With the world becoming more reliant on digital technology, along with the recent surge in artificial intelligence for just about everything, there is a lot of talk around ISO artificial intelligence standards for businesses.
At Blackmores, we are ISO Consultants. We work with organisations to help them achieve various ISO standards, one of which is the Artificial Intelligence Management Standard.
To kick start your journey, we have put together this guide to give you the basics of ISO 42001 and tell you why the best way forward is to work with an ISO Consultant.
What is the Artificial Intelligence Management Standard?
ISO 42001 is the first Artificial Intelligence Management Standard which has been designed and develop to help businesses implement, maintain and improve AI management practices.
It is a very new standard, having just been published in December 2023 by the International Organisation for Standardisation and the International Electrotechnical Commission.
Why Should My Business Get Certified in Artificial Intelligence Standards?
There are several reasons why your business should invest in ISO Artificial Intelligence standards.
- Having this standard demonstrates that your business is using AI in a responsible and ethical way.
- It allows you to be transparent and reliable in your use of AI in your development
- It supports compliance with legal and regulatory standards within your business
- it will help you to implement a framework for managing risks and opportunities as a result of using AI
- ISO 42001 will demonstrate that you are using AI as a strategic decision for your business
- The use of AI shows that you are encouraging innovation within your business
If you are using AI in any of your daily activities, then you could run into the following risks;
Inaccurate Information – If you are using AI to create any company information or internal and external communications, you need to be aware of the inaccuracies that you could be exposing yourself to. AI generators rarely fact-check; the information simply comes from resources on the web which could be
- Inaccurate
- Out of date
- Bias
- Come from a poisoned data source
If you are using information directly from AI in any company texts or literature, it’s extremely important that you fact check and ensure your information is correct, as AI can open you up to:
Plagiarism – Although many AI tools avoid copying directly from the source, there are still risks of plagiarism which could lead to law suits and potentially fines.
Security Risks – as with most external resources, there are security risks associated with the use of AI. This is something to be aware of when you are using AI for any business function.
Because of the above risks, we advise that if you are using AI in your organisation, you should invest in Artificial Intelligence Management Standards. At Blackmores, we can help you implement ISO 42001 into your existing systems to protect you from various risks.
Working With An ISO 42001 Consultant
Although ISO 42001 is a new standard, we have been working as an ISO consultant for over 18 years. We have refined our process to ensure our clients pass their certifications and gain the standards they need to grow their business, satisfy customers, and achieve sleeker working standards.
Our process tends to follow the following steps:
Gap Analysis – All of our ISO Consultancy works begin with a gap analysis. We take a look at your current management systems and determine where the gaps are and how AI standards can be integrated.
Give You Access to Training Materials – our online platform: our isologyhub contains a wide portfolio of training and development materials. When you work with Blackmores we give you access to this platform for you and your employees so you can learn at your own pace. In our isology hub you will find all you need to know about ISO Artificial Intelligence standards and much more.
Appoint your AI Management Consultant – to help you implement you management system, we will appoint you a dedicated AI Management consultant who will work alongside you and your team. Each of our consultants specialises in a different standard so they are up-to-date and well educated in the area you are looking for. We call our consultants our isologists – you can meet them here.
Internal Audits – Part of gaining your certification means conducting internal audits. This can be a daunting process whether you have already gained a certification or if this is your first one. Your ISO consultant can be onsite for these audits to ensure everything runs smoothly for you and your team.
External Audits – we can book your external audits on your behalf and ensure we are available to come and support you during this time.
Who Should Be Investing in Gaining an ISO Artificial Intelligence Standard?
Any business that uses AI for any task should consider investing in the ISO Artificial Intelligence standard. This is a growing area for businesses to consider to getting certified now could save you a lot of time and effort for the future.
If you are looking for an ISO consultant for ISO 42001 or any standard, contact our team today. We are looking forward to partnering with organisations all over the UK to help them achieve their ISO goals.
Stitcher | Spotify | YouTube | iTunes | Soundcloud
At Blackmores, we are ISO consultants. One of the aspects we help our clients with is ISO 27001 implementation.
What is ISO 27001
ISO 27001 is an internationally recognised standard for managing information security. It provides a framework for establishing, implementing, and maintaining an Information Security Management System (ISMS). The goal of ISO 27001 is to help your business protect its information by identifying risks and implementing appropriate controls to mitigate them. At Blackmores, we work with our clients to help them identify these risks and implement an ISMS that meets the ISO 27001 standard.
ISO 27001 covers various aspects of security, including:
- Risk assessment
- Security policies
- Access controls
- Incident management
- Compliance with legal requirements.
When you achieve your ISO 27001 certification, your company has demonstrated their commitment to safeguarding sensitive data and reducing the risk of security breaches.
ISO 27001 Implementation with Blackmores
At Blackmores, we work with clients from all industries and all over the country. We work closely with each client and create a bespoke package for them to ensure that they get exactly what they need. We can provide online resources so that you or your team can work at your own pace when focusing on your ISO 27001 implementation.
