New measures to support NDIS participants and providers through the COVID-19 outbreak


People who have returned from anywhere overseas, or have been in close contact with someone confirmed to have COVID-19, are required to self-isolate for 14 days. If you develop symptoms, including a fever and cough, you should immediately and urgently seek medical attention.
This information sheet should be read in conjunction with the ‘What you need to know’ and ‘Isolation guidance’ information sheets found at
Further information on COVID-19 what people can do to protect themselves and people they are caring for is available at or on 1800 020 080.


New measures to support NDIS participants and providers

On 21 March 2020, Minister for the National Disability Insurance Scheme (NDIS), Stuart Robert announced new measures to ensure essential support is in place for NDIS participants and providers through the COVID-19 outbreak.
For participants, this means:
 face-to-face planning shifted to telephone meetings where possible ensuring continuity of support,
 NDIS plans to be extended up to 24 months
 action plan to ensure NDIS participants and their families continue to receive the essential disability supports they need
 more flexibility in core vs capacity building supports
 proactive outreach to high-risk participants.
For providers, this means:
 financial assistance to providers including advance payments
 10 per cent COVID-19 loading on some supports
 more generous cancellation pricing
 PPE advice and training resources.
These measures are being put in place by the Department of Social Services, National Disability Insurance Agency (NDIA) and the NDIS Quality and Safeguards Commission (NDIS Commission), working with the Department of Health and state and territory governments.


NDIS Service Providers

Disability support workers should not attend work if they have a fever, symptoms of a respiratory illness, or are not vaccinated against influenza.
All NDIS service providers must notify the NDIS Quality and Safeguards Commission of any change to delivery of their services.
More information for NDIS providers and disability support workers is available on the NDIS Quality and Safeguards Commission website: This includes provider obligations, how to reduce the risk to participants, and links to updates and resources.


What advice is available for disability support workers and providers if they, or someone they care for, is at high risk of infection? 

The Department of Health has developed specific advice on Personal Protective Equipment (PPE) when looking after people who are confirmed to have, or suspected of having, COVID-19. Information for is available at
Further information on COVID-19, what people can do to protect themselves and people they are caring for is available at or on 1800 020 080.


How will the Government help with the increased financial burden of COVID-19? 

The Government is putting in place some measure to give NDIS service providers some financial relief, to help providers remain viable and retain their staff.
Registered NDIS providers may receive a one-month advance payment based on a monthly average supports delivered in the previous three month period – to provide immediate cash flow relief.
To cover the additional costs of service delivery for existing supports, a 10 per cent COVID-19 loading will be added to price limits for certain supports for up to six months.
This includes:
 core supports (Assistance with Daily Life (excluding Supported Independent Living) and Assistance with Social and Community Participation)
 capacity building supports (Improved Daily Living).
Additionally, increased flexibility of the NDIA’s cancellation pricing policy will allow providers to charge the full 100 per cent for the price of a cancelled service, and the definition of ‘short notice cancellation’ will also be broadened.
Providers can also continue to claim for the increased use of cleaning and personal protective equipment associated with COVID-19.


Is there training available for workers? 

The Department of Health has developed a free training module for support workers, including disability service providers, about infection prevention and control for COVID-19, available at
The Department has also developed a webinar on COVID-19 preparedness for in-home and community aged care. This webinar ( is also relevant to all providers and workers in the disability sector.

Further work is currently underway to develop measures to source additional disability support workers to provide high quality care to NDIS participants should the need arise. This will include the upskilling of displaced workers from other industries and matching existing and new workers to areas where there is a demand for services.


More information

Information for the whole community

For the latest advice, information and resources on COVID-19, go to or call the national Coronavirus Health Information Line on 1800 020 080. The information line operates 24 hours a day, seven days a week. If you require translating or interpreting services, call 131 450.
The phone number of each state or territory public health agency is available at


Information for providers and workers

Information and resources for NDIS providers and disability support workers are available through the NDIS Quality and Safeguards Commission at or 1800 035 544.



How ISO Consulting Services can help you

Please Check out our website for more details and download our FREE Bronze Package.

NDIS Rule 2019 – New changes that will commence on 1/1/2020


The amended National Disability Insurance Scheme (Provider Registration and Practice Standards) Rules 2018 (the rules) have been made by the Commissioner as “National Disability Insurance Scheme (Provider Registration and Practice Standards) Amendment (2019 Measures No. 1) Rules 2019”. The rules will commence on 1 January 2020.

In the following paragraphs, you will find a summary of these changes, but the Rules 2019 is available on


Summary of the new changes

1. Type of Audit for the Body Corporate with Low-Risk supports and services

Bodies corporate (Pty. Ltd. Companies) will no longer be required to undergo a certification audit when registering to deliver lower risk/lower complexity supports and services only (listed below). They are now required to meet the requirements of the Verification modules, which is consistent with the assessment of sole traders or partnerships.

