Amendment on the NDIS requirements (Quality indictors)

Accreditation Obligations and Battery Stewardship

Similar to other Stewardships that refers to responsible management of a product through its life stage, the Battery Stewardship is developed to cover the entire supply chain from design through to its end of life.

Two pathways were introduced in the briefing that was presented by the Department of Environment and Energy in February 2018. It was about the inclusion of the batteries in the National Televisions and Computer Recycling Scheme (NTCRS) and also establishment of a new voluntary scheme and authorised by the Australian Competition, and Consumer Commission (ACCC), and consequently, the Battery Stewardship Council (BSC) was informed. In 2021, the scheme has been authorised by the ACCC, and the BSC operational design has been initiated with the following objectives:

  • Increase resource recovery and recycling
  • Minimise the environmental, health and safety impacts of end-of-life batteries generated in Australia
  • develop Australia’s battery recycling industry and markets for battery derived products

There are many stewards playing their own role in the Battery stewardship. These stewards are listed in the various sectors:

  • Production Sector: Battery Designers, Battery Manufacturers, Battery Importer
  • Distribution Sector: Retailers, Consumers, Collection Points
  • Recycling Sector: Recyclers (Collectors), Recyclers (Processors)
  • Support Organisations: Research Organisations, Government

For the stewards listed above and depending on their roles, there are different specific accreditation obligations introduced for them. Confirming to BSC approved standards such as AS 5377, ISO 14001, and/or ISO 45001 is one of these accreditation obligations that has been introduced to the Recycling sectors that includes Collectors and Processors as Logistics Providers, Sorting Providers and Onshore Processors.

The AS/NZS 5377 (also mentioned as AS 5377) standard was prepared by the Joint Standards Australia/Standards New Zealand Committee EV-019, E-waste and published in February 2013. This standard outline the minimum requirements for the safe and environmentally sound collection, storage, transport and treatment of end-of-life electrical and electronic equipment, known as E-waste, in order to maximise re-use and material recovery, reduce or eliminate the amount of waste from this equipment going to the final point of disposal operations such as landfill, safeguard worker health, and minimise harm to the environment.

ISO 14001, Environmental Management System, as one of the most popular management system standards, was republished in 2015 as the first standard which restructured based on High-Level Structure (HLS) aligned with ISO 9001, quality management system standard.

ISO 45001, the world’s most anticipated standard for workplace health and safety (WHS) systems, was published in 2018, aligned with ISO 9001:2015 (Quality Management System) and ISO 14001:2015 (Environment Management System), which have been designed based on High-Level Structure (HLS).

Get in contact today

If you’re interested in learning more about how ISO Consulting Services can assist with your accreditation obligations, submit an application form today. Alternatively, you can get in contact to discuss your options further with someone from our team.

5 Ways Your Business Can Reduce Costs With Integrated Management Systems

Finding cost savings is an essential key in helping your business operations run more efficiently. You may be finding that your organisation is running into cost deficiencies, poor workflows, human error, miscommunication and an inundation of paperwork across multiple systems. Streamlining your process with an integrated management system can help you save time and money. 

At ISO Consulting Services, we provide small and medium-sized enterprises with assistance in developing integrated management systems after evaluating your organisational practices to find a smart and effective solution. 

Wondering if your business could benefit from implementing an integrated management system? Let’s take a look at five ways you could save money by shifting your systems and processes to a centralised framework.

  • Analysis — By integrating all of your systems and processes into one central framework, you’ll be able to more holistically evaluate your organisation. You’ll then be able to get a better understanding of areas of performance that can be improved — this kind of critical decision-making can lead to big cost savings for your business.
  • Streamline auditing — When it comes to auditing, you know what a big undertaking it can be for your business. You’ll be able to streamline your auditing process by using tools available through your integrated management system. This will be able to provide insights on high-risk items that need prioritised action ahead of time. This can save your organisation time and money further down the track during the external auditing process.
  • Avoid fines — By streamlining your processes, you’ll be more organised and can more effectively stay updated on legislation pertaining to standards. By reaching ongoing compliance, you’ll avoid any risk of fines and penalties to your business.
  • Increased productivity — After merging your existing systems to one central framework, you’ll reduce time spent managing multiple processes, which can then be redirected towards employee productivity in other important areas of the organisation. Furthermore, by onboarding a centralised management system, you’ll be able to effectively train staff with the best practices. This will streamline workflows and reduce the instances of human error.
  • Cost management implementation — By introducing integrated cost management you’ll be able to forward plan for the future of your organisation. You’ll be able to effectively project budgets while finding cost efficiencies for other areas of the business.

