229
All Enquiries
please call +44 (0)121 241 2299
Following the government's ban on microbeads in cosmetics at the end of 2017 and the increase in awareness about the damage done by plastic found in our oceans, businesses and consumers will have to take up the challenge of reducing the pollution in our seas.

Plastic-wasteGlobal plastic production is expected to double over the next few decades.

There are already an estimated 11.1 billion plastic items entangled on reefs throughout the Asia-Pacific region*


With statistics like these, it is no wonder that governments and large corporations are now starting to act.

A variety of suggestions are being discussed including compostable plastic, eliminating single-use plastic and deposit return schemes.

China is now rejecting plastic waste from developed countries (since January 2018) due to most of the plastic being poor quality and ending up dumped or burned.

Therefore, solutions will have to be found quickly to reduce plastic pollution in our oceans.

ISO 14001 environmental management system
Organisations can contribute to reducing plastic pollution by implementing an effective system to manage the environmental impact of their operating processes.

ISO 14001 provides much more than a waste management system. It covers a broad scope to help you meet national and global environmental regulations and anti-pollution laws. Achieving certification to ISO 14001 will help you identify harmful effects on the environment caused by disposal of waste and set targets to minimise the impact. Additional benefits include:
  • Cost savings from reduced waste and consumption.
  • Providing an edge over your competitors when tendering.
  • Demonstrating your environmental credentials to your employees and customers.
The general public are more aware than ever about environmental issues and large multi-nationals are already seeing the benefits of being environmentally aware.

ISO 14001 proves your commitment to a cleaner world for all of us.

Integrating ISO 14001:2015 and ISO 9001:2015
Revisions of two of the most popular standards are in place and all audits are now being done to the revised standard.

One of the changes in the revision was the ability to easily integrate different standards. If you already have ISO 9001 and would benefit from certification to ISO 14001, the common structure is going to be the same under the revised standards. This will make it much easier to meet the requirements under one integrated management system.

Now would be a good time to consider improving your environmental credentials by adding ISO 14001 to your certifications.

*Research by Cornell University
 
There is a lot of confusion over the new GDPR (General Data Protection Regulation) and there appear to be different interpretations being put forward as to how businesses should comply.

GDPRThe new regulation reinforces best practices within the DPA (Data Protection Act) and PECR (Privacy and Electronic Communications Regulations) already in force in the UK.

A major factor that has made organisations take more notice of GDPR than the existing regulations are the significant fines that can be handed out for non-compliance:

Up to €10 million or 2% of annual global turnover of the previous year, whichever is higher. Or, up to €20 million or 4% of annual turnover of the previous year, whichever is higher. *

ISO 27001
Organisations that are already certified to ISO 27001 have a head start to help them comply with GDPR.

Certification will require a robust and auditable Information Security Management System (ISMS). This provides a solid base to meet GDPR.

The route to certification will include the implementation of a range of security and data management processes that are also relevant to GDPR compliance, including:
  • Regulatory and contractual compliance.
  • Risk assessment.
  • Security of systems and data.
  • Reporting of a breach to regulators and individuals affected.
  • Management process and control.
  • Data access control.
  • Encryption of data.
  • Continuous evaluation and improvement.
  • Improved communications to employees and customers.
Benefits of ISO 27001
Compliance with ISO 27001 goes beyond the requirements of GDPR and includes business continuity planning in the event of an incident, improving management processes and increasing profits by:
  • Carrying out risk assessments that will identify where data is held and areas that need to be improved to minimise threats to data security.
  • Giving customers greater confidence, through audits, that their data is being used correctly and is in safe hands.
  • Improving resilience to threats within the organisation and from external sources.
  • Providing effective procedures that will help the organisation to recover following an incident.
  • Improving tendering prospects for new business, particularly Public Sector, when compliance with certain standards are mandatory.
Certification provides proof that you have been externally audited to meet the standard and can give you an advantage over your competitors.

Call one of our team on 0121 241 2299 to discuss how ISO 27001 can help you meet your GDPR obligations.

*https://www.eugdpr.org/key-changes.htm
 
There are only 6 months to go before the transition deadline of the most globally recognised standards ISO 9001 and ISO 14001. New versions of ISO 9001:2015 quality management and ISO 14001:2015 environmental management come into effect in September 2018. Companies certified to the old standards ISO 9001:2008 and ISO 14001:2004 will be assessed to the revised standards from March 2018.

If your organisation relies on these standards to do business, this may affect your ability to supply your products or services to all your markets.  Your old certification will be invalid after September 2018.
Any audits you have booked between March and September 2018 will be to the revised standards.
Most businesses that rely on these standards should have moved to the new standards as their re-certification became due over the last 3 year’s transition period leading up to September 2018.

