COMMITMENT TO QUALITY
COMPLIANCE
ISO/IEC 27001:2013 –Information Security Management Systems
The objective of ISO/IEC 27001:2013 is to "provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an Information Security Management System". ISO/IEC 27001:2013 is the updated version of the British Standard for Information Security Management Systems, BS 7799-2:2002. The standard covers all types of organizations. It is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties.
IRIS Corporation Berhad (IRIS) has been awarded the ISO/IEC 27001:2013 certification in recognition of its standardized best practices and effective information security management system (ISMS) for digital identity security across the organisation.
The ISO/IEC 27001:2013 certification demonstrates IRIS’S obligation to leverage on domestic and international expertise to embrace global standards of service provision in compliance with applicable regulatory requirements to further its business objectives and scientific goals, and provide superior quality to its sponsors.
The standard ensures controls are in place to reduce the risk of security threats and to avoid system weaknesses being exploited. It will also help IRIS to develop a business continuity plan that will minimize impact of any security breaches.
IRIS recognises the important of this certification and acknowledges that ISO/IEC 27001:2013 will ensure employees in the organisation-from management to technical staff-to get on the same frequency regarding goals, individual duties, improving communication and ultimately results.
In summary, this achievement signifies IRIS’S commitment to deliver the highest quality information security management system for our customers worldwide.
ISO 9001:2015 – Quality Management Systems
ISO 9001:2015 specifies requirements for a quality management system where an organization needs to demonstrate its ability to consistently provide product that meets customer and applicable statutory and regulatory requirements, and aims to enhance customer satisfaction through the effective application of the system, including processes for continual improvement of the system and the assurance of conformity to customer and applicable statutory and regulatory requirements.
ISO 9001:2015 sets out the criteria for a quality management system and is the only standard in the family that can be certified to (although this is not a requirement). It can be used by any organization, large or small, regardless of its field of activity.
In fact ISO 9001:2015 is implemented by over one million companies and organizations in over 170 countries. Where any requirement(s) of ISO 9001:2015 cannot be applied due to the nature of an organization and its product, this can be considered for exclusion.
The standard is based on a number of quality management principles including a strong customer focus, the motivation and implication of top management, the process approach and continual improvement. Using ISO 9001:2015 helps ensure that customers get consistent, good quality products and services, which in turn brings many business benefits.
ISO 14298:2021 (INTERGRAF) – Management of Security Printing Processes
ISO 14298:2021 is an international standard that specifies requirements for an organization’s security management system, published by the International Organization for Standardization (ISO). Due to the nature of the subject the public ISO 14298 Standard is not very detailed on the specific measures companies need to take in order to secure their production processes. Besides the official and publicly available standard document, Intergraf provides confidential Implementation Guidelines and Intergraf Certification Requirements (ICR), exclusively developed for the security printing industry and the specific needs of this market. Those requirements are confidential and are not publicly available as access to these documents needs to be limited to security printers.
Intergraf ISO 14298 specifies requirements for the management of security printing processes.
Our commitment to the Intergraf ISO 14298 security management system, together with active and proactive risk management, enhances our strength and resilience to risk and potential threats.
At IRIS, the Intergraf ISO 14298 certification extends trust and demonstrates our competence, particularly in:
- Aligning with the industry standard for quality and information security management (ISO 14298 aligns with ISO 27001);
- Supporting most, if not all, preferred supplier status and/or tender responses;
- Clearly setting out how to address and manage the key security printing or supplier requirements;
- Demonstrating how information and printing/supply chain systems are safeguarded;
- Helping us and our customers to prepare for the unexpected; and
- Securing market differentiation.
CWA 15374:2018 (INTERGRAF) – Security Management System for Suppliers to the Secure Printing Industry
Intergraf’s CWA 15374 specifies security management system requirements for suppliers to the security printing industry. With CWA 15374 certification, IRIS, is committed to ensure that from logical security to physical security to supply chain assurance, a set of requirements are met to guarantee a high level of security across all operations when manufacturing and delivering security products including inlays for passports, cards and electronic covers for passports.
CWA 15374 certification does not only combine a wide variety of security requirements in order to guarantee maximum security from development to deployment of a printed product. They actually go beyond the requirements of the publicly available international standard to provide core requirements for interacting and conducting business in today’s security printing market.
As a trusted security supplier, CWA 15374 certification extends trust and demonstrates IRIS competence, particularly in:
- Aligning with the industry standard for quality and information security management (CWA 15374 aligns with ISO 27001);
- Implementing a proven security management system
- Providing a recognised reference for governments and industry
- Strengthening customer’s confidence and satisfaction; and
- Helping to fight forgery and counterfeit.
ISO 14001:2015 – Environmental Management Systems
IRIS’ Environmental Management System (EMS) Policy & Objectives. IRIS is committed to the design, development, manufacture, and application of secure identification products and solutions while ensuring the environment is protected and that compliance obligations are fulfilled.
In continually improving the environmental management system and protection of the environment, including preventing pollution, IRIS has set the following objectives:
| ENVIRONMENTAL OBJECTIVES | TARGET | MEASUREMENT METHODS |
|---|---|---|
| To reduce generation of hazardous waste | >3% reduction on yearly waste generation | Total annual volume of scheduled waste (kg) over total production output |
| To achieve zero (0) major chemical spillage | Zero (0) case | No reported incident |
| To achieve zero (0) environment related fine or violation | Zero (0) case | Number of fines or notices from Department of Environment (DOE) |
IRIS’ Environmental Management System (EMS) Policy & Objectives
IRIS is committed to the design, development, manufacture, and application of secure identification products and solutions while ensuring the environment is protected and that compliance obligations are fulfilled.
In continually improving the environmental management system and protection of the environment, including preventing pollution, IRIS has set the following objectives:
- Reduction of hazardous waste generation and the safe handling in the aspect of transportation and disposal of such waste;
- To achieve zero (0) major chemical spillage; and,
- To achieve zero (0) environmental management related fine or violation issued by authorities.
MEMBERSHIP
