Blackmores ISO Consultancy Service: The creators of isology®

isology® is a world-leading proven step by step roadmap. Work with our ISO consultants to achieve your certification.

Our ISO consultants have worked with over 600 organisations with a 100% success rate. We take you from the planning and creation of your bespoke ISO System though to certification with our 7 step ISO Consultancy process.

A question that we get every single time somebody asks about an ISO standard is ‘how long does it take to implement an ISO’, or ‘how long does it take to get certified to an ISO’?

In this episode, you’re going to find out what you need to take into consideration when it comes to timescales for implementing and getting certified to an ISO standard. ISO 14001 (the environmental standard) will be used as an example, but don’t worry -this can be applied to most other ISO standards.

So, are you looking to help your business? Create a system for success? To be kind to the planet, and improve your company’s brand reputation? Then we’re going to be talking about realistic timescales for making this happen.

If you’re ready to implement an Environmental Management System (EMS) to help reduce your company’s damage to the climate, then you’re in the right place!

First and foremost, make sure you download our FREE ISO standards blueprint here. This helps you to plan, create and launch your EMS, ready for getting certified.

Now, let’s dive into finding out about timescales for your ISO project!

What you’ll learn:

  • Timescales for your ISO project
  • The different variables involved with an ISO project
  • Scope of your certification
  • The assessment processes

The short and sweet answer is that most businesses take between 6 to 12 months to get certified. But it depends on the size of your organisation and the complexity of it.

Let’s get to know the different variables involved with this project because there is actually a way that you can implement any EMS in a much quicker timescale (we have had companies that have achieved this in less than three months!). And in fact, you can achieve this also by going to www.isologyhub.com (our new online portal), where you can go at your own pace.

The main thing is to have a clear plan, which is well organised and disciplined. It’s worthwhile optimising both your internal and external resources. That would include your environmental champions, or your ISO coach (if you have one) if you’re looking at using the isology hub as well because that could have a detrimental impact on the timescales allowed. So, if you’re wondering what you should be doing, then it’s definitely worthwhile either getting help from someone that does know what they’re doing or finding other people within the business who have a bit more knowledge about environmental management and ISO 14001.

Now for larger organisations, it can take longer. You may take up to 12 months or even longer than that. What you need to do is consider breaking the project down into incremental phases. So, let’s say you had 10 locations across the globe. You may decide to break that down into incremental phases so that you get certain locations certified in year one, and then you can have other locations included in the scope of certification in years two and three. So, don’t think that you have to implement an EMS and get certified across all locations and services. You can go at your own pace. But ultimately, the scope would be for whatever you have set in your objectives for achieving implementation. What we do find is that some businesses implement an EMS across the entire organisation, but they might just get certified for a part of that business (this covered in a previous episode, where we look at assessments and getting quotes for certification as well!).

Remember you can extend your scope of certification at any time. It can be revisited at the annual surveillance visits that you get. Ultimately you want to build your ambitions, your objectives, and your targets for environmental management and achieving certification into your sustainability roadmap.

Now, it was mentioned earlier that you could fast-track creating an EMS, but you do need to establish a time to gather evidence and make sure that the system is working and is effective. So, when you’re planning your launch just make sure that you’re effectively targeting all key stakeholders (all stakeholders must be aware of this). And the general rule of thumb is to allow three months past the launch to make sure that your system is fully established because when it comes to certification, your certification body will expect to see some evidence and records. So, let’s say, within your EMS you say that you have provided training for employees. You need to be able to show the evidence of that on the records and that doesn’t happen overnight (obviously). So, with monitoring and measuring information on your environmental footprint, you need to allow time to do that. Ultimately what you’re doing is proving that you ‘walk the walk’, and you will allow plenty of time to demonstrate that you’re serious about reducing your company’s environmental footprint.

Finally, one of the things that a lot of businesses don’t really take into consideration is the time allowed for the assessment.  Make sure that you have briefed your employees ahead of the dates of an assessment. Essentially, ensure you consider the timescales for your stage one and stage two assessments.

Let’s find out what’s involved in the assessment process…

Typically stage one is completed first, and then stage two could be within a few weeks or up to a couple of months after. You need to manage timescales so you can go through stage two relatively quickly. You just need to allow a few days in case there are any findings and if you need to implement any corrective action! Once you’ve completed the assessment, you’re not actually formally certified as an organisation. There’s a due diligence process that takes place behind the scenes with the certification body, and it can even take several weeks before you actually get a copy of the certificate. Try and factor that into your overall planning, if you’re looking at having a communications plan for celebrating your success, that’s why six months is typically a good timescale.

A final factor to bear in mind is that if you’ve already got a management system in place, you could potentially fast-track the integration of ISO 14001 if you’re developing an integrated management system.

Now, hopefully, that’s been helpful to you for implementing an EMS and getting certified to ISO 14001.

Remember the isology hub is now live, so feel free to join as a member to get access to all the support that you need on our online membership portal. It’s the one and only go-to place for all things ISO. We’ve got video tutorials, check sheets, quick wins, and we’ve even got a module on timescales as part of the Planning stage. We take you through all seven stages of isology, in the isology hub. There’s everything that you need in there to create, launch, and build your ISO system for success. So head over to www.isologyhub.com!

And finally, don’t forget your FREE ISO standards blueprint here, where we cover timescales and there’s even a planner within it on timescales which you can use to get your ISO management system kick-started.

We’d love to hear your views and comments about the ISO Show, here’s how:

  • Share the ISO Show on Twitter or Linkedin
  • Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.

Subscribe to keep up-to-date with our latest episodes:

Stitcher | Spotify | YouTube |iTunes | Soundcloud

The aim of this episode is to have a clear plan for your ISO System for Success – from choosing the ISO Standard, to branding and establishing a place where everyone can access the system – so that you can move onto creating your ISO System.

You’ll learn about:

  • Setting your expectations
  • Deciding which ISO standard(s) and scope
  • Getting leadership buy-in
  • Resourcing
  • Choosing a certification body
  • Creating a Project Plan
  • Deciding on branding of your ISO system
  • Establishing a ‘home’ for your system
  • Creating a Communications Plan
  • Identifying your current level of compliance
  1. Set your expectations
  2. Clarify why you want to achieve an ISO certification
  3. Identify what you’ve already got in place
  4. Decide on your goals for the set time
  5. Shortlist which ISO Standard (s) to implement
  6. Decide whether ISO Certification is the right choice
  • Decide which ISO Standard(s) and scope
  • Research your standards options
  • Identify what your stakeholders are seeking reassurance for
  • Brainstorm where your operational weaknesses are
  • Where do you need to raise standards within your business?
  • What would be beneficial from a Sales and Marketing perspective?
  • Establish the scope of your system
  • Decide what your scope of certification will be
  • Get leadership buy-in
  • Validate your ISO initiative
  • Present the benefits and ROI
  • Establish timescales and resources
  • Resourcing
  • Establish project sponsor
  • Establish a project lead
  • Establish your ISO Champions
  • Consider getting assistance i.e., at www.isologyhub.com
  • Choosing a Certification body
  • Get quotes from an accredited Certification body
  • Review the costs of certification over the 3 years your certificate is valid.
  • Check if the Certification body has experience in your sector for the standard you are interested in.
  • Create a Project Plan
  • Establish roles, responsibilities, accountabilities
  • Establish Project milestones
  • Decide on timescales for project milestones
  • Identify key dependencies
  • Decide on the branding of your ISO system
  • Decide how you want to position your system within the company
  • Choose a name for your system
  • Choose your system branding
  • Establish a ‘home’ for your system
  • Where will your system live?
  • Identify how employees will access the system
  • Decide if the system is to be integrated with other systems
  • Determine how you would like employees to get the most from the system
  • Create a Communications Plan
  • Establish what you are going to communicate, when, how, and with whom
  • Brainstorm ideas for your Launch
  • Start to consider the communication of your success once your company has achieved certification.
  1. Identify your current level of compliance
  2. Purchase a copy of the ISO Standard
  3. Review your company policies and procedures against the requirements of the standard
  4. Create an Action Plan with responsibilities and timelines for the completion of tasks.

Hopefully, that’s helped understand what’s involved at the planning stage of introducing an EMS.

If you would like any help implementing ISO 14001, then make sure to sign up to the isology hub waitlist! This is going to be a game-changer in the ISO standards field, which is why we won the support of the UK government through their sustainable innovation grant. All the resources that you need on ISO 14001 will be available on www.isologyhub.com. So, click on the link to join the waitlist to be notified of when you can get access to our online membership portal. It is the go-to place for all things ISO. We’ve got video tutorials, check sheets, quick wins, eLearning courses, and just about everything you need to create, launch and build your ISO system for success.

Don’t forget to download your FREE ISO standards blueprint hereto get your EMS kick started!

We’d love to hear your views and comments about the ISO Show, here’s how:

  • Share the ISO Show on Twitter or Linkedin
  • Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.

Subscribe to keep up-to-date with our latest episodes:

Stitcher | Spotify | YouTube |iTunes | Soundcloud

If you’re wondering where to begin with strengthening your environmental credentials, a great way to do this is to implement ISO 14001. This is a world-leading standard for businesses on environmental management.

In the last episode, I shared with you what an environmental Management System (EMS) is. So, if you haven’t heard that yet, I’d recommend that you have a quick listen before listening to this one because it’s essential listening, it provides an overview of what an EMS is.

Now, I’m going to just provide a high-level overview of ISO 14001. But if you’d like to get all the resources on implementing ISO 14001, then the isology hub membership is the place to go. It has everything that you need, including video tutorials, downloads, workbooks, check sheets, and also a stack of training classes as well to help you to create your very own bespoke ISO 14001 compliant EMS. We’re super excited to be launching this game-changer in ISO standards. So, if you don’t want to miss out, go over to the membership site, which is www.isologyhub.com to join the waitlist, and don’t forget to download our free ISO Standards Blueprint here, which provides you with all the information that you need on the key steps to plan, create, launch and get certified to an ISO standard.

Let’s dive into ISO 14001!

What you’ll learn:

  • The purpose of ISO 14001 and why it exists.
  • The structure of the standard (including the key clauses)
  • Key ISO 14001 principles
  • Key benefits of ISO 14001

Let’s start right back at the beginning…

What is ISO 14001? – Key purpose

  • This standard is a specification. It’s a document that you can purchase online, which provides a framework for actually building an EMS
  • An EMS is to provide a framework to help support any organisation to improve its overall environmental performance and provide a sound basis for sustainable development initiatives.​
  • It’s designed to embrace continual improvement, and enhance operational performance, which is similar to any other ISO standard. So, if you’ve already got an ISO standard in place, the chances are that you’re in a really good position to integrate the elements of ISO 14001 because there are quite a lot of similarities.

What is ISO 14001? – The structure

  • The first 3 clauses within the standard are actually auditable.
  • Clause 4 is all about understanding your organisation and its context.
  • Clause 5 is leadership commitment. This is all about leadership and commitment, roles, responsibilities and authorities.
  • Clause 6 is the planning stage, which is all about addressing actions to mitigate risks, and enhancing your opportunities as well.
  • Clause 7 is called support. This is actually around things like resources, both physical, processes, facilities, competence, and awareness.
  • Clause 8 is all about operations. So, these are your operational controls for reducing your environmental footprint, and also having controls in place for things like emergency preparedness, and how you respond to an environmental incident.
  • Clause 9 is performance evaluation. So, once you’ve got your operational controls in place, it’s really important that you evaluate the effectiveness of those controls.
  • Finally, clause 10 is the improvement clause that focuses on non-conformity, corrective action, and continual improvement​.

So, by just running through that briefly, you’ll probably be thinking, “oh yeah, well we’ve got that and yep we’ve got that too”…but it might just not cover environmental management. So, that’s where you need to make those tweaks and changes.

For those of you that aren’t familiar with ISO standards you might be thinking, “well that’s pretty comprehensive”. And yes, it is actually! It does provide you with a holistic framework for managing environmental performance.