If your re-certification falls between now and September 2018 (or after September 2018) and you have not yet started your transition planning to the new standards, you need to talk to us straight away to start the process immediately.

Ideally, you need to have started planning for the transition already to allow enough time to take any corrective actions required.

It may not be too late, but time is running out.

What to do next
Talk to your assessor straight away and obtain a copy of the new standards.
One of the main areas of change is Annex SL.
Annex SL is a Guidance Document, explaining the new high-level structure/format that all new ISO Management Standards must now follow.
It dictates that the structure of all revised and future standards will change, by creating standards that have:
  • Identical clause and sub-clause titles and numbers
  • Identical text and common terminologies
  • Common core definitions
This common approach to ISO Management Standards will make it easier for an organisation to create a single Management System, known as an Integrated Management System (IMS).

Annex SL format
1. Scope
2. Normative references
3. Terms and definitions
4. Context of the organisation
5. Leadership
6. Planning
7. Support
8. Operation
9. Performance evaluation
10. Improvement

Call ACS Registrars on 0121 241 2299 to talk to one of our team

ISO_9001_2015_and_ISO_14001_15_transition
 
The current OHSAS 18001 standard that provides an internationally recognised health and safety management system is being revised and incorporated into the new ISO 45001 standard.

Development of the new standard is getting close to completion with the final publication expected in the first half of 2018.

Health-and-Safety-to-businessOne of the advantages of moving to the ISO set of standards is that it will fall in line with the other generic management systems ISO 9001 and ISO 14001, both of which have recently been revised to provide a new high-level structure/format.

This will aid integration for businesses requiring multiple ISO standards certification.

Health and safety figures recently published by HSE (Health and Safety Executive) demonstrate the importance of having a robust health and safety management system in place.

Key figures for Great Britain (2016/17)
  • 1.3 million working people suffering from a work-related illness
  • 2,542 mesothelioma deaths due to past asbestos exposures (2015)
  • 137 workers killed at work
  • 609,000 injuries occurred at work according to the Labour Force Survey
  • 70,116 injuries to employees reported under RIDDOR
  • 31.2 million working days lost due to work-related illness and workplace injury
  • £14.9 billion estimated cost of injuries and ill health from current working conditions (2015/16)
Above taken from http://www.hse.gov.uk/statistics/

Benefits of ISO 45001 certification

•    Improved productivity with fewer disruptions through absenteeism
•    Better employee relations
•    Reduced insurance premiums
•    Lower costs connected with accidents in the workplace
•    Less risk of prosecution and HSE visits
•    Improved reputation with employees and stakeholders

Migration – what to do next
For organisations already certified to OHSAS 18001, we are expecting a 3-year migration period to enable them to update their systems to the new standard. If you have recently transitioned to ISO 9001:2015 or ISO 14001:2015, you will be familiar with the new format. This uses Annex SL to provide a common structure for smoother and quicker integration of multiple standards.

Once the new standard is published, one of the first tasks we would recommend is a gap analysis to identify the changes you will need to make to your management systems to meet the new standard.

Starting early will give you plenty of time to change current processes before you have to achieve certification to the new standard.

We will keep you informed of progress and if you need any information leading up to publication of the new standard, please call our office.
 
 
The transition to ISO 9001:2015 is now in its final year.

When ISO 9001:2015 was introduced in September 2015, organisations were given 3 years to update to the new version.

As the three-year transition for ISO 9001 and ISO 14001 moves into its final year, IAF (the International Accreditation Forum) has passed a resolution that as of 15th March 2018, Certification Bodies must conduct all ISO 9001 and ISO 14001 initial surveillance and recertification audits to the new versions - ISO 9001:2015 and ISO 14001:2015.

ISO_9001_Review_transition_period_running_outWhat does this mean?
Any audits you have booked between March and September 2018 will need to be to the revised standards, as failure to achieve certification to the 2015 standards by the expiry deadline in September 2018 will result in your certification no longer being valid. This may affect your ability to supply to all your markets.

Time is running out, if you rely on ISO 9001 certification to maintain your supplier status with your key customers and you have not yet made the transition to the 2015 standard.

If you leave it too late you run the risk that your auditors will not be able to fit you into their increased workload.

UKAS accredited ISO 9001 certification
Not all Certification Bodies (CBs) are UKAS accredited. This means that the CB issuing your certificate has not been audited and accredited by UKAS.

This could have implications for future contracts and orders with your customers. For example, one of your customers may have won a new contract to supply a major project that requires them and their suppliers to hold UKAS approved ISO certificates. Not having a UKAS certificate could mean losing the contract or having to modify your existing procedures to comply with an audit to UKAS standards.

