BS10012 Archives - Blackmores

An ISO consultant is a professional who helps organisations achieve certification for ISO standards. ISO certifications are globally recognised standards that demonstrate an organisation’s commitment to quality, efficiency, and continuous improvement, depending on which standard you achieve.

At Blackmores, we are ISO consultants. We work with organisations to guide them through the process of meeting ISO requirements and implementing internal management systems to ensure they pass and maintain their certification.

What Does an ISO Consultant Do? – Our Process

Working with an ISO consultant isn’t a necessity; you can put yourself forward for auditing and achieve your certification yourself. So, what does an ISO consultant do? We work with ISO standards day in, day out, so we know the best and most efficient processes to help you achieve ISO certification.

Initial Consultation and Assessment

Our process begins with an initial consultation where we evaluate your organisation’s current processes and identify any gaps in compliance with ISO standards. This gives us a starting point and allows us to create a plan.

We assign you a dedicated ISO Consultant who will work with your organisation from start to finish.

Creating a Plan

Based on the assessment, we develop a tailored implementation plan that outlines the steps your organisation needs to take to achieve ISO certification. This plan will prioritise actions, establish timelines, and provide guidance on how to address identified gaps.

Provide Training Materials

So that you get the most out of working with our ISO Consultants, we provide access to the isologyhub®, an online learning platform that is full of useful learning resources. You can work through the material at your own pace to understand more about the various ISO standards.

Implementation of Changes

We then move on to helping you implement the necessary changes. We work closely with you and your team to modify or enhance processes and implement an internal management system.

Internal Audits and Documentation

Your dedicated ISO consultant will assist with preparing for your organisation for internal audits. We can ensure that you have all the necessary documentation in place. This step is crucial for demonstrating your organisation’s compliance during the certification audit.

Certification Audit and Ongoing Support

Once your organisation has made the necessary changes, your consultant will support you through the certification audit. They will help ensure that your team is prepared and that all processes are aligned with the ISO standards. After certification, we continue to provide support to help maintain compliance.

Why Use an ISO Consultant?

Achieving ISO certification can be a complex and time-consuming process. Working with an ISO consultant like Blackmores offers several key advantages to organisations.

Expertise and Knowledge – Our ISO consultants bring specialised knowledge of the implementation process and the specific requirements of different ISO standards. This expertise helps ensure that your organisation meets all the necessary standards without missing crucial steps.

Streamlined Process – An ISO consultant can streamline the implementation process, saving your organisation time and effort. Rather than navigating the requirements on your own, our consultants can offer a clear roadmap, ensuring compliance is achieved in an efficient manner.

Tailored Solutions – Every organisation is unique, our ISO consultants tailor their approach to your specific needs. Whether you are a small business or a large corporation, we will assess your current processes, identify areas for improvement, and create a customised plan to help you meet ISO standards.

Who Do ISO Consultants Work With?

At Blackmores, we work with a variety of organisations across different industries, helping them to meet ISO standards relevant to their operations.

Small and Medium-Sized Enterprises (SMEs) – For SMEs, our dedicated ISO consultants can offer valuable guidance and support in achieving certification.

Large Corporations – For larger businesses, our ISO consultants provide a strategic role working closely with senior management to develop a long-term strategy for ISO certification.

Start-ups and New Ventures – Start-ups can greatly benefit from working with an ISO consultant, especially when it comes to embedding robust systems from the outset. Achieving an ISO certification early in the business’s lifecycle helps to establish credibility and a reputation for quality.

Public Sector Organisations – Public sector organisations, including government departments and non-profits, often need ISO certifications to meet regulatory and legal requirements. An ISO consultant can help these organisations navigate the certification process.

Other Professional Services – We also work with other professional services, such as legal firms, accountants, and healthcare providers, who need to demonstrate compliance with ISO standards as part of their operational protocols.

Work with Blackmores

Working with Blackmores ISO consultants is an investment in your organisation’s future. Contact our team today to ensure that your organisation is on the right path to success.

Stitcher | Spotify | YouTube | iTunes | Soundcloud

If your organisation is endeavouring to become more aware of the impact it is having on the world around you, then getting started with ESG for business is the perfect place to begin.

At Blackmores, we are ISO Consultants. We help businesses from all industries to implement management systems and practices to achieve ISO certifications in all different areas. As ESG for business becomes a growing trend, we are finding more organisations want to gain certification to ISO standards that support this.

We will be running a workshop in March to give you more information on how your business can become more environmentally and socially aware. Sign up for this workshop below

What is ESG for Business?

ESG stands for Environmental, Social, and Governance. It is a framework for businesses that evaluates an organisation’s impact on society and the environment, as well as the robustness of its governance structures. ESG criteria help businesses align with ethical, sustainable, and responsible practices. It covers areas such as carbon footprint reduction, ethical supply chains, diversity and inclusion, and corporate transparency.

To ensure your business is reaching the criteria, you can gain ISO certifications which will indicate your acknowledgement and responsiveness to these issues. If you would like to enquire about our ISO consultancy services for ESG compliance – contact our team today.

Get Started with ESG for Business with ISO Certifications

Certain ISO standards provide structured methodologies that align with the principles of ESG for business. As part of our ISO consultancy, we can help your organisation in achieving the following standards which will contribute towards your ESG compliance:

ISO 14001 Environmental Management Systems – Helps businesses manage environmental responsibilities effectively.

ISO 45001 Occupational Health and Safety Management Systems – Ensures workplace safety and employee well-being.

ISO 26000 Social Responsibility Guidance – Provides guidance on operating in a socially responsible manner.

ISO 50001 Energy Management Systems – Assists in improving energy performance and efficiency.

ISO 37001 Anti-Bribery Management Systems – Strengthens corporate governance and ethical business practices.

If you would like to discuss any of the above ISO certifications and your Businesses ESG requirements then contact our team.

Why ESG is Important for Businesses?

The significance of ESG is growing year on year as people and businesses become more aware of their environmental impact. Going forward, investors, regulators, and consumers will continue to favour organisations who can prove they are sustainable and ethically responsible.

Investing in resources that will give your company strong ESG performance will enhance your brands reputation. It will also mitigate risks in business functions and attract new customers, clients and investments.

Modern Trends in ESG for Business

Some of the trends you may have noticed that directly relate to ESG for business are:

Carbon neutrality and net-zero commitments – As more consumers favour brands that are actively doing what they can to reduce carbon emissions, becoming carbon neutral has become a goal for organisations in all industries.
Supply chain transparency – This comes down to ethical sourcing throughout the whole of the supply chain. Making sure every step offers fair, responsible labour and practices.
ESG data and reporting – It’s not enough to say that you are ethical, you need to be able to have the facts and figures to prove it. ISO certifications put the processes in place to support this.
Regulatory developments – Compliance with certain elements of ESG are becoming stricter and essential for business functions.

How to Become an ESG Leader in Your Industry

To become an ESG leader in your industry, there are several aspects you could be considering and investing in. In March, we will be hosting a workshop to give you all the details on how to get started, and how to ensure your business becomes an ESG leader in your industry.

You can sign up using the link below – we look forward to seeing you there.

If you are looking for an ISO consultant to partner with for any of the standards mentioned then please contact our isologists. We can build a plan that suits you and your organisation.

Stitcher | Spotify | YouTube | iTunes | Soundcloud

As ISO consultants, part of our role is to make sure we are keeping our clients up-to-date with any ISO updates and changes. Now that we are mid-way through the first month of the new year, we wanted to bring you some insight into what has changed recently during 2024 and what is planned for 2025.

2025 ISO and Quality Standard Updates

Within the world of ISO, the upcoming dates for changes are not always set. However, there are a few things happening in 2025. The information about them is minimal at the moment, but we are here to give you all the information we have available.

Net Zero-Focused Standard

The biggest change for 2025 is that the Net Zero Guidelines (IWA 42:2022) have been released. This will likely be the foundation from which the new Standard will be built. The actual ISO number hasn’t been made public yet, nor has a set launch date. Watch this space and sign up to our ISO show podcast to be the first to hear when any changes are made.

Minor Changes for 2025

Updates to ISO 14001 Environmental Management Standard – some minor updates and changes coming to this Standard will emphasise a stronger alignment in your business strategy and a better integration of environmental management with your business plan.