Get in contact today

If you’re continually running into issues with compliance, productivity, fines, auditing and believe your business could benefit from implementing an integrated management system, then ISO Consulting Services can help.

If you’re interested in learning more about how ISO Consulting Services can assist with improving your workflows and streamlining processes to one centralised framework, submit an application form today. Alternatively, you can get in contact to discuss your options further with someone from our team.

Is An Integrated Management System Right For Your Business?

Integrated Management System, also known as IMS is a term that is commonly used to integrate the followings:

  • Quality Management System (QMS) – ISO 9001 standard
  • Environmental Management System (EMS) – ISO 14001 standard
  • Occupational Health and Safety  Management System (OHSMS) – ISO 45001 standard

An integrated management system is designed to streamline and simplify the management of a company’s systems, processes and standards but it’s not the right choice for every type of organisation. As a general guide, you should only consider implementing an integrated management system when you can see a clear benefit to your business. But what are the primary benefits and how can you establish whether they apply to your business or not?

The benefits of integrated management system implementation

There are many potential benefits that may be derived from adopting an integrated management system that covers quality, environmental and occupational health & safety processes:

  • Elimination of redundancies – An integrated approach to the management of your quality, environmental and health & safety processes can eliminate redundancies through the creation of training, internal audit and review procedures that target all three areas simultaneously.
  • Improved decision making – When you can clearly see the effects of business decisions on all areas of your company, it’s easier to choose the best course of action in any given situation. There’s no need to analyse three separate areas as all three key processes are included in an integrated system of management.
  • Simplified Documentation – By implementing standard operating procedures that target quality, environmental and health & safety goals simultaneously, you can significantly reduce the amount of documentation required for internal auditing and review purposes. Simplified documentation is easier to maintain, manage and review.
  • Easier to establish accountability – With an integrated management system, it’s far easier to establish exactly who in your corporate hierarchy is responsible for specific decisions and their consequences. When the three key areas  – health & safety, environmental and quality processes – are divided, it can be difficult to assign responsibility for actions that affect two or more of these areas.
  • Enhanced reputation – A certified integrated management system will inspire greater confidence in your company, from the perspective of prospective clients and business partners. This is an important benefit for any organisation operating in a competitive commercial environment.
  • Productivity improvements – An integrated management approach to quality, environmental and health & safety processes can lead to substantial productivity improvements. With greater accountability and streamlined decision-making procedures, your company will be able to react to changing market conditions in a more timely manner. You’ll also be able to make more effective use of internal data, to take proactive action that improves your competitive edge.
  • Reduced management costs – As you can imagine, integrated management of all key areas of your business has the potential to reduce your administrative and maintenance costs considerably.

All these benefits and more have been realised by companies in diverse industries across the globe and could be realised by your business too. But is your company in a position to benefit from an integrated management system and are there any potential pitfalls of which you should be aware?

The importance of integrated management system preparation work

It’s important not to rush into the implementation of an integrated management system. Careful preparation, along with a detailed evaluation of existing processes, is key to a successful implementation.

  • Reconciling conflicts of interest – Environmental and health & safety goals do not always coincide with quality goals. With this in mind, it’s vital that you reconcile any potential conflicts of interest before implementing your new system. A management approach that sacrifices clarity in one or more of these areas simply to streamline business processes may not be the best choice for your organisation. However, with careful preparation, major conflicts can be avoided, or accounted for, in the new management system.
  • Combining the efforts of disparate departments – If your existing health & safety and quality processes are managed in entirely separate departments with little communication between the two, this will need to be addressed before introducing an integrated management system.
  • Competency Issues – If, by combining the management of two key processes in your business, you assign responsibility for a certain process to a manager who lacks the knowledge or expertise to deal with it effectively, problems may arise. This particular issue can either be solved through the appointment of senior personnel who possess the required experience or by encouraging existing management to work more closely together.
  • Training and implementation costs – Implementing an integrated management system may bring many benefits to your organisation but you need to be aware of the upfront costs. Employees at all levels will need to undergo training in the new system and senior personnel will need to document the new system in detail. These goals can be more easily achieved when working in partnership with an IMS certification specialist such as ourselves.

Evaluating your position and formulating a plan

If you would like to explore the possibility of implementing an integrated management system in your organisation, an IMS qualified consultant can help you to do so in the most effective manner possible. At ISO Consulting Services, we provide industry-leading consulting and certification services to companies in a wide range of industries across Australia. With offices in Melbourne, Sydney, Perth and Brisbane, and a network of local consultants in other areas, we’re able to provide professional IMS consultancy services to businesses in all parts of the country.

