229
All Enquiries
please call +44 (0)121 241 2299
ISO_27001_cybercrime_man_sat_at_computerThe ISO 27001 information security management system provides your organisation with a framework for improving and managing your valuable data.

Cybercrime is a growing problem and will continue to put organisations at risk of a security breach. This could have devastating consequences for employees, customers and business partners.

Many organisations are ISO 9001 certified and see this standard as a basic requirement for doing business and meeting customer expectations for quality and management. Far fewer companies have achieved certification to ISO 27001; however, a data security breach could potentially be just as harmful to your profits and reputation as the quality failure of a product.

Customers expect their data to be protected and if their details get into the hands of cyber criminals, the ensuing adverse publicity and damage caused to reputation, not to mention the cost of fixing the problem, makes the argument for prevention an obvious choice.

One of the latest widely reported breaches involved the Marriott hotel chain. Despite having cybersecurity insurance, the cost is still expected to run into millions over the coming years.
The introduction of GDPR also took data protection to a new level, requiring organisations to comply with the regulations or face large fines.

ISO 27001 provides the framework to mitigate the risks and meet the requirements of the latest regulations.

ISO 27001 benefits
Certification to ISO 27001 which has been audited by a 3rd party such as a UKAS accredited Certification Body will provide the reassurance that the management framework and information protection system you have adopted is robust and regularly audited.

This demonstrates to customers your commitment to maintaining an effective system of controls and organisational processes that will keep their data safe.

It will meet regulatory requirements that may be needed by your own industry and any wider obligations such as GDPR.

ISO 27001 certification will also give you a competitive advantage when you are tendering for new contracts, especially if your competitors do not have such a framework in place.

Why ISO 27001 is needed in your organisation
If your organisation relies heavily on data, you have sensitive data that could be used by cyber criminals, your competitors have ISO 27001 or similar or your sector is highly regulated, you will have to gain some form of information security certification.

If you are going to go through the process of certification, it makes sense to go to the next step and have your information security system audited by a UKAS registered Certification Body. This will provide an independent and impartial assessment of your framework and processes.

UKAS accreditation has international recognition and will ensure your certification is given maximum credibility when it is issued. Certification bodies accredited by UKAS will have been assessed to provide the competence and impartiality required to provide you with a robust framework for now and into the future.

You can find out more about what UKAS accreditation means for your organisation on their website https://www.ukas.com/about

Alternatively, contact one of our fully qualified lead auditors for more information.
Bird_with_plastic_stuck_in_its_beakWe have all seen documentaries showing plastic pollution in our oceans which is affecting wildlife and ocean habitat. The films show items of plastic waste in young birds’ stomachs, turtles drowned by being caught up in plastic pollution and coral reefs choked by billions of pieces of plastic.

A recent article in the Guardian (30th October 2018) stopped me in my tracks and made me aware of the damage we have already done, not just from plastic waste, but also from our consumption of food and resources and ever-increasing global population.

“Humanity has wiped out 60% of mammals, birds, fish and reptiles since 1970, leading the world’s foremost experts to warn that the annihilation of wildlife is now an emergency that threatens civilisation.”
Report by World Wildlife Fund (WWF)

As Mike Barrett, executive director of science and conservation at WWF, said “we are sleepwalking towards the edge of a cliff”.

It is difficult to know where to start; the problem is immense and global. However, if every company initiated an environmental management system (EMS), making changes such as reducing waste and packaging, it would be a start.

One of the most recognised environmental management systems is ISO 14001.

Is ISO 14001 certification the answer for your business?
Whether you decide ISO 14001 is suitable for your company or not, every business can help by communicating to employees the importance of limiting the use of plastics.

I came across a website full of great suggestions for reducing plastic in the workplace, from active participation in events to asking suppliers to reduce plastic packaging. See the bottom of this article for the website link.

If you are looking for something a bit more structured combined with the support that will bring additional benefits to your company in the form of cost savings, ISO 14001 certification may be the answer. It will provide your business with a framework to improve environmental management systems and demonstrate your commitment to the environment.

The standard is suitable for companies of all sizes and industry sectors and the certification to the standard will include:
  • A plan for procedures and controls.
  • Employee engagement and training.
  • Targets for waste reduction.
  • A risk management and control framework to minimise the impact of your operations on the environment.
  • Continuous improvement, recording and monitoring.
Call one of our team to find out more about ISO 14001 or read the article about plastic reduction here: https://lessplastic.co.uk/9-ways-to-reduce-plastic-in-your-workplace/
Now the transition from ISO 9001:2008 to ISO 9001:2015 is complete, any organisation holding an out of date certificate (from before September 2018) will find some of their customers are not willing or able to work with them as a supplier.

Your organisation may be working to procedures audited 3 years ago; however, without regular independent 3rd party auditing to check quality management processes are working and are continually being adapted and improved, customers will lose confidence that your organisation can continue to provide the same high quality of service or product expected.

With the ISO 9001 revision in place, now is a good time to look at the benefits provided by ISO 9001 certification and how the revision will improve your quality management systems.

ISO_9001Maximise the benefits of being ISO 9001 certified
If you consider certification to ISO 9001 as simply a tick box exercise, you will fail to reap the full potential of your Quality Management System (QMS) to transform your organisation, making it a better place to work for your employees and a more professional entity for your customers and suppliers to work with.