Revision of ISO 9001 Pushed to 2026 – revisions of the ISO 9001 standard were put in place in 2024. The deadline for implementing these changes has now been moved to September 2026. If you currently have an ISO 9001 certification and would like a consultant to review what changes you need to make to fit the new revision, contact our team today.

ISO and Quality Standard Updates from 2024

Throughout 2024, several updates took place within the ISO and quality standard space.

ISO 42001 AI Management – We have all witnessed the major increase in AI used within business functions. The ISO 42001 AI Management standard was first published in Dec 2023, but people only really started implementing the required management systems through 2024. So far, no organisations have been certified, but Certification Bodies are in a race to get the first one over the line. We expect this to happen within 2025 and become a well-received standard in several industries.
The release of ISO 20121:2024 – This Standard was revised through 2024. We did a podcast to summarise the revised standard
The release of those Net Zero Guidelines – as mentioned above. These guidelines were released in preparation for what will be a new standard, which will hopefully be launched this year.

Working With Our ISO Consultants

If you are looking into achieving any ISO Standards through 2025, then why not work with one of our ISO Consultants? We have several isologists who specialise in different industry standards. Whether you already hold certifications that require updating or you’re just starting out on your ISO journey, we can help you.

Stitcher | Spotify | YouTube | iTunes | Soundcloud

At Blackmores, we are ISO consultants. We specialise in helping organisations achieve their certifications. We are often asked to define different standards and help organisations work out which standards they require as well as guide them through the steps to success. So, what is ISO 22301?

ISO 22301 is the international standard for Business Continuity Management Systems (BCMS). It provides a framework for organisations to plan, operate and maintain their ability to prepare for and respond to disruptive incidents.

Key Features of ISO 22301 Business Continuity Management

There are several key features of ISO 22301 which make it the perfect tool for business continuity management. When you work with one of our ISO 22301 consultants, they can help you create a management plan which includes all of the essential features to ensure your organisation can continue to operate in times of crisis.

Risk Assessment and Mitigation: We can implement systems to detect potential threats to business operations and create strategies to mitigate risks.

Business Continuity Plans: Business continuity plans are important as they explain how your business will remain operational during any risk that may come your way. This is essential for minimising down time and keeping operations flowing.

Recovery Plan: As well as a business continuity plan, your organisation will need a recovery plan, this will ensure your organisation will get back up and running at full power in the shortest time possible.

Plan for Continual Improvement: We will also advise and implement a plan for continual improvement. This promotes ongoing monitoring, testing, and updating of continuity plans, so you can always be looking to the future.

Why Should My Business Invest in ISO 22301?

ISO 22301 is important for any business; most businesses see the benefit in having a plan for when attacks occur. Although this (hopefully) won’t happen too frequently for your business, it is always good practice to have a contingency plan. Especially when you and your employee’s livelihood is at stake!

Minimise Downtime and Revenue Loss – Investing in ISO 22301 ensures your business can respond effectively to disruptions, reducing downtime and financial losses.

Regulatory and Compliance Benefits and Global Recognition – ISO standards are globally recognised; this means that achieving ISO 22301 certification can enhance your global market opportunities. It is an indicator of the compliance your business follows when it comes to the legal requirements for business continuity. This can help if your business is entering a tendering process as it is instantly recognisable.

Risk Management and Resilience – ISO 22301 ensures that your business has identified risks and developed mitigation strategies to ensure your business can continue to function through risks and threats.

Working with an ISO 22301 Consultant

ISO certification can be time consuming and complicated. There are lots of criteria that needs to be met in a very specific way. This is where Blackmores come in. We are ISO Consultants, we work with your organisation to help you implement a management system that will ensure you pass your certification. This can save you time and an awful lot of hassle.

Some of the main reasons our clients choose to work with our ISO Consultants are

Expertise and Experience – We specialise in interpreting ISO 22301 requirements and aligning them with different business operations. Our experience and expertise ensures a smooth and efficient certification process for you.

Gap Analysis – We begin all of our initial consultations with an in depth gap analysis so we know exactly what needs to be done.

Customised Solutions – We build custom management systems for each of our clients and offer a bespoke service depending on how much support you require for you ISO certifications.

Multi-Standard Support – As an ISO Consultancy organisation, we can help you with any ISO standard you set out to achieve. We have everything you need under one roof. Working with an ISO consultant means you don’t need to learn multiple standards to pass them, we can work together so you can achieve the certifications you need.

Training and Learning – As well as working closely with you to develop and implement a management system, we also provide training materials for you and your team. Our isologyhub is an online platform with everything you need to become an ISO expert.

Investing in ISO 22301 Consultancy with Blackmores

If your organisation is considering gaining your ISO 22301 certification and you need help and support, contact our team today. Our isologists are ready and waiting to hear from you.

Stitcher | Spotify | YouTube | iTunes | Soundcloud

At Blackmores, we are ISO consultants for many ISO standards. We work with clients within the UK and internationally. We provide in-person and virtual training for all standards across all industries.

One of the reasons our clients choose to work with us is our unique ISO training material. We believe that education is key to your organisation’s success when it comes to ISO standards. That is why, as part of our ISO consultancy service, we also provide in-depth ISO training material that leaves no stone unturned.

We host all of our ISO training material in our online platform; our isologyhub. Here you will find various materials and mediums for you and your team to study and learn. No matter which ISO certification you are working towards, our isologyhub can provide what you need.

About Our isologyhub

Our isologyhub will revolutionise the way your organisation gathers information to understand ISO certifications.

Through our isologyhub, you can work through our ISO Roadmap, this is our step-by-step guide where you work through our proven path to go from initial concept to launching your ISO management system. We guide you through everything you need to know and implement for success.

Our isologyhub offers different Pathways to take you from Learner, to Practitioner, to Leader. You can enter your training at any of our three stages depending on your previous ISO experience and knowledge progression. Find out about our different Pathways on our isologyhub page.

Throughout each Pathway, there are several quizzes available to test what you have learnt. You also have the opportunity to earn certificates throughout your learning process.

Thanks to our ISO training materials, achieving ISO standards for your organisation has never been easier. Take your business to the next level with our ISO training plan—contact our team of isologists today.

What You Can Expect from Our ISO Training Material

We wanted to create a safe learning space with ISO training material that suits every learning type. Within our platform, we have a selection of:

Tools and templates – You can download our practical templates, which you can then adapt to your needs and your organisation. We also have a range of resources where you can learn about each standard.

Coffee Break Training – Some people work better in short, sharp bursts, which is why we provide 5 to 10 minute informative courses within our ISO training material.

Live Sessions – Sometimes, you need time with an expert to ask any questions that may have arisen during your training. We provide live sessions where you have time to ask questions and seek advice.

Game Plans – our ISO Training Material also includes Game Plans. These are action-focused guides to help you tackle common challenges that arise.

The Importance of Good ISO Training Material

Good ISO training material is so important when you are focusing on achieving your certification for your organisation.

Up-to-Date Information – Investing in good ISO training material is important for ensuring you and your company are working with and learning from up-to-date sources. The elements of the standard change periodically, and we ensure all of our ISO training materials remain as up-to-date as possible.

Increase Your Skill Set – The main goal of any training is to increase your skill set. Investing in good ISO training materials means you will actually learn about what is required for your organisation, not just read a checklist.

Bespoke Solution – With ISO solutions, there is not always a one-size-fits-all. Our ISO online training materials can help you create bespoke solutions to suit your organisation.

Learning Pace – When you embark on a learning journey, it is important to be able to work at your own pace. With our isologyhub, you can access materials as and when you need them in a timeline that suits you.

ISO Training Material from Blackmores

At Blackmores, we have created our isologyhub so that you have a dedicated platform to work through and keep track of your progress. We believe we have provided the most logical and easy to use ISO training platform.

Stitcher | Spotify | YouTube | iTunes | Soundcloud

If your company currently holds an ISO 27001 certification, you should be aware of the ISO 27001 transition.

ISO 27001 is the international standard for information security. It is suitable for any organisation as it deals with security issues in relation to company sensitive information as well as personal information.

What is an ISO 27001 Transition?

The transition moves ISO 27001 from 2013 version to the 2022 revision. If your organisation currently holds an ISO 27001:2013 certification, you will need to update your certification.

The changes were first introduced in 2022, and the deadline to transition your certification is October 2025.