Contact us now and we’ll help you to evaluate your existing management process and formulate a plan for the introduction of an integrated management system that provides measurable benefits to your company.

New measures to support NDIS participants and providers through the COVID-19 outbreak


People who have returned from anywhere overseas, or have been in close contact with someone confirmed to have COVID-19, are required to self-isolate for 14 days. If you develop symptoms, including a fever and cough, you should immediately and urgently seek medical attention.
This information sheet should be read in conjunction with the ‘What you need to know’ and ‘Isolation guidance’ information sheets found at
Further information on COVID-19 what people can do to protect themselves and people they are caring for is available at or on 1800 020 080.


New measures to support NDIS participants and providers

On 21 March 2020, Minister for the National Disability Insurance Scheme (NDIS), Stuart Robert announced new measures to ensure essential support is in place for NDIS participants and providers through the COVID-19 outbreak.
For participants, this means:
 face-to-face planning shifted to telephone meetings where possible ensuring continuity of support,
 NDIS plans to be extended up to 24 months
 action plan to ensure NDIS participants and their families continue to receive the essential disability supports they need
 more flexibility in core vs capacity building supports
 proactive outreach to high-risk participants.
For providers, this means:
 financial assistance to providers including advance payments
 10 per cent COVID-19 loading on some supports
 more generous cancellation pricing
 PPE advice and training resources.
These measures are being put in place by the Department of Social Services, National Disability Insurance Agency (NDIA) and the NDIS Quality and Safeguards Commission (NDIS Commission), working with the Department of Health and state and territory governments.


NDIS Service Providers

Disability support workers should not attend work if they have a fever, symptoms of a respiratory illness, or are not vaccinated against influenza.
All NDIS service providers must notify the NDIS Quality and Safeguards Commission of any change to delivery of their services.
More information for NDIS providers and disability support workers is available on the NDIS Quality and Safeguards Commission website: This includes provider obligations, how to reduce the risk to participants, and links to updates and resources.


What advice is available for disability support workers and providers if they, or someone they care for, is at high risk of infection? 

The Department of Health has developed specific advice on Personal Protective Equipment (PPE) when looking after people who are confirmed to have, or suspected of having, COVID-19. Information for is available at
Further information on COVID-19, what people can do to protect themselves and people they are caring for is available at or on 1800 020 080.


How will the Government help with the increased financial burden of COVID-19? 

The Government is putting in place some measure to give NDIS service providers some financial relief, to help providers remain viable and retain their staff.
Registered NDIS providers may receive a one-month advance payment based on a monthly average supports delivered in the previous three month period – to provide immediate cash flow relief.
To cover the additional costs of service delivery for existing supports, a 10 per cent COVID-19 loading will be added to price limits for certain supports for up to six months.
This includes:
 core supports (Assistance with Daily Life (excluding Supported Independent Living) and Assistance with Social and Community Participation)
 capacity building supports (Improved Daily Living).
Additionally, increased flexibility of the NDIA’s cancellation pricing policy will allow providers to charge the full 100 per cent for the price of a cancelled service, and the definition of ‘short notice cancellation’ will also be broadened.
Providers can also continue to claim for the increased use of cleaning and personal protective equipment associated with COVID-19.


Is there training available for workers? 

The Department of Health has developed a free training module for support workers, including disability service providers, about infection prevention and control for COVID-19, available at
The Department has also developed a webinar on COVID-19 preparedness for in-home and community aged care. This webinar ( is also relevant to all providers and workers in the disability sector.

Further work is currently underway to develop measures to source additional disability support workers to provide high quality care to NDIS participants should the need arise. This will include the upskilling of displaced workers from other industries and matching existing and new workers to areas where there is a demand for services.


More information

Information for the whole community

For the latest advice, information and resources on COVID-19, go to or call the national Coronavirus Health Information Line on 1800 020 080. The information line operates 24 hours a day, seven days a week. If you require translating or interpreting services, call 131 450.
The phone number of each state or territory public health agency is available at


Information for providers and workers

Information and resources for NDIS providers and disability support workers are available through the NDIS Quality and Safeguards Commission at or 1800 035 544.



How ISO Consulting Services can help you

Please Check out our website for more details and download our FREE Bronze Package.

