229
All Enquiries
please call +44 (0)121 241 2299
The growth in online business is benefitting companies throughout the UK, but there are risks involved with this continuing expansion.

UK businesses of all sizes are vulnerable to hacker-attacks that aim to steal data that can be sold on the open market to fraudsters. Hacking can also disrupt business operations and systems, this can have a devastating impact. The time and resources needed to recover from a breach, loss of data and damage to a company’s reputation can run into the millions of pounds.

However, it is not just large organisations that are at risk; figures indicate that 74% of small businesses have suffered a cyber breach (figures reported in 2014/2015).

How can ISO 27001 protect my business?

Cyber_risk_insuranceRisks can come from a variety of sources including:
  • Employees, deliberate act or accidental through lack of understanding
  • Hacker-attacks, on computers and servers
  • Phishing, via emails
  • Loss of hardware, such as laptop or removable media that get into the wrong hands
  • Home and mobile working, leading to a reduction in security levels
  • Malware infection
Any one of the above risks could cripple an organisation and lead to an expensive and time consuming recovery.

Certification to ISO 27001 provides an effective information security management system (ISMS) that can be implemented throughout the organisation.

An effective ISMS will identify potential risks and establish a management processes that will help to eliminate, or minimise the effect of an incident, when it occurs.

A disaster recovery plan is established to ensure organisations can get back to “business as usual” as quickly as possible following a breach.

Continuous monitoring and improvement of the system is carried out through annual audits to maintain your ISO 27001 certification. This will identify any new threats or gaps in procedures, to help you maintain a high level of protection.

For more information call one of our team to discuss how ISO 27001 can benefit your organisation.
 
ISO 45001 is the new international standard for occupational health and safety (OH&S).
The standard enables organisations to manage their risks and improve performance to minimise the effects their operations could have on employees, contractors or visitors.

OHSAS18001The International Labour Organisation estimated that there were 2.34 million deaths in 2013 related to work based activities. By improving the health and safety of its employees, organisations can benefit from improvements in productivity, employee motivation and, in some cases, can obtain lower insurance premiums by reducing risks.

The new standard is currently under review and publication is expected around the end of 2016.

ISO 45001
ISO 45001 is the first internationally recognised standard for OH&S that can be applied to all types of organisation.  

ISO 45001 is intended to be integrated into an organisations existing management systems and processes. With this in mind, the new standard will use Annex SL which is included in other ISO standards such as ISO 9001 and ISO 14001.

Annex SL is the new high level structure for the recently updated ISO management system standards that provides common terminology to make integration easier to achieve.

The aim is to tailor the OH&S management system to the needs of the organisation. For example, high risk businesses will need to implement a more detailed system to prevent injuries and ill-health in their workplace compared to smaller or low risk businesses. Employee participation will be encouraged in the implementation and maintenance of the system to ensure risks are managed effectively.

Benefits of ISO 45001
Achieving ISO 45001 certification brings a host of benefits to an organisation and its employees:
  • Improves productivity by reducing downtime
  • Reputation for safety
  • Employee involvement in OH&S
  • Better awareness of risks
  • Cost savings
  • Meets legal obligations
Whether you are already certified for OHSAS 18001 or are thinking about certification to the new ISO 45001 standard, call us to find out more.

 
2015 saw revisions to the ISO 9001 and ISO 14001 standards. The next revision will be to OHSAS 18001 which is due to take place towards the end of 2016. The new standard for occupational health and safety management will be renamed ISO 45001.

One of the fundamental changes being made in these revisions is to the top level structure. These changes aim to deliver advantages by aligning various aspects of the different management systems to improve integration between standards. This structure is called Annex SL and was introduced by ISO to provide consistency throughout all of the ISO standards.

ISO 19001 and ISO 14001 are, for many organisations, the core of their management system and integration will save both time and costs.
  • Other benefits include:
  • Improved efficiency throughout the organisation
  • Less documentation
  • Better risk management
  • Involvement of all levels of the organisation
  • Adding value by maximising performance
  • Reducing duplication

Cogs_integrationAnnex SL
Annex SL will provide a common structure, text and definitions to make integration of multiple standards - ISO 9001, ISO 14001 and ISO 45001 (later this year), smoother and quicker to implement.

