Integrated Management System
The Integrated Management System (IMS) was introduced in PKN on 14th of September 2012.
PKN had started the implementation of the Quality Management System (QMS) in 2003. The certification audit took place in 2004. The next audits were carried out in 2007, 2010 and 2013 as renewal. The system effectiveness and its conformity to the requirements of PN-EN ISO 9001:2009 was annually checked and confirmed during surveillance audits conducted by the certification body. From 2016 the requirements of PN-EN ISO 9001:2015-10 are criteria for evaluating the IMS at PKN.
In 2011 the Information Security Management System (ISMS) was introduced with the aim of constant maintenance the highest level of the safety standards reached in PKN. ISMS was also subjected to the certification audit that confirmed the effectiveness of controls applied in PKN in accordance with PN-ISO/IEC 27001:2007 requirements. In 2014 PKN had adjusted the Integrated Management System to the requirements of reviewed PN-ISO/IEC 27001:2014-12 standard.
The IMS implemented in PKN includes the following scope of activities:
- Coordination of standardization work including organizing and supervising activities related to the development of Polish Standards and other standardization documents and their approval and publishing
- Management of the organization of Technical Bodies including the European and international cooperation
- Sale of standards, other documents and standardization publications, Polish, international and foreign
- Developing and selling information on standardization
- Conducting training activities
- Issuing certificates for the Mark of Conformity with the Polish Standard in accordance with the latest version of the Statement of Applicability.
In PKN, the processes as well as responsibilities were determined and presented in the process map, process descriptions, procedures, instructions and policies.
All the activities of processes, processing and control of PKN assets (in particular gathered and processed information) are realized within PKN system under information security conditions.
Security in the following areas: physical, personal and information is provided with applied controls defined in the Statement of Applicability and activities arising from the detailed policies, procedures, instructions and continuity management plans.
The top management provides the resources needed to implement, maintain and monitor the control and process effectiveness.