Receiving a certification for ISO 9001 informs your customers that your company is committed to providing enhanced customer satisfaction and meeting all applicable customer and regulatory requirements. In other words, it helps solidify your customers belief that you will get the job done right because you have instituted a quality management system that confirms you meet your obligations. ISO 9001 is a broad-based management system standard, and therefore can be applied to any manufacturing or service industry. The newest version of the internationally recognized standard, ISO 9001:2015 was published September 15, 2015.
These series of ISO standards deal primarily with environmental management systems. It prescribes controls for those activities that have an effect on the environment. These include the use of natural resources, handling and treatment of waste and energy consumption. When your company obtains an ISO 14000 registration, you are showing that you are committed to minimizing harmful effects on the environment through its activities (i.e. production, disposal, etc.) and to continually improve your environmental performance. If you are a supplier to automotive customers or exporting product to the European and/or Asian markets, then ISO 14000 registration is especially important to you.
OHSAS 18001 is the latest certification specification for Occupational Health and Safety Management Systems. It is based on already published criteria such as BS 8800 and the Management Regulations 1992. OHSAS 18001 is an audit/certification specification, not a legislative requirement or a guide to implementation.
Registration to OHSAS 18001 demonstrates a commitment to implement, maintain and improve the way in which you manage your Health and Safety system providing your organization confidence about meeting the requirements of Health and Safety legislation.
A worldwide standard specifically aimed at IT Service Management. It details an integrated set of management processes for the effective delivery of services to the business and its customers. The standard complements the process approach defined within ITIL from the Office of Government Commerce (OGC).
ISO/IEC 20000 consists of two parts:
- ISO/IEC 20000-1:2011 is the formal Specification and defines the requirements for an organization to deliver managed services of an acceptable quality for its customers.
- ISO/IEC 20000-2:2011 is the Code of Practice and describes the best practices for Service Management processes within the scope of ISO/IEC 20000-1. This will be of particular use to organizations preparing to be audited against ISO/IEC 20000 or planning service improvements.
ISO/IEC 27001 specifies requirements for the establishment, implementation, monitoring and review, maintenance and improvement of an overall management and control framework – for managing an organization’s information security risks. The standard covers all types of organizations (e.g. commercial enterprises, government agencies and non-profit organizations) and all sizes from small businesses to huge multinationals. By receiving certification for ISO 27001 you show your clients that bringing information security under management control is a prerequisite for sustainable, directed and continuous improvement.
GMS Registrar is a Federal Risk Authorization and Management Program (FedRAMP) accredited Third Party Assessment Organization (3PAO) providing security assessments for Cloud Service Providers.
The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services
CMMI for Development
CMMI for Development is a reference model that covers activities for developing both products and services. Organizations from many industries, including aerospace, banking, computer hardware, software, defense, automobile manufacturing, and telecommunications, use CMMI for Development.
CMMI for Development contains practices that cover project management, process management, systems engineering, hardware engineering, software engineering, and other supporting processes used in development and maintenance.
CMMI for Services
The CMMI-SVC model provides guidance for applying CMMI best practices in a service provider organization. Best practices in the model focus on activities for providing quality services to customers and end users. CMMI-SVC integrates bodies of knowledge that are essential for a service provider.
The CMMI-SVC, V1.3 model is a collection of service best practices from government and industry that is generated from the CMMI V1.3 Architecture and Framework. CMMI-SVC is based on the CMMI Model Foundation or CMF (i.e., model components common to all CMMI models and constellations ) and incorporates work by service organizations to adapt CMMI for use in the service industry.
CMMC has been created through the review and combination of various cybersecurity standards and best practices and mapped these controls and processes across several maturity levels that range from basic cyber hygiene to advanced. When the associated controls and processes are implemented they will reduce risk against a specific set of cyber threats.
GMS has the experience and understanding of assisting the 300,000 DoD contractors that span the Defense Supply Chain that will be requiring this new certification starting January 2020 when the requirements are finalized. Contact us to be prepared for this new element of acquisition to ensure your proposals, and organizations remain competive across the vairous agencies and departments of the DoD.