Action Et Performance n14

&performancection

P.11

14juin/june2011LE MAGAZINE DAFNOR CERTIFICATIONAFNOR CERTIFICATION MAGAZINE

Priorit la scuritde linformation Priority to information security

ISO 27001

Le dveloppementdurable selon Geodis Sustainable developmentaccording to Geodis

Certificat QSE pour Orange Mali QSE Certification forOrange Mali

LISO 9001 pour les TPE ISO 9001 for small businesses

P.03

P.17

P.21

p.02action&performance14 AFNOR Certification - Tel. : + 33 (0)1 41 62 80 11

actus/AFNOR Certification

Comment raffirmer le caractreindispensable de la certificationalors quelle est peu visible dans notre quotidien ? Commentcombattre les ides reues de la certification ? Deux questionsautour desquelles le leader de la certification a choisi de reprendrela parole en toute lgitimit. En raffirmant une valeur que nous dfendons depuis toujours la qualit performance nousapportons la preuve que la certifi-cation fait gagner : gain de recon-naissance, de performance, detemps et dargent, la certificationest un atout indniable de compti-tivit. Des lments tangibles pourles chefs dentreprise daujourdhui.

Entrez dans un monde Le concept repose sur un mondeengageant, accueillant, chaleureux,

rassurant mais qui interpelle. Nous invitons les entreprises et lesindividus entrer dans ce mondeo les discordances trouvent descorrespondances, o les rglessociales et conomiques vont parfois lencontre des ides prconues.Un monde o les marques AFAQ,NF, AFNOR Certification sont les sceaux de ce systme et laboutique en ligne, la porte dentre.Plus dinformation sur votre espaceclient.

AFNOR Certification launches a campaignTo mark the changes in itscertification brands and thelaunch of its new online shop,AFNOR Certification is launchinga press and Internet advertisingcampaign.

How can we convey the essentialnature of certification despite its lackof visibility in our everyday lives?How can we dispel preconceivedideas about certification? The leaderin certification has chosen toaddress these two questions onceagain from a very credible position.By reaffirming a value we havedefended from the very start,performance quality, we areproviding proof that certificationpays dividends: increasedrecognition, improved performance,savings in time and money -certification is an undeniablecompetitive asset. Tangible factorsfor todays business managers.

Enter a worldThe concept is based on an inviting,welcoming, warm and reassuringworld, but one that also questions.We invite companies and individualsto enter this world in whichinconsistencies are made consistent,and where social and economic rulessometimes go against preconceivedideas. A world in which the brandsAFAQ, NF and AFNOR Certificationare the hallmarks of the system andthe online shop is the entrance.

AFNOR Certification part en campagne

loccasion de lvolution de ses marques de certification et dulancement de sa nouvelle boutique en ligne, AFNOR Certificationlance une campagne de publicit presse et internet.

An essential link in thecustomer relationship,guaranteeing thecompanys sound health,the sales person cannow provide tangibleproof of his or her skills.AFNOR Certification is launching the firstcertification of individualswhich recognises theprofessionalism andconscientiousness ofsalespeople. According toStphane Barralis, managerof Clair Azur, the Frenchleader in spas and steamrooms: Certification gives our customers theguarantee of a highlycompetent salesperson,someone they can trust.For business managers,third-party certificationcontributes towards thecompanys commercialsuccess. A certifiedsalesperson complies with

the AFNOR Certificationcode of behaviouralethics, explains StphaneBarralis, in other words,guaranteeing the quality ofthe customer relationship,defending the companyand promoting its image,following a specific salesprocedure, guaranteeingthe right product recom-mendation in line with thecustomers needs.

Enter a worldAt the end of a five-daytraining course run by our partner Forventor,candidates sit an exam,with a certificate awardedon successful completion.In the course of the nextsix months, a mystery or supervised sales callconfirms the certificationwhich is then awarded fora period of 18 months.

La campagne est visible du 9 mai au 20 juin dans la presse conomique et

spcialise, et sur uneslection de sites internet.

The campaign will run from 9 May to 20 June in the

financial and specialist pressand on selected websites.

Maillon essentiel de la relationclient qui garantit la bonne santde lentreprise, linterlocuteurcommercial peut dsormais faire valoir ses comptences. AFNOR Certification lance lapremire certification de personnesqui reconnat le professionnalismeet le srieux des commerciaux.Selon Stphane Barralis, dirigeantde Clair Azur, leader franais desSPA et hammam : la certificationgarantit nos clients un vendeurdigne de confiance et de grandecomptence . Pour le chefdentreprise, la certification tiercepartie contribue la russitecommerciale de lentreprise. Le vendeur certifi adhre au code de dontologie compor-

tementale dAFNOR Certification,prcise Stphane Barralis, savoir :garantir la qualit de la relation avecle client, dfendre lentreprise etvaloriser son image, respecter unprotocole de vente prcis, garantirune juste prconisation produit quidonnera satisfaction au client .

Une certification en 3 tapes lissue dune formation de 5 joursdispense par notre partenaireForventor, le candidat passe un examen qui donne lieu ladlivrance du certificat. Une visitemystre ou supervise ralisedans les 6 mois confirme la certifi-cation qui est alors attribue pour18 mois.

Interlocuteur commercial de confiance

A trusted sales advisor

a meetingwith.../

rencontre/.14juin/june 2011

p.03action&performance14

>>>>>> Pour tendre vers le dveloppement durable, le spcialiste de la logistiqueest linitiative dune dmarche fdratrice et rgulirement value reposant surun systme QSE intgr. Retour dexprience avec Rgis Lesieux, directeur QSE etdveloppement durable.

Geodis Logistics sur la voie du dveloppement durable

Comment avez-vous positionnvotre dmarche QSE ?

Rgis Lesieux (RL) : Jusquen 2008,plusieurs systmes qualit cohabitaient ausein de la division Geodis Logistics. Nousavons alors choisi daller vers un systmeQSE commun lensemble des sites situsen France et au Maghreb. Ce systme sera tendu cette anne sur nos sites enEspagne, en Allemagne et au Benelux. Pour russir, nous avons dfini 25 incontournables qui donnent le cadreminimum et commun toutes nos units.Ces incontournables dsignant lesprocessus ont t dfinis partir des pointscommuns des rfrentiels qualit, environ-nement et scurit. La pertinence de cetteapproche a t reconnue par AFNORCertification fin 2008, lors de nos audits ISO 9001, ISO 14001 et OHSAS 18001. En outre, nous nous sommes lancs dans le dveloppement durable avec unedmarche intgrant le systme QSE commesocle de base. Cette initiative baptise STC Satisfaction Totale des Clients, des Collaborateurs et des Citoyens , est un systme de management de lentreprisecouvrant les trois axes du dveloppementdurable. Elle a t dploye en trois tapes :STC clients en 2008, STC collaborateurs en 2009 et STC citoyens en 2010.

Geodis Logistics on track for sustainable developmentIn a move to promote sustainabledevelopment, the logistics specialist has launched a federative and regularlyevaluated approach that hinges on anintegrated QSE system. Rgis Lesieux,corporate V-P for QSE and SustainableDevelopment, gives us his feedback.

How did you position your QSE approach?

Rgis Lesieux (RL): Until 2008, the GeodisLogistics division had been hosting severaldifferent quality management systems. Wedecided to transition towards a single coreQSE system encompassing all of our Franceand Maghreb-based sites. This year, thesystem boundaries are set to be redrawn totake in our sites based in Spain, Germany andthe Benelux zone. The roadmap to successwas to define 25 key essentials scaffoldingthe core foundation frame for all our units.These key process essentials were definedbased on the core features shared by thequality-safety-environment benchmark systems.In late-2008, the AFNOR Certification gave usrecognition that this approach was on track at

AFNOR Certification - Tel. : + 33 (0)1 41 62 80 11

Geodis Logistics

ISO 9001ISO 14001OHSAS 18001

Certifications\ labels\

1

4questions

...

.14juin/june 2011


Comment et avec qui avez-vousconduit cette dmarche STC ?

RL : Nous avons fait le pari de lHommepour transformer notre fonctionnement et nos pratiques et les rendre compatiblesavec les exigences du dveloppementdurable. En effet, nous sommes convaincusque nous ne pourrons changer nos pratiquesquavec le concours actif de nos collabora-teurs, et au-del, des clients et de nos partiesprenantes. Notre dmarche est donc simplepour tre comprise, et concerne lensembledes collaborateurs quel que soit leur niveaude responsabilit.

Ladhsion espre sest-elleconcrtise ?

RL : Nous partons du principe que lon am-liore que ce que lon mesure. Notre initiativesest donc accompagne denqutes desatisfaction ralises par un organisme ind-pendant. Dabord auprs de nos clients : en 2008, 91% dentre eux se dclaraientsatisfaits, et 95 % en 2010. Nous avons ga-lement mesur limplication de nos collabo-rateurs en interrogeant 5 000 dentre eux salaris et intrimaires en 2009, et le tauxde satisfaction obtenu tait de 79 %. Nousallons relancer cette enqute cette anne.Enfin, sur le volet socital, des questionscibles sur la vision de nos clients relative notre dmarche dveloppement durable et sur celle de nos collaborateurs, pour laprservation de leur scurit et de leur santsur le lieu de travail, ont t inclues dans les deux enqutes. Les taux de satisfactiondpassent 90 %.

Comment entretenez-vous cessystmes pour que la mobilisationreste intacte ?

RL : Nous comptons sur la force de la mesure.Les rsultats des enqutes de satisfactionsont prsents tous les niveaux de lentre-prise. Ils servent de base pour le lancementdactions damlioration de fond sur les trois volets de la dmarche STC, mais aussipour rcompenser les meilleures perfor-mances. Chaque anne, nous remettonsdes trophes aux sites les plus mritants.

our ISO 9001, ISO 14001 and OHSAS 18001audits. We also launched into sustainabledevelopment via an approach integrating theQSE system as our core foundation. DubbedSTC: Total Client-Collaborator-ConsumerSatisfaction, this initiative is an enterprisemanagement system covering the three corestrands of sustainable development philosophy.It was deployed in three phases: STC Clientswas phased in over 2008, followed by STCCollaborators in 2009 and then STC Consumersin 2010.

