All Enquiries
please call +44 (0)121 241 2299
A recent article on the BBC news website highlighted an incident at Eurofins, one of the UK’s largest forensic service providers. In June 2019 a ransomware attack severely affected the lab’s ability to provide their services to the Police. Work had to be suspended for seven weeks resulting in investigations and trials being delayed.

A senior manager at the company commented that cyber-crime could happen to any organisation, warning “It’s a threat to society” and all business sectors are vulnerable.

A cyber-readiness report from Hiscox in 2019 found that a significant majority of the firms surveyed reported that they had experienced one or more cyber-attacks with 61% reporting an attack last year, up from 45% the previous year.

The report also stated that the scale of ransom demands has risen, cyber-crime is now an unavoidable cost of doing business today.

What is Ransomware

Computer-infected-by-ransomware-virusCyber criminals target victims and infect their computers with malicious software. The software locks and encrypts the computer’s data to prevent access to the user. A ransom demand is then made to get your data unlocked. However, there is no guarantee your data will be unlocked after you have paid. More sophisticated criminal gangs target business networks and can cause chaos by encrypting multiple devices at once.

Phishing by hackers is one of the main methods used to gain access to computer networks. Targeting a user with what looks like a legitimate email to get them to open an attachment or click on a link that installs malware on their network and enables hackers to steal usernames and login details. Training for your employees is vital to make them aware of the risks.

Another approach by hackers is trying multiple usernames and password combinations in the hope that one will work so they can gain access to your computer network.

Just as effective is a Denial of Service attack where multiple machines bombard a single host with server requests until the server crashes and leaves your computer network unavailable until a solution can be found.

Cyber-crime protection with ISO 27001 certification

ISO 27001 is an internationally recognised Information Security Management System (ISMS). Certification to ISO 27001 will provide a framework to help you to manage the risks, train your employees, monitor and control your system networks and continually improve your management system. The ISO 27001 certification process will keep all your information assets secure by setting up a framework which would include:
  • Risk assessments covering where your data is stored and identifying any vulnerabilities
  • Training your employees to spot suspicious emails and warning them against opening attachments and links from unknown senders. This is very often the method used by cyber-criminals to spread malware.
  • Improving system security including firewalls, network management, anti-virus protection, access control, asset management, software installation, patch management, password management, back-ups and audits are some of the measures in the framework
  • Process for responding to a cyber-attack to mitigate the damage and repair the system to get you back up and running as soon as possible
  • Reporting, monitoring and logging activities to continually improve your system and keep up to date with the latest requirements.
The ISO 27001 ISMS covers more than just loss through cyber-attack. It also includes data loss or damage caused by natural disasters, theft and mismanagement.

Cyber-crime can have other devastating effects on your business. Legal regulations may have been breached and claims for compensation will have to be dealt with if sensitive information about your customers or suppliers gets into the wrong hands.

The ensuing adverse publicity and damage to your reputation will need to be managed to minimise the effect on your business.

You may have to bring in experts to fix the breach of your computer systems and consider how you will cover any financial losses.

Implementing ISO 27001 will provide a framework for identifying cyber risks to your business and establish processes needed to protect your information assets.
To find out more about the benefits of ISO 27001 ISMS, call one of our team on 0121 241 2299 or request a quote.
Breakdown-vehicle-recovering-a-car-to-PAS-43-standardsVehicle operators providing roadside recovery and repair services on roads throughout the UK must demonstrate that they have taken suitable precautions to protect their roadside workers.

Statistics from HSE show that working roadside can be a dangerous job. Though exact figures are not available because many road traffic incidents (RTIs) are not reported to HSE, there are several deaths from this work activity every year.

Suitable precautions include:
  • Training for technicians
  • Risk assessments
  • High visibility protective clothing for operators working in all weather conditions
  • Maintenance of vehicles and premises used by the operator.

PAS 43 standard

The PAS 43 standard for the safe working of vehicle breakdown and recovery operators was sponsored by SURVIVE, a partnership between the UK government, the Police Service, motoring service organisations and the motoring industry.

PAS 43:2018 is a management system that helps improve the safety of vehicle breakdown and recovery operators and their customers when they are attending an incident.

