ESG compliance has fast become a focus for many organisations looking to address their wider sustainability profile.  However, its broad framework has left many scratching their heads on exactly where to start with evaluating and addressing various elements of Environmental, Social, and Governance compliance. For those looking for some direction, you may already have a solid foundation in place if you’re certified to one or many ISO Standards. Today Steph Churchman will explain what ESG is, how it can be scored and what role ISO Standards can play in ESG compliance. You’ll learn ·      What is ESG? ·      What scoring systems are available for ESG? ·      How can ISO Standards support ESG compliance? ·      What ISO Standards can support each pillar of ESG?   Resources ·      Isologyhub     In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:05] Episode summary: Steph will be breaking down what ESG compliance means, how ISO Standards can support ESG compliance and give some examples of what ISO Standards can support each pillar of ESG. [02:50] What is ESG? – ESG stands for Environmental, Social, and Governance. Analysis and evaluation against these three elements help organisations to consider different areas within their overall sustainability profile. The Environmental section looks at issues surrounding climate change and actions to address an organisation’s environmental responsibility. This includes monitoring and management of your energy consumption, waste management and pollution. It also seeks to tackle how organisations can address, reduce and mitigate their overall environmental impact. The Social aspect is based around the relationships an organisation has with its stakeholders. This is focused on employees and looks at a broad range of topics including employee wellbeing, fair and competitive pay, benefits and human resource related policies. Considerations can also include wider business relationships such as supplier relations, local community and government work. Governance criteria focuses on creating a business environment that is fair, transparent, and accountable. Considerations in this area include board composition, fairness in pay structures and executive compensation, business ethics and risk management. [04:15] An evolution of CSR – CSR (Corporate Social Responsibility) is very similar to ESG, but is less sustainability focused. It also lacked substance in the form of effective and accountable scoring systems that held businesses to account. This is where ESG differs, with many scoring systems, certifications and even mandatory requirements driving businesses to address their compliance.  [04:45] ESG scoring – There are many schemes, scoring systems and certifications available for ESG, some of which are specific to industry sectors and company sizes. What one you pick will be up to you (note that some many be mandatory in select countries), however, here are a few examples: The S&P Global ESG Score – This assesses a company's performance and management of ESG risks and opportunities using a combination of company disclosures, media analysis, and industry-specific questionnaires. A score of 0-100 is given based on their findings and are relative within a company’s industry sector. Fitch Ratings ESG Relevance Scores - Fitch Ratings assigns ESG Relevance Scores alongside their traditional credit ratings. These scores assess how ESG factors could impact a company's creditworthiness. Their scores range from 1-5, with 5 indicating the highest ESG relevance to credit risk. MSCI – They offer ESG ratings for a broad range of companies, it’s not really limited by sector or size. They use a letter grade system, going from AAA-CCC, to assess a company's relative ESG risks and opportunities compared to its peers. The scoring for this one assigns companies as either an ESG leader, average or laggard within their industry.   [06:10] How can ISO Standards support ESG Compliance  – It's important to clarify that there's no single ISO standard that guarantees ESG compliance because ESG is a broad framework. However, ISO standards provide a strong foundation for implementing many aspects of an ESG strategy. [06:35] Supporting ESG – Structure and Framework: ISO standards offer a structured approach to managing environmental, social, and governance practices. This helps companies identify key areas for improvement and develop a systematic plan to address them. [07:10] Supporting ESG – Improved Performance: By following ISO standards, companies can demonstrably improve their environmental performance, social responsibility, and governance structures by putting in frameworks that align with best practice standards [07:30] Supporting ESG – Transparency and Credibility: Achieving certification to a relevant ISO standard involves a third-party audit, which verifies that a company's systems and processes meet the standard's requirements. This certification acts as a credible signal to stakeholders such as your investors, customers, regulators, that you’re committed to ESG principles. [07:55] Supporting ESG – Risk Management:  Proactive management of ESG risks is a key component of any ESG strategy. Many ISO standards focus on risk identification and mitigation. For example, ISO 37001 (Anti-Bribery Management Systems) helps identify and address bribery risks, which can have significant financial and reputational consequences. Or ISO 45001 health and safety management, which requires risk assessments to be carried out to ensure the safety and well being of your employees on site locations, which would fall under the social aspect of ESG. [08:30] Supporting ESG – Competitive Advantage:  Strong ESG performance is increasingly sought after by investors and stakeholders. Implementing ISO standards can help companies demonstrate their ESG commitment and gain a competitive advantage in the marketplace. You’ll also feel the benefit of gaining multiple badges, through ISO certification and possibly an ESG score if you choose to go through one of the official scoring schemes.   [08:55] Think of ISO standards as building blocks. They provide the foundation and structure for a strong ESG strategy. By implementing relevant standards and achieving certification, you can demonstrate a dedicated commitment to ESG principles.   [09:50] Join the isologyhub and get access to limitless ISO resources – From as little as £99 a month, you can have unlimited access to hundreds of online training courses and achieve certification for completion of courses along the way, which will take you from learner to practitioner to leader in no time. Simply head on over to the isologyhub to sign-up or book a demo. [11:55] What ISO Standards can support the Environmental aspect of ESG Compliance?: ·      ISO 14001: Environmental Management - This provides a framework for managing environmental impacts, reducing waste, and improving your resource efficiency. ·      ISO 50001: Energy Management – this helps companies monitor and  optimize their energy use with the aim to help reduce greenhouse gas emissions. ·      ISO 20400: Sustainable Procurement – This will help you to adopt sustainable procurement principles and practices within your organisation, by looking at how you can reduce waste, choose more sustainable options for required resources, how you can extend the life of resources available through remanufacturing and recovery of waste, and encourages the use of more innovative products and services. ·      ISO 20121: Sustainable Event Management – This Standard is mostly applicable to the events sector, and aims to help reduce the amount of waste produced during events, either through potential energy savings and the production and recycling of resources used during an event. It’s recently had an update, so check out our latest episode to find out what the changes are. ·      ISO 14064: Greenhouse Gas Verification – This provides a framework for measuring and managing greenhouse gas emissions. This is a crucial step if you’re working towards Net Zero, as you need to know what your baseline is before you can work on reducing and offsetting remaining emissions. ·      ISO 14068: A framework for helping businesses achieve Net Zero, this standard will replace PAS 2060 in November 2025, so anyone looking into PAS 2060 now may be better off going with ISO 14068 as it includes more guidance on purchasing credible carbon credits. [14:15] What ISO Standards can support the Social aspect of ESG Compliance?:– ·      ISO 26000: Social Responsibility – which offers guidance on integrating social responsibility practices throughout your organization. ·      ISO 45001: Occupational Health and Safety Management - which helps companies create a safe and healthy work environment. It provides a robust set of requirements designed for improving workplace safety in organisations and supply chains, with the aim of reducing workplace injury and illness. ·      ISO 45003: Psychosocial Health & Safety Management aka Mental health in the workplace. For the last 4 years or so, work related stress, depression and anxiety has been the leading cause for work related ill-health cases and lost working days. That’s according to the annual HSE reports, which clearly highlights a big issue that many more need to consider and address.    [14:15] What ISO Standards can support the Governance aspect of ESG Compliance?:– ·      ISO 9001: Quality Management – this is the leading global ‘quality mark’ for businesses and designed as a vital business improvement tool. It’s quite simply A blueprint for running your business successfully. ·      ISO 22301: Business Continuity Management - Which provides a basis for planning to ensure your long-term survivability following a disruptive event. This is a Standard that many align with, but don’t always certify to, and for good reason as it provides some invaluable guidance for establishing robust Business Continuity Plans. ·      ISO 27001: Information Security – This is a Standard that is common place for most sectors now, given how reliant we all are on tech. ISO 27001 will help you to implement an Information Security Management System (ISMS), which is a systematic approach to managing sensitive company information, ensuring it remains secure and available. It encompasses people, processes and IT systems. ·      ISO 37001: Anti-Bribery Management Systems - It’s the International Standard that allows organizations of all types to prevent, detect and address bribery by adopting an anti-bribery policy, appointing a person to oversee anti-bribery compliance, training and carry out risk assessments. ·      ISO 44001: Collaborative Business Management – This was originally  a British Standard that had been created to provide a framework for creating and managing collaborative business relationships between organisations. The standard promotes the best way for businesses to work together, thus effectively developing and managing their interactions with each other for maximum benefit to all. If you’d like to book a demo for the isologyhub, simply contact us and we’d be happy to give you a tour. We’d love to hear your views and comments about the ISO Show, here’s how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

ISO 20121:2012, the Standard for Sustainable events management, was originally created and launched in coordination with the London 2012 olympics. 12 years on, it seems only fitting that its next revision would applied to the 2024 Paris Olympic Games. 10 Years on from it’s original release, the Standard has received a substantial update to not only bring it in-line with other ISO Standards, but to also address additional elements within event management, such as human rights and legacy. Today Steph Churchman will explain the changes to ISO 20121:2024, what certified companies must do to transition and the consequences of not doing so before the deadline. You’ll learn ·      What is ISO 20121? ·      What are the changes to ISO 20121:2024? ·      What steps should certified companies take to complete their transition? ·      What should you be updating? ·      What are the consequences for not completing your transition ahead of the deadline?   Resources ·      Isologyhub     In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:05] Episode summary: Steph will be discussing the changes to the Sustainable Event Management Standard, ISO 20121:2024, in addition to outlining what you should be updating ahead of your transition to the latest version of the Standard. [02:30] What is ISO 20121? – . The Standard for Sustainable events management was originally created and launched in coordination with the London 2012 olympics. When it came to planning the 2012 Olympic Games, they took a step back and considered the impact of required development and construction would have on biodiversity, as well as how they could reduce their Greenhouse Gas emissions and general waste in the preparation and running of the event. 12 years on, it seems only fitting that it’s next revision would applied to the 2024 Paris Olympic Games. ISO 20121 specifies the requirements for an Event Sustainability Management System to improve the sustainability of events. The standard applies to all types and sizes of organisations involved in the events industry – from caterers, lighting and sound engineers, security companies, stage builders and venues to independent event organisers and corporate and public sector event teams. [04:45] A high-level overview of the changes to ISO 20121:2024 – One of the biggest and most welcomed changes is the fact that the Standard is now aligned with the familiar High Level Structure that many other ISO’s follow. This means it will be easier to integrate with other Standards like ISO 9001 and ISO 14001. Next, there is a bigger focus on climate change, legacy and human rights. These elements weren’t necessarily missing from the previous version, but they weren’t a key focus either.  [05:10] Climate Change in ISO 20121:2024 – , ISO 20121:2024 now explicitly requires considering climate change and its impact on your event and stakeholders. So, this might involve carbon emission reduction strategies and adapting to potential climate-related disruptions. Biodiveristy may also fall under this, especially if your events require construction, or take place in an outside venue such as a park or field. A quick reminder that 31 common ISO Standards also received a Climate Change Amendment, so if you haven’t addressed that yet, check out our podcast episode and workshop recording to learn about what you need to do. What does this focus on climate change mean for certified companies?: ·      It provides an opportunity for event professionals and event organisers to demonstrate leadership in taking action around climate change ·      Certified organisations are required to ensure that any carbon offsetting completed via carbon credits are credible ·      ISO 20121:2024 Standard facilitates the process of taking credible action and aligns ISO 20121 with big changes relating to climate change [06:55] Human Rights in ISO 20121:2024  – The new version also expands beyond environmental concerns to encompass human and child rights, social impact (including mental health and diversity), and digital responsibility. Your management system will need to address these aspects throughout the event lifecycle. What does the increased focus on human rights in ISO 20121 mean for certified organisations?: ·      Certified organisations will need to demonstrate and adhere to UN Guiding Principles on Business and Human Rights. ·      The revised standard also now references social impact in its definitions – primarily in the definition for Sustainable Development and Stewardship. ·      A new Annex has been added – Annex D: Guidance on Human and Child Rights. ·      Added guidance states that event organisers should consult with Human and Child Rights experts and conduct a Human Rights Assessment to identify potential risks to the people as a result of an event and its surrounding activities. ·      You should publish a Human Rights Policy to ensure that Human Rights consideration is embedded in the whole lifecycle of an event. [08:40] Legacy in ISO 20121:2024 – An added focus on Legacy provides an opportunity to event organisers to focus, not only on the few days of event delivery, but also supports in creating enduring results for the hosting community. For example, creating an economic impact for the local population, by providing the opportunity to acquire new skills, to share best practices on how to do events in a more sustainable way or by improving a public place close to the event. [09:20] Join the isologyhub and get access to limitless ISO resources  – From as little as £99 a month, you can have unlimited access to hundreds of online training courses and achieve certification for completion of courses along the way, which will take you from learner to practitioner to leader in no time. Simply head on over to the isologyhub to sign-up or book a demo. [11:30] A strengthening of Stakeholder Engagement – The Standard now emphasizes demonstrating sustainability throughout your supply chain. This might involve you requesting proof of sustainability practices from vendors and incorporating ethical sourcing practices. The definition of stakeholders has also now been expanded to include partners and sponsors. So, you’ll need to consider how their sustainability practices align with your event's goals. The policy clause now requires reporting on your sustainability achievements and lessons learned. Building a system for tracking and reporting these aspects will be crucial, and will likely involve a lot more communication between your stakeholders to gather any necessary data for reporting purposes. [12:35] alignment and flexibility – The updated standard aligns with other management system standards thanks to the high level structure update, making integration easier for organizations with existing systems. The revised standard also caters to events of all sizes and complexities, allowing for adaptation to your specific needs. There’s now alignment with Global Frameworks, like the UN Sustainable Development Goals (SDG’s) and the Paris Agreement. If you’d like to learn more about the SDG’s, check out a few previous podcast episodes: 106, 107 & 108. [13:30] Transition Deadline – What happens if you miss it? –  Anyone certified to the 2012 version of the Standard will have until the 31st March 2027 to transition to the 2024 version. If you don’t, you’ll risk losing your certification, and you’ll have to go through the whole Stage 1 and 2 Assessment again to get that certificate back, which is obviously quite costly. [14:15] What do you need to do to transition? – Here’s a very high-level of the steps you should take: ·      Review and conduct a Gap Analysis: This is to compare your existing system against the new standard's requirements to identify areas needing improvement. ·      Update your Policies and Procedures: specifically your event sustainability policy to reflect the broader range of sustainability issues and incorporate reporting requirements. ·      Develop a plan to engage with a wider range of stakeholders, including sponsors and partners, on sustainability initiatives. ·      Review your Supply Chain Management: This will involve establishing or updating procedures for assessing and integrating sustainability practices throughout your vendor network. ·      Training and Awareness: Any and all changes should be communicated. Educate your team on the new standard's requirements and integrate them into event planning and execution processes. ·      Carry out Internal Audits: Once you’ve implemented the changes, audit against the new Standard and ensure you’re compliant. Then you’ll need to prepare for your Certification Body Transition visit. [15:30] What Specific actions can you take to update your ISO 20121 Management System? Here are some suggested actions to address Human Rights and Children’s Rights: ·      Update your event sustainability policy to explicitly state your commitment to respecting human rights and children's rights throughout the event lifecycle. ·      Update your Risk Assessments as you’re going to need to identify potential human rights risks associated with your event, such as discrimination in hiring or unfair labour practices within the supply chain. ·      Review your Supplier Management as you’ll need to ensure your suppliers uphold human rights standards. ·      Engage with relevant stakeholders like human rights organizations or local communities to understand potential human rights concerns and incorporate their feedback into your planning.   A few other actions you could do include: ·      Partnering with organizations promoting fair labor practices and human rights. ·      Including human rights clauses in contracts with suppliers and partners. ·      Conduct training for staff on identifying and mitigating human rights risks. ·      Implementing a grievance process for reporting potential human rights violations. [17:00] What further actions can you take to address Legacy?: ·      Integrate legacy planning into the early stages of event development. Consider aspects like infrastructure, also workforce development (for example training opportunities for local communities), and universal accessibility for people with disabilities. ·      Develop metrics to measure the positive legacy of your event. This could involve tracking the number of jobs created, increased accessibility measures implemented, or infrastructure donated to the community. ·      Consider the potential to partner with local organizations to ensure the event's legacy benefits the community in the long term. This might involve collaborating on infrastructure projects or workforce development initiatives. ·      You should also Conduct a post-event impact assessment to evaluate the event's legacy. [18:00] Reporting on the social, economic and environmental impacts – The first step should be to develop a Reporting Framework: This framework should consider relevant metrics for social (e.g., job creation, diversity), economic (e.g., local business involvement), and environmental (e.g., carbon footprint, waste generation) impacts. Next, you need to Implement a system for collecting and analyzing data related to your event's social, economic, and environmental performance. And lastly, choose appropriate communication channels for your sustainability report, such as your website, annual reports, or dedicated sustainability reports. You could look at specific reporting software or get help from a third-party such as Blackmores.   We’d recommend purchasing a copy of the Standard so you can review the specific changes yourself, in addition to reviewing the updated guidance provided in the Annexes. If you’d like to book a demo for the isologyhub, simply contact us and we’d be happy to give you a tour. We’d love to hear your views and comments about the ISO Show, here’s how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

ISO Standards provide a framework to help businesses manage various aspects of their activities. Whether that’s quality, risk, environmental or Information Security management, they provide invaluable guidance to establish an effective Management System. One element that is key, no matter the Standard or subject area, is Leadership. Without this driving force, your Management System will not get the momentum it needs to truly benefit your way of working. Today Ian Battersby will explain the integral role of leadership within the Implementation and maintenance of an ISO Management System, and how their active participation benefits the whole business. You’ll learn ·      What is Leadership? ·      Where is Leadership referenced in ISO Standards? ·      How do Leadership get involved with the Implementation and Management of ISO Standards? ·      How does Leadership participation benefit the business?   Resources ·      Isologyhub     In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:05] Episode summary: Ian will be discussing the role of Leadership within ISO Management Systems and how their active participation can benefit the business as a whole. [02:30] What is Leadership? – Leadership is central to success in achieving any goal in business. It involves motivating a group of people toward a common pursuit, and it certainly isn’t straightforward without leadership believing in what it’s doing. Without showing that belief, why would the workforce sit up and take note: ‘If it’s not important to you, why should it be to me?’ [03:30] Why should Leadership get involved? – The need for leadership has been recognised by Standards bodies, hence why it’s been made central to all Management System Standards. For many years, Management Systems were separate from the day-to-day activities of running a business, often boiled down to just a person in a room with manuals, getting through certifications and earning a nice shiny badge.But this had little to no impact on the bottom line (be honest)! But, a well-run Management System can have huge impacts and benefits on all types of organisation, and updated ISO standards aim to deliver that impact more readily, so leadership gets its own clause (Clause 5 – Leadership)  [05:25] Clause 5.1 Top management shall demonstrate leadership & commitment – This boils down to taking accountability for effectiveness of the system, but how do you do this? Firstly, the system can only be effective if it is designed correctly, so leadership must ensure it fits with its context of the organisation, which is required in Clause 4. There are ways of doing this, but we favour a SWOT and PESTLE. This is simply to ensure that those establishing context don’t do it in a vacuum, opening up the floor to get input from everyone effected by the Management System. This is key because Senior Managers need active involvement to understand how the system works, its resource needs and its performance. [07:25] Ensuring quality policy and objectives are established and compatible with context and strategic direction – The quality objectives must contribute to the business, so there's a role for senior managers to ensure that they are aligned and have a measurable contribution to the business. What measures are included in your objectives which can demonstrably show that they affect the business in some way in a good way? That's what senior management have to do to link quality objectives with strategic organisational business objectives. [08:20] Ensuring integration into the organisation’s business processes – The quality objectives must contribute to the business, so there's a role for senior managers to ensure that they are aligned and have a measurable contribution to the business. They must ensure integration into the organisations’ business processes, which in turn must be aligned with the context. They must also be relevant to the way the organisation runs and senior management needs to oversee a system which allows processes to do that. [05:20] Promoting use of the process approach and risk-based thinking – This requires senior management to actually do some promotion – which is stipulated as ‘Shall Promote’. For those that don’t know, whenever the word ‘Shall’ is used in an ISO Standard, that essentially means you MUST do it. In this instance, that means actually contributing the communications and raising of Management System Awareness. Senior Management have to be involved in the process of describing to people what's important, why the standards are important and that risk and process are central to the organisations operations. [09:35] Providing resources for the system – There’s a number of resources that Senior Management need to consider, including: ·      People - Need to be enlisted to run a system and to operate the system throughout the organisation. ·      Competence – You may need to invest in training if required. ·      Expertise in the standard – Do you have expertise in-house on the Standard you’re certifying to? If not, you will have to invest in training or additional help from a third-party. ·      Systems / Access and Documented Information – Do you have a place for hosting of documentation, workflows, forms? Further considerations are needed for required authorization and controlled access. ·      Time – Implementing and maintaining a Management System is a big task, whether done by an individual or a team, they will need time to complete necessary Management System activities. [10:30] Communicating the importance of an effective system and conforming to its requirements – Everyone looks up to Senior Management in regard to what their priorities are. It’s up to them to effectively communicate the importance of the Management System, it’s processes, their role in relation to the Management System and how to confirm with it’s requirements. Key points to get across: ·      How this system makes your workplace a better place. ·      How it contributes to success of the organisation – I.e. happier customers, safer working conditions, ect ·      How it can make their daily routine more fulfilling – i.e. having a complete picture of their place in the business, how they contribute to its success. ·      What could nonconformity bring if people choose to step outside a management system? – I.e. With ISO 45001, nonconformance could risk someone getting injured. [13:50] Engaging/directing/supporting persons to contribute to effectiveness of the system – Team managers should be harnessing the people at all levels to be able to fulfil the requirements of the Management System. They should do that by providing clear expectations, which can be done via so communications and objective setting. [14:30] Promoting improvement – Continual Improvement is absolutely key to every management system. When something does go wrong, senior management must provide the resources for actively asking why things may have underperformed, so you can get to the cause of why it’s underperforming and put it right. It’s also an opportunity to highlight when things have improved and celebrate those that contributed to that success. [15:30] Join the isologyhub and get access to limitless ISO resources  – From as little as £99 a month, you can have unlimited access to hundreds of online training courses and achieve certification for completion of courses along the way, which will take you from learner to practitioner to leader in no time. Simply head on over to the isologyhub to sign-up or book a demo. [17:40] Supporting other management to demonstrate leadership in their areas – Leadership drives top to bottom. Everybody can have a role in leadership. Roles and responsibilities are assigned by senior management, and this offers the opportunity for individuals to provide their own leadership in their specific areas.   [18:15] 5.2 Policy – The definition of Policy in ISO Standards is: The overall intentions and direction of the organisation, expressed by senior management.  A policy exists to govern the behaviour of an organisation and its employees in order to provide the best outcomes.  It also provides the basis for the establishment of objectives.  It does not explain how the policy is to be delivered through individual tasks.  This may not be a detail for top management. What’s the requirement?: Top management must ensure its appropriate to the purpose and context of the organization and supports its strategic direction It’s not simply just a piece of paper to sign once a year. [19:25] 5.3 Organizational roles, responsibilities and authorities – What does the Standard say:  ‘Top management shall ensure that responsibilities and authorities for relevant roles are assigned, communicated and understood within the organization’ What does this actually mean?: ·      Ensuring the Management system conforms to your ISO Standard(s) ·      Ensuring processes deliver desired results ·      Performance reporting including opportunities for improvement ·      Promotion of customer focus ·      Ensuring integrity of the management system through change and continual improvement [21:30] Leadership in practice – Ian recounts an experience where senior management did regular safety checks in an organisation he worked with previously. Senior Management took an hour out each month to do a floor walk and actually talk to those on the ground floor to ask them about risk, equipment and just generally get a feel for how everything really worked. In turn, they were challenged by their staff on safe working systems and this proper conversation led to better understanding on both parts. The staff got to see their Senior Management genuinely care about their work and well-being, and Senior Management got much needed insight into the actual day-to-day activities and see first hand where improvements could be made. Those familiar with ISO 45001 will know that worker participation is a requirement of the Standard, but there’s no reason why you can’t apply this to other Standards. If you’d like to book a demo for the isologyhub, simply contact us and we’d be happy to give you a tour. We’d love to hear your views and comments about the ISO Show, here’s how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

There is a growing pressure on businesses to address their environmental impact, both from the Government as well as a more sustainably minded consumer base. As a result, the need to carry out Greenhouse Gas (GHG) emissions reporting is being introduced as a mandatory requirement for tenders, and Government led initiatives such as Streamlined Energy and Carbon Reporting (SECR).   Today Mel Blackmore will discuss Greenhouse Gas (GHG) emissions reporting, and how verifying GHG Statements in alignment with ISO 14064-1 can benefit your business. You’ll learn ·      Why is there a growing need to report on GHG emissions? ·      What is the difference between certification and verification? ·      What is ISO 14064-1? ·      What are the benefits of ISO 14064-1?   Resources ·      Carbonologyhub     In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:05] Episode summary: Mel will be discussing GHG emissions reporting, and why verifying your businesses GHG Statements in alignment with ISO 14064-1 is a smart move.      [02:30] What’s the difference between Certification and Verification? – We covered this in detail on a previous episode, go back and listen to episode 162 [02:40] Why is there a growing need to address GHG emissions? – Climate change is a top concern for many. Consumers, investors and governments across the globe are all demanding greater transparency and accountability from businesses regarding their environmental impact. In particular, the carbon footprint a business claims to have. [03:25] What is ISO 14064-1? – ISO 14064-1 is in internationally recognised Standard for quantification of Greenhouse Gas (GHG) emissions and removals at the organisational level. In simple terms, this is the go-to Standard for businesses looking to calculate, verify and publish its carbon emissions. [03:40] Benefit #1: Making compliance and reporting easier – Now, it’s important to note that the first time you go through this process will be like pulling teeth. You will need to do a fair bit of work initially, but once that’s set-up, it will make the necessary annual reporting a much easier process. ISO 14064-1 verification ensures you are complying with applicable regulations such as SECR and the Governments requirement for a PPN 06/21 (within the UK). If you are based in the UK, there is now Public Sector tendering requirement to identify what your carbon footprint is and make recommendations for reductions in the form of a Carbon Reduction Plan (CRP). It can also help to streamline initiatives like the CDP (Carbon Disclosure Project) or EcoVardis. [05:40] Benefit #2: Taking a deeper look at your emissions footprint – Verification is not simply just ticking a box, it’s about providing a clear picture of your organisations’ total GHG emissions. Not just your CO2 emissions, ISO 14064-1 ensure you account for different types of emissions sources. This granular understanding will be crucial in identifying areas for improvement and developing an effective reduction strategy. [06:25] Benefit #3: Providing Trust and Transparency – Having your report verified by am independent third-party adds a layer of credibility to your GHG reporting. Anyone can just say their carbon emissions are X, but it’s another to have that backed up by a third-party. They can ensure your claims are true, correct and that there is a credible methodology behind it. Stakeholders such as investors, consumers and regulators will then have the confidence that your emissions data is accurate and transparent. Carbonology can assist you with the training resources needed to do this – so check out their website to learn more. [07:30] Benefit #4: Pave a way for Carbon Reduction Strategies – We mentioned earlier about the requirement for a PPN 06/21, this requires a Carbon Reduction Plan (CRP). Whether you create one based on a mandatory requirement or not, having a CRP is a no brainer for any business. It helps you to understand your emissions, which is the first step towards reducing them. ISO 14064-1 verification lays the ground work for developing and implementing an effective CRP. This can translate into significant cost savings and a competitive edge in the long run. [08:30] Benefit #5: Embrace Mitigation – The verification goes beyond just cutting emissions. It supports mitigation actions like carbon removal projects, allowing you to demonstrate a holistic approach to tackling climate change year on year. [08:50] Benefit #6: It’s a global Standard – ISO 14064-1 was created by over 140 representatives from over 50 countries globally to define exactly what greenhouse gas emission verification should look like. While there are lots of other ways to achieve Net Zero, it makes more sense to choose an established route that will be recognised as best practice globally. [10:25] Benefit #7: Tracking your progress – Verifying your GHG statements allows you to track progress over time. This data is invaluable for communicating your achievements both internally and externally to key stakeholders about your drive towards net zero goals. It also helps to showcase your commitment to sustainability. [11:00] Benefit #8: Participation in sustainability initiatives – Verification opens doors to participating in voluntary GHG registries and sustainability reporting initiatives. This in turn will help to broaden your visibility as an organisation, amongst the environmentally conscious stakeholders that will be looking for credible sustainable businesses to work with or buy from. [11:45] ISO 14064 is a no-brainer – It offers a significant strategic advantage and can help to demonstrate transparency with GHG reporting – something very sought after in the midst of a lot of green washing claims. If you’d like assistance with ISO 14064-1, visit Carbonology’s website and get in contact, they’d be happy to help. We’d love to hear your views and comments about the ISO Show, here’s how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

ISO Standards provide a framework to help businesses manage various aspects of their activities. Whether that’s quality, risk, environmental or Information Security management, they provide invaluable guidance to establish an effective Management System.  However, for those who are new to ISO Standards, the Standards themselves can seem rather intimidating to interpret. Back in 2015, the Annex SL format was introduced to provide a common high-level structure for Management Systems. With 10 clauses now common in most widely adopted ISO Standards, it can still be a bit difficult to understand exactly how these all work together. Today Ian Battersby will explain how ISO Standard clauses work in tandem to create a cohesive cycle, from context of the organisation through to Improvement.    You’ll learn ·      What is the high-level structure? ·      What are ISO Standards structured this way? ·      How do ISO Standard clauses interconnect? ·      How does this apply to Quality Management?   Resources ·      Isologyhub     In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:05] Episode summary: Ian will be discussing the interconnectedness of clauses, which basically just means explaining the key links between the clauses and how that applies to your management system.     [02:40] High level structure – 10 years ago, Annex SL was introduced to create a common framework for ISO Standards. Today, Ian will focus on ISO 9001 as that really is the grandfather of all Management System Standards. ISO 9001 includes elements which are applied to most commonly adopted ISO Standards, and sets the scene in terms of how the clauses link together. [03:20] Why are ISO Standards structured this way? – On their surface, ISO Standards can seem very repetitive in the way that they’re written, but there is a good reason for that. There are all based around the Plan-Do-Check-Act cycle. [04:10] What is the Plan Do Check Act cycle? – This is a simple process that all Management System Standards adhere to. So you start with a ‘Plan’ to establish objectives, the resources which you need to deliver results, you identify risks and opportunities. From that point you fulfil the ‘Do’ part through Implementation and using the Management System. From there you ‘Check’ so you monitor against the policies, objectives and any other requirements. Basically monitor against what you said you'd do and then you ‘Act’ if you find anything that needs to change, you make that change and you improve as an organisation and you improve that management system. [05:00] A logical path – Management System Standards are designed in such a way that they flow from one clause to the other. One cannot exist without the other. [05:20] How does Clause 4 Context of the Organisation link with Clause 6 Planning? – As clause 4 Context of the Organisation states:  ‘external and internal issues relevant to your purpose and strategic direction… …and that affect your ability to achieve intended results’ The scope of your management system depends entirely on this. The world in which you operate - what you buy, the people you employ, what you make, who you sell to, the laws you follow… Clause 4 also requires us to identify all interested parties (which we’ll address later!). With careful planning, you can align documentation you develop for one clause with other clauses. Clause 4 doesn’t tell us how we should work out our context, but it provides some very good clues ·      NOTE 1 Issues can include positive and negative factors ·      NOTE 2 Understand the external context by considering issues arising from legal, technological, competitive, market, cultural, social and economic environments So they’re not saying how to do it, but they’ve said what you can consider This sounds a lot like a traditional SWOT/PESTLE analysis… If we skip to Clause 6, Planning, the first thing we must do when we plan is to identify actions to address risks and opps A SWOT will mean you’ve covered these elements, consider the following = ·      Weakness = Risk ·      Threat = Risk ·      Opportunity = Opportunity We can similarly view the PESTLE in the same light. So you can see that with careful planning, as mentioned you can align documentation for one clause with other clauses. [10:00] How does Clause 6 link with Clause 7 & 8? – Skipping from Clause 6.1 If you’ve identified what might go wrong (aka - risk), you need to plan to ensure it doesn’t happen again. That may involve a single improvement action, which is linked to clause 10 (funnily enough, Improvement) It may be that you need something bigger, involving many steps, over a period of time, say an objective (clause 6.2)? So, the planning of objectives links directly to the context of the organisation, the world in which you operate. It may be that you need an operational control to mitigate risk, a process or procedure that helps to manage the situation as a business as usual situation (clause 7 documented info and clause 8, operation) So the planning of processes and procedures links directly to the context of the organisation, the world in which you operate. In all these circumstances, it’s the same for opportunities, except you’re putting in place measures to take advantage of the opportunities. [13:05] Join the isologyhub and get access to limitless ISO resources  – From as little as £99 a month, you can have unlimited access to hundreds of online training courses and achieve certification for completion of courses along the way, which will take you from learner to practitioner to leader in no time. Simply head on over to the isologyhub to sign-up or book a demo. [15:10] Clause 7 Support and related links – Moving through the standard, clause 7.4 relates to Communications. You need to determine internal and external communications relevant to the QMS (for 9001). In clause 4, you would have looked at interested parties (i.e. stakeholders). You need to determine who affects the way in which you operate and what they need/expect from you. Parties to consider include: ·      Customers ·      Employees ·      Shareholders ·      Suppliers ·      Regulators ·      Neighbours ·      Media So, by Clause 7 you will have already identified who’s interested and what interests them, so it’s only a small step to add to this the communications plan.  ISO 9001 doesn’t ask for one specifically, but it’s a good way to fulfil the requirements of clause 7.3. Clause 7 also mentions Monitoring and measuring resources (7.1.5).  This is a very brief clause, but central to establishing the means for demonstrating performance. We need reliable results when monitoring or measuring is used to verify the conformity of products and services to requirements, i.e. do we do what we say we do? Clause 7.5 requires us to document how we do things.  Again it’s very brief in its requirements (leaves it up to you to decide), but clause 8 is all about operation – which is the way you do things. It’s much more specific about understanding what the customer wants, designing it correctly, controlling changes, making it, delivery and addressing issues.   This is what you measure: 7.1.5 requires you to ensure you can measure, 7.5 requires you to document how you do things, 8 requires you to do things according to the way you’ve said you will. [20:10] Clause 9 Performance Evaluation and related links – Moving onto Clause 9, Performance Evaluation, again risk appears.  We’ve already assessed risk right at the start, now we evaluate whether we’ve successfully controlled risk. We decide what to audit based on the level of risk attached to certain controls (policies, procedures, processes…). We’ve set objectives based on risks and opportunities and now we must measure performance. We’ve put in place operational controls to mitigate risk (clause 8) and now we measure whether those controls work. [21:30] Clause 10 Improvement and related links – This one is fairly self-evident. If something goes wrong, find out why and put it right and make sure it doesn’t happen again. Look at your system and continually improve based on your evaluations in Clause 9. If you’d like to book a demo for the isologyhub, simply contact us and we’d be happy to give you a tour. We’d love to hear your views and comments about the ISO Show, here’s how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

After 5 years of hosting the ISO Show, Mel Blackmore will be taking a step back as she focuses on her sustainability related endeavors. She’s passing the baton onto our new host – Ian Battersby. Ian is a Senior isologist at Blackmores, and while relatively new to the team, he has a wealth of Standard and ISO related knowledge to share with you all. Today we Introduce Ian Battersby as the new host for the ISO Show and learn about his background in Standards and ISO.     You’ll learn ·      Taking a step back ·      Introduction to Steph Churchman ·      Introduction to Ian Battersby ·      What Standards has Ian worked with? ·      What Sectors has Ian worked in?   Resources ·      Isologyhub     In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:05] Episode summary: After 5 years of the ISO Show, Mel Blackmore is handing the hosting baton over to Ian Battersby    [02:25] Interim host – Ian will be the main host going forward, but there will be additions from Blackmores’ Communication Manager – Steph Churchman. You may recognise her from recent episode such as: ·      Top 10 Reasons to use ISO 42001 AI Management ·      Top ISO Standard Trends in the Data Centre Industry Steph will be sharing findings from our own research, standards updates and conducting interviews with our isologists. [03:35] An Introduction to Ian Battersby – Ian has been working for Blackmores since August 2023. Although he is meant to be part-time, he’s had a very busy first few months here! Ian began working in British Aerospace, specifically manufacturing, in 1984. He later decided to return to university to study electrical and electronic engineering, which was promptly dropped. His return to BAE lasted a few years before he moved onto the civil service for the Department of Health, working with them to conduct safety investigations and helped to create a broader risk profile. When he moved to work with the NHS, firstly, with the litigation authority setting up governance and risk standards and then as a risk manager. Surprisingly, after moving up a few levels, he decided to move onto run a restaurant! A Curry House to be specific, but after a year of rather stressful work that ended up costing a lot more than expected, he returned to work within the construction industry which is where he became more involved with ISO Standards. From there he went onto work in manufacturing of high pressure pumps for a while before moving onto an organisation who rant he estate for the Department of Work and Pensions. In the end, Ian left them due to being unable to live the life he wanted to live. [05:15] What Standards has Ian worked with? – He started with ISO 9001, ISO 14001 and OHSAS 18001 (now ISO 45001). [06:00] Digital Nomad – Ian currently splits his time between Leeds in the UK and Malaga in Spain. Having a lot of experience working remotely in previous industries, this leap didn’t impede on his work in any way. [07:15] What other Standards has Ian worked with? – He has assisted with ISO 44001 (Collaborative Business Management), but admittedly it was not his favorite ISO Standard to work with. It’s one of the rare instances in ISO where the Standard doesn’t quite align with others. [08:00] What Sectors has Ian worked in – Ian’s extensive work history has afforded him the opportunity to work in a number of sectors, including: ·      Construction and Fit out ·      Manufacturing ·      Estate Management ·      Private enterprise ·      Healthcare / NHS ·      Facilities With this list growing at a rapid pace since his introduction at Blackmores! [09:45] What’s a big challenge that Ian’s had to overcome in the past? – In terms of ISO, it has to be Leadership. Ian’s found that to always be an issue within businesses attempting to implement ISO Standards. A good looking Management System will only go so far without leadership commitment. While working in facilitating Standards for an organisation, you won’t be implementing the whole system yourself. It’s more a case of delivering through others, the organisation controls and delivers their own processes and improvements, and so it’s imperative that Leadership are also embedding and encouraging these actions. Ian will be going more in-depth on this topic in a future episode. If you’d like to book a demo for the isologyhub, simply contact us and we’d be happy to give you a tour. We’d love to hear your views and comments about the ISO Show, here’s how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

Can you believe we’ve been publishing the ISO Show for 5 years now! We certainly can’t! The ISO Show began back in 2019, following a trip to Cumbria by the host Mel Backmore. She was, and still is, an avid fan of podcasts and while listening to a few of her favourites on the 4 hour trip, she got to wondering if there were any podcasts about ISO Standards. As it happened, there wasn’t at the time, and so the idea for the ISO Show was born. Not more than a few months later the first episode went live, and the rest is history. For the past 5 years, we’ve had the honour of sharing our team’s combined 18 years of knowledge, including amazing insights from our clients and industry experts along the way. Today Mel Blackmore will reflect on the ISO Show so far and share it’s next evolution as we introduce a new host.   You’ll learn ·      Why was the ISO Show created? ·      Why is Mel taking a step back? ·      What will be the focus for the future? ·      An introduction to the new host(s)   Resources ·      Isologyhub     In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:05] Episode summary: After 5 years of the ISO Show, it’s hitting a turning point as we introduce a new host.   [02:25] An amazing journey – It’s been an amazing 5 years of digging deep into some of the most pressing issues we’ve faced, sharing tips and dispelling myths about ISO Standards. We’ve explored a lot of topics over the years, including: ·      Sharing our ISO 22301 (Business Continuity) knowledge when COVID hit, to help people with future and current response plans. ·      Transitioning to new versions of Standards, such as ISO 27001:2022 ·      Interviewing leaders within the ISO space, such as Kit Oung, who helped to develop the UK’s current energy and climate change regulations. [04:05] Mel’s sustainability journey – why she’s taking a step back as host – Mel’s made it no secret that her passion lies with Sustainability Standards. This podcast has helped to amplify their importance within our space, but she wants to take this a step further. Going forward, Mel will be dedicating herself full-time to researching the crucial role of carbon standards in achieving Net Zero emissions by 2050. [05:00] An evolution for the ISO Show – All this to say, the ISO Show isn’t going anywhere, rather we are introducing a new main host – Ian Battersby! [05:05] Who is Ian Battersby? – Ian is a senior Isologist here at Blackmores. Ian brings a wealth of knowledge, expertise and a passion for helping businesses raise their game with ISO standards. He’s a bit of a digital nomad, splitting his time between working from Span and England, he works part-time at Blackmores. So he is very much involved in the day-to-day understanding of challenges of ISO Management, This includes the frustrations that businesses face and also how ISO standards support the achievement of greater productivity and profitability. Ian will be introducing himself fully on the next episode 😊 [06:25] Thank you for making the ISO Show such a success! – We’ve now got a few thousand subscribers, with a global reach, we honestly never expected to have so many listeners when we started. So whether you’re a regular or occasional listener, thank you for being here with us, we truly hope that our knowledge has helped you on your own journey to continual improvement within your own organisation. [07:25] A long journey – A lot has happened over the past 5 years. In addition to being the CEO of Blackmores, Mel has also developed the isologyhub – an on-line learning platform which helps to raise awareness and understanding of ISO Standards. She has also founded Carbonology – a sister company that specialises in carbon related Standards, which will be where focuses her main efforts over the next few years. [07:44] Stepping back – but not gone – While you will be hearing less from Mel, she won’t be completely absent. She will be joining us at least once a month to explore how ISO Standards are shaping the landscape of Net Zero. She will be sharing her journey to achieve net zero based on academic research, including primary and secondary research on how the various carbon related standards support the Sustainable Development goals and achieving net zero. This will primarily be diving into Standards such as ISO 14064 (Carbon Verification) and ISO 14068 (Net Zero), in relation to how they support the Sustainable Development Goals, help to create a level playing field, providing transparency, reliability, accountability and without a doubt, credibility. [09:20] Why the focus on sustainability? – Mel will be studying a masters by researching the role of Carbon Standards Verification in contributing to achieving Net Zero. This focus hasn’t appeared out of the blue. Mel founded Carbonology with the goal of tacking Net Zero, one business at a time. They’ve already had great success over the past few years’ but there’s still so much more to do when it comes to understanding Greenhouse Gas emission verification, carbon removals, reductions and offsetting. [10:10] Another big thank you – The ISO Show has been running for the past years with the assistance of Blackmores Communication Manager – Steph Churchman. Starting from humble beginnings of recording using a mic housed in a shoebox, to being stuffed in a cupboard to combat our offices’ terrible acoustics. We’ve thankfully since upgraded our set-up to something much more comfortable. Along the way we’ve experienced our fair share of technical issues, as you can’t really go 5 years of recording without something going wrong. However, there wasn’t much we couldn’t work around in some way or another. As Steph has helped in researching topics we’ve discussed over the years, she will also be joining Ian on hosting the ISO Show in future episodes.   [12:45] On to the next chapter – It’s not goodbye from Mel, but rather see you later. We’ll be bringing you all along on this next chapter of the ISO Show, so make sure you subscribe to stay up-to-date with our latest episodes.   If you’d like to book a demo for the isologyhub, simply contact us and we’d be happy to give you a tour. We’d love to hear your views and comments about the ISO Show, here’s how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

Data Centres could be considered the powerhouse of thousands of businesses globally.  Long gone are the days of small physical servers being housed on-site, instead we rely on data centres to keep all our critical data safe and secure. But how do we know they are doing just that? Many hold certifications to security-based Standards such as SOC 2 or NIST to display their commitment to data security. However, many also hold various ISO certifications that cover other aspects of the business outside of information security. Today Steph Churchman, Communications Manager at Blackmores, will be sharing the top ISO Standard trends within the UK Data Centre industry. You’ll learn ·      Why did we look into the Data Centre industry specifically? ·      What are the top 5 ISO Standard Trends in Data Centres? ·      Why are these ISO Standards essential for Data Centres? ·      Other commonly adopted ISO Standards within the data centre space   Resources ·      Isologyhub ·      ISO 27001:2022 Transition Gameplan   In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:25] Episode summary: We’ll be taking a look at the top ISO Standard Trends within the UK Data Centre Industry [02:30] Why did we look into the Data Centre industry specifically? – In the mid 2010’s, we noticed an influx in enquiries from Data Centres in regard to Implementation of ISO Standards. That prompted a research project that led to Blackmores working with some of the top UK Data Centres. Now in 2023 and 2024 we’re starting to see a similar push for ISO Standards within the same industry. So, we revived the project to get a grasp on the modern ISO landscape, and took a look at the top 100 Data Centres within the UK. [03:34] #1: ISO 27001 Information Security – Out of the 100 data centres sampled 72% of them were certified to ISO 27001. Security is of upmost importance to data centres, and the great thing about ISO 27001 is that it considers security for not only the digital environment, but also for people and physical security. This Standard is also, in most cases, a stakeholder requirement. Certification to ISO 27001 indicates that you’re adhering to best practice in information security, and through the creation of an ISO 27001 compliant Management system, you will have documentation in place such as an information security policy and data retention policy, that often get requested by potential clients. If you’d like to learn more about the Implementation process for ISO 27001, we’ve got a helpful 3-part podcast series that summarises the entire process from Gap Analysis to Assessment preparation. anyone currently certified to ISO 27001:2013 that you have just over 1 more year to complete your transition to ISO 27001:2022. If you don’t do so by October 31st 2025, you’ll risk losing your ISO 27001 certification. That’s not the only reason you should be transitioning though. The new version of the Standard includes 11 new controls, which cover some newer technologies which really weren’t around when the 2013 version was published. So regardless of the risk of losing your certification, it’s in your best interest to ensure that you’re adhering to the latest version. If this is all news to you, then you can also go back and check out episodes 128 through to 133. This was a little mini-series we did to summarise the key changes to ISO 27001 and what actions you need to take to transition. We also have a Transition Gameplan available on the isologyhub if you’d like a more guided approach, including document templates and training videos covering those new controls. [06:25] #2: ISO 9001 Quality Management – The Quality Management Standard is as popular as ever, even within the data centre space, with 51% of the 100 sampled data centres being certified. ISO 9001 is considered the leading ‘Quality mark’ for businesses and is often the starting point for many diving into the world of ISO implementation. ISO 9001 creates a well-rounded base Management system to help you manage your risks and opportunities, as well as ensuring you drive a culture of continual Improvement. Its guidance can help you establish your core policies, processes and procedures to ensure everyone is singing from the same song sheet. The fact that this one is popular among data centres isn’t too much of a surprise, it’s a universally adopted Standard that isn’t limited by industry or organisational size. Currently, there are over 1 million ISO 9001 certificates issued worldwide, and that trend shows no signs of slowing down. [08:25] #3 ISO 14001 Environmental Management  – A surprising 25% of the sampled data centres were certified to ISO 14001. From an objective point of view, it makes sense for data centres to consider their environmental footprint. But a lot of that would fall under energy usage rather than just general environmental management, so this likely means it’s mainly driven by stakeholder requirements. ISO 14001 is being requested more and more for the likes of large Government contracts, so If you want a chance at bidding for these, ISO 14001 is a must. Now don’t get me wrong, I’m sure a lot of data centres have implemented this Standard in an earnest effort to monitor and measure their impact holistically. After all ISO 14001 asks businesses to consider how they can prevent environmental impacts such as pollution and degradation of nature. And the additional guidance provides some helpful starting points for those that may not be sure where to start, for example making commitments to recycling, protection of biodiversity and climate change mitigation. For data centres specifically, this may come into effect when we think of the amount of electronic waste that they could potentially produce. Obviously, this can’t just be thrown out in a standard green lidded bin, it’ll need to be taken to a dedicated electronic waste facility for processing, disposal and recycling. Racking, shelving and cables will all also need to be replaced at some point, and it’s up to each data centre to ensure they have the appropriate processes and policies to ensure this is done correctly and more importantly legally, which again, is where ISO 14001 can help put those frameworks in place. [10:30] Join the isologyhub and get access to limitless ISO resources  – From as little as £99 a month, you can have unlimited access to hundreds of online training courses and achieve certification for completion of courses along the way, which will take you from learner to practitioner to leader in no time. Simply head on over to the isologyhub to sign-up or book a demo. [12:45] #4: ISO 50001 Energy Management – With just 13% of the 100 sampled data centres certified! This one is a shocker because, typically, data centres highest cost is in relation to their energy usage. They require enormous amounts of energy to keep their facilities running and to cool down their equipment 24/7. Which I imagine they’d be quite keen to reduce if only to save on running costs. This is where ISO 50001 can come in, to help create a structured approach to effectively monitor that energy usage, so you can identify key trends and opportunities to reduce overall energy consumption, which in turn will save a lot of money. With a healthier proportion being certified to ISO 14001, it seems a shame that so many are missing out on the additional benefits that ISO 50001 can bring, especially when it can very easily be integrated with ISO 14001. In fact, if you’re already certified to ISO 14001, then you’ve already done half the work to implement ISO 50001. Both frameworks are based on that Annex SL format, and both have a lot in common in terms of what documentation is required. It can also help with compliance with some UK and EU based energy initiatives. For example, here in the UK we have ESOS (The Energy Savings Opportunities Scheme) which applies to large organisations that fit within its criteria. They’re usually required to provide a report once every 4 years, however as of 2023, Phase 3 now requires organisations to provide an Energy Action Plan which details what actions they plan to take to reduce their energy consumption. There are likely a few data centres that would fall into ESOS’s criteria, and if you’re sick of going through the ESOS song and dance every few years, then ISO 50001 may be the answer for you, as being certified means that you’re going above and beyond ESOS’s requirements and will be considered compliant. Meaning no more pesky reporting, or having to locate an ESOS assessor to sign off on those reports. [15:10] #5 ISO 22301 Business Continuity Management – With 12% of the 100 sampled data centres being certified. ISO 22301 is the Standard for Business Continuity, and provides a basis for planning to ensure your long-term survivability following a disruptive event. That 12% may not be truly reflective of all the data centres that have business continuity plans in place however, as according to a recent Business Continuity institute survey, 56% of surveyed businesses use ISO 22301 as a framework but aren’t certified to it. There will be a fair few data centres in our sample list that fall under that category. Why should this Standard be a priority for Data Centres? Well, the answer should be simple, if a disaster were to knock out a data centre, that has a massive knock-on effect. Many house servers used by hundreds if not thousands of businesses and users. If they’re unable to provide services, that will in-turn cause multiple other businesses to grind to a halt. The true cause of failures at data centres can be many things such as hardware failure, human error or a disaster such as flooding or fires. However, the advantage of utilising ISO 22301 is the ability to be able to effectively deal with these incidents and restore services, which is essential for an industry which is quite literally the powerhouse for millions of other business and people. If you fail to plan, you plan to fail Having a robust business continuity plan should be a top priority for any business, especially data centres, seeing as so many rely on them to keep their own services running. Even if you don’t want to go through the full certification process, it’s worth grabbing a copy of the Standard, as it provides a lot of helpful guidance. If you’d like to learn more about ISO 22301 in general, go back and check out episode 42 where we go over the Standard in more detail and it’s many benefits. [17:45] Runner up: ISO 20000 Service Management – Saw 11% of our sample data centres certified to this Standard. This actually used to be known specifically as the IT Service Management Standard, so that probably clues you into why this would be adopted by many with in tech spaces. However, it truly is applicable to any business offering services. The aim of ISO 20000 is to provide a framework for an effective end-to-end service management system which encompasses the entire lifecycle of a service from concept and design, through to service removal and end-of-life. [18:55] Runner up: ISO 27017 information security controls for cloud services – With just 5% of our sampled Data Centres certified. This one is fairly self explanatory in it’s relation to data centres, which operate solely on cloud based services. This Standard was introduced after the 2013 version of ISO 27001 was published, as the main standard didn’t really address cloud security controls specifically. Mostly because cloud computing and its related security weren’t as widely adopted as they are now. So ISO 27017 was created to try and bridge those gaps. In the latest 2022 version of ISO 27001, there’s now a new control for cloud security. So, we may see less interest in ISO 27017 certification going forward. If you’d like to book a demo for the isologyhub, simply contact us and we’d be happy to give you a tour. We’d love to hear your views and comments about the ISO Show, here’s how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

Working towards a sustainable future is going to require a joint effort from everyone if we’re to reach our 2030 and 2050 targets.  Several initiatives have come out in recent years to try and address one of our biggest challenges, energy consumption. Many of us in the UK will be familiar with ESOS (The Energy Savings Opportunities Scheme), which involves regular reporting from those that fit its criteria. It’s also recently updated to include a stipulation to include an ESOS Energy Plan, which requires you to detail a route to reduce your energy consumption. However, many businesses would prefer a more consistent approach to energy management, such as today’s guest – Daisy Corporate Services. Today Mel is joined by Damian Edwards, ISO Standards Manager at Daisy Corporate Services, to discuss why they Implemented ISO 50001, what they’ve learned from the experience and the benefits gained from implementing an Energy Management System You’ll learn ·      Who is Damian and who are Daisy Corporate Services? ·      Why did they decide to Implement ISO 50001? ·      What was the biggest gap identified during their Gap Analysis? ·      What lessons did they learn from Implementing ISO 50001? ·      What benefits did they gain from ISO 50001 certification?   Resources ·      Isologyhub ·     Daisy Corporate Services ·     Daisy Corporate Services ESG   In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:30] Episode summary: Mel is joined by guest Damian Edwards, ISO Standards Manager at Daisy Corporate Services, to discuss their journey towards ISO 50001 certification. Daisy are not strangers to ISO Standards, already having achieved: ISO 9001, ISO 14001, ISO 27001, ISO 45001, ISO 20000 and ISO 22301! They have also recently won the Sustainability and Tech Awards 2024 and the Green Shoots Awards too. [04:15] Who is Damian Edwards? – Damian has worked at Daisy as their ISO Standards Manager for the past year. A little known fact about Damian: He listens to classical music as a way to focus. [05:25] Who are Daisy Corporate Services? – The are primarily a provider of IT and Communications. They currently supply a range of services including: ·      Unified Communications ·      Connectivity ·      Modern Workplace ·      Cyber Security ·      Cloud services ·      Managed Services ·      Operational Resilience [06:25] What were the main drivers behind obtaining ISO 50001 Certification? – In addition to the office spaces Daisy controls, they also have a number of data centres, which use massive amounts of energy. Finding ways to monitor, measure and potentially reduce that energy use, and subsequently cost, was essential.  The second main driver is mainly for commercial reasons. Without Standards like ISO 50001, you can’t bid for larger contracts or Government frameworks. [08:30] Daisy’s commitment to ESG  – Daisy have a made a solid commitment to ESG, explained further on their website as they break it down into 10 key focus areas. Energy Management is one of the logical steps to tackle reducing carbon emissions. Data centres can be very inefficient, so being able to consistently monitor, measure and improve their energy consumption is a key part of tackling some of their ESG related goals. Also being certified means you have the certificate to back up your claims. It’s not you just making a statement, it has to be verified by a third-party. [10:30] How long did it take to Implement ISO 50001? – It took between 8 – 11 months. For a Standard like ISO 50001, it’s important to do it properly. Some organisations may request it in 6 months, but for larger organisations, that would be a tough ask, and you run the risk of rushing into certification without having those processes embedded in. [11:45] Did having existing ISO Standards make the process smoother? – Yes, as it was a case of integrating ISO 50001 with our existing systems rather than starting from scratch. Though, having so many ISO’s can water the message down a bit, to combat that we’ve got a single statement that gets across everything you need to know about Daisy. [12:55] What was the biggest gap identified during the Gap Analysis? – Because we already have so many ISO’s, we can be a bit big headed and say there weren’t many gaps at all, however, there were still some things we could do. One of the biggest areas for improvement was Clause 7, Documentation, as all ISO Standards have their own required documentation. Another was putting in place a plan for monitoring and measuring our energy usage. We have a Property Director who did do that, but he wasn’t really documenting it, so we’ve put in place some proper processes to help show that we’re actively monitoring it, looking at the trends and putting in actions to reduce and improve on that.   [14:55] Join the isologyhub and get access to limitless ISO resources  – From as little as £99 a month, you can have unlimited access to hundreds of online training courses and achieve certification for completion of courses along the way, which will take you from learner to practitioner to leader in no time. Simply head on over to the isologyhub to sign-up or book a demo. [17:10] Did closing those gaps make a big difference? – We did have a lot of help from Blackmores in order to address those gaps. Out consultant advised us to combine elements of out Management Review with out monthly Team Meetings, as our Director is involved with those, and we avoid another meeting for meeting’s sake. We now also produce a pack of all the monitoring and measuring that’s done throughout the month, which makes it easy for us to analyse and identify trends in energy use. Any actions from reviewing this are then recorded and followed up on. So, in essence it’s just made everything a lot smoother. [19:55] What did Daisy learn from Implementing ISO 50001? – It takes a team to achieve this – you can’t do it on your own. You also can’t rush it! Another key take away is that the whole project needs to be driven by top management, without all of those elements combined, it’s probably not going to work (or be a lot slower and more painful!) It’s also really helped with our commitment and messaging around ESG too. So within those monthly Management Review meetings we have a representative from the energy efficiency team, the ESG team and our bids team. They’re then all communicating what the customer message is, that they expect of us, in turn they’re kept in the loop about our energy usage and related actions and can communicate that outwards. [21:15] What other benefits are there from achieving ISO 50001? – Having our management system verified by a third-party means that we can confidently say we’re adhering to best practice. It also just validates that we are doing things correctly! It also means that we can monitor opportunities for improvement. If we identify more gaps in future, we have the processes in place to address them. ISO 50001 has also helped to put some context behind the energy data we’re collecting. Thanks to the new processes we can accurately identify key trends and explain why energy usage may be going up and down. [23:25] Damian’s top tip – Ensure that your project is driven by top management. They’re involvement means it’s a lot easier to communicate that message that you’re doing the right thing. Also, ISO 50001 helps with your regulatory compliance too. If you’re a larger organisation, then you likely have to adhere to schemes like SECR or ESOS. If you’re certified to ISO 50001, then you’re already complying with both. [24:35] Damian’s book recommendation – Beryl in search of Britain's greatest athlete. [26:45] Damian’s favorite quotes – “Hard work beats talent when talent doesn't work hard” and “You miss 100% of the shots you don't take.” If you’d like to learn more about Daisy Corporate Services, visit their website. If you’d like to book a demo for the isologyhub, simply contact us and we’d be happy to give you a tour. We’d love to hear your views and comments about the ISO Show, here’s how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

In February 2024, the ISO and IAF issued an unprecedented change to 31 commonly adopted ISO Standards, such as ISO 9001, ISO 14001 and ISO 27001.  This change saw the addition of a new ‘Climate Change Amendment’, which was applied in part due to the ISO’s resolution in support of the ISO London Declaration on Climate Change. So what does this mean for ISO certified businesses?  Join Mel as she discusses what this new ISO Climate Change Amendment is, why it was introduced, what are the consequences if you don’t address it and the benefits of its introduction. You’ll learn ·      What is the ISO Climate Change Amendment? ·      Why was it introduced? ·      What are the consequences if you do not address the change? ·      What are the benefits of the Climate Change Amendment?   Resources ·      Isologyhub ·      ISO Climate Change Amendment Workshop   In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:30] Episode summary: We break down the new ISO Climate Change Amendment, including why it was introduced and why you should address it ahead of your next Certification Body visit. [02:55] Join our Workshop– If you’re not sure where to start with addressing this amendment, join our interactive workshop taking place on the 20th May (14:00 – 16:00 GMT). There we will explain how you can integrate the new changes into your existing ISO Management System. Register your place here.   [04:30] What is the new ISO Climate Change Amendment? – A key clarification before we go into more detail, this is not a new version of a Standard i.e. ISO 27001:2022, where you must transition to a new version. So, what is it? In February 2024, the International Organization for Standardization (ISO) introduced a groundbreaking amendment to integrate climate change considerations into various management system standards. The amendment doesn't assign specific actions. Instead, it adds text to existing clauses in 31 standards (including ISO 9001, 14001, 27001) requiring organizations to consider: ·      Relevance of climate change: Organizations must assess if climate change is a relevant issue for their operations and context (Clause 4.1). ·      Stakeholder expectations: Note added: Relevant Interested Parties can have requirements related to climate change (Clause 4.2). As we’ve learned from our sister company, Carbonology, it is often Stakeholders driving forward that need to verify a business’s carbon footprint and take steps towards Net Zero. [09:30] Why was this change Introduced? – This change was in part due to ISO’s resolution in support of the ISO London Declaration on Climate Change. The aim is making climate change considerations an integral part of management systems, their guiding policies and practises – not simply as an afterthought. As we all know, climate change will affect everyone, and should be a concern that every business fully considers to ensure they are resilient and adaptable enough to deal with climate related risks. This amendment means businesss will need to address these risks where relevant, and integrate them into strategic objectives and look what can be done from a risk mitigation perspective. The global business community will be one of the driving forces for paving a way to a more sustainable future – It all starts with changing the way we work, making the shift towards embedding environmental consciousness into the very heart of your business. ISO Standards are widely adopted, and this change offers a catalyst for meaningful climate action on a global scale. [11:00] Join the isologyhub and get access to limitless ISO resources  – From as little as £99 a month, you can have unlimited access to hundreds of online training courses and achieve certification for completion of courses along the way, which will take you from learner to practitioner to leader in no time. Simply head on over to the isologyhub to sign-up or book a demo. [13:20] What are the consequences for not addressing this change? - Certification bodies will be asking you about these amendments effective immediately. If you’ve not addressed them ahead of your next certification body visit, you could run the risk of getting a non-conformity. The amendment added to Clause 4.1 especially states ‘Must’ – so there’s no getting away with simply ignoring it. [14:50] What are the benefits of this change? – Some of the benefits will likely already be felt by those with existing environmental standards such as ISO 14001 and ISO 50001 in place. So, let’s take a look at how you can benefit from addressing this amendment:  ·      Reduced Environmental Footprint: By integrating climate change considerations, businesses can identify and implement practices that lower their carbon emissions and resource consumption. ·      Enhanced Sustainability: Addressing climate change demonstrates a commitment to sustainability, which is increasingly important for attracting environmentally conscious customers and investors. ·      Cost Savings: Climate-conscious practices can lead to cost savings through improved resource efficiency, reduced waste, and potentially lower energy bills. ·      Resilience and Risk Management: By considering climate-related risks (e.g., extreme weather events, resource scarcity), businesses can proactively develop strategies to mitigate these risks and ensure operational continuity. ·      Innovation: Focusing on climate change can lead to innovation in areas like cleaner technologies or sustainable product development, giving businesses a competitive edge. ·      Positive Brand Image: Demonstrating proactive action on climate change can enhance a company's brand image and reputation among environmentally conscious stakeholders. This is a particularly important issue to younger generations who are becoming the dominant buying power from a commercial perspective. ·      Stronger Stakeholder Relationships: By considering stakeholder expectations around climate change, businesses can build stronger relationships with customers, investors, and regulators. ·      Holistic Approach to sustainability: Integrating climate change considerations strengthens a businesses’ overall management system by fostering a more comprehensive and future-proof approach. ·      Continual Improvement: The amendment emphasizes continual improvement, encouraging businesses to constantly seek ways to reduce their environmental impact, leading to long-term sustainability benefits. If you’d like to learn about what actions you can take to integrate the ISO Climate Change Amendment into your ISO Management System, join our live event on the 20th May – register here. If you’d like to book a demo for the isologyhub, simply contact us and we’d be happy to give you a tour. We’d love to hear your views and comments about the ISO Show, here’s how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