NDIS Rule 2019 – New changes that will commence on 1/1/2020


The amended National Disability Insurance Scheme (Provider Registration and Practice Standards) Rules 2018 (the rules) have been made by the Commissioner as “National Disability Insurance Scheme (Provider Registration and Practice Standards) Amendment (2019 Measures No. 1) Rules 2019”. The rules will commence on 1 January 2020.

In the following paragraphs, you will find a summary of these changes, but the Rules 2019 is available on


Summary of the new changes

1. Type of Audit for the Body Corporate with Low-Risk supports and services

Bodies corporate (Pty. Ltd. Companies) will no longer be required to undergo a certification audit when registering to deliver lower risk/lower complexity supports and services only (listed below). They are now required to meet the requirements of the Verification modules, which is consistent with the assessment of sole traders or partnerships.

This change means that:

  • They will be assessed against the Verification Module (5 standards) rather than Certification Core Module (22 standards).
  • They will be audited every 3 years as “Recertification Audit”, and no “Surveillance Audit” is required.
  • The audit will be undertaken as a “Desktop Audit” and no “Onsite Audit” required.
  • … last but not least, the cost of consulting, developing the policies and procedures and auditing is now cheaper for them.

Here is the list of lower risk/lower complexity registration groups:

101- Accommodation/tenancy assistance

103- Assistive Products for Personal Care and Safety

105- Personal Mobility Equipment

108- Assistance with travel/transport arrangements

109- Vehicle Modifications

111- Home Modifications

112- Assistive equipment for recreation

113- Vision Equipment

114- Community Nursing Care

116- Innovative community participation

119- Specialised Hearing Services

120- Household Tasks

121- Interpreting and Translation

122- Hearing Equipment

123- Assistive Products for Household Tasks

124- Communication and information equipment

126- Exercise Physiology and Personal Training

127- Management of funding for supports in participant’s plans

128- Therapeutic supports

129- Specialised driver training

130- Assistance animals

134- Hearing Services

135- Customised Prosthetics

2. Frequency of the Surveillance Audit 

Frequency of the “Surveillance Audits” for All providers who are required to undergo a Certification audit (but not Verification Audit), regardless of Business structures (listed below), has changed from 12-monthly to 18-monthly.

This change means that they will be assessed less frequently and consequently probably pay less auditing fee.

Here is the list of registration groups that are required the “Certification Audit”:

102- Assistance to access and maintain employment or higher education

104- High intensity daily personal activities

106- Assistance in coordinating or managing life stages, transitions and supports

107- Assistance with daily personal activities

110- Specialist positive behaviour support

115- Assistance with daily life tasks in a group or shared living arrangement

117- Development of daily care and life skills

118- Early intervention supports for early childhood

125- Participation in community, social and civic activities

131- Specialist disability accommodation

132- Specialised support coordination

133- Specialised supported employment

136- Group and centre‑based activities


How ISO Consulting Services can help you

Please Check out our website for more details nd download our FREE Frequently Asked Quesntions (FAQ) that is amended based on teh new changes.


Office of the Federal Safety Commissioner (OFSC) Accreditation


The construction industry is designated as a priority industry for work health and safety due to the high number and rate of work-related injuries and illnesses and inherent risks associated with working in the industry. However, the Cole Royal Commission into the Building and Construction Industry found that the safety record for the industry was unacceptable.

The Federal Safety Commissioner (FSC) was established in order to implement the majority of the Royal Commission’s WHS recommendations to develop, implement and administer a WHS accreditation scheme for Australian Government building and construction work.

In June 2004 it was announced that the FSC would be administratively established within the Department of Employment and Workplace Relations. The FSC and the Scheme are provided for under the Building and Construction Industry (Improving Productivity) Act 2016 (the Act).

Federal Safety Commissioner (FSC) for which projects and contractors?

Subject to certain financial thresholds, only builders who are accredited under the Scheme can enter into head contracts for building work that is funded directly or indirectly by the Australian Government.

Directly Funded Projects:

Projects are considered to be directly funded where an Australian Government agency has responsibility for the project funding and development, for example a Defence facility, Medicare or Centrelink Office or a fit-out or refurbishment of existing Australian Government office accommodation.

The Scheme applies to projects that are directly funded by the Australian Government with a value of $4 million or more.

Indirectly Funded Projects

Projects are considered indirectly funded where an Australian Government agency contributes funding to a recipient through a funding agreement, grant or other program, for example road construction projects funded by the Australian Government or a new school built by a state government using funding provided by the Australian Government.