This change means that:

  • They will be assessed against the Verification Module (5 standards) rather than Certification Core Module (22 standards).
  • They will be audited every 3 years as “Recertification Audit”, and no “Surveillance Audit” is required.
  • The audit will be undertaken as a “Desktop Audit” and no “Onsite Audit” required.
  • … last but not least, the cost of consulting, developing the policies and procedures and auditing is now cheaper for them.

Here is the list of lower risk/lower complexity registration groups:

101- Accommodation/tenancy assistance

103- Assistive Products for Personal Care and Safety

105- Personal Mobility Equipment

108- Assistance with travel/transport arrangements

109- Vehicle Modifications

111- Home Modifications

112- Assistive equipment for recreation

113- Vision Equipment

114- Community Nursing Care

116- Innovative community participation

119- Specialised Hearing Services

120- Household Tasks

121- Interpreting and Translation

122- Hearing Equipment

123- Assistive Products for Household Tasks

124- Communication and information equipment

126- Exercise Physiology and Personal Training

127- Management of funding for supports in participant’s plans

128- Therapeutic supports

129- Specialised driver training

130- Assistance animals

134- Hearing Services

135- Customised Prosthetics

2. Frequency of the Surveillance Audit 

Frequency of the “Surveillance Audits” for All providers who are required to undergo a Certification audit (but not Verification Audit), regardless of Business structures (listed below), has changed from 12-monthly to 18-monthly.

This change means that they will be assessed less frequently and consequently probably pay less auditing fee.

Here is the list of registration groups that are required the “Certification Audit”:

102- Assistance to access and maintain employment or higher education

104- High intensity daily personal activities

106- Assistance in coordinating or managing life stages, transitions and supports

107- Assistance with daily personal activities

110- Specialist positive behaviour support

115- Assistance with daily life tasks in a group or shared living arrangement

117- Development of daily care and life skills

118- Early intervention supports for early childhood

125- Participation in community, social and civic activities

131- Specialist disability accommodation

132- Specialised support coordination

133- Specialised supported employment

136- Group and centre‑based activities


How ISO Consulting Services can help you

Please Check out our website for more details nd download our FREE Frequently Asked Quesntions (FAQ) that is amended based on teh new changes.


Office of the Federal Safety Commissioner (OFSC) Accreditation


The construction industry is designated as a priority industry for work health and safety due to the high number and rate of work-related injuries and illnesses and inherent risks associated with working in the industry. However, the Cole Royal Commission into the Building and Construction Industry found that the safety record for the industry was unacceptable.

The Federal Safety Commissioner (FSC) was established in order to implement the majority of the Royal Commission’s WHS recommendations to develop, implement and administer a WHS accreditation scheme for Australian Government building and construction work.

In June 2004 it was announced that the FSC would be administratively established within the Department of Employment and Workplace Relations. The FSC and the Scheme are provided for under the Building and Construction Industry (Improving Productivity) Act 2016 (the Act).

Federal Safety Commissioner (FSC) for which projects and contractors?

Subject to certain financial thresholds, only builders who are accredited under the Scheme can enter into head contracts for building work that is funded directly or indirectly by the Australian Government.

Directly Funded Projects:

Projects are considered to be directly funded where an Australian Government agency has responsibility for the project funding and development, for example a Defence facility, Medicare or Centrelink Office or a fit-out or refurbishment of existing Australian Government office accommodation.

The Scheme applies to projects that are directly funded by the Australian Government with a value of $4 million or more.

Indirectly Funded Projects

Projects are considered indirectly funded where an Australian Government agency contributes funding to a recipient through a funding agreement, grant or other program, for example road construction projects funded by the Australian Government or a new school built by a state government using funding provided by the Australian Government.

The Scheme applies to projects that are indirectly funded by the Australian Government where

  • A head contract under the project includes building work of $4 million or more (GST inclusive) AND:
  • the value of the Australian Government contribution to the project is at least $6 million (including GST) and represents at least 50 per cents of the total construction project; OR

the Australian Government contribution to a project is $10 million (including GST) or more, irrespective of the proportion of Australian Government funding.