If you currently hold an ISO 27001:2013 certificate and you are looking for a consultant to help you transition to ISO 27001:2022, contact Blackmores today. Our ISO 27001 consultants can discuss the transition with you and help you to adapt your management systems to achieve the newer revision.

Analysis of an ISO 27001 Transition

Many of our clients are asking about the differences between ISO 27001:2013 and ISO 27001:2022. We have a whole mini-series on our pod casts – The ISO Show all about the ISO 27001 Transition.

There have been several changes which include 56 controls which can been combined into 24 newly titles controls with 11 new controls added. This leaves 58 controls unchanged.

New Controls Added to ISO 27001:2022

To summarise, these are the 11 new controls that have been added to the ISO 27001 transition:

1. Control A.5.7 Threat Intelligence – ‘To provide awareness of the organisation’s threat environment so that the appropriate mitigation actions can be taken.’ – Threat Intelligence can come from many different sources. Some of the best places to look include the NCSC or local police websites, as well as tools that can be used to detect phishing attacks. As well as digital threats, you also need to think about physical security. ISO 27001 is about much more than just protecting data!

2. Control A.5.23 Information security for use of cloud services – “To specify and manage information security for the use of cloud services.” – With the increase in cloud computing between 2013 and 2022, adding a control around this topic was incredibly important. The best place to start is to verify the security of your service provider to ensure it’s adequate by checking their valid Information Security credentials such as CSA Star, Cyber Essentials, and SOC. This also overlaps with principles of ISO 27017 (certification for cloud security), ISO 27018 (Protection of PII in the public cloud) and ISO 27701 (PII Security Standard).

3. Control A.5.30 ICT readiness for business continuity –’ To ensure the availability of the organisation’s information and other associated assets during disruption’ – There are a few other ISO standards that could assist with this, for example, ISO 27031 (ICT

4. Control A.5.30 ICT readiness for business continuity – further considerations: Recovery Time Objectives and Recovery Point Objectives are a big focus of this control of the standard. Business Continuity is one of the most important elements of security as it determines how your business will cope in the event of an attack or a breach. If you’re looking to dig deeper into business recovery time, you may want to check out BS 25777 (ICT continuity), which is an older certification that should be helpful to you and your business.

5. Control A.7.4 Physical security monitoring –’ To detect and deter unauthorised physical access.’ – Physical security monitoring can include elements like CCTV, access control, swipe cards, etc. Within the monitoring elements, you should also have a method for detecting and alerting anomalies.

6. Control A.8.9 Configuration management – ‘To ensure hardware, software, services and networks function correctly with required security settings, and configuration is not altered by unauthorised or incorrect changes’ – This involves configuration for any software or hardware that is required. Things, including firewalls, software, any hardware devices, passwords, etc, should be documented, as well as explained and monitored on a regular basis. This will ensure nothing changes without notifying the relevant people. For further guidance, you could find helpful elements within ISO 20000.

7. Control A.8.10 Information deletion – ‘To prevent unnecessary exposure of sensitive information and to comply with legal, statutory, regulatory and contractual requirements for information deletion.’ – Information deletion is a control that already existed in the ISO 27001:2013 Standard, but it has simply been clarified further. You will now need to prove that data has been deleted as required; you may need to provide relevant certificates if you currently use a 3rd party for this.

8. Control A.8.11 Data Masking – ‘To limit the exposure of sensitive data including PII, and to comply with legal, statutory, regulatory and contractual requirements.’ – There are three options when it comes to data masking. These three options are;Obfuscation, pseudonymisation and anonymisation. The data masking elements can also help your organisation to comply with GDPR requirements.

9. Control A.8.12 Data leakage prevention – ‘To detect and prevent the unauthorised disclosure and extraction of information by individuals or systems.’ – This control has been re-added from the previous 2005 version of ISO 27001. Organisations should have systems in place to monitor any particularly large data downloads – or even possibly large print batches. Secure email systems and regular security training are also a must for any organisation.

10. Control A.8.16 Monitoring Activities – ‘To detect anomalous behaviour and potential information security incidents.’ – within ISO 27001, there is an element where monitoring and detecting unusual activities is required. This can help with secrurity and data breech es or issues.

11. Control A.8.23 Web Filtering – ‘To protect systems from being compromised by malware and to prevent access to unauthorised web resources.’ – Because we use the internty and cloud based systems, there has been a cause for including web filtering into ISO 27001. Your systems should ensure that people are unable to access unsecure sites. Some organisations choose to extend this to social media.

12. Control A.8.28 Secure Coding – ‘To ensure the software is written securely, thereby reducing the number of potential information security vulnerabilities in the software.’ – Software must be written securely. If you use a 3rdparty, this should be seen as standard. If you use a bespoke system, then you must evaluate it against industry professional standards.

Working with Blackmores for your ISO 27001 Transition

At Blackmores, we are ISO consultants. We work with organisations in various industries to help them create and implement management systems that comply with ISO standards so that they can achieve various certifications.

When it comes to completing an ISO 27001 transition, we have worked with many of our clients to help them make the required changes and ensure they are able to achieve certification to the 2022 version.

You only have until October 2025 to transition to the 2022 version of ISO 27001. If you would like expert advice and support, contact our team or isologists today.

Stitcher | Spotify | YouTube | iTunes | Soundcloud

With the world becoming more reliant on digital technology, along with the recent surge in artificial intelligence for just about everything, there is a lot of talk around ISO artificial intelligence standards for businesses.

At Blackmores, we are ISO Consultants. We work with organisations to help them achieve various ISO standards, one of which is the Artificial Intelligence Management Standard.

To kick start your journey, we have put together this guide to give you the basics of ISO 42001 and tell you why the best way forward is to work with an ISO Consultant.

What is the Artificial Intelligence Management Standard?

ISO 42001 is the first Artificial Intelligence Management Standard which has been designed and develop to help businesses implement, maintain and improve AI management practices.

It is a very new standard, having just been published in December 2023 by the International Organisation for Standardisation and the International Electrotechnical Commission.

Why Should My Business Get Certified in Artificial Intelligence Standards?

There are several reasons why your business should invest in ISO Artificial Intelligence standards.

Having this standard demonstrates that your business is using AI in a responsible and ethical way.
It allows you to be transparent and reliable in your use of AI in your development
It supports compliance with legal and regulatory standards within your business
it will help you to implement a framework for managing risks and opportunities as a result of using AI
ISO 42001 will demonstrate that you are using AI as a strategic decision for your business
The use of AI shows that you are encouraging innovation within your business

If you are using AI in any of your daily activities, then you could run into the following risks;

Inaccurate Information – If you are using AI to create any company information or internal and external communications, you need to be aware of the inaccuracies that you could be exposing yourself to. AI generators rarely fact-check; the information simply comes from resources on the web which could be

Inaccurate
Out of date
Bias
Come from a poisoned data source

If you are using information directly from AI in any company texts or literature, it’s extremely important that you fact check and ensure your information is correct, as AI can open you up to:

Plagiarism – Although many AI tools avoid copying directly from the source, there are still risks of plagiarism which could lead to law suits and potentially fines.

Security Risks – as with most external resources, there are security risks associated with the use of AI. This is something to be aware of when you are using AI for any business function.

Because of the above risks, we advise that if you are using AI in your organisation, you should invest in Artificial Intelligence Management Standards. At Blackmores, we can help you implement ISO 42001 into your existing systems to protect you from various risks.

Working With An ISO 42001 Consultant

Although ISO 42001 is a new standard, we have been working as an ISO consultant for over 18 years. We have refined our process to ensure our clients pass their certifications and gain the standards they need to grow their business, satisfy customers, and achieve sleeker working standards.

Our process tends to follow the following steps:

Gap Analysis – All of our ISO Consultancy works begin with a gap analysis. We take a look at your current management systems and determine where the gaps are and how AI standards can be integrated.

Give You Access to Training Materials – our online platform: our isologyhub contains a wide portfolio of training and development materials. When you work with Blackmores we give you access to this platform for you and your employees so you can learn at your own pace. In our isology hub you will find all you need to know about ISO Artificial Intelligence standards and much more.

