Five certifications that worked well in France in 2018

Five certifications that worked well in France in 2018

In an environment characterized by transition to the new versions of ISO 9001 and ISO 14001, the International Organization for Standardization draws attention to a rise in the number of ISO 27001 (information security) and ISO 45001 (occupational health & safety) certificates awarded worldwide. Report on the main trends indicated in the 2018 ISO Survey, including the 12 major management system standards, and a focus on France.

1. Information security: ISO 27001 at its best

Undeniably an effect of GDPR! The European General Data Protection Regulation came into force in May 2018 and resulted in quite a scramble to become ISO 27001 compliant: three times as many certificates were issued to organizations in France in 2018 than in 2017, including many by AFNOR Certification, reaching a figure of 925 certified sites in France (grouped under 223 certificates). The trend is also global, since the total number of certified sites in the world is now close to 60,000, compared with 39,500 a year ago and barely 10,000 in 2011. A sign of much greater awareness by organizations on this now fundamental issue. Being very much in line with GDPR requirements, ISO 27001, which gives guidelines on operating a good information security management system, is naturally relatively successful in European Union countries. Over a third of the certificates relate to sites inside the EU, way ahead of the United States, China and India.

2. Occupational health & safety: a successful start for ISO 45001

Another key trend in 2018: a flying start for the brand new ISO 45001 occupational health and safety certification, based on the standard of the same name published in the spring of 2018. Already around 12,000 certificates have been issued for more than 14,000 certified sites across the world, but with a more modest beginning for France with only 94 certificates covering 208 sites. One such is the company Axon Cable, certified by AFNOR Certification. This standard, adopting the common structure for all ISO management system standards, assists organizations wishing to create better and safer working conditions for their employees and service providers. As might be expected, the construction (1,673 certified sites worldwide) and steel sectors (1,078) are the keenest users. It should be noted that China is ahead of the game with 4,000 certified sites, followed by the UK (1,500) and then Italy (1,400).

3. Quality management: ISO 9001, a valuable asset

ISO 9001 is still the most used certification, across all sectors. Around 1.2 million sites worldwide are certified based on the 2015 version (the most recent and now the only valid one) of this standard governing quality management, compared with 1.05 million in 2017. In greater detail, China tops the list with 297,000 certified sites, a long way in front of Italy (126,000), Germany (73,000) and Japan (68,000). Spain is the other country in the world top five, just slightly ahead of France in terms of number of sites. Other countries, for example India and the UK, are ahead of France on number of certificates, but not on number of sites, given that one certificate can cover several sites (58,467 in France).

4. Environmental management: ISO 14001, an essential tool

Environmental management, with ISO 14001, retains its position as the second most certificate-generating standard in the world. 447,000 sites met its requirements in 2018. “I’m seeing a gradual rise in the number of certified organizations in the construction, engineering services, information technology and real estate sectors,” says Anne Benady, who monitors the Environment area for AFNOR Group. “This reflects the fact that they take more account of their environmental impacts… and also the more stringent requirements of their paymasters!” In France, 6,084 ISO 14001 certificates were valid at 31 December 2018, covering 19,468 sites

5. Energy management: mixed results for ISO 50001

Indirectly linked to environmental aspects, ISO 50001 and energy management continue to make headway across the world. 46,000 sites now hold the certification, the momentum being driven by Germany (14,000) and France (7,700). In sectoral terms and as might be expected, holders of this type of certification tend to be mostly very energy intensive industrial companies, in particular those in the agri-food, chemicals and plastics technology sectors.

But in France, ISO 50001 is slow to take hold. 938 organizations were certified in 2017, but there were only 770 in 2018 according to ISO (for 7,700 sites in total). One of these is fire extinguisher manufacturer Desautel following an AFNOR Certification audit based on the 2018 version of the standard. “This may be explained as a short-lived effect,” says Béatrice Poirier, head of the Environmental Performance range with AFNOR Certification and who expects a subsequent upswing in certifications. “A peak was reached following regulatory measures granting a number of exemptions to companies on presentation of an ISO 50001 certificate. Once certified, some of them chose not to continue on this path. An unfortunate decision: we have just published a study clearly indicating that an energy management system based on ISO 50001 immediately impacts on energy consumption by correcting apparent anomalies, but also has long-lasting effects when efforts are sustained over several years.” 

Last but not least, 2018 will also be characterized by an emerging interest in ISO 37001, a new anti-bribery standard based on which 1,500 sites in the world now hold certification (389 certificates in total). And by the flourishing ISO 22000 certification in food safety, ranking fourth in the world, evidence of the interest by professionals in this subject closely scrutinized by consumers (32,120 certificates worldwide in 2018 including 140 in France).

“Information systems: real enthusiasm for ISO 27001”

Michel Tudela, auditor for AFNOR Certification

Eagerness to be certified for an information security management system is relatively new, but pronounced. Recent cases of hacking into the computer systems of large organizations and theft of consumer data have given prominence to this crucial issue: data has value and everyone is involved. Media coverage of the entry into force of GDPR (the European Data Protection Regulation) in May 2018 contributed to this collective awakening. This is excellent news for ISO 27001 certification whose requirements for the most part correspond to those of GDPR. Being certified gets us on the path to compliance!

The text is very technical and covers all matters relating to information systems in organizations. The entire processing path of customer and internal information, its use and any modifications it may be subject to are scrutinized through this certification which is based around four pillars: availability, integrity, confidentiality and traceability. This explains the enthusiasm for ISO 27001 certification in recent months. No sector is exempt. Information control is everywhere. Guaranteeing its protection is a major strategic and economic issue. 

“OH&S: strong awareness about ISO 45001”

Béatrice Poirier, head of the Environmental Performance range with AFNOR Certification

Previously, British standard OHSAS 18001 was the benchmark for occupational health and safety. But since the publication of ISO 45001 in March 2018, economic players are clearly turning to this international text, and in large numbers. The standard is constructed using the same structure as for ISO 9001 and ISO 14001 and is part of a significant global trend, together with the emerging issue of well-being at work.
In addition to addressing care for employees, well-being also represents an important economic issue. Organizations have indeed understood that creating good working conditions and preventing accidents at work and occupational illnesses is very advantageous, compared with the costs generated by a production stoppage following an accident. ISO 45001 anchors these issues in the organization’s culture. All sectors are affected. Their credibility and their image are at stake. It’s also a way of preparing for the future: certification could one day form part of prerequisites for responding to calls for proposals, for example.”