The ISO Show

Blackmores is a pioneering consultancy firm with a distinctive approach to working with our clients to achieve and sustain high standards in Quality, Risk and Environmental Management. We'll be posting podcasts discussing ISO standards here very soon!

#175 How Daisy embedded effective energy management with ISO 50001 05/15/2024

#175 How Daisy embedded effective energy management with ISO 50001 Working towards a sustainable future is going to require a joint effort from everyone if we’re to reach our 2030 and 2050 targets. Several initiatives have come out in recent years to try and address one of our biggest challenges, energy consumption. Many of us in the UK will be familiar with ESOS (The Energy Savings Opportunities Scheme), which involves regular reporting from those that fit its criteria. It’s also recently updated to include a stipulation to include an ESOS Energy Plan, which requires you to detail a route to reduce your energy consumption. However, many businesses would prefer a more consistent approach to energy management, such as today’s guest – Daisy Corporate Services. Today Mel is joined by Damian Edwards, ISO Standards Manager at Daisy Corporate Services, to discuss why they Implemented ISO 50001, what they’ve learned from the experience and the benefits gained from implementing an Energy Management System You’ll learn · Who is Damian and who are Daisy Corporate Services? · Why did they decide to Implement ISO 50001? · What was the biggest gap identified during their Gap Analysis? · What lessons did they learn from Implementing ISO 50001? · What benefits did they gain from ISO 50001 certification? Resources · · · In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to to either sign-up or book a demo. [02:30] Episode summary: Mel is joined by guest Damian Edwards, ISO Standards Manager at Daisy Corporate Services, to discuss their journey towards ISO 50001 certification. Daisy are not strangers to ISO Standards, already having achieved: , , , , and ! They have also recently won the Sustainability and Tech Awards 2024 and the Green Shoots Awards too. [04:15] Who is Damian Edwards? – Damian has worked at Daisy as their ISO Standards Manager for the past year. A little known fact about Damian: He listens to classical music as a way to focus. [05:25] Who are Daisy Corporate Services? – The are primarily a provider of IT and Communications. They currently supply a range of services including: · Unified Communications · Connectivity · Modern Workplace · Cyber Security · Cloud services · Managed Services · Operational Resilience [06:25] What were the main drivers behind obtaining ISO 50001 Certification? – In addition to the office spaces Daisy controls, they also have a number of data centres, which use massive amounts of energy. Finding ways to monitor, measure and potentially reduce that energy use, and subsequently cost, was essential. The second main driver is mainly for commercial reasons. Without Standards like , you can’t bid for larger contracts or Government frameworks. [08:30] Daisy’s commitment to ESG – Daisy have a made a solid commitment to ESG, explained further on their website as they break it down into 10 key focus areas. Energy Management is one of the logical steps to tackle reducing carbon emissions. Data centres can be very inefficient, so being able to consistently monitor, measure and improve their energy consumption is a key part of tackling some of their ESG related goals. Also being certified means you have the certificate to back up your claims. It’s not you just making a statement, it has to be verified by a third-party. [10:30] How long did it take to Implement ISO 50001? – It took between 8 – 11 months. For a Standard like ISO 50001, it’s important to do it properly. Some organisations may request it in 6 months, but for larger organisations, that would be a tough ask, and you run the risk of rushing into certification without having those processes embedded in. [11:45] Did having existing ISO Standards make the process smoother? – Yes, as it was a case of integrating ISO 50001 with our existing systems rather than starting from scratch. Though, having so many ISO’s can water the message down a bit, to combat that we’ve got a single statement that gets across everything you need to know about Daisy. [12:55] What was the biggest gap identified during the Gap Analysis? – Because we already have so many ISO’s, we can be a bit big headed and say there weren’t many gaps at all, however, there were still some things we could do. One of the biggest areas for improvement was Clause 7, Documentation, as all ISO Standards have their own required documentation. Another was putting in place a plan for monitoring and measuring our energy usage. We have a Property Director who did do that, but he wasn’t really documenting it, so we’ve put in place some proper processes to help show that we’re actively monitoring it, looking at the trends and putting in actions to reduce and improve on that. [14:55] Join the isologyhub and get access to limitless ISO resources – From as little as £99 a month, you can have unlimited access to hundreds of online training courses and achieve certification for completion of courses along the way, which will take you from learner to practitioner to leader in no time. Simply head on over to the isologyhub to sign-up or book a demo. [17:10] Did closing those gaps make a big difference? – We did have a lot of help from Blackmores in order to address those gaps. Out consultant advised us to combine elements of out Management Review with out monthly Team Meetings, as our Director is involved with those, and we avoid another meeting for meeting’s sake. We now also produce a pack of all the monitoring and measuring that’s done throughout the month, which makes it easy for us to analyse and identify trends in energy use. Any actions from reviewing this are then recorded and followed up on. So, in essence it’s just made everything a lot smoother. [19:55] What did Daisy learn from Implementing ISO 50001? – It takes a team to achieve this – you can’t do it on your own. You also can’t rush it! Another key take away is that the whole project needs to be driven by top management, without all of those elements combined, it’s probably not going to work (or be a lot slower and more painful!) It’s also really helped with our commitment and messaging around ESG too. So within those monthly Management Review meetings we have a representative from the energy efficiency team, the ESG team and our bids team. They’re then all communicating what the customer message is, that they expect of us, in turn they’re kept in the loop about our energy usage and related actions and can communicate that outwards. [21:15] What other benefits are there from achieving ISO 50001? – Having our management system verified by a third-party means that we can confidently say we’re adhering to best practice. It also just validates that we are doing things correctly! It also means that we can monitor opportunities for improvement. If we identify more gaps in future, we have the processes in place to address them. ISO 50001 has also helped to put some context behind the energy data we’re collecting. Thanks to the new processes we can accurately identify key trends and explain why energy usage may be going up and down. [23:25] Damian’s top tip – Ensure that your project is driven by top management. They’re involvement means it’s a lot easier to communicate that message that you’re doing the right thing. Also, ISO 50001 helps with your regulatory compliance too. If you’re a larger organisation, then you likely have to adhere to schemes like SECR or ESOS. If you’re certified to ISO 50001, then you’re already complying with both. [24:35] Damian’s book recommendation – . [26:45] Damian’s favorite quotes – “Hard work beats talent when talent doesn't work hard” and “You miss 100% of the shots you don't take.” If you’d like to learn more about Daisy Corporate Services, visit If you’d like to book a demo for the , simply and we’d be happy to give you a tour. We’d love to hear your views and comments about the ISO Show, here’s how: ● Share the ISO Show on T or ● Leave an honest review on or . Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: | | | | | /episode/index/show/theisoshow/id/31302237

#174 What is the new ISO Climate Change Amendment? 05/09/2024

#174 What is the new ISO Climate Change Amendment? In February 2024, the ISO and IAF issued an unprecedented change to 31 commonly adopted ISO Standards, such as ISO 9001, ISO 14001 and ISO 27001. This change saw the addition of a new ‘Climate Change Amendment’, which was applied in part due to the ISO’s resolution in support of the ISO London Declaration on Climate Change. So what does this mean for ISO certified businesses? Join Mel as she discusses what this new ISO Climate Change Amendment is, why it was introduced, what are the consequences if you don’t address it and the benefits of its introduction. You’ll learn · What is the ISO Climate Change Amendment? · Why was it introduced? · What are the consequences if you do not address the change? · What are the benefits of the Climate Change Amendment? Resources · · In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to to either sign-up or book a demo. [02:30] Episode summary: We break down the new ISO Climate Change Amendment, including why it was introduced and why you should address it ahead of your next Certification Body visit. [02:55] Join our Workshop– If you’re not sure where to start with addressing this amendment, join our interactive workshop taking place on the 20th May (14:00 – 16:00 GMT). There we will explain how you can integrate the new changes into your existing ISO Management System. . [04:30] What is the new ISO Climate Change Amendment? – A key clarification before we go into more detail, this is not a new version of a Standard i.e. ISO 27001:2022, where you must transition to a new version. So, what is it? In February 2024, the International Organization for Standardization (ISO) introduced a groundbreaking amendment to integrate climate change considerations into various management system standards. The amendment doesn't assign specific actions. Instead, it adds text to existing clauses in 31 standards (including ISO 9001, 14001, 27001) requiring organizations to consider: · Relevance of climate change: Organizations must assess if climate change is a relevant issue for their operations and context (Clause 4.1). · Stakeholder expectations: Note added: Relevant Interested Parties can have requirements related to climate change (Clause 4.2). As we’ve learned from our sister company, , it is often Stakeholders driving forward that need to verify a business’s carbon footprint and take steps towards Net Zero. [09:30] Why was this change Introduced? – This change was in part due to ISO’s resolution in support of the ISO London Declaration on Climate Change. The aim is making climate change considerations an integral part of management systems, their guiding policies and practises – not simply as an afterthought. As we all know, climate change will affect everyone, and should be a concern that every business fully considers to ensure they are resilient and adaptable enough to deal with climate related risks. This amendment means businesss will need to address these risks where relevant, and integrate them into strategic objectives and look what can be done from a risk mitigation perspective. The global business community will be one of the driving forces for paving a way to a more sustainable future – It all starts with changing the way we work, making the shift towards embedding environmental consciousness into the very heart of your business. ISO Standards are widely adopted, and this change offers a catalyst for meaningful climate action on a global scale. [11:00] Join the isologyhub and get access to limitless ISO resources – From as little as £99 a month, you can have unlimited access to hundreds of online training courses and achieve certification for completion of courses along the way, which will take you from learner to practitioner to leader in no time. Simply head on over to the to sign-up or book a demo. [13:20] What are the consequences for not addressing this change? - Certification bodies will be asking you about these amendments effective immediately. If you’ve not addressed them ahead of your next certification body visit, you could run the risk of getting a non-conformity. The amendment added to Clause 4.1 especially states ‘Must’ – so there’s no getting away with simply ignoring it. [14:50] What are the benefits of this change? – Some of the benefits will likely already be felt by those with existing environmental standards such as ISO 14001 and ISO 50001 in place. So, let’s take a look at how you can benefit from addressing this amendment: · Reduced Environmental Footprint: By integrating climate change considerations, businesses can identify and implement practices that lower their carbon emissions and resource consumption. · Enhanced Sustainability: Addressing climate change demonstrates a commitment to sustainability, which is increasingly important for attracting environmentally conscious customers and investors. · Cost Savings: Climate-conscious practices can lead to cost savings through improved resource efficiency, reduced waste, and potentially lower energy bills. · Resilience and Risk Management: By considering climate-related risks (e.g., extreme weather events, resource scarcity), businesses can proactively develop strategies to mitigate these risks and ensure operational continuity. · Innovation: Focusing on climate change can lead to innovation in areas like cleaner technologies or sustainable product development, giving businesses a competitive edge. · Positive Brand Image: Demonstrating proactive action on climate change can enhance a company's brand image and reputation among environmentally conscious stakeholders. This is a particularly important issue to younger generations who are becoming the dominant buying power from a commercial perspective. · Stronger Stakeholder Relationships: By considering stakeholder expectations around climate change, businesses can build stronger relationships with customers, investors, and regulators. · Holistic Approach to sustainability: Integrating climate change considerations strengthens a businesses’ overall management system by fostering a more comprehensive and future-proof approach. · Continual Improvement: The amendment emphasizes continual improvement, encouraging businesses to constantly seek ways to reduce their environmental impact, leading to long-term sustainability benefits. If you’d like to learn about what actions you can take to integrate the ISO Climate Change Amendment into your ISO Management System, join our live event on the 20th May – If you’d like to book a demo for the , simply and we’d be happy to give you a tour. We’d love to hear your views and comments about the ISO Show, here’s how: ● Share the ISO Show on T or ● Leave an honest review on or . Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: | | | | | /episode/index/show/theisoshow/id/31209702

#173 Top 10 Reasons to Use ISO 42001 AI Management 04/30/2024

#173 Top 10 Reasons to Use ISO 42001 AI Management ISO 42001 was published in December of 2023, and is the first International Standard for Artificial Intelligence Management Systems. It was introduced following growing calls for a common framework for organisations who develop or use AI, to help implement, maintain and improve AI management practices. However, its benefits extends past simply establishing an effective AI Management System. Join Steph Churchman, Communications Manager at Blackmores, on this episode as she discusses the top 10 reasons to adopt ISO 42001. You’ll learn · What is ISO 42001? · What are the top 10 reasons to use ISO 42001? · What risks can ISO 42001 help to mitigate? · How can ISO 42001 benefit both users and developers of AI? Resources · · In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to to either sign-up or book a demo. [02:30] What is ISO 42001?: Go back and listen to , where we discuss what is, why it was introduced and how it can help businesses mitigate AI risks. [02:45] Episode summary: We take a look at the top 10 reasons why you should consider implementing ISO 42001. [02:55] #1: ISO 42001 helps to demonstrate responsible use of AI. – , ISO 42001 helps ensure fairness, non-discrimination, and respect for human rights in AI development and use. Remember, AI can still be bias based on the fact that AI models are typically trained on existing data, so any existing bias will carry over into those AI models – an example of this is the existing lack of representation for minority groups. We also need to take care in the use of AI over people, as staff being replaced by AI is a very real concern and should not be treated lightly. We’ve already seen a few cases where this has happened, especially across the tech support field where some companies mistakenly think that a chatbot can replace all human staff. We also need to consider the ethics of AI content. It’s predicted that 90% of online content will be AI generated by 2026! A lot of this generated content includes things like images, which poses a real concern over the values we’re translating to people. The content we consume shapes the way we think and if all we have is artificial, then what message is that conveying? An example of this is Dove’s recent advert, which showed an example of AI generating images of very unobtainable ideals of a beautiful face. Which were predictably absolutely flawless, almost inhuman and something that can only be achieved through photo editing. If the internet was flooded with this sort of imagery, then that starts to become the expectation to live up to, which can be tremendously damaging to people’s self-esteem. They then went on to show actual unedited people, in all their varied and wonderful glory and stated that they will never use AI imagery in any of their future marketing or promotional material. Which sends a very strong message – AI definitely has its place, but we need to fully consider the implications and consequences of it’s use and possible oversaturation. [05:20] #2: Traceability, transparency and reliability - Information sourced via AI is not always correct – It collates information published online, and as many of us are aware, not everything on the internet is correct or accurate. Data sets carelessly scrapped from online sources may also contain sensitive or unsavoury content. We’ve had cases where people have managed to ‘break’ Chat GPT, causing it to spew out nonsense answers which also contained sensitive information such as health data and personal phone numbers. While not usually accessible when requested, it does not stop the risk of this data being dug up through exploits. AI is like any other technology, and is not infallible. So, it’s up to developers to ensure that the data used to train models is safe and appropriate for use. It should be expected that data sets will be scrutinised from a legal standpoint – either as a result misuse of AI or a mandatory exercise as a part of future legislation. There’s also research that suggests data sets can be potentially poisoned to produce inaccurate results – which is another consideration for developers using live data sets, who will need to stay on top of these risks to ensure the integrity of their tools. ISO 42001 provides specific guidance that covers how developers can ensure transparency and explainability within sample training data. [06:45] #3: It’s a framework for managing risks and opportunities – AI, like any other new technology, is going to create new risks and opportunities. Risks include the likes of inaccurate data being used, existing bias in data training sets, plagiarism, information security risks and data poisoning. If you’re simply using AI to gather information, it’s also a good exercise to ensure that the information is coming from a reputable source. One easy way to so this is to simply ask for the source to be cited when pluging in a prompt into tools like Chat GPT and Gemini. You can then verify how legitimate that source is. For web developers and SEO specialists, Google has recently updated it’s algorithm to punish those with a lot of AI generated content on their websites. So those within the SEO space may see some interesting trends over the course of 2024. Another unfortunate risk is that of more complex scams being implemented through the use of AI. An example of this involves those who may use an AI assistant in their systems, which can be affected by malicious emails that contain prompt injections which could be used to send data from a victims machine to outside sources. This is only touching on a few risks, but as you can see, there’s a lot to consider and I’ve no doubt that more complex risks will make themselves known as the technology evolves. However, there are a lot of opportunities to be found with AI use. There’s a huge potential for AI to be utilised to tackle mundane and routine tasks which could be automated. AI also has the capability to scan masses of data and provide suggestions based on it’s findings. Obviously, humans can’t possibly compete with the sheer volume of data that AI can process, and so we can utilise it to help us make better more informed decisions. A lot of commonly used software has already integrated various AI tools which offer great quality of life updates and help make a lot of tasks quicker. Which in turn means our time is better spent elsewhere on tackling the more complex issues that require a more human touch. ISO 42001 can help you balance out these risks and opportunities by helping you build a robust management system to manage and mitigate risks, and drive forward opportunities through continual improvement. [10:35] Join the isologyhub and get access to limitless ISO resources – From as little as £99 a month, you can have unlimited access to hundreds of online training courses and achieve certification for completion of courses along the way, which will take you from learner to practitioner to leader in no time. Simply head on over to the to sign-up or book a demo. [12:50] #4: Demonstrate that introducing AI is a strategic decision with clear objectives - Businesses looking to integrate AI should not make this decision lightly. I know it’s tempting to play with the newest toy, but we should take care to look at any possible risks, and that it aligns with both your company objectives and ethics before rushing to utilise something. For example, allowing your staff to use ChatGPT for content creation. You need to consider a few things: You need to make sure Staff aren’t putting in any confidential or sensitive information into publicly available AI tools. Also, ensuring that Staff understand that content provided by the likes of ChatGPT and Gemini could be plagiarised if used as is. You need to build, adapt and change the content so it’s something unique. It’s all well and good introducing AI technology if it truly is going to be beneficial to your employees and to the business as a whole, however if you’re just introducing it because everyone else seems to be, then you really have to question if it’s worth it. If it’s not actively making your work lives easier and helping you to achieve your objectives, then is it really worth the potential cost and effort to implement? It may also be worth looking into how the AI tool you’re using was created. There is sadly still a lot of exploitation involved in the development of new technology, so it’s up to you to ensure that the tools you’re using were created in an ethical way. Ultimately, ensure that you are using AI safely, ethically and that it aligns with your businesses established objectives. This will need to be communicated clearly to everyone in the business. ISO 42001 is, at its heart, a Management system standard. Like many other ISO Standards, it includes guidance on setting objectives and communicating these to your wider business. [15:24] #5: ISO 42001 helps to implement safeguards – Certain features of AI may require safeguards to help protect businesses against the extra risks they pose, such as the increased potential of more sophisticated cyber attacks or compromised training data. This can be applied within a particular process or an entire system. Examples of features that may require these safeguards include: · Automatic decision making · Data analysis, insight and machine learning · Continuous learning Something you need to consider: Cyber scams are going to become a lot more complex with the help of AI, so you need to ensure you’re staff are both aware of this and how they can avoid falling prey to them. Safeguards may simply involve more training on these new risks, or updating to a more robust security software that is able to detect possible AI cyber scams. Developers are also going to need to keep on top of any data being fed into their tools. Public live data tools especially will be more susceptible to being poisoned and tampered with, so it’s up to them to monitor and ensure the integrity of their data. ISO 42001 provides guidance in it’s annexes for users and developers to implement these necessary safeguards. [16:30] #6: ISO 42001 Supports compliance with legal and regulatory Standards – More AI focused legislation is an inevitability, with the new EU AI Act being a perfect example. It’s important to ensure that you are prepared to comply with legislation as it’s released, or you may be held liable and be subject to fines. Currently, the UK has no plans to introduce a new regulator for AI, instead relying on existing technology based regulators like the Information Commissioners Office (ICO), Ofcom and FCA. ISO 42001 includes specific considerations for any potential applicable legislation. [17:06] #7: ISO 42001 Can enhance your reputation – ISO Standards are internationally recognised and ensure you are complying with best practice. Gaining certification to ISO 42001 will show you are confident in your AI related claims, and are happy to have this verified by a third party. [17:30] #8: ISO 42001 Encourages innovation within your business – For as much as we’ve stressed the potential risks AI could expose your business to, ultimately AI is here to help make our lives easier. We just need to ensure we’re responsible when applying it. ISO 42001 ensures you can safety integrate AI tools and systems within your business. It’s there to help guide the adoption of this new technology, and drive continual improvement as your management system matures. [17:55] #9: ISO 42001 Can be easily integrated with existing systems – ISO 42001, like many ISO Standards, is based on the Annex SL format and can be easily integrated with existing ISO Management Systems such as an ISO 9001 (Quality management) or ISO 27001 (Information Security management) system. Risks addressed in ISO 42001 include security, privacy and quality among others, and can help to enhance the effectiveness of your Management system in those areas. [18:25] #10: ISO 42001 Does not require an existing Management System to implement – While ISO 42001 would make a great addition to any ISO Management System, it’s important to note that this can be implemented independently. It is also not intended to replace or supersede any existing quality, safety or privacy Standards / existing management systems. We’ll be releasing a suite of ISO 42001 related training content on the isologyhub, if you’d like to get notified as soon as this becomes available, If you’d like to book a demo for the , simply and we’d be happy to give you a tour. We’d love to hear your views and comments about the ISO Show, here’s how: ● Share the ISO Show on T or ● Leave an honest review on or . Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: | | | | | /episode/index/show/theisoshow/id/31048603