PAS 43 certification also demonstrates to authorities and organisations who purchase breakdown, recovery and removal services, that the company tendering for the business has achieved a recognised standard. A database is maintained on the SURVIVE website to enable organisations to check certificates are current and verify for themselves the validity of a recovery operators’ certification. All the operators listed on the database have been certified by a UKAS accredited Certification Body to ensure they meet the relevant procedures and training to a recognised standard. http://www.survivegroup.org/pages/publications/pas-43-database

Police, Highways Authority and motoring organisations will often require operators to be PAS 43 certified before they can tender for work with these organisations.

NHSS 17 and 17 B

National Highways Sector Schemes (NHSS) are quality management systems for organisations involved in activities relating to the UK road network such as landscaping, road surfacing and traffic management.

NHSS 17 and 17 B specifically cover vehicle recovery at highway construction sites and controlled roads for Highways England. The standard has recently been revised to fall in line with the ISO 9001:2015 revision and PAS 43: 2018 to allow easier integration using the ANNEX SL format.

Safe working practices for roadside operators

Training for your technicians needs to be regularly reviewed. As an employer it is your responsibility to provide suitable health and safety training that they need to carry out their work. Changes to highways, new technology and safety equipment is constantly evolving, for example:
  • The introduction of smart motorways means that operators may have to recover a vehicle that is in a live lane on a smart motorway with no hard shoulder. New procedures need to be followed with lane closures and reduction of speed limits coordinated by Highways England. Traffic officers or the Police may also be needed to support the recovery and keep your technicians safe
  • Protective workwear and equipment should be regularly inspected, maintained and renewed. Clothing must comply with EN20471 Class 3 and be suitable for use in all weather conditions. Damaged clothing or soiled high visibility workwear will lose their Hi-Vis properties if not maintained regularly
  • A proposal has recently been moved for debate through Westminster to change the amber warning lights to red on recovery vehicles and to discuss whether smart motorways are currently safe enough for roadside recovery.
Implementing a recognised standard such as PAS 43 and/or NHSS 17 and 17B will provide a management system to help you to monitor your procedures and safety standards to keep you up to date with the latest legislation and keep your technicians and their customers safe when carrying out roadside recovery.
To keep your recovery technicians safe on the UK road network call us or get a PAS 43 quote.
Waste-products-and-recycling-with-ISO-14001Waste is a global issue. The major world economies have long recognised that the amount of waste being produced has reached crisis levels. With developing nations producing more waste as they grow, global waste could increase by 70% by 2050 according to the World Bank.

Plastic waste has been identified as a major problem for our seas and environment with steps now being taken to limit the use of plastic containers across all sectors of the economy. Initiatives by supermarkets to remove plastic packaging from their shelves. Other moves by facilities to make water fountains and taps available for drinking water instead of using bottled water are just two of the changes that are gradually altering the way we shop and think about managing waste.

Food waste is one of the world’s largest contributors to carbon dioxide emissions. Waste from our own dining tables, commercial kitchens and throughout supply chains are one of the largest contributors towards global climate change according to the United Nations. Ways are being investigated to redistribute, recycle and reduce the amount of food waste that goes to landfill.

Tackling the problem will need global cooperation. ISO standards can help organisations to implement management systems that will help reduce the impact of their waste and emissions on the environment and improve performance and profits.

Being an independent, non-governmental international organisation, ISO can provide organisations, in the 164 countries where they have national standard bodies, with management frameworks that provide solutions to the challenges facing us in the fight against climate change.

ISO 14001 environmental management system

Commercial enterprises are under pressure to reduce the amount of waste produced and find ways to re-use, remanufacture, repair and recycle. The government announced in their policy paper published in December 2018 that their strategy will:
  • preserve our stock of material resources by minimising waste, promoting resource efficiency and moving towards a circular economy
  • minimise the damage caused to our natural environment by reducing and managing waste safely and carefully
  • deal with waste crime.
Their plan is to move society away from the inefficient linear economic model of “take, make, use, throw” to a more circular economy of “re-use, remanufacture, repair, recycle”. This will see us keeping resources in use for as long as possible. It will allow us to extract maximum value from them, then recover and regenerate products and materials at the end of their lifespan.