Appoint your AI Management Consultant – to help you implement you management system, we will appoint you a dedicated AI Management consultant who will work alongside you and your team. Each of our consultants specialises in a different standard so they are up-to-date and well educated in the area you are looking for. We call our consultants our isologists – you can meet them here.

Internal Audits – Part of gaining your certification means conducting internal audits. This can be a daunting process whether you have already gained a certification or if this is your first one. Your ISO consultant can be onsite for these audits to ensure everything runs smoothly for you and your team.

External Audits – we can book your external audits on your behalf and ensure we are available to come and support you during this time.

Who Should Be Investing in Gaining an ISO Artificial Intelligence Standard?

Any business that uses AI for any task should consider investing in the ISO Artificial Intelligence standard. This is a growing area for businesses to consider to getting certified now could save you a lot of time and effort for the future.

If you are looking for an ISO consultant for ISO 42001 or any standard, contact our team today. We are looking forward to partnering with organisations all over the UK to help them achieve their ISO goals.

Stitcher | Spotify | YouTube | iTunes | Soundcloud

At Blackmores, we are ISO consultants. One of the aspects we help our clients with is ISO 27001 implementation.

What is ISO 27001

ISO 27001 is an internationally recognised standard for managing information security. It provides a framework for establishing, implementing, and maintaining an Information Security Management System (ISMS). The goal of ISO 27001 is to help your business protect its information by identifying risks and implementing appropriate controls to mitigate them. At Blackmores, we work with our clients to help them identify these risks and implement an ISMS that meets the ISO 27001 standard.

ISO 27001 covers various aspects of security, including:

Risk assessment
Security policies
Access controls
Incident management
Compliance with legal requirements.

When you achieve your ISO 27001 certification, your company has demonstrated their commitment to safeguarding sensitive data and reducing the risk of security breaches.

ISO 27001 Implementation with Blackmores

At Blackmores, we work with clients from all industries and all over the country. We work closely with each client and create a bespoke package for them to ensure that they get exactly what they need. We can provide online resources so that you or your team can work at your own pace when focusing on your ISO 27001 implementation.

When working with our clients, we can offer the following

Initial Audit – Before we can create an Information Security Management System, we first carry out a thorough audit of your current processes. This enables us to see where the gaps are and identify what we can do to help you with your ISO 27001 Implementation.

Provide Resources, Training, and Consultations – We then begin training you and your team on ISO 27001. We give you insight into what is required to pass the certification and how your business can work towards these processes. Our online training modules, provided through the isologyhub, are perfect for you and your team to work through independently.

Dedicated isologists – We appoint a dedicated ISO consultant from our team of isologists for each of our clients. Each of our isologists specialises in a specific ISO standard. Your isologist will be available for you to reach out to for questions, queries and advice throughout your ISO 27001 implementation process. We make sure we are onsite for your internal and external audits from awarding bodies to provide that extra support where required.

Ongoing Support – Once your ISO 27001 certification has been achieved, we continue to support you. If you have further questions or want to discuss any aspect, you can contact your isologist, and they can help you.

Working with an ISO 27001 Consultant

When you choose to work with an ISO consultant for any standard, you give your business the best chance of successful implementation and long-term success.

At Blackmores, we have decades of experience in ISO implementation for all types of businesses. We know the industry inside out and understand exactly what it takes for successful implementation and achievement.

By achieving the ISO 27001 certification, your clients and customers will know that they are working with an organisation that is compliant in its information security management, highly credible and trustworthy, and committed to the industry to ensure it is doing the right thing.

It’s important not to underestimate the ISO standards. They are hard work to achieve and should be recognised as a true mark of skill and commitment to the company.

Contact Blackmores

For more information on ISO 27001 implementation or to discuss your requirements, make sure you contact our team today.

Stitcher | Spotify | YouTube | iTunes | Soundcloud

As environmental consultants, we can help organisations to ready themselves for their Environmental ISO certifications. This includes a range of ISO certifications, compliances and solutions.

In today’s business world, the ever-growing stigma to look after the environment around us means that more and more organisations are investing back into the earth to try and combat some of the issues we humans have caused. This can look different for different businesses.

Environmental Certifications and Standards for Businesses

There are several different environmental certifications that you can achieve for your business. As an environmental consultant, we can work with your organisation to ensure your management systems are in order to pass your certification.

ISO 14001 – Environmental Management Certification – ISO 14001 focuses on what businesses can do in order to control the impact they have on the environment.

ISO 14064 – Carbon Verification – Specifies principles and requirements for designing, developing, managing, and reporting organisation or project-level greenhouse gas (GHG) inventories. It also includes requirements for GHG quantification, monitoring, reporting, and verification.

ISO 14068 – Carbon Neutrality – A pathway to achieve Net Zero. It includes requirements for quantification, reduction, and offsetting of greenhouse gas emissions and guides on the transparent declaration of carbon neutrality.

ISO 50001- Energy Management – Focuses on energy management systems and provides a framework for establishing energy management best practices. It helps organisations improve their energy efficiency, reduce costs, and improve energy performance.

ESOS Compliance – The Energy Savings Opportunity Scheme (ESOS) – This is a mandatory energy assessment scheme for large organisations in the UK. It requires organisations to conduct energy audits and identify energy-saving opportunities every four years.

ISO 20400 – Sustainable Procurement – Provides guidance to organisations on integrating sustainability within procurement processes. It offers a framework for sustainable procurement, considering economic, environmental, and social impacts.

ISO 20121- Event Sustainability Management – Specifies a management system for event sustainability. It is designed to help organisations improve the sustainability of their event-related activities, products, and services.

ISO 26000 – Social Accountability Certification – Offers guidance on social responsibility, helping organisations operate in a socially responsible manner. It covers various aspects such as human rights, labour practices, environment, fair operating practices, consumer issues, and community involvement.

ESG Solutions – Environmental, Social, and Governance (ESG) solutions refer to a set of standards for a company’s operations that socially conscious investors use to screen potential investments. ESG solutions encompass a range of practices that ensure a company’s impact on the environment, social justice, and governance policies are considered and addressed responsibly.

If you would like to explore any of the above certifications for your organisation and are looking for an environmental consultant partner to work with – contact us.

Working With an Environmental Consultant

When you choose to work with Blackmores as an environmental consultant, we can help you with any aspect of your certifications and assessment.

Online consultancy and support – we can provide you access to our online platform, which is home to a plethora of resources that you and your team can work through at your own pace. This is a great resource for any ISO certification, as you can access the materials when you need them most.

1-to-1 consultancy – our environmental ISO consultants are here to help you in person or over the phone. We call our consultants isologists because they are experts in all areas of ISO. After an initial meeting where we establish what certification you would like to achieve, you will be appointed an isologists who will work alongside you and create a support plan to ensure you are ready for your certification. We can also be onsite during your assessments. For more information on our environmental consultancy or to discuss an ISO certification, contact our team today.

Stitcher | Spotify | YouTube | iTunes | Soundcloud

If you are investigating ISO 9001 for your business, you might have considered using an ISO 9001 consultancy service. At Blackmores, we work closely with our clients to help them achieve their certifications in any way that we can.

Advantages of investing in ISO 9001 Consultancy

There are several advantages to investing in ISO 9001 consultancy for your business. Because we work with companies of all sizes and industries, we see these advantages first-hand. Here are some of the reasons why ISO consultancy is so important.

1. Expert Guidance and Knowledge Available at your Fingertips

Our ISO 9001 Consultants are experts in their field. We refer to our consultants as isologists, because they know everything there is to know about ISO standards and can provide precise guidance on how to interpret and apply changes to your management system to fulfil the requirements to pass your certification. As well as ISO 9001 consultancy, our team of isologists cover consultancy for all ISO standards. If your business requires support, make sure you contact us.

2. 100% Success Rate

At Blackmores, we are proud to have a 100% success rate track record. This shows just how dedicated our ISO 9001 consultancy team are to helping our clients. If you are new to ISO 9001 or have tried to achieve the standard in the past but have been unsuccessful, then investing in a consultancy service will give you all the support you need to pass your assessment and achieve your certification.

3. Training and Development Opportunities

When you choose to work with Blackmores ISO Consultancy service, you gain access to our Isologyhub. This is an online platform packed with training and development resources. You and your team can train and learn online at your leisure in the comfort of your own home. This not only provides ongoing learning opportunities for your employees but also ensures that your team is knowledgeable and capable of maintaining compliance with ISO 9001 or any of the standards you are choosing to achieve.