How was the STC approach managed, and who led the process?

RL: We pinned our faith in People to transformour practices and how we operate into asystem that fits with sustainable developmentrequirements. Our rationale is based on thebelief that we could not hope to change ourpractices without conviction and commitment,first from our collaborators and then from our clients and stakeholders. The approach istherefore simple enough to be easily understoodand integrated by all of our collaborators,regardless of their level of functional responsibility.

Did you get the kind of buy-in you werehoping for?

RL: We set out with basic idea that you canonly improve what you can measure. Ourinitiative was ushered in by satisfaction surveysthat were led by an independent agency. Thefirst group surveyed was our clients. In 2008,91% stated they were satisfied, compared to 95% in 2010. We then gauged collaboratorengagement by interviewing 5,000 on-salaryand interim staff. The satisfaction rate in 2009was 79%, and we will be re-running the surveythis year to get the 2011 figures. Finally, thesocial responsibility strand was tackled in bothsurveys, through targeted questions designedto gauge the client experience of our sustainabledevelopment approach and the collaboratorexperience of our occupational health andsafety performance. Satisfaction rates passedthe 90% mark for both groups.

How do you drive these systems so that the degree of mobilization stays intact?

RL: We rely on the impetus that performancemeasurement brings. Every level of the companygets to see the satisfaction survey results. These results are used as the basis for launchingroots-level improvement action on all threecore STC strands, but they are also used toreward the best performers, and every year weaward trophies to the most deserving sites.

/ SUITE / FOLLOWING /


Geodis Logistics

3

4

Geodis Logistics sur la voie du dveloppement durableGeodis Logistics on track for sustainable development

2

Repre

Intervenant global de la chane logistique,Geodis Logistics emploie 7 600 collaborateurs sur170 sites en Europe et au Maghreb. Pour mener bien ses prestationsralises auprs desacteurs de lindustrie et de la distribution, la socit dispose dequelque 2 millions demtres carrs de surfacedentreposage. En 2010,Geodis Logistics a ralis1,01 milliard deuros dechiffre daffaires.

ID card

Geodis Logistics is a globalmultimodal logisticssolutions provider employing7,600 collaborators over170 sites across Europeand the Maghreb. GeodisLogistics can mobilize itstwo million square metresof warehousing space to meet the supply chainsolutions needs of industryand distribution hubpartners. In 2010, GeodisLogistics posted 1.01 billioneuros in turnover.

Rgis LESIEUXdirecteur QSE et dveloppementdurable /Corporate V-P for QSE ans SustainableDevelopment.

Nous ne pourronschanger nos pratiquesquavec le concours actifde nos collaborateurs.

We could not hope tochange our practiceswithout conviction andcommitment, first from ourcollaborators.


a meetingwith.../

rencontre/


Repre

Cr en 2003, par le Professeur Moisan,pionnier de lidentification dindividus partir de lADN, IGNA est le premierlaboratoire franais automatis et informatis ddi la gntiquehumaine. Bas Nantes, avec desantennes Marseille et Strasbourg,IGNA emploie 67 collaborateurs. En juillet 2008, il sest rapproch du groupe lyonnais Carso qui estdevenu son actionnaire majoritaire.Spcialiste des analyses dans les domaines de lenvironnement,lagroalimentaire et la gntique,Carso emploie plus de 1 300 personneset a ralis en 2009 un chiffredaffaires de 102 millions deuros.

ID card

Founded in 2003 by Professor Moisan,who pioneered DNA-based ID, theIGNA was the first French laboratorydedicated to computerized automated-throughput human genetics analysis.The IGNA is headquartered in Nantes,and has branches in Marseille andStrasbourg, employing a total of 67 staff. In July 2008, the IGNA mergedwith Lyon-based Carso, whichbecame majority shareholder. CARSOoffers a comprehensive panel of tests for specialized environmentalscience, food industry and geneticsapplications. Carso counts over 1,300 staff, and posted a 2009 turnoverof 102M.

Institut Gntique Nantes AtlantiqueISO 9001


Le laboratoire pluridisciplinaire dexpertises mdico-lgales sest construit depuis 2003 partir dunedmarche ISO 9001. Un engagement volontaire etstructurant pour une organisation positionne surlidentification dindividus partir de lADN, commentpar Laurent Fruchard, responsable qualit.

Vous avez dcid dengager une dmarche qualitavant mme de dbuter vos activits. Pourquoi ? Laurent Fruchard (LF) : Notre vocation consiste concourir la manifestation de la vrit dans le cadre denqutesjudiciaires. Pour remplir cette mission, nous proposons uneapproche pluridisciplinaire dun scell ou dune scnedinfraction. Nos diffrents ples dexpertises nous per-mettent de raliser des analyses de lADN, notre cur demtier, mais aussi des analyses dempreintes digitales,et des morphoanalyses de traces de sang. ces lmentspeuvent encore sajouter des analyses des supports infor-matiques et lectroniques. Nous voluons dans un domaineo les audits clients nexistent pas. Nos clients que sontles Ministres de la Justice et de lIntrieur ne nous imposentpas non plus de certification. Cela tant, pour travaillerchez nous, les experts biologistes doivent obtenir unagrment. Sans tre exige, la prsence dun systme demanagement de la qualit au sein du laboratoire danslequel ils voluent est un lment qui est pris en compte.De mme, lorsque nous rpondons des marchs publics,la certification qualit est un plus . Ds lors, quand nousavons cr le laboratoire, nous avons souhait structurerson organisation par processus et nous engager dans unedmarche de certification ISO 9001.

Quels ont t selon vous les principaux apports de lISO 9001 ?LF : En dfinissant des processus, nous avons ainsi direc-tement pu clarifier les tches et les responsabilits dechacun. De fait, la certification offre une garantie nosclients en termes de qualit de service et de traabilit.

Ladhsion des salaris a t-elle t immdiate ?LF : Cela a demand du temps et des investissements, car lorsque nous avons lanc la certification, moins de lamoiti des salaris connaissaient la qualit. Aujourdhui,le systme de management fait totalement partie despratiques et de la culture de lentreprise. Nous avons unevingtaine dauditeurs interne et autant de pilotes deprocessus totalement investis dans leur mission. Chaquesalari se sent concern.

Quels sont les outils majeurs sur lesquels vous vous appuyez ?LF : Depuis 4 ans, nous avons mis en place des enqutesclients qui portent soit sur un sujet prcis, soit sur notreactivit dans son ensemble. Nous sommes trs attentifsaux attentes clients que nous traitons comme des rcla-mations partir dune grille danalyse qui permet demettre en place une boucle damlioration continue. Eninterne, nous ralisons aussi des enqutes sous forme de quizz qualit .

LIGNA en qute de qualit

The IGNAs quest for qualityThe IGNA multidisciplinary laboratories for forensicexpertise was established in 2003 with ISO 9001 as base template. ISO certification was a consciouscommitment providing a backbone for an organizationpositioned in the DNA ID fingerprinting market.Laurent Fruchard, quality manager.

You decided to engage a quality managementapproach before you had even started business. Why? Laurent Fruchard (LF): Our stated mission is into helpthe establish truth for legal investigations. We tackle thismission by proposing a multidisciplinary approach toanalyzing crime scene samples or testing attendance at a crime scene. Our different centres of expertise enable us to run DNA analysis, which is our core activity, but alsoto lead digital fingerprinting analysis and bloodstainpattern analysis, as well as analyses of computer andelectronic media. In our sector of activity, there are nocustomer audits. Our customers, the French Ministry ofJustice and Ministry of the Interior, do not stipulate certification either. That said, any expert biologist workingfor us needs official approval. A working quality managementsystem at their base laboratory is a factor that, althoughnot compulsory, is nevertheless taken into account.Similarly, when we submit tenders for public-sectorcontracts, quality certification is a plus. Consequently,when we first created this laboratory, our design from the outset was to build a process-driven organizationalstructure and to engage in an ISO 9001 certificationapproach.

In your opinion, what are the main assets brought by ISO 9001?LF: Actively defining our processes enabled us to clearlyand directly identify each persons roles and responsibilities.Certification thus embodies the assurance that we candeliver customers guaranteed traceability and servicedelivery quality.

Did the staff immediately buy in to the system?LF: It took time, and investment when we started out,less than half the personnel were trained up on quality.Today, though, the management system is a fully integralfeature of the companys culture and operating practices.We have just under two dozen internal auditors and asmany process pilots, and all have taken complete ownershipof their mission. Every member of staff feels they have arole to play.

What are your most important quality management tools?LF: Over the last four years, we have introduced customersurveys that either tackle a specific issue or cover ouractivity as a whole. One of our central concerns is the needsvoiced by our customers, and we handle these needs asissued claims based on an analysis matrix. This systemenables us to implement a continuous improvement cycle.We also run in-house surveys designed around a qualityquiz format.

Laurent Fruchardresponsable qualit / Quality manager.


.14juin/june 2011


>>>>>>>>>>> Le groupe de luxe a choisi de dployer une dmarche ISO 14001par tapes dans son atelier de maroquinerie de Ducey, en Normandie. Une faon deconcilier les traditions de cration et dexcellence de latelier avec les exigencesenvironnementales les plus pointues.

Louis Vuitton, naturellement exemplaire pour la protection de lenvironnement

Lenvironnement a t pris en compteds la conception architecturale de latelier. Pourquoi ce parti pris ?

Dabord parce que ce site est implant en campagne prs du Mont Saint-Michel et quil est bord de prairies. Nous sommesau sein dun environnement privilgi et il nous a sembl vident de tout mettre en uvre pour le prserver. Nos btimentsont donc une architecture qui sintgre ce milieu naturel dexception, les parkingssont semi enterrs pour quils se voient le moins possible, et lintrieur le cadre de travail est privilgi, notamment grce de grandes baies vitres avec vue sur leMont Saint-Michel. Par ailleurs, sans parlerde certification, nous avons conu lesbtiments pour quils soient peu impactantsur lenvironnement. Au-del des spcificitsdu site, lancrage environnemental est aussila marque de fabrique de la maison LouisVuitton et du groupe LVMH.

quand remonte le lancement de la certification ISO 14001 ?