ISO 42001 was published in December of 2023, and is the first International Standard for Artificial Intelligence Management Systems. It was introduced following growing calls for a common framework for organisations who develop or use AI, to help implement, maintain and improve AI management practices. However, its benefits extends past simply establishing an effective AI Management System. Join Steph Churchman, Communications Manager at Blackmores, on this episode as she discusses the top 10 reasons to adopt ISO 42001. You’ll learn ·      What is ISO 42001? ·      What are the top 10 reasons to use ISO 42001? ·      What risks can ISO 42001 help to mitigate? ·      How can ISO 42001 benefit both users and developers of AI?    Resources ·      Isologyhub ·      ISO 42001 training waitlist   In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:30] What is ISO 42001?: Go back and listen to episode 166, where we discuss what ISO 42001 is, why it was introduced and how it can help businesses mitigate AI risks.   [02:45] Episode summary: We take a look at the top 10 reasons why you should consider implementing ISO 42001. [02:55] #1: ISO 42001 helps to demonstrate responsible use of AI.  – , ISO 42001 helps ensure fairness, non-discrimination, and respect for human rights in AI development and use. Remember, AI can still be bias based on the fact that AI models are typically trained on existing data, so any existing bias will carry over into those AI models – an example of this is the existing lack of representation for minority groups. We also need to take care in the use of AI over people, as staff being replaced by AI is a very real concern and should not be treated lightly. We’ve already seen a few cases where this has happened, especially across the tech support field where some companies mistakenly think that a chatbot can replace all human staff. We also need to consider the ethics of AI content. It’s predicted that 90% of online content will be AI generated by 2026! A lot of this generated content includes things like images, which poses a real concern over the values we’re translating to people. The content we consume shapes the way we think and if all we have is artificial, then what message is that conveying? An example of this is Dove’s recent advert, which showed an example of AI generating images of very unobtainable ideals of a beautiful face. Which were predictably absolutely flawless, almost inhuman and something that can only be achieved through photo editing. If the internet was flooded with this sort of imagery, then that starts to become the expectation to live up to, which can be tremendously damaging to people’s self-esteem. They then went on to show actual unedited people, in all their varied and wonderful glory and stated that they will never use AI imagery in any of their future marketing or promotional material. Which sends a very strong message – AI definitely has its place, but we need to fully consider the implications and consequences of it’s use and possible oversaturation. [05:20] #2: Traceability, transparency and reliability - Information sourced via AI is not always correct – It collates information published online, and as many of us are aware, not everything on the internet is correct or accurate. Data sets carelessly scrapped from online sources may also contain sensitive or unsavoury content. We’ve had cases where people have managed to ‘break’ Chat GPT, causing it to spew out nonsense answers which also contained sensitive information such as health data and personal phone numbers. While not usually accessible when requested, it does not stop the risk of this data being dug up through exploits. AI is like any other technology, and is not infallible. So, it’s up to developers to ensure that the data used to train models is safe and appropriate for use. It should be expected that data sets will be scrutinised from a legal standpoint – either as a result misuse of AI or a mandatory exercise as a part of future legislation.  There’s also research that suggests data sets can be potentially poisoned to produce inaccurate results – which is another consideration for developers using live data sets, who will need to stay on top of these risks to ensure the integrity of their tools. ISO 42001 provides specific guidance that covers how developers can ensure transparency and explainability within sample training data. [06:45] #3: It’s a framework for managing risks and opportunities – AI, like any other new technology, is going to create new risks and opportunities. Risks include the likes of inaccurate data being used, existing bias in data training sets, plagiarism, information security risks and data poisoning. If you’re simply using AI to gather information, it’s also a good exercise to ensure that the information is coming from a reputable source. One easy way to so this is to simply ask for the source to be cited when pluging in a prompt into tools like Chat GPT and Gemini. You can then verify how legitimate that source is. For web developers and SEO specialists, Google has recently updated it’s algorithm to punish those with a lot of AI generated content on their websites. So those within the SEO space may see some interesting trends over the course of 2024.  Another unfortunate risk is that of more complex scams being implemented through the use of AI. An example of this involves those who may use an AI assistant in their systems, which can be affected by malicious emails that contain prompt injections which could be used to send data from a victims machine to outside sources. This is only touching on a few risks, but as you can see, there’s a lot to consider and I’ve no doubt that more complex risks will make themselves known as the technology evolves. However, there are a lot of opportunities to be found with AI use. There’s a huge potential for AI to be utilised to tackle mundane and routine tasks which could be automated. AI also has the capability to scan masses of data and provide suggestions based on it’s findings. Obviously, humans can’t possibly compete with the sheer volume of data that AI can process, and so we can utilise it to help us make better more informed decisions. A lot of commonly used software has already integrated various AI tools which offer great quality of life updates and help make a lot of tasks quicker. Which in turn means our time is better spent elsewhere on tackling the more complex issues that require a more human touch. ISO 42001 can help you balance out these risks and opportunities by helping you build a robust management system to manage and mitigate risks, and drive forward opportunities through continual improvement. [10:35] Join the isologyhub and get access to limitless ISO resources  – From as little as £99 a month, you can have unlimited access to hundreds of online training courses and achieve certification for completion of courses along the way, which will take you from learner to practitioner to leader in no time. Simply head on over to the isologyhub to sign-up or book a demo. [12:50] #4: Demonstrate that introducing AI is a strategic decision with clear objectives - Businesses looking to integrate AI should not make this decision lightly. I know it’s tempting to play with the newest toy, but we should take care to look at any possible risks, and that it aligns with both your company objectives and ethics before rushing to utilise something. For example, allowing your staff to use ChatGPT for content creation. You need to consider a few things: You need to make sure Staff aren’t putting in any confidential or sensitive information into publicly available AI tools. Also, ensuring that Staff understand that content provided by the likes of ChatGPT and Gemini could be plagiarised if used as is. You need to build, adapt and change the content so it’s something unique. It’s all well and good introducing AI technology if it truly is going to be beneficial to your employees and to the business as a whole, however if you’re just introducing it because everyone else seems to be, then you really have to question if it’s worth it. If it’s not actively making your work lives easier and helping you to achieve your objectives, then is it really worth the potential cost and effort to implement? It may also be worth looking into how the AI tool you’re using was created. There is sadly still a lot of exploitation involved in the development of new technology, so it’s up to you to ensure that the tools you’re using were created in an ethical way. Ultimately, ensure that you are using AI safely, ethically and that it aligns with your businesses established objectives. This will need to be communicated clearly to everyone in the business. ISO 42001 is, at its heart, a Management system standard. Like many other ISO Standards, it includes guidance on setting objectives and communicating these to your wider business. [15:24] #5: ISO 42001 helps to implement safeguards – Certain features of AI may require safeguards to help protect businesses against the extra risks they pose, such as the increased potential of more sophisticated cyber attacks or compromised training data. This can be applied within a particular process or an entire system. Examples of features that may require these safeguards include: ·      Automatic decision making ·      Data analysis, insight and machine learning ·      Continuous learning Something you need to consider: Cyber scams are going to become a lot more complex with the help of AI, so you need to ensure you’re staff are both aware of this and how they can avoid falling prey to them. Safeguards may simply involve more training on these new risks, or updating to a more robust security software that is able to detect possible AI cyber scams. Developers are also going to need to keep on top of any data being fed into their tools. Public live data tools especially will be more susceptible to being poisoned and tampered with, so it’s up to them to monitor and ensure the integrity of their data. ISO 42001 provides guidance in it’s annexes for users and developers to implement these necessary safeguards. [16:30] #6: ISO 42001 Supports compliance with legal and regulatory Standards – More AI focused legislation is an inevitability, with the new EU AI Act being a perfect example. It’s important to ensure that you are prepared to comply with legislation as it’s released, or you may be held liable and be subject to fines. Currently, the UK has no plans to introduce a new regulator for AI, instead relying on existing technology based regulators like the Information Commissioners Office (ICO), Ofcom and FCA. ISO 42001 includes specific considerations for any potential applicable legislation. [17:06] #7: ISO 42001 Can enhance your reputation  – ISO Standards are internationally recognised and ensure you are complying with best practice. Gaining certification to ISO 42001 will show you are confident in your AI related claims, and are happy to have this verified by a third party. [17:30] #8: ISO 42001 Encourages innovation within your business – For as much as we’ve stressed the potential risks AI could expose your business to, ultimately AI is here to help make our lives easier. We just need to ensure we’re responsible when applying it. ISO 42001 ensures you can safety integrate AI tools and systems within your business. It’s there to help guide the adoption of this new technology, and drive continual improvement as your management system matures.  [17:55] #9: ISO 42001 Can be easily integrated with existing systems – ISO 42001, like many ISO Standards, is based on the Annex SL format and can be easily integrated with existing ISO Management Systems such as an ISO 9001 (Quality management) or ISO 27001 (Information Security management) system. Risks addressed in ISO 42001 include security, privacy and quality among others, and can help to enhance the effectiveness of your Management system in those areas. [18:25] #10: ISO 42001 Does not require an existing Management System to implement – While ISO 42001 would make a great addition to any ISO Management System, it’s important to note that this can be implemented independently. It is also not intended to replace or supersede any existing quality, safety or privacy Standards / existing management systems. We’ll be releasing a suite of ISO 42001 related training content on the isologyhub, if you’d like to get notified as soon as this becomes available, please register your interest on our waitlist. If you’d like to book a demo for the isologyhub, simply contact us and we’d be happy to give you a tour. We’d love to hear your views and comments about the ISO Show, here’s how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

Nearly 60% of businesses that are impacted by a cyber incident go out of business within the 6 months following. With our heavy reliance on technology to keep both businesses and services running, it’s imperative that everyone take cyber risk seriously. However, incidents will inevitably happen and it’s up to you to ensure that your business is prepared to ride out the wave, and hopefully make a full recovery! We invited Jack Morris, Account Director at Epiq, back onto the show to discuss the consequences of not being prepared for a cyber incident and the key steps businesses should take in the event of an incident. You’ll learn ·      Who are Epiq? ·      What does the current cyber incident landscape look like?  ·      What are the consequences if a business does not respond to a cyber incident effectively? ·      How can a business detect if they’re being attacked? ·      How should businesses respond in the event of a cyber incident? ·      What role does a legal team play in incident response?   Resources ·      Epiq ·      Isologyhub   In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:05] Episode summary: Today Mel is joined by guest Jack Morris, Account Director at Epiq, to discuss how businesses should respond to a cyber incident. [03:00] Who are Epiq?  – Epic is a global leader in technology enabled legal services. In fact, it supports 90% of the top law firms globally! With over 8000 employees spread over 19 countries, it helps to support corporations, law firms and government agencies across the globe. [04:35] What constitutes a cyber incident and why is it so important to respond effectively? – A cyber incident refers to unathorised access or attempted access to an organisation’s IT systems. Types of incident include breaches, malicious attacks (e.g. Ransomware), and accidental events (e.g. Fire Damage). Responding effectively is crucial to minimize damage and protect sensitive data. [05:40] What does the cyber incident landscape currently look like, and what challenges will organisations face in responding to an incident? : The cyber incident landscape is ever evolving, but here are some key trends we saw in 2023: Attacks on the rise – the number of organisations posted on ransomware and data theft sites increased by over 70% year-on-year. Business Email Compromise (BEC) incidents surged by 67% in 2023 – these events are where people within an organisation fall victim to phishing or similar – clicking on malicious links which ultimately compromise your mailbox. For me, there are 3 main challenges that organisations face when responding to a cyber incident: ·      Day-to-day management – balancing the technical aspects of the incident with broader business continuity, communications, financial and legal considerations. This can be hugely difficult for an organisation, during and already high stakes situation. ·      Expertise and support – navigating the complex legal, technical and operational aspects of an incident ·      Data-focused impact – understanding and assessing the risk to data after resolving an incident. [10:00] What are the solutions to these challenges?  – Understanding the various external expertise and support available to a business, whether that be engaging with a law firm, a cyber incident response expert and cyber insurer will give you access to support with both the day-to-day management of an incident, as well as the legal, operational and commercial impact of said incident.  [12:10] What are the consequences for an organsiation that does not respond effectively to a cyber incident? – : Failing to respond effectively to a cyber incident often leads to a variety of sever complications for a business, such as; ·      Operational Issues: operational disruptions will occur due to prolonged exposure of sensitive information, and if Ransomware has infected systems, the organization will not have access to potentially crucial business information. Financial losses and higher costs to incident response can come as a result of poor planning. ·      Additional Data Breaches: if an organization doesn’t respond effectively to a cyber incident, taking steps to gain control over their systems, additional data breaches can occur from threat actors gaining further access to the organisation’s systems. ·      Financial losses: cyber incidents affect a business’ bottom line. Costs including incident investigations, recovery, legal fees and potential fines. Further, knock on effects such as lost business opportunities and damaged investor confidence come from poorly managed cyber incidents. ·      Damage to Reputation and Trust: Public perception matters for a business. A poorly handled cyber incident damages an organization’s reputation. Customers, partners and stakeholders lost trust, affecting long-term relationships and market position. ·      Legal Consequences: Regulatory fines and potential follow on litigation arise from non-compliance with data protection laws. Organisations failing to report breaches promptly face penalties. Legal battles can be costly and time consuming. [16:25] How can organisations detect if they are being attacked? – signs will vary depending on the type of cyber incident, but organisations and end users could expect to experience; slow systems, locked accounts (no access to mailboxes etc), inability to access documents or shared drives, ransom demands and unusual emails from organisation domains are all tell-tale signs of a cyber incident. If an organisation has invested in Managed Detection and Response software for their end-points, this will proactively scan your environment and provide alerts to potential and actual cyber incidents. [17:40] What are the key steps an organization must take in responding to a cyber incident? – It’s a great question, and these key steps will be implemented during a cyber incident response plan – an impacted organization should: ·      Triage: Assess the severity and impact of an incident (organisations can instruct a first response organization to shut the doors, and assess the damage) ·      Identify: Understand what is happening to a business post incident? Things like locked accounts, no access to business systems etc. ·      Resolve: take technical actions to mitigate the incident – shutting off access to accounts – closing the door ·      Report: Notify relevant stakeholders, including legal obligations. ·      Learn: analyse the incident to then take retrospective action to prevent further incidents. [21:23] Join the isologyhub – Don’t miss out on a suite of over 200+ ISO tools, templates and training, sign-up to become a member of the isologyhub  [23:48] How does Cyber Insurance play a pivotal role in Cyber Incident Response? – like with most walks of life, insurance plays a crucial role in supporting organisations in effectively responding to disasters. ·      Response Funding: Insurers cover costs related to incident response, including professional services. ·      Response Time: Insurers bring in experts promptly, improving incident resolution. ·      Affordability: For small to medium businesses, insurance may be the only way to afford a response team. [26:10] What role do vendors like Epiq do to support the incident response lifecycle? – Just like Law firms providing legal advice and support in responding to a cyber incident, cyber incident response providers support with the operational response to a cyber incident. Initially, vendors like Epiq support with the incident identification and forensic investigations. Essentially finding the open door and closing it. Further investigation on how the threat actor (baddie) got into the open door is conducted to prevent other doors from opening too. Following this, the operational partner will support in understanding the extent of the incident, whether that be identifying impacted entities, notifying them of the incident and providing remediation, as well as supporting with any follow on litigation or mass claim. [27:25] What are the legal obligations that exist after a cyber incident, especially in related to personal data breaches? – the legal obligations are clear – an organisation must report personal data breaches within 72 hours of awareness, unless the risk to individuals’ rights is unlikely. This quick turnaround is why it’s imperative that organisations have an established cyber incident response plan, and know who they should be talking to regarding the legal and operational implications. [28:45] What support is there out there for organisations that are victim to a cyber incident? – On the previous episode, we discussed what organisations can do to be proactive in mitigating the risks associated to a cyber incident, we discussed the important of Cyber Incident Response plans, as they outline what external support an organisation should seek in the event. Having playbooks and relationships with law firms, cyber providers like Epiq, and cyber insurance coverage are 3 key focuses for every business. [30:35] What role does a legal team play in incident response? –  Legal support and advice is critical during an incident. As mentioned, they will help support with report the incident to the regulatory bodies required. ·      Breach Notification – legal support ensures compliance with data breach disclosure laws and regulatory requirements. ·      Breach Counsel – law firms act as a breach counsel for organisations, enabling them to support and advise on the legal implications of a cyber incident. Most law firm cyber practice groups will have relationships with external vendors, like Epiq, to support with the operational response. They can co-ordinate with these external vendors to ensure compliance. ·      Privacy Law Compliance – they guide handling of personal data and privacy implications to ensure no further issues. [32:30] What role do vendors like Epiq do to support the incident response lifecycle? – Just like Law firms providing legal advice and support in responding to a cyber incident, cyber incident response providers support with the operational response to a cyber incident. Initially, vendors like Epiq support with the incident identification and forensic investigations. Essentially finding the open door and closing it. Further investigation on how the threat actor (baddie) got into the open door is conducted to prevent other doors from opening too. Following this, the operational partner will support in understanding the extent of the incident, whether that be identifying impacted entities, notifying them of the incident and providing remediation, as well as supporting with any follow on litigation or mass claim. [36:00] What should an organisation do in future to prevent further incidents? – Benjamin Franklin’s famous quote is so true here – ‘by failing to prepare, you are preparing to fail’. The key point here is to learn from your mistakes. There may have been numerous reasons that the organisation wasn’t ready for a cyber incident, but they should learn from what led to the incident previously, and proactively address this to prevent further incidents. 67% of organisations that get hit by a cyber incident are subject to further attacks within 1 year. It’s important to reduce your attack surface, and ensure you have cyber security themes running throughout the business. [37:45] What are Jack’s top 3 tips to take away from this session to help them respond effectively to an incident? – ·      Establish an Incident Response Plan – we spoke through IR plans during the first episode, but creating a plan that outlines roles, responsibilities and communication channels during an incident is key. Once implemented, regularly testing the plan and simulating these incidents is key to ensuring effective response. ·      Engage external experts early – during this session we identified 3 critical external support pillars to an incident – having legal advice, operational and response support and insurance is key. ·      Prioritise business continuity – enabling the external experts to support you through the incident will free your bandwidth to ensure that you minimise damage and downtime to your business.  If you’d like to learn more about Epiq and how they can help you, visit their website. If you’d like to book a demo for the isologyhub, simply contact us and we’d be happy to give you a tour. We’d love to hear your views and comments about the ISO Show, here’s how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

Cyber incidents are on the rise as data shows there was a 20% increase in data breaches from 2022 to 2023.  Technology has become an integral part of most businesses, especially post pandemic where many who may have avoided this reliance on tech had no choice but to adapt to survive. As a result, the question of businesses being affected by a cyber incident has become ‘when’ rather than ‘if’.  However, there are a number of steps you can take to mitigate risks ahead of any potential incidents.   We invited Jack Morris, Account Director at Epiq, to discuss cyber incidents, the importance of being proactive in reducing cyber incident risk and the steps you can take to mitigate these risks.  You’ll learn ·      Who are Epiq? ·      What is a cyber incident? ·      The importance of being proactive in reducing the risk of an incident ·      What can organisations do to be proactive in mitigating cyber incident risk? ·      What are forensic tabletop exercises, and how do they enhance preparedness? ·      Why might an organisation need to get an incident response retainer? ·      What role do Information Governance consultants play in reducing cyber risk?   Resources ·      Epiq ·      Isologyhub   In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:05] Episode summary: Today Mel is joined by guest Jack Morris, Accoutn Director at Epiq, to discuss how to mitigate cyber incident risk. [02:40] Who are Epiq?  – Epic is a global leader in technology enabled legal services. In fact, it supports 90% of the top law firms globally! With over 8000 employees spread over 19 countries, it helps to support corporations, law firms and government agencies across the globe. [04:31] Who is Jack Morris? – Jack joined the industry relatively fresh out of university, starting at an organisation called Kroll where he was focused on data management – including overcoming ransomware infected devices and essentially allowing organisations to get access to data that was previously taken away from them. Kroll was later acquired by Duff and Phelps and went through a turbulent time of many name changes before settling on Kale Discovery. He ended up leaving a year ago and joined Epiq as an Account Director. Jack’s role at Epiq includes being a facilitator, introducing law firms, corporations and cyber insurers to best in class people and technology. [06:40] What is a cyber incident?: A Cyber Incident is any unauthorised or unexpected event that compromises the confidentiality, integrity or availability of an organisation’s information systems, data or network. Incidents can range from data breaches and malware infections to single mailbox compromises and insider threats. Organisations looking to combat information security risks should consider ISO 27001, as it’s key principles include the confidentiality, integrity or availability of your businesses information. [08:29] Why is it important for organisations to be proactive in reducing their risk of an incident, no matter the size of your business?  – Let’s look at some startling statistics: In 2022, 39% of businesses in the UK identified a cyber attack in the previous 12 months. Of this 39%, 31% of those businesses experienced attacks at least once a week. 48% of Small to Medium Businesses, globally, experienced a cyber incident in the last 12 months, with 61% of all cyber-attacks specifically targeting small business. This is the most shocking of the statistics, and why it’s so important for us to be having these kinds of conversations around how business, no matter the size, need to be proactive in mitigating the impact of a cyber incident. 70% of small to medium businesses in the UK believe that they are unprepared to deal with a cyber attack (which excludes those who think they have proper processes in place but ultimately don’t). Nearly 60% of businesses that are impacted by a cyber incident go out of business within 6 months following!  [12:10] Are there any particular industries that are most at risk from a cyber incident? – Cyber Incidents are not siloed to particular industries, but there are some trends that we see in the market. Looking at Q1 2024: January saw a rise in cyber incidents predominantly affecting retail, education and local government. In February we saw a significant number of breaches, impacting organisations across the full spectrum of markets. All of this to say that regardless of the size of your business and the industry you operate in, the number of cyber incidents are increasing as well as the severity of said incident. [13:35] ISO Standard trends – At Blackmores, we’ve seen an increase in demand for ISO 27001 and related data privacy standards across the board for all sectors. A stark difference to 10 years ago where it would mostly only be adopted by those in the managed services or tech based industries.    [15:30] What can organisations do to be proactive in mitigating cyber incident risk? – Things such as implementing a proactive incident response plan, engaging with law firms and consultancy organisations to become aware of the organisation’s requirements and compliance issues arising from a cyber incident. If you were hit with an incident today, you must report any personal data breaches to the relevant regulators within 72 hours of becoming aware of an incident or there can be fines that are implicated. To deal with these types of situations, it’s imperative that your organisation has established, sound relationships with law firms and consultants. [17:25] What is the importance of an incident response plan? – Implementing an incident response plan is crucial because it allows organisations to prepare for potential cyber incidents before they occur. By identifying risks, implementing preventive measures, and conducting exercises, organisations can significantly reduce the impact of incidents. Organisations should be aware of both the legal and operational issues that arise from a cyber incident – from regulatory compliance and liability concerns right the way through to loss of systems/data and brand reputation are all key considerations that have an effect on the whole of a business. [18:35] What are forensic tabletop exercises, and how do they enhance preparedness? – Forensic tabletop exercises simulate cyber incidents in a controlled environment. They involve key stakeholders discussing and practicing their roles during an incident. These exercises improve coordination, communication, and decision-making, ensuring a more effective response when a real incident occurs. The workflow here is clearly defined; implement an incident response plan, and then test that plan for robustness – engaging with external providers, like Epiq, to further add to the existing plan and to test how the organisation will manage an active incident. [19:35] Join the isologyhub – Don’t miss out on a suite of over 200+ ISO tools, templates and training, sign-up to become a member of the isologyhub  [21:45] Links with Business Continuity – Response readiness plans and forensic tabletop exercises both tie into aspects of ISO 22301 – business continuity. In Blackmores’ experience, a lot of organisations don’t actually test their plans, so when going through the process of implementing ISO 22301, where testing these response plans are a requirement, it’s a bit of an eye opener when they realise they’re not as resilient as initially thought. It’s always better to test these plans in a simulated environment vs a live one, so you can be assured that your plans are up to the task. [23:40] Why might an organisation need to get an incident response retainer? – We're starting to see a number of industries, particularly in regulated verticals, requiring businesses in their supply chain to meet a number of different cyber security requirements.  One, which keeps popping up, is to have a plan in place for responding to security incidents. Having a retainer can help meet these compliance requirements. [26:05] What role does Managed Detection and Response (MDR) software play in proactive incident response? – MDR solutions continuously monitor networks, detect threats, and provide real-time alerts. They enhance proactive response by identifying suspicious activities early, allowing organisations to take preventive action before incidents escalate. [27:50] What role do Information Governance consultants play in reducing cyber risk? – : Information Governance (IG) consultants specialise in helping organisation define their Information Governance Strategy encompassing data security and defining compliance policies.. They support organisations in defining: ·      Data Classification: Identifying Sensitive and PII data and categorising based on their confidentiality or regulatory requirements. ·      Retention Policies: Defining policies on retention period of records and method of disposition aligned with compliance requirements. ·      Legal Holds: Ensuring necessary data is preserved for potential litigation, internal investigation or as part of audit process. ·      Privacy Compliance: Aligning with regulations such as  GDPR, DP, DPA, CCPA. [33:30] What are Jack’s top tips that the listeners can take away from this podcast session and implement today to begin mitigating their risk? – : Unfortunately mitigating cyber risk isn’t a one-size-fits-all response, however I like seeing cyber risk as 3 buckets, that businesses should be aware of and measure their organisation against: Technology & Infrastructure – outdated systems, unpatched software and not fit for purpose IT infrastructure pose risks. These types of vulnerabilities are exploited by attackers, leading to data breaches, malware infections and system disruptions. So, making sure that your technology and infrastructure is fit for purpose, and up to date is a key takeaway. We spoke about Managed Detection and Response solutions earlier in the session, which is a great, cost effective way of adding an additional layer of technology security. Human Factor – for me, this is the number 1 frailty to a business. Business Email Compromise incidents increased by 67% in 2023, with Multi-Factor Authentication (MFA) being bypassed in 29% of these cases. Over recent years, cybersecurity awareness has been the aim of the game. However it is crucial that, as our understanding progresses, we switch our focus to fostering a culture of cybersecurity responsibility among colleagues and employees. Ensuring that your people are aware of cyber incident (perhaps listening to this podcast), and their role in mitigating the risks associated to a cyber incident are crucial in ensuring that your business is secure. Preparation – in just about all walks of life, preparation is key for preventing almost anything. We have spoken today about some of the key preparation themes I’m seeing in the industry, from Response Readiness plans, to MDR, to Incident Response Retainers. Getting sufficient Cyber Insurance coverage is of paramount importance to ensure that your business can respond effectively to an incident, should one occur. If you’d like to learn more about Epiq and how they can help you, visit their website. If you’d like to book a demo for the isologyhub, simply contact us and we’d be happy to give you a tour. We’d love to hear your views and comments about the ISO Show, here’s how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

Businesses looking to tackle their environmental impact will need to look at how they can reduce their carbon emissions and offset any remaining emissions to ensure that they reach Net Zero. One of the most common ways businesses offset their emissions is through the purchasing of carbon credits that typically go towards planting trees or re-wilding. However, there are a number of new emerging trends following on from the current commodification of nature, resulting in an attitude shift from businesses who are looking to get a lot more involved in the offsetting process. We invited Luke Baldwin, Co-founder and CEO of Nature Broking, back onto the show to explain the latest trends in the carbon market.   You’ll learn ·      What are the latest trends in the carbon market? ·      The importance of high integrity within carbon offsetting ·      Looking for impactful solutions ·      Why education around carbon offsetting is key for long-term sustainability commitment ·      How buying carbon credits now can lead to significant savings   Resources ·      Nature Broking ·      Isologyhub   In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:05] Episode summary: Today Mel is joined by guest Luke Baldwin, Co-founder and CEO of Nature Broking, to discuss emerging trends in the carbon market that help businesses tackle their carbon offsetting.   [02:50] What are the key trends in the Carbon Market  – As of 2024, Luke states the leading trends as: ·      High Integrity ·      Impactful solutions ·      Education ·      Purchase carbon credits now and save later [04:10] High Integrity – There’s now a lot of carbon credits available and due to the nature of the unregulated carbon markets, it’s led to an increase in bad actors generating revenue in a bad way. Once example of this is Kariba, a project in Zimbabwe that aimed to tackle deforestation, which was recently exposed in the Guardian and The New Yorker for having incorrect calculations. Credits purchased towards that programme were then called into questions and any associated companies were accused of greenwashing. To avoid this, businesses are now putting a greater focus on high integrity solutions, which involves considerations such as: ·      Are the credits durable? Will the carbon be stored long term? ·      Are their significant CO2 benefits? ·      Are the credits contributing anything besides just removing carbon? i.e. regenerative agriculture or woodland plantation [06:20] Impactful Solutions: The carbon markets offers a lot of fantastic solutions and businesses are moving away from the quick commodification of those solutions, and are instead looking to really understand the impact of how they chose to offset their emissions. It’s becoming more of a question of buying carbon credits that align with your values, whether this be social values or sustainability values. They’re looking to invest in projects that will have a tangible outcome. Which is exactly what Nature Broking sets out to assist businesses with by tailoring bespoke solutions that adhere to their specific values. [08:10] Education  – The need for more education around the carbon markets is crucial. Luke remembers the quote “you can't love what you don't know”, which applies as how can a business truly invest in something that they don’t fully understand. Sustainability is a mindset, and a cultural shift towards more sustainable practices starts with an education. Carbonology uses an ISO framework, but also provide an education around the carbon reduction plan provided to inspire a mindset shift change towards sustainability. [09:05] Blackmores experience – Blackmores have been implementing environmental and energy Standards for over 18 years, but it’s only been in recent years that we’ve seen a mindset shift in leadership towards sustainability. While people may be aware of Standards such as ISO 14001 or B Corp, but may not be aware of other governance frameworks that can help businesses to manage their carbon footprint and carbon neutrality. [10:20] Join the isologyhub – Don’t miss out on a suite of over 200+ ISO tools, templates and training, sign-up to become a member of the isologyhub   [12:25] How can you make significant savings when purchasing carbon credits? – A lot of carbon solutions currently are very cost effective, in particualr forestry credits and carbon removal credits. Some of the more technological ones such as direct air capture or bioenergy and carbon capture and storage can be more expensive now because the technology utilised is still so innovative and in it’s infancy. However, that will change in time.  If you're looking at building a carbon portfolio for your net zero journey, for example, say are going through a science based targets initiative and you've decided that you cannot avoid the 10% of remaining emissions your net zero journey and you need to buy carbon removals - you're much better purchasing carbon removals now than in the future. This is because there will be a supply shortage in future, especially when we see more enforced regulations come into play between 2030 and 2035. This will mean that the price of those carbon credits will rise significantly. What may cost £20-£30 per tonne for carbon removal now may go up to anywhere between £100 - £150 per tonne! So it’s worth investing in your carbon portfolio now, especially in the case of tree planting as those tress are going to take a while to grow and actually start storing carbon. If you finance projects now, you will have already made an amazing impact from the start, and will potentially save yourself a lot of trouble and money in future by planning ahead.    If You’d like to learn more about Nature Broking and their solutions, check out their website. If you’d like to book a demo for the isologyhub, simply contact us and we’d be happy to give you a tour. We’d love to hear your views and comments about the ISO Show, here’s how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

The UK is the first major economy to achieve it’s 50% reduction target for Greenhouse Gas Emissions (between 1990 and 2022). However, we’ve still got a lot of work to do to reach our 2023 target of a 68% reduction. Many businesses are already making great strides to reduce their Impact, and while you can reduce, achieving true carbon neutrality will involve offsetting a certain amount of emissions. One of the biggest challenges for businesses in terms of completing their offsetting is finding a credible carbon offsetting scheme. Mel is joined by Luke Baldwin, Co-founder and CEO of Nature Broking, to discuss credible nature-based solutions for carbon offsetting. You’ll learn ·      Who are Nature Broking? ·      What is Natural Capital? ·      How can we restore nature at scale? ·      Financing transition regenerative agriculture through the sale of natural capital ·      How have Nature Broking worked with clients to complete their carbon offsetting? ·      How can you demonstrate a credible carbon offsetting scheme? ·      What projects are Nature Broking currently working on?   Resources ·      Nature Broking ·      Isologyhub In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:05] Episode summary: Today Mel is joined by guest Luke Baldwin, Co-founder and CEO of Nature Broking, to discuss credible nature based solutions for carbon offsetting and explore some of the wonderful projects Nature Broking have been involved with. [04:10] What is natural capital?  – Natural capital is the idea of creating value from nature. What natural capital does is, it encompasses all the things that we get from nature that we rely on. That could be the shelter in your house all the way through to carbon offsets. [04:55] Who are Nature Broking? – Nature Broking’s story starts off on a somber note. Sadly, Luke lost one of his friends in a mountaineering accident, and in his memory, Luke and another friend rewilded one acre of Scottish Borders Woodlands. This is something they make a point to visit every year, to pay tribute and to keep their living, breathing monument of his friends memory alive and well. The experience was an eye opening one. For as lovely as the process was, it was incredibly expensive, and not very easy to do. Luke then realised that philanthropy alone wasn't going to be able to cover the costs of what we required to restore nature. Looking into the matter further he found that 50% of the world's GDP is moderately or highly dependent on nature and that the UK, whilst green and beautiful, sits in the bottom 10%. And so, an idea was sparked. Together his friend and Co-founder Andy started down the nature restoration path and created Nature Broking. [06:20] What is Nature Broking’s mission?: Nature Broking have 2 major missions: #1: Help restore nature at scale #2: Help finance a transition to regenerative agriculture [06:34] How can we restore nature at scale?  – The UK Government has set targets of halting nature decline by 2030, with a view to increase nature by 2045. The Green Finance Institute has calculated that there is a funding gap of about 56 billion in order for us to achieve our legally binding environmental targets. That’s a hefty sum to put on public money and philanthropy, which is where private markets and business can make a big impact. Frameworks like PAS 2060 (ISO 14068) help businesses invest in nature, and with the creation of carbon credits, carbon has been commodified to make it more accessible for businesses to contribute to carbon offsetting. [08:20] How can we help finance transition regenerative agriculture through the sale of natural capital? – Regenerative agriculture is about restoring the soils, restoring nature back to its original level. Modern farming techniques, while fruitful, use tools such as fertilisers and mechanised farming that have damaged the soils biome. That’s going to take time and a concerted effort to fix. Now obviously, we can’t just stop farming, we need food, so not all land can go back to nature. Currently, 70% of the UK is farmed, so the agricultural sector will play a big part in being more regenerative. However, the current incentives aren’t great, so there’s a lot of work that needs to be done in terms of financing the mechanisms behind it, i.e. funding and subsidies ect. One way we could do this is by ulitilising the carbon markets, as regenerative agriculture can lead to significant carbon sequestration. [12:20] How do Nature Broking work with clients? – They make sure to work within the bounds of the business itself, as every business is different.. They don’t do off the shelf solutions, preferring to work closely with their clients and help them to really spend time in nature at the place where their carbon credits are being implemented. It’s ultimately about education on the different solutions available, including asking important questions like: ·      What impact do you want to have? ·      What are the challenges with each solution? ·      What do you need to watch out for? Each solution is tailored to your business. So, if you’d prefer to work in woodland restoration over regenerative agriculture, then Nature Broking would be happy to work with you to achieve that. Carbon credits include their own set of challenges, one of the main ones being that science changes, so the solutions offered through carbon credits will also change. It may be a case of purchasing credits that tackle different solutions over a large area rather than pooling them all into planting trees for example. Nature Broking are here to help advise and facilitate this. [15:30] Join the isologyhub – Don’t miss out on a suite of over 200+ ISO tools, templates and training, sign-up to become a member of the isologyhub [17:45] How can Nature Broking demonstrate credible carbon offsetting? – Nature Broking are at their heart transparent with how they operate. By taking clients to see the actual physical results of their carbon credits, they can educate and help others form a genuine connection to nature. They want clients to truly understand the full impact of their efforts.  The second element is due diligence, which can be displayed by utilising one of the many carbon related frameworks now available, such as B Corp and Sylvera. Though these don’t always work within a UK setting, so Nature Broking are working towards creating frameworks that do fit within the overall market view. Lastly, they ensure that the standard they’re using is of high integrity, using frameworks such as the Integrity Council for the voluntary market, which analyses different standards. The 2nd is understanding the quality of the project developer, so looking at their technical expertise, looking at their financial ratings, and then evaluating the individual project itself in terms of potential risks. [21:50] What are some of the projects that Nature Broking are currently working on? – A broad view of what’s available in terms of schemes include: ·      The Woodland Carbon Code ·      The Peatland Carbon Code – This is run by the IUCN, which is the International Council for the Conservation of Nature. They are both defined and funded by DEFRA. These are some of the first carbon codes to move into the UK, however there is a lack of available carbon credits, which should change in future. Other’s include: ·      Wilder Carbon – A carbon code focused on rewilding, run by The Wildlife Trust. ·      Carbon Code of Conduct - A regenerative agriculture code, so it focuses on analysing the full sequestration and full emissions potential of a whole landholding. [25:00] Carbon Credits in practice – There’s a current project called Bank Farm in Kent, which is being used as a test site for regenerative agriculture. This includes the likes of agroforestry, which is where you integrate trees into fields which provide shade for animals and store carbon. So, you’re not removing those fields from production, simply adapting them to be more sustainable. They’re also practicing mob grazing, which is all about using herbivores to maxmise the amount of carbon stored in the soil. You can do this by moving, say cows for example, around a field to graze quickly on small areas before moving them on. [27:05] Mel’s conclusion – There’s a huge opportunity in the management of agriculture that can be utilised within carbon credit schemes. In addition to helping our economy by creating new jobs within this new approach to tackling emissions and storing carbon. Hopefully we’ll see larger corporations investing in these sorts of schemes both here in the UK and abroad. If You’d like to learn more about Nature Broking and their solutions, check out their website. If you’d like to book a demo for the isologyhub, simply contact us and we’d be happy to give you a tour. We’d love to hear your views and comments about the ISO Show, here’s how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

The UK recently hit a huge milestone, according to the Department for Energy Security and Net Zero (DESNZ), the UK have reduced their Greenhouse Gas Emissions by 50% between 1990 and 2022.  The UK are the first major economy to achieve this, however we’ve still got a lot of work to do to meet our 2030 target of a 68% reduction. Over the past few years there have been a number of schemes aimed at businesses to help tackle their impact, specifically their energy consumption. Here in the UK, ESOS (The Energy Savings Opportunities Scheme) was introduced as an implementation of the EU Energy Efficiency Directive and has been a mandatory undertaking for large organisations that fit the criteria. Recently, that scheme has been updated and a number of changes have come into effect for Phase 3.  Ian Boylan, Chief Executive Officer at ISO Baseline, joins Mel to explain the recent changes to ESOS, how they affect organisations in the UK and EU and how ISO Baseline’s software can help businesses consistently manage their energy consumption in alignment with ISO 50001 (The Energy Management Standard). You’ll learn ·      Who are ISO Baseline? ·      What is the Energy Savings Opportunities Scheme (ESOS)? ·      What are the changes to ESOS? ·      How do the changes affect those who currently comply using ISO 50001 ·      What are the changes to the ESOS eligibility requirements? ·      How can ISO Baseline help businesses with their ISO 50001 and ESOS compliance?   Resources ·      ISO Baseline ·      Isologyhub ·      ISO 50001   In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:05] Episode summary: Today Mel is joined by guest Ian Boylan, Chief Executive Officer at ISO Baseline, to discuss the changes to The Energy Savings Opportunities Scheme (ESOS), and how the changes will affect the European Directive on energy management and energy reporting. [03:20] Who is Ian and ISO Baseline?  – Ian has been involved with ISO Standards for a number of years, starting with the technical aspects of building Management Systems, to working with Certification Bodies as an auditor for Management Systems. From this experience, Ian really got to understand the challenges that organisations face when implementing ISO Standards. Challenges such as maintenance to ensure they are achieving their requirements and objectives. Which is where the concept for ISO Baseline was born. Targeted specifically towards the Energy Management Standard ISO 50001, ISO Baseline’s software allows organisations to manage their energy processes and provide evidence that you are meeting your energy objectives. [05:30] What features are included in ISO Baseline’s software? – Features include: Energy reporting: Information can be displayed in graph or Sankey diagrams to help visualize your energy performance. Identification of opportunities: Any opportunities for improvement found in the provided energy report will be recorded in an ‘Opportunities Register’ Financial Assessments: Work out life-cycle costs for assets, which can be used as a guide to establish possible savings by implementing suggested improvements. [07:25] What is ESOS?: ESOS was introduced when we were still a part of the European Union, when there was a European Directive on energy efficiency. It placed a requirement on member states in the EU to put together schemes for ensuring that large organisations undertake energy audits on a regular 4 yearly basis. In the UK this was adopted as the ESOS regulations. For many years, if a business’s ISO 50001 certification scope covered all of its energy usage, then your business was considered compliant with ESOS. If you didn’t have an ISO 50001 Management System in place, you would have to undertake energy audits once every 4 years, and have that reviewed, approved and signed off by a lead ESOS assessor. At the time, this had to cover 90% of your energy usage. One of the more updated inclusions into these regulations was the introduction of transport as a source of energy consumption. ESOS also included the requirement to identify significant energy consumption and propose a logical way to reduce energy consumption to improve energy performance. [11:30] Main changes to ESOS: Accounting for your energy consumption  – Instead of accounting for 90% of your total final energy consumption, you're now required to account for 95% of your total final energy consumption. The de minimis component of it has been reduced by 50% [012:30] Main changes to ESOS: Activity Metrics – All organisations will be required to develop activity metrics and as part of your audits you'll be required to submit those activity metrics. The aim of this is to allow the UK to effectively assess organisations over established periods (i.e. from Phase 3 to phase 4) to see if and how they are actually reducing their energy consumption. This could potentially lead to benchmarking, where organisations can be measured against each other. [14:45] Main changes to ESOS: Submitting Actions Plans – Previously, you just had to submit your completed audits and overall savings potential, now you will be required to submit a proposed Action Plan to improve your energy performance. You will also be required to report annually on your progress towards that Action Plan. So no longer can companies coast on simply paying to complete an Energy Audit exercise once every 4 years, now you will have to produce publicly available information that will hold organisations to account. Essentially a name and shame for organisations that choose to do nothing. [16:55] Making Actions Plans publicly available – Incidentally, it always has been a requirement that everything that has been reportable regarding resources should be accessible, but previously you were not required to produce Action Plans. So essentially now that will also become part of the publicly available information. [17:30] Making ESOS fit for purpose – When ESOS was introduced, there was already so much other legislation around in the UK, so the main focus then was to align them with one another and to ensure that they were all working towards a common purpose. In this update, it hasn't ultimately required you to determine your energy savings potential in carbon reduction, but quite obviously that would be a little bit ludicrous if an organisation went down this route and not to look at it from a carbon perspective, as It's only a tiny little additional step when you're doing it from a money perspective and an energy perspective to figure out what the carbon impact is. [18:30] Do you need help with your Carbon Reporting? – If you need assistance with GHG emission or SECR reporting, contact our sister company Carbonology®. [19:20] Join the isologyhub – Don’t miss out on a suite of over 200+ ISO tools, templates and training, sign-up to become a member of the isologyhub [21:25] Main changes to ESOS: Confirming your compliance – There are different approaches that you will need to be aware of when submitting your evidence of compliance, and which one you use will depend on which route you’re taking. For the full ISO 50001 route, you will need to complete the Annex 1 approach, which is a reduced reporting requirement where you do not need to use an ESOS lead Assessor to submit it on your behalf, the organisation can do it themselves. If you going down either the energy audit route or do not have 100% of your energy consumption covered by ISO 50001 – you will be reporting using the Annex 2 approach. This is where you still require a lead ESOS Assessor to work with you and provide final sign-off on that reporting. [24:15] Are there any changes in the eligibility requirements? – There aren’t any major changes in ESOS’s eligibility requirements. They have now updated the turnover amounts from Euro to Pound Sterling following our exit from the EU. [25:35] How will these changes impact organisations? – Organisations will have to adapt to a more proactive approach towards their energy reporting and management. No longer can you get away with doing an energy audit once every 4 years and then forgetting about it until the next Phase. You need to start looking at it from the perspective of annual reporting, as all this information is going to be publicly available every year, which is going to be scrutinized if you’re seen to not be taking any significant action. Large organisations will be compared against each other, and if one is taking action every year to reduce its impact and another is doing nothing for 4 years, which do you think will gain a more favorable reputation? This level of accountability is long overdue, and will be of benefit to organisations in terms of potential cost savings through reduction of energy use, and also more importantly to the environment.   [30:00] How can ISO Baseline ISO 50001 help organisations with their ESOS compliance? – ISO Baselines tools and software are going to be the most benefit to organisations that have a real objective to improve energy performance. If you’re just doing the bare minimum to meet requirements, then it’s no for you. ISO Baseline ISO 50001 is a tool to help systemise your organisations approach to energy management. It can help to avoid a lot of the bureaucracy that can hold up progress, so you can spend your time focusing on the objectives and what the Management System is meant to lead to. Their software will guide you through the required processes involved with ISO 50001 Energy Management, including Internal Audit planning and completion, Management review, logging and addressing non-conformities and corrective actions. If You’d like to learn more about ISO Baseline and their software, check out their website. If you’d like to book a demo for the isologyhub, simply contact us and we’d be happy to give you a tour. We’d love to hear your views and comments about the ISO Show, here’s how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

According to the ISO Survey, there’s been a 82.9% increase in worldwide ISO 22301 certificates issued following 2020. Business Continuity is a must have for businesses who want to ensure long-term survivability following a disruptive event. Many turn to ISO 22301 to help put a framework in place, including today’s guest – Lifelong Learner. However, what usually takes businesses a minimum of 6 months, Lifelong Learner managed to accomplish in just 4 months across an international organisation! That is no small part due to the tremendous effort of Lifelong Learner’s Manager of Information Security, Governance, Risk and Compliance, Lauren Taylor. Lauren joins Mel on this weeks’ episode to share her journey and explains the challenges associated with implementing a Business Continuity Management System in just 4 months. You’ll learn ·       Who are Lifelong Learner? ·       Why did they decide to Implement ISO 22301? ·       What did they learn from implementing ISO 22301? ·       What was the biggest challenge with Implementation? ·       What are the benefits of implementing ISO 22301?   Resources ·       Isologyhub ·       Lifelong Learner ·       PSI Testing Excellence ·       Talogy   In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:05] Episode summary: Today Mel is joined by guest Lauren Taylor who is the Manager of Information Security, Governance, Risk and Compliance at Lifelong Learner Holdings LLC. Lifelong Learner and it’s brands represent a fusion of comprehensive workforce solutions, with a human-first focus of changing lives through assessment. This includes helping people advance in educational and career aspirations, earning or maintaining licensing or certifications, or providing the tools to develop future leaders. Lauren has helped Lifelong Learner accomplish a massive milestone, and that’s the implementation of the Business Continuity Standard ISO 22301 across an international organisation, which she managed to do in just 4 months! She’s here to share her journey and lessons learned from implementing ISO 22301. [03:30] Not many people know this about Lauren  – She had previously trained to be a mental health counsellor. [04:05] Who are Lifelong Learner LLC? – Lifelong Learner is the parent company of two subsidiaries: PSI Testing Excellence: a leading provider of assessment solutions for the licensing and certification markets, to Educational Testing Services. Talogy: A market leader in the talent management space whose core purpose is helping organizations achieve their potential. They manage the talent management side of the business. So what they'll do is they'll put together psychometric tests that help companies find the right person for the right job, and will assist with skills development. [05:00] Adding to Lifelong Learner’s ISO Collection: Lifelong Learner already have an impressive ISO Library, being certified to: ·       ISO 9001 – Quality Management ·       ISO 14001 – Environmental Management ·       ISO 27001 – Information Security Management [05:20] What was the main driver behind obtaining ISO 22301? – The main driver, as with most companies, is usually a client contractor requirement, but business continuity has been something that we've wanted to look further into for a while, just because there's elements of ISO 27001 that cover the business continuity. While we were able to get through the audits with what we had, we just felt that it just needed a little bit more building out. Business Continuity is a requirement in part of ISO 27001, but for Stakeholders that want assurance that a business has robust business continuity plans in place, ISO 22301 is the next step. [06:10] The Implementation Timeline  – In October 2023, we began with the context workshop where we could kind of get a better idea of the scope of the management system. This was followed by a number of SWOT and PESTLE workshops to help identify what the perceived risks would be. Next came the Business Impact Analysis (BIA) - So essentially what you're needing to find out from these workshops is, the core activities that each of the teams perform on the day-to-day basis. You also need to understand what their systems are that they use, if they have any dependencies, and essentially it all comes down to understanding that if the business cannot perform those activities, what would be the impact overtime if those activities were to stop. Once you have all that information, the next step was to map it across into a risk assessment, which really helps you to understand the granular risks to your business when it comes to business continuity planning. This risk assessment helped to highlight some weaknesses that we hadn’t considered before, and gave us a point in the right direction as to what we needed to work on to bridge those gaps. Next was the creation and revamping of documentation inline with ISO 22301 requirements. Thankfully, due to the other ISO’s we hold, we already had a lot in place. Same goes for Internal Audits, so this was more a case of integrating ISO 22301 into our existing Management System. Once we had all the documentation, we conducted a ransomware test exercise, which we also documented all the findings from. Then we were we were ready for stage 1! [09:15] What were the biggest gaps Lifelong Leaner needed to address?: Following the BIA and Risk Assessment, we were able to see where we needed response plans because business continuity is always your Plan B. So in our minds, we had an idea of what kind of response plans we would need in terms of i.e. a malware response plan, a ransomware response plan, those sorts of things. But until we actually looked at the BIA we released we needed a few more. [10:25] What difference did addressing those gaps make? – For us it was understanding the real risks to our business. We already had ISO 27001 in place, and we figured if there were to be another pandemic for example, that we’d be covered. However, it wasn’t until we did those exercises did we realise that there was a lot we could improve on.   [13:25] What did Lauren learn from Implementing ISO 22301? – How much people underestimate the importance of a good business impact analysis. After going through this in a very, very short space of time, I realised that it is actually the driving force behind a good business continuity management system. Also, it highlighted just how many people believe business continuity is just all about IT and physical security, they completely loft out the human element. An example of this is having a single point of failure, which is where if somebody left there would be a gap. [14:40] What benefits have Lifelong Learner experienced since implementing ISO 22301? – Lauren has noticed that more clients are requesting to see their Business Continuity Plans. It’s helped with the introduction of the latest ISO 27001:2022 controls – as these too also focus on elements of business continuity. [15:50] Lauren’s top tips for implementing ISO 22301 – Definitely give yourself longer than 4 months! Logically think about how everything links together, the clauses all have purpose and flow in a logical pattern to help create a Management System. Your Management Review can be your best friend. It's your opportunity to really engage with senior management and help them understand what your risks are to the business, how your internal audit is coming along, how you manage your nonconformities and it can be all neatly wrapped up in that nice management review bow. [18:00] Lauren’s book recommendation – The Matthew Perry Autobiography, Friends, Lovers and the Big Terrible Thing. [19:30] Lauren’s favorite quote – “You catch more flies with honey than vinegar.” If You’d like to learn more about Lifelong Learner, check out their website. If you’d like to book a demo for the isologyhub, simply contact us and we’d be happy to give you a tour. We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

There’s no escaping it, AI is here to stay. Over the course of 2023 we’ve seen more general and public use of popular AI tools such as ChatGPT and Gemini (previously Google Bard). It’s now even being integrated into everyday applications such as Microsoft Word and Teams. There is no doubt that there are a lot of benefits to using AI, however, with new technology comes new risks. So how do we address the growing concerns around AI development and use? That’s where the new Standard for AI Management Systems, ISO 42001 comes in! Join Mel this week as she explains exactly what ISO 42001 is, who it’s applicable to, why it was created and how ISO 42001 can help businesses manage AI risks. You’ll learn ·       What ISO 42001 AI Management Systems is ·       Who it’s applicable to ·       Why it was created ·       How ISO 42001 can help businesses manage AI risks   Resources ·       Isologyhub ·       ISO 42001 Webinar registration   In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:05] Episode summary: Today we’re touching on a very topical subject – AI, and more specifically the brand new AI Management System Standard – IS0 42001. We’ll also be exploring who it’s applicable to, why it was created and how it can help businesses manage AI risks. [03:30] What is AI? – AI – otherwise known as Artificial intelligence, as it’s most simplest description is the science of making machines think like humans. We’ve seen a lot of AI tools be released to the public over the last year or so, tools such as ChatGPT and Google Bard. It’s already being integrated with some of the most commonly used apps and programs like Microsoft word and Teams. In short, AI integration is here to stay, so we may as well get to grips with it and make sure we’re using it responsibly. [05:10] What is ISO 42001? – , ISO 42001 is the first International Standard for Artificial Intelligence Management Systems, designed to help organisations implement, maintain, and improve AI management practices. It was jointly published in December 2023 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). The emphasis of ISO 42001 is on integrating an AI Management System with an organisations existing management system – i.e. ISO 9001 or ISO 27001 compliant management systems. Interestingly, a lot of the specific mentions of Artificial Intelligence and Machine Learning are within the Annexes rather than the body of the Standard. The Standard itself is very similar to ISO 27001 in that it’s mostly about what organisations should be doing to manage computer systems regardless of any AI components. [08:00] The 4 Annexes of ISO 42001: Annex A: This acts as a Management guide for AI system development, with a focus on trustworthiness. Annex B: This provides implementation guidance for AI controls, with specific measures for Artificial intelligence and Machine Learning – if you’d like to learn more about the difference between the two, go back and listen to episode 135. Annex C: Which addresses AI-related organisational objectives and risk sources. Annex D: This one is about the domains and sectors in which an AI system may be used. It also addresses certification, and we’re pleased to see that it actively encourages the use of third-party conformity assessment. This just ensures that your AI claims have more validity. [09:15] Who is ISO 42001 applicable to? – Those annex descriptions may have you assuming that this Standard is only applicable to organisations developing AI technology but in actuality it’s applicable to any organisation who is involved in developing, deploying OR Using AI systems. So if you’re a company who is only utilising AI in your day to day activities, it’s still very much applicable to you! [10:20] Join the isologyhub and get access to limitless ISO resources  – From as little as £99 a month, you can have unlimited access to hundreds of online training courses and achieve certification for completion of courses along the way, which will take you from learner to practitioner to leader in no time. Simply head on over to the isologyhub to sign-up or book a demo. [12:25] Why was ISO 42001 created?: ·       To address the unprecedented rapid growth of AI and all the risks that come with this new technology. ·       To ensure that AI development and use are trustworthy and above all, ethical. ·       The public are also reasonably wary of this new technology, so ISO 42001 aims to help build more public trust and confidence in the future use of AI . ·       ISO 42001 acts as guidance for organisations on exactly how to integrate AI Management controls with their existing systems. [14:05] AI risks you should be aware of – This isn’t an exhaustive list, as the technology develops, more risks will become known. However, as of the start of 2024, you should be aware of: Inaccurate information – Many of the chat bots and public AI tools are trained on publicly available information, and as we all know, not everything on the internet is true. So the output from these chat bots will need to be checked and verified by a person before being used or published. AI bias – Studies have proven that AI results can still be bias. As all the data fed into it is all based on existing information, it still presents the issue of a lack of information from underrepresented groups, or existing bias based on existing data. Time sensitivity – Not all AI use live data sets. Google Bard does, however Chat GPT is only accurate up until 2021. So double check whichever tool you’re using to make sure the information it produces is up-to-date. Plagiarism – Data gathered using AI came from somewhere! If you simply copy and paste information provided by AI platforms, there’s a chance you may be plagiarising existing content. Be sure to just use AI as a starting point! Security risks – Use of AI can expose you to additional security risks, For example, malicious actors could send someone an email with a hidden prompt injection in it. If the receiver happened to use an AI virtual assistant, the attacker might be able to manipulate it into sending the attacker personal information from the victim’s emails. Data Poisoning – AI uses large data sets to train its models, and we currently rely on these data sets being relatively accurate. However, researchers have found that it’s possible to poison data sets – so in future, AI may not be very reliable if preventative measures aren’t put in place by AI developers. [17:45] How can ISO 42001 help business manage these risks? – Above all, it provides a structured approach to identify, assess, and mitigate AI risks. ISO 42001 includes the guidance needed to put this in place from the start to ensure you don’t fall prey to the risks mentioned, with a view to monitor and update to address new risks in future. It promotes transparency and accountability throughout the AI life cycle. It helps ensure fairness, non-discrimination, and respect for human rights in AI development and deployment. It will help minimise potential legal and ethical liabilities associated with AI. The UK’s current GDPR and Data Protection Act can loosely cover aspects of AI, depending on how the terminology is applied, but there are already dedicated AI based regulations being developed within the EU which will likely be adopted by the UK.  It can foster innovation and accelerate adoption of responsible AI practices. And lastly, it provides a common language and framework for collaboration on AI projects. [21:35] Don’t miss out on our ISO 42001 webinar – We’re partnering with PJR to bring you a 2-part webinar series on ISO 42001. Catch the first part on the 5th March 2024 at 3pm GMT, register your interest here. If you’d like to book a demo for the isologyhub, simply contact us and we’d be happy to give you a tour. We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

We have over 18 years experience of implementing various ISO’s, covering a wide range of topics such as Quality, Sustainability, Information Security and Risk. With a 100% success rate, we’re confident in our consistent approach to implementing ISO’s, so much so that we’ve coined our own unique methodology.   Our regular listeners may be familiar with the term ‘isology’ from previous episodes referencing our online platform – the isologyhub. But what is isology exactly? Put simply, isology is our 7-step method for implementing any ISO Standard. Join Mel this week as she breaks down each of the 7 steps, including the planning, creation and review of an ISO Management System. You’ll learn ·       Our experience implementing ISO’s ·       The origin of isology ·       What is isology? ·       The seven steps of isology   Resources ·       Isologyhub ·       Isology synopsis   In this episode, we talk about: [00:25] Episode Summary – Mel Blackmore will be explaining our world leading methodology to implement any ISO Standard, which we’ve affectionately named ‘Isology’. [00:45] The creation of isology: We’ve been implementing ISO Standards for 18 years, starting with ISO 9001 and have since expanded our repertoire to over 20 ISO Standards covering risk, sustainability, quality and Information Security. The creation of the isology methodology has been a team effort from all of the consultants who have worked with Blackmores over the years, and is primarily built on best practice. [01:35] Step 1: Plan – Get a copy of the Standard, determine your scope, timescales, leadership commitment, resources and selecting a Certification Body. Timescales: This is typically around 6 months, but could be longer or shorter depending on your specific requirements. Resources: As an example, if you were looking to obtain ISO 14001 certification, you may need to appoint a sustainability champion. For ISO 27001 you’ll need a representative from the IT department. Selecting a Certification Body: Ensure whichever Certification Body you choose is UKAS accredited. You can check this on the UKAS website. International listeners will need to verify on your country’s national accreditation body website.   [03:45] Step 2: Discover – Time to understand what you have in place already and what you’re missing – this is done through a Gap Analysis. This will often involve an initial meeting with the leadership team to establish what you already have in place, i.e. relevant policies and procedures or any relevant objectives. We break this down step-by-step and document it all in a Gap Analysis, which will deduce your current level of compliance. From this an action plan can be created to indicate what needs to be done to become fully compliant, including assigning roles to assist with the Implementation. [05:30] Step 3: Expose - This is where we look at risks and opportunities related to your desired Standard (both internally and externally). This is typically done through a SWOT (Strengths, Weaknesses, Opportunities and Threats) and PESTLE (Policital, Economic, Social, Technological, Legal and Ethical). In this stage you will also need to understand the key requirements of any relevant stakeholders, so this can include clients, subcontractors, regulatory bodies ect. A Risk Register may be created to capture the findings to be addressed later. Some ISO’s require a Risk Register, others don’t, but in our experience it’s beneficial to have one regardless. Companies are also encouraged to create a Legal Register to keep track of all their statutory, regulatory and contractual requirements. [07:50] Step 4: Create – Time to review the requirements of the Standard in terms of documentation – and create what’s needed. This includes capturing your way of working with documented Procedures, so make sure you have the relevant staff involved in their creation. Something to remember, you can have additional policy statements that aren’t required by the Standard. If they are important to you, add them in! We’re in a modern age now, gone are the days of paper manuals gathering dust on an office shelf. Software and applications may be where the bulk of your Management System documentation lives. For example, at Blackmores we use a combination of Monday.com and SharePoint to manage all of our day-to-day activities, including our own ISO 9001 compliant Management System. The key here is to make your Management System accessible for everyone. [10:20] Step 5: Launch  – Once the Management System has found its home, you need to communicate it. Consider the type of launch you want and who will be involved. Make sure you encourage engagement with the Management System. Why should you Launch your Management System? Quite simply, there isn’t much point in having controls in your business if no one knows about them! We have 2 key ways of supporting you with the launch of your Management system: 1)    We can run an awareness session on your Management System either in person or via Teams. It can then be recorded and used as refresher / induction training. 2)    Get access to the isologyhub – out online platform with a suite of over 200 ISO courses, training, tools and templates. [12:15] Step 6: Engage - After the launch you want to ensure that employees are fully engaged and they actually not only are aware of the policies and procedures that you've got in place, but they're actively using them. The only way to verify this is through Internal Audits – that’s not just our opinion, that’s a mandatory requirement of any ISO Standard. We can assist with conducting these Internal Audits, which double up as a dummy run ahead of your assessment visits. These audits are essentially a show and tell exercise to gather evidence that you’re doing what you say your doing. [13:55] Step 7: Review - Time to take a step back and look at what’s been achieved and what’s been highlighted as areas for improvement through your Internal Audits. This is done at what we call a Management Review. These are typically conducted as meetings, but they don’t have to be a meeting specifically. We’ve done a podcast covering other ways to conduct this review. At this Management Review you will collate data on the performance of your business in relation to the ISO Standard. The minutes must be recorded, as your Assessor will expect to see these as it’s a mandatory requirement of any ISO Standard. If you’d like to learn more about what’s involved with a Stage 1 and 2 Assessment, go back and listen to a previous episode. If you’d like to book a demo for the isologyhub, simply contact us and we’d be happy to give you a tour. We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

The deadline is looming over the horizon as October 2025 marks end of the validity of ISO 27001:2013 certificates. Have you made a start on your transition journey? If not, you really should make a start in 2024 to ensure you’re all set well before that final deadline. The first step is to decide if you want to do it yourself or enlist the help of a professional consultant. For those that want to tackle it yourselves, you’re in luck! As we have just the tool to help: The ISO 27001:2022 Transition Gameplan. In this weeks’ episode, Steph Churchman, Communications Manager at Blackmores, explains why you need to transition to the 2022 version of the Standard and outlines the 7-step ISO 27001:2022 Transition Gameplan available on the isologyhub. You’ll learn ·       Why do you need to transition to ISO 27001:2022? ·       What happens if you don’t transition? ·       What is the ISO 27001:2022 Transition Gameplan? ·       An overview of the 7-step Gameplan   Resources ·       Isologyhub ·       ISO 27001 Transition Gameplan   In this episode, we talk about: [00:25] A different host – Steph Churchman, Communications Manager at Blackmores, steps in to cover today’s episode. She’s heavily involved with the development and updating of the isologyhub, and will be explaining one of the latest Gameplan’s: The ISO 27001:2022 Transition Gameplan [01:15] Why do you need to transition to ISO 27001:2022? The October 2025 deadline is fast approaching, so you really should be making a start in 2024 if you’ve not already. [01:45] Who needs to transition to ISO 27001:2022? – Basically, anyone who is currently certified under ISO 27001:2013 will have to transition to the updated Standard. One of the main reasons why we recommend getting a head start on this is , Certification Bodies will undoubtedly have a large demand for transition audits in 2025, when everyone’s rushing to get it done last minute. This results in a shortage of resources from the CB’s,  and you may end up struggling to get booked in time. [02:35] What happens if you don’t transition in time? – The harsh truth is you will lose your ISO 27001 certification. This then means you’ll be required to go through another Stage 1 and 2 Assessment against the latest version of ISO 27001, which can be costly. Another key reason is the latest version of ISO 27001 also considers a lot of new technologies that weren’t around back when the last version was published. You can imagine now that there are a lot more cybersecurity risks to consider with all the latest technology that has been released in that time. Put simply, it’s for the benefit of your Information Security to ensure you are adhering to the most recent best practice Standards. [03:40] What is the ISO 27001:2022 Transition Gameplan? This Gameplan will walk you through the stages of transition, which align to our proven isology® approach. Isology being our methodology for implementing any ISO Standard, based on our 18+ years of experience. In this Gameplan we provide training videos on the changes to ISO 27001, along with specific training videos covering each of the new Annex A controls that you will need to be familiar with, along with templates and workbooks to take you through the process from beginning to end.  [04:20] Step 1: Plan – Before you begin on your journey, it’s advised to understand the main changes to the standard. We’ve summarised the high-level changes in a previous podcast, and included a quick summary in the first step of the Gameplan. In this first step, you’ll also find guidance on how to prepare for your Certification Body visit. You really do need to do this early on to help establish a realistic timeline to complete your transition work. [04:55] Step 2: Discover  – At this stage, you need to get to grips with the changes to the Standard. There have been a number of controls changed, and 11 completely new ones added. We did cover a select few of these new controls in a few previous podcasts: #111, #112, #113, #114 In this Discover step we provide a number of awareness videos to explore these new controls and changes in detail, including how they may apply to your business. We’ve also included a downloadable PDF guide to these changes, in case you’d like to share this information internally. [05:40] Step 3: Expose - In this step we’ve included an ISO 27001:2022 transition workbook, which will act as a guide for all your transition activities. The first being the conducting of a Gap Analysis against the latest version of the Standard. After completing this, you will have a much better idea of where your main gaps and vulnerabilities are, so you can start putting the necessary controls in place to ensure compliance with ISO 27001:2022. We’ve also included a summary of the main Management System documentation that will need to be updated ahead of your transition visit. [06:20] Step 4: Create - This is the step where you will be implementing those changes as a result of your Gap Analysis. This will also be guided by that workbook, and we have provided some additional templates and resources to aid you. These include: ·       A Statement of Applicability Template ·       Annex A Control Mapping ·       ISO 27001 Management Review Template [07:15] Step 5: Launch – It’s not just about updating your documentation, you will obviously need to communicate these changes to the wider business. In this step we go over a few options for your launch plan – including guidance for both a soft launch and an all-in launch. To help you decide which one would be the best fit for you, we’ve included a full summary of each method in addition to a pro’s and con’s list for each. [08:30] Step 6: Engage – The last stages are all about gathering evidence of compliance against new and updated clauses and controls. In this step we provide some insight into what’s required from your Internal Audits and Management Review ahead of your transition visit. If you wanted to get some more tips on carrying out internal Audits within your business – we also offer a full Internal Auditor course on the hub that covers the core skills needed to complete those. If you become a member of the hub, you’ll get access to our whole library of resources – which includes a wealth of ISO related tools, templates and training videos. [09:20] Step 7: Review – This last step will help you prepare for the transition visit with your certification body. We touch on what you should expect from your Certification Body ahead of the transition visit, and include guidance on carrying out a final Document and evidence check to make sure you’re all good to go. If you’d like to book a demo for the isologyhub, simply contact us and we’d be happy to give you a tour. We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