Key principles of ISO 14001

Now, looking at the key principles then of ISO 14001…ultimately, it’s down to:

  • Protecting the environment by preventing or mitigating adverse environmental impacts​
  • Mitigating the potential adverse effect of environmental conditions on the organization​
  • Assisting the organisation in the fulfilment of compliance obligations​
  • Enhancing environmental performance​
  • Controlling and/or influencing product and services design, manufacturing, distribution, consumption, and disposal, using a life cycle perspective​

So, those are the fundamental principles of ISO 14001. If you’re focusing on achieving certification to this standard, then you really need to focus on clauses 4 to 10 of the standard. These are the elements that are implemented within your business and they are the areas that the independent third-party body will be looking at when it comes to your stage one and stage two assessment.

There’s a lot more advice and information on that over at www.isologyhub.com, which provides a full list of the key and essential documents, what is desirable and provides examples of those using templates, guidance, and training.

So, to wrap up…

What are the benefits of ISO 14001?

  • Reduced costs due to less wastage​
  • Simplified and effective documentation​
  • Improved sales and marketing opportunities​
  • Improved communication and morale company-wide​
  • The acquisition of a symbol representing the internationally recognised environmental standard ISO 14001.​

If you’d like all the resources needed to implement ISO 14001 yourself or if you’d like to join one of our ISO 14001 six-month coaching programmes, we’ve got seven places available! So, head over to www.isologyhub.com to find out more, and don’t forget to download your FREE ISO Standards Blueprint here

I look forward to catching up with you on the next episode, where I’m going to be sharing with you how to plan your ISO 14001 implementation project!

We’d love to hear your views and comments about the ISO Show, here’s how:

  • Share the ISO Show on Twitter or Linkedin
  • Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.

Subscribe to keep up-to-date with our latest episodes:

Stitcher | Spotify | YouTube |iTunes | Soundcloud

 An exciting announcement about a game-changer in the world of ISO standards was made in the last episode….which was about the isology hub!

What you’ll learn:

  • What is the isology hub?
  • What is an EMS?
  • what is inside an EMS?
  • Which documents must you include?
  • Examples of Documented Information include
  • What can an EMS help with?

Let’s have a little reminder…

What is the isology hub?

It’s a Netflix version of unlimited ISO standards support, which includes videos, checklists, sample policies, templates, plus many other things such as eLearning courses! You’ll get access to binge-worthy content to help you raise your game and take your business to the next level.

So, what is it that makes the isology hub such a game-changer you ask?

Well, it’s a game-changer because it provides a DIY (do it yourself) solution to implementing an ISO standard. Our inaugural ISO Roadmap is for an Environmental Management System (EMS). So, in effect, it’s a roadmap for you to implement an ISO 14001 EMS.

Over the next few episodes, I’m going to be sharing with you some of the topics that we cover in the isology hub in terms of ISO 14001. We have an ISO 14001 roadmap, and we kick off by explaining what an EMS is, and we feature step by step, specific actions that you can take to make your business more sustainable and take it to the next level!

But before I kick off with explaining what an EMS is in this episode, I’d just like to announce that we have an awesome ebook guide for your ISO project.

And it’s free of charge!

It’s called the ISO Standards Blueprint simply go to isologyhub.com to download it for free. The great thing about it is that it’s a guide for any ISO standard. So that’s why the ISO Standards Blueprint is a blueprint for implementing any ISO standard.

Now, let’s dive into explaining what an EMS actually is…

What is an EMS?

  • An EMS is a blueprint for how you run your business sustainably and be kinder to the planet.
  • It provides a framework (a home) for your policies and procedures
  • Helps you to identify and reduce its impact on the environment.
  • A system to optimise your resources to be as efficient as possible
  • Leads to reduced operational costs, and therefore increase in bottom-line profitability.

So…what is actually inside an EMS?

  • Policies
  • Procedures
  • Documents
  • Records

Which documents must you include?

  • Where the standards say ‘SHALL’ you must obey….
  • Scope and boundaries of the EMS (4.3)
  • Environmental Policy (5.2)
  • Environmental Aspects and Impacts (6.1.2)
  • Compliance obligations (6.1.3)
  • Environmental Objectives (6.2)

And…

  • Documented information determined by your organisation as being necessary for the effectiveness of the Environmental management system.

Examples of Documented Information include:

  • Aspects and Impacts Register  – captures your environmental footprint
  • Roles and responsibilities – Who does what
  • Operational procedures – How things are done
  • Core ISO System procedures – document control, communication, Management Review, Internal audit – these all help you keep on top of the management of your business.
  • Environmental legal register
  • Risk Register
  • Environmental objectives/KPI’s
  • Environmental Policy
  • Metrics to monitor and measure  – what do you need to monitor and measure that will help shift the needle in the direction you want to go.
  • Meeting minutes
  • Samples / Supplier records

In Summary…What can an EMS help with?

  • Assign roles and responsibilities, and see exactly where there are bottlenecks,
  • Ensure value-adding monitoring, measurement, and analysis of data, that in turn will assist the business to make better-informed business decisions,
  • Identifies all the statutory and regulatory requirements – and helps keeps your business compliant and avoid reputational damage and fines.
  • Understand where corrective action needs to be taken, and how this can be potentially avoided in future

Hopefully, that’s given you a snapshot of what an EMS is!

We go into this in a lot more detail in the isology which is where you’ll find everything you need to implement an EMS and achieve certification to ISO 14001

So, don’t forget to download your FREE ISO Standards Blueprint over at isologyhub.com

We’d love to hear your views and comments about the ISO Show, here’s how:

  • Share the ISO Show on Twitter or Linkedin
  • Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.

Subscribe to keep up-to-date with our latest episodes:

Stitcher | Spotify | YouTube |iTunes | Soundcloud

Today’s podcast is unlike any other podcast we’ve recorded before. That’s because we’ve got a special announcement to make about a ground-breaking innovative game changer in the ISO Standards landscape – the isologyhub, which is due to be launched in May 2021.

What you’ll learn:

  • March 2020 – how the isology concept was born
  • Innovate UK competition
  • The isologyhub
  • Who is the isology hub not for?
  • B1G1
  • ISO Coach

Now, I’m recording this in April 2021, but I’d like to take you back to March 2020 to explain when and why my journey began with initiating this innovative online solution. I think it’s quite important to appreciate that this sort of innovation probably would have taken us three to four years to come up with. But COVID-19 has encouraged many organisations to think outside of the box, to think differently, and to look at sustainability in a very different way.

So, let’s go back to March 2020 and find out how the isology concept was born!

March 2020

In March 2020, the UK like many other countries across the globe were thrown into lockdown, and life was turned upside down, as we were hit with a global pandemic. Little did we know…that life as we know it was never going to be quite the same again!

Now, at the time, we felt that we had the curve. Partly because we’d already been using Teams to have meetings online and to do internal audits, mostly with some of our international clients at Blackmores.

Many of you know me as the Managing Director of Blackmores (as well as the podcaster on the ISO Show). Blackmores is my primary business and very dear to my heart. I’ve been running that business for 15 years and immediately I was concerned about the welfare of our employees and clients, and like many other businesses thinking “Okay, so how are we going to best get through this?!”. We went into our BCP mode (Business Continuity Planning mode) and we actually shared a lot of that information on the ISO Show!

We felt that we owed it to our listeners and our clients at Blackmores to share examples of pandemic business continuity plans. And at the time, it was really well received! In fact, we didn’t realise until we did that how much of a wide global reach of listeners we had. It was amazing! We had people contacting us from Papua New Guinea, Kula Lumpur and places all across the globe saying “thank you this is great!” or “this is really helpful” because at the time, businesses were looking for reassurance as well. So, we were more than happy to provide the support.

Not long after that…

it was just before the Easter weekend, so April last year. We had a quarter of our clients cancel within the span of 10 days! Straightaway we thought ‘okay, this is going to affect us’. We quickly realised that a lot of our clients are in manufacturing or in the events industry, and they simply could not operate!

So, we had to shift gear…and adapt!

We had to change the way assessments were undertaken and the way we deliver our consultancy services to do it all remotely. That’s when I realised that actually…there is an opportunity for certification bodies to do part of their assessments remotely. Obviously, for some types of assessments this wouldn’t be applicable. But in many cases, I could see that there was a significant opportunity for us to reduce our environmental footprint and work remotely!

At that time, we were already creating eLearning courses, and there was some work taking place internally within our team on developing a learner profile. So, taking an individual from a grassroot level, with no knowledge whatsoever about an ISO standard, right through to professional status. So, work was already underway. When we looked at the possibility of offering our services online and after the research we did, we realised that actually, it would be really good if we could provide an online solution that all of our ISO show listeners could also access!

That was when the initial concept was born for creating a state-of-the-art online, learning and support membership.

This was made for organisations looking to not only achieve ISO certification, but also for those businesses that are already certified to ISO standards, but their system just isn’t working for them. They might be stuck in a rut…they’re stuck in the trenches there because there may be certain issues like a lack of engagement, leadership, or even compliance. So, I came up with this concept of creating an online membership platform so that it was accessible to all regardless of the industry, the location, the time zone, and to be able to provide the equivalent of a Netflix version of ISO standards support!

I had heard from a funding body, within the government in the UK, about an Innovate UK competition. This competition was all about helping businesses to be innovative and provide sustainability solutions as well and to help businesses through COVID.

It was then that the penny dropped…

I thought well, actually, why not go for it! If we win it, we win it. If we don’t, then we don’t! So, I put together a business plan and got a lot of advice from a European enterprise network and put together a bid for this competition.

There were actually three rounds to it! Let’s find out how they went…

Innovate UK competition

So, round one…

I hadn’t done anything like this before and it had taken weeks to put together that bid. We found out about a month later…that we had failed! But only by a very slim margin, which was very frustrating. But this encouraged me, particularly as a result of the positive comments from the assessors, that assess the application, saying that there was quite a bit of mileage in this innovation.

Now onto the next round…

The deadline for the second round was only two days after we got the feedback from the first round. My advisor said “you know there isn’t much point in rushing this, you want to spend time to get this absolutely perfect, so that you can absolutely smash it at round three”. This was the final bite of the cherry…it was a last chance saloon. I thought well…if we get it, we get it, and this is going to be a game-changer. If we don’t, that’s it.

Fortunately…we won the competition; we won the funding!

There are five different assessors from all sorts of different industries that recognise this as being a game-changer in our field. They believe it could have a significant positive impact on the environment. Because our MVP (minimum viable product) is a part of this membership platform and is all about environmental management standards. So, we’ve been working hard over the last few months to bring together this MVP, and we’re due to launch it in May 2021. It’s going to be called the isology hub and it’s based on isology methodology…which is ultimately seven steps to implementing any ISO standard!

Now, I’m sure you’re wondering…who is isology for?

The isologyhub

This membership platform is for anybody who needs to achieve ISO certification. This might be because you need to win a tender, or you just want to raise standards within your business, or you may have stakeholders that are demanding that you provide some type of commitment in some area, whether it be sustainability or information security. It’s also for those people that have spent countless frustrating hours trying to understand how an ISO standard could actually be interpreted within their business. It’s also for those people who have an ISO management system…but it’s archaic. It was written in the dark ages! And it doesn’t bear any resemblance to how you operate as a business right now. In effect, it’s working against you. So, you need some type of solution to revamp it, give it a makeover, getting engagement and in making sure that it is a system that helps you to build success for the future of your business.

It’s also for those of you that would like to integrate other standards into your existing management system. So, you might be looking at cloud security standards, or carbon neutrality standards. So, it’s for those businesses that are already working hard to raise standards within their business, but they want to go the extra mile…they want to go above and beyond, and they need the systems, tools, templates, eLearning and guidance to help them to do that. It’s also for those individuals that would like to achieve qualifications in ISO standards to improve their knowledge and to support career development as well.