When working with our clients, we can offer the following
Initial Audit – Before we can create an Information Security Management System, we first carry out a thorough audit of your current processes. This enables us to see where the gaps are and identify what we can do to help you with your ISO 27001 Implementation.
Provide Resources, Training, and Consultations – We then begin training you and your team on ISO 27001. We give you insight into what is required to pass the certification and how your business can work towards these processes. Our online training modules, provided through the isologyhub, are perfect for you and your team to work through independently.
Dedicated isologists – We appoint a dedicated ISO consultant from our team of isologists for each of our clients. Each of our isologists specialises in a specific ISO standard. Your isologist will be available for you to reach out to for questions, queries and advice throughout your ISO 27001 implementation process. We make sure we are onsite for your internal and external audits from awarding bodies to provide that extra support where required.
Ongoing Support – Once your ISO 27001 certification has been achieved, we continue to support you. If you have further questions or want to discuss any aspect, you can contact your isologist, and they can help you.
Working with an ISO 27001 Consultant
When you choose to work with an ISO consultant for any standard, you give your business the best chance of successful implementation and long-term success.
At Blackmores, we have decades of experience in ISO implementation for all types of businesses. We know the industry inside out and understand exactly what it takes for successful implementation and achievement.
By achieving the ISO 27001 certification, your clients and customers will know that they are working with an organisation that is compliant in its information security management, highly credible and trustworthy, and committed to the industry to ensure it is doing the right thing.
It’s important not to underestimate the ISO standards. They are hard work to achieve and should be recognised as a true mark of skill and commitment to the company.
Contact Blackmores
For more information on ISO 27001 implementation or to discuss your requirements, make sure you contact our team today.
Stitcher | Spotify | YouTube | iTunes | Soundcloud
As environmental consultants, we can help organisations to ready themselves for their Environmental ISO certifications. This includes a range of ISO certifications, compliances and solutions.
In today’s business world, the ever-growing stigma to look after the environment around us means that more and more organisations are investing back into the earth to try and combat some of the issues we humans have caused. This can look different for different businesses.
Environmental Certifications and Standards for Businesses
There are several different environmental certifications that you can achieve for your business. As an environmental consultant, we can work with your organisation to ensure your management systems are in order to pass your certification.
ISO 14001 – Environmental Management Certification – ISO 14001 focuses on what businesses can do in order to control the impact they have on the environment.
ISO 14064 – Carbon Verification – Specifies principles and requirements for designing, developing, managing, and reporting organisation or project-level greenhouse gas (GHG) inventories. It also includes requirements for GHG quantification, monitoring, reporting, and verification.
ISO 14068 – Carbon Neutrality – A pathway to achieve Net Zero. It includes requirements for quantification, reduction, and offsetting of greenhouse gas emissions and guides on the transparent declaration of carbon neutrality.
ISO 50001- Energy Management – Focuses on energy management systems and provides a framework for establishing energy management best practices. It helps organisations improve their energy efficiency, reduce costs, and improve energy performance.
ESOS Compliance – The Energy Savings Opportunity Scheme (ESOS) – This is a mandatory energy assessment scheme for large organisations in the UK. It requires organisations to conduct energy audits and identify energy-saving opportunities every four years.
ISO 20400 – Sustainable Procurement – Provides guidance to organisations on integrating sustainability within procurement processes. It offers a framework for sustainable procurement, considering economic, environmental, and social impacts.
ISO 20121- Event Sustainability Management – Specifies a management system for event sustainability. It is designed to help organisations improve the sustainability of their event-related activities, products, and services.
ISO 26000 – Social Accountability Certification – Offers guidance on social responsibility, helping organisations operate in a socially responsible manner. It covers various aspects such as human rights, labour practices, environment, fair operating practices, consumer issues, and community involvement.
ESG Solutions – Environmental, Social, and Governance (ESG) solutions refer to a set of standards for a company’s operations that socially conscious investors use to screen potential investments. ESG solutions encompass a range of practices that ensure a company’s impact on the environment, social justice, and governance policies are considered and addressed responsibly.
If you would like to explore any of the above certifications for your organisation and are looking for an environmental consultant partner to work with – contact us.
Working With an Environmental Consultant
When you choose to work with Blackmores as an environmental consultant, we can help you with any aspect of your certifications and assessment.
Online consultancy and support – we can provide you access to our online platform, which is home to a plethora of resources that you and your team can work through at your own pace. This is a great resource for any ISO certification, as you can access the materials when you need them most.
1-to-1 consultancy – our environmental ISO consultants are here to help you in person or over the phone. We call our consultants isologists because they are experts in all areas of ISO. After an initial meeting where we establish what certification you would like to achieve, you will be appointed an isologists who will work alongside you and create a support plan to ensure you are ready for your certification. We can also be onsite during your assessments. For more information on our environmental consultancy or to discuss an ISO certification, contact our team today.