#172 Effectively Responding to a Cyber Incident with Epiq 04/25/2024

#172 Effectively Responding to a Cyber Incident with Epiq Nearly 60% of businesses that are impacted by a cyber incident go out of business within the 6 months following. With our heavy reliance on technology to keep both businesses and services running, it’s imperative that everyone take cyber risk seriously. However, incidents will inevitably happen and it’s up to you to ensure that your business is prepared to ride out the wave, and hopefully make a full recovery! We invited Jack Morris, Account Director at Epiq, back onto the show to discuss the consequences of not being prepared for a cyber incident and the key steps businesses should take in the event of an incident. You’ll learn · Who are Epiq? · What does the current cyber incident landscape look like? · What are the consequences if a business does not respond to a cyber incident effectively? · How can a business detect if they’re being attacked? · How should businesses respond in the event of a cyber incident? · What role does a legal team play in incident response? Resources · · In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to to either sign-up or book a demo. [02:05] Episode summary: Today Mel is joined by guest Jack Morris, Account Director at Epiq, to discuss how businesses should respond to a cyber incident. [03:00] Who are Epiq? – Epic is a global leader in technology enabled legal services. In fact, it supports 90% of the top law firms globally! With over 8000 employees spread over 19 countries, it helps to support corporations, law firms and government agencies across the globe. [04:35] What constitutes a cyber incident and why is it so important to respond effectively? – A cyber incident refers to unathorised access or attempted access to an organisation’s IT systems. Types of incident include breaches, malicious attacks (e.g. Ransomware), and accidental events (e.g. Fire Damage). Responding effectively is crucial to minimize damage and protect sensitive data. [05:40] What does the cyber incident landscape currently look like, and what challenges will organisations face in responding to an incident? : The cyber incident landscape is ever evolving, but here are some key trends we saw in 2023: Attacks on the rise – the number of organisations posted on ransomware and data theft sites increased by over 70% year-on-year. Business Email Compromise (BEC) incidents surged by 67% in 2023 – these events are where people within an organisation fall victim to phishing or similar – clicking on malicious links which ultimately compromise your mailbox. For me, there are 3 main challenges that organisations face when responding to a cyber incident: · Day-to-day management – balancing the technical aspects of the incident with broader business continuity, communications, financial and legal considerations. This can be hugely difficult for an organisation, during and already high stakes situation. · Expertise and support – navigating the complex legal, technical and operational aspects of an incident · Data-focused impact – understanding and assessing the risk to data after resolving an incident. [10:00] What are the solutions to these challenges? – Understanding the various external expertise and support available to a business, whether that be engaging with a law firm, a cyber incident response expert and cyber insurer will give you access to support with both the day-to-day management of an incident, as well as the legal, operational and commercial impact of said incident. [12:10] What are the consequences for an organsiation that does not respond effectively to a cyber incident? – : Failing to respond effectively to a cyber incident often leads to a variety of sever complications for a business, such as; · Operational Issues: operational disruptions will occur due to prolonged exposure of sensitive information, and if Ransomware has infected systems, the organization will not have access to potentially crucial business information. Financial losses and higher costs to incident response can come as a result of poor planning. · Additional Data Breaches: if an organization doesn’t respond effectively to a cyber incident, taking steps to gain control over their systems, additional data breaches can occur from threat actors gaining further access to the organisation’s systems. · Financial losses: cyber incidents affect a business’ bottom line. Costs including incident investigations, recovery, legal fees and potential fines. Further, knock on effects such as lost business opportunities and damaged investor confidence come from poorly managed cyber incidents. · Damage to Reputation and Trust: Public perception matters for a business. A poorly handled cyber incident damages an organization’s reputation. Customers, partners and stakeholders lost trust, affecting long-term relationships and market position. · Legal Consequences: Regulatory fines and potential follow on litigation arise from non-compliance with data protection laws. Organisations failing to report breaches promptly face penalties. Legal battles can be costly and time consuming. [16:25] How can organisations detect if they are being attacked? – signs will vary depending on the type of cyber incident, but organisations and end users could expect to experience; slow systems, locked accounts (no access to mailboxes etc), inability to access documents or shared drives, ransom demands and unusual emails from organisation domains are all tell-tale signs of a cyber incident. If an organisation has invested in Managed Detection and Response software for their end-points, this will proactively scan your environment and provide alerts to potential and actual cyber incidents. [17:40] What are the key steps an organization must take in responding to a cyber incident? – It’s a great question, and these key steps will be implemented during a cyber incident response plan – an impacted organization should: · Triage: Assess the severity and impact of an incident (organisations can instruct a first response organization to shut the doors, and assess the damage) · Identify: Understand what is happening to a business post incident? Things like locked accounts, no access to business systems etc. · Resolve: take technical actions to mitigate the incident – shutting off access to accounts – closing the door · Report: Notify relevant stakeholders, including legal obligations. · Learn: analyse the incident to then take retrospective action to prevent further incidents. [21:23] Join the isologyhub – Don’t miss out on a suite of over 200+ ISO tools, templates and training, sign-up to become a member of the [23:48] How does Cyber Insurance play a pivotal role in Cyber Incident Response? – like with most walks of life, insurance plays a crucial role in supporting organisations in effectively responding to disasters. · Response Funding: Insurers cover costs related to incident response, including professional services. · Response Time: Insurers bring in experts promptly, improving incident resolution. · Affordability: For small to medium businesses, insurance may be the only way to afford a response team. [26:10] What role do vendors like Epiq do to support the incident response lifecycle? – Just like Law firms providing legal advice and support in responding to a cyber incident, cyber incident response providers support with the operational response to a cyber incident. Initially, vendors like Epiq support with the incident identification and forensic investigations. Essentially finding the open door and closing it. Further investigation on how the threat actor (baddie) got into the open door is conducted to prevent other doors from opening too. Following this, the operational partner will support in understanding the extent of the incident, whether that be identifying impacted entities, notifying them of the incident and providing remediation, as well as supporting with any follow on litigation or mass claim. [27:25] What are the legal obligations that exist after a cyber incident, especially in related to personal data breaches? – the legal obligations are clear – an organisation must report personal data breaches within 72 hours of awareness, unless the risk to individuals’ rights is unlikely. This quick turnaround is why it’s imperative that organisations have an established cyber incident response plan, and know who they should be talking to regarding the legal and operational implications. [28:45] What support is there out there for organisations that are victim to a cyber incident? – On the , we discussed what organisations can do to be proactive in mitigating the risks associated to a cyber incident, we discussed the important of Cyber Incident Response plans, as they outline what external support an organisation should seek in the event. Having playbooks and relationships with law firms, cyber providers like Epiq, and cyber insurance coverage are 3 key focuses for every business. [30:35] What role does a legal team play in incident response? – Legal support and advice is critical during an incident. As mentioned, they will help support with report the incident to the regulatory bodies required. · Breach Notification – legal support ensures compliance with data breach disclosure laws and regulatory requirements. · Breach Counsel – law firms act as a breach counsel for organisations, enabling them to support and advise on the legal implications of a cyber incident. Most law firm cyber practice groups will have relationships with external vendors, like Epiq, to support with the operational response. They can co-ordinate with these external vendors to ensure compliance. · Privacy Law Compliance – they guide handling of personal data and privacy implications to ensure no further issues. [32:30] What role do vendors like Epiq do to support the incident response lifecycle? – Just like Law firms providing legal advice and support in responding to a cyber incident, cyber incident response providers support with the operational response to a cyber incident. Initially, vendors like Epiq support with the incident identification and forensic investigations. Essentially finding the open door and closing it. Further investigation on how the threat actor (baddie) got into the open door is conducted to prevent other doors from opening too. Following this, the operational partner will support in understanding the extent of the incident, whether that be identifying impacted entities, notifying them of the incident and providing remediation, as well as supporting with any follow on litigation or mass claim. [36:00] What should an organisation do in future to prevent further incidents? – Benjamin Franklin’s famous quote is so true here – ‘by failing to prepare, you are preparing to fail’. The key point here is to learn from your mistakes. There may have been numerous reasons that the organisation wasn’t ready for a cyber incident, but they should learn from what led to the incident previously, and proactively address this to prevent further incidents. 67% of organisations that get hit by a cyber incident are subject to further attacks within 1 year. It’s important to reduce your attack surface, and ensure you have cyber security themes running throughout the business. [37:45] What are Jack’s top 3 tips to take away from this session to help them respond effectively to an incident? – · Establish an Incident Response Plan – we spoke through IR plans during the first episode, but creating a plan that outlines roles, responsibilities and communication channels during an incident is key. Once implemented, regularly testing the plan and simulating these incidents is key to ensuring effective response. · Engage external experts early – during this session we identified 3 critical external support pillars to an incident – having legal advice, operational and response support and insurance is key. · Prioritise business continuity – enabling the external experts to support you through the incident will free your bandwidth to ensure that you minimise damage and downtime to your business. If you’d like to learn more about Epiq and how they can help you, If you’d like to book a demo for the , simply and we’d be happy to give you a tour. We’d love to hear your views and comments about the ISO Show, here’s how: ● Share the ISO Show on T or ● Leave an honest review on or . Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: | | | | | /episode/index/show/theisoshow/id/30979883

