ISO 20000-1:2018 Foundation Free Practice Test — 30 Questions

Question 1

\"SecureTech,\" a cybersecurity service provider, recently experienced a data breach affecting several of its clients. An investigation revealed that the breach occurred due to a vulnerability in the company\'s incident response procedures, which were not adequately addressing emerging cyber threats. According to ISO 20000-1:2018, what is the MOST effective approach \"SecureTech\" should take to enhance its operational planning and control and prevent similar incidents from occurring in the future?

Accepted Answer

Conducting a comprehensive review of its incident management and response procedures, updating them to address the identified vulnerabilities, and implementing regular testing and training to ensure that personnel are prepared to respond effectively to future incidents.

Question 2

ShieldCorp, a private security company providing security services to various commercial properties, is seeking to enhance its operational effectiveness and comply with ISO 18788:2015. During a recent mock emergency drill, it became evident that there is a lack of documented procedures for coordinating with local law enforcement agencies in the event of a real security threat or emergency situation. Which of the following actions should ShieldCorp prioritize to address this gap and ensure compliance with ISO 18788:2015 requirements for operational planning and control?

Accepted Answer

Develop and implement documented procedures for coordinating with local law enforcement during emergency situations, outlining roles, responsibilities, communication protocols, and information sharing.

Question 3

\"SecureGuard Solutions,\" a private security firm, has been contracted to provide security services for a high-profile international summit held in Geneva. The summit involves numerous heads of state, dignitaries, and a large contingent of media personnel, making it a high-risk event with significant potential for security breaches and legal liabilities. Recognizing the importance of adhering to ISO 18788:2015 standards, the CEO, Ms. Anya Petrova, is keen to ensure that the firm takes appropriate steps from the outset. Given the complex interplay of security risks and legal compliance requirements, what should be SecureGuard Solutions\' most crucial initial step in aligning its operations with ISO 18788:2015 for this specific event, ensuring both robust security and adherence to relevant laws and regulations? The summit also involves participants from countries with varying legal frameworks regarding data privacy and use of force, further complicating the compliance landscape. Furthermore, the firm has recently faced scrutiny over its training protocols and needs to demonstrate a commitment to ethical and legally sound practices. Considering these factors, which action best reflects the integrated approach advocated by ISO 18788:2015?

Accepted Answer

Conduct a comprehensive risk assessment and engage legal counsel to ensure compliance with applicable laws and regulations.

Question 4

\"SecureServe Solutions,\" a burgeoning IT service provider, is seeking ISO 20000-1:2018 certification to enhance its market credibility and streamline service delivery. The company\'s CEO, Alistair Humphrey, is enthusiastic but lacks a clear understanding of the standard\'s requirements. The initial assessment reveals that SecureServe has a well-defined incident management process but lacks formal procedures for change management and capacity planning. Alistair, eager to demonstrate quick progress, proposes an initial scope that includes only the incident management process, arguing that it is the most mature area and will allow for a swift certification. He also suggests delegating all responsibilities for the SMS to the IT operations manager, believing this will free up senior management time. Furthermore, Alistair proposes minimizing risk assessments to avoid slowing down the certification process, focusing instead on addressing immediate operational issues. Considering the requirements of ISO 20000-1:2018, what is the most significant deficiency in Alistair\'s proposed approach?

Accepted Answer

The proposed scope is too narrow, potentially overlooking critical service management aspects like change management and capacity planning, and the lack of comprehensive risk assessment and leadership involvement undermines the holistic approach required by the standard.

Question 5

Apex Technologies, an IT service provider, has recently appointed Ms. Evelyn Reed as its new CEO. The company is currently certified to ISO 20000-1:2018. To demonstrate leadership and commitment to the service management system (SMS) in accordance with ISO 20000-1:2018, what is the MOST effective action Ms. Reed should take?

Accepted Answer

Actively participate in key service management activities, such as management reviews and strategic planning sessions, ensuring alignment of the service management policy with the organization's overall business objectives and allocating sufficient resources to support the SMS.

Question 6

SecureGuard Solutions, a private security firm specializing in high-value asset protection and event security, has recently appointed a new Head of Security, Elias Vance. Elias is tasked with implementing a security operations management system (SOMS) based on ISO 18788:2015. Prior to defining specific security protocols and operational procedures, what is the MOST critical initial step Elias must undertake to ensure the successful and relevant implementation of the SOMS, considering the requirements outlined in ISO 18788:2015 regarding the context of the organization? This step directly impacts the effectiveness and suitability of all subsequent security measures implemented by SecureGuard Solutions.

