The creators of isology®

Today’s guest is Alex Street, from EMCOR UK a world leading Facilities Management Company. EMCOR are the epitome of high standards, in fact EMCOR are certified to 8, yes 8 ISO Standards, which is pretty impressive.  Though we are just going to focus on one in particular that is extremely topical at the moment – Business Continuity.  Mel first met Alex when EMCOR engaged in our services to implement the Information Security standard and also ISO 22301 the business continuity standard 4 years ago.  The company has gone from strength to strength over the years, so Alex is joining us today to discuss ISO 22301 and how the system is helping them to not just survive, but thrive during these difficult times.

Some highlights:

• EMCOR adopted the early BS 25999 and later migrated to ISO 22301 after drive from customers as well as natural progression to the updated version

• Recognized the benefits of having a robust Business Continuity Management system in place

• Went through the process of a Gap Analysis and Business Impact Analysis to identify where the system needed to be addressed and built on. This led to the review of objectives and business continuity plans in accordance with 22301’s more detailed requirements.

• A key focus should be training and awareness for all staff once plans have been agreed – so that everyone knows what their role is in any given situation.

• Keep up with testing and auditing of the Business Continuity plans to ensure they run smoothly and are still applicable in execution

• EMCOR had been monitoring the COVID-19 situation as early as December and since February 2020 – had been having meetings with Executive teams (Gold and Silver) to discuss next steps. Thanks to ISO 22301, they’d already had tested processes in place for moving towards remote working.

• A consistent approach to all areas of Operation is key – from ground level to executive

• Communication and collaboration with supply chain and customers – ask them if you could be doing anything more to help

• Support your own supply chain – Taking the current situation into account, everyone is in the same boat so help where you can

• It can take a live incident to fully test a Business Continuity plan – take lessons learned from live events forward. Actively work to continually improve your system.

• Alex’s helpful tip: ‘Don’t get caught out’ – The standard is there to help but you need to put the work and effort in to make it work for you. ‘The benefits far outweigh the risks of not having an effective Business continuity management system in place’

Further resources:

To Learn more about EMCOR, visit their website HERE

Free standards available from BSI HERE

Need assistance with ISO 22301? We’d be happy to help

We also have an Introduction to ISO 22301 E-learning course available HERE. Use discount code: ISO2230110 for 10% until the end of July 2020.

We’d love to hear your views and comments about the ISO Show, here’s how:

• Share the ISO Show on twitter or Linkedin
• Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.

Subscribe to keep up-to-date with our latest episodes:

Stitcher | Spotify | YouTube |iTunes | Soundcloud

Although it is good news that we are returning to work – Are you confident that you’ve fulifilled your duty of care as an employer?  As an employee are you confident that your company is managing your return to work safely?

Over the coming months its important that we know the health status of our workforce in realtime.  However, that is easier said than done, or is it?

One of our clients for many years, Riskex have been in the health and safety software space for many years, and are now offering free of charge their COVID-19 Health Assessment. 

ISO Show takeaways:-

• How Riskex has grown from success to success
• How ‘Fit 2 work’ only takes 5 minutes to set up for your company, ad only takes 30 seconds for an employee to complete.
• How does ‘Fit 2 work’ keep you informed and manage your workforce safely.
• Benefits of tracking your employees Health and safety in relation to COVID-19
• How can businesses me more resilient and achieve compliance
• Potential COVID-19 mitigation cases against employees and how to prevent legal claims.
• How Assessnet fits with ISO Standards – a simple method for supporting compliance.
• How to get FREE access to ‘Fit 2 work’

You can learn more about Riskex’s Fit 2 work tool HERE

To learn more about Riskex and their full range of services, visit their website.

We’d love to hear your views and comments about the ISO Show, here’s how:

• Share the ISO Show on twitter or Linkedin
• Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.

Subscribe to keep up-to-date with our latest episodes:

Stitcher | Spotify | YouTube |iTunes | Soundcloud

Join Rachel Churchman, Managing Consultant this week as she explains a the key changes to ISO 22301 :2019. Here are the show highlights:

October 2019, the ISO 22301 Standard was updated (previously ISO 22301:2012 with minor amends in 2014).