The Scheme applies to projects that are indirectly funded by the Australian Government where

  • A head contract under the project includes building work of $4 million or more (GST inclusive) AND:
  • the value of the Australian Government contribution to the project is at least $6 million (including GST) and represents at least 50 per cents of the total construction project; OR

the Australian Government contribution to a project is $10 million (including GST) or more, irrespective of the proportion of Australian Government funding.

Additional requirements in comparison with AS/NZS 4801

The Federal Safety Commissioner (FSC) has strict requirements to develop documented processes for all WHS associated activities comparing the AS/NZS 4801. Here are some requirements:

  • The documented process to ensure all current health and safety legislation, codes of practice and Australian standards relevant to the project are readily available on-site and workers are informed of the method of access. Also, to ensure changes are reviewed and processes updated as required.
  • The documented process to ensure that senior managers demonstrate participation in the company HIRAC processes.
  • The documented process to ensure the project HIRAC process is undertaken by personnel trained in the use of the company’s HIRAC methodology and tools.
  • The documented process to liaise with client/public/other entities to implement a HIRAC process for any hazards impacting any of the parties.
  • The documented process to define the company’s acceptable risk level and management actions to be taken if the assessed risk is higher than that level.
  • Documented process to ensure a competent person completes a site-specific assessment of potential health hazards, including – biological; – physical; and – chemical/atmospheric contaminants.
  • Documented process to ensure inspection, measuring and test equipment related to health and safety is identified, calibrated, and maintained in accordance with manufacturers’ requirements and relevant legislation, codes of practice and Australian standards.
  • The documented process to ensure Investigations: – are undertaken by a trained person(s); – identify the factor(s) that led to the incident; – incorporate a process for the identification and management of corrective actions; – involve and/or are reviewed by site/senior management as defined by the company’s system; and – prompt a review of relevant
  • The documented process to manage corrective actions for identifying organisation-wide issues and ensuring lessons learnt are communicated throughout the organisation.
  • The documented process that ensures senior managers regularly visit the site and discuss WHS issues with site management and workers.

How ISO Consulting Services can help you

Please contact us if you need our hands to assist you to develop and establish your FCS framework. We will assist you with

  • Conducting a document review and gap assessment against the requirements of OFSC Accreditation Scheme
  • Update the existing documents and Develop required documents in compliance with the requirements of OFSC Accreditation Scheme
  • Providing supervision, consultation and guidance for implementation of systems
  • Conducting internal audit and assisting with corrective actions
  • Assisting with completion of OFSC scheme application
  • Attending at the OFSC audits and assisting with corrective actions




ISO 45001 – Future of your OHS Management System


ISO 45001, the world’s most anticipated standard for workplace health and safety (WHS) systems was published on 12 March 2018. This new Occupational Health and Safety (OHS) Management System standard is aligned with ISO 9001:2015 (Quality Management System) and ISO 14001:2015(Environment Management System) which have been designed based on High Level Structure (HLS). ISO 45001:2018 has been designed as an international standard which has been published by International Organisation for Standardisation (ISO) to replace the existing standards such as OHSAS 18001:2007.

In developing the standard, consideration has been given to the content of other international standards (such as OHSAS 18001 or the International Labour Organisation’s “ILO–OSH Guidelines”) and national standards (such as AS/NZS 4801), as well as to the ILO’s International Labour standards and conventions (ILSs).

OHSAS 18001 and most likely AS/NZS 4801:2001 will be withdrawn after the publication of ISO 45001. Organisations that are currently certified to OHSAS 18001 and/or AS/NZS 4801 will have a three-year window to upgrade their existing certificate to ISO 45001.

So, if your organisation is considering implementing this new standard, a useful starting point is to complete a gap assessment. It will help you understand which areas you already meet and where you will need to implement new approaches or activity to address the requirements. If your organisation is already certified to AS/NZS 4801:2001 and/or OHSAS 18001:2007, the gap assessment will also help you to understand the gaps and how to address them to upgrade your existing OHS system to a ISO 45001 compliant one.

Benefits of implementing ISO 45001

Implementing an ISO 45001-based OH&S management system will enable an organisation to improve its OH&S performance by

  • Establishing systematic processes to consider context of the organisation and its risks and opportunities,
  • Being recognised for having achieved an international benchmark,
  • Evaluating its OH&S performance and improve it, through taking appropriate actions,
  • Developing and implementing an OH&S policy, objectives and targets,
  • Developing a systematic approach for the OHS and other risks to eliminate or minimise them through operational control,
  • Improving its ability to identify the relevant legislations and reducing risk of non-compliance with them and the associated costs,
  • Reducing risk of work-related incidents and diseases and their associated costs and insurance premiums,
  • Engaging employees more actively through consultation, communication, awareness and training,
  • Increasing employee satisfaction and motivation.