Stitcher | Spotify | YouTube | iTunes | Soundcloud
If you are investigating ISO 9001 for your business, you might have considered using an ISO 9001 consultancy service. At Blackmores, we work closely with our clients to help them achieve their certifications in any way that we can.
Contact us today to discuss your ISO 9001 certification and how our consultancy services can help you.
Advantages of investing in ISO 9001 Consultancy
There are several advantages to investing in ISO 9001 consultancy for your business. Because we work with companies of all sizes and industries, we see these advantages first-hand. Here are some of the reasons why ISO consultancy is so important.
1. Expert Guidance and Knowledge Available at your Fingertips
Our ISO 9001 Consultants are experts in their field. We refer to our consultants as isologists, because they know everything there is to know about ISO standards and can provide precise guidance on how to interpret and apply changes to your management system to fulfil the requirements to pass your certification. As well as ISO 9001 consultancy, our team of isologists cover consultancy for all ISO standards. If your business requires support, make sure you contact us.
2. 100% Success Rate
At Blackmores, we are proud to have a 100% success rate track record. This shows just how dedicated our ISO 9001 consultancy team are to helping our clients. If you are new to ISO 9001 or have tried to achieve the standard in the past but have been unsuccessful, then investing in a consultancy service will give you all the support you need to pass your assessment and achieve your certification.
3. Training and Development Opportunities
When you choose to work with Blackmores ISO Consultancy service, you gain access to our Isologyhub. This is an online platform packed with training and development resources. You and your team can train and learn online at your leisure in the comfort of your own home. This not only provides ongoing learning opportunities for your employees but also ensures that your team is knowledgeable and capable of maintaining compliance with ISO 9001 or any of the standards you are choosing to achieve.
4. Customised ISO 9001 Support
Every business is unique; when we work with a new client, we start with a gap analysis to ensure we can tailor our support to suit your requirements. Our isologists specialise in different ISO standards and take into account your specific needs and context of your business. This ensures that when you work with Blackmores, our ISO consultancy team can provide the customised support that you require.
5. Ongoing Support
Our ISO 9001 consultancy service offers ongoing support after you have achieved your certification. Through offering this, we help businesses maintain their standards and continually improve their processes.
6. Save Your Time and Resources
It’s no secret that setting out to achieve an ISO 9001 certification involves a lot of time and effort. When you work with our ISO 9001 consultancy service, we do a lot of the leg work, so you don’t have to. We provide a comprehensive review of processes and documentation, which helps us to identify gaps and areas of focus. We then create a plan for going forward and assist with the implementation of the new quality management systems. Following this, we organise the assessment on your behalf, getting quotes and availability from different certification bodies to ensure we get the best deal for your business. Because we have the knowledge and industry information, we are highly efficient at this process, allowing your business to achieve certification faster than if you were to do it on your own.
What is an ISO 9001 Certification?
An ISO 9001 certification is a globally recognised standard centred around quality management. It is designed to help organisations ensure they meet the needs of customers and other stakeholders while meeting statutory and regulatory requirements related to a product or service.
Key Elements ISO 9001
An ISO 9001 certification is a complex standard; the key elements are:
Quality Management System – ISO 9001 provides a framework for establishing a quality management system, which encompasses all the processes, policies, procedures, and responsibilities for achieving organisational quality objectives.
Process-Oriented Approach – ISO 9001 promotes a process-oriented approach to documenting and reviewing the several areas of the business required to achieve effective quality management throughout.
Continuous Improvement – A core principle of ISO 9001 is to show an indication of continuous improvement of an organisation’s quality management system, which involves regular review and updating of processes and practices.
Customer or Client Focus – ISO 900 emphasises the importance of understanding customer needs and striving to exceed customer expectations, ensuring high levels of customer satisfaction achieved through quality.
Risk-Based Thinking – in all businesses there are risks. ISO 9001 encourages organisations to implement risk-based thinking to identify potential issues and implement preventive measures.
ISO 9001 Consultancy from Blackmores
At Blackmores, we provide various levels of support in our ISO 9001 Consultancy services. As well as online support, we also appoint you with a dedicated ISO consultant, one of our isologists. They will be there to support you every step of the way. If your organisation is considering investing in ISO 9001, then contact Blackmores today. We can talk you through the various options we offer and help you start your journey.
Stitcher | Spotify | YouTube |iTunes | Soundcloud
What are the benefits of ISO certifications for your business? As ISO consultants, we work with organisations in various industries to help them gain their certifications. We know the benefits they can bring and why investing time and effort into gaining these standards is essential.
What is an ISO Certification?
ISO certification is a seal of approval from the International Standards Organisation, that indicates you meet internationally recognised Best Practise standards. To achieve it, your organisation will undergo a rigorous assessment of its management system, practices, and procedures.