Did you know that in the UK alone, 22 million pieces of furniture are discarded each year, the majority of which goes directly to landfill. That amounts to an estimated 670,000 tonnes of furniture wasted, where a significant portion could be recycled and reused. (Source) It’s clear to see the need for a more sustainable approach to furniture design, manufacture and lifecycle, which is where today’s guest, Design Conformity, come in. Design Conformity live and breathe circular design, the process for creating products sustainably from the beginning, and offer a Life Cycle Assessment Certification Process which has already led to significant carbon reductions. Mel is joined by Adam Hamilton-Fletcher, Founder and Director at Design Conformity, to discuss the application of circular design within the furniture manufacture industry and explain how their Life Cycle Assessment certification process can help businesses reduce their carbon footprint. You’ll learn ·       Who are Design Conformity? ·       What is circular design and how does it help companies reduce their carbon footprint? ·       What are the benefits of Design Conformity’s certification? ·       Can sustainability be of financial and environmental benefit to businesses? ·       Examples of circular design in practice   Resources ·       The ISO Show ·       Design Conformity ·       Carbon Calculator ·       Circular Design Guide   In this episode, we talk about: [00:25] Introducing today’s guest – We welcome Adam Hamilton-Fletcher, Founder and Director at Design Conformity, onto the show. Design Conformity are currently setting the standard in retail sustainability, particularly in relation to the furniture industry. [01:30] Who are Design Conformity? Adam worked in the manufacturing industry for about 15 years, designing lighting systems for major retailers like boots, Next, Marks & Spencers and Morrisons. He worked primarily with the lighting used in displays, and had been tasked with selling lighting products. In order to do so, he needed to develop a specification to help understand customer requirements, which would then be used to develop their ideal solution. The problem: There were little to no Standards in UK and Europe for the retail display industry. Which directly led to the creation of Design Conformity – who started out as an electrical and lighting Standard certification company, that developed into a full carbon certification company. They aim to become the gold Standard for sustainable furniture design. [03:10] What is Circular Design? – Circular design is born out of this principle of a circular economy. To compare, a linear economy is when we take a raw material, use it, process it, and then it’s just disposed of, usually straight to landfill. Whereas, circular economy is where we take that waste product and we design it so that it can be repurposed and refreshed and reused. Those materials can then eventually be recycled – so the goal is to not use any raw materials at any point. Circular design is the intent to minimise environmental impact, to design equipment that could be reused and repurposed, and then at the end of its life be recycled. [04:05] How do Design Conformity operate? – Design Conformity look at the way that companies design their furniture and then take them through a learning process (online course). They help businesses to understand how to design a product in such a way where it can be repurposed or reused, where raw material usage can be reduced and where the shipping requirements can be reduced. They provide guidance and advice on recommended materials, including the provision on an online carbon calculator. They also provide reporting in alignment with existing carbon standards, such as ISO 14064, for product evaluation. [06:55] How can the Carbon Calculator help? By selecting a product of a particular type, you can use the estimator by entering the details of where and what you’re manufacturing, and then it will give you a carbon footprint for that, which you can use to compare that against other industry designers. It displays these other designers anonymously, but you can get a feel for if your product is above or below the average for carbon emissions.  [08:55] An example of the Carbon Calculator in practice –  Design Conformity recently worked with Costa Coffee, who were looking to reduce the environmental impact of their of their shops and coffee lounges. The beginning of that process is to work with their manufacturers, to identify the environmental impact of the furniture that they've got. They used the Carbon Calculator to help create an initial benchmark, which highlighted key indicators that can lead to carbon reductions. [09:35] Design Conformity’s Certification – They’ve borrowed the concept used by existing Energy Performance Certificates, by having a carbon efficiency index, ranging from C1 – C7. Their score is a bit more unique however as it incorporates elements of circular design. Their score is based on a products total carbon emissions, divided by it’s size and total lifespan. An Ecolabel is then awarded based on the final score. [11:45] What are the benefits of Design Conformity’s certification?:- ·       It’s a mix between carbon reporting and a carbon rating. ·       It’s easier for consumers to understand the benefits in comparison to companies that advertise compliance with ISO 14064 and PAS 2060. ·       Not just a green label, as reporting is a key component of gaining certification. ·       It provides a cradle to cradle analysis on a products carbon footprint and translates that into something that is recognisable. [14:15] Are businesses right to be skeptical about the value of the cost versus the value of environmental certification?– 100%! It’s not uncommon for eco labels to be more of a marketing tool rather than a tool for tangible carbon reduction. A lot of them out there are unregulated and are contributing to green washing. That’s where Design Conformity’s differs, as they actually collate and process real data to provide tangible value and add credibility to their claims.  [16:10] Will there be a time where sustainability can be of financial and environmental benefit to businesses? – Yes, absolutely!  And if there is a way to do that, it’s through Circular Design. As an example, if you’re a manufacturing company that’s producing shelving, you need to buy in steel, which can fluctuate a lot in price at any given time. But you don’t need to buy more steel every time, where instead you could get your original product back, reprocess and redistribute. Adam has experience of suppliers who are practicing this, they purchase their products back at 40%-50% of the price, saving a lot of money in raw material! [19:00] Examples of companies who have embraced circular design – Tesco: They’ve introduced a policy whereby they purchase metal shelving, use it for 5 years, then take it back out of the store to get powder coated, cleaned and reintroduced to the store. That reduces the carbon footprint by 70% in comparison to buying a new shelving set! Boots: Their beauty halls wanted to introduce a lot of new brands, which meant a lot more displays were needed. Boots started working with Design Conformity towards earning their certification, specifically in relation to the lighting they used in stores. With Design Confomity’s help, they managed to reduce the carbon footprint at selected stores by 39%! [21:20] Circular Design Guide – 14 people were involved in creating this guide, which is designed to give you an introduction to and overview of circular design. Access it over on their website. If you’d like assistance with any ISO Standards, get in contact with Blackmores and we’ll be happy to help 😊 We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

For those in the ISO Space, you may be very familiar with the term ‘Certification’ in relation to ISO Standards. However, for certain ISO Standards there is a different type of terminology you need to be aware of. The demand for a more unified and structured approach to reduce carbon emissions has resulted in a few carbon related ISO Standards to be published over the last few years. Standards such as ISO 14064 (Carbon Verification) and ISO 14068 (Climate Change Management) use the term ‘Verification’ rather than ‘Certification’. So, what’s the difference between the two? Join Mel in this weeks’ episode as she explains the key differences between the terms ‘Certification’ and ‘Verification’ in relation to ISO Standards. You’ll learn ·       What is Certification? ·       What is Verification? ·       What is the difference between certification and verification? ·       What’s involved with Verification? ·       Is there a demand for Verification in the UK and overseas?   Resources ·       The ISO Show ·       Carbonology   In this episode, we talk about: [00:25] Episode summary – Listeners familiar with the world of ISO will know of the term ‘Certification’, however the release of new Carbon related Standards such as ISO 14064 and ISO 14068 has brought in a new term: ‘Verification’ This episode, we’ll explain the difference between the two. If you’d like to learn more about ISO 14064 and ISO 14068, check out episode 72 and episode 158. [02:00] What is Certification? – Quiet simply, Certification is for businesses who wish to certify an ISO Management system – so a company wishing to implement a Quality Management system to ISO 9001, would get the ISO System certified by an accredited Certification Body. [02:25] What is Verification? – Verification is the confirmation of a claim, through the provision of objective evidence, that specified requirements have been fulfilled.  Therefore ISO 14064 the carbon footprint verification standard is a standard that is verified not certified. The ‘claim’ or ‘statement’ is typically the QES ‘Qualifying Explanatory Statement’.  If you’d like to find out more about this, then checkout Episodes 91 to 97, where David Algar, Principal Carbonologist at Carbonology explains in more detail. [03:35] Setting the record straight – Some organisations (and even Certification Bodies!) have been stating they have been certified to PAS 2060 or ISO 14064 – which is technically incorrect.  As a certificate is not issued and they're not certified. [04:30] Think of Verification as an MOT: A simple analogy for Verification is a car MOT. This is an annual check to verify that a claim is correct, much like an MOT, someone must inspect evidence and check that everything is as claimed – not unlike checking under a car bonnet and checking tires to see if everything is in working order. [05:20] What is the difference between accreditation for certification and verification bodies? –  For ISO Certification, certification bodies must adhere to ISO 17021:2015. This standard basically provides a requirements for bodies providing audit and certification of management systems, and applies to CB’s like BSI or NQA. There are many others here in the UK, simply visit the UKAS website to find a list of accredited CB’s. In other countries, simply go to your national accreditation body website to find a full list. [06:40] Accreditation for Verification Bodies – Verification Bodies need to adhere to ISO 17029, which was a Standard first published in 2019. That standards title is: Conformity assessment, general principles and requirements for validation and verification bodies. Both Standards provide structure and governance to basically ensure that standards are either certified or verified to a level playing field. [07:20] Watch out for the cowboys – Unfortunately, there are some fake third party so-called certification and verification bodies that offer certification and verification. They do not adhere to either ISO 17025 or ISO 17029, and instead play by their own rules. Which results in utterly worthless (and very expensive) ‘certificates’ that won’t hold up under scrutiny in tendering applications. So please ensure you use an Accredited Certification or Verification Body! [07:48] What are the differences between Certification and Verification? Certification in more detail – Certification of an ISO Management System means of providing assurance that the organisation has implemented a system, so they've got the policies, procedures and controls in place against the relevant activities for their products and services to be delivered. Certification for management system provides that independence, that impartiality that the company is actually doing what they say that they're doing, and that it's effectively implemented. If you want to get certified, you need to undertake an Assessment. Typically this is done in two parts – A Stage 1 Assessment is a document review and Stage 2 Assessment is the evidence to prove that the companies following its policies and procedures. [09:35] What are the differences between Certification and Verification? Verification in more detail – There are actually 2 definitions for Verification: 1: The process for evaluating a statement of historical data and information to determine the statement is materially correct and conforms to criteria in 3.6.10. 2: It's a confirmation of a claim through a provision of objective evidence that specified requirements have been fulfilled. There are a couple of notes with this one, including: ·       Verification is considered to be a process for evaluating a claim based on historical data and information to determine whether the claim is materially correct and conforms with specified requirements. ·       Verification is applied to claims regarding events that have already occurred are results that have already been obtained, confirmation of truthfulness. [11:30] Avoiding Greenwashing – Now more than ever is the time to actually have systems in place to be able to verify that claims are factually correct. A key thing to note with both Verification definitions is that they state you can only make a claim for a certain period – again, much like an MOT. [12:55] What’s involved with Verification? – There are a few ways to gather the historical data needed for verifiers, here’s a few: ·       Observation; ·       Inquiry; ·       Analytical testing; ·       Confirmation; ·       Recalculation; ·       Examination; ·       Retracing; ·       Control testing; ·       Estimate testing; ·       Cross-checking; ·       Reconciliation From those terms alone, you can tell that this is a much more analytical approach than compared with Certification. [14:30] What’s the current status of Verification in the UK and overseas (as of 2024) – In addition to being the Managing Director of Blackmores, Mel is also CEO of Carbonology – a sister company dedicated to Carbon Standards. Across both companies, we’re seeing a lot of interest in Sustainability Standards such as ISO 14001 and ISO 50001. At this current time, there is not so much of a demand for Verification and as such, there’s not a demand for third-party verification at this stage. There is however, a demand for an impartial second-party Verification to back up an organisations’ claims. [16:15] Need any help with ISO 14064 or ISO 14068? – Get in contact with Carbonology and speak to our expert Carbonologists.   If you’d like assistance with other ISO Standards, get in contact with Blackmores and we’ll be happy to help 😊 We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

ISO Standards are internationally recognised as the gold standard for best practice within a variety of subjects and sectors.  But what ISO Standards are the most popular across the whole globe? And are there any trends that can be gleaned? Thankfully, the International Standards Organization runs a yearly survey to find out! Join Mel in this weeks’ episode as she breaks down the top 10 ISO Standards Implemented globally, where they are most popular and identifies key trends. You’ll learn ·       What are the top 10 Implemented ISO Standards? ·       What Standards are gaining traction? ·       Where are the top 10 Standards most popular? ·       Are there any trends within the top 10 Implemented ISO Standards?   Resources ·       The ISO Show ·       ISO.org   In this episode, we talk about: [00:25] Don’t forget to subscribe and leave a review – We love sharing top tips and dispelling myths about ISO Standards. Help us reach a wider audience by subscribing on your preferred media player, and leaving us a review 😊   [01:10] Episode summary – We’ll be taking a look at the top 10 most popular ISO Standards based on the ISO Survey, run annually by iso.org. The survey results break down the number of ISO Certificates issued, and highlights which countries and sectors these Standards are most popular in. We’re basing this episode on the 2022 results, as the 2023 results won’t be out until later this year. We’ll do another episode on the 2023 results to see what’s changed – so keep an eye out for that! [02:14] #1: ISO 9001 – No surprises here! The Quality Management Standard is still top of the pops. It’s holding strong with a 12% increase based on the previous year. It’s most popular within the Construction, wholesale & retail, electrical, machinery & equipment sectors. China is in the lead with number of certificates issues (by a very large margin!), followed by Italy, India, Germany and the UK. [03:30] #2: ISO 14001 – We’re happy to see the Environmental Management Standard so popular! In fact, it’s had a 21% increase over the previous year! It’s most popular in China, Japan, Italy, UK and Spain. Construction is the leading sector, but we’ve also seen an increase in the number of professional services choosing to adopt this Standard. [04:15] #3: ISO 45001: Coming in at #3 we have the Occupational Health & Safety Management Standard. This has seen an even bigger increase in demand, 29% more than the previous year. China still leads the way with number of certificates issued, but the UK and Australia are not far behind. Interestingly, there is little uptake within the Agriculture sector, which is concerning considering they consistently have the highest injury and death statistics year on year (in the UK according to the annual HSE reports). [05:25] #4: ISO 27001 –  The Information Security Management Standard comes in at #4, with a 21% increase in demand over the previous year. Unsurprisingly, it’s increased primarily in the IT sector, but that’s followed by transport, storage and communications, along with financial services and real estate / renting. [06:00] #5: ISO 22000 – The Standard for Food Safety Management makes it into the top 10, with it being more popular in Taiwan and Greece. The sector specific information for this particular Standard is slim, but it’s applicable to any organisation involved in the making, packing and distribution of food, as well as organisations in the hospitality sector. [06:30] #6: ISO 13485 – This is the Standard for Medical Devices. The USA are leading the way with certificates issued, followed by France, Germany and Italy. We’re pleased to see that none of these ISO Standards are in any decline, and only seem to be increasing in popularity as the years go by. [07:20] #7: ISO 50001 – This is the Standard for Energy Management, if you’d like to learn more about this Standard, check out a few of our previous episodes. ISO 50001 has seen a 33% increase in demand, which is amazing to see! We hope this is a sign of more organisations taking climate change seriously, and taking the appropriate steps to start reducing their impact. China is still in the lead where number of certificates issued is concerned, followed by Germany, Spain, Italy and France.   [08:25] #8: ISO 20000 – The Service Management Standard is still very popular within countries where we see a lot of call center activity. This used to be known as the ‘IT Service Management Standard’, but it has since evolved and encompasses Service Management as a whole. We did a podcast episode covering this Standard in 2023, so go back and listen if you’d like to find out more. No surprises to see China still in the lead with number of certificates issued, followed by USA, India, Italy and Spain. [09:15] #9: ISO 37001 – This one was a surprise, ISO 37001 is the Anti-Bribery Standard. Blackmores have implemented this Standard in the Construction and Facilities Management sectors, but it’s a shock to see it in the top 10 as it’s always been very niche here in the UK. This particular Standard is most popular in Peru, followed by Italy, Indonesia, Korea and Brazil. We were curious about why Peru were in the lead, and it seems that there may be a requirement for certain organisations to have this. Back in 2017, we knew there was a voluntary requirement, but perhaps this has changed in the last few years. If we have any listeners in Peru – we’d love to hear your feedback on this subject! [10:35] #10: ISO 22301 – The Business Continuity Standard. This Standard is most popular in the UK, and based on our experience, it’s commonly adopted by those in the professional services and IT managed services sectors to help provide resilience and continuity for their Stakeholders. Other countries where it’s popular include India, China, Greece and Korea. [11:20] The runners up – These Standards didn’t make it to the top 10, but they were very close: ·       ISO 55001 – Asset Management ·       ISO 20121 – Sustainable Event Management ·       ISO 44001 – Collaborative Business Management [12:10] Conclusions – It’s clear to see that sustainability based Standards are becoming very popular. We’re particularly pleased to see the 33% increase in demand for ISO 50001! If you’d like to request a specific topic, or be a guest on a future episode, get in contact and let us know. We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

Before we dive into the new year, we’d like to take a step back and reflect on 2023.  Last year was filled with a lot of topics and challenges, from tackling the transition to ISO 27001:2022, to finding credible ways to offset your carbon emissions within the UK. With a total of 33 episodes published last year, Mel looks back on the 5 most popular episodes of 2023, including some highlights from each episode. You’ll learn ·       What were the top 5 most popular podcast episodes of 2023? ·       A highlight from each of the top 5 episodes   Resources ·       The ISO Show   In this episode, we talk about: [00:45] Editor shoutout – A special shout out to the Blackmores Communication Manager, Steph Churchman, who helps organise, produce and publish the ISO Show podcast!   [01:20] Information Security was a favorite topic for 2023 – ISO 27001:2022 was definitely a hot topic in 2023, which is not a surprise seeing as anyone currently certified to ISO 27001:2013 will need to transition to the latest standard by October 2025. Many were making a start on this in 2023, or looking to plan it in for 2024. [02:10] #1: Episode 128 What’s new with ISO 27001:2022? – Orginially published as part of a series of podcasts explaining the new Standard. This episode focuses on a high-level overview of the major changes. Here are a few highlights from the snippet: ·       Steve Gives an overview of what’s new in ISO 27001:2022 – The updated version of ISO 27001 was released on the 26th Oct 2022. The new version included 24 changes and clarifications within the main clauses. ·       The controls for the new standard are now categorised into 4 groups: Organisation, People, Physical and Technology  ·       We covered some of the new controls in more detail in previous episodes: #109, #110, #111, #112, #113 and #114 ·       The 24 changes and clarifications to Clauses include older existing clauses which have been tidied up to be more transparent. We recommend reviewing to ensure that you are complying in a way that aligns with the Standard. ·       There are 11 new Controls. 56 controls from the 2013 version have been reduced to 24 with 58 remaining unchanged. So, in short, Annex A has been simplified with less duplication of controls.   [09:15] #2: Episode 130 What are the 11 new controls in ISO 27001:2022? – In this episode we brought Steve Mason back to discuss the 11 new controls in ISO 27001:2022, and delve into the context of why these were added. We also highlight some of the resources we’ve made available in the isologuhub, including mention of our ISO 27001 Transition Gameplan. Here are a few highlights from the snippet: ·       These new controls are nothing to worry about – they are simply aligning the Standard with more modern security considerations. You may already be complying with them! ·       Control A.5.7 Threat intelligence – ‘To provide awareness of the organization’s threat environment so that the appropriate mitigation actions can be taken.’ – This can come from many different sources, such as the NCSC or local police websites. There are also additional tools you can add to detect possible phishing attacks. This also includes consideration to external threats – Information Security is about much more than just protecting data! It also includes physical security. ·       Control A.5.23 Information security for use of cloud services – “To specify and manage information security for the use of cloud services.” – More and more businesses reply on cloud-based computing. It’s important to verify the security of your service provider to ensure it’s adequate. You can check to see if they have any valid Information Security related credentials such as CSA Star, Cyber Essentials, SOC. You could also adopt principles of ISO 27017 (certification for cloud security), ISO 27018 (Protection of PII in the public cloud) and ISO 27701 (PII security Standard). ·       Control A.5.30 ICT readiness for business continuity –‘ To ensure the availability of the organization’s information and other associated assets during disruption’ – There a few standards that could assist with this, including ISO 27031 (ICT readiness for Business Continuity). Those that have ISO 22301 may want to look at how ISO 27001 elements can be integrated and improved in any disaster recovery plans. ISO 27001 needs to be an integral part of any business continuity plans – not just a bolt on. Small business may not want to conduct a full business impact analysis, but should carry out a risk assessment around business continuity at the very least.   [21:20] #3: Episode 134 Credible Carbon offsetting with Treeconomy: We had some fantastic guests on the show last year, such as Harry Grocott – CEO of Treeconomy. We invited him on to talk about how we can demonstrate credible carbon offsetting through schemes here in the UK, and how you can avoid falling prey to greenwashing. Here are a few highlights from the snippet: ·       Can we quantify the value of nature? Short answer right now is no, but there is a lot of nuance. Nature offers ecosystem services i.e. farms offer a calorific benefit, we can put a price on the value that offers. The same principle applies to resources such as wood or oil. Now we are gaining the ability to quantify CO2 removal, which is undeniably valuable to humanity. ·       Other more recent services such as biodiversity projects are a bit harder to quantify – as they vary so much depending on the country. However, we are starting to assign value to these. ·       How can people be sure that they don’t fall prey to Greenwashing? There are 2 main issues to consider: 1) Are your carbon credits credible? 2) what claims are top management making? ·       Tackling claims made by leadership: ISO standards are starting to solve this issue. There are clear requirements and certifications that need to be in place to back those claims.  ·       Tackling carbon credits: The carbon offsetting market is heavily unregulated currently. Essentially it’s a lot of people trading in invisible gas. There are a number of carbon standards (Not quite at the same level as ISO Standards), such as the Woodland Carbon Code and the Peatland Code, and Internationally there are standards such as Verra VSC – unfortunately, a lot of these standards aren’t very robust and aren’t enforced. ·       Many companies will often look to buy the cheapest offsets available, which are likely to be non-credible and will provide no evidence of actual offsetting occurring. But, there are a lot of new companies emerging that provide tangible evidence of offsetting (such as Treeconomy  )   [33:50] #4: Episode 136 dotdigital’s sustainable transformation with ISO 14001 –  We’re always delighted to share stories about our clients’ ISO journeys. In this case we got the chance to talk to Steve Shaw, the Chief Product and Technology Officer at dotdigital, about their journey to achieve ISO 14001. Dotdigital have a habit of going above and beyond when it comes to implementing ISO Standards, and this time is no different as Steve explains some of the fantastic sustainability initiatives introduced as a result of gaining certification. Here are a few highlights from the snippet: ·       dotdigital was the worlds first carbon neutral marketing automation platform that was ISO 14001 certified. They also aim to be net zero by 2030! ·       They have a relatively small footprint as a primarily digital based company, only really having to consider the running of computers, air conditioning and standard office facilities. So it can be a challenge to reduce! ·       What led to the success of dotgreen? – dotdigital launched a group called dotgreen, which has since thrived into a community of likeminded individuals all working together to improve and reduce dotdigital’s impact. They were fortunate to have an Executive group sponsor who can take ideas and suggestions to other leadership for consideration. This grassroots group encourages suggestions from everyone – no idea is a bad idea. Over time, the group evolved and helped to develop a sustainability programme for the business.  ·       What was one of the initiatives implemented from dotgreen? – They identified that existing data centers used by the business weren’t always utilising renewable energy. So, over the course of 2 years, they worked with Microsoft to build on their Azure platform to enable dotdigital to make the switch. Azure runs on renewable energy sources, and any remaining emissions can be offset through carbon credits. ·       A green option for their customers – As a result of their cloud platform now being run through green partners, they can extend the environmental benefit to their customers.    [42:25] #5: Episode 135 Emerging SaaS Trends in Health and Safety – Health and Safety can be quite the task to keep on top of, a well known fact for anyone certified to ISO 45001. Thankfully, there are a number of Software as a Service options out there to make the lives of Health and Safety professionals much easier. New and emerging technologies are only going to develop more rapidly with the integration of AI and machine learning. We invited James Sharp, Chief Technical Officer at Riskex, onto the show to discuss the top 10 emerging SaaS trends, including how each can help streamline processes and gather and analyse large amounts of data. Here are a few highlights from the snippet: ·       Riskex have been certified to a number of ISO Standards, including ISO 18001 (Prior Health and Safety Standard, now certifying to the latest version, ISO 45001), ISO 27001 (Information Security) and ISO 9001 (Quality Management) ·       Software as a Service became very popular during Covid, as business became very fragmented and were looking for solutions that could be rolled out across multiple sites. Riskex also created their own track and trace system based on established software they were already offering – helping businesses manage Covid safely. ·       Trend #1 – Artificial Intelligence – Artificial learning is all around us and with vast volumes of data being collected by safety management platforms.   AI allows decision engines to predict and provide guidance based on key trends or established KPI’s. For example, if accident rates were to increase but at the same time risk levels have been reducing, it could soon highlight this trend and look at other surrounding data or previous trends to establish a pattern.  This will lead to a more pro-active approach to reporting and subsequent decision-making. ·       Trend #2 – API Connectivity – Providing an open API platform will allow businesses to integrate internal systems and external services to digest data. As more organisations adopt Cloud solutions, connectivity between platforms has become increasingly important. With a robust API offering, multiple business services can interact with ease and become part of the safety management space, without incurring significant cost or time. ·       Trend #3 – Low-Code Optimisation – Developing generic components within software to allow for quicker builds, implementations and tailoring requests. As stand-alone and generic component development increases, solutions can offer more flexibility and self-serve options to the end user to assist them with aligning platforms with their specific processes. ·       Trend #4 – Mobile Optimisation – More and more end-users are accessing health and safety software via their mobiles but for various reasons, are not always able to use native apps (installed on the device). Therefore, health and safety software platforms need to adapt use on multiple devices, without the loss of features. We can’t wait to dive into new topics this year! If you’d like to request a specific topic, or be a guest on a future episode, get in contact and let us know. We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

Trying to achieve Carbon Neutrality can feel like a monumental task, especially with so many separate elements that you have to complete. From quantifying your data, reducing where possible and offsetting the remainder, it can be hard to keep track of it all with taking a structured approach.  Which is where ISO 14068 comes in. This is the new Standard for Climate Change Management, and it’s specially designed to help businesses with the transition to Net Zero. In this weeks’ episode Mel explains 10 reasons why you should use ISO 14068 – the new Standard for Carbon Neutrality.    You’ll learn ·       What is ISO 14068? ·       Why should you adopt ISO 14068? ·       How can Carbonology Support you with ISO 14068?   Resources ●      Carbonology ●      Grab a copy of our Net Zero Planner ●      ISO 14068   In this episode, we talk about: [00:25] What is ISO 14068? – This is standard for Climate Change Management. If you’d like to find out more about the Standard, it’s purpose and how it can prevent green washing, go back and watch our previous episode. [00:55] Where to find more information – This podcast is based off BSI’s most recent Publication on ISO 14068: ‘Climate Change Management – Transition to Net Zero – Part 1: Carbon Neutrality (A BSI Executive Briefing). You can download this from a recent blog on BSI’s website. [01:05] Reason 1: A structured approach – Mel found out firsthand from a recent EMEX event that people are looking for a structured approach to carbon neutrality. ISO 14068 gives organisations a structured process for developing a detailed carbon neutrality management plan with short- and long-term targets. [02:10] Reason 2: Quality - In contrast to unsubstantiated claims of neutrality, claims under ISO 14068 have to be based on all GHGs, take a lifecycle approach and can only be made after the development of long-term planning, with real GHG reductions in place, and offsetting restricted to residual emissions using high quality carbon credits. [03:10] Reason 3: Credibility: Use of this internationally recognised standard can offer market benefits by increasing the credibility and verifiability of a product or organisational claim of carbon neutrality. This Standard has been developed by international technical committees and subject matter experts across the globe, which gives it a lot more credibility in the eyes of Stakeholders. They will have confidence that claims are transparent and reliable from those who adopt ISO 14068. [04:22] Reason 4: Global Recognition –  A quick reminder - Those who have been listening to the ISO Show for a while now may remember our previous podcasts on PAS 2060 – the previous Standard for Carbon Neutrality. Companies will now have 2 years to transition to ISO 14068. We’ll be doing a podcast on how to go about doing that in 2024! Circling back to Global Recognition, ISO 14068 provides a common set of criteria for measuring and reporting carbon neutrality. This ensures consistency across different organizations and industries, underpins easer comparisons for carbon neutrality efforts between entities, allows stakeholders to assess and benchmark efforts, and supports global recognition for claims of carbon neutrality. [05:30] Reason 5: Convenience – If you’ve already got other ISO’s in place, good news! ISO 14068 is designed to work with other quantification standards such as ISO 14064 or other equivalents. [05:55] Reason 6: Flexibility - ISO 14068 can be used by any sized organisation, in any country or sector. It can also be applied to whole organisations or individual products. [05:55] Reason 7: Responsibility - The standard encourages organisations to take responsibility for minimising their own carbon footprint before paying third parties to offset their emissions. We’ve seen in the past where people think just paying for carbon credits will work in the long-term – which just isn’t sustainable. You should be looking to reduce as much as possible before moving onto the Offsetting stage. [08:00] Reason 9: Risk Mitigation – Adopters of ISO 14068 will be in a strong position to manage current and emerging regulatory and market risks in relation to GHG emissions. It’s a competitive market place out there, with ESG requirements appearing more on tenders year on year. Many will now require you to prove your commitment to carbon neutrality, and it’s become clear that we need Standards to be able to provide that evidence. This is where ISO 14068 comes in, as you will have that proven methodology that you can then demonstrate to those stakeholders. [09:30] Reason 10: Competitiveness –  ISO 14068 demonstrates a commitment to climate action can also mitigate reputational risks and enhance brand value, market access and competitiveness [10:30] Further Information –  Our sister company, Carbonology, will be publishing more content around ISO 14068 in 2024. Check back on their website to find out more. We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

We’re inching closer to our 2030 and 2050 Net Zero targets, and if we keep going the way we are, we’re not going to hit either one.   This is unsurprising considering the lack of a unified approach to achieving Net Zero. There are a lot of options to tackle certain aspects of sustainability, but few outline an entire pathway to guide businesses towards a tangible goal.  However, that may be set to change with the release of ISO 14068-1:2023 – Climate Change Management! In this weeks’ episode Mel explains what BS ISO 14068 is, who can use the Standard, and how this Standard can combat green washing.   You’ll learn ·       What is ISO 14068? ·       Who is this Standard for? ·       Why was this Standard created? ·       How can ISO 14068 help businesses to tackle climate change ·       How can ISO 14068 help combat green washing   Resources ●      Carbonology ●      Grab a copy of our Net Zero Planner ●      ISO 14068   In this episode, we talk about: [00:25] Introduction and episode summary – ISO 14068 has just been published, superseding PAS 2060. In this episode, we’ll explore what this Standard is all about, how it can help you and help prevent green washing. Keep an eye out for our follow-up episode, which will give you more insight into the 10 reasons for adopting this Standard to achieve Net Zero in 2024. [01:40] A passion for Sustainability – If you’re new, you may not be aware that Mel is the CEO of both Blackmores and Carbonology. Carbonology was created as a sister company in 2023, and it’s sole purpose is to help businesses to be able to demonstrate with credibility and complete transparency - A legitimate route to achieving carbon neutrality. [03:00]  What is ISO 14068-1:2023? – This is standard for businesses transitioning to Net Carbon zero. The standard for specifies the requirements for achieving and demonstrating carbon neutrality through the quantification, reduction, removal and offsetting of greenhouse gas (GHG) emissions. [03:30] Who can use this Standard? BS ISO 14068-1:2023 can be used by any organization, in the private or public sectors, that wishes to make either the organization or a product climate neutral. Products may be consumer-facing or business to business, and include all types of goods and services, including events and financial services. [04:05] Why has this Standard been developed now?: To avoid the worst effects and keep the rise in global temperatures to no more than 1.5°C, the Intergovernmental Panel on Climate Change (IPCC) of eminent scientists has identified that we need to cut emissions of greenhouse gases by 40% in this decade and to global net zero by 2050. However, working towards a long-term target of net zero can be difficult without recognition of achievements along the pathway. That’s where carbon neutrality can help; organisations that have a clear plan and have started making real greenhouse gas (GHG) reductions can counterbalance their remaining carbon footprint using high quality carbon credits / offsets to achieve carbon neutrality. ISO 14068-1 is the new International Standard that sets out requirements for organisations wishing to achieve carbon neutrality, including for products, such as goods, services or events. ISO 14068-1 also provides a rigorous and robust framework for avoiding greenwashing, and builds on the 15 years’ experience of the previous Standard – PAS 2060. Organizations using the standard will benefit in two main ways: internally, through having a clear guide on best practice in reaching carbon neutrality; and externally, by demonstrating compliance with a rigorous standard on carbon neutrality. [06:40] How can the standard help businesses that are still scratching their heads about how to tackle climate change? -  The standard provides clear principles that entities need to consider when seeking carbon neutrality. These include establishing a hierarchy, so that GHG emission reductions are made first – and reductions are often the most cost-effective way of reducing a carbon footprint, avoiding the need for potentially costly carbon credits. The hierarchy is then used to determine a pathway to carbon neutrality, including short- and long-term targets for minimising the carbon footprint. The standard also explains how the pathway is used in developing a detailed carbon neutrality management plan, which provides clear guidance for those responsible for the implementation of carbon neutrality. [08:30] How can the standard combat green washing? In recent years, there have been many claims of carbon neutrality that are unsubstantiated or supported only by purchasing a few carbon credits, with a consequent risk of greenwashing. Following BS ISO 14068-1 means organiations will be able to demonstrate that their claim of carbon neutrality is underpinned by real action to reduce GHG emissions and includes a clear pathway to eliminate all possible GHG emissions, so it does not just fall back on purchasing carbon credits in the market. This significantly improves the credibility of a claim. [09:45] Keep an eye out for future episodes! We’ll be talking more about ISO 14068 in future episodes, including the benefits of adopting this Standard. We’ll also dedicate an episode to explaining the difference between Certification and Verification – so stay tunned! We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

The use of AI within business is starting to become more common place. With major applications like Microsoft Teams and Word integrating many new features designed to make our lives easier.  However, we still need to exercise caution with this new technology and consider what we can put in place to mitigate any potential security risks while developing or utilizing it. Which is precisely what today’s guest, Monolith, has done. Monolith provide a machine learning program that engineers can adopt to build highly accurate self-learning AI models that instantly predict the performance of systems in a wide variety of operating conditions. In this weeks’ episode Mel is joined by Æsc George, Senior Software Engineer at Monolith, to discuss why they have adopted ISO 27001, explain their implementation journey and the benefits of having an Information Security Management System.  You’ll learn ·       Who are Monolith AI? ·       What was their main driver behind obtaining ISO 27001? ·       What was the biggest Gap identified in the initial Gap Analysis? ·       What benefits did Monolith AI gain from implementing ISO 27001?   Resources ●      Monolith ●      ISO 27001 Transition Gameplan   In this episode, we talk about: [00:25] An introduction to Monolith and Æsc George – Monolith AI is all about empowering engineers to develop self-learning models from their engineering test data. With this they can develop machine learning models to really accelerate new product introductions and get these new products to market much more quickly, primarily by using these models to accelerate and streamline their testing. They are currently recommended for ISO 27001 certification, and are eagerly awaiting the arrival of their physical certificate. Æsc George is a Senior Software Engineer of this web browser based software. He is also the interim security officer, which is why he was tasked with obtaining ISO 27001. Fun fact about Æsc: He was a proud owner of a colony of 8 rats! He currently takes care of 4 cats, which have access to a plethora of enrichment in his home 😊 [03:35] What was the main driver for Monolith to obtain ISO 27001? – There were a few drivers, the most obvious being that they want to display their commitment and credibility when it comes to Information Security. Acquiring ISO 27001 makes it easier to show their clients and prospects that their engineering data is in safe hands. Monolith also know that there's a lot of buzz about artificial intelligence and machine learning at the moment, and that buzz covers both sides of the coin. What good it can do for the world and the harms it can do, so aligning with ISO 27001 shows that they’re trying to use AI in a responsible way. [05:10] The start-up is getting a head start! – Monolith AI is a start-up company, only a year in and already leading the way for AI development by ensuring security is a priority from the start. [05:40] How long did it take to implement ISO 27001? Nine months from the point of contacting Blackmores to assist to being recommended for certification. Æsc recounts his experience: “My perception is that the effort was quite front loaded, so the amount of effort involved in the process almost wound down towards the end - even with the external audit happening towards the end. I think once the information security management had been established and we'd worked it into our day-to-day, the perceived effort was lower. So I felt pretty confident going through our audit processes because I've experienced the system working already.” [08:15] What was the biggest gap identified at the Gap Analysis?: There wasn’t a formal approach to information security risk and risk treatment. There were already a number of existing systems and ad-hoc arrangements to mitigate information security risks – but they had been framed in terms of risk. They hadn’t gone through a process where risks were quantified and weighed against each other. So following the gap analysis, one of the many actions Monolith took was to make sure they were consistently and regularly assessing information security risk in various dimensions. They now have the right framework in place to allocate the appropriate time and resources towards information security, and to prioritise the biggest risks. [10:10] What difference has Implementing ISO 27001 made? -  It’s given Monolith more confidence in their understanding of Information Security risks, and assurance that there aren’t any massive, unidentified risks that may cause trouble later down the line. It’s also made it easier to discuss information security risk and policy decisions. Monolith AI are a remote first company, allowing their staff the freedom to experiment with new technologies, and be in an environment where they feel comfortable. Having formal risk treatment in place means they can maintain this highly flexible, highly innovative and productive way of working – but with their eyes wide open. [11:40] What has Æsc learned from the experience of Implementing ISO 27001? Æsc is not new to ISO Management Systems, having been involved with the maintenance and implementation of a few in the past. However, he has gained an appreciation for the nuance in ISO 27001. For example, the knowledge that the standard uses words like ‘should’ and ‘shall’ that have particular intentions – ‘shall’ being mandatory and ‘should’ being recommended. His previous experiences with Management systems had more available resource than at Monolith, so learning this nuance has been important in the prioritization of focus and resources in his current position. [13:30] What have been the main benefits from Implementing ISO 27001? Having a holistic and formal approach to Information Security and risk management compared to the ad-hoc approach they had prior. It’s brought the company together on a really important issue, and helped everyone to understand the role they play in Information Security. Personally, Æsc has enjoyed reaching out to people he may not ordinarily get the chance to work with, as a result of this unifying issue that everyone at Monolith cares about.  [17:00] Once Monolith formally receive their ISO 27001 certificate, what benefits will that bring? – Currently Monolith AI are recommended for Certification, and are simply waiting on the delivery of their physical certificate. Once received, they will be able to present it to prospects and clients if they are questioned on information security credentials – to show that they are serious about their commitment to security. It will also open doors to new prospects that may bother considering them as a supplier due to the lack of ISO 27001 certification. They are also a leading example in the relatively new industry of AI, those with ISO 27001 certification at this stage stand out from other competitors. [19:15] What tips does Æsc have for those starting out on their ISO jorney? –  Speaking from experience, Æsc recommends hiring a specialist in ISO to assist with your implementation. In his case, Blackmores helped to organise the process, drive a lot of the early gap analysis and gave him confidence in going through internal and external audits. Having someone with experience acting as a guiding hand makes the whole process go a lot more smoothly. This could be a consultant, or someone you train within your own business. These projects are the sort of thing that turn passion into action. Whether that’s information security or environmental management ect, it’s better to have someone experienced or trained in the nuances of the Standard to ensure it’s implemented in a way that truly benefits your business.  [21:20] Æsc’s book recommendation -  Nature's Calendar: The British Year in 72 Seasons by Kiera Chapman, Rowan Jaines, Lulah Ellender and Rebecca Warren. It’s Inspired by a traditional Japanese calendar which divides the year into segments of four to five days, this book guides you through a year of 72 seasons as they manifest in the British Isles. As Æsc describes: “Lots of the seasons will be very familiar to people who've lived in this country their whole life, but they may not have necessarily thought about the context of it. So I think is really grounding. Time and the way we measure it can seem so arbitrary and abstract sometimes, and measuring minutes and hours is responsible for so much stress and anxiety, so taking a breath, thinking about how nature moves at a different, slower, more deliberate pace, and finding the time to synchronise with that move with nature can be a really rewarding experience” [24:15] One of Æsc’s favorite quotes -  “I went to the woods because I wished to live deliberately, to front only the essential facts of life, and see if I could not learn what it had to teach, and not, when I came to die, discover that I had not lived” - Henry David Thoreau (from his book ‘Walden’) [26:10] Need help with your ISO 27001 transition? – We have an ISO 27001 Transition Gameplan available on the isologyhub. This Gameplan provides a step by step guide for you to transition to the latest 2022 Standard. If you’d like to learn more about Monolith AI, check out their website. We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

The demand for tangible sustainability action is becoming more pressing as we inch closer to our 2030 and 2050 Net Zero targets.  However, that is still quite a way off, and many businesses are dragging their feet when it comes to taking action. Sure, some may have an ESG Policy or mention it on their website, however that term is starting to become synonymous with green washing due to poor implementation in many cases.  So, what can you do to make a difference right now? In this weeks’ episode Mel explains the principle of Parkinson’s law, how ISO Standards can help to tackle climate change and how you can achieve Net Zero in just 90 days.  You’ll learn ·       What Parkinson’s Law is ·       How can ISO standards help tackle climate change ·       The 3 reasons why businesses are behind on achieving net zero ·       How you can achieve Net Zero in just 90 days using the Net Zero Planner   Resources ●      Carbonology ●      Register for EMEX here ●      Grab a copy of our Net Zero Planner   In this episode, we talk about: [00:25] Come visit the Carbonology stand at EMEX! – EMEX is a free exhibition to learn about carbon management, ESG and sustainability. It takes place at ExCeL London on 22nd – 23rd November 2023 – Carbonology will be at Stand G38. Come grab a free Net Zero Planner while you’re there! Register your place here. [02:10] Episode Summary – Today we’ll be talking about why we need to act now rather than in a decade or two, how ISO Standards can play a critical role in tackling climate change and using the Net Zero Planner to help you set achievable objectives to work towards Net Zero in just 90 days.     [02:55]  We need to act now rather than later! – Our 2030 and 2050 targets are very far away, which results in businesses not doing much to address them in the meantime. They might have an ESG policy or they might have something referencing ESG on their website, but are they actually taking action right now to make that happen? In many cases, no. Which is where Parkinson’s Law comes into play. [03:40] What is Parkinson’s Law? Parkinson's Law is the idea that work expands to fill the time allotted for its completion. This may mean you take longer than necessary to complete a task or you procrastinate and complete the task right before the due date. Parkinson's Law is the old adage that work expands to fill the time allotted for its completion. The term was first coined by Cyril Northcote Parkinson in a humorous essay he wrote for “The Economist” in 1955. Lets say you are given a task to complete a report in 3 weeks, chances are if you were given the task to do in 1 week – you’d make it happen. Parkinson's Law says that the perceived importance and difficulty of a task will grow in proportion to the amount of time given to finish it. [05:30] Is it possible to achieve Net Zero in 2024?: Yes! Carbonology® been turning around projects to help businesses to build net carbon neutral in less than three months -  so why can’t you? [06:05] The Net Zero Planner -  The Net Zero in 90 days planner gives you a pathway to follow to achieve Net Carbon Zero. Each day focuses on a specific task, enabling you to make step by step progress to achieve your goals. Your Net Zero Planner provides the foundations for not only achieving Net Zero but also achieving verification to Carbon standards along the way. Grab a copy here! [08:25] What role do ISO Standards play in tackling climate change? Standards have a critical role in helping meet climate goals. Particularly when there is an influx of greenwashing across industries. The international standards for carbon verification (ISO 14064) and carbon neutrality (PAS 2060, due to be ISO 14064 in 2024) support the Sustainable Development Goals (SDG) and create a level playing field, providing transparency, reliability, accountability and without a doubt, credibility. [10:00] Why are businesses struggling to achieve Net Zero? there are three reasons why businesses are behind on achieving Net Zero:- ·       Time and resources have not been dedicated. ·       Lack of focus and structure ·       Lack of knowledge on what to do The Net Zero Planner will help to address these challenges. [11:15] Carbonology is there to support you – Some of the tasks in the planner may be tricky – quantifying your emissions for example, this is always going to be challenging. Carbonology is there to support you, either with consultancy or digital resources via the Carbonologyhub. If you need some extra assistance, simply contact them. [11:55] How can the Net Zero Planner help you? –  First and foremost, Net zero is not going to happen, unless you prioritise your time. This starts with designing your ideal week. Imagine how would you structure your week if you had 100% control. What does your ideal week look like? Remember, What gets scheduled gets done.  Sticking to a plan takes discipline, but imagine if every business dedicated 2 hours a day for 3 months, we’d be achieving net zero well before 2050! By setting aside 2 hours a day to complete a Net Zero task, you and your team will be well equipped to put your planning in place and achieve Net Zero accreditation! Of course, not every week will be aligned with your ideal week, but it’s a guide that you can refer back to.  [13:00] Making progress with the Net Zero Planner -  It’s imperative you review progress on a weekly and monthly basis and at the end of the 9O days. This will help to drive momentum when you see what you’ve achieved and also provide a reality check if you need additional support or time. The weekly, monthly and quarterly review provides an opportunity to look back at your progress and allows you time to reflect on what went well, and where you’ve been having challenges which may result in making decisions to address any shortfalls.  This could include allowing more time for a specific task the following week, delegating responsibilities internally or outsourcing activities i.e. carbon quantification or verification. It's recommended that you schedule this review and reflection time in your calendar i.e. 1 hour on a Friday afternoon or at the end of the month. In addition to the structured planner pages, there are blank pages for expanding on your ideas and taking notes. [15:25] Special Deal! -  The Net Zero Planner is available for Amazon at a reduced price of £7.99 until the 15th December 2023. The Standard price will be £14.99. If you’re at EMEX on the 22nd or 23rd November 2023, we have 100 free copies to give away! Lastly, if you have an questions or would like to learn more about how Carbonology can help you, feel free to book a call in via David’s Calendly. We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

Sustainability has become a top topic to address in the last few years, both for businesses and individuals. In fact, 90% of business leaders think sustainability is important, but only 60% actually have a sustainability Strategy. The demand for tangible action is becoming more pressing as we inch close to the 2030 milestone of the Paris Agreement. To encourage action from businesses, we’re seeing more public and private sector contracts include a tendering requirement to show your commitment to sustainability. One such example is the need for a PPN 06/21 Carbon Reduction Plan. In this weeks’ episode David Algar, Principal Carbonologist® at Carbonology, joins Mel to explain how to create a Carbon Reduction Plan, shares some top tips on presentation and how Carbonology® can support you. You’ll learn ·       How to create a Carbon Reduction Plan ·       How Carbonology® can help you align that plan with ISO 14064 and PAS 2060 ·       Addressing difficult tendering questions ·       How to best present your Carbon Reduction Plan Resources ●      Carbonology ●      Book a call with David Algar ●      A quick Guide to creating your PPN 06/21 Carbon Reduction Plan   In this episode, we talk about: [00:24] What are PPN 06/21 Carbon Reduction Plans? – Go back and listen to our previous episode to learn more.   [00:42] Episode Summary – Today we’ll be talking about how to create a Carbon Reduction Plan (CRP), how to deal with difficult tendering questions and the best ways in which to present your CRP.    [02:46]  How do you actually calculate the emissions? We have gone into this in a lot more detail on a previous episode, but to summarise:- Emissions are calculated by taking your activity data, such as kWh of electricity, or miles driven in a vehicle, and multiplying it by an emission conversion factor. Specific emission conversion factors are available from DEFRA for specific activity data, they are also year-specific. The hard part is sourcing your activity data, accounting for missing information, performing estimates, and ensuring the overall methodology is accurate. This is all done in alignment with ISO1464-1, as well as the PPN guidelines, so one of the very first things we’ll do with you is define your organisational and reporting boundaries, [05:27] How can a business set carbon reduction targets and forecast emissions? This is tricky as it involves trying to predict the future, not just in the short term, but potentially several decades ahead depending on your goal.   The good thing is you know the end destination of your carbon pathway: little to no emissions by 2050. Using this and some simple maths you can at least map out where you should be each year when moving forward from the base year, the base year being the period you use to compare future results against. Usually the base year is the first year you complete calculations, but this can change over time. We’re finding some clients are opting to change their base year to account for the disruption of COVID-19 on operations [06:40] How do you actually set the targets?: When we look at target setting and emission forecasts we generally take 2 approaches: Milestones: ·       The first, and our most common approach, is about setting milestones based on specific carbon reduction initiatives the business can implement, at specific dates. ·       For instance, all company vehicles being hybrid by 2025 and fully EV by 2035? Or what if we phased out gas by a certain date? Or cut out all single use plastics? ·       Using this milestone method for the forecasting can be tricky, but you can end up with a carbon pathway that is more representative of real life.  Straight line method: ·       The second is what we refer to as the ‘straight line’ method. This is a simpler approach that involves doing some simple maths to plan out your carbon targets for each year, without factoring in specific milestones or events. ·       We refer to this unofficially as the ‘straight line’ method as the graph showing your carbon pathway is pretty much a straight line from your base year towards net zero, using the milestones method gives a ’bumpy’ line due to the influence of specific milestones at specific years. [08:35] A tip for setting targets for the first time is by thinking ‘what if? This is essentially looking at the thing you’re doing now and replacing it with a more sustainable alternative. For instance, calculating what your business travel emissions would be last year if they were all completed in hybrids, or if domestic flights were replaced by train journeys. Doing these ‘what if?’ calculations is a bit hypothetical as operations are likely to change over the years, but it still helps give you a specific target to aim for a specific GHG sources. [10:40] How can you influence carbon reduction in areas where you have no direct control? Some areas will be out of your control, for instance if you ship goods in from around the world you can’t necessarily decide how they get to you, or if they are transported via more sustainable transport. ·       One thing you can do is aim to set a good example yourself as a business ·       You could also adopt the PPN framework yourself and request it from anyone that is aiming to win your business ·       Another quick win is actually speaking to your suppliers. If you use a local delivery firm you could speak to them about their plans for an electric fleet, or more sustainable packaging. Or if you use a data centre, you could enquire about if is run on renewable energy sources [13:15] But what if we are planning to grow as a business? Results are expected to fluctuate over time, so if they go up after the base year this shouldn’t impact your success or failure in your tender submission. The aim is obviously to decrease on average over time If you know for certain that they will increase in the next few years, for instance through opening new sites, making acquisitions, or just natural growth, that’s ok. You could pick a new base year if operations significantly change as this will give a more realistic figure to work down from. You can also use this as an opportunity to evidence efficiency improvements through intensity metrics, such as your tonnes of carbon per employee, or relative to your revenue.  [15:15] In what other ways can Carbonology help to support you? – Once everyone is happy with the CRP, you’ll then have to actually use it in tenders. The fun thing about tenders is that they can all ask different questions, despite PPN having technical requirements, so you can’t always have the information to hand before submitting one. We can’t write your tender submissions for you, but we can provide guidance and pull out the necessary figures if requested, for instance if you need certain numbers to support with your Social Value Model reporting. [16:20] How can this help on your journey to Carbon Neutrality? –  If you’ve gone through all the hard work to create a PPN 06/21 Carbon Reduction Plan, you’ll be in the ideal position to achieve carbon neutrality of your operations via PAS 2060. The next step would be creating a PAS 2060 Qualifying Explanatory Statement, or QES, which details how you have achieved carbon neutrality through offsetting, and your commitment to maintain this for future reporting periods. [17:25] Where does the verification come into play? If you’ve already calculated your emissions you may be asked to have them independently verified by an independent third party. We’ve recently developed a process so we can check over you GHG calculations, policies, procedure and overall alignment with the standard. As part of this, Carbonology can provide a verification report with all findings and opportunities for improvement, as a well as a verification statement to show you have had emission independently verified in alignment with ISO 14064. For further information, David has prepared a quick guide for creating your PPN 06/21 Carbon Reduction Plan. Feel free to download it here. Lastly, if you have an questions or would like to learn more about how Carbonology can help you, feel free to book a call in via David’s Calendly. We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

Sustainability has become one of the main focal points for businesses to address in the last few years, and for good reason! We’re already seeing the devastating effects of simply doing nothing in the form of more extreme weather, occurring much more frequently in areas not equip to handle it.  To encourage action from businesses, we’re seeing more public and private sector contracts include a tendering requirement to show your commitment to sustainability. One such example is the need for a PPN 06/21 Carbon Reduction Plan. In this weeks’ episode David Algar, Principle Carbonologist at Carbonology, joins Mel to explain exactly what PPN 06/21 Carbon Reduction Plans are, what the requirements mean in practice and the consequences if a business does not meet the requirements. You’ll learn ·       What are PPN 06/21 Carbon Reduction Plans? ·       What the requirements mean in practice ·       Benefits to a business ·       What if a business does not meet the requirements? Resources ●      Carbonology ●      Book a call with David Algar ●      A quick Guide to creating your PPN 06/21 Carbon Reduction Plan   In this episode, we talk about: [00:42] Episode Summary - We’re talking about PPN 06/21 Carbon Reduction Plans because there is a government requirement to submit one. This episode will cover the what and why, in part 2 we’ll go into more detail about how to create a Carbon Reduction Plan.    [02:10]  What is a PPN 06/21 Carbon Reduction Plan? Procurement Policy Note 06/21 was introduced back in June 2021, hence the 06/21 part, and is a tendering requirement for companies looking to win contracts in the public sector that links to the Government’s Net Zero target. [02:28] What is the UK government’s Net Zero target? The ‘net zero target’ refers to a government commitment to ensure the UK reduces its emissions by 100% from 1990 levels by 2050.   [02:55] Who does PPN apply to?: Public sector, so any businesses that works with education, local authorities, housing, infrastructure, defence, transit, and of course, the NHS who have set a goal of Net Zero by 2040. Officially this is for contracts that are valued at £5M or more, but in April 2024 the NHS will be requesting a Carbon Reduction Plan for all procurement. Unofficially, this framework could be adopted by any business, so even if you don’t deal directly with the public sector, or are a subcontractor, your supply chain may soon be requesting a Carbon Reduction Plan! [04:05] Why do you need a Carbon Reduction Plan? Although the Government’s targets and policies around Net Zero keep changing, the overall goal of PPN 06/21 is to encourage businesses to reach Net Zero before 2050, come up with a plan to do so, and implement emission reduction initiatives in the delivery of Government contracts. [04:35] From a businesses perspective, what are the main benefits? There are 2 main benefits: ●      It’s essential for some tendering, with as much as a 10% weighting based on your carbon management and social values. Put simply, if you don’t produce one when needed, you may fail the tender requirements and probably won’t make the sale. ●      The second main benefit is that this isn’t just a piece of paper with a graph on it, it’s a great opportunity to investigate your business’ GHG emissions, and put a plan in place to reduce them. This also helps you show to stakeholders that you are actually committed to environmental protection and could identify some cost savings in your business after going through all the data. ●      It’s also a great addition to any existing ISO 14001 or ISO 50001 Management Systems! [06:10] What are the key requirements of PPN 06/21? –    Firstly you’ll need to make a commitment to achieving net zero by 2050 at the latest. This includes annually calculating your emissions and updating the Carbon Reduction Plan. Next you’ll need to report on a minimum set of GHG categories: 100% of your Scope 1 emissions, so direct emission from company vehicles, gas heating (so stuff you burn) and any fugitive emissions, which are leaks from HVAC systems for most businesses. 100% of your Scope 2 emissions which is electricity most of the time but can also refer to steam you import from an external source. You’ll also need to report on 5 Scope 3 categories, these are your indirect emissions: ●      Waste generated in operations ●      Business travel in vehicles you don’t own, so staff cars, flights, trains, etc ●      Commuting, so staff traveling to and from work, being careful not to double count business travel not already claimed under expenses ●      And arguably the most complicated, upstream and downstream transportation, i.e. goods in, and goods out – physical transport of goods [09:50] Are there any other categories covered by scope 3 that we should consider? –  Generally, when we produce a CRP for our clients, we’ll look at a few extra Scope 3 categories such as water, homeworking, or purchased goods, so carbon reduction planning can extend to other elements of the business. In all cases you’ll need to report in tonnes of carbon dioxide equivalent, or tCO2e, as this accounts for the global warming potential of multiple GHGs. [11:30] Are there any ISO standards that you can align the Carbon Reduction Plan to? Yes! At Carbonology, we use ISO 14064-1. This sets out a series requirements and guiding principles for the quantification and reporting of emissions. We wouldn’t necessarily have to go all the way to meeting every single requirement of the standard for your CRP but we always align with the key requirement of the standard when completing a CRP. And if you’re lucky we’ll also cover your SECR figures! [12:05] What is SECR? -  Streamlined Energy and Carbon Reporting. This is mandatory reporting for businesses that are defined as large, so 250+ staff, and 36M turnover or 18M on the balance sheet. [18:20] Asset Management -  In 8.2 there is a consideration for Asset Management on your side. You should take care of any assets relating to the customer, where it’s stored and how it’s being looked after. Standards such as ISO 27001 (Information Security) and ISO 55001 (Asset Management) already have some considerations for this. [13:30] You’ve calculated your GHG results, what’s next?-  Once you’ve calculated emission from the required sources, you’ll then need to look at the carbon reduction side of your Carbon Reduction Plan. To start with you’ll need to outline existing initiatives you have, for instance, a sustainable travel policy, EV charging on site or a hybrid working model. It’s really important that these are relevant to the delivery of the contract you are trying to secure. Next, you’ll need to outline planned future initiatives, but bear in mind, these will need to be realistic and relevant, so no wild claims about buying an EV fleet or going zero waste next week! Once you’ve done all this you can then start looking at carbon reduction forecasts and what the numbers might look like between now and 2050 (or you chosen date. [15:10] Additional PPN 06/21 tips from David:  It will need to be signed off by a director, or equivalent, at your business to demonstrate leadership commitment. If the document isn’t signed off on you may fail on the tender. You’ll need to publish it on your website, making it easy to access. Simple solution to this is just add a link at the bottom of your landing page. And finally, you’ll need to make sure this is kept up to date each year. Reporting for emissions occurs on a 12 monthly basis. This can either be calendar year or your financial year, but ideally, you’ll want to publish the updated version as soon as you can after the year-end, certainly no longer than 6 months after. [16:40] What does a Carbon Reduction Plan look like? - When the government announced this requirement, they also released a template document that businesses can complete. This is to simplify the process for businesses that are reporting on emission for the first time, but more importantly it standardises reporting. However, the template is a bit basic! You’re not marked on presentation, but you can dress it up a little as long as you don’t deviate from the template too much. So feel free to put come company branding on it, make a cover page, change the font, etc. You could also make a ‘full’ version of your CRP that includes further details on boundaries, methodologies and results, just make sure you only submit the template version to tenders. [19:10] What happens if you don’t meet the requirements? - If you don’t meet the requirements without a valid reason, chances are you’ll fail the selection criteria. The selection criteria is a bit like the marking scheme associated with PPN. We can’t say for a fact that this means you’ll subsequently fail the tender, but it will certainly have a negative impact. For further information, David has prepared a quick guide for creating your PPN 06/21 Carbon Reduction Plan. Feel free to download it from the link provided in the Resources section.   Lastly, if you have an questions or would like to learn more about how Carbonology can help you, feel free to book a call in via David’s Calendly. We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

Last week we gave you an introduction to ISO 20000, the Service Management Standard. As a refresher, the aim of the standard is to provide a framework for an effective end-to-end service management system which encompasses the entire lifecycle of a service from concept and design, through to service removal and end-of-life. It’s best adopted by businesses who provide a service, particularly those that operate a help / service desk system. For some this may still seem a bit nebulous, especially for those that may not be familiar with Service Management terminology. To help demystify this Standard, we’ve brought Steve back to take a deeper dive into what makes this Standard unique. Join Steve Mason and Mel in this weeks’ episode as they explore Clauses 7 and 8 of ISO 20000 in more detail, and how certain aspects can apply to any business.    You’ll learn ●      What is ISO 20000? ●      What is included in Clause 8 of ISO 20000? ●      How can ISO 20000 apply to any business?   Resources ●      isologyhub ●      ISO 20000   In this episode, we talk about: [00:43] What is ISO 20000? Go back and listen to our previous episode to learn what ISO 20000 is, a brief overview of the key clauses and the benefits of adopting the Service Management Standard.   [02:00]  A recap of the main requirements of the Standard: ·       4.0 Context of the Organisation ·       5.0 Leadership ·       6.0 Planning ·       7.0 Support of Service Management System ·       8.0 Operation of the Service Management System ·       9.0 Performance Evaluation ·       10.0 Improvement Clauses 7 and 8 are where the main differences lie between this Standard and others. It includes requirements for aspects such as: ·       Service Portfolio ·       Relationship Agreements ·       Supply and Demand ·       Service Design and Transition ·       Resolution and Fulfilment [03:15] Similarities with other ISO Standards – Ultimately, this standard in terms of the structure, it looks like any other ISO standard, i.e. we've got context of the organisation, leadership, Planning, performance Evaluation and improvement. These will be familiar if you’ve worked with ISO 9001, ISO 14001 or ISO 27001.  [04:05] Clause 7 –  Support of Service Management System: This is where we’re really looking at the competency awareness communications and documented information required by the standard. In 7.5 there is a really useful list of all the documented information that's required in the management system – one that we wish was included in every ISO Standard! That required documented information doesn’t have to be in writing, it could be on computer or established system. Another key aspect of Clause 7 is Knowledge – this is about ensuring all knowledge is documented and sharable and not just stuck in people’s heads. For Service Management, this may involve the creation of a customer portfolio where you can record any incidents that occur during a service call, and how you dealt with it ect. Competence is also another major component – Make sure people are competent to do their job, i.e. they’ve been trained to do things properly and effectively. [06:40] Different ways of knowledge sharing – Knowledge sharing doesn’t just have to be written down – it could be done via a recorded video. We use Loom a lot at Blackmores to get things across quickly.   There are also a number of service desk tools available that can help you put together process flow diagrams to make things easier to understand. [08:15] Clause 8 – Operation of the Service Management System: Before you do any sort of service management, you need to plan it properly – otherwise, if you fail to plan, you’ll plan to fail. First you need to understand what resources you have, what activities there are in the service management to deliver that service to the customer and ensure that they're coordinated. A top tip from Steve: Separate resources into five groups: people, technology, information, finance and service partners. [09:55] Planning your Service – Now you understand what you’re trying to deliver, it’s time to plan your service. First you want to take a look at the flow of the service through the organisation. Which departments does it go into? Is there good connection between departments? Can you ensure that a customer’s order is going to stay the same through the whole process, you wouldn’t want possibilities for miscommunication to occur. We’d recommend drawing up a flow diagram for this process – just so you can clearly see who is doing and communicating what at any stage. [11:20] Getting Operations in order – once you understand what the process is, you need to begin to control and involve the interested parties within the life cycle of your process. This isn’t just the customer; this also includes confirming what services you’re actually delivering – as you’ll be looking to improve these services as time goes on. You also need to consider the whole service life cycle. This includes things like if a customer wants to move to a different service – how would you deal with that? Have you got a process in place to handle the return of customer assets if they disengage from your services? [12:30] Service Level Agreements: It’s a good idea to establish Service Level Agreements and Delivery Level Agreements early on. This is so you typically know what you are going to be delivering to a customer and how quickly can you deliver it and ensure the whole process is sustainable as well. This will also clarify key accountabilities for everyone involved with delivering a specific service. Clearly defined services – Finally, it also provides a clearly defined service for Salespeople. This avoids the situation where they simply sell what they think sounds good but isn’t backed up by any resources to actually deliver the service they sold. You need to have a clear strategy that sales can use and go out and sell – this may be referred to as a Service Catalogue. [15:18] A Service Catalogue in action -  In Blackmores case, our Service Catalogue is online on our website. We have all the ISO Standards we can assist with listed, in addition to a description of how we can help companies implement an applicable Management System. You don’t have to have all your prices listed out at that stage, that can come later when you have a full view of the customer requirements and agreements are made. [18:20] Asset Management -  In 8.2 there is a consideration for Asset Management on your side. You should take care of any assets relating to the customer, where it’s stored and how it’s being looked after. Standards such as ISO 27001 (Information Security) and ISO 55001 (Asset Management) already have some considerations for this. [19:05] Configuration Management -  Configuration management is understanding how the parts of the service fit, so you don't disassociate them from each other. The Standard asks you to identify what's known as CIS, these are configuration items, and these are all the things that you need to deliver your service. We’ll dig more into this aspect in future content – so keep an eye out! [20:40] A final top tip from Steve:  Collaboration and communication that involves leadership. If you just devolve it down to parties doing the work and just get them to work in silo, it will not work for you. It's a collaborative standard – both inside and outside of the business. [21:20] Resources available -  We’ve got a number of ISO 20000 related resources available on the islogyhub – contact us to learn more!   We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

Often seen as the poor cousin to ISO 9001, ISO 20000 Service Management largely gets ignored in favor of the more popular Quality Management Standard. To be fair, it’s title may have done it a disservice in the past. Being known as the IT Service Management Standard prior to 2018, it was often perceived as only applicable to IT service providers, when in actuality it could be adopted by any business! So, what is ISO 20000 exactly? The aim of the standard is to provide a framework for an effective end-to-end service management system which encompasses the entire lifecycle of a service from concept and design, through to service removal and end-of-life. It’s best adopted by businesses who provide a service, particularly those that operate a help / service desk system. In this weeks’ episode, Steve Mason joins Mel to discuss what ISO 20000 is, who can use and benefit from the Standard and how it fits in with other more widely adopted ISO Standards. You’ll learn ●      What is ISO 20000? ●      Who is ISO 20000 designed for? ●      What are the benefits of ISO 20000? ●      A brief overview of the Standard ●      How ISO 20000 integrates with other ISO Standards   Resources ●      isologyhub ●      ISO 20000   In this episode, we talk about: [00:50] Why are we talking about this Standard? We’ve had a lot of interest in a few of our informative videos available on YouTube over the past year, with ISO 20000 content constantly ranking in our top 5 most watched videos every month. [01:00]  ISO 20000-1 was previously known as the ‘IT Service Management Standard’, but since it’s most recent update in 2018, it’s simply known as the ‘Service Management Standard’ now. [03:10] Why is ISO 20000 one of Steve’s favourite Standards? – It takes some of the aspects of quality a step further and actually gives you much clearer detail on how you can improve your management systems. So, if you've got a Service Management System in any way, shape or form, this is the standard to go. It's also one of the easiest standards to audit because there's some very simple questions to ask that can highlight some very obvious weaknesses. This can lead to significant improvement when compared to the likes of ISO 9001. [04:05] What Is ISO 20000? –  ISO20000-1:2018 is a Service Management standard which has evolved from the IT industry and the ITIL Framework for Service Management; but today it can be used in all types of Service Industries particularly where there is a need for a Help Desk / Service Desk system. Some may ask, isn’t this what ISO 9001 can do? In short, no. ISO 9001 will give you a bare framework of how to create a Quality Management System, but it won't give you the fundamental details of how to improve that Service Management System, and that's where ISO 20000 comes in. [05:39] Who is ISO 20000 applicable to? – Any business that provides a service, but more specific examples include: IT Service provider, call centres, gas / electricity providers, retail ect. [07:15] A high level overview of ISO 20000 – This Standard follows the Standard structure that many other ISO Standards follow. The first 3 clauses are all informative, starting from clause 4 we have: ·       4.0 Context of the Organisation ·       5.0 Leadership ·       6.0 Planning ·       7.0 Support of Service Management System ·       8.0 Operation of the Service Management System ·       9.0 Performance Evaluation ·       10.0 Improvement Clause 8.0 is where ISO 20000 fills in the gaps for other Standards, as it covers topics such as: ·       Service Portfolio ·       Relationship and Agreement ·       Supply and Demand ·       Service Design, Build and Transition ·       Resolution ·       Service Assurance [08:20] Familiar to some – Those in Service Management may recognise some of those terms, but may not use that exact wording. For example ‘relationships and agreements’ may be more commonly known as Service Level Agreements and Operating Level Agreements – which can be a business critical area for some. [10:45] What are the benefits of ISO 20000? -  Improve the planning and introduction of services: This standard would help you understand what it is you need to do to introduce that new service, go through the planning, testing through a proper change management system and launch through a release and deployment management system. SLA’s and OLA’s - Achieve Service Level Agreements (SLAs) and Operating Level Agreements (OLAs) will be achieved consistently month on month. Reduce Stress - It will help to reduce employee stress as service request, incident and problem queues become manageable. Knowledge articles can be created to document incidents and solutions for future reference. Improved quality of service through continual improvement gained from Incidents and Problem fixes resulting in both time and financial savings. [12:30] ISO 20000 to the rescue -  Steve recounts an experience he had at a company that had an outstanding issue ticket queue of 800. With the introduction of elements of ISO 20000, they we able to reduce this ludicrous amount down to 30! [14:05] A top recommendation -  We’d highly recommend that you consider doing a Gap Analysis against ISO 20000. Even if you have no plans to implement it, you can still benefit from the findings. [14:40] Further resources -  You can purchase the Standard directly from the ISO website. We also have a number of short courses covering specific clauses in ISO 20000, available in the isologyhub. [15:55] How does ISO 20000 fit in with other ISO Standards?-  ISO20000-1:2018 has now been remodelled using the High Level Standard (HLS) framework so that clauses 4 to 7 and 9 to 10 can all be interconnected with only minor differences due to the nature of each standard. Essentially, if you already have ISO9001:2015 or ISO27001:2013 most of the framework for ISO20000-1:2018 will have already been done; all that would be required is to address the service aspects in those six clause before tackling the main work in clause 8. [18:20] Business Continuity -  ISO 20000 specifies a section on ‘service continuity management’ which can neatly slot in with ISO 22301 – the Standard for Business Continuity. While ISO 22301 focuses on the bigger picture, the ISO 20000 element focuses on how a service can continue for a customer during an incident or accident occurring. We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

