229
All Enquiries
please call +44 (0)121 241 2299
If you produce components for manufacturers who expect their suppliers to deliver on time and consistently to recognised standards, they will often insist on certification to one or more of the ISO standards such as ISO 9001.

These manufacturers recognise that businesses face risks from sources beyond their control and in today’s global economy the risks are greater, more varied and can happen more quickly. Businesses face physical, virtual, regulatory, political, reputational and financial events that can have devastating effects on business operations.

Gaining ISO 9001 certification for your business demonstrates that you have documented the risks and implemented controls to minimise the effects of a disruptive event so that you can maintain continuity of supply to your clients.

Disaster-recovery-with-ISO-9001Typical risks to a business include:
  • Extreme weather events affecting property, transport and power supplies that can have an impact on global supply chains
  • Cyber-attacks and disruption to IT systems
  • Changes to regulations and the political landscape
  • Loss of customer confidence due to negative publicity
  • Financial losses.
Business continuity requires management systems that can identify risks, manage disruption and limit the effects of these events to ensure business gets back to normal as quickly as possible.

Implementation of ISO 9001 Quality Management System (QMS) will give your business a framework to help manage these risks. It may also lower your insurance premiums.

Business Interruption Insurance

You can rely on your business insurance to provide cover in case of an insured event. Policies that include Business Interruption Insurance will provide financial support for insured losses resulting from some of the above events. However, relying on insurance alone will not help your customer who wants a regular supply of products to fulfil their production deadlines.

Additionally, demonstrating that you have a management system in place to minimise risks and providing evidence to your insurance provider could reduce your insurance premiums.

ISO 9001 Quality Management System

The recent revision to ISO 9001:2015 prioritises a culture of risk-based thinking across the whole organisation. The standard provides a framework to evaluate risk and implement controls and processes to minimise the damage from an unexpected event.

Implementing business continuity planning and disaster recovery will help your organisation to resume services as quickly as possible when recovering from an event.

Benefits of certification to your customers are evident when you are tendering for new business or retaining existing clients. Being able to show a documented process for recovery from sudden events will give your customers confidence that you can maintain continuity of supply through all but the most catastrophic events that you have identified in your risk analysis.

Other benefits include increases in productivity and efficiency that will keep your prices competitive.

Methods used to identify risk

Your ISO 9001 consultant will provide guidance on methods that can be used to identify the risks associated with your operations including techniques such as:
  • Interviews with employees
  • Brainstorming
  • Identifying previous events
  • Risk survey
  • SWOT analysis
  • Your consultant’s industry knowledge of best practice within your industry sector.
If you want to take your disaster recovery and continuity management a step further, call one of our team on 0121 241 2299 to discuss how you can make your business more resilient to today’s fast-moving events. Alternatively, you can request a callback or a quote via our online forms.
Following investigation by the Information Commissioner’s Office (ICO) of last year’s British Airways data breach, where credit card details, travel bookings and logins for customers were accessed, the airline has recently been fined a massive £183 million. BA has 28 days to appeal the ruling which is the largest issued so far by the ICO.

A similar case of stolen records from the Marriott hotel group has resulted in a fine of £100 million subject to appeal by the company.

This shows how seriously the ICO is taking the new GDPR regulations and enforcement of fines to companies that have not demonstrated their commitment to data security. In British Airways’ case “poor security arrangements” at the company were cited by the ICO.

Business man after a cyberattackBusinesses of all sizes must be prepared
Your business may not be in the same league as BA or some of the other giants that have been caught out and suddenly find themselves in the headlines for the wrong reasons. However, the fines are levied on a percentage of turnover. Could your organisation survive a fine of this size?

Copied from: https://eugdpr.org/the-regulation
“Organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater). This is the maximum fine that can be imposed for the most serious infringements e.g. not having sufficient customer consent to process data or violating the core of Privacy by Design concepts. There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment. It is important to note that these rules apply to both controllers and processors – meaning ‘clouds’ are not exempt from GDPR enforcement.”

The following podcast is from Reuters and Barclays bank and discusses some of the fines mentioned above and ways to reduce exposure to cybercrime.



One of the points to come out of the above interview from Paul Henley is that organisations should take matters into their own hands by analysing attacks, managing the process and having a programme in place to fix any vulnerabilities that are identified.

ISO 27001 will provide a management framework to manage and fix vulnerabilities
ISO 27001 is one of a range of internationally recognised ISO standards such as ISO 9001, that organisations can implement to make them more efficient, productive and robust.

Gaining certification to ISO 27001 will provide a management system to help protect your organisation from a cyberattack and a variety of other risks such as natural disasters, mismanagement, human error and corrupted or stolen data.

Risk assessment and risk management is a fundamental part of the assessment process to gain certification. This will entail an expert from within or outside your organisation identifying where vulnerabilities in your network exist and implementing controls, policies and procedures to minimise the risk of a breach.