Nous avons lanc la dmarche il y a trois ans,dans le sillage dautres sites de Louis Vuitton,comme le centre logistique et le sige. Lesite a opt pour une certification par tapescar nous avons estim quelle permettrait de travailler plus en profondeur et de rendrenos actions plus prennes. Pour la mener bien, nous sommes accompagns par la

Louis Vuitton, naturally a shining example for environmentalprotectionThe luxury goods giant has opted to deploy a stepwise ISO 14001 approach in its Ducey-based leathercrafts centre in Normandy. The move will tie the fashion workshops traditional culture ofcreation and excellence with the toughestenvironmental requirements on the market.

Environmental concerns were integratedwell upstream, at the leathercraft workshopconcept stage. Why opt for this policy?

First and foremost, because the site is set innatural countryside close to the Mont Saint-Michel, and is surrounded by grassland. Wewere investing a fantastic natural landscape,so it felt natural to do everything we could tokeep it that way. Our buildings were designedto integrate seamlessly into this exceptionalnatural landscape, the car parks are half-buriedto keep them hidden in the hillside, while insidewe sought to create most liveable workingenvironment possible through measures suchas placing panoramic windows offering a view out to the Mont Saint-Michel. Indeed,certification aside, our buildings had alreadybeen designed to create minimal impact onthe outside environment. Over and above the specific features of this particular site,environmental consciousness is also atrademark of the Louis Vuitton fashion houseand the LVMH conglomerate as a whole.

Louis Vuitton

ISO 14001 par tapes 2/3ISO 14001 stepwise - 2/3



a meetingwith.../

rencontre/


cellule environnementale de Louis Vuitton et de LVMH. Chaque mois, lensemble des correspondants en charge de lenviron-nement dans la socit se runissent pourbenchmarker les meilleures pratiques.

Quels ont t vos principaux axes de travail ?

Le premier tait la conformit avec la rglementation. Nous avons donc construitun systme de veille rglementaire partagavec le sige et les autres ateliers de maro-quinerie. Ensuite, le site de Ducey a souhaitprofiter de cette dmarche pour mettrelaccent sur la diminution des impacts delactivit sur lenvironnement. Nous travaillonssur la baisse des consommations de gaz,dlectricit, deau et la gestion desdchets. Nous avons galement dploy un plan dactions et de gestion des risques,surtout dincendie, pour prvenir toutepollution ventuelle, mme si nous utilisonsdes colles sans solvant. Enfin, la dmarcheest surtout un moyen de sensibiliser nosquipes et nos partenaires aux enjeux envi-ronnementaux. Elle a un rle ducatif quidpasse le cadre de travail. Nous diffusonsdonc beaucoup dinformations et nousmettons en place des actions dans plusieursdomaines. Par exemple, nous encourageonsle covoiturage. partir dune carte qui estaffiche lentre de latelier, nous mettonsen relation les demandeurs et les offreurs. ce jour, 60 % de nos collaborateurs utilisentce mode de transport !

Quels sont les efforts restant accomplirpour dcrocher la certification ?

Nous venons datteindre le deuxime niveaude la dmarche par tapes, et nous visonsle dernier dbut 2012. Dici l, le site devraparfaire son systme de management sur le suivi des indicateurs en se dotant doutilsdaudit interne.

Repre

Install Ducey dans la Manche,latelier Louis Vuitton emploie autourde 550 personnes, spcialises dansla fabrication de sacs de ville et debagages essentiellement en toile.Outre ce site, Louis Vuitton ralise sa production dans 10 autres ateliersen France.

ID card

The Louis Vuitton leathercraftsworkshop based in Ducey (La Manchedpartement) employs 550 peoplespecializing in bags, totes, and travelluggage mainly in canvas. Ducey ofone of 11 Louis Vuitton productionworkshops across France.

When did you launch into the ISO 14001 certification initiative?

The initiative was launched three years ago,following in the wake of other Louis Vuittonsites such as our logistics warehousing huband the brand headquarters. The Ducey siteopted for stepwise certification as we felt this solution offered a better framework for thorough in-depth analysis and a betterplatform for longer-term sustainable action.LVMH and the Louis Vuitton environmentalmanagement taskforce were drafted in to helpcoach us through the process. Every month,all staff in environmental protection roles meettogether to benchmark our best practices.

What were the main thrusts?

Our first focus was regulatory compliance. We therefore set up a regulatory intelligencesystem that would be co-deployed across HQand the leathercraft workshops. Then, the Ducey site voiced the desire to use theapproach to get mobilized on minimizing theenvironmental impacts of our business. Weare working on cutting down gas, electricityand water use, and on waste managementand recycling. We have also deployed riskmanagement and contingency planning,especially for fire, to preclude any potential for pollution, even though we already usesolvent-free glues. Finally, the approach isessentially a way to raise consciousness onenvironmental issues, both in-house and withour suppliers. It has an educational role thatgoes beyond the framework of work andbusiness. We are constantly on an informationdrive, and action initiatives are led in severalareas. For example, we actively promote car-pooling. There is a local map in the workshopentrance lobby that we use to connect driverswith potential car-sharers. To date, around60% of staff already uses our car-sharingsystem!

Where does work still need to be donebefore certification can be secured?

We have just reached the second stage of the stepwise approach, and we expect to get to the final stage in early 2012. In themeantime, we will need to bring in internalauditing solutions to further improve how ourmanagement system tracks our performanceindicators.

Pour respecter les exigences de confidentialit du groupeLVMH, les articles ne doiventpas mentionner le nom descollaborateurs interrogs. Nous remercions toutefois le groupe davoir acceptdapporter son tmoignagedans notre revue.

Due to confidentialityrequirements in force at LVMH, the names ofinterviewees have to be kept anonymous. However, we can still thank LVMH for letting us publish theiraccount of the certificationexperience.

.14juin/june 2011


clients in brief/

clients en bref/


protection. SPIE Communica-tions Customer Support andConsultancy Centre based inSaint-Jacques-de-la-Lande lle-et-Vilaine) secured dual ISO 14001/OHSAS 18001certification on 4 March 2011.With ISO 9001 certificationalready in the bag, the unitbecame the first SPIE group siteto complete the Quality SafetyEnvironment sweep. A triple-certification approach that theAFNOR groups Brittany regiondelegate Claude Girard qualifiedas mobilizational. The companyhad a very robust quality mana-gement platform that it aimed toconsolidate, but without losingsight of the environmental andoccupational health and safetystrands. The QSE approach hashelped enculturate preventivesafety across the 350 staff. The initiative could spark copycatmoves across the entire SPIEgroup, which is virtually 100%ISO 9001-certified and widelyISO 14001-certified.

Cap sur le QSE pour SPIE Communication

Label QualiPariscest parti !Mettre laccueil et la qualitau cur des services auxparisiens : tel est lobjectif dela Ville de Paris avec le labelQualiParis. Ce rfrentiel priv,labor en interne avec deuxconsultants puis finalis etoutill par AFNOR Certification,rpond la spcificit de lacapitale, la fois Ville et Dpar-tement. Compos de plusieursrfrentiels sectoriels, il permetdharmoniser la qualit delaccueil quel que soit larron-dissement ou la structure.Mairies, piscines, cimetires,parcs & jardins, bibliothques,centres daction sociale 2 500 structures seront termeconcernes. Les premires,pilotes, viennent dtre labelli-ses par AFNOR Certification,qui poursuivra cette premirevague jusque fin 2011.

The QualiParis Labelis up and running!The City of Paris has targetedhospitality and quality as corepolicy through the QualiParislabel: a private-group benchmarkstandard developed internallywith two consultants and thenfinalized and kitted out by AFNORCertification, and geared specifi-cally to the needs of the Frenchcapital in its status as both City and administrative region.QualiParis is a composite ofseveral sector-specific standardsbrought together to harmonizehospitality services quality acrossevery district arrondissement and city services agency.City halls,swimming pools, cemeteries,parks and gardens, municipallibraries, community supportcentres a list of around 2,500local government-run facilitieswill ultimately be covered. Thefirst few pilot sites have just beenlabelled by AFNOR Certification,which will continue auditing thisfirst wave of labels until end-2011.

SPIE Communication,SSII et intgrateur tlcomsspcialis dans linfogrance,ouvre son systme de manage-ment de la qualit la scuritet lenvironnement. Le 4 mars2011, son centre dexpertise et dassistance clients de Saint-Jacques-de-la-Lande (35) adcroch une double certifica-tion ISO14001/OHSAS 18001.Ces deux rfrentiels compl-tent la certification ISO 9001et permettent au site de se hisser au rang des entits certifies QSE du groupeSPIE. Une dmarche mobilisatrice selon ClaudeGirard, dlgu rgional dugroupe AFNOR en Bretagne. Lentreprise bnficie dunsocle qualit trs robuste et

souhaitait le renforcer sans pourautant oublier lenvironnementet la sant-scurit au travail.La dmarche QSE a notammentpermis damliorer la culturede prvention auprs des 350collaborateurs . Linitiativepourrait faire des mules dansle reste du groupe SPIE, djcertifi ISO 9001 en quasi-totalit et ISO 14001 pour denombreux sites.

SPIE Communication on course for QSE SPIE Communication an ITconsultancy and telecom systemsintegrator specializing in facilitiesmanagement is extending itsquality management system totake in safety and environmental

ISO 9001 and ISO 14001certification from top to bottomacross its entire business activity,which spans solar tracker systemsdesign through to engineering,building and maintenance ofground-mounted solar parks.Exosun runs a rigorous supplierfollow-up policy, end-to-endproject control checks, andstrong team training programmesto ensure full control over productand process quality and guaran-tee stringent compliance withcustomer specifications. Exosunevaluates its environmentalfootprint by running carbonaudit and environmental impactanalysis on all its projects. AllExosun products are developedand built based on cradle-to-grave life cycle assessment.