Major differences with OHSAS 18001 and AS/NZS 4801

There are many minor differences in the content of ISO 45001 compare to OHSAS 18001 and AS/NZS 4801, but the major differences can be summarised as:

  • New structure based on the High-Level structure (HLS) for easier integration with other management system standards such as ISO 9001:2015, ISO 14001:2015, ISO 27001:2013
  • Stronger focus on organisational context and understanding needs and expectations of interested parties as a combination of both internal and external factors regarding health and safety management
  • Stronger emphasis on leadership to ensure the OHS matters is integrated with the business strategies and day-to-day activities.
  • Stronger emphasis on worker participation and engagement in every aspect of OHS management system
  • Absence or a need for a specific health and safety management representative to ensure that the ownership of OHS management system is not
  • A need for two-way communication with internal and external stakeholders
  • Enabling an organisation to integrate other aspects of health and safety, such as worker wellness/wellbeing
  • Introducing risk management approach and risk /opportunity concept for the management system itself in addition to operational occupational health and safety hazards and their associated risks
  • A requirement for outsourced operations to use the parent’s company health and safety standard.

In the next section, the three OHS standards have been compared clause-by-clause in the comparison table.

ISO 45001 Vs. AS 4801 Vs OHSAS 18001

AS/NZS 4801:2001OHSAS 18001:2007ISO 45001:2018
0. Introduction0. Introduction
1. Scope1. Scope1. Scope
2. Referenced Reference2. Normative Reference2. Normative reference
3. Definitions3. Terms and Definitions3. Terms and definitions
4. OHSMS Requirements
4. OH&S Management Systems
4. Context of the organisation
4.1. Understanding the organisation and its context
4.2. Understanding the needs and expectations of interested parties
4.1. General Requirements
4.1. General Requirements
4.3. Determining the scope of OH&S management system
4.4. OH&S management system
10.3. Continual improvement
5.1. Leadership and Commitment
4.2. OH&S Policy4.2. OH&S Policy5.2. OH&S Policy
4.3. Planning
4.3. Planning
6.1. Actions to address risks and opportunities
6.1.1. General
4.3.1. Planning identification of hazards, hazard/risk assessment and control of hazards
4.3.1. Hazard identification, risk assessment and determining controls
6.1.2. Hazard Identification and assessment of risks and opportunities
6.1.4. Planning action
4.3.2. Legal and other requirements4.3.2. Legal and other requirements6.1.3. Determination of legal requirements and other requirements
4.3.3. Objectives and Targets
4.3.3. Objectives and programme(s)
6.2.1. OH&S objectives
4.3.4.OHS management plans6.2.2. Planning to achieve OH&S objectives
4.4. Implementation
4.4. Implementation and operation
8. Operation
4.4.1. Structure and Responsibility
4.4.1. Resources, roles, responsibility, accountability and authority
5.3. Organisational roles, responsibilities and authorities Resources7.1. Resources Responsibility and accountability5.3. Organisational roles, responsibilities and authorities
4.4.2. Training and competency
4.4.2. Competence, Training and Awareness
7.2. Competence
7.3. Awareness
4.4.3 Consultation, communication and reporting
4.4.3. Communication, participation and consultation
5.4. Consultation and participation of workers Consultation Communication
7.4. Communication Reporting
4.4.4. Documentation
4.4.4. Documentation
7.5. Documented information
7.5.1. General
4.4.5 Document and data control
4.4.5. Control of documents
7.5.2. Creating and updating
7.5.3. Control of documented information
4.4.6 Hazard identification, hazard/risk assessment and control of hazards/risks
4.4.6. Operational Control
8.1. Operational planning and control
8.1.1. General
8.1.2. Eliminating hazard and reducing OH&S risks
8.1.3. Management of Change
8.1.4. Procurement
4.4.7. Emergency Preparedness and Response4.4.7. Emergency Preparedness and Response8.2. Emergency preparedness and response
4.5.1 Monitoring and measurement4.5. Checking9. Performance evaluation
4.5.1. Performance measurement and monitoring9.1. Monitoring, measurement, analysis and performance evaluation General9.1.1. General Health surveillance
4.5.2. Evaluation of Compliance9.1.2. Evaluation of compliance
4.5.2 Incident investigation, corrective and preventive action
4.5.3. Incident investigation, nonconformity, corrective action and preventive action
10.2. Incident, nonconformity and corrective action Incident Investigation Nonconformity, corrective and preventive action
4.5.3 Records and records management4.5.4. Control of Records7.5.3. Control of documented information
4.5.4 OHSMS audit4.5.5. Internal Audit9.2. Internal Audit
4.6. Management Review4.6. Management Review9.3. Management review
10. Improvement