Accepted Answer

Conduct a comprehensive analysis of the organization's internal and external context, including stakeholder needs and expectations, to define the scope of the SOMS.

Question 7

Sentinel Security Solutions, a private security firm, has been contracted to provide security services for a multinational corporation operating in a region with a history of civil unrest and weak governance. The corporation\'s primary objective is to maximize its operational efficiency and profitability. Sentinel\'s risk assessment reveals that the region is subject to frequent protests, varying interpretations of local laws, and a high risk of human rights violations. The local government is often influenced by powerful local groups, and there is a lack of consistent enforcement of regulations. The multinational corporation demands that Sentinel prioritize the protection of its assets and personnel above all else, even if it means potentially clashing with local protesters or circumventing certain local regulations. Considering the requirements of ISO 18788:2015 and the context of the organization, how should Sentinel prioritize its actions in this complex environment to ensure compliance with the standard and maintain ethical security operations?

Accepted Answer

Prioritize adherence to human rights principles and compliance with local and international laws, even if it means potentially compromising the client's immediate security objectives or operational efficiency.

Question 8

\"TechForward Solutions,\" a burgeoning IT services provider, has experienced rapid growth but now faces significant challenges. Their IT service management practices, while initially effective, are increasingly misaligned with the evolving business needs. Client satisfaction is declining, internal processes are inefficient, and there\'s a lack of clear understanding of how IT services contribute to the overall business strategy. Senior management expresses concern over the increasing operational costs and the inability to effectively respond to market changes. The Head of IT is tasked with aligning IT service management with the business objectives. Considering the ISO 20000-1:2018 framework, which of the following initial steps would provide the MOST comprehensive foundation for TechForward Solutions to address these challenges and ensure the IT service management system is strategically aligned and effective?

Accepted Answer

Conduct a comprehensive assessment of the organization's context, including internal and external issues, stakeholder needs and expectations, and defining the scope of the service management system, to establish a clear understanding of the current state and desired outcomes.

Question 9

\"SecureGuard Solutions,\" a private security firm contracted to protect a high-profile data center, is seeking ISO 18788:2015 certification. The firm\'s management team is debating the initial steps to take. Alistair, the operations manager, argues that immediately implementing advanced surveillance technology is the priority. Beatrice, the HR director, believes focusing on intensive training for all security personnel is most crucial. Carlos, the compliance officer, suggests that conducting a thorough risk assessment of the data center\'s physical and cyber vulnerabilities should be the first step. Davina, the CEO, insists on drafting a detailed security policy statement and communicating it to all stakeholders before any other action. Considering the core principles of ISO 18788:2015, which of the following actions should \"SecureGuard Solutions\" prioritize as the *initial* step towards certification, ensuring alignment with the standard\'s requirements for establishing a robust security operations management system?

Accepted Answer

Conducting a comprehensive risk assessment to identify potential threats and vulnerabilities specific to the data center environment, establishing a foundation for informed decision-making and resource allocation.

Question 10

StellarTech Solutions, a rapidly growing IT service provider, is embarking on the implementation of ISO 20000-1:2018 to formalize its service management system (SMS). The executive leadership recognizes the importance of risk management but is unsure how to best integrate it into the SMS, especially considering the existence of ISO 31000, the international standard for risk management. Elara, the newly appointed Service Management System Manager, is tasked with defining the approach. She understands that simply acknowledging the presence of risks is insufficient for compliance, but she is also wary of creating unnecessary bureaucracy. Considering the relationship between ISO 20000-1:2018 and ISO 31000, what is the MOST appropriate strategy for Elara to recommend to StellarTech\'s leadership regarding the integration of risk management into their ISO 20000-1:2018 compliant SMS? Elara needs to ensure that the approach is both effective and efficient, aligning with the organization\'s strategic objectives and the requirements of the standard. Which of the following strategies would best achieve this balance?

Accepted Answer

Adopt ISO 31000 as a guiding framework, tailoring its principles and processes to the specific context of StellarTech's service management system as defined by ISO 20000-1:2018.