Once the assessment has been passed, the organisation will have to prove they are meeting the requirements annually to ensure they keep their certification.
There are several different types of ISO certification for different business standards. The most well-known certifications that you may have considered for your business are;
- ISO 9001 Quality Management Standard
- ISO 14001 Environmental Management Standard
- ISO 14064 Carbon Verification
- ISO 27001 Information Security Management Standard
As well as the above certifications, there are several others. Information on all of these can be found on our website.
Top 5 Benefits of ISO Certifications for Your Business
But what are the benefits of ISO to your business? Why should you sacrifice the time and financial investment to gain a certification?
There are several benefits of gaining an ISO certification; the most popular reasons that organisations invest are;
1. Globally Recognised Certification – ISO certifications are globally recognised. They signal to clients, partners, and stakeholders the standard at which your business is working. This is important if you’re working with many overseas clients who may not recognise standards specific to your country.
2. Improved Management—Whichever standard you achieve, your organisation will improve this area of management. Gaining an ISO 9001 means you will have improved quality management, an ISO 27001 means you will have improved security management, etc. This enables your organisation to work more efficiently and to an overall higher standard.
3. Open New Markets—Because ISO standards are globally recognised, they can open doors for your business to work in new markets. Depending on your industry, you may have clients who insist their partners hold specific certifications to be able to work with them. Therefore, gaining your certifications can allow you to work in new markets and with new clients.
4. Company Values—Gaining an ISO certification instantly shows your company values. Once you have gained your certification, you receive a badge that can be displayed on your website and other marketing materials, so anyone interacting with your business will instantly see your company values. This is particularly true for environmental standards.
5. Competitive Advantages—In many industries, gaining your ISO certification may set you apart from the competition.
How can Blackmores Help you Achieve your Certification?
If you are considering working towards an ISO certification, Blackmores are here to help. We provide a full ISO consultancy service for any organisation in any industry. When you decide to work with Blackmores, there are several different ways in which we can provide support;
ISO Consultants – we have a team of ISO consultants who can work with your organisation. Our consultants specialise in different ISO standards, so you will always be working with an expert. Your ISO consultant will be with you every step of the way, helping you put management systems in place.
Online ISO Training—The isologyhub offers an extensive portfolio of online training resources. Once we begin our journey together, you will have access to various resources that you and your team can work through at your own pace to give you a wider understanding of ISO and how your organisation can achieve its certifications.
ISO Show—Have you heard of our ISO show? The ISO show is a weekly podcast that we release. We discuss a new topic every episode, from new standard requirements to market trends to deeper explanations of specific standards. If you’re just beginning your ISO journey and want to understand more, then the ISO show is a great place to start—see all of our previous episodes here.
Work With an ISO Consultant Today
If you are considering working towards an ISO certification and want to speak to an ISO consultant, contact our team today.
Stitcher | Spotify | YouTube |iTunes | Soundcloud
What is an ISO consultant? And why should you be working with one?
An ISO consultant or ISO consultancy service is an individual or organisation that works alongside businesses to help them achieve their ISO certifications.
At Blackmores, we offer ISO consultancy. We have been working in this industry for decades and have built a wealth of knowledge and experience in assisting businesses in achieving their ISO certifications efficiently.
If you are investigating ISO standards for your business and would like some advice and assistance, please contact us.
What Does an ISO Consultant Do?
When you work with an ISO consultant, they can help you in many ways. At Blackmores, we follow these steps;
Conduct an ISO Gap Analysis Audit – the first thing we do when working with a new client is to conduct an ISO gap analysis audit. This will highlight to us and our client which areas are functioning well and where changes need to be made in order to pass the certification. Because we work with many clients in different industries and areas, we can conduct these audits quickly and efficiently, so we can start recommending changes as soon as possible.
Create an ISO System—Based on our analysis findings and industry knowledge, we create a bespoke ISO management system for your business that incorporates your company’s current systems and way of working.
Provide e-Learning Materials—When you work with Blackmores, you can access our ISO hub, an online platform full of training materials and resources. Here, you can master the basics of ISO, learn specific techniques for the certification you are working towards, and create your own management system to comply with regulations. You can work through the training at your own pace, making it a flexible option for busy business people.
Appoint an isologist – You may choose to stick with the isologyhub, or you might want to invest in an ISO consultant, or as we call them, an isologist. Our isologists are experts in their field and will guide your business through every step of your certification from start to finish. They can still be available after you have achieved your certification for advice and support where required.
Plan and Conduct Internal Audits – we will plan and conduct internal audits throughout the process to ensure you are on the track to success. We won’t put you forward for your certification until we are satisfied that the standards will be met.
Provide On-Site Support—We will be on-site when you need us. When an isologist has an appointment, they will communicate with you in detail and be there when you need them.