So, what we’re trying to avoid here is having any overly technical and expensive training courses. You can access it whenever you want, from wherever you want. It’s a place for organisations to learn how to achieve ISO standards, and also to get gameplans for raising their game. It’s packed with in depth, practical training and resources on all aspects of planning, creating and managing a successful ISO system.

Now, we have also created an ISO standards blueprint, which is a free download for you to get access to, if you come over to the isology hub website. All you need to do is Google www.isologyhub.com and you’ll be able to download your free ebook on how to plan, create and manage a successful ISO system ready to get you certified

And that applies to all ISO standards!

Now, I’m sure you must be thinking…what makes isology hub so different?

Well, this is a ground-breaking approach. It’s the quickest and easiest way to get ISO certification that gets results. But it’s not just about the accolade of getting certification through your certification body, but having that results driven, systemised way of managing your business, to give you that freedom and time so that you can grow your business.

It also gives access to expertise. Over the last 15 years, we have implemented ISO standards for hundreds of organisations across the 19 standards and over 25 different countries. So, you’re actually tapping into over 200 years of combined experience now (that’s not me personally obviously) that’s our team! It’s our team that’s helped put this together. All our intellectual property and all of the work that we’ve been doing over the years to support businesses in all industries is going to be put together in the isology hub. That’s where you can get access to that.

And, of course, walk the walk and talk the talk’…

We have done this time and time again. These are the proven concepts. Isology and the seven steps have been put to the test and it’s been successful…time after time!

And we are pretty straight talking!

We are very friendly, very approachable and we want that to come across with the membership platform. So, you’ll be able to listen to our tutorials and join us for our monthly live Q&A sessions if you’ve got any questions or if you’d like to discuss anything at all to do with ISO standards.

Ultimately, we live and breathe ISO standards…you get our full commitment, and you get that team behind you through the membership portal.

But I must say…the isologyhub isn’t for everybody!

Who is the isologyhub not for?

If you simply want to tick a few boxes and get the badge…this isn’t the right solution for you. If you want to go down the non-accredited certification body route…it’s not for you. And If you’re looking for ISO in a box so you don’t have to do any work at all…it’s not for you either. It’s also not for you if you’re expecting guaranteed results. That’s because it is down to you to put the effort in to actually make it happen. Although we’ve got 100% success rate in helping our clients get through certification because we’ve helped to do a lot of the work with them, the membership portal is there to guide and support you…so you have to put the work in yourself. The templates, tutorials, guidance, action plans are all provided for you. But you do need to spend the time to actually completing them and implementing them within your business.

B1G1

One of the things that we’re passionate about at Blackmores is acting responsibly and doing the right thing. With having an online system, we are donating for every new member that joins the isologyhub.

This will be done through B1G1 (buy one, give one!)

We will tackle climate change and poverty, one member at a time. The project we have selected is in Madagascar. Unfortunately, Madagascar is a country in crisis. 70% of the country lives in poverty and half of its rainforest has been eradicated due to the strain of population growth in the country. So, we’ve picked out a project whereby we can support the planting of trees and also provide sustainable agriculture training as well so that the communities are self-sufficient. This will enable them to send their children to school to be educated. We’ll also have a live widget on the isology hub website. So that we can see our STG goals are updated whenever a new member joins!

Now let’s get back to isology!

There is a wealth of information in there, and it’s not just about documents…we’ve got a unique roadmap that’s been trademarked, and this is based on our seven-step isology concept! We’ve provided an ISO roadmap for ISO 14,001 for the launch. This will take you through everything that you need to do to get ready for an assessment for ISO 14,001. It also provides everything that you need for an environmental management system, even if you don’t want to go for certification! So, how to create an environmental policy, what to look for in terms of creating your objectives, how to identify your environmental aspects and impacts, and how to launch your management systems…it takes you through the seven steps. In addition to that, we’ve also given you access to our eLearning courses. A lot of the learning is through videos, to action plans, guiding you step by step through your ISO roadmap. We also include checklists workbooks, cheat sheets, and templates, as well, to support you. So, some examples of those could be a launch communications planner, or even an email launch sequence and templates to go with it. Things like internal audit scheduled templates, report templates, samples of policies and procedures and so on. As I said it’s not ISO in a box, these are just examples of best practice. And we guide you through creating your own documentation for your own bespoke management system. And, of course, we’ve got our live Q&A’s, feel free to join us for those live Q&A’s within the membership, or we can answer any questions that you’ve got.

The other thing that we’re really excited about launching as well is our ISO coach programme!

ISO Coach

We’re conscious of the fact that some businesses might just want to join the membership and get on and do it all themselves. Or they might need some guidance and support. There is an upgrade available, which is the ISO coach programme and that’s a six-month programme, where you’ll be part of a small group of up to seven other individuals. On a fortnightly basis, you will have group coaching sessions on the seven steps. Then on the alternate fortnight’s, you can book one-to-one sessions with your ISO coach to go through and discuss any queries concerns or review documents that you’ve created, just to help you on your journey and make sure that you stay on track as well. This programme does start at specific dates! The next date that we’ve got starting will be the 2nd of June. So, if any of you are interested in joining the ISO coach programme, please do get in touch with us!

Because the isology hub is new, we would absolutely love to hear about any suggestions or ideas on content that you’d like to include within the isology hub. Every single month we’ll be adding new content, whether it’s an ISO roadmap for implementing another ISO standard. So, I’d be delighted to hear from you and also to answer any questions that you might have about the isology hub.

So regardless of whether you’re just starting out on your ISO journey, or you’ve already got a system in place but just want to raise your game that bit further, we would love for you to join us as a member on the isology hub!

Thanks very much for listening and I look forward to catching up with you on the next ISO show!

We’d love to hear your views and comments about the ISO Show, here’s how:

  • Share the ISO Show on Twitter or Linkedin
  • Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.

Subscribe to keep up-to-date with our latest episodes:

Stitcher | Spotify | YouTube |iTunes | Soundcloud

Dinesh Sharma (Director of Information Security Governance at Epiq)

Dinesh Sharma, Director of Information Security Governance at Epiq, joins us on the ISO Show today. He discusses ISO 27001, his in-depth experience of this standard, how it’s working for Epiq, lessons learned, and how he manages this globally for Epiq Global.

We are so excited to interview Dinesh! He has a wealth of experience in terms of implementing frameworks like ISO 27001 and PCI DSS. He’s got plenty of experience ranging from developing information security policies, procedures, managing risk assessments, to delivering security training and awareness, and overseeing internal audits. He also has expert experience in security management and governance as his last 15 years focused on information security.

You’ll learn about:

  • What Epiq does
  • What it means to be Director of Information Security Governance
  • Setting up a security team and managing it in terms of global responsibilities
  • Continual improvement at Epiq
  • Dispelling ISO 27001 myths
  • What has worked well for Epiq in relation to ISO 27001

First and foremost, let’s dive into what Epiq is and does…

What does Epiq do?

Epiq, primarily based in the U.S, is a global professional services company, operating in approximately 25 countries including Germany, Belgium, India, London and so many more.

Epiq primarily provides support to the legal industry (so to law firms and the legal departments within large organisations). Their key service is around E-discovery. This is where there is potentially an investigation, or if two parties are about to enter a litigation. Some processes need to happen around data collection, data review, forensics, processing and document review. Epiq can make all of this so much more efficient and cost-effective for clients! Another core service Epiq provides is court reporting and transcription services. Other services include business transformation services, class-action and a range of other services.

Now, let’s find out more about Dinesh’s role…

Role at Epiq

Dinesh is part of the Global information security function at Epiq. They have a dedicated Global information security team to support the business.

Dinesh’s specific role is to lead the security governance side of things. This means that he manages and helps to define the information security policy set and Information Security Management System (ISMS) within Epiq. He also leads and coordinates the internal security assessments (part of which is internal ISMS audits as well as internal security audits across Epiq). He even reviews and provides input on contracts of clients and vendors around security clauses to ensure they align with the policies of Epiq. His team also delivers staff security awareness and training. Finally, his team manages security certifications including ISO 27001 (very relevant for today!).

So, let’s explore how a mature ISMS is managed…

How to go about setting up a security team and manage it in terms of global responsibilities?

At Epiq they have a dedicated team within their information security function for security operations. This team oversees the security toolset, they monitor the alerts from this toolset, such as their end-point detection and the logging and alerting around network security. This security operations team also takes the lead on defining their processes and handling any security incidents. So, they have a separate team for this specifically.

They also have a separate team for security architecture and security engineering. These teams work very closely with the business to make sure that security is considered and embedded within the projects and new offerings Epiq has as a business, as well as developing their tools. So, if Epiq is looking to implement a new security tool, this team will be very involved in looking at the different vendors that provide that offering, how that would be embedded and work within the infrastructure of Epiq, and the environments with which they serve their clients. So, Epiq has got the structure of sub-teams within the security function well defined!

Of course, sitting on top of this, Epiq is very fortunate to have some very experienced and very qualified leadership come into that team. The governance and operations side is managed by a gentleman called Jason. He has lots of experience and brings experience from other industries he’s worked with. He has a peer called Andrew, who looks after the engineering and architecture side. Epiq also has a new Chief Security Officer (CSO) who is very knowledgeable and savvy. He is doing a really good job of lifting the profile of not only security within the organisation, but also Epiq’s security functions. So, they are fortunate to have that leadership as well.

This is fantastic…when organisations are starting with implementing an ISMS, we always find that leadership commitment is so key! It’s great to hear that Epiq has got a mature management system yet are still continuing to focus on leadership commitment and bringing that in from various angles across the organisation as well.

In terms of the ISMS then…

Epiq has got many other security standards, so what we want to know is how their ISMS helps them to manage all their activities.

Well, looking at the requirements of ISO 27001 and setting up an ISMS that works, Dinesh thinks the most important thing it gives an organisation, regardless of what level of maturity it is at, is what the basic components and principles are in terms of a framework that you should be having in place or that you should consider having. This is because if you want to go for certification to ISO 27001, then you must have some of these things in place.

Dinesh very much sees this as a baseline!

Once, you establish that baseline and you’ve got the documentation, the processes which support the documents and the staff in place who can deliver on those processes. You then think…‘what can you do to increase the maturity’?

A big part of ISO 27001 is continual improvement. This is something Dinesh thinks is very important and puts a lot of focus on in his role. So, that’s all tied with the kind of internal security reviews that they do with the internal assessments that happen. But any feedback they get from the business, or any input or discussions they have with the business which can raise or flag something, e.g., as a potential block, are put onto their continual improvement register to work with the team or the business area. It might be something they have to work on themselves. The important thing is to always look out for these kinds of things. That’s why this is a key area of focus for Dinesh, in his role, as he thinks about what can improve each step of the ISMS in Epiq.

However, a lot of companies, once they’ve completed the assessment, think that’s the job done. But you can’t put your feet up just yet! This is only the beginning of the journey, which is why Dinesh identifies this as the baseline and the foundation to be used for continual improvement.

So, let’s look at what Epiq has implemented in relation to continual improvement, which has been above and beyond this baseline.

Epiq and continual improvement

Epis has implemented a Critical Asset Reviews. They identified their 15 most critical assets and instead of doing a full security review, they pick the 10 most important controls and other controls they think would deliver the highest level of security if they had it in place. So, they have done a very focused security review, based on risk and what they think their most important assets are. They dig deep into what are the risks and issues and by acting on these, it moves Epiq to another level.

Now, let’s move onto the part where we dispel myths around ISO standards!

Dispelling ISO 27001 myths

Dinesh believes that a good understanding of ISO 27001 is needed to know what the standard actually means. There is a difference between being aligned and being certified to ISO 27001. So, an independent review of your ISMS is really important as it shows you haven’t just picked and chosen which parts of the core standard you’re going to implement. It shows that you’ve had to do them all and have had that verified and tested. This would provide a level of assurance to your organisation and stakeholders. That’s why there is such a big difference between being aligned to the standard and being compliant with it.