4. Customised ISO 9001 Support

Every business is unique; when we work with a new client, we start with a gap analysis to ensure we can tailor our support to suit your requirements. Our isologists specialise in different ISO standards and take into account your specific needs and context of your business. This ensures that when you work with Blackmores, our ISO consultancy team can provide the customised support that you require.

5. Ongoing Support

Our ISO 9001 consultancy service offers ongoing support after you have achieved your certification. Through offering this, we help businesses maintain their standards and continually improve their processes.

6. Save Your Time and Resources

It’s no secret that setting out to achieve an ISO 9001 certification involves a lot of time and effort. When you work with our ISO 9001 consultancy service, we do a lot of the leg work, so you don’t have to. We provide a comprehensive review of processes and documentation, which helps us to identify gaps and areas of focus. We then create a plan for going forward and assist with the implementation of the new quality management systems. Following this, we organise the assessment on your behalf, getting quotes and availability from different certification bodies to ensure we get the best deal for your business. Because we have the knowledge and industry information, we are highly efficient at this process, allowing your business to achieve certification faster than if you were to do it on your own.

What is an ISO 9001 Certification?

An ISO 9001 certification is a globally recognised standard centred around quality management. It is designed to help organisations ensure they meet the needs of customers and other stakeholders while meeting statutory and regulatory requirements related to a product or service.

Key Elements ISO 9001

An ISO 9001 certification is a complex standard; the key elements are:

Quality Management System – ISO 9001 provides a framework for establishing a quality management system, which encompasses all the processes, policies, procedures, and responsibilities for achieving organisational quality objectives.

Process-Oriented Approach – ISO 9001 promotes a process-oriented approach to documenting and reviewing the several areas of the business required to achieve effective quality management throughout.

Continuous Improvement – A core principle of ISO 9001 is to show an indication of continuous improvement of an organisation’s quality management system, which involves regular review and updating of processes and practices.

Customer or Client Focus – ISO 900 emphasises the importance of understanding customer needs and striving to exceed customer expectations, ensuring high levels of customer satisfaction achieved through quality.

Risk-Based Thinking – in all businesses there are risks. ISO 9001 encourages organisations to implement risk-based thinking to identify potential issues and implement preventive measures.

ISO 9001 Consultancy from Blackmores

At Blackmores, we provide various levels of support in our ISO 9001 Consultancy services. As well as online support, we also appoint you with a dedicated ISO consultant, one of our isologists. They will be there to support you every step of the way. If your organisation is considering investing in ISO 9001, then contact Blackmores today. We can talk you through the various options we offer and help you start your journey.

Stitcher | Spotify | YouTube |iTunes | Soundcloud

What are the benefits of ISO certifications for your business?

As ISO consultants, we work with organisations in various industries to help them gain their certifications. We know the benefits they can bring and why investing time and effort into gaining these standards is essential.

What is an ISO Certification?

ISO certification is a seal of approval from the International Standards Organisation, that indicates you meet internationally recognised Best Practise standards. To achieve it, your organisation will undergo a rigorous assessment of its management system, practices, and procedures.

Once the assessment has been passed, the organisation will have to prove they are meeting the requirements annually to ensure they keep their certification.

There are several different types of ISO certification for different business standards. The most well-known certifications that you may have considered for your business are;

ISO 9001 Quality Management Standard
ISO 14001 Environmental Management Standard
ISO 14064 Carbon Verification
ISO 27001 Information Security Management Standard

As well as the above certifications, there are several others. Information on all of these can be found on our website.

Top 5 Benefits of ISO Certifications for Your Business

But what are the benefits of ISO to your business? Why should you sacrifice the time and financial investment to gain a certification?

There are several benefits of gaining an ISO certification; the most popular reasons that organisations invest are;

1. Globally Recognised Certification – ISO certifications are globally recognised. They signal to clients, partners, and stakeholders the standard at which your business is working. This is important if you’re working with many overseas clients who may not recognise standards specific to your country.

2. Improved Management—Whichever standard you achieve, your organisation will improve this area of management. Gaining an ISO 9001 means you will have improved quality management, an ISO 27001 means you will have improved security management, etc. This enables your organisation to work more efficiently and to an overall higher standard.

3. Open New Markets—Because ISO standards are globally recognised, they can open doors for your business to work in new markets. Depending on your industry, you may have clients who insist their partners hold specific certifications to be able to work with them. Therefore, gaining your certifications can allow you to work in new markets and with new clients.

4. Company Values—Gaining an ISO certification instantly shows your company values. Once you have gained your certification, you receive a badge that can be displayed on your website and other marketing materials, so anyone interacting with your business will instantly see your company values. This is particularly true for environmental standards.

5. Competitive Advantages—In many industries, gaining your ISO certification may set you apart from the competition.

How can Blackmores Help you Achieve your Certification?

If you are considering working towards an ISO certification, Blackmores are here to help. We provide a full ISO consultancy service for any organisation in any industry. When you decide to work with Blackmores, there are several different ways in which we can provide support;

ISO Consultants – we have a team of ISO consultants who can work with your organisation. Our consultants specialise in different ISO standards, so you will always be working with an expert. Your ISO consultant will be with you every step of the way, helping you put management systems in place.

Online ISO Training—The isologyhub offers an extensive portfolio of online training resources. Once we begin our journey together, you will have access to various resources that you and your team can work through at your own pace to give you a wider understanding of ISO and how your organisation can achieve its certifications.

ISO Show—Have you heard of our ISO show? The ISO show is a weekly podcast that we release. We discuss a new topic every episode, from new standard requirements to market trends to deeper explanations of specific standards. If you’re just beginning your ISO journey and want to understand more, then the ISO show is a great place to start—see all of our previous episodes here.

Work With an ISO Consultant Today

If you are considering working towards an ISO certification and want to speak to an ISO consultant, contact our team today.

Stitcher | Spotify | YouTube |iTunes | Soundcloud

What is an ISO consultant? And why should you be working with one?

An ISO consultant or ISO consultancy service is an individual or organisation that works alongside businesses to help them achieve their ISO certifications.

At Blackmores, we offer ISO consultancy. We have been working in this industry for decades and have built a wealth of knowledge and experience in assisting businesses in achieving their ISO certifications efficiently.

If you are investigating ISO standards for your business and would like some advice and assistance, please contact us.

What Does an ISO Consultant Do?

When you work with an ISO consultant, they can help you in many ways. At Blackmores, we follow these steps;

Conduct an ISO Gap Analysis Audit – the first thing we do when working with a new client is to conduct an ISO gap analysis audit. This will highlight to us and our client which areas are functioning well and where changes need to be made in order to pass the certification. Because we work with many clients in different industries and areas, we can conduct these audits quickly and efficiently, so we can start recommending changes as soon as possible.

Create an ISO System—Based on our analysis findings and industry knowledge, we create a bespoke ISO management system for your business that incorporates your company’s current systems and way of working.

Provide e-Learning Materials—When you work with Blackmores, you can access our ISO hub, an online platform full of training materials and resources. Here, you can master the basics of ISO, learn specific techniques for the certification you are working towards, and create your own management system to comply with regulations. You can work through the training at your own pace, making it a flexible option for busy business people.

Appoint an isologist – You may choose to stick with the isologyhub, or you might want to invest in an ISO consultant, or as we call them, an isologist. Our isologists are experts in their field and will guide your business through every step of your certification from start to finish. They can still be available after you have achieved your certification for advice and support where required.

Plan and Conduct Internal Audits – we will plan and conduct internal audits throughout the process to ensure you are on the track to success. We won’t put you forward for your certification until we are satisfied that the standards will be met.

Provide On-Site Support—We will be on-site when you need us. When an isologist has an appointment, they will communicate with you in detail and be there when you need them.

Request a quote for Certification on Your Behalf—When we know you are ready and you are happy with your progress, we will request a quote for certification on your behalf because we work in the industry regularly and know the best way to achieve accreditation quickly and at a reasonable price.

Blackmores ISO Consultants

At Blackmores, our ISO consultants are very experienced in working alongside organisations in various industries to help them achieve their certifications. Our success rate is unmatched, which is why many of our clients return to us when embarking on another ISO journey.