Request a quote for Certification on Your Behalf—When we know you are ready and you are happy with your progress, we will request a quote for certification on your behalf because we work in the industry regularly and know the best way to achieve accreditation quickly and at a reasonable price.
Blackmores ISO Consultants
At Blackmores, our ISO consultants are very experienced in working alongside organisations in various industries to help them achieve their certifications. Our success rate is unmatched, which is why many of our clients return to us when embarking on another ISO journey.
We know the hardships that come with working in professional sectors. Sometimes, a long-standing client may suddenly demand an ISO certification from their partners, or you may want to open doors to new markets for your business. Whatever your reason for exploring ISO certifications, our ISO consultants are here to help—it’s what we do!
ISO Standards Explained
An ISO standard is a globally recognised certification that indicates that your organisation is operating to the highest recognised standard.
You may be aware that there are multiple ISO standards. Depending on your work sector, you may be more interested in some than others.
The most popular ISO standards are;
ISO 9001 – Quality Management. The ISO 9001 certification is a global quality stamp for an organisation.
ISO 14001 – Environment Management. The ISO 14001 certification shows that your organisation meets environmental standards and reduces its carbon footprint.
ISO 27001 – Security Standard. The ISO 27001 covers security issues and shows that all risks are assessed and handled correctly to protect information and individuals.
ISO 22301 – Business Continuity. The ISO 22301 is all about business continuity and shows that you have a plan for the business.
Work With an ISO Consultant
If you are considering ISO certifications for your organisations and want to work with an ISO consultant, contact the Blackmores team today.
Stitcher | Spotify | YouTube |iTunes | Soundcloud
For ISO training online, why not become a member of our Isologyhub and gain access to training materials to help you achieve your certification?
Our Isologyhub can help take your business to the next level with a vast array of ISO training materials you and your team can access at your convenience. For more information, visit our Isologyhub page or contact us today.
Our Isologyhub
Our Isologyhub is the perfect way to complete ISO training online. We have created a wealth of resources to help you to achieve various ISO standards.
At Blackmores, we are ISO Consultants who help organisations all over the UK to implement ISO Management Systems and gain certification. Our clients can benefit from our expertise in the field and our experience working in different industries. Our hard work has led us to have a 100% client success rate – so what are you waiting for? Sign up to an isologyhub membership that suits you today.
How Our Isologyhub Can Help Your Business
At Blackmores, we have used our expertise to build the UK’s number-one training and resource platform to help you gain the certifications you need. When you become a member, you will have access to ISO training online, which will allow you to;
- Learn the specific techniques required to gain your ISO certification.
- Understand the basics of ISO and what an accreditation would mean for your business.
- Use our online resources to go at your own pace, no set class times or deadlines
- Keep up-to-date with any changes or updates in the world of ISO.
- Gain confidence in your ISO knowledge and expertise.
- Use your newfound knowledge to create your own bespoke ISO management system for your organisation so that you can gain your accreditation.
Why Invest in ISO Training Online?
As ISO consultants, we know how frustrating it can be to try and navigate gaining a certification on your own. Aside from the stringent procedures and processes required to pass the certification, the online resources can vary in quality and usefulness, making it difficult to know where to put your trust and efforts.
There are several reasons why you may be looking into ISO training online;
You Need Help Understanding Requirements for An ISO Certification – Our ISO training platform offers resources to help you understand each certification and the requirements for each. We break it down into understandable elements so you can see where you need to implement changes and new systems. We’re also on hand to help if you need further clarification.
Your Current ISO Management System is Out-Dated – if you’ve held an ISO certification for some time and are now finding that your systems are outdated, then ISO training online would be a good investment for you. You already know the basics; our resources will guide you through the updated elements and allow you to update your current systems with ease.
You Want to Increase Your Number of ISO Certifications – If your organisation already holds an ISO certification and you want to look into other standards, then online training would be a good direction. By gaining multiple ISO standards, you can increase your company profile and improve sustainability.
You’re Struggling to Keep on Top of Your Current ISO Certifications – There are many tasks that need to be kept on top of for you to keep your certifications. With standards being updated and best practices altering, there can be changes that you need to comply with. By becoming a member of your Isologyhub and investing in ISO training online, you can keep up to date and improve the overall management of your ISO system.
ISO Certification May be a Requirement from a Client – you may have a client, supplier or partner who is demanding that you gain a particular ISO accreditation for them to continue working with you. If your resources are stretched or you need to understand particular ISO standards, becoming a member of our Isologyhub is a great place to start.
What Certifications Does Our ISO Training Online Cover
When you sign up to our Isologyhub, you will have access to training and resources which can help you with thousands of ISO standards. The standards that we focus on in the most detail are;
- ISO 9001 Quality Management
- ISO 14001 Environment
- ISO 45001 Health and Safety
- ISO 27001 Information Security
Join Our Isologyhub Today
For ISO training online and access to resources, you need to gain an ISO certification for your business, then join our Isologyhub today.