Finally, I’m sure our audience would love to know…

What has worked well from an information security perspective in relation to ISO 27001?

Dinesh identifies the top-level management commitment within a business as the most crucial thing in any implementation of a standard. The business needs to understand the importance of information security. So, everyone needs to be aware of what the benefits are, what’s going on and what is important…having this conversation in your business really makes everything easier according to Dinesh. Epiq does this during their management reviews, where all four of their CEOs attend. They take the management review section of ISO 27001 and cover most of it in their quarterly meetings, and because this is visibly supported by their CEO, the business leaders reporting to the CEO and all their directors attend the management reviews as well. So, they all understand what’s going on, what’s important and what the key risks are from the security team’s perspective. Having this conversation just makes everything a lot easier according to Dinesh.

That’s it from Dinesh! We hope you enjoyed learning about Epiq’s journey…it’s inspirational to hear how Epiq is still developing, evolving, improving and still getting such fantastic commitment from the very top as well. It clearly demonstrates Epiq Global’s commitment to information security without a shadow of a doubt!

Contact details for Dinesh, if you have any enquires or would simply like to connect with him, you can get in contact using one of the ways below:

Email: dsharma@epiqglobal.co.uk

Website URL : Epiqglobal.com

LinkedIn handle: uk.linkedin.com/in/dineshcsharma

We’d love to hear your views and comments about the ISO Show, here’s how:

  • Share the ISO Show on Twitter or Linkedin
  • Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.

Subscribe to keep up-to-date with our latest episodes:

Stitcher | Spotify | YouTube |iTunes | Soundcloud

Gareth Dinnage (Seacourt MD)

Seacourt is the highest scoring B Corp printing company on the planet, they believe in business as a force for good for society.

Fun facts: Seacourt is the winner of the Queens award for sustainable development. They’ve won this three times! In 2017, they were also crowned Europe’s most sustainable SME! No wonder they are recognised as one of the top three leading environmental printers in the world!

Seacourt Managing Director, Gareth Dinnage, joined us for an interview to tell us about Seacourt’s journey and its initiatives. Gareth has been part of Seacourt’s sustainability journey from the very start. He started his journey first as apprentice and then heading up to Sales and Marketing and finally owner and Managing Director.

You’ll learn about:

  • Seacourt’s sustainability journey
  • Environmental management as a guiding principle for Seacourt and their contributions to the environment
  • Seacourt’s journey to understanding their carbon footprint
  • Significance of being Net Carbon Zero
  • B Corp
  • How ISO 9001 and 14001 helps Seacourt run their business
  • Understanding your supply chain

Let’s start right back at the beginning of Seacourt’s journey!

Where did Seacourt begin and where did its sustainability journey begin?

Seacourt started in 1946! They were set up as a commercial printing company in Oxford, working with local businesses. Not much changed for them until the mid-90s, when the owners at the time had the good fortune to attend a seminar focused on sustainability.

We know what you must be thinking, whoever put together this seminar must have had incredible foresight, to have looked into commercial impacts and sustainability!

The owners realised that the printing industry is among the fifth largest manufacturing sectors in the UK since 1996…

And that it’s also the fourth worst polluter!

That’s when they decided that they don’t want to be part of the problem, but a part of the solution. This thought marks the moment of a change of goals and priorities for Seacourt. From this point in 1996, the business changed from a linear business model, focusing on outputs, to becoming a value-based business, to considering the impacts on the environment and society, as well as profits.

This marked the magic transformation of Seacourt!

For the last 25 years, their philosophy has been “will this improve the environmental performance of our business. If the answer is “yes!”, then they do it regardless of the financial cost. So, without this fundamental change in mindset, Seacourt would not have been where it is today.

Guiding principle for Seacourt

Environmental management has been a guiding principle for Seacourt for the past 25 years. It’s fundamental and core to the company.

Currently:

  • Seacourt runs on 100% renewal energy (and have done so for decades)
  • They invented their own printing process called ‘LightTouch’. This has saved them gallons of fresh litres of water
  • Seacourt no longer uses water or chemicals in their printing process!
  • They have been zero waste to landfill for over a decade.
  • They are carbon positive -and that’s scope 1,2 and 3! What this means, for those of you that aren’t familiar with this concept, is that Seacourt sees their impact in every element that they as a business effect. This includes their supply chain, so as a printing industry, they take their impact all the way back to forestry they use for their natural resources. They consider how trees are transported to the papermill, how papermills are run, the energy this it is run on and much more!
  • They consider the end-of-life process by producing a natural material that has a massive recycling rate.

So, when you wrap all of this up in its entirety, Seacourt has created a concept called Planet Positive Thinking -which means that they give back more carbon into the atmosphere than they are responsible for consuming.

Seacourt’s journey to understanding their carbon footprint

A lot of businesses are new to the concept of Net Carbon Zero. So, let’s find out how Seacourt went about understanding what their carbon footprint was.

Seacourt does this by unravelling their entire supply chain and ask challenging questions to their supply chain, such as how they power their plants, what is the carbon impact per tonne of paper they are using, how they transport their materials from the forest and much more never before asked questions! They used the amount of paper they have purchased over a 12-month period and worked with their suppliers to get an accurate carbon impact figure. They created their own methodology and matrix, using the same process to identify the carbon impact figure that they used for their paper, for other areas in their operations, for example their ink.

By this point, Seacourt knew their carbon impact holistically for a 12-month period and sought to work on a regenerative project in the Amazonian basin. In this project, Seacourt safeguards 86,000 hectares of endangered forestry and are reforesting 12,000 hectares of deforested lands. They also have a social element where they support a programme with indigenous people. So, this is how Seacourt maintains their Planet Positive Thinking element, as they give back more than they consume in everything they have an impact on.

Significance of being Net carbon zero

Of course, we are conscious of the fact that we are in a lockdown where many businesses are struggling financially. So, this is for those of you thinking “is it going to be really costly for me to be Net Carbon Zero or Carbon positive?”. Gareth emphases the need to understand the impact of sustainability, to have a strategic plan and an idea of what goal you want to reach and how you will achieve it. Otherwise, your business will get left behind! Other business will pick up this leadership agenda and show exactly what business can do. Gareth identifies these businesses as the ones to be the most successful. This is already evident among investors refusing to work with fossil fuel-based business. That’s why business need to act responsibly to stay ahead of the game!

How management systems help Seacourt run their business

Seacourt has been certified to ISO 9001 and ISO 14001 for years. These management tool helps Seacourt set the business up to the highest standards and ensure continual improvement. The quality environmental management system provides a framework for delivering sustainable best practice.

B Corp

Now let’s move on to talk about B Corp!

B Corp is the global movement that aligns businesses who share the same philosophy, which is that businesses can and should be a force for good. Certified B Corps meet the highest standards of verified social and environmental performance, transparency, and accountability. The unifying goal of B Corps is that the main driver is stakeholder value, not shareholder value.  

Understanding your supply chain

For those of you who have not yet looked into their supply chain, Gareth recommends:

  1. Observing and controlling your building in terms of energy efficiency (make sure its insulated and you use renewable power)
  2. Then send out supplier surveys to find out what your suppliers are doing or working on that you are not aware of
  3. Then look at your key supply chain and identify if you can start mapping the carbon impact.

These steps would give you key findings and insights that you can use in your goals and strategy.

Contact details for Gareth, if you have any enquires or would simply like to connect with him, get in contact using one of the ways below:

Website URL : www.seacourt.net

Twitter handle: @seacourtltd

LinkedIn handle: Garethdinnage

We’d love to hear your views and comments about the ISO Show, here’s how:

  • Share the ISO Show on Twitter or Linkedin
  • Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.

Subscribe to keep up-to-date with our latest episodes:

Stitcher | Spotify | YouTube |iTunes | Soundcloud

Today, we’re joined by the Director of Corporate Assurance at Totally PLC, Falu Bharmal.

Falu plays a key role in working with NHS England and has in-depth knowledge and understanding of ISO implementation, Legal Policy relating to corporate governance, health and safety, and integrated Risk Management. He has extensive experience in establishing new corporate governance structures, systems, and processes to ensure organizations are fit for purpose.

Today, Falu is here to discuss ISO 27001 (Information Security Management), and why it’s so important to have consistent practices throughout a company.

Falu explains how he’s able to implement new ISO’s so effectively and some of the biggest improvements ISO 27001 has allowed him to make.

We talk about how best you can prepare before implementing a new standard, and how ISO’s can help systemise your way of working across a company.

Visit the Totally PLC website to learn more about their services.

You’ll learn

  • The benefits of working as a group with consistent practices throughout a company.
  • How to effectively prepare for and implement new standards.
  • How ISO 27001 is used as a best practice mechanism.
  • How implementing standards can help to systemise the ways of working across a company.
  • How many people you need to be involved with the implementation of new standards.

Resources

In this episode, we talk about:

[00:29] The services Totally PLC supplies and how they support the NHS and reduce A&E waiting times.

[03:30] The different divisions that makeup Totally PLC.

[05:36] The ways Falu as Director of Corporate Assurance is involved with ISO implementations.

[06:34] How Falu implements ISO standards effectively.

[07:21] How ISO 27001 is used as a best practice mechanism for Totally PLC.

[08:20] Some of the biggest improvements Falu’s made through using ISO 27001.

[09:25] How ISO standards help to systemise ways of working across a company.

[10:14] The different roles Totally PLC has dedicated to ISO implementation.

[12:18] The best things you can do before implementing a new standard.

[13:46] The extra pressures Totally PLC has faced due to the pandemic, and the new opportunities this has brought.

If you need assistance with implementing ISO 27001 – Contact us!

We’d love to hear your views and comments about the ISO Show, here’s how:

  • Share the ISO Show on Twitter or Linkedin
  • Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.

Subscribe to keep up-to-date with our latest episodes:

Stitcher | Spotify | YouTube |iTunes | Soundcloud

Steve Mason is a Senior Consultant at Blackmores (UK) Ltd, and has a 100% success rate of supporting clients in achieving their ISO9001 & ISO27001 certifications on their first time.

With over 38 years of experience working with standards, Steve is incredibly knowledgeable about how to ensure companies get the best benefits when implementing new standards. Steve has never stopped advancing himself and continues to broaden his knowledge of new standards as they come into existence.

Today, Steve is here to discuss ISO 27701 (Data Privacy), and why it’s so important to have so that you can prove you are GDPR compliant.

Since the new European Data Privacy Laws were introduced in May 2018 there have been over 150,000 personal data breaches within Europe, and the estimated total of GDPR fines total a little over 220 million euros.

Steve explains why GDPR is so important, how companies can avoid having data breaches, and what makes ISO 27701 different from previous standards.

You’ll learn

  • How ISO 27701 can help companies demonstrate compliance with the requirements of GDPR.
  • The ways ISO 27701 is different from ISO 27001 and why you need both standards.
  • Who you can share PII with while still maintaining GDPR compliance.
  • The correlations ISO 27701 has with ISO 27002.
  • The potential impact implementing ISO 27702 can have.

Resources

In this episode, we talk about:

[00:29] The big personal data breaches that have happened in the last 2 years, and the fines the companies received for not being compliant with the data protection laws.

[04:11] Why we have General Data Protection Regulations and what they are there to protect.

[06:36] What ISO 27701 is and how it helps companies be GDPR compliant.

[09:26] What PII (Personally Identifiable Information) is.

[11:41] An overview of ISO 27701 and what its main clauses are.

[14:04] What the two control sets of the standard are and what the difference between a data controller and a data processor is.

[17:20] How this standard helps companies know what needs to be put in place to be GDPR compliant.

[18:51] What makes ISO 27701 better than BS 10012 and why it will eventually completely replace it.

[22:14] What you already need in place to get ISO 27701 certified.

[24:10] The main benefits for companies implementing this standard has.

If you need assistance with implementing ISO 27701 – Contact us!

We’d love to hear your views and comments about the ISO Show, here’s how:

  • Share the ISO Show on Twitter or Linkedin
  • Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.