Question 11

Vigilant Shield, a private security firm, has been contracted to provide security for a large-scale infrastructure project by a multinational corporation, \"GlobalConstruct,\" in a region with a history of socio-political unrest and diverse cultural sensitivities. Upon commencing operations, Vigilant Shield encounters resistance from local community leaders who express concerns about potential displacement, environmental impact, and the perceived intrusion of foreign entities. The community threatens to disrupt the project if their concerns are not addressed. Considering the principles of ISO 18788:2015 regarding understanding the context of the organization and the needs and expectations of interested parties, which of the following should be Vigilant Shield\'s *initial* course of action to effectively manage this situation and align with the standard\'s requirements for ethical and responsible security operations? The goal is to mitigate potential conflicts and ensure the security operation respects human rights and cultural sensitivities, while also meeting the client\'s security needs.

Accepted Answer

Conduct a comprehensive stakeholder analysis to identify all relevant parties, their interests, and potential concerns, and develop a security plan that is sensitive to the local context and promotes positive relationships with the community.

Question 12

\"SecureGuard Solutions,\" a private security firm, is contracted to provide security services for a large manufacturing plant, \"Precision Products Inc.\" The manufacturing plant is located in a region with a history of labor disputes and occasional vandalism targeting industrial facilities. \"Precision Products Inc.\" is also subject to strict environmental regulations regarding waste disposal and emissions. The local community has expressed concerns about the potential impact of the manufacturing plant on the environment and local resources. \"SecureGuard Solutions\" is developing its security operations management system (SOMS) based on ISO 18788:2015. According to the standard, what is the MOST crucial initial step for \"SecureGuard Solutions\" to ensure the relevance and effectiveness of its SOMS in this specific context?

Accepted Answer

Conducting a comprehensive analysis of the internal and external factors impacting "Precision Products Inc.," including labor relations, environmental regulations, community concerns, and potential security threats, to define the scope and objectives of the SOMS.

Question 13

"Vanguard Security Solutions," a private security firm providing services to high-profile clients, is undergoing an initial certification audit for ISO 18788:2015. The lead auditor, Mr. Dubois, observes that while Vanguard has detailed operational procedures and well-trained personnel, their approach to risk management appears fragmented. Risk assessments are conducted sporadically, primarily in response to specific client requests or incidents. There is no overarching framework for identifying, assessing, and treating risks across all areas of their operations. Furthermore, the firm\'s documented information on risk management is limited and doesn\'t reflect a consistent methodology or criteria for risk evaluation.

Considering the requirements of ISO 18788:2015, which of the following represents the MOST significant gap in Vanguard Security Solutions\' current practices that needs to be addressed to achieve certification?

Accepted Answer

The absence of a systematic and documented risk management framework integrated into all aspects of their security operations, including proactive risk identification, consistent assessment methodologies, and defined risk treatment strategies.

Question 14

\"SecureGuard Solutions,\" a private security firm specializing in high-value asset protection and executive security, seeks to enhance its operational efficiency and client trust. The company aims to integrate its existing IT service management system, certified under ISO 20000-1:2018, with a security operations management system based on ISO 18788:2015. Senior management recognizes that merely implementing both standards independently will not yield optimal results. Considering the interconnected nature of modern security operations, which rely heavily on IT infrastructure for surveillance, communication, and data management, what is the MOST effective initial step SecureGuard Solutions should take to ensure a synergistic integration of these two management systems, maximizing their combined value in delivering superior security services and demonstrating a unified approach to risk management and operational excellence to its clientele? The integration must address both the IT service aspects and the security operational aspects to provide a robust and reliable security service.

Accepted Answer

Conduct a gap analysis to identify areas where the IT service management system and the security operations management system intersect and where alignment is lacking, focusing on IT services' impact on security operations and vice versa, followed by implementing controls to bridge these gaps.

Question 15

Vanguard Security Solutions, a private security firm, is implementing ISO 18788:2015 to enhance its service delivery and operational efficiency. The firm provides security services to a diverse range of clients, including corporate offices, residential communities, and retail establishments, each with unique security requirements and expectations. Initial implementation efforts are facing challenges due to inconsistent application of security protocols across different client sites and a lack of uniform understanding of client needs among security personnel. Furthermore, there is a perception among some department heads that ISO 18788:2015 implementation is solely the responsibility of the compliance department, leading to limited engagement from other key areas such as operations and training. To effectively address these challenges and ensure successful ISO 18788:2015 implementation, what initial steps should Vanguard Security Solutions take to establish a robust foundation for its Security Operations Management System (SOMS)?