Depending on where you are with your ISO journey, you may want to invest in an ISO consultant to support you. If you would like to discuss your ISO certification with us, please contact us.
Stitcher | Spotify | YouTube |iTunes | Soundcloud
Allowing employees to use personal email accounts to conduct business means that your company’s business information is being stored on mail servers outside of your control, anywhere in the world. You have no way of knowing all the places where your company data is stored, or where it’s been transmitted. This is a breach of the Data Protection Act 2018 and GDPR; for which there are fines for companies and individuals of anything up to £18m.
It could be argued that there is a potential breach of the Computer Misuse Act 1990 as the information that should have been held on a company laptop and in company servers has been found in an employee’s system.
A personal email account is open to searches that are not permitted by the business and not covered by your company’s security policies; because employees may have agreed to Gmail/Hotmail Terms and Conditions (which allow for email content searches), to allow targeted advertising. You may have a good data privacy policy in place, but personal email accounts can bypass it with one click of the “Send” button. Again, you will be in breach of the Data Protection Act 2018.
Understanding the risks and implications of using personal accounts for business is not always apparent until there are Freedom of Information requests, internal investigations, or eDiscovery. In all these cases, those personal accounts may contain relevant information and as such have to be offered-up for search and retrieval. This is a breach of the Freedom of Information Act 2000
Even the act of discovery is difficult – Personal emails are not discoverable in standard legal discovery procedures. Google for example prohibits external scanning of users’ emails (several cases are currently under way), meaning the company will have to instruct the user to scan his or her email themselves and runs a big risk of spoliation sanctions. If the issue is regulatory, the company is likely to be found to be breaking the Law.
If there is a serious security incident that requires a legal investigation the police and courts can take measures to seize both business and private employee IT equipment, under the Police and Criminal Evidence Act 1984 if there is a chance that evidence has held on any equipment used in the course of business. The chances of getting equipment back is very slim as it is often bonded and retained as part of a criminal investigation.
Furthermore, the company can be facing a lawsuit under the Police and Criminal Evidence Act 1984 if it is deemed that evidence has been withheld because of the company not being able to access information no longer in their control on employee PCs or legal cases could fail as there would be serious doubt about the integrity of the evidence being presented and a Judge may consider the evidence to be inadmissible.
Any employee in a business sending personal/personnel information to their personal e-mail addresses automatically breaches the Data Protection Act 2018 and GDPR, and is subject to the same enforcements under the ICO which might results in heavy fines.
In short, sending an e-mail to a personal account, or using a personal account for business use is a legal minefield that is not worth traversing either as a business or employee as the damage to reputation can never be repaired.
If you are concerned about your organisations’ data security then you may want to consider ISO 27001 (Information Security Management) or BS 10012 (Personal Information Management).
If you would like to learn more about ISO 27001, we do have a 2 part Podcast series discussing the journey to certification. Listen HERE.
We’d love to hear your views and comments about the ISO Show, here’s how:
- Share the ISO Show on twitter or Linkedin
- Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.
Subscribe to keep up-to-date with our latest episodes:
Stitcher | Spotify | YouTube |iTunes | Soundcloud
BS 10012 is a British standard that outlines the specifications for a Personal Information Management System (PIMS). This was introduced in 2009 to help organisations manage personal information and comply with data protection laws.
The standard was updated in 2017 to reflect the GDPR’s requirements, making it an ideal framework for regulatory compliance. For example, it includes specific guidance on each principal, helping organisations meet the requirements of BS10012 and GDPR.
After implementing BS 10012 for a number of organisations, here are our Top tips on implementing BS 10012.
- Establish a PIMS team – this is not a one-person job. You will need to have input from all areas that are involved with personal data.
- Carry out a Privacy Impact Assessment – It is important to understand where all the personal identifiable data is within the organisation, how it is collected and how it is disposed. (remember this is all Data – soft and hard copies – get in to all the drawers and cupboards)
- Data mapping – collate the information on a data matrix, this would show all the information in one place.
- Carry out a risk assessment – the data matrix will flag up any risks that need addressing
- Update documentation – Ensure all documents are updated i.e data protection policies, cookie policy and privacy policy.
- Training, training and more training – people are the weakest link, ensure ALL staff have had BS 100012 training
- Conduct Internal Audits – to verify compliance and check your systems are effective.
Implementing a PIMS can be challenging so if you would like assistance please contact us for further information on: enquiries@blackmoresuk.com
What’s the difference between BS 10012 and GDPR?
The General Data Protection Regulations (GDPR) are the requirements for data protection across the EU, laid down in law; therefore, every organisation that controls or processes personal data is legally obliged to comply with the requirements and must be able to demonstrate the application of data protection principles.
BS 10012:2017 is a Standard – a framework – to assist organisations in meeting the legal obligations laid out in the GDPR Articles and Recitals. Not only does BS10012:2017 address all the operational requirements of GDPR within Clauses 5 – 8, it also addresses how businesses can ensure they align their data protection responsibilities within the overall strategy of the business through context, leadership and continual improvement. But more importantly, it ensures ongoing compliance to GDPR.