• On the whole that standard is more streamlined and a lot of repetition has been removed from the standard.  In addition, it aligns far more closely with other standards.

• Structure has remained the same although it has now been better aligned with Annex SL (previously some minor deviations).

• Now takes a broader approach from strategy-based to solution-based – The ISO 22301:2019 standard requires organisations to not only develop high-level strategies to ensure business continuity, but also to define solutions to handle specific risks and impacts relevant to continuity.

• This is the most significant change for top management because the identification of required resources is now related to solutions, not strategies. Defining resources in terms of strategies is not as precise as when you define them in terms of the solutions, which greatly affects the budget planning for the BCMS.
• Managing changes to the BCMS – is now a mandatory clause (previously just implied throughout the Standard).   This  new requirement of ISO 22301:2019 requires organizations to make changes in the BCMS in a planned manner, which can be achieved by considering:
  • the purpose of the change and its consequences
  • how the integrity of the Business Continuity Management System is impacted by the change
  • the resources available to perform the change
• the definition or change of responsibilities and authoritiesIt should be noted that in a number of areas the new standard is significantly less detailed and prescriptive than its predecessor – (i.e. Context and Scope clauses are now in alignment with other ISO standards where previously these clause were very prescriptive for ISO 22301).

• Clause 6.1.2 now makes it clear that the risks (and opportunities) that need to be addressed relate to the effectiveness of the BCMS, as opposed to the risks of disruption, which are addressed by Clause 8.2.3. The same relationship is intended in other standards (such as ISO 27001).
• The requirements for conducting the business impact analysis (BIA) are now clearer. The relationship between unacceptable impact, maximum tolerable period of disruption and prioritized timeframes for activity resumption is defined as well as using the BIA to identify ‘prioritized activities’. It should be noted that there is no specific requirement with the 2019 version to document the BIA process.
• Evaluation of BC documentation and capabilities specifically requires the suitability, adequacy and effectiveness of BIAs and risk assessments to be evaluated. This was previously only an implicit requirement in the name of effectiveness, but points to the key role played by BIAs and risk assessments (so having them documented is a good thing).

• The concept of minimum activity levels has shifted from the need to identify minimum levels of products and services to minimum acceptable levels of activity, the linking of which is implicit, to the minimum acceptable capacity of resumed activities.

• One of the criticisms from users of ISO 22301:2012 was the lack of a detailed requirement around the need for an organization to manage its supply chain’s own business continuity capabilities. There is now a requirement to ensure that outsourced processes and the supply chain are controlled.

• From an exercise and test perspective that is now direct reference to validating continuity strategies and solutions (rather than simply BC arrangements)

If your organization’s currently certified to ISO 22301:2012 we anticipate you will have three years to transition to ISO 22301:2019 and after 30 October 2022 certificate for ISO 22301:2012 will no longer be valid*.

BSI are noting that they  will continue to deliver audits against ISO 22301:2012 until 30 April 2021 to allow you time to get your system updated and aligned to ISO 22301:2019.

Further resources:

Free standards available from BSI HERE

Need assistance with ISO 22301? We’d be happy to help

We also have an Introduction to ISO 22301 E-learning course available HERE. Use discount code: ISO2230110 for 10% until the end of July 2020.

We’d love to hear your views and comments about the ISO Show, here’s how:

• Share the ISO Show on twitter or Linkedin
• Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.

Subscribe to keep up-to-date with our latest episodes:

Stitcher | Spotify | YouTube |iTunes | Soundcloud

Continuing the ISO 22301 Steps to Success series, we look at how you can engage your staff while implementing and testing the Business Continuity Management System (BCMS). It’s important to review the effectiveness of the whole BCMS to ensure it’s going to deliver the resilience we require as a business.  This is achieved through internal audit of the management system.

There is far greater focus on communication and awareness within both internal and external audits for this standard.  You are creating a system that we hope we never have to invoke, and the effectiveness of the response relies on staff understanding their role and the procedures to follow when the worst happens.  Therefore, undertaking more in-depth awareness interviews during the internal audits will provide far more value and reassurance that the required awareness is in place.