One of the most crucial steps to gaining your ISO certification is the completion of a Stage 1 and Stage 2 assessment, conducted by an accredited Certification Body. A quick reminder - your certification doesn’t mean much if you haven’t received certification from an accredited Certification Body – so make sure you do your research! Businesses going through their final Assessments to gain ISO certification may see any decisions made by Certification Body Assessors as infallible, however there’s still a very human aspect which can lead to some common pitfalls. Last week we dived into the requirements of ISO 17021 – the Conformity Assessment Standard designed for Certification Bodies, and more specifically the requirements in relation to you as a client. In this weeks’ episode, Steve Mason joins Mel once again to share some issues raised by Blackmores’ clients against Certification Bodies, and explains the related rules in ISO 17021 which Certification Bodies should abide by.   You’ll learn ●      What is ISO 17021? ●      Key issues raised by Blackmores’ clients in relation to Certification Bodies ●      Related ISO 17021 requirements   Resources ●      isologyhub ●      ISO 17021   In this episode, we talk about: [00:24] What is ISO 17021? It’s the Conformity Assessment Standard designed for Certification Bodies. In effect, it acts as a service level agreement. These are the rules that these certification bodies need to comply with if they are accredited by an accreditation body like UKAS. Listen to the previous episode to learn more. [01:10] What are we focusing on in this episode? There have been some issues raised by some of our clients time and time again over the last 6 – 8 months.  We want to break some of these issues down, and help listeners to understand what are the actual rules around these areas in relation to ISO 17021. [01:40] Issue #1: Cancellations – Sometimes a cancellation is unavoidable, however there are still rules that any Certification Body needs to follow – most importantly they should notify the client. Steve shares his experience with an Assessor who was due to show up on the 5th September 2023, and never turned up! it turned out that whilst the date was in the previous report, it had been removed from his diary, but it hadn't then been put into somebody else's diary, and because it hadn't been put into somebody else's diary, there was no flag to anybody to let the client know that the visits should take place. Now that visit had to be pushed back into January next year, which is the only time we can make it. [02:50] Balancing Expectations –  There's an expectation from certification bodies that clients should not cancel a month or less than a month before they visit. Steve recommends that should apply to certification bodies cancelling for clients too. There are many considerations to Certification Body visits, including:- cost, scheduling the right people to be present, setting time aside for the audit ect. [04:30] One-sided penalties – Penalties seem to be very one-sided. For example: if the client cancelled two or three weeks beforehand because they had personal circumstances which meant that they couldn't attend, they would be penalised and would have to pay in full for that visit. Yet the certification body can not show up on a day, and there's no compensation whatsoever. [05:10] This is not the norm for Certification Bodies – A reminder that the issues were raising are not the norm for Certification Bodies – however we are seeing an increase of complaints raised by our clients. This may have been exacerbated due to the recent shortage of Assessors. [05:50] Issue #2: Planning Audits - Another issue that's been cropping up is about planning audits - not just surveillance audits, but also stage 1 and stage 2 Assessments. In regards to ISO 17021, Certification Bodies should be providing an Stage 1 Audit plan to the client to detail what will happen during the visit. That plan is often not happening, or there's a generic plan that gets sent out by the certification body which bears no relevance to what the assessor ends up doing. So that's as useful as a chocolate teapot. It should be sent a month ahead of the visit, not 2 -3 days before the visit takes place. Companies need time to organise the right people and Certification Bodies need to be considerate of that fact. [07:35] Steve’s experience with a poor Audit plan from a Certification Body – Steve had an occasion where he had to write a plan on behalf of the Certification Body Assessor for the client as they’d neglected to even send one! Steve used to be an Assessor, so is familiar with how these plans should be structured. The designated Assessor ended up using his plan – but this should not have been the case. [07:58] Poor planning -  There have been instances where the planning has been so poor that they send the wrong Assessor to a client site. We’ve had experiences where an ISO 27001 Audit was due to take place and the Assessor turned up expecting to Audit against ISO 9001. [08:50] What should Certification Bodies be providing following a Stage 1 Assessment visit? -  After your Stage 1, you should have another plan come out of that stage, after what’s known as the Programme Management Day.  The reason for that is because the assessor sometimes needs to go away, look at what they've written up, and take into account what they've heard from the client, and put a reasonable plan in place. The assessor should then sit down with the client to discuss the plan and what sites are going to be visited during the Stage 2 Assessment. [09:30] Using the right language -  Often we see plans come out with language in the plans that is alright for certification body, but the client has no idea what the assessor is going on about. Steve always used to sit down with his clients and say right, ‘what language do you want me to use?’ And then would use their language and would also put the clause from the related standard next to that and say ‘that's the bit I'm going to audit’. You're writing the plan for the customer, not for yourself. It also acts as assurance for a potential replacement Assessor if the first Assessor is off sick and can’t make the next visit. [11:33] What does ISO 17021 say? -  In clause 9, ISO 17021 states that: the certification should ensure that the audit plan is established prior to each audit identified in the audit programme to provide the basis for agreement regarding the conduct and scheduling of the audit activities. If they fail to put a plan in place, they are not meeting a requirement. ISO 17021 also says that if you've got an organisation that's got different sites, then the plan should take into account the different sites and whether the visit is going to be on site off site – as remote audits have become more common place post-pandemic. [12:35] Steve’s experience with a flimsy plan provided by a Certification Body -  ‘I came across an audit plan which was just a list of all the requirements a standard. It was across 5 days. But there was no indication as to which day those requirements were going to be assessed. There's no indication as to how long each of those requirements are going to be assessed? So what could the client do to prepare for that?’ Steve did say to client send it back and get a proper plan, but they have absolutely no joy with the certification body. [13:50] Issue #3: Unnecessary charges -  Mel recounts a recent incident where a Certification Body cancelled 2 site visits, and due to the long delay between rebooking, the client had moved office. However, they only relocated a few doors down in one instance and across the road in another. The client then received a quote for an extension to scope – amounting to 3 extra days due to the address change! Mel checked ISO 17021 and confirmed that an extension to scope is only applicable if changing what you're doing or you're adding a new location to the scope – however if you’re using the exact same scope and are only moving your business from one location to the next – it is not an extension to scope, it’s just a change of address. Steve recounts a similar instance where a client was charged £160 for the address to be changed on their certificate! Which is a ridiculous and unnecessary admin fee which only serves to upset the client. [17:50] Issue #4: No disclosure of the appeals process -  if client a company isn't happy with their nonconformities, there is an appeals process, which is a requirement of ISO 17021. Steve highlights an incident where an Assessor told a client ‘don't bother with the appeals process because it'll only delay the delivery your certificate’ – Which was highly unprofessional of that particular Assessor to say. The appeals process there is there to help clients if they disagree with their assessor, and allow them to go to a sort of third party that's within the certification body and say, look, I don't agree with this. Can you explain why it's a nonconformity? Top tip: If you do get a non-conformity that you’re confused about – Ask the Assessor to show you where in the standard it requires you to do that. If an assessor cannot show you that, then it is not a nonconformity. [20:30] The complaints process -  The complaints process really is not about appealing against a nonconformity, but complaining against perhaps not getting your plans in your reports and all that sort of thing. [21:20] These issues are not the norm – don’t be put off ISO certification! -  While we have noticed an increase in complaints in the last year, we also want to highlight that these have mostly been for 1 or 2 select Certification Bodies. On the whole, Certification Bodies provide a wonderful service to their clients. We just wanted to bring their code of practice to your attention, that you can check ISO 17021 to verify that the Certification Body is being fair to you and fulfilling their own requirements in relation to customer service. [23:35] Receiving reports -  Lastly a reminder that reports to clients following visits should not take months to get to them. Clients should expect reports from Assessors in 2 – 3 days – not months! We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

If you are going for certification, or currently manage a certified ISO Management System, then you should also be aware of ISO 17021 ahead of any Assessments or Surveillance audits conducted by an accredited Certification Body. ISO 17021 sets out requirements for bodies providing audit and certification of management systems. It ensures that Certification Bodies provide a reliable assessment of compliance with the applicable requirements, carried out by a competent impartial audit team, to achieve a consistent result for all clients. So, why should you be aware of this Standard in particular? ISO 17021 also establishes what you as a client should expect from your Certification Body. Steve Mason, Managing Consultant at Blackmores, joins Mel to discuss what ISO 17021 is, why you should be aware of it and the requirements related to expected service delivery from Certification Bodies. You’ll learn ●      What is ISO 17021 ●      The difference between accredited and non-accredited certification bodies ●      A brief overview of the Standard and client related requirements   Resources ●      isologyhub ●      International Accreditation Forum ●      ISO 17021   In this episode, we talk about: [01:40] Why are we talking about ISO 17021 now? In our internal Team Meetings, Certification Bodies are an established talking point. Highlighting the good and the bad, but in recent months it’s been more on the negative side. Steve had highlighted ISO 17021 as the Standard to look at in regard to expected service delivery requirements from Certification Bodies – so here we are! [03:00] What is ISO 17021? The reason for the standard is that it ensures that all certification bodies are delivering the same level of service to all customers. Certification Bodies don’t need to be certified to other standards such as ISO 9001, as ISO 17021 was specifically designed for the purpose of delivering certifications. It’s also the standard where you can find out what’s expected of Certification Bodies – like a Terms and Conditions or service level agreement. [05:00] The difference between accredited and non-accredited Certification Bodies - Go back and watch episode 19 to learn more. [06:10] Why is it important that the Certification Body is accredited? –  Accreditation proves that the Certification Body is being checked by another body. Accreditation is also recognised worldwide – it’s trusted as a gold standard of performance. There are many different accreditation bodies around the world, here in the UK it’s UKAS, but there are others such as ANAB in the US. Check out the International Accreditation Forum website to confirm the accreditation body for your country. [08:10] Ultimately, a Certification Body can’t offer accredited certification services unless they've actually been assessed by the applicable accreditation body to ISO 17021, and they need to do that on an ongoing basis like any other certification. They also may not be accredited to deliver every standard they offer – so make sure you verify with the certification body that they are in fact accredited to ISO 9001, ISO 27001 ect. [09:15] A brief overview of what’s included in ISO 17021 – A lot of the clauses before this are really about the management of certification body, but when it comes to clause 9, this is where the customer becomes a lot more involved in the requirements. It covers topics such as planning audits, conducting audits, certification decision making, maintaining certification, the appeals process, the complaints process and then keeping client records. Clause 9 in particular is where you, as a client, should focus. [11:00] What core principles are described in ISO 17021? - Impartiality, competence, responsibility, openness, confidentiality, responsiveness to complaints, risk based approach and legal responsibilities. [12:20] What personal behaviors should you expect from your assessor? – In Steve’s experience, he’s seen more and more assessors not living up to the requirements of ISO 17021. This could be for a number of reasons, i.e. they could have an uncooperative client, they may not have had adequate training, perhaps there’s a break down between clients and client managers. Either way, these are a few of the qualities that Assessors should embody: ethical, fair, truthful, sincere, honest, discrete and open-minded. [14:00] A lack of open mindedness -  Steve had encountered an Assessor that stated ‘This must be wrong because I've never seen it done that way’ – which is not open minded in the least. This resulted in a non-conformity which should have never been raised. ISO 17021, clause 9.4.5 states that any non-conformity raised shall be recorded against a specific requirement in the Standard being audited. Assessors need to take heed not to assess to their preference. [15:15] Top Tip -  If you get asked a question, then give an answer and they raise that as a non-conformity that you’re unsure as to why it’s being raised - it's always worth asking the Assessor to show you where in the standard they're raising the non-conformity against. It's a case of clarifying the question and verifying what they’re raising a non-conformity against, and if there’s a justification for it. If there is, then great, they’re doing a great job! If not, it may be the Assessor’s personal bias, and there’s a chance you can get that non-conformity down to an opportunity for improvement. [17:05] Other expected traits for Assessors to be aware of -  Collaborative: It should be a partnership between the client and Assessor – they want what’s best for you. Tenacious: This can sometimes be taken too far. For example, if your Assessor it still assessing past 5pm, tell them to go home. If they need more time, then it's up to the certification body to work that one out. Other basic traits include: Observational, being perceptive and versatile. We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

One of the most common reasons why businesses look to achieve certification is because a client or prospective client is demanding it.  Questions are often asked in tenders such as do you have an Environmental policy? A complaints procedure? Data privacy controls? And of course do you have ISO 9001 (the quality standard)? Or ISO 14001 (the Environmental Management Standard)? These answers accrue points and when bidding for a contract, the more points you can get the better chance you have of winning that lucrative contract, which could bring your company 1 – 3 years of high value revenue and profit. So why are ISO Standards, Policies and Procedures mentioned in tenders? And why should you look to align your business with quality, environmental and risk standards?     Join Mel on today’s episode as she shares 10 reasons why ISO Standards can help businesses win tenders. You’ll learn ●      Why are ISO Standards mentioned in Tenders? ●      The difference between accredited and non-accredited certification bodies ●      10 Reasons why ISO Standards can help to win Tenders   Resources ●      isologyhub   In this episode, we talk about: [00:55] Based on 17 years of running four businesses relating to ISO standards, Mel estimates that 8 out of 10 businesses that look to achieve certification is because they want to win or retain a client contract. [01:35] If you've got your Policies, Procedures, Standards and systems in place, it does make the whole process of bidding for tenders a lot easier, in addition to giving you a greater chance of winning those tenders. [02:30] Reason #1: Proof that you have achieved the highest standards - Put yourself in your clients’ shoes – would you rather work with a company that pays lip service to protecting your valuable data? Or that they have over 100 controls to manage your data in the security? (Such as in the Standard for Information Security - ISO 27001)   One of the main reasons your clients will be looking for your company to be certified to an  ISO as because it demonstrates that you operate your business to the highest global standards. [04:00] Reason #2: Demonstrates independent 3rd party certification –  This means that its not just you that claims that your business has good health and safety controls in place – an ISO certified business has to prove that its compliant year after year.  Being certified is proof that you practice what you preach and that there is evidence to back this up. [04:50] Be careful – know the difference between accredited and non-accredited certification – Go back and watch episode 19 to learn more. [05:45] Reason #3: Recognised across the globe – Passport to trade – When organisations are looking to expand internationally, ISO certification is often a requirement to deliver services or provide products overseas.  This is because ISO Standards are recognised globally as they way businesses should be run. ISO’s aren’t just passports to trade internationally – they are also passports to trade in certain sectors.  For example in Construction – you aren’t going to get very far in tenders if you don’t have ISO 9001 (Quality), ISO 14001 (Environment) and ISO 45001 (Health and Safety). [08:40] Reason #4 – USP - Many organisations adopt ISO Standards to give them a competitive edge and score more points in a tender.  For example, let’s say you’re bidding for a public sector contract worth £2 million, and they are very keen on their suppliers verifying their carbon footprint and being carbon neutral. It would give you a massive competitive edge if you could prove this and demonstrate evidence, once such way would be to get certified to ISO 14064 (Carbon Verification) and PAS 2060 (Carbon Neutrality). If you’d like to learn more about those Standards, go back and listen to episodes 72 and 73. Note: PAS 2060 is set to become an ISO in the near future! Keep an eye out for news concerning ISO 14068… [11:55] Reason #5: Risk Management - ISO Standards help to significantly reduce risk.  This is why certified business have lower insurance costs and win more business.  All businesses need effective risk management – even Law Firms.  Over the last few years, we’ve seen more and more law firms achieve certification to ISO 27001 (Info Sec), ISO 27701 (GDPR) and business continuity (ISO 22301). [13:20] Reason #6: Meeting customer requirements -  The one thing that a client outsourcing services expects as a minimum is that you actually meet their needs. It’s not much to ask is it? Though, you would be surprised how many businesses operate without processes! ISO Standards help to define what your processes, and provide a blueprint for how you run your business – therefore providing clients with a standardised approach that is repeatable and guarantees high standards of quality products and services time and time again. [14:30] Reason #7: Reduce ambiguity -  ISO Standards set out very clear specification – Many of them require certain documents that non-certified businesses often don’t have. One such example is a process for dealing with problems, otherwise known as ‘Non-conformities’ in the ISO world. Businesses shouldn’t just bury their heads in the sand, they should have a system in place to log issues / customer complaints, rectify the issue and put preventative measures in place to prevent a recurrence. [16:05] Reason #8: Industry specific standards -  Certain ISO Standards prove that you meet the highest quality best practice standards for your industry. Not every industry has specific ISO Standards – but an example of this may be an events company that wants to stand out by being sustainable. ISO 20121 (Sustainable Event Management) would give them a huge advantage over competitors. [17:10] Reason #9: Competent personnel with clear accountability and responsibility -  ISO Standards do stipulate that you have people that actually know what they're talking about, in some cases, for businesses that don't have ISO’s, this can be a bit of a steep learning curve. If you’re looking to gain some basic competency in ISO Standards – check out our online learning platform, the isologyhub. [18:10] Reason #10: Gives assurance to clients for a period of 3 years – ISO Standards are continuously maintained over a 3-year cycle.  It’s not a case of passing an assessment then waving goodbye to the systems you’ve got in place to run the business.  You have to prove continued compliance through annual surveillance audits, and recertify after 3 years. We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

Quality and environmental management are top priorities for many organisations, backed up by the increasing number of ISO 9001 and ISO 14001 certificates being issued every year. Aside from being a popular requirement on tenders, ISO 9001 and ISO 14001 provide a robust framework for businesses to ensure they follow Best Practice, enhance their businesses performance and put measures in place to reduce their environmental impact. We often see these two Standards being implemented in tandem, as is the case with todays’ guest, Asynt. Asynt is a global provider of world leading technologies and services for scientific research, developed by chemists for chemists, their laboratory equipment responds to the real demands of industry and academia across the globe. Today we welcome Siobhan Ellwood, Sales Support Manager at Asynt, as she explains their journey towards ISO 9001 Implementation, and how they embedded ISO 14001 along the way using our online learning platform – the isologyhub. You’ll learn ●      Who are Asynt? ●      How did Siobhan get involved with ISO Standards? ●      What was Asynt’s main driver for obtaining ISO 9001 and ISO 14001? ●      What did Asynt learn while implementing ISO 9001 and ISO 14001? ●      Siobhan’s experience using the isologyhub to implement ISO 14001   Resources ●      Asynt ●      ISO 9001 ●      ISO 14001 ●      isologyhub   In this episode, we talk about: [00:55] An Introduction to Asynt - A global provider of world leading technologies and services for scientific research. Based just outside of Ely in Cambridgeshire, they just celebrated 20 years in business! [02:10] Siobhan’s role and how she got involved with ISO Standards: Siobhan is the Sales Support Manager for Asynt, she assist with raising quotations, managing sales orders and providing support for the warehouse. In January 2023, 3 members of the Asynt Team were tasked with researching and obtaining ISO 9001, with a view to adopt ISO 14001 later on. Siobhan had experience working with Quality Standards thanks to her previous work in aviation and automotive companies, and had even previously implemented the Standard. Naturally, she was a perfect fit to head the ISO 9001 and ISO 14001 project at Asynt. [05:40] What did Siobhan enjoy most about Implementing ISO Standards? Initially, realising that she had a lot more knowledge about ISO than she gave herself credit for. Also, making use of the 5 Why’s to identify where something has gone wrong, implement a solution and preventing it from recurring. [06:40] What were the main drivers behind Implementing ISO 9001 and ISO 14001?: For ISO 9001 – Top Management saw the need to have proper procedures in place, to ensure that everything was written down and could be communicated and conducted by other staff if needed. Ultimately, they wanted a cohesive system where everything, included roles and responsibilities, were documented and managed. For ISO 14001 – Customers often ask for ISO 9001, but ISO 14001 was also starting to pop up in conversation more. Top Management at Asynt wanted to get ahead of the curve and make the move towards becoming more environmentally friendly. It was also seen as a stepping stone towards being in a position to calculate their Carbon Footprint and make further improvements. [09:50] The ISO 14001 Coaching Programme – Asynt were one of the first companies to go through our ISO Coaching Programme, hosted via the isologyhub. This programme combined the DIY digital platform with group coaching sessions, allowing all participants to work collaboratively towards creating their own Environmental Management System.   [10:20] Siobhan’s experience with the ISO 14001 Coaching Programme:  Overall Siobhan had a very positive experience in the coaching programme, a few highlights include: Sharing ideas: Other participants come from a wide range of industries, and each brought their own unique ideas to the table, encouraging others to look at things from many different points of view. Support: If another participant is struggling with something, there is a group of people to support and provide possible solutions. Siobhan gave an example of where she provided an Excel guide to another member who was looking for a solution. Resources: Siobhan had previous experience with implementing ISO Standards, so she was aware of what type of documentation was required. She found the resources on the hub useful to refer to outside of coaching sessions, to enhance Asynt’s own ISO Standard Implementation.   [12:20] What was the biggest Gap identified during Asynt’s Gap Analysis? Mostly it was the lack of documentation, which required a lot of work to get everything written down in cohesive processes and procedures. For ISO 14001, Asynt are fortunate enough to own the buildings that they operate in. So, gathering the initial information required where potential energy and environmental improvements could be made was fairly easy. [15:00] What differences did Asynt see after addressing the identified gaps? For ISO 14001 – Some elements were already in place (recycling waste ect), but weren’t being monitored in any meaningful way. Now Siobhan has got processes in place to ensure the recycling is being separated correctly and weighed so they can properly gauge their impact. For ISO 9001 – It was the introduction of the 5 Why’s, which Asynt have used to great effect to identify problems and implement solutions. An example of this can be found in their warehouse, lanes and shelves weren’t labelled, causing confusion. It was a quick fix that could have been implemented years ago, but the 5 Why’s forced a much needed change. [18:00] What did Siobhan learn from the experience of Implementing ISO 9001 and ISO 14001?  Integrating a Management System can save on a lot of paperwork! Initially the plan was to have just an ISO 9001 System, with ISO 14001 implemented at a later date. Going through the process of Implementing them as the same time highlighted how much easier it would be to combine them, thanks in part to how many elements overlap between the two. It also makes the system a lot easier to interact with, having everything in one place rather than spread between two separate systems means staff don’t have to waste time digging for policies and Procedures. [20:00] Certification plans: Asynt are well on their way towards ISO 9001 and ISO 14001 certification with their Stage 1 in October and Stage 2 in November 2023. With just under 2 months before the Stage 1, Siobhan plans to continue working through some opportunities for Improvement, raised by Blackmores in some recent Internal Audits. [21:41] Siobhan’s top tip: Trust in the process and make sure that you have the right person in your business to lead the ISO project. Also being open to change, being honest with yourself about where the gaps are and trying to get those closed but also manage expectations within the business. [23:50] Siobhan’s book recommendation:  Salt path by Raynor Winn. [26:05] Siobhan’s favorite quote: “Personal growth is not a matter of learning new information, but unlearning old limits” – Alan Cohen If you’d like to learn more about Asynt check out their website! We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

The UK events industry accounts for 35% of the UK visitor economy and is estimated to be worth £42 billion, yet it is still incredibly wasteful, with 68% of waste going directly to landfill. Haymarket Media Group is a global media data and information company, who offer a wide range of digital print, tech and live event services. Haymarket UK had been certified to ISO 14001 (Environmental Management) and ISO 50001 (Energy Management) for a few years prior to 2019, covering most aspects of their business from a sustainability point of view. However, their live events still had many sustainability opportunities that were not being taken into consideration by their existing certifications. So, in early 2022 they embarked on their journey to gain ISO 20121 (Sustainable Event Management) certification.  Today, Gary Charlton and Natalie Harris from Haymarket join Mel to discuss exactly why they added ISO 20121 to their portfolio, the challenges faced with Implementing the Standard, and the benefits gained from certification. You’ll learn ●      Who are Haymarket? ●      What is ISO 20121 Sustainable Event Management? ●      Why did Haymarket choose to Implement ISO 20121? ●      What challenges did they face? ●      What are the benefits of ISO 20121?   Resources ●      Haymarket Media ●      ISO 20121 ●      isologyhub   In this episode, we talk about: [00:50] An Introduction to Haymarket Media Group - A global media data and information company, with offices in the UK, US, Germany, India and Asia. They produce live events (including award ceremonies, conferences and exhibitions), digital print, education data and tech services. [02:25] Gary Charlton is the Head of Procurement for the UK -  Part of his role includes supporting the Haymarket approach towards sustainability, to ensure their products and services are as environmentally and socially sustainable as possible. [02:45] Natalie Harris is the Procurement Executive at Haymarket – A lot of her role revolves around live events in addition to purchasing our products and services. Additionally, she advises the wider team on buying legally, sustainably and ethically. Both Natalie and Gary form a team, and were the main driving force behind the creation of their Sustainable Event Management System. [03:40] What is ISO 20121?: ISO 20121 was launched for, and named after, the 2012 Olympics, making it the worlds first sustainable Olympics!  The Standard provides a framework for managing events sustainably, that includes having the policies, procedures, registers and records to demonstrate that the events are being run in a sustainable manner. Being certified indicates that a company is not just paying lip service to sustainability, it's actually practicing what they preach. If you’d like to learn more about ISO 20121, go back and listen to episode 38. [05:30] What was the main driver behind Haymarket achieving ISO 20121?: Haymarket first contacted Blackmores about assisting with ISO 20121 Implementation in 2019. At the time, they were already certified to ISO 14001 and ISO 50001, so they understood the benefits that came with ISO certifications - including the framework to start making better decisions and accurately measure what you're doing. Their head of facilities had started the process of evaluating other areas they could improve with ISO Standards, particularly around sustainability. Live events are a large service offering for Haymarket, which has a significant environmental footprint, so a case was put forward for the benefits if reducing that impact with the help of ISO 20121. The team running their live events were very positive about the potential benefits presented, and the go ahead was given. [07:20] Sustainability is central to how Haymarket wants to operate – Implementing ISO 20121 would ensure that there was more standardisation across their processes. This would introduce some uniformity that could apply to all types of events, which was very important to the Live event lead - Donna Murphy. Natalie was in the right place at the right time, already in the position of working in collaboration with Haymarket’s Live events team on sustainable procurement, ensuring that due diligence was followed with suppliers and their accreditations. So, it was a no-brainer getting her on board with the ISO 20121 project! [09:30] How long did it take to implement ISO 20121?:  Haymarket engaged in Blackmores services in February 2022 and were accredited by July 2023. In total, it took 18 months for the planning, creation and development ahead of the assessment. They ensured the system was refined to ensure it worked efficiently, encouraging continual improvement and a harmonious approach for the whole business. [11:15] Above and beyond: Haymarket received a lot of praise from their Assessor – highlighting their thoroughness, including the involvement of top management and many others within the organisation in the creation of the Management System. Also for ensuring that the system would be applicable for the 4 main types of events that Haymarket runs. [12:00] ISO 20121 requires an audit to be conducted during a live event – So Haymarket had a lot to consider when selecting the event to be audited.   [13:30] Haymarket’s key insights on Implementing ISO 20121: #1: The Gap Analysis was an integral part of the process – by highlighting the gaps you can clearly see where improvements can be made. While they may have been a bit crestfallen and daunted by the gaps presented, they came out if knowing they already had around 27% of a Sustainable Event Management system already in place – partly due to their existing certifications.  This soon bumped up to 59% at the half-way checkpoint! This assured them that ISO 20121 was within reach, and simply required at bit of time and effort to achieve. #2 Having leadership involvement and backing – They were quick to involve their live event lead, Donna Murphy, in key decision making and with the roll-out of the Management System. She was instrumental in ensuring the Standard was in place and being followed. [18:45] What were some of the gap identified and how did Haymarket bridge them?  Required documentation – Many ISO standards have required documentation. A lot of times companies do have a lot of it place, but it’s simply just not formalised. Natalie highlights that this was the case with a Risk Register. It’s not a universal company need to have, but as part of the Procurement Team it’s simply a part of who they are and what they do. For live events, they need to do the appropriate health and safety checks, but it wasn’t formalised in any way. Thankfully their facilities and environment specialist, who assisted with the existing ISO 14001 and ISO 50001 certifications, was on hand to help with the creation of risk procedures based on procedures from the existing Management System. With this collaborative approach, using elements from the exiting Management System, they created 31 brand new documents consisting of Procedures, Registers, Log and Records that are continuously used, monitored and updated. This new documentation, while a lot of work to create, ultimately helps Haymarket track, measure and set parameter’s for continuous Improvement. It ensured they have a really visual system, with a clear view of what needs to be done to run sustainable events.  [23:00] What difference has Implementing ISO 20121 made?: There was a big amount of short-time work for a long term gain. It’s not simply a stack of useless documents sitting in a corner, it’s a living, breathing system that is injected into the business. The Management system is of benefit to everyone, including those new to Haymarket’s team as it provides a structured and standardised approach to sustainable event delivery. It’s provided knowledge and helped to develop new skills that will stick with all those that interact with the Management system, whether they stay with Haymarket or move elsewhere. Ultimately, it’s all about ensuring they are doing the right thing for the planet. By creating more sustainable events, they are reducing their impact as a whole. [26:00] What is the main achievement from being certified to ISO 20121?: Morale and confidence that they can say they really do practice what they preach. They could hold a mirror up and say, right, we've created this system and we're confident in it – with internal audits conducted by third-parities to confirm they’re on the right track with their intended goals. Certification is not the end goal. You have annual Surveillance Audits to check-in, so the system must be a long-term feature in your business, and it must drive continual improvement. [27:50] What top tip would Gary and Natalie give for ISO 20121 Implementation? Gary: Make sure you’re resolute in your reasoning for Implementing the standard and the implications of doing so. Also, enlist the help of someone with Implementation experience! Natalie: Don’t underestimate the amount of work required. Select someone in-house to manage the project and when / if you can, use external resources such as a consultant to assist. They can also provide unbias, reflective feedback to ensure you’re on the right track. [30:10] What’s a favorite quote? “The greatest threat to our planet is the belief that someone else will save it” – Robert Swan If you’d like to learn more about Haymarket check out their website! We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

Energy Management can be a tricky topic to approach depending on your industry. There are a lot of factors that need to be considered to ensure that you are accurately monitoring and measuring your energy consumption. Thankfully ISO 50001, the Standard for Energy Management, does provide a lot of useful guidance to help you get started. As a reminder, ISO 50001 can help your business to continually improve its energy performance, energy efficiency, energy use and energy consumption. Building an energy management system (EMS) based on the requirements of ISO 50001 will ultimately help you to understand, monitor and measure your use of energy. However, even with the guidance, we often see a few common mistakes companies make while managing their EMS. Today Darren Morrow, Senior Isologist here at Blackmores, joins us to share his top 5 mistakes to avoid while managing an EMS. You’ll learn ●      What is ISO 50001? ●      5 mistakes to avoid while managing an Energy Management System ●      How can you avoid these mistakes?     Resources ●      isologyhub ●      ISO 50001   In this episode, we talk about: [00:30] What is ISO 50001? ISO 50001 is all about continually improving energy performance, energy efficiency, energy use and energy consumption. By Implementing an energy management system, you will be able to fully understand and monitor and measure your use of energy. Like most other ISO’s, continual improvement is at the heart of ISO 50001, and It’s also based on the Annex SL format. So, it shares some similarities with Standards such as ISO 9001 and ISO 14001. If you’ve got ISO 14001, you’re already half-way there! [01:14] We have a more detailed walkthrough of ISO 50001 Implementation available in our steps to success podcast series, which are episodes: 84, 85 and 88 [02:00] Mistake 1 – Lack of commitment from top management: This can be one of the biggest issues and can cause the most damage in relation to any management system. A lack of support from top management often leads to:- ·       A loss of motivation for improvement ·       A lack of financial support and resources – The EMS should be considered in budgets so you can account for any additional maintenance that needs to be done to ensure equipment is running optimally, or possibly investing in newer technology that is designed to be more efficient. ·       Lack of alignment of the EMS and organisational goals and objectives – Everyone in the business should be aware of the organisation’s goals, if energy management is included as part of those goals, then they are more likely to be fulfilled. Having a commitment from top management ensures that EMS is part of the business and not just a bolt on.   [03:25] Mistake 2 – Built by one person or department: If one person is deemed ultimately responsible, even if supported by top management, overall commitment throughout the business can be difficult, sometimes with comments such as 'that’s Bob's job'. With one person or department, there can be the lack of authority to make decisions, and inevitably they can become siloed from the rest of the business - not hearing about improvement opportunities, not being involved in internal projects, etc. Ensure that, even in a smaller businesses where one person may form the 'Energy Team',  that everyone is able to contribute. [04:20] Mistake 3 – Rushed Implementation of the Energy Management System: This can lead to confusion as to who is responsible and what responsibilities are shared. It can also lead to failures to record opportunities for improvement, or for monitoring and managing any deviations in energy consumption that may occur and require investigation. There is also the risk of a lack of awareness amongst staff if you’ve not taken the time to communicate roles and responsibilities in relation to the EMS. [05:30] Mistake 4 – Manual controls that can be overridden by staff:  A lot of what you monitor and measure may be automated, but there will always be elements where there is a potential for human error. So ideally, where possible during energy reviews or audits, consider those elements that humans have direct impact for the control and influence of energy. Typical examples include: ·       Heating and cooling - Problems and excessive energy use can be caused through individuals changing temperatures resulting in equipment working harder and on many occasions working against each other. ·       Lighting - Many companies now have sensor controlled lighting, this ensures lights are only switched on when required. Manual lighting controls typically have resulted in lights being switched on and left on in rooms that are not occupied, example being meeting rooms. [06:50] Mistake 5 – Data collection and monitoring: Data collection is crucial in supporting decision making and also to be able to demonstrate improvement. Common pitfalls in this category include: ·       Lack of attention to monitoring and measurement results / trends – there is a likelihood that data will not be collected properly, recorded incorrectly, resulting in data that is only used to populate a spreadsheet or software based database, and does not provide any valuable information.  Results may not be analyzed at appropriate times to identify any trends or issues / deviations that may arise, potentially leading to inefficiencies in equipment operations, and ultimately increased costs ·       Poor data collection and record keeping and general housekeeping - Data if not collected periodically, covering determined periods, will result in being unable to compare consumption on a like-for-like basis. This means you will only be recording usage, with significantly reduced means to identify opportunities for improvement and / or causes for deviations.  ·       Relying on energy bills (estimated and not reading meters) – This should be a last resort for data collection. This will not provide accurate information to base decisions on, inevitably bills will show an estimated consumption and cost, followed by a 'reading' sometime during the year, resulting in an amendment or adjustment being made - primarily cost. This has a significant impact the data collected, along with any possibility of accurately identifying improvements and / or deviations that could impact the business [09:40] We’re offering a Buy 1 Get 1 Free offer on isologyhub memberships until the 31st October 2023! Contact us to book a demo. We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

There are a lot of tedious tasks that we put off, or would rather just not do! Often, these types of tasks don’t take too long, but can cause delays if not completed. If you find yourself battling with this, it may be time to ask: Where could you save 10 minutes a day? That’s the exact question Lorna Leonard, Managing Director of Leonard Business Services, asked her team at the start of 2023. Focusing on tasks that were being put off for various reasons, Lorna found a potential time saving of 52 hours a month! Today Lorna joins us to share her story of how saving just 10 minutes a day can potentially lead to 8 days’ worth of time saved, in addition to the pitfalls and solutions she found along the way. You’ll learn ●      Who are Leonard Business Services ●      Why did the 10 minute initiative start? ●      The power of saving 10 minutes a day ●      What challenges did they face?   Resources ●      Leonard Business Services ●      Lorna Leonard’s LinkedIn ●      ISO 9001 ●      isologyhub   In this episode, we talk about: [01:25] An Introduction to Lorna Leonard and Leonard Business Services – a virtual finance department who are certified to ISO 9001. Lorna also joined us on a previous episode, Chaos to Calm, to talk about their experience working during the COVID pandemic.   [03:25] The challenge: Lorna started off with only 1 other member of staff, over the years they’ve grown to 7, with an increasing number of associates. With the organisation growing, Lorna was unable to be as hands on as she was before, so some things started to slip through the cracks. She wanted to ensure that was nipped in the bud early on. The nature of her business needs very specific qualities in individuals, ones that are hard to come by. So, she was seeking to save as much wasted time with her current team as possible. [04:50] Nothing is ever down to human error, it always comes down to a process – Some words of wisdom from Rachel Churchman, a Blackmores Managing Consultant who works with Lorna with on-going support. Processes change, they need regular review and updates to ensure they work well for you. Lorna found that a number of their processes created bubbles of inefficiency, which resulted in various 10-15 minute tasks that others found frustrating to complete. [05:50] Saving 10 minutes a day: As a result of the process review, Lorna decided to focus on just saving 10 minutes a day – taking baby steps to tackle a bigger problem. She asked all of her staff to think of any tasks they found frustrating, and added them to a log. She kept that log going until May, to capture a snapshot of the issues before tackling them. This is just so she could measure the results more accurately later on. [08:15] What tasks did Lorna’s staff highlight as frustrating?: A lot of problems were a result of software systems not talking to each other, meaning a lot of basic merging / collating of data had to be done manually between 2 systems. [09:25] How they calculated the potential time-savings: Using the log, they estimated the time taken for each task, including consideration for which other members of staff may be affected by the same issues. At the end of the May, they found that there was a potential time-saving of 54 hours, which amounts to a full 8 days of work! [11:25] Taking principles of ISO 9001 to heart:  Lorna has truly embraced one of the key elements of ISO 9001 – addressing non-conformities through looking at your risks and weaknesses. By taking a step back and shining a spotlight on the negative, you can work towards making a positive change, and continually improving your way of working. [13:30] How did Lorna’s team feel about the iniative: At the start, it was like pulling teeth. Many felt as if the wasted time was a reflection on their performance rather than a failure of processes and systems which weren’t working as efficiently as they could. Once improvements were starting to be implemented, the team could see just how valuable this exercise was. Lorna even received kudos (through an internal perk system) from the Team! [16:45] A part of the exercise involved accepting some things that you can’t change. [17:00] The tip of the iceberg: One issue can lead down a deeper path. For example, Lorna found that their expenses app wasn’t integrating with their accounting app – resulting in a manual exchange of data. By talking to app support, they were able to find a solution. 2 weeks later Lorna found that, that solution resulted in fixing a problem elsewhere that she wasn’t even aware of! [18:30] For the things that can’t be changed, there is always a possibility to look at more long-term solutions that may require a roadmap to get to. The key takeaway is that you’re making worthwhile improvements, no matter how quickly or long they may take to achieve. [19:30] Other types of solutions found: Most of the solutions came down to outsourcing. For example, Lorna is not a software expert, so resolving the software system issues would have taken a long time. Luckily, she found an associate in Michigan who specialised in API development, who could create ways to make the systems talk to each other using Zapier. It wasn’t always possible as some apps don’t allow for custom triggers, but there was a lot of issues he could help resolve. Lorna now thinks of him as an extension of the team. [22:00] Another example of time-saving: Lorna’s team often have to fill out P11D’s and submit them to HMRC on behalf of clients. The format that is provided made it difficult for staff to fill out, meaning it caused a lot of headache and wasted a lot of time just trying to reformat them in an easily editable way. They managed to source a system that does this for them, at a small cost per year. It was definitely worth it – saving the whole team 3 days’ worth of time a year! [26:00] Leonard Business Services is a perfect example of how taking a proactive approach can lead to great success. They have won a number of awards over the years, and will no doubt win many more in the future. If you’d like to learn more about Leonard Business Services, check out their website! Also take a look at Lorna’s LinkedIn, where she shares a lot of insightful business tips. We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

We’re already seeing the devastating effects of failing to maintain global warming at the 1.5 degrees, as pledged in the 2015 Paris Climate Agreement. In order to get this back on track we all need to consider our current energy consumption. So, what can businesses do to manage their impact? That’s where ISO 50001, the Standard for Energy Management, comes in! ISO 50001 can help your business to continually improve its energy performance, energy efficiency, energy use and energy consumption. Building an energy management system will ultimately help you to understand, monitor and measure your use of energy. Today Darren Morrow, Senior Isologist here at Blackmores, joins us to share his top 5 top tips for ISO 50001 Implementation. You’ll learn ●      What is ISO 50001? ●      5 top tips for Implementing and Energy Management System   Resources ●      isologyhub ●      ISO 50001   In this episode, we talk about: [00:52] We have a more detailed walkthrough of ISO 50001 Implementation available in our steps to success podcast series, which are episodes: 84, 85 and 88 [01:05] What is ISO 50001? ISO 50001 is all about continually improving energy performance, energy efficiency, energy use and energy consumption. By Implementing an energy management system, you will be able to fully understand and monitor and measure your use of energy. Like most other ISO’s, continual improvement is at the heart of ISO 50001, and It’s also based on the Annex SL format. So, it shares some similarities with Standards such as ISO 9001 and ISO 14001. If you’ve got ISO 14001, you’re already half-way there! [01:40] ISO 50001 and ESOS – ISO 50001 can also help you comply with ESOS (The Energy Savings Opportunities Scheme). If you’d like to learn more about that, listen to episode 138. [02:50] Tip 1 – Top Management commitment and allocation of resources: This is vital, as the reason for implementation, management, requirements and aims along with expectations of everyone within the business for their support, is clearly demonstrated and communicated from the top down. With an energy management system, part of this commitment includes making sure suitable resources are made available, this includes: ·       People - For implementation, maintenance and improvement of the systems, including the means of gathering and reporting data. ·       Financial support - There will be times where investment will be required. Ensuring existing equipment maintenance and servicing undertaken as required to maintain efficiency. Allocate clear responsibilities for individuals e.g. gathering data such as meter readings, fuel usage, so that this is done consistently and the data is not only available but accurate. [04:14] Tip 2 – Data: For data collection we need to understand certain things, an Energy review will support the identification of energy sources, identify and understand energy use and determine clear performance monitoring and indicators, leading to the determination of the data required. Some key considerations include: ·       Identify sources of energy and your energy consumption from the energy review ·       The quality, precision and accuracy of the data collected needs to be considered and monitored if measuring / monitoring results are to be meaningful. ·       Data collection frequency should be determined and maintained to support the overall statistical analysis. Finally, set goals and targets for improvement (EnPIs) - this can be in overall energy consumption, specific equipment improvements, other ratios measures such as consumption per person of consumption vs revenue. [06:10] Tip 3 – Align and Integrate with other business management systems, goals and strategies: Sounds simple, but not always undertaken effectively, when implementing an energy management system consider any other management system that is already in place and look at any similarities, any elements that already exist that can be tweaked or expanded - this way, it is treated as 'business as usual'. [07:20] Tip 4 – Communication, training and awareness:  Communication plays a key role in any system, make sure you: ·       Communicate requirements, goals and commitments, and objectives or targets. ·       Keep staff informed of what’s going on as their involvement and direct actions support achieving goals and targets, along with identifying improvements. ·       Assign responsibilities, create a team and/or assign a champion - This supports the effectiveness of data collection, and also can increase motivation and encourage identification of energy saving opportunities Energy savings require the commitment of the whole workforce. There ideally needs to be a champion in the organization who can drive change and savings. [08:41] Tip 5 – Record opportunities for improving energy efficiency: Any and all identified opportunities can be, and should be logged and monitored for suitability, no matter how 'far out there' these may be. Some may not be appropriate or feasible immediately, or in the short term, possibly due to costs / investment requirements. However, once an opportunity is logged, it can be monitored, assigned financial support and be planned for Implementation. [10:40] We’re offering a Buy 1 Get 1 Free offer on isologyhub memberships until the 31st October 2023! Contact us to book a demo Stay tuned for next weeks’ episode as Darren joins as again to highlight 5 key mistakes to avoid while managing an Energy Management System. We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

We sadly often see Management Systems fade into the background following successful certification. When this happens, it can stagnate and cease to be a driving force for continual Improvement within the business. So, what can you do to reinvigorate interest? That’s where the Engagement Amplifier Gameplan comes in! This Gameplan was created by today’s guest, Sarah Ball, an isologist here at Blackmores and one of the main driving forces behind our online membership – the isologyhub. Today Sarah will continue on from the last episode and explain the last few steps in the Engagement Amplifier Gameplan.  You’ll learn ●      What is the isologyhub   ●      What are the final 4 steps in the Engagement Amplifier Gameplan?   Resources ●      isologyhub ●      What’s in a name   In this episode, we talk about: [00:55] The isologyhub is our online Membership our online membership site that includes a full ISO 14001 roadmap to help you create and launch your own bespoke environmental management system. Also included are a suite of templates and training on various ISO’s to help take you from zero to hero in ISO Standards. [01:15] Sarah Ball created the Engagement Amplifier Gameplan in addition to many other resources on the hub. She is one of the key people behind the hub’s creation and currently drives it’s development. [01:30] This is part 2! We covered what the Engagement Amplifier is, along with the first few steps in the Gameplan in the last episode. If you missed out, I highly recommend going back and giving it a listen.   [01:45] Step 4 – Champions: A team of management system Champions, whether that be Health & Safety Champions, Quality Champions or any other discipline, can have a significant impact on engagement levels. They can advocate for the management system and, crucially, Champions lead by example when they engage with the management system themselves. In Step 4 of the Gameplan takes you through what Champions can do, what makes a good team of Champions and how to start your own team of Champions. [03:40] Step 5 – Brand Boost: This is how you brand and sell your management system to your employees and other key stakeholders, which is crucial to how they relate to it and engage with it. It walks you through the importance of a brand identity for your management system, how to develop this and how to launch, or re-launch, the management system with a new brand within the business. This step can be useful for the implementation of your management system and for when engagement has really fallen. For further listening – go back to our ‘What’s in a Name’ episode. [04:30] Practicing what we preach – We did a recent rebrand of our Management System at Blackmores. Even though it’s a mature system that’s years old, we felt that it wasn’t doing much for us. So we followed our own plan and created H20 (How 2 Operate), a much more accessible and collaborative Management System that is housed on our shared Teams channel and SharePoint.   [05:40] Step 6 – Communicate and Celebrate: . Ongoing communication is a key part of maintaining momentum and engagement, it provides an opportunity to keep the management system at the forefront of people’s minds and to celebrate successes. It also allows you to recognise examples of engagement with the management system. The Gameplan takes you through what you should communicate and how and is something that you can revisit at any point as your management system matures. [06:45] Step 7 – Momentum: Once you have reinvigorated engagement, it is crucial to maintain that momentum. This step takes members through how to recognise engagement, continue to reassess engagement levels and developing a future strategy to maintain the desired level of engagement. [07:50] We’re offering a Buy 1 Get 1 Free offer on isologyhub memberships until the 31st October 2023! Contact us to book a demo We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

When a Management System is first implemented, there is often a spotlight being cast on it’s importance to the business and everyone’s roles in relation to it. However, we often see this buzz quickly fall off, letting the Management System fade into the background. When this happens, it can stagnate and cease to be a driving force for continual Improvement within the business. So what can you do to reinvigorate interest? That’s where the Engagement Amplifier Gameplan comes in! This Gameplan was created by today’s guest, Sarah Ball, an isologist here at Blackmores and also one of the main driving forces behind our online membership – the isologyhub. Today Sarah will explain exactly what the Engagement Amplifier Gameplan is, who it’s suitable for and give an overview of the first few steps.  You’ll learn ●      What is the Engagement Amplifier?   ●      Who is the Engagement Amplifier for? ●      What are the first 3 steps in the Gameplan? ●      How long does it take to action this Gameplan?   Resources ●      isologyhub   In this episode, we talk about: [00:25] The isologyhub is our online Membership our online membership site that includes a full ISO 14001 roadmap to help you create and launch your own bespoke environmental management system. Also included are a suite of templates and training on various ISO’s to help take you from zero to hero in ISO Standards. [01:15] Sarah Ball created the Engagement Amplifier Gameplan in addition to many other resources on the hub. She is one of the key people behind the hub’s creation and currently drives it’s development. [01:45] What is the Engagement Amplifier? The Engagement Amplifier Gameplan, like all the Gameplan in the isologyhub, is an action plan, something you can follow to transform an aspect of your management system. In this case, to increase engagement from across your business and key stakeholders with your management system.   [02:05] What does the Engagement Amplifier aim to address? It is very common after a period of time for management systems to fade into the background a little. The risk when there is a lack of engagement is that the management system begins to stagnate and no longer drives the business forward. So, reinvigorating that engagement is really crucial and the Gameplan walks you through the steps to assess what your level of engagement is now, where you want it to be and how you can get there.  [04:05] Who would this Gameplan be good for? – The Engagement Amplifier Gameplan is good for any company with a management system in place. And for any point in the maturity of your management system. Certainly, the first part of the Gameplan where you will determine what your engagement goal is, and what level of engagement you currently have.   [05:55] Step 1: Assess – This gives an overview of what good engagement looks like, why it is important to measure and, importantly, how you can measure the engagement you have. [05:40] Step 2: Myth Busting – This is important because a common cause of a lack of engagement is a lack of understanding about what the management system is and how people should engage with it. In this step we explain what some of the myths are and what the reality is, so that members can address these myths in their own business. [07:15] Step 3: Leadership – This is really key as the approach of the Leadership Team to the management system is one of the biggest factors in the level of engagement with the management system. Leadership set the tone of the organisation’s culture and have a significant role in embedding your management system into daily operations and aligning it to your strategy and vision. In this step there are activities for the Leadership team to complete to define how the management system can support strategic goals. As well as practical tips on how the Leadership level can show their commitment and promote engagement with the management system. [08:40] How long would it take for someone to action this Gameplan? – That can vary a lot depending on how much time you have available to dedicate to it and how many people you want to get involved. It’s certainly not intended to be done in a day or even a week. You will need time within each step to engage with others, get feedback and analyse information. Sarah would suggest at least a month, but potentially longer depending on other priorities. [09:50] We’re offering a Buy 1 Get 1 Free offer on isologyhub memberships until the 31st October 2023! Contact us to book a demo Stay tuned for next week’s episode where Sarah will be joining us again to cover steps 4 – 7 of the Engagement Amplifier Gameplan! We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

With a growing number of threats and risks facing businesses every day, it’s never been more crucial to have a proper system in place to mitigate and manage issues when they crop up. A variety of ISO Standards can help businesses to do just that! And we’re seeing an ever-increasing trend of requests for Integrated Management Systems, which combine multiple ISO certifications to cover every aspect of their business. Such is the case with today’s guest, Todd Research. Todd Research have been in the business of designing, manufacturing and supplying X-ray scanners for 70 years. They have since expanded their product range to include other solutions, all designed to detect suspect devices. We’re joined by Caroline Banks, Support Manager at Todd Research, to learn about why they decided to implement ISO 9001 (Quality Management) and ISO 27001 (Information Security), including an insight into their experience with our ISO 14001 coaching programme, hosted on the isologyhub. You’ll learn ●      Who are Todd Research? ●      Why did they choose to Implement ISO 9001 and ISO 27001? ●      What challenges did they face? ●      The benefits of ISO 9001 and ISO 27001 ●      Their experience with our ISO 14001 coaching Programme   Resources ●      Todd Research ●      isologyhub ●      ISO 9001 ●      ISO 27001     In this episode, we talk about: [00:37] An introduction to Todd Research and Caroline Banks’ role as Support Manager there. [01:20] What is something not many people know about Caroline? She’s taken up running and started with the couch to 5K. She later completed a half-marathon in the same year, and has since gone on to finish 21 more half-marathons and 2 full ones!   [02:27] Who are Todd Research? They were founded in 1950, designing, manufacturing and supplying X-ray scanning equipment. They also provide service and maintenance for their devices worldwide. [03:11] What Standards are they certified to? ISO 9001 (Quality Management, inherited from a previous company) and ISO 27001 (Information Security Management) [03:48] What was the main driver for achieving ISO 9001 and ISO 27001? – For ISO 9001 – As a manufacturing company, they want to ensure that they can provide the best quality in terms of product and service. For ISO 27001 – This was more sales driven and was being requested in a lot of tenders, particularly Government tenders.   [04:35] How did Caroline manage an inherited Quality Management System? – Caroline completely revamped the inherited Management System, making it their own and adapting it to suit how they currently run their business. It involved a lot of review and removal of unnecessary documentation, with the end result of streamlining the whole system. They also appreciated a 3rd party coming into review and assist with the process. After moving to a new premises, they are still continually Improving system year on year. [06:25] How long did it take to achieve certification to ISO 27001? – They started in April 2021 with a Gap Analysis and gained certification in September 2021 (6 months in total). As they already held ISO 9001, they made the decision early on to integrate the two Standards into a Business Management System. [07:50] What was the biggest gap found after the initial ISO 27001 Gap Analysis? – The biggest challenge for Todd Research was carrying out the Risks Assessments. Getting Directors involved in the review of Standards and agreeing what risks applied to them took the most time in the early stages. [09:00] Caroline’s experience with ISO 27001 – While she had experience with ISO 9001, ISO 27001 was a whole new ball game. There are a lot of risks associated with Information Security including, phishing, malware, risks to hardware ect. This was all new territory for Caroline, but she adapted and learned a lot along the way. [09:50] What difference has the Management System made to the business? – It’s unique to them and their way of working, especially as a result of integrating the two Standards into a single Management System. The whole process gave them a chance to look at the business with a new perspective, which in turn helped them to streamline a lot of processes. [10:20] What lessons have they learned from Implementing ISO 9001 and ISO 27001? – Caroline now has a better understanding of how the business works from all angles, from manufacturing to finance. Her experience with having Blackmore assist with Internal Audits highlighted the need and importance of impartiality. [11:20] What are the main benefits? – For them, it’s having an Integrated Management System, as a lot of aspects of various ISO Standards share similarities, and it just makes sense to combine them to save on doubling up on documented information. Caroline also highlights the Corrective Actions Log as her key tool for managing actions following on from Internal Audits, allowing for a proactive approach for business improvement on a weekly basis.  [12:50] What is the ENE / ISO 14001 Coaching programme? – Blackmores secured some European funding to support 7 businesses in the East of England to raise awareness of environmental issues and implement some practical tools for Environmental Management. We opted for an ISO 14001 focus and utilized our online membership portal, the isologyhub, as the host with additional coaching from one of our experienced consultants. [13:25] What was Caroline’s experience with the isologyhub and the ISO 14001 coaching programme – Todd Research made the decision early on not to go for ISO 14001 certification. The experience gave Caroline a good insight into what the requirements are for the Environmental Management Standard in preparation for potentially certifying in future. Caroline highlights the wealth of information available in the hub, including documentation which supplemented the coaching sessions. Her 1-2-1 coaching sessions resulted in deeper analysis of what their business can act on to improve their impact, for example putting in place a scrap metal policy for X-ray scanners and equipment that needs to be disposed of. They have also streamlined their Engineer’s service visits, by making the most of them while in any given area to reduce the carbon impact of travel. [17:00] What was the most useful resource in the isologyhub? – The training provided for carrying out Risk Assessments, with a focus on their environmental risks. [18:05] What was the main benefit of achieving certification to ISO 9001 and ISO 27001? – Having both standards sets them aside from their competitors, as many have ISO 9001 but not many have ISO 27001. It also brings a sense of continuity to the business. [18:55] Caroline’s top tips – Use an independent company (such as Blackmores) to assist with Implementation. Having a helping experienced hand will make the journey run a lot more smoothly and will give you piece of mind, especially as you have your own day job to worry about! [19:30] A reminder that the ISO 27001 Transition Gameplan is available on the isologyhub – ISO 27001 recently updated, and those certified with need to update to the latest 2022 version of the Standard. Our Transition Gameplan will guide you through the changes and what needs to be done to update your Management System.  [21:17] Caroline’s book recommendation – ‘Menopausing’ by Davina McCall [22:17] Caroline’s favorite quote – ‘It’s not so much that I began to run, it’s that I continued’ You can find out more about Todd Research via their website! We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

Anyone whose been involved in the implementation or maintenance of an ISO Management System will know it’s not a small feat. There’s a lot of time and teamwork involved in getting a system in place for certification, so it’s definitely a cause for celebration when you finally do get that certificate at the end! But what can you do with that? A lot of companies will get an ISO certification as a necessity, whether that be an industry requirement, legal requirement or client requirement. Often times, they’re quite content to just let those interested parties know about it and leave it at that. Which is a shame, as we think it’s something worth shouting about. It’s a display of your commitment to best practice, whether that be in quality, health & safety, information security, risk management or any combination of those – and better still, it’s a globally recognised certification. In this episode, Stephanie Churchman, Communications Manager at Blackmores, will take you through a few ways you can celebrate your ISO success. You’ll learn ●      Why promote your ISO certification? ●      How can you promote your ISO success? ●      How can Blackmores help you celebrate your ISO success?   Resources ·       Isologyhub   In this episode, we talk about: [00:30] Mel will be back in the next episode after taking a well deserved break 😊 [01:15] Why celebrate your success? You / your team worked hard to put that Management System in place and get it ready for certification, so it’s worth celebrating when you finally do get that certificate. It’s also a globally recognised certification that displays your commitment to Best Practice.   [02:23] #1 Certificate Award ceremony – This is something you may need to organise ahead of getting your final certificate. It’s worth asking your certification body if they do a certificate award ceremony. Some CB’s will invite clients to a location to hand out certificates in a batch – or they may be happy to come an officially award you your certificate on your own premises. Either way, it’s a great opportunity to get a photo that you can then use later on your website or in social media, in addition to making it more of an event. [03:09] Publish a blog or news article – This is a newsworthy event! And you should take the time to write a short statement for your website – Bonus points if you can get some statements from those involved with the process. It doesn’t have to be overly long, it can just be a short paragraph.    [03:35] Social Media Post  – Social media is the main place a lot of people get information nowadays. Many platforms have character limits, so you can keep it short and sweet, as this is just to inform your wider audience who may not regularly visit your website. On platforms like LinkedIn, you can even tag some key members involved so they can add their own comments and experience under the post. This is also a great opportunity to work in collaboration with your Certification Body – as they’re also keen to show off their clients successes. It’s worth getting in touch with their marketing team and ask if they’d be happy for you to tag them in a post– so they can reciprocate with a post and tag of your company – which would in turn expand your audience for that post significantly depending on how much reach the certification body has. [04:54] Website Promotion - You could make a more permanent addition to your website. A lot of businesses tend to have a page for awards and accreditations, which is the perfect place to display the digital badge that your certification body will provide following certification. You could also link your current certificate if so inclined. Another place we often see clients displaying those digital badges is the website footer, it’s unobtrusive but makes for something a bit more eye catching when displayed next to the typical links you see in website footers. [05:35] Email Signatures – Are another subtle way to make sure those digital badges get some use and imprint themselves in the minds of anyone you contact. It’s a relatively easy update to make and is just another way to make sure it’s seen by both internal and external contacts on a daily basis. [05:55] Newsletters – Many of you will have some sort of weekly, monthly or annual communications with your clients and prospects. Make sure to include a mention of your certification in the next update. If you wanted to make it something special, make it a main feature and include some story behind the why and how you went about Implementation. Let your audience know why that certificate is important and highlight any notable success as a result of that certification, i.e. with ISO 50001 (energy management), you may have already made significant changes to reduce your energy consumption. Whether that be switching all your lighting to a more eco-friendly option or sharing some actual figures on energy reduction following certification. [06:50] Case Studies – This is just another way to get your ISO journey written down in a concise, easy to digest format that can then be shared via your website and social channels. It’s another great place to highlight the why, how, any challenges you overcame and what your next steps are. Keep it to 1 page if possible – as people often get turned off by looking at a daunting page count. Bullet point what you can and expand where needed, as that helps to break up walls of text and just makes it a bit easier for people to read. Take a look at some examples online for layout inspiration – there’s no shortage out there. Of course, if you work with us, we’re happy to do all the design and writing for you. [07:45] Podcast / Video - Not everyone is going to have the means to publish videos and podcasts – So this won’t be applicable to everyone, but that doesn’t necessarily mean you have to drop this idea entirely. For example, we feature a lot of clients on our podcast and we’re more than happy for them to use their episode in marketing, or on their site or wherever they want to. So, if you work with a third party that has a podcast or produces their own videos, it’s worth an ask to see if they’d be open to featuring you.  For those that do have the means to do this in-house – It’s highly recommended that you do either one or both of these, as you can then link back to them in social posts and other marketing.  [08:50] This isn’t a one time thing – you can re-use a lot of these resources elsewhere, and remind others that you hold certain certifications when appropriate. [09:15] The main takeaway is – You worked hard to earn that certificate, so don’t let it be a quiet victory. We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

The Energy Savings Opportunity Scheme (ESOS) is a legal requirement for organisations of a certain size or value. The scheme is designed to make companies look at how they use energy with a view to improving performance.  If your organisation qualifies for ESOS, you have until December 5th to comply or complete your phase 3 reporting. Over the last few episodes we’ve explored two routes to compliance: Energy Audits and ISO 50001. As we explained, ISO 50001 goes above and beyond ESOS requirements and ensures you don’t have to gather an evidence pack every four years to prove compliance. However, there are many more benefits to ISO 50001 than just it’s compliance with ESOS requirements. Join Mel this week as she dives into the other benefits ISO 50001, including real world examples from some global brand names. You’ll learn ●      Why Implement ISO 50001? ●      What are the benefits of ISO 50001? ●      Who has found success with ISO 50001?   Resources ·       ESOS ·       ISO 50001   In this episode, we talk about: [00:35] Watch our previous episodes to learn more about Energy Audits and ISO 50001 [01:41] Benefit #1: Cost savings – By Improving your energy efficiency and reducing energy consumption, you can save a startling amount. ISO 50001 helps you to put a system in place that will allow optimisation of your energy usage.    [02:20] Benefit #2: Compliance – ISO 50001 can help you comply with the likes of ESOS and SECR. Carbon reporting and legal requirements in relation to it are global, any countries lagging behind on these requirements will soon adopt or create their own in response to the limited time we have left to reduce the effects of the climate crisis. [02:45] Benefit #3: Reduce your environmental Impact – By reducing energy usage and switching to more energy efficient means, you will reduce your carbon emissions. ISO 50001 also acts as a complementary tool to ISO 14001 (Environmental Management) that many already have in place.   [03:10] Benefit #4: A coordinated approach  – Companies, especially large ones, may have multiple systems in place to manage energy. ISO 50001 helps to create a universal framework that can be applied to a whole business. [03:25] Benefit #5: External Incentives -  There may be external benefits that can be gained by proving that you are taking steps to reduce your environmental impact. This could include tax benefits, insurance ect [04:25] Benefit #6 Informed funding – There is a lot of funding out there to help companies with new green technology. Having ISO 50001 in place will give you a consistent overview of your energy usage, so you’ll be able to make informed funding choices based on where more savings can be made in terms of emissions and general costs. [04:55] Benefit #7 Track Objectives – ISO 50001 can help you set Objectives and then set policies and procedures to help make those a reality. Those familiar with ISO Standards will know that it’s all about continual Improvement, so you’ll always be making progress.  [05:30] Benefit #8 Credibility – ISO 50001 is an internationally recognised Standard, and is a mark of your credibility. This can be used in marketing materials, displayed on your website, used in Case Studies ect.    [06:35] You don’t have to be a large brand or organisation to Implement ISO 50001. It can be implemented for a business of any size where energy is a significant environmental Impact. [07:05] Hilton’s success with ISO 50001:  One of the world’s largest hotel chains, Hilton was the first global hospitality company to achieve portfolio-wide certification to ISO 50001. The savings have been significant, reducing Hilton’s energy intensity by 20.6% and its carbon intensity by 30.0% from a 2008 baseline. [07:55] Bentley’s success with ISO 50001: Reduced energy usage by two-thirds for each car produced and by 14% overall for the entire plant, delivering savings of 230 GWh of energy – enough to power 11,500 houses for a year! [09:37] Hitachi’s success with ISO 50001: Following the Japanese earthquake disaster in 2011, Hitachi decided to introduce “the smart next-generation factory plan”. Following implementation of ISO 50001, the plant reduced 23 % of the contract electricity, 15 % of CO2 emissions and 5 million yen/month of electricity costs. [10:12] Toyota’s success with ISO 50001: Implementation of ISO 50001 resulted in a reduction in electricity usage which has translated into cost-savings of more than R4.8 million (Over £210,000!) over a two-year period. The company also generated energy savings of GWh 8.15 across its 14 plants, and reduced its GHG emissions by 7,804 tons. [10:50] Schneider Electric’s success with ISO 50001: The company adopted ISO 50001 certification in order to maximise energy performance. Following the certification, the business’ energy performance increased by 10.5%, with savings totaling £26,500 over 3 years. [12:15] Want more info on ISO 50001? – Head on over to the isologyhub to get access to a wealth of ISO 50001, and energy management tools For those interested in ISO 50001, we’re offering  a free copy of the Standard to anyone who signs up for Implementation with us before the 30th June. We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