Exosun reoit la double certification ISO 9001 et ISO 14001 Exosun est la premire entre-prise solaire franaise certifieISO 9001et ISO 14001 pourlensemble de ses activits quistendent de la conception de systmes de suivi solaire lingnierie, la construction et la maintenance de centralessolaires au sol. Par un accom-pagnement rigoureux de ses fournisseurs, des contrlesrguliers tout au long deschantiers et la formation de

ses quipes, Exosun matrise la qualit de ses produits etprocess et garantit ainsi le strictrespect de ses cahiers descharges. Afin dvaluer sonempreinte sur le climat, lentre-prise ralise un bilan carboneet une analyse environnemen-tale chacun de ses projets.Elle dveloppe ses produits entudiant leurs impacts depuisleur conception jusqu leurdmantlement.

Exosun awarded dual ISO 9001ISO 14001certification Exosun is the first French solar energy company to secure


clients in brief/

clients en bref/


are certified to ISO 9001covering sales, repairs,breakdown assistance andrentals activities. In December2010, the SME underwent anAFAQ 26000 assessment an audit that evaluates how far each of the three pillars ofcorporate social responsibility(economic, ecological, andsocial) is integrated, and at every level of the company.Bodemers score of 304 points,which ranks as progression, is a clear illustration of the companys outstandingmobilization: leveraging humanresources management to achieve economic balance.

Retour sur lvaluation AFAQ 26000 de BodemerChez Bodemer SA,distributeur automobiles des marques Renault / Daciaet Nissan, la qualit est unevaleur trs fortement ancredans la stratgie et la culturede lentreprise. Depuis 1998,les 20 entreprises du groupe,implantes en Bretagne et en Normandie, sont certifiesISO 9001 pour les activits devente, rparation, dpannage,location. En dcembre 2010, la PME a t value AFAQ 26000 ; cette valuationimplique lintgration de chacundes enjeux de la responsabilitsocitale (sociaux, environne-mentaux et conomiques), tous les niveaux de lentreprise.La note de 304 points atteinte

par Bodemer, correspondant un niveau progression illustre bien la mobilisationexemplaire de lentreprise :recherche de lquilibre conomique associ au dve-loppement de laxe mana-gement des ressourceshumaines.

A look back at the AFAQ 26000 assessmenton BodemerAt Renault/Dacia and Nissanbrand dealer Bodemer SA,quality is deeply woven into the fabric of the companysculture and strategy. Since 1998,all 20 of the groups Brittany and Normandy-based affiliates

Cofelys services solution spansheating, water purification air purification, and cleaning.Measures taken under the EN 16001 certification (soon to be ISO 50001 certification, read p. 20) programme enabledCofely to identify a series ofactions for improving energyefficiency at the swimmingfacilities. Work at one of thepools will not only cut energybills but also lead to annualizedenvironmental savings estimatedat 240 tons of CO2 and 28,000 m3of municipal water.

Cofely certifi EN 16001 pour la gestion des piscines de BordeauxCofely, filiale de GDF SUEZ,reoit sa premire certificationEN 16001 pour la gestion des services nergtiques desquatre piscines de la Ville de Bordeaux. Les prestationsconcernent le chauffage, le traitement de leau, le traite-ment de lair et le nettoyage.Grce aux dispositions prisesdans le cadre de la certificationEN16001 (future ISO 50001,lire page 20), Cofely a identifi de nombreuses actionspermettant damliorer leffi-cacit nergtique des piscines.Pour lune dentre elles, lestravaux raliss permettront

non seulement une rductionde la facture nergtique, mais aussi des gains environ-nementaux annuels estims 240 tonnes de CO2 et 28 000 m3 deau de ville.

Cofely gains EN 16001 certificationon Bordeaux swimmingfacilities managementGDF SUEZ affiliate Cofelyhas secured its first EN 16001certification for its energyefficiency services managementsystem deployed for the fourBordeaux city municipal pools.

Premier diagnostic defficacit nerg-tique en AlgrieDans le cadre de son parte-nariat avec Altran, le groupeAFNOR propose des offres de services dans le domainede lnergie. Consquenceimmdiate des nouvelles lois et dcrets visant rduire la facture nergtique de sesinstallations conomiques, le march algrien offre desperspectives prometteusespour des prestations telles quele diagnostic defficacit ner-gtique. AFNOR Algrie sestpositionn en rpondant un appel doffre national lancpar lAPRUE (Agence nationalepour la promotion et la ratio-nalisation de lutilisation delnergie), couvrant 17 cimen-teries, 4 verreries et 4 raffine-ries, toutes nergivores et a t retenue pour raliser lediagnostic defficacit nerg-tique dune verrerie et deuxcimenteries.

First energy efficiencyaudit on Algerian soilAFNOR group proposes anenergy management servicesoffer through its partnership withAltran. New Algerian legislationand regulations designed to cutenergy bills at national economicfacilities mean that the Algeriamarket instantly opens uppromising perspectives forservices such as energy efficiencyaudits. AFNOR Algeria hasmoved into position by replyingto a call for tenders issued bythe APRUE [the Algerian nationalagency promoting rationalenergy use] and covering 17 cement plant, 4 glassworksand 4 refineries all of whichare intensive energy-users andout tender package won contractsto run energy efficiency auditson one glassworks and two ofthe cement plants.

.14juin/june 2011


www.marque-nf.com////////////// ///////////////

NF mark current events/

Lactualit de la marque NF/

Ces ciments de vieille tradition,explique Michel Delort, reprsentantde lATILH (Association techniquede lindustrie des liants hydrauliques)ont rcemment t remis au gotdu jour et sont maintenant couvertspar une norme europenneharmonise. Les volutionsconstantes apportes la marqueNF Liants hydrauliques renforcesa lgitimit. Le socle est djsolide : depuis plus de 50 ans,cette marque NF atteste un hautniveau de qualit pour les ciments. partir de 2001, la marque NF Liants hydrauliques a compltle marquage CE pour ceux qui le souhaitent. Elle apporte aux utilisateurs des garantiescomplmentaires au marquage CEsur la composition, les perfor-mances et le contrle des produitset demeure ce jour trsdemande. De plus, elle intgredes caractristiques nonnormalises telles que la propretdes citernes et le contrle audernier conditionnement. Unecentaine de cimenterie ont choisicette option, dont une dizainedepuis 2010.

NF Hydraulic Bonds: a Concrete LabelThe NF Hydraulic Bonds-label certification framework was revised last June, notably inorder to integrate super sulphatedcements. These traditional cements haverecently been brought back intofashion, and are now covered by a consistent European standard,explains Michel Delort, representativefor the Hydraulic Bonds IndustryAssociation. The constant evolutionimparted on the NF HydraulicBonds label increases itslegitimacy. The labels strengthderives from a strong base: for over50 years, this NF brand has attested a high level of quality forvarious types of cement. And since2001, the NF Hydraulic Bondslabel completes the CE marking, for those who wish so. It suppliesusers with added guaranties com-pared to the CE marking regardingcomposition, performances andproducts monitoring. Furthermore,the NF Hydraulic Bonds label integrates unstandardizedcharacteristics, such as tank-cleanliness or last packaginginspection. A hundred cementindustries have already chosen this option, ten of which since2010.

NF Liants hydrauliques : une marque en btonLe rfrentiel de certification de la marque NF Liants hydrauliquesa t rvis en juin 2011 notamment pour souvrir aux cimentssursulfats.

La Maison BBC-effinergiepar Cquami partir du 1er janvier 2013tous les logements neufsdevront rpondre larglementation thermiqueRT 2012 imposant uneconsommation de 50 kWh/m2

par an, niveau traitaujourdhui par le labelBBC-effinergie (btimentbasse consommation). Ds lors, un nombre croissantde constructeurs titulaires de la certification NF MaisonIndividuelle anticipent et font le choix de la qualitglobale associe la qualitenvironnementale etnergtique. Ils proposent leurs clients des maisonscertifies NF HQE etlabellises BBC-effinergie.Depuis le 1er janvier dernier,toutes les maisons NF HQEdoivent rpondre au niveau du label BBC-effinergie ou de la RT 2012 par anticipation.NF Maison Individuelle et NF Maison Individuelledmarche HQE, certificationsde produits et de servicesassocis, sont fondes sur trois niveaux dexigencesindissociables : la qualit delorganisation du profession-nel, des services et du suiviclient et la qualit techniquede la maison. nergies renou-velables, matriau brique,prdominances rgionalesconstituent quelques-unesdes caractristiques desmaisons certifies et labellisesBBC-effinergie .

The BBC-effinergiehouse, by CquamiStarting from 1st January 2013,all new housing will need to meet RT 2012 thermalperformance regulationsenergy consumption at 50 kWh/m2 per year, which is a level currently handledunder the BBC-effinergie(low-energy housing) label. A growing number of buildersthat hold NF Detached Housingcertification are looking to gain a head start and opting for an all-round quality system pairingenvironmental with energy usequality. They are offering clientsNF HQE-certified and BBC-effinergie-labelled houses. Since 1st January of this year, all NF HQE-labelled houses haveto meet either BBC-effinergielevel or be RT 2012-ready. NF Detached Housing and HQE-labelled NF Detached Housingare certifications for alliedproducts and services and arebased on three intertwined levels of quality requirement: The quality of the professionalsbusiness organization, the qualityof their services and customerfollow-up, and the technicalquality of the house itself.Renewable energy, brick materials,and regional heritage design arejust a few of the specific featuresthat characterize houses certifiedand labelled BBC-effinergie.

p.11action&performance14AFNOR Certification - Tel. : + 33 (0)1 41 62 80 11

.14juin/june 2011

specialreport/

dossier/

>>>>>LIRE ARTICLE PAGE SUIVANTE

>>>>>>>>>>> Protection des donnes personnelles,des changes commerciaux, descoordonnes bancaires plusieursaffaires retentissantes sont venuesrappeler la criticit de la scurit des systmes dinformation pourprserver lactivit et la confiancedes clients. La norme ISO 27001permet prcisment de rpondre ces exigences et de parer auxnouvelles menaces de lre virtuelle.