We know the hardships that come with working in professional sectors. Sometimes, a long-standing client may suddenly demand an ISO certification from their partners, or you may want to open doors to new markets for your business. Whatever your reason for exploring ISO certifications, our ISO consultants are here to help—it’s what we do!

ISO Standards Explained

An ISO standard is a globally recognised certification that indicates that your organisation is operating to the highest recognised standard.

You may be aware that there are multiple ISO standards. Depending on your work sector, you may be more interested in some than others.

The most popular ISO standards are;

ISO 9001 – Quality Management. The ISO 9001 certification is a global quality stamp for an organisation.

ISO 14001 – Environment Management. The ISO 14001 certification shows that your organisation meets environmental standards and reduces its carbon footprint.

ISO 27001 – Security Standard. The ISO 27001 covers security issues and shows that all risks are assessed and handled correctly to protect information and individuals.

ISO 22301 – Business Continuity. The ISO 22301 is all about business continuity and shows that you have a plan for the business.

Work With an ISO Consultant

If you are considering ISO certifications for your organisations and want to work with an ISO consultant, contact the Blackmores team today.

Stitcher | Spotify | YouTube |iTunes | Soundcloud

For ISO training online, why not become a member of our Isologyhub and gain access to training materials to help you achieve your certification?

Our Isologyhub can help take your business to the next level with a vast array of ISO training materials you and your team can access at your convenience. For more information, visit our Isologyhub page or contact us today.

Our Isologyhub

Our Isologyhub is the perfect way to complete ISO training online. We have created a wealth of resources to help you to achieve various ISO standards.

At Blackmores, we are ISO Consultants who help organisations all over the UK to implement ISO Management Systems and gain certification. Our clients can benefit from our expertise in the field and our experience working in different industries. Our hard work has led us to have a 100% client success rate – so what are you waiting for? Sign up to an isologyhub membership that suits you today.

How Our Isologyhub Can Help Your Business

At Blackmores, we have used our expertise to build the UK’s number-one training and resource platform to help you gain the certifications you need. When you become a member, you will have access to ISO training online, which will allow you to;

Learn the specific techniques required to gain your ISO certification.
Understand the basics of ISO and what an accreditation would mean for your business.
Use our online resources to go at your own pace, no set class times or deadlines
Keep up-to-date with any changes or updates in the world of ISO.
Gain confidence in your ISO knowledge and expertise.
Use your newfound knowledge to create your own bespoke ISO management system for your organisation so that you can gain your accreditation.

Why Invest in ISO Training Online?

As ISO consultants, we know how frustrating it can be to try and navigate gaining a certification on your own. Aside from the stringent procedures and processes required to pass the certification, the online resources can vary in quality and usefulness, making it difficult to know where to put your trust and efforts.

There are several reasons why you may be looking into ISO training online;

You Need Help Understanding Requirements for An ISO Certification – Our ISO training platform offers resources to help you understand each certification and the requirements for each. We break it down into understandable elements so you can see where you need to implement changes and new systems. We’re also on hand to help if you need further clarification.

Your Current ISO Management System is Out-Dated – if you’ve held an ISO certification for some time and are now finding that your systems are outdated, then ISO training online would be a good investment for you. You already know the basics; our resources will guide you through the updated elements and allow you to update your current systems with ease.

You Want to Increase Your Number of ISO Certifications – If your organisation already holds an ISO certification and you want to look into other standards, then online training would be a good direction. By gaining multiple ISO standards, you can increase your company profile and improve sustainability.

You’re Struggling to Keep on Top of Your Current ISO Certifications – There are many tasks that need to be kept on top of for you to keep your certifications. With standards being updated and best practices altering, there can be changes that you need to comply with. By becoming a member of your Isologyhub and investing in ISO training online, you can keep up to date and improve the overall management of your ISO system.

ISO Certification May be a Requirement from a Client – you may have a client, supplier or partner who is demanding that you gain a particular ISO accreditation for them to continue working with you. If your resources are stretched or you need to understand particular ISO standards, becoming a member of our Isologyhub is a great place to start.

What Certifications Does Our ISO Training Online Cover

When you sign up to our Isologyhub, you will have access to training and resources which can help you with thousands of ISO standards. The standards that we focus on in the most detail are;

Join Our Isologyhub Today

For ISO training online and access to resources, you need to gain an ISO certification for your business, then join our Isologyhub today.

Depending on where you are with your ISO journey, you may want to invest in an ISO consultant to support you. If you would like to discuss your ISO certification with us, please contact us.

Stitcher | Spotify | YouTube |iTunes | Soundcloud

Allowing employees to use personal email accounts to conduct business means that your company’s business information is being stored on mail servers outside of your control, anywhere in the world. You have no way of knowing all the places where your company data is stored, or where it’s been transmitted. This is a breach of the Data Protection Act 2018 and GDPR; for which there are fines for companies and individuals of anything up to £18m.

It could be argued that there is a potential breach of the Computer Misuse Act 1990 as the information that should have been held on a company laptop and in company servers has been found in an employee’s system.

A personal email account is open to searches that are not permitted by the business and not covered by your company’s security policies; because employees may have agreed to Gmail/Hotmail Terms and Conditions (which allow for email content searches), to allow targeted advertising. You may have a good data privacy policy in place, but personal email accounts can bypass it with one click of the “Send” button. Again, you will be in breach of the Data Protection Act 2018.

Understanding the risks and implications of using personal accounts for business is not always apparent until there are Freedom of Information requests, internal investigations, or eDiscovery. In all these cases, those personal accounts may contain relevant information and as such have to be offered-up for search and retrieval. This is a breach of the Freedom of Information Act 2000

Even the act of discovery is difficult – Personal emails are not discoverable in standard legal discovery procedures. Google for example prohibits external scanning of users’ emails (several cases are currently under way), meaning the company will have to instruct the user to scan his or her email themselves and runs a big risk of spoliation sanctions. If the issue is regulatory, the company is likely to be found to be breaking the Law.

If there is a serious security incident that requires a legal investigation the police and courts can take measures to seize both business and private employee IT equipment, under the Police and Criminal Evidence Act 1984 if there is a chance that evidence has held on any equipment used in the course of business. The chances of getting equipment back is very slim as it is often bonded and retained as part of a criminal investigation.

Furthermore, the company can be facing a lawsuit under the Police and Criminal Evidence Act 1984 if it is deemed that evidence has been withheld because of the company not being able to access information no longer in their control on employee PCs or legal cases could fail as there would be serious doubt about the integrity of the evidence being presented and a Judge may consider the evidence to be inadmissible.

Any employee in a business sending personal/personnel information to their personal e-mail addresses automatically breaches the Data Protection Act 2018 and GDPR, and is subject to the same enforcements under the ICO which might results in heavy fines.

In short, sending an e-mail to a personal account, or using a personal account for business use is a legal minefield that is not worth traversing either as a business or employee as the damage to reputation can never be repaired.

If you are concerned about your organisations’ data security then you may want to consider ISO 27001 (Information Security Management) or BS 10012 (Personal Information Management).

If you would like to learn more about ISO 27001, we do have a 2 part Podcast series discussing the journey to certification. Listen HERE.

Discover more about Blackmores by contacting us today!

We’d love to hear your views and comments about the ISO Show, here’s how:

Share the ISO Show on twitter or Linkedin
Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.

Subscribe to keep up-to-date with our latest episodes:

Stitcher | Spotify | YouTube |iTunes | Soundcloud

Banner image - Top Tips on implementing BS 10012 to meet GDPR requirements

BS 10012 is a British standard that outlines the specifications for a Personal Information Management System (PIMS). This was introduced in 2009 to help organisations manage personal information and comply with data protection laws.

The standard was updated in 2017 to reflect the GDPR’s requirements, making it an ideal framework for regulatory compliance. For example, it includes specific guidance on each principal, helping organisations meet the requirements of BS10012 and GDPR.

After implementing BS 10012 for a number of organisations, here are our Top tips on implementing BS 10012.