By taking an integrated approach, documentation, training, audits and reviews will take up less resources and result in a more efficient and effective management system.

ISO 45001
Publication of the standard is expected around the end of 2016 when the transition from OHSAS 18001 can start.

Certification to the new standard will provide all of the integration efficiencies along with the existing OHSAS 18001 benefits to reduce accidents in the workplace and meet legal and regulatory requirements.

Other benefits of ISO 45001 certification include:
  • Improved productivity with fewer disruptions through absenteeism
  • Better employee relations
  • Reduced insurance premiums
  • Lower costs connected with accidents in the workplace
  • Less risk of prosecution and HSE visits
  • Improved reputation with employees and stakeholders
To find out more please contact us.
 
One of the risks facing businesses in 2016 is the increase in cyber crime.

Balloon-popping-business-riskThe ISO 27001 international standard provides an effective information security management system (ISMS) focused on identifying areas of risk and developing a system for managing and minimising those risks.

Areas at risk include:
  • Computer hardware and systems
  • Data stored locally and off site
  • Intellectual property
  • Employees’ personal details
  • Data and equipment belonging to contractors
  • Suppliers’ assets
  • Customer information
Threats come from a variety of sources including natural disasters, hacker attacks, computer viruses and the consequences of stolen information.

As a result of an incident, an organisation could not only be faced with the costs of putting right the damage and coping with the effects on the business, but could face legal implications connected with the breach.

Costs can run to millions of pounds and with cyber attacks and unpredictable weather conditions increasing, it is more important than ever to manage the risks to your business.

How will ISO 27001 protect my business?
First stage is to appoint an experienced ISO 27001 consultant who will help you to set up an effective management system tailored to your business. They will identify the risks to your business and develop a process to manage those risks together with an ongoing system of monitoring and continual improvement.

Working with members of your team, your appointed consultant will be able to apply industry best practice and using their experience, provide a workable system that will:
  • Review current procedures
  • Identify risks
  • Assess threats to assets
  • Highlight gaps and areas for improvement
  • Establish a system of management and control
  • Provide processes and procedures
  • Continually improve the system with audits and reviews
ISO 27001 Certification
Once you are satisfied that your ISMS is established in line with the requirements of ISO 27001, you will be ready for auditing by an independent accredited certification body. In the UK, you should check they are UKAS accredited.

For more information contact one of our team.
The United Nations Climate Change Conference which started on 30th November and runs to 11th December 2015 will be discussing, amongst other things, the impact industrial development is having on our climate. With the aim of keeping global warming below 2°C, business and governments will be discussing climate change, reducing greenhouse gas emissions and the development of renewable energies.

On the 7th and 8th December, as part of the Conference, there will be a business focussed
event. The “Sustainable Innovation Forum” (SIF15), brings together participants from business, Government, finance, UN, NGO and civil society to “bolster business innovation and bring scale to the emerging green economy”.

To add more pressure to the talks, we hear recently that the Chinese government issued a health warning to Beijing residents to stay indoors due to heavy smog.

There would seem to be overwhelming evidence that our climate is warming, with effects such as rising sea levels and extreme weather events. A natural cycle or human impact? Whatever you believe, can we afford to do nothing?

Green_footprintEvery business can help
The recently revised ISO 14001:2015 standard can help to reduce the impact that your operations may have on the environment. This is a global standard with certifications in 171 countries. The standard provides a framework for organisations to meet the challenges of climate change.
The benefits go further than improving the environment for all of us; they can deliver tangible benefits for your organisation:
  • Meet legal obligations
  • Engage employees
  • Improve performance through efficiencies
  • Reduce waste and increasing recycling
  • Provide cost savings
  • Increase profits
  • Enhance brand image

ISO 14001 certification and implementation can have a significant effect on an organisations profitability and performance. By adopting an effective energy management system you will gain a competitive advantage and contribute towards the climate change challenges the world will face in the future.

 
Companies continue to be vulnerable to hackers with the latest cyber attack affecting TalkTalk. This follows a number of other high profile incidents in 2015.

