Related Article: A comparison of the business and technical drivers for ISO 27001, ISO 27002, COBIT and ITIL
Prerequisite: Basic Understanding of ISO 9001, ISO 14001, and ISO 27001
ISO 9001 is about Quality Management Systems – Requirements. This is an international standard that companies can state to be compliant to if audited and certified. This standard originated in manufacturing but now applied in various disciplines.
So ISO 9001 is completely different compared to ISO 27001, COBIT and ITIL in terms of business drivers and technical drivers. This standard is to deal with the quality of executing processes, not measuring and assessing IT controls (COBIT) , not to improve IT services(ITIL) and not for governance(ISO 27001).
ISO 9001 is to ensure the quality of processes and improve them continually. It provides a systematic approach to managing companies’ processes so that they can consistently produce products with the quality satisfying customers. The end result of ISO 9001 is a quality management system in which all processes of a company are standardised. It means the processes are well documented and each participant in the process has a clear role regarding what he/she has to be responsible for.
ISO 9001 states all the requirements companies must meet in order to have a better quality management system but it doesn’t specify in detail how to reach that. It’s similar to ISO 27001 which also includes only a set of requirements to be fulfilled. On the contrary, COBIT and ITIL provides details with performance indicators, checklists because they are frameworks.
From the business perspective, ISO 9001 is not only applicable in IT but in many different fields, and it’s to assist companies in improving their quality management systems, thereby gaining satisfaction in customers. In contrast with ISO 9001, ISO 27001 is to provide customers the confidence in interacting with companies. And for COBIT, it is to provide managers with an in depth view for the performance of the system. And ITIL is to improve the internal IT service level.
Another quality standard to be analysed is ISO 14001. ISO 14001 is part of ISO 14000 families which is about Environmental Management Systems (EMS) and it is the major core of ISO 14000. ISO 14001 helps companies reduce the negative effects on the environment. It’s very difficult but crucial in balancing between building an effective EMS and maintaining profitability. That’s what ISO 14001 is all about. Moreover, environmental impacts have never been hotter so companies are trying to implement this standard with three purposes according to the understanding of the writer: 1) to reduce the impacts 2)to comply with government’s policy 3)to appeal customers.
ISO 14001 offers guidance on introducing and adopting EMS. It also offers certifications for companies who want to be compliant. Compared to ISO 27001 and ISO 9000, it’s also guidance on implementing a systematic approach to setting objectives and targets, to demonstrating they have been achieved, and to improving EMS continually. Besides that, it also doesn’t dictate clearly how to reach the objectives.
Even though identifying the environmental impacts of business’s activities is part of ISO 14001, it does not specify levels for the impacts. The reason is that each industry has different types of impacts with different levels. Therefore, the standard needs to be tailored for each industry which is not the intention. That is why ISO 14001 is a set of generic requirements like ISO 27001 and ISO 9000.
Considering the business drivers for ISO 14001, it can be seen that companies who are implementing this standard are aiming to comply with government standards or to be eco-friendly. There’s nothing related to the information systems (IS). Moreover, it can keep customers and even employees happy by assuring the ethical aspects because they know they are buying products from or working for an environmentally responsible company. According to Rockstad, ISO 14001 is an open opportunity to enter European market due to Europe’s environmental concerns. Besides that, he also states implementing ISO 14001 can actually reduce costs due to recycle programs for waste and better usage of raw material.
As for technical drivers, ISO 14001 doesn’t assist companies in building a more robust IS but to make a change in the business activities and the existing infrastructures so that they can be more eco-friendly while maintaining profitability. However, it does give an insight into the existing processes when implementing so that managers can recognise flaws in the processes and can improve them. Specifically, when implementing ISO 14001, companies have to do gap analysis to compare the current overall performance of their processes with the requirements in ISO 14001. In order to do that, they have to analyse and reengineer their processes. Then they have to understand the standard requirements so they can do comparison. After that, they can see what is going wrong or not done efficiently in their companies.