229
All Enquiries
please call +44 (0)121 241 2299
The ISO 9001 standard is one of a suite of ISO standards that are trusted by every industry sector to provide a globally recognised quality management system (QMS).

Whether you are in manufacturing, construction, automotive, aerospace, transport, local authority, charity or the service sector, ISO 9001 demonstrates to your customers that you have a quality management system in place that will consistently deliver to recognised standards.

Maintaining ISO 9001 certification or any other ISO standard will require regular audits to maintain and continuously improve your quality management systems. This gives your customers confidence that the quality of your products or services will be consistent and maintained to a high level to give them the best customer experience.

cogs-showing-delivery-and-quality-for-ISO-9001Benefits to your business
It is not only your customers who will benefit when you achieve ISO 9001 certification.

You can expect to increase profits by reducing waste and being more efficient and productive. Implementing effective management systems will improve employee relations and minimise mistakes. Better internal communications between all areas of the business will help to provide better reporting and delivery to customers.

Winning new business and retention of existing customers will be easier to achieve. Some of your customers or potential customers at home and abroad may even require certification before working with you.

If established correctly, the QMS should be unique to your business and implemented across your organisation to provide all the benefits without being over complicated and getting bogged down in paperwork. It should also have the backing of top management to drive the changes and focus on the benefits.

ISO 9001 certification bodies  
The success of ISO standards is down to the process of continuous improvement and checking, or auditing, that is carried out to monitor management systems. This provides proof to your customers that your business has processes in place and is maintaining them to the recognised standard.

The certification body you choose to carry out audits must not have any connection with your consultant or trainers who have helped set up your QMS. This ensures a completely impartial review of your documentation to maintain the integrity of your certification.

Choosing a UKAS accredited certification body means they have been assessed against internationally recognised standards to ensure competence, performance and impartiality.

The United Kingdom Accreditation Service (UKAS) is the only national accreditation body recognised by government. Achieving UKAS accredited certification means your customers do not have to carry out multiple assessments before they can start trading with you which will help you to open new markets for your business.

The stages to achieve certification include:
  • Preparation for an audit. Carried out internally or by a consultant.
  • Stage 1 audit to review documented management system, ideally by a UKAS accredited certification body.
  • Stage 2 audit to check any corrections from the first audit have been actioned.
  • Certificate decision is made once any non-conformities have been addressed.
  • Issue of certificate.
  • Ongoing surveillance audits.
To take your business to the next level and achieve a globally recognised certification, call one of our team on 0121 241 2299.
ISO 27001 is one of the most recognised standards for Information Security Management and is part of the globally respected ISO suite of Management System Standards.

Since the introduction of the ANNEX SL framework, organisations already certified to one ISO Management System Standard will now find it easier to comply with other ISO standards, such as ISO 27001, due to a common clause framework across ISO standards.

Certification demonstrates that you have a robust management system to comply with the latest security, privacy and compliance requirements for today’s digital age.

Suitable for all sizes of organisation
Blue chip companies, global cloud service providers and small to medium sized businesses are aware of the risks of cybercrime and the havoc it can cause an organisation.

ISO-27001-cloud-services-protectionGoogle Cloud is one organisation that has realised the value of regular independent third-party audits of security, compliance and data processing frameworks needed to achieve ISO 27001 certification.

You don’t have to be as big as Google to benefit from ISO 27001 certification. Recent research by Beaming (UK Internet Service Provider) showed that in the UK, small businesses bore the brunt of £17 billion worth of cyber-attacks in 2018. ISO 27001 is as relevant to small businesses as it is to large organisations and provides a framework to protect SMEs from outside attack and internal errors by employees.

With more businesses relying on cloud services, choosing the right provider and assessing how your employees share information requires a high level of control to ensure data is not inadvertently shared with the wrong group of people, or worse, publicly.

Whether you have your own self hosted IT or you rely on cloud-based services, having regular independent third-party audits of your Information Security Management Systems (ISMS) will protect your IT network from a range of events.

ISO 27001 certification
Part of the certification process is to identify the information held, look at the risks and threats and put in place a framework to minimise a breach.