Breaches like these are not limited to large companies; small businesses are just as vulnerable. The latest report from the Department for Business Innovation and Skills - “2014 Information Security Breaches Survey” found that although security breaches were slightly down from 2013, the overall costs to deal with incidents was up:

81% of large organisations had a security breach (down from 86%* a year ago)

60% of small businesses had a security breach (down from 64%* a year ago)


£65k - £115k is the average cost to a small business of its worst security breach of the year (up from £35 - £65k a year ago)

Full survey available from https://www.gov.uk/government/uploads

Cyber_security_policyISO 27001 Information Security Management System (ISMS)
Every business should be taking precautions and assessing the risks of cyber crime by putting in place a written security policy.

The ISO 27001 information security standard is one way of protecting your business from future attacks. Certification will introduce a management structure to identify risks to your business. It will also establish a plan to recover from a breach should the worst happen.

Taking precautions to prevent a breach before it happens is more cost effective than recovering from an incident given the fact that costs for dealing with events are continuing to increase.

Direct costs to get your business back on track after a breach are not the only implications. Reputation with clients, compensation pay outs and, as in the case of TalkTalk, a drop in their share value, could have a devastating effect on the future of a business.

Certification provides peace of mind and demonstrates your company’s commitment to security of information.

 
ISO_CertificationCertification to any of the ISO standards provides tangible benefits for your organisation. If you want to grow your business, increase profits and operate more efficient working practices, achieving certification will help, as well as giving you an edge over your competitors.

Whether you operate locally or globally, the standards are recognised worldwide and are relevant to all sizes of business.

Other benefits include:
  • Improved internal processes and efficiency
  • Reduced waste resulting in environmental benefits and cost savings
  • Increased sales
  • Better access to new markets
  • Industry expert consultants providing guidance

Next steps

When choosing a certification body, it is worth pointing out that you should check they are UKAS accredited. UKAS has government recognition and is licensed by the Department for Business Innovation and Skills (BIS). You can be sure to receive the most appropriate advice by choosing a UKAS accredited certification body. Your long-term success could be undermined if you use an independent evaluation service.

Continual improvement

After successfully completing your first audit, your assessor will set up a process to monitor and improve systems and arrange regular (six monthly or annual) surveillance visits.

These visits will ensure your management systems remain effective and continue to meet the standard.
Ongoing checks will help to maintain your conformity and make your next certification renewal assessment run as smoothly as possible.

To find out more call ACS Registrars (a UKAS Accredited Certification Body - No. 0229).

 
Many businesses operate quite successfully without being ISO certified; however in today’s crowded market place, being certified by a UKAS accredited certification body can give you a competitive edge. It may even be a requirement before you can start the relationship.

Goldfish_jumping_continual_improvementFor example, if you are looking to access new markets, getting certified will give potential customers confidence in your management systems and your ability to meet their requirements. The standards are international and are therefore recognised across global markets.

When you have a robust management system in place, your business will be able to streamline operations and improve productivity that will help to increase profits.

By assessing risks from natural disasters, accidents, cyber-crime or mismanagement, you will be able to mitigate their impact on your business.

Environmental disasters get much more publicity these days and keeping ahead of regulations and legislation is more important than ever. Demonstrating your commitment to reducing the impact that your operations have on the environment will enhance your reputation with your employees and customers.

There are a wide range of international standards available for organisations of all types and sizes and you can select the most relevant for your business.

The ISO standard or standards that you choose to meet your particular needs will help to meet the everyday challenges and risks faced by all organisations.

These are some of the more popular standards available:
  • ISO 9001     Quality Management Systems
  • ISO 14001     Environmental Management Systems
  • OHSAS 18001     Occupational Health and Safety Management Systems
  • ISO 27001     Information Security Management Systems
  • PAS 43         Safe Working of Vehicle Breakdown and Recovery Operators
  • NHSS 17     Quality Management for Vehicle Recovery at Highway Construction Sites
  • NHSS 17b     Quality Management for Vehicle Recovery and Removal on Controlled Roads
  • PAS 80         Automotive Garage Services - Service and Repair of Vehicles
  • HACCP         Hazard Analysis and Critical Control Point Systems

The benefits to businesses are wide ranging and will provide a management system and structure that will help your business to become more efficient and sustainable.

Do you need ISO certification? Call us for a free, no obligation discussion to find out which ISO standard you need for your business. We are a UKAS Accredited Certification Body.