Their aim is to make the UK the G20 nation with the highest level of ambition for the environment.

Businesses will be expected to play their part, supermarkets are already moving to reduce packaging, restaurants are being encouraged to reduce wasted food or find ways of re-distributing excess food. Manufacturers are minimising and providing recyclable packaging.

Tackling the issue will require a management framework that encompasses the whole organisation. ISO 14001 provides an environmental management system that will make your organisation as efficient as possible to help you to meet any new or existing regulations, reduce waste and reduce costs.

What is ISO 14001

ISO 14001 certification involves a dedicated internal resource or an external consultant providing the necessary experience to identify where your organisation can improve waste management within your overall environmental management strategy.

Implementing ISO 14001 will demonstrate to your suppliers, employees and customers that you have an internationally recognised management system in place to minimise the impact of your operations on the environment.

Some of your customers may require certification before they ask you to tender for business. We are expecting this to become more common as we enter an era of planning to improve our environment.

ISO 14001 certification

The process of certification and the management framework implemented is unique to every business and your consultant will bring their expertise and knowledge to provide best practice and solutions to your particular needs.

The process will include a complete waste audit to determine the amount of waste you are generating and where savings could be made. Can any of your waste be recycled or re-used?

Working through this process, the benefits of using ISO 14001 will save money, help meet your legal responsibilities, reduce your environmental impact and, if implemented effectively, lead to increased profits.

Training employees and including your entire organisation in the process will help the implementation of ISO 14001 and aid the cycle of continual improvement that is required to achieve a successful audit.

Talk to one of our team about implementing ISO 14001 to meet your environmental goals as the government rolls out their 25-year plan to improve the environment. Request a callback or get an ISO 14001 quote.
Motorway-sign-ready-for-Brexit-with-ISO-9001There has been a lot of talk in the media recently about the possibility of the UK falling into recession following the contraction of the economy in the second quarter of 2019.

With the proposed Brexit date of 31st October looming there is speculation that the economy could shrink further if we crash out without a deal. Some forecasters are warning that if we exit without a deal, the pound would plummet, stock markets would fall and GDP could shrink by 2% by the end of 2020.

With so much uncertainty around, whether these scenarios become reality or not, businesses need to be taking steps to ensure their products and services are competitive and looking at every area of their operations to find cost savings and increase efficiency.

Are you ISO 9001 certified already?

If you have achieved ISO certification to ISO 9001, you will already have a quality management system in place that will constantly improve your performance and drive down costs. This will provide the perfect framework to identify and carry out further improvements before the effects of a downturn start to bite.

Have you recently reviewed every area of your business or carried out a risk assessment to identify the negative effects that a recession or leaving the EU without a deal would have?

If your last annual surveillance visit was over 6 months ago and you have not carried out a company review or internal audit since then, don’t wait until your next surveillance visit before you carry out a company-wide review that includes recession proofing and Brexit planning.

Acting early before the effects of a recession start to have an impact on your sales and profits, will help you to reduce costs and minimise waste to keep your prices competitive. As an ISO 9001 certified company, you will already have an advantage over competitors who have not achieved ISO 9001 certification. This will keep your current customers on board and make it easier to win new business from around the world.

Opening new markets could be an option for some sectors after Brexit. With a probable devaluation of the pound, UK exports will be cheaper. Depending on the Brexit deal (or no deal), opportunities outside Europe may offer a solution, mitigating any loss of trade within the EU because of increased tariffs or customs delays. Additional bureaucracy and delays disrupting supply chains are expected and will mean more work for your management teams that may require changes to your management framework and structure.

ISO standards are internationally recognised and certification to ISO 9001 will demonstrate to new customers your commitment to maintain high quality standards.

Not ISO 9001 certified yet?

If you have been considering gaining ISO 9001 certification, now is a good time to prepare your organisation for the step change that will help you to grow by implementing a quality management system that will improve every area of your operations.

A quality management system regularly audited by a third-party Certification Body (CB) will provide proof that you have processes in place to continuously improve your business to recognised standards.