#171 Proactive Steps to Mitigate Cyber Incident Risk with Epiq 04/16/2024

#171 Proactive Steps to Mitigate Cyber Incident Risk with Epiq Cyber incidents are on the rise as data shows there was a 20% increase in data breaches from 2022 to 2023. Technology has become an integral part of most businesses, especially post pandemic where many who may have avoided this reliance on tech had no choice but to adapt to survive. As a result, the question of businesses being affected by a cyber incident has become ‘when’ rather than ‘if’. However, there are a number of steps you can take to mitigate risks ahead of any potential incidents. We invited Jack Morris, Account Director at Epiq, to discuss cyber incidents, the importance of being proactive in reducing cyber incident risk and the steps you can take to mitigate these risks. You’ll learn · Who are Epiq? · What is a cyber incident? · The importance of being proactive in reducing the risk of an incident · What can organisations do to be proactive in mitigating cyber incident risk? · What are forensic tabletop exercises, and how do they enhance preparedness? · Why might an organisation need to get an incident response retainer? · What role do Information Governance consultants play in reducing cyber risk? Resources · · In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to to either sign-up or book a demo. [02:05] Episode summary: Today Mel is joined by guest Jack Morris, Accoutn Director at Epiq, to discuss how to mitigate cyber incident risk. [02:40] Who are Epiq? – Epic is a global leader in technology enabled legal services. In fact, it supports 90% of the top law firms globally! With over 8000 employees spread over 19 countries, it helps to support corporations, law firms and government agencies across the globe. [04:31] Who is Jack Morris? – Jack joined the industry relatively fresh out of university, starting at an organisation called Kroll where he was focused on data management – including overcoming ransomware infected devices and essentially allowing organisations to get access to data that was previously taken away from them. Kroll was later acquired by Duff and Phelps and went through a turbulent time of many name changes before settling on Kale Discovery. He ended up leaving a year ago and joined Epiq as an Account Director. Jack’s role at Epiq includes being a facilitator, introducing law firms, corporations and cyber insurers to best in class people and technology. [06:40] What is a cyber incident?: A Cyber Incident is any unauthorised or unexpected event that compromises the confidentiality, integrity or availability of an organisation’s information systems, data or network. Incidents can range from data breaches and malware infections to single mailbox compromises and insider threats. Organisations looking to combat information security risks should consider as it’s key principles include the confidentiality, integrity or availability of your businesses information. [08:29] Why is it important for organisations to be proactive in reducing their risk of an incident, no matter the size of your business? – Let’s look at some startling statistics: In 2022, 39% of businesses in the UK identified a cyber attack in the previous 12 months. Of this 39%, 31% of those businesses experienced attacks at least once a week. 48% of Small to Medium Businesses, globally, experienced a cyber incident in the last 12 months, with 61% of all cyber-attacks specifically targeting small business. This is the most shocking of the statistics, and why it’s so important for us to be having these kinds of conversations around how business, no matter the size, need to be proactive in mitigating the impact of a cyber incident. 70% of small to medium businesses in the UK believe that they are unprepared to deal with a cyber attack (which excludes those who think they have proper processes in place but ultimately don’t). Nearly 60% of businesses that are impacted by a cyber incident go out of business within 6 months following! [12:10] Are there any particular industries that are most at risk from a cyber incident? – Cyber Incidents are not siloed to particular industries, but there are some trends that we see in the market. Looking at Q1 2024: January saw a rise in cyber incidents predominantly affecting retail, education and local government. In February we saw a significant number of breaches, impacting organisations across the full spectrum of markets. All of this to say that regardless of the size of your business and the industry you operate in, the number of cyber incidents are increasing as well as the severity of said incident. [13:35] ISO Standard trends – At Blackmores, we’ve seen an increase in demand for ISO 27001 and related data privacy standards across the board for all sectors. A stark difference to 10 years ago where it would mostly only be adopted by those in the managed services or tech based industries. [15:30] What can organisations do to be proactive in mitigating cyber incident risk? – Things such as implementing a proactive incident response plan, engaging with law firms and consultancy organisations to become aware of the organisation’s requirements and compliance issues arising from a cyber incident. If you were hit with an incident today, you must report any personal data breaches to the relevant regulators within 72 hours of becoming aware of an incident or there can be fines that are implicated. To deal with these types of situations, it’s imperative that your organisation has established, sound relationships with law firms and consultants. [17:25] What is the importance of an incident response plan? – Implementing an incident response plan is crucial because it allows organisations to prepare for potential cyber incidents before they occur. By identifying risks, implementing preventive measures, and conducting exercises, organisations can significantly reduce the impact of incidents. Organisations should be aware of both the legal and operational issues that arise from a cyber incident – from regulatory compliance and liability concerns right the way through to loss of systems/data and brand reputation are all key considerations that have an effect on the whole of a business. [18:35] What are forensic tabletop exercises, and how do they enhance preparedness? – Forensic tabletop exercises simulate cyber incidents in a controlled environment. They involve key stakeholders discussing and practicing their roles during an incident. These exercises improve coordination, communication, and decision-making, ensuring a more effective response when a real incident occurs. The workflow here is clearly defined; implement an incident response plan, and then test that plan for robustness – engaging with external providers, like Epiq, to further add to the existing plan and to test how the organisation will manage an active incident. [19:35] Join the isologyhub – Don’t miss out on a suite of over 200+ ISO tools, templates and training, sign-up to become a member of the [21:45] Links with Business Continuity – Response readiness plans and forensic tabletop exercises both tie into aspects of ISO 22301 – business continuity. In Blackmores’ experience, a lot of organisations don’t actually test their plans, so when going through the process of implementing ISO 22301, where testing these response plans are a requirement, it’s a bit of an eye opener when they realise they’re not as resilient as initially thought. It’s always better to test these plans in a simulated environment vs a live one, so you can be assured that your plans are up to the task. [23:40] Why might an organisation need to get an incident response retainer? – We're starting to see a number of industries, particularly in regulated verticals, requiring businesses in their supply chain to meet a number of different cyber security requirements. One, which keeps popping up, is to have a plan in place for responding to security incidents. Having a retainer can help meet these compliance requirements. [26:05] What role does Managed Detection and Response (MDR) software play in proactive incident response? – MDR solutions continuously monitor networks, detect threats, and provide real-time alerts. They enhance proactive response by identifying suspicious activities early, allowing organisations to take preventive action before incidents escalate. [27:50] What role do Information Governance consultants play in reducing cyber risk? – : Information Governance (IG) consultants specialise in helping organisation define their Information Governance Strategy encompassing data security and defining compliance policies.. They support organisations in defining: · Data Classification: Identifying Sensitive and PII data and categorising based on their confidentiality or regulatory requirements. · Retention Policies: Defining policies on retention period of records and method of disposition aligned with compliance requirements. · Legal Holds: Ensuring necessary data is preserved for potential litigation, internal investigation or as part of audit process. · Privacy Compliance: Aligning with regulations such as GDPR, DP, DPA, CCPA. [33:30] What are Jack’s top tips that the listeners can take away from this podcast session and implement today to begin mitigating their risk? – : Unfortunately mitigating cyber risk isn’t a one-size-fits-all response, however I like seeing cyber risk as 3 buckets, that businesses should be aware of and measure their organisation against: Technology & Infrastructure – outdated systems, unpatched software and not fit for purpose IT infrastructure pose risks. These types of vulnerabilities are exploited by attackers, leading to data breaches, malware infections and system disruptions. So, making sure that your technology and infrastructure is fit for purpose, and up to date is a key takeaway. We spoke about Managed Detection and Response solutions earlier in the session, which is a great, cost effective way of adding an additional layer of technology security. Human Factor – for me, this is the number 1 frailty to a business. Business Email Compromise incidents increased by 67% in 2023, with Multi-Factor Authentication (MFA) being bypassed in 29% of these cases. Over recent years, cybersecurity awareness has been the aim of the game. However it is crucial that, as our understanding progresses, we switch our focus to fostering a culture of cybersecurity responsibility among colleagues and employees. Ensuring that your people are aware of cyber incident (perhaps listening to this podcast), and their role in mitigating the risks associated to a cyber incident are crucial in ensuring that your business is secure. Preparation – in just about all walks of life, preparation is key for preventing almost anything. We have spoken today about some of the key preparation themes I’m seeing in the industry, from Response Readiness plans, to MDR, to Incident Response Retainers. Getting sufficient Cyber Insurance coverage is of paramount importance to ensure that your business can respond effectively to an incident, should one occur. If you’d like to learn more about Epiq and how they can help you, If you’d like to book a demo for the , simply and we’d be happy to give you a tour. We’d love to hear your views and comments about the ISO Show, here’s how: ● Share the ISO Show on T or ● Leave an honest review on or . Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: | | | | | /episode/index/show/theisoshow/id/30843468

#170 Trends in the Carbon Market with Nature Broking 04/04/2024

#170 Trends in the Carbon Market with Nature Broking Businesses looking to tackle their environmental impact will need to look at how they can reduce their carbon emissions and offset any remaining emissions to ensure that they reach Net Zero. One of the most common ways businesses offset their emissions is through the purchasing of carbon credits that typically go towards planting trees or re-wilding. However, there are a number of new emerging trends following on from the current commodification of nature, resulting in an attitude shift from businesses who are looking to get a lot more involved in the offsetting process. We invited Luke Baldwin, Co-founder and CEO of Nature Broking, back onto the show to explain the latest trends in the carbon market. You’ll learn · What are the latest trends in the carbon market? · The importance of high integrity within carbon offsetting · Looking for impactful solutions · Why education around carbon offsetting is key for long-term sustainability commitment · How buying carbon credits now can lead to significant savings Resources · · In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to to either sign-up or book a demo. [02:05] Episode summary: Today Mel is joined by guest Luke Baldwin, Co-founder and CEO of Nature Broking, to discuss emerging trends in the carbon market that help businesses tackle their carbon offsetting. [02:50] What are the key trends in the Carbon Market – As of 2024, Luke states the leading trends as: · High Integrity · Impactful solutions · Education · Purchase carbon credits now and save later [04:10] High Integrity – There’s now a lot of carbon credits available and due to the nature of the unregulated carbon markets, it’s led to an increase in bad actors generating revenue in a bad way. Once example of this is Kariba, a project in Zimbabwe that aimed to tackle deforestation, which was recently exposed in the Guardian and The New Yorker for having incorrect calculations. Credits purchased towards that programme were then called into questions and any associated companies were accused of greenwashing. To avoid this, businesses are now putting a greater focus on high integrity solutions, which involves considerations such as: · Are the credits durable? Will the carbon be stored long term? · Are their significant CO2 benefits? · Are the credits contributing anything besides just removing carbon? i.e. regenerative agriculture or woodland plantation [06:20] Impactful Solutions: The carbon markets offers a lot of fantastic solutions and businesses are moving away from the quick commodification of those solutions, and are instead looking to really understand the impact of how they chose to offset their emissions. It’s becoming more of a question of buying carbon credits that align with your values, whether this be social values or sustainability values. They’re looking to invest in projects that will have a tangible outcome. Which is exactly what Nature Broking sets out to assist businesses with by tailoring bespoke solutions that adhere to their specific values. [08:10] Education – The need for more education around the carbon markets is crucial. Luke remembers the quote “you can't love what you don't know”, which applies as how can a business truly invest in something that they don’t fully understand. Sustainability is a mindset, and a cultural shift towards more sustainable practices starts with an education. uses an ISO framework, but also provide an education around the carbon reduction plan provided to inspire a mindset shift change towards sustainability. [09:05] Blackmores experience – Blackmores have been implementing environmental and energy Standards for over 18 years, but it’s only been in recent years that we’ve seen a mindset shift in leadership towards sustainability. While people may be aware of Standards such as or , but may not be aware of other governance frameworks that can help businesses to manage their carbon footprint and carbon neutrality. [10:20] Join the isologyhub – Don’t miss out on a suite of over 200+ ISO tools, templates and training, sign-up to become a member of the [12:25] How can you make significant savings when purchasing carbon credits? – A lot of carbon solutions currently are very cost effective, in particualr forestry credits and carbon removal credits. Some of the more technological ones such as direct air capture or bioenergy and carbon capture and storage can be more expensive now because the technology utilised is still so innovative and in it’s infancy. However, that will change in time. If you're looking at building a carbon portfolio for your net zero journey, for example, say are going through a science based targets initiative and you've decided that you cannot avoid the 10% of remaining emissions your net zero journey and you need to buy carbon removals - you're much better purchasing carbon removals now than in the future. This is because there will be a supply shortage in future, especially when we see more enforced regulations come into play between 2030 and 2035. This will mean that the price of those carbon credits will rise significantly. What may cost £20-£30 per tonne for carbon removal now may go up to anywhere between £100 - £150 per tonne! So it’s worth investing in your carbon portfolio now, especially in the case of tree planting as those tress are going to take a while to grow and actually start storing carbon. If you finance projects now, you will have already made an amazing impact from the start, and will potentially save yourself a lot of trouble and money in future by planning ahead. If You’d like to learn more about Nature Broking and their solutions, check out their . If you’d like to book a demo for the , simply and we’d be happy to give you a tour. We’d love to hear your views and comments about the ISO Show, here’s how: ● Share the ISO Show on T or ● Leave an honest review on or . Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: | | | | | /episode/index/show/theisoshow/id/30677043

#169 Credible Carbon offsetting with Nature Broking 03/28/2024

#169 Credible Carbon offsetting with Nature Broking The UK is the first major economy to achieve it’s 50% reduction target for Greenhouse Gas Emissions (between 1990 and 2022). However, we’ve still got a lot of work to do to reach our 2023 target of a 68% reduction. Many businesses are already making great strides to reduce their Impact, and while you can reduce, achieving true carbon neutrality will involve offsetting a certain amount of emissions. One of the biggest challenges for businesses in terms of completing their offsetting is finding a credible carbon offsetting scheme. Mel is joined by Luke Baldwin, Co-founder and CEO of Nature Broking, to discuss credible nature-based solutions for carbon offsetting. You’ll learn · Who are Nature Broking? · What is Natural Capital? · How can we restore nature at scale? · Financing transition regenerative agriculture through the sale of natural capital · How have Nature Broking worked with clients to complete their carbon offsetting? · How can you demonstrate a credible carbon offsetting scheme? · What projects are Nature Broking currently working on? Resources · · In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to to either sign-up or book a demo. [02:05] Episode summary: Today Mel is joined by guest Luke Baldwin, Co-founder and CEO of Nature Broking, to discuss credible nature based solutions for carbon offsetting and explore some of the wonderful projects Nature Broking have been involved with. [04:10] What is natural capital? – Natural capital is the idea of creating value from nature. What natural capital does is, it encompasses all the things that we get from nature that we rely on. That could be the shelter in your house all the way through to carbon offsets. [04:55] Who are Nature Broking? – Nature Broking’s story starts off on a somber note. Sadly, Luke lost one of his friends in a mountaineering accident, and in his memory, Luke and another friend rewilded one acre of Scottish Borders Woodlands. This is something they make a point to visit every year, to pay tribute and to keep their living, breathing monument of his friends memory alive and well. The experience was an eye opening one. For as lovely as the process was, it was incredibly expensive, and not very easy to do. Luke then realised that philanthropy alone wasn't going to be able to cover the costs of what we required to restore nature. Looking into the matter further he found that 50% of the world's GDP is moderately or highly dependent on nature and that the UK, whilst green and beautiful, sits in the bottom 10%. And so, an idea was sparked. Together his friend and Co-founder Andy started down the nature restoration path and created Nature Broking. [06:20] What is Nature Broking’s mission?: Nature Broking have 2 major missions: #1: Help restore nature at scale #2: Help finance a transition to regenerative agriculture [06:34] How can we restore nature at scale? – The UK Government has set targets of halting nature decline by 2030, with a view to increase nature by 2045. The Green Finance Institute has calculated that there is a funding gap of about 56 billion in order for us to achieve our legally binding environmental targets. That’s a hefty sum to put on public money and philanthropy, which is where private markets and business can make a big impact. Frameworks like (ISO 14068) help businesses invest in nature, and with the creation of carbon credits, carbon has been commodified to make it more accessible for businesses to contribute to carbon offsetting. [08:20] How can we help finance transition regenerative agriculture through the sale of natural capital? – Regenerative agriculture is about restoring the soils, restoring nature back to its original level. Modern farming techniques, while fruitful, use tools such as fertilisers and mechanised farming that have damaged the soils biome. That’s going to take time and a concerted effort to fix. Now obviously, we can’t just stop farming, we need food, so not all land can go back to nature. Currently, 70% of the UK is farmed, so the agricultural sector will play a big part in being more regenerative. However, the current incentives aren’t great, so there’s a lot of work that needs to be done in terms of financing the mechanisms behind it, i.e. funding and subsidies ect. One way we could do this is by ulitilising the carbon markets, as regenerative agriculture can lead to significant carbon sequestration. [12:20] How do Nature Broking work with clients? – They make sure to work within the bounds of the business itself, as every business is different.. They don’t do off the shelf solutions, preferring to work closely with their clients and help them to really spend time in nature at the place where their carbon credits are being implemented. It’s ultimately about education on the different solutions available, including asking important questions like: · What impact do you want to have? · What are the challenges with each solution? · What do you need to watch out for? Each solution is tailored to your business. So, if you’d prefer to work in woodland restoration over regenerative agriculture, then Nature Broking would be happy to work with you to achieve that. Carbon credits include their own set of challenges, one of the main ones being that science changes, so the solutions offered through carbon credits will also change. It may be a case of purchasing credits that tackle different solutions over a large area rather than pooling them all into planting trees for example. Nature Broking are here to help advise and facilitate this. [15:30] Join the isologyhub – Don’t miss out on a suite of over 200+ ISO tools, templates and training, sign-up to become a member of the [17:45] How can Nature Broking demonstrate credible carbon offsetting? – Nature Broking are at their heart transparent with how they operate. By taking clients to see the actual physical results of their carbon credits, they can educate and help others form a genuine connection to nature. They want clients to truly understand the full impact of their efforts. The second element is due diligence, which can be displayed by utilising one of the many carbon related frameworks now available, such as and . Though these don’t always work within a UK setting, so Nature Broking are working towards creating frameworks that do fit within the overall market view. Lastly, they ensure that the standard they’re using is of high integrity, using frameworks such as the Integrity Council for the voluntary market, which analyses different standards. The 2nd is understanding the quality of the project developer, so looking at their technical expertise, looking at their financial ratings, and then evaluating the individual project itself in terms of potential risks. [21:50] What are some of the projects that Nature Broking are currently working on? – A broad view of what’s available in terms of schemes include: · · – This is run by the IUCN, which is the International Council for the Conservation of Nature. They are both defined and funded by DEFRA. These are some of the first carbon codes to move into the UK, however there is a lack of available carbon credits, which should change in future. Other’s include: · – A carbon code focused on rewilding, run by The Wildlife Trust. · - A regenerative agriculture code, so it focuses on analysing the full sequestration and full emissions potential of a whole landholding. [25:00] Carbon Credits in practice – There’s a current project called Bank Farm in Kent, which is being used as a test site for regenerative agriculture. This includes the likes of agroforestry, which is where you integrate trees into fields which provide shade for animals and store carbon. So, you’re not removing those fields from production, simply adapting them to be more sustainable. They’re also practicing mob grazing, which is all about using herbivores to maxmise the amount of carbon stored in the soil. You can do this by moving, say cows for example, around a field to graze quickly on small areas before moving them on. [27:05] Mel’s conclusion – There’s a huge opportunity in the management of agriculture that can be utilised within carbon credit schemes. In addition to helping our economy by creating new jobs within this new approach to tackling emissions and storing carbon. Hopefully we’ll see larger corporations investing in these sorts of schemes both here in the UK and abroad. If You’d like to learn more about Nature Broking and their solutions, check out their . If you’d like to book a demo for the , simply and we’d be happy to give you a tour. We’d love to hear your views and comments about the ISO Show, here’s how: ● Share the ISO Show on T or ● Leave an honest review on or . Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: | | | | | /episode/index/show/theisoshow/id/30577673

