Verification of compliance 3/3

Compliance – how is it verified in practice? We have chosen mutually supportive and complementary systems to ensure and develop the quality of our operations. This third part of the series delves into the verification of compliance in the systems that are most important to us.

ISO 9001:2015

ISO 9001 is an international quality management system standard, and it´s key objective is the continuous development of the company’s operations from the perspective of quality management. The ISO 9001 standard follows the basic structure established by the International Organization for Standardization (ISO) to improve the consistency of international management system standards. The ISO 9001 standard consists of 30 different requirements that define the processes to be followed in the target company. But what does it mean to put the standard into practice?

The key to the ISO 9001 standard is the process-oriented approach to company operations. In practice, this means achieving consistent and predictable results through action. In all its requirements, the ISO 9001 quality management system relies on interrelated processes through which it can be demonstrated that the company operates in accordance with the principles required by the standard.

The key principles of the standard are:

  • Customer focus
  • Engagement of people
  • Process approach
  • Improving performance
  • Evidence-based decision-making
  • Relationship management

One of the most important tools in the ISO 9001 standard is risk and opportunity-based thinking. Both risks and opportunities are considered from the perspective of the company’s operations. Opportunities are especially important for the continuity of the company’s operations; a lot of attention has been paid to their identification and the process that drives them forward in the standard. Risk based thinking, preventive actions and the correction and/or development of nonconformities, i.e. actual quality management measures, helps the company to achieve improved results and prevent negative effects.

Companies implementing the standard are audited annually, and the validity of the certificate is reassessed in its entirety on a third year. External audits are carried out by an accredited third party. Ontec Oy has been an ISO 9001 certified company since 2012.

Katakri 2020

Katakri is an information security audit tool for authorities that can be used to assess the target organisation’s ability to protect national or international classified information. The first version of Katakri was released in 2009 and currently in use is the fourth version, updated in 2020.

Katakri is devided in to three subdivisions:

  • Security management
  • Physical security
  • Information assurance

Katakri’s requirements are different possibilities for implementation options and may be replaced by other protection means of an equal protection level. The aim is to find adequate protections for different operating environments – the best combination of complementary means. The Katakri assessment is carried out by the competent authority as part of the Facility Security Clearance (FSC), in which these three areas are assessed. At Ontec, the assessment was successfully carried out in 2022.

Safety management focuses on those safety management methods that implement it in all areas of the organization’s operations. Security management covers both administrative information security and personnel security, aiming at a functional information security management system that also ensures the operating methods that maintain the security of personnel. Everything is based on documented procedures and risk assessment, which make it possible to verify the actions targeted at the information to be protected, taking into account the characteristics of the company’s activities.

In practice, physical security means taking physical and technical security measures to prevent unauthorized access to classified information. Physically protected security areas are classified, and their security measures are built into separate, complementary entities. The selection of adequate security measures is always based on a risk assessment.

Information assurance aims to ensure the adequacy of the security arrangements for safety-classified information in the electronic operating environment. The approval of information systems by the competent authority requires that the protections implemented are adequate. the authority has carried out a risk assessment.

What are Ex devices and what is required of them?

ATEX legislation applies to equipment, equipment assemblies, protection systems intended for use in ATEX-premises, as well as safety, control and control devices and components necessary for the safe operation of equipment and protection systems.


These include, for example: electrical equipment and components, pumps, gearboxes, pneumatic equipment, forklifts and internal combustion engines. Ex-devices must meet ATEX requirements. The essential safety requirements for the design and construction of the equipment are met when the harmonized standards are applied.

As a manufacturer of equipment for potentially explosive atmospheres, we are responsible for ensuring that our equipment and protection systems meet the requirements of the ATEX Equipment Directive.

Compliance is verified by a third party by auditing our production and quality system. The product certificate is valid for three years and it is audited once during that time.

ATEX, atmosphées explosibles, explosive atmospheres

It is the responsibility of the employer to ensure the health and safety of workers in potentially explosive atmospheres. The employer must also take all necessary measures so that work in such premises can be carried out safely. It is also the responsibility of the employer to define these facilities.

The employer is responsible for:

  • ensure the health and safety of workers in potentially explosive atmospheres
  • take all necessary measures to ensure that the work can be carried out safely
  • assess the explosion hazards of the premises and classify them accordingly
  • mark potentially explosive atmospheres
  • take care of explosion protection and draw up an explosion protection document

Potentially explosive atmospheres are supervised by several supervisory authorities: occupational safety and health authorities, Tukes and the rescue authorities.