Additional requirements in comparison with AS/NZS 4801

The Federal Safety Commissioner (FSC) has strict requirements to develop documented processes for all WHS associated activities comparing the AS/NZS 4801. Here are some requirements:

  • The documented process to ensure all current health and safety legislation, codes of practice and Australian standards relevant to the project are readily available on-site and workers are informed of the method of access. Also, to ensure changes are reviewed and processes updated as required.
  • The documented process to ensure that senior managers demonstrate participation in the company HIRAC processes.
  • The documented process to ensure the project HIRAC process is undertaken by personnel trained in the use of the company’s HIRAC methodology and tools.
  • The documented process to liaise with client/public/other entities to implement a HIRAC process for any hazards impacting any of the parties.
  • The documented process to define the company’s acceptable risk level and management actions to be taken if the assessed risk is higher than that level.
  • Documented process to ensure a competent person completes a site-specific assessment of potential health hazards, including – biological; – physical; and – chemical/atmospheric contaminants.
  • Documented process to ensure inspection, measuring and test equipment related to health and safety is identified, calibrated, and maintained in accordance with manufacturers’ requirements and relevant legislation, codes of practice and Australian standards.
  • The documented process to ensure Investigations: – are undertaken by a trained person(s); – identify the factor(s) that led to the incident; – incorporate a process for the identification and management of corrective actions; – involve and/or are reviewed by site/senior management as defined by the company’s system; and – prompt a review of relevant
  • The documented process to manage corrective actions for identifying organisation-wide issues and ensuring lessons learnt are communicated throughout the organisation.
  • The documented process that ensures senior managers regularly visit the site and discuss WHS issues with site management and workers.

How ISO Consulting Services can help you

Please contact us if you need our hands to assist you to develop and establish your FCS framework. We will assist you with

  • Conducting a document review and gap assessment against the requirements of OFSC Accreditation Scheme
  • Update the existing documents and Develop required documents in compliance with the requirements of OFSC Accreditation Scheme
  • Providing supervision, consultation and guidance for implementation of systems
  • Conducting internal audit and assisting with corrective actions
  • Assisting with completion of OFSC scheme application
  • Attending at the OFSC audits and assisting with corrective actions




ISO 45001 – Future of your OHS Management System


ISO 45001, the world’s most anticipated standard for workplace health and safety (WHS) systems was published on 12 March 2018. This new Occupational Health and Safety (OHS) Management System standard is aligned with ISO 9001:2015 (Quality Management System) and ISO 14001:2015(Environment Management System) which have been designed based on High Level Structure (HLS). ISO 45001:2018 has been designed as an international standard which has been published by International Organisation for Standardisation (ISO) to replace the existing standards such as OHSAS 18001:2007.

In developing the standard, consideration has been given to the content of other international standards (such as OHSAS 18001 or the International Labour Organisation’s “ILO–OSH Guidelines”) and national standards (such as AS/NZS 4801), as well as to the ILO’s International Labour standards and conventions (ILSs).

OHSAS 18001 and most likely AS/NZS 4801:2001 will be withdrawn after the publication of ISO 45001. Organisations that are currently certified to OHSAS 18001 and/or AS/NZS 4801 will have a three-year window to upgrade their existing certificate to ISO 45001.

So, if your organisation is considering implementing this new standard, a useful starting point is to complete a gap assessment. It will help you understand which areas you already meet and where you will need to implement new approaches or activity to address the requirements. If your organisation is already certified to AS/NZS 4801:2001 and/or OHSAS 18001:2007, the gap assessment will also help you to understand the gaps and how to address them to upgrade your existing OHS system to a ISO 45001 compliant one.

Benefits of implementing ISO 45001

Implementing an ISO 45001-based OH&S management system will enable an organisation to improve its OH&S performance by

  • Establishing systematic processes to consider context of the organisation and its risks and opportunities,
  • Being recognised for having achieved an international benchmark,
  • Evaluating its OH&S performance and improve it, through taking appropriate actions,
  • Developing and implementing an OH&S policy, objectives and targets,
  • Developing a systematic approach for the OHS and other risks to eliminate or minimise them through operational control,
  • Improving its ability to identify the relevant legislations and reducing risk of non-compliance with them and the associated costs,
  • Reducing risk of work-related incidents and diseases and their associated costs and insurance premiums,
  • Engaging employees more actively through consultation, communication, awareness and training,
  • Increasing employee satisfaction and motivation.

Major differences with OHSAS 18001 and AS/NZS 4801

There are many minor differences in the content of ISO 45001 compare to OHSAS 18001 and AS/NZS 4801, but the major differences can be summarised as:

  • New structure based on the High-Level structure (HLS) for easier integration with other management system standards such as ISO 9001:2015, ISO 14001:2015, ISO 27001:2013
  • Stronger focus on organisational context and understanding needs and expectations of interested parties as a combination of both internal and external factors regarding health and safety management
  • Stronger emphasis on leadership to ensure the OHS matters is integrated with the business strategies and day-to-day activities.
  • Stronger emphasis on worker participation and engagement in every aspect of OHS management system
  • Absence or a need for a specific health and safety management representative to ensure that the ownership of OHS management system is not
  • A need for two-way communication with internal and external stakeholders
  • Enabling an organisation to integrate other aspects of health and safety, such as worker wellness/wellbeing
  • Introducing risk management approach and risk /opportunity concept for the management system itself in addition to operational occupational health and safety hazards and their associated risks
  • A requirement for outsourced operations to use the parent’s company health and safety standard.