#168 Changes to ESOS – What you need to be aware of 03/20/2024

#168 Changes to ESOS – What you need to be aware of The UK recently hit a huge milestone, according to the Department for Energy Security and Net Zero (DESNZ), the UK have reduced their Greenhouse Gas Emissions by 50% between 1990 and 2022. The UK are the first major economy to achieve this, however we’ve still got a lot of work to do to meet our 2030 target of a 68% reduction. Over the past few years there have been a number of schemes aimed at businesses to help tackle their impact, specifically their energy consumption. Here in the UK, ESOS (The Energy Savings Opportunities Scheme) was introduced as an implementation of the EU Energy Efficiency Directive and has been a mandatory undertaking for large organisations that fit the criteria. Recently, that scheme has been updated and a number of changes have come into effect for Phase 3. Ian Boylan, Chief Executive Officer at ISO Baseline, joins Mel to explain the recent changes to ESOS, how they affect organisations in the UK and EU and how ISO Baseline’s software can help businesses consistently manage their energy consumption in alignment with ISO 50001 (The Energy Management Standard). You’ll learn · Who are ISO Baseline? · What is the Energy Savings Opportunities Scheme (ESOS)? · What are the changes to ESOS? · How do the changes affect those who currently comply using ISO 50001 · What are the changes to the ESOS eligibility requirements? · How can ISO Baseline help businesses with their ISO 50001 and ESOS compliance? Resources · · · In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to to either sign-up or book a demo. [02:05] Episode summary: Today Mel is joined by guest Ian Boylan, Chief Executive Officer at ISO Baseline, to discuss the changes to The Energy Savings Opportunities Scheme (ESOS), and how the changes will affect the European Directive on energy management and energy reporting. [03:20] Who is Ian and ISO Baseline? – Ian has been involved with ISO Standards for a number of years, starting with the technical aspects of building Management Systems, to working with Certification Bodies as an auditor for Management Systems. From this experience, Ian really got to understand the challenges that organisations face when implementing ISO Standards. Challenges such as maintenance to ensure they are achieving their requirements and objectives. Which is where the concept for ISO Baseline was born. Targeted specifically towards the Energy Management Standard ISO 50001, ISO Baseline’s software allows organisations to manage their energy processes and provide evidence that you are meeting your energy objectives. [05:30] What features are included in ISO Baseline’s software? – Features include: Energy reporting: Information can be displayed in graph or Sankey diagrams to help visualize your energy performance. Identification of opportunities: Any opportunities for improvement found in the provided energy report will be recorded in an ‘Opportunities Register’ Financial Assessments: Work out life-cycle costs for assets, which can be used as a guide to establish possible savings by implementing suggested improvements. [07:25] What is ESOS?: ESOS was introduced when we were still a part of the European Union, when there was a European Directive on energy efficiency. It placed a requirement on member states in the EU to put together schemes for ensuring that large organisations undertake energy audits on a regular 4 yearly basis. In the UK this was adopted as the ESOS regulations. For many years, if a business’s ISO 50001 certification scope covered all of its energy usage, then your business was considered compliant with ESOS. If you didn’t have an ISO 50001 Management System in place, you would have to undertake energy audits once every 4 years, and have that reviewed, approved and signed off by a lead ESOS assessor. At the time, this had to cover 90% of your energy usage. One of the more updated inclusions into these regulations was the introduction of transport as a source of energy consumption. ESOS also included the requirement to identify significant energy consumption and propose a logical way to reduce energy consumption to improve energy performance. [11:30] Main changes to ESOS: Accounting for your energy consumption – Instead of accounting for 90% of your total final energy consumption, you're now required to account for 95% of your total final energy consumption. The de minimis component of it has been reduced by 50% [012:30] Main changes to ESOS: Activity Metrics – All organisations will be required to develop activity metrics and as part of your audits you'll be required to submit those activity metrics. The aim of this is to allow the UK to effectively assess organisations over established periods (i.e. from Phase 3 to phase 4) to see if and how they are actually reducing their energy consumption. This could potentially lead to benchmarking, where organisations can be measured against each other. [14:45] Main changes to ESOS: Submitting Actions Plans – Previously, you just had to submit your completed audits and overall savings potential, now you will be required to submit a proposed Action Plan to improve your energy performance. You will also be required to report annually on your progress towards that Action Plan. So no longer can companies coast on simply paying to complete an Energy Audit exercise once every 4 years, now you will have to produce publicly available information that will hold organisations to account. Essentially a name and shame for organisations that choose to do nothing. [16:55] Making Actions Plans publicly available – Incidentally, it always has been a requirement that everything that has been reportable regarding resources should be accessible, but previously you were not required to produce Action Plans. So essentially now that will also become part of the publicly available information. [17:30] Making ESOS fit for purpose – When ESOS was introduced, there was already so much other legislation around in the UK, so the main focus then was to align them with one another and to ensure that they were all working towards a common purpose. In this update, it hasn't ultimately required you to determine your energy savings potential in carbon reduction, but quite obviously that would be a little bit ludicrous if an organisation went down this route and not to look at it from a carbon perspective, as It's only a tiny little additional step when you're doing it from a money perspective and an energy perspective to figure out what the carbon impact is. [18:30] Do you need help with your Carbon Reporting? – If you need assistance with GHG emission or SECR reporting, contact our sister company [19:20] Join the isologyhub – Don’t miss out on a suite of over 200+ ISO tools, templates and training, sign-up to become a member of the [21:25] Main changes to ESOS: Confirming your compliance – There are different approaches that you will need to be aware of when submitting your evidence of compliance, and which one you use will depend on which route you’re taking. For the full ISO 50001 route, you will need to complete the Annex 1 approach, which is a reduced reporting requirement where you do not need to use an ESOS lead Assessor to submit it on your behalf, the organisation can do it themselves. If you going down either the energy audit route or do not have 100% of your energy consumption covered by ISO 50001 – you will be reporting using the Annex 2 approach. This is where you still require a lead ESOS Assessor to work with you and provide final sign-off on that reporting. [24:15] Are there any changes in the eligibility requirements? – There aren’t any major changes in ESOS’s eligibility requirements. They have now updated the turnover amounts from Euro to Pound Sterling following our exit from the EU. [25:35] How will these changes impact organisations? – Organisations will have to adapt to a more proactive approach towards their energy reporting and management. No longer can you get away with doing an energy audit once every 4 years and then forgetting about it until the next Phase. You need to start looking at it from the perspective of annual reporting, as all this information is going to be publicly available every year, which is going to be scrutinized if you’re seen to not be taking any significant action. Large organisations will be compared against each other, and if one is taking action every year to reduce its impact and another is doing nothing for 4 years, which do you think will gain a more favorable reputation? This level of accountability is long overdue, and will be of benefit to organisations in terms of potential cost savings through reduction of energy use, and also more importantly to the environment. [30:00] How can ISO Baseline ISO 50001 help organisations with their ESOS compliance? – ISO Baselines tools and software are going to be the most benefit to organisations that have a real objective to improve energy performance. If you’re just doing the bare minimum to meet requirements, then it’s no for you. ISO Baseline ISO 50001 is a tool to help systemise your organisations approach to energy management. It can help to avoid a lot of the bureaucracy that can hold up progress, so you can spend your time focusing on the objectives and what the Management System is meant to lead to. Their software will guide you through the required processes involved with ISO 50001 Energy Management, including Internal Audit planning and completion, Management review, logging and addressing non-conformities and corrective actions. If You’d like to learn more about ISO Baseline and their software, check out their . If you’d like to book a demo for the , simply and we’d be happy to give you a tour. We’d love to hear your views and comments about the ISO Show, here’s how: ● Share the ISO Show on T or ● Leave an honest review on or . Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: | | | | | /episode/index/show/theisoshow/id/30455773

#167 How Lifelong Learner embedded ISO 22301 in just 4 months 03/05/2024

#167 How Lifelong Learner embedded ISO 22301 in just 4 months According to the there’s been a 82.9% increase in worldwide ISO 22301 certificates issued following 2020. Business Continuity is a must have for businesses who want to ensure long-term survivability following a disruptive event. Many turn to ISO 22301 to help put a framework in place, including today’s guest – Lifelong Learner. However, what usually takes businesses a minimum of 6 months, Lifelong Learner managed to accomplish in just 4 months across an international organisation! That is no small part due to the tremendous effort of Lifelong Learner’s Manager of Information Security, Governance, Risk and Compliance, Lauren Taylor. Lauren joins Mel on this weeks’ episode to share her journey and explains the challenges associated with implementing a Business Continuity Management System in just 4 months. You’ll learn · Who are Lifelong Learner? · Why did they decide to Implement ISO 22301? · What did they learn from implementing ISO 22301? · What was the biggest challenge with Implementation? · What are the benefits of implementing ISO 22301? Resources · · · · In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to to either sign-up or book a demo. [02:05] Episode summary: Today Mel is joined by guest Lauren Taylor who is the Manager of Information Security, Governance, Risk and Compliance at Lifelong Learner Holdings LLC. Lifelong Learner and it’s brands represent a fusion of comprehensive workforce solutions, with a human-first focus of changing lives through assessment. This includes helping people advance in educational and career aspirations, earning or maintaining licensing or certifications, or providing the tools to develop future leaders. Lauren has helped Lifelong Learner accomplish a massive milestone, and that’s the implementation of the Business Continuity Standard ISO 22301 across an international organisation, which she managed to do in just 4 months! She’s here to share her journey and lessons learned from implementing ISO 22301. [03:30] Not many people know this about Lauren – She had previously trained to be a mental health counsellor. [04:05] Who are Lifelong Learner LLC? – Lifelong Learner is the parent company of two subsidiaries: PSI Testing Excellence: a leading provider of assessment solutions for the licensing and certification markets, to Educational Testing Services. Talogy: A market leader in the talent management space whose core purpose is helping organizations achieve their potential. They manage the talent management side of the business. So what they'll do is they'll put together psychometric tests that help companies find the right person for the right job, and will assist with skills development. [05:00] Adding to Lifelong Learner’s ISO Collection: Lifelong Learner already have an impressive ISO Library, being certified to: · ISO 9001 – Quality Management · ISO 14001 – Environmental Management · ISO 27001 – Information Security Management [05:20] What was the main driver behind obtaining ISO 22301? – The main driver, as with most companies, is usually a client contractor requirement, but business continuity has been something that we've wanted to look further into for a while, just because there's elements of ISO 27001 that cover the business continuity. While we were able to get through the audits with what we had, we just felt that it just needed a little bit more building out. Business Continuity is a requirement in part of ISO 27001, but for Stakeholders that want assurance that a business has robust business continuity plans in place, ISO 22301 is the next step. [06:10] The Implementation Timeline – In October 2023, we began with the context workshop where we could kind of get a better idea of the scope of the management system. This was followed by a number of SWOT and PESTLE workshops to help identify what the perceived risks would be. Next came the Business Impact Analysis (BIA) - So essentially what you're needing to find out from these workshops is, the core activities that each of the teams perform on the day-to-day basis. You also need to understand what their systems are that they use, if they have any dependencies, and essentially it all comes down to understanding that if the business cannot perform those activities, what would be the impact overtime if those activities were to stop. Once you have all that information, the next step was to map it across into a risk assessment, which really helps you to understand the granular risks to your business when it comes to business continuity planning. This risk assessment helped to highlight some weaknesses that we hadn’t considered before, and gave us a point in the right direction as to what we needed to work on to bridge those gaps. Next was the creation and revamping of documentation inline with ISO 22301 requirements. Thankfully, due to the other ISO’s we hold, we already had a lot in place. Same goes for Internal Audits, so this was more a case of integrating ISO 22301 into our existing Management System. Once we had all the documentation, we conducted a ransomware test exercise, which we also documented all the findings from. Then we were we were ready for stage 1! [09:15] What were the biggest gaps Lifelong Leaner needed to address?: Following the BIA and Risk Assessment, we were able to see where we needed response plans because business continuity is always your Plan B. So in our minds, we had an idea of what kind of response plans we would need in terms of i.e. a malware response plan, a ransomware response plan, those sorts of things. But until we actually looked at the BIA we released we needed a few more. [10:25] What difference did addressing those gaps make? – For us it was understanding the real risks to our business. We already had ISO 27001 in place, and we figured if there were to be another pandemic for example, that we’d be covered. However, it wasn’t until we did those exercises did we realise that there was a lot we could improve on. [13:25] What did Lauren learn from Implementing ISO 22301? – How much people underestimate the importance of a good business impact analysis. After going through this in a very, very short space of time, I realised that it is actually the driving force behind a good business continuity management system. Also, it highlighted just how many people believe business continuity is just all about IT and physical security, they completely loft out the human element. An example of this is having a single point of failure, which is where if somebody left there would be a gap. [14:40] What benefits have Lifelong Learner experienced since implementing ISO 22301? – Lauren has noticed that more clients are requesting to see their Business Continuity Plans. It’s helped with the introduction of the latest ISO 27001:2022 controls – as these too also focus on elements of business continuity. [15:50] Lauren’s top tips for implementing ISO 22301 – Definitely give yourself longer than 4 months! Logically think about how everything links together, the clauses all have purpose and flow in a logical pattern to help create a Management System. Your Management Review can be your best friend. It's your opportunity to really engage with senior management and help them understand what your risks are to the business, how your internal audit is coming along, how you manage your nonconformities and it can be all neatly wrapped up in that nice management review bow. [18:00] Lauren’s book recommendation – The Matthew Perry Autobiography, [19:30] Lauren’s favorite quote – “You catch more flies with honey than vinegar.” If You’d like to learn more about Lifelong Learner, check out their . If you’d like to book a demo for the , simply and we’d be happy to give you a tour. We’d love to hear your views and comments about the ISO Show, here’s how: ● Share the ISO Show on T or ● Leave an honest review on or . Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: | | | | | /episode/index/show/theisoshow/id/30235463

#166 What is ISO 42001 AI Management? 02/21/2024

#166 What is ISO 42001 AI Management? There’s no escaping it, AI is here to stay. Over the course of 2023 we’ve seen more general and public use of popular AI tools such as ChatGPT and Gemini (previously Google Bard). It’s now even being integrated into everyday applications such as Microsoft Word and Teams. There is no doubt that there are a lot of benefits to using AI, however, with new technology comes new risks. So how do we address the growing concerns around AI development and use? That’s where the new Standard for AI Management Systems, ISO 42001 comes in! Join Mel this week as she explains exactly what ISO 42001 is, who it’s applicable to, why it was created and how ISO 42001 can help businesses manage AI risks. You’ll learn · What ISO 42001 AI Management Systems is · Who it’s applicable to · Why it was created · How ISO 42001 can help businesses manage AI risks Resources · · In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to to either sign-up or book a demo. [02:05] Episode summary: Today we’re touching on a very topical subject – AI, and more specifically the brand new AI Management System Standard – IS0 42001. We’ll also be exploring who it’s applicable to, why it was created and how it can help businesses manage AI risks. [03:30] What is AI? – AI – otherwise known as Artificial intelligence, as it’s most simplest description is the science of making machines think like humans. We’ve seen a lot of AI tools be released to the public over the last year or so, tools such as ChatGPT and Google Bard. It’s already being integrated with some of the most commonly used apps and programs like Microsoft word and Teams. In short, AI integration is here to stay, so we may as well get to grips with it and make sure we’re using it responsibly. [05:10] What is ISO 42001? – , ISO 42001 is the first International Standard for Artificial Intelligence Management Systems, designed to help organisations implement, maintain, and improve AI management practices. It was jointly published in December 2023 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). The emphasis of ISO 42001 is on integrating an AI Management System with an organisations existing management system – i.e. ISO 9001 or ISO 27001 compliant management systems. Interestingly, a lot of the specific mentions of Artificial Intelligence and Machine Learning are within the Annexes rather than the body of the Standard. The Standard itself is very similar to ISO 27001 in that it’s mostly about what organisations should be doing to manage computer systems regardless of any AI components. [08:00] The 4 Annexes of ISO 42001: Annex A: This acts as a Management guide for AI system development, with a focus on trustworthiness. Annex B: This provides implementation guidance for AI controls, with specific measures for Artificial intelligence and Machine Learning – if you’d like to learn more about the difference between the two, go back and listen to Annex C: Which addresses AI-related organisational objectives and risk sources. Annex D: This one is about the domains and sectors in which an AI system may be used. It also addresses certification, and we’re pleased to see that it actively encourages the use of third-party conformity assessment. This just ensures that your AI claims have more validity. [09:15] Who is ISO 42001 applicable to? – Those annex descriptions may have you assuming that this Standard is only applicable to organisations developing AI technology but in actuality it’s applicable to any organisation who is involved in developing, deploying OR Using AI systems. So if you’re a company who is only utilising AI in your day to day activities, it’s still very much applicable to you! [10:20] Join the isologyhub and get access to limitless ISO resources – From as little as £99 a month, you can have unlimited access to hundreds of online training courses and achieve certification for completion of courses along the way, which will take you from learner to practitioner to leader in no time. Simply head on over to the to sign-up or book a demo. [12:25] Why was ISO 42001 created?: · To address the unprecedented rapid growth of AI and all the risks that come with this new technology. · To ensure that AI development and use are trustworthy and above all, ethical. · The public are also reasonably wary of this new technology, so ISO 42001 aims to help build more public trust and confidence in the future use of AI . · ISO 42001 acts as guidance for organisations on exactly how to integrate AI Management controls with their existing systems. [14:05] AI risks you should be aware of – This isn’t an exhaustive list, as the technology develops, more risks will become known. However, as of the start of 2024, you should be aware of: Inaccurate information – Many of the chat bots and public AI tools are trained on publicly available information, and as we all know, not everything on the internet is true. So the output from these chat bots will need to be checked and verified by a person before being used or published. AI bias – Studies have proven that AI results can still be bias. As all the data fed into it is all based on existing information, it still presents the issue of a lack of information from underrepresented groups, or existing bias based on existing data. Time sensitivity – Not all AI use live data sets. Google Bard does, however Chat GPT is only accurate up until 2021. So double check whichever tool you’re using to make sure the information it produces is up-to-date. Plagiarism – Data gathered using AI came from somewhere! If you simply copy and paste information provided by AI platforms, there’s a chance you may be plagiarising existing content. Be sure to just use AI as a starting point! Security risks – Use of AI can expose you to additional security risks, For example, malicious actors could send someone an email with a hidden prompt injection in it. If the receiver happened to use an AI virtual assistant, the attacker might be able to manipulate it into sending the attacker personal information from the victim’s emails. Data Poisoning – AI uses large data sets to train its models, and we currently rely on these data sets being relatively accurate. However, researchers have found that it’s possible to poison data sets – so in future, AI may not be very reliable if preventative measures aren’t put in place by AI developers. [17:45] How can ISO 42001 help business manage these risks? – Above all, it provides a structured approach to identify, assess, and mitigate AI risks. ISO 42001 includes the guidance needed to put this in place from the start to ensure you don’t fall prey to the risks mentioned, with a view to monitor and update to address new risks in future. It promotes transparency and accountability throughout the AI life cycle. It helps ensure fairness, non-discrimination, and respect for human rights in AI development and deployment. It will help minimise potential legal and ethical liabilities associated with AI. The UK’s current GDPR and Data Protection Act can loosely cover aspects of AI, depending on how the terminology is applied, but there are already dedicated AI based regulations being developed within the EU which will likely be adopted by the UK. It can foster innovation and accelerate adoption of responsible AI practices. And lastly, it provides a common language and framework for collaboration on AI projects. [21:35] Don’t miss out on our ISO 42001 webinar – We’re partnering with PJR to bring you a 2-part webinar series on ISO 42001. Catch the first part on the 5th March 2024 at 3pm GMT, If you’d like to book a demo for the , simply and we’d be happy to give you a tour. We’d love to hear your views and comments about the ISO Show, here’s how: ● Share the ISO Show on T or ● Leave an honest review on or . Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: | | | | | /episode/index/show/theisoshow/id/30047828