The Energy Savings Opportunity Scheme (ESOS) is a legal requirement for organisations of a certain size or value. The scheme is designed to make companies look at how they use energy with a view to improving performance.  If your organisation qualifies for ESOS, you have until December 5th to comply or complete your phase 3 reporting. Last week Mel explained the Energy Audits route to compliance, which is a process that must be repeated every 4 years. Companies that want to avoid the inevitable rush to get reports submitted before the deadline may want to consider a more long-term commitment to ensure continued compliance, that being the Implementation of ISO 50001.   ISO 50001 is the standard for Energy Management, and it goes above and beyond what is required of ESOS. Companies certified to this standard are already considered compliant to ESOS with out the need to complete any additional reporting outside of what is already monitored and measured by the standard. Join Mel this week as she explains what ISO 50001 is, how it complies with ESOS requirements and the key differences between other environmental standards such as ISO 14001. You’ll learn ●      What is ISO 50001? ●      How ISO 50001 complies with ESOS? ●      What is the difference between ISO 50001 and ISO 14001?   Resources ·       ESOS ·       ISO 50001   In this episode, we talk about: [00:50] Watch our previous episode to learn more about Energy Audits [01:00] Reminder: Companies certified to ISO 50001 do not have to carry our Energy Audits. [01:14] What is ISO 50001? This is the Energy Management Standard, a globally recognised best practice framework designed to help manage a companies energy performance, optimise their energy efficiency and reduce their overall impact. [01:50] Why have a Standard for Energy Management? This standard is most appliable for businesses who are looking to put measures in place to reduce their overall environmental impact, specifically in relation to energy management. Businesses who operate data centers or large healthcare facilities will use a lot of energy, many Implement ISO 50001 to help reduce their costs for energy.    [02:48] Why Implement ISO 50001 if you already have ISO 14001? – ISO 50001 is specifically aimed at the energy aspect of environmental impact. It helps businesses to take a deeper look at their operations and how their managing energy performance. If you already have ISO 14001, you’re already half-way there, and ISO 50001 could easily be integrated as an enhancement to your Management System. [03:25] If you want to claim ESOS compliance, it’s important to ensure that your ISO 50001 certification is valid for the compliance date. [03:50] If you want to go down the ISO 50001 route, the time to act in now (April / May 2023) – You will need to factor in a minimum of 6 months to Implement ISO 50001. Need help with this? Contact us! [04:40] There has been an increase in uptake of ISO 50001, which has put a lot of UK certification Bodies under pressure to get Assessments booked in before the ESOS deadline. So get in touch with a few UKAS accredited Certification Bodies ASAP to find out if they can accommodate you in an appropriate time frame. We offer a quote request service for free, simply contact us for more info. [05:50] More about ISO 50001 – It’s based on the Plan-Do-Act-Check cycle, which is a familiar structure to a lot of ISO’s. Many aspects of ISO 50001 Implementation will be similar to the likes of ISO 9001, i.e. having policies and procedures in place and conducting Internal Audits ect.   [06:34] How does ISO 50001 differ from ISO 14001? – The main difference is the requirement for an Energy Review. This is all about understanding how you’re using energy as an organisation, then using that information to recommend controls to reduce energy use. [07:43] You will be able to determine your Energy Performance Indicators following on from an Energy Review. These help to establish a clear roadmap and energy controls for reducing energy usage. For example, you could put controls in place for certain equipment, LED light replacements, cycle to work or car share schemes ect. [08:45] What is the benefit of ISO 50001 over Energy Audits?: ISO 50001 puts a whole system in place to continually Improve your energy performance through controls and procedures. Energy Audits will only tell you about your current energy use and provide recommendations for Improvement with no clear roadmap or further incentive to Implement those changes. [09:00] What else is involved with ISO 50001?: Another key aspect of ISO 50001 is the continued monitoring and measurement of energy performance. This can then be reported back to the board so they can see the progress being made. [10:00] What are the key clauses in ISO 50001? ISO 50001 went under a revision in 2018 to align itself with Annex SL, which is common across a lot of other ISO’s. The 10 clauses are as follows: ·       Clauses 1,2,3 – Explanatory clauses. You won’t Implement these, they simply provide context and help with key terms and definitions. ·       Clause 4 – Context of the Organisation ·       Clause 5 – Leadership ·       Clause 6 – Planning ·       Clause 7 – Support ·       Clause 8 – Operations ·       Clause 9 – Performance Evaluation ·       Clause 10 – Improvement [11:00] Want more info on ISO 50001? – Head on over to the isologyhub to get access to a wealth of ISO 50001, and energy management tools For those interested in ISO 50001, we’re offering  a free copy of the Standard to anyone who signs up for Implementation with us before the 30th June. Tune in next week where we explore the many benefits of Implementing ISO 50001. We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

The Energy Savings Opportunity Scheme (ESOS) is a legal requirement for organisations of a certain size or value. The scheme is designed to make companies look at how they use energy with a view to improving performance.  If your organisation qualifies for ESOS, you have until December 5th to comply or complete your phase 3 reporting. Over the next few weeks, we will focus on how you can comply with ESOS, starting with Energy Audits. These audits are required by ESOS in order to understand where and how energy is used within the organisations premises and operations.  Every audit will recommend cost-effective measures that will save the organisation energy and money, which is the ultimate intention of the legislation. Join Mel this week as she explains what Energy Audits are, what data you need to report on and what final sign-off is required before a report is submitted. You’ll learn ●      Who needs to comply with ESOS? ●      How can you comply with ESOS? ●      What are Energy Audits? ●      What data do you need to gather? ●      Who needs to sign-off the ESOS report before submission?   Resources        ESOS        ISO 50001 In this episode, we talk about: [00:44] The deadline for Phase 3 ESOS reporting is the 5th December. Remember that ISO 50001 is considered a route to compliance if you don’t want to go ahead with conducting Energy Audits. [01:32] What is ESOS? ESOS stands for the Energy Savings Opportunity Scheme. It was launched by the department of energy and climate change, Deck, back in July 2013. It was established to comply with Article 8 – an EU directive that was created in 2014. Despite Brexit, any qualifying businesses must still comply. ESOS in simple terms is an energy assessment that must be carried out by its definition of large enterprises. [02:50] Who qualifies for ESOS? Large enterprises as defined by ESOS are businesses that have more than 250 employees and / or an annual turnover exceeding 50 million euro or a balance sheet exceeding 43 million euro. This only applies to the private sector – the public sector is exempt.   [03:33] When does ESOS reporting occur? Every 4 years – The first phase staring in 2014, Phase 2 was in 2019 and Phase 3 will have it’s deadline this year.   [04:08] Why is ESOS important? – No matter where you are in the world, energy reduction is crucial. Businesses should also be well aware of their own energy use and impact, not only to reduce but hopefully offset as part of ongoing sustainability efforts. [04:35] It’s estimated that there will be a net benefit of £1.6 billion as a result of ESOS to the UK alone. [04:55] What do you need to do to comply with ESOS? An ESOS assessment requires you to do 3 things: ·       Measure your total energy consumption ·       Conduct Energy Audits – to identify cost effective energy reduction recommendations ·       To report compliance back to the Environment Agency (For the UK, other European countries will have their own authority) [05:42] How can you comply with ESOS? – There are 2 routes to compliance: ·       Conduct Energy / ESOS Audits ·       Implement ISO 50001  - Companies certified to this standard are already complying with ESOS, as it goes above and beyond ESOS’s requirements. [07:20] What’s involved in an ESOS Energy Audit? – You will be required to collect 12 months of energy data, provide cost effective energy reduction recommendations for the areas audited in scope, and findings need to be reviewed by an ESOS Lead Assessor. [08:00] What do you need to consider when collecting data and looking at where reductions can be made? – Facilities – i.e. heating, lighting, ventilation ect. There are a number of energy efficiency initiatives to help reduce costs involved with elements of facility management. It can be something simple like replacing old boilers, using energy efficient Led lighting, reducing working hours in the office, reviewing time settings for lighting, ventilation and heating ect. Many businesses leave unnecessary functions / devices on overnight, start looking at how much energy you’re using and where and you’ll be able to identify where energy use and costs can be cut. [10:20] Other things to consider are additional warehouses or transportation within your business i.e. fuel consumption, vehicle maintenance ect. [10:53] To truly make a difference, you need to spread awareness within your business about any changes you’re making as a result of these energy audits. Including any reminders to them i.e. turning off lights when they leave a premises. [11:05] What do you need to do to carry out an ESOS Energy Audit?: ·       You need to plan the audit – including establishing the scope ·       Conduct the audit ·       Collect data for analysis and identify the opportunities for improvement ·       Pull together all the documentation in an ESOS evidence pack which will be reviewed and signed off by top management and an ESOS Lead Assessor ·       Finally, you can submit that evidence pack to the Environment Agency If you need help with any of this – Blackmores can help 😉   [11:45] What are the different data sources you should look at? Meter reading records, delivery notes, automatic meter readings ect. We find that the financial team and facility managers are instrumental in gathering the necessary data. Don’t forget to gather any travel information from your drivers of vehicle fleet managers! [12:31] Establishing the scope and documentation – You will need to set the scope and boundaries of the audit, document the methodology for your data collection and recommendations for improvement, document your data sources and identify any gaps. [13:00] Final sign-off: Once everything has been documented in an evidence pack, you need to get this signed off by a director or member of top management and by an ESOS energy assessor. Once done, you can submit this to the Environment Agency Tune in next week where we explore the ISO 50001 route to ESOS compliance. We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

Sustainability should be a top priority for any business going into 2023. The last few years’ worth of extreme weather have proven that action needs to be taken now to protect our future. But where do you start? While there are a lot of great ideas out there, it’s becoming increasingly clear that a standardised approach is needed to keep everything on track. Which is where ISO Standards come into play – having been promoted heavily at the last few COP conferences, there are a whole range of environmental Standards to help businesses manage and reduce their impact. One of the most popular being ISO 14001 (Environmental Management), which was adopted by the subject of today’s interview – dotdigital. dotdigital is an online marketing company who specialise in email and SMS marketing automation, tailoring customer experience and providing solid data analysis tools. Mel is joined by Steve Shaw, Chief Product & Technology Officer at dotdigitial, to talk about the positive impacts following on from their successful ISO 14001 implementation, and to explain some of their fantastic sustainable initiatives introduced over the past few years. You’ll learn ●      Who are dotdigital? ●      How do dotdigital manage their Environmental Management System?   ●      What are dotdigital’s sustainable initiatives? ●      What have they learned through the implementation of ISO 14001?   Resources dotdigital Creativity Inc – by Ed Catmull ISO 14001   In this episode, we talk about: [01:07] Listen to our previous interview with dotdigital – where we discussed their ISO 27001 (Information Security) certification.   [01:32] An introduction to Steve Shaw – He is the Chief Product & Technology Officer at dotdigtal, who oversees a lot of their innovators (which comprises of software engineers and those involved with product development and support). He also manages the various acquisitions for the group. [03:15] Who are dotdigital? Dotdigital have been around since 1999, they have evolved and adapted to join the growing SaaS market. They provide a range of automated marketing solutions in addition to a customer experience and data platform. They recently celebrated reaching 400 employees and have become AIM listed. [03:52] What can dotdigital’s platform do? Data collection and analysis to build a profile for single or groups of users. This data can then be used in combination with AI and machine learning to create a tailored digital journey with a brand. [05:15] How do dotdigital manage their current ISO 14001 certified system? – Their Management System is an integrated Management System, which provides the business with a central hub to work from. They have an established team who are tasked with the management of their ISO system (this is not a dedicated role for anyone in that team). Part of their role involves looking at the businesses aspects and impacts to see where the biggest consumption of energy is happening, measuring this consumption and setting objectives to help reduce this where possible. [06:51] dotdigital was the worlds first carbon neutral marketing automation platform that was ISO 14001 certified. They also aim to be net zero by 2030! [07:10] They have a relatively small footprint as a primarily digital based company, only really having to consider the running of computers, air conditioning and standard office facilities. So it can be a challenge to reduce! [08:30] What led to the success of dotgreen? – dotdigital launched a group called dotgreen, which has since thrived into a community of likeminded individuals all working together to improve and reduce dotdigital’s impact. They were fortunate to have an Executive group sponsor who can take ideas and suggestions to other leadership for consideration. This grassroots group encourages suggestions from everyone – no idea is a bad idea. Over time, the group evolved and helped to develop a sustainability programme for the business.   [10:30] What was one of the initiatives implemented from dotgreen? – They identified that existing data centers used by the business weren’t always utilising renewable energy. So, over the course of 2 years, they worked with Microsoft to build on their Azure platform to enable dotdigital to make the switch. Azure runs on renewable energy sources, and any remaining emissions can be offset through carbon credits. [12:00] A green option for their customers – As a result of their cloud platform now being run through green partners, they can extend the environmental benefit to their customers.   [14:00] A sustainable culture shift – The introduction of dotgreen, it’s initiatives and the success of certification to ISO 14001 fostered a shift in the businesses culture. It spread to all aspects of the business – even resulting in their marketing team making the decision to not send out Christmas gifts and instead used the money to buy credits for tree planting.  [15:25] What is dotvoice? – Another pillar in the internal mechanisms of dotdigital. This voluntary group look at how they can promote awareness of different issues. One such example was organising interviews to celebrate the women in tech at dotdigital for International Women’s Day. [17:10] Adapting – Like many businesses, they had to adapt over Covid to allow for home working. Following on from feedback, they have kept up with hybrid working. This means that meeting in-person usually becomes a big event! They ensure that all employees are taken care of, even creating another pillar called dotwellbeing to offer mental health support. [21:53] Through the use of dotgreen and dotvoice, they promote voluntary days to assist with local initiatives and charities (many of which are their clients – such as the Woodland Trust). [23:20] What have dotdigital learned over the years of maintaining an ISO 14001 certified system?  Don’t rush for certification if it can be helped, take the time to put the right people and resources in place to start the process. It can be beneficial to enlist the help of a third party to guide you through your first Implementation. ISO 14001 helped to put tools in place to measure aspects and impacts – which in turn assisted with their SECR requirements Manage your system centrally. ISO Standards should be embedded into the business [23:20] Steve’s top tips: Get leadership support, look for passionate individuals to get involved, let the Standard guide you and don’t be afraid to set lofty goals. [23:20] Steve’s book recommendation: Creativity Inc – by Ed Catmull [23:20] Steve’s favorite quote: “The only constant in life is change” / “Some people want it to happen, some wish it could happen and others make it happen” You can find out more about dotdigital via their website. We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

With the pandemic being the driving force behind more remote working than ever before, health and safety professionals are becoming increasingly tech-savvy.  All evidence points to them increasing their reliance on Software as a Service (SaaS) solutions to keep on top of H&S compliance and the ever-changing risks that are presenting themselves to businesses the world over. Companies such as Riskex offer many software solutions to make Health and Safety Professionals’ lives easier, by streamlining compliance processes, gathering better safety data and providing total visibility on the performance of risk management. As a result, they keep a keen eye on new technology being adopted by the H&S sector. Mel is joined by James Sharp, Chief Technical Officer at Riskex, to explain the top 10 emerging Software as a Solution trends in Health and Safety.   You’ll learn ●      Who are Riskex? ●      Why are people leaning towards SaaS?   ●      What are the top 10 emerging SaaS trends in health and safety? ●      What solutions do Riskex provide?   Resources ●      Riskex ●      AssessNet ●      ISO 45001   In this episode, we talk about: [01:40] An introduction to Riskex and James Sharp’s role as Chief Technical Officer there. [02:51] What is AssessNet? AssessNet is an online Health and Safety / Risk Management System designed to help streamline compliance processes and make gathering data much easier.   [04:00] Riskex have been certified to a number of ISO Standards, including ISO 18001 (Prior Health and Safety Standard, now certifying to the latest version, ISO 45001), ISO 27001 (Information Security) and ISO 9001 (Quality Management) [06:20] Software as a Service became very popular during Covid, as business became very fragmented and were looking for solutions that could be rolled out across multiple sites. Riskex also created their own track and trace system based on established software they were already offering – helping businesses manage Covid safely. [08:40] Trend #1 – Artificial Intelligence - Artificial learning is all around us and with vast volumes of data being collected by safety management platforms.   AI allows decision engines to predict and provide guidance based on key trends or established KPI’s. For example, if accident rates were to increase but at the same time risk levels have been reducing, it could soon highlight this trend and look at other surrounding data or previous trends to establish a pattern.  This will lead to a more pro-active approach to reporting and subsequent decision-making.   [10:35] Trend #2 – API Connectivity - Providing an open API platform will allow businesses to integrate internal systems and external services to digest data. As more organisations adopt Cloud solutions, connectivity between platforms has become increasingly important. With a robust API offering, multiple business services can interact with ease and become part of the safety management space, without incurring significant cost or time.  [11:50] Trend #3 – Low-Code Optimisation - Developing generic components within software to allow for quicker builds, implementations and tailoring requests. As stand-alone and generic component development increases, solutions can offer more flexibility and self-serve options to the end user to assist them with aligning platforms with their specific processes. [13:30] Trend #4 – Mobile Optimisation - More and more end-users are accessing health and safety software via their mobiles but for various reasons, are not always able to use native apps (installed on the device). Therefore, health and safety software platforms need to adapt use on multiple devices, without the loss of features. [14:45] Trend #5 – Vertical SaaS - Configuring EHS Software to align with the specific risks, terminology and processes that are pertinent to a given sector. As systems continue to grow in terms of sophistication and the ability to customise, so does the need to ensure that they remain User-friendly.  A key factor to consider is that each industry has its own set of industry codes of practice, regulations, hazards and risks – and EHS systems need to be designed with these in mind. [15:50] Trend #6 – White Labelling - Integrating 3rd party EHS platforms into a client’s corporate brand identity. When it comes to optimising User engagement and embedding technology effectively into business operations, it is important that the look and feel of the system interface is aligned with an organisations branding, company values and mission to create a more cohesive User experience. Riskex have embraced this by offering ‘FreshNet’ to clients, which can be tailored and aligned with clients existing branding. [17:10] Trend #7 – Centralised Analytics (BI) - Robust Health and Safety management systems rely on an abundance of performance data arising from core processes – Risk Assessments, Audits, Contractor Governance, Incident Management and so on. The sheer volume of information generated by these processes can provide a wealth of positive opportunities to improve safety outcomes, if analysed correctly – which is where BI platforms come in to help provide an overall picture of risk performance management. [19:40] Trend #8 – Micro-SaaS - Deploying discreet elements of a SaaS platform to work as standalone entities to fit a specific customer requirement. Modular-based solutions or smaller SaaS platforms can meet the needs of those organisations that may only require a specific feature, not necessarily a holistic service. [20:30] Trend #9 – Machine Learning – This is a subset of AI, machine learning learns as it goes, picking up trends and offering insights for consideration. [21:27] Trend #10 – Customer Experience - Customer Experience, in terms of both useability and service will outshine complex offerings. As SaaS becoming commonplace from both consumer and commercial perspectives, User’s expectations regarding Customer Experience are growing sharply when they are looking to make technology purchase decisions. Successful EHS SaaS vendors put significant focus and investment in optimising the Customer Experience, both in terms of interface and functionality, to reduce the barriers to adoption by focusing on how Users interact with their solutions. [28:00] Businesses usually have a very limited Health and Safety resource. SaaS solutions enables informed decisions to be made despite a lack of human resources available.    You can find out more about Riskex via their website. Don’t forget to check out their Health and Safety Management software – AssessNet We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

To keep global warming to no more than 1.5°C  – as called for in the Paris Agreement – emissions need to be reduced by 45% by 2030 and reach net zero by 2050. Many businesses are already making great strides to reduce their Impact, and while you can reduce, achieving true carbon neutrality will involve offsetting a certain amount of emissions. Treeconomy are one of the few companies in the UK that offer credible carbon credits. Backed by principles of PAS 2060 (Carbon Neutrality), they seek to break the greenwashing cycle. Mel is joined by Harry Grocott, CEO and Co-founder of Treeconomy, to discuss their credible carbon offsetting schemes and the innovative technology they use to help quantify the value of nature. You’ll learn ●      Who are Treeconomy? ●      What is the difference between services offered for landowners and Offset buyers? ●      Can you quantify the value of nature? ●      How can people be sure that they don’t fall prey to Greenwashing? ●      How can someone go about buying and monitoring offsetting credits? ●      Are Treeconomy’s carbon offsetting schemes verified?   Resources ●      Treeconomy ●      Sherwood ●      ISO 14064 ●      PAS 2060   In this episode, we talk about: [00:30] Catch up our episodes covering the Sustainable Development Goals (Part 1 / Part 2), ISO 14064 and PAS 2060. [01:00] Treeconomy are a company that offer credible carbon offsetting schemes – they are one of the few companies who are recognised by PAS 2060 (the Standard for Carbon Neutrality) [02:05] Harry Grocott (CEO) introduces Treeconomy -  A nature based, carbon removal and restoration company that operate in the UK and Internationally. They offer schemes that work towards afforestation, peatland restoration, rewilding ect. They are also keen to enable evidencing the impact, developing a software platform, remote sensing, and AI technology to do so. [03:41] They are part of the Centre for climate change innovation which is an initiative of Imperial College London and the Royal Institution to catalyse innovation of all forms that address the causes and effects of climate change. [04:22] What is the difference in services for Landowners and Offset Buyers? For landowners, Treeconomy can help you change land use from one to another. I.e changing land used for sheep grazing into something more carbon intensive. Treeconomy will ensure that any project started with them is a verified Carbon Scheme – in-line with the woodland carbon code. Once your project set up has been completed and verified, Treeconomy will assist in the sale of credible carbon credits. [07:22] For offset buyers: Treeconomy offer a wide range of projects and varyingly priced carbon credits.   [07:45] Can we quantify the value of nature? Short answer right now is no, but there is a lot of nuance. Nature offers ecosystem services i.e. farms offer a calorific benefit, we can put a price on the value that offers. The same principle applies to resources such as wood or oil. Now we are gaining the ability to quantify CO2 removal, which is undeniably valuable to humanity. [09:18] Other more recent services such as biodiversity projects are a bit harder to quantify – as they vary so much depending on the country. However, we are starting to assign value to these. [12:15] How can people be sure that they don’t fall prey to Greenwashing? There are 2 main issues to consider: 1) Are your carbon credits credible? 2) what claims are top management making? [12:44] Tackling claims made by leadership: ISO standards are starting to solve this issue. There are clear requirements and certifications that need to be in place to back those claims.   [13:00] Tackling carbon credits: The carbon offsetting market is heavily unregulated currently. Essentially it’s a lot of people trading in invisible gas. There are a number of carbon standards (Not quite at the same level as ISO Standards), such as the Woodland Carbon Code and the Peatland Code, and Internationally there are standards such as Verra VSC – unfortunately, a lot of these standards aren’t very robust and aren’t enforced. [15:30] Many companies will often look to buy the cheapest offsets available, which are likely to be non-credible and will provide no evidence of actual offsetting occurring. But, there are a lot of new companies emerging that provide tangible evidence of offsetting (such as Treeconomy 😊) [18:30] How can someone go about buying and monitoring offsetting credits? If you don’t want to use a company like Treeconomy, you would need to directly contact and purchase credits from a company who is developing a project. [19:23] Treeconomy have created a platform called Sherwood – this displays all the projects they are helping to develop, which also tells you who the landowners are and the carbon inventory attached to each project. It can also help you evidence credits purchased, whether they are historic or future carbon removal. [21:30] Not many companies offer comprehensive reporting and evidencing of carbon credits in practice. Treeconomy use a range of methods such as drones, satellites and AI programs to report back, and aim to make getting this information as easy as possible for credit purchasers. [23:20] How did Harry get into this business? Starting off studying geography and Science – he later went onto work in finance for 3 years and qualified as a finance adviser. While working he realised that the amount of money available is rarely the issue, rather the use of it. He saw that there was a large gap in funding for climate change mitigation and adaptation – but not enough money was going towards it. He began wondering why more couldn’t be invested and so decided to study climate change management and finance (partly though Covid), where he met his co-founder. After getting some Government grant funding, investors and landowner partners, they have flourished over the last 3 years. [27:00] Are Treeconomy’s offsetting schemes verified? Yes – they work under the UK woodland carbon code (and soon the peatland carbon code). They are also working to create a new protocol to tackle rewilding, including how the value and progress can be tracked. Internationally they will be working under Verra. [29:05]  Treeconomy can help to provide detailed evidence of carbon offsetting thanks to their reporting capabilities, this can be passed onto 3rd party auditors to verify in-line with any carbon Standard.   [30:00]  You can find Treeconomy via their website, LinkedIn, Twitter and Instagram 😊  We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

Anyone with a current ISO 27001:2013 certificate will be required to update and add certain elements in their existing Information Security Management System to ensure compliance to ISO 27001:2022 ahead of the October 2025 deadline. Over the past few weeks, our mini-series has covered the fundamental changes to the Standard, along with tips on how to plan and Implement the required updates. Join Mel this week as she explains the final few stages of an ISO 27001 transition, including the Internal Auditing and final preparation ahead of a Certification Body visit. You’ll learn ●      What needs to be audited? ●      What do I need to do to prepare for the Certification Body visit? ●      How can you get a free copy of ISO 27001:2022?   Resources ●      Isologyhub ●      ISO 27001 Transition Programme ●      What you need to know to transition to ISO 27001:2022   In this episode, we talk about: [00:44] Catch up on the last two episodes before listening to this one: What you need to know to transition to ISO 27001:2022 / What changes need to be Implemented to transition to ISO 27001:2022 [01:00] The last stages are all about gathering evidence of compliance against new and updated clauses and controls [01:28] Make sure you plan your transition visit well in advance – If you leave it too late you may incur additional fees for more days or possibly even for a full certification if you miss the deadline. [02:15] This process for transition is fairly consistent among Certification Bodies. It typically includes a Readiness Review and a transition visit where they will review evidence of compliance against the new controls. [02:45] You can get a free copy if you sign up to our Transition Programme by April 1st 2023) [02:55] The last stage ahead of the transition visit is Internal Auditing. For those still planning their 2023 Internal Audits, you may wish to Implement the changes earlier in the year with a view to audit the changes in the later half of 2023. Ensure that you allow time to build evidence of compliance ahead of a transition visit.  [03:45] If you need a bit of extra help, we include Internal Auditing within our transition programme – this will typically take 1 day. [04:30] We can also support you during your transition visit – this could be on-line or on-site, which would depend on your Certification Bodies preference. [05:20] Currently many Certification Bodies are suggesting a half day for the Readiness Review and another day for the transition. Some may choose to include this transition as a part of their annual Surveillance visit to help save on costs. If you have a Surveillance coming up, it’s worth getting in contact with them to see what they would recommend regarding your transition.   [05:43] We advise that you also ask your Certification Body, when they will be UKAS accredited for ISO 27001:2022 – they may not be ready complete a transition visit until the later half of 2023. [06:35] For our global listeners, your Certification Body will have an Accreditation Body that needs to verify their ability to conduct transition visits. For the UK this is UKAS, but it may differ for other countries. [07:15] Don’t leave this until last minute! Based on previous experience with transitions, we’ve found companies that leave it until a few months before the deadline often can’t transition in time, and end up having to pay up for a full Stage 1 and 2 Assessment in order to keep their certification. Grab a copy of our ISO 27001:2022 Guideline to the changes here We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

The updated ISO 27001:2022 has had several changes, including the addition of 11 completely new controls and the merging of 56 other controls into 24 newly titled controls.   These changes mean that anyone with a current ISO 27001:2013 certificate will be required to update and add certain elements in their existing Information Security Management System to ensure compliance to ISO 27001:2022 ahead of the October 2025 deadline. Join Mel this week as she explains the changes that need to be made, including what key documentation requires updating to align with ISO 27001:2022. You’ll learn ●      What changes need to be made to your existing Information Security Management System? ●      What key documents need to be updated? ●      How can you get a free copy of ISO 27001:2022?   Resources ●      Isologyhub ●      ISO 27001 Transition Programme ●      What you need to know to transition to ISO 27001:2022   In this episode, we talk about: [00:44] In the last episode we covered the planning stages for your transition – catch up here [01:02] We have a free ‘Guide to the ISO 27001 Changes’ available – simply fill out the form at the end of the Show Notes to download your copy [01:29] You should have a copy of ISO 27001:2022 ahead of Implementing the changes (you can get a free copy if you sign up to our Transition Programme by April 1st 2023) [01:35] Before you move onto Implementation, ensure that you have: planned back from your transition date, have an understanding of the new controls and had a Discovery session / Gap Analysis to see where the gaps in your current system are [02:11] This is also a good opportunity to revamp your Management System! We have a few older episodes to help you with this: #102, #103, #104 [02:50] What needs updating? This will include:  Your Statement of Applicability Risk Assessment Objectives Action Plans Monitoring and measurement (reviewing what you are monitoring / measuring and how it’s recorded Internal Audit Schedule / Programme – To include the new controls [03:45] At this stage you need to look at what controls you have in place – there may be some you can now merge together to reduce any paperwork involved. [04:25] We have some tools available to tackle the new controls (i.e Threat Intelligence, data masking, physical security monitoring ect) if you need some extra help [04:50] It’s not just about updating documentation, you will need to fully implement and communication these new controls to the wider business. You may find that you already have some controls covered, but not yet formalised. [05:30] The main aspect of the Implementation phase is to address the gaps found during the Gap Analysis. For example, new controls such as data masking, threat intelligence and web filtering, which you may not have considered seriously before, now need to put formal documented measures in place to address it. [06:26] Communication and evidence should be at the forefront of your mind when updating your Info Sec Management System. [06:39] Don’t just implement controls for the sake of it – considering how they are going to reduce risk and how they’re going to make a difference to improve your Risk Register and Statement of Applicability. [07:00] The Implementation phase of our Transition Programme is 1-3 days depending on your level of required support [07:54] You should also consider creating a Communication Plan to share knowledge of these changes to the wider business. Make sure you also compile any evidence of training on new elements of your Management System too. We will have Coffee Break Training available on the isologyhub which could help with this.   Grab a copy of our ISO 27001:2022 Guideline to the changes here Keep an eye out for next weeks episode where we explain how to complete your ISO 27001:2022 transition. We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

ISO 27001 2022 is here, which means it’s time to start thinking about starting the transition process. While the deadline is set at December 2025, we recommend making a start on planning now! If this is all news to you, check out our previous three episodes, where we reviewed all the major changes to ISO 27001, including clause updates and the 11 completely new controls added. Join Mel this week as she explains what you need to know before embarking on your ISO 27001 transition journey, in addition to a summary of our transition programme. You’ll learn ●      How to plan for your ISO 27001 transition ●      How can Blackmores help you? ●      How can you get a free copy of ISO 27001:2022?   Resources ●      Isologyhub ●      ISO 27001 Transition Programme ●      High level overview of ISO 27001 2022 Control changes     In this episode, we talk about: [00:44] Businesses have until October 2025 to transition to the updated version of ISO 27001:2022 – but don’t wait until the last minute! Certification Bodies get really booked up in the last year, and you could risk losing your certification and paying for another Stage 1 and 2 Assessment.    [01:30] We recommend that you start thinking about your transition in 2023 so you have everything in place to start the process in 2024.   [02:28] As a recap – the major changes to ISO 27001:2022 are: 56 controls have been merged into 24 newly titled controls, the addition of 11 completely new controls and controls are now categorised into just 4 groups instead of the 14 from the previous version. [03:00] ISO 27001:2022 Guide to the changes available – Simply fill out the form available at the end of the show notes to grab a copy! [04:25] Over the next few episodes, Mel will talk through the process of planning, implementing and preparation for the Certification Body transition visit. [05:51] All steps of the transition process are laid out in our Transition Programme, which includes: an awareness video, a transition action plan, Implementation of changes, Internal auditing of the changes and some optional support during the Certification Body visit.   [08:45] The Planning Phase: We recommend trying to combine your transition visit with your next Surveillance visit – you can have a chat with your CB to see if that’s possible. This may not be possible if your Surveillance is coming up very soon, as you need time to implement the changes needed. Those that have it in say 6 or more months’ time would be in a good position to make the request.    [09:30] Certification Bodies are recommending an extra half day for transition -  some may require a desktop review ahead of the actual visit. Combining this visit with your Surveillance is a good way to reduce costs. [10:30] When planning out your timescales for transition, don’t forget to inform Leadership and key personnel involved in the running of the Management System about the expected changes to come – and plan in time for them to help with the implementation. [11:10] Understanding the changes: We gave a high-level overview of the 11 new controls in our last episode. We will also have 11 Coffee Break Training courses covering the controls in more detail, available from March 31st 2023 on the isologyhub. [12:11] Offer: We’re including a free copy of ISO 27001:2022 for those that sign up to our Transition Programme before April 1st 2023. [12:34] You may get asked for a copy of the Standard at your transition visit – as having a copy can come under ‘other’ legal requirements.   [13:10] Discovery Phase: We have a transition checklist which can help you identify where the gaps are in terms of compliance with the new controls. You may already have some of it in place! Grab a copy of our ISO 27001:2022 Guide to the changes here Keep an eye out for next weeks episode where we dive into how to Implement the changes… We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List    

ISO 27001, The Information Security Standard, was updated in October 2022. While there is a 2-year grace period for transition, we would urge everyone to make a start on implementing the changes to ensure you are compliant with latest best practice standards. Over the last two episodes, we’ve gone over the key changes and explored the specific clause updates in more detail. As mentioned in the first episode of this mini-series, there have been 11 new controls added to ISO 27001:2022. Mel is once again joined by Steve Mason, Managing Consultant here at Blackmores, to discuss the 11 new controls added to ISO 27001:2022 and their purpose.   You’ll learn What are the 11 new controls in ISO 27001:2022? Why have these been added? What is their purpose?   Resources Isologyhub NIST Cyber Essentials ISO 22301   In this episode, we talk about: [01:00] A quick overview of the key changes -  56 Controls combined into 24 newly titled controls, 11 new controls added and 58 existing controls remained unchanged.  [02:30] We have been over a few of the new controls in ISO 27002:2022 in more detail in a few previous episodes: #111, #112, #113, #114 [02:50] These new controls are nothing to worry about – they are simply aligning the Standard with more modern security considerations. You may already be complying with them! [03:32] Control A.5.7 Threat intelligence – ‘To provide awareness of the organization’s threat environment so that the appropriate mitigation actions can be taken.’ – This can come from many different sources, such as the NCSC or local police websites. There are also additional tools you can add to detect possible phishing attacks. This also includes consideration to external threats – Information Security is about much more than just protecting data! It also includes physical security. [05:33] Control A.5.23 Information security for use of cloud services – “To specify and manage information security for the use of cloud services.” – More and more businesses reply on cloud-based computing. It’s important to verify the security of your service provider to ensure it’s adequate. You can check to see if they have any valid Information Security related credentials such as CSA Star, Cyber Essentials, SOC. You could also adopt principles of ISO 27017 (certification for cloud security), ISO 27018 (Protection of PII in the public cloud) and ISO 27701 (PII security Standard). [08:30] Control A.5.30 ICT readiness for business continuity –‘ To ensure the availability of the organization’s information and other associated assets during disruption’ – There a few standards that could assist with this, including ISO 27031 (ICT readiness for Business Continuity). Those that have ISO 22301 may want to look at how ISO 27001 elements can be integrated and improved in any disaster recovery plans. ISO 27001 needs to be an integral part of any business continuity plans – not just a bolt on. Small business may not want to conduct a full business impact analysis, but should carry out a risk assessment around business continuity at the very least. [11:30] Control A.5.30 ICT readiness for business continuity – further considerations: A key focus of this part of the Standard is Recovery Time Objectives and Recovery Point Objectives. Overall, the whole business continuity aspect of the updated ISO 27001:2022 may take a bit of work to implement, but you will ultimately be much better off in the event of a disaster or security incident. For further guidance, you may want to check out an older non-certifiable standard, BS 25777 (ICT continuity). [13:20] Control A.7.4 Physical security monitoring –‘ To detect and deter unauthorized physical access.’ - This can include things like CCTV, access control, swipe cards ect. This also includes the ability and regular practice of monitoring these access methods, for the purpose of detecting any anomalies. [18:56] Control A.8.9 Configuration management – ‘To ensure hardware, software, services and networks function correctly with required security settings, and configuration is not altered by unauthorized or incorrect changes’ – Configuration for things like a firewall, software, any hardware devices, passwords ect should be documented, explained and monitored on a regular basis to ensure nothing has been changed without notifying the relevant people. ISO 20000 includes a helpful section around configuration if you require further guidance.   [21:41] Control A.8.10 Information deletion – ‘To prevent unnecessary exposure of sensitive information and to comply with legal, statutory, regulatory and contractual requirements for information deletion.’ – This already existed in the Standard, it has simply been clarified further. You will now need to prove that data has been deleted as required, if you use a 3rd party for this, they will need to provide the relevant certificates.   [22:05] Control A.8.11 Data Masking – ‘To limit the exposure of sensitive data including PII, and to comply with legal, statutory, regulatory and contractual requirements.’ – You have 3 options for data masking: Obfuscation, pseudonymisation and annoymisation. This also helps to comply with GDPR requirements. [24:10] Control A.8.12 Data leakage prevention – ‘To detect and prevent the unauthorized disclosure and extraction of information by individuals or systems.’ – This control has made a return from the 2005 version of ISO 27001. Businesses should have systems in place to monitor any particularly large data downloads – or even possibly large print batches. You should also ensure that you have a secure email system in place as well as VPN’s and regular security training to sure up your security to prevent any potential leaks. [27:00] Control A.8.16 Monitoring Activities  – ‘To detect anomalous behaviour and potential information security incidents.’ – Appropriate monitoring should be in place to detect any potentially dangerous or malicious behavior.   [28:00] Control A.8.23 Web Filtering  – ‘To protect systems from being compromised by malware and to prevent access to unauthorized web resources.’ – Your systems should be set up in a way to prevent people from accessing unsecure or unsavory sites. This could include Social Media sites – but be mindful that there may have to be exceptions for marketing or communications personnel for those particular sites. [28:00] Control A.8.28 Secure Coding – ‘To ensure software is written securely thereby reducing the number of potential information security vulnerabilities in the software.’ – If you have created your own secure coding, be sure to evaluate it against industry professional standards such as OWASP and NIST.   As a reminder, we’ll be running a mini-series through January and February on the updated ISO 27001:2022 in addition to how you can transition to the new version. Keep an eye out for next weeks episode where we dive into the clause clarifications and control changes of ISO 27001:2022… We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

As many of you are aware, an updated version of ISO 27001 was published in October 2022. While there is a 2-year grace period for transition, we would urge everyone to make a start on implementing the changes to ensure you are compliant with latest best practice standards. But where do you start? In the last episode, Mel and Steve gave an overview of the updated ISO 27001:2022, including a high-level look at some of the key changes. In addition to the control changes, there have been several changes made to specific clauses within the Standard. Mel is once again joined by Steve Mason, Managing Consultant here at Blackmores, to discuss the ISO 27001:2022 clause updates and their purpose. You’ll learn What clauses have been updated from the 2013 version of ISO 27001? Why have these clauses been updated?   Resources Isologyhub NIST Cyber Essentials ISO 9001   In this episode, we talk about: [01:06] The changes to these clauses appear to align your Management System with the business more so than in the previous iteration of ISO 27001 – a key focus is integration.  [01:20] First change: Clause 4.2 Understanding the needs and expectations of Interested parties – ‘c) which of these requirements will be addressed through the information security management system.’ - This seeks to align the Management System with interested parties and identify where it may or may not be able to meet their needs and expectations. [03:30] Clause 4.4 Information Security Management System – ‘The organization shall establish, implement, maintain and continually improve an information security management system, including the processes needed and their interactions, in accordance with the requirements of this document.’ – There will be more focus on process flows and not Policies and Procedures. This can be further used to align the Management System with your business, by clearly identifying where it fits in with your business activities.  [06:14] Clause 5.1. Leadership – ‘Reference to “business” in this document can be interpreted broadly to mean those activities that are core to the purposes of the organization’s existence.’ – This acts more as a reminder to top management to ensure they include the Management System as part of the business and not just a bolt-on. It should be a part of the strategy and part of the business (part of the ship, part of the crew) [07:42] Clause 6.1.3  Information Security Risk Treatment –‘ Note 2 in sub-clause ‘c’ now states ‘Annex A contains a list of possible information security controls.’ (it had previously read Annex A contains a comprehensive list of control objectives and controls.) – This simply means that you can add references to other controls outside of the list provided within Annex A i.e. NIST or Cyber Essentials. Though, do be careful to avoid doing this at minutia level, as that just increases Management System maintenance. [09:15] Clause 6.2  Information security objectives and planning to achieve them –‘ A couple of extra points have been added to this clause: d) be monitored g) be available as documented information’  - The monitoring was previously a given, but not really specified. So now, you’ll have to demonstrate how you’re monitoring objective planning and achievements. [10:24] Clause 6.3 Planning of Changes – ‘When the organization determines the need for changes to the information security management system, the changes shall be carried out in a planned manner.’ – This has now been aligned more with ISO 9001’s approach to changes. All changes should be planned before implementation, and this now includes information security consideration. Fun fact – they forgot to include this clause in the Standard table of contents! (as of January 2023, this will probably be added later!) [11:55] Clause 9.3.2  Management Review Inputs –‘ c) changes in needs and expectations of interested parties that are relevant to the information security management system’ – This just ensures that the needs and expectations of your Interested Parties are reviewed and not just left stagnant. [13:20] To help you revamp your Management Review, check out episodes #99 and #100 As a reminder, we’ll be running a mini-series through January and February on the updated ISO 27001:2022 in addition to how you can transition to the new version. Keep an eye out for next weeks episode where we dive into the clause clarifications and control changes of ISO 27001:2022… We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

The long-awaited update of ISO 27001 arrived in October 2022, having gone 9 years since its previous 2013 iteration. Needless to say, it was much overdue. The new 2022 version of the Standard includes 11 new controls and sees around 56 other controls combined into 24 newly titled controls. In order to cover every aspect of the new Standard, we’ll be running a mini-series through January and February on the updated ISO 27001:2022 in addition to how you can transition to the new version. Starting off the series strong, Mel is joined once again by Steve Mason, our very own Information Security guru, to broadly discuss the changes to ISO 27001:2022. You’ll learn Who is ISO 27001:2022 applicable to? An overview of the changes to ISO 27001:2022 What is Steve’s favorite change to ISO 27001:2022? What are the challenges involved with updating to the 2022 version?   Resources Isologyhub ISO 27031 (Guidelines for information and communication technology readiness for business continuity) ISO 27005 (Risk assessment) ISO 22301 (Business Continuity)   In this episode, we talk about: [01:50] Steve Gives an overview of what’s new in ISO 27001:2022 – The updated version of ISO 27001 was released on the 26th Oct 2022. The new version included 24 changes and clarifications within the main clauses.  [02:50] The controls for the new standard are now categorised into 4 groups: Organisation, People, Physical and Technology   [05:50] We covered some of the new controls in more detail in previous episodes: #109, #110, #111, #112, #113 and #114 [06:17] The 24 changes and clarifications to Clauses include older existing clauses which have been tidied up to be more transparent. We recommend reviewing to ensure that you are complying in a way that aligns with the Standard. [06:35] There are 11 new Controls. 56 controls from the 2013 version have been reduced to 24 with 58 remaining unchanged. So, in short, Annex A has been simplified with less duplication of controls. [07:44] Steve highlights section A.9 for Access Control as one of the much-improved controls – due to the lack of repetition and simplified requirements for compliance. [08:35] Steve’s favourite update to the Standard: The whole Standard now collectively encourages incorporation into your business. Your ISMS should not feel like a bolt on, it should be a part of your businesses DNA. [10:36] Steve’s favourite update to the Standard #2: It’s not a static Standard, it encourages development and continual improvement.   [13:45] For those completely new to ISO 27001 – check out our 3-part Steps to Success series which explains the Implementation process from start to finish. [14:38] Listen to some of our client interviews to hear the challenges others faced when Implementing ISO 27001 in addition to the benefits gained as a result of adopting the Standard:    [14:50] Why would the business continuity elements of ISO 27001:2022 pose a challenge?  There used to be a clause in the 2005 version of the standard which documented the need for a business impact analysis – this was removed in the 2013 version. The new ‘ICT readiness for business continuity’ control will require at the very least, a risk assessment.    [16:48] Steve recommends checking out the Plan, Do, Act, Check diagram in ISO 27031 (Guidelines for information and communication technology readiness for business continuity). It also includes some great guidance on business impact analysis. [18:40] The ICT readiness control is not designed to be an all encompassing business continuity strategy – it’s designed to work in tandem with as existing one (you may already be certified to ISO 22301 Business Continuity Management).  [19:50] It’s highly recommended that if you don’t have a Business Continuity Plan or strategy – at least have a framework in place. Disasters by their nature are unpredictable, as is the resulting damage to an extent. You will not know the full extent until you’ve lived it – so don’t write an exhaustive 80+ page manual that no-one will read, document the what, who and how of getting yourself back up and running again. [21:11] There has also been an update to ISO 27005 (Risk assessment in relation to info sec). It includes a new set of threat categories: physical threats, natural threats, infrastructure failures, technical failures, human actions, compromised services or functions and organisational threats. These may help you when putting a business continuity framework in place. [22:05] Above all else – ISO 27001:2022 has modernised and aligned itself more with the likes of cyber essentials and NIST. Keep an eye out for next weeks episode where we dive into the clause updates… We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

Happy New Year! We at Blackmores hope you all managed to have a break over the holiday season and are gearing up for many challenges and successes in 2023. As a reminder, we signed off last year by highlighting the top 5 podcasts as dictated by you, the listeners. Before we dive into a brand-new year full of top tips, expert advice with industry leaders and client interviews, we’d like to take a step back and let the host share her reflections on 2022. Join Mel as she shares her personal top 5 ISO Show episodes from last year.    You’ll learn What are Mel’s top 5 episodes of 2022?   Resources ISO Show Archive Isologyhub   In this episode, we talk about: [00:30] A reminder to listen to our last podcast, covering the top 5 podcasts as dictated by the listeners. [01:21] #1 Episode 102 – What’s in a name? This episode features our Senior Isologist, Sarah Ball, as she explains the importance of giving a meaningful name to your Management System.  [03:40] What’s in a Name snippet – Full episode available in the ISO Show Archive    [08:01] #2 Episode 94 – The 7 Steps of Carbonology_ Reduce – Part 4 of the 7 Steps of Carbonology series, featuring our Carbonologist, David Algar. This episode delves into the creation and communication of a carbon reduction plan, and the benefits of reducing your footprint rather then relying on offsetting alone. [10:14] The 7 Steps of Carbonology - Reduce snippet – Full episode available in the ISO Show Archive    [16:48] #3: Episode 117 PMC’s journey and ongoing success with ISO 27001– This is an interview with Philip Bailey, the Managed Services Director at PMC Retail, talking about their ISO 27001 journey. Philip shares his lessons learned and gives some top tips for anyone considering implementing the Information Security Standard   [17:58] PMC’s journey and ongoing success with ISO 27001 snippet – Full episode available in the ISO Show Archive  [24:00] #4: Episode 100 How to get the most out of your Management Review – Featuring Rachel Churchman, Managing Consultant here at Blackmores, this episode explores how added value can be gained from doing a Management Review. Mel and Rachel discuss various ways you can conduct a Management Review and what should be your key inputs and outputs.    [26:14] How to get the most out of your Management Review snippet – Full episode available in the ISO Show Archive    [30:41] #5: Episode 108 How to align your Management System with the Sustainable Development Goals– Following on from the Sustainable Development Goals summary episodes, Mel shares how you can align your Management System right now without the need for any ISO certification.   [32:37] How to align your Management System with the Sustainable Development Goals snippet – Full episode available in the ISO Show Archive  We look forward to bringing you even more amazing content in 2023, so stay tuned! 😊 We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

It’s been a busy year here at Blackmores! Somehow, we managed to fit in the time to publish 37 new ISO Show episodes. It’s been a mix of knowledge sharing, top tips, advise and stories from our very own consultants and clients – and we’re looking forward to sharing even more with you next year! We thought it’d be good to end this year on a look back at 2022 and highlight 5 of the most listened to episodes of the ISO Show across its many platforms. Join Mel as she shares some snippets from our top 5 most popular episodes this year. You’ll learn What are the most listened to episodes of the ISO Show for 2022?   Resources ISO Show Archive Isologyhub   In this episode, we talk about: [00:30] The top 5 episodes of 2022 have been selected based on which episodes have been listened to the most. [01:00] #1 98 What is a Management Review? This is an episode that appeals to a more general audience as Management Review is a requirement of many ISO’s. This was the 1st of a 3-part series and explains the basics of what a Management Review is and what it typically includes.  [02:47] What is a Management Review snippet – Full episode available in the ISO Show Archive    [05:40] #2 100 How to get the most out of your Management Review – Part of the Management Review series – this episode includes Rachel Churchman, a Managing Consultant here at Blackmores. The episode explored various ways in which you can make your Management Review both more engaging and successful in achieving tangible outcomes.   [06:55] How to get the most out of your Management Review snippet – Full episode available in the ISO Show Archive    [13:20] #3: 106 What are the Sustainable Development Goals – This is a 2-part series which explores the 17 SDG’S and how ISO Standards can meet certain goals. In both episodes, Mel gives specific examples of the many ISO’s that align with the SDG’s. [15:08] What are the Sustainable Development Goals snippet – Full episodes available in the ISO Show Archive  - Part 1 / Part 2 [22:08] #4 and #5: 109 What’s new with ISO 27002:2022? / 110 What are the 11 new controls in ISO 27002? – Both of these episodes shortly followed the release of ISO 27002 – A guidance document for ISO 27001. While not certifiable, it did give us an insight to the changes in ISO 27001 that were published later in the year. Episode 109 summarises how ISO 27002 works in relation to ISO 27001, along with a very brief summary of the changes. Episode 110 goes into more detail on each of the 11 new controls – and features our very own Managing Consultant, Steve Mason.  [24:38] What are the 11 new controls in ISO 27002 snippet – Full episode available in the ISO Show Archive    That’s it from us for 2022! We hope you all have a wonderful Christmas and New year - See you on the other side in 2023 😊 We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

Currently, there are around 1,077,884 valid ISO 9001 certificates globally – which beats the second runner ISO 14001 by over 600,000! There is no doubt that the Quality Management Standard, ISO 9001, is still the most widely adopted ISO Standard – and for good reason! ISO 9001 is basically a model for running a successful and profitable business. It provides a common framework for things that all businesses should have in place, including defining your companies unique ‘way of working’. In addition to being a blueprint for a business’s operation, there are many other benefits to be gained from implementing ISO 9001. Today, Mel explains a few of these benefits in greater detail. You’ll learn What is ISO 9001? Why Implement ISO 9001? The benefits of ISO 9001 Resources What is ISO 9001? Isologyhub In this episode, we talk about: [00:30] Why talk about ISO 9001 benefits? Often times, Mel gets asked for benefits of ISO 9001 so a business case can be put forward. [01:00] What is ISO 9001? For a detailed break down of the Standard, go back and watch ‘Episode 36 – What is ISO 9001?’ [01:45] For those that have Implemented ISO 9001, what are the benefits? We’d love to hear from you! If you have some stories to share – feel free to leave a comment on which ever media player you’re listening on – or email us. We’d love to share some of your experiences in a future episode.    [02:09] Benefit #1: Win new business – From a sales and marketing perspective, ISO 9001 is essentially a passport to trade. It demonstrates credibility to Stakeholders as it’s a mark of quality. [02:55] Benefit #2: A framework that can fit any business – This can be for any industry sector and business size. It helps businesses figure out what is working well and what’s not working so well. [03:10] Benefit #3: Identify opportunities for Improvement - It helps businesses figure out what is working well and what’s not working so well. It can help identify issues such as: Bottlenecks in processes, resourcing and external factors. [04:05] ISO 9001 helps you to look at your business – warts and all. It does no one any good to bury their head in the sand and ignore issues, especially as Stakeholders and clients will see through this. [04:40] Benefit #4: Put quality controls in place to mitigate risk and raise your standards – If you have complaints or need to do a product recall – you need processes in place to handle this. ISO 9001 gives you the tools to do so, creating an effective framework everyone can follow. [05:40] Benefit #5: Improve efficiency – ISO 9001 helps you identify the best way of working and pushes you to optimise that. That could include eliminating aspects of you business that waste time, or create burdens. [06:05] Benefit #6: Creating a unique Blueprint – ISO 9001 isn’t an out of the box solution – it can be tailored to your way of working. It helps to establish relevant Policies and Procedures that improve your business operations.    [06:24] Benefit #7: Enhancing customer satisfaction and employee retention – Good quality business practices will inevitably help you to keep ahold of good clients – and good employees too! This can be achieved by having clear roles and responsibilities in addition to vision and goals for the business. [07:20] Benefit #8: Increase profitability – Businesses often look at the cost of poor quality – where is your business leaking money? Addressing those issues is a direct cost saving. [08:21] Businesses who have grown through acquisition often find ISO 9001 a great tool to help standardise their way of working, so they can easily integrate other businesses and services.   We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

Data breaches have risen by 70% globally in Q3 of 2022, reenforcing the requirement for many to seek out Information Security solutions, especially those within the tech space. Today we speak to Triaster, who have been in operation since 1994, providing businesses with process mapping and execution software to help drive business improvement. Triaster’s Business Operations Manager, Jane Duncan, explains why they sought to implement ISO 27001, what challenges they faced and what they learned during their certification journey. You’ll learn Who are Triaster? Why Triaster Implemented ISO 27001 What did they learn from their experience? What benefits have they seen as a result of Implementing ISO 27001?   Resources Triaster What is ISO 27001? Internal Auditing in plain English: A simple guide to super effective ISO Audits by Craig Cochran       In this episode, we talk about: [00:54] Get to know Jane Duncan – Triaster’s Business Operations Manager who has recently started fostering dogs for a local charity. [01:41] Who are Triaster? In short, they build software solutions that drive business improvement. They are a thought leader in their field and strive to create new software to meet business needs. [02:25] What was the main driver for achieving ISO 27001? In 2020, they had certified to the Quality Standard, ISO 9001, and saw the many benefits that come with ISO certification. They saw ISO 27001 as both an opportunity and a necessity due to their work within the IT industry. ISO 27001 is seen as a mark of trust and provides a central framework to improve data security.   [04:28] How long did It take to implement ISO 27001? They started looking at certification bodies and consultants to help with implementation in March 2021. The project overall lasted six months, with their assessments taking place in September and October of the same year. They also chose to recertify to ISO 9001 at the same time – this aligned both Standards under one Integrated Management System.   [06:35] If you are considering implementing multiple ISO’s, it’s recommended to integrate them into a single Management System. This reduces the costs of implementation and is overall easier to maintain. [07:17] What was the biggest gap identified in Triaster’s initial Gap Analysis? They had a lack of security policies in place in addition to a lack of processes that would have mitigated potential data security risks.    [08:00] What was the biggest difference ISO 27001 made? They now do regular annual SWOT and PESTLE’s that are evaluated at Management Reviews. Risks identified during those reviews are added to a risk register and are used to develop the necessary objectives and controls needed to mitigate future risk. [08:38] Other differences include the ability to track non-conformities, security risks and opportunities for improvement. They also have the confidence to prove their data security credentials to clients and have the required documentation to back it up. Tendering processes are also made easier by having ISO 27001 as it is often a requirement that can now be ticked off. [09:25] Triaster use Infrastructure partner (who are also ISO 27001 certified) and can now hold them accountable for the services they provide.  [09:50] Jane states that they are now a much better business following the Implementation of both ISO 9001 and ISO 27001 – continually improving their processes and scrutinising working practices.   [10:54] All of the same security practices can be done by those who are homeworking at Triaster [11:05] What has been the main lesson learned? The process if certification is a journey – it’s about continually improving and truly adopting the ethos of Information Security into every aspect of the business.   [11:52] What are the main benefits? They hope their clients can see their efforts and have confidence in Triaster’s ability to keep their data secure. They also now have the processes in place that drive continual Improvement. [12:33] Jane’s top tip: Document what you do as a business and look for gaps. Also, certification is a journey, and you shouldn’t stop striving to improve once you achieve certification.  [13:00] What book would you recommend and why?  Internal Auditing in plain English: A simple guide to super effective ISO Audits by Craig Cochran [14:15] Jane’s favorite quote: “No one is you, and that is your superpower” We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

All companies have a legal obligation to comply with existing legislation – it’s the law! Failure to comply to legal requirements can be costly in terms of fines and reputational damage if an incident occurs. So, it’s in your best interest to ensure you can identify all applicable compliance requirements.   Most ISO’s specify a requirement to identify legal compliance requirements, and in our experience, the most effective way to do so is through the creation of a Legal Register. Mel is joined by Sarah Ball, A QHSE Consultant here at Blackmores, to discuss how you can create your own Legal Register and keep up-to-date with changes in legislation. You’ll learn The importance of Legal Compliance How to identify what legislation is applicable to you What is a Legal Register? How can you create a legal Register? How can you keep up with changes in Legislation?   Resources isologyhub gov Productivity Ninja   In this episode, we talk about: [01:06] Why do you need to comply with Legislation – quite simply, it is the law! It can be very costly for you in both a financial and reputational respect. [01:25] There is a requirement for identifying legal compliance requirements in most ISO’s i.e. ISO 45001 (Health and Safety) and ISO 14001 (Environmental)   [02:33] A Legal Register is not a requirement of any ISO – but we find it is the most effective way of documenting and keeping track of changes in applicable legislation. [03:05] Why is it so important to manage legal compliance? Besides the financial and reputational cost of not complying with the law – it’s a way to protect your business. The law is there for a reason and it is often times to protect individuals or communities. [04:35] You will need to take a proactive approach to find out what legislation is applicable to you. [05:40] How can you identify your legal obligations? Firstly, do some basic research, start by visiting reputable industry authorities as they will likely have some guidance available i.e. The HSE Website or the Legislation.gov website. There are also subscription services available that give you an overview of what may be applicable to you and notify you of any updates. Finally, you can look to a specialist consultancy to help you.   [09:05] We do have a module on Legal Compliance available in the isologyhub!   [10:05] Why is it important to have a legal register? You will have to keep track of a lot of legislation! By documenting it, you have full visibility and can identify any gaps. You can also assign accountability against each piece of legislation, so the responsibility can be shared and managed. [11:40] Your brain is for thinking and processing, not remembering. By documenting information, you create a ‘second brain’ to free up your brain for more important tasks – We recommend checking out the ‘Productivity Ninja’ series of books for more helpful organisation and prioritisation tips!   [12:28] What does a Legal Register look like? It’s typically a table of information – we use spreadsheets but any format is fine. Key columns we use identify the name of the legislation or contractual obligation, a link to the legislation, the requirements and purpose (what does this legislation mean to you?), A link to any further guidance and description of what good looks like to you i.e an example of evidence of compliance. You could include a column for accountability. [16:00] How do you create a Legal Register? First, set up your table, next go out and find your applicable legislation, confirm and document your requirements in regard to the legislation, then assign accountability within the organisation. You may want to consult stakeholders to complete the obligations and figure out what good looks like. It is also good practice to do a legal compliance audit to ensure you are meeting obligations and identify any gaps. [17:50] You can document other requirements in the Legal Register – this can include Service Level Agreements or even any ISO standards you’re certified to. It is advised to add any contractual requirements with customers or possibly landlords or suppliers. If you are a trade body that has a code of conduct, we recommend you include that too. [21:00] Sarah’s top tip: When creating new processes or updating existing ones, it’s always good to look back at the Legal Register and check that any changes you’re making aren’t going to affect anything in terms of compliance.   We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

We have over 17 years experience of implementing various ISO’s – and we’d like to share some insight into our proven methodology.   Our regular listeners may be familiar with the term ‘isology’ from previous episodes where we’ve highlighted our online platform – the isologyhub. But what is isology exactly? Put simply, isology is our 7-step method for implementing any ISO Standard. Join Mel this week as she breaks down each of the 7 steps, including the planning, creation and review of an ISO Management System. You’ll learn Our experience implementing ISO’s The origin of isology What is isology? The seven steps of isology     Resources isologyhub How to choose a Certification Body           In this episode, we talk about: [00:31] An overview of isology – a methodology for implementing any ISO. Find out more over on the isologyhub [01:08] How the isology methodology was created – 17 years in the making with the help of our consultants.   [01:33] A brief overview of the 7 Steps of isology   [03:05] 1st Step - Plan: Get a copy of the Standard, determine your scope, timescales, leadership commitment, resources and selecting a Certification Body. Some choose to implement the system but leave out the badge. There are ISO’s that aren’t certifiable but good to have i.e. ISO 20400 Sustainable Procurement. [05:38] 2nd Step – Discover:  Time to understand what you have in place already and what you’re missing – this is done through a Gap Analysis. [06:35] 3rd Step - Expose:  This is where we look at risks and opportunities related to your desired Standard (both internally and externally). This is typically done through a SWOT and PESTLE. A Risk Register may be created to capture the findings to be addressed later. Companies are also encouraged to create a Legal Register to keep track of all their statutory, regulatory and contractual requirements.   [08:41] 4th Step - Create:  Time to review the requirements of the Standard in terms of documentation – and create what’s needed. This includes capturing your way of working with documented Procedures – make sure you have the relevant staff involved in their creation. [10:05] 5th Step - Launch:  Once the Management System has found it’s home (usually an intranet or SharePoint) – you need to communicate it. Consider the type of launch you want and who will be involved. Make sure you encourage engagement with the Management System. [11:18] 6th Step - Engage:  There’s little point in having a Management System if people don’t know about it or have little interest in it. You should train your staff on the Management system, so that they are aware of your policies and procedures and where to find key documents. You must verify compliance through Internal Audits – this is a requirement of any ISO Standard.   [13:09] 7th Step - Review:  Time to take a step back and look at what’s been achieved and what’s been highlighted as areas for improvement through your Internal Audits. There’s a set list of criteria in each ISO Standard to help you plan an agenda for the Review.   We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

ISO 22716 sets out the framework for a quality management system for anyone involved in the manufacture of cosmetics and other healthcare related products. While this Standard’s focus is on the manufacture of cosmetics specifically, many of the requirements can apply to any manufacturing process, especially those that involve a risk of contamination. This Standard sets out clear guidance to help you ensure you align with Good Manufacturing Practices (GMP), but how do you go about implementing it? In our last episode of the ISO 22716 series, we bring back Derek Hall once again to share his experience with implementing ISO 22716 and offer some top tips to get you started. You’ll learn What considerations do you need for every aspect of the manufacturing process? How you can apply ISO 22716’s principles to your own processes Derek’s experience with his clients     Resources isologyhub Blackmores ISO 22716 Implementation         In this episode, we talk about: [01:10] If you want a recap on the Standard – Watch our first episode in the ISO 22716 series   [01:50] Key considerations for Personnel: Establish an Organisational Chart (with clear references for the responsibility and authority of quality issues), use a Skills matrix to help determine where training gaps are, develop procedures and processes to control what people can and can’t do in certain locations. [08:33] Key considerations for Premises: Manufacturers should consider how the building is designed and laid out, ensure that there is a good flow for materials, have effective filling and packaging areas, introduce efficient sanitation programs, what can you do to minimise mix-ups? [10:45] Key considerations for Premises: Manufacturing areas should only be accessed by authorised personnel, you should have effective measures in place to prevent pests – this includes the exterior as well as the interior of your buildings! You might want to consider external contractors for pest control. [13:05] Key considerations for Equipment:  Ensure all equipment is fit for purpose, efficient and has the ability to be cleaned thoroughly, make sure any calibrations are assessed and documented, equipment should be laid out in a way to ensure a flow of materials, make sure there is a clear segregation of manufacturing and storage areas. [16:45] Key considerations for Raw Materials and Packaging Materials:  – Raw materials should be well stored and clearly labelled, source your materials from trusted and accredited suppliers, have a controlled and quality approved list of suppliers and vendors (Do these suppliers provide proof of quality? Set out your minimum requirements for quality and ensure suppliers fulfill these) [19:15] Key considerations for Production:  All raw materials and manufacturing batches should be identified by a unique code for control and traceability, regular quality control inspections should take place, determine what methods are used to ensure that products meet customer expectations, samples should be taken during set stages of manufacturing to check for quality. [21:20] Key considerations for Finished Products:  Finished products should not be stored on the floor (use pallets), do what you can to minimise contamination during storage, ensure all staff know how to store products correctly and what to do if there is contamination, have defined acceptance criteria for products, have clear labelling, any faulty products should be labelled as ‘quarantined’ or ‘rejected’ and moved to a designated area. [24:48] Key considerations for Quality Control:  Ensure all raw materials, components, bulk product and packed products pass established quality tests, obtain Certificates of Analysis, have acceptance criteria forms – fill these out at all relevant stages. [26:30] Any products out of specification should be investigated by authorised personnel, only those responsible for product quality can decide to destroy or reprocess products. [27:25] Key considerations for Wastes:  Identifiy different types of waste, ensure these wastes are disposed of in a timely and sanitary manner, have processes in place for collection, transportation, storage and disposal of waste. [28:48] Key considerations for Wastes:  Where necessary, allocate a code in line with the European Waste Catalogue, ensure that correct waste carriers licenses are received and maintained.    [29:19] Key considerations for Subcontracting:   You can subcontract a  lot of aspects i.e. cleaning, pest control, packaging ect. Ensure that any subcontractors are reviewed and approved, have clearly defined written agreements in place that outline roles and responsibilities (this can be a contract or just strictly in writing) [32:10] Key considerations for Deviations: Deviations can happen anywhere, have a regime in place to investigate complaints, in the case of serious deviations that could affect health and safety – ensure you have an effective recall process in place. [33:25] Key considerations for Complaints and Recalls:  All complaints should be communicated to the plant, all complaints should be investigated and followed-up, if a recall needs to happen – ensure that appropriate steps are taken to recall and then take corrective action.   [12:05] Key considerations for Change Control: Have a change management system in place to document any changes (and define if they are fixes, enhancements or major revisions), you need to establish who can: request, approve, develop, test and implement these changes. [36:35] Key considerations for Internal Audits: Internal audits need to be carried out in regular intervals, a minimum of 1 a year (but we recommend more!), track findings and document any corrective actions taken in a Continual Improvement Log. [38:17] Key considerations for Documentation: Documents are used through the whole process – ensure all documents used are approved, signed and dated by authorised personnel, key documents should be version controlled. We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

