonstrates to competent authoritiesthat the organization observes all applicable laws and regulations &contractual requirements.
Risk management: leads to a better knowledge of informationsystems, their weaknesses and how to protect them. Equally, itensures a more dependable availability of both hardware and data.
Credibility and confidence: Partners, Shareholders andCustomers are reassured when they see the importance afforded bythe organization to protecting information. Certification can help setapart a company from its competitors and in the marketplace
Reduced costs related to information security breaches, andpossible reduction in insurance premiums.
Improves employee awareness of information related issues andtheir responsibilities within the organization.
Better Business continuity and recovery from emergency
situations so as to meet SLAs
3) SUMMARY OF THE STANDARD [CONTROL OBJECTIVES]
I. Information security policyProvide management direction and support for information security.
Defines corporate objectives for information security
II. IT security organisation & 3rd party connectionsManage information security within the company. Maintain the securityof organizational information processing facilities and information assets
accessed by 3rd parties (suppliers, partners, customers).Maintain the security of information when the responsibility forinformation processing has been outsourced to another organization.
III. Assets classification and controlDetermine and maintain appropriate protection of corporate assets.
IV. Personnel securityReduce risks of human error, theft, fraud or misuse of facilities. Ensurethat users are aware of information security threats and concerns, andare equipped to support the corporate security policy in the course of
their normal work. Minimize the damage from security incidents andmalfunctions and learn from such incidents.
V. Physical & environmental securityPrevent unauthorised access, damage and interference to businesspremises and information. Prevent loss, damage or compromise of assetsand interruption to business activities. Prevent compromise or theft ofinformation and information processing facilities.
VI. Computer & network management
Ensure the correct and secure operation of information processingfacilities.Minimise the risk of systems failures. Protect the integrity of softwareand information.
-
8/6/2019 Kspciso Changed
5/8
Maintain the integrity and availability of information processing andcommunications.Ensure the safeguarding of information in networks and the protection ofthe supporting infrastructure.Prevent damage to assets and interruptions to business activities.Prevent loss, modification or misuse of information exchanged betweenorganizations.
VII. System access controlControl access to information. Prevent unauthorized access toinformation systems. Ensure the protection of networked services.Prevent unauthorized computer access.Detect unauthorised activities. Ensure information security when usingmobile computing and teleworking facilities.
VIII. System development & maintenanceEnsure security is built into operational systems. Prevent loss,modification or misuse of user data in application systems. Protect theconfidentiality, authenticity
and integrity of information. Ensure IT projects and support activities areconducted in a secure manner. Maintain the security of applicationsystem software and data.
IX. Business continuity planningCounteract or prevent interruptions to business activities and to criticalbusiness processes from the effects of major failures or disasters.
X. ComplianceAvoid breaches of any criminal or civil law, statutory, regulatory orcontractual obligations and of any security requirements.Ensure systems security parameters, operating procedures etc. comply
with organisational security policies and standards.Maximize the effectiveness of and to minimize interference to/from thesystem audit process.
4) STEPS IN IMPLEMENTATION OF ISMS
1. Training of top management
2. Identification of ISMS POLICY AND OBJECTIVES
3. Awareness training to all employees
4. Development of documentation ISMS DOCUMENTS
i. Identification of information assets
ii. Risk assessment methodology [ including legal & contractualrequirements]
iii. Risk assessment
iv. Defining the scope of ISMS
v. Identifying the appropriate control objectives and controls
vi. Statement of applicability
vii. Risk treatment plan
viii. Procedures as per ISMS
ix. Business continuity Plan
x. Formats
5. Training of Internal Auditors.
-
8/6/2019 Kspciso Changed
6/8
6. Implementation of the documented system
7. Internal Audits (ISMS) as per the system and follow up activities
8. Management Review Meetings
9. Pre-assessment audit by third party auditor
10. Audit of third party auditor and clearance of certification audit intwo phases
10.1 Pre assessment
10.2 Certification (valid for three years)
SA8000SA8000 is a global social accountability standard for decent workingconditions, developed and overseen by Social AccountabilityInternational (SAI). Detailed guidance for implementing or auditing toSA8000 is available from its website. SAI offers training in SA8000 andother workplace standards to managers, workers and auditors. It also
operates an accreditation agency that licenses and oversees auditingorganizations to ward certification to employers that comply withSA8000.BasisSA8000 is based on the UN Universal Declaration of Human Rights,Convention on the Rights of the Child and various International LabourOrganization (ILO) conventions. SA8000 covers the following areas ofaccountability:Child labourForced labourWorkplace safety and healthThe right to organizeDiscriminationWorkplace disciplineWorking hoursWagesManagement system for Human ResourcesCorporate social responsibility
Respect for human rightsFair treatment for the workforce
Protecting the environmentEthical behaviour of the organizationBeing a good neighbour
Details of the standard
The first global standard for ethical sourcingDesigned for independent verificationA global standard, designed for useby anycompany, anywhere in the worldHas been developed with stakeholders Isdesigned to take local laws and requirements into account
-
8/6/2019 Kspciso Changed
7/8
Certifications
More than 640,000 workers are employed in 1200 facilities certified toSA8000, in 60 countries and 70 industrial sectors. The industrial sectorswith the most certifications include apparel and textiles; buildingmaterials; agriculture; construction; chemicals; cosmetics; cleaningservices and transportation. The countries with the most certification toSA8000 include Brazil, India, China and Italy.
The cost of acquiring a certification for a factory, farm or office varies with the number ofemployees and the location. It can range up to 10-12,000 USD for large facilities.
Significance
Dominic A. Tarantino, Chairman of Price Waterhouse World Firm described SA8000 in1998 as "the first ever universal standard for ethical sourcing... It provides a commonframework for ethical sourcing for companies of any size and any type, anywhere in theworld. SA8000 sets out provisions for issues such as trade union rights, the use of childlabor, working hours, health and safety at work, and fair pay." However, it does not address
broader issues of ecology or bribery or other issues which may require more consumer or
executive restraint. Tarantino further argued the need for moral leadership: Pricing,products and services are no longer the sole arbiters of commercialsuccess... it is business that must take the lead in taming the global
frontier. Business must take the lead in establishing rule of law inemerging markets. Business must take the lead in stopping bribery.Business must take the lead in bringing order to cyberspace. Businessmust take the lead in ensuring that technology does not split the worldinto haves and have nots."
-
8/6/2019 Kspciso Changed
8/8
1. Benefits Fewer accidents2. Enhanced opportunities to be organized3. A way to address and improve the conditions where people work4. Increased worker awareness about core labor rights5. Enhanced communication to the management6. Evidence that labor rights are good for society and business
7. Improved business practices lead to economic growth and new jobopportunitiesA credible and effective way to put social responsabilityinto action
8. Enhanced company and brand reputation9. Improved employee recruitment, retention and performance10.Gains in quality and productivity11.Savings from fewer workdays lost and lower insurance bills12.Less expensive than an internal compliance program13.Better relationships among workers, trade unions, companies,
customers, NGOs and government
14.Clear, credible information for those who want to make ethicalpurchasng decisions
15.Useful data for socially responsible investors16.Identification of products made under humane conditions17.Identification of companies making progress toward humane
conditions18.Broad coverage of product categories and production geography
Why to implement SA8000
To differentiate and offer value to customers.
Driven by commitment to provide safe workplaces.
Set a global standard that complies with all local laws and customs.