Many multi-national organisations and central and local government departments will require their suppliers throughout the supply chain to gain UKAS certification.

If you are thinking about the transition to ISO 9001:2015 and your current CB is not UKAS accredited, now may be a good time to move to one that is.

To find out if your certificate has been issued by a UKAS accredited CB, look for the crown and the tick.

UKAS is the sole UK national accreditation body recognised by the International Accreditation Forum (IAF) to assess against internationally agreed standards.

For more information or to get your transition started, please talk to one of our team on 0121 241 2299.

Gaining certification to any of the recognised standards such as ISO 9001, ISO 14001, ISO 27001 amongst others, requires time and resources. You will want to make sure that the Certification Body (CB) issuing your certificate is suitably qualified to provide the best service for your business.

Achieving certification will benefit your entire organisation and, if done properly, can improve the prospects and profitability of your company. It is therefore, important to check that your certification body is experienced and has been through regular audits themselves, like the audits you must go through.

UKASUKAS – United Kingdom Accreditation Service
If you do not see the UKAS tick and crown logo on your certificate, this means your Certification Body (CB) has not been Accredited by UKAS for the scope of your Certification.

UKAS is the sole UK national accreditation body recognised by the International Accreditation Forum (IAF) to assess, against internationally agreed standards.

There is no legal requirement for a Certification Body to be UKAS accredited and some CBs choose to provide consultancy and certification under the same roof to streamline the process. However, UKAS and the IAF do not permit this and require UKAS accredited CBs to refrain from providing any consultancy services, to ensure that the value of Certification is kept as an impartial third-party process.

Checking that you are working with a UKAS accredited CB will ensure that your hard-earned resources are not wasted on certification that may not be recognised by your customers.

Why UKAS accreditation?
Not all certification is UKAS accredited. This means that the Certification Body issuing the certificate has not been audited and accredited by UKAS.

In the same way that you are regularly audited, UKAS is the auditor for UKAS accredited CBs who issue certificates.

By choosing a CB that has been UKAS accredited, you can be confident they are operating to recognised standards and are regularly audited to maintain compliance.

UKAS reviews the CBs management, policies and procedures for the standards they are audited on. They will only be audited on standards where they have proven industry knowledge. Any new industry standards they want to include in their portfolio have to go through the auditing process.

Benefits of UKAS accreditation
One of the many reasons for going through the process of certification is supplier demand. Many multi-national organisations and central and local government will require their suppliers to gain certification to maintain the quality of products and services throughout their supply chain.

For individual companies in the supply chain, this means establishing management systems and frameworks to meet the relevant standard, then continuously monitoring and improving processes to maintain certification.

The benefits to your business of achieving certification from a UKAS accredited CB include:

  • Quality of audit is based on recognised standards.
  • Audit will be impartial.
  • Auditor will have knowledge of your industry.
  • Management systems will be established using best practise within your industry.
  • Increased efficiency and cost savings.
  • Access to new markets at home and abroad because UKAS accredited certificates are recognised worldwide.
Contact us to find out more about ISO certification.
After 4 years of preparation the EU Parliament has finally approved the GDPR. This directive harmonises all the data protection laws across Europe and comes into effect from 25th May 2018. Heavy fines can be expected for non-compliance.

ISO_27001_and_GDPRWhat about Brexit?
If you sell goods or services to other EU members
and hold data about individuals in those countries, then you will have to comply with the new regulations. Even if you only sell within the UK, it is expected that our regulations will follow the GDPR to maintain access to the EU digital market. Some adjustments may be made once we leave the EU but the fundamental guidance is expected to remain.

What are the implications?
Organisations in breach of the regulations can be fined up to a maximum of 4% of annual global turnover or 20 Million Euros (whichever the greater). The regulations apply to both controllers and processors.

If your organisation holds personal information, you will be responsible for:
  • Identifying where the data is held
  • Managing the risks that could lead to a data breach
  • Maintaining and monitoring security
  • Implementing a robust Information Security Management System (ISMS)
Key points
There is an entire website dedicated to the new regulation and a link is provided at the bottom of this article if you need to find out more. For now, we are simply going to focus on what your business can do to help you comply with the new regulation.

The aim of GDPR is to protect all EU citizens from privacy and data breaches. That means “Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.”

Conditions for consent
“Consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language. It must be as easy to withdraw consent as it is to give it. Explicit consent is required only for processing sensitive personal data - in this context, nothing short of “opt in” will suffice. However, for non-sensitive data, “unambiguous” consent will suffice.”

*Taken directly from the GDPR website (link below).