Can I implement BS 10012 instead of GDPR
Yes. BS 10012 incorporates all the requirements of GDPR, but the key benefit is that it drives ongoing review and improvement of controls implemented to manage these requirements – now and thereafter.
Neither GDPR nor BS10012 alignment happens without input or effort. Both require action and top level commitment from a business. There is no ‘off the shelf’ magic answer as every business is different, with its own processes, people, clients and suppliers – all of which generate personal data that needs to be effectively managed within a business.
If you need any more information on this topic – contact Blackmores today!
The Basics of BS 10012
BS 10012 is the British standard for Personal Information Management, and provides a framework for maintaining and improving compliance with data protection requirements and good practice.
It covers topics such as privacy impact assessment, risk assessments, data retention and disposal, privacy by design and employee awareness training; helping you to put policies and procedures in place to effectively manage the personal information of individuals.
Alignment with BS 10012
BS 10012:2017 provides the framework to implement a personal information management system around the principles of Data Protection (GDPR):
- Principle (a) Lawfully, fairly and transparently processed (Clause 8.2.6);
- Principle (b) Obtained only for specific legitimate purposes Clause 8.2.7);
- Principle (c) Adequate, relevant, limited in line with data limitation principles (Clause 8.2.8);
- Principle (d) Accurate and up to date, with every effort to erase or rectify without delay (Clause 8.2.9);
- Principle (e) Stored in a form that permits identification no longer than necessary (Clause 8.2.10);
- Principle (f) Ensure appropriate security, integrity and confidentiality of personal information using technological and organisational measures (Clause 8.2.11).
- General Accountability for the above
I already have an ISO certification, can I integrate BS 10012?
BS 10012:2017 follows the ‘Plan-Do-Check-Act’ continuous improvement model and is aligned to ISO Annex SL, adopted by all key management system standards, enabling organisations to integrate their PIMS with other standards, notably ISO/IEC 27001:2013. It is also a standard which organisations can now certify against.
Who needs to be involved in BS 10012?
Do all my staff need to be involved in BS 10012?
Successful implementation is a team effort.
It starts with the top – Senior Management need to be fully onboard and committed to achieving data protection best practice. If this is secured, then everything else will flow from there.
In order to effectively identify all the personal data within your organisation you need to involve all areas of the business.
All too often businesses are concerned with just the data they may process for their clients – normally because they’re being questioned about data protection by their clients!
Or on the flip side, businesses are overly concerned with staff or finance data – excluding all the other client-related personal data they may be controlling in the business.
With BS 10012 – all personal data is captured and recorded to ensure that all risks are considered.
Thereafter, all staff require a level of data protection training to ensure that they understand their responsibilities in relation to personal data. Unfortunately, as has been proven many times before, people will always be the weakest link when it comes to data protection breaches. Ensuring all staff are trained is fundamentally one of the most important steps to take in implementing BS 10012:2017
This extends out to key suppliers or partners depending on whether personal data is shared/ transferred outside of the business.
Contact Blackmores today if you would like to learn more!
Can I implement BS 10012 instead of GDPR
Yes. BS 10012 incorporates all the requirements of GDPR, but the key benefit is that it drives ongoing review and improvement of controls implemented to manage these requirements – now and thereafter.
Neither GDPR or BS 10012 alignment happens without input or effort. Both require action and top level commitment from a business. There is no ‘off the shelf’ magic answer as every business is different, with its own processes, people, clients and suppliers – all of which generate personal data that needs to be effectively managed within a business.
How much work is involved in implementing BS10012
Neither GDPR or BS 10012 alignment happens without input or effort. Both require action and top level commitment from a business. There is no ‘off the shelf’ magic answer as every business is different, with its own processes, people, clients and suppliers – all of which generate personal data that needs to be effectively managed within a business.
Gone are the days when a simple communicated Data Protection policy and registration with the Information Commissioner would suffice for Data Protection compliance. One of the biggest changes is the ‘accountability’ principle underpinning the six other principles. You now need to be able to prove you have applied all the principles within your business.
Over and above just the basic principles, you should be striving to:
- Demonstrate that you understand what personal data you control or process,
- Identify the legal basis for processing
- Demonstrate the steps you have taken to understand and control/mitigate risk
- Communicate requirements to interested parties
- ‘Bake in’ Data Protection within your organisation (including required processes and review of planned/unplanned changes)
- Review performance and strive for continual improvement.
When you consider the potential consequences of getting any of this wrong – 4% of global annual revenue or €20M whichever is greater – why wouldn’t you take the best practice approach and implement BS 10012?
Can I implement BS 10012 instead of GDPR
Yes. BS 10012 incorporates all the requirements of GDPR, but the key benefit is that it drives ongoing review and improvement of controls implemented to manage these requirements – now and thereafter.