In the next section, the three OHS standards have been compared clause-by-clause in the comparison table.

ISO 45001 Vs. AS 4801 Vs OHSAS 18001

AS/NZS 4801:2001OHSAS 18001:2007ISO 45001:2018
0. Introduction0. Introduction
1. Scope1. Scope1. Scope
2. Referenced Reference2. Normative Reference2. Normative reference
3. Definitions3. Terms and Definitions3. Terms and definitions
4. OHSMS Requirements
4. OH&S Management Systems
4. Context of the organisation
4.1. Understanding the organisation and its context
4.2. Understanding the needs and expectations of interested parties
4.1. General Requirements
4.1. General Requirements
4.3. Determining the scope of OH&S management system
4.4. OH&S management system
10.3. Continual improvement
5.1. Leadership and Commitment
4.2. OH&S Policy4.2. OH&S Policy5.2. OH&S Policy
4.3. Planning
4.3. Planning
6.1. Actions to address risks and opportunities
6.1.1. General
4.3.1. Planning identification of hazards, hazard/risk assessment and control of hazards
4.3.1. Hazard identification, risk assessment and determining controls
6.1.2. Hazard Identification and assessment of risks and opportunities
6.1.4. Planning action
4.3.2. Legal and other requirements4.3.2. Legal and other requirements6.1.3. Determination of legal requirements and other requirements
4.3.3. Objectives and Targets
4.3.3. Objectives and programme(s)
6.2.1. OH&S objectives
4.3.4.OHS management plans6.2.2. Planning to achieve OH&S objectives
4.4. Implementation
4.4. Implementation and operation
8. Operation
4.4.1. Structure and Responsibility
4.4.1. Resources, roles, responsibility, accountability and authority
5.3. Organisational roles, responsibilities and authorities Resources7.1. Resources Responsibility and accountability5.3. Organisational roles, responsibilities and authorities
4.4.2. Training and competency
4.4.2. Competence, Training and Awareness
7.2. Competence
7.3. Awareness
4.4.3 Consultation, communication and reporting
4.4.3. Communication, participation and consultation
5.4. Consultation and participation of workers Consultation Communication
7.4. Communication Reporting
4.4.4. Documentation
4.4.4. Documentation
7.5. Documented information
7.5.1. General
4.4.5 Document and data control
4.4.5. Control of documents
7.5.2. Creating and updating
7.5.3. Control of documented information
4.4.6 Hazard identification, hazard/risk assessment and control of hazards/risks
4.4.6. Operational Control
8.1. Operational planning and control
8.1.1. General
8.1.2. Eliminating hazard and reducing OH&S risks
8.1.3. Management of Change
8.1.4. Procurement
4.4.7. Emergency Preparedness and Response4.4.7. Emergency Preparedness and Response8.2. Emergency preparedness and response
4.5.1 Monitoring and measurement4.5. Checking9. Performance evaluation
4.5.1. Performance measurement and monitoring9.1. Monitoring, measurement, analysis and performance evaluation General9.1.1. General Health surveillance
4.5.2. Evaluation of Compliance9.1.2. Evaluation of compliance
4.5.2 Incident investigation, corrective and preventive action
4.5.3. Incident investigation, nonconformity, corrective action and preventive action
10.2. Incident, nonconformity and corrective action Incident Investigation Nonconformity, corrective and preventive action
4.5.3 Records and records management4.5.4. Control of Records7.5.3. Control of documented information
4.5.4 OHSMS audit4.5.5. Internal Audit9.2. Internal Audit
4.6. Management Review4.6. Management Review9.3. Management review
10. Improvement

The Transition Approach

As there is a three-year transition period for replacing OHSAS 18001 and AS/NZS 4801 with ISO 45001, if you are already certified to the current OHS standard, it is a good timing for upgrading your system to ISO 45001, but if you have not achieved any OHS certificate so far, you can design your OHS management system based on the high level structure and get certified to ISO 45001:2018 as soon as certification bodies become authorised to issue the ISO 45001:2018 certificate.
As a best practice approach, you may follow the following step-by-step phases.

How ISO Consulting Services can help you

We have designed our exclusive gap assessment tool which provides you not only the gaps and the area where you need to improve, but also a numerical and graphical analysis of your current compliance score and how you can increase your compliance level.