The website provides detailed information about the implications of not collecting or storing data in the correct way, but does not give much guidance on how to go about preventing a data breach.

A good starting point would be to gain ISO 27001 certification. This international management standard provides a framework for your organisation to identify the risks, implement management systems and continually monitor your procedures to minimise the impact of a security breach.

ISO 27001 certification and GDPR
This international standard covers the security and protection of data and how it is used. Loss or damage could be caused by natural disasters such as fire or flood, accidental loss or mismanagement, corrupted or stolen data. The effects of any of these losses can have catastrophic consequences for organisations.

By integrating an Information Security Management System into your organisation, you will manage the risks and minimise the effect of an incident.

This proven framework will provide the management system needed to help you comply with the new GDPR.

GDPR Website: www.eugdpr.org
 
Further information is also available from:
UK Information Commissioner’s Office ico.org.uk

 
There are over 1 million ISO 9001 certificates issued worldwide. Gaining ISO 9001 certification will open up new markets and customers for your products and services and will:
  • Enhance your management systemsISO_9001_transition
  • Improve the quality of your products and services
  • Increase customer retention and loyalty
  • Minimise complaints
  • Increase profit
Some businesses may view the process of certification as a time-consuming distraction to the focus of their business; however the additional time taken to gain certification is far outweighed by the many benefits that will help your business to grow.


Can you afford not to implement ISO 9001 into your organisation?
Many businesses will gain ISO 9001 certification because their customers require proof that the organisation has an audited quality management system.

Some companies will only work with suppliers with ISO 9001 certification. Public sector tenders, for example, will require certification. It will also give you an edge on your competitors when you are tendering for private sector contracts.

To achieve certification, you will have to pass a regular audit by an accredited certification body. This provides your customers with evidence that you are doing everything required to improve and maintain quality at a high and consistent level.

Continual assessment and improvement of management systems will ensure your entire business becomes more customer focussed, resulting in satisfied customers and better retention rates.

ISO 9001:2015 revision
The standard has recently been revised and organisations currently certified have until September 2018 to complete their transition.

The changes include greater emphasis on the importance of leadership from top management. Risk assessment and risk management have been prioritised and the high-level structure is more about managing processes and less about documentation.

If you are an existing client, ACS Registrars are not charging an additional fee for any of the changes required for the revision. Your usual fee for certification will still apply.

The sooner you start the process the more time you will have to make the necessary management system changes before your audit.

We are anticipating a late dash to get certified before the transition period ends in September 2018. Get your consultation booked before the rush starts.

To discuss your transition in more detail and to find out what the main changes are, call us on 0121 241 2299.
Climate change continues to make the headlines as global temperatures break previous records. February 2016 was the warmest February in 136 years of Nasa’s modern temperature records. Average temperatures in 2017, though not expected to be as warm as 2015 and 2016, are still going to be warm again.

The effects of global warming on populations around the world are already being felt at a personal level with health problems such as:
  • Respiratory diseases caused by poor air quality.Flooded_buildings
  • Infectious diseases spreading due to climate change and insect migration.
  • Hunger and lack of clean drinking water because of extreme weather events.
  • Death and injury from natural disasters caused by flooding.
To help organisations and businesses reduce their impact on the environment and establish effective environmental and energy management systems, there are a variety of ISO standards, one of the most popular being ISO 14001.

ISO 14001 environmental management standard
ISO 14001 provides a management framework for industry to combat climate change by reducing harmful emissions.

Certification also provides benefits to your organisation by reducing waste and improving energy management together with a range of other benefits that will help to increase profits and enhance relationships with your suppliers and clients.

If your organisation is involved in the events sector, ISO 20121 has been specifically developed to support event organisers, venues and suppliers. ISO 20121 improves efficiency and provides a framework to cut costs by improving energy and waste management.

Environmental responsibility
Government policies differ from country to country. Donald Trump is planning to dismantle some of the policies that Barack Obama put in place. However, in a recent keynote speech at the "Seeds & Chips - Global Food Innovation" in Milan, Obama stated that the private sector would be key to tackling climate change with clean energy being the driver.

Ultimately, it will be industry and individuals that will act to reduce carbon emissions and start moving towards a clean energy economy. A management framework that will help identify the most efficient and effective solution will not only benefit the environment; it will improve the organisation.
The government is aiming to make the UK “the safest place in the world for young people to go online” (https://www.gov.uk/government/news/government-launches-major-new-drive-on-internet-safety).

This is the latest of a long list of government initiatives put in place recently to combat cybercrime against the general public and businesses.

A recent report from the British Chambers of Commerce found that even though one in five businesses had been attacked in the last year, only 24% had security measures in place.