ISO 22716 sets out the framework for a quality management system for anyone involved in the manufacture of cosmetics and other healthcare related products. While this Standard’s focus is on the manufacture of cosmetics specifically, many of the requirements can apply to any manufacturing process, especially those that involve a risk of contamination. As discussed in last weeks’ episode, having ISO 22716 is essential if you are manufacturing or distributing within the EU. Besides being a legal requirement for certain regions, what other benefits can ISO 22716 offer? Today, Mel is joined by Derek Hall, a Senior Consultant here at Blackmores, to explain some of the key internal and external benefits of ISO 22716 and how it can work in tandem with other ISO Standards. You’ll learn The internal benefits of ISO 22716 The external benefits of ISO 22716 How can ISO 22716 work with other ISO Standards? Resources isologyhub Blackmores ISO 22716 Implementation In this episode, we talk about: [00:50] Adoption of standards such as 22716 are often key requirements of Stakeholders [01:15] One general benefit of implementing ISO 22716 is the ability to win new business by virtue of displaying compliance to EU regulations. [01:40] What are the internal benefits? Firstly, it ensures you’re legally compliant   [02:10] ISO 22716 put controls in place that can reduce risk and hazards with product manufacture, storage and distribution.   [02:35] There can be tangible cost savings – Derek highlights a few clients who have taken a step back to correct and improve their internal processes, which in turn resulted in cost savings. Compliance can also help to avoid any fines [03:29] It can help to avoid products being wrongfully distributed – which can be a very costly mistake, both in time, money and reputation. [04:20] ISO 22716 can integrate seamlessly with other ISO Standards such as ISO 9001 (Quality Management), ISO 14001 (Environmental Management) and ISO 45001 (Health and Safety Management). They are all based on a similar framework and are designed to work together   [06:15] ISO Standards can act as a roadmap for managing a business – especially for micro businesses [08:05] ISO Standards are all scalable and can apply to any size of business. So, if you were to acquire more sites, you can simply roll out your management system across the expanding business [08:43] ISO 22716 is very clearly laid out and easy to follow [09:30] What are the external benefits? It’s an internationally recognised Standard, and can be used for various marketing and tendering opportunities [10:47] ISO 22716 is a mark of quality and displays a brands commitment to delivering quality products [11:10] It promotes ethical behavior through your supply chain   [11:50] It promotes regulatory credibility – Ensures your products meet regulatory requirements [12:05] It gives assurance that your product ingredients also meet legal requirements [12:40] Some ISO Standards can reduce insurance costs – This is something we’ll explore in future episodes! We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

ISO 22716 sets out the framework for a quality management system for anyone involved in the manufacture of cosmetics and other healthcare related products. While this Standard’s focus is on the manufacture of cosmetics specifically, many of the requirements can apply to any manufacturing process, especially those that involve a risk of contamination. On the surface, ISO 22716 may be considered a niche Standard, so why it is still so widely adopted? Today, Mel is joined by Derek Hall, a Senior Consultant here at Blackmores, to discuss the key drivers behind ISO 22716, including legal EU requirements and other related regulations. You’ll learn Why is ISO 22716 used as an industry Standard? What is ISO 22716’s relation to the Cosmetic Regulation (EC) No. 1223/2009? Who are these regulations applicable to? Other regulations and Standards applicable to cosmetics manaufacturing   Resources isologyhub Blackmores ISO 22716 Implementation     In this episode, we talk about: [00:42] A brief summary of ISO 22716 – watch the last episode for a full summary [01:25] Do you still need to comply with EU directives? Short answer – Yes, especially if you sub-contract parts of your manufacturing process / packaging or export product within the EU. [02:00] Why was the Cosmetic Regulation (EC) No 1223 created? To streamline and modernize current legislation across Europe for Cosmetics (though this can also include hygiene products i.e. soaps, toothpaste, deodorants ect) [03:30] What is the Cosmetic Regulation (EC) No 1223? This regulation establishes rules to be complied with by any cosmetic product made available on the market – to ensure a high-level of protection of human health [04:21] ISO 22716 is the central pillar of the Cosmetic Regulation (EC) No 1223 [05:02] A bit of background to the EU adoption of ISO 22716 – On April 21st 2011 – ISO 22716 officially became the Good Manufacturing Practices Standard for cosmetic product across Europe. This created a harmonised approach that ensured cosmetic products are safely manufactured, stored and shipped.    [05:58] The whole regulation came into effect in July 2013. The laws for each nation had to follow this regulation – which included any relevant Standards or guidance affecting the cosmetic industry. This requirement also applies to any cosmetic manufacturers outside the EU that want to import into the EU.   [07:36] Who are the regulations applicable to? Anyone involved in the cosmetic products chain (European and non-European). This includes raw materials producers, product assembly, distributors, exporters ect [08:05] ISO 22716 provides guidance for most parts involved in cosmetic production i.e. production, control, storage and shipment. However, it does not cover: safety for personnel (this may fall more under ISO 45001), protection for the environment, is not appliable to research & development and not appliable to the distribution of finished product [09:55] ISO 22716 is almost 20 years old – so environmental considerations weren’t as much at the forefront of product manufacturing as they are today. Any manufacturers should be doing what they can about their impact regardless of current regulations (new versions may add guidance around this, so keep up-to-date with regulatory changes) [11:45] Other applicable standards include: The two part ISO 16128 Standard: ISO 16128-1: Guidelines on technical definitions and criteria for natural and organic cosmetic ingredients and products ISO 16128-2: Describes approaches to calculate natural, natural origin, organic and organic origin indexes that apply to the ingredient categories  [13:58] COSMOS (standard Cosmetics Organic and Natural Standard) was created by many different International parties including BDIH (Germany), COSMEBIO & ECOCERT (France), ICEA (Italy), AISBL (Belgium) and Soil Association (UK). Its purpose is to define common requirements and definitions for organic and / or natural cosmetics. [15:25] Standards are created collaboratively by technical committees made up of global experts of their respective fields – they take years to develop to establish best practice [16:09] ISO 22716 has been approved by many regulatory bodies around the world, including the ICCR (The International Cooperation on Cosmetic Regulation), FDA (Food and Drug Administration), JCIA (The Japan Chemical Industry Association) and ASEAN Consultative Committee for Standards [17:10] Through current regulations, there is increased responsibility in regards to: Ingredients toxicity, product labelling, more comprehensive product file and compulsory notification of new products introduced to the EU [21:00] The current regulations have specific requirements for ingredient toxicity and product labelling We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

ISO 22716 sets out the framework for a quality management system for anyone involved in the manufacture of cosmetics and other healthcare related products. This is not only limited to production but also the control, storage, and transportation of products, including the purchase of raw materials, components and packaging material. While this Standard’s focus is on the manufacture of cosmetics, many of the requirements can apply to any manufacturing process, especially those that involve a risk of contamination. Today, Mel is joined by Derek Hall, a Senior Consultant here at Blackmores, to talk through the main structure of the Standard and how it can be applied. You’ll learn What is ISO 22716? Who does ISO 22716 apply to? How is ISO 22716 structured? How ISO 22716 can be applied   Resources isologyhub Blackmores ISO 22716 Implementation The Checklist Manifesto   In this episode, we talk about: [00:35] A description of ISO 22716 Good Manufacturing Practices – A supporting Standard for the manufacture of cosmetics [01:20] Why are we talking about such a niche standard? It’s one of our most popular standards via website enquiry, so we’d like to share our knowledge 😊 [02:20] There is an EU directive pushing for the adoption of this Standard where applicable [03:00] A more in-depth summary of ISO 22716 – Why it’s so important and why it was made [04:01] What does ISO 22716 cover? Guidelines and practical advice on the management of the human, technical and administrative factors affecting product quality. [04:58] A summary of the 17 clauses within ISO 22716 [07:55] What are the core elements of ISO 22716? Personnel, Premises and Equipment, Operations and Material Management, Quality Control and Cosmetics Quality Management System [08:50] Personnel – Key considerations include: Restricted areas free from food and drink, visitor supervision, personnel authorisation, personnel uniforms (removal of rings, hair restraints, safety glasses, gloves ect)      [11:25] Premises and Equipment: The layout of buildings and equipment placement need to be controlled, controls for sanitisation and cleaning, guidance for storage, proper access to materials and equipment. [13:27] Premises: Pest control – should be very controlled to prevent contamination. This can be controlled via the building layout and cleaning controls. A pest control program should be created and followed. This extends to the exterior of your building too!   [15:45] Equipment: Automated systems should be controlled in-line with ISO 22716. Equipment should be suitable for purpose and capable of regular cleaning and maintenance to avoid contamination.   [17:02] Materials Management and Operation: How well do you control your materials? What controls do you have in place for manufacturing and packaging? How good is your storage? What is your delivery process? Do you keep documentation of all your purchasing and quality checks? [18:15] Materials Management and Operation: Stock – Consider how you manage and store stock, include regular checks to ensure it’s all well within date. The Operations area in particular aligns with ISO 9001 – Quality Management. [19:40] Materials Management: You need to set the criteria for quality during different stages of manufacturing i.e. specifications for raw materials, components and packaging material. This should also include release parameters. [21:00] Materials Management criteria can be set out in a checklist. Mel mentions ‘The Checklist Manifesto’ as a recommended read [24:15] Materials Management: Make sure you store in a way that avoids any contamination or mix-ups. Ensure all containers are stored off the floor. Use clear labelling to show if they are accepted, rejected or quarantined [25:37] Operations: Should be carried out according to manufacturing documentation i.e. suitable equipment, product formula, details of the product process ect. [27:15] Quality Control: Consists of sampling, specification testing, out of spec investigations and release. You may subcontract out quality control – in which case, you must ensure you get proof that they are conducting adequate tests. [29:13] For subcontractors – Ensure you have a written contract OR agreement in place. If your subcontractor is subcontracting along the work, you need to ensure that process is controlled [31:32] Deviations: These can happen at any point in operation and can be both internal and external in origin [32:09] Complaints and Recall: You need to have processes in place to log and deal with complaints and recall. You should also regularly test your product recall process [33:20] Change Control: Making sure you have effective processes and documentation to control any changes to existing operation. I.e. if you get different machinery that changes mixing times [34:50] Internal Audits: You need to have an internal audit program in place and have competent independent personnel that can carry those audits out. This could be sub-contracted out [36:10] Documentation: You will be documenting all throughout the manufacturing process, it’s integral. Ensure all staff know the importance of it and how to complete it correctly. We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

Today we’re joined by Phil Bailey, Managed Services Director at PMC Retail, to talk about PMC’s experience with ISO 27001, from implementation to on-going maintenance. PMC is a leading retail IT services and solutions provider, who recognised the growing need for formal Information Security certification. They succeeded in achieving certification to ISO 27001 in 2021, now over a year down the line, we catch up with Phil to find out what they’ve learned, benefits of certification and some tips for those looking to implement ISO 27001.   You’ll learn Who are PMC retail? How do PMC currently manage their ISO 27001 certification? How has the ISO Support Plan helped? What have they learned from implementing the standard? What are the benefits of implementing ISO 27001? ISO 27001 Top tips from Phil   Resources PMC Retail The magic of thinking big by David J. Schwartz Blackmores ISO Support   In this episode, we talk about: [01:03] An interesting fact about Phil – He started in electronic engineering and was involved the build of a system designed to measure the mirrors used in a telescope that was carried on the Discovery shuttle! [01:44] Who are PMC Retail? Started out consultancy to retailers, which has since branched out. [03:49] An example of one of PMC’s projects – Pulling together legacy systems, updating them to newer technologies while maintaining the legacy data. [04:40] Learn about Phil’s role at PMC   [05:45] PMC now certified to ISO 27001 – One of the most popular ISO’s globally in recent years. It’s becoming something of a mandatory requirement in the tech space when bidding for contracts [06:31] How do PMC manage their ISO 27001 certification – Created a small team dedicated to the task of achieving certification – along with some help from us 😊 Following certification they onboarded a Compliance Governance Manager to keep up with Internal Audits and other ISO maintenance. [08:25] How has the ISO Support plan helped? – Blackmores helped to implement the standard, and were very familiar with their system and way of working. Great to have a wealth of knowledge to tap into. [09:00] PMC managed to implement the standard in just 6 months!    [10:25] What did PMC learn from their experience? It wasn’t an easy task! Getting leadership commitment from the start made a huge difference.   [11:50] The benefits PMC have experienced by implementing and maintaining ISO 27001: Being able to identify risks and put actions in place to mitigate them. Certification demonstrates a robust security infrastructure to third parties. Establishes more credibility to customers and partners. They are able to see a pathway for business growth, utilising the certification. [14:30] ISO 27001 has helped to collate and bolster their existing Information Security structure – Having a library of resources, unified policies and procedures, company wide Objectives, and better understanding of measuring & managing risks. [16:15] PMC ensure that staff complete annual training – as required by the Standard. [17:10] Phil stresses that you can’t just stay still with Information Security is concerned, you need to be aware of new risks and make sure those in your business are also aware and know how to react.   [18:00] Top tips from Phil: Get Leadership commitment early on. Build yourself a Management Team. Get help from an experienced external party. It’s not a walk in the park, and needs focus to achieve in a reasonable amount of time. [19:42] Phil’s book recommendation: The magic of thinking big by David J. Schwartz. [21:42] Phil’s favorite quote: “You’re never too old to set a new goal, or too old dream another dream”   We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

The work doesn’t stop once you get ISO certified, there is a requirement to complete an annual surveillance audit to ensure your Management System continues to meet the requirements of the standard(s). Last week Mel covered some basic preparation you can do ahead of a Surveillance Audit, but what should you expect on the actual audit day? Today, Mel shares 10 top tips to help you prepare and ensure your next surveillance audit runs as smoothly as possible. You’ll learn What is a Surveillance Audit? What to expect during the Surveillance Audit Considerations for remote vs on-site audits What evidence do you need to have prepared?   Resources isology Hub Blackmores ISO Support   In this episode, we talk about: [00:36] A description of a Surveillance Audit [02:00] A summary of the 10 top tips   [02:40] There is no right or wrong way to prepare for a Surveillance Audit – but the following tips will be applicable regardless of the standard your certified to [03:30] Tip 1: Be Prepared – A summary of what Mel covered in the previous episode   [05:40] Tip 2 – The opening Meeting – Be sure to have all people involved in the audit present at the meeting. It’s advised to have a member of the leadership team present. Here the Auditor will explain the different types of audit findings. [08:00] Tip 3 – Audit questions – Similar to your Stage 1 and 2 Assessment, you will be asked a lot of questions. Try to be specific with your answers, and don’t be afraid to ask for clarification. Don’t worry if you don’t know the answers to certain questions outside of your area of expertise, simply direct them to the correct individual who can answer. You are within your rights to seek clarification on findings – Do not argue with the auditor, simply ask for justification on findings if you’re confused as to why they’re being raised. [13:05] Tip 4: Keep on track – It’s everyone’s best interest to stick to the Agenda. [13:35] Tip 5: On-site Surveillance audits – Do a floor walk before the auditor arrives to check that you’re following your procedures. Make sure reception knows that the Auditor is arriving, and follows any of your standard visitor procedures. Try to book a room to base the audit in to avoid them overhearing any unnecessary chatter and to allow the auditor and auditees some privacy.   [16:05] Tip 6: Remote Surveillance Audits – Ensure that you follow any company remote working procedures. Ensure you have a good wi-fi connection, all attendees should be visible on camera but be muted when not speaking. Make sure everyone has access to the necessary documents while off-site. [17:15] Tip 7: The Auditor – They are human, and they are here to support you to ensure you are doing what you say you’re doing. They are experts on their Standards and it’s advised to foster a friendly relationship with them. But please be aware that they shouldn’t be sending you reports from personal email addresses, be left unattended on-site and shouldn’t be talking any information off-site – show evidence on screen / in-person during the audit.     [20:20] Tip 8: The closing Meeting – Held at the end of the day. Listen to the feedback and findings from the auditor – they are there to help you improve. Feel free to ask for further clarification if needed. It’s advised to have everyone at the opening meeting present at the closing meeting. [22:38] Tip 9: Evidence needed – You will typically need, audit schedule, audit reports and Management Review Minutes. You may also need various policies and procedures. Ensure that all documents are version controlled and any applicable branding is consistent. [24:10] Tip 10: Enjoy it! – If you’re doing everything you say you’re doing, then you should enjoy showing off your Management System. The resulting report should be seen as an opportunity to continually improve – the auditor only wants the best for your business. We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

The work doesn’t stop once you get ISO certified, there is a requirement to complete an annual surveillance audit to ensure your Management System continues to meet the requirements of the standard(s). Surveillance audits must be carried out by a Certification Body, during which they will typically look at your Management Review, your preventative and corrective actions process, Internal auditing process and the implementation of any recommendations that have come out of an Internal audit. Today, Mel explains how you can prepare for a Surveillance audit and gives examples of some key considerations ahead of the Auditor arriving on site. You’ll learn What is a Surveillance Audit? Why there is a requirement for an annual surveillance audit What you need to prepare ahead of a surveillance audit   Resources isology Hub Blackmores ISO Support What to expect during your first ISO Assessment   In this episode, we talk about: [00:59] A description of a Surveillance Audit [01:30] The purpose of a Surveillance Audit – Ensuring your Management System meets ISO Standard requirements and as an opportunity to demonstrate continual improvement [02:40] There is no right or wrong way to prepare for a Surveillance Audit – but the following tips will be applicable regardless of the standard your certified to [03:30] Tip 1: Check that you have an Agenda for the visit – This should be provided at the end of your last report from the Certification Body [04:25] A brief overview of how the certification cycle works – A 3 year plan is usually provided to you by your Certification Body [05:50] Ensure that you go ahead with a UKAS accredited Certification Body [06:18] Tip 2: Confirm locations – make sure you know where the auditor is being sent and to prepare staff on site about the impending visit. This can also allow you to book out time for specific people that may be required during the audit [07:10] Tip 3: Ensure you book out time for any required key members of staff – it is also advised that you book out a meeting room for the day [08:45] Be prepared for the Auditor to walk around your site – Especially if they’re assessing ISO 45001 (Health and Safety) and ISO 27001 (Information Security) [09:40] Double check if the auditor visit is on-site or remote   [10:30] Tip 4 – Check that you have all the relevant Management System records in place – and that they’re up-to-date [10:50] Examples of what documentation the Auditor will typically look at [13:00] Tip 5 – Make sure you’ve closed out any opportunities for improvement and non-conformities from your last internal audit [14:30] Tip 6 – Check if there have been any changes to your business that may effect the scope of certification i.e. New products or services with no controls in place yet or a new site [16:00] Tip 6: Confirm the auditor’s visit and check if they have any accessibility or dietary needs. [16:30] Tip 7: Warn any relevant reception / security staff about the visit so they know to expect the auditor. Ensure they go through any of your typical security procedures i.e. getting an access card, signing visitor book ect [17:42] Tip 8: Send an email to all staff to remind them about the surveillance visit – good to do this a day or two ahead of the visit    [19:45] Tip 9: Do a floor walk – Ensure that any of the physical controls you have in place are working as intended We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

ISO 27002 was recently updated this year – along with a reduction of overall controls, 11 completely news ones were added to keep up with new and emerging technology. One of the new controls added under the Physical category, is something called physical security monitoring. But what does this mean exactly? Steve Mason joins us again today to delve deeper into physical security monitoring to explain what it is and give examples of different types of security and monitoring you can put in place.    You’ll learn What physical security monitoring is The purpose of physical security monitoring What should be monitored? Different types of security and monitoring you can consider   Resources isology Hub Blackmores ICO CCTV Guidance     In this episode, we talk about: [00:36] A quick recap of our ISO 27002 series and it’s purpose to date – Start from Episode 109 [01:58] ISO 27002 controls reduced from 114 controls to 93 – reduction due to some of them being combined or made redundant in the latest version [04:02] The purpose of Physical Security Monitoring [06:22] Example of where security monitoring solved an issue at a bank   [07:29] Another example of a London business who lacked physical security monitoring [08:45] The importance of reviewing your need for physical security monitoring – what level do you need? Will it include CCTV, Access cards ect [10:10] An overview of the various access points to consider, including: Main building, secure offices, server rooms, visitor access rights, CCTV, security alarms and personnel [10:53] Example of where failure to verify a visitor highlighted a companies lack of security. [11:30] The importance of communication and inductions for key reception and security staff, to ensure they can do the proper checks on visitors / know who should and should not be allowed into certain areas of your workplace. [13:50] Suggestion of a checklist for checks on visitors for temp reception staff   [14:32] How do you define what needs 24 hour monitoring and what can be monitored for selected hours? [15:46] The installation of security measures should be appropriate for your needs – don’t go overboard if it’s not needed. i.e. a Data Centre would need a high level of security but a small office may only need access control [17:48] Take note of any security requirements in customer contracts [18:10] How do you ensure the integrity of your security measures? i.e. CCTV – guidelines are available for installation, including placement, connection to your systems, keeping the timestamps accurate, logging any camera failures. [20:00] Example of where a German company mapped out their CCTV so they could highlight blind spots, which were then pointed out to guards who did more checks in those areas [21:15] Make sure you maintain any security equipment   [22:10] What crossover is there with other ISO 27002 controls? i.e. data masking being used in visitor books    [24:45] How can you apply this control to home workers? This can include training on being aware of potential security risks at home and locking the computer when not nearby ect We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

ISO 27002 was recently updated this year – along with a reduction of overall controls, 11 completely news ones were added to keep up with new and emerging technology. One of the new controls added under the technological category, is something called web filtering. But what does this mean exactly? Steve Mason joins us again today to delve deeper into web filtering to explain what it is, breaks down the different types and gives examples of uses that you could implement to reduce risk.    You’ll learn What is web filtering? The purpose of web filtering The different types of web filtering Different measures of web filtering that can be implemented   Resources isology Hub Blackmores     In this episode, we talk about: [01:05] How you can adopt the new controls of ISO 27002 ahead of the latest version of ISO 27001:2022 being published [02:00] The purpose of web filtering [02:26] An overview of what web filtering is: It’s a security technology that monitors web activity and prevents users from accessing websites with malicious content or sites that are deemed to be inappropriate for business use [03:45] Outlook already has web filtering built in [04:17] The Internet is still the dominant facilitator for cyber crime [04:40] Types of web filtering, including: Browser based filters, search engine filters, client side filters and network based filters [06:58] Examples of where web filtering comes into practice – to protect against threats from malicious sites with malware or fishing content, false anti-virus updates, sites with illegal content and sites with out of date SLL certificates.    [08:15] Are you safe relying on Microsoft Windows? [08:50] What to look out for on websites to ensure it’s secure: A padlock in the bottom right corner, use of reputable third party payment gateways.   [09:27] Examples of what to be wary of when using the web i.e. deals that are too good to be true   [11:40] Consider setting up a small internet café that is separate from the company network – to allow employees access for personal use and to help keep your systems safe. We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

ISO 27002 was recently updated this year – along with a reduction of overall controls, 11 completely news ones were added to keep up with new and emerging technology. One of the new controls added under the organisational category, is something called threat intelligence. But what does this mean exactly? Steve Mason joins us again today to delve deeper into threat intelligence to explain what it is, gives examples of the different types and shares some tools and activities that will help you implement threat intelligence   You’ll learn What is threat intelligence? What does threat intelligence actually do? The different types of threat intelligence What tools can you implement to help with threat intelligence? What activities can you do to help implement threat intelligence?   Resources isology Hub Blackmores     In this episode, we talk about: [01:19] The definition and purpose of threat intelligence [03:01] Threat intelligence doesn’t have to factor into your scope and context – you can integrate findings in later [03:50] Threat intelligence is about being aware of not only internal threats, but global threats that could impact your business [04:50] Threat intelligence is not only about IT (i.e. viruses) [05:19] That being said – cyber threats are still a big factor. So ensure you have tools, training and measures in place to reduce cyber attacks and breaches. [06:30] Types of Threat intelligence, including: Cyber, Strategic and Tactical   [07:58] What threat intelligence actually does – Firstly ensure that you are collecting relevant data. That data can be analysed and used to reduce risk, to help you be proactive instead of reactive to threats. [09:51] Threat intelligence is very appliable to Business Continuity (ISO 22301) [10:35] The different types of tools you could consider, including: Security information and event management (SIEM) and CSOC – Cyber Security Operation Centres [12:30] Types of threat intelligence activities you can do. This includes: Establishing objectives, collection of information from selected sources, analysing information to understand how it relates and is meaningful to the business and communicating information to relevant individuals. [15:10] Ensure your threat intelligence is dynamic – and use it to inform and update your Risk Assessments at regular intervals [16:30] Threat intelligence works with the Plan-Do-Act-Check cycle that is commonly seen in most ISO’s [17:10] Threat intelligence can be used by any business regardless of any ISO certification you may or may not have.    [18:05] Keep an eye out for our ISO 27001:2022 migration support offering! Just a reminder, we’re offering 6 months free access to the isologyhub for anyone who signs up to an ISO Support Plan! We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

ISO 27002 was recently updated this year – along with a reduction of overall controls, 11 completely news ones were added to keep up with new and emerging technology. One of the new controls added under the technological category, is something called Data Masking. But what does this mean exactly? Steve Mason joins us again today to delve deeper into data masking to explain what it is, why it’s so important and details a few of the different types of data masking You’ll learn What is data masking? Why is data masking important? How does data masking work? What are the different types of data masking?   Resources ISOlogy Hub Blackmores     In this episode, we talk about: [01:33] The purpose of data masking according to ISO 27002 – Now more clearly defined when compared to earlier versions [02:55] A brief overview of PII (Personally Identifiable Information)      [03:52] A summary of the defined attributes of data masking      [05:25] What is data masking? Including definitions for obfuscation, data anonymization and pseudonymisation [08:50] The benefits of having a more clearly defined control for protecting PII [09:35] Other standards where data masking is applicable - ISO 27017, ISO 27018 and ISO 27701   [11:27] Why data masking is so important currently [12:40] How data masking works in practice   [13:10] Static data masking -  data is masked in an original database then duplicated into a test environment [13:34] Dynamic data masking - The original sensitive data remains in the repository. Data is never exposed to unauthorised users, contents are shuffled in real-time on-demand to make the contents masked [14:50] On the fly data masking - Masking data while it is transferred from production systems to test or development systems before the data is saved to disk. [15:55] Techniques for data masking include – Substitution - Businesses substitute the original data with random data from supplied or customised lookup file. [16:15] Shuffling - Businesses substitute original data with another authentic-looking data but they shuffle the entities in the same column randomly.    [17:09] Number and date variances - For financial and date-driven data sets, applying the same variance to create a new dataset doesn’t change the accuracy of the dataset while masking data. [17:56] Encryption is still the number one method for data masking [18:40] Character scrambling - This method involves randomly rearranging the order of characters. This process is irreversible so that the original data cannot be obtained from the scrambled data. [19:50] Other forms of data to take into consideration - Protected health information, Payment card information, Intellectual property and Company specific Information [23:02] How GDPR promotes data masking   Just a reminder, we’re offering 6 months free access to the isologyhub for anyone who signs up to an ISO Support Plan! We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

ISO 27002 was recently updated this year – along with a reduction of overall controls, 11 completely news ones were added to keep up with new and emerging technology. As a reminder, ISO 27002 (Information security, cybersecurity and privacy protection — Information security controls) is a guidance document which provides further best practice advice to strengthen your IT Security. Today, Steve Mason explains the changes made to the 2022 version of ISO 27002, gives a summary of the 11 new controls and gives some examples of some key considerations and actions you can take to implement them. You’ll learn What changes have been made to ISO 27002:2022 Why ISO 27002 has been updated in 2022 An overview of the 11 new controls added to ISO 27002 Examples of actions you can take to implement the new controls   Resources ISOlogy Hub Blackmores     In this episode, we talk about: [01:28] A brief summary of the changes to ISO 27002:2022, including new controls, new structure and attribute types [05:30] Controls in ISO 27002 now have a defined purpose to avoid misinterpretation      [06:29] A summary of the 11 new controls by name and category     [08:10] Threat intelligence – What tools do you have in place to identify threats? How do you monitor your threat intelligence effectiveness? [11:20] Information Security use of Cloud Services – A reminder that ISO 27017 covers this in more detail! Do you have a cloud policy in place? Does it align with your clients security requirements? [13:10] ICT readiness for Business Continuity – Focus on recovery of IT services following a disaster. Do you have Business Impact Assessments in place? If you’re certified to ISO 22301 – this area is most likely covered [14:36] Physical Security monitoring – Are you monitoring physical security? i.e. keycard access, CCTV ect [16:23] Configuration Management – Are you IT systems working well together? Do you have an established configuration for passwords? (i.e. how many characters, alpha numerical, symbols ect) [18:13] Information Deletion – If data needs to be deleted, that it’s deleted in a secure manor and can’t be recovered. [21:48] Data Masking – Make sure that any data that shouldn’t be shared is masked in some way i.e. obfuscated or anonymized. [23:31] Data Leakage – Put measures in place to stop data being leaked through i.e. USB’s, people sending business information to personal email addresses ect    [26:55] Monitoring Activities – You could monitor network traffic, software access ect. Be selective in your monitoring, only do so if it will be of benefit to the business.      [28:04] Web Filtering – Ensure that employees can’t access any nefarious / high risk websites that could cause a security breach       [30:15] Secure Coding – Make sure that coding is done securely – making sure that any software developed is secure and free of as many vulnerabilities as possible.       Just a reminder, we’re offering 6 months free access to the isologyhub for anyone who signs up to an ISO Support Plan! We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

Did you know there were 80 identified security incidents, resulting in 34,908,053 compromised records in June 2022 alone! Standards such as ISO 27001 can help you put measures in place to reduce risk and help set up procedures for data recovery. However, not as many adopt the guidance document ISO 27002 which provides further best practice advice to strengthen your IT Security. ISO 27002 has recently been updated with 11 new controls that tackle recent emerging technology not covered in ISO 27001:2013. Today, Mel explains ISO 27002 (Information security, cybersecurity and privacy protection - Information security controls), why it’s been updated and gives a high-level overview of the changes. You’ll learn The purpose of ISO 27002 How ISO 27002 works with ISO 27001 Why ISO 27002 has been updated in 2022 A basic overview of the changes to controls within ISO 27002:2022   Resources ISOlogy Hub Blackmores     In this episode, we talk about: [00:30] A reminder to keep an eye out for future episodes on the upcoming updated version of ISO 27001:2022 [00:52] An introduction to the guidance document ISO 27002     [02:02] Controls from the updated version of ISO 27002 can be implemented right now – not a requirement of ISO 27001 but recommended.    [02:25] Why ISO 27002 has been updated – To bring it up-to-date with the latest technologies and simplification of controls [03:15] What this means for your Information Security Management System [03:50] We expect to see the new controls in ISO 27002 to be reflected in the updated version of ISO 27001 coming out later this year. [4:27] Reminder: ISO 27002 is not a certifiable standard but it is best practice. [05:00] ISO 27002 had its last major update in 2013 – think how much technology has changed since then! [06:00] A summary of the changes to controls in ISO 27002 [07:25] New controls added to ISO 27002 highlight that the standard is more then just IT Security – A trait shared with ISO 27001   [09:13] A summary of what categories the 11 new controls fall under      Just a reminder, we’re offering 6 months free access to the isologyhub for anyone who signs up to an ISO Support Plan! We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

The Sustainable Development Goals have been established by world leaders with the hope that we can work together towards a better world by 2030. The last two episodes provide an overview of all 17 Goals and related ISO Standards that you could align with to meet these goals. But how do you put this into practice? How do you go about aligning your Management System to the SDG’s? Today, Mel explains the role ISO Implementation plays in working towards a better future and shares 5 actions you can take to align your businesses Management System. You’ll learn How ISO Implementation can help you align with the SDG’s Why it’s important to show support for the SDG’s 5 Practical actions you can take to align your Management System with the SDG’s   Resources United Nations Sustainable Development Goals ISOlogy Hub Blackmores Carbonology   In this episode, we talk about: [00:46] A reminder to watch the 2 previous episodes to learn about each of the 17 SDG’s [00:52] The importance of ISO’s and how they can help work towards a better future, including alignment with the SDG’s    [01:24] Find out what SDG’s align with certain ISO’s on the ISO.org website   [02:19] Recommended action: Look at what your currently certified to and what other ISO Standards of interest that you could adopt to enhance your Management System [04:40] If you need assistance with aligning to the SDG’s or want to implement an ISO – Blackmores can help, and we have resources available on the isologyhub [05:30] Action 1: Leadership Commitment – Have you made a declaration of commitment to the SDG’s? Where have you displayed this commitment? [07:10] Action 2: Management Review – Include discussions around your SDG commitment within a Management review. Make sure any actions are noted in the meeting minutes. [08:31] Action 3: Context of the Organization – Consider actions related to SDG’s in SWOT and PESTLE’s   [10:10] Action 4: Objectives – Set out clear key performance indicators to achieve your commitment to select SDG’s. Can be short or long term. [11:20] Action 5: Operational Controls – Put controls in place that actively work towards achieving objectives related to the SDG’s   Just a reminder, we’re offering 6 months free access to the isologyhub for anyone who signs up to an ISO Support Plan! We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

In 2015, world leaders came together to create 17 Sustainable Development Goals (SDG’s) which aim to tackle various social, economic and environmental issues, to build a better world by 2030. What you may not be aware of is the fact that ISO Standards play a big part in the journey towards a better future. Many commonly used ISO Standards already meet certain goals, with more in development. This is part 2 of our 2-part series on the United Nations Sustainable Development Goals and the ISO standards that support them.  Today, Mel explains the 7 remaining SDGs, the ISO standards that relate to them and how organisations can meet these goals… You’ll learn The ISO standards that relate to the sustainable development goals. How to align your business with the SDG’s. The ISO standards that can help you meet the last 7 SDGs. Details of the final 7 SDGs and the ISO standards that relate to them. How we define what best practice is. How ISO standards are developed. Resources United Nations Sustainable Development Goals ISOlogy Hub Blackmores   In this episode, we talk about: [00:46] The Sustainable Development Goals set out by the UN. [02:27] How ISO 9001 and 14001 relate to the SDGs. [02:56] Goal 10 (Reduced inequalities) and how ISO 26000 (Guidance for social responsibility) relates to it. [06:04] Goal 11 (Sustainable cities and communities) and the series of standards ISO 37101, ISO 37120, ISO 37122, ISO 37123, and ISO 22301 that can help meet this goal. [07:50] Goal 12 (Responsible consumption and production) and the related standards ISO 14020 Series, ISO 15392, and ISO 20245. [10:42] Goal 13 (Climate Action) and the standards that help with climate change and greenhouse gases ISO 14001, ISO 14064, ISO 14067, and PAS 2060. [14:14] Goal 14 (Life underwater) and the 250 sustainability-related Standards dedicated to Shipping, port waste management and protection of marine life. [15:30] Goal 15 (Life on land) and the related standards ISO 14001 and ISO 38200. [16:27] Goal 16 (Peace, justice and strong institutions) and the standards that support this goal ISO 37001, ISO 37301, and ISO 37000. [18:18] Goal 17 (Partnerships for the goals) and it’s relevance to ISO Standards. [19:43] How ISO standards are developed. Just a reminder, we’re offering 6 months free access to the isologyhub for anyone who signs up to an ISO Support Plan! We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

The world is facing a crisis: poverty, hunger, inequality and climate change are just some of the issues we need to address. In 2015, world leaders came together to create 17 Sustainable Development Goals (SDG’s) which aim to tackle these issues, to build a better world by 2030. What you may not be aware of is the fact that ISO Standards play a big part in the journey towards a better future. Many commonly used ISO Standards already meet certain goals, with more in development. Today, Mel explains what the SDG’s are, and how businesses can align themselves with the SDG’s with related ISO standards. You’ll learn The 17 sustainable development goals set by the UN. How to align your business with the SDG’s. How the SDG’s affect our day-to-day lives. The ISO standards that can help you meet the SDG’s. Details of the first 9 SDG’s and the ISO standards that relate to them. Where the term ISO came from.       Resources United Nations Sustainable Development Goals What is ISO 20400 - Sustainable Procurement How to avoid anti-bribery fines - ISO 37001 Need support with revamping your Management System? check out our ISO Support Plan Need guidance and support with ISO Standards? Isologyhub     In this episode, we talk about: [01:48] What the sustainable development goals are. [02:29] When the SDG was established and what it’s agenda is. [03:17] An overview of the 17 SDG’s. [04:48] Where the term ISO came from. [09:05] How ISO 20400 and ISO 37001 relate to the goal of ‘No Poverty’. [11:25] The ISO standards related to the goal of ‘Zero Hunger’ including ISO 22000, ISO 26000 and ISO 20400. [13:05] How ISO 13845 can relate to the goal of ‘Good health and well-being’. [13:53] The first-ever management standard on education ISO 21001. [15:23] How ISO 26000 can help improve gender equality. [17:40] The ISO standards for water management that relate to the UN’s goal of ‘Clean water and sanitation’ including ISO 24518, ISO 14001 and ISO 24521. [19:48] The increase in development of ISO standards in the area of Affordable and clean energy’ including ISO 50001 and the ISO 52000 series of Standards. [21:37] How international standards promote the goal of ‘Decent work and economic growth’ including ISO 45001, ISO 37001, ISO 9001 and ISO 44001. [27:48] How international standards promote the goal of ‘Industry, Innovation and Infrastructure’ including ISO 56002 and ISO 56003 Just a reminder, we’re offering 6 months free access to the isologyhub for anyone who signs up to an ISO Support Plan! We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud

Do you find keeping up with regular annual ISO tasks a struggle? It’s easy to let ISO maintenance slip through the cracks, especially if it’s in addition to your primary job role. If this sounds familiar, then you should consider outsourcing certain areas of your ISO management system to be managed by ISO experts. Today, Mel explains the areas that should be managed in-house, the areas that can be outsourced, and explains the ISO support plan we offer to help businesses outsource aspects of their management systems. You’ll learn How long ISO certifications are valid. Why businesses outsource some areas of their management system. The different ISO areas you can outsource. How to maintain quality when outsourcing internal audits. The importance of quantifying the results of your management system. The importance of employee engagement in your ISO management system. Resources Need support with revamping your Management System? check out our ISO Support Plan Need guidance and support with ISO Standards? isologyhub   In this episode, we talk about: [01:38] How long ISO certifications are valid and the ISO support plan we provide. [02:38] Why businesses outsource certain aspects of their management system. [03:34] What areas you can outsource and what you should keep in-house. [04:48] Health and safety requirements and risk management needs. [06:03] The most popular ISO areas that can be outsourced. [09:27] How to optimise performance through updating management systems. [09:57] The importance of being able to quantify the results of ISO systems. [10:54] How to outsource the facilitation of your management review. [12:15] Employee engagement training that can be outsourced. Just a reminder, we’re offering 6 months free access to the isologyhub for anyone who signs up to an ISO Support Plan! We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud

5 Steps to revamp your Management System Has your Management System been left to collect dust? Hidden away so that no one except a select few can access and update it ahead of Surveillance Audits.   If this sounds familiar, then it’s time to revamp your Management System to ensure it’s incorporated with your core vision and values and encourages engagement from employees on all levels. Today, Mel takes you through 5 steps that will help to rejuvenate your Management System, including key content considerations, the design and alignment with your company culture. You’ll learn How to identify what’s essential for your Management System How you can incorporate your Unique way of Working How to take a collaborative approach to revamping your Management System Key considerations for the look, feel and accessibility of your Management System How to align your Management System with your company culture, strategy and goals Resources Need support with revamping your Management System? check out our ISO Support Plan Need guidance and support with ISO Standards? isologyhub   In this episode, we talk about: [00:57] What is essential from an ISO perspective [01:22] How having too much in your Management System can lead to a lack of compliance [02:20] Remember – If an ISO Standard states ‘shall’ – you must fulfill this requirement [02:55] How to establish what’s essential to your business – including your way of working [03:53] Different ways you can add value to your Management System     [05:25] An example of how Blackmores have added value with our Client Success Journey [07:15] Why collaboration is so important when revamping your Management system [08:52] How a Quality Circle can assist with a collaborative approach [10:15] How you can align your company culture, strategy, values and goals within the Management System [11:32] Why it’s important to share the Management system and any related updates   [12:38] Key considerations for the look, feel and accessibility of the Management System [14:05] Examples of different ways you can display and share your Management System [15:36] Consider how easy your Management System is to access and navigate  [17:12] Consider different methods of communicating the Management System – i.e. Audio, video, visual, flowcharts ect   Just a reminder, we’re offering 6 months free access to the isologyhub for anyone who signs up to an ISO Support Plan! We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

It’s not uncommon to see a businesses Management System left to collect dust, either because it’s not fit for purpose or simply a carbon copy of an ISO Standard. Sound familiar?  Do you think your business and your employees deserve better?  Your ISO Management System should represent your businesses way of saying – “This is what we stand for, this is our vision, values and processes.” Today, Mel explains why it’s so vital to ensure your Management System is fit for purpose, and give some examples of where you can add value and reduce risk. You’ll learn Pitfalls of an archaic Management System Why you should consider revamping your Management System How you can update your Management System Guidance on what should be included in a Business Management System Examples of what could add value or reduce risk for your Management System How you can update the look and feel of a Management System   Resources Need support with revamping your Management System? check out our ISO Support Plan Need guidance and support with ISO Standards? isologyhub   In this episode, we talk about: [01:03] Examples of poor quality Management Systems Mel’s come across   [02:19] The importance of having a bespoke Management System [03:33] How out-of-date Management Systems can be detrimental [04:40] Latest offering: A free Management System review and consultation – Simply contact us [05:05] Why it’s important to continually update your Management System    [06:25] How initiatives / functions can get overlooked if they’re not referenced in your Management System  [07:38] Guidance on what should be included within your Management System to add value and reduce risk [08:01] Examples of how a Social Media Policy / Process could be included and how it adds value [09:45] How we at Blackmores follow our Social Media Process, record results and use the captured data [11:10] How you can add risk mitigation to your Management System   [12:35] Other reasons why your Management System may be ready for a revamp [13:10] Guidance on how you can improve the look and feel of your Management System We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

What’s in a name? Is your ISO Management System just called a ‘Management System’ or is it named to reflect your companies culture and brand? Sarah Ball, QHSE Consultant shares her views and tips on the power behind a name. A name is people’s first impression of your Brand, System etc, it sets the tone for how people interact with it. So, it’s best to give it the time and thought necessary to make sure it makes the right impact. Today, Mel and Sarah discuss why the naming  of a Management system is important and share some great examples. You’ll learn The definition of a Management System Why naming your Management System is so important How certain Management System names can dissuade engagement Guidance on how to select a Management System name Examples of unique Management System names How getting a Management system name and format right can help share a businesses core vision and principles   Resources Blackmores Isologyhub   In this episode, we talk about: [01:05] How a Management System without a name can be detrimental [02:39] A reminder of the definition of a Management System [03:03] Why naming a Management System is so important to a business   [04:41] How including ‘Management’ in the name can alienate people from engaging with the System   [06:57] Guidance on selecting a Management System name   [09:30] Some examples of unique Management System names Sarah has come across   [11:18] Examples of some names and Acronyms we use at Blackmores   [12:01] Important considerations when creating acronyms – including taking account of any existing relevant industry related ones [13:25] Why naming the Management System should be a collaborative effort [14:54] Why the format of a Management System is important    [16:09] How getting the Management System name and format right can help share a businesses core vision, principles and culture     We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

This episode Mel is joined by the CEO and Founder of SalesEnabla, and part-time Adventurer Matt Garman to talk about creating an awesome Sales Process. Sales are an intrinsic part of any business, and while you may be happy with your current way of working, there is a lot you can do to optimize your process to increase the quality of your leads. Today, Mel and Matt dive into Matt’s book ‘Learning the Ropes’ to explain the four pillars of Sales and how you can use these as a basis to improve your Sales Process. You’ll learn Matt’s previous endurance challenges and preparing to undertake the World’s toughest row - 3000 miles across the Atlantic - The Talisker Whiskey Atlantic Challenge Why Matt wrote ‘Learning the Ropes’ Matt’s past experience in Sales and his main pain points The four pillars of Sales - Vision, People, Process and Management Why creating a Process for sales is so important The importance of the ‘Discovery’ meeting What does a good Discovery look like? Other key qualities needed for an awesome Sales Process What is SalesEnabla and how can companies use it Resources OceanDadVenture Learning the Ropes Book SalesEnabla   In this episode, we talk about: [03:02] Matt’s past adventures and his latest challenge ‘Ocean Dadventure’ [06:42] How Matt’s epic challenge is supporting two incredible charities -Prostate Cancer UK and WOLO (We Only Live Once) foundation [08:45] The reason why Matt wrote ‘Learning the Ropes’ [09:07] Matt’s past in Sales and his takeaway from experience [11:50] An explanation of the four pillars – Vision, People, Process and Management [17:00] The purpose for creating a Sales Process or ‘Playbook’– and why it’s especially important for smaller businesses [18:28] The importance of having an effective ‘Discovery meeting’ to ascertain the viability of opportunities [19:27] What a good ‘Discovery meeting’ looks like [21:15] What skillset and mindset are needed for an awesome Sales Process [23:30] An explanation of SalesEnabla and how it can be utilised  [25:49] How to avoid a high turnover in sales representatives   We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

This episode is the final part of our 3-part series on Management Review, and this time Mel is joined by Rachel Churchman to explain how to best conduct Management Reviews and what’s best to include in them. Rachel Churchman is a Managing Consultant at Blackmores where she assists clients to implement, maintain and continually improve their UKAS certified ISO Management Systems. Mel and Rachel discuss the different ways to conduct a Management Review, how to improve the Management Review process, and who should be involved in your Management Review. You’ll learn The purpose of a Management Review. Different ways to approach your Management Review. The importance of using data. Who you should involve in your Management Review. How to deal with non-conformities and corrective opportunities. Resources isology Hub Blackmores   In this episode, we talk about: [07:30] The purpose of a Management Review. [11:15] The Management Review carried out at Blackmores and the issues we came across. [13:06] The ways Covid has shifted from being viewed as a risk to an opportunity. [14:14] The importance of reviewing your company's subscriptions in your Management Review. [15:30] The benefits of involving more people in your Management Review. [17:52] Why data analysis is so essential in a Management Review. [22:35] The importance of considering your outputs as well as your inputs in your Management Review. [24:47] Areas you should monitor and measure in your Management Review. [30:53] The most beneficial ways to review your objectives. [34:43] How to deal with non-conformities and corrective opportunities at Management Review. [37:20] Types of resources you should review in your Management Review. [41:50] Our top tips for Management Review. [47:24] The three different ways to conduct a Management Review and the benefits of each one. For members of the isologyhub, we have a few Management Review templates available for download We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

This episode is part 2 of our 3-part series on Management Review, explaining how to conduct Management Reviews and what you should include in them Today, Mel looks at the three different ways you can deliver a management review, what you need to consider when planning a management review and the key aspects of what to include in your management review report. You’ll learn How to plan your management review. What information you need to include in your management review. The different styles of a management review. Key aspects of what to include in your management review report. How frequently you should have a management review. How to inspire confidence when chairing a management review meeting. Resources isology Hub Blackmores   In this episode, we talk about: [01:30] What you need to consider when planning a management review. [03:20] The different ways to deliver a management review. [06:10] Facilitating a management review and emphasising continual improvement. [06:47] Different inputs you can include in the management review. [07:45] Chairing a meeting and how to inspire confidence during management review meetings. [08:55] Key aspects of what to include in your management review report. [10:05] The purpose of a management review. [10:34] The importance of transferring agreed actions into deliverable continuable improvement. If you need assistance with implementing ISO 14001, ISO 27001, or another standard – Contact us! We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

This episode is part 1 of our 3-part series on Management Review, explaining exactly what Management Review is and how most companies carry them out. Today, Mel looks at what the Standards require from a Management Review, the different areas Management Review addresses, and how companies can carry out a Management Review for the first time. You’ll learn What a Management Review is. How to get started with a Management Review for the first time. Why Management Review is so important. How to do Management Review the right way. Management Review best practice dos and don’ts. What the Standard requires from a Management Review. Resources isology Hub Blackmores   In this episode, we talk about: [00:44] Which ISO standards have a requirement for Management Review. [02:50] Why Management Review is important. [03:53] Different areas Management Review addresses. [04:26] The importance of being flexible with your objectives and when to look for trends. [05:40] The main reason for carrying out a Management Review. [06:10] What the Standard requires from a Management Review. [06:55] What you should include in your Management Review. [08:08] What the Standard says about inputs. [09:42] How often you should review your objectives and trends. [11:18] How the Standard helps you understand what the outputs of your review should look like. For members of the isologyhub, we have a few Management Review templates available for download. We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

This episode is the final part of our 7-part mini-series explaining our Carbonology service, a 7 step methodology to help companies become Carbon Neutral. This time, our resident Carbonologist David Algar is talking through the seventh step of the Carbonology process, ‘Declare’. David explains the purpose of a formal declaration, different ways companies can make their declaration, and the different ways you can promote your achievement of carbon neutrality. You’ll learn The purpose of a formal declaration. The key outcomes of the ‘Declare’ step. The different ways you can make a declaration. The pros and cons of doing your declaration internally. How long your declaration is valid for. Ways to promote achieving carbon neutrality. Resources Davids Calender isology Hub Blackmores   In this episode, we talk about: [01:56] A recap of the 7 steps to carbonology. [04:02] The purpose of having a formal declaration. [04:57] What the formal declaration involves. [06:55] Different ways to make a declaration and which one’s most popular. [08:31] How long your declaration is valid for. [09:20] The importance of having an unambiguous declaration. [10:07] The key outcomes and deliverables of the ‘Declare’ step. [10:43] How publicised your Qualifying Explanatory Statement should be. [11:27] Ways to promote achieving carbon neutrality. [13:42] What companies tend to do after achieving carbon neutrality. [14:23] Why it’s easier making a declaration in the second year. [15:15] How to find out more information about the 7 step methodology. [16:02] The importance of data. If you need assistance with implementing ISO 14064, PAS 2060, or another standard – Contact us! We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud

This episode is Part 6 of our 7-part mini-series explaining our Carbonology service, a 7 step methodology to help companies become Carbon Neutral. This time, our resident Carbonologist David Algar is talking through the sixth step of the Carbonology process, ‘Offset’. David explains what companies can do to offset emissions, how offsetting works in relation to PAS 2060, and the importance of picking the right Offset provider. You’ll learn Different types of Offsetting. How Offsetting works in relation to PAS 2060. How long Carbon Offsetting Credits last. What to consider before buying an Offset. The importance of picking the right Offset provider. Resources UK Woodland Carbon Code United Nations Offset Platform The Gold Standard Greenhouse Gas Protocol ISOlogy Hub Blackmores   In this episode, we talk about: [01:43] The five steps before you go down the route of Offsetting. [02:12] Why Offsetting is a controversial topic. [03:03] How Offsetting works in PAS 2060. [03:41] What Offsetting is and how Carbon Credits work. [04:59] Credible Offsetting schemes in the UK. [07:58] Key considerations you need to consider when buying a Carbon Offset. [10:48] How PAS 2060 helps companies prove they really are carbon neutral. [12:20] How Carbonologists help their clients know which schemes meet the requirements of PAS 2060 and which don’t. If you need assistance with implementing ISO 14064, PAS 2060, or another standard – Contact us! If you’d like to book a free consultation with our Carbonologist, David Algar, feel free to book a slot Here. We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud

This episode is Part 5 of our 7-part mini-series explaining our Carbonology service, a 7 step methodology to help companies become Carbon Neutral. This time, our resident Carbonologist David Algar is talking through the fifth step of the Carbonology process, ‘Re-quantify’. David explains why it’s important to recalculate your emissions after measures have been put in place from the Reduce stage, what to do if you're not hitting your targets, and how the ‘Re-quantification’ stage can help your public image. You’ll learn What ‘Re-quantification’ is. Why ‘Re-quantification’ is so important. Ways to identify how specific areas of your business have performed. What to do if you’re not hitting targets. How to follow a carbon reduction plan while in a state of growth. How the ‘Re-quantification’ stage can help your public image. Resources isology Hub Blackmores   In this episode, we talk about: [01:05] The seven steps of carbonology. [01:32] Why it’s so important to ‘re-quantify’. [02:31] The real purpose of the ‘re-quantification’ stage. [05:16] How to feel if you’re not hitting your targets. [05:50] The importance of consistency, accuracy, and transparency in ISO 14064 and PAS 2060. [07:20] How to follow a carbon reduction plan while in a state of growth. [08:34] The key outcomes and deliverables in your ‘Re-quantification’ stage. [09:30] Our free carbon neutral checklist. Download your free Carbonology Checklist here If you need assistance with implementing ISO 14064, PAS 2060, or another standard – Contact us! We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud

This episode is Part 4 of our 7-part mini-series explaining our Carbonology service, a 7 step methodology to help companies become Carbon Neutral. This time, our resident Carbonologist David Algar is talking through the fourth step of the Carbonology process, ‘Reduce’. David explains how we can put our Carbon Reduction Plan into action so we can see clear tangible results in our reductions, and the benefits this brings to organisations and their employees. You’ll learn How the ‘Reduce’ phase in the Carbonology process works. How to monitor how successful your initiatives are. The importance of communicating your reduction plan to your staff. How to get your staff excited about your carbon reduction plan. The value of externally communicating your commitment to carbon reduction. How having a sustainability group can help your business. Resources Energy Savings Opportunity Scheme isology Hub Blackmores   In this episode, we talk about: [03:05] The ‘reduce’ phase of the Carbonology process. [04:36] The need to make your staff aware of your carbon reduction plan. [05:13] How to best manage communications with staff around carbon reductions. [06:36] How a carbon reduction plan can be beneficial for an organisation and their staff. [07:26] How to best monitor the success of your initiatives and the benefits this has. [11:11] The benefits of reducing your carbon footprint rather than offsetting it. If you need assistance with implementing ISO 14064, PAS 2060, or another standard – Contact us! We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud

This episode is Part 3 of our 7-part mini-series explaining our Carbonology service, a 7 step methodology to help companies become Carbon Neutral. Our resident Carbonologist David Algar is back to talk through the third step of the Carbonology process, Commitment. David explains how organisations can identify the type of targets to put in place, the importance of having a launch and communications plan, and shares some popular ways organisations can reduce their carbon emissions. You’ll learn How organisations can set targets for their Carbon Neutrality. Why it’s important to make a formal commitment. Popular ways organisations reduce their carbon emissions. The benefits of changing your vehicles from diesel to electric. Some of the incentives to achieve emission reductions. The importance of having your staff involved with your plan. Resources isology Hub Blackmores   In this episode, we talk about: [02:19] How to begin the commitment stage of Carbonology. [04:00] Why organisations need a plan to achieve PAS 2060. [05:27] Popular ways organisations can reduce their carbon emissions. [06:40] The approach you need to take when setting targets. [09:30] Typical targets organisations can put in place. [11:31] The importance of having a launch and communications plan. [12:06] The typical outcomes and deliverables organisations will be provided. [13:31] The expectation of businesses to have a carbon footprint management plan. [14:19] The importance of having your staff involved with your plan. If you need assistance with implementing ISO 14064, PAS 2060, or another standard – Contact us! We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud

This episode is the second of our 7-part mini-series explaining our Carbonology service, a 7 step methodology to help companies become Carbon Neutral. We’re joined by our resident Carbonologist David Algar to talk through the second step of the Carbonology process, Quantify. What does the Quantify Step entail? Calculating your emissions : This will be carried out for Scope 1 2 and 3 emissions. Scope 1 refers to sources you own, and are direct emissions from combustion or fugitive emissions from systems that contain GHGs, so gases that have escaped from somewhere they shouldn’t have such as an AC system. Scope 2 are emissions from imported energy, this refers to electricity for most organisations but can also include steam, heating and cooling. For ISO 14064 and PAS 2060 you’ll need to quantify 100% of the Scope 1 and 2 emissions within boundaries Scope 3 refers to all other indirect emissions from sources you don’t own or necessarily have control over. For example business travel in vehicles your staff own. Scope 3 makes up the majority of emissions for most organisations and is generally more complex to gather data for.   What information do you need to quantify your emissions? You’ll need to collect and process data. This can be: Activity or financial data on a specific source. Common examples include utilities bills, meter readings and expense reports for business travel or fright Interviews and surveys. For instance a survey to better understand how staff commute to work, or the proportion of staff that work from home.   Why is Transparency so important? There are 6 key principles of ISO 14064, but one David is particularly mindful of is Transparency. Ultimately your work will be made publicly available, and not everyone may agree with your methods, but you’ll need to record all estimates, assumptions, exclusions, and uncertainties associated with your methods. As well as generally being good practice, being transparent allows the end user of the work you produce to make informed decisions with a reasonable degree of confidence. So what’s the purpose of quantification? As well as giving you a total footprint for a specific time period, calculating your carbon footprint will enable you to do a few things:   Firstly you’ll be able to see what are the most emission-intense areas of your organisation, i.e. where the emissions are coming from, whether this is a specific location, or activity or even department   Secondly, by using this information you will be able to prioritise the areas that need to have their emissions reduced. This will form the basis of your Carbon Footprint Management Plan which we will go into more detail on in the next few episodes.   What are the Outcome and Deliverables? One outcome of this exercise is a GHG Inventory. This is a requirement of ISO 14064 and put simply, is a big list of categorised emission sources, and the specific GHGs they produce. Here you’ll also list all emission conversion factors you used to turn activity data into tonnes of specific GHGs. Another useful outcome is that you’ll be able to instantly and credibly respond to any tenders that require you present green credentials. As we’ve mentioned in previous podcasts, in the UK it is now a requirement for most large public sector contracts for the tendering organisation to outline its emissions. Being able to easily present your carbon footprint to a potential tender could help in winning new business, particularly if you’ve completed this in line with an international recognised standard Join us next week as we move onto the next step, Commit. If you need assistance with implementing ISO 14064, PAS 2060, or another standard – Contact us! David Algar is also available for a free Carbonology consultation until the end of March – Book your slot Here We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud

This episode is the first of our 7-part mini-series explaining our Carbonology service, a 7 step methodology to help companies become Carbon Neutral. We’re joined by our resident Carbonologist David Algar to talk through the first step of the Carbonology process, Define. David explains why the define stage is so important, what it entails, and how it works. You’ll learn The seven steps in Carbonology. The importance of defining your carbon output. How to get a better understanding of your emissions. The recommended approach to define the subject and boundaries. How to write the introduction for your QES. How to become carbon neutral. Resources isology Hub Blackmores   In this episode, we talk about: [02:38] What the seven steps of Carbonology are. [03:08] The first step to becoming carbon neutral. [03:52] How the define stage in Carbonology works. [04:42] What Carbonology boundaries in an organisation may look like. [06:20] The importance of identifying the people involved with Carbonology work. [07:00] The type of people that are normally involved with managing the Carbonology standards in a business. [08:25] How organisations can determine the selection of the subject. [09:49] Why it’s important to clearly define the subject and your boundaries. [10:33] The recommended approach to define the subject and boundaries. [12:17] The outcomes and deliverables that are provided through the define stage. [13:35] Who the Qualifying Explanatory Statement has to be shared with. If you need assistance with implementing ISO 14064, PAS 2060, or another standard – Contact us! David Algar is also available for a free Carbonology consultation until the end of March – Book your slot Here We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud

This episode we’re joined by the Founder of Slip Safety Services, and host of ‘The Safety and Risk Success Podcast' Christian Harris to talk about how Chris got into the business, the seriousness of slips, trips, and falls for both employers and employees, and the four main costs of Health and Safety. Slips and trips cost UK employers approximately £512 million per year in lost production and other costs and are the leading cause of workplace injuries. Christian explains how the UK court system works for criminal health and safety offences, why safety is such a key foundation of an organizations success, and how creating a better safety culture can increase a company’s profitability. LinkedIn: https://www.linkedin.com/in/christian-harris-slip-safety/ You’ll learn How Christian got into the health and safety industry. The seriousness of Slips, Trips and Falls injuries to individuals. The cost of Slips, Trips, and Falls to employers. The average claims from Slips, Trips, and Falls. How creating a better safety culture can increase the profitability of a company. Why safety is such a key foundation of an organisations success. The 6-figure fines UK organisations have faced in recent years. How the UK court system works for criminal health and safety offences. Resources Slip Safety Services AXA Insurance Slip Safety Score Card Blackmores   In this episode, we talk about: [02:45] How Christian went from being a management consultant to becoming a safety specialist. [03:51] The health and safety incident that changed Christian’s life. [06:40] The psychological effect of living through an accident and how the incident has shaped the work Christian does. [08:30] The four financial costs involved with Slips, Trips, and Falls. [11:26] How the UK court system works for criminal health and safety offences. [13:20] The criminal costs of accidents and how much money is claimed each year. [15:13] The percentage of claims that get paid out. [16:15] The difference between manual handling and Slips, Trips, and Falls. [17:23] The positive benefits of creating a better safety culture. [21:28] The slip safety scorecard and how you can access it. If you need assistance with implementing ISO 45001, ISO 45003, or another standard – Contact us! We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud

This episode, we’re joined by Transformational Marketing Strategist, Podcaster, and Speaker Jürgen Strauss to talk about ISO 9001, and how businesses can identify their ideal client. All businesses need customers and they need to understand who their ideal client would be, as only then can you clearly identify what your ideal clients needs are. Jürgen explains how to identify your ideal client, how using an empathy map can assist with this, and how this all influences your marketing strategy. Contact Jürgen on LinkedIn: https://au.linkedin.com/in/jurgenstrauss You’ll learn Why every business needs to have a model of their ideal client. How to understand who the ideal customer for your business is. Why mapping out your customer journey is so important. Ways you can build a relationship with your clients through an empathy map. When it’s right to turn business away and how to reject customers. Why customer journeys are important from a marketing perspective. Why it’s important to document every process and system in your business. Resources Innovabuzz XPLANE Blackmores   In this episode, we talk about: [02:37] How Jürgen Strauss was involved in ISO 9001 implementation and how it helped him improve his business efficiency. [04:20] How Jürgen developed his podcast based on the principles of ISO 9001. [06:15] The global audience you can reach through podcasting. [07:27] What makes a ‘dream customer’ and how Jürgen reaches them through his podcast. [09:00] Why it’s important to have an ideal client for your business. [12:23] How to identify who your ideal client is and what they’re needs are. [14:23] What an Empathy map is and how the tool can help you locate your dream client. [18:42] How an Empathy map helps you truly understand your customers. [22:36] How to reject a client that you don’t want to work with. [24:13] Why it’s important to identify what the customer journey is and how it relates to marketing. [28:35] The circular nature of the customer journey. [30:22] The importance of creating processes and systems, and common resistance points people have with creating an ideal client profile. If you need assistance with implementing ISO 9001 or another standard – Contact us! We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud

This episode, we’re joined by Paul Robinson our Managing Consultant at Blackmores to talk about ISO 50001 – the Energy Management Standard. Paul gives us some guidance and advice on how to audit and implement this standard effectively and how you can make improvements in your energy management. We also talk about some common techniques to reduce energy consumption, how to increase a buildings energy efficiency, and how to monitor if equipment is being used in line with good practice. You’ll learn How to make improvements in your energy management. How to implement the energy management standard ISO 50001. The purpose and benefits of carrying out internal audits. Common techniques to reduce energy consumption. How to increase a buildings energy efficiency. Why everyone should switch to LED lights. Resources isology Hub Blackmores   In this episode, we talk about: [02:25] The purpose and benefits of carrying out internal audits. [03:31] Benefits data centres have had as a result of auditing. [04:45] How an organization can set up a robust audit programme. [07:23] The impact a building’s design has on its energy efficiency and how this can be improved. [10:16] The importance of monitoring systems and the power of automation. [11:59] How to know which maintenance companies to work with. [13:13] How to know if equipment is being used with good practice. [15:26] The benefits of raising opportunities of improvement to management. [17:59] Common opportunities for businesses to improve their energy management. [21:24] Evidence you expect to see when carrying out an ISO 50001 audit. If you need assistance with implementing ISO 50001 or another standard – Contact us! We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud

