The project titled Engagement with Australian Businesses to Promote the Uptake of Standards explored the use and understanding of three management system standards:

• AS ISO/IEC 27001:2013 Information Technology – Security Techniques – Information Security Management Systems – Requirements
• AS ISO 22301:2019 Security and Resilience – Business Continuity Management Systems – Requirements
• AS ISO 55001:2014 Asset Management – Management Systems – Requirements.

The project remit specified that it must assist Australia, and Australian businesses, to influence, apply or conform to international standards, and be focused on digital, critical technology and critical minerals standards and conformance work either domestically or internationally. The result of the project is AustralianCriticalMinerals.com, due for release 30 October 2023, a free information resource for the mining industry framed around three key management systems:

• Information Security and Cyber Security
• Business Continuity
• Asset Management.

A collaborative project

JASANZ worked collaboratively with the RMIT Centre for Cyber Security Research and Innovation (CCSRI) on research into the use of management system standards in the mining and minerals sectors. The resulting white paper outlined the barriers to using the standards, including alternatives to standards and non-ISO and IEC competitors standards, and evidence of how useful they are in helping organisations improve their resilience and effectiveness.

The research identified several misconceptions in the academic literature, including that:

• management system standards were intended to provide a complete solution to their intended domain of operation
• accreditation bodies were able to directly input into legislation, rather than being just one of many stakeholders considered by governments when forming policy positions.

It also showed that ISO and IEC standards are often misunderstood and are mistaken as excellence standards, resulting in them being faulted for somehow not ensuring excellence. This insight led JASANZ to make a submission to the US NIST on version 2 update of its CyberSecurity Framework.

The collaboration also reinforced the need for JASANZ to form stronger partnerships with academia to solicit its contributions to research on standards and conformance more effectively.

A new channel of public communication

The project activity created a new mode of public communication for JASANZ to the ultimate end users of conformity assessment schemes. The extent of public misunderstanding about the ISO and IEC standards, and associated conformity assessment schemes showed that JASANZ and other IAF and ILAC Member accreditation bodies cannot solely target public information on the benefits of standards and conformance to third party conformity assessment bodies. To give ISO and IEC management system standards and associated schemes their best chance of successful use, accreditation bodies must communicate to organisations directly, using terms and phrases of everyday commerce.

Next steps

JASANZ are currently in the process of making direct contact with mining industry companies and personnel to test and provide feedback on an early release of AustralianCriticalMinerals.com. After gathering and implementing the feedback, the free online resource will be publicly released Monday 30 October.

JASANZ personnel are hosting an exhibitor booth at the International Mining and Resources Conference (IMARC) and Expo (31 October – 2 November, Sydney) and the Australian Institute of Mining and Metallurgy (AusIMM) Critical Minerals Conference (21 – 23 November, Perth) to promote the information resource to the critical minerals and mining industry.