info@iapmoscb.org | (909) 230-5526 | www.iapmoscb.org

Q1 2025

SCB Achieves ISO 27001 Accreditation

We are excited to announce that SCB has been accredited by the ANSI National Accreditation Board (ANAB) to provide ISO 27001:2022 certification to existing and prospective clients wishing to demonstrate the effectiveness of their information security management system.


"Achieving ISO 27001:2022 certification from an accredited certification body such as SCB not only strengthens an organization’s information security framework, but also builds trust with clients and partners,” said Shirley Dewi, SCB Senior Vice President. “It demonstrates a commitment to safeguarding sensitive data, ensuring compliance with global standards, and mitigating risks in an increasingly digital world.”


SCB is ready to help your organization take this vital step toward securing business operations and reinforcing a culture of continuous improvement and accountability in information security management. Please reach out to our team and we would be happy to provide additional requirements needed to achieve this certification with SCB.

ISO 27001, NIST SP 800-171, and CMMC. What are the Differences?

In today’s cybersecurity landscape, organizations handling sensitive information must comply with various security frameworks and standards. Three of the most commonly referenced standards are ISO 27001, NIST SP 800-171, and CMMC. While they share similarities in their goal of securing information, their scope, implementation, and certification processes differ significantly. Understanding these differences is key to determining which framework best fits your organization’s needs.


ISO 27001: The Global Information Security Standard

ISO 27001 is an internationally recognized standard for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). It provides a risk-based approach to information security, allowing organizations to implement security controls based on their unique risks and business context.

  • Scope: Broadly applicable to organizations of all sizes and industries.
  • Approach: Focuses on risk management and continuous improvement.
  • Certification: Requires an independent audit to achieve formal certification.
  • Needed by companies seeking a standard for managing information security risks


NIST SP 800-171: Protecting Controlled Unclassified Information (CUI)

NIST Special Publication 800-171 is a set of security requirements developed by the National Institute of Standards and Technology (NIST) to protect Controlled Unclassified Information (CUI) in non-federal systems and organizations. It is primarily used by U.S. government contractors.

  • Scope: Applies to organizations handling CUI in non-federal systems.
  • Approach: Provides 110 specific security requirements across 14 control families.
  • Certification: Compliance is typically self-attested or assessed contractually.
  • Who Needs It? U.S. government contractors and subcontractors who handle CUI.


CMMC: Strengthening Cybersecurity for Defense Contractors

The Cybersecurity Maturity Model Certification (CMMC) was introduced by the U.S. Department of Defense (DoD) to enforce stricter cybersecurity measures for defense contractors. CMMC builds upon NIST SP 800-171, incorporating additional security practices and a maturity model.

  • Scope: Specifically designed for companies in the Defense Industrial Base (DIB).
  • Approach: Implements a tiered maturity model with different levels of cybersecurity
  • Certification: 3rd-party audits and certification based on required maturity level.
  • Who Needs It? Any organization doing business with the DoD, including subcontractors.


SCB is already listed to become a C3PAO (Certified Third-Party Assessor Organization) and authorized by the CMMC-AB to conduct CMMC assessments for organizations seeking certification.

ISO 14001 Draft Update Released: What to Expect in the New Version?

The much-anticipated draft update for ISO 14001 has been released for a 12-week comments and ballot period. It is set to bring updates to the most applied environmental management systems standard worldwide.


Transition timeline

The development of the new ISO 14001 standard began in the fall of 2023. With the final version anticipated to be published in January 2026, organizations have ample time to prepare.


The transition period for the ISO management system standards is typically a maximum of three years but it may be shorter if changes are limited. It is anticipated that more visibility on the conclusion of this will be available toward spring.


Key changes in the draft version

 The new version is expected to be published next year in January 2026. The draft update is now out on hearing gives good idea of what can be expected. One main framework decided for the update has been to limit the changes to provide better understanding of existing requirements, but to avoid introducing new requirements.


The main changes outlined in the draft updates of ISO 14001 are:


  • Adaptation to text and requirements in latest version of ISO’s Harmonized Structure (HS) for Management System Standards.
  • Amended text to provide for better understanding of existing requirements by rephrasing current requirements or inclusion of notes.


Clarifications of requirements by enhancing the guidance in Annex A for some identified key topics.

Call for Nominations for ANAB Personnel Credentialing Committees

The ANSI National Accreditation Board (ANAB), a wholly owned subsidiary of the American National Standards Institute (ANSI), is accepting nominations from interested persons to serve on its Personnel Credentialing Committees: Personnel Certification Accreditation Committee (PCAC) and Certificate Accreditation Program Accreditation Committee (CAPAC). Nominations must be received by April 1, 2025 (PCAC) and February 28, 2025 (CAPAC).
Read more (anab.ansi.org)

OASIS Instructional Updates to Align with New Fee Structure

As we continue to update and enhance OASIS, there has been some instructional content changes in the platform and the service desk that are being implemented as a result of the fee structure adjustments made last November.


Please review the following OASIS Knowledgebase sections with updated content: New Certificate – Manage & Audits – IAQG & New Version of Existing Certificate (certificate modification) – Manage & Audits – IAQG. Additionally, a new section, Certificate Billing – Manage & Audits – IAQG, has been added to clarify how CBs are billed for certificate uploads. 
Read more (iaqg.org)

ISO 45001:2023 Updates and What They Mean

ISO 45001 is a globally recognized standard for occupational health and safety management systems. It establishes a framework for organizations to identify and manage workplace risks, minimize accidents, and promote a safe and healthy work environment. To maintain its relevance and effectiveness, ISO 45001 undergoes periodic reviews and updates. The latest revision, ISO 45001:2023, introduces significant changes with key implications for businesses. Let’s delve into the key updates and their impact on organizations.
Read more (workplacesafety.sg

IAPMO was established in 1926 and has offices in the USA, Canada, Australia, China, Indonesia, India, Mexico, Germany and Argentina. To learn more about IAPMO's complete services, please visit our website at www.iapmo.org.
Facebook  Instagram

IAPMO SCB | 5001 East Philadelphia St. | Ontario, CA 91761 US

Unsubscribe | Update Profile | Constant Contact Data Notice