229
All Enquiries
please call +44 (0)121 241 2299
One of the key changes to the revised ISO 9001 and ISO 14001 standards and the migration of OHSAS 18001 to ISO 45001 is the increased priority given to risk-based thinking across all areas of an organisation.

The changes to these standards require a pro-active approach by management and particularly top management, to identify and manage the risks associated with the operations of the organisation.

If you are not already aware, ISO 9001 and ISO 14001 revisions are complete and all audits are now carried out to the revised standards; old certification prior to September 2018 is now invalid. OHSAS 18001 is currently being migrated over a period of 3 years. The final date for migration to ISO 45001 is 12th March 2021.

Risk is inherent in every organisation; whether you are a business or institution, profit or non-profit, every decision made and operation undertaken involves an element of risk.
Risks to an organisation may include:
  • Risks to employees and customers from health and safety issues.
  • Risks from disasters such as fire and flooding.
  • Environmental risks from business operations.
  • Risks associated with industry regulations.
  • Security risks to physical structures including IT infrastructure from cybercrime.
  • Risks to the financial security of the organisation.
Risk management planning
Risk_ManagementPreparing a risk management plan will help you to achieve certification to the above standards.  It will also provide the organisation with a framework to identify risk, assess the frequency and impact of the risk and work out a process to manage the risk.

Time and resources need to be allocated to the process by top management and implemented throughout the organisation. An effective plan will increase profitability, reduce costly incidents and create a safer environment for your employees.
Your plan may include:
  • A list of risks that could affect all areas of the organisation.
  • An analysis of the risk and rank the likelihood and level of effect.
  • How you will manage the risk.
  • Implementation of ongoing monitoring and reviewing.
Depending on your organisation, a good way to start might be by setting up a risk matrix to rank the risks you have identified.

Ranking the impact of a risk on the organisation between a range of “negligible” to “critical”, for example, and including an estimate of the financial loss and the disruption it would cause, will provide information to help you to manage and minimise the risks going forward.

The above could provide the framework that your ISO auditor will be looking for when they audit your organisation for certification to the revised standards.

If you need help with your risk management planning, call one of our team on 0121 241 2299.
ISO_27001_cybercrime_man_sat_at_computerThe ISO 27001 information security management system provides your organisation with a framework for improving and managing your valuable data.

Cybercrime is a growing problem and will continue to put organisations at risk of a security breach. This could have devastating consequences for employees, customers and business partners.

Many organisations are ISO 9001 certified and see this standard as a basic requirement for doing business and meeting customer expectations for quality and management. Far fewer companies have achieved certification to ISO 27001; however, a data security breach could potentially be just as harmful to your profits and reputation as the quality failure of a product.

Customers expect their data to be protected and if their details get into the hands of cyber criminals, the ensuing adverse publicity and damage caused to reputation, not to mention the cost of fixing the problem, makes the argument for prevention an obvious choice.

One of the latest widely reported breaches involved the Marriott hotel chain. Despite having cybersecurity insurance, the cost is still expected to run into millions over the coming years.
The introduction of GDPR also took data protection to a new level, requiring organisations to comply with the regulations or face large fines.

ISO 27001 provides the framework to mitigate the risks and meet the requirements of the latest regulations.

ISO 27001 benefits
Certification to ISO 27001 which has been audited by a 3rd party such as a UKAS accredited Certification Body will provide the reassurance that the management framework and information protection system you have adopted is robust and regularly audited.

This demonstrates to customers your commitment to maintaining an effective system of controls and organisational processes that will keep their data safe.

It will meet regulatory requirements that may be needed by your own industry and any wider obligations such as GDPR.

ISO 27001 certification will also give you a competitive advantage when you are tendering for new contracts, especially if your competitors do not have such a framework in place.

Why ISO 27001 is needed in your organisation
If your organisation relies heavily on data, you have sensitive data that could be used by cyber criminals, your competitors have ISO 27001 or similar or your sector is highly regulated, you will have to gain some form of information security certification.

If you are going to go through the process of certification, it makes sense to go to the next step and have your information security system audited by a UKAS registered Certification Body. This will provide an independent and impartial assessment of your framework and processes.

UKAS accreditation has international recognition and will ensure your certification is given maximum credibility when it is issued. Certification bodies accredited by UKAS will have been assessed to provide the competence and impartiality required to provide you with a robust framework for now and into the future.

You can find out more about what UKAS accreditation means for your organisation on their website https://www.ukas.com/about

Alternatively, contact one of our fully qualified lead auditors for more information.
Bird_with_plastic_stuck_in_its_beakWe have all seen documentaries showing plastic pollution in our oceans which is affecting wildlife and ocean habitat. The films show items of plastic waste in young birds’ stomachs, turtles drowned by being caught up in plastic pollution and coral reefs choked by billions of pieces of plastic.

A recent article in the Guardian (30th October 2018) stopped me in my tracks and made me aware of the damage we have already done, not just from plastic waste, but also from our consumption of food and resources and ever-increasing global population.

“Humanity has wiped out 60% of mammals, birds, fish and reptiles since 1970, leading the world’s foremost experts to warn that the annihilation of wildlife is now an emergency that threatens civilisation.”
Report by World Wildlife Fund (WWF)

As Mike Barrett, executive director of science and conservation at WWF, said “we are sleepwalking towards the edge of a cliff”.