Another point made in the above interview by Paul Henley was that he would have liked “someone to come up with a whole list of things to consider”. Your ISO 27001 consultant will have been selected for his experience and knowledge of working with other organisations in your industry sector and will be able to implement best practice using the latest information available.

A large proportion of cyberattacks are down to human error which is very difficult to eliminate completely. A management system will help to mitigate the chances of an attack taking place and provide a recovery process should the worst happen by implementing:
  • Risk assessment and management
  • Employee training
  • System monitoring
  • Access control
  • Regular reviews
  • Continuous improvement
This will demonstrate your commitment to minimise risk and limit your exposure to regulatory fines or adverse publicity that could be catastrophic to your organisation.

Call 0121 241 2299 to discuss how ISO 27001 can protect your organisation from the effects of cybercrime.
Vehicle exhaust emissions on a busy roadThe British Safety Council has recently identified that air pollution is linked to 36,000 early deaths a year in the UK. They are calling on all employers with workers who regularly work outside or drive heavy goods vehicles on busy roads with high levels of pollution, to take measures to safeguard their employees from exposure.

From a small trial carried out, the most affected employees were a construction worker and HGV driver. The site engineer was found to have air pollution exposure levels six times higher than that of the office worker.

Similarities are being made between lung damage and recent compensation claims made by workers suffering from asbestosis and the potential risk of claims that could follow from high levels of pollution in some of our cities.

Currently the government is not demanding that employers address this health hazard. However, an app launched by King’s College London for the British Safety Council’s “Time to Breathe” campaign is available to outdoor workers across London to monitor the users exposure to pollution and when the amount exceeds the limits for nitrogen dioxide, particles and ozone, the user is notified. This will help employers and workers to act and reduce exposure by reducing strenuous work, putting up barriers or working away from traffic until levels improve.

The British Safety Council is calling on government to recognise exposure to ambient air pollution as an occupational health hazard and adopt the World Health Organisation’s (WHO) exposure guidelines for nitrogen dioxide, particles and ozone.

How long will it be before the government is forced to recognise the WHO exposure guidelines?

Will employers face huge claims for compensation in the future by not acting now to protect their workers?

If your employees work outdoors, it may be worth carrying out a risk assessment and taking action to limit their exposure to pollution before new legislation is in place. This could also help reduce the working days lost through work-related illness due to respiratory problems.

Health and safety for your employees
Figures released by the Health and Safety Executive for 2107/18 show:
  • 1.4 million working people suffering from a work-related illness
  • 2,595 mesothelioma deaths due to past asbestos exposures (2016)
  • 144 workers killed at work
  • 555,000 injuries occurred at work according to the Labour Force Survey 71,062 injuries to employees reported under RIDDOR
  • 30.7 million working days lost due to work-related illness and workplace injury
  • £15 billion estimated cost of injuries and ill health from current working conditions (2016/17)
‘Contains public sector information published by the Health and Safety Executive and licensed under the Open Government Licence’.

As an employer you are responsible for the health, safety and welfare of your employees and others who may be affected by your business whilst they are in the workplace.

Organisations that take their health and safety responsibilities seriously and have a management system that will minimise their risk of breaching health and safety regulations, will limit the occurrence of fines and compensation claims that can be handed down by the courts.

Health and safety management systems
iso45001-ukasThere are many ways to implement a management system into your organisation to identify and control injury and illness in your workforce. One of the most widely recognised management systems is OHSAS 18001, soon to become ISO 45001. This provides an internationally recognised framework to enable organisations to assess, manage and reduce the health and safety risks faced by their employees.

Achieving certification to OHSAS 18001 (ISO 45001) by an independent third-party certification body that has been audited by UKAS will demonstrate your commitment and competence to improve the health and safety of your workforce. It will enable you to meet legal obligations for your industry and minimise the risk of accidents, court cases, fines or imprisonment that can be imposed on owners and directors if negligence is proved.

OHSAS 18001 changing to ISO 45001
The process of migration is currently underway to move to the ISO platform bringing OHSAS 18001 in line with other internationally recognised ISO standards.
The 3-year migration process will end on 12th March 2021 and organisations with OHSAS 18001 certification will have to be re-certified to the new standard by this date.

Find out more about the migration and what to do next: www.acsregistrars.com/ohsas-18001
ISO-certification-business-man-on-screenISO certification is suitable for organisations of all sizes, sectors and locations (international). It could be argued that gaining certification is a necessity rather than an option for businesses who need to demonstrate their credibility to deliver quality products and customer service consistently to recognised standards. In fact, some customers (buyers) in the public and private sectors will insist on ISO certification when requesting tenders from suppliers.

Whether your customers demand certification or not, the process of gaining ISO certification will improve your businesses processes, procedures and documentation to make your organisation more resilient, efficient and profitable.

Continuous monitoring and improvement through the continuous assessment process will give you an edge over your competitors and help to retain and acquire new business.