ISO 13485:2016 – New Revision of QMS for Medical Devices


The latest edition of ISO 13485, the internationally recognised quality management systems standard for medical device industry, with over 27,000 certificates globally, has been published on March 1, 2016.

ISO 13485:2016 identifies the requirements for a quality management system (QMS) in which an organisation needs to demonstrate its ability to provide medical devices and related services that consistently meet both customer and regulatory requirements.

This third edition cancels and replaces the second edition (ISO 13485:2003) and ISO/TR 14969:2004, which have been technically revised. It also incorporates the Technical Corrigendum ISO 13485:2003/Cor.1:2009.


ISO 13485:2016 Changes

Some of the most critical changes in the 2016 version include:

  • Incorporation of risk-based approaches beyond product realisation. Risk is considered in the context of the safety and performance of the medical device and in meeting regulatory requirements;
  • Alignment of global regulatory requirements and meet customer and applicable regulatory requirements for safety and performance;
  • Application to organisations throughout the lifecycle and supply chain for medical devices;
  • New requirement related to protection of confidential health information;
  • Emphasising the requirements for software validation for different software in different clauses of the standard considering the risk approach;
  • Increased focus regarding feedback mechanisms to utilize feedback in risk management processes;
  •  Specific requirements for documentation and validation of processes for sterile medical devices considering control of contamination with microorganism or particulate matter;
  • Adds requirement that infrastructure prevents product mix-up and ensure orderly handling of product.
  • Strengthening of supplier control processes and the changes made by them;
  • Additional requirements in design and development on consideration of usability, use of standards, verification and validation planning, design records and design changes considering the risk of changes;
  • Add design and development transfer and design and development file as two new sub-clauses;
  • Planning and documenting corrective action and preventive action, and implementing corrective action without undue delay and also considering adverse effect;
  • Added requirements for sterile barrier systems


ISO 13485:2016 and ISO 9001:2015

The ISO 13485 standard was updated for two main reasons: to keep up with changes in the industry and to address changes in the underlying ISO 9001 standard. While the old ISO 13485 2003 standard was based on the old ISO 9001 2000 standard, the new one is based on ISO 9001 2008. While some people expected the new ISO 13485 standard to use the latest ISO 9001 2015 standard, ISO TC 210 evidently feels that the older ISO 9001 standard better serves the needs of medical device suppliers, regulators, and customers.

For the convenience of users, below table shows the correspondence between these two standards.

ISO 13485-2016 Vs. ISO 9001-2015



How ISO Consulting Services can help you

Please contact us  if you need our hands to assist you for develop and establish your management system in compliance with the requirements of ISO 13485:2016 standard. We also offer a gap assessment service to find out how close you are to your ISO 13485:2016 certificate.




ISO 27001: 2013 – Information Security Management System (ISMS)

What is ISO 27001?

ISO 27001 is an internationally recognized structured methodology dedicated to information security and the only auditable international standard which defines the requirements for an Information Security Management System (ISMS). The ISO 27000-series comprises information security standards published jointly by the International Organisation for Standardization (ISO) and the International Electro technical Commission (IEC).

The series provides best practice recommendations on information security management, risks and controls within the context of an overall Information Security Management System (ISMS), similar in design to management systems for quality assurance (the ISO 9001) and environmental protection (the ISO 14001).

The series is deliberately broad in scope, covering more than just privacy, confidentiality and IT or technical security issues. It is applicable to organisations of all shapes and sizes. All organisations are encouraged to assess their information security risks, and then implement appropriate information security controls according to their needs, using the guidance and suggestions where relevant. Given the dynamic nature of information security, the ISMS concept incorporates continuous feedback and improvement activities, summarized by Deming’s “plan-do-check-act” approach, that seek to address changes in the threats, vulnerabilities or impacts of information security incidents.

  • The Plan phase is about designing the ISMS, assessing information security risks and selecting appropriate controls.
  • The Do phase involves implementing and operating the controls.
  • The Check phase objective is to review and evaluate the performance (efficiency and effectiveness) of the ISMS.
  • In the Act phase, changes are made where necessary to bring the ISMS back to peak performance