>>>>>>>>>>>Securing personal data,commercial exchanges, bankdetails several news storieslately served as a reminder of theimportance of information systemssecurity in order to preserve acompanys activity or its clientstrust. The ISO 27001 standardprecisely tackles these issues,warding off the numerous threatsof the virtual era.

Certification ISO 27001 : passer loffensive pourprotger ses informationsISO 27001 certification: Take the offensive to protect your information

EN COUVERTURE

.14juin/june 2011


En fin danne 2010, Wikileaks dvoilait des milliersde documents confidentiels.Mars 2011, 150 ordinateurs de Bercy ont subi une attaqueinformatique. Dernier vnementen date, le service de jeu vidoen ligne de Sony dfraie lachronique : les donnes scuri-ses de 77 millions de clientsont t drobes. Le prjudicese chiffre en milliards de dollars,sans compter limpact dimage.Linformation rime aujourdhuiavec pouvoir et enjeux finan-ciers considrables. Depuisvingt ans, les systmes dinfor-mation se sont multiplis, aupoint que la dpendance desentreprises et de ladministrationest majeure , estime PhilippeBourdal, chef de produit chez AFNOR Certification. Se prmunir suppose de ragircontre une multiplicit demenaces, du bug au piratageen passant par lusurpationdidentit numrique ou latraditionnelle vente dinforma-tions la concurrence. Lebesoin de scurit concerne

toutes les organisations. Maispour faire face, des outils existent.

Dlimiter les champs de la scurit La normalisation anglaise at la premire semparer dusujet, avec le standard BS-7799publi en 1995. LISO la ensuiterepris et rvis pour laborer la norme 27001 en 2005, quipropose un systme de mana-gement pour grer la scuritdes systmes dinformation(SSI) , retrace Jean-PierreQumard, directeur rseaux ettlcoms chez Cassidian (EADS)et prsident de la commission de normalisation. Il consiste charger des personnes de la scurit de linformation, traduire une politique de scuriten actions, puis mesurer saralisation, explique PhilippeBourdal. Il vise aussi agir surla scurit physique (accs auxlocaux, protection des postesde travail et des serveurs) et sur la scurit logique(conception des logiciels, utilisation dinternet). Lafamille des normes ISO 27000comprend une quinzaine de textes balayant vocabulaire,bonnes pratiques, gestion des risques ou exigencessectorielles. Un arsenal doutils,qui invite les organisations considrer leurs systmesdinformation au sens large.

ISO 27001 certification:Take the offensive toprotect your informationAt the end of 2010, Wikileaksdisclosed thousands ofconfidential documents. March2011, 150 computers from the French Ministry of Economyand Finances were hacked. Last but not least, Sonys onlinevideogame service makes theheadlines: the secure data of 77 million clients have beenstolen. The financial loss runs in billions, notwithstanding the image impact. Informationtoday rhymes with power andconsiderable financial issues. For over twenty years, informationsystems have been on theincrease, so much so that thecompanies and civil servicesdependency is now massive,considers Philippe Bourdal,head of product at AFNORCertification. To protect oneselfmeans reacting to numerousthreats, from bugs to hacking,numeric identity theft or moretraditionally, sale of strategicinformation to the competition.Every organisation needs securityand tools exist to provide it.

DossierSpecial report

Certification ISO 27001 : passer loffensive pourprotger ses informations

>>

La certification ISO 27001couvre la conception des

logiciels, lutilisationdinternet mais aussi la

scurit physique commelaccs aux locaux.

ISO 27001 certificationacts on physical security(access to the premises)

and logical security(software conception,

use of internet).


specialreport/

dossier/


de la SSI garantit la prserva-tion des informations strat-giques comme des derniresinnovations. LISO 27001permet en outre de mieux grerle risque de rupture dactiviten cas de sinistre catastrophenaturelle, virus informatique ,en poussant les entreprises prvoir un site de secours,relais du systme dfaillant ,note Philippe Bourdal.

La certification nest cependantpas gage de risque zro, meten garde Marcel Schipman,auditeur AFNOR. Les mesureslies une dmarche ISO 27001rendent le niveau de risqueacceptable et grable, mais nele suppriment pas. Instaurerune revue rgulire des pointscls de vigilance multiplienanmoins les chances desuccs : la revue des actifs et lanalyse des risques sontfondamentales. Pour treefficaces, elles doivent treexhaustives, hirarchises etrenouveles rgulirement. La mutation continuelle destechniques, de technologies et des rglementations imposeen effet une veille permanente.Lauditeur insiste enfin sur lasensibilisation des collabora-teurs la scurit. La fraudeest dorigine interne 70 %.Communiquer sur les mesuresde scurit et sur les succsdu systme de management dela SSI est terme dissuasif.

Defining securitys scopeBritish standardisation was thefirst to take on the subject withthe BS-7799 standard, publishedin 1995. ISO then picked it upand revised it to draw up the ISO 27001 standard in 2005,which proposes a managementsystem designed for informationsecurity, recounts Jean-PierreQumard, Research & TechnologyDirector at Cassidian (EADS) and head of the standardisationcommission.This standard aimsat putting somebody in chargeof information security, attranslating a security policy intoactions, and then at measuringtheir implementation, explainsPhilippe Bourdal. It also acts onphysical security (access to thepremises, workstation and serverprotection) and logical security(software conception, use ofinternet). The ISO 27000standard family comprisesfifteen documents addressingvocabulary, best practices, risk management and sectorialexpectations. This whole batteryof practical tools encouragesorganisations to consider theirinformation systems in the widestsense possible. Just think aboutthe mass of information one can learn just by glancing over a shoulder in a train! ISO 27001covers every information means,from the laptop to fire safetyincluding individual behaviours,insists Philippe Bourdal.

A guaranty for the clientIn this context, certificationstrengthens the trust between a company and its clients by

Pensez la quantit dedonnes obtenue en regardantau-dessus dune paule dansun train ! LISO 27001 couvretous les supports dinforma-tion, de lordinateur portable la scurit incendie enpassant par les comporte-ments individuels , soulignePhilippe Bourdal.

Une assurance pour le client Dans ce contexte, la certifica-tion permet de consolider laconfiance entre une entrepriseet ses clients en dmontrantles moyens mis en uvre auservice de la scurit des infor-mations. Atos Origin, groupeinternational dinfograncecertifi ISO 27001 depuisseptembre 2010 le confirme : nos clients nous confient lagestion de leurs infrastructuresinformatiques : nous nousdevons de leur offrir un niveaude scurit maximum , insistePaul Bayle, directeur de lascurit. ses yeux, le rfren-tiel a permis denrichir lesprocessus danalyse de risquespar le biais dune mthodologierigoureuse, damliorer lasensibilisation la scurit etde tenir le systme jour plusrgulirement . Mme tmoi-gnage chez Michel Quinton responsable de la triple certifi-cation ISO 9001/20000-1/27001dOrange Business Services : la certification ISO 27001 nouspermet de prouver la solidit de la SSI de nos centres situs ltranger, qui traitent lesdonnes stratgiques de nosclients .

viter les ruptures dactivitDans une optique dintelligenceconomique, la constructiondun systme de management

Une accrditationpreuve dengagementAFNOR Certification est depuis lemois de juin 2010 lun des deux seulsorganismes accrdit par le COFRAC*pour son activit de certification selonla norme ISO/IEC 27001. Cetteaccrditation volontariste assoitnotre lgitimit et notre comptencesur ce rfrentiel, et garantit nos clients transparence et confiden-tialit , estime Philippe Bourdal.Cette reconnaissance souligne gale-ment les moyens mis en uvre autourde la norme et de son audit de certi-fication : conseil stratgique, comitde surveillance et damlioration,qualification des auditeurs Djleader sur le march de la certificationISO 27001, AFNOR Certificationdmontre ainsi son engagementderrire ce rfrentiel et la volont de soutenir lessor de la scurit de linformation, considre commeun capital toujours plus stratgique.* AFNOR certification est accrdite par leCOFRAC sur la certification de systmes demanagement ISO 27001. La porte de cetteaccrditation n 4-0001 est disponible surwww.cofrac.fr

Proving commitmentthrough accreditationSince June 2010, AFNOR Certificationis one of the two organizations whosecertification activities according to the ISO 27001 standard have beenaccredited by the COFRAC* (FrenchAccreditation Association). Thisvoluntary accreditation establishesour legitimacy and our competencyon this framework. It guaranteestransparency and confidentiality to ourclients, considers Philippe Bourdal.This acknowledgement also underlinesthe means developed in order to supportthe standard and its certificationaudit: strategic consulting, supervisoryand improvement committee, auditorsqualification process Alreadyleader on the ISO 27001 certificationmarket, AFNOR Certificationdemonstrates its commitment for the development of this frameworkbut also its support of informationsecurity, an evermore-strategic asset.* Accreditation No. 4-0001. Scope available at www.cofrac.fr

La certification ISO 27001permet de mieux grer le

risque de rupture dactiviten cas de sinistre.

ISO 27001 certificationalso allows companies to

manage the operationalbreakdown risk in case of a

disaster.