Some organisations may be obliged to gain certification to ISO 9001 to meet the requirements of a client. Government, local authorities and larger organisations often require certification before they will consider a tender from a supplier. Even if certification is not a mandatory requirement for a customer, it will give you an advantage over your competitors.

Whether you are forced or whether you decide to achieve certification to improve your organisation’s QMS, implementation needs the backing and leadership of top management. In fact, this is one of the main changes in the ISO 9001 revision.

The QMS should be an integral part of the organisation, not a side project that achieves certification by ticking off a series of actions and ignored when other priorities take over. Supported by every level of management, it will continually improve processes and quality, with customer satisfaction being the main focus.

The ISO 9001 revision aims to provide an organisation with a QMS that will support growth and continual improvement as internal and external factors change. This will help your organisation to:
  • Improve your ability to satisfy clients.
  • Maintain the relevance of your QMS as other elements change.
  • Keep all user groups up to date with the latest operating environments and technology developments.
  • Maintain consistency during the next 10-year period.
  • Use ANNEX SL to easily integrate other standards into your organisation.
If you are still undecided whether ISO 9001 is going to benefit your organisation, talk to one of our team to find out more.

If you have a good management system and processes already in place, you may find it easier than you think to achieve certification to ISO 9001.
ISO 45001 is the new occupational health and safety standard and organisations currently certified to the OHSAS 18001 standard should now be going through the migration process ready for their next audit.

OHSAS 18001 certification remains valid until 12th March 2021; after this date, certification will be withdrawn.

ISO_45001_standardThe new standard is well suited to the building and construction industry whether you are a large construction company or smaller SME. However, the standard will be used throughout all industry sectors to improve occupational health and safety for employees.

The new standard is ideal for organisations with building sites that have multiple subcontractors as well as direct employees on site. The framework of ISO 45001 will help you to manage health and safety, identify risks and reduce hazards. Management of subcontractors can be coordinated in line with an integrated occupational health and safety plan for all parties on site.

ISO 45001 is part of the set of ISO standards such as ISO 9001, the widely recognised quality management system, or ISO 14001 environmental management system. Any organisation already certified to these most popular standards will find the integration of ISO 45001 far simpler because of the Annex SL framework. This provides a standardised framework across many of the ISO standards to save time and resources during the certification process.

Worker safety is paramount
Ill health, stress and injury statistics in construction are some of the highest across all industry sectors.
According to HSE figures for 2016/2017 construction sector in Great Britain:
  • 80,000 workers are suffering from work related ill health each year (LFS).
  • 30 fatal injuries to workers in 2016/2017 (RIDDOR).
  • 64,000 non-fatal injuries to workers each year (LFS).
Source from http://www.hse.gov.uk/statistics/industry/construction/index.htm

Benefits of ISO 45001 certification to your business
This globally recognised ISO standard with third party verification will help companies win new business by demonstrating to clients that they comply with legal requirements and are committed to making the workplace a safer environment. Some clients may even make it a requirement when tendering for business.

ISO 45001 provides a framework for continuous improvement to manage health and safety and identify hazards for future projects.

If you need help with migration from OHSAS 18001 to ISO 45001 or are thinking of gaining certification to the new standard, one of our team of lead auditors will be able to tell you more about the process.
The ISO 9001 transition period ends on 14th September 2018 and every organisation that relies on this standard to trade with its customers at home and abroad should have now transitioned to the revised version (ISO 9001:2015). Your certificate will be void unless you have your audit booked and you are ready for the transition in the next few weeks.

If you have not booked your audit to the revised standard ISO 9001:2015 by 14th September 2018, you will have to start the process of certification from scratch.

The same applies to ISO 14001:2008 revised to ISO 14001:2015.

Better integration and support from top management
One of the main revisions to the standard is the Annex SL framework.

Annex SL is a high-level structure that will provide consistency throughout ISO management system standards. This means that if your organisation has more than one standard (ISO 9001 and ISO 14001 for example), the management systems, structures, definitions and requirements will be consistent. This saves time and resources and makes it easier to comply with multiple standards.

The new ISO 45001 which is currently going through migration from OHSAS 18001 has also been designed around the Annex SL framework. Other standards already incorporate Annex SL, such as ISO 27001, and others will use it as they come up for revision.

ISO_9001_2015_RevisionOne of the other main changes is the involvement of top management. Leadership from management to drive the processes and support the quality management system (QMS) is now essential if it was optional before. QMS is a business process that delivers continual improvement and customer satisfaction and will need to be given the full backing and commitment at every level of the organisation.

This will inevitably lead to increased scrutiny of the management review meetings to ensure they are carried out with adequate frequency and actions are followed up. Identification of risks and risk management has also been prioritised and actions will need to be included as part of the management review process.

This all makes good commercial sense if you are serious about improving your business opportunities. The benefits can help you to grow your business and increase profits.

ISO 9001:2015 benefits
If you have been thinking about implementing ISO 9001:2015 into your organisation and need to convince top management that it makes good business sense and the investment of time and cost is worth it, here are some valid reasons:
  • Globally recognised standard to improve your credibility.
  • Less waste, increased productivity = more profit.
  • Better customer retention and satisfaction.
  • Improved internal management systems.
  • Identification and reduction of risks.
  • Employee engagement.

To find out more about implementing ISO 9001:2015 into your organisation, call one of our team on 0121 241 2299.