Subscribe to keep up-to-date with our latest episodes:

Stitcher | Spotify | YouTube |iTunes | Soundcloud

So this is for our ISO Show listeners that are already certified to ISO Standards, in some cases – not that often, some companies can get really fed up or frustrated with their certification body provider.

Now on the whole, accredited CB’s are great – however over the last 14 years we’ve come across the good, the bad and the ugly too!

So, this podcast is for those companies that maybe looking to switch, so we’ll cover…….

Why companies decide to change CB’s

  • Can’t get hold of anyone to help them – inform them of change in business and the CB is not adaptable.
  • Frustrated with lack of organisation – not keeping client informed, assessor showing up to audit the wrong standard.
  • Their CB is not listening to them
  • Not happy with the assessor – No really a hard reason – Just request a different Assessor
  • Lack of value – assessor shows up later and leaves at 2.00pm and you don’t get the report for another 2 -3 weeks after chasing.

Why switch?

Because you can – you have a choice

  • You are the customer – if you raise your concerns and are not being heard, go to another CB that will look after your every need.
  • You may get a more competitive service and costs – example clients grown through acquisition
  • You are expanding internationally – need a CB with an international presence

How to switch

  1. Here in the UK – If you are certified by a UKAS accredited certification body the switch is free of charge to another UKAS accredited CB.
  2. Establish your scope of certification and requirements – sites, services, standards.
  3. Review your timings – should it be before or after your next surveillance visit?
  4. Get three quotes from accredited Certification bodies – explain you’d like a quote for the period of certification including the recertification costs.
  5. Provide your requirements – also explain why you are looking to change CB’s as you want assurance that they will be able to provide you with the service you need.
  • Consider –
    • Costs
    • number of assessors for your standards on the payrole,
    • Continuity of assessors
    • Location of assessors and your locations
    • Support
    • Key Account Manager / customer services
    • Experience/reputation in your sector / standards
    • Any value adds i.e. webinars, whitepapers, events.

How we can help? – Free service to send an RFQ to CB’s so you can get comparative quotes. We don’t have an exclusive relationship with any 1 Certification Body, but we can help you gain a quote as a free service we offer. If you need help getting a quote, contact us!

Look out for our directory of recommended CB’s in 2021.

We’d love to hear your views and comments about the ISO Show, here’s how:Share the ISO Show on twitter or Linkedin

Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.

Subscribe to keep up-to-date with our latest episodes:

Stitcher | Spotify | YouTube |iTunes | Soundcloud

Fail to prepare, then prepare to fail.  If you don’t want to fail an assessment before you’ve even begun, be prepared.

I’m just going to take you through the top 5 mistakes companies make that can lead to stress and failure – now this isn’t a definitive list – there are of course many things that could go wrong, I’m just going to share with you my 5 favourite blunders that you can very easily avoid.

  1. Not informing employees

Yes – pretty obvious, but you’d be surprised to hear how many times a Management systems is just kept to one person and a communications plan has not been implemented to inform all employees.  The best informed employees make the best people to be assessed.

Imagine – you are an assessor and you rock up only to hear an employee when asked about their process say ‘What process? What Environmental Policy?

  • Business Continuity Planning – What’s the point in having a BCP if no one know how to how to respond to an incident?
  • By not informing employees – As it triggers bad vibes i.e nervous, wary, stressed
  • Communication plan – CEO, Champions, agenda of meetings, launch, newsletter updates, online comms i.e. slack
  • Not having access to the right people
  • The assessor doesn’t need to see every single person.
  • Does need to see the key process owners and some representatives from the leadership team.
  • Quality – operations, HR, key process owners i.e. heads of functions
  • Environment – Facilities Managers, an Environnemental Champion.
  • Information Security – IT, back-ups, incident reporting, HR (starters/leavers) and physical security i.e. Office Manager or if you are in services offices – give the person on reception the heads up.
  • Make sure you have the agenda for the visits well in advance – all reputable UKAS accredited certification bodies should send this to you weeks in advance – if they haven’t chase it.
  • This helps you to ensure that the right people are available at the right time.
  • Not having access to your management system

Sounds silly, but you’d be surprised.

  • We’ve even come across cases of rogue consultants where the Management system is owned (IP and all) by the consultant – not the company. Scary!
  • Make sure you have access to your policies, procedures, documents and templates
  • These can be online, displayed, hard copy or audio/visual
  • Nothing more embarrassing than missing a key document or you’ve got 3 versions of it, and no one know which is the right one.
  • Accessiblity is key – Sharepoint/intranet/wiki’s/dropboc
  • Not having access to your records.
  • Stage 2 Assessment is a ‘Show and tell’ –make sure the right people and have access to the right records.
  • Pre-empt any pitfalls  – a disorganised business will have records all over the place – because there is no structure.
  • Also, make sure your supplier records are compliant – one of the main causes of non-conformities in Environmental management and Health and Safety is lack of accurate supplier records
  • Waste records, Lift maintenance records, FGas records – most of these aren’t ISO Standards requirements – they are LEGAL requirements.
  • Legal register/due diligence

And last but not least……

  • Don’t make any assumptions
  • Don’t make any assumptions that that your assessor will know your business inside out – they won’t understand your culture, vision, values and USP’s.
  • Use this as an opportunity to showcase all the strengths of your business and how well managed it is.  With our clients we’ll always get the representative of the leadership in the room for the kick-off meeting –
  • Don’t worry the assessor doesn’t need to be glued to the assessors hip all day every day, 30 mins attendance at the kick-off meeting max is suffice. This shows the business is serious about their ISO Commitment and demonstrates that there is full leadership support and that employees are onboard. 
  • Likewise – don’t assume that your assessor knows nothing about your industry – in many cases, if you are in a sector, chances are that your assessor i.e. construction, engineering, manufacturing your assessor has seen the good, the bad and the ugly.
  • Take notes, so you can refer back to these – as there can be some valuable observations that an assessor may make which you could take back to your continual improvement process.  Don’t assume that these will be captured in the report at the end of the assessment.

So to recap – the 5 mistakes to avoid in an ISO assessment are……

  1. Not informing employees
  2. Not having access to the right people on the days of the assessment
  3. Not having access to your management system
  4. Not having access to your records.
  5. Don’t make any assumptions

And don’t forget, these mistakes can easily be prevented if you prepare well before an assessment.

In the words of Benjamin Franklin, By failing to prepare, you are preparing to fail.

If you need any assistance with ISO standards, contact us!

We’d love to hear your views and comments about the ISO Show, here’s how:Share the ISO Show on twitter or Linkedin

Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.

Subscribe to keep up-to-date with our latest episodes:

Stitcher | Spotify | YouTube |iTunes | Soundcloud

Richard Matheron is the Quality and Continuous Improvement Manager at BP Chargemaster. He’s had a long career as a quality professional and hands-on Manager, with his background mostly being in engineering and manufacturing management.

Currently, Richard is working for BP Chargemaster helping them transform themselves from an SME to an international world-class business. BP Chargemaster is the UK’s biggest name in electric vehicle charging. They design, build, sell and maintain the most popular charging units in the country, and have begun to expand their business worldwide.

Today, Richard is here to discuss his experience with implementing ISO 9001 (Quality Management) and ISO 14001 (Environmental Management). These have been a fundamental component in his management of transitioning the company from an SME to an international organisation.

Richard explains why these ISO’s are so necessary, and why it’s so important that a company has someone who can focus on continuous improvement within their business. He reiterates the importance of people to not be afraid of change and discusses some of the most effective ways to carry out positive improvements within your organisation.

He explains the ways having a priority board and suggestion box can help to drive continuous improvement, and how often the best solution for an issue isn’t a complicated one but is one of the simplest…

Website: www.bpchargemaster.com

Mobile phone: 07813098736

Email: Richard.matheron@bp.com

You’ll learn

  • How the demand for electric charge vehicles is changing. 
  • The types of tax incentives and grants that are available for businesses who use electric cars.
  • Why digital security is more important now than ever before.
  • How to grow your business from an SME to an international organization.
  • The most effective ways to drive continuous improvement.
  • The best ways to track the effectiveness of new improvement measures.
  • How ISO 9001 and ISO 14001 have helped Richard.

Resources

In this episode, we talk about:

[00:30] Who Richard is, what he does for a living, and what he’ll be sharing with us today.

[01:50] The types of dance that Richard teaches in his free time.

[03:44] BP Chargemasters position in the electric vehicle charging market.

[04:55] How demand for electric cars has changed over the last year.

[05:39] The tax incentives and grants that are available for businesses for using electric cars.

[07:14] What Richard does as the Quality and Continuous Improvement Manager at BP Chargemaster.

[10:05] The value of data and the importance of digital security.

[12:29] How to best manage a company that’s growing from an SME to an international enterprise.

[18:22] The way Richard drives continuous improvement at BP Chargemaster.

[20:43] What ‘8 D’ is and how it can help to identify the causes of problems and the best ways to improve on them.

[25:06] How Richard tracks the different improvements that he puts in place.

[27:27] The book Richard recommends to those working in the business world.

If you need assistance with implementing ISO 9001 or ISO 14001 – Contact us!

We’d love to hear your views and comments about the ISO Show, here’s how:Share the ISO Show on twitter or Linkedin

Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.

Subscribe to keep up-to-date with our latest episodes:

Stitcher | Spotify | YouTube |iTunes | Soundcloud

Andy Pavlovic is the Compliance director at Maris. Maris is certified to four ISO standards, ISO 9001 for quality, ISO 14001 for environmental management, ISO 45001 for health and safety, and ISO 37001 for anti-bribery standards. He manages and maintains all of these ISO standards for Maris and makes sure that the company upholds these standards across the board.

This episode, Andy Pavlovic is here to share with me what he’s learnt from his years working as Maris’s compliance director and overseeing the implementation of four different ISO standards.

Andy speaks about how ISO standards enable Maris to maintain consistency across the company in the quality of their work, their health and safety procedures, and their environmental impact.

He explains how implementing standards allow organisations to be scalable and how having multiple standards doesn’t necessarily mean spending more time on them.

With ISO 37001 being a relatively new standard, he explains the value following this standard has not only for the ethos of Maris but also to the commercial side of his business.

Finally, he explains how Maris keeps their employees compliant with their standards and what the key benefits of having an integrated management system are…

Website: https://www.maris.co.uk/

Linkedin:

You’ll learn

  • How ISO standards allow organisations to be scalable.
  • Why implementing the correct ISO standards is even more important than ever during COVID times.
  • The importance of choosing the right systems for your organisation.
  • How to maintain consistent adherence to standards across your company over long time periods.
  • The best ways to train your staff to be compliant with new ISO standards.
  • The benefits of having an integrated management system when dealing with multiple ISO standards.

Resources

In this episode, we talk about:

[00:32] Who Andy Pavlovic is and the different ISO standards that Maris are certified with.

[01:48] Andy’s experience working with ISO standards.

[02:18] What Maris does and the industries they work in.

[03:05] Andy’s ISO responsibilities as the Compliance Director.

[04:00] How ISO standards work across different cultures and the importance of having these in place.

[05:12] How Andy manages four different ISO standards, and how having these standards enable companies to be scalable.

[08:07] The importance of organisations accepting standards as part of their culture.

[09:52] The importance of giving new employees a proper formal induction and what this process looks like.

[11:52] The commercial advantages of having ISO standards and how this has helped Maris win new business during the COVID pandemic.

[13:34] What the benefits of having an integrated management system are.

[15:16] Advice Andy has for anybody who is looking to implement ISO standards.

[16:45] Andy’s book recommendation to anyone looking for self-growth.

[18:19] The importance of having someone with the right expertise in house when implementing ISO procedures.

[19:14] How to get in touch with Maris or Andy himself.

If you need assistance with implementing ISO 14001, ISO 9001, ISO 45001 or ISO 37001 – Contact us!