Cyber-InsuranceISO 27001
ISO 27001 information security management system provides businesses with a framework to identify, cope with and recover from a cyber-attack.

By implementing a companywide management process and recovery strategy, ISO 27001 goes further than other solutions such as Cyber Essentials to help your organisation combat cybercrime.

Cyber Essentials is a government initiative set up to help businesses protect themselves against cyber criminals. Achieving the badge will help to identify risks to your business and protect your organisation from common cyber threats.

However, Cyber Essentials is not a replacement for ISO 27001 but can be used to compliment your security management system. For example, if you are bidding for government contracts, this is a mandatory requirement for some ICT products and services.

Achieving ISO 27001 certification gives you a solid foundation and makes getting a Cyber Essentials badge more straightforward.

ISO 27001 rerelease 2017
Though the actual content of the standard has not changed, there has been a recent update to reflect the new EN status.

BS EN ISO 27001:2017 has now been ratified by each of the 34 CEN-CENELEC member countries.

If you already have ISO 27001 certification, this will not change any of your current management systems for the time being. Updates will be published in the future and we will keep you advised if anything changes.
Achieving ISO 20121 certification for organisations involved in the events industry will provide benefits to your business, the environment and your clients.

The standard was successfully used at the 2012 Olympic and Paralympic games in London to provide a sustainable event that would use resources in an efficient and responsible way.

What is ISO 20121
Aimed at all types of organisations involved in the events industry, the standard provides a management system that will control the environmental, economic and social impact that your event may have on the local community and society as a whole.

ISO-20121-Event-managementISO 20121 is internationally recognised and can be used by:
  • Event organisers for events of all sizes
  • Stand contractors
  • Stage builders
  • Sound and lighting engineers
  • Caterers
  • Security companies
Benefits of certification
From improvements in the way you plan and run your event to motivating and retaining your employees, ISO 20121 will help you to achieve cost savings and make your business more competitive.

Certification will also demonstrate your commitment to a sustainability programme that will help you to win future business. Tendering for work with local authorities and other event organisers may be a mandatory requirement for some events in future.

As well as the benefits to your organisation, your Event Sustainability Management System (ESMS) will provide the framework needed to reduce any negative effects on the environment that your event may cause. The desired outcome will be to achieve a commercial benefit whilst reducing the social and environmental impact on the wider community.

Benefits overview:
  • Improve planning
  • Employee motivation and retention
  • Reduce costs by better management of materials, waste reduction and energy management
  • Demonstrate your commitment to sustainability and the environment
  • Competitive tendering
  • Improve profitability
  • Better client, supplier and community relations
To find out more about this standard and how it can help your business, please call us or complete our information form.
Revision of these two key management system standards took place in 2015 and organisations will have to transfer to the updated standards by September 2018.

ISO_9001_and_14001_standardsExisting ISO 9001:2008 and ISO 14001:2004 registered companies should now be well into their planning to ensure a smooth transition to the revised standards by this date.

One of the benefits of the revision is to provide a common structure, text and definitions to make integration of multiple standards smoother and quicker to achieve. In the revised standard, Annex XL provides a framework to help achieve this.

Revision benefits
 
1. Integration
For organisations with both ISO 9001 and ISO 14001 standards, taking this integrated approach will save time by streamlining the process of certification and removing duplication.
 
2. Risk management
One of the main areas of change is an increased focus on risk management and the establishment of an effective risk management plan. Risk is documented in most sections of the revised standards, so if you do not already have a risk management plan, this should be one of your first tasks. Typical risk processes include:
  • Risk determination,
  • Risk control,
  • Risk mitigation,
  • Acceptable level of risk.
By taking a risk based approach the intention is to prevent or reduce undesired effects, achieve continual improvement and provide action plans to address these risks and opportunities.
 
3. Management processes
Along with the new high level structure/format, the new standards require a higher priority be given to managing processes and less about documentation.
 
4. Leadership
Emphasis on the importance of leadership from top management will ensure that the organisation’s quality management system achieves the desired results.

Meeting the demands of today’s businesses
The new 2015 revisions reflect the vast changes in technology that have taken place during the last few years. They also aim to improve the speed and flexibility needed in a modern businesses management system to enable companies to compete in the global economy.

If you have any questions about how to plan your transition, call ACS Registrars to find out more.
International trade agreements are currently in the spotlight, following the US presidential election and Brexit. These agreements regulate trade between countries and establish import quotas and tariffs. By setting up free trade agreements between countries, trade barriers are reduced, which helps to increase the movement of goods and services.

