The creators of isology®

I thought we’d take a step back in time, to explain how Blackmores began. Not by implementing ISO Standards, but by offering support to a company that was already certified to ISO 9001 – my employer at the time.  I share my journey as a working mum juggling two children and my role as a Quality Manager, which triggered my Eureka moment resulting in the launch of Blackmores in 2006.

In the podcast, I explain about the some of the pain points that many organisations suffer with ISO Standards, and how the ISO Support Plan service alleviates these issues.  Some of the issues facing businesses include :-

1. Internal auditors not being comfortable about auditing their peers.
2. Internal auditors not being particularly objective or impartial when auditing their boss!
3. Fed up with paying for training for a high turnover of internal auditors
4. Managers not having time to update processes
5. Managers not aware of their legal, regulatory or ISO Standards requirements
6. Not updating key information i.e. Risk Register, BCP’s, environmental/energy metrics
7. Not reviewing key information i.e. Objectives, Environmental/H & S/Data Security trends

If you find you’re juggling too many balls, and the ISO ball drops every now and then, our podcast explains the solution to keeping your balls flying high! For further information check out our ISO Support Plan page.

To help out the ISO Show:

• Share the ISO Show on twitter or Linkedin
• Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and I read each one.
• Also available on Spotify

I was delighted to be joined by one of our ISO Support Plan clients, Optimum on the ISO show this week.  Optimum is part of Totally Group Plc and an important player in the healthcare sector in the UK.

Huge volumes of sensitive data are processed in the healthcare sector.  As Information Governance Lead and a qualified Physiotherapist at Optimum, David Angove explains about keeping one step ahead in his role in relation to information security. 

David described how Optimum’s ISMS should be like a well-fitted suit rather than a straight-jacket.  This all stems from the robust Risk Assessment which considers all risks to your business, including managing the integrity of data. The ISMS helped to put a continual improvement plan in place to mitigate risk. He explains about preventing access to private information through documenting controls and applying them to all 20 Optimum clinics.  Examples include physical security controls i.e. locking screens to protect patient data.  Other controls relating to personnel security include having a starters and leavers process to ensure access rights are granted correctly, and that access rights are revoked when an employee leaves the organisation.

ISO 27001 also helped with preparation for GDPR compliance, particularly with investigating all aspects of where and how data is stored within the company.  When I asked what top tips he’d give to a company looking to implement ISO 27001 David recommended getting assistance from a consultancy such as Blackmores (we hadn’t paid him to say that, I promise!), including support with the assessment, as the consultant will ‘know the standards inside-out’.

David also recommends a gripping read, ‘Ghost in the wire’s: My adventures as the words most wanted hacker’ by author Kevin Mitnik which covers how he hacked into some of the country’s most powerful – and seemingly impenetrable – agencies and companies using social engineering and other methods.  This acts as a good reminder about the value of Penetration Testing, to test how good the security of your business is and to understand that everyone is aware of your systems.

He mentioned that you can have the fanciest encryption systems and the best passwords, but if the people answering the phones or processing data aren’t aware of them, then its only as good as the weakest link.

To For an overview of what ISO 27001 entails check out our latest ISO 27001 video….

And for services in this area – check out – ISO Steps to success, or if your ISMS is like a straight-jacket rather than a well-fitted suit, our ISO support Plan will help you into an Armani equivalent ISMS for your business.

To help out the ISO Show:

• Share the ISO Show on twitter or Linkedin
• Leave an honest review on iTunes or Soundcloudh. Your ratings and reviews really help and I read each one.
• Subscribe on iTunes.

Special thanks to David Angove from Optimum for joining me this week. Until next time!

 

So in the latest budget announcement last week, in addition to the headline grabbing ‘Sugar levy’, George Osbourne also announced changes concerning business energy taxes and reporting:

• The Carbon Reduction Commitment (CRC) scheme will be abolished following the 2018/19 compliance year. In parallel there will be an increase in the Climate Change Levy (CCL) ensuring the change is a fiscally-neutral reform for the Government.

 

• Organisations will report under the CRC for the last time by the end of July 2019, with a surrender of allowances for emissions from energy supplied in the 2018-19 compliance year by the end of October 2019.

 

• The full Government’s consultation response on this review was published alongside the budget. It announces a plan to rebalance CCL rates for gas and electricity. From April 2019, it will move to a ratio of 2.5:1 (electricity: gas), compared to the current 2.9:1 ratio. In the longer term, the government intends to move to a ratio of 1:1 (electricity: gas) by 2025, suggesting this will more strongly incentivise reductions in the use of gas, in support of the UK’s climate change targets.

 

• Importantly for Energy Intensive businesses, the existing Climate Change Agreement (CCA) scheme eligibility criteria will remain in place until at least 2023. The CCL discount for electricity will increase from 90% to 93%, and the discount for gas will increase from 65% to 78% from 1 April 2019.

 

• The budget confirmed plans to consult in summer 2016 on a simplified energy and carbon reporting framework for introduction by April 2019. It will propose mandatory annual reporting for the organisations within its scope, with board or senior level sign-off and some public disclosure of data. The consultation will cover issues such as the range and size of organisations to be covered and will make proposals about the amount and type of information to be collected and disclosed, data collection timetables and how information is reported.

 

• Due to the continued low price of the EU Emissions Trading System (EU ETS), the government is maintaining the cap on Carbon Price Support (CPS) rates at £18 t/CO2, uprating this with inflation in 2020-21, in order to continue protecting businesses.

The full response to the consultation can be found here: https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/508159/reforming_business_energy_efficiency_tax_response_final.pdf