The Transition Approach

As there is a three-year transition period for replacing OHSAS 18001 and AS/NZS 4801 with ISO 45001, if you are already certified to the current OHS standard, it is a good timing for upgrading your system to ISO 45001, but if you have not achieved any OHS certificate so far, you can design your OHS management system based on the high level structure and get certified to ISO 45001:2018 as soon as certification bodies become authorised to issue the ISO 45001:2018 certificate.
As a best practice approach, you may follow the following step-by-step phases.

How ISO Consulting Services can help you

We have designed our exclusive gap assessment tool which provides you not only the gaps and the area where you need to improve, but also a numerical and graphical analysis of your current compliance score and how you can increase your compliance level.




ISO 13485:2016 – New Revision of QMS for Medical Devices


The latest edition of ISO 13485, the internationally recognised quality management systems standard for medical device industry, with over 27,000 certificates globally, has been published on March 1, 2016.

ISO 13485:2016 identifies the requirements for a quality management system (QMS) in which an organisation needs to demonstrate its ability to provide medical devices and related services that consistently meet both customer and regulatory requirements.

This third edition cancels and replaces the second edition (ISO 13485:2003) and ISO/TR 14969:2004, which have been technically revised. It also incorporates the Technical Corrigendum ISO 13485:2003/Cor.1:2009.


ISO 13485:2016 Changes

Some of the most critical changes in the 2016 version include:

  • Incorporation of risk-based approaches beyond product realisation. Risk is considered in the context of the safety and performance of the medical device and in meeting regulatory requirements;
  • Alignment of global regulatory requirements and meet customer and applicable regulatory requirements for safety and performance;
  • Application to organisations throughout the lifecycle and supply chain for medical devices;
  • New requirement related to protection of confidential health information;
  • Emphasising the requirements for software validation for different software in different clauses of the standard considering the risk approach;
  • Increased focus regarding feedback mechanisms to utilize feedback in risk management processes;
  •  Specific requirements for documentation and validation of processes for sterile medical devices considering control of contamination with microorganism or particulate matter;
  • Adds requirement that infrastructure prevents product mix-up and ensure orderly handling of product.
  • Strengthening of supplier control processes and the changes made by them;
  • Additional requirements in design and development on consideration of usability, use of standards, verification and validation planning, design records and design changes considering the risk of changes;
  • Add design and development transfer and design and development file as two new sub-clauses;
  • Planning and documenting corrective action and preventive action, and implementing corrective action without undue delay and also considering adverse effect;
  • Added requirements for sterile barrier systems


ISO 13485:2016 and ISO 9001:2015

The ISO 13485 standard was updated for two main reasons: to keep up with changes in the industry and to address changes in the underlying ISO 9001 standard. While the old ISO 13485 2003 standard was based on the old ISO 9001 2000 standard, the new one is based on ISO 9001 2008. While some people expected the new ISO 13485 standard to use the latest ISO 9001 2015 standard, ISO TC 210 evidently feels that the older ISO 9001 standard better serves the needs of medical device suppliers, regulators, and customers.

For the convenience of users, below table shows the correspondence between these two standards.

ISO 13485-2016 Vs. ISO 9001-2015



How ISO Consulting Services can help you

Please contact us  if you need our hands to assist you for develop and establish your management system in compliance with the requirements of ISO 13485:2016 standard. We also offer a gap assessment service to find out how close you are to your ISO 13485:2016 certificate.




ISO 27001: 2013 – Information Security Management System (ISMS)

What is ISO 27001?

ISO 27001 is an internationally recognized structured methodology dedicated to information security and the only auditable international standard which defines the requirements for an Information Security Management System (ISMS). The ISO 27000-series comprises information security standards published jointly by the International Organisation for Standardization (ISO) and the International Electro technical Commission (IEC).

The series provides best practice recommendations on information security management, risks and controls within the context of an overall Information Security Management System (ISMS), similar in design to management systems for quality assurance (the ISO 9001) and environmental protection (the ISO 14001).

