SGS ISO/IEC 17025 LMS Internal Auditor Training 2025

 I was the trainer for ISO/IEC 17025:2017 Laboratory Management System (LMS) Internal Auditor Training Course by SGS and performed the course on 24^th & 25^th Jul 2025. During the training course, I briefed the ISO/IEC 17025:2017 and HOKLAS requirements, as well as, audit planning, checklist establishment, role play and CAR issues.

After participant finished all their tasks including audit plan, audit scope & objective, audit findings and audit report, as well as, CAR issued.  We took a group photo for memory.

Reference:

20231013: SGS ISO/IEC 17025 LMS Internal Auditor Training 2023 - https://qualityalchemist.blogspot.com/2023/10/sgs-isoiec-17025-lms-internal-auditor.html

20220112: SGS ISO/IEC 17025 LMS Internal Auditor Training 2022 - https://qualityalchemist.blogspot.com/2022/01/sgs-isoiec-17025-lms-internal-auditor.html

20210825: SGS EPD Project – IA Practice - https://qualityalchemist.blogspot.com/2021/08/sgs-epd-project-ia-practice.html

20200526: SGS EPD Project Pre-Meeting and Kick-off online Meeting - https://qualityalchemist.blogspot.com/2020/05/sgs-epd-project-pre-meeting-and-kick.html#more

202003223: SGS Technical Team Laboratory Visit - https://qualityalchemist.blogspot.com/2020/03/sgs-technical-team-laboratory-visit.html

20191014: SGS ISO/IEC 17025 LMS Internal Auditor Training in Ecospace Limited - https://qualityalchemist.blogspot.com/2019/10/sgs-isoiec-17025-lms-internal-auditor.html

20190809: SGS ISO/IEC 17025 LMS Internal Auditor Training Course - https://qualityalchemist.blogspot.com/2019/08/sgs-isoiec-17025-lms-internal-auditor.html

 

HKSQ x SGS Webinar on Understanding ESG in Multifaceted Views

HKSQ and SGS organized Webinar named “Understanding Environmental, Social and Governance (ESG) in Multifaceted Views” on 26^th April 2024. SGS is the HKSQ corporate member and collaborated this webinar to realize what ESG is and its latest trends in multifaceted views. The guest speaker was Ms. Zonta Yung (Project Manager, Sustainability – Business Assurance, SGS). She would introduce what is ESG, its megatrend and common topics with relevant international standards. 

In the beginning, Ms. Zonta Yung introduced the definition of EGS that Environmental criteria consider companies; performance as a steward of nature. Social criteria related to employees, suppliers, customers and the communities during their operation. Governance deals with a company’s leadership, executive, internal control and shareholder rights.

And then she compared among ESG, CSR and Sustainability that ESG focused on operation, CSR focused on social related activities, as well as, Sustainability focused on strategic long-term balance.

After that Ms. Yung briefed the trends & drivers of ESG in government, regulator and market. She also compared different regions and countries’ carbon-related target. HKSAR, Taiwan China set carbon neutral by 2050. USA and EU also set carbon neural by 2050. China set it by 2060. ASEAN only targeted to reach 23% renewable energy by 2025.

Ms. Yung then shared the ESG disclosure level of the different regions/countries’ regulatory bodies that HKSAR, Japan, EU, Singapore and Indonesia are mandatory. Others are voluntary disclosure in different level. She also introduced an international group of institutional investors developed the Principles for Responsible Investment (PRI) to advocate ESG investment.

Finally, the megatrend and six emerging themes of ESG policies across ASEAN were discussed that included green taxonomies, climate reporting, carbon pricing schemes, corporate ESG disclosures, ESG fund requirements and supply chain due diligence & transparency.  

HKEX ESG reporting guide employed as example to demonstrate the requirements in environmental area and social area.

Lastly, Ms. Zonta Yung linked the related international standards with each requirements including ISO 14001, ISO 50001, etc.

At the end, we took a group photo in the Zoom for memory.

Reference:

HKSQ - https://hksq.org/

HKSQ Corporate Members - https://hksq.org/list-of-hksq-corporate-members/

SGS Webinar for AI Applications with ISO/IEC 42001

 In response to the rise of AI and the challenges it creates, the ISO and IEC had created the ISO/IEC 42001 standard and issued at the end of 2023. This global standard specifies the requirements for establishing, implementing, maintaining and continually improving an AI management system. SGS held a webinar named “Build trust in your AI applications with ISO/IEC 42001” on 11 Jan 2024 at 3:00pm (EST) equal to HKT at 4:00am on 12 Jan 2024 so that I wake up very early to attend this webinar and summarized as follows.

In the beginning, Mr. Willy Fabritius (Global Head of Strategy & Business Development Information Security, SGS) give opening speech and introduced SGS background. He said ISO is from Greek word “isos” meaning “equal”. And then he introduced the speaker Ms. Kim Lucy (Director of GRC Standards at Microsoft).

Ms. Kim Lucy firstly said AI serviced humans that demand for oversight and control. Thus, development of AI specific international standards help to fulfill the demands for safe, responsible and trustworthy AI. Three key principles for AI management system standards are “Flexible”, “Durable” and “Transversal & Scalable”. The foundational AI ecosystem was described.