 

megabus_italyLeading international transport operator Stagecoach Group launched a new network of inter-city coach services in Italy in June 2015 under its megabus.com brand as part of continuing expansion across mainland Europe.

The new network, launched by Italy's Deputy Transport Minister Riccardo Nencini, links 13 destinations across the country with bargain fares from just €1. The major new network of inter-city coach services covers Rome, Milan, Florence, Venice, Naples, Turin, Bologna, Verona, Padua, Siena, Genoa, Sarzana (La Spezia) and Pisa. As part of its commitment to high standards of customer service, megabus.com has invested in an €11million fleet of 23 state-of-the-art coaches offering free Wifi, power sockets, air conditioning and toilets.

In addition to boosting public transport, tourism and the economy, megabus.com is investing in Italy by creating around 100 new jobs through the opening of new bases near Milan and in Florence.

megabus.com worked with ACS Registrars Ltd on certification to the ISO 9001:2008 quality management system standard to support its entry into the Italian market.

Companies meeting the ISO standard consistently provide products that meet customer needs as well as relevant statutory and regulatory requirements. megabus.com carries more than 15 million passengers a year across Europe and North America. The number of passengers using the company’s growing coach network in Europe is up more than 60% in the past year.

Recent events have again focused attention on workplace health and safety, as investigators from the Health and Safety Executive have been questioning the owners and employees about a specific high-profile accident.

The latest statistics from the HSE website make grim reading:

•    1.2 million working people suffering from a work-related illness
•    2,538 mesothelioma deaths due to past asbestos exposures (2013)
•    142 workers killed at work (2014/15)
•    78,000 other injuries to employees reported under RIDDOR
•    629,000 injuries at work from the Labour Force Survey
•    28.2 million working days lost due to work-related illness and workplace injury
•    £14.2 billion estimated cost of injuries and ill health from current working conditions (2012/13)

("Contains public sector information published by the Health and Safety Executive and licensed under the Open Government Licence". http://www.hse.gov.uk/statistics)

OHSAS_StatsIf you are found guilty of health and safety offences in a magistrate's court, you could face fines of up to £20,000 and/or up to 12 months imprisonment. Conviction in a Crown Court can result in an unlimited fine and/or a period of imprisonment of up to two years.

Limit your risks and protect your employees
OHSAS 8001 is the internationally recognised management system for assessing and auditing occupational health and safety.

Achieving OHSAS 8001 will help protect your employees from work related illness or injury and help to ensure they don’t add to the above figures.

Benefits of OHSAS 8001 certification include:

•    Keeps your company up to date with the latest regulations.
•    Limits the risk of prosecutions and fines.
•    Confirms your commitment to the health and safety of your employees.
•    Improves your company’s reputation with existing customers and when tendering for new business.
•    Increases employee morale.

By implementing a robust management system you will minimise the risk of prosecution and improve productivity by reducing potentially expensive disruptions.

The standard applies to all industries and all sizes of business. For more information, call us to discuss the certification process.

 
What does ISO 14001 cover?
ISO_14001_environmental_managementThe standard has been developed to provide an audited management process to help organisations reduce their impact on the environment by recycling, saving energy and meeting regulatory requirements.

The ISO 14001 standard can be implemented across all industry sectors and from small businesses to multi-nationals. It will provide an Environmental Management System (EMS) that will benefit the organisation’s reputation, efficiency and customer relations as well as helping the environment.

Benefits of ISO 14001 certification
Achieving certification will establish better management systems for identifying environmental risks and minimising the impact of operations and processes carried out by the organisation. There are also economic benefits to be had from making these environmental improvements. As well as the obvious cost reductions from minimising waste, improving efficiency and lower use of natural resources, there are the intangible advantages of public, employee and customer perception of the organisation.

By communicating your commitment to achieving ISO 14001 and demonstrating a responsible attitude towards the environment, you will gain an advantage over competitors who are not certified, when tendering for new business. You will also enhance your reputation with existing clients. If you operate in global markets the standard is recognised throughout the world and will help you to meet their individual market environmental regulations.
Your organisation will benefit from a robust management system that will reduce risks, prevent incidents and increase awareness of environmental issues to your employees.