Freight_forwarders_insuranceWorking hand in hand with trade agreements are international standards for health, safety and quality of goods and services, which help to facilitate international trade. By establishing standards between trading countries, products can move easily between borders because the same specifications have been adopted and accreditations achieved.

From what we understand, Donald Trump is going to have a different attitude towards international trade and globalisation. A move away from free trade to a protectionism strategy could follow. Brexit will change our relationship with the EU and we will have to negotiate new trade deals with European and global markets. So how is this likely to affect the way businesses keep up with international standards and accreditation?

Currently, EU regulations allow for one accreditation service provider per EU country. However, the United States currently has 4 organisations listed, with a 5th waiting to be admitted. Could Britain adopt the same policy?

International standards
ISO, the international organisation for standardisation, works closely with the World Trade Organisation to promote the use of international standards and increase free and fair global trading.
ISO is a network of National Standards Bodies (NSBs) in countries around the world. Businesses requiring assessment and certification to internationally agreed standards will need to be certified by their approved registration/certification body.

Accreditation Bodies
The IAF (International Accreditation Forum) is the world association of conformity assessment and Accreditation Bodies. Members are only admitted to the IAF MLA (Multilateral Recognition Agreement) following stringent evaluation of their operations.

The focus of the IAF is to develop a single worldwide program of conformity assessment – Certified Once – Accepted Everywhere.

When we are no longer restricted to EU law, will the Accreditation of Certification Bodies to certify goods and services be opened up to other Accreditation Bodies?

Accreditation in the US
One of the IAF MLA members in the US providing worldwide accreditation services is ANAB, who are jointly owned by the American National Standards Institute and the American Society for Quality.
ANAB provides accreditation to Certification Bodies, covering all of the most established standards such as ISO 9001, ISO 14001 etc.

Uncertain future
We are going to see a period of change over the next 2 years and, just like our government’s negotiations with the EU, we need to keep all of our options open and plan accordingly.
A 17 year old from Norwich recently pleaded guilty to seven hacking offences relating to data breaches suffered by the communications giant Talk Talk.

The cyber-attack cost the company £42 million and it was fined £400,000 for security failings which enabled the teenager to access customer’s data “with ease”.

These breaches are becoming more frequent and with this in mind, the government has recently announced a new 5 year plan to tackle the problem. The government will pump £1.9 billion into a scheme to help fight cyber-crime and develop a world class cyber security industry and workforce.

Part of the strategy is to ensure organisations have the necessary processes in place to help prevent cyber-attacks.

Cyber-crimeNational Cyber Security Strategy 2016 to 2021
Chancellor of the Exchequer, Philip Hammond said:
“Britain is already an acknowledged global leader in cyber security thanks to our investment of over £860 million in the last Parliament, but we must now keep up with the scale and pace of the threats we face. Our new strategy, underpinned by £1.9 billion of support over 5 years and excellent partnerships with industry and academia, will allow us to take even greater steps to defend ourselves in cyberspace and to strike back when we are attacked.”

Protect your business with ISO 27001
It is not only large corporations that are under attack; small and medium sized organisations are also being targeted and reporting a rise in cyber-attacks on their businesses.

One way of ensuring that your management team and employees are working to effective processes for minimising the risk of a cyber breach is to achieve ISO 27001 certification. The standard is internationally recognised and establishes processes for identifying data at risk, assessing threats and putting in place systems, controls and procedures to minimise the risk.

ISO 27001 will provide a strategic plan for your business that will ensure you and your workforce are capable and ready to deal with a cyber threat.

ISO 27001 certification will also demonstrate to your customers that you have implemented controls and procedures that will help to maintain continuity of supply and security of their data. In some cases, it may be a requirement when tendering for business, particularly in the public sector.

Find out more about what is involved in achieving ISO 27001 by talking to one of our experienced advisors.
ACS Registrars have again been accredited by UKAS for ISO 9001:2015 and ISO 14001:2015.

The process is on-going and not just a one-off achievement. Accreditation can be applied for by a variety of organisations such as testing laboratories, inspection bodies and medical laboratories as well as certification bodies like ACS Registrars.

UKAS (The United Kingdom Accreditation Service) is the sole national accreditation body for the UK and is recognised by the government as the body that provides oversight to ensure that accredited organisations meet the relevant international standards.

Working with UKAS and maintaining its accreditation is vitally important to ACS Registrars. UKAS accreditation demonstrates that ACS has been assessed for competence, impartiality and reliability to ensure the applicable international accreditation standards are met.