Implementing ISO 9001 will provide improvements that will help you survive and thrive during a recession:
  • Increase productivity and profit
  • Make it easier to build relationships with new customers and keep existing customers
  • ISO standards are recognised globally and will help you to enter new markets
  • Maintain your competitive pricing when tendering for new business
  • Improve your management systems to adapt quickly to economic changes.
Give your business the best chance of surviving the next recession, whether it comes next year or in the future, talk to one of our team on 0121 241 2299 or get an ISO 9001 quote by completing our short enquiry form.
For businesses and organisations to be successful over the long term, focusing on providing and maintaining quality products or services will help to ensure the growth and survival of the enterprise.

Quality is often defined as a product or service that meets or exceeds customer expectations.

Maintaining product and service quality will keep your existing customers coming back and help you to win new business by:
  • Improving customer satisfaction and referrals
  • Reducing returns and complaints
  • Helping to gain access to new markets
  • Building trust
  • Increasing sales and profitability.
Quality management is an ongoing process of continuous incremental improvements that will keep you ahead of your competitors.

To do this effectively your organisation could implement a quality management system that provides a method of controlling, measuring, tracking and continually improving processes.

One of the most internationally recognised quality management systems is ISO 9001:2015. Implementing a system such as ISO 9001 provides a framework of documented processes, procedures and controls to continually improve quality management.


ISO 9001:2015 Quality Management System (QMS)

A Quality Management System should encompass the strategic goals of the organisation and therefore needs the backing and leadership from top management.

Documentation provides the framework that will lead to performance-based measures and controls to keep track of progress against your objectives. For certification to ISO 9001 some documentation is mandatory. Your own internal auditor or ISO consultant will identify what is needed and will probably suggest a quality manual because this provides a logical template to help implement your QMS. Some organisations prefer their own documentation method and providing it has the necessary information, is logical and is communicated across the entire organisation, this can be just as effective.

Your own quality manual or documentation will reflect the size of your organisation and type of business and sector you are in. The important factor is that it works for you and becomes an integral part of your business not just a tick box exercise. To emphasise this, the recent ISO 9001:2008 to ISO 9001:2015 revision has prioritised managing processes over documentation.

Making your QMS more effective

iso9001-ukasMany organisations obtain ISO 9001 because their customers demand certification as a prerequisite of working with you. Gaining ISO 9001 certification saves a lot of time in the pre-qualification process of a tender by demonstrating that you have a recognised quality management system in place. Especially if it is audited by a certification body that has been accredited by UKAS. The benefit of having the UKAS crown and tick on your certification identifies that your QMS meets the high standards that will be expected by your customers. Some organisations will not accept your certification without it.

ISO 9001 QMS registration mark

Regardless of whether you have been asked to gain certification or not, your organisation will benefit from the structured approach to every aspect of your business to help it improve and grow.

Because the ISO 9001 quality manual is based on a general template, it provides a guide that can be tailored by individual organisations to meet their own requirements. For example, progress through your quality manual will provide processes and actions that when completed will give you an edge over your competitors.

These are some examples of the content sections that will help you do this:
  • Policy documentation
  • Internal influences, SWOT (strengths, weaknesses, opportunities and threats) analysis
  • External influences, PESTLE (Political, Economic, Social, Technological, Legal and Environmental) analysis
  • Leadership
  • Management planning
  • Risk analysis, disaster recovery and continuity planning
  • Working procedures
  • Performance evaluation
  • Continual improvement.

Key stakeholders

Getting your key stakeholders involved in the quality management process through questionnaires and consultations will ensure their buy-in to establish and improve your quality management system.

Customer requirements will be paramount to quality objectives, finding out what their expectations are will be a priority for your quality policy document.

The organisation’s Directors and managers need to be fully behind the implementation of ISO 9001. One of the other changes in the ISO 9001 revision was the importance of leadership from top management.

Your employees, contractors and sub-contractors will play an important role in your implementation of quality procedures, monitoring and reporting. Gaining their support and feedback for your quality management processes will make the implementation more effective.

Suppliers play a key role in ensuring your products or services are reliable and available when your customers need them. Involving them in your quality management procedures will ensure continuity of supply to your expected standards.

To find out more about implementing a quality management system, or the revision from ISO 9001:2008 to ISO 9001:2015, request a callback or get a quote.