Loss of data can come from many sources and can include hackers, your own employees and natural disasters such as fire and flood.

Having a system of checks and controls will help to prevent a breach and provide procedures to minimise the impact of a loss.

A range of security controls are the backbone of the standard and include (not fully inclusive):
  • Security policies
  • Employee security
  • Management of data assets
  • Access control
  • Encryption
  • Physical and environmental security
  • Incident management
  • System maintenance
  • Business continuity
  • Regulatory compliance
To minimise your risks of falling victim of an inadvertent click on a phishing email by an employee, a deliberate cyber-attack or a natural disaster, call ACS Registrars on 0121 241 2299.
With schoolchildren striking over climate change around the world, is it time for businesses to look at more ways to reduce their own environmental footprint?
Global warming and the destruction of wildlife habitat are the two main challenges facing the planet and we are told that action needs to be taken now or the effects will be irreversible.

To emphasise the urgency, here are some statements taken from Michael Gove’s recent speech on UK climate change published on 26th November 2018*:
  • Even as we take action to slow carbon dioxide pollution now, physics dictates that the climate will keep heating up for decades to come.
  • Science is clear that there will be changes in ecosystems caused by the climate. WWF’s recent Living Planet report revealed a 60% fall in global wildlife populations in just over 40 years. One of the main causes of this devastating decline is climate change.
  • Around the world, fears are growing for the existence of some low-lying countries - most of the 1,000 or so Marshall Islands, covering 29 slender coral atolls in the South Pacific, are less than six feet above sea level - and the future of a great number of coastal cities, including Miami, New York and Venice.
*Contains public sector information licensed under the Open Government Licence v3.0.

The full speech is well worth reading and is backed up by scientific evidence.

There is still time to act; the government has made commitments to cut greenhouse gas emissions and move to renewable energy over the next 30 years.

Environment ISO 14001 wind turbines and solar panelsWhat can businesses do?
Every business can make changes, however small, to create a more sustainable workplace. This does not have to mean additional costs, in fact, making selective changes can lead to efficiency and cost savings.

Where do you start? Have you got the necessary expertise in-house to manage these changes and at a high enough level to drive the changes through? You will need someone with knowledge of environmental compliance and the ability to identify where improvements can be made and cost reductions achieved.
There are many areas where you can start. These are just a few examples:
  • Energy saving devices for lighting and heating.
  • Use sustainable energy from your utility supplier.
  • Reduce water usage.
  • Use recycled materials and recycle your waste materials.
  • Review business travel.
  • Manage your supply chain.
ISO 14001:2015
The ISO 14001 environmental management system offers a solution to help organisations meet their environmental responsibilities and operate more efficiently.

ISO 14001 consultants have years of experience working in all industry sectors and can bring a wealth of knowledge together with tried and tested methods of best practice. The most effective ISO 14001 frameworks are audited by external UKAS accredited certification bodies. This provides credibility when you need to demonstrate your commitment to the environment to customers or your supply chain.

One of the revisions to the ISO 14001 environmental management system is the importance of leadership from top management to ensure the environmental and business strategies are aligned to maximise benefits. Whether you use an external consultant or an internal resource, they will need to report directly to the business owner or CEO to drive the policy forward.

Establishing an environmental management system to meet ISO 14001 is an effective way to reduce the environmental footprint of your business and meet your company goals.

If you would like to find out how you can help the planet and deliver cost efficiencies across your organisation, you can obtain a free no obligation quote from the form on our website. http://www.acsregistrars.com/request-a-quote
ConstructionWhen businesses think about occupational health and safety, they tend to focus on the safety aspect of employees while carrying out their roles within the work environment.

The prevention of accidents through risk assessments, employee training and implementing controls that minimise hazards in the workplace are some of the areas they tend to focus on. However, we are hearing more about mental health problems on the news and in social media. The illness no longer has the same stigma attached to it and sufferers are more inclined to discuss their problems.

Thanks to this awareness, employees are being encouraged to share mental health problems with their employers before their condition gets critical.