We’re diving further into sustainability and best practices today as Mel is joined by Kit Oung who is a leading energy consultant with a wealth of experience spanning the last 25 years. Kit is an energy and resource efficiency practitioner, consultant, trainer, and author on the subject of energy and resource efficiency; operational excellence, and triple bottom line. Notable engagements include: designing regulations in the UK (energy and climate change regulations); Sharjah, UAE (mandatory Health and Safety awareness), and Singapore (waste regulation); drafting guidebooks on integrated management systems (ISO), energy efficiency (UNEP), ISO 50001 (ISO/UNIDO) and promoting of good governance in energy, environment, and health safety in India, Zambia, UAE, Qatar, Saudi Arabia, Oman, and Nigeria. Kit is the author of Energy Management in Business: The Manager’s Guide to Maximising and Sustaining Energy Reduction (Gower, 2013), and coauthor of Best Practices and Case Studies for Industrial Energy Efficiency Improvement (UNEP, 2016). He also assisted in the technical review of ISO 50001: Energy management systems – A practical guide for SMEs (ISO, 2015). Kit serves on IChemE’s Congress, IChemE’s Energy Community of Practice, IChemE’s annual sustainability awards judging panel, UNIDO’s global energy management leadership awards judging panel, and take part in developing National, Regional and International standards. He chaired ISO 14002-2 (current), ISO 50002 (current), PAS51215, EN16247-3, and participated in the development of ISO 14001 series, ISO 50001 series, and EN16247 series of standards. Today, we’re looking at how to make energy sustainability strategies actionable, what the drivers for energy sustainability are, and how we can gain and maintain management commitment in sustainable energy practices. We’ll also have a sneak peak into Kit’s upcoming book: People, Planet, Profit: Environmentally and Socially Sustainable Business Strategies (Which you can pre-order! Link available under Resources) You’ll learn The importance of leaders, managers and engineers all playing their parts in sustainability strategies. What needs to be in place for sustainability strategies to be actionable. How the drivers for energy sustainability differ in different geographical locations. The extent of the destruction of our forests and seas and why we aren't doing anything about it. Different low cost fuel saving technologies. How to gain and maintain management commitment in sustainable energy practices. How to break down your energy consumption and make it visible The psychological benefits of celebration. Resources Pre-order: People, Planet, Profit: Environmentally and Socially Sustainable Business Strategies Start with Why Get in contact with Kit Oung   In this episode, we talk about: [02:12] Kit’s experience in working with energy management and sustainable initiatives. [05:48] Key aspects that need to be in place for a sustainability strategy to be actionable and have real influence on a company’s products and services. [10:40] A case study of how British Airways has integrated sustainability into their business structure. [15:15] The main drivers of sustainability practices in the Middle East. [17:12] What inspired Kit to write his new book - People, Planet, Profit: Environmentally and Socially Sustainable Business Strategies [21:20] Low cost technologies businesses can use to reduce their energy consumption. [23:48] The three elements you need in an organisation to effectively control your energy consumption. [25:40] How to gain and maintain management commitment. [28:30] The importance of understanding every aspect of an organisation's processes and the hidden costs around waste materials. [32:34] The importance of measuring consumption of resources and benchmarking. [34:16] How to break down your energy consumption and make it visible. [38:26] How external providers can help companies with the technical aspect of the data. [40:48] How to break down implementation barriers in companies. [47:03] The psychological benefits of celebration. We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud

Today we’re joined by the Director of Morgan Green Advisory, Hayden Morgan. Hayden is an independent consultant with a mission to enable a sustainable, lower-carbon future. He has been pioneering sustainability within the finance sector for almost 25 years, and provides award-winning insights and solutions, focusing on transitioning to beneficial outcomes. Today we talk about sustainable finance and the work Hayden is doing with leading experts from over 25 countries to develop the new global sustainability standard for financial organisations ISO 32210... You’ll learn What sustainable finance is and how it works. The best way to get involved with the ISO 32210 standard. The need for a standardised label for sustainable infrastructure. The benefits of implementing the new ISO 32210 standard. When ISO 32210 will be available for organisations to implement. The rise of climate risk strategies in financial markets. Resources Morgan Green Advisory Blackmores   In this episode, we talk about: [02:24] How Hayden got involved in working in global sustainability. [04:05] The work Hayden’s been doing on the new sustainable finance standard. [04:56] How you can get involved with the new ISO 32210 standard. [06:48] Hayden’s involvement advising the world bank around the development of a label for sustainable infrastructure. [10:42] The pilot projects taking part in a sustainable infrastructure label. [11:51] What sustainable finance is. [12:39] The principles of the ISO 32210 standard and how it complements other requirements. [15:30] The implementation guidance for ISO 32210’s principles. [17:09] The best practice resources that will be available to help people implement the standard. [18:17] The benefits of implementing the ISO 32210 standard. [22:16] The plans for the standard and the expected launch date for the ISO 32210 standard. [23:41] The sustainable integration work and climate risk strategies Hayden works on at Morgan Green Advisory. If you need assistance with implementing ISO 32210 or another standard – Contact us! We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud

We’re joined again by Paul Robinson, Managing Consultant at Blackmores. Last week Paul summarised the importance of energy management and introduced us to ISO 50001. This week, he delves deeper into the individual clauses of the Standard to break down what’s required in a typical Energy Management System.   What you’ll learn: The main clauses and requirements of ISO 50001 Examples of ISO 50001’s application in other Businesses based on Paul’s experience   What are the main clauses of ISO 50001? ISO 50001 has been aligned with the Annex SL format since 2018 so that it may be more easily integrated with other ISO Standards. The clauses are as follows: Clauses 1, 2 and 3 – These are all explanatory clauses, starting with the scope, then Normative References and lastly Terms and Definitions.   Clause 4 – Context of the Organisation: Here you would define the scope and boundaries of your energy management system and understanding the processes affected. This includes looking at your energy inputs and outputs. You’ll also address any energy issues that affect you and interested parties involved.     Clause 5 – Leadership: This refers to Top Management commitment, which is necessary if you want your energy management system to be successful. They will need to provide resources required to implement an energy policy, and to define roles and responsibilities.   Clause 6 – Planning: This is a central pillar behind every Energy Management System as it talks about strategic and tactical considerations. This includes high-level issues, the needs and expectations of interested parties and the risks and opportunities associated with them in an energy context.     This clause also includes an Energy Review, which will help you build a picture of your energy sources and current consumption. From that you can start setting your Objectives and Targets and actions going forward using energy baselines and energy performance indicators established from the Energy Review.   Clause 7 – Support: This clause talks about provision of resources, competencies, awareness, communication and documented information required for energy management.   Clause 8 – Operation: This is where operational controls are defined to help you manage your energy effectively. It also covers design and procurement, which means procuring of energy, consuming assets and having effective processes in place to ensure energy is a key consideration when making infrastructure changes.     Clause 9 – Performance Evaluation: ISO 50001 is very data driven and clause 9 states the requirements for monitoring and measurement of your energy use, which will be used to demonstrate your improvement in energy efficiency. This clause also covers Internal Audits and Management Review to ensure the Management System is performing effectively.   Clause 10 – Improvement: This clause talks about taking opportunities that drive continual improvement in the Management System, but also recognizing that sometimes things go wrong. It also addresses significant deviations and a structure to investigate and correct those deviations to keep the management system on track.   What can go wrong?: Based on his experience, Paul highlighted some issues he’s seen in existing Management Systems: Not aligning an Energy Management system with Company Objectives Lack of financial resources Having the Management system built and run by only one person – This becomes a single point of failure Confusion in responding to energy deviations – lack of communication of a process to correct non-conformities Rushed creation – Energy Management Systems created in a short span of time may not be properly embedded into the business and can lead to the issues listed above.   That’s it from Paul this week! For further information on ISO 50001, visit our Standards page Here. We also have an ISO 50001 Handbook available to members of the isologyhub, sign up here to grab a copy. If you’re just getting started with ISO, we do have a free ISO Blueprint available for download to help you to plan, create, launch and get certified to ISO Standards. We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud

Today we’re joined by Paul Robinson, Managing Consultant at Blackmores. Paul is here to introduce the Energy Management Standard, ISO 50001, why it’s important and give you an overview of its basic structure. What you’ll learn: Why energy management is so critical in the current climate crisis The main purpose of ISO 50001 A summary of the clauses within ISO 50001   Why have an Energy Management Standard? There’s a big focus on trying to maintain global warming to that 1.5 degrees increase. Right now, we’re failing on that. In order to get this back on track we need to consider our current energy consumption. During COP26 we heard a lot about phasing out coal power, unfortunately there are some countries who are resistant to that and as a result have had the requirements watered down. Regardless, energy use continues to rise as does the demand. Energy Management is particularly relevant for organisations who want to measure their impact and put measures in place to reduce their environmental footprint.   Why is it so important to restrict Global Warming to 1.5 degrees? It’s literally the difference between survival. We’re at a tipping point now, failing to stick to this 1.5 degrees will result in rising sea levels and rising temperatures. Paul shares his experience working in Cyprus where it’s not uncommon now for the temperature to reach 45 degrees. This isn’t sustainable and it will get to the point where it’s difficult for humans to survive if we keep going at this rate.    What is the main purpose of ISO 50001? ISO 50001 includes continually improving energy performance, energy efficiency, energy use and energy consumption. Building an energy management system will help you to understand, monitor and measure your use of energy, and like most other ISO’s, continual improvement is at the heart of ISO 50001. Key factors it addresses are energy performance, energy efficiency and energy consumption.   What are the main clauses of ISO 50001? ISO 50001 went through it’s latest revision in 2018, aligning it with the Annex SL format that many other ISO’s use. The clauses are as follows: Clauses 1, 2 and 3 – These are all explanatory clauses, starting with the scope, then Normative References and lastly Terms and Definitions.   Clause 4 – Context of the Organisation: Here you would define the scope and boundaries of your energy management system and understanding the processes affected. This includes looking at your energy inputs and outputs. You’ll also address any energy issues that affect you and interested parties involved.     Clause 5 – Leadership: This refers to Top Management commitment, which is necessary if you want your energy management system to be successful. They will need to provide resources required to implement an energy policy, and to define roles and responsibilities.   Clause 6 – Planning: This is a central pillar behind every Energy Management System as it talks about strategic and tactical considerations. This includes high-level issues, the needs and expectations of interested parties and the risks and opportunities associated with them in an energy context.     This clause also includes an Energy Review, which will help you build a picture of your energy sources and current consumption. From that you can start setting your Objectives and Targets and actions going forward using energy baselines and energy performance indicators established from the Energy Review.   Clause 7 – Support: This clause talks about provision of resources, competencies, awareness, communication and documented information required for energy management.   Clause 8 – Operation: This is where operational controls are defined to help you manage your energy effectively. It also covers design and procurement, which means procuring of energy, consuming assets and having effective processes in place to ensure energy is a key consideration when making infrastructure changes.     Clause 9 – Performance Evaluation: ISO 50001 is very data driven and clause 9 states the requirements for monitoring and measurement of your energy use, which will be used to demonstrate your improvement in energy efficiency. This clause also covers Internal Audits and Management Review to ensure the Management System is performing effectively.   Clause 10 – Improvement: This clause talks about taking opportunities that drive continual improvement in the Management System, but also recognizing that sometimes things go wrong. It also addresses significant deviations and a structure to investigate and correct those deviations to keep the management system on track.   That’s it from Paul this week! For further information on ISO 50001, visit our Standards page Here. We also have an ISO 50001 Handbook available to members of the isologyhub, sign up here to grab a copy. If you’re just getting started with ISO, we do have a free ISO Blueprint available for download to help you to plan, create, launch and get certified to ISO Standards. We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud

This week Mel and Darren delve into the different factors that can impact on workers Mental Health: Aspects of how work is organised: Remote and isolated work Working in locations that are far from home, family, friends and usual support networks Working alone in non-remote locations without social/human interaction Working in private homes Workload and work pace Work overload or underload High levels of time pressure Continually subject to deadlines Machine pacing High level of repetitive work Working hours and schedule Lack of variety of work Shift work Inflexible work schedules Unpredictable hours Long or unsociable hours Fragmented work or work that is not meaningful Continual requirements to complete work at short notice Job security and precarious work Uncertainty regarding work availability, including work without set hours Possibility of redundancy or temporary loss of work with reduced pay Low-paid or insecure employment, including non-standard employment Working in situations that are not properly covered or protected by labour law or social protection   Social Factors at work: Interpersonal relationships Poor communication, including poor information sharing Poor relationships between managers or others that workers interact with Interpersonal conflict Harassment, bullying, victimization Lack of social support Unequal power relationships between dominant and non-dominant groups of workers Social or physical isolation Leadership Lack of clear vision and objectives Management style unsuited to the nature of the work and its demand Failing to listen or only casually listening to complaints and suggestions Withholding information Providing inadequate communication and support Lack of accountability Lack of fairness Inconsistent and poor decision-making practices Abuse or misuse of power Organizational/workgroup culture Poor communication Low levels of support for problem-solving and personal development Lack of definition of, or agreement on, organisational objectives Inconsistent and untimely application of policies and procedures, unfair decision-making Recognition and reward Imbalance between workers’ effort and formal and informal recognition and reward Lack of appropriate acknowledgement and appreciation of workers’ efforts in a fair and timely manner Career development Career stagnation and uncertainty, under-promotion or over-promotion, lack of opportunity for skill development Support Lack of support from supervisors and co-workers Lack of access to support services Lack of information/training to support work performance Supervision Lack of constructive performance feedback and evaluation processes Lack of encouragement/acknowledgement Lack of communication Lack of shared organisational vision and clear objectives Lack of support and/or resources to facilitate improvements in performance Lack of fairness Misuse of digital surveillance Civility and respect Lack of trust, honesty, respect, civility and fairness Lack of respect and consideration in interactions among workers, as well as with customers, clients and the public Work/life balance Work tasks, roles, schedules or expectations that cause workers to continue working in their own time Conflicting demands of work and home Work that impacts the workers’ ability to recover Violence at work Incidents involving an explicit or implicit challenge to health, safety or well-being at work; violence can be internal, external or client initiated, e.g.: Abuse Threats Assault (physical, verbal or sexual) Gender-based violence Harassment Unwanted, offensive, intimidating behaviours (sexual or non-sexual in nature) which relate to one or more specific characteristic of the targeted individual, e.g. Race Gender identity Religion or belief Sexual orientation Disability Age Bullying and victimization Repeated (more than once) unreasonable behaviours which can present a risk to health, safety and well-being at work; behaviours can be overt or covert, e.g. Social or physical isolation Assigning meaningless or unfavourable tasks Name-calling, insults and intimidation Undermining behaviour Undue public criticism Withholding information or resources critical for one’s job Malicious rumours or gossiping Assigning impossible deadlines   Work environment, equipment and hazardous tasks Work environment, equipment and hazardous tasks Inadequate equipment availability, suitability, reliability, maintenance or repair Poor workplace conditions such as lack of space, poor lighting and excessive noise Lack of the necessary tools, equipment or other resources to complete work tasks Working in extreme conditions or situations Working in unstable environments such as conflict zones How can we identify psychological hazards in our workplaces? There are several ways that the organization can identify psychosocial hazards, this can include (but not limited to): Through reviews of job descriptions Analysing tasks, schedules and locations Consulting with workers, clients and other interested parties Analysing performance evaluations, standardized questionnaires, audits, etc.   We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help, and we read each one.

The Importance of Mental Health: Mental health can influence how we think and feel about ourselves and others as well as we interpret events. It affects our capacity to learn, communicate and to form, sustain and end relationships, influencing our ability to cope with change, transition and life events Good mental health is as important as good physical health to our life and wellbeing Work plays an important part in our health (both physical and mental). People who are in work are, overall, healthier and happier. But sometimes work can have a negative impact on our health At work we should aim to create an environment which fosters good mental health and eliminates or minimises a work environment which can have a negative impact on mental health.   Who’s most at risk? Identification of who could be harmed or at risk of harm psychologically can be complex, with varying factors, including (but not limited to): Age Personality and psychosocial factors Sleep Medical condition of oneself or other(s) close to the individual The activity – type, frequency and duration Relationships (work and non-work) Financial Lifestyle There is no single way to manage and reduce stress, what works for one person, may not work for another.   What are the negative outcomes for employees? Poor health and associated conditions Cardiovascular disease, musculoskeletal disorders, diabetes, anxiety, depression, sleep disorders, and associated health behaviours Substance abuse, unhealthy eating Reduction in job satisfaction, commitment, and productivity   What are negative outcomes for the organisation? Includes increased costs due to absence from work Turnover Reduced turnover or service quality Increased recruitment and retraining costs Workplace investigations and litigation Damage to the organisation’s reputation   If we get mental health right – what’s the upside? Improved job satisfaction Improved worker engagement Increased productivity Increased innovation Organisational sustainability can be achieved   What is ISO 45003? ISO 45003 has been published to provide guidance on the management of psychosocial risks and promoting well-being at work. Intended to be used together with ISO 45001 as part of an occupational health and safety (OH&S) management system, the guidelines are suitable for all sectors and types of organisations. Defines Psychosocial risk as ‘combination of the likelihood of occurrence of exposure to work-related hazard(s) of a psychosocial nature and the severity of injury that can be caused by these hazard(s)’. ISO 45003 is a guidance standard only. It is intended to complement the requirements in ISO 45001 and guide organisations on how to address OH&S issues relating to psychological health within their general OH&S management system.   What are the aims? Therefore, it is critically important for the organisation to eliminate hazards and minimise OH&S risks by taking effective preventive and protective measures, which include measures to manage psychosocial risks. Psychosocial hazards are increasingly recognized as major challenges to health, safety, and well-being at work. What are the psychosocial hazards? Psychosocial hazards relate to how work is organized, social factors at work and aspects of the work environment, equipment, and hazardous tasks. Psychosocial hazards can be present in all organisations and sectors, and from all kinds of work tasks, equipment, and employment arrangements. Psychosocial risk relates to the potential of these types of hazards to cause several types of outcomes on individual health and safety, well-being and on organisational performance and sustainability. It is important that psychosocial risks are managed in a manner consistent with other OH&S risks, through an OH&S management system.   What are the signs of exposure to Psychosocial risk? Changes in behaviour Social isolation or withdrawal, refusing offers of help or neglecting personal well-being needs Increased absence from work or coming to work when ill Lack of engagement Reduced energy High staff turnover Low quality performance or failure to complete tasks/assignments on time (presenteeism) Reduced desire to work with others Conflicts, lack of willingness to co-operate, and bullying Increased frequency of incidents or errors   What are the considerations in risk assessments? At work, many situations (basic through to complex) are risk assessed, however, many assessments fail in relation to causes of psychological problems. Is the work the issue, or is it perceived that the work is causing or making a situation worse? The actual cause may be different or a combination of factors, inside and outside of work. The HSE defines stress as 'the adverse reaction people have to excessive pressures or other types of demand placed on them', and states: Every employer has a legal duty to assess and protect employees from work-related stress under the Management of Health and Safety Regulations 1999. Stress is a major cause of sickness absence in the workplace and costs over £5 billion a year in Great Britain.   How does ISO 45003 support ISO 45001? It is recognised that psychological health, safety and well-being are not always fully addressed within OH&S management. The standard is designed to help organisations better understand and address these aspects of OH&S management so that their system covers all aspects of health and safety, not just those that We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help, and we read each one.

One of the first steps towards becoming more sustainable is knowing where you currently stand in terms of your emissions. Calculating this may seem like a mammoth task, especially if you have multiple sites or assets such as company vehicles to keep track of. David Algar joins Mel today to discuss how to calculate your Green House Gas (GHG) emissions, starting from Establishing boundaries through to number crunching and quantification. What is the first step when embarking on quantifying your GHG emissions? One of the first steps is getting leadership commitment - This allows for quicker decision making and the allocation of roles and responsibilities, which really helps with the data collection Once you have this leadership commitment, the next steps is to start establishing boundaries. So how do you define your boundaries? There are 2 ways you define your boundaries as specified in ISO 14064-1: The first are your organisational boundaries, you’ll need to outline which facilities are included within the quantification. It is not as simple as just saying ‘everything’, you’ll need to specify which sites, buildings, factories etc You can define your organisational boundaries via the control approach, so what facilities do you have financial or operation control over? Or the equity share approach, where you account for your portion of emissions and removals from facilities The next step is defining your reporting boundaries. This refers to activities and specific sources of GHGs. Emission sources are split up into 3 categories; Scope 1 – direct emissions from combustion, or leaks, normally at sources you own , Scope 2 – indirect emissions from imported energy, and Scope 3 – all other indirect emissions, these will be from sources you don’t necessarily own or have much control over such as staff commuting, supply chains or emissions from the use of products you manufacture Depending on your organisation, Scope 3 will account for somewhere between 60-80% of your total emissions. How would you recommend going about collecting to data? ISO 14064-1 wants you to have primary data, i.e. data you have collected yourself. Some of the most common sources of the information you’ll need to quantify your emissions include, utilities bills, expense claim, meter readings. What some organisations are doing is sending out simple surveys to staff to gather information on commuting habits or the mix of home and office working. In the real world all the information you need isn’t going to be available, or at least it won’t be available in the way you would like. it’s important to have someone dedicated managing data collection as this may involve multiple sites or international locations. Ideally, you’d start setting a framework to use when going forward and to make sure you can collect the relevant data each year.           Selecting a base year   If this is the first time you have quantified your emissions, it will automatically become your base year. This will be the year you compare future emissions against, and track reductions against, whether they are absolute, or intensity based, such as tonnes of CO2e per employee or product sold You may have to re-visit your base year calculations if new data or more accurate methods arise. A base year review may also be required if there has been a change in organisational boundaries due to a merger or acquisition.   The Number Crunching At the end of the process, we want to see our levels of emissions for each of the Kyoto gases, this will allow us to see emissions as tonnes of CO2 equivalent when each gases’ global warming potential has been taken into account. Some gases can have global warming potentials 200 times or 1,000 times or even over 20,000 times stronger than CO2 on its own, hence why even the smallest leak of can be important, say, from an air conditioning system. We calculate emission from specific sources by using conversion factors. In the UK we are very lucky to have emission conversion factors published publicly by the Department for Business, Energy & Industrial Strategy every year going back to 2002 Other countries release conversion factors too, so if you have sites round the world, you should be able to find factors that can be applied. This may involve converting some units though. The data isn’t always going to be available in the ideal format, so you’ll need to spend a bit of time on Google identifying rates for specific areas and years if you don’t have anything else to go on. Liaising with landlords and facilities management is always a good idea, not only to collect data, but to help with implementing initiatives that can reduce emissions in the future   Estimates, Assumptions, Uncertainties and Transparency You’re going to have to make some assumptions as you go. In line with ISO 14064-1 you’ll need to be as accurate as possible even if this means someone going through individual lines of expenses to estimate flight distances based on ticket costs or coming up with a system to represent your supply chain. Another important aspect of ISO 14064-1 is transparency. The best way to manage this is to simply make all your calculations visible, this way they can be reviewed and sense-checked but others. For each emission source you’ll also need to assign it a level of uncertainty. For instance, expense claims are usually highly accurate as they show mileage from one location to another, and sometimes even record the specific vehicle, you could say this has an uncertainty of 2-5% for instance. At the other end of the scale calculating the emission from the life cycle of your products has a high degree of uncertainty as you don’t know how a customer will use it, how long it will last, how it will be disposed of or if it will even be used at all. This could have an uncertainty of 30-40% for instance A positive outcome of managing all these uncertainties is that you will have a framework going forward for calculating specific sources.   Managing your Emissions Going Forward – Applications of Quantification Ironically it is often the biggest emission sources that businesses have the smallest amount of control over, but there will usually be some action that can be taken to reduce them. Quantifying emissions is also one the first, and arguably the most essential steps towards achieving carbon neutrality, as you can’t get very far without knowing your emissions. PAS 2060 is the standard we use at Blackmores as part of our Carbonology service to help businesses achieve carbon neutrality, this is supported by quantifying emissions in line with the ISO 14064 methodologies we’ve mentioned In previous podcasts. Developing and implementing a carbon reduction plan to reduce emissions over subsequent reporting periods is another application of your GHG quantification and is an important part of working towards carbon neutrality. Further resources: Free Webinar - Targeting Carbon and Supporting Net Zero – hosted by Alcumus, David Algar will feature as a guest to help you understand your Carbon Footprint and provide a roadmap towards Carbon Neutrality. Register Here. We also have more information about our Carbonology service available Here. We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help, and we read each one.

Today we’re joined by Will Richardson, Founder and Managing Director of Green Element, to discuss how he helps other organizations become more environmentally friendly. Will established Green Element in 2004 with a desire to help as many businesses as possible to go green. A pioneer and early adopter of many now-mandatory environmental standards, his visionary approach, and inspiring leadership are exemplary. Will also runs a podcast that is constantly featured in the top of the eco podcasts, and is a current board member and Chairman of the British Kitesports Association; the NGB to Kitesports; helping push kite sports within the Olympic sporting ecosystem. In 2018, Will conceived Compare Your Footprint in response to demand from companies that want to reduce their carbon footprint but were not ready to engage with experts. This episode, he shares how companies can most effectively tackle their energy and carbon management, and the science behind carbon reductions... You’ll learn How Will helps organizations find the carbon footprint of their products. The importance of knowing the life cycle of your products. How to find out how much of an effect on the environment your product has. How long it takes to find out the life cycle of a product. How ‘Compare your Footprint’ helps organizations understand their carbon footprint and benchmark it. Different types of benchmarking you can do and how to do it. The science we know around carbon reductions. Why offsetting causes organizations to increase their emissions. Resources Blackmores The Green Element Website Compare your Footprint Sustainable Business Podcast Science Based Targets   In this episode, we talk about: [01:10] How Will got involved with sustainable energy and carbon management. [02:14] Why Will started his own business and how it’s changed over the years. [03:58] How Green Element helps organizations become more environmental. [05:15] The difference between the life cycle analysis for products or services. [06:24] How long it takes to work out a product’s life cycle. [07:30] The two different ways there are to look at carbon footprinting. [10:51] Different types of benchmarking you can do and how to do it. [14:26] How to successfully carry out energy data reporting and why you shouldn’t rush it. [17:59] The problems with net carbon zero and carbon neutral targets, and the benefits of Science Based Targets. [22:36] The complex nature of effective environmental strategies. If you need assistance with implementing sustainable practices – Contact us! We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud

Implementing an ISO can seem like a daunting task at first – There’s a lot to consider! Most importantly, are you implementing the Standard for the whole business – just one location? For just one Service? In today’s podcast – I’m going to share with you ‘how to establish the scope of your ISO System’ as it’s the number one consideration when you start planning your ISO Project. This will also help to determine timescales, costs and resources needed for your ISO Project. What is the ‘Scope’?... The scope of the EMS will clarify the organisational and physical boundaries to which your activities applies, particularly if the company is part of a larger organisation.  Your organisation has the freedom and flexibility to define these boundaries. Your company may choose to only include a specific activity, location, product, or service delivery.  How to calculate the scope… Most organisation’s, particularly if they are an SME (Small and medium enterprises with less than 250 employees) will include all aspects of their business activities within the scope of their EMS, and also their scope of certification to ISO 14001. Larger organisations, or SME’s across multiple locations (including international) may want to carefully consider the scope of certification as there will be additional costs and time factors to take into consideration.  Why defining the scope is so Important… Once your scope has been defined within your EMS, that this is what is included in ‘black and white’ on your certificate. Therefore, if one of the reasons to achieve certification is to impress your stakeholders with your environmental credentials, then being fully inclusive and transparent with a wider scope covering all your company activities, services and locations will be far more credible then a restricted scope. Consider what will have the biggest impact – where you can make the biggest difference. Further Resources: We have a super useful checklist on how to plan, create, launch and implement your ISO Project so that you can successfully achieve certification. Download your FREE ISO Standards blueprint here. Pssst!... Whilst your there, you may also want to check out our membership which includes all the tutorials, check sheets, templates and training to implement ISO Standards. As a member of the isologyhub we give you all the support that you need to make your ISO Project a reality and success. In this episode I will cover: [01.55] – What is the Scope? [03.45] – How to establish your scope [05.40] – Why defining the scope is so Important [06.20] – Expanding the scope of your certification [07.40] – Further considerations We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help, and we read each one.

Today, we’re joined by our resident Carbonologist David Algar to discuss SECR. What is SECR? SECR stands for Streamlined Energy and Carbon Reporting, it stemmed from The Companies Act (2006) which was updated in 2013 to require quoted companies to report annual emissions in their directors’ report. In 2018, the regulations were updated and an additional disclosure requirement for quoted companies was brought in. They now require energy use and associated GHG emissions to be reported by quoted companies, as well as by large, limited liability partnerships (LLPs).   Why was it introduced? To increase awareness of a business’ energy use and emissions and to encourage the introduction of initiatives to reduce energy usage. To provide organisations with the relevant data to make informed decisions. To help increase visibility to key decision makers who may not have been aware of how much carbon their organisation is producing. Provides transparency on an organisation’s emissions and energy use to external stakeholders.   Is it applicable to you? SECR reporting is designed to apply to all quoted companies in the UK, as well as unquoted companies and LLPs defined as ‘large’ under the Companies Act 2006. To be defined as ‘large’ under the Companies Act and therefore qualify for SECR reporting they must meet 2 or more of the following criteria: Have a turnover of £36m or more. Have a balance sheet of £18m or more. Have 250 or more employees.   Who does it not apply to? Low energy users, those using less than 40MWh per year. If disclosing energy use data could inadvertently reveal sensitive information about your business, or seriously detrimental to the interests of your business. Not all public bodies are required to report. If your data would not be practical to obtain.   What needs to be included? This is where it gets slightly more complex as this is where reporting guidelines specify what you must report depending on if you are a quoted company compared to a large unquoted or LLP. Similarities (what everyone needs to report): Their energy use in kWh and GHG emissions in tonnes of CO2 equivalent. Scope 1 and scope 2 emissions you are responsible for and a subset of scope 3 emissions relating to transport. Methodologies, at least one intensity ratio and finally, everyone must report on energy efficiency improvements. Differences: A key difference between quoted companies and the other two types is that quoted companies must reference their global Scope 1 and 2 emissions they are responsible for, and what proportion of their emissions comes from international sources. For unquoted companies and LLPs there is more of a focus on Scope 3 emissions. You will need to report on the energy and emissions associated with Scope 3 transport. This mainly refers to leased road vehicles and vehicles staff own but use for business purposes (grey fleet), but also covers larger vehicles such as ships, planes and trains if you have directly paid for the fuel yourself.   What are the benefits for your organisation? You would have quantified a significant proportion of your emissions, which paints a good picture of where your largest emission sources are from. You would have just taken one of the first steps towards achieving carbon neutrality. SECR also helps provide greater transparency for investors and other stakeholders. It also supports other reporting such as ESOS and the new requirement for businesses looking to obtain large government contracts to have a carbon reduction plan in place.   How can Blackmores help? By quantifying your emissions for your reporting period, in the long term we can help quantify any remaining emissions that are not referred to in SECR, specifically any remaining Scope 3s We can also help provide clarity on the definitions of each scope and the subcategories within them. We have various templates that we have created and refined to help simplify the process. We can produce the SECR report, meeting all the requirements of UK Environmental Reporting Guidance, and as well as the main SECR report, we can produce the summary of your Director’s Report. We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help, and we read each one. If you’d like further information on how we can help you with Carbon verification, SECR or Carbon Neutrality, check out our Carbonology Service.  

A standard that seems to be growing in demand, certainly this year, is ISO 20400 which is a guidance document on sustainable procurement. However, because it’s a guidance document, this means it’s not a certifiable standard… But, it is useful if you are looking at your procurement, supply chain and how sustainable it is as ISO 20400 provides you with everything that you need to know on how to manage your supply chain sustainably! A little background on the standard… The standard has been around for some time, but it was a British standard (BS 8903: 2010), we’ve been familiar with it for a number of years, and we’ve aligned this standard with some of our client’s environmental management systems. Why should it be something you want to consider doing? It could be beneficial for your organisation, not only from an operational point of view but also in terms of having a competitive advantage. So, let’s take a look at the standard… As we know, every single organisation on the planet has an environmental, social and economic impact regardless of the size of the organisation… Therefore, this particular guidance document is applicable to ANY size organisation across ANY type of industry, because those impacts have an influence throughout the supply chain. Procurement is a powerful vehicle for organisations wishing to behave in a responsible way and contribute to the sustainable development goals. By integrating sustainability in procurement policies and practices, it helps you to be able to manage your opportunities, risks and to focus in on those sustainable, environmental, social and economic development issues. Ultimately, sustainable procurement represents a real opportunity to improve productivity, assess value and performance throughout your supply chain, enabling communication between purchase’s, suppliers and all other key stakeholders and helps to encourage innovation. In this episode I will cover: [05:00] The definition of procurement and sustainable procurement within this standard. [06:16] Drivers for sustainable procurement within your organisation. [13:20] Clauses 1,2 and 3. [14:05] Clause 4- Understanding the fundamentals. [14:40] Clause 5- Integration of sustainability at a strategic level [16:06] Clause 6- Management techniques needed to successfully implement and to continually improve sustainable procurement. [17:00] Clause 7- Considerations for the integration into existing procurement processes. [19:08] The key principles of sustainable procurement.   We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help, and we read each one. If you’d like to get access to further information on ISO 20400, plus many other ISO Standards, check out the isologyhub which is an online membership platform, it’s a cost efficient and time effective way to implement your ISO standards and to get access to a wealth of information and guidance. There is an eLearning course you can get access to and an ISO 20400 checklist. So, if you want to find out more head over to: www.isologyhub.com

Today, we’re joined by Morgan Sindall’s Head of Information Security and Compliance Neil Binnie, to discuss the Information Security Standard ISO 27001. Morgan Sindall has been ahead of the curb when it comes to information security having been certified to ISO 27001 for almost 3 years, but with information breaches becoming more common it’s even more vital to get ISO 27001 certified to prove you have a robust information security framework. Neil explains the importance of information security, the new cloud security standards that are coming out, and the benefits of using ISO 27001. Website: https://www.morgansindall.com/ You’ll learn The importance of information security in the construction industry. The benefits of using ISO 27001 as your information security framework. How to implement ISO 27001 within your business. The recent shift in mindset around data usage. How hackers are using supply chains to attack businesses. The new standards that are coming out to tackle cloud security. Resources Blackmores Morgan Sindall Group plc In this episode, we talk about: [02:27] Why information security is so important in the construction industry. [03:34] The benefits of having the ISO 27001 framework in place. [05:28] Why supply chain security is so important. [06:20] How a construction company can help to secure their supply chain. [08:34] Neil’s experience implementing ISO 27001 in Morgan Sindall. [12:43] The cloud security standards that are coming out. [14:52] The benefits of having ISO 27001 in place prior to the Covid lockdowns. [17:21] The incorrect assumptions people have about ISO 27001. [18:37] The importance of having a collaborative approach when implementing ISO 27001. If you need assistance with implementing ISO 27001 – Contact us! We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud

Today we’re joined by Senior Information Security Consultant, Steve Mason to discuss how working from home has affected our online security. Remote working has become the norm during the pandemic and it’s proven that it can be an effective way for people to have a good work-life balance. But with working from home comes many security risks, we need secure Wi-Fi connections, virus-free laptops, and to be working in environments where we can’t be listened in to. Steve is an information security expert and as data security risks for homeworkers have shot up, he’s here to explain what we can do to negate this risk. We talk about the general security risks of working remotely, and the importance of businesses taking this seriously and creating effective processes to mitigate that risk across their business...   You’ll learn How our approach to technology is changing. The increased security risks involved with working from home. The necessity of training your staff in home security. How to access our policy around virtual meeting room security. How to improve your home security and safety. How to reduce the chances of getting a virus or trojan. Resources Isology Hub The Virtual Meeting Room Policy – Email us for a copy! In this episode, we talk about: [02:30] The added difficulties involved with improving remote client’s security. [04:06] The benefits of using company devices and the security risks of using your own device and working from home. [05:47] How to know you’re using a good VPN and adequate virus protection. [06:36] Using a working from home policy and the benefits that can have. [09:30] How to monitor employee’s software usage if they are working remotely. [10:50] Issues some remote workers have with backing up their documents securely. [12:17] The ways working from home affects your home insurance. [14:09] The importance of fixing all security weaknesses you become aware of. [16:56] The necessity of proper security training being given to staff working from home. [18:38] Security in virtual meeting rooms and the policy we created around that. [21:10] The main risks involved with working in public places like a coffee shop. If you need assistance with implementing ISO 27001 – Contact us!

Today, we’re joined by our resident Carbonologist David Algar to discuss the seven vital steps to Carbonology. If you’re looking for a sustainability roadmap for your business and looking to address the climate emergency while also meeting your stakeholders needs you’re in the right place. Over the last 2 episodes Carbonoloigst David Algar and Mel have been going through ISO 14064 the Carbon Verification Standard and PAS 2060 the Carbon Neutrality Standard. Today, David and Mel will be explaining how you can meet the requirements of both standards, gain verification, and demonstrate your business as carbon neutral. That’s all going to be based on our game-changing route to sustainability, Carbonology. What makes Carbonolgy unique is rather than paying lip service to the climate change emergency, Carbonolgy provides a proven methodology for sustainable success, allowing businesses to become carbon neutral and to achieve ISO standards successfully. You’ll learn The seven steps of carbonology. How to achieve carbon neutrality. Why it’s cheaper to reduce your emissions rather than offset them. The importance of re-quantifying carbon emissions. How to prove you’ve offset your emissions. How becoming carbon neutral can benefit your shareholders. Resources Carbonology In this episode, we talk about: [03:12] The seven steps of Carbonology to achieve carbon neutrality. [7:54] The different options there are to verify that you are carbon neutral. [9:07] The different areas you need to define when starting off in your Carbonology journey. [11:45] How to quantify the emissions embedded in different products that you sell. [14:22] What’s included in a Carbon Footprint Management Plan. [16:50] The importance of including working from home in your scope 3 emissions. [17:57] How long a reduction period lasts and what in involves. [19:27] The benefits or re-quantification and how it works. [21:14] How offsetting works as part of Carbonology. [23:31] How making a declaration of achievement of neutrality works. If you’d like a quote for Carbonology – Contact us! We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud

Today, we’re joined by our resident Carbonologist David Algar who shares with us everything he knows about the Carbon Neutrality Standard PAS 2060. Customers are demanding more environmentally friendly products and services, and to remain competitive organizations need to reduce their emissions and improve their environmental records. Having a sustainability roadmap is critical to both government and industry now and in the future. When implementing effective climate change mitigation measures the ability to differentiate between real and false claims of carbon neutrality is absolutely critical. If you’re looking for a credible roadmap for your sustainability journey PAS 2060 can help you cut through the cynicism and doubt and maintain trust in your ethics to manage and reduce your greenhouse gas emissions. You’ll learn How to make a positive impact on the environment. Why a company can never be net carbon zero. What PAS 2060 consists of and how it helps businesses quantify and reduce emissions. How to build credibility and confidence with your shareholders. What Carbonology is and how it can help businesses become carbon neutral. Why it’s so important to quantify your emissions before reducing them. Resources Blackmores – PAS 2060 In this episode, we talk about: [02:13] What PAS 2060 is and how it assists companies to become carbon neutral. [2:55] The difference between being ‘net carbon zero’ and ‘carbon neutrality’. [3:48] The importance of quantifying and reducing your emissions. [4:18] What carbon offsetting is and how it works. [6:54] The main benefits for a business in adopting PAS 2060. [7:46] What a carbon footprint management plan is and how it can help save money. [8:50] The benefits of validating your carbon neutrality. [10:20] How Carbonology can help businesses become carbon neutral. If you need assistance with implementing PAS 2060 – Contact us! We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud

If businesses aren’t talking about COVID-19, they are discussing how to become carbon neutral. To show their commitment to protecting the environment, companies are often claiming to be carbon neutral, but the issue is…where is the actual proof? Where is the credible framework that demonstrates that carbon verification? Today we’re excited to share how to get started with introducing ISO 14064 (the carbon footprint verification standard). So, if you're looking for a sustainability roadmap for your business and are wondering where to begin, then you’re in luck as we're going to be providing you with information on that over the next couple of podcasts! We’re delighted to be joined by David Algar, our resident Carbonologist at Blackmores, over the next few podcasts as he’s going to share with you information about the international standards that everybody's talking about when it comes to demonstrating your carbon neutrality. This includes ISO 14064 for carbon footprint verification and PAS 2060 on carbon neutrality. So, in this episode, let's kick off with ISO 14064 and find out what's it all about! What you’ll learn: What is ISO 14064? What are upstream and downstream emissions? Certification methods Benefits of ISO 14064 How Carbonology helps meet ISO 14064 requirements   ISO 14064 is a specification with guidance at the organisational level for the quantification and reporting of greenhouse gas emissions and their removals. So, essentially, ISO 14064 is a standard for an organisation of any type, size, quantity, or location globally to quantify its emissions of greenhouse gases, with the end product of this being the creation of a greenhouse gas inventory. Now, let’s find out where we would begin with ISO 14064… In ISO 14064, the standard begins with defining  the organisational boundaries and the reporting boundaries. So essentially what you're covering in your greenhouse gas inventory and what the reporting boundaries are. This will also include any exclusions you decide to make i.e. elements of your business that will not be have their associated GHGs quantified. An organisation embarking on its sustainability roadmap could carve out part of the business. So, for example by year one the UK operations, and then have a roadmap in place so that they include other locations and services as time goes on.   David expands on the greenhouse gas inventory by highlighting that this is where you would document all your emission sources. So, they are divided up into scope one, scope two, and scope three sources. Scope one is the direct ones, so for example stationary or mobile combustion, or anything your organisation directly burns. Then it goes into scope two, which is your purchased energy (the electricity, steam, heating and cooling that you would use in the building that you own or lease). Finally going into scope three can be a bit more complicated. This would be your other indirect sources, upstream and downstream. For example, if you are a manufacturing company, the upstream emissions would be the emissions associated with activities, for example, before your products are delivered to your manufacturing or warehouse. So that would include the extraction of the raw materials, the processing, packaging, and then the transport and distribution. The upstream emissions associated with a vehicle, for example, include putting it in a cargo ship and shipping it across the world. So, once  it leaves your warehouse or plant, it would then go off to the customer. This is where you are looking at the downstream emissions, including emissions associated with the product’s use The greenhouse gas inventory does split the scopes up for you, so you don't have to worry about memorising every single little part of the scopes! It is very useful in that aspect and it lays it out in a list for you. Let’s take a quick dive into the vertification options for ISO 14064… If you do decide to go for a third-party vertification from a certification board, the chances are that they're going to ask you questions on why you decided to include and exclude certain things within your greenhouse gas inventories. For example, certain operations in your business or why you have made certain exclusions. Another key element of producing greenhouse gas inventories is that you must use emission factors. These are how you quantify and convert, for example kilowatts, into tonnes of Co2 equivalent. So, the certification body may ask you why you've chosen to use a certain metric. That’s why it would always be a very good idea to document these choices, as you may be asked about them. So, in essence, this provides complete transparency on your carbon emissions across the organisation because you've justified the reason for including or excluding them. Now, moving on to some of the benefits of ISO 14064… Because it's an ISO standard and internationally recognised, it provides a reliable and proven framework for quantifying your emissions. So as a result of this, this helps identify individual sources of emissions and enables you to identify the biggest source of emissions, energy usage, and vehicle usage. Therefore, you can use it to identify areas for improvement by setting targets. However, the result of going down this road is that once you've implemented those improvements, it can actually save you costs in many instances, for instance through lower energy usage. Another benefit is that it helps demonstrate your public commitment to environmental protection. This is excellent for your corporate image and CSR. Combined with third-party verification, it really does help show you are committed to environmental protection, and you're not just pursuing this activity for greenwashing purposes. It can also be a tendering requirement for a lot of new businesses as it can support a lot of governmental requirements. So, it can be a framework to help you support any mandatory reporting of emissions, such as the SECR (Streamline Energy and Carbon Reporting) and ESOS (Energy Saving Opportunities Scheme) which are requirements essentially based on quantifying emissions and energy usage. So, if you've implemented ISO 14064, you've (almost) already built that framework to help you with the data collection and data presentation that you'll need for the SECR and ESOS reporting. One thing which makes ISO 14064 very different from any of the ISO standards that we have implemented over the last 15 years at Blackmores is the fact that you don't actually get certification to this standard. It's classed as a verification, which has options for self-verification and third-party verification. There are three main tiers to it, let’s find out what they are. The first tier is the self-verification method, where you essentially pour over the data yourself and decide internally within your company that you’re happy to publish this publicly. Although, this is slightly less credible because your company is essentially verifying itself. The second level to that is a second-party verification, where you get an external body (such as Blackmores) to go over the data and essentially audit you on it. But what is generally regarded as the most credible is a third-party certification, the third tier. This would be done through a UKAS accredited certification body (such as BSI, or NQA). This method demonstrates confidence to all your stakeholders that the verification has been done properly because an independent third party has approved it. Unlike certificates to management system standards like ISO 14001 (where they're valid for three years). This is just valid for the period that you've actually defined within the scope. So, that could be a period of 12 months, then you would have to go through the re-verification process. We do have a podcast coming up on Carbonology which focuses on the process to meet the requirements of ISO 14064 and PAS 2060 to be carbon neutral…so, let’s get a sneak peek and find out how Carbonology might help with meeting the requirements of ISO 14064. Carbonology is based on a seven-step process to help an organisation become carbon neutral. The first step of Carbonology is the Quantify stage. This is where ISO 14064 comes in because this is where you would essentially quantify and document all your greenhouse gas emission sources for scope one, two, and three. So, essentially, ISO 14064 really does form the bedrock of the Carbonology service. That’s it for today, watch out for our future blogs as we'll be joining David on the next podcast where we'll be talking all about the next stage in your journey to becoming carbon neutral.

A question that we get every single time somebody asks about an ISO standard is ‘how long does it take to implement an ISO’, or ‘how long does it take to get certified to an ISO’? In this episode, you’re going to find out what you need to take into consideration when it comes to timescales for implementing and getting certified to an ISO standard. ISO 14001 (the environmental standard) will be used as an example, but don’t worry -this can be applied to most other ISO standards. So, are you looking to help your business? Create a system for success? To be kind to the planet, and improve your company's brand reputation? Then we're going to be talking about realistic timescales for making this happen. If you're ready to implement an Environmental Management System (EMS) to help reduce your company's damage to the climate, then you're in the right place!   First and foremost, make sure you download our FREE ISO standards blueprint here. This helps you to plan, create and launch your EMS, ready for getting certified.   Now, let's dive into finding out about timescales for your ISO project!   What you'll learn: Timescales for your ISO project The different variables involved with an ISO project Scope of your certification The assessment processes   The short and sweet answer is that most businesses take between 6 to 12 months to get certified. But it depends on the size of your organisation and the complexity of it. Let’s get to know the different variables involved with this project because there is actually a way that you can implement any EMS in a much quicker timescale (we have had companies that have achieved this in less than three months!). And in fact, you can achieve this also by going to www.isologyhub.com (our new online portal), where you can go at your own pace. The main thing is to have a clear plan, which is well organised and disciplined. It's worthwhile optimising both your internal and external resources. That would include your environmental champions, or your ISO coach (if you have one) if you're looking at using the isology hub as well because that could have a detrimental impact on the timescales allowed. So, if you're wondering what you should be doing, then it's definitely worthwhile either getting help from someone that does know what they're doing or finding other people within the business who have a bit more knowledge about environmental management and ISO 14001. Now for larger organisations, it can take longer. You may take up to 12 months or even longer than that. What you need to do is consider breaking the project down into incremental phases. So, let's say you had 10 locations across the globe. You may decide to break that down into incremental phases so that you get certain locations certified in year one, and then you can have other locations included in the scope of certification in years two and three. So, don't think that you have to implement an EMS and get certified across all locations and services. You can go at your own pace. But ultimately, the scope would be for whatever you have set in your objectives for achieving implementation. What we do find is that some businesses implement an EMS across the entire organisation, but they might just get certified for a part of that business (this covered in a previous episode, where we look at assessments and getting quotes for certification as well!).   Remember you can extend your scope of certification at any time. It can be revisited at the annual surveillance visits that you get. Ultimately you want to build your ambitions, your objectives, and your targets for environmental management and achieving certification into your sustainability roadmap. Now, it was mentioned earlier that you could fast-track creating an EMS, but you do need to establish a time to gather evidence and make sure that the system is working and is effective. So, when you're planning your launch just make sure that you're effectively targeting all key stakeholders (all stakeholders must be aware of this). And the general rule of thumb is to allow three months past the launch to make sure that your system is fully established because when it comes to certification, your certification body will expect to see some evidence and records. So, let's say, within your EMS you say that you have provided training for employees. You need to be able to show the evidence of that on the records and that doesn't happen overnight (obviously). So, with monitoring and measuring information on your environmental footprint, you need to allow time to do that. Ultimately what you're doing is proving that you ‘walk the walk’, and you will allow plenty of time to demonstrate that you're serious about reducing your company's environmental footprint. Finally, one of the things that a lot of businesses don't really take into consideration is the time allowed for the assessment.  Make sure that you have briefed your employees ahead of the dates of an assessment. Essentially, ensure you consider the timescales for your stage one and stage two assessments. Let’s find out what’s involved in the assessment process… Typically stage one is completed first, and then stage two could be within a few weeks or up to a couple of months after. You need to manage timescales so you can go through stage two relatively quickly. You just need to allow a few days in case there are any findings and if you need to implement any corrective action! Once you’ve completed the assessment, you're not actually formally certified as an organisation. There’s a due diligence process that takes place behind the scenes with the certification body, and it can even take several weeks before you actually get a copy of the certificate. Try and factor that into your overall planning, if you're looking at having a communications plan for celebrating your success, that's why six months is typically a good timescale. A final factor to bear in mind is that if you've already got a management system in place, you could potentially fast-track the integration of ISO 14001 if you're developing an integrated management system. Now, hopefully, that’s been helpful to you for implementing an EMS and getting certified to ISO 14001. Remember the isology hub is now live, so feel free to join as a member to get access to all the support that you need on our online membership portal. It's the one and only go-to place for all things ISO. We've got video tutorials, check sheets, quick wins, and we've even got a module on timescales as part of the Planning stage. We take you through all seven stages of isology, in the isology hub. There's everything that you need in there to create, launch, and build your ISO system for success. So head over to www.isologyhub.com! And finally, don't forget your FREE ISO standards blueprint here, where we cover timescales and there's even a planner within it on timescales which you can use to get your ISO management system kick-started.

Today Mel Blackmore is joined by David Ball, the CEO and founder of Brandfuel, a leading event management company. David's here to tell us all about Brandfuel and its sustainability journey. It's an inspirational and interesting story to hear about this journey and their experience of implementing ISO 20121, the sustainable event management standards. First and foremost, let’s find out more about Brandfuel!  Brandfuel is a creative events agency, and they specialise in creating experiences which can be anything from very different types of virtual events, broadcast programmes, exhibitions, conferences, demos, dinners, to award ceremonies. The key thing about Brandfuel as an organisation is that they work hard with clients over a long-term period to translate their business needs and objectives into measurable results for their business. Brandfuel started with some incredible clients; David has been working with Google for the last 18 years before he even started the company. They have a phenomenally strong class of clients ranging from companies like Slack, Stripe, Snapchat, BlackRock, Barclays and Deloitte and of course, Google and YouTube.   Now let’s find out about David’s thoughts on sustainability in the events industry…   What you’ll learn: Sustainability in the events industry How did Brandfuel adapt business during the pandemic? How did Brandfuel manage the transformation of physical events to virtual events? Benefits of ISO 20121   Sustainability in the events industry David believes that transport travel accounts for the majority of the carbon emissions at Brandfuel. It's almost an impossible scenario to imagine if you take the travel away in the events industry. But it has to be measured and mitigated. David is confident that there will be substantial changes following this year of very little travel. He was typically required to take an excess of 100 flights a year, and last year…he flew twice! So, that's the big elephant in the room in Brandfuel as 75% of the job is related to travel and transport in some way. However, there are some simple things that can be done to create a change. But you need your clients on board with you to make this change happen. David is happy to say that they're past what was an attitude within clients when they wanted to be seen as ‘doing the right thing’. But actually, if it cost more money, they wouldn't take action. And now they are in a new realm where clients not only want to be seen doing the right thing, but they also actively want to be able to demonstrate their commitment to sustainability now and in the future, and they're willing to pay for it. So, Brandfuel seems to be heading into a very exciting journey, where sustainability is on the clients requirement list of what they want from an agency to deliver for them.   So now before we dive into ISO 20121, the sustainable event management standard, let’s find out how Brandfuel adapted during the pandemic. The pandemic was a major upheaval in the events industry, yet Brandfuel managed to achieve certification to ISO 20121. So, let’s understand how Brandfuel made it happen.   How did Brandfuel adapt business during the pandemic? David is accurate in saying it's been a quite catastrophic year! But it's also been an exciting year. The adaptation was really quick. They decided, instantaneously that switch to working online. So, they had to learn about arranging virtual events, and to become a broadcast business they had to learn every facet of broadcast as quickly as possible. They were fortunate in being agile and they were very quick to practice. David set up some vehicles to help Brandfuel achieve this. One of which was an internal brand called Fuel Studios, which was the overarching umbrella that allowed Brandfuel to play, train, learn and get as much experience in broadcast as possible within the bounds of the agency to then be able to use it for clients. They did things like turn company meetings into broadcasts and events into shows, and they started segmentizing. So, for example, they would mimic in a short video someone sharing their home with them and practice the filming, the editing and other interesting things like using triggered audio and watermarking on mobile devices to add content into video via broadcasts. So, some really clever stuff! They also arranged a ‘lockdown low-down’, which was getting everyone at home to video what they were up to during lockdown. The studio also learned to design three-dimensional virtual sets. They also learned about green screens, lighting, camera work, multi-camera work and camera tracking -they did everything! And it really proved so useful because within a few months, they were given an incredible opportunity with an existing client to organise the global planning summit with three and a half thousand attendees. It was super complicated, massive scale, and very quick, but it gave them a lot of confidence, and they never looked back. This really is incredible, just talk about diversification and innovation!   So, moving onto 20121 then…let’s find out how Brandfuel diversified in terms of the actual events that they were running, to then switch to online events via investment. How did Brandfuel manage the transformation of physical events to virtual events? David reveals that this was quite tricky! First and foremost, they needed to find a suitable set of events to be mentioned. They needed a balance of some in person and the actual event deliveries. This needed permissions from clients, and it needed a lot more planning. So, the first one they were fortunate with was the annual event for VGC partners, the world's largest electronic data brokerage. It's their charity day on September 11th and it's a recognition of all the staff that they lost in the Twin Towers tragedy. It's a very emotional and important day for them and regularly they would raise between $10 to $12 million in a day. They achieve this by having almost 100 celebrities appear on the trading floor in London, and trade with their clients over the phone. Now, to do that virtually was a challenge in itself, but David reveals that the client was willing to give it a go. Brandfuel had a big team that had to go on site and fortunately, VGC had relocated from their building. So, Brandfuel was able to use this building to social distance and managed to bring celebrities in virtually to have video conversations with BDCs clients who were also virtual. This gave them access to talent that they never got physically. They had Kelly Osborne attend virtually, along with famous cricketers and golfers. So, it was very different, and it worked really well as they raised phenomenal $10 million, with only 25 celebrities!   So, now that Brandfuel is certified to ISO 20121, let’s find out what David identifies as some of the benefits of this standard... Benefits of ISO 20121 Well, David believes that the benefits are huge! He identifies the obvious benefit to be that they are now commercially classified as being an agency that can be trusted to work to the highest standards in sustainability This is helpful for them as David believes this is going to be one of the biggest buying signals and cues that clients will show in the future. The other key thing for Brandfuel now is management systems; their internal management systems have improved so much. That gives them an incredibly strong platform to build on and to keep building. David believes that ISO certification comes down to focus and to allocate the right amount of resources internally. It is a time commitment and resource commitment, but when you manage this and really stand behind as a business, it runs incredibly smoothly.   Brandfuel has successfully brought ISO standards into its DNA because it's part of the fuelling station, which in effect is their ‘go-to’ place within the business; it’s their intranet. The fuelling station as their intranet has been incredibly important currently as they’re all working from home. So, they made sure that all those management systems were fully integrated into new processes, and this meant being fully integrated into their communication processes. Their fuelling station was the centre of that, so they can really use it as a resource. Brandfuel are also currently in the process of implementing ISO 27001 Blackmores. The ISO 27001 progress is going really well, and straight after that they’re going to implement the Health & Safety, ISO 45001 standard. This will open new sectors and new opportunities for Branfuel commercially.   That’s it from David! We hope you’ve enjoyed getting to know his journey and inspirational stories.

There are many resources to consider if you are planning to implement ISO 14001 to ensure that the project is successful, including time, people, finance, infrastructure, technology, and suppliers.   The resources you’ll learn about in this episode includes: Time People Finance Infrastructure Technology Suppliers   Time The amount of time you spend on the Environmental Management system (EMS) will pay back in dividends once you’ve achieved certification. So, if you apply minimal effort and commitment, that’s what you’ll get out at the end! You need to allow time for how much waste your business is producing and the environmental life cycle analysis of your products and services, so that you have an easy to manage EMS.    People The most successful 14001 projects involve leadership commitment, a project leader, and environmental champions. Let’s find out exactly what this means… Project leads: The project lead will be responsible for planning, creating, implementing, compliance, and the overall delivery of the implementation project. The isology hub is a great place for the project leader to gain a deeper understanding of ISO 14001! Environmental champions: It can be tremendously valuable to have a group of people who are passionate about helping to make your company more environmentally friendly. It works really well if you can get a cross-representation from across the key functions within your business.   Finance One of the aims of the isology hub is to provide a low-cost ‘Do it yourself’ (DIY) solution to implementing an ISO 14001 EMS. Should you find that you are struggling for time, and have extra budget for support, then there is an option to upgrade your membership to the ‘ISO Coach’ level. This is a fantastic opportunity for you to have an ISO Coach for 6 months to take you through the seven isology steps, or you may simply wish to outsource to a consultancy firm such as Blackmores UK Ltd, the team behind isology.   Infrastructure Through implementing an EMS, your aim is to reduce costs associated with your buildings, activities, equipment, and supply chain. Many opportunities for reductions are no-cost or low-cost solutions i.e., ‘Switch-off’ Campaign, switching to renewable energy, printing double-sided, or (even better) not printing at all!   Technology Try and use the current technology you already have within your business to your advantage i.e., communications channels and apps. Some organisations choose to implement software to assist them.  And now finally… Suppliers Many of your suppliers will be able to provide essential support and evidence to support your environmental initiatives. These can include facilities management and waste management, for example. If you would like any help implementing ISO 14001, then make sure to sign up to the isology hub waitlist. This is a game-changing innovation in the ISO standards field. All the resources that you need on ISO 14001 will be available on www.isologyhub.com. And let’s not forget your FREE ISO standards blueprint to kick start your EMS! You can download this here.

The aim of this episode is to have a clear plan for your ISO System for Success – from choosing the ISO Standard, to branding and establishing a place where everyone can access the system – so that you can move onto creating your ISO System.   You’ll learn about: Setting your expectations Deciding which ISO standard(s) and scope Getting leadership buy-in Resourcing Choosing a certification body Creating a Project Plan Deciding on branding of your ISO system Establishing a ‘home’ for your system Creating a Communications Plan Identifying your current level of compliance   Set your expectations Clarify why you want to achieve an ISO certification Identify what you’ve already got in place Decide on your goals for the set time Shortlist which ISO Standard (s) to implement Decide whether ISO Certification is the right choice     Decide which ISO Standard(s) and scope Research your standards options Identify what your stakeholders are seeking reassurance for Brainstorm where your operational weaknesses are Where do you need to raise standards within your business? What would be beneficial from a Sales and Marketing perspective? Establish the scope of your system Decide what your scope of certification will be     Get leadership buy-in Validate your ISO initiative Present the benefits and ROI Establish timescales and resources   Resourcing Establish project sponsor Establish a project lead Establish your ISO Champions Consider getting assistance i.e., at isologyhub.com     Choosing a Certification body Get quotes from an accredited Certification body Review the costs of certification over the 3 years your certificate is valid. Check if the Certification body has experience in your sector for the standard you are interested in.   Create a Project Plan Establish roles, responsibilities, accountabilities Establish Project milestones Decide on timescales for project milestones Identify key dependencies     Decide on the branding of your ISO system Decide how you want to position your system within the company Choose a name for your system Choose your system branding     Establish a ‘home’ for your system Where will your system live? Identify how employees will access the system Decide if the system is to be integrated with other systems Determine how you would like employees to get the most from the system   Create a Communications Plan Establish what you are going to communicate, when, how, and with whom Brainstorm ideas for your Launch Start to consider the communication of your success once your company has achieved certification.   Identify your current level of compliance Purchase a copy of the ISO Standard Review your company policies and procedures against the requirements of the standard Create an Action Plan with responsibilities and timelines for the completion of tasks.   Hopefully, that's helped understand what's involved at the planning stage of introducing an EMS. If you would like any help implementing ISO 14001, then make sure to sign up to the isology hub waitlist! This is going to be a game-changer in the ISO standards field, which is why we won the support of the UK government through their sustainable innovation grant. All the resources that you need on ISO 14001 will be available on www.isologyhub.com. So, click on the link to join the waitlist to be notified of when you can get access to our online membership portal. It is the go-to place for all things ISO. We've got video tutorials, check sheets, quick wins, eLearning courses, and just about everything you need to create, launch and build your ISO system for success.   Don't forget to download your FREE ISO standards blueprint here to get your EMS kick started!

Today Mel Blackmore is joined by Richard Turner, the Head of Asset Management at Greater Anglia, a train operating company in the UK. We're going to be talking about his journey in relation to asset management and ISO 55001. Greater Anglia have been certified to this standard for a few years now, and they're a bit of a trendsetter, as far as asset management and certification to ISO 55001 is concerned.   What you’ll learn: What is Asset Management? What made Greater Anglia consider ISO 55001? Tackling the challenge of total buy-in Coordinating with stakeholders Benefits for Greater Anglia   First of all, let’s talk about what Greater Anglia is and does…   What does Greater Anglia do? Greater Anglia was one of the first train operating companies to embark on a full repairing lease in 2012. That means having a full responsibility as opposed to the normal setup (with Network Rail as the landlord and the train operating company as a tenant). It was a first for a train operating company to have their own Asset Management Department and it was a really big deal for a lot of those that joined asset management. Richard came from Network Rail, doing asset management in a department where a train operating company was leading from an asset management point of view.   Let’s get to know more about Richard’s background… Richard joined Network Rail around the year 2000. He was an asset manager at the start, and then the senior asset manager, soon after becoming a root asset manager – he went right through the asset management field! So, when the Greater Anglia job came around in 2012, Richard jumped at it because it was a massive new challenge for him, as it was a new thing for a train operating company to start off with an Asset Management Department which never existed before. Now for those of you who aren't actually familiar with asset management, let’s take a moment to understand what it is and why it’s important to an organisation…   Asset Management From the asset management side for Greater Anglia, they look after the stations, depots, all the assets within the station demise that sit under their responsibility, maintain, renew, enhance and they look at longevity. They see themselves literally from inception to completion…they are like a landlord effectively. From an asset management point, it’s really, really key that they are involved every step of the way from design to construction essentially. It's an interesting role that is very varied. One day you could get involved in the refurbishment of a waiting room, then the next day, you would be discussing a brand-new station that's going to be built. It's so varied and what Richard loves about his job is that every day is so different. It’s safe to say he definitely needs to work in collaboration with lots of different stakeholders in this role! And that's a key point, actually…Richard tells us that one thing you learn through asset management is how to meet the expectations of your stakeholders, how you have performed, and what their expectations are. So, the stakeholder internally and externally is vital for any business to succeed. Because if you haven't got the buy-in of your stakeholders, then you're going to really struggle.   Now let's dive into ISO 55001… What made Greater Anglia consider ISO 55001? Striving for excellence, once the franchise agreement was in place, Richard was keen to set a high standard and embed Asset Management ‘Best practice’ into the DNA of the organisation.  ISO 55001 was the ideal framework for this. So, let’s find out how Greater Anglia went about tackling the challenge of achieving certification… Tackling the challenge There was a massive change of direction in everything Greater Anglia did with regards to presentations, training, updating their process strategy and getting everybody's buy-in, and inductions in what they do within the company. Richard thinks they got this from the ISO standard itself -in terms of the structure of how it was set out and what they did going forward. The improvement within the team at Greater Anglia and the structure are more defined. And even the line of sight, when it goes right up to the managing director and down to the person at the station…you can see that link. Richard sees this as the most impressive part. At one point, when going on an ISO audit with BSI (British Standards Institution), they were speaking to a member of staff at a ticket office and asked him ‘Do you know much about asset management and the asset management system here?’…And he said ‘Yes!’. This really goes to show that how far it filters down. It definitely is very challenging to ensure everyone is on the same page. But it’s so rewarding when you see it happening. At Greater Anglia, they learned so many lessons from when they started, they were in such a different position to where they are now. Richard sees this as a massive learning curve for them!   What’s interesting is that Greater Anglia has a broad range of different suppliers. So, let’s find out how having structure, policies and systems in place helped to coordinate operations with stakeholders… Coordinating with stakeholders When they started the franchise in 2012, they’d inherited the existing asset management system via Network Rail. Stakeholder engagement and collaboration were key, so to encourage feedback they liaised with various parties to ask the question about the current systems, ‘what do you want it to do for you?’ this included their commercial team, project team, assets team, and so on. This resulted in constructive feedback which helped Greater Anglia to initiate various improvements. Their supply chain now is very consistent, and there's a link to their system with regards to reactive and renewals, etc.   So, let’s find out what benefits Greater Anglia have seen as a result of having that asset management system in place... Benefits for Greater Anglia Richard reveals that prior to setting up their new system, everything was managed so differently. Now they have one big unit that manages all assets. So, information with regards to surveys, renewals, stakeholder projects, or third party is all linked. Whereas before, it would have been harder to manage…now, it's all unified. This clearly saves Greater Anglia a lot of time by having information at their fingertips, together with knowing how it all connects with other areas of the business   Now finally, let’s see what kind of hints and tips Richard has for individuals that are responsible for asset management within an organisation and are considering implementing ISO 55001 and some kind of framework to have that structure.   Richard sees it as absolutely crucial that you find somebody (like Blackmores!) to help you, as they will guide you through the process. You need someone to look at your setup, and how your structure and strategy are, etc so they can tell you what you need and how to improve. The daunting part is actually looking at the standard as a technical specification and wondering ‘how is this going to be interpreted for our business?’ and so that’s how Blackmores helped. Greater Anglia is now up to its third year of recertification, which is just fantastic!

