Certification of Management Systems

Download our accreditation certificate (italian version)

General Criteria for the Formulation of the offer for Management System Certification (italian version)

Operational instruction (italian version)

Request for tender for the certification of management systems (italian version)

Impartiality Policy (italian version)

Rules for the certification of Management Systems - General Part (italian version)

Regulation for the use of the ACCREDIA Mark (italian version)

Rules for the use of certification marks (italian version)

Today, the concept of quality has evolved from a system stiffened by excessive formalism to a quality management system more focused on the effectiveness and efficiency of the company's organisational processes. An increasing number of companies have chosen to system certifications according to the ISO 9001 standard, with the aim of ensuring compliance with contractual requirements by implementing management models to improve performance.

Quality management in a national, European and international context is a way of working and strategically managing one's own company in order to increase competitiveness and success.

WHO IS CONCERNED?

ISO 9001 certification is used in both the private and public sectors to increase confidence in the products and services provided by companies; in business partners when dealing with business-to-business relationships; in the choice of suppliers in supply chains; and in the selection of participants in tenders.

The sectors involved are:

• IAF02: Mining of minerals (quarries, mines and oilfields)
• IAF15: Products from the processing of non-metallic materials (e.g. bitumen)
• IAF16: Lime, gypsum, concrete, cement and related products
• IAF17: Metals and their alloys, manufacture of metal products
• IAF19: Electrical and optical equipment
• IAF24: Recycling
• IAF28: Construction companies, Installers of installations and services
• IAF29: Wholesale, retail; repair of motor vehicles, motorbikes and personal and household products
• IAF31: Transport, logistics and communications >>NEW<<
• IAF33: Information technology
• IAF34: Technical consultancy, engineering
• IAF35: Professional business services
• IAF37: Education

All this requires the company to tailor the quality management system to its business and production reality, in order to:

• Optimise and rationalise the management of its products and services
• Effectively and efficiently control the design (if applicable) and production and/or construction activities
• Constantly monitor the adequacy of the human and economic resources invested with respect to legislative requirements as well as contractual requirements

The certification of a company’s quality management system by a third-party certification body (such as Apave Certification) is an element of prestige and growth for the company itself.

The Certification of an Occupational Health and Safety Management System (OHSMS) offers several advantages that the organisation can benefit from, for example:

• Continuous and effective verification of the adequacy of the structure’s conduct with respect to the provisions of the law and the objectives defined by management
• Implementation of accident prevention systems with a view to continuous improvement
• Adoption and implementation of systems and measures to ensure that all organisations involved in the execution of commissioned works comply with the legal requirements on safety and health protection

The voluntary certification of this system enables the respective company to externally and internally highlight management’s continuous commitment to the prevention of accidents for those involved in the implementation of the works.

The structure of a safety management system can be traced back to what has already been developed for other schemes (QMS and EMS), ensuring greater optimisation of human and economic resources in the development of an Integrated Management System that complies with all three schemes.

The purpose of the certification of an OHSMS is to ascertain, through an initial audit and subsequent maintenance audits, that the organisations applying for certification are operating in accordance with the UNI ISO 45001:2018 standard.

Audits carried out by Apave Certification shall not replace or be connected with audits carried out by competent public authorities.

The certification process, adopted by Apave Certification, provides for audits to be carried out over a three-year period and allows for the issue, following an initial certification audit, of a document of conformity, the validity of which is subject to successful maintenance audits.

There are several features that harmonise ISO 45001 with other management system standards, such as ISO 9001 and ISO 14001. ISO 45001 adopts the same structure and incorporates certain new features, such as the risk-based approach, analysis of the context in which the organisation operates, active participation of top management and consultation and participation of workers.

On 12 March 2018, the certifiable ISO standard on Occupational Health and Safety Management Systems was published, the Italian language adoption of which is UNI ISO 45001:2018 'Occupational health and safety management systems - Requirements and guidance for use'.

Therefore, from 30 September 2021, certifications issued against BS OHSAS 18001:2007 will no longer be recognised.

An Information Security Management System (ISMS) compliant with the ISO/IEC 27001:2013 standard is the internationally recognised means by which an organisation can demonstrate that it is able to protect its own information assets, or those of third parties entrusted to it. 
But what is meant by 'information'? It is an organisational asset which, like other important corporate assets or resources, is essential to the organisation's business and therefore needs to be adequately 'protected'.