As with any standard, there is also the requirement to take corrective action for any issues raised.

Lastly, you need to undertake the holistic review of the BCMS.  This is achieved through the Management Review Process that reviews all the key inputs and interactions into the management system and analyses effectiveness and any potential need for change.  It also reviews objectives and progress made, results of internal audits, supplier performance etc.  Very similar to other ISO management Systems standards.

Join us next week as we discuss the changes made to ISO 22301:2018.

Need assistance with ISO 22301? We’d be happy to help

We also have an Introduction to ISO 22301 E-learning course available HERE. Use discount code: ISO2230110 for 10% until the end of July 2020.

We’d love to hear your views and comments about the ISO Show, here’s how:

• Share the ISO Show on twitter or Linkedin
• Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.

Subscribe to keep up-to-date with our latest episodes:

Stitcher | Spotify | YouTube |iTunes | Soundcloud

As anyone who has experience of business continuity – i.e. the current Covid-19 pandemic – will understand is that effective communication is absolutely vital to ensure an effective response.

Planning for how you will communicate, who will communicate, when you will communicate and pre-drafted message for reasonably foreseeable events can make or break an effective BCP response. 

Awareness of the BCP and the part they play within the plan is critical for your staff.  Therefore, there’s a requirement to undertake awareness training for staff -both those that have a role to play, and those that are simply required to follow orders given.

And we mustn’t forget the additional training that may be required for ‘deputies’ within a response plan. 

People can react differently to that expected in an emergency situation, so it’s vital that staff are aware of how they will be made aware of a BCP event, and what role they play within in.  If they have a role to play, they need to have additional training on the specific response plan so that it’s followed should it ever be invoked. 

Part of this awareness training and reinforcement can be supported by ‘exercising’ and ‘testing’ the plan as a team.  This is an effective way of walking through the theoretical, taking the time to consider various scenarios and making informed decisions within a calm environment.  This can prevent knee-jerk or incorrect decisions being made during the time of an actual response.  Exercising and testing can and should also involve any key interested parties outside of the organisation in order to stress-test their ability to support the business in times of crisis.  Any lessons learnt from exercises, tests or actual BCP events should always be followed up from a lessons learnt point of view to ensure that response plans are updated in line with any changes or issues not previously considered – and then they need to be re-communicated in the business.

Join us next week as we discuss how to engage staff with your BCP effectively.

Need assistance with ISO 22301? We’d be happy to help

We also have an Introduction to ISO 22301 E-learning course available HERE. Use discount code: ISO2230110 for 10% until the end of July 2020.

We’d love to hear your views and comments about the ISO Show, here’s how:

• Share the ISO Show on twitter or Linkedin
• Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.

Subscribe to keep up-to-date with our latest episodes:

Stitcher | Spotify | YouTube |iTunes | Soundcloud

What is Business Continuity Management and what are the benefits of ISO 22301?

Whist many businesses have adapted to remote working, in some industries such as manufacturing or construction they now looking at ways to try to return to some type of ‘business as usual’.

One standard that is completely focused on resuming operations to get back to ‘business as usual, is ISO 22301, the Business Continuity Standard. This standard is very much about minimising damage to a business and planning for business recovery as swiftly as possible.

So, what is Business Continuity Management?

Business Continuity Management involves the recovery or continuation of business activities in the event of any business disruption.  COVID-19 is a prime example of a situation that is pretty much affecting all businesses globally. 

By having a holistic Business Continuity Management System (BCMS) in place will not only help your organisation recover from disasters, it will also prevent the reputational damage that can arise from any operational outages, missed deadlines, upset customers, or direct financial loss.

ISO 22301 provides a comprehensive set of controls based on Business Continuity ‘Best practice’ from across the world.

The BCMS should also include Risk Assessment (RA) and Business Impact Analysis (BIA), which are an inherent part of ISO 22301 and an essential component to identifying prioritised activities, dependences and resources supporting their key products and services, as well as what the impact of their failure would be on the organisation.

What are the benefits of ISO 22301? 