The series is deliberately broad in scope, covering more than just privacy, confidentiality and IT or technical security issues. It is applicable to organisations of all shapes and sizes. All organisations are encouraged to assess their information security risks, and then implement appropriate information security controls according to their needs, using the guidance and suggestions where relevant. Given the dynamic nature of information security, the ISMS concept incorporates continuous feedback and improvement activities, summarized by Deming’s “plan-do-check-act” approach, that seek to address changes in the threats, vulnerabilities or impacts of information security incidents.

  • The Plan phase is about designing the ISMS, assessing information security risks and selecting appropriate controls.
  • The Do phase involves implementing and operating the controls.
  • The Check phase objective is to review and evaluate the performance (efficiency and effectiveness) of the ISMS.
  • In the Act phase, changes are made where necessary to bring the ISMS back to peak performance


ISO 27000-series Published standards

  • ISO 27000 Fundamental and Vocabulary
  • ISO 27001 Information Security Management Requirements
  • ISO 27002 Code of Practice
  • ISO 27003 Implementation Guidance
  • ISO 27004 Information security management measurements
  • ISO 27005 Information security risk management
  • ISO 27006 Requirements for certification bodies
  • ISO 27007 Guidelines for Information security management systems auditing
  • ISO TR 27008 Guidance for auditors on ISMS controls (focused on the information security controls)
  • ISO 27010 ISM for inter-sector and inter-organizational communications
  • ISO 27011 Information security management guidelines for telecommunications
  • ISO 27013  Guideline on the integrated implementation of ISO 27001 and ISO/IEC 20000-1
  • ISO 27014  Information security governance
  • ISO TR 27015 Information security management guidelines for financial services
  • ISO 27031 Business Continuity
  • ISO 27032 Guidelines for cyber security
  • ISO 27033 IT network security
  • ISO 27034 Guidelines for application security
  • ISO 27035  Information security incident management
  • ISO 27036-3  Information security for supplier relationships Guidelines for information and communication technology supply chain security
  • ISO 27037  Guidelines for identification, collection, acquisition and preservation of digital evidence
  • ISO 27799 Security Management in Health
  • Up to ISO 27059 Reserved for future standards


Structure of the ISO 27001: 2013

ISO 27001:2013 has the following sections:

  • Introduction, the standard uses a process approach.
  • Scope, it specifies generic ISMS requirements suitable for organisations of any type, size or nature.
  • Normative references, only ISO 27000 is considered absolutely essential to users of 27001
  • Terms and definitions, a brief, formalized glossary, soon to be superseded by ISO 27000.
  • Context of the organisation, understanding the organisational context, the needs and expectations of ‘interested parties’, and defining the scope of the ISMS.  Section 4.4 states very plainly that “The organisation shall establish, implement, maintain and continually improve” a compliant ISMS.
  • Leadership, top management must demonstrate leadership and commitment to the ISMS, mandate policy, and assign information security roles, responsibilities and authorities.
  • Planning outlines the process to identify, analyze and plan to treat information security risks, and clarify the objectives of information security.
  • Support, adequate, competent resources must be assigned, awareness raised, documentation prepared and controlled.
  • Operation, a bit more detail about assessing and treating information security risks, managing changes, and documenting things (partly so that they can be audited by the certification auditors).
  • Performance evaluation, monitor, measure, analyze and evaluate/audit/review the information security controls, processes and management system in order to make systematic improvements where appropriate.
  • Improvement, address the findings of audits and reviews (e.g. nonconformities and corrective actions), make continual refinements to the ISMS

Annex A Reference control objectives and controls, little more in fact than a list of titles of the control sections in ISO 27002.  The annex is ‘normative’, implying that certified organisations are expected to use it, but they are free to deviate from or supplement it in order to address their particular information security risks.


ISO 27001 Certification around the world and in Australia

Certified compliance with ISO 27001 by an accredited and respected certification body is entirely optional but is increasingly being demanded from suppliers and business partners by organisations that are concerned about the security of their information, and about information security throughout the supply chain or network.

Based on ISO survey 2013, more than 22,000 of ISO 27001 certificates have been issued all over the world. Out of these certificates, Australian share was only 140 certificates. However, based on the information security attacks and vulnerabilities reports which are published every year, we can see the need for Australian corporations to consider the ISO 27001 as the best practice. There should be some reasons why Australian rate of using ISO 27001 is so much lower than developed countries. Some of those reasons could be:

  • Lack of awareness about ISO 27001
  • Not realizing of information security importance
  • Indirect relation between information security and organisations performance
  • Lack of legislation requirements
  • Financial crisis


How ISO Consulting Services can help you

Please  contact us  if you need more details on how our expert team can assists you in training and developing a new or updating your current ISMS in compliance with ISO 27001:2013 standard.