This is what the UKAS have to say about accreditation:

“Accreditation is the formal recognition that an organisation is competent to perform specific processes, activities or tasks (which are detailed in a scope of accreditation) in a reliable, credible and accurate manner.  The provision of accreditation must:
  • be objective, transparent and effective;UKAS_logo
  • use highly professional, competent assessors and technical experts in all relevant fields;
  • use assessors (and subcontractors) that are reliable, ethical and competent in both accreditation processes and the relevant technical fields.
Accreditation delivers confidence in certificates and conformity statements. It underpins the quality of results by ensuring their traceability, comparability, validity and commutability."

Note; not all auditing organisations are UKAS Accredited.

Relevant and beneficial to business
2016 is turning out to be a year of uncertainty; first Brexit, then the shock win for Donald Trump in the US elections. Businesses are going to need all of their resilience to maintain a competitive advantage.
Management systems such as ISO 9001 and ISO 14001 help businesses to establish procedures and processes to monitor and manage changing circumstances.

Risk assessment and risk management have been prioritised in the recent ISO 9001 revisions. This will provide management with the means to identify risks and plan how to control or limit the effect of these events on the business.

Whether internal issues or external events, such as the recent political turmoil, threaten to derail the organisation’s plans, having a robust management system in place will put you in a better position to cope more effectively.

A current example would be the recent drop in the value of sterling after Brexit and the impact it will have on manufacturers; whether you are importing raw materials or exporting finished goods. An effective management system will identify the risks and develop a strategy to minimise the effect.

For more information about UKAS and ISO standards please call us or fill in our enquiry form.

 
The speculation is over and the decision has been made to leave the EU. Now we have a new prime minister and the dust has settled, it is probably time for you to try and assess how this is going to affect your business.

BrexitMost commentators agree that we are going to go through a period of economic uncertainty; the recent currency fluctuations are already starting to have an impact and will probably affect us all one way or another.

The effect of these changes will increase the cost of imports so we can expect to see rises in the machinery and technical equipment (mostly imported), needed for our businesses such as industrial machines and computer hardware and software.

Industries that are expected to be most affected are construction, financial services and manufacturing.

ISO standards and Brexit
Many of our clients will be affected by the economic changes brought on by Brexit, some positively, others negatively. Cheaper exports for those companies selling abroad may help to balance the increase in costs.

With all of this uncertainty it is good to know that some things will remain constant.  ISO standards such as ISO 9001 and ISO 14001 will remain effective and provide the same benefits during the transition to leave the EU and when we finally leave. ISO accreditation is international and the EU often adopts the ISO standard as the European Standard.

Any changes to this stability will depend on our new relationship with the EU. At the moment we have some influence over European standards which means that our manufacturing and service industries have easy access to sell products and services to all European countries by meeting these standards.
Currently our manufacturers save time and cost by only having to comply with one standard to trade with European and global markets.

We can only assume that the UK will remain committed to the European standards to allow our businesses to maintain ease of access, even though our influence over the standards may be diminished.

 
The growth in online business is benefitting companies throughout the UK, but there are risks involved with this continuing expansion.

UK businesses of all sizes are vulnerable to hacker-attacks that aim to steal data that can be sold on the open market to fraudsters. Hacking can also disrupt business operations and systems, this can have a devastating impact. The time and resources needed to recover from a breach, loss of data and damage to a company’s reputation can run into the millions of pounds.

However, it is not just large organisations that are at risk; figures indicate that 74% of small businesses have suffered a cyber breach (figures reported in 2014/2015).

How can ISO 27001 protect my business?

Cyber_risk_insuranceRisks can come from a variety of sources including:
  • Employees, deliberate act or accidental through lack of understanding
  • Hacker-attacks, on computers and servers
  • Phishing, via emails
  • Loss of hardware, such as laptop or removable media that get into the wrong hands
  • Home and mobile working, leading to a reduction in security levels
  • Malware infection
Any one of the above risks could cripple an organisation and lead to an expensive and time consuming recovery.

Certification to ISO 27001 provides an effective information security management system (ISMS) that can be implemented throughout the organisation.

An effective ISMS will identify potential risks and establish a management processes that will help to eliminate, or minimise the effect of an incident, when it occurs.

A disaster recovery plan is established to ensure organisations can get back to “business as usual” as quickly as possible following a breach.

Continuous monitoring and improvement of the system is carried out through annual audits to maintain your ISO 27001 certification. This will identify any new threats or gaps in procedures, to help you maintain a high level of protection.

For more information call one of our team to discuss how ISO 27001 can benefit your organisation.
 
ISO 45001 is the new international standard for occupational health and safety (OH&S).
The standard enables organisations to manage their risks and improve performance to minimise the effects their operations could have on employees, contractors or visitors.