The information to be protected is independent of its format, because ISO/IEC 27001:2013 is not a standard exclusive to the world of information technology in general, because it governs hard copy documents, verbal communications, conversations in public places, letters and emails exchanged with customers and suppliers, patents, industrial secrets that if became public knowledge or available to competitors would cause significant damage to the company, both in terms of the financial standing and image of the company.


The standard allows for the identification and constant updating of processes concerning the control of physical, logical and organisational security; risk analysis for the identification of suitable security measures; the management of appropriate and frequently updated operating procedures and instructions; and the monitoring of company processes.

The ISO/IEC 27001 standard is the only auditable and certifiable international standard that defines the requirements for an ISMS and is designed to ensure the selection of appropriate and proportionate security controls. This protects information from internal and external risks and gives stakeholders confidence.

The ISO/IEC ISO 27001 standard aims to ensure the maintenance of confidentiality, integrity and availability of information, in addition to other characteristics that may be considered such as authenticity, non-repudiation and reliability:

• Confidentiality is the principle whereby information is not made available or disclosed to unauthorised individuals, entities or processes
• Integrity is the principle related to safeguarding the accuracy and completeness of information and related assets
• Availability is the principle of being accessible and usable at the request of an authorised entity

Transition to ISO/IEC 27001:2022

Accredia Circular No. 15/2023 provided indications for the management of the transition of certifications to the new ISO/IEC 27001:2022 and the adjustment of accreditations of certification bodies accredited for the SSI scheme.

Below is a summary of the deadlines:

Choose Apave Certification to certify your management system for the prevention of corruption in accordance with the UNI ISO 37001:2016 standard.

The standard, which is an operational tool that does not replace but complements the measures already provided for in national legislation, helps to establish how companies can declare themselves "compliant" with regard to the prevention of corruption, i.e. adopting prevention measures that are reasonable and proportionate to the risk of corruption.

The standard is set up according to the high level structure, therefore perfectly able to integrate with ISO 9001, 14001 and 45001 standards, and is aimed at companies of any size or nature, in both the public and private sectors.

Rules for the certification of Management Systems for the prevention of corruption

The implementation of an innovation management system, according to ISO 56002:2019 guidelines, and a third-party certification with the Apave IMS 56002 logo, guaranteeing its effectiveness, represent an important competitive advantage for the company.

Corporate innovation is a process which is built day-by-day, measurable, transversal to the various areas of the organisation, managed with specific skills and with a comprehensive vision that allows the most suitable production and organisational choices to trigger innovation itself.

The ISO 56002 innovation management system makes it possible to:

• Give visibility and credibility to activities characterised by process, product and/or organisational innovation
• Build trust with customers, suppliers, investors and the community
• Measure the ability to innovate over time, creating lasting value

The greatest challenge lies in questioning internal processes and designing new ways of doing business. Managing innovation requires a systematic approach and a leader to guide the management system.
The success of an innovative company can thus be measured by the new business opportunities created, despite the variability of the market and the continuous evolution of enabling technologies.
To confirm this, the International Organization for Standardization (ISO) has published the ISO 56000 series of standards and, in particular ISO 56002:2019, as a guide for all organisations that want to adopt a structured approach to innovation management.

Any organisation irrespective of its type, size, products supplied and services provided can be certified.

The ISO 56002 standard sets out the principles that, when adopted in their entirety, enable organisations to put policy, objectives, leadership, resources, infrastructure, capital, tools, documentation, knowledge and skills in the right order, and to make the innovation management system effective.

Rules for the certification of Innovation Management Systems (italian version)

SA 8000 (Social Accountability 8000) is the first international standard to ensure that an organisation is socially responsible, i.e. that it is committed to the rules of work ethics and openly rejects all working conditions that are characterised by inhumanity, exploitation, unfair remuneration and workplace insanity.

This standard is based on principles dictated by international references in the field of human and workers' rights and in particular refers to the concepts of the Universal Declaration of Human Rights, the ILO (International Labour Organization) Conventions, the United Nations Conventions on the Rights of the Child and to eliminate all forms of Discrimination against women.