Accepted Answer

Conduct a comprehensive analysis of the organization's context, including identifying internal and external issues, understanding the needs and expectations of interested parties, and determining the scope of the management system, coupled with securing visible and sustained leadership commitment across all departments through clearly defined roles, responsibilities, and authorities.

Question 16

GlobalGuard Security Solutions, a multinational private security firm, is contracted to provide comprehensive security services for a large-scale international sporting event held in a culturally diverse urban environment. The event attracts participants and spectators from over 100 countries, each with unique cultural norms and security expectations. To ensure the safety and security of all stakeholders while adhering to the principles of ISO 18788:2015, which of the following approaches should GlobalGuard prioritize in its operational planning and execution?

Accepted Answer

Implementing a comprehensive risk management framework that integrates risk identification, assessment, and mitigation strategies across diverse operational environments, ensuring compliance with applicable laws and regulations, upholding ethical standards, fostering cultural competence, establishing robust incident management processes, and leveraging technology effectively while adhering to quality management principles.

Question 17

\"Cloud Solutions Ltd.\" provides managed IT services to a range of clients. They have established service level agreements (SLAs) with each client, outlining the services provided and the expected service levels. However, a recent audit reveals that the SLAs only define the services provided and the response times for incident resolution. The SLAs do not specify any metrics for service availability, security, or customer satisfaction. Furthermore, there are no penalties or service credits defined for failing to meet the agreed-upon response times. According to ISO 20000-1:2018, what is the MOST significant deficiency in Cloud Solutions Ltd.\'s management of SLAs, and what is the potential consequence of this deficiency?

Accepted Answer

The lack of comprehensive metrics and consequences in the SLAs demonstrates a failure to adequately define and manage service level requirements, which may result in a lack of clarity regarding service expectations, difficulty in measuring service performance, and a potential for disputes with clients, ultimately leading to customer dissatisfaction and reputational damage.

Question 18

\"Sentinel Security Solutions,\" a private security firm providing both physical security and IT infrastructure support to high-profile clients, seeks to enhance its operational efficiency and regulatory compliance. The firm is certified to ISO 20000-1:2018 for its IT service management and is now exploring the adoption of ISO 18788:2015 for security operations management. Anastasia Volkov, the newly appointed Chief Integration Officer, is tasked with identifying the most effective strategy for integrating these two standards. Considering the context of a security firm managing both physical and IT security aspects, which approach would best facilitate a cohesive and compliant operational framework, ensuring that security operations and IT service management are aligned to protect client assets and maintain service continuity?

Accepted Answer

Integrating the risk management processes outlined in ISO 18788:2015 into the service management framework of ISO 20000-1:2018, aligning incident management processes, and ensuring integrated documented information management across both domains.

Question 19

"Guardian Security Solutions," a private security firm specializing in high-end residential security and executive protection, is seeking ISO 18788:2015 certification to enhance its market credibility and operational efficiency. The firm\'s leadership recognizes the importance of establishing a robust security operations management system (SOMS) but is unsure where to begin, particularly concerning the initial steps outlined in the standard. They operate in a region experiencing rapid technological advancements in surveillance systems, increasing regulatory scrutiny regarding data privacy, and fluctuating economic conditions impacting client spending on security services. Furthermore, internal challenges include varying levels of training among security personnel and limited resources for implementing new technologies.

Considering these circumstances and the requirements of ISO 18788:2015, what should be Guardian Security Solutions\' *first* strategic action to lay the foundation for a successful SOMS implementation and certification?

Accepted Answer

Conduct a comprehensive analysis of the organization's context, identifying relevant internal and external issues, understanding the needs and expectations of interested parties, and determining the scope of the management system.

Question 20

\"Elite Protection Corp\" has implemented ISO 18788:2015 and is committed to continual improvement of its Security Operations Management System (SOMS). Following a recent security breach at a client\'s facility, an internal audit revealed several nonconformities in the company\'s incident response procedures. According to ISO 18788:2015, what is the MOST critical step Elite Protection Corp should take to ensure continual improvement of its SOMS and prevent similar incidents from occurring in the future? This step goes beyond simply fixing the immediate problem and focuses on systemic improvements.