>.14juin/june 2011



Certification ISO 27001 : passer loffensive pour protger ses informationsISO 27001 certification: Take the offensive to protect your information


la norme ISO 27001 pour faireface au renforcement de notreactivit, prcise Thierry Faivre,son directeur adjoint. tre leseul centre informatique delUrssaf certifi 9001/14001/27001nous permet denvisager plussereinement les volutions denotre secteur dans les 5 ou 10 ans venir. De plus, lajoutde la certification ISO 27001 notre systme de managemententrine notre haut niveau

La SSI se dmocratiseBien plus quune prcautiontechnique, le management dela scurit des systmes din-formation simpose aujourdhuicomme un outil de pilotagestratgique. Pour le Cirtil, lun des centres informatiquesqui hberge et exploite lessystmes dinformation delUrssaf, la certification ISO 27001sinscrit dans une visionglobale : nous avons intgr

de professionnalisme. Cette certification reprsenteun avantage comptitif croissant,ajoute Jean-Pierre Qumard.De plus en plus dappelsdoffres exigent de dmontrerson niveau de scurit et lISO 27001 pourrait progressi-vement devenir une conditiondentre sur certains marchs.En six ans, cette norme estdevenue une vraie rfrence .Selon le dernier ISO Survey,prs de 13 000 certificatsISO/CEI 27001 ont t dlivrsen 2009. Soit 40 % de plusque lanne prcdente. Parmieux, trois hpitaux tawanaiscertifis par AFNOR Certificationen octobre 2010, ont par cebiais dmontr leur engagementpour protger les dossiersmdicaux informatiss etrassurer leurs patients sur laconfidentialit de leurs donnespersonnelles. Et si la France ne compte aujourdhui quunevingtaine de certifis, il existedepuis 2010 un vrai frmisse-ment, observe Philippe Bourdal.Le management de la SSI sort du primtre des direc-teurs de la scurit et entredans le radar stratgique desdirigeants.

demonstrating the meansimplemented to ensureinformation security. Atos Origin,an international IT managementgroup, has been certificated ISO 27001 since September2010 and confirms: our clientstrust us with the management oftheir information technologyinfrastructures: it is our duty toprovide them with the highestlevel of security, states PaulBayle, head of Security. In hisopinion, the framework helpedenhance the risk analysisprocess through a meticulousmethodology, improve security

awareness and keep the systemup to date on a more regularbasis. The same goes forMichel Quinton in charge ofOrange Business Services tripleISO 9001/20000-1/27001certification: the ISO 27001certification enables us to provethe strength of the overseascentres that treat our clientsstrategic data.

Avoiding operationalbreakdownsFrom an economic intelligenceperspective, building aninformation security managementsystem guarantees the protectionof strategic information as wellas latest innovations. ISO 27001also allows companies to managethe operational breakdown riskin case of a disaster catastrophe,virus by prompting them toplan for a backup site, serving as a relay for the failing system,notes Philippe Bourdal.

However, certification doesntmean zero risk warns MarcelSchipman, an AFNOR auditor.Security precautions implementedin the scope of an ISO 27001approach make the risk levelacceptable and manageable, but they dont suppress it.Scheduling regular reviews of keyaspects nevertheless increasessuccess rates. The assets reviewand risk analysis are basics. Inorder to be efficient, they mustbe thorough, prioritized andperiodically renewed. Indeed,the unceasing mutation oftechnologies and regulationsrequire a constant watch. Theauditor also emphasizes theimportance of security awarenesscampaigns inside companies.70% of all fraud comes frominside. Informing staff aboutsecurity measures and about theinformation security managementsystems successes provesdissuasive.

Information security becomes accessibleFar more than a technicalprecaution, information security

tat des lieux de la certification ISO 27001 (tude ISO Survey - dcembre 2009)

ISO 27001 certification report (ISO Survey - 2009/12)

> Forte expansion dans le monde, surtout en Asie et en Europe / Strong growth in the world, especially Asia and Europe

> Prs de 13 000 certificats / Nearly 13,000 certificates> Forte reprsentation des activits de services /

Strong performance of service activities> Dveloppement en cours dans les secteurs industriels /

Ongoing development in industrial sectors

2 %Administration

publique/ Public

administration

3 %Fabrication dquipementlectrique et lectronique /Electrical & opticalequipment

66 %Activits informatiques

/ Information technology

2 %Recherche &

dveloppement,architecture et

ingnierie/ Engineering

services

2 %Imprimerie,

reproductiondenregistrements

/ Printingcompanies

3 %Activits financires,immobilires et de location /Financial intermediation, real estate, rental

14 %Autres services /Other services

4 %Transports etcommunications /Transport, storage &communication

4 %Construction /Construction


specialreport/

dossier/


management is becoming astrategic instrument. The Cirtil isone of the centres which hostsand operates information systemsfor the French administration incharge of collecting professionalsocial security contributions(Urssaf). For them, an ISO 27001certification contributes to aglobal vision: we integrated theISO 27001 standard in order tocope with the increase of ouractivities, explains Thierry Faivre,deputy director. Being the solecomputer centre of the Urssaf to have an ISO 9001/ISO 14001/ISO 27001 certification helps usconsider our sectors evolutionsin the ten years to come withmore equanimity. Furthermore,the adjunction of the ISO 27001standard to our managementsystem confirms our high level of professionalism.

Without a doubt, thiscertification represents agrowing competitive advantage,adds Jean-Pierre Qumard. An increasing number of tenderscontain demands regardingsecurity level. ISO 27001 couldvery well become progressivelya condition to penetrate certainmarkets. In a little over six years,this standard has become a reference. According to the last ISO Survey, around 13,000certificates were delivered in2009. A 40% increase comparedto the previous year. Amongstthem, AFNOR Certificationcertificated three Taiwan Hospitalsin October 2010, thus provingtheir commitment to protectcomputerized medical files andreassuring their patients on their personal informationsconfidentiality. And even thoughFrance only counts 20 certificatedcompanies, one can feel a realchange since 2010, observesPhilippe Bourdal. Informationsecurity management leaves the sole perimeter of securitymanagers to enter the strategicradar of company leaders.

Depuis 30 ans, les membres de la Commissionnationale de linformatique et des liberts (CNIL)scrutent les pratiques des entreprises, etaujourdhui les rseaux sociaux, les moteurs de recherche, etc. pour protger les libertsindividuelles. Matthieu Grall compte parmi cesexperts. Il est aussi vice-prsident du groupe decoordination de la scurit des systmes din-formation du groupe AFNOR et diteur de lanorme 27001. Il livre son point de vue.

Quelles formes peuvent prendre les atteintes la scurit des systmes dinformation (SSI) ? Matthieu Grall (MG) : Daprs les centres dalerte et de raction aux attaques informatiques (CERT), lesprincipales attaques concernent les infections virales,lenvoi de spams, la compromission de serveurs web,lajout de codes malveillants sur les pages de sites web,les tentatives de phishing (usurpation didentit)Du ct des entreprises, les incidents sont plutt deserreurs dutilisation, la perte de services essentiels,des pannes dorigine interne, le vol ou la disparitionde matriel. Pour les particuliers, lescroquerie lacarte bancaire, les virus et logiciels espions restentproccupants. Les internautes sont dailleurs de plusen plus sensibles la protection de la vie prive etleurs exigences de scurit se sont accrues.

Renforcer la scurit des systmes dinformationreste encore un objectif essentiel ?MG : Oui. Elle vise viter les consquences desmenaces sur les organisations, qui peuvent se traduirepar des pertes financires ou davantages concurren-tiels, ou des impacts ngatifs dimage. Mais aussi protger linformation, par nature volatile et reproduc-tible, pour laquelle les organisations ont des besoinsen termes de disponibilit, dintgrit et de confiden-tialit. Une dmarche de SSI permet de se prmunircontre diffrentes sources de risques manant descollaborateurs, visiteurs, prestataires, concurrents,pirates informatiques, virus, sinistres physiquesElle contribue enfin rduire les vulnrabilits dessupports de linformation. Dans le domaine de laprotection de la vie prive, la SSI est galement fonda-mentale. Ds quune donne caractre personnel estcre, tout responsable de traitement a entre ses mainsun instrument susceptible de nuire, ce qui peut allerdu dsagrment (refaire des dmarches administra-tives) au drame (suicide du fait dune rputationanantie). Chacun est donc concern. Ltendue desvulnrabilits impose de grer les risques, seul moyenne pas se disperser devant la multitude des enjeux.

O en sont les entreprises franaises en matire de SSI ?MG : Elles possdent souvent un socle de fondamen-taux ou ont formalis une politique de SSI. Mais cettepolitique est souvent mise en uvre de manireinsuffisante. Une nouvelle tape doit tre franchie :lcriture des rgles ne suffit plus, il faut les appliqueret prouver sa dmarche. En cela, la certification ISO 27001 se rvle un outil prcieux.

Security, Everyone is AffectedFor the last 30 years, members of the FrenchInformation and Liberty Commission (CNIL) havebeen scrutinizing company practices, socialnetworks, search engines, etc. in order to protectindividual liberties. Matthieu Grall is one of theseexperts. He is also vice-president of the AFNORGroup information security systems coordinationgroup and publisher of the ISO 27001 standard.He shares his thoughts.

How do breaches of information security systems manifest themselves?Matthieu Grall (MG): According to the ComputerEmergency Response Teams (CERT), the main attacksnowadays consist of viral infections, spamming,compromising servers, adding malevolent codes onweb sites, phishing attempts On the business side,incidents are often related to misuse, loss of essentialservices, theft or equipment disappearance. As forprivate individuals, credit card fraud, virus andspywares remain worrying. For that matter, Internetusers are increasingly sensitive to private lifeprotection issues and their expectations in terms ofsecurity have risen.

Strengthening information systems security thus remains a primary goal?MG: Yes it does. It aims at avoiding the consequencesof various threats on businesses. Those can manifestthemselves through financial or competitive advantageloss, or through negative image impact. Securityprotects the information, volatile and repeatable bynature, and for which organisations need availability,integrity and confidentiality. An information securitymanagement approach aims to protect oneselfagainst various sources of risk, coming fromemployees, visitors, providers, competitors, hackers,virus, and catastrophes It contributes to reduce the vulnerabilities of the information supports. In thearea of private life protection, information security isalso of the essence. As soon as a personal data isgenerated, anyone processing it detains a potentiallyharmful tool, rating from inconvenience (if one has toredo administrative formalities) to tragedy (committingsuicide following the destruction of ones reputation).Each and everyone can be affected. The scope ofvulnerabilities calls for risk management, which is theonly way to avoid dispersion faced with the mass ofissues to address.