#165 What is isology? How to Implement any ISO Standard 02/13/2024

#165 What is isology? How to Implement any ISO Standard We have over 18 years experience of implementing various ISO’s, covering a wide range of topics such as Quality, Sustainability, Information Security and Risk. With a 100% success rate, we’re confident in our consistent approach to implementing ISO’s, so much so that we’ve coined our own unique methodology. Our regular listeners may be familiar with the term ‘isology’ from previous episodes referencing our online platform – the isologyhub. But what is isology exactly? Put simply, isology is our 7-step method for implementing any ISO Standard. Join Mel this week as she breaks down each of the 7 steps, including the planning, creation and review of an ISO Management System. You’ll learn · Our experience implementing ISO’s · The origin of isology · What is isology? · The seven steps of isology Resources · · In this episode, we talk about: [00:25] Episode Summary – Mel Blackmore will be explaining our world leading methodology to implement any ISO Standard, which we’ve affectionately named ‘Isology’. [00:45] The creation of isology: We’ve been implementing ISO Standards for 18 years, starting with ISO 9001 and have since expanded our repertoire to over 20 ISO Standards covering risk, sustainability, quality and Information Security. The creation of the isology methodology has been a team effort from all of the consultants who have worked with Blackmores over the years, and is primarily built on best practice. [01:35] Step 1: Plan – Get a copy of the Standard, determine your scope, timescales, leadership commitment, resources and selecting a Certification Body. Timescales: This is typically around 6 months, but could be longer or shorter depending on your specific requirements. Resources: As an example, if you were looking to obtain ISO 14001 certification, you may need to appoint a sustainability champion. For ISO 27001 you’ll need a representative from the IT department. Selecting a Certification Body: Ensure whichever Certification Body you choose is UKAS accredited. You can check this on the . International listeners will need to verify on your country’s national accreditation body website. [03:45] Step 2: Discover – Time to understand what you have in place already and what you’re missing – this is done through a Gap Analysis. This will often involve an initial meeting with the leadership team to establish what you already have in place, i.e. relevant policies and procedures or any relevant objectives. We break this down step-by-step and document it all in a Gap Analysis, which will deduce your current level of compliance. From this an action plan can be created to indicate what needs to be done to become fully compliant, including assigning roles to assist with the Implementation. [05:30] Step 3: Expose - This is where we look at risks and opportunities related to your desired Standard (both internally and externally). This is typically done through a SWOT (Strengths, Weaknesses, Opportunities and Threats) and PESTLE (Policital, Economic, Social, Technological, Legal and Ethical). In this stage you will also need to understand the key requirements of any relevant stakeholders, so this can include clients, subcontractors, regulatory bodies ect. A Risk Register may be created to capture the findings to be addressed later. Some ISO’s require a Risk Register, others don’t, but in our experience it’s beneficial to have one regardless. Companies are also encouraged to create a Legal Register to keep track of all their statutory, regulatory and contractual requirements. [07:50] Step 4: Create – Time to review the requirements of the Standard in terms of documentation – and create what’s needed. This includes capturing your way of working with documented Procedures, so make sure you have the relevant staff involved in their creation. Something to remember, you can have additional policy statements that aren’t required by the Standard. If they are important to you, add them in! We’re in a modern age now, gone are the days of paper manuals gathering dust on an office shelf. Software and applications may be where the bulk of your Management System documentation lives. For example, at Blackmores we use a combination of and SharePoint to manage all of our day-to-day activities, including our own ISO 9001 compliant Management System. The key here is to make your Management System accessible for everyone. [10:20] Step 5: Launch – Once the Management System has found its home, you need to communicate it. Consider the type of launch you want and who will be involved. Make sure you encourage engagement with the Management System. Why should you Launch your Management System? Quite simply, there isn’t much point in having controls in your business if no one knows about them! We have 2 key ways of supporting you with the launch of your Management system: 1) We can run an awareness session on your Management System either in person or via Teams. It can then be recorded and used as refresher / induction training. 2) Get access to the – out online platform with a suite of over 200 ISO courses, training, tools and templates. [12:15] Step 6: Engage - After the launch you want to ensure that employees are fully engaged and they actually not only are aware of the policies and procedures that you've got in place, but they're actively using them. The only way to verify this is through Internal Audits – that’s not just our opinion, that’s a mandatory requirement of any ISO Standard. We can assist with conducting these Internal Audits, which double up as a dummy run ahead of your assessment visits. These audits are essentially a show and tell exercise to gather evidence that you’re doing what you say your doing. [13:55] Step 7: Review - Time to take a step back and look at what’s been achieved and what’s been highlighted as areas for improvement through your Internal Audits. This is done at what we call a Management Review. These are typically conducted as meetings, but they don’t have to be a meeting specifically. covering other ways to conduct this review. At this Management Review you will collate data on the performance of your business in relation to the ISO Standard. The minutes must be recorded, as your Assessor will expect to see these as it’s a mandatory requirement of any ISO Standard. If you’d like to learn more about what’s involved with a Stage 1 and 2 Assessment, go back and listen to a . If you’d like to book a demo for the , simply and we’d be happy to give you a tour. We’d love to hear your views and comments about the ISO Show, here’s how: ● Share the ISO Show on T or ● Leave an honest review on or . Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: | | | | | /episode/index/show/theisoshow/id/29929678

#164 The ISO 27001:2022 Transition Gameplan - A step-by-step guide to complete your Transition 02/06/2024

#164 The ISO 27001:2022 Transition Gameplan - A step-by-step guide to complete your Transition The deadline is looming over the horizon as October 2025 marks end of the validity of ISO 27001:2013 certificates. Have you made a start on your transition journey? If not, you really should make a start in 2024 to ensure you’re all set well before that final deadline. The first step is to decide if you want to do it yourself or enlist the help of a professional consultant. For those that want to tackle it yourselves, you’re in luck! As we have just the tool to help: The ISO 27001:2022 Transition Gameplan. In this weeks’ episode, Steph Churchman, Communications Manager at Blackmores, explains why you need to transition to the 2022 version of the Standard and outlines the 7-step ISO 27001:2022 Transition Gameplan available on the isologyhub. You’ll learn · Why do you need to transition to ISO 27001:2022? · What happens if you don’t transition? · What is the ISO 27001:2022 Transition Gameplan? · An overview of the 7-step Gameplan Resources · · In this episode, we talk about: [00:25] A different host – Steph Churchman, Communications Manager at Blackmores, steps in to cover today’s episode. She’s heavily involved with the development and updating of the isologyhub, and will be explaining one of the latest Gameplan’s: The ISO 27001:2022 Transition Gameplan [01:15] Why do you need to transition to ISO 27001:2022? The October 2025 deadline is fast approaching, so you really should be making a start in 2024 if you’ve not already. [01:45] Who needs to transition to ISO 27001:2022? – Basically, anyone who is currently certified under ISO 27001:2013 will have to transition to the updated Standard. One of the main reasons why we recommend getting a head start on this is , Certification Bodies will undoubtedly have a large demand for transition audits in 2025, when everyone’s rushing to get it done last minute. This results in a shortage of resources from the CB’s, and you may end up struggling to get booked in time. [02:35] What happens if you don’t transition in time? – The harsh truth is you will lose your ISO 27001 certification. This then means you’ll be required to go through another Stage 1 and 2 Assessment against the latest version of ISO 27001, which can be costly. Another key reason is the latest version of ISO 27001 also considers a lot of new technologies that weren’t around back when the last version was published. You can imagine now that there are a lot more cybersecurity risks to consider with all the latest technology that has been released in that time. Put simply, it’s for the benefit of your Information Security to ensure you are adhering to the most recent best practice Standards. [03:40] What is the ISO 27001:2022 Transition Gameplan? This Gameplan will walk you through the stages of transition, which align to our proven isology® approach. Isology being our methodology for implementing any ISO Standard, based on our 18+ years of experience. In this Gameplan we provide training videos on the changes to ISO 27001, along with specific training videos covering each of the new Annex A controls that you will need to be familiar with, along with templates and workbooks to take you through the process from beginning to end. [04:20] Step 1: Plan – Before you begin on your journey, it’s advised to understand the main changes to the standard. We’ve summarised the high-level changes in a , and included a quick summary in the first step of the Gameplan. In this first step, you’ll also find guidance on how to prepare for your Certification Body visit. You really do need to do this early on to help establish a realistic timeline to complete your transition work. [04:55] Step 2: Discover – At this stage, you need to get to grips with the changes to the Standard. There have been a number of controls changed, and 11 completely new ones added. We did cover a select few of these new controls in a few previous podcasts: , , , In this Discover step we provide a number of awareness videos to explore these new controls and changes in detail, including how they may apply to your business. We’ve also included a downloadable PDF guide to these changes, in case you’d like to share this information internally. [05:40] Step 3: Expose - In this step we’ve included an ISO 27001:2022 transition workbook, which will act as a guide for all your transition activities. The first being the conducting of a Gap Analysis against the latest version of the Standard. After completing this, you will have a much better idea of where your main gaps and vulnerabilities are, so you can start putting the necessary controls in place to ensure compliance with ISO 27001:2022. We’ve also included a summary of the main Management System documentation that will need to be updated ahead of your transition visit. [06:20] Step 4: Create - This is the step where you will be implementing those changes as a result of your Gap Analysis. This will also be guided by that workbook, and we have provided some additional templates and resources to aid you. These include: · A Statement of Applicability Template · Annex A Control Mapping · ISO 27001 Management Review Template [07:15] Step 5: Launch – It’s not just about updating your documentation, you will obviously need to communicate these changes to the wider business. In this step we go over a few options for your launch plan – including guidance for both a soft launch and an all-in launch. To help you decide which one would be the best fit for you, we’ve included a full summary of each method in addition to a pro’s and con’s list for each. [08:30] Step 6: Engage – The last stages are all about gathering evidence of compliance against new and updated clauses and controls. In this step we provide some insight into what’s required from your Internal Audits and Management Review ahead of your transition visit. If you wanted to get some more tips on carrying out internal Audits within your business – we also offer a full Internal Auditor course on the hub that covers the core skills needed to complete those. If you become a member of the hub, you’ll get access to our whole library of resources – which includes a wealth of ISO related tools, templates and training videos. [09:20] Step 7: Review – This last step will help you prepare for the transition visit with your certification body. We touch on what you should expect from your Certification Body ahead of the transition visit, and include guidance on carrying out a final Document and evidence check to make sure you’re all good to go. If you’d like to book a demo for the , simply and we’d be happy to give you a tour. We’d love to hear your views and comments about the ISO Show, here’s how: ● Share the ISO Show on T or ● Leave an honest review on or . Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: | | | | | /episode/index/show/theisoshow/id/29821003

#163 The environmental value of circular design with Design Conformity 01/30/2024

#163 The environmental value of circular design with Design Conformity Did you know that in the UK alone, 22 million pieces of furniture are discarded each year, the majority of which goes directly to landfill. That amounts to an estimated 670,000 tonnes of furniture wasted, where a significant portion could be recycled and reused. It’s clear to see the need for a more sustainable approach to furniture design, manufacture and lifecycle, which is where today’s guest, Design Conformity, come in. Design Conformity live and breathe circular design, the process for creating products sustainably from the beginning, and offer a Life Cycle Assessment Certification Process which has already led to significant carbon reductions. Mel is joined by Adam Hamilton-Fletcher, Founder and Director at Design Conformity, to discuss the application of circular design within the furniture manufacture industry and explain how their Life Cycle Assessment certification process can help businesses reduce their carbon footprint. You’ll learn · Who are Design Conformity? · What is circular design and how does it help companies reduce their carbon footprint? · What are the benefits of Design Conformity’s certification? · Can sustainability be of financial and environmental benefit to businesses? · Examples of circular design in practice Resources · · · · In this episode, we talk about: [00:25] Introducing today’s guest – We welcome Adam Hamilton-Fletcher, Founder and Director at Design Conformity, onto the show. Design Conformity are currently setting the standard in retail sustainability, particularly in relation to the furniture industry. [01:30] Who are Design Conformity? Adam worked in the manufacturing industry for about 15 years, designing lighting systems for major retailers like boots, Next, Marks & Spencers and Morrisons. He worked primarily with the lighting used in displays, and had been tasked with selling lighting products. In order to do so, he needed to develop a specification to help understand customer requirements, which would then be used to develop their ideal solution. The problem: There were little to no Standards in UK and Europe for the retail display industry. Which directly led to the creation of Design Conformity – who started out as an electrical and lighting Standard certification company, that developed into a full carbon certification company. They aim to become the gold Standard for sustainable furniture design. [03:10] What is Circular Design? – Circular design is born out of this principle of a circular economy. To compare, a linear economy is when we take a raw material, use it, process it, and then it’s just disposed of, usually straight to landfill. Whereas, circular economy is where we take that waste product and we design it so that it can be repurposed and refreshed and reused. Those materials can then eventually be recycled – so the goal is to not use any raw materials at any point. Circular design is the intent to minimise environmental impact, to design equipment that could be reused and repurposed, and then at the end of its life be recycled. [04:05] How do Design Conformity operate? – Design Conformity look at the way that companies design their furniture and then take them through a learning process (online course). They help businesses to understand how to design a product in such a way where it can be repurposed or reused, where raw material usage can be reduced and where the shipping requirements can be reduced. They provide guidance and advice on recommended materials, including the provision on an online They also provide reporting in alignment with existing carbon standards, such as ISO 14064, for product evaluation. [06:55] How can the Carbon Calculator help? By selecting a product of a particular type, you can use the estimator by entering the details of where and what you’re manufacturing, and then it will give you a carbon footprint for that, which you can use to compare that against other industry designers. It displays these other designers anonymously, but you can get a feel for if your product is above or below the average for carbon emissions. [08:55] An example of the Carbon Calculator in practice – Design Conformity recently worked with Costa Coffee, who were looking to reduce the environmental impact of their of their shops and coffee lounges. The beginning of that process is to work with their manufacturers, to identify the environmental impact of the furniture that they've got. They used the Carbon Calculator to help create an initial benchmark, which highlighted key indicators that can lead to carbon reductions. [09:35] Design Conformity’s Certification – They’ve borrowed the concept used by existing Energy Performance Certificates, by having a carbon efficiency index, ranging from C1 – C7. Their score is a bit more unique however as it incorporates elements of circular design. Their score is based on a products total carbon emissions, divided by it’s size and total lifespan. An Ecolabel is then awarded based on the final score. [11:45] What are the benefits of Design Conformity’s certification?:- · It’s a mix between carbon reporting and a carbon rating. · It’s easier for consumers to understand the benefits in comparison to companies that advertise compliance with ISO 14064 and PAS 2060. · Not just a green label, as reporting is a key component of gaining certification. · It provides a cradle to cradle analysis on a products carbon footprint and translates that into something that is recognisable. [14:15] Are businesses right to be skeptical about the value of the cost versus the value of environmental certification?– 100%! It’s not uncommon for eco labels to be more of a marketing tool rather than a tool for tangible carbon reduction. A lot of them out there are unregulated and are contributing to green washing. That’s where Design Conformity’s differs, as they actually collate and process real data to provide tangible value and add credibility to their claims. [16:10] Will there be a time where sustainability can be of financial and environmental benefit to businesses? – Yes, absolutely! And if there is a way to do that, it’s through Circular Design. As an example, if you’re a manufacturing company that’s producing shelving, you need to buy in steel, which can fluctuate a lot in price at any given time. But you don’t need to buy more steel every time, where instead you could get your original product back, reprocess and redistribute. Adam has experience of suppliers who are practicing this, they purchase their products back at 40%-50% of the price, saving a lot of money in raw material! [19:00] Examples of companies who have embraced circular design – Tesco: They’ve introduced a policy whereby they purchase metal shelving, use it for 5 years, then take it back out of the store to get powder coated, cleaned and reintroduced to the store. That reduces the carbon footprint by 70% in comparison to buying a new shelving set! Boots: Their beauty halls wanted to introduce a lot of new brands, which meant a lot more displays were needed. Boots started working with Design Conformity towards earning their certification, specifically in relation to the lighting they used in stores. With Design Confomity’s help, they managed to reduce the carbon footprint at selected stores by 39%! [21:20] Circular Design Guide – 14 people were involved in creating this guide, which is designed to give you an introduction to and overview of circular design. Access it over on If you’d like assistance with any ISO Standards, with Blackmores and we’ll be happy to help 😊 We’d love to hear your views and comments about the ISO Show, here’s how: ● Share the ISO Show on T or ● Leave an honest review on or . Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: | | | | | /episode/index/show/theisoshow/id/29712098