After that the ISO/IEC 42001 development history were stated since 2020. It is matching the EU AI Act.  Because customer demanded for assurance and trust of AI system and some key central concepts of AI governance, risk and compliance (AI GRC) ecosystem are aligned with ISO/IEC 23894 (Risk Management) and ISO/IEC 38507 (Governance). 

And then Ms. Kim Lucy briefed the ISO/IEC 42001 structure including management clauses which are mainly requirements, Annex A and B are guidance as well as, Annex C for AI related organizational objective and risk resources as supplemental information.

Finally, she gave a summary of ISO/IEC 42001:2023 to give an overview of the AIMS standard.

She also compared the different between ISO/IEC 42005 -AI system impact assessment (expected to be published 2025) and ISO/IEC 23894:2023 – AI guidance on risk management. 

Lastly, she mentioned the other supporting standards such as ISO 23053, 5259, 22989 are within the foundational ecosystem.

At the end, they introduced different related ISO standards, as well as, different legislation and regulations in different countries to be developed.

Reference

SGS ISO/IEC 42001 website - https://www.sgs.com/en/services/iso-iec-42001-certification-artificial-intelligence-ai-management-system

HKSQ Quality Month Seminar on ISO 50001 and ISO 55001

 This month is Quality Month and Quality Week, HKSQ organized seminar named “Quality Month Seminar on ISO 50001 and ISO 55001” on 10^th Nov 2023. Our oversea representative Prof. KF Pun visited Hong Kong this year and joined this seminar. We took a photo for memory.

In the beginning, Dr. Jane Wong (Chairman, HKSQ) introduced the guest speaker Dr. Aaron Tong (Former Chairman, HKSQ) and briefed today’s topics.

Then Dr. Aaron Tong introduced ISO 50001 Energy Management System which aligned with ESG principles by promoting energy efficiency.

ISO 50001 also employed PDCA model as ISO 9001.

Then he mentioned the process of energy planning including energy baseline and performance indicators, etc. 

And then he shared case that Water Supplies Department has first entire government department to achieve ISO 50001.

The second case was Airport Authority Hong Kong (AAHK) and shared how they saved energy in different initiatives. Dr. Tong also mentioned Hong Kong’s Climate Action Plan 2050.

After that Dr. Aaron Tong discussed the second topic about ISO 55001 Asset management. He said many people confused when talking about asset management. Most of people thought about financial investment. Based on ISO 55000:2014, Asset defines “Item, thing or entity that has potential or actual value to an organization”. That value could be financial or non-financial. In Hong Kong, many organizations considered as facilities.

And then Dr. Tong briefed asset management that seek the optimal combination of performance, risks and opportunities and costs. 

The overall asset management system was stated from managing the organization asset to asset portfolio. Asset Portfolio defined as “Assets that are within the scope of the Asset Management System” that is typically established and assigned for managerial control purposes. 

The interrelated and interacting key elements of the standard were briefed.

One of key concepts is asset life that “Period from asset creation to asset end-of-life.”

Finally, Dr. Tong shared another case study from Water Supplies Department. It is the largest AMS certified to ISO 55001 in Hong Kong and published in HKIE.

During Q&A, I asked two questions and shared my article in ASQ Energy & Environment Division Newsletter. One is related to equipment / facilities assets that most of company considered in financial point of view that 3 or 5 years for depreciation. Another question is how to seek better baseline for performance indicators setting. Dr. Tong answered both financial or functional point of view for asset life were considered. And it had better select the steady and representative data for baseline.

Reference:

HKSQ - https://hksq.org/

WSD established Hong Kong's largest asset management system certified to ISO 55001 - http://www.hkengineer.org.hk/issue/vol50-jun2022/feature_story/?id=16908

Introduction of ISO 50001 Framework and Case Study in Hong Kong - https://www.researchgate.net/publication/366442039_Introduction_of_ISO_50001_Framework_and_Case_Study_in_Hong_Kong

SGS ISO/IEC 17025 LMS Internal Auditor Training 2023

I was the instructor for training ISO/IEC 17025:2017 Laboratory Management System (LMS) Internal Auditor Training Course on 12^th & 13^th Oct 2023 after Covid period. I took a group photo with attendees.  

During the training course, I briefed the new and major changes of ISO/IEC 17025:2017 and HOKLAS requirements, as well as, audit planning, checklist establishment, role play and CAR issues.  Since it is a workshop, many exercises for participant practice and they need to present their finding during the mock audit.

Then they had presented their audit plan, audit scope & objective, audit findings and audit report to demonstrate their learning achievement. 

Lastly, they need to prepare CAR and role play to find out the root course and draft the corrective actions.