Where do French companies stand in terms of information security?MG: Most of them have the basics under control andeven have a written information security policy. However,this policy is very often insufficiently implemented.They need to take a new step: writing rules is no longerenough; businesses must apply them and demonstratetheir approach. In this aspect, the ISO 27001 proves tobe a precious ally.

La scurit, tous concerns

>Parolesdexpert

CNIL

.14juin/june 2011



Chaque jour, Ple Emploi traite des milliers de donnesconfidentielles. Pour garantir leur fiabilit, la Directiongnrale adjointe des systmes dinformation (DGASI)vient dobtenir la certification ISO 27001. Retour dexprience avec Lionel Duplaix, responsable qualit et matrise des activits.

quels enjeux la DGASI de Ple Emploi doit-elle rpondre ?Lionel Duplaix (LD) : Notre politique de scurit des systmesdinformation vise six objectifs. Assurer la continuit desservices ; garantir la protection du matriel informatique etcelle du patrimoine immatriel (applications, donnes de PleEmploi). Mais aussi conserver la confiance des usagers,notamment en dfendant la confidentialit des informationsque nous traitons. Le cinquime enjeu consiste dvelopperdes canaux de communication protgs des intrusions et despollutions. Enfin, nous nous devons de respecter les rglemen-tations en vigueur et de suivre leurs volutions.

Quest-ce qui a motiv une certification ISO 27001 ?LD : La DGASI est certifie ISO 9001 depuis 2005, et la dmarchea t gnralise lensemble des services Ple Emploi landernier. Pour aller plus loin, la DGASI a dcid dajouter desnormes cibles sur les curs de mtiers de linformatique, ce qui a conduit une certification combine ISO 27001/ISO 20000-1. Ceci dans lobjectif de construire un systme demanagement aussi intgr que possible. Nous voulions aussifaire reconnatre par un organisme indpendant le savoir-faireet le professionnalisme de nos quipes.

Comment voyez-vous les retombes de cette dmarche ?LD : La prparation de la certification a permis de complter lessystmes en place et de confronter formellement nos processusaux exigences de la norme. Par exemple, avant la certification,nous navions pas de dclaration dapplicabilit formalise(liste de lensemble des contrles de scurit, NDLR). Elle adepuis t instaure. La dmarche recle deux bnficesmajeurs. Dans un premier temps, laudit fournit une mesureclaire et impartiale du niveau de scurit atteint et souligne les points damlioration envisager. Ensuite, au quotidien, lascurit du systme dinformation se voit intgre dans la miseen uvre des processus mtiers. La DGASI a ainsi instaur unemthodologie pour incorporer la scurit dans la conduite deprojets. Elle oblige ainsi tout chef de projet se poser la bonnequestion chaque tape et y rpondre de manire formalise.Nous avons donc aujourdhui un historique de la prise encompte de la scurit sur nimporte quel projet conduit par nosservices.

Ple emploi Strengthens its InformationSecurity Management System

Clients expectations regarding data security andconfidentiality keep rising. Ple emploi (the Frenchequivalent of the Job Center) is no exception to the rule.Given this context, the deputy branch for informationsystem (DGASI) led a successful ISO 27001 approach.Lionel Duplaix, head of quality and activity control shareshis field experience.

Which strategic issues is Ple emplois DGASI confronted with?Lionel Duplaix (LD): First and foremost we need to address anissue, which is directly linked with our core service. Ple emploiuses computers daily to ensure its missions (registration,compensation, job offers, statistics). Therefore informationsystems have to be up to scratch in order to guarantee thecontinuity of the services delivered to our users. Besides, theever-growing development of communication channels such asthe Internet and telephony requires their protection, consideringthe risks these technologies are exposed to. Furthermore, wehave to observe the legal obligations relating to informationsystems (CNIL, HADOPI, property rights). But ultimately, themajor issue is to preserve the trust our clients have in Pleemploi.

What drove you to move towards an ISO 27001 certification?LD: This initiative constitutes an extension of previous actions.For several years now we have built an information systemssecurity approach, based on a risk analysis and driven bygeneral management. In addition, DGASI was certified accordingto ISO 9001, and at the time our management system alreadyincluded some of the ISO 20000-1 and ISO 27001 expectations.Consequently, we decided to launch a combined ISO 20000-1/ISO 27001 certification. Finally, the governmental expectationstowards civil services and administrations, such as conformitywith the French General Security Framework which alignswith the ISO 27001 approach , consolidated our decision.

What are the benefits of the approach?LD: This process constitutes a true stepping-stone forinformation security. It consolidates the whole DGASI staffsawareness on information system security issues. Moreover the certification audit provided us with a clear and unbiasedassessment of our security management level, based on basicnotions and solid practices. Last but not least, obtaining an ISO 27001 certification also acknowledges our teams know-how and professionalism.

1

3

2

Certification ISO 27001 : passer loffensive pour protger ses informationsISO 27001 certification: Take the offensive to protect your information

Ple Emploi assure sa scuritDfendre la confidentialit des

informations, un enjeu pour Ple Emploi. Information systems have to be up

to scratch.

in practice/en pratique/


AFNOR Certification brings ISO 9001within reach of small businessWorking from the principle that smallbusinesses often struggle to take the plungeand launch into a certification process,AFNOR Certification has developed acustom-tailored methodology. We bring you the evidence, in 5 key points!AFNOR Certification is streamlining the ISO 9001 certification process for businessesthat count less than 20 staff. AFNOR Certificationauditor Franois Duperriez explains that our goal is to make certification more accessiblefor small businesses without losing the stringentperformance requirements that make our certi-ficate equally valuable to all other businesses.So there is no change in core requirements,which are the same as in the ISO 9001 masterguidelines, but the audit process itself has beenre-tailored to the target audience.

Developed for businesses with fewer thantwenty employees and which are not majority-owned by a big business group, ISO 9001 forsmall businesses certification blends simplicityand responsiveness. This new approach iskeynoted into 5 key points:


Certification ISO 9001ISO 9001 certification

AFNOR Certification a entrepris de simplifierles dmarches de certification ISO 9001 pourles entreprises de moins de 20 personnes. Notre objectif est de leur faciliter laccs la certification, tout en conservant la mmerigueur, car le certificat doit conserver la mmevaleur pour toutes les entreprises , expliqueFranois Duperriez, auditeur chez AFNORCertification. Si les exigences demeurentcelles du rfrentiel ISO 9001, la faon mmede raliser laudit sadapte la cible.

Mise au point pour les entreprises de moinsde vingt salaris dont le capital nest pasdtenu par un groupe, la certification ISO 9001 TPE combine donc simplicit et ractivit.Cinq points cl rsument la nouvelle approche :

Point n1 : Aller lessentiel, et privilgier le fond sur la formeLauditeur sattache essentiellement vrifierque les processus mis en uvre permettent de bien matriser les risques et datteindre les objectifs du rfrentiel. Lors des audits, nous recherchons la conformit sur le fond. En revanche, nous sommes plus ouverts sur la forme, notamment sur le dploiementde solutions simples ou innovantes permettantdatteindre les objectifs qualit. Par exemple,en conception, regroupement des revues,

>>>>>>> Partant du principe que la certification peuttre une dcision difficile prendre et mettre en uvreau sein dune petite entreprise, AFNOR Certification advelopp une mthodologie adapte. Preuve lappui encinq points cls !

AFNOR Certification met lISO 9001 la porte des TPE

1

.14juin/june 2011


AFNOR Certification met lISO 9001 la porte des TPEAFNOR Certification brings ISO 9001 within reach of small business


vrifications et validations sont sous la res-ponsabilit du dirigeant ou du responsabletechnique , commente Franois Duperriez.

Point n2 : Privilgier la ractivitPour sadapter aux attentes des TPE etdiminuer les cots, le processus daudit estplus court que dans le cadre dun auditclassique. La principale caractristique desTPE est la ractivit, donc nous avons nousaussi adapt nos mthodes, souligne FranoisDuperriez. Les audits se droulent sans visitespralables. Par ailleurs, en fin de visite daudit,lauditeur prsente les ventuelles non confor-mits et il rdige son rapport dans la foule.Une runion clture la visite daudit. Ellepermet lauditeur de remettre son rapport et au chef dentreprise de lui prsenter lesactions quil entend mettre en place pour leverles ventuelles non conformits .

Point n3 : Partager une culture et un langage communsAu-del de la mthode, il sagit surtout dedvelopper un tat desprit et des modalitsdinterventions capables de rpondre auxattentes des dirigeants de TPE.

Point n4 : Des outils spcifiques mis dispositionAFNOR Certification a mis au point des outilsddis aux TPE, notamment des fiches dintervention pour les guider dans leur action.AFNOR Certification a spcifiquement form235 auditeurs ces outils.

Point n5 : Combattre les ides reuesDans les petites entreprises, la qualit sappuiesouvent sur moins de papier et sur dessystmes trs ractifs, mais cela nempchepas une grande rigueur. Les TPE sont desorganisations o saffirme une grande coh-rence entre les systmes qualit et la prise encompte des enjeux conomiques, sociaux et environnementaux.

Contrairement ce que beaucoup pensent,la certification apporte une vritable valeurajoute ces entreprises qui sappuient surleur systme qualit pour progresser. Et leurractivit leur permet daller trs vite pourmettre en uvre lamlioration continue. Cestpourquoi nous nous devons dtre innovantspour les accompagner efficacement dans leurdmarche qualit , conclut Franois Duperriez.

Point 1: Focus on the basics, and go for content over formThe auditors job is essentially to check that the processes deployed can effectively bring the risks under control and meet the objectivesof the master guidelines. Franois Duperriezprovides this insight: when we audit, we arelooking for conformity of the core content.However, that does leave us more flexible on the form front, especially for deploying simple orinnovative solutions to meet quality managementobjectives. For example, at the design stage,compiling the system reviews and runningverifications and validations are all duties taskedto the head executive or technical manager.

