The ISO 9001 Standard is the standard that defines the requirements of a Quality Management System of an Organization, whether private or public. Since the requirements are of a general nature, they lend themselves to being implemented by all Organizations, of any size, whether they supply products or services.

The choice of a company to have a quality management system certified by an accredited Certification Body guarantees current and potential customers that the operating practices adopted by the company are suitable to provide a product or a service that meets the specified requirements .

This is why many companies choose ISO 9001 certification to improve their performance, streamline their operational processes through their continuous monitoring and improvement, and appropriately train the company personnel to be able to keep their activities scrupulously under control.

The ISO 9001 certification therefore represents a universally recognized “quality mark” that is often requested by customers to guarantee the product or service they purchase and which becomes in some cases a fundamental obligation or credential to work in certain industrial sectors or with Public Bodies .

The approach followed by NeM consultants provides for the identification of those interventions on the operating mode of the Client Company that are suitable to meet the requirements of ISO 9001 standard, maintaining an effective and easily implemented management system without unnecessary superstructures.

The IATF 16949 Standard, based on the ISO 9001 standard, defines the requirements that must be met by the quality management systems of companies that supply products to the “Automotive” sector. The IATF Standard 16949 has made it possible to overcome national barriers and related automobile manufacturers’ specific requirements by establishing common reference requirements for quality management systems in the automotive industry internationally.

IATF 16949 Standard objective is therefore the development of a quality management system oriented towards continuous improvement, emphasizing the reduction of variation and waste along the supply chain.

Currently, having an IATF 16949 certified Quality Management System is a discriminating requirement for suppliers included in Automotive manufacturers’ supply chain.

The IATF 16949 Standard requires the management of business dynamics for processes, focus on the client and its specific requirements and continuous improvement; it defines requirements and rigorous methods (core tools) that can be summarized in:

• analysis and integration of specific customer requirements
• product and production process design
• control and monitoring of production processes
• management of measurement systems
• analysis of results and planning of improvements

NeM consultants, involved in the Automotive certification schemes since their birth in the 90s, have a consolidated mastery of the Automotive issues, a solid knowledge of the requirements of the IATF 16949 Standard and the qualifications necessary to support a company in obtaining and retaining the Automotive Certification.

The ISO 28000:2022 Standard is the standard that establishes the requirements for a Security Management System, taking into account risks related to threats such as terrorism, fraud, theft, counterfeiting and piracy. It is an internationally recognized certifiable standard, which defines the requirements for implementing a Security Management System (SEMS).

The ISO 28000:2022 standard deals with aspects related to physical, IT, transport and organizational security. Among the crucial aspects taken into consideration are the security of activities such as research and development, prototyping and pre-series, manufacturing and production, packaging processes, storage and transfer of goods and merchandise, but also financial ones, information management and human resources security.

The standard is applicable to companies of any size, from the smallest and most local to large multinationals. The ISO 28000:2022 standard represents the ideal framework for identifying and controlling potential critical issues for the safety of sites and factories, people and goods, analyzing potential threats and limiting their possible consequences. In particular, it is essential to:

• Predict the security of R&D activities, project and prototype creation, production and logistics;
• Monitor logistics and handling activities of raw materials, semi-finished goods and finished products in order to prevent alterations, damage or theft during transport;
• Provide detailed codes of conduct to be adopted for security management, either in normal and emergency conditions.

The ISO/IEC 27001:2022 Standard is the standard that defines the requirements of an Information Security Management System.

The standard includes aspects related to logical, physical and organizational security.

Since most of the company information is stored on computer media and represents a very valuable asset for the operation of the company, every organization must be able to guarantee its security, especially in a globalized world where the IT risks caused by violations of protection systems are constantly increasing. The objective of the ISO/IEC 27001:2022 standard is to provide the requirements for a corporate Information Security Management System (ISMS) that is able to protect sensitive data and information from threats of all types, in order to ensure their integrity, confidentiality and availability.

The standard is applicable to Organizations operating in most commercial and industrial sectors, in particular in finance, insurance, services, industry, transport and government/Public Administration sectors.

The structure of the ISO/IEC 27001:2022 standard is aligned with that of all ISO Management Systems, placing particular emphasis on the identification and analysis of risks, their assessment and treatment, and finally the continuous analysis of the evolution of threat scenarios.

ISO 22301 is the standard which defines the requirements for a Business Continuity Management System (BCMS) in order to guarantee the Organization’s ability to protect itself against destructive events that can directly or indirectly affect it and to recover its operations in an organized way .

The requirements specified by the standard can be applied to the whole Organization or a part of it, regardless of the nature, type and size of the Organization itself. The degree of application of the requirements of ISO 22301 depends on the environment in which the organization operates and on its complexity.

The Business Continuity Management System must take into consideration the legal requirements, the reference standards, the products and services provided by the Organization, its processes and the requirements of the interested parties.

The Business Continuity Plan must provide procedures that guide the Organization to respond and restore operations to a predefined level after a destructive event. It must provide for initiatives to be implemented following emergencies that are typically not addressed by the company’s normal management policy such as, for example, a natural disaster (earthquake or flood), the consequences of a terrorist act or a long-lasting power outage or the detention of a critical supplier along the supply chain. The plan must allow the company to overcome an emergency phase while safeguarding its ability to meet the needs of customers and stakeholders and minimizing damage from a managerial point of view.

The Business Continuity Management System must also be able to minimize the consequences caused by a destructive event on:

• employee safety
• loss of productive resources
• the economic losses of customers and possibly of market shares

The procedures established by a Business Continuity Management System must therefore address all operational aspects both inside and outside the company and the relationship with the parties involved. They must be tailored to the specific characteristics and needs of each company.

The ISO 17025 standard establishes the management and technical requirements for the accreditation of testing and calibration laboratories.

While the ISO 9001 Certification refers to the Quality Management System implemented by the Organization / Laboratory, the Accreditation covers both the Management System and each individual test or calibration for which the Laboratory intends to be or is “accredited”

Accreditation is obtained by implementing both the requirements of the ISO 17025 standard and the technical regulations applicable to the tests / calibrations in question. Such technical regulations are envisaged by the Accreditation Body (for Italy, ACCREDIA documents applicable to the test and calibration laboratories).

To access the accreditation services, the Organization requesting it must complete an application consisting of a general section (containing the general information on the Organization) and a specific part for the requested scheme. After acceptance of the application, the Laboratory must send the technical and management documentation to the Accreditation Body and only after a positive evaluation of such documentation the inspection visit to the Laboratory can be planned. This includes any branch offices, or visit to the field where applicable.

If the visit is successful, a Certificate of Accreditation is issued to the Testing / Calibration Laboratory, accompanied by the cards listing the accredited tests / calibrations.

Similarly to the Management Systems, also the Accreditation of the tests / calibrations is subject to periodic surveillance visits and renewal of the Accreditation itself by the Accreditation Body.

The Accreditation of testing and calibration laboratories can be a mandatory requirement at national or international level based on laws / regulations or specific requests of reference markets. For example, the Automotive sector requires that testing and calibration laboratories outside the Organization subject to IATF 16949 certification are accredited according to ISO 17025 or to an equivalent national standard

NeM has the knowledge, experience and methodology necessary to support the Laboratory especially for the management part and also has specific technical skills related to electrical measurements and physical quantities.