Accepted Answer

Implement corrective actions to address the identified nonconformities, analyze the root causes of the security breach, and implement preventive actions to prevent recurrence, while also documenting lessons learned and sharing them throughout the organization.

Question 21

\"SecureGuard Solutions,\" a private security firm, is seeking ISO 18788:2015 certification. As a consultant, you are tasked with guiding them through the initial stages of establishing a Security Operations Management System (SOMS). The CEO, Ms. Anya Sharma, is eager to demonstrate commitment but is unsure where to begin. She has tasked her team with compiling information, but the team is overwhelmed. Understanding the context of the organization is crucial. What is the MOST comprehensive approach SecureGuard Solutions should take to accurately define its organizational context, as required by ISO 18788:2015, to ensure the SOMS is relevant, effective, and aligned with its strategic goals? This involves more than just a cursory assessment.

Accepted Answer

Conduct a thorough analysis of internal strengths and weaknesses, external opportunities and threats (SWOT), identify relevant legal and regulatory requirements, analyze the needs and expectations of all identified stakeholders (clients, employees, community, regulators), and clearly define the scope of the SOMS considering all these factors.

Question 22

InnovTech Solutions, a rapidly growing IT service provider, is implementing ISO 20000-1:2018 to standardize and improve its service management processes. As part of the implementation, the newly appointed Service Management System (SMS) Manager, Anya Sharma, is tasked with defining roles, responsibilities, and authorities within the SMS. During the initial rollout, a service desk analyst, Ben Carter, is assigned the responsibility for resolving Level 1 incidents within a 2-hour SLA. However, Ben lacks the authority to directly escalate complex incidents requiring specialized knowledge to the Level 2 support team; he must first obtain approval from his team lead, which often causes delays. Several incidents have breached the SLA due to this delay, leading to customer dissatisfaction. Considering the requirements of ISO 20000-1:2018, what is the MOST appropriate immediate action Anya should take to address this situation and ensure alignment with the standard\'s principles?

Accepted Answer

Empower Ben with the authority to directly escalate complex incidents to the Level 2 support team, ensuring he can meet the defined SLA without unnecessary delays.

Question 23

\"SecureGuard Solutions,\" a private security firm operating across multiple states, is seeking ISO 18788:2015 certification. The firm provides a range of services, including manned guarding, mobile patrols, event security, and security consulting. During the initial stages of implementing the security operations management system (SOMS), the management team is tasked with defining the scope of the SOMS. Considering the requirements of ISO 18788:2015 and the diverse nature of SecureGuard Solutions\' operations, which of the following approaches would be the MOST appropriate for determining the scope of the SOMS?

Accepted Answer

Define the scope based on a comprehensive risk assessment, considering the organization's context, the needs and expectations of interested parties, the services provided, and all locations and activities under its control or influence, ensuring alignment with strategic objectives and documenting the defined scope.

Question 24

\"ShieldGuard Security,\" a private security firm contracted to protect a high-profile tech campus, is implementing ISO 18788:2015. As the newly appointed Security Operations Manager, Aaliyah is tasked with establishing the planning phase of their Security Operations Management System (SOMS). Considering the requirements of ISO 18788:2015 and its alignment with the planning principles found in ISO 20000-1:2018, which of the following actions would MOST comprehensively fulfill Aaliyah\'s responsibility for the planning phase of the SOMS? This should be a singular activity encompassing all the necessary aspects of planning.

Accepted Answer

Systematically identify potential security risks, assess their likelihood and impact, develop proportionate risk treatment options, establish measurable security objectives, allocate necessary resources, integrate the SOMS into existing operational processes, and document and communicate the entire plan to all relevant stakeholders.

Question 25

GlobalTech Solutions, an international IT service provider, is seeking to integrate principles from ISO 18788:2015 (Security Operations Management System) into its existing ISO 20000-1:2018 certified Service Management System. The Chief Information Officer, Anya Sharma, is leading this initiative. Anya understands that simply implementing security controls in isolation will not be sufficient. Instead, she aims to create a unified management system that addresses both service delivery and security concerns. Considering the requirements of ISO 20000-1:2018, what is the MOST effective approach for GlobalTech Solutions to ensure successful integration of ISO 18788:2015 principles into their existing service management framework? This approach should ensure alignment of organizational objectives, effective risk management, and demonstration of leadership commitment.