Protection and recovery of business critical functions and processes

• Identification and understanding of the most valuable and critical business processes and the impact of disruption.
• Timely and orderly responses to incidents and business disruptions to continue business operations at an acceptable pre-defined level as promises in contract or agreement
• Demonstrate credible responses through scenario-base exercising
• Increase the survival chance of both the organisation and employees jobs and other dependents.
• Increased levels of resilience and recovery capability, and the continued survival of the organisation

Financial

• Improved risk profile when renewing your insurance policy, resulting in reduced insurance premiums.
• Significantly reduced financial impact of incidents, disruption or even under disaster.
• Provides evidence to support financial claims.

Reputational

• Advantage gained over less resilient competitors.
• Reputation maintained, or even improved, through demonstrating a professional approach to managing disruption.
• Positive message communicated to the media and stakeholders in crisis conditions.

Demonstrates leadership commitment to resilience

• Demonstrate management commitment in overall risk management with visible evidence to stakeholders.
• Encourages clear communications on what employees need to do to recover from an incident and supports cross-department and cross-organisation coordination.
• Compliance with the expectations of regulators, insurers, business partners and other key stakeholders.

What are the options when it comes to improving business resilience during COVID-19 and other business disruptors your company may face?

1. Buy a copy of ISO 22301:2019 and review your business against the requirements and develop a business continuity system accordingly.
2. Partner with a Business Continuity specialist such as Blackmores and work in collaboration with your partner to complete a Gap Analysis, Risk Assessment, Business Impact Analysis, Business Continuity Documentation and possibly a compliance audit.
3. Partner with a training provider to bring more knowledge on the subject in-house – this could be eLearning, BCP workshops or certification body auditor training.
4. If you are serious about demonstrating how resilient you are as an organisation, consider certification to ISO 22301 with a UKAS Accredited certification body.

Further resources:

Further information on ISO 22301

Further information on ISO 22313

For a copy of our example BIA, simply contact us: enquiries@blackmoresuk.com

We’d love to hear your views and comments about the ISO Show, here’s how:

• Share the ISO Show on twitter or Linkedin
• Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.

Subscribe to keep up-to-date with our latest episodes:

Stitcher | Spotify | YouTube |iTunes | Soundcloud

I think it’s important to acknowledge the reality that we all face right now whilst in the midst of a global pandemic, both as individuals, families and businesses.  Sadly, there is very little that we can control about the situation, other than staying at home and follow the governments guidelines to reduce the disease spreading and deaths increasing.

However, what we can control if how we respond to our situation, and to try and embrace this period of isolation as an opportunity, because we have to quit literally stop our normal way of working and living.  So, this enables us to objectively reassess what is working in our business and what isn’t.

Which brings me onto the topic for today – Making remote working work.

So how do you make remote working work for you? Well it partly comes down to the tech, but if you’ve got the confidence in yourself and ability to communicate, its actually really easy.

So how did we go about it? Well, we sent out a communication to all clients that all our services were to be delivered remotely.  We then provided training for the Team and created one of our internal WOW’s which is Way of Working, we put it to the test, each employee had to test Microsoft Teams and off we went, rocking and rolling out remote way of working.

We then published a ‘Remote Working Guide’ for our clients, so they knew exactly what to expect.

What to expect

 we utilise Microsoft Teams which is available to everyone at the click of a link. As long as you have a Wi-Fi connection, then work can be carried out remotely which is the same as if we were together in a physical environment.

We are able to deliver ALL of our services remotely including the implementation of systems compliant to ISO Standards and ISO Support Plan services. This includes, but is not limited to:- –

• Internal audits
• Certification body support i.e. Annual Surveillance, re-certification and assessments
• Updating your policies and procedures
• Facilitation of Workshops i.e. H & S, Environmental, Information Security and Business Continuity
• Training and awareness sessions;
• Gap Analysis
• Facilitating/chairing Management Review Meetings/information
• Reviewing and updating legal registers

The only possible limitations for remote working include –

• Certain risk based ‘site’ audits where we have to observe the physical work environment and assets.