We’d love to hear your views and comments about the ISO Show, here’s how:Share the ISO Show on twitter or Linkedin

Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.

Subscribe to keep up-to-date with our latest episodes:

Stitcher | Spotify | YouTube |iTunes | Soundcloud

Yousif Rajah is the Head of Info Sec at dotdigital, a UK-based tech company that builds software service solutions to help customers engage with their clients. He coordinated most of the work involved with creating the ISO 27001 system, and recently has contributed to DotDigital becoming ISO 27001 certified.

« It sounds dauting and it feels daunting, but if you have a program in place already, chances are you’re quite a long way down the road already. » – Yousif Rajah

Picture this: Your digital marketing company is expanding, and you know you need to comply with data protection requirements, protect your reputation and demonstrate to customers that you have taken the steps to protect your business and their personal information. You’ve heard of the importance of becoming ISO 27001 certified but are unsure where to start. Join us today as our guest, Yousif Rajah, explains his company’s journey in becoming ISO 27001 certified, the changes he has noticed since implementing this ISO standard, and how you can get started on becoming certified today.

Website: https://dotdigital.com/contact-us/

You’ll learn

  • What dotdigital is, what it provides, and what Yousif’s role is
  • The company’s main driver behind implementing ISO 27001
  • How long it to become ISO 27001 certified
  • The scope of the ISO 27001 certification
  • Gap analysis after becoming ISO 27001 certified, and reaching the standard
  • The benefits and risks associated with expanding globally, while maintaining the ISO 27001 standard
  • The benefits, in general, of implementing ISO 27001
  • Tips of implementing ISO 27001

In this episode, we talk about:

[01:13] What does dotdigital do?

[02:14] Something not many people know about Yousif

[03:34] Main driver behind implementing ISO 27001

[04:57] The journey of becoming certified and going through the assessment 

[05:52] What is the scope of the certification?

[7:56] What was the biggest gap in the gap analysis?

[9:16] Reaching the gaps and the difference it made within dotdigital

[11:04] The benefits of certification on a global scope

[12:35] What Yousif has learned since implementing ISO 27001

[13:28] Main benefits to dotdigital in achieving certification

[15:30] If you could give any tips to someone implementing ISO 27001, what would they be?

[16:11] If you could gift a book to somebody what would it be and why?

[16:49] Favorite quote to leave listeners with 

Need assistance with ISO 27001? – Contact us!

We’d love to hear your views and comments about the ISO Show, here’s how:

  • Share the ISO Show on twitter or Linkedin
  • Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.

Subscribe to keep up-to-date with our latest episodes:

Stitcher | Spotify | YouTube |iTunes | Soundcloud

Today’s Guest

Trevor Jennings is a Risk Manager with the Corporate Real Estate Department at Lloyd’s of London. He works to provide client facing advice and support on all matters of risk, excluding financial and contractual risk, and to ensure health and safety is co-ordinated across all building users within Lloyd’s UK and overseas premises.

« It’s steps at a time that will get you through to the certification aspect. »
                                             – Trevor Jennings

Picture this: An organization has set effective environmental, health, and safety standards for their company. Worker participation is high and the leadership is flourishing. Sounds marvelous, don’t you think? Tune in to this episode to learn from a man who has made this happen for the world’s specialist insurance and reinsurance market. Trevor Jennings speaks about his journey to implementing environmental standards (ISO 14001), health and safety standards OHSAS (18001), and his experience with the migration to the latest health and safety standard ISO 45001. He details the main advantages of having an ISO compliant health and safety system in place and the key factors that led to Lloyd’s success, including employee engagement groups to foster worker participation. Trevor divulges the top environmental factors that Lloyds is focusing on and how it affects their bottom line, as well as his top tip for anyone who is looking to implement ISO 14001 or ISO 45001.

Website: https://www.lloyds.com/about-lloyds

Linkedin: https://www.linkedin.com/in/trevor-jennings-msc-cmiosh-44917b37/

You’ll learn

  • What Lloyd’s is, what it provides, and what Trevor’s role is
  • How Trevor got started at Lloyd’s and how OHSAS 18001/ISO 45001  and ISO14001 got implemented
  • The main advantages of having a health and safety system in place compliant to OHSAS 18001/ISO 45001/
  • Why timing, worker participation, and leadership is key for Lloyd’s success
  • The top environmental factors that Lloyds is focusing on and how it affects their bottom line
  • How Lloyd’s is working on a Better Working Environment initiative
  • The benefits of employee engagement groups
  • How Lloyd’s manages suppliers
  • Trevor’s top tip for implementing ISO14001 or ISO45001

Resources

In this episode, we talk about:

[00:51] What is Lloyd’s and what is Trevor’s role?

[03:36] Something not many people know about Trevor

[05:10] How Trevor got started at Lloyd’s of london

[07:34] The main advantages of having a health and safety system in place compliant to 18001

[08:44] Facing the challenge of implementing 14001

[12:12] The Health, Safety, and Environmental Coordination Group

[13:42] Energy is at the top of the list of targets to focus on

[14:54] The effect on the bottom line of operations

[16:52] The migration of OHSAS 18001 to ISO 45001

[21:24] Tips for organizations looking to implement ISO 14001 or ISO 45001

[23:48] If you could gift a book to somebody, which would you choose and why?

Need assistance with either ISO 14001 or ISO 45001? – Contact us!

We’d love to hear your views and comments about the ISO Show, here’s how:

  • Share the ISO Show on twitter or Linkedin
  • Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.

Subscribe to keep up-to-date with our latest episodes:

Stitcher | Spotify | YouTube |iTunes | Soundcloud

Today’s Guest

Ian Van Der Pool is the chairman of the European Facilities Standards committee and co-author of ISO 41001 and ISO 41014. He also has his own business, which is ISO 41001 CSI. He currently works with the Dutch Ministry of Defence and is responsible for implementing a brand new FM system fully compliant to ISO 41001.

Tune in to this episode to learn from Ian Van Der Pool, who has lots of valuable experience implementing ISO standards for facilities management. Ian speaks about how he got involved with ISO 41001, why it’s important to have an ISO standard, and how such a standard is created. He details the commercial value in ISO 41001, the benefits and main drivers of having a facilities management system in place that is aligned with the standard, and the risk of not having one implemented. The uncertainty of returning to the office amid a pandemic is discussed, along with the effects of this uncertainty. Then, Ian shares his top tips for implementing facilities management systems, noting a valuable lesson he learned in all the organizations he has interviewed.

Website: www.iso41001csi.com

Linkedin: www.linkedin.com/in/ianvanderpool

Course Date: 18th September 2020

Course cost: £500

You’ll learn

  • How Ian got involved with ISO 41001
  • Why it’s important to have an ISO standard for facilities management
  • How multiple countries come together to create these standards
  • What drives companies or venues to implement ISO 41001
  • The commercial value in ISO 41001 and the risk of not implementing it
  • The effects of uncertainty of returning the workplace during coronavirus
  • The benefits of having a facilities management system in place
  • Ian’s top tips for implementing facilities management systems: where do they begin and how do they comply with the standard?

Resources

  • ISO Support Plan
  • ISO Elearning
  • ISO Steps to Success

In this episode, we talk about:

[00:43] A bit about Ian Van Der Pool

[02:50] Something not many people know about Ian

[03:40] How Ian got involved with ISO 41001

[06:51] Why is it important to have an ISO standard for facilities management?

[08:32] Is ISO 41001 the only certifiable standards that organizations can be certified against?

[09:30] How does a standard get created?

[12:25] Main drivers for implementing ISO 41001 for a facilities management company or venue

[14:39] The commercial value in ISO 41001

[17:39] The risk of not having it implemented

[18:55] The effects of uncertainty regarding going back into the workplace

[20:43] The benefits of having a facilities management system in place that is aligned with the standard

[22:37] Why would you need ISO 41001 in addition to or instead of other standards?

[27:30] Tips for implementing facilities management systems + A valuable lesson learned in all the organizations Ian has interviewed [31:02] How to learn more about and contact Ian + About his ISO 41001 foundation training course offered by CSI

If you need assistance with implementing ISO 41001Contact us!

We’d love to hear your views and comments about the ISO Show, here’s how:

  • Share the ISO Show on twitter or Linkedin
  • Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.

Subscribe to keep up-to-date with our latest episodes:

Stitcher | Spotify | YouTube |iTunes | Soundcloud

To celebrate hitting 50 episodes, I wanted to bring to bring to you something a little extra special today. and that is ‘How to implement any ISO’, but before we do, I’d just like to say a huge thank you to all our listeners.  Keep sharing the ISO Love, and share this episode with anyone who is looking to take their business to the next level.

In this episode I take you through 4 simple steps to implementing any ISO Standard.

  • Understanding your business (I mean really understand your business – warts and all!)
  • Create
  • Share
  • Engage

When you break it down, the same ingredients apply to how you approach to implementing and ISO Standard.

To celebrate hitting 50 episodes, I wanted to bring to bring to you something a little extra special today. and that is ‘How to implement any ISO’, but before we do, I’d just like to say …….

Thank you, thank you, thank you – for listening in, and giving your time to listen to the ISO Show, I’ve loved recording the last 50 episodes with some amazing guests, and I really hope you’ve found them beneficial and taken away some great tips and insights into how other businesses have succeeded and how they’ve transformed their businesses with ISO Standards.  So I hope you’ve enjoyed listening to them too, if you did please could leave a review and hit subscribe wherever you listen to your podcasts, because that that means that we can continue to inspire and educate others, and it also means we can keep getting epic guests on the show.

I’d also like to give a quick shout out to Steph Churchman, our Communications Manager here at Blackmores, who has been my saviour in doing these recording – especially when we’ve had technical issues, and even lost guests midway through recording.  She’s been absolutely fabulous in making my vision for the ISO Show become a reality! So huge thank you Steph! You are a star!

So, onto today’s episode which is ‘How to implement any ISO Standard’ – you may think, hey that’s a bit of a bold statement, there are thousands of ISO Standards! Yep! But when you are implementing an ISO Standard to improve a business, there are a few secret ingredients, and I’m going to let you in on those today.  But I don’t just want to do that, I’m going to provide a free check-sheet on ‘How to implement any ISO Standard’ which will be available to download from the show notes.

I’m going to share with you our ISO Steps to Success – this is a proven methodology that, at we’ve refined over the last 14 years, and implemented for over 250 companies – 250 companies, in over 20 countries. Not only that – with a 100% success rate, yep, an awesome 100% success rate.  So here’s what we do

# 1   Understanding the organisation

You need to fully understand what your businesses biggest risks are but also establish where you most impactful opportunities are.

  • Gap Analysis,
  • Identify risks, opportunities, interested parties, – SWOT/PESTEL
  • Understand legal requirements. – Statutory, regulatory and contractual requirements
  • Finally – establish a clear SCOPE – what is your ISO Management system going to cover?

It’s only really when you’ve fully understood your organisation that you can create a roadmap to achieve success with where you are trying to get to.

# 2    Creation  

Create the Management System policies, procedures and templates – long gone are the days of Quality Manual or worse still ISO Manual – you label it to suit your company brand, culture and vision. Give it some thought, as this will be the central point that you want employees to go back to I they need any guidance and support on their way of working.  For the purposes of this podcast, I’ll simply refer to the Standards terminology of ‘Management System’.

So lets get down to the creation of your management system…..

Top tip alertwhere the standard says ‘shall’ it is basically saying – don’t bullshit me – you’ve got to god damn have this in your system or it will fail an assessment!

So if the standard says’ top Management SHALL establish, implement and maintain an environmental Policy – it means, DO IT!

If the standard says ‘The organisation SHALL establish environmental objectives at relevant functions and levels – DO IT!

The standard is there to HELP your business, and it is crystal clear in the ‘SHALL’s’ exactly what you need to do to achieve success.

# 3 Sharing

There is no point having an awesome ISO Management System sitting in a manual or buried in a server somewhere if no one knows about it, or they can’t find it!