OHSAS18001The International Labour Organisation estimated that there were 2.34 million deaths in 2013 related to work based activities. By improving the health and safety of its employees, organisations can benefit from improvements in productivity, employee motivation and, in some cases, can obtain lower insurance premiums by reducing risks.

The new standard is currently under review and publication is expected around the end of 2016.

ISO 45001
ISO 45001 is the first internationally recognised standard for OH&S that can be applied to all types of organisation.  

ISO 45001 is intended to be integrated into an organisations existing management systems and processes. With this in mind, the new standard will use Annex SL which is included in other ISO standards such as ISO 9001 and ISO 14001.

Annex SL is the new high level structure for the recently updated ISO management system standards that provides common terminology to make integration easier to achieve.

The aim is to tailor the OH&S management system to the needs of the organisation. For example, high risk businesses will need to implement a more detailed system to prevent injuries and ill-health in their workplace compared to smaller or low risk businesses. Employee participation will be encouraged in the implementation and maintenance of the system to ensure risks are managed effectively.

Benefits of ISO 45001
Achieving ISO 45001 certification brings a host of benefits to an organisation and its employees:
  • Improves productivity by reducing downtime
  • Reputation for safety
  • Employee involvement in OH&S
  • Better awareness of risks
  • Cost savings
  • Meets legal obligations
Whether you are already certified for OHSAS 18001 or are thinking about certification to the new ISO 45001 standard, call us to find out more.

 
2015 saw revisions to the ISO 9001 and ISO 14001 standards. The next revision will be to OHSAS 18001 which is due to take place towards the end of 2016. The new standard for occupational health and safety management will be renamed ISO 45001.

One of the fundamental changes being made in these revisions is to the top level structure. These changes aim to deliver advantages by aligning various aspects of the different management systems to improve integration between standards. This structure is called Annex SL and was introduced by ISO to provide consistency throughout all of the ISO standards.

ISO 19001 and ISO 14001 are, for many organisations, the core of their management system and integration will save both time and costs.
  • Other benefits include:
  • Improved efficiency throughout the organisation
  • Less documentation
  • Better risk management
  • Involvement of all levels of the organisation
  • Adding value by maximising performance
  • Reducing duplication

Cogs_integrationAnnex SL
Annex SL will provide a common structure, text and definitions to make integration of multiple standards - ISO 9001, ISO 14001 and ISO 45001 (later this year), smoother and quicker to implement.

By taking an integrated approach, documentation, training, audits and reviews will take up less resources and result in a more efficient and effective management system.

ISO 45001
Publication of the standard is expected around the end of 2016 when the transition from OHSAS 18001 can start.

Certification to the new standard will provide all of the integration efficiencies along with the existing OHSAS 18001 benefits to reduce accidents in the workplace and meet legal and regulatory requirements.

Other benefits of ISO 45001 certification include:
  • Improved productivity with fewer disruptions through absenteeism
  • Better employee relations
  • Reduced insurance premiums
  • Lower costs connected with accidents in the workplace
  • Less risk of prosecution and HSE visits
  • Improved reputation with employees and stakeholders
To find out more please contact us.
 
One of the risks facing businesses in 2016 is the increase in cyber crime.

Balloon-popping-business-riskThe ISO 27001 international standard provides an effective information security management system (ISMS) focused on identifying areas of risk and developing a system for managing and minimising those risks.

Areas at risk include:
  • Computer hardware and systems
  • Data stored locally and off site
  • Intellectual property
  • Employees’ personal details
  • Data and equipment belonging to contractors
  • Suppliers’ assets
  • Customer information
Threats come from a variety of sources including natural disasters, hacker attacks, computer viruses and the consequences of stolen information.

As a result of an incident, an organisation could not only be faced with the costs of putting right the damage and coping with the effects on the business, but could face legal implications connected with the breach.

Costs can run to millions of pounds and with cyber attacks and unpredictable weather conditions increasing, it is more important than ever to manage the risks to your business.

How will ISO 27001 protect my business?
First stage is to appoint an experienced ISO 27001 consultant who will help you to set up an effective management system tailored to your business. They will identify the risks to your business and develop a process to manage those risks together with an ongoing system of monitoring and continual improvement.

Working with members of your team, your appointed consultant will be able to apply industry best practice and using their experience, provide a workable system that will:
  • Review current procedures
  • Identify risks
  • Assess threats to assets
  • Highlight gaps and areas for improvement
  • Establish a system of management and control
  • Provide processes and procedures
  • Continually improve the system with audits and reviews
ISO 27001 Certification
Once you are satisfied that your ISMS is established in line with the requirements of ISO 27001, you will be ready for auditing by an independent accredited certification body. In the UK, you should check they are UKAS accredited.

For more information contact one of our team.
Older Posts