ISO 27000-series Published standards

  • ISO 27000 Fundamental and Vocabulary
  • ISO 27001 Information Security Management Requirements
  • ISO 27002 Code of Practice
  • ISO 27003 Implementation Guidance
  • ISO 27004 Information security management measurements
  • ISO 27005 Information security risk management
  • ISO 27006 Requirements for certification bodies
  • ISO 27007 Guidelines for Information security management systems auditing
  • ISO TR 27008 Guidance for auditors on ISMS controls (focused on the information security controls)
  • ISO 27010 ISM for inter-sector and inter-organizational communications
  • ISO 27011 Information security management guidelines for telecommunications
  • ISO 27013  Guideline on the integrated implementation of ISO 27001 and ISO/IEC 20000-1
  • ISO 27014  Information security governance
  • ISO TR 27015 Information security management guidelines for financial services
  • ISO 27031 Business Continuity
  • ISO 27032 Guidelines for cyber security
  • ISO 27033 IT network security
  • ISO 27034 Guidelines for application security
  • ISO 27035  Information security incident management
  • ISO 27036-3  Information security for supplier relationships Guidelines for information and communication technology supply chain security
  • ISO 27037  Guidelines for identification, collection, acquisition and preservation of digital evidence
  • ISO 27799 Security Management in Health
  • Up to ISO 27059 Reserved for future standards


Structure of the ISO 27001: 2013

ISO 27001:2013 has the following sections:

  • Introduction, the standard uses a process approach.
  • Scope, it specifies generic ISMS requirements suitable for organisations of any type, size or nature.
  • Normative references, only ISO 27000 is considered absolutely essential to users of 27001
  • Terms and definitions, a brief, formalized glossary, soon to be superseded by ISO 27000.
  • Context of the organisation, understanding the organisational context, the needs and expectations of ‘interested parties’, and defining the scope of the ISMS.  Section 4.4 states very plainly that “The organisation shall establish, implement, maintain and continually improve” a compliant ISMS.
  • Leadership, top management must demonstrate leadership and commitment to the ISMS, mandate policy, and assign information security roles, responsibilities and authorities.
  • Planning outlines the process to identify, analyze and plan to treat information security risks, and clarify the objectives of information security.
  • Support, adequate, competent resources must be assigned, awareness raised, documentation prepared and controlled.
  • Operation, a bit more detail about assessing and treating information security risks, managing changes, and documenting things (partly so that they can be audited by the certification auditors).
  • Performance evaluation, monitor, measure, analyze and evaluate/audit/review the information security controls, processes and management system in order to make systematic improvements where appropriate.
  • Improvement, address the findings of audits and reviews (e.g. nonconformities and corrective actions), make continual refinements to the ISMS

Annex A Reference control objectives and controls, little more in fact than a list of titles of the control sections in ISO 27002.  The annex is ‘normative’, implying that certified organisations are expected to use it, but they are free to deviate from or supplement it in order to address their particular information security risks.


ISO 27001 Certification around the world and in Australia

Certified compliance with ISO 27001 by an accredited and respected certification body is entirely optional but is increasingly being demanded from suppliers and business partners by organisations that are concerned about the security of their information, and about information security throughout the supply chain or network.

Based on ISO survey 2013, more than 22,000 of ISO 27001 certificates have been issued all over the world. Out of these certificates, Australian share was only 140 certificates. However, based on the information security attacks and vulnerabilities reports which are published every year, we can see the need for Australian corporations to consider the ISO 27001 as the best practice. There should be some reasons why Australian rate of using ISO 27001 is so much lower than developed countries. Some of those reasons could be:

  • Lack of awareness about ISO 27001
  • Not realizing of information security importance
  • Indirect relation between information security and organisations performance
  • Lack of legislation requirements
  • Financial crisis


How ISO Consulting Services can help you

Please  contact us  if you need more details on how our expert team can assists you in training and developing a new or updating your current ISMS in compliance with ISO 27001:2013 standard.


ISO 9001:2015 is published now


After three years of revision work, the ISO 9001:2015, the most popular management system standard with over 1.1 million certificates globally issued, has published now.  Similar to ISO 14001:2015 which was published mid-September, it has been also restructured based on High Level Structure (HLS) to be aligned with other management systems.

The positive changes

The new version is adapted with 21st century circumstances with more focus on performance and process approach and less requirements for documentation and compliance.

The process approach which is introduced as a “requirement” now will challenge both organisations and auditors how to restructure the existing functional approach to a process-based mindset throughout the whole organisation in design, implementation and auditing.

Need to understand the context of the organisation and the needs and expectations of interested parties helps the organisations to establish and implement a quality management system which is tailor-made to add value to the organisation and its interested parties rather than a bunch of document to tick the boxes and satisfy the auditors.

The risk-based thinking is a real masterpiece in the 2015 version. It will help the organisations to consider both adverse and beneficial impacts of its processes, products and services internally and externally.

Change management is also a breakthrough in this version which reduce the risk of unplanned changes which can potentially cause even more issues. Any changes are supposed to be reviewed and analysed in advance considering the risks and impacts to internal and external interested parties.

Regarding the changes in the new version such as “Design & Development” and “Measuring equipment” clauses, it is more understandable and adaptable for service sector.