Establish a PIMS team – this is not a one-person job. You will need to have input from all areas that are involved with personal data.
Carry out a Privacy Impact Assessment – It is important to understand where all the personal identifiable data is within the organisation, how it is collected and how it is disposed. (remember this is all Data – soft and hard copies – get in to all the drawers and cupboards)
Data mapping – collate the information on a data matrix, this would show all the information in one place.
Carry out a risk assessment – the data matrix will flag up any risks that need addressing
Update documentation – Ensure all documents are updated i.e data protection policies, cookie policy and privacy policy.
Training, training and more training – people are the weakest link, ensure ALL staff have had BS 100012 training
Conduct Internal Audits – to verify compliance and check your systems are effective.

Implementing a PIMS can be challenging so if you would like assistance please contact us for further information on: enquiries@blackmoresuk.com

What’s the difference between BS 10012 and GDPR?

The General Data Protection Regulations (GDPR) are the requirements for data protection across the EU, laid down in law; therefore, every organisation that controls or processes personal data is legally obliged to comply with the requirements and must be able to demonstrate the application of data protection principles.

BS 10012:2017 is a Standard – a framework – to assist organisations in meeting the legal obligations laid out in the GDPR Articles and Recitals. Not only does BS10012:2017 address all the operational requirements of GDPR within Clauses 5 – 8, it also addresses how businesses can ensure they align their data protection responsibilities within the overall strategy of the business through context, leadership and continual improvement. But more importantly, it ensures ongoing compliance to GDPR.

Can I implement BS 10012 instead of GDPR

Neither GDPR nor BS10012 alignment happens without input or effort. Both require action and top level commitment from a business. There is no ‘off the shelf’ magic answer as every business is different, with its own processes, people, clients and suppliers – all of which generate personal data that needs to be effectively managed within a business.

If you need any more information on this topic – contact Blackmores today!

The Basics of BS 10012

BS 10012 is the British standard for Personal Information Management, and provides a framework for maintaining and improving compliance with data protection requirements and good practice.

It covers topics such as privacy impact assessment, risk assessments, data retention and disposal, privacy by design and employee awareness training; helping you to put policies and procedures in place to effectively manage the personal information of individuals.

Alignment with BS 10012

BS 10012:2017 provides the framework to implement a personal information management system around the principles of Data Protection (GDPR):

Principle (a) Lawfully, fairly and transparently processed (Clause 8.2.6);
Principle (b) Obtained only for specific legitimate purposes Clause 8.2.7);
Principle (c) Adequate, relevant, limited in line with data limitation principles (Clause 8.2.8);
Principle (d) Accurate and up to date, with every effort to erase or rectify without delay (Clause 8.2.9);
Principle (e) Stored in a form that permits identification no longer than necessary (Clause 8.2.10);
Principle (f) Ensure appropriate security, integrity and confidentiality of personal information using technological and organisational measures (Clause 8.2.11).
General Accountability for the above

I already have an ISO certification, can I integrate BS 10012?

BS 10012:2017 follows the ‘Plan-Do-Check-Act’ continuous improvement model and is aligned to ISO Annex SL, adopted by all key management system standards, enabling organisations to integrate their PIMS with other standards, notably ISO/IEC 27001:2013. It is also a standard which organisations can now certify against.

Who needs to be involved in BS 10012?

Do all my staff need to be involved in BS 10012?

Successful implementation is a team effort.

It starts with the top – Senior Management need to be fully onboard and committed to achieving data protection best practice. If this is secured, then everything else will flow from there.

In order to effectively identify all the personal data within your organisation you need to involve all areas of the business.

All too often businesses are concerned with just the data they may process for their clients – normally because they’re being questioned about data protection by their clients!

Or on the flip side, businesses are overly concerned with staff or finance data – excluding all the other client-related personal data they may be controlling in the business.

With BS 10012 – all personal data is captured and recorded to ensure that all risks are considered.

Thereafter, all staff require a level of data protection training to ensure that they understand their responsibilities in relation to personal data. Unfortunately, as has been proven many times before, people will always be the weakest link when it comes to data protection breaches. Ensuring all staff are trained is fundamentally one of the most important steps to take in implementing BS 10012:2017

This extends out to key suppliers or partners depending on whether personal data is shared/ transferred outside of the business.

Contact Blackmores today if you would like to learn more!

Can I implement BS 10012 instead of GDPR

Neither GDPR or BS 10012 alignment happens without input or effort. Both require action and top level commitment from a business. There is no ‘off the shelf’ magic answer as every business is different, with its own processes, people, clients and suppliers – all of which generate personal data that needs to be effectively managed within a business.

How much work is involved in implementing BS10012

Gone are the days when a simple communicated Data Protection policy and registration with the Information Commissioner would suffice for Data Protection compliance. One of the biggest changes is the ‘accountability’ principle underpinning the six other principles. You now need to be able to prove you have applied all the principles within your business.

Over and above just the basic principles, you should be striving to:

Demonstrate that you understand what personal data you control or process,
Identify the legal basis for processing
Demonstrate the steps you have taken to understand and control/mitigate risk
Communicate requirements to interested parties
‘Bake in’ Data Protection within your organisation (including required processes and review of planned/unplanned changes)
Review performance and strive for continual improvement.

When you consider the potential consequences of getting any of this wrong – 4% of global annual revenue or €20M whichever is greater – why wouldn’t you take the best practice approach and implement BS 10012?

Can I implement BS 10012 instead of GDPR

Yes. BS 10012 incorporates all the requirements of GDPR, but the key benefit is that it drives ongoing review and improvement of controls implemented to manage these requirements – now and thereafter.
Neither GDPR or BS 10012 alignment happens without input or effort. Both require action and top level commitment from a business. There is no ‘off the shelf’ magic answer as every business is different, with its own processes, people, clients and suppliers – all of which generate personal data that needs to be effectively managed within a business.

How will BS 10012 add value to my business?

By implementing and certifying your business against BS 10012:2017, you will be able to demonstrate some clear advantages over your competitors:

Commitment to protecting client and stakeholder personal data – independently assessed by a 3^rd party certification body
Identify risks to personal information and implement controls to mitigate them – reducing risk for both your organisation, and any clients whose personal data you may process
Utilise a management system to actively demonstrate compliance with both the GDPR and the revised UK Data Protection Act
Continually improve your management of personal data against recognised best practice and improved controls
Proactively protect your reputation – both in the market and to your interested parties
Achieve competitive advantage when tendering for new business

Running a successful business is all about reducing risk wherever possible (BS 10012 is a risk-based standard) and seeking opportunities to improve on the competition (BS 10012 certification sets you apart from mere internal GDPR ‘compliance statements’).

You can confidently state that you have credible 3^rd party assurance that you are meeting your data protection obligations under GDPR – through certification to BS 10012 with a recognised certification body such as ISOQAR, BSI, LRQA, SGS etc.

If you would like more help understanding BS 10012 and GDPR, contact us today!

Will ISO 27001 make me GDPR compliant?

ISO27001 v BS 10012

On its own No – this is a myth.

Information security is just one of Six principles of BS10012 and GDPR

“f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”

Whilst a very important principle, if you rely on just having ISO 27001 for GDPR compliance you run the risk of not being in full alignment with all the principles (and related articles and recitals).

Who needs to be involved in BS 10012?

Do all my staff need to be involved in BS 10012

Successful implementation is a team effort.

It starts with the top – Senior Management need to be fully onboard and committed to achieving data protection best practice. If this is secured, then everything else will flow from there.

In order to effectively identify all the personal data within your organisation you need to involve all areas of the business.

All too often businesses are concerned with just the data they may process for their clients – normally because they’re being questioned about data protection by their clients!

Or on the flip side, businesses are overly concerned with staff or finance data – excluding all the other client related personal data they may be controlling in the business.

With BS10012 – all personal data is captured and recorded to ensure that all risks are considered.

This extends out to key suppliers or partners depending on whether personal data is shared/ transferred outside of the business.

If you would like more help understanding these certifications – then contact Blackmores today!

How to go about implementing BS 10012?

At Blackmores, we are ISO consultants who can help with any standard including implementing BS 10012 for your organisation.

The best way to go about gaining any ISO standard is to work with a consultant. We have a proven technique and procedures to work with any organisation. When you choose to partner with Blackmores, you also gain access to our online training portal with various training resources for you and your team.

Implementing BS 10012

The first step to Implementing BS 10012 would be to carry out a Gap Analysis to identify where the gaps are in your Personal Information Management. Evaluate the results and formulate a plan to put the correct policies and procedures in place to be compliant. This evaluation will also highlight any potential existing risks with your personal information management, which can then be addressed as you create your management system.