Colleagues are more inclined to help sufferers in the same way they would support a physical injury. Many companies now include mental health and awareness training as well as health and safety courses.

According to NHS digital:
  • In England a sixth of the population between the ages 16 to 64 have a mental health problem.
  • Between 1993 and 2014 there has been a steady increase in people with severe symptoms.
“Contains information from NHS Digital, licensed under the current version of the Open Government Licence”.

Cost to businesses
In a report published in an independent review of mental health and employers titled “Thriving at work”, poor mental health costs employers between £33 billion and £42 billion a year, with an annual cost to the UK economy of between £74 billion and £99 billion.

Giving similar priority to mental health and wellbeing that is given to prevention of accidents, makes sound commercial sense.

The migration of OHSAS 18001 to ISO 45001* provides an ideal opportunity to review all your health and safety procedures at the same time. The emphasis on a risk-based approach with leadership from top management and increased employee involvement will help organisations establish the changes needed to provide a safer working environment and healthier workforce.

Though the new ISO 45001 standard includes mental health within occupational health and wellbeing, it does not go into detail. It will be up to individual leaders within the organisation to implement systems that will increase awareness, train employees and maintain processes to provide the support needed by staff with mental health issues.

Mental health
Causes of mental health problems can stem from a variety of sources including:
  • Issues buried from an early age.
  • Personal problems at home such as a bereavement.
  • Stress or anxiety at work.
Some industries are particularly prone to stress; the Office for National Statistics highlighted that between 2011 and 2015 more than 1,400 construction workers took their own lives.

As awareness of mental illness increases and the problems posed by a more mobile and insecure workforce (no jobs for life) grow, it is likely that mental health issues in the workplace will continue to climb into the future. Businesses will have to get to grips with improving the health, as well as the safety, of their workforce.

*Footnote: OHSAS 18001 is currently being migrated to ISO 45001. A 3-year migration period is now in progress ending on 12th March 2021. After this date OHSAS 18001 will be withdrawn.
One of the key changes to the revised ISO 9001 and ISO 14001 standards and the migration of OHSAS 18001 to ISO 45001 is the increased priority given to risk-based thinking across all areas of an organisation.

The changes to these standards require a pro-active approach by management and particularly top management, to identify and manage the risks associated with the operations of the organisation.

If you are not already aware, ISO 9001 and ISO 14001 revisions are complete and all audits are now carried out to the revised standards; old certification prior to September 2018 is now invalid. OHSAS 18001 is currently being migrated over a period of 3 years. The final date for migration to ISO 45001 is 12th March 2021.

Risk is inherent in every organisation; whether you are a business or institution, profit or non-profit, every decision made and operation undertaken involves an element of risk.
Risks to an organisation may include:
  • Risks to employees and customers from health and safety issues.
  • Risks from disasters such as fire and flooding.
  • Environmental risks from business operations.
  • Risks associated with industry regulations.
  • Security risks to physical structures including IT infrastructure from cybercrime.
  • Risks to the financial security of the organisation.
Risk management planning
Risk_ManagementPreparing a risk management plan will help you to achieve certification to the above standards.  It will also provide the organisation with a framework to identify risk, assess the frequency and impact of the risk and work out a process to manage the risk.

Time and resources need to be allocated to the process by top management and implemented throughout the organisation. An effective plan will increase profitability, reduce costly incidents and create a safer environment for your employees.
Your plan may include:
  • A list of risks that could affect all areas of the organisation.
  • An analysis of the risk and rank the likelihood and level of effect.
  • How you will manage the risk.
  • Implementation of ongoing monitoring and reviewing.
Depending on your organisation, a good way to start might be by setting up a risk matrix to rank the risks you have identified.

Ranking the impact of a risk on the organisation between a range of “negligible” to “critical”, for example, and including an estimate of the financial loss and the disruption it would cause, will provide information to help you to manage and minimise the risks going forward.

The above could provide the framework that your ISO auditor will be looking for when they audit your organisation for certification to the revised standards.

If you need help with your risk management planning, call one of our team on 0121 241 2299.