Neither GDPR or BS 10012 alignment happens without input or effort. Both require action and top level commitment from a business. There is no ‘off the shelf’ magic answer as every business is different, with its own processes, people, clients and suppliers – all of which generate personal data that needs to be effectively managed within a business.
How will BS 10012 add value to my business?
By implementing and certifying your business against BS 10012:2017, you will be able to demonstrate some clear advantages over your competitors:
- Commitment to protecting client and stakeholder personal data – independently assessed by a 3rd party certification body
- Identify risks to personal information and implement controls to mitigate them – reducing risk for both your organisation, and any clients whose personal data you may process
- Utilise a management system to actively demonstrate compliance with both the GDPR and the revised UK Data Protection Act
- Continually improve your management of personal data against recognised best practice and improved controls
- Proactively protect your reputation – both in the market and to your interested parties
- Achieve competitive advantage when tendering for new business
Running a successful business is all about reducing risk wherever possible (BS 10012 is a risk-based standard) and seeking opportunities to improve on the competition (BS 10012 certification sets you apart from mere internal GDPR ‘compliance statements’).
You can confidently state that you have credible 3rd party assurance that you are meeting your data protection obligations under GDPR – through certification to BS 10012 with a recognised certification body such as ISOQAR, BSI, LRQA, SGS etc.
If you would like more help understanding BS 10012 and GDPR, contact us today!
Will ISO 27001 make me GDPR compliant?
On its own No – this is a myth.
Information security is just one of Six principles of BS10012 and GDPR
“f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”
Whilst a very important principle, if you rely on just having ISO 27001 for GDPR compliance you run the risk of not being in full alignment with all the principles (and related articles and recitals).
Who needs to be involved in BS 10012?
Do all my staff need to be involved in BS 10012
Successful implementation is a team effort.
It starts with the top – Senior Management need to be fully onboard and committed to achieving data protection best practice. If this is secured, then everything else will flow from there.
In order to effectively identify all the personal data within your organisation you need to involve all areas of the business.
All too often businesses are concerned with just the data they may process for their clients – normally because they’re being questioned about data protection by their clients!
Or on the flip side, businesses are overly concerned with staff or finance data – excluding all the other client related personal data they may be controlling in the business.
With BS10012 – all personal data is captured and recorded to ensure that all risks are considered.
Thereafter, all staff require a level of data protection training to ensure that they understand their responsibilities in relation to personal data. Unfortunately, as has been proven many times before, people will always be the weakest link when it comes to data protection breaches. Ensuring all staff are trained is fundamentally one of the most important steps to take in implementing BS10012:2017
This extends out to key suppliers or partners depending on whether personal data is shared/ transferred outside of the business.
If you would like more help understanding these certifications – then contact Blackmores today!
How to go about implementing BS 10012?
At Blackmores, we are ISO consultants who can help with any standard including implementing BS 10012 for your organisation.
The best way to go about gaining any ISO standard is to work with a consultant. We have a proven technique and procedures to work with any organisation. When you choose to partner with Blackmores, you also gain access to our online training portal with various training resources for you and your team.
Implementing BS 10012
The first step to Implementing BS 10012 would be to carry out a Gap Analysis to identify where the gaps are in your Personal Information Management. Evaluate the results and formulate a plan to put the correct policies and procedures in place to be compliant. This evaluation will also highlight any potential existing risks with your personal information management, which can then be addressed as you create your management system.
Unless you are familiar with BS 10012 requirements, we suggest seeking out guidance or support with the process of establishing a management system. Blackmores also offer assistance with BS 10012, so feel free to Contact Us for more information.
What is BS 10012?
Any organisation that processes personal information should ensure that it protects the privacy of the people it affects. BS 10012 provides a framework for maintaining and improving compliance with data protection requirements and good practice.
This webinar washeld on the 16th March at 12pm-12:45pm. This webinar will covers the following:-
- What is BS10012:2017?
- What’s the difference between BS10012 and GDPR?
- How will BS10012 add value to my business?
- What is the best approach to implementing BS10012?
- Who needs to be involved?
- Is BS10012 certification recognised?
- How Blackmores can help you to achieve BS10012 certification
Our 7 Steps to Success
The Blackmores ISO Roadmap is a proven path to go from idea to launching your ISO Management System.
Whether you choose to work with one of our isologist consultants or work your own way through the process on our isology Hub, we’re certain you’ll achieve certification in no time!
What our clients have to say
Trusted by leading organisations across all sectors, we support companies of all sizes in any location.
Listen to our Podcast
Welcome to the ISO Show podcast, dispelling myths and sharing tips for success to improve your business with ISO Standards. Join us to hear interviews with successful business leaders as they share their ISO journey with you.
Get top tips via audio master classes “ISO Steps to Success” on the most popular ISO Standards.