Structure of ISO 9001:2015

  1. Scope
  2. Normative Reference
  3. Terms & Definitions
  4. Context of the Organisation
  5. Leadership
  6. Planning
  7. Support
  8. Operation
  9. Performance Evaluation
  10. Improvement

Transition Guidance

International Accreditation Forum (IAF) has provided a guidance for the transition from ISO 9001:2008 to ISO 9001:2015. ISO 9001:2008 certifications will not be valid after three years from publication of ISO 9001:2015.

How ISO Consulting Services can help you

Please contact us  if you need our hands to assist you in the journey of transition to the new version of standard. We will help you assess the gaps between your existing system and the requirements of the new version and also assist you in filling the gaps and getting ready for ISO 9001 certification.

ISO 14001:2015 is published now


ISO 14001, Environmental Management System, as one of the most popular management system standard with about 300000 certificates globally issued every year is published now. ISO 14001 was the first standard which restructured based on High Level Structure (HLS) aligned with other two standards ISO 9001, quality management system and ISO 45001, occupational health and safety management system which are expected to be published in 2015 and 2016, respectively.

The key positive changes in this version include:

  • More emphasis on strategic environmental management through understanding organisation’s context and its interested parties’ needs and expectations
  • More emphasis on leadership and its commitment
  • More emphasis on supply chain and the life cycle of the products and services and their environmental impacts from development up to end-of-life treatment or disposal.
  • More effective communication strategy to improve internal and external communication
  • More flexibility on documentation and required documented procedures
  • More focus on proactive measures in order to enhance environment protection

Structure of ISO 14001:2015

Aligned with the High Level Structure (HLS), ISO 14001:2015 is structured as:
1. Scope
2. Normative Reference
3. Terms & Definitions
4. Context of the Organisation
5. Leadership
6. Planning
7. Support
8. Operation
9. Performance Evaluation
10. Improvement


Framework of ISO 1400:2015

Aligned with other management system standards, the framework introduced in the new version is integrated into the Plan-Do-Check-Act (PDCA) Model to emphasize the importance of process approach and continual improvement. The below figure depicts the integration of PDCA and ISO 14001:2015 framework.



How ISO Consulting Services can help you

Please contact us if you need our hands to assist you in the journey of transition to the new version of standard. We will help you assess the gaps between your existing system and the requirements of the new version and also assist you in filling the gaps and getting ready for ISO 14001 certification.

HACCP (Hazard Analysis and Critical Control Points)


HACCP is a systematic and preventive approach in food industry for identifying food safety hazard which may cause an unsafe food at all stage of food supply chain from production, packaging, distribution, preparation and serving to the customer. In its proactive approach, rather than relying on inspection of finished product, control measures will be applied to control or eliminate the chemical, physical, biological and allergic hazards.


Advantages of HACCP

      • More control on food processing
      • More control on food costs
      • Reduce food wastes
      • Improve quality of foods
      • Prevent any complaints and legal actions
      • Customer protection
      • Customer Satisfaction


 The seven principles of HACCP

      1. Hazard Identification
      2. Critical Control Point (CCP) identification
      3. Critical limits establishment for the CCPs
      4. CCP monitoring
      5. Corrective action establishment when a CCP is out of control
      6. Regular verification on measures
      7. Documents and records establishment to demonstrate effective application of the measures.


Application of the seven principles

1-Hazard Analysis

1.1. Assembly of a multidisciplinary team (HACCP team) 

It includes the whole range of specific knowledge and expertise from all parts of business

1.2. Description of the product

It includes composition (e.g. ingredients), structure (e.g. Solid), processing (e.g. smoking), packaging (e.g. vacuum), storage and distribution conditions, required shelf life, instructions for use and any microbiological or chemical criteria applicable.

1.3. Identification of intended use

It defines the intended use of the product by the customers and if it is suitable for particular customers such as travelers or vulnerable people.

1.4. Develop a flow diagram

It is a description of all steps involved in the process from receiving the raw materials to distribution of the finished food to the market in sequence supported by sufficient technical data

1.5. Listing hazards and existing control measures

List all potential expected to occur at each process step and identify the current control measure to eliminate or control them

2. Identification of Critical Control Points (CCP)

A logical approach facilitated by the use of a decision tree or other methods is applied in identification of CCPs. At each step of the flow diagram, the decision tree must be applied to each hazard that may be reasonably expected to occur or be introduced and each control measure identified.


3. Determine Critical Limits at CCPs

Critical limits for each control measure associated with a CCP is to be determined. They are determined as acceptable limit values of the measurable parameters which is considered for controlling the control points.