ISO certification is carried out by independent third parties called Certification Bodies (CBs). Their assessors will approve your processes, procedures and documentation on a 3-year certification cycle.

What is UKAS accredited ISO certification?
UKAS (United Kingdom Accreditation Service) is recognised by the UK government and by EU member states governments and are responsible for (quoted from their website):

 “determining, in the public interest, the technical competence and integrity of organisations such as those offering testing, calibration and certification services.”

OHSAS 18001 UKAS (1)Not all Certification Bodies are UKAS accredited. Only CBs that have been assessed to provide certification following regular audits by UKAS to ensure impartiality and competence can include the “crown” and “tick” on their clients’ certificates.

Using a UKAS accredited CB means your certification has instant recognition throughout the EU.

How to achieve ISO certification?
You can prepare your organisation for certification using internal resources with the relevant knowledge and experience or by engaging external consultants.
Once you are satisfied that you have implemented the processes and documentation needed to meet the ISO standard you have selected, you can then instruct a Certification Body to arrange a stage 1 audit. This audit will check your compliance and identify areas for improvement.

Any nonconformities that have been identified in stage 1 are then corrected ready for the stage 2 audit. Providing the stage 2 audit is successfully completed without any further major nonconformities, you will then be issued with your certificate.

Recertification is carried out every 3 years and you will be audited to check your performance against targets and objectives set in your last audit.

To ensure you are continuing to meet the required standard and are maintaining a strategy of continual improvement, it is recommended that surveillance audits are carried out annually before your next 3-year recertification. These audits will focus on business performance, evaluation of your management system and identifying any improvements that could be made.

You can read a more detailed breakdown of what is included in each audit on our web page: http://www.acsregistrars.com/objectives-of-an-audit

What is ISO?
ISO (International Organisation for Standardisation) was established in 1947 with the aim of unifying industrial standards around the world. It is totally independent and not under any governmental control. The organisation today has members from 164 countries and has its head office in Geneva, Switzerland.

There are numerous ISO standards and organisations can select the standard or standards most relevant to their business. Some of the more recognised ones are:
  • ISO 9001 for quality management.
  • ISO 14001 to improve your environmental management.
  • ISO 27001 to secure your organisations information and electronic data.
  • ISO 45001 (OHSAS 18001) for occupational health and safety.
If you need certification, already have certification and need to renew it or would like to discuss how a surveillance audit could improve your business and prepare you for your next certification audit, please call 0121 214 2299 and talk to one of our team.
ISO-14001-climate-changeThe words “climate emergency” will be heard increasingly across the media as the government urges us all to do more to reduce harmful emissions.
A climate emergency was declared by Britain’s parliament, a world first, recently followed by Ireland’s parliament.

According to the Intergovernmental Panel on Climate Change (IPCC) report, we have just 12 years to avoid the worst effects of climate change before we reach the critical tipping point. The report investigated the effects of an increase in global temperatures from 1.5C to 2C. We are currently heading towards an increase of 3C.

At the current rate of global warming the worst effects of climate change will take place between 2030 and 2052 if no action is taken to reduce emissions.

The impact of climate change will be felt by businesses around the world as the effects disrupt the economic performance of global corporations. Causes will range from extreme weather disrupting supply chains to stricter climate regulations and the increasing price of coal, oil and gas. Moves towards clean energy could also have an impact on manufacturing costs and the effects of global warming will touch every area of our society.

A recent report from the Carbon Disclosure Project (CDP) covering 215 of the world’s largest corporations found that they could potentially face costs related to climate change in the region of £790 million in the decades ahead.

ISO 14001 certification to help combat the effects of climate change
ISO 14001 can help businesses to reduce their environmental impact by helping to identify areas of improvement.

Reducing waste, using clean energy, installing effective insulation and fitting energy efficient lighting are some of the actions that will not only help the environment but also reduce your operating costs and save money.

Demonstrating your commitment to the environment will give you an advantage over competitors when tendering for new business.

Recycling and using recyclable materials can help to conserve materials and produce less waste.

Engaging your employees and making it easy for them to recycle materials and conserve energy will benefit your business and improve employee morale.

ISO 14001 risk assessments to plan for the challenges of a changing climate
The recent revisions to ISO 9001 and ISO 14001 include an increasing emphasis on risk assessments and a culture of risk-based thinking. Using the framework of your ISO 14001 Environmental Management System to identify areas for improvement over the next 10 years will help your business to survive the challenges and financial risks of climate change. Some of the risks include:
  • The effect of energy costs rising.
  • The risk of extreme weather events disrupting the supply chain.
  • New regulations and tighter controls on emissions.
  • Tax increases to curb emissions.
  • Transport cost increases.
Initiating a plan to minimise the risks and identify benefits will help your business continue to grow through these challenging times.

To find out about ISO 14001 certification please call one of our team on 0121 241 2299.