However, whilst there are a few limitations, Blackmores is able to offer alternative methods to continue work –

• ‘Model Checklists’ for physical security or environmental or health and safety walk rounds can be supplied for you to undertake, with photographs taken. Alter-natively, a remote audit could be undertaken using a mobile phone so that the camera can be used to record the ‘walk’.
• If you have a camera available you can video the aspects we need to observe i.e. Fire exits, storage of chemicals. This can either be via a live stream or recording on a device i.e. mobile phone, webcam.

The benefits of remote working

• Productive method of working – well organised agenda.
• Reduces your company environmental footprint.
• Reduces our environmental footprint.
• Allows several people to attend the remote audit/workshop/meeting to reduce travel time and avoids accommodating additional people to reduce meeting space.
• You can work from the comfort of your own location i.e. office/remote/home at a time to suit you.
• Enables you to carry on with other work/activities when we are not directly on-line i.e. report writing/lunch break/updating documents.
• The sessions can be recorded if required and used for future reference i.e. Training employees.
• Reduced paperwork – all evidence is shown online.

For a free copy of our Remote Working Guide, simply contact us at enquiries@blackmoresuk.com

We’d love to hear your views and comments about the ISO Show, here’s how:

• Share the ISO Show on twitter or Linkedin
• Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.

Subscribe to keep up-to-date with our latest episodes:

Stitcher | Spotify | YouTube |iTunes | Soundcloud

When I first launched the ISO Show in 2019 to dispel myths and share tips on ISO Standards, my plan was to make the podcasts evergreen – so they could be timeless in theory and listened to at any point in time.  However, I’m recording this in March 2020, just over a year since we launched the ISO Show and sadly a pandemic – the coronavirus has broken out globally, with over 110,000 reported cases across 95 countries.  So I thought it would be helpful to share with you some guidance to try and minimise business disruption caused by the Coronavirus through Business Continuity Planning (known as BCP).

How does this relate to ISO Standards? Well there is an ISO Standard for Business Continuity Standard ISO 22301 (formerly a British Standard BS 25999).   However, our ISO Show this week is not about ISO 22301, but How to create a Pandemic (Coronavirus) BCP. In fact, we provide you with a Pandemic Coronavirus Business Continuity Plan template for FREE.

As a founder and owner of Blackmores, a consultancy which implement ISO 22301 I felt we had a duty to share guidance on COVID-19 business resilience .  So, I’d like to thank Rachel Churchman, one of our Business Continuity Consultants for sharing with us a Pandemic Business Continuity Plan.

Many businesses have BCP’s, and these are typically scenario based – identifying scenarios that jeopardise the ability for you to run your business in the usual way.  In BCP terms this is called (BAU). i.e. loss of power, loss of staff members, inability to access your building – so something that would have an impact of the continuity of the services or product that you deliver.

The next step is to carry out a BIA (Business Impact Analysis) to determine the impact in an event from a financial, operational or reputational perspective.  This then enables you to create a BCP for a particular scenario – which is what I’m sharing on the ISO Show.  To request the FREE PANDEMIC (COVID-19) BUSINESS CONTINUITY PLAN, simply contact us at www.blackmoresuk.com.

The Pandemic BCP also includes useful sources of reference material, and guidance on Preventative measures, awareness and responsibilities. We’ve included a ‘Guidance on hand hygiene and use of Face Masks’ as an example of this. Feel free to add any other guides that would be helpful for your business.

The BCP helps to minimise the potential impact on your company and helps define the information employees will find helpful. This will be different in all companies but in the sample provided we cover:

• Summary
• Background
• Introduction
• Aim
• Reference Material
• Objectives
• Potential Impact
• Roles and Responsibilities

For supporting information check out:-

FREE copy an example Pandemic Business Continuity Plan – just contact us at enquiries@blackmoresuk.com

Want to learn more about ISO 22301? Take a look at our Steps to Success.

We’d love to hear your views and comments about the ISO Show, here’s how:

• Share the ISO Show on twitter or Linkedin
• Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.

Subscribe to keep up-to-date with our latest episodes:

Stitcher | Spotify | YouTube |iTunes | Soundcloud