Unless you are familiar with BS 10012 requirements, we suggest seeking out guidance or support with the process of establishing a management system. Blackmores also offer assistance with BS 10012, so feel free to Contact Us for more information.

What is BS 10012?

Any organisation that processes personal information should ensure that it protects the privacy of the people it affects. BS 10012 provides a framework for maintaining and improving compliance with data protection requirements and good practice.

This webinar washeld on the 16th March at 12pm-12:45pm. This webinar will covers the following:-

What is BS10012:2017?
What’s the difference between BS10012 and GDPR?
How will BS10012 add value to my business?
What is the best approach to implementing BS10012?
Who needs to be involved?
Is BS10012 certification recognised?
How Blackmores can help you to achieve BS10012 certification

If you would like to learn more about what Blackmores has to offer – contact us today!

ISO Consultancy Service

Work with our ISO Consultants
Let Our isologists guide you through your certification.

Online Membership

DIY with our isologyhub
Our ISO consultants can still be on hand for support where needed.

Beyond certification, we take great pride in delivering ISO consultancy and support solutions. These solutions help our clients improve their productivity and profitability in a risk-controlled way.

We are your dedicated ISO consultants for all compliance matters from internal audits to updating Health, Safety and Environmental Legal compliance.

No matter what ISO certification you are hoping to achieve, we have a specialist ISO consultant ready to work with you and your organisation. Contact our team today to get started.

About Blackmores ISO Consultants

Our 7 Steps to Success

The Blackmores ISO Roadmap is a proven path to go from idea to launching your ISO Management System.

Whether you choose to work with one of our ISO Consultants, our isologists®, or work your own way through the process on our isology Hub, we’re certain you’ll achieve certification in no time!

We have a proven step by step process that our ISO Consultants implement as soon as our working relationship begins. We use our specialist skills and industry knowledge to determine what is already on track and where improvements can be made. We live and breathe ISO standards, we know the standards inside out so you don’t have to.

Our ISO Consultants can help you implement systems for any ISO Standard. See the full list for specialised standards here.

LEARN MORE

What our clients have to say

We engaged Blackmores to develop our ISO 9001, 14001, and 45001 management system from scratch. Throughout the creation and development stages of our ISO journey, Anju Punetha demonstrated remarkable patience, knowledge, and understanding as our dedicated consultant.

During our internal audit preparations, Ian Battersby’s meticulous attention to detail and thorough approach ensured we were well-prepared for our external audit, which we passed with flying colours. His guidance during the external audit was invaluable.

Based on our engagement and experience, I highly recommend the entire Blackmores team. If you’re considering pursuing ISO accreditations, Blackmores should be your first choice.

Graeme Adam

The support and advise I get from our assigned auditors is immense. Forward planning for the following year is great and they are flexible and always willing to help.

Kalil Vandi

“Blackmores have assisted us almost since the start of our adoption of the ISO 9001 quality standard. Their input has improved our processes since the start, and enabled our goal of continuous improvement to be achieved. The people are also extremely easy to get on with, and they really understand our business, giving us a great deal of confidence in their advice.”

David Gibson

Photon Lines Ltd

“Blackmores are the perfect bridge between working on your ISO as an individual or company, to being audited each year. We find that any queries we have are covered and we feel sure that we have everything as needs be before going into an external audit.”

Mandy Welsby

Jaama Ltd

“We have been extremely impressed with the service and support provided by Blackmores. There knowledge and assistance through out our ISO journey has been amazing!”

Philip Hannabuss

Dome Consulting

“Blackmores have really kept us on our toes with the broad scope and level of detail they apply to our internal audit schedule. They always stay abreast of ISO standard changes and help us to adapt our processes and documents to embrace these changes accordingly. Having Blackmores shadow our external audits provides invaluable confidence and peace of mind – would highly recommend their services!”

Phil Geens

Kingsley Napley

“Our ISO 27001 certification project has gone so well, that there was no doubt in who we were going to ask to help us with our aspirations of becoming ISO 14001 certified. It’s been an absolute pleasure working with Blackmores, and we are really looking forward to working with them for the foreseeable future.”

dotdigital

Trusted by leading organisations across all sectors, we support companies of all sizes in any location.

Are you ready to start your ISO journey?

Listen to our Podcast

Welcome to the ISO Show podcast, dispelling myths and sharing tips for success to improve your business with ISO Standards. Join us to hear interviews with successful business leaders as they share their ISO journey with you.

Get top tips via audio master classes “ISO Steps to Success” on the most popular ISO Standards.

214 An introduction to the voluntary carbon market

213 Driving ISO implementation - meet the consultant Sarah Ball

212 Driving ISO Implementation - Meet the consultant Darren Morrow

211 The Power of Communicating your management system

Ready to go carbon neutral... And achieve ISO Standards?

Welcome to Carbonology®

The proven method for achieving your carbon goals, aligned with ISO 14064 (carbon verification) and PAS 2060 (carbon neutrality)

Blackmores ISO Consultancy Service: The creators of isology®

What Does an ISO Consultant Do? – Our Process

Initial Consultation and Assessment

Creating a Plan

Provide Training Materials

Implementation of Changes

Internal Audits and Documentation

Certification Audit and Ongoing Support

Why Use an ISO Consultant?

Who Do ISO Consultants Work With?

Work with Blackmores

What is ESG for Business?

Get Started with ESG for Business with ISO Certifications

Why ESG is Important for Businesses?

Modern Trends in ESG for Business

How to Become an ESG Leader in Your Industry

2025 ISO and Quality Standard Updates

Net Zero-Focused Standard

Minor Changes for 2025

ISO and Quality Standard Updates from 2024

Working With Our ISO Consultants

Key Features of ISO 22301 Business Continuity Management

Why Should My Business Invest in ISO 22301?

Working with an ISO 22301 Consultant

Investing in ISO 22301 Consultancy with Blackmores

About Our isologyhub

What You Can Expect from Our ISO Training Material

The Importance of Good ISO Training Material

ISO Training Material from Blackmores

What is an ISO 27001 Transition?

Analysis of an ISO 27001 Transition

New Controls Added to ISO 27001:2022

Working with Blackmores for your ISO 27001 Transition

What is the Artificial Intelligence Management Standard?

Why Should My Business Get Certified in Artificial Intelligence Standards?

Working With An ISO 42001 Consultant

Who Should Be Investing in Gaining an ISO Artificial Intelligence Standard?

What is ISO 27001

ISO 27001 Implementation with Blackmores

Working with an ISO 27001 Consultant

Contact Blackmores

Environmental Certifications and Standards for Businesses

Working With an Environmental Consultant

Advantages of investing in ISO 9001 Consultancy

What is an ISO 9001 Certification?

Key Elements ISO 9001

ISO 9001 Consultancy from Blackmores

What are the benefits of ISO certifications for your business?

What is an ISO Certification?

Top 5 Benefits of ISO Certifications for Your Business

How can Blackmores Help you Achieve your Certification?

Work With an ISO Consultant Today

What is an ISO consultant? And why should you be working with one?

What Does an ISO Consultant Do?

Blackmores ISO Consultants

ISO Standards Explained

Work With an ISO Consultant

Our Isologyhub

How Our Isologyhub Can Help Your Business

Why Invest in ISO Training Online?

What Certifications Does Our ISO Training Online Cover

Join Our Isologyhub Today

What’s the difference between BS 10012 and GDPR?

Can I implement BS 10012 instead of GDPR

The Basics of BS 10012

Alignment with BS 10012

I already have an ISO certification, can I integrate BS 10012?

Who needs to be involved in BS 10012?

Can I implement BS 10012 instead of GDPR

How much work is involved in implementing BS10012

Can I implement BS 10012 instead of GDPR

How will BS 10012 add value to my business?

Will ISO 27001 make me GDPR compliant?

Who needs to be involved in BS 10012?

How to go about implementing BS 10012?

Implementing BS 10012

What is BS 10012?

Work with our ISO Consultants Let Our isologists guide you through your certification.

DIY with our isologyhub Our ISO consultants can still be on hand for support where needed.

About Blackmores ISO Consultants

Work with our ISO Consultants
Let Our isologists guide you through your certification.

DIY with our isologyhub
Our ISO consultants can still be on hand for support where needed.