You need to SHARE it with everyone, after all its been created for the organisation to succeed – to be more profitable, productive, reduce risk, be more sustainable – so everyone needs to be AWARE of the management system AND be empowered to take responsibility for it!

There is no point in having an Information Security System in place, if know one knows what a security breach is in your business is or who to report it too!  What’s the point!

So you need to have….

  • A Communications Plan – Internal Comms, External Comms – website, social, newsfeed.
  • Awareness training (classroom or eLearning), recordings  
  • Make it accessible – not everyone may have access to a PC – think outside the box – how can you get your ‘Way of Working’ to the workforce? – screens in meeting areas, virtual noticeboards.
  • Themes – World Environment Day – Create a buzz, create energy and enthusiasm for getting involved and making a difference.  You can use this either for the launch or for refresher sessions.

 # 4 – Engagement

  • You need to get the company ‘Way of working’ which are your policies and procedures, systems into the business DNA – be crystal clear on accountabilities and responsibilities.

Engagement is so critical to making this a success……

If you are launching a new client onboarding process to improve the customer experience – make it clear, how the process works, what results you expect to see, how you are going to monitor the results, and who is going to make it happen!

Get those responsible to own it and take pride in their achievements.

  • Next, I know you may think you are wonderful, and I’m sure you are amazing, but in all honesty you can’t successfully embed an ISO System on your own!

In all businesses there are usually closet ISO Champions – just waiting to be asked to contribute – so why not encourage engagement?

Why not Create a hub for Champions? – give them the tools and platform to make it happen!

This isn’t just about when you launch a new ISO System, but to demonstrate how you are continually raising standards! so let’s say you have a Health and Safety System – ISO 45001 – Your H & S Champions could be championing the COVID-19 H & S Risk Assessments, controls and awareness for your employees across all area of your businesses.

Having these champions, will make Management’s life easier to communicate key issues and solutions, to create a better working environment and happier clients.

  • Carrying out Internal Audits – So this another ‘Shall’.  It is not optional, and this is where ISO Standards can get bad press, as a result of lazy or incompetent auditors (or worse still lazy and incompetent) just using it as a ‘tick-box’ exercise.  Use this opportunity to really engage with your workforce – this is such a value tool in the tool box if done in the right way – it helps you to understand an employees:
  • Level of understanding
  • Opinions and views of the process
  • Opportunities for improvement
  • Gauge level of compliance and readiness for the assessment.
  • Engaging in the Leadership Team through Management Review

So that’s it in a nutshell, that’s how you implement ANY ISO Standards. 

I’d love to hear what your top takeaways were on the show today, and share that with me, I absolutely love reading the reviews and suggestions.

Don’t forget to follow us on Linkedin. Also, ISO Show listeners will get a 10% discount on ISO Steps to Success, ISO Support Plans and ISO Elearning. Just quote ‘ISO Show’ in your enquiry.

………before I go I just wanted to say thank you so, so much for being here and  listening to the ISO Show, and showing up today – if you know anyone, colleagues, associates, friends in your life that would really benefit from having an awesome System in place to take their business to the next level – to be more efficient, sustainable and profitable then please share this episode with them.

Thanks once again for listening, and I look forward to catching you on the next ISO Show….

Awesome resources

ISO Steps to Success – Free consultation to discuss the feasibility of ISO for your business

ISO Support Plan – Free health check on your ISO Management System

ISO Elearning – Wide range of ISO Standards courses for just £50 per course.

We’d love to hear your views and comments about the ISO Show, here’s how:

  • Share the ISO Show on twitter or Linkedin
  • Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.

Subscribe to keep up-to-date with our latest episodes:

Stitcher | Spotify | YouTube |iTunes | Soundcloud

Today’s guest is Alex Street, from EMCOR UK a world leading Facilities Management Company. EMCOR are the epitome of high standards, in fact EMCOR are certified to 8, yes 8 ISO Standards, which is pretty impressive.  Though we are just going to focus on one in particular that is extremely topical at the moment – Business Continuity.  Mel first met Alex when EMCOR engaged in our services to implement the Information Security standard and also ISO 22301 the business continuity standard 4 years ago.  The company has gone from strength to strength over the years, so Alex is joining us today to discuss ISO 22301 and how the system is helping them to not just survive, but thrive during these difficult times.

Some highlights:

  • EMCOR adopted the early BS 25999 and later migrated to ISO 22301 after drive from customers as well as natural progression to the updated version
  • Recognized the benefits of having a robust Business Continuity Management system in place
  • Went through the process of a Gap Analysis and Business Impact Analysis to identify where the system needed to be addressed and built on. This led to the review of objectives and business continuity plans in accordance with 22301’s more detailed requirements.
  • A key focus should be training and awareness for all staff once plans have been agreed – so that everyone knows what their role is in any given situation.
  • Keep up with testing and auditing of the Business Continuity plans to ensure they run smoothly and are still applicable in execution
  • EMCOR had been monitoring the COVID-19 situation as early as December and since February 2020 – had been having meetings with Executive teams (Gold and Silver) to discuss next steps. Thanks to ISO 22301, they’d already had tested processes in place for moving towards remote working.
  • A consistent approach to all areas of Operation is key – from ground level to executive
  • Communication and collaboration with supply chain and customers – ask them if you could be doing anything more to help
  • Support your own supply chain – Taking the current situation into account, everyone is in the same boat so help where you can
  • It can take a live incident to fully test a Business Continuity plan – take lessons learned from live events forward. Actively work to continually improve your system.
  • Alex’s helpful tip: ‘Don’t get caught out’ – The standard is there to help but you need to put the work and effort in to make it work for you. ‘The benefits far outweigh the risks of not having an effective Business continuity management system in place’

Further resources:

To Learn more about EMCOR, visit their website HERE

Free standards available from BSI HERE

Need assistance with ISO 22301? We’d
be happy to help

We also have an Introduction to ISO 22301 E-learning course available HERE. Use discount code: ISO2230110 for 10% until the end of July 2020.

We’d love to hear your views and comments about the ISO Show, here’s how:

  • Share the ISO Show on twitter or Linkedin
  • Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.

Subscribe to keep up-to-date with our latest episodes:

Stitcher | Spotify | YouTube |iTunes | Soundcloud

Although it is good news that we are returning to work – Are you confident that you’ve fulifilled your duty of care as an employer?  As an employee are you confident that your company is managing your return to work safely?

Over the coming months its important that we know the health status of our workforce in realtime.  However, that is easier said than done, or is it?

One of our clients for many years, Riskex have been in the health and safety software space for many years, and are now offering free of charge their COVID-19 Health Assessment. 

ISO Show takeaways:-

  • How Riskex has grown from success to success
  • How ‘Fit 2 work’ only takes 5 minutes to set up for your company, ad only takes 30 seconds for an employee to complete.
  • How does ‘Fit 2 work’ keep you informed and manage your workforce safely.
  • Benefits of tracking your employees Health and safety in relation to COVID-19
  • How can businesses me more resilient and achieve compliance
  • Potential COVID-19 mitigation cases against employees and how to prevent legal claims.
  • How Assessnet fits with ISO Standards – a simple method for supporting compliance.
  • How to get FREE access to ‘Fit 2 work’

You can learn more about Riskex’s Fit 2 work tool HERE

To learn more about Riskex and their full range of services, visit their website.

We’d love to hear your views and comments about the ISO Show, here’s how:

Subscribe to keep up-to-date with our latest episodes:

Stitcher | Spotify | YouTube |iTunes | Soundcloud

Join Rachel Churchman, Managing Consultant this week as she explains a the key changes to ISO 22301 :2019. Here are the show highlights:

October 2019, the ISO 22301 Standard was updated (previously ISO 22301:2012 with minor amends in 2014).

  • On the whole that standard is more streamlined and a lot of repetition has been removed from the standard.  In addition, it aligns far more closely with other standards.
  • Structure has remained the same although it has now been better aligned with Annex SL (previously some minor deviations).
  • Now takes a broader approach from strategy-based to solution-based – The ISO 22301:2019 standard requires organisations to not only develop high-level strategies to ensure business continuity, but also to define solutions to handle specific risks and impacts relevant to continuity.
  • This is the most significant change for top management because the identification of required resources is now related to solutions, not strategies. Defining resources in terms of strategies is not as precise as when you define them in terms of the solutions, which greatly affects the budget planning for the BCMS.
  • Managing changes to the BCMS – is now a mandatory clause (previously just implied throughout the Standard).   This  new requirement of ISO 22301:2019 requires organizations to make changes in the BCMS in a planned manner, which can be achieved by considering:
    • the purpose of the change and its consequences
    • how the integrity of the Business Continuity Management System is impacted by the change
    • the resources available to perform the change
  • the definition or change of responsibilities and authoritiesIt should be noted that in a number of areas the new standard is significantly less detailed and prescriptive than its predecessor – (i.e. Context and Scope clauses are now in alignment with other ISO standards where previously these clause were very prescriptive for ISO 22301).
  • Clause 6.1.2 now makes it clear that the risks (and opportunities) that need to be addressed relate to the effectiveness of the BCMS, as opposed to the risks of disruption, which are addressed by Clause 8.2.3. The same relationship is intended in other standards (such as ISO 27001).
  • The requirements for conducting the business impact analysis (BIA) are now clearer. The relationship between unacceptable impact, maximum tolerable period of disruption and prioritized timeframes for activity resumption is defined as well as using the BIA to identify ‘prioritized activities’. It should be noted that there is no specific requirement with the 2019 version to document the BIA process.
  • Evaluation of BC documentation and capabilities specifically requires the suitability, adequacy and effectiveness of BIAs and risk assessments to be evaluated. This was previously only an implicit requirement in the name of effectiveness, but points to the key role played by BIAs and risk assessments (so having them documented is a good thing).
  • The concept of minimum activity levels has shifted from the need to identify minimum levels of products and services to minimum acceptable levels of activity, the linking of which is implicit, to the minimum acceptable capacity of resumed activities.
  • One of the criticisms from users of ISO 22301:2012 was the lack of a detailed requirement around the need for an organization to manage its supply chain’s own business continuity capabilities. There is now a requirement to ensure that outsourced processes and the supply chain are controlled.
  • From an exercise and test perspective that is now direct reference to validating continuity strategies and solutions (rather than simply BC arrangements)

If your organization’s currently certified to ISO 22301:2012 we anticipate you will have three years to transition to ISO 22301:2019 and after 30 October 2022 certificate for ISO 22301:2012 will no longer be valid*.

BSI are noting that they  will continue to deliver audits against ISO 22301:2012 until 30 April 2021 to allow you time to get your system updated and aligned to ISO 22301:2019.

Further resources:

Free standards available from BSI HERE

Need assistance with ISO 22301? We’d
be happy to help

We also have an Introduction to ISO 22301 E-learning course available HERE. Use discount code: ISO2230110 for 10% until the end of July 2020.

We’d love to hear your views and comments about the ISO Show, here’s how:

Subscribe to keep up-to-date with our latest episodes:

Stitcher | Spotify | YouTube |iTunes | Soundcloud

Continuing the ISO 22301 Steps to Success series, we look at how you can engage your staff while implementing and testing the Business Continuity Management System (BCMS). It’s important to review the effectiveness of the whole BCMS to ensure it’s going to deliver the resilience we require as a business.  This is achieved through internal audit of the management system.

There is far greater focus on communication and awareness within both internal and external audits for this standard.  You are creating a system that we hope we never have to invoke, and the effectiveness of the response relies on staff understanding their role and the procedures to follow when the worst happens.  Therefore, undertaking more in-depth awareness interviews during the internal audits will provide far more value and reassurance that the required awareness is in place.

As with any standard, there is also the requirement to take corrective action for any issues raised.

Lastly, you need to undertake the holistic review of the BCMS.  This is achieved through the Management Review Process that reviews all the key inputs and interactions into the management system and analyses effectiveness and any potential need for change.  It also reviews objectives and progress made, results of internal audits, supplier performance etc.  Very similar to other ISO management Systems standards.