The critical limits may be derived from a variety of sources such as legislations, guides of GHP (Good Hygiene Practices) and etc.


4. Monitoring Procedures at CCPs

Monitoring procedure at each critical point to ensure compliance with specified critical limits.

This monitoring procedure are to detect any out of control observations or measurements as an evidence of a situation needs to be resolved by implementing the required process adjustment and corrective actions.


5. Corrective Actions

The corrective action to eliminate or control the hazard need to be taken when monitoring results indicate a deviation from the critical limit. The corrective actions are to include root cause, required actions, responsible person(s) and due date.


6. Verification Procedures

In order to verify if the HACCP is working correctly. Verification procedures may include random sampling and analysis, reinforced analysis or tests at selected critical points, intensified analysis of intermediate or final products, and surveys on actual condition during storage, distribution and sale and on actual use of the product.


7. Documentation and Record Keeping

Effective and accurate record keeping is essential and to be appropriate to the nature and size of the operation and sufficient.


8. Training

The food business is to ensure that all personnel are aware of the hazards identified (if any), the critical points and the control measures and any corrective actions.


How ISO Consulting Services can help you

Please contact us  if you need more details on how our expert team can assists you in training, developing. auditing and certifying your HACCP system.

AS/NZS 5377:2013 – A new standard for E-waste Recycling


The AS/NZS 5377 (also mentioned as AS 5377) standard was prepared by the Joint Standards Australia/Standards New Zealand Committee EV-019, E-waste and published in February 2013. This standard outline the minimum requirements for the safe and environmentally sound collection, storage, transport and treatment of end-of-life electrical and electronic equipment, known as E-waste, in order to maximize re-use and material recovery, reduce or eliminate the amount of waste from this equipment going to final point of disposal operations such as landfill, safeguard worker health, and minimize harm to the


History of E-waste Recycling in Australia

In August 2011, the Product Stewardship Act 2011 commenced in August 2011 and provides a legislative framework for national product stewardship schemes as a key commitment by the Australian Government under the National Waste Policy which had been endorsed by Council of Australian Governments (COAG) in August 2010.

The Product Stewardship (Televisions and Computers) Regulations 2011 came into effect in November 2011 as the first products to be regulated under Australian product stewardship legislation in order to support a co-regulatory recycling scheme for televisions, computers, printers and computer products. The National Television and Computer Recycling Scheme (NTCRS) was established in 2011 under a co-regulatory approach.

The AS/NZS 5377 standard was published by the Joint Standards Australia/Standards New Zealand commitee EV-019, E-waste in February 2013 as the first formal standard to ensure a consistent industry standard for scheme recycling providers and ensure positive work health and safety outcomes.


Threats and Opportunities

From 1 July 2016, the Australian Government will require co-regulatory arrangements to ONLY contract with recycling service providers that are certified to AS 5377, the Australian Standard. It can be considered as a challenge for the E-waste recyclers and the companies which are willing to launch a new business as E-waste recycler, but on the other hand,  the opportunity is really huge. E-waste is growing 3 times faster than any other waste stream.

Under the NTCRS scheme,  the targets are increasing from 50 per cent of available e-waste for the 2015-16 financial year up to 80 per cent in 2026-27. How attractive is this huge business opportunity regaring the growth of E-waste volume and also this target?


Structure and Applicability of AS/NZS 5377

This Standard is intended to be used by parties involved in the collection, storage, transport, and treatment of end-of-life electrical and electronic equipment. In includes five sections outlined below:

Section 1: Scope, Objectives, Application and General Requirements – This section includes the requirements which is applicable for all organisations throughout E-waste recycling supply chain.

Section 2 – Requirements For Collection and Storage Facilities – This section is applicable for the locations which has been advertised or promoted as being place where end-of-life electrical and electronic equipment can be left or will be received for the purpose of transporting them to a facility for material recovery or processing, whether or not it provides public access.

Section 3 – Recovery for Re-use from End-of-life Electrical and Electronic Equipment – This section includes recovery of assemblies, components and parts. Service providers for repair, refurbishment and re-marketing of used whole equipment are outside the scope of this Standard.

Section 4 – Requirements for Transportation – This section includes the requirements of E-waste transportation for intrastate, interstate or for export purposes.

Section 5 – Requirements for the Treatment of End-of-life Electrical and Electronic Equipment including material recovery or processing of end-of-life electrical and electronic equipment.

The details are shown in the following picture. As it is shown, not all sections are applicable for all organisations.

AS 5377

How ISO Consulting Services can help you

Please contact us  if you need our hands to assist you for develop and establish your management system in compliance with the requirements of AS/NZS 5377:2013 standard. We also offer a gap assessment service to find out how close you are to your AS/NZS 5377 certificate.