It is difficult to know where to start; the problem is immense and global. However, if every company initiated an environmental management system (EMS), making changes such as reducing waste and packaging, it would be a start.

One of the most recognised environmental management systems is ISO 14001.

Is ISO 14001 certification the answer for your business?
Whether you decide ISO 14001 is suitable for your company or not, every business can help by communicating to employees the importance of limiting the use of plastics.

I came across a website full of great suggestions for reducing plastic in the workplace, from active participation in events to asking suppliers to reduce plastic packaging. See the bottom of this article for the website link.

If you are looking for something a bit more structured combined with the support that will bring additional benefits to your company in the form of cost savings, ISO 14001 certification may be the answer. It will provide your business with a framework to improve environmental management systems and demonstrate your commitment to the environment.

The standard is suitable for companies of all sizes and industry sectors and the certification to the standard will include:
  • A plan for procedures and controls.
  • Employee engagement and training.
  • Targets for waste reduction.
  • A risk management and control framework to minimise the impact of your operations on the environment.
  • Continuous improvement, recording and monitoring.
Call one of our team to find out more about ISO 14001 or read the article about plastic reduction here: https://lessplastic.co.uk/9-ways-to-reduce-plastic-in-your-workplace/
Now the transition from ISO 9001:2008 to ISO 9001:2015 is complete, any organisation holding an out of date certificate (from before September 2018) will find some of their customers are not willing or able to work with them as a supplier.

Your organisation may be working to procedures audited 3 years ago; however, without regular independent 3rd party auditing to check quality management processes are working and are continually being adapted and improved, customers will lose confidence that your organisation can continue to provide the same high quality of service or product expected.

With the ISO 9001 revision in place, now is a good time to look at the benefits provided by ISO 9001 certification and how the revision will improve your quality management systems.

ISO_9001Maximise the benefits of being ISO 9001 certified
If you consider certification to ISO 9001 as simply a tick box exercise, you will fail to reap the full potential of your Quality Management System (QMS) to transform your organisation, making it a better place to work for your employees and a more professional entity for your customers and suppliers to work with.

Some organisations may be obliged to gain certification to ISO 9001 to meet the requirements of a client. Government, local authorities and larger organisations often require certification before they will consider a tender from a supplier. Even if certification is not a mandatory requirement for a customer, it will give you an advantage over your competitors.

Whether you are forced or whether you decide to achieve certification to improve your organisation’s QMS, implementation needs the backing and leadership of top management. In fact, this is one of the main changes in the ISO 9001 revision.

The QMS should be an integral part of the organisation, not a side project that achieves certification by ticking off a series of actions and ignored when other priorities take over. Supported by every level of management, it will continually improve processes and quality, with customer satisfaction being the main focus.

The ISO 9001 revision aims to provide an organisation with a QMS that will support growth and continual improvement as internal and external factors change. This will help your organisation to:
  • Improve your ability to satisfy clients.
  • Maintain the relevance of your QMS as other elements change.
  • Keep all user groups up to date with the latest operating environments and technology developments.
  • Maintain consistency during the next 10-year period.
  • Use ANNEX SL to easily integrate other standards into your organisation.
If you are still undecided whether ISO 9001 is going to benefit your organisation, talk to one of our team to find out more.

If you have a good management system and processes already in place, you may find it easier than you think to achieve certification to ISO 9001.
ISO 45001 is the new occupational health and safety standard and organisations currently certified to the OHSAS 18001 standard should now be going through the migration process ready for their next audit.

OHSAS 18001 certification remains valid until 12th March 2021; after this date, certification will be withdrawn.

ISO_45001_standardThe new standard is well suited to the building and construction industry whether you are a large construction company or smaller SME. However, the standard will be used throughout all industry sectors to improve occupational health and safety for employees.

The new standard is ideal for organisations with building sites that have multiple subcontractors as well as direct employees on site. The framework of ISO 45001 will help you to manage health and safety, identify risks and reduce hazards. Management of subcontractors can be coordinated in line with an integrated occupational health and safety plan for all parties on site.

ISO 45001 is part of the set of ISO standards such as ISO 9001, the widely recognised quality management system, or ISO 14001 environmental management system. Any organisation already certified to these most popular standards will find the integration of ISO 45001 far simpler because of the Annex SL framework. This provides a standardised framework across many of the ISO standards to save time and resources during the certification process.

Worker safety is paramount
Ill health, stress and injury statistics in construction are some of the highest across all industry sectors.
According to HSE figures for 2016/2017 construction sector in Great Britain:
  • 80,000 workers are suffering from work related ill health each year (LFS).
  • 30 fatal injuries to workers in 2016/2017 (RIDDOR).
  • 64,000 non-fatal injuries to workers each year (LFS).
Source from http://www.hse.gov.uk/statistics/industry/construction/index.htm

Benefits of ISO 45001 certification to your business
This globally recognised ISO standard with third party verification will help companies win new business by demonstrating to clients that they comply with legal requirements and are committed to making the workplace a safer environment. Some clients may even make it a requirement when tendering for business.

ISO 45001 provides a framework for continuous improvement to manage health and safety and identify hazards for future projects.

If you need help with migration from OHSAS 18001 to ISO 45001 or are thinking of gaining certification to the new standard, one of our team of lead auditors will be able to tell you more about the process.