Join us next week as we discuss the changes made to ISO 22301:2018.

Need assistance with ISO 22301? We’d be happy to help

We also have an Introduction to ISO 22301 E-learning course available HERE. Use discount code: ISO2230110 for 10% until the end of July 2020.

We’d love to hear your views and comments about the ISO Show, here’s how:

Subscribe to keep up-to-date with our latest episodes:

Stitcher | Spotify | YouTube |iTunes | Soundcloud

As anyone who has experience of business continuity – i.e. the current Covid-19 pandemic – will understand is that effective communication is absolutely vital to ensure an effective response.

Planning for how you will communicate, who will communicate, when you will communicate and pre-drafted message for reasonably foreseeable events can make or break an effective BCP response. 

Awareness of the BCP and the part they play within the plan is critical for your staff.  Therefore, there’s a requirement to undertake awareness training for staff -both those that have a role to play, and those that are simply required to follow orders given.

And we mustn’t forget the additional training that may be required for ‘deputies’ within a response plan. 

People can react differently to that expected in an emergency situation, so it’s vital that staff are aware of how they will be made aware of a BCP event, and what role they play within in.  If they have a role to play, they need to have additional training on the specific response plan so that it’s followed should it ever be invoked. 

Part of this awareness training and reinforcement can be supported by ‘exercising’ and ‘testing’ the plan as a team.  This is an effective way of walking through the theoretical, taking the time to consider various scenarios and making informed decisions within a calm environment.  This can prevent knee-jerk or incorrect decisions being made during the time of an actual response.  Exercising and testing can and should also involve any key interested parties outside of the organisation in order to stress-test their ability to support the business in times of crisis.  Any lessons learnt from exercises, tests or actual BCP events should always be followed up from a lessons learnt point of view to ensure that response plans are updated in line with any changes or issues not previously considered – and then they need to be re-communicated in the business.

Join us next week as we discuss how to engage staff with your BCP effectively.

Need assistance with ISO 22301? We’d be happy to help

We also have an Introduction to ISO 22301 E-learning course available HERE. Use discount code: ISO2230110 for 10% until the end of July 2020.

We’d love to hear your views and comments about the ISO Show, here’s how:

Subscribe to keep up-to-date with our latest episodes:

Stitcher | Spotify | YouTube |iTunes | Soundcloud

Welcome to the first part of our ISO 22301 Steps to Success series. Business continuity provides a basis for planning to ensure your long-term survivability following a disruptive event. ISO 22301 identifies the fundamentals of business continuity management and provides a basis for understanding, developing and implementing business continuity management within your organisation.

Rachel Churchman explains the process of creating a Business Continuity Management system, here are some highlights:-

Understanding what’s in place already from a resilience perspective.  A gap analysis also helps us to understand the business and the different activities and aspects that need to be considered as part of the wider BCP.  Also, a great opportunity to meet the team and look to identify key ‘Champions’ in the business.  Look to source these from different levels and areas – Top Management, Finance, HR, Legal, Comms/Marketing, Customer support, Operations, Procurement etc.

Undertaking a Context Review enables us to understand the wider internal and external issues that can impact the business – positively and negatively.  It also starts to review these interested parties that may need to get involved with our BCP – for example Key Suppliers on whom we may have a dependency.

Risks and opportunities identified here can then be captured and progressed through the development of key BCP objectives and improvement plans.

Business Impact Assessment and risk assessment is at the heart of the BCP.  It requires us to look at the activities we undertake that enable us to effectively run our business.  By reviewing these key activities, and then fully understanding what the potential risks are that may disrupt our ability to perform, we can start to understand where we may need a ‘Plan B’ – effectively our Business Continuity strategy and plans.

An effective BIA will look at activities and what they support in terms of services and other departments, what the impact of disruption will have on the business (i.e. reputation, financial penalties, legal compliance, revenue etc), and look to define what our maximum period of disruption may be.  It also looks to understand what we need to recover our position is a disaster struck – e.g. Back up data.

It also gets us look at our dependencies – internally and externally.  Understanding our supply chain and where they fit into our BCP is fundamental to effective BCP response.  If we rely on a key supplier – are we checking whet Their BCP arrangements are?

lastly – we need to understand any contractual obligations we have that are linked to BCP.  We need to ensure our own BCP can support these. 

Once we have undertaken our BIA and risk assessment, we are then in a position to develop our Business Continuity Management system to include our Business Continuity Plan and supporting response plans.

Response plans will look to cover any assumptions made in the plan, responsibilities (including who can invoke and stand down a  response), the business recovery objectives (including Recovery Time Objective and Recovery Point Objectives), Who/What is impacted (directly and indirectly), Recovery Strategy at a high level, communication requirements.  It will then ideally walk through the plan for the following stages – Emergency Phase (incident reported), Recovery Phase (response strategy and plan),  and Restoration Phase (return to normal operations).

We also need to consider communication procedures and mechanisms that will be invoked during a BCP incident.   For instance, who might be responsible for speaking to the media?

Join us next week in part 2 of the Steps to Success series as we discuss how to communicate your BCP effectively.

Need assistance with ISO 22301? We’d be happy to help!

We have an Introduction to ISO 22301 E-Learning course available HERE. Use Code ISO2230110 to get 10% off your purchase.

We’d love to hear your views and comments about the ISO Show, here’s how:

Subscribe to keep up-to-date with our latest episodes:

Stitcher | Spotify | YouTube |iTunes | Soundcloud

In these times of uncertainty many organisations are facing concerns over business recovery, however there is another aspect which also needs addressing – managing mental health during these difficult times.

As part of Mental Health Awareness week, this weeks’ Podcast covers the management of psychological issues people are facing such as isolation,  worry and anxiety both now and over the coming year ahead.

These new and emerging psychological risks are not only societal issues but also workplace issues, as increasingly the pressures businesses are facing is also having an impact on employees mental health.

Employers have a fundamental legal imperative of managing the physical and psychological risks in the workplace.  They not only have a legal duty but also a moral duty to help employees get through these difficult times.

How can businesses adapt to the mental health issues we are facing?

  • Provide reassurance that as an employer you are doing as much as possible for the  safe return to work i.e. Risk Assessment, providing protective equipment.
  • Engage more closely with employees about their protection and welfare.
  • Proactively communicate on a regular basis, including clear communications on government guidance.
  • Review work demands and how this can be best managed from a mental health aspect i.e. Employee’s overworked/underworked.
  • Review health/psychological status for the safe return to work i.e. age, underlying health issues and mental health conditions.
  • Employers should be starting to plan the smooth transition from current to post pandemic/post lockdown.

However, we can’t just focus on the short term we need to aim to reduce fear and anxieties for the times ahead.  Businesses need to look to the future, and manage peoples expectation for the mid to long term i.e. 6 – 12/18 months’ time. 

Business leaders need to be realistic about a potential recession and start to plan for how work is likely to be delivered over the next 12 months.  It is likely that there will  be extra pressures to ‘make up’ productivity and output.  However, although we need to bolster the economy and return to increased productivity, we also need to accept that client expectations need to be managed proactively, and mental health issues managed carefully to ensure we have a resilient workforces for the future. 

Suffice to say,  it is likely to be a case of continuing to adapt over the coming 12 months, rather than attempt a full return to pre-pandemic standards.

Clare, ends on highlighting in the podcast that we should take this opportunity to embrace a ‘new normal’ as an opportunity to reflect on lessons learned, which could results in employees being more productive and less stressed post-pandemic.

You can contact Clare at Clare.forshaw@parkhs.co.uk or by calling 01296 310450

To find out more about Park Health and Safety, visit their website HERE.

We’d love to hear your views and comments about the ISO Show, here’s how:

Subscribe to keep up-to-date with our latest episodes:

Stitcher | Spotify | YouTube |iTunes | Soundcloud

ISOlogist logo

ISO Consultancy Service

Work with our ISO Consultants
Let Our isologists guide you through your certification.

ISOlogy hub logo

Online Membership

DIY with our isologyhub
Our ISO consultants can still be on hand for support where needed.

About Blackmores ISO Consultants

Our 7 Steps to Success

The Blackmores ISO Roadmap is a proven path to go from idea to launching your ISO Management System.

Whether you choose to work with one of our ISO Consultants, our isologists®, or work your own way through the process on our isology Hub, we’re certain you’ll achieve certification in no time!

We have a proven step by step process that our ISO Consultants implement as soon as our working relationship begins. We use our specialist skills and industry knowledge to determine what is already on track and where improvements can be made. We live and breathe ISO standards, we know the standards inside out so you don’t have to.

Our ISO Consultants can help you implement systems for any ISO Standard. See the full list for specialised standards here.

ISOlogy Roadmap

LEARN MORE

What our clients have to say

Milo Logo

We engaged Blackmores to develop our ISO 9001, 14001, and 45001 management system from scratch. Throughout the creation and development stages of our ISO journey, Anju Punetha demonstrated remarkable patience, knowledge, and understanding as our dedicated consultant.

During our internal audit preparations, Ian Battersby’s meticulous attention to detail and thorough approach ensured we were well-prepared for our external audit, which we passed with flying colours. His guidance during the external audit was invaluable.

Based on our engagement and experience, I highly recommend the entire Blackmores team. If you’re considering pursuing ISO accreditations, Blackmores should be your first choice.

Graeme Adam

Platinum Facilities Logo

The support and advise I get from our assigned auditors is immense. Forward planning for the following year is great and they are flexible and always willing to help.

Kalil Vandi

Photon Lines Logo

“Blackmores have assisted us almost since the start of our adoption of the ISO 9001 quality standard. Their input has improved our processes since the start, and enabled our goal of continuous improvement to be achieved. The people are also extremely easy to get on with, and they really understand our business, giving us a great deal of confidence in their advice.”

David Gibson

Photon Lines Ltd
Jaama Logo

“Blackmores are the perfect bridge between working on your ISO as an individual or company, to being audited each year.  We find that any queries we have are covered and we feel sure that we have everything as needs be before going into an external audit.”

Mandy Welsby

Jaama Ltd
Dome Group logo

“We have been extremely impressed with the service and support provided by Blackmores.  There knowledge and assistance through out our ISO journey has been amazing!”

Philip Hannabuss

Dome Consulting
Kingsley Napley Logo

“Blackmores have really kept us on our toes with the broad scope and level of detail they apply to our internal audit schedule. They always stay abreast of ISO standard changes and help us to adapt our processes and documents to embrace these changes accordingly. Having Blackmores shadow our external audits provides invaluable confidence and peace of mind – would highly recommend their services!”

Phil Geens

Kingsley Napley
DotDigital Logo

“Our ISO 27001 certification project has gone so well, that there was no doubt in who we were going to ask to help us with our aspirations of becoming ISO 14001 certified. It’s been an absolute pleasure working with Blackmores, and we are really looking forward to working with them for the foreseeable future.”

dotdigital

Trusted by leading organisations across all sectors, we support companies of all sizes in any location.

Are you ready to start your ISO journey?

     
ISO Show

Listen to our Podcast

Welcome to the ISO Show podcast, dispelling myths and sharing tips for success to improve your business with ISO Standards. Join us to hear interviews with successful business leaders as they share their ISO journey with you.

Get top tips via audio master classes “ISO Steps to Success” on the most popular ISO Standards.

     

238 Umony's ISO 42001 Journey - setting the standard for effective AI management
237 Gap Analysis - The first step in ISO implementation
236 Taking Data Complexity From Spreadsheets To Supply Chains With Pulsora
235 PUBLIC's journey towards ISO 9001, ISO 14001 and ISO 20000-1
Carbonology logo

Ready to go carbon neutral... And achieve ISO Standards?

Welcome to Carbonology®

The proven method for achieving your carbon goals, aligned with ISO 14064 (carbon verification) and PAS 2060 (carbon neutrality)

Blackmores Carbon Neutral       Blackmores Carbon Footprint