Reference:

20220112: SGS ISO/IEC 17025 LMS Internal Auditor Training 2022 - https://qualityalchemist.blogspot.com/2022/01/sgs-isoiec-17025-lms-internal-auditor.html

20210825: SGS EPD Project – IA Practice - https://qualityalchemist.blogspot.com/2021/08/sgs-epd-project-ia-practice.html

20200526: SGS EPD Project Pre-Meeting and Kick-off online Meeting - https://qualityalchemist.blogspot.com/2020/05/sgs-epd-project-pre-meeting-and-kick.html#more

202003223: SGS Technical Team Laboratory Visit - https://qualityalchemist.blogspot.com/2020/03/sgs-technical-team-laboratory-visit.html

20191014: SGS ISO/IEC 17025 LMS Internal Auditor Training in Ecospace Limited - https://qualityalchemist.blogspot.com/2019/10/sgs-isoiec-17025-lms-internal-auditor.html

20190809: SGS ISO/IEC 17025 LMS Internal Auditor Training Course - https://qualityalchemist.blogspot.com/2019/08/sgs-isoiec-17025-lms-internal-auditor.html

HKSQ Webinar on: A Holistic Approach to Privacy Compliance and Recent Update of Information Security Standards

 HKSQ organized seminar/webinar on “A Holistic Approach to Privacy Compliance and Recent Update of Information Security Standards” on 10 May 2023. SGS is coorganzer and TQM Consultant Ltd is supporting organization. In the beginning, Dr. Jane Wong (Chairman, HKSQ) presented a souvenir to speakers.

(Left: Mr. Ben Tsang, Ms. Natalie Law, Mr. Chris Yau and Dr. Jane Wong)

Mr. Chris Yau (Deputy Director, Products and Services Development, SGS) was the first speaker and his topic mainly focused on privacy, GDPR and ISO/IEC 27701 “Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management – requirement and guidelines”. 

Firstly, Mr. Yau introduced 6 data processing principles under General Data Protection Regulation (GDPR) in EU. 5 of them cannot be helped by IT/security technologies alone. 

Then 8 data subject rights are also mentioned and IT technologies only essential to some of these rights.

And then Mr. Chris Yau introduced the ISO/IEC 27701 which released in Aug 2019. ISO/IEC 27701 is designed to work with ISO/IEC 27001 to form a complete Privacy Information Management System. Thus, organization must first process an ISO/IEC 27001 information security management system. 

After that he showed the key structure of both ISO/IEC 27701 and ISO/IEC 27001. That 32 controls in ISO/IEC 27701 are amended with privacy requirement. Annex A – 31 controls used for PII controller and Annex B – 18 controls for PII processor. He then explained the different between Personally Identifiable Information (PII) Controller and Processor. Where PII is information that identifies, relates to, describes, references or is capable of being associated with, or could be reasonably linked - directly or indirectly - with a particular individual consumer or device. The PII controller is the entity that determines the purpose and means for processing PII, define why and how PII is processed, and is responsible for the implementation of privacy and security protocols to meet applicable legal standards. The PII processor then processes PII on behalf of and in accordance with the instructions and privacy controls set by the PII controller.

Finally, Mr. Chris Yau demonstrated some examples such as risk assessment using CIA (Confidentiality, Integrity & Availability) of privacy data and processing of privacy data (e.g. transfer of PII to an overseas). Incident management should be considered on privacy. In the past, many organizations only considered the interruption of operation as incident. Thus, privacy consideration should be included consent methods, opportunity to withdraw consent and bundled with conditions.

Ms. Natalie Law (ISO/IEC 27001 lead auditor) was the second speaker and her topic included ISO/IEC 27001 & 27002 relationships, changes in 2022 version, transition timeline for new standard certification.

Firstly, she briefed the difference between ISO/IEC 27001 & 27002. ISO/IEC 27001 is certifiable and Annex A controls are important. Where ISO/IEC 27002 give guideline for implementation of different controls.

The new version of ISO/IEC 27001 changed the title named “Information security, cybersecurity and privacy protection – Information security management system – Requirements”. New sub-clauses and clause numbering changed to match ISO 9001:2015. Some texts are changed and Annex A controls rearrangement.

Some new or changed texts are summarized and briefed by Ms. Law.

Number of controls changed from 113 controls in ISO/IEC 27001:2013 to 93 controls where 11 new controls, 23 renamed controls and 24 merged controls in ISO/IEC 27001:2022. Moreover, 14 control domains consolidated into 4 control domains and they are A.5 Organization controls (37 Controls), A.6 People controls (8 Controls), A.7 Physical controls (14 Controls) and A.8 Technological controls (34 Controls). 

11 New controls are also introduced.

23 controls are renamed and showed in the following table.

24 merged controls and some of them demonstrated in the following diagram.

Finally, Ms. Natalie Law introduced other changes in ISO/IEC 27002:2022 that controls from “Objective” to “Purpose” and added the attribute table that assist user to be more understanding the control.

Lastly, she briefed the transition period that would end on 31 Oct 2025.

During Q&A session, I shared that startup and HR in large company would interest in privacy management system. Mr. Chris Yau said marketing people would more concern and some of their clients are startup company.

At the end, Dr. Jane Wong also presented HKSQ 35^th anniversary book and crystal to speakers.

Reference:

HKSQ - https://hksq.org/

(Remark: you can download SGS white paper after fill the form below.)

SGS white paper - https://www.sgs.com/en/whitepapers/key-changes-in-iso-iec-27002-2022-form#white-paper-detail-signup-form