 
This is not the first time we have written about the vulnerability of businesses to cyber-attacks and the latest government survey does nothing to allay those fears. Though the statistics show that incidents of cyber-crime have reduced slightly, the costs of dealing with these breaches has almost doubled.

ISO_27001The following statement has been taken from the 2010 to 2015 government policy paper published 7th May 2015.

81% of large corporations and 60% of small businesses reported a cyber-breach in 2014.
With the cost for the worst cyber-security breach estimated between £600,000 to £1.15 million for large businesses and £65,000 to £115,000 for smaller ones, the government must look at new ways to protect businesses and make the UK more resilient to cyber-attacks and crime.”

Businesses affected by cyber crime
There have been some high profile cases:

eBay
Hackers managed to access an eBay corporate account to gather user’s personal information.

JP Morgan Chase
A neglected server provided access to contact details for its account holding customers.

Home Depot
Payment systems were infected with malware that allowed hackers to steal credit card details.

Employees’ responsibility
It is not just about server access; employees are much more mobile these days and carry around company information on laptops and mobile phones. Data is stored on removable media which can be copied or lost.
Malware can infect company computers and mobile phones. To protect against these risks, you will need to establish policies to ensure employees know what they should and shouldn’t do.

ISO 27001 information security management system
There are numerous ways an organisation can protect against cyber-crime. Choosing an internationally recognised standard that provides an auditable method of monitoring, protecting and managing information is one option.
Achieving ISO 27001 certification provides a framework of policies and procedures that will help prevent a security breach and limit the impact of a cyber-attack.

Using experienced consultants, you will be guided through the process, identifying any risks and tailoring the management process to your individual requirements. This will help to keep costs and disruption to a minimum should an incident occur.

Other benefits include:
  • Customers and business partners will have more confidence in your ability to keep their information safe.
  • Continuity of supply following an attack.
  • More reliable systems for storage of information.

ISO 27001 provides for a regular auditing procedure so you can continually improve your processes and keep up to date with the latest security measures to stay one step ahead of the criminals.

 
The ISO 9001 standard is being revised to ensure this internationally recognised standard maintains its relevancy to current business and industry requirements. ISO standards are reviewed every 5 years to decide whether a change is necessary and ISO 9001 is currently going through the drafting and voting process.

The Draft has now reached stage 5 of a 6 stage process and is currently going through the approval stage. Once members have approved the draft, a final publication will be expected by the end of 2015.

ISO_9001_updateWhat are the main changes?
We have covered a detailed review of the proposed changes on our website.

Nigel Croft, Chair of the ISO subcommittee revising the standard, said: "We are on the right track, and we are on schedule for publication.

"The new version is very strongly based on three basic core concepts: that process approach which was very successful in the 2008 version of the standard superimposed on that system of processes is the plan-do-check act methodology, and a third core concept which is new in the 2015 version is risk based thinking, aiming at preventing undesirable outcomes."

From what we know so far, these are the main changes:
  • To improve integration of ISO 9001 with other management systems
  • Risk management is given greater consideration and documented in most sections
  • Importance of effective communication throughout the organisation is emphasised

How does this affect you?
You don’t need to do anything until the new edition of the standard is published. We will then review the new standard and compare the changes. Keep reading our Blog for more information.
 

OHSAS_18001_health_and_safetyLooking for a way of improving employee relations and increasing your organisations profits?


Organisations of all sizes and in all sectors have a duty to provide a safe and healthy work environment for all of their employees. In some sectors, occupational health and safety goes beyond being just a moral requirement; there are also legal obligations that must be met.


Improving working conditions by identifying hazards in the workplace and reducing accidents can provide financial benefits to organisations by increasing productivity, reducing staff turnover and improving motivation.


BS OHSAS 18001 certification provides an effective solution if you    want to implement a safety management system that will provide a long term process for identifying hazards, minimising risks and improving the safety of employees.


OHSAS 18001 (Occupational Health and Safety Assessment Series) is an internationally recognised standard that enables organisations to assess and audit occupational health and safety management systems.