#162 What’s the difference between Certification and Verification? 01/16/2024

#162 What’s the difference between Certification and Verification? For those in the ISO Space, you may be very familiar with the term ‘Certification’ in relation to ISO Standards. However, for certain ISO Standards there is a different type of terminology you need to be aware of. The demand for a more unified and structured approach to reduce carbon emissions has resulted in a few carbon related ISO Standards to be published over the last few years. Standards such as ISO 14064 (Carbon Verification) and ISO 14068 (Climate Change Management) use the term ‘Verification’ rather than ‘Certification’. So, what’s the difference between the two? Join Mel in this weeks’ episode as she explains the key differences between the terms ‘Certification’ and ‘Verification’ in relation to ISO Standards. You’ll learn · What is Certification? · What is Verification? · What is the difference between certification and verification? · What’s involved with Verification? · Is there a demand for Verification in the UK and overseas? Resources · · In this episode, we talk about: [00:25] Episode summary – Listeners familiar with the world of ISO will know of the term ‘Certification’, however the release of new Carbon related Standards such as ISO 14064 and ISO 14068 has brought in a new term: ‘Verification’ This episode, we’ll explain the difference between the two. If you’d like to learn more about and , check out and . [02:00] What is Certification? – Quiet simply, Certification is for businesses who wish to certify an ISO Management system – so a company wishing to implement a Quality Management system to ISO 9001, would get the ISO System certified by an accredited Certification Body. [02:25] What is Verification? – Verification is the confirmation of a claim, through the provision of objective evidence, that specified requirements have been fulfilled. Therefore ISO 14064 the carbon footprint verification standard is a standard that is verified not certified. The ‘claim’ or ‘statement’ is typically the QES ‘Qualifying Explanatory Statement’. If you’d like to find out more about this, then checkout , where David Algar, Principal Carbonologist at Carbonology explains in more detail. [03:35] Setting the record straight – Some organisations (and even Certification Bodies!) have been stating they have been certified to PAS 2060 or ISO 14064 – which is technically incorrect. As a certificate is not issued and they're not certified. [04:30] Think of Verification as an MOT: A simple analogy for Verification is a car MOT. This is an annual check to verify that a claim is correct, much like an MOT, someone must inspect evidence and check that everything is as claimed – not unlike checking under a car bonnet and checking tires to see if everything is in working order. [05:20] What is the difference between accreditation for certification and verification bodies? – For ISO Certification, certification bodies must adhere to ISO 17021:2015. This standard basically provides a requirements for bodies providing audit and certification of management systems, and applies to CB’s like or . There are many others here in the UK, simply visit the to find a list of accredited CB’s. In other countries, simply go to your national accreditation body website to find a full list. [06:40] Accreditation for Verification Bodies – Verification Bodies need to adhere to ISO 17029, which was a Standard first published in 2019. That standards title is: Conformity assessment, general principles and requirements for validation and verification bodies. Both Standards provide structure and governance to basically ensure that standards are either certified or verified to a level playing field. [07:20] Watch out for the cowboys – Unfortunately, there are some fake third party so-called certification and verification bodies that offer certification and verification. They do not adhere to either ISO 17025 or ISO 17029, and instead play by their own rules. Which results in utterly worthless (and very expensive) ‘certificates’ that won’t hold up under scrutiny in tendering applications. So please ensure you use an Accredited Certification or Verification Body! [07:48] What are the differences between Certification and Verification? Certification in more detail – Certification of an ISO Management System means of providing assurance that the organisation has implemented a system, so they've got the policies, procedures and controls in place against the relevant activities for their products and services to be delivered. Certification for management system provides that independence, that impartiality that the company is actually doing what they say that they're doing, and that it's effectively implemented. If you want to get certified, you need to undertake an Assessment. Typically this is done in two parts – A Stage 1 Assessment is a document review and Stage 2 Assessment is the evidence to prove that the companies following its policies and procedures. [09:35] What are the differences between Certification and Verification? Verification in more detail – There are actually 2 definitions for Verification: 1: The process for evaluating a statement of historical data and information to determine the statement is materially correct and conforms to criteria in 3.6.10. 2: It's a confirmation of a claim through a provision of objective evidence that specified requirements have been fulfilled. There are a couple of notes with this one, including: · Verification is considered to be a process for evaluating a claim based on historical data and information to determine whether the claim is materially correct and conforms with specified requirements. · Verification is applied to claims regarding events that have already occurred are results that have already been obtained, confirmation of truthfulness. [11:30] Avoiding Greenwashing – Now more than ever is the time to actually have systems in place to be able to verify that claims are factually correct. A key thing to note with both Verification definitions is that they state you can only make a claim for a certain period – again, much like an MOT. [12:55] What’s involved with Verification? – There are a few ways to gather the historical data needed for verifiers, here’s a few: · Observation; · Inquiry; · Analytical testing; · Confirmation; · Recalculation; · Examination; · Retracing; · Control testing; · Estimate testing; · Cross-checking; · Reconciliation From those terms alone, you can tell that this is a much more analytical approach than compared with Certification. [14:30] What’s the current status of Verification in the UK and overseas (as of 2024) – In addition to being the Managing Director of Blackmores, Mel is also CEO of Carbonology – a sister company dedicated to Carbon Standards. Across both companies, we’re seeing a lot of interest in Sustainability Standards such as ISO 14001 and ISO 50001. At this current time, there is not so much of a demand for Verification and as such, there’s not a demand for third-party verification at this stage. There is however, a demand for an impartial second-party Verification to back up an organisations’ claims. [16:15] Need any help with ISO 14064 or ISO 14068? – Get in contact with and speak to our expert Carbonologists. If you’d like assistance with other ISO Standards, with Blackmores and we’ll be happy to help 😊 We’d love to hear your views and comments about the ISO Show, here’s how: ● Share the ISO Show on T or ● Leave an honest review on or . Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: | | | | | /episode/index/show/theisoshow/id/29505803

#161 What trends are in the top 10 ISO Standards? 01/09/2024

#161 What trends are in the top 10 ISO Standards? ISO Standards are internationally recognised as the gold standard for best practice within a variety of subjects and sectors. But what ISO Standards are the most popular across the whole globe? And are there any trends that can be gleaned? Thankfully, the International Standards Organization runs a yearly survey to find out! Join Mel in this weeks’ episode as she breaks down the top 10 ISO Standards Implemented globally, where they are most popular and identifies key trends. You’ll learn · What are the top 10 Implemented ISO Standards? · What Standards are gaining traction? · Where are the top 10 Standards most popular? · Are there any trends within the top 10 Implemented ISO Standards? Resources · · In this episode, we talk about: [00:25] Don’t forget to subscribe and leave a review – We love sharing top tips and dispelling myths about ISO Standards. Help us reach a wider audience by subscribing on your preferred media player, and leaving us a review 😊 [01:10] Episode summary – We’ll be taking a look at the top 10 most popular ISO Standards based on the , run annually by iso.org. The survey results break down the number of ISO Certificates issued, and highlights which countries and sectors these Standards are most popular in. We’re basing this episode on the 2022 results, as the 2023 results won’t be out until later this year. We’ll do another episode on the 2023 results to see what’s changed – so keep an eye out for that! [02:14] #1: ISO 9001 – No surprises here! The Quality Management Standard is still top of the pops. It’s holding strong with a 12% increase based on the previous year. It’s most popular within the Construction, wholesale & retail, electrical, machinery & equipment sectors. China is in the lead with number of certificates issues (by a very large margin!), followed by Italy, India, Germany and the UK. [03:30] #2: ISO 14001 – We’re happy to see the Environmental Management Standard so popular! In fact, it’s had a 21% increase over the previous year! It’s most popular in China, Japan, Italy, UK and Spain. Construction is the leading sector, but we’ve also seen an increase in the number of professional services choosing to adopt this Standard. [04:15] #3: ISO 45001: Coming in at #3 we have the Occupational Health & Safety Management Standard. This has seen an even bigger increase in demand, 29% more than the previous year. China still leads the way with number of certificates issued, but the UK and Australia are not far behind. Interestingly, there is little uptake within the Agriculture sector, which is concerning considering they consistently have the highest injury and death statistics year on year (in the UK according to the annual HSE reports). [05:25] #4: ISO 27001 – The Information Security Management Standard comes in at #4, with a 21% increase in demand over the previous year. Unsurprisingly, it’s increased primarily in the IT sector, but that’s followed by transport, storage and communications, along with financial services and real estate / renting. [06:00] #5: ISO 22000 – The Standard for Food Safety Management makes it into the top 10, with it being more popular in Taiwan and Greece. The sector specific information for this particular Standard is slim, but it’s applicable to any organisation involved in the making, packing and distribution of food, as well as organisations in the hospitality sector. [06:30] #6: ISO 13485 – This is the Standard for Medical Devices. The USA are leading the way with certificates issued, followed by France, Germany and Italy. We’re pleased to see that none of these ISO Standards are in any decline, and only seem to be increasing in popularity as the years go by. [07:20] #7: ISO 50001 – This is the Standard for Energy Management, if you’d like to learn more about this Standard, check out a few of our . ISO 50001 has seen a 33% increase in demand, which is amazing to see! We hope this is a sign of more organisations taking climate change seriously, and taking the appropriate steps to start reducing their impact. China is still in the lead where number of certificates issued is concerned, followed by Germany, Spain, Italy and France. [08:25] #8: ISO 20000 – The Service Management Standard is still very popular within countries where we see a lot of call center activity. This used to be known as the ‘IT Service Management Standard’, but it has since evolved and encompasses Service Management as a whole. We did a covering this Standard in 2023, so go back and listen if you’d like to find out more. No surprises to see China still in the lead with number of certificates issued, followed by USA, India, Italy and Spain. [09:15] #9: ISO 37001 – This one was a surprise, ISO 37001 is the Anti-Bribery Standard. Blackmores have implemented this Standard in the Construction and Facilities Management sectors, but it’s a shock to see it in the top 10 as it’s always been very niche here in the UK. This particular Standard is most popular in Peru, followed by Italy, Indonesia, Korea and Brazil. We were curious about why Peru were in the lead, and it seems that there may be a requirement for certain organisations to have this. Back in 2017, we knew there was a voluntary requirement, but perhaps this has changed in the last few years. If we have any listeners in Peru – we’d love to hear your feedback on this subject! [10:35] #10: ISO 22301 – The Business Continuity Standard. This Standard is most popular in the UK, and based on our experience, it’s commonly adopted by those in the professional services and IT managed services sectors to help provide resilience and continuity for their Stakeholders. Other countries where it’s popular include India, China, Greece and Korea. [11:20] The runners up – These Standards didn’t make it to the top 10, but they were very close: · – Asset Management · – Sustainable Event Management · – Collaborative Business Management [12:10] Conclusions – It’s clear to see that sustainability based Standards are becoming very popular. We’re particularly pleased to see the 33% increase in demand for ISO 50001! If you’d like to request a specific topic, or be a guest on a future episode, and let us know. We’d love to hear your views and comments about the ISO Show, here’s how: ● Share the ISO Show on T or ● Leave an honest review on or . Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: | | | | | /episode/index/show/theisoshow/id/29402498

