kspciso changed

8/6/2019 Kspciso Changed

1/8

Part 3FOOD SAFETY MANAGEMENT SYSTEM ISO

22000:2005

To Ensure Integrity of Food Supply Chain

1. AIM:-I. Control food safety hazards in order to consistently provide safe end

products that meet both requirements agreed with the customerand those of applicable food safety regulation.

II.Enhance customer satisfaction through the effective control of foodsafety hazards.

2. APPLICABILITY: - all type of organisations within the food chain

(Farm to fork)

Feed producers

Primary producers

Food Manufacturers

Transport and storage operators

Subcontractors

Retail and food service outlets (Hotels and caterers)

Manufacturers of Equipment, packing material, cleaning agents&

Additives, Ingredients.

3. FOOD SAFETY: -Preventing food borne hazards at the point ofconsumption

4. METHODOLOGY: - Combine HACCP plans and pre requisite

programmes (PRPs) to ensure hazard control. PRPs are further divided

into infrastructure and maintenance (PRPs) and operational PRPs.

Identify the risks evaluate the risks and take action. Keep improving

through verification of effectiveness.

5. BENEFITS:-

Increased Due Diligence

More Efficient And Dynamic Food Safety Hazard Control

All Control Measures Subjected To Hazard Analysis

Fill The Gap Between ISO 9001:2000 And HACCP.


2/8

System Approach Rather Than Product Approach.

Covers the entire Food chain.

Make the organization ready to meet the requirements of new FOOD

SAFETY ACT.

Easier to meet the new food safety bill requirements Better traceability

6. STEPS IN IMPLEMENTATION

1. Training of top management

2. Identification ofFOOD SAFETY POLICY AND OBJECTIVES

3. Formation of inter disciplinary FOOD SAFETY TEAM & appointment

of Team Leader.

4. Development ofdocumentation of the Quality Manual, Food Safety

Manual and procedures. ( Including the following lower level

documents )

i. Emergency preparedness and response plan

ii. Product description including raw materials ingredients and

food contact materials [also covering statutory & regulatory

requirements]

iii. Prerequisite Programmes (PRP)

iv. Quality Plan

v. Flow diagram, process steps, control measures, traceability

system

vi. Hazard assessment

vii. Selection and assessment of control measures

viii. HACCP Planix. Operational Prerequisite programmes

x. Withdrawal programme(Product recall procedure)

xi. Formats

5. Training of Internal Auditors.

6. Implementation of the system

7. Internal Audits (Food Safety) as per the system and follow up

activities8. Management Review Meetings


3/8

9. Pre-assessment audit by third party auditor

10. Audit of third party auditor and clearance of certification audit in

two phases

10.1 Pre assessment

10.2 Certification (valid for three years)

Part 4INFORMATION SECURITY MANAGEMENT SYSTEM

(ISMS) ISO 27001

1) AIM: - A comprehensive information security management

system (ISMS) plays a critical role in ensuring the ability of your

organization to successfully face information security threats

from a wide range of sources and continue your operations. It is

so due to the present day trend of paperless office and

businesses being too dependent on internet/e-mail

communication/wide area networks etc. Being online can

sometimes be a nightmare. The sources of these threats may

include sabotage, espionage, vandalism, fraud, hacking etc

(remember the Gurgaon or the Bangalore BPO: Bank fraud

cases?)

The standard ISO 27001 lays down the principal elements and policies of

the organizations information security system. These include risk

assessment and management, objectives for control of

information security practices and business continuity

management processes. The standard also seeks the organization to

establish a set of comprehensive and balanced system of measurements

to monitor and review the performance of information security

management system. The risk management and business continuity

management form the most important elements of the standard. Thesehelp the management to determine the priorities for managing

information security risks and identify appropriate actions to address

these risks and to meet the requirements and expectations of interested

parties.

2) BENEFITS

Commitment: certification serves as a guarantee of the

effectiveness of the effort put into rendering the organization secureat all levels, and demonstrates the due diligence of itsadministrators.


4/8

Compliance: certification demonstrates to competent authoritiesthat the organization observes all applicable laws and regulations &contractual requirements.

Risk management: leads to a better knowledge of informationsystems, their weaknesses and how to protect them. Equally, itensures a more dependable availability of both hardware and data.

Credibility and confidence: Partners, Shareholders andCustomers are reassured when they see the importance afforded bythe organization to protecting information. Certification can help setapart a company from its competitors and in the marketplace

Reduced costs related to information security breaches, andpossible reduction in insurance premiums.

Improves employee awareness of information related issues andtheir responsibilities within the organization.

Better Business continuity and recovery from emergency

situations so as to meet SLAs

3) SUMMARY OF THE STANDARD [CONTROL OBJECTIVES]

I. Information security policyProvide management direction and support for information security.

Defines corporate objectives for information security

II. IT security organisation & 3rd party connectionsManage information security within the company. Maintain the securityof organizational information processing facilities and information assets

accessed by 3rd parties (suppliers, partners, customers).Maintain the security of information when the responsibility forinformation processing has been outsourced to another organization.

III. Assets classification and controlDetermine and maintain appropriate protection of corporate assets.

IV. Personnel securityReduce risks of human error, theft, fraud or misuse of facilities. Ensurethat users are aware of information security threats and concerns, andare equipped to support the corporate security policy in the course of

their normal work. Minimize the damage from security incidents andmalfunctions and learn from such incidents.

V. Physical & environmental securityPrevent unauthorised access, damage and interference to businesspremises and information. Prevent loss, damage or compromise of assetsand interruption to business activities. Prevent compromise or theft ofinformation and information processing facilities.