Accepted Answer

Align security objectives with overall service management objectives and integrate risk management processes across both domains

Question 26

SecureGuard Solutions, a private security firm, is seeking ISO 18788:2015 certification to enhance its operational credibility and efficiency. As part of the initial implementation phase, the management team, led by CEO Anya Sharma, is focusing on defining the scope of their Security Operations Management System (SOMS). The firm provides a range of services, including mobile patrols, event security, and executive protection, across diverse geographical locations with varying risk profiles. Anya recognizes the importance of thoroughly understanding the organization\'s context to establish a relevant and effective SOMS.

Which of the following approaches BEST represents a comprehensive method for SecureGuard Solutions to determine the scope of its ISO 18788:2015 compliant SOMS?

Accepted Answer

Conducting a detailed analysis of SecureGuard's internal resources and capabilities, coupled with an assessment of external threats and vulnerabilities across all service lines and geographical locations, while also documenting the needs and expectations of all relevant stakeholders, including clients, employees, and regulatory bodies.

Question 27

\"Sentinel Security,\" a multinational private security firm, is expanding its operations into several countries with vastly different cultural norms and legal frameworks. As the newly appointed compliance officer, Ingrid is tasked with ensuring Sentinel Security\'s global operations align with ISO 18788:2015 standards. Ingrid is particularly concerned about maintaining ethical conduct and respecting local customs while providing effective security services. Which of the following strategies would be MOST effective for Ingrid to implement to address these challenges and uphold the principles of ISO 18788:2015 across Sentinel Security\'s diverse global operations?

Accepted Answer

Developing standardized security protocols and training programs that are universally applied across all operating regions, regardless of local context.

Question 28

"SecureGuard Solutions," a private security firm specializing in high-end residential security in Geneva, Switzerland, is seeking ISO 18788:2015 certification. The firm\'s leadership, spearheaded by CEO Anya Petrova, aims to enhance its operational effectiveness and client trust. Anya has initiated the process by emphasizing the importance of understanding the organization\'s context as stipulated by the standard. A newly formed internal audit team, led by veteran security expert Jean-Pierre Dubois, is tasked with assessing the current state of SecureGuard\'s operations against the ISO 18788 requirements. Jean-Pierre’s team identifies several factors that could influence the design and implementation of the Security Operations Management System (SOMS).

Considering the requirements of ISO 18788:2015, which of the following approaches best demonstrates a comprehensive understanding of SecureGuard Solutions\' context?

Accepted Answer

Conducting a detailed analysis of SecureGuard's organizational structure, available resources, technological infrastructure, the evolving Swiss legal and regulatory landscape concerning private security, the competitive pressures from other security firms in Geneva, and the specific security needs and expectations of SecureGuard's affluent clientele and the local communities where they operate.

Question 29

"Elite Security Corp" is committed to continual improvement as part of their ISO 18788:2015 certified SOMS. They\'ve identified a recurring issue: delays in incident response times. Their Improvement Manager, Javier Ramirez, is tasked with implementing a process to address this.

According to ISO 18788:2015, which of the following approaches would best exemplify a proactive strategy for achieving continual improvement in incident response times?

Accepted Answer

Accept the delays as an inevitable part of security operations and focus on minimizing the impact of incidents once they occur.

Question 30

\"InnovSys Solutions,\" a multinational IT service provider, is implementing ISO 20000-1:2018. They face challenges integrating their service management objectives with the overall enterprise risk management framework, particularly considering the diverse legal and regulatory landscapes in which they operate and the varying expectations of their global clientele. To ensure successful ISO 20000-1:2018 certification and demonstrate effective risk management, which of the following strategies should InnovSys Solutions prioritize to align their service management objectives with broader organizational risk management, legal compliance, and stakeholder expectations? The organization has already identified the high level risks and opportunities and is now moving into the integration phase.

Accepted Answer

Embed service management objectives within the broader enterprise risk management system, ensuring alignment with legal requirements and stakeholder expectations through risk assessments, stakeholder engagement, and regular monitoring.

ISO 20000-1:2018 Foundation Free Practice Test — 30 Questions

A lot more is already mapped out

About the ISO 20000-1:2018 Foundation Certification