#160 What were our Top 5 most popular episodes in 2023? 01/04/2024

#160 What were our Top 5 most popular episodes in 2023? Before we dive into the new year, we’d like to take a step back and reflect on 2023. Last year was filled with a lot of topics and challenges, from tackling the transition to ISO 27001:2022, to finding credible ways to offset your carbon emissions within the UK. With a total of 33 episodes published last year, Mel looks back on the 5 most popular episodes of 2023, including some highlights from each episode. You’ll learn · What were the top 5 most popular podcast episodes of 2023? · A highlight from each of the top 5 episodes Resources · In this episode, we talk about: [00:45] Editor shoutout – A special shout out to the Blackmores Communication Manager, Steph Churchman, who helps organise, produce and publish the ISO Show podcast! [01:20] Information Security was a favorite topic for 2023 – ISO 27001:2022 was definitely a hot topic in 2023, which is not a surprise seeing as anyone currently certified to ISO 27001:2013 will need to transition to the latest standard by October 2025. Many were making a start on this in 2023, or looking to plan it in for 2024. [02:10] #1: – Orginially published as part of a series of podcasts explaining the new Standard. This episode focuses on a high-level overview of the major changes. Here are a few highlights from the snippet: · Steve Gives an overview of what’s new in ISO 27001:2022 – The updated version of ISO 27001 was released on the 26th Oct 2022. The new version included 24 changes and clarifications within the main clauses. · The controls for the new standard are now categorised into 4 groups: Organisation, People, Physical and Technology · We covered some of the new controls in more detail in previous episodes: , , , , and · The 24 changes and clarifications to Clauses include older existing clauses which have been tidied up to be more transparent. We recommend reviewing to ensure that you are complying in a way that aligns with the Standard. · There are 11 new Controls. 56 controls from the 2013 version have been reduced to 24 with 58 remaining unchanged. So, in short, Annex A has been simplified with less duplication of controls. [09:15] #2: – In this episode we brought Steve Mason back to discuss the 11 new controls in ISO 27001:2022, and delve into the context of why these were added. We also highlight some of the resources we’ve made available in the isologuhub, including mention of our . Here are a few highlights from the snippet: · These new controls are nothing to worry about – they are simply aligning the Standard with more modern security considerations. You may already be complying with them! · Control A.5.7 Threat intelligence – ‘To provide awareness of the organization’s threat environment so that the appropriate mitigation actions can be taken.’ – This can come from many different sources, such as the NCSC or local police websites. There are also additional tools you can add to detect possible phishing attacks. This also includes consideration to external threats – Information Security is about much more than just protecting data! It also includes physical security. · Control A.5.23 Information security for use of cloud services – “To specify and manage information security for the use of cloud services.” – More and more businesses reply on cloud-based computing. It’s important to verify the security of your service provider to ensure it’s adequate. You can check to see if they have any valid Information Security related credentials such as CSA Star, Cyber Essentials, SOC. You could also adopt principles of ISO 27017 (certification for cloud security), ISO 27018 (Protection of PII in the public cloud) and ISO 27701 (PII security Standard). · Control A.5.30 ICT readiness for business continuity –‘ To ensure the availability of the organization’s information and other associated assets during disruption’ – There a few standards that could assist with this, including ISO 27031 (ICT readiness for Business Continuity). Those that have ISO 22301 may want to look at how ISO 27001 elements can be integrated and improved in any disaster recovery plans. ISO 27001 needs to be an integral part of any business continuity plans – not just a bolt on. Small business may not want to conduct a full business impact analysis, but should carry out a risk assessment around business continuity at the very least. [21:20] #3: : We had some fantastic guests on the show last year, such as Harry Grocott – CEO of Treeconomy. We invited him on to talk about how we can demonstrate credible carbon offsetting through schemes here in the UK, and how you can avoid falling prey to greenwashing. Here are a few highlights from the snippet: · Can we quantify the value of nature? Short answer right now is no, but there is a lot of nuance. Nature offers ecosystem services i.e. farms offer a calorific benefit, we can put a price on the value that offers. The same principle applies to resources such as wood or oil. Now we are gaining the ability to quantify CO2 removal, which is undeniably valuable to humanity. · Other more recent services such as biodiversity projects are a bit harder to quantify – as they vary so much depending on the country. However, we are starting to assign value to these. · How can people be sure that they don’t fall prey to Greenwashing? There are 2 main issues to consider: 1) Are your carbon credits credible? 2) what claims are top management making? · Tackling claims made by leadership: ISO standards are starting to solve this issue. There are clear requirements and certifications that need to be in place to back those claims. · Tackling carbon credits: The carbon offsetting market is heavily unregulated currently. Essentially it’s a lot of people trading in invisible gas. There are a number of carbon standards (Not quite at the same level as ISO Standards), such as the Woodland Carbon Code and the Peatland Code, and Internationally there are standards such as Verra VSC – unfortunately, a lot of these standards aren’t very robust and aren’t enforced. · Many companies will often look to buy the cheapest offsets available, which are likely to be non-credible and will provide no evidence of actual offsetting occurring. But, there are a lot of new companies emerging that provide tangible evidence of offsetting (such as Treeconomy ) [33:50] #4: – We’re always delighted to share stories about our clients’ ISO journeys. In this case we got the chance to talk to Steve Shaw, the Chief Product and Technology Officer at dotdigital, about their journey to achieve ISO 14001. Dotdigital have a habit of going above and beyond when it comes to implementing ISO Standards, and this time is no different as Steve explains some of the fantastic sustainability initiatives introduced as a result of gaining certification. Here are a few highlights from the snippet: · dotdigital was the worlds first carbon neutral marketing automation platform that was ISO 14001 certified. They also aim to be net zero by 2030! · They have a relatively small footprint as a primarily digital based company, only really having to consider the running of computers, air conditioning and standard office facilities. So it can be a challenge to reduce! · What led to the success of dotgreen? – dotdigital launched a group called dotgreen, which has since thrived into a community of likeminded individuals all working together to improve and reduce dotdigital’s impact. They were fortunate to have an Executive group sponsor who can take ideas and suggestions to other leadership for consideration. This grassroots group encourages suggestions from everyone – no idea is a bad idea. Over time, the group evolved and helped to develop a sustainability programme for the business. · What was one of the initiatives implemented from dotgreen? – They identified that existing data centers used by the business weren’t always utilising renewable energy. So, over the course of 2 years, they worked with Microsoft to build on their Azure platform to enable dotdigital to make the switch. Azure runs on renewable energy sources, and any remaining emissions can be offset through carbon credits. · A green option for their customers – As a result of their cloud platform now being run through green partners, they can extend the environmental benefit to their customers. [42:25] #5: – Health and Safety can be quite the task to keep on top of, a well known fact for anyone certified to ISO 45001. Thankfully, there are a number of Software as a Service options out there to make the lives of Health and Safety professionals much easier. New and emerging technologies are only going to develop more rapidly with the integration of AI and machine learning. We invited James Sharp, Chief Technical Officer at Riskex, onto the show to discuss the top 10 emerging SaaS trends, including how each can help streamline processes and gather and analyse large amounts of data. Here are a few highlights from the snippet: · Riskex have been certified to a number of ISO Standards, including ISO 18001 (Prior Health and Safety Standard, now certifying to the latest version, ISO 45001), ISO 27001 (Information Security) and ISO 9001 (Quality Management) · Software as a Service became very popular during Covid, as business became very fragmented and were looking for solutions that could be rolled out across multiple sites. Riskex also created their own track and trace system based on established software they were already offering – helping businesses manage Covid safely. · Trend #1 – Artificial Intelligence – Artificial learning is all around us and with vast volumes of data being collected by safety management platforms. AI allows decision engines to predict and provide guidance based on key trends or established KPI’s. For example, if accident rates were to increase but at the same time risk levels have been reducing, it could soon highlight this trend and look at other surrounding data or previous trends to establish a pattern. This will lead to a more pro-active approach to reporting and subsequent decision-making. · Trend #2 – API Connectivity – Providing an open API platform will allow businesses to integrate internal systems and external services to digest data. As more organisations adopt Cloud solutions, connectivity between platforms has become increasingly important. With a robust API offering, multiple business services can interact with ease and become part of the safety management space, without incurring significant cost or time. · Trend #3 – Low-Code Optimisation – Developing generic components within software to allow for quicker builds, implementations and tailoring requests. As stand-alone and generic component development increases, solutions can offer more flexibility and self-serve options to the end user to assist them with aligning platforms with their specific processes. · Trend #4 – Mobile Optimisation – More and more end-users are accessing health and safety software via their mobiles but for various reasons, are not always able to use native apps (installed on the device). Therefore, health and safety software platforms need to adapt use on multiple devices, without the loss of features. We can’t wait to dive into new topics this year! If you’d like to request a specific topic, or be a guest on a future episode, and let us know. We’d love to hear your views and comments about the ISO Show, here’s how: ● Share the ISO Show on T or ● Leave an honest review on or . Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: | | | | | /episode/index/show/theisoshow/id/29337408

#159 10 Reasons to use ISO 14068 Carbon Neutrality 12/18/2023

#159 10 Reasons to use ISO 14068 Carbon Neutrality Trying to achieve Carbon Neutrality can feel like a monumental task, especially with so many separate elements that you have to complete. From quantifying your data, reducing where possible and offsetting the remainder, it can be hard to keep track of it all with taking a structured approach. Which is where ISO 14068 comes in. This is the new Standard for Climate Change Management, and it’s specially designed to help businesses with the transition to Net Zero. In this weeks’ episode Mel explains 10 reasons why you should use ISO 14068 – the new Standard for Carbon Neutrality. You’ll learn · What is ISO 14068? · Why should you adopt ISO 14068? · How can Carbonology Support you with ISO 14068? Resources ● ● ● In this episode, we talk about: [00:25] What is ISO 14068? – This is standard for Climate Change Management. If you’d like to find out more about the Standard, it’s purpose and how it can prevent green washing, go back and watch our [00:55] Where to find more information – This podcast is based off BSI’s most recent Publication on ISO 14068: ‘Climate Change Management – Transition to Net Zero – Part 1: Carbon Neutrality (A BSI Executive Briefing). You can download this from a on BSI’s website. [01:05] Reason 1: A structured approach – Mel found out firsthand from a recent EMEX event that people are looking for a structured approach to carbon neutrality. ISO 14068 gives organisations a structured process for developing a detailed carbon neutrality management plan with short- and long-term targets. [02:10] Reason 2: Quality - In contrast to unsubstantiated claims of neutrality, claims under ISO 14068 have to be based on all GHGs, take a lifecycle approach and can only be made after the development of long-term planning, with real GHG reductions in place, and offsetting restricted to residual emissions using high quality carbon credits. [03:10] Reason 3: Credibility: Use of this internationally recognised standard can offer market benefits by increasing the credibility and verifiability of a product or organisational claim of carbon neutrality. This Standard has been developed by international technical committees and subject matter experts across the globe, which gives it a lot more credibility in the eyes of Stakeholders. They will have confidence that claims are transparent and reliable from those who adopt ISO 14068. [04:22] Reason 4: Global Recognition – A quick reminder - Those who have been listening to the ISO Show for a while now may remember our previous podcasts on PAS 2060 – the previous Standard for Carbon Neutrality. Companies will now have 2 years to transition to ISO 14068. We’ll be doing a podcast on how to go about doing that in 2024! Circling back to Global Recognition, ISO 14068 provides a common set of criteria for measuring and reporting carbon neutrality. This ensures consistency across different organizations and industries, underpins easer comparisons for carbon neutrality efforts between entities, allows stakeholders to assess and benchmark efforts, and supports global recognition for claims of carbon neutrality. [05:30] Reason 5: Convenience – If you’ve already got other ISO’s in place, good news! ISO 14068 is designed to work with other quantification standards such as ISO 14064 or other equivalents. [05:55] Reason 6: Flexibility - ISO 14068 can be used by any sized organisation, in any country or sector. It can also be applied to whole organisations or individual products. [05:55] Reason 7: Responsibility - The standard encourages organisations to take responsibility for minimising their own carbon footprint before paying third parties to offset their emissions. We’ve seen in the past where people think just paying for carbon credits will work in the long-term – which just isn’t sustainable. You should be looking to reduce as much as possible before moving onto the Offsetting stage. [08:00] Reason 9: Risk Mitigation – Adopters of ISO 14068 will be in a strong position to manage current and emerging regulatory and market risks in relation to GHG emissions. It’s a competitive market place out there, with ESG requirements appearing more on tenders year on year. Many will now require you to prove your commitment to carbon neutrality, and it’s become clear that we need Standards to be able to provide that evidence. This is where ISO 14068 comes in, as you will have that proven methodology that you can then demonstrate to those stakeholders. [09:30] Reason 10: Competitiveness – ISO 14068 demonstrates a commitment to climate action can also mitigate reputational risks and enhance brand value, market access and competitiveness [10:30] Further Information – Our sister company, Carbonology, will be publishing more content around ISO 14068 in 2024. Check back on to find out more. We’d love to hear your views and comments about the ISO Show, here’s how: ● Share the ISO Show on T or ● Leave an honest review on or . Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: | | | | | /episode/index/show/theisoshow/id/29125718

#158 ISO 14068 – A new pathway to Net Zero 12/12/2023

#158 ISO 14068 – A new pathway to Net Zero We’re inching closer to our 2030 and 2050 Net Zero targets, and if we keep going the way we are, we’re not going to hit either one. This is unsurprising considering the lack of a unified approach to achieving Net Zero. There are a lot of options to tackle certain aspects of sustainability, but few outline an entire pathway to guide businesses towards a tangible goal. However, that may be set to change with the release of ISO 14068-1:2023 – Climate Change Management! In this weeks’ episode Mel explains what BS ISO 14068 is, who can use the Standard, and how this Standard can combat green washing. You’ll learn · What is ISO 14068? · Who is this Standard for? · Why was this Standard created? · How can ISO 14068 help businesses to tackle climate change · How can ISO 14068 help combat green washing Resources ● ● ● In this episode, we talk about: [00:25] Introduction and episode summary – ISO 14068 has just been published, superseding PAS 2060. In this episode, we’ll explore what this Standard is all about, how it can help you and help prevent green washing. Keep an eye out for our follow-up episode, which will give you more insight into the 10 reasons for adopting this Standard to achieve Net Zero in 2024. [01:40] A passion for Sustainability – If you’re new, you may not be aware that Mel is the CEO of both Blackmores and . Carbonology was created as a sister company in 2023, and it’s sole purpose is to help businesses to be able to demonstrate with credibility and complete transparency - A legitimate route to achieving carbon neutrality. [03:00] What is ISO 14068-1:2023? – This is standard for businesses transitioning to Net Carbon zero. The standard for specifies the requirements for achieving and demonstrating carbon neutrality through the , reduction, removal and offsetting of greenhouse gas (GHG) emissions. [03:30] Who can use this Standard? BS ISO 14068-1:2023 can be used by any organization, in the private or public sectors, that wishes to make either the organization or a product climate neutral. Products may be consumer-facing or business to business, and include all types of goods and services, including events and financial services. [04:05] Why has this Standard been developed now?: To avoid the worst effects and keep the rise in global temperatures to no more than 1.5°C, the Intergovernmental Panel on Climate Change () of eminent scientists has identified that we need to cut emissions of greenhouse gases by 40% in this decade and to global net zero by 2050. However, working towards a long-term target of net zero can be difficult without recognition of achievements along the pathway. That’s where carbon neutrality can help; organisations that have a clear plan and have started making real greenhouse gas (GHG) reductions can counterbalance their remaining carbon footprint using high quality carbon credits / offsets to achieve carbon neutrality. ISO 14068-1 is the new International Standard that sets out requirements for organisations wishing to achieve carbon neutrality, including for products, such as goods, services or events. ISO 14068-1 also provides a rigorous and robust framework for avoiding greenwashing, and builds on the 15 years’ experience of the previous Standard – PAS 2060. Organizations using the standard will benefit in two main ways: internally, through having a clear guide on best practice in reaching carbon neutrality; and externally, by demonstrating compliance with a rigorous standard on carbon neutrality. [06:40] How can the standard help businesses that are still scratching their heads about how to tackle climate change? - The standard provides clear principles that entities need to consider when seeking carbon neutrality. These include establishing a hierarchy, so that GHG emission reductions are made first – and reductions are often the most cost-effective way of reducing a carbon footprint, avoiding the need for potentially costly carbon credits. The hierarchy is then used to determine a pathway to carbon neutrality, including short- and long-term targets for minimising the carbon footprint. The standard also explains how the pathway is used in developing a detailed carbon neutrality management plan, which provides clear guidance for those responsible for the implementation of carbon neutrality. [08:30] How can the standard combat green washing? In recent years, there have been many claims of carbon neutrality that are unsubstantiated or supported only by purchasing a few carbon credits, with a consequent risk of greenwashing. Following BS ISO 14068-1 means organiations will be able to demonstrate that their claim of carbon neutrality is underpinned by real action to reduce GHG emissions and includes a clear pathway to eliminate all possible GHG emissions, so it does not just fall back on purchasing carbon credits in the market. This significantly improves the credibility of a claim. [09:45] Keep an eye out for future episodes! We’ll be talking more about ISO 14068 in future episodes, including the benefits of adopting this Standard. We’ll also dedicate an episode to explaining the difference between Certification and Verification – so stay tunned! We’d love to hear your views and comments about the ISO Show, here’s how: ● Share the ISO Show on T or ● Leave an honest review on or . Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: | | | | | /episode/index/show/theisoshow/id/29035813

#157 Monolith’s success with ISO 27001 Information Security 11/29/2023

#157 Monolith’s success with ISO 27001 Information Security The use of AI within business is starting to become more common place. With major applications like Microsoft Teams and Word integrating many new features designed to make our lives easier. However, we still need to exercise caution with this new technology and consider what we can put in place to mitigate any potential security risks while developing or utilizing it. Which is precisely what today’s guest, Monolith, has done. Monolith provide a machine learning program that engineers can adopt to build highly accurate self-learning AI models that instantly predict the performance of systems in a wide variety of operating conditions. In this weeks’ episode Mel is joined by Æsc George, Senior Software Engineer at Monolith, to discuss why they have adopted ISO 27001, explain their implementation journey and the benefits of having an Information Security Management System. You’ll learn · Who are Monolith AI? · What was their main driver behind obtaining ISO 27001? · What was the biggest Gap identified in the initial Gap Analysis? · What benefits did Monolith AI gain from implementing ISO 27001? Resources ● ● In this episode, we talk about: [00:25] An introduction to Monolith and Æsc George – Monolith AI is all about empowering engineers to develop self-learning models from their engineering test data. With this they can develop machine learning models to really accelerate new product introductions and get these new products to market much more quickly, primarily by using these models to accelerate and streamline their testing. They are currently recommended for ISO 27001 certification, and are eagerly awaiting the arrival of their physical certificate. Æsc George is a Senior Software Engineer of this web browser based software. He is also the interim security officer, which is why he was tasked with obtaining ISO 27001. Fun fact about Æsc: He was a proud owner of a colony of 8 rats! He currently takes care of 4 cats, which have access to a plethora of enrichment in his home 😊 [03:35] What was the main driver for Monolith to obtain ISO 27001? – There were a few drivers, the most obvious being that they want to display their commitment and credibility when it comes to Information Security. Acquiring ISO 27001 makes it easier to show their clients and prospects that their engineering data is in safe hands. Monolith also know that there's a lot of buzz about artificial intelligence and machine learning at the moment, and that buzz covers both sides of the coin. What good it can do for the world and the harms it can do, so aligning with ISO 27001 shows that they’re trying to use AI in a responsible way. [05:10] The start-up is getting a head start! – Monolith AI is a start-up company, only a year in and already leading the way for AI development by ensuring security is a priority from the start. [05:40] How long did it take to implement ISO 27001? Nine months from the point of contacting Blackmores to assist to being recommended for certification. Æsc recounts his experience: “My perception is that the effort was quite front loaded, so the amount of effort involved in the process almost wound down towards the end - even with the external audit happening towards the end. I think once the information security management had been established and we'd worked it into our day-to-day, the perceived effort was lower. So I felt pretty confident going through our audit processes because I've experienced the system working already.” [08:15] What was the biggest gap identified at the Gap Analysis?: There wasn’t a formal approach to information security risk and risk treatment. There were already a number of existing systems and ad-hoc arrangements to mitigate information security risks – but they had been framed in terms of risk. They hadn’t gone through a process where risks were quantified and weighed against each other. So following the gap analysis, one of the many actions Monolith took was to make sure they were consistently and regularly assessing information security risk in various dimensions. They now have the right framework in place to allocate the appropriate time and resources towards information security, and to prioritise the biggest risks. [10:10] What difference has Implementing ISO 27001 made? - It’s given Monolith more confidence in their understanding of Information Security risks, and assurance that there aren’t any massive, unidentified risks that may cause trouble later down the line. It’s also made it easier to discuss information security risk and policy decisions. Monolith AI are a remote first company, allowing their staff the freedom to experiment with new technologies, and be in an environment where they feel comfortable. Having formal risk treatment in place means they can maintain this highly flexible, highly innovative and productive way of working – but with their eyes wide open. [11:40] What has Æsc learned from the experience of Implementing ISO 27001? Æsc is not new to ISO Management Systems, having been involved with the maintenance and implementation of a few in the past. However, he has gained an appreciation for the nuance in ISO 27001. For example, the knowledge that the standard uses words like ‘should’ and ‘shall’ that have particular intentions – ‘shall’ being mandatory and ‘should’ being recommended. His previous experiences with Management systems had more available resource than at Monolith, so learning this nuance has been important in the prioritization of focus and resources in his current position. [13:30] What have been the main benefits from Implementing ISO 27001? Having a holistic and formal approach to Information Security and risk management compared to the ad-hoc approach they had prior. It’s brought the company together on a really important issue, and helped everyone to understand the role they play in Information Security. Personally, Æsc has enjoyed reaching out to people he may not ordinarily get the chance to work with, as a result of this unifying issue that everyone at Monolith cares about. [17:00] Once Monolith formally receive their ISO 27001 certificate, what benefits will that bring? – Currently Monolith AI are recommended for Certification, and are simply waiting on the delivery of their physical certificate. Once received, they will be able to present it to prospects and clients if they are questioned on information security credentials – to show that they are serious about their commitment to security. It will also open doors to new prospects that may bother considering them as a supplier due to the lack of ISO 27001 certification. They are also a leading example in the relatively new industry of AI, those with ISO 27001 certification at this stage stand out from other competitors. [19:15] What tips does Æsc have for those starting out on their ISO jorney? – Speaking from experience, Æsc recommends hiring a specialist in ISO to assist with your implementation. In his case, Blackmores helped to organise the process, drive a lot of the early gap analysis and gave him confidence in going through internal and external audits. Having someone with experience acting as a guiding hand makes the whole process go a lot more smoothly. This could be a consultant, or someone you train within your own business. These projects are the sort of thing that turn passion into action. Whether that’s information security or environmental management ect, it’s better to have someone experienced or trained in the nuances of the Standard to ensure it’s implemented in a way that truly benefits your business. [21:20] Æsc’s book recommendation - by Kiera Chapman, Rowan Jaines, Lulah Ellender and Rebecca Warren. It’s Inspired by a traditional Japanese calendar which divides the year into segments of four to five days, this book guides you through a year of 72 seasons as they manifest in the British Isles. As Æsc describes: “Lots of the seasons will be very familiar to people who've lived in this country their whole life, but they may not have necessarily thought about the context of it. So I think is really grounding. Time and the way we measure it can seem so arbitrary and abstract sometimes, and measuring minutes and hours is responsible for so much stress and anxiety, so taking a breath, thinking about how nature moves at a different, slower, more deliberate pace, and finding the time to synchronise with that move with nature can be a really rewarding experience” [24:15] One of Æsc’s favorite quotes - “I went to the woods because I wished to live deliberately, to front only the essential facts of life, and see if I could not learn what it had to teach, and not, when I came to die, discover that I had not lived” - Henry David Thoreau (from his book ‘Walden’) [26:10] Need help with your ISO 27001 transition? – We have an available on the isologyhub. This Gameplan provides a step by step guide for you to transition to the latest 2022 Standard. If you’d like to learn more about Monolith AI, check out . We’d love to hear your views and comments about the ISO Show, here’s how: ● Share the ISO Show on T or ● Leave an honest review on or . Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: | | | | | /episode/index/show/theisoshow/id/28840698