If you're wondering where to begin with strengthening your environmental credentials, a great way to do this is to implement ISO 14001. This is a world-leading standard for businesses on environmental management. In the last episode, I shared with you what an environmental Management System (EMS) is. So, if you haven't heard that yet, I'd recommend that you have a quick listen before listening to this one because it's essential listening, it provides an overview of what an EMS is.   Now, I'm going to just provide a high-level overview of ISO 14001. But if you'd like to get all the resources on implementing ISO 14001, then the isology hub membership is the place to go. It has everything that you need, including video tutorials, downloads, workbooks, check sheets, and also a stack of training classes as well to help you to create your very own bespoke ISO 14001 compliant EMS. We're super excited to be launching this game-changer in ISO standards. So, if you don't want to miss out, go over to the membership site, which is www.isologyhub.com to join the waitlist, and don’t forget to download our free ISO Standards Blueprint here, which provides you with all the information that you need on the key steps to plan, create, launch and get certified to an ISO standard.   Let's dive into ISO 14001!   What you’ll learn: The purpose of ISO 14001 and why it exists. The structure of the standard (including the key clauses) Key ISO 14001 principles Key benefits of ISO 14001   Let's start right back at the beginning… Key purpose of ISO 14001 This standard is a specification. It's a document that you can purchase online, which provides a framework for actually building an EMS   An EMS is to provide a framework to help support any organisation to improve its overall environmental performance and provide a sound basis for sustainable development initiatives.​   It's designed to embrace continual improvement, and enhance operational performance, which is similar to any other ISO standard. So, if you've already got an ISO standard in place, the chances are that you're in a really good position to integrate the elements of ISO 14001 because there are quite a lot of similarities.   The structure of ISO 14001 The first 3 clauses within the standard are actually auditable. Clause 4 is all about understanding your organisation and its context. Clause 5 is leadership commitment. This is all about leadership and commitment, roles, responsibilities and authorities. Clause 6 is the planning stage, which is all about addressing actions to mitigate risks, and enhancing your opportunities as well. Clause 7 is called support. This is actually around things like resources, both physical, processes, facilities, competence, and awareness. Clause 8 is all about operations. So, these are your operational controls for reducing your environmental footprint, and also having controls in place for things like emergency preparedness, and how you respond to an environmental incident. Clause 9 is performance evaluation. So, once you've got your operational controls in place, it's really important that you evaluate the effectiveness of those controls. Finally, clause 10 is the improvement clause that focuses on non-conformity, corrective action, and continual improvement​.   So, by just running through that briefly, you'll probably be thinking, “oh yeah, well we've got that and yep we've got that too”…but it might just not cover environmental management. So, that's where you need to make those tweaks and changes.   For those of you that aren't familiar with ISO standards you might be thinking, “well that's pretty comprehensive”. And yes, it is actually! It does provide you with a holistic framework for managing environmental performance.   Key principles of ISO 14001 Now, looking at the key principles then of ISO 14001…ultimately, it's down to: Protecting the environment by preventing or mitigating adverse environmental impacts​ Mitigating the potential adverse effect of environmental conditions on the organization​ Assisting the organisation in the fulfilment of compliance obligations​ Enhancing environmental performance​ Controlling and/or influencing product and services design, manufacturing, distribution, consumption, and disposal, using a life cycle perspective​ ​ So, those are the fundamental principles of ISO 14001. If you’re focusing on achieving certification to this standard, then you really need to focus on clauses 4 to 10 of the standard. These are the elements that are implemented within your business and they are the areas that the independent third-party body will be looking at when it comes to your stage one and stage two assessment. There’s a lot more advice and information on that over at www.isologyhub.com, which provides a full list of the key and essential documents, what is desirable and provides examples of those using templates, guidance, and training.   So, to wrap up… What are the benefits of ISO 14001? Reduced costs due to less wastage​ Simplified and effective documentation​ Improved sales and marketing opportunities​ Improved communication and morale company-wide​ The acquisition of a symbol representing the internationally recognised environmental standard ISO 14001.​   ​ If you'd like all the resources needed to implement ISO 14001 yourself or if you'd like to join one of our ISO 14001 six-month coaching programmes, we've got seven places available! So, head over to www.isologyhub.com to find out more, and don’t forget to download your FREE ISO Standards Blueprint here.    I look forward to catching up with you on the next episode, where I'm going to be sharing with you how to plan your ISO 14001 implementation project!

 An exciting announcement about a game-changer in the world of ISO standards was made in the last episode….which was about the isology hub! Let’s have a little reminder… What is the isology hub? It's a Netflix version of unlimited ISO standards support, which includes videos, checklists, sample policies, templates, plus many other things such as eLearning courses! You’ll get access to binge-worthy content to help you raise your game and take your business to the next level. So, what is it that makes the isology hub such a game-changer you ask? Well, it's a game-changer because it provides a DIY (do it yourself) solution to implementing an ISO standard. Our inaugural ISO Roadmap is for an Environmental Management System (EMS). So, in effect, it’s a roadmap for you to implement an ISO 14001 EMS.   Over the next few episodes, I'm going to be sharing with you some of the topics that we cover in the isology hub in terms of ISO 14001. We have an ISO 14001 roadmap, and we kick off by explaining what an EMS is, and we feature step by step, specific actions that you can take to make your business more sustainable and take it to the next level!   But before I kick off with explaining what an EMS is in this episode, I’d just like to announce that we have an awesome ebook guide for your ISO project. And it's free of charge! It's called the ISO Standards Blueprint simply go to isologyhub.com to download it for free. The great thing about it is that it's a guide for any ISO standard. So that's why the ISO Standards Blueprint is a blueprint for implementing any ISO standard.   Now, let's dive into explaining what an EMS actually is…   What is an EMS? An EMS is a blueprint for how you run your business sustainably and be kinder to the planet. It provides a framework (a home) for your policies and procedures Helps you to identify and reduce its impact on the environment. A system to optimise your resources to be as efficient as possible Leads to reduced operational costs, and therefore increase in bottom-line profitability.   So…what is actually inside an EMS? Policies Procedures Documents Records   Which documents must you include? Where the standards say ‘SHALL’ you must obey…. Scope and boundaries of the EMS (4.3) Environmental Policy (5.2) Environmental Aspects and Impacts (6.1.2) Compliance obligations (6.1.3) Environmental Objectives (6.2) And… Documented information determined by your organisation as being necessary for the effectiveness of the Environmental management system.   Examples of Documented Information include: Aspects and Impacts Register  - captures your environmental footprint Roles and responsibilities – Who does what Operational procedures – How things are done Core ISO System procedures – document control, communication, Management Review, Internal audit – these all help you keep on top of the management of your business. Environmental legal register Risk Register Environmental objectives/KPI’s Environmental Policy Metrics to monitor and measure  – what do you need to monitor and measure that will help shift the needle in the direction you want to go. Meeting minutes Samples / Supplier records   In Summary…What can an EMS help with? Assign roles and responsibilities, and see exactly where there are bottlenecks, Ensure value-adding monitoring, measurement, and analysis of data, that in turn will assist the business to make better-informed business decisions, Identifies all the statutory and regulatory requirements – and helps keeps your business compliant and avoid reputational damage and fines. Understand where corrective action needs to be taken, and how this can be potentially avoided in future   Hopefully, that's given you a snapshot of what an EMS is! We go into this in a lot more detail in the isology which is where you’ll find everything you need to implement an EMS and achieve certification to ISO 14001   So, don't forget to download your FREE ISO Standards Blueprint over at isologyhub.com

Today’s podcast is unlike any other podcast we’ve recorded before. That’s because we’ve got a special announcement to make about a ground-breaking innovative gamechanger in the ISO Standards landscape – the isology hub, which is due to be launched in May 2021.   What you’ll learn: March 2020 - how the isology concept was born Innovate UK competition The isology hub Who is the isology hub not for? B1G1 ISO Coach   Now, I’m recording this in April 2021, but I’d like to take you back to March 2020 to explain when and why my journey began with initiating this innovative online solution. I think it’s quite important to appreciate that this sort of innovation probably would have taken us three to four years to come up with. But COIVD-19 has encouraged many organisations to think outside of the box, to think differently, and to look at sustainability in a very different way.   So, let’s go back to March 2020 and find out how the isology concept was born! March 2020 In March 2020, the UK like many other countries across the globe were thrown into lockdown, and life was turned upside down, as we were hit with a global pandemic. Little did we know…that life as we know it was never going to be quite the same again! Now, at the time, we felt that we had the curve. Partly because we’d already been using Teams to have meetings online and to do internal audits, mostly with some of our international clients at Blackmores. Many of you know me as the Managing Director of Blackmores (as well as the podcaster on the ISO Show). Blackmores is my primary business and very dear to my heart. I’ve been running that business for 15 years and immediately I was concerned about the welfare of our employees and clients, and like many other businesses thinking “Okay, so how are we going to best get through this?!”. We went into our BCP mode (Business Continuity Planning mode) and we actually shared a lot of that information on the ISO Show! We felt that we owed it to our listeners and our clients at Blackmores to share examples of pandemic business continuity plans. And at the time, it was really well received! In fact, we didn’t realise until we did that how much of a wide global reach of listeners we had. It was amazing! We had people contacting us from Papua New Guinea, Kula Lumpur and places all across the globe saying “thank you this is great!” or “this is really helpful” because at the time, businesses were looking for reassurance as well. So, we were more than happy to provide the support.   Not long after that… it was just before the Easter weekend, so April last year. We had a quarter of our clients cancel within the span of 10 days! Straightaway we thought ‘okay, this is going to affect us’. We quickly realised that a lot of our clients are in manufacturing or in the events industry, and they simply could not operate!   So, we had to shift gear…and adapt! We had to change the way assessments were undertaken and the way we deliver our consultancy services to do it all remotely. That’s when I realised that actually…there is an opportunity for certification bodies to do part of their assessments remotely. Obviously, for some types of assessments this wouldn’t be applicable. But in many cases, I could see that there was a significant opportunity for us to reduce our environmental footprint and work remotely! At that time, we were already creating eLearning courses, and there was some work taking place internally within our team on developing a learner profile. So, taking an individual from a grassroot level, with no knowledge whatsoever about an ISO standard, right through to professional status. So, work was already underway. When we looked at the possibility of offering our services online and after the research we did, we realised that actually, it would be really good if we could provide an online solution that all of our ISO show listeners could also access! That was when the initial concept was born for creating a state-of-the-art online, learning and support membership. This was made for organisations looking to not only achieve ISO certification, but also for those businesses that are already certified to ISO standards, but their system just isn't working for them. They might be stuck in a rut…they're stuck in the trenches there because there may be certain issues like a lack of engagement, leadership, or even compliance. So, I came up with this concept of creating an online membership platform so that it was accessible to all regardless of the industry, the location, the time zone, and to be able to provide the equivalent of a Netflix version of ISO standards support!   I had heard from a funding body, within the government in the UK, about an Innovate UK competition. This competition was all about helping businesses to be innovative and provide sustainability solutions as well and to help businesses through COVID. It was then that the penny dropped… I thought well, actually, why not go for it! If we win it, we win it. If we don't, then we don't! So, I put together a business plan and got a lot of advice from a European enterprise network and put together a bid for this competition.   There were actually three rounds to it! Let’s find out how they went… Innovate UK competition So, round one… I hadn't done anything like this before and it had taken weeks to put together that bid. We found out about a month later...that we had failed! But only by a very slim margin, which was very frustrating. But this encouraged me, particularly as a result of the positive comments from the assessors, that assess the application, saying that there was quite a bit of mileage in this innovation.   Now onto the next round… The deadline for the second round was only two days after we got the feedback from the first round. My advisor said “you know there isn't much point in rushing this, you want to spend time to get this absolutely perfect, so that you can absolutely smash it at round three”. This was the final bite of the cherry…it was a last chance saloon. I thought well…if we get it, we get it, and this is going to be a game-changer. If we don't, that's it. Fortunately…we won the competition; we won the funding!   There are five different assessors from all sorts of different industries that recognise this as being a game-changer in our field. They believe it could have a significant positive impact on the environment. Because our MVP (minimum viable product) is a part of this membership platform and is all about environmental management standards. So, we've been working hard over the last few months to bring together this MVP, and we're due to launch it in May 2021. It's going to be called the isology hub and it's based on isology methodology…which is ultimately seven steps to implementing any ISO standard! Now, I’m sure you’re wondering…who is isology for? The isology hub This membership platform is for anybody who needs to achieve ISO certification. This might be because you need to win a tender, or you just want to raise standards within your business, or you may have stakeholders that are demanding that you provide some type of commitment in some area, whether it be sustainability or information security. It's also for those people that have spent countless frustrating hours trying to understand how an ISO standard could actually be interpreted within their business. It's also for those people who have an ISO management system…but it's archaic. It was written in the dark ages! And it doesn't bear any resemblance to how you operate as a business right now. In effect, it's working against you. So, you need some type of solution to revamp it, give it a makeover, getting engagement and in making sure that it is a system that helps you to build success for the future of your business. It's also for those of you that would like to integrate other standards into your existing management system. So, you might be looking at cloud security standards, or carbon neutrality standards. So, it's for those businesses that are already working hard to raise standards within their business, but they want to go the extra mile…they want to go above and beyond, and they need the systems, tools, templates, eLearning and guidance to help them to do that. It's also for those individuals that would like to achieve qualifications in ISO standards to improve their knowledge and to support career development as well.   So, what we're trying to avoid here is having any overly technical and expensive training courses. You can access it whenever you want, from wherever you want. It's a place for organisations to learn how to achieve ISO standards, and also to get gameplans for raising their game. It's packed with in depth, practical training and resources on all aspects of planning, creating and managing a successful ISO system. Now, we have also created an ISO standards blueprint, which is a free download for you to get access to, if you come over to the isology hub website. All you need to do is Google www.isologyhub.com and you'll be able to download your free ebook on how to plan, create and manage a successful ISO system ready to get you certified And that applies to all ISO standards!   Now, I’m sure you must be thinking…what makes isology hub so different? Well, this is a ground-breaking approach. It's the quickest and easiest way to get ISO certification that gets results. But it's not just about the accolade of getting certification through your certification body, but having that results driven, systemised way of managing your business, to give you that freedom and time so that you can grow your business. It also gives access to expertise. Over the last 15 years, we have implemented ISO standards for hundreds of organisations across the 19 standards and over 25 different countries. So, you're actually tapping into over 200 years of combined experience now (that's not me personally obviously) that's our team! It's our team that's helped put this together. All our intellectual property and all of the work that we've been doing over the years to support businesses in all industries is going to be put together in the isology hub. That's where you can get access to that.   And, of course, we walk the talk… We have done this time and time again. These are the proven concepts. Isology and the seven steps have been put to the test and it's been successful…time after time!   And we are pretty straight talking! We are very friendly, very approachable and we want that to come across with the membership platform. So, you'll be able to listen to our tutorials and join us for our monthly live Q&A sessions if you've got any questions or if you'd like to discuss anything at all to do with ISO standards. Ultimately, we live and breathe ISO standards…you get our full commitment, and you get that team behind you through the membership portal.   But I must say…the isology hub isn't for everybody! Who is the isology hub not for? If you simply want to tick a few boxes and get the badge…this isn't the right solution for you. If you want to go down the non-accredited certification body route…it's not for you. And If you're looking for ISO in a box so you don't have to do any work at all…it's not for you either. It's also not for you if you're expecting guaranteed results. That's because it is down to you to put the effort in to actually make it happen. Although we've got 100% success rate in helping our clients get through certification because we've helped to do a lot of the work with them, the membership portal is there to guide and support you…so you have to put the work in yourself. The templates, tutorials, guidance, action plans are all provided for you. But you do need to spend the time to actually completing them and implementing them within your business.   B1G1 One of the things that we're passionate about at Blackmores is acting responsibly and doing the right thing. With having an online system, we are donating for every new member that joins the isology hub. This will be done through B1G1 (buy one, give one!) We will tackle climate change and poverty, one member at a time. The project we have selected is in Madagascar. Unfortunately, Madagascar is a country in crisis. 70% of the country lives in poverty and half of its rainforest has been eradicated due to the strain of population growth in the country. So, we’ve picked out a project whereby we can support the planting of trees and also provide sustainable agriculture training as well so that the communities are self-sufficient. This will enable them to send their children to school to be educated. We'll also have a live widget on the isology hub website. So that we can see our STG goals are updated whenever a new member joins!   Now let’s get back to isology! There is a wealth of information in there, and it's not just about documents…we've got a unique roadmap that's been trademarked, and this is based on our seven-step isology concept! We've provided an ISO roadmap for ISO 14,001 for the launch. This will take you through everything that you need to do to get ready for an assessment for ISO 14,001. It also provides everything that you need for an environmental management system, even if you don't want to go for certification! So, how to create an environmental policy, what to look for in terms of creating your objectives, how to identify your environmental aspects and impacts, and how to launch your management systems…it takes you through the seven steps. In addition to that, we've also given you access to our eLearning courses. A lot of the learning is through videos, to action plans, guiding you step by step through your ISO roadmap. We also include checklists workbooks, cheat sheets, and templates, as well, to support you. So, some examples of those could be a launch communications planner, or even an email launch sequence and templates to go with it. Things like internal audit scheduled templates, report templates, samples of policies and procedures and so on. As I said it's not ISO in a box, these are just examples of best practice. And we guide you through creating your own documentation for your own bespoke management system. And, of course, we’ve got our live Q&A’s, feel free to join us for those live Q&A’s within the membership, or we can answer any questions that you've got.   The other thing that we're really excited about launching as well is our ISO coach programme! ISO Coach We're conscious of the fact that some businesses might just want to join the membership and get on and do it all themselves. Or they might need some guidance and support. There is an upgrade available, which is the ISO coach programme and that's a six-month programme, where you'll be part of a small group of up to seven other individuals. On a fortnightly basis, you will have group coaching sessions on the seven steps. Then on the alternate fortnight's, you can book one-to-one sessions with your ISO coach to go through and discuss any queries concerns or review documents that you've created, just to help you on your journey and make sure that you stay on track as well. This programme does start at specific dates! The next date that we've got starting will be the 2nd of June. So, if any of you are interested in joining the ISO coach programme, please do get in touch with us!   Because the isology hub is new, we would absolutely love to hear about any suggestions or ideas on content that you'd like to include within the isology hub. Every single month we'll be adding new content, whether it's an ISO roadmap for implementing another ISO standard. So, I'd be delighted to hear from you and also to answer any questions that you might have about the isology hub.   So regardless of whether you're just starting out on your ISO journey, or you've already got a system in place but just want to raise your game that bit further, we would love for you to join us as a member on the isology hub! Thanks very much for listening and I look forward to catching up with you on the next ISO show!

Dinesh Sharma, Director of Information Security Governance at Epiq, joins us on the ISO Show today. He discusses ISO 27001, his in-depth experience of this standard, how it’s working for Epiq, lessons learned, and how he manages this globally for Epiq Global. We are so excited to interview Dinesh! He has a wealth of experience in terms of implementing frameworks like ISO 27001 and PCI DSS. He’s got plenty of experience ranging from developing information security policies, procedures, managing risk assessments, to delivering security training and awareness, and overseeing internal audits. He also has expert experience in security management and governance as his last 15 years focused on information security.   You’ll learn about: What Epiq does What it means to be Director of Information Security Governance Setting up a security team and managing it in terms of global responsibilities Continual improvement at Epiq Dispelling ISO 27001 myths What has worked well for Epiq in relation to ISO 27001   First and foremost, let’s dive into what Epiq is and does… What does Epiq do? Epiq, primarily based in the U.S, is a global professional services company, operating in approximately 25 countries including Germany, Belgium, India, London and so many more. Epiq primarily provides support to the legal industry (so to law firms and the legal departments within large organisations). Their key service is around E-discovery. This is where there is potentially an investigation, or if two parties are about to enter a litigation. Some processes need to happen around data collection, data review, forensics, processing and document review. Epiq can make all of this so much more efficient and cost-effective for clients! Another core service Epiq provides is court reporting and transcription services. Other services include business transformation services, class-action and a range of other services.   Now, let’s find out more about Dinesh’s role… Role at Epiq Dinesh is part of the Global information security function at Epiq. They have a dedicated Global information security team to support the business. Dinesh’s specific role is to lead the security governance side of things. This means that he manages and helps to define the information security policy set and Information Security Management System (ISMS) within Epiq. He also leads and coordinates the internal security assessments (part of which is internal ISMS audits as well as internal security audits across Epiq). He even reviews and provides input on contracts of clients and vendors around security clauses to ensure they align with the policies of Epiq. His team also delivers staff security awareness and training. Finally, his team manages security certifications including ISO 27001 (very relevant for today!).   So, let’s explore how a mature ISMS is managed… How to go about setting up a security team and manage it in terms of global responsibilities? At Epiq they have a dedicated team within their information security function for security operations. This team oversees the security toolset, they monitor the alerts from this toolset, such as their end-point detection and the logging and alerting around network security. This security operations team also takes the lead on defining their processes and handling any security incidents. So, they have a separate team for this specifically. They also have a separate team for security architecture and security engineering. These teams work very closely with the business to make sure that security is considered and embedded within the projects and new offerings Epiq has as a business, as well as developing their tools. So, if Epiq is looking to implement a new security tool, this team will be very involved in looking at the different vendors that provide that offering, how that would be embedded and work within the infrastructure of Epiq, and the environments with which they serve their clients. So, Epiq has got the structure of sub-teams within the security function well defined! Of course, sitting on top of this, Epiq is very fortunate to have some very experienced and very qualified leadership come into that team. The governance and operations side is managed by a gentleman called Jason. He has lots of experience and brings experience from other industries he’s worked with. He has a peer called Andrew, who looks after the engineering and architecture side. Epiq also has a new Chief Security Officer (CSO) who is very knowledgeable and savvy. He is doing a really good job of lifting the profile of not only security within the organisation, but also Epiq’s security functions. So, they are fortunate to have that leadership as well.   This is fantastic…when organisations are starting with implementing an ISMS, we always find that leadership commitment is so key! It’s great to hear that Epiq has got a mature management system yet are still continuing to focus on leadership commitment and bringing that in from various angles across the organisation as well.   In terms of the ISMS then… Epiq has got many other security standards, so what we want to know is how their ISMS helps them to manage all their activities. Well, looking at the requirements of ISO 27001 and setting up an ISMS that works, Dinesh thinks the most important thing it gives an organisation, regardless of what level of maturity it is at, is what the basic components and principles are in terms of a framework that you should be having in place or that you should consider having. This is because if you want to go for certification to ISO 27001, then you must have some of these things in place.   Dinesh very much sees this as a baseline! Once, you establish that baseline and you’ve got the documentation, the processes which support the documents and the staff in place who can deliver on those processes. You then think…‘what can you do to increase the maturity’? A big part of ISO 27001 is continual improvement. This is something Dinesh thinks is very important and puts a lot of focus on in his role. So, that’s all tied with the kind of internal security reviews that they do with the internal assessments that happen. But any feedback they get from the business, or any input or discussions they have with the business which can raise or flag something, e.g., as a potential block, are put onto their continual improvement register to work with the team or the business area. It might be something they have to work on themselves. The important thing is to always look out for these kinds of things. That’s why this is a key area of focus for Dinesh, in his role, as he thinks about what can improve each step of the ISMS in Epiq.   However, a lot of companies, once they’ve completed the assessment, think that’s the job done. But you can’t put your feet up just yet! This is only the beginning of the journey, which is why Dinesh identifies this as the baseline and the foundation to be used for continual improvement. So, let’s look at what Epiq has implemented in relation to continual improvement, which has been above and beyond this baseline.   Epiq and continual improvement Epis has implemented a Critical Asset Reviews. They identified their 15 most critical assets and instead of doing a full security review, they pick the 10 most important controls and other controls they think would deliver the highest level of security if they had it in place. So, they have done a very focused security review, based on risk and what they think their most important assets are. They dig deep into what are the risks and issues and by acting on these, it moves Epiq to another level. Now, let’s move onto the part where we dispel myths around ISO standards! Dispelling ISO 27001 myths Dinesh believes that a good understanding of ISO 27001 is needed to know what the standard actually means. There is a difference between being aligned and being certified to ISO 27001. So, an independent review of your ISMS is really important as it shows you haven’t just picked and chosen which parts of the core standard you’re going to implement. It shows that you’ve had to do them all and have had that verified and tested. This would provide a level of assurance to your organisation and stakeholders. That’s why there is such a big difference between being aligned to the standard and being compliant with it.   Finally, I’m sure our audience would love to know… What has worked well from an information security perspective in relation to ISO 27001? Dinesh identifies the top-level management commitment within a business as the most crucial thing in any implementation of a standard. The business needs to understand the importance of information security. So, everyone needs to be aware of what the benefits are, what’s going on and what is important…having this conversation in your business really makes everything easier according to Dinesh. Epiq does this during their management reviews, where all four of their CEOs attend. They take the management review section of ISO 27001 and cover most of it in their quarterly meetings, and because this is visibly supported by their CEO, the business leaders reporting to the CEO and all their directors attend the management reviews as well. So, they all understand what’s going on, what’s important and what the key risks are from the security team’s perspective. Having this conversation just makes everything a lot easier according to Dinesh.   That’s it from Dinesh! We hope you enjoyed learning about Epiq’s journey…it’s inspirational to hear how Epiq is still developing, evolving, improving and still getting such fantastic commitment from the very top as well. It clearly demonstrates Epiq Global’s commitment to information security without a shadow of a doubt! Contact details for Dinesh, if you have any enquires or would simply like to connect with him, you can get in contact using one of the ways below: Email: [email protected] Website URL : Epiqglobal.com LinkedIn handle: uk.linkedin.com/in/dineshcsharma

Today, we’re joined by the Director of Corporate Assurance at Totally PLC, Falu Bharmal. Falu plays a key role in working with NHS England and has in-depth knowledge and understanding of ISO implementation, Legal Policy relating to corporate governance, health and safety, and integrated Risk Management. He has extensive experience in establishing new corporate governance structures, systems, and processes to ensure organizations are fit for purpose. Today, Falu is here to discuss ISO 27001 (Information Security Management), and why it’s so important to have consistent practices throughout a company. Falu explains how he’s able to implement new ISO’s so effectively and some of the biggest improvements ISO 27001 has allowed him to make. We talk about how best you can prepare before implementing a new standard, and how ISO’s can help systemise your way of working across a company. Website: Mobile phone: Email: You’ll learn The benefits of working as a group with consistent practices throughout a company. How to effectively prepare for and implement new standards. How ISO 27001 is used as a best practice mechanism. How implementing standards can help to systemise the ways of working across a company. How many people you need to be involved with the implementation of new standards. Resources Blackmores Totally PLC In this episode, we talk about: [00:29] The services Totally PLC supplies and how they support the NHS and reduce A&E waiting times. [03:30] The different divisions that makeup Totally PLC. [05:36] The ways Falu as Director of Corporate Assurance is involved with ISO implementations. [06:34] How Falu implements ISO standards effectively. [07:21] How ISO 27001 is used as a best practice mechanism for Totally PLC. [08:20] Some of the biggest improvements Falu’s made through using ISO 27001. [09:25] How ISO standards help to systemise ways of working across a company. [10:14] The different roles Totally PLC has dedicated to ISO implementation. [12:18] The best things you can do before implementing a new standard. [13:46] The extra pressures Totally PLC has faced due to the pandemic, and the new opportunities this has brought. If you need assistance with implementing ISO 27001 – Contact us! We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud

Steve Mason is a Senior Consultant at Blackmores (UK) Ltd, and has a 100% success rate of supporting clients in achieving their ISO 9001 & ISO 27001 certifications on their first time. With over 38 years of experience working with standards, Steve is incredibly knowledgeable about how to ensure companies get the best benefits when implementing new standards. Steve has never stopped advancing himself and continues to broaden his knowledge of new standards as they come into existence. Today, Steve is back to discuss the new ISO 27017 (Information Security Controls for Cloud Services Standard), and why it is needed in addition to ISO 27001. The current publication of ISO 27001 was released back in 2013 before cloud security was as big of a concern. Due to this, it does not adequately cover cloud security and hence the new standard ISO 27017 was released. It is wise not to assume that the cloud is secure on its own, you need a provider that can demonstrate protection from hacking and guarantee you security. There are 7 new controls that the ISO 27017 standard brings - 3.1 Shared roles and responsibilities within a cloud computing environment 1.5 Removal of cloud service customer assets 5.1 Segregation in virtual computing environments 5.2 Virtual machine hardening 1.5 Administrator’s operational security 4.5 Monitoring of cloud services 1.4 Alignment of security management for virtual and physical networks In this episode, Steve talks through some of these new controls, explains why they’re so important, and describes who can benefit from implementing this new standard. You’ll learn How the ISO 27017 standard works for both customers and providers. How ISO 27017 works as a unique selling point for businesses. The new controls that ISO 27017 has and how it demonstrates security within the cloud. The benefits of adopting ISO 27017. How doing a gap analysis can help you to understand what cloud controls you already have in place. Resources Blackmores In this episode, we talk about: [01:30] Why it’s important to have a standard for cloud security when we already have ISO 27001. [02:46] The type of new controls in ISO 27017 and how they make the standard ‘cloud effective’. [05:37] Some examples of the new controls that ISO 27017 has. [07:20] The prerequisites you need before implementing ISO 27017. [08:37] The type of certificate you get with ISO 27017. [10:22] How ISO 27017 can set companies apart from their competitors. [11:03] What the future for ISO 27001 and ISO 27017 looks like. [13:03] Advice for anyone thinking of implementing ISO 27017. [14:20] The main benefits there are from implementing ISO 27017. If you need assistance with implementing ISO 27017 – Contact us! We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud

Steve Mason is a Senior Consultant at Blackmores (UK) Ltd, and has a 100% success rate of supporting clients in achieving their ISO9001 & ISO27001 certifications on their first time. With over 38 years of experience working with standards, Steve is incredibly knowledgeable about how to ensure companies get the best benefits when implementing new standards. Steve has never stopped advancing himself and continues to broaden his knowledge of new standards as they come into existence. Today, Steve is here to discuss ISO 27701 (Data Privacy), and why it’s so important to have so that you can prove you are GDPR compliant. Since the new European Data Privacy Laws were introduced in May 2018 there have been over 150,000 personal data breaches within Europe, and the estimated total of GDPR fines total a little over 220 million euros. Steve explains why GDPR is so important, how companies can avoid having data breaches, and what makes ISO 27701 different from previous standards. You’ll learn How ISO 27701 can help companies demonstrate compliance with the requirements of GDPR. The ways ISO 27701 is different from ISO 27001 and why you need both standards. Who you can share PII with while still maintaining GDPR compliance. The correlations ISO 27701 has with ISO 27002. The potential impact implementing ISO 27702 can have. Resources Blackmores In this episode, we talk about: [00:29] The big personal data breaches that have happened in the last 2 years, and the fines the companies received for not being compliant with the data protection laws. [04:11] Why we have General Data Protection Regulations and what they are there to protect. [06:36] What ISO 27701 is and how it helps companies be GDPR compliant. [09:26] What PII (Personally Identifiable Information) is. [11:41] An overview of ISO 27701 and what its main clauses are. [14:04] What the two control sets of the standard are and what the difference between a data controller and a data processor is. [17:20] How this standard helps companies know what needs to be put in place to be GDPR compliant. [18:51] What makes ISO 27701 better than BS 10012 and why it will eventually completely replace it. [22:14] What you already need in place to get ISO 27701 certified. [24:10] The main benefits for companies implementing this standard has. If you need assistance with implementing ISO 27701 – Contact us! We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud

So this is for our ISO Show listeners that are already certified to ISO Standards, in some cases – not that often, some companies can get really fed up or frustrated with their certification body provider.   Now on the whole, accredited CB’s are great – however over the last 14 years we’ve come across the good, the bad and the ugly too!   So, this podcast is for those companies that maybe looking to switch, so we’ll cover…….   Why companies decide to change CB’s   Can’t get hold of anyone to help them – inform them of change in business and the CB is not adaptable.   Frustrated with lack of organisation – not keeping client informed, assessor showing up to audit the wrong standard.   Their CB is not listening to them   Not happy with the assessor – No really a hard reason – Just request a different Assessor   Lack of value – assessor shows up later and leaves at 2.00pm and you don’t get the report for another 2 -3 weeks after chasing.   Why switch?   Because you can – you have a choice You are the customer – if you raise your concerns and are not being heard, go to another CB that will look after your every need. You may get a more competitive service and costs - example clients grown through acquisition You are expanding internationally – need a CB with an international presence   How to switch   Here in the UK - If you are certified by a UKAS accredited certification body the switch is free of charge to another UKAS accredited CB. Establish your scope of certification and requirements – sites, services, standards. Review your timings – should it be before or after your next surveillance visit? Get three quotes from accredited Certification bodies – explain you’d like a quote for the period of certification including the recertification costs. Provide your requirements – also explain why you are looking to change CB’s as you want assurance that they will be able to provide you with the service you need.   Consider – Costs number of assessors for your standards on the payrole, Continuity of assessors Location of assessors and your locations Support Key Account Manager / customer services Experience/reputation in your sector / standards Any value adds i.e. webinars, whitepapers, events.   How we can help? – Free service to send an RFQ to CB’s so you can get comparative quotes. We don’t have an exclusive relationship with any 1 Certification Body, but we can help you gain a quote as a free service we offer. If you need help getting a quote, contact us! Look out for our directory of recommended CB’s in 2021.

Fail to prepare, then prepare to fail.  If you don’t want to fail an assessment before you’ve even begun, be prepared. I’m just going to take you through the top 5 mistakes companies make that can lead to stress and failure – now this isn’t a definitive list – there are of course many things that could go wrong, I’m just going to share with you my 5 favourite blunders that you can very easily avoid. Not informing employees Yes – pretty obvious, but you’d be surprised to hear how many times a Management systems is just kept to one person and a communications plan has not been implemented to inform all employees.  The best informed employees make the best people to be assessed. Imagine – you are an assessor and you rock up only to hear an employee when asked about their process say ‘What process? What Environmental Policy? Business Continuity Planning – What’s the point in having a BCP if no one know how to how to respond to an incident? By not informing employees – As it triggers bad vibes i.e nervous, wary, stressed Communication plan – CEO, Champions, agenda of meetings, launch, newsletter updates, online comms i.e. slack   Not having access to the right people The assessor doesn’t need to see every single person. Does need to see the key process owners and some representatives from the leadership team. Quality – operations, HR, key process owners i.e. heads of functions Environment – Facilities Managers, an Environnemental Champion. Information Security – IT, back-ups, incident reporting, HR (starters/leavers) and physical security i.e. Office Manager or if you are in services offices – give the person on reception the heads up. Make sure you have the agenda for the visits well in advance – all reputable UKAS accredited certification bodies should send this to you weeks in advance – if they haven’t chase it. This helps you to ensure that the right people are available at the right time.   Not having access to your management system Sounds silly, but you’d be surprised. We’ve even come across cases of rogue consultants where the Management system is owned (IP and all) by the consultant – not the company. Scary! Make sure you have access to your policies, procedures, documents and templates These can be online, displayed, hard copy or audio/visual Nothing more embarrassing than missing a key document or you’ve got 3 versions of it, and no one know which is the right one. Accessiblity is key – Sharepoint/intranet/wiki’s/dropboc   Not having access to your records. Stage 2 Assessment is a ‘Show and tell’ –make sure the right people and have access to the right records. Pre-empt any pitfalls - a disorganised business will have records all over the place – because there is no structure. Also, make sure your supplier records are compliant – one of the main causes of non-conformities in Environmental management and Health and Safety is lack of accurate supplier records Waste records, Lift maintenance records, FGas records – most of these aren’t ISO Standards requirements – they are LEGAL requirements. Legal register/due diligence   And last but not least…… Don’t make any assumptions Don’t make any assumptions that that your assessor will know your business inside out – they won’t understand your culture, vision, values and USP’s. Use this as an opportunity to showcase all the strengths of your business and how well managed it is. With our clients we’ll always get the representative of the leadership in the room for the kick-off meeting – Don’t worry the assessor doesn’t need to be glued to the assessors hip all day every day, 30 mins attendance at the kick-off meeting max is suffice. This shows the business is serious about their ISO Commitment and demonstrates that there is full leadership support and that employees are onboard. Likewise – don’t assume that your assessor knows nothing about your industry – in many cases, if you are in a sector, chances are that your assessor i.e. construction, engineering, manufacturing your assessor has seen the good, the bad and the ugly. Take notes, so you can refer back to these – as there can be some valuable observations that an assessor may make which you could take back to your continual improvement process. Don’t assume that these will be captured in the report at the end of the assessment.   So to recap – the 5 mistakes to avoid in an ISO assessment are…… Not informing employees Not having access to the right people on the days of the assessment Not having access to your management system Not having access to your records. Don’t make any assumptions And don’t forget, these mistakes can easily be prevented if you prepare well before an assessment. In the words of Benjamin Franklin, By failing to prepare, you are preparing to fail. If you need any assistance with ISO standards, contact us!

Richard Matheron is the Quality and Continuous Improvement Manager at BP Chargemaster. He’s had a long career as a quality professional and hands-on Manager, with his background mostly being in engineering and manufacturing management. Currently, Richard is working for BP Chargemaster helping them transform themselves from an SME to an international world-class business. BP Chargemaster is the UK's biggest name in electric vehicle charging. They design, build, sell and maintain the most popular charging units in the country, and have begun to expand their business worldwide. Today, Richard is here to discuss his experience with implementing ISO 9001 (Quality Management) and ISO 14001 (Environmental Management). These have been a fundamental component in his management of transitioning the company from an SME to an international organisation. Richard explains  why these ISO’s are so necessary, and why it's so important that a company has someone who can focus on continuous improvement within their business. He reiterates the importance of people to not be afraid of change and discusses  some of the most effective ways to carry out positive improvements within your organisation. He explains the ways having a priority board and suggestion box can help to drive continuous improvement, and how often the best solution for an issue isn’t a complicated one but is one of the simplest... Website: www.bpchargemaster.com Mobile phone: 07813098736 Email: [email protected] You’ll learn How the demand for electric charge vehicles is changing. The types of tax incentives and grants that are available for businesses who use electric cars. Why digital security is more important now than ever before. How to grow your business from an SME to an international organization. The most effective ways to drive continuous improvement. The best ways to track the effectiveness of new improvement measures. How ISO 9001 and ISO 14001 have helped Richard. Resources Blackmores BP Chargemaster Egonomics In this episode, we talk about: [00:30] Who Richard is, what he does for a living, and what he’ll be sharing with us today. [01:50] The types of dance that Richard teaches in his free time. [03:44] BP Chargemasters position in the electric vehicle charging market. [04:55] How demand for electric cars has changed over the last year. [05:39] The tax incentives and grants that are available for businesses for using electric cars. [07:14] What Richard does as the Quality and Continuous Improvement Manager at BP Chargemaster. [10:05] The value of data and the importance of digital security. [12:29] How to best manage a company that’s growing from an SME to an international enterprise. [18:22] The way Richard drives continuous improvement at BP Chargemaster. [20:43] What ‘8 D’ is and how it can help to identify the causes of problems and the best ways to improve on them. [25:06] How Richard tracks the different improvements that he puts in place. [27:27] The book Richard recommends to those working in the business world. If you need assistance with implementing ISO 9001 or ISO 14001 – Contact us!

This episode we are joined by Mark Frudd, Managing Director and Founder of Security and Software Development at company TriplePs. Mark’s here to tell us about the information security Standard ISO 27001. It’s brought his business countless benefits, allowed them to expand, and win government contracts. But it hasn’t been all easy sailing, the ISO has brought up some unique challenges for Mark to overcome. He explains what these are, how he tackled them, and what he wishes he knew before embarking on this journey...     Mark Frudd is the Managing Director and Founder of Security expert at software development company TriplePs. His work history revolves around the cybersecurity industry and delivering high profile public sector projects. With a personal motto that IT and security doesn’t need to be expensive to be effective, Mark now focuses on providing affordable security, and software solutions, that meet the needs of both his clients and their end-users. This episode, Mark is here to talk  about his experience implementing and managing the information security standard ISO 27001. After putting the ISO into place his company quickly expanded in size and Mark soon realized that the standard wasn’t being effectively implemented across his business. He explains  why this was, what he did to rectify it, and how he could have avoided that happening in the first place. In his own words ‘An ISO isn’t just for Christmas, it’s there every single day. You don’t just manage it, you adopt it.’ Mark explains  how having ISO 27001 helped expand his business and why it’s so important when trying to gain government contracts. Finally, he explains how following this standard has shaped TriplePs business strategy and the different benefits that it has brought to his business... Website: https://www.triplepsltd.com/ Twitter: https://twitter.com/TriplePsLtd Linkedin: https://www.linkedin.com/company/triplepsltd You’ll learn How Mark ended up implementing ISO 27001. Why ISO 27001 is important for maintaining a high information and security standard. The challenges involved in implementing ISO 27001. The benefits of following ISO 27001 and how it can help with expansion. How Mark manages ISO 27001 across his business. The importance ISO 27001 has when gaining government contracts. Why Mark decided to bring in a specialist to help implement the standard properly. Resources Blackmores TriplePs In this episode, we talk about: [00:33] Who Mark Frudd is and how he ended up implementing ISO 27001. [01:04] Who TriplePs are. [01:51] Mark’s history working in Butlins, and what he learnt there. [02:51] The type of security work TriplePs does. [05:35] Why TriplePs decided to work with Blackmores when implementing the ISO 27001 procedure. [07:22] What Mark’s role in TriplePs is and what his daily work life looks like. [09:00] What the process for implementing ISO 27001 looked like. [11:16] The importance of maintaining the right ISO standards when your company goes through rapid growth. [13:18] The importance of adopting ISO’s into the heart of your businesses culture. [15:52] How ISO 27001 has shaped TriplePs business strategy. [18:57] The best way to implement a new ISO standard. [20:51] The benefits involved with following the ISO 27001 standard. [23:34] Mark’s favorite book. [24:36] How ISO’s are a constant and not ‘Just for Christmas’. [25:27] How to find out more about TriplePs. If you need assistance with implementing ISO 27001 – Contact us!

Andy Pavlovic is the Compliance director at Maris. Maris is certified to four ISO standards, ISO 9001 for quality, ISO 14001 for environmental management, ISO 45001 for health and safety, and ISO 37001 for anti-bribery standards. He manages and maintains all of these ISO standards for Maris and makes sure that the company upholds these standards across the board. This episode, Andy Pavlovic is here to share with me what he’s learnt from his years working as Maris’s compliance director and overseeing the implementation of four different ISO standards. Andy speaks about how ISO standards enable Maris to maintain consistency across the company in the quality of their work, their health and safety procedures, and their environmental impact. He explains how implementing standards allow organisations to be scalable and how having multiple standards doesn’t necessarily mean spending more time on them. With ISO 37001 being a relatively new standard, he explains the value following this standard has not only for the ethos of Maris but also to the commercial side of his business. Finally, he explains how Maris keeps their employees compliant with their standards and what the key benefits of having an integrated management system are... Website: https://www.maris.co.uk/ Linkedin: You’ll learn How ISO standards allow organisations to be scalable. Why implementing the correct ISO standards is even more important than ever during COVID times. The importance of choosing the right systems for your organisation. How to maintain consistent adherence to standards across your company over long time periods. The best ways to train your staff to be compliant with new ISO standards. The benefits of having an integrated management system when dealing with multiple ISO standards. Resources Blackmores In this episode, we talk about: [00:32] Who Andy Pavlovic is and the different ISO standards that Maris are certified with. [01:48] Andy’s experience working with ISO standards. [02:18] What Maris does and the industries they work in. [03:05] Andy’s ISO responsibilities as the Compliance Director. [04:00] How ISO standards work across different cultures and the importance of having these in place. [05:12] How Andy manages four different ISO standards, and how having these standards enable companies to be scalable. [08:07] The importance of organisations accepting standards as part of their culture. [09:52] The importance of giving new employees a proper formal induction and what this process looks like. [11:52] The commercial advantages of having ISO standards and how this has helped Maris win new business during the COVID pandemic. [13:34] What the benefits of having an integrated management system are. [15:16] Advice Andy has for anybody who is looking to implement ISO standards. [16:45] Andy’s book recommendation to anyone looking for self-growth. [18:19] The importance of having someone with the right expertise in house when implementing ISO procedures. [19:14] How to get in touch with Maris or Andy himself. If you need assistance with implementing ISO 14001, ISO 9001, ISO 45001 or ISO 37001 – Contact us!

Yousif Rajah is the Head of Info Sec at DotDigital, a UK-based tech company that builds software service solutions to help customers engage with their clients. He coordinated most of the work involved with creating the ISO 27001 system, and recently has contributed to DotDigital becoming ISO 27001 certified.   « It sounds dauting and it feels daunting, but if you have a program in place already, chances are you’re quite a long way down the road already. » - Yousif Rajah   Picture this: Your digital marketing company is expanding, and you know you need to comply with data protection requirements, protect your reputation and demonstrate to customers that you have taken the steps to protect your business and their personal information. You’ve heard of the importance of becoming ISO 27001 certified but are unsure where to start. Join us today as our guest, Yousif Rajah, explains his company’s journey in becoming ISO 27001 certified, the changes he has noticed since implementing this ISO standard, and how you can get started on becoming certified today.   Website: https://dotdigital.com/contact-us/   You’ll learn What DotDigital is, what it provides, and what Yousif’s role is The company’s main driver behind implementing ISO 27001 How long it to become ISO 27001 certified The scope of the ISO 27001 certification Gap analysis after becoming ISO 27001 certified, and reaching the standard The benefits and risks associated with expanding globally, while maintaining the ISO 27001 standard The benefits, in general, of implementing ISO 27001 Tips of implementing ISO 27001   In this episode, we talk about: [01:13] What does DotDigital do? [02:14] Something not many people know about Yousif [03:34] Main driver behind implementing ISO 27001 [04:57] The journey of becoming certified and going through the assessment                 [05:52] What is the scope of the certification? [7:56] What was the biggest gap in the gap analysis?   [9:16] Reaching the gaps and the difference it made within DotDigital [11:04] The benefits of certification on a global scope [12:35] What Yousif has learned since implementing ISO 27001 [13:28] Main benefits to DotDigital in achieving certification [15:30] If you could give any tips to someone implementing ISO 27001, what would they be? [16:11] If you could gift a book to somebody what would it be and why? [16:49] Favorite quote to leave listeners with  

9th September 2020 #52 Lloyd’s of London shares ISO Journey to HSE certification Today’s Guest Trevor Jennings is a Risk Manager with the Corporate Real Estate Department at Lloyd’s of London. He works to provide client facing advice and support on all matters of risk, excluding financial and contractual risk, and to ensure health and safety is co-ordinated across all building users within Lloyd’s UK and overseas premises. « It’s steps at a time that will get you through to the certification aspect. »                                              - Trevor Jennings   Picture this: An organization has set effective environmental, health, and safety standards for their company. Worker participation is high and the leadership is flourishing. Sounds marvelous, don’t you think? Tune in to this episode to learn from a man who has made this happen for the world's specialist insurance and reinsurance market. Trevor Jennings speaks about his journey to implementing environmental standards (ISO 14001), health and safety standards OHSAS (18001), and his experience with the migration to the latest health and safety standard ISO 45001. He details the main advantages of having an ISO compliant health and safety system in place and the key factors that led to Lloyd’s success, including employee engagement groups to foster worker participation. Trevor divulges the top environmental factors that Lloyds is focusing on and how it affects their bottom line, as well as his top tip for anyone who is looking to implement ISO 14001 or ISO 45001.   Website: https://www.lloyds.com/about-lloyds Linkedin: https://www.linkedin.com/in/trevor-jennings-msc-cmiosh-44917b37/   You’ll learn What Lloyd’s is, what it provides, and what Trevor’s role is How Trevor got started at Lloyd’s and how OHSAS 18001/ISO 45001 and ISO14001 got implemented The main advantages of having a health and safety system in place compliant to OHSAS 18001/ISO 45001/ Why timing, worker participation, and leadership is key for Lloyd’s success The top environmental factors that Lloyds is focusing on and how it affects their bottom line How Lloyd’s is working on a Better Working Environment initiative The benefits of employee engagement groups How Lloyd’s manages suppliers Trevor’s top tip for implementing ISO14001 or ISO45001   Resources ISO Support Plan ISO Elearning ISO Steps to Success Fast After 50 by Joe Friel   In this episode, we talk about: [00:51] What is Lloyd’s and what is Trevor’s role? [03:36] Something not many people know about Trevor [05:10] How Trevor got started at Lloyd’s [07:34] The main advantages of having a health and safety system in place compliant to 18001 [08:44] Facing the challenge of implementing 14001 [12:12] The Health, Safety, and Environmental Coordination Group [13:42] Energy is at the top of the list of targets to focus on [14:54] The effect on the bottom line of operations [16:52] The migration of OHSAS 18001 to ISO 45001 [21:24] Tips for organizations looking to implement ISO 14001 or ISO 45001 [23:48] If you could gift a book to somebody, which would you choose and why?

Today’s Guest Ian Van Der Pool is the chairman of the European Facilities Standards committee and co-author of ISO 41001 and ISO 41014. He also has his own business, which is ISO 41001 CSI. He currently works with the Dutch Ministry of Defence and is responsible for implementing a brand new FM system fully compliant to ISO 41001. Tune in to this episode to learn from Ian Van Der Pool, who has lots of valuable experience implementing ISO standards for facilities management. Ian speaks about how he got involved with ISO 41001, why it’s important to have an ISO standard, and how such a standard is created. He details the commercial value in ISO 41001, the benefits and main drivers of having a facilities management system in place that is aligned with the standard, and the risk of not having one implemented. The uncertainty of returning to the office amid a pandemic is discussed, along with the effects of this uncertainty. Then, Ian shares his top tips for implementing facilities management systems, noting a valuable lesson he learned in all the organizations he has interviewed.   Website: www.iso41001csi.com Linkedin: www.linkedin.com/in/ianvanderpool Course Date: 18th September 2020 Course cost: £500   You’ll learn How Ian got involved with ISO 41001 Why it’s important to have an ISO standard for facilities management How multiple countries come together to create these standards What drives companies or venues to implement ISO 41001 The commercial value in ISO 41001 and the risk of not implementing it The effects of uncertainty of returning the workplace during coronavirus The benefits of having a facilities management system in place Ian’s top tips for implementing facilities management systems: where do they begin and how do they comply with the standard?   Resources ISO Support Plan ISO Elearning ISO Steps to Success   In this episode, we talk about: [00:43] A bit about Ian Van Der Pool [02:50] Something not many people know about Ian [03:40] How Ian got involved with ISO 41001 [06:51] Why is it important to have an ISO standard for facilities management? [08:32] Is ISO 41001 the only certifiable standards that organizations can be certified against? [09:30] How does a standard get created? [12:25] Main drivers for implementing ISO 41001 for a facilities management company or venue [14:39] The commercial value in ISO 41001 [17:39] The risk of not having it implemented [18:55] The effects of uncertainty regarding going back into the workplace [20:43] The benefits of having a facilities management system in place that is aligned with the standard [22:37] Why would you need ISO 41001 in addition to or instead of other standards? [27:30] Tips for implementing facilities management systems + A valuable lesson learned in all the organizations Ian has interviewed [31:02] How to learn more about and contact Ian + About his foundation training course We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud

To celebrate hitting 50 episodes, I wanted to bring to bring to you something a little extra special today. and that is ‘How to implement any ISO’, but before we do, I’d just like to say a huge thank you to all our listeners.  Keep sharing the ISO Love, and share this episode with anyone who is looking to take their business to the next level. In this episode I take you through 4 simple steps to implementing any ISO Standard. Understanding your business (I mean really understand your business – warts and all!) Create Share Engage When you break it down, the same ingredients apply to how you approach to implementing and ISO Standard. To celebrate hitting 50 episodes, I wanted to bring to bring to you something a little extra special today. and that is ‘How to implement any ISO’, but before we do, I’d just like to say ……. Thank you, thank you, thank you – for listening in, and giving your time to listen to the ISO Show, I’ve loved recording the last 50 episodes with some amazing guests, and I really hope you’ve found them beneficial and taken away some great tips and insights into how other businesses have succeeded and how they’ve transformed their businesses with ISO Standards.  So I hope you’ve enjoyed listening to them too, if you did please could leave a review and hit subscribe wherever you listen to your podcasts, because that that means that we can continue to inspire and educate others, and it also means we can keep getting epic guests on the show. I’d also like to give a quick shout out to Steph Churchman, our Communications Manager here at Blackmores, who has been my saviour in doing these recording – especially when we’ve had technical issues, and even lost guests midway through recording.  She’s been absolutely fabulous in making my vision for the ISO Show become a reality! So huge thank you Steph! You are a star! So, onto today’s episode which is ‘How to implement any ISO Standard’ – you may think, hey that’s a bit of a bold statement, there are thousands of ISO Standards! Yep! But when you are implementing an ISO Standard to improve a business, there are a few secret ingredients, and I’m going to let you in on those today.  But I don’t just want to do that, I’m going to provide a free check-sheet on ‘How to implement any ISO Standard’ which will be available to download from the show notes. I’m going to share with you our ISO Steps to Success – this is a proven methodology that, at we’ve refined over the last 14 years, and implemented for over 250 companies – 250 companies, in over 20 countries. Not only that – with a 100% success rate, yep, an awesome 100% success rate.  So here’s what we do # 1   Understanding the organisation You need to fully understand what your businesses biggest risks are but also establish where you most impactful opportunities are. Gap Analysis, Identify risks, opportunities, interested parties, - SWOT/PESTEL Understand legal requirements. – Statutory, regulatory and contractual requirements Finally – establish a clear SCOPE – what is your ISO Management system going to cover? It’s only really when you’ve fully understood your organisation that you can create a roadmap to achieve success with where you are trying to get to. # 2    Creation   Create the Management System policies, procedures and templates – long gone are the days of Quality Manual or worse still ISO Manual – you label it to suit your company brand, culture and vision. Give it some thought, as this will be the central point that you want employees to go back to I they need any guidance and support on their way of working.  For the purposes of this podcast, I’ll simply refer to the Standards terminology of ‘Management System’. So lets get down to the creation of your management system….. Top tip alert – where the standard says ‘shall’ it is basically saying – don’t bullshit me – you’ve got to god damn have this in your system or it will fail an assessment! So if the standard says’ top Management SHALL establish, implement and maintain an environmental Policy – it means, DO IT! If the standard says ‘The organisation SHALL establish environmental objectives at relevant functions and levels – DO IT! The standard is there to HELP your business, and it is crystal clear in the ‘SHALL’s’ exactly what you need to do to achieve success. # 3 Sharing There is no point having an awesome ISO Management System sitting in a manual or buried in a server somewhere if no one knows about it, or they can’t find it! You need to SHARE it with everyone, after all its been created for the organisation to succeed – to be more profitable, productive, reduce risk, be more sustainable – so everyone needs to be AWARE of the management system AND be empowered to take responsibility for it! There is no point in having an Information Security System in place, if know one knows what a security breach is in your business is or who to report it too!  What’s the point! So you need to have…. A Communications Plan – Internal Comms, External Comms – website, social, newsfeed. Awareness training (classroom or eLearning), recordings   Make it accessible – not everyone may have access to a PC – think outside the box – how can you get your ‘Way of Working’ to the workforce? – screens in meeting areas, virtual noticeboards. Themes – World Environment Day – Create a buzz, create energy and enthusiasm for getting involved and making a difference.  You can use this either for the launch or for refresher sessions.  # 4 - Engagement You need to get the company ‘Way of working’ which are your policies and procedures, systems into the business DNA – be crystal clear on accountabilities and responsibilities. Engagement is so critical to making this a success…… If you are launching a new client onboarding process to improve the customer experience – make it clear, how the process works, what results you expect to see, how you are going to monitor the results, and who is going to make it happen! Get those responsible to own it and take pride in their achievements. Next, I know you may think you are wonderful, and I’m sure you are amazing, but in all honesty you can’t successfully embed an ISO System on your own! In all businesses there are usually closet ISO Champions – just waiting to be asked to contribute – so why not encourage engagement? Why not Create a hub for Champions? – give them the tools and platform to make it happen! This isn’t just about when you launch a new ISO System, but to demonstrate how you are continually raising standards! so let’s say you have a Health and Safety System – ISO 45001 – Your H & S Champions could be championing the COVID-19 H & S Risk Assessments, controls and awareness for your employees across all area of your businesses. Having these champions, will make Management’s life easier to communicate key issues and solutions, to create a better working environment and happier clients. Carrying out Internal Audits – So this another ‘Shall’.  It is not optional, and this is where ISO Standards can get bad press, as a result of lazy or incompetent auditors (or worse still lazy and incompetent) just using it as a ‘tick-box’ exercise.  Use this opportunity to really engage with your workforce – this is such a value tool in the tool box if done in the right way – it helps you to understand an employees: Level of understanding Opinions and views of the process Opportunities for improvement Gauge level of compliance and readiness for the assessment. Engaging in the Leadership Team through Management Review So that’s it in a nutshell, that’s how you implement ANY ISO Standards.  I’d love to hear what your top takeaways were on the show today, and share that with me, I absolutely love reading the reviews and suggestions. Don’t forget to follow us on Linkedin. Also, ISO Show listeners will get a 10% discount on ISO Steps to Success, ISO Support Plans and ISO Elearning. Just quote ‘ISO Show’ in your enquiry. ………before I go I just wanted to say thank you so, so much for being here and  listening to the ISO Show, and showing up today – if you know anyone, colleagues, associates, friends in your life that would really benefit from having an awesome System in place to take their business to the next level – to be more efficient, sustainable and profitable then please share this episode with them. Thanks once again for listening, and I look forward to catching you on the next ISO Show…. Awesome resources ISO Steps to Success – Free consultation to discuss the feasibility of ISO for your business ISO Support Plan – Free health check on your ISO Management System ISO Elearning – Wide range of ISO Standards courses for just £50 per course. We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud

EMCOR has gone from strength to strength over the years, so Alex is joining us today to discuss ISO 22301 (Business Continuity Management) and how the system is helping them to not just survive, but thrive during these difficult times.

Free Covid-19 monitoring tool for businesses - Join James Sharp, CTO, Riskex to hear how to manage your company’s duty of care through a free online tool. This weeks ISO Show explains how to make managing COVID in the workplace easier and safer

Join Mel and Rachel this week as they discuss the main changes to ISO 22301:2019 and how they will affect your Business Continuity Management System

Continuing from last week’s episode we look at how you can engage your staff while implementing and testing the Business Continuity Management System (BCMS).

Join Mel and Rachel this week as they discuss how to successfully share and communicate a Business Continuity management system compliant to ISO 22301.

Join Mel and Rachel this week as they discuss the early steps to implement ISO 22301 – the standard for Business Continuity

As part of Mental Health Awareness week, this weeks’ Podcast covers the management of psychological issues people are facing such as isolation, worry and anxiety both now and over the coming year ahead.

Join Mel this week as she discusses ISO 22301 (Business Continuity), a standard that is completely focused on resuming operations to get back to ‘business as usual’.

Join Mel and Arantza as they discuss The Brewery’s journey to ISO 20121, the benefits gained and continued drive to improve their sustainability:

This episode’s guest has experienced at first-hand what it’s like going from Chaos to Calm amidst the impact of the Coronovirus Pandemic, and how she has slipped into seamlessly delivering her work remotely, which typically would have been done face to face.

So how do you make remote working work for you? Well it partly comes down to the tech, but if you’ve got the confidence in yourself and ability to communicate, its actually really easy.

Recognising that something needed to be done about this wasteful industry a standard for sustainable events was created by the events industry for the events industry known as ISO 20121.

I’m recording this in March 2020, just over a year since we launched the ISO Show and sadly a pandemic – the coronavirus has broken out globally, with over 110,000 reported cases across 95 countries. So I thought it would be helpful to share with you some guidance to try and minimise business disruption caused by the Coronavirus through Business Continuity Planning (known as BCP).

This weeks ISO show provide an overview of ISO 9001:2015, where interpret the standard (as a technical document) and break it down into very simple terms what the requirements actually mean.

Tony Bennet, Senior Information Security Executive shares his journey on achieving certification to ISO 9001 (Quality), ISO 27001 (Information Security) and ISO 22301 (Business Continuity) in one hit!

Damian Edwards of XMA explains how assurance is built into XMA’s service delivery. Hear why XMA are certified to 5 ISO Standards and deliver ‘Best Practice’ in the IT Sector.

We often get asked which is the best ISO Standard to go for and what are the benefits. In this week’s ISO Show we highlight the top 5 from the Annual ISO survey published by the International Standards Organisation.

This week we're going right back to basics to understand what ISO really means and why it matters to businesses.

We welcome back Derek for the final part in the ISO 14001 Steps to Success series, where we discuss hints and tips for ensuring that your Environmental Management System (EMS) is compliant and ready for your Certification Body Assessment visit.

We welcome back Derek for the second part in the ISO 14001 Steps to Success Podcast, sharing key considerations for creating an Environmental Management System (EMS).

Join us on our ISO Show 3 part series on Implementing ISO 14001. The leading global environmental standard, is still as popular as ever for businesses that are serious about acting responsibility and not just paying ‘lip service’ to ‘going green’.

Join Mel and Derek Hall, this week as they discuss the awesome sustainability work that Derek did to be awarded an MBE for his contribution to sustainability management in business based on ISO 14001 and ISO 9001.

With the ESOS deadline being just a few weeks away, I’m joined on today’s podcast by Andrew Geens, Head of certification at CIBSE (Chartered Institution of Building Engineers) to discuss CIBSE and his views on the routes to compliance and the UK’s readiness for the deadline in December 2019.

The third and final episode in our ISO 45001 Steps to Success Podcast Series covers launching and demonstrating compliance in preparation for an assessment. Paul Robinson, Managing Consultant at Blackmores shares hints and tips for the final stages of implementing your Health and Safety System.

In episode two of the ISO 45001 Steps to Success Podcast series on The ISO Show, Paul Robinson provides tips on where to begin with identifying, understanding and addressing your Health and Safety obligations and how to create a H & S Manual compliant to legal requirements and ISO 45001.

Paul Robinson, Managing consultant at Blackmores, has over a decade of experience of implementing ISO Standards at Blackmores, joins us for this weeks’ ISO Show Podcast. Paul interprets the ISO ‘Speak’ and shares a ‘Masterclass’ in implementing ISO 45001.

Join Mel as she shares her story about where it all started with the launch of Blackmores in 2006.

Many organisations began with a quality manual in the 90’s or noughties and have since added complimentary standards. Typically, these standards are ‘bolted’ on as separate manuals. So what are the issues associated with having separate manuals for ISO Standards?

There are many misconceptions around the well know ‘Clear Screen Clear Desk’ Policy used in IT Security. Join Mel and Steve Mason as they discuss some top tips for promoting the policy to your staff along with some of their own stories.

Join Mel and Paul Simpson, Chair of the ISO 9001 Technical Committee in the UK (TC 176) and Director of Strategy to Action, this week as they discuss the future of ISO 9001.

Certification is the last step on your journey to gaining an ISO. Join Mel as she discusses the certification options available and what you need to consider when using a third party

If your organisation qualifies for ESOS, then there is a chance that your premises may be subject to an on-site energy audit. Join Mel and Rachel as they discuss how to conduct energy audits.

Our ISO Show this week features Lucille Ryan, Sustainability Manager from Informa who provides an insight into how Informa reduces waste and demonstrates a commitment to sustainability to buck the wasteful trend in the industry.

Bribery is one of the world’s most destructive and challenging issues. ISO 37001 aims to promote a more ethical business culture. Join Mel and John (Interchange Solutions) as they discuss how ISO 37001 can help businesses tackle this issue

In our final Podcast episode on how to implement ISO 27001, Steve Mason, Senior Consultant at Blackmores takes us through the last few months of an ISO 27001 project. This stage generally takes three months because it is a UKAS requirement that the system is ‘established’ prior to the assessment.

Last week we looked at how to begin planning you journey to ISO 27001. Join Mel and Steve Mason this week as they discuss how to implement ISO 27001.

In our first episode in the ISO 27001 Steps to success podcast series, we take you through how to implement ISO 27001 with Steve Mason, Senior Information Security Consultant with Blackmores.

Last week we covered what ESOS is, who qualifies and a brief explanation of methods of compliance. In this week’s episode we’ll go into more detail on the methods for compliance, namely ESOS Energy Audits and ISO 50001.

With the ESOS phase 2 deadline looming, do you know if you qualify? And if so, do you know what to do to comply? In this week’s podcast we will look at what ESOS is and briefly cover the various methods for compliance.

You’ve done all the hard work, the Quality Management System (QMS) has been created and implemented. Our final episode in the ISO 9001 Steps to Success Podcast series with Rachel Churchman covers the final critical stage – compliance and preparation for your certification assessment.

In our second episode in the ISO 9001 Steps to Success Podcast, Rachel Churchman explains in detail about how to create and launch your Quality Management System.

Rachel Churchman is my guest on the ISO 9001 Steps to success series. As a Managing Consultant at Blackmores, she brings a wealth of experience of implementing ISO Standards, and will guide you through the Blackmores ISO Steps to success for successful delivery of your ISO 9001 Project.

Established in over 100 years ago back in 1912, The London School of English is the longest-established Accredited English language school in the world. With premises in London and Canterbury, and now offering courses online. I was delighted to be joined by Hauke Tallon, CEO of the London School Group on this weeks’ Podcast.

I was delighted to be joined by one of our ISO Support Plan clients, Optimum on the ISO show this week. Optimum is part of Totally Group Plc and an important player in the healthcare sector in the UK.

I’m delighted Kim-Marie Freeston, Managing Director of UComply shared with me her background and journey to ISO 9001 and ISO 27001 in this weeks podcast. Kim-Marie is a thought-leader in employers’ compliance, in particular the Home Office requirements for employee ‘Right to Work’. Gain an insight into Kim-Marie’s views by subscribing to our Podcast ‘The ISO Show’.

In the ISO Show Podcast ‘How to systemise your business’, I’ll give you an example of a company that doesn’t have a process for new enquiries and one that does, and the difference this makes.

Welcome to the ISO Show, dispelling myths and sharing tips for success to improve your business with ISO Standards.

Welcome to the ISO Show, dispelling myths and sharing tips for success to improve your business with ISO Standards.

Welcome to the ISO Show, dispelling myths and sharing tips for success to improve your business with ISO Standards.