VI. Computer & network management

Ensure the correct and secure operation of information processingfacilities.Minimise the risk of systems failures. Protect the integrity of softwareand information.


5/8

Maintain the integrity and availability of information processing andcommunications.Ensure the safeguarding of information in networks and the protection ofthe supporting infrastructure.Prevent damage to assets and interruptions to business activities.Prevent loss, modification or misuse of information exchanged betweenorganizations.

VII. System access controlControl access to information. Prevent unauthorized access toinformation systems. Ensure the protection of networked services.Prevent unauthorized computer access.Detect unauthorised activities. Ensure information security when usingmobile computing and teleworking facilities.

VIII. System development & maintenanceEnsure security is built into operational systems. Prevent loss,modification or misuse of user data in application systems. Protect theconfidentiality, authenticity

and integrity of information. Ensure IT projects and support activities areconducted in a secure manner. Maintain the security of applicationsystem software and data.

IX. Business continuity planningCounteract or prevent interruptions to business activities and to criticalbusiness processes from the effects of major failures or disasters.

X. ComplianceAvoid breaches of any criminal or civil law, statutory, regulatory orcontractual obligations and of any security requirements.Ensure systems security parameters, operating procedures etc. comply

with organisational security policies and standards.Maximize the effectiveness of and to minimize interference to/from thesystem audit process.

4) STEPS IN IMPLEMENTATION OF ISMS

1. Training of top management

2. Identification of ISMS POLICY AND OBJECTIVES

3. Awareness training to all employees

4. Development of documentation ISMS DOCUMENTS

i. Identification of information assets

ii. Risk assessment methodology [ including legal & contractualrequirements]

iii. Risk assessment

iv. Defining the scope of ISMS

v. Identifying the appropriate control objectives and controls

vi. Statement of applicability

vii. Risk treatment plan

viii. Procedures as per ISMS

ix. Business continuity Plan

x. Formats

5. Training of Internal Auditors.


6/8

6. Implementation of the documented system

7. Internal Audits (ISMS) as per the system and follow up activities

8. Management Review Meetings

9. Pre-assessment audit by third party auditor

10. Audit of third party auditor and clearance of certification audit intwo phases

10.1 Pre assessment

10.2 Certification (valid for three years)

SA8000SA8000 is a global social accountability standard for decent workingconditions, developed and overseen by Social AccountabilityInternational (SAI). Detailed guidance for implementing or auditing toSA8000 is available from its website. SAI offers training in SA8000 andother workplace standards to managers, workers and auditors. It also

operates an accreditation agency that licenses and oversees auditingorganizations to ward certification to employers that comply withSA8000.BasisSA8000 is based on the UN Universal Declaration of Human Rights,Convention on the Rights of the Child and various International LabourOrganization (ILO) conventions. SA8000 covers the following areas ofaccountability:Child labourForced labourWorkplace safety and healthThe right to organizeDiscriminationWorkplace disciplineWorking hoursWagesManagement system for Human ResourcesCorporate social responsibility

Respect for human rightsFair treatment for the workforce

Protecting the environmentEthical behaviour of the organizationBeing a good neighbour

Details of the standard

The first global standard for ethical sourcingDesigned for independent verificationA global standard, designed for useby anycompany, anywhere in the worldHas been developed with stakeholders Isdesigned to take local laws and requirements into account


7/8

Certifications

More than 640,000 workers are employed in 1200 facilities certified toSA8000, in 60 countries and 70 industrial sectors. The industrial sectorswith the most certifications include apparel and textiles; buildingmaterials; agriculture; construction; chemicals; cosmetics; cleaningservices and transportation. The countries with the most certification toSA8000 include Brazil, India, China and Italy.

The cost of acquiring a certification for a factory, farm or office varies with the number ofemployees and the location. It can range up to 10-12,000 USD for large facilities.

Significance

Dominic A. Tarantino, Chairman of Price Waterhouse World Firm described SA8000 in1998 as "the first ever universal standard for ethical sourcing... It provides a commonframework for ethical sourcing for companies of any size and any type, anywhere in theworld. SA8000 sets out provisions for issues such as trade union rights, the use of childlabor, working hours, health and safety at work, and fair pay." However, it does not address

broader issues of ecology or bribery or other issues which may require more consumer or

executive restraint. Tarantino further argued the need for moral leadership: Pricing,products and services are no longer the sole arbiters of commercialsuccess... it is business that must take the lead in taming the global

frontier. Business must take the lead in establishing rule of law inemerging markets. Business must take the lead in stopping bribery.Business must take the lead in bringing order to cyberspace. Businessmust take the lead in ensuring that technology does not split the worldinto haves and have nots."


8/8

1. Benefits Fewer accidents2. Enhanced opportunities to be organized3. A way to address and improve the conditions where people work4. Increased worker awareness about core labor rights5. Enhanced communication to the management6. Evidence that labor rights are good for society and business

7. Improved business practices lead to economic growth and new jobopportunitiesA credible and effective way to put social responsabilityinto action

8. Enhanced company and brand reputation9. Improved employee recruitment, retention and performance10.Gains in quality and productivity11.Savings from fewer workdays lost and lower insurance bills12.Less expensive than an internal compliance program13.Better relationships among workers, trade unions, companies,

customers, NGOs and government

14.Clear, credible information for those who want to make ethicalpurchasng decisions

15.Useful data for socially responsible investors16.Identification of products made under humane conditions17.Identification of companies making progress toward humane

conditions18.Broad coverage of product categories and production geography

Why to implement SA8000

To differentiate and offer value to customers.

Driven by commitment to provide safe workplaces.

Set a global standard that complies with all local laws and customs.

kspciso changed

Documents