Apave Certificationin Italy has been accredited by SAAS (Social Accountability Accreditation Services), the only global accreditation body whose mission is to support the implementation of social and labour standards. This is achieved through supervision and assessment services designed to evaluate the competence of audit systems and individual auditors.

Any company in any sector of activity can be certified according to the SA8000 standard. Any organisation interested in guaranteeing socially acceptable working activities and in promoting constant improvement, both in the management of so-called "company risks" and in relations with interested parties, both inside and outside the organisation, can take advantage of this management tool.

What advantages does certification of the SA8000 Social Responsibility Management System bring?

• An increase in credibility, transparency and corporate image on the reference market, a reputational benefit
• Increased consumer confidence, improved relationship with institutions and social organisations
• An evaluation of ethics and social fairness in the supply chain
• An improvement in the working environment: workers feel protected by the company they work for and are more involved in achieving its objectives
• An improvement in internal and external communication, through publicly available reports

IT Services and their management, also known as "IT Service Management", are increasingly strategic for companies that rely on qualified suppliers to avoid having to deal with "ongoing management" activities for which it is not structured or for which it does not intend to bear the start-up and maintenance costs.

An IT Service can be defined as a set of functions provided through IT systems in supporting one or more business areas (departments, agencies, etc.).  It may consist of software, hardware and media, but the customer/customer and user/user perceive it as a single entity.

With the continuous demand for Information Technology services from the market, whether consumers or businesses, there is an increasing need to organise these services according to a certain, consolidated and universally recognised reference.

ISO/IEC 20000 is the reference standard that the International for Standardization Organization (ISO) has published for any organisation that intends to offer IT services to internal or external customers.

Adherence to the principles of ISO/IEC 20000 allows organisations to benchmark their ability to deliver IT services, measure service levels and evaluate service performance.

ISO/IEC 20000-1:2018 contains a list of requirements to which the organisation decides to draw inspiration and adhere to in order to provide IT services of acceptable quality for itself and its customers.

Apave Certification Italia is accredited by ACCREDIA for the ITX scheme (acronym with which the certification activity is identified according to ISO/IEC 20000-1 in the current version 2018); the accreditation ensures the competence, independence and impartiality of our body by the sole Italian Accreditation Body.

WHAT ADVANTAGES DOES THE CERTIFICATION OF MANAGEMENT SYSTEMS FOR IT SERVICES BRING?

Certification is a guarantee for the organisation and for the market it addresses in terms of its ability to provide its services in the IT field.

It enables the company to support the management of the service lifecycle, including the planning, design, transition, delivery and improvement of services that meet agreed requirements and deliver value to customers, users and the organisation providing the services.

In fact, the adoption of an IT service management system enables the organisation to ensure its ability to manage the following processes:

• Service portfolio
• Service Plan
• Configuration Management
• Business Relationship Management
• Service Level Management
• Supplier and Demand Management
• Budgeting and Accounting
• Capacity Management
• Change Management
• Release and Deployment Management
• Incident Management
• Problem Management
• Service Continuity and Availability Management
• Information Security Policy and Controls
• Financial Management for IT Services
• Service Reporting

Do you want to protect against incidents that put your business at risk, reduce the likelihood of their occurrence, respond to them, and get back up and running as quickly as possible?

That is the purpose of ISO 22301 certification, which enables companies to plan, implement and enforce a business continuity management system. The standard is suitable for all organizations, regardless of their size and the nature of their activities, taking into account their environment and the complexity of their operations.

ISO 22301 certification allows you to anticipate the risks to your organization, to ensure the continuity of your activities as well as the return to normalcy following a disaster (cyber attack, fire, telephone network interruption, etc.).

WHAT BENEFITS DOES BUSINESS CONTINUITY MANAGEMENT SYSTEM CERTIFICATION BRING?

• Improve your resilience and responsiveness to safeguard your interests and those of key stakeholders;
  
  
• Ensure the continuous uptime of your operations; and
  
  
• Manage risks and change in your environment/context
  
  
• Anticipate crises
  
  
• Reduce the size and scope of an incident
  
  
• Strengthen the trust of your customers
  
  
• Demonstrate your compliance
  
  

Particular rules for certification of management systems for Business Continuity (italian version)