Point 2: Opt for responsivenessIn a move reduce costs and adapt to the needsand expectations of small businesses, the auditprocess is shorter than for a classic ISO 9001audit. Franois Duperriez underlines that sincethe defining feature of small businesses isresponsiveness, we have adapted our methodsaccordingly. Audits are run directly on the spot,without pre-audit visits. Also note that the auditoroutlines any identified nonconformities at theclose of the audit visit, and drafts the audit reportstraight afterwards. The audit closes with awrap-up meeting, where the auditor hands theiraudit report to the company manager, who thenoutlines the corrective action they intend toimplement to resolve any nonconformities found.

Point 3: Share a common language and a commoncultureMoving forward from methodology issues, the mainaim is to develop a mindset and interventionalframework capable of meeting small businessmanager expectations.

Point 4: Delivering specific toolsetsAFNOR Certification has developed toolsetsdesigned specifically for small businesses,including action checklists for guiding them throughthe action work. AFNOR Certification has trained235 auditors specifically in using these tools.

Point 5: Challenging preconceptionsAt small businesses, quality delivery is often lessreliant on paperwork and more reliant on highly-responsive systems, but that doesnt make themany less stringent on meeting standards. Smallbusinesses are quintessentially organizationswhere quality systems are tightly connected toeconomic, social and environmental challenges.

We need to innovate new solutions to efficientlycoach small businesses through the qualitymanagement approach.

Focus

Lorsquelles voquent lesdmarches de certification,les TPE mettent en avantdiffrents freins, parmilesquels une dmarchelongue mettre en uvre,des difficults de compr-hension de la norme ISO 9001 et le cot de lacertification. Par ailleurs,les TPE voquent galementdes difficults sortir duquotidien, sextraire delurgence des commandes,ainsi quune prescriptionlimite des donneurs dordre,et lexistence dautresdmarches sectorielles de qualification ou devalorisation. Pas moins de 2 500 TPE ont toutefoisdj dcroch une certifi-cation ISO 9001.

Focus

Small businesses discussingcertification tend to focuson various disincentives,including the amount of time it takes, troubleunderstanding standardISO 9001, and the money cost of obtainingcertification. From another perspective, smallbusinesses also claim they struggle to escape day-to-day imperativesand break free from theroutine stress of meetingorder deadlines, with only limited referrals andrecommendations fromcontract sponsors, and other sector-specificqualificational or value-creating initiatives. Thatsaid, no less than 2,500small businesses havealready managed to secureISO 9001 certification.

2

3

4

5


tracking developments in benchmark standards

veille sur les rfrentiels/


version scheduled for publicationbefore end-2011 will extend thescope of this benchmark standardto centres handling plant and animalcells and tissues. This upgrade,which was planned in from theoutset, is much anticipated by the BRCs network, as it ratifies the professionalism of agronomicsresearch organizations like the CIRADand the INRA by credentialing thequality of their sample collection,preparation and preservationprocesses. Although benchmarkstandard NF S96-900 keeps its original structure, the scopeextension ushers in additionaldefinitions together with a toolbox for deciphering normativerequirements. Two pilot audits are scheduled for July, with officialpublication pencilled in for 4Q2011.A total of 22 BRCs currently boastcertification.

Le rfrentiel qualit des centres de ressources biologiques largit son scope

Depuis 2008, les centres deressources biologiques (CRB)qui grent des collectionsdchantillons humains ou micro-biens destins la recherche,pouvaient faire certifier la qualitde leur management selon lanorme NF S96-900. Grce unervision, ce rfrentiel sera tendudici fin 2011 aux centres conser-vant des tissus et cellules animauxet vgtaux. Cette volution,prvue ds la gense de la norme,est accueillie avec enthousiasmepar le rseau des CRB. Elleentrine le professionnalisme decentres tels que le CIRAD ou lINRA,spcialiss dans la rechercheagronomique, en garantissant laqualit du recueil, de la prpara-tion et de la conservation de leurschantillons. Si le rfrentiel NF S96-900 conserve sa structure,

lextension de son champ dapplication saccompagne de dfinitions complmentaires et de lajout de botes outils ,qui permettent de dcrypter lesattentes normatives. Deux auditspilotes devraient tre mens aumois de juillet avant une publicationofficielle au dernier trimestre 2011.22 CRB sont aujourdhui certifis.

The quality benchmarkstandard governingbiological resource centresbroadens scopeSince 2008, biological resourcecentres (BRCs) managing humanand bacterial reference collectionsfor the research community havebeen able to certify the quality of their management system tostandard NF S96-900. A revised

The benchmark referencesgoverning dishwasher detergentsand washing powders wererevised for 28 April, while in late-June new versions will bepublished for washing-up liquids,all-purpose cleaners, cleaners for sanitary facilities, lubricants,and copying and graphic paper.Revisions covering desktops-laptops and light bulbs are due to be released before 30 August. All these developments aredesigned to toughen up theEcolabel requirements: papers will need to incorporate a higherpercentage of recycled pulp, while dishwashing determents will need to cut down on packaging.A new battery of Ecolabels ispencilled in for 2012 for printedpaper, newspaper, taps, anddetergents for professional-gradewashing machines.

gence global du label : les papiersdevront ainsi intgrer plus de fibresrecycles, ou les liquides vaissellesrduire encore leurs emballages.De nouveaux colabels devraientenfin voir le jour courant 2012pour le papier imprim, le papierjournal, les robinets ou encore lesproduits destins aux lave-lingeindustriels.

Cascading revisions for the European EcolabelBusy times for theenvironmental label seal thatspans the full product lifecyclefrom design through to ultimate.

Actualit charge pour le labelenvironnemental qui couvre lensemble du cycle de vie desproduits, de leur conception au recyclage. Les rfrentiels quiencadrent les dtergents pourlave-vaisselle et les lessives ontainsi t rviss le 28 avril. De nouvelles versions sortiront fin juin pour les liquides vaisselles,les nettoyants universels, lesnettoyants sanitaires, les lubrifiants,le papier copier/papier graphique.Les rvisions concernant les ordinateurs personnels et portableset les ampoules lectriques paratront quant elles avant le 30 aot. Toutes ces volutionsvisent renforcer le niveau dexi-

Rvisions en cascade pour lEcolabel europen


.14juin/june 2011


continue their upward curve. The only way businesses can keeptheir energy costs under control is by improving their energymanagement systems saysAFNOR Certifications environmentand energy-sector productmanager Batrice Poirier. Fiveorganizations have already taken a headstart by having AFNORCertification certify their EN 16001approach. All five will be coachedthrough to ISO 50001 via a specifictransition schedule enabling themto integrate new requirements that the international standard hasadded, after which they will switchprogressively, audit-by-audit, to ISO 50001.

La norme ISO 50001 relativeau management de lnergie arrive

Le texte normatif est paru le 15 juin. Son objectif reste celui dela norme europenne EN 16001parue en 2009 : aider les entre-prises rduire leur facture engrant mieux leur efficacit ner-gtique confort et performancegale. Lensemble des expertssaccordent sur le sujet : le cotde lensemble des nergies vacontinuer augmenter. La seulemanire pour les entreprises delimiter lexplosion de leurs cotsest donc damliorer leur gestionde lnergie , rappelle BatricePoirier, chef de produit environne-ment et nergie chez AFNORCertification. Cinq organisationsont dj fait ce choix en faisantcertifier leur dmarche EN 16001parAFNOR Certification.Elles seront

Agroalimentaire :les rfrentielsBRC voluentLes rfrentiels privs de la grandedistribution, BRC Food et BRCEmballages (ou IoP, Institute ofPackaging) qui dfinissentdes exigences sanitaires pourles industriels de lagroalimen-taire sont en cours de rvision.Lun de leurs objectifs est lasimplification. Le BRC Food, dontla version 6 est programmepour le 1er janvier 2012, voit par exemple le nombre de sesexigences baisser de 25%, enrponse la demande de voir les audits sattacher moins la conformit documentaire etplus aux pratiques sur le terrain. Pour le BRC Emballages version4 applicable au 1er aot prochain,la grande nouveaut est lintro-duction de dix exigences fonda-mentales maturit et relve la barre pour les entreprises.Cette volution sinscrit dansun contexte trs dynamique : le nombre de sites certifis BRCen France a bondi de 20% 25% entre 2010 et 2011.

Food industry:developments in the British Retail Consortiumbenchmark standardsThe private-sector benchmarkstandards for supermarketretailers BRC Food and BRC/IoPPackaging which define food-industry hygiene standards are undergoing revision. One ofthe key changes being made toboth these standards is a move tosimplify the standard. The numberof requirements in BRC Food(version 6 / 1st January 2012) willbe cut 25%, in response to demandfor less focus on documentrecords conformity and greaterfocus on ground-level factorypractices. The stand-out newfeature of BRC Packaging (v. 4 - 1st August 2011) is theintroduction of ten fundamentalsystem maturity-gradedrequirements, which is set to raise the bar and takebusinesses further forward.These developments could nothave been timed better: thenumber of French sites certifiedto BRC standard jumped 20% to25% between 2010 and 2011.

accompagnes vers lISO 50001via un plan de transition spcifiquequi leur permettra dintgrer lesexigences supplmentaires de lanorme internationale. Le passage lISO 50001 se fera ensuiteprogressivement au fil des audits.

ISO 50001 on energymanagement is on its wayThe normative text waspublished on 15 June. It sharesthe same purpose as Europeanstandard EN 16001 published in2009, which is to held businessesconsume less energy through betterenergy efficiency managementwithout losing out on comfort orperformance levels. The experts all agree: energy costs are set to

around a three-section backbone. A comprehensive set of chronolo-gically-ordered commitments hasbeen introduced, running from theinitial housing application throughto tenant departure. Emphasis hasalso been placed on galvanizingorganizational aspects to improvehow applicants adopt and lead theapproach. This revision effort furtherconsolidates the legitimacy ofQualibail standard in its new statusas French national benchmark.Qualibail is currently run by theDelphis housing association networkand the 3 social housing providersLogiseine, Logeal Immobilire and Sodineuf Habitat Normand. To facilitate upgrade transitioning forth

Documents

Action Et Performance n14