OHSAS 18001 benefits of certification include:

  • Hazard identification
  • Risk assessment
  • Improved working conditions
  • Reduced work related accidents
  • Increased productivity
  • Less absenteeism
  • Increased customer confidence
  • Meet legal obligations
  • Internationally recognised


Continual assessments
Maintaining your health and safety management system by regular audits and reviews ensures the process remains robust, up to date and incorporates sector best practice. The system is maintained by keeping records, controlling documentation, staff training and performance reviews.


If you are committed to the welfare of your employees and want to maintain your competitive edge in a global marketplace, achieving ISO 18001 certification provides an effective management system. It can also be integrated with other standards such as ISO 9001 (quality) and ISO 14001 (environmental).

ISO_9001_international_standardThe leading international standard ISO 9001 is being revised and will be published around the end of 2015. With over 1.1 million certificates worldwide, ISO 9001 is one of the most recognised standards, providing organisations with a management system that will streamline processes, maintain efficiency and increase productivity.


ISO (International Organisation for Standardisation) are responsible for a wide range of international standards covering all aspects of technology and manufacturing. Based in Geneva, Switzerland, they have published more than 19,500 international standards covering almost every industry.


ISO standards are reviewed approximately every 5 years to ensure they meet the changing marketplace and maintain compatibility with other ISO standards.


Keeping up to date with the latest standards will maintain your organisation’s competitive edge in today’s global marketplace.


What does this mean for ISO 9001 registered organisations?
You will have a 3 year transition period to prepare and migrate your quality management system to the new edition so you need not make any changes to your existing system until the final draft is published.


ISO 9001 is currently at the final draft international stage and awaiting comments; it will then be put forward to the member countries for voting.


We anticipate that existing management systems of ISO 9001:2008 should conform to the 2015 version with just some minor adjustments.


You may want to start planning for its implementation in advance; therefore we have created a short PowerPoint presentation to give you an overview of the expected changes. Please call Chris McMillan on +44 (0)121 241 2299 for a copy.


What is expected to change?
From the drafts that are available, we expect a shift in focus with three main changes being identified as follows:

Risk management

  • Identification of risk and risk control
  • Focus on risk based thinking

Standardisation

  • Improved integration and implementation with other management systems and standards


No exclusions

 

  • There is no reference to permissible exclusions in the 2015 revision
  • An organisation may decide if a requirement is not applicable, providing it does not result in nonconformity


For a more detailed breakdown please call Chris McMillan on +44 (0)121 241 2299 for a copy of our PowerPoint presentation.

Cyber_crimeAccording to the FSB (Federation of Small Businesses, The Voice July/August 2014), a smaller number of businesses are experiencing information security breaches and cyber attacks than a year ago.


This sounds like good news but the downside is that the cost of dealing with incidents has increased significantly (research carried out by PricewaterhouseCoopers).


In 2012, the average cost of the worst security breach they experienced was between £35,000 and £65,000 and in 2013 it was between £65,000 and £115,000. These amounts are significant enough to severely damage your business.


Think about all of the data that your organisation stores on digital devices; client and employee information, business critical data, accounting records.


Prevention is always better than cure and one way to mitigate the risks of cyber crime is to have a robust system of management in place. This will not only minimise the chances of a breach but will also reduce its impact on the business, should an attack get through your defences.


It’s not just the cost of rectification that can damage your company; recent high profile cases have shown that a company’s reputation is also at stake.


Information Security Management System (ISMS)
ISO 27001 accreditation provides an auditable management process to international standards and provides a structure to help you improve the security of your information.


The management process you implement will provide a “best practice” system that will help you to identify the risks and maintain the necessary controls to minimise or eliminate the possibility of a security breach.


ISO 27001 certification will demonstrate that your company’s security management system has been independently assessed and verified.


Benefits of ISO 27001 certification include:

 

  • An internationally endorsed best practice framework to manage cyber threats and attacks
  • Supplier and customer confidence in your security systems
  • Reduces costs if a breach does occur
  • Protects your company’s reputation
  • A plan to limit data loss and return business systems to normal


ISO 27001 auditors
You should always use a trusted certification body, which is UKAS accredited.


This is a specialist area and you will need an experienced auditor to work with your team to provide a system that will work for your particular information protection requirements.


Ideally they will have experience of your particular industry sector and can use their knowledge of best practice to provide the best possible system.

 

Newer posts