#156 Net Zero in 90 Days 11/20/2023

#156 Net Zero in 90 Days The demand for tangible sustainability action is becoming more pressing as we inch closer to our 2030 and 2050 Net Zero targets. However, that is still quite a way off, and many businesses are dragging their feet when it comes to taking action. Sure, some may have an ESG Policy or mention it on their website, however that term is starting to become synonymous with green washing due to poor implementation in many cases. So, what can you do to make a difference right now? In this weeks’ episode Mel explains the principle of Parkinson’s law, how ISO Standards can help to tackle climate change and how you can achieve Net Zero in just 90 days. You’ll learn · What Parkinson’s Law is · How can ISO standards help tackle climate change · The 3 reasons why businesses are behind on achieving net zero · How you can achieve Net Zero in just 90 days using the Net Zero Planner Resources ● ● ● In this episode, we talk about: [00:25] Come visit the Carbonology stand at EMEX! – EMEX is a free exhibition to learn about carbon management, ESG and sustainability. It takes place at ExCeL London on 22nd – 23rd November 2023 – Carbonology will be at Stand G38. Come grab a free Net Zero Planner while you’re there! . [02:10] Episode Summary – Today we’ll be talking about why we need to act now rather than in a decade or two, how ISO Standards can play a critical role in tackling climate change and using the Net Zero Planner to help you set achievable objectives to work towards Net Zero in just 90 days. [02:55] We need to act now rather than later! – Our 2030 and 2050 targets are very far away, which results in businesses not doing much to address them in the meantime. They might have an ESG policy or they might have something referencing ESG on their website, but are they actually taking action right now to make that happen? In many cases, no. Which is where Parkinson’s Law comes into play. [03:40] What is Parkinson’s Law? Parkinson's Law is the idea that work expands to fill the time allotted for its completion. This may mean you take longer than necessary to complete a task or you procrastinate and complete the task right before the due date. Parkinson's Law is the old adage that work expands to fill the time allotted for its completion. The term was first coined by Cyril Northcote Parkinson in a humorous essay he wrote for “The Economist” in 1955. Lets say you are given a task to complete a report in 3 weeks, chances are if you were given the task to do in 1 week – you’d make it happen. Parkinson's Law says that the perceived importance and difficulty of a task will grow in proportion to the amount of time given to finish it. [05:30] Is it possible to achieve Net Zero in 2024?: Yes! Carbonology® been turning around projects to help businesses to build net carbon neutral in less than three months - so why can’t you? [06:05] The Net Zero Planner - The Net Zero in 90 days planner gives you a pathway to follow to achieve Net Carbon Zero. Each day focuses on a specific task, enabling you to make step by step progress to achieve your goals. Your Net Zero Planner provides the foundations for not only achieving Net Zero but also achieving verification to Carbon standards along the way. [08:25] What role do ISO Standards play in tackling climate change? Standards have a critical role in helping meet climate goals. Particularly when there is an influx of greenwashing across industries. The international standards for carbon verification (ISO 14064) and carbon neutrality (PAS 2060, due to be ISO 14064 in 2024) support the Sustainable Development Goals (SDG) and create a level playing field, providing transparency, reliability, accountability and without a doubt, credibility. [10:00] Why are businesses struggling to achieve Net Zero? there are three reasons why businesses are behind on achieving Net Zero:- · Time and resources have not been dedicated. · Lack of focus and structure · Lack of knowledge on what to do The Net Zero Planner will help to address these challenges. [11:15] Carbonology is there to support you – Some of the tasks in the planner may be tricky – quantifying your emissions for example, this is always going to be challenging. Carbonology is there to support you, either with consultancy or digital resources via the Carbonologyhub. If you need some extra assistance, [11:55] How can the Net Zero Planner help you? – First and foremost, Net zero is not going to happen, unless you prioritise your time. This starts with designing your ideal week. Imagine how would you structure your week if you had 100% control. What does your ideal week look like? Remember, What gets scheduled gets done. Sticking to a plan takes discipline, but imagine if every business dedicated 2 hours a day for 3 months, we’d be achieving net zero well before 2050! By setting aside 2 hours a day to complete a Net Zero task, you and your team will be well equipped to put your planning in place and achieve Net Zero accreditation! Of course, not every week will be aligned with your ideal week, but it’s a guide that you can refer back to. [13:00] Making progress with the Net Zero Planner - It’s imperative you review progress on a weekly and monthly basis and at the end of the 9O days. This will help to drive momentum when you see what you’ve achieved and also provide a reality check if you need additional support or time. The weekly, monthly and quarterly review provides an opportunity to look back at your progress and allows you time to reflect on what went well, and where you’ve been having challenges which may result in making decisions to address any shortfalls. This could include allowing more time for a specific task the following week, delegating responsibilities internally or outsourcing activities i.e. carbon quantification or verification. It's recommended that you schedule this review and reflection time in your calendar i.e. 1 hour on a Friday afternoon or at the end of the month. In addition to the structured planner pages, there are blank pages for expanding on your ideas and taking notes. [15:25] Special Deal! - The Net Zero Planner is available for Amazon at a reduced price of £7.99 until the 15th December 2023. The Standard price will be £14.99. If you’re at EMEX on the 22nd or 23rd November 2023, we have 100 free copies to give away! Lastly, if you have an questions or would like to learn more about how Carbonology can help you, feel free to book a call in via David’s We’d love to hear your views and comments about the ISO Show, here’s how: ● Share the ISO Show on T or ● Leave an honest review on or . Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: | | | | | /episode/index/show/theisoshow/id/28717823

#155 How to create a PPN 06/21 Carbon Reduction Plan 11/15/2023

#155 How to create a PPN 06/21 Carbon Reduction Plan Sustainability has become a top topic to address in the last few years, both for businesses and individuals. In fact, 90% of business leaders think sustainability is important, but only 60% actually have a sustainability Strategy. The demand for tangible action is becoming more pressing as we inch close to the 2030 milestone of the Paris Agreement. To encourage action from businesses, we’re seeing more public and private sector contracts include a tendering requirement to show your commitment to sustainability. One such example is the need for a PPN 06/21 Carbon Reduction Plan. In this weeks’ episode David Algar, Principal Carbonologist® at Carbonology, joins Mel to explain how to create a Carbon Reduction Plan, shares some top tips on presentation and how Carbonology® can support you. You’ll learn · How to create a Carbon Reduction Plan · How Carbonology® can help you align that plan with ISO 14064 and PAS 2060 · Addressing difficult tendering questions · How to best present your Carbon Reduction Plan Resources ● ● ● In this episode, we talk about: [00:24] What are PPN 06/21 Carbon Reduction Plans? – Go back and listen to our to learn more. [00:42] Episode Summary – Today we’ll be talking about how to create a Carbon Reduction Plan (CRP), how to deal with difficult tendering questions and the best ways in which to present your CRP. [02:46] How do you actually calculate the emissions? We have gone into this in a lot more detail on a , but to summarise:- Emissions are calculated by taking your activity data, such as kWh of electricity, or miles driven in a vehicle, and multiplying it by an emission conversion factor. Specific emission conversion factors are available from for specific activity data, they are also year-specific. The hard part is sourcing your activity data, accounting for missing information, performing estimates, and ensuring the overall methodology is accurate. This is all done in alignment with ISO1464-1, as well as the PPN guidelines, so one of the very first things we’ll do with you is define your organisational and reporting boundaries, [05:27] How can a business set carbon reduction targets and forecast emissions? This is tricky as it involves trying to predict the future, not just in the short term, but potentially several decades ahead depending on your goal. The good thing is you know the end destination of your carbon pathway: little to no emissions by 2050. Using this and some simple maths you can at least map out where you should be each year when moving forward from the base year, the base year being the period you use to compare future results against. Usually the base year is the first year you complete calculations, but this can change over time. We’re finding some clients are opting to change their base year to account for the disruption of COVID-19 on operations [06:40] How do you actually set the targets?: When we look at target setting and emission forecasts we generally take 2 approaches: Milestones: · The first, and our most common approach, is about setting milestones based on specific carbon reduction initiatives the business can implement, at specific dates. · For instance, all company vehicles being hybrid by 2025 and fully EV by 2035? Or what if we phased out gas by a certain date? Or cut out all single use plastics? · Using this milestone method for the forecasting can be tricky, but you can end up with a carbon pathway that is more representative of real life. Straight line method: · The second is what we refer to as the ‘straight line’ method. This is a simpler approach that involves doing some simple maths to plan out your carbon targets for each year, without factoring in specific milestones or events. · We refer to this unofficially as the ‘straight line’ method as the graph showing your carbon pathway is pretty much a straight line from your base year towards net zero, using the milestones method gives a ’bumpy’ line due to the influence of specific milestones at specific years. [08:35] A tip for setting targets for the first time is by thinking ‘what if? This is essentially looking at the thing you’re doing now and replacing it with a more sustainable alternative. For instance, calculating what your business travel emissions would be last year if they were all completed in hybrids, or if domestic flights were replaced by train journeys. Doing these ‘what if?’ calculations is a bit hypothetical as operations are likely to change over the years, but it still helps give you a specific target to aim for a specific GHG sources. [10:40] How can you influence carbon reduction in areas where you have no direct control? Some areas will be out of your control, for instance if you ship goods in from around the world you can’t necessarily decide how they get to you, or if they are transported via more sustainable transport. · One thing you can do is aim to set a good example yourself as a business · You could also adopt the PPN framework yourself and request it from anyone that is aiming to win your business · Another quick win is actually speaking to your suppliers. If you use a local delivery firm you could speak to them about their plans for an electric fleet, or more sustainable packaging. Or if you use a data centre, you could enquire about if is run on renewable energy sources [13:15] But what if we are planning to grow as a business? Results are expected to fluctuate over time, so if they go up after the base year this shouldn’t impact your success or failure in your tender submission. The aim is obviously to decrease on average over time If you know for certain that they will increase in the next few years, for instance through opening new sites, making acquisitions, or just natural growth, that’s ok. You could pick a new base year if operations significantly change as this will give a more realistic figure to work down from. You can also use this as an opportunity to evidence efficiency improvements through intensity metrics, such as your tonnes of carbon per employee, or relative to your revenue. [15:15] In what other ways can Carbonology help to support you? – Once everyone is happy with the CRP, you’ll then have to actually use it in tenders. The fun thing about tenders is that they can all ask different questions, despite PPN having technical requirements, so you can’t always have the information to hand before submitting one. We can’t write your tender submissions for you, but we can provide guidance and pull out the necessary figures if requested, for instance if you need certain numbers to support with your Social Value Model reporting. [16:20] How can this help on your journey to Carbon Neutrality? – If you’ve gone through all the hard work to create a PPN 06/21 Carbon Reduction Plan, you’ll be in the ideal position to achieve carbon neutrality of your operations via PAS 2060. The next step would be creating a PAS 2060 Qualifying Explanatory Statement, or QES, which details how you have achieved carbon neutrality through offsetting, and your commitment to maintain this for future reporting periods. [17:25] Where does the verification come into play? If you’ve already calculated your emissions you may be asked to have them independently verified by an independent third party. We’ve recently developed a process so we can check over you GHG calculations, policies, procedure and overall alignment with the standard. As part of this, Carbonology can provide a verification report with all findings and opportunities for improvement, as a well as a verification statement to show you have had emission independently verified in alignment with ISO 14064. For further information, David has prepared a quick guide for creating your PPN 06/21 Carbon Reduction Plan. Feel free to download it . Lastly, if you have an questions or would like to learn more about how Carbonology can help you, feel free to book a call in via David’s We’d love to hear your views and comments about the ISO Show, here’s how: ● Share the ISO Show on T or ● Leave an honest review on or . Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: | | | | | /episode/index/show/theisoshow/id/28650393

#154 What are PPN 06/21 Carbon Reduction Plans, and why do you need one? 11/08/2023

#154 What are PPN 06/21 Carbon Reduction Plans, and why do you need one? Sustainability has become one of the main focal points for businesses to address in the last few years, and for good reason! We’re already seeing the devastating effects of simply doing nothing in the form of more extreme weather, occurring much more frequently in areas not equip to handle it. To encourage action from businesses, we’re seeing more public and private sector contracts include a tendering requirement to show your commitment to sustainability. One such example is the need for a PPN 06/21 Carbon Reduction Plan. In this weeks’ episode David Algar, Principal Carbonologist at Carbonology, joins Mel to explain exactly what PPN 06/21 Carbon Reduction Plans are, what the requirements mean in practice and the consequences if a business does not meet the requirements. You’ll learn · What are PPN 06/21 Carbon Reduction Plans? · What the requirements mean in practice · Benefits to a business · What if a business does not meet the requirements? Resources ● ● ● In this episode, we talk about: [00:42] Episode Summary - We’re talking about PPN 06/21 Carbon Reduction Plans because there is a government requirement to submit one. This episode will cover the what and why, in part 2 we’ll go into more detail about how to create a Carbon Reduction Plan. [02:10] What is a PPN 06/21 Carbon Reduction Plan? Procurement Policy Note 06/21 was introduced back in June 2021, hence the 06/21 part, and is a tendering requirement for companies looking to win contracts in the public sector that links to the Government’s Net Zero target. [02:28] What is the UK government’s Net Zero target? The ‘net zero target’ refers to a government commitment to ensure the UK reduces its emissions by 100% from 1990 levels by 2050. [02:55] Who does PPN apply to?: Public sector, so any businesses that works with education, local authorities, housing, infrastructure, defence, transit, and of course, the NHS who have set a goal of Net Zero by 2040. Officially this is for contracts that are valued at £5M or more, but in April 2024 the NHS will be requesting a Carbon Reduction Plan for all procurement. Unofficially, this framework could be adopted by any business, so even if you don’t deal directly with the public sector, or are a subcontractor, your supply chain may soon be requesting a Carbon Reduction Plan! [04:05] Why do you need a Carbon Reduction Plan? Although the Government’s targets and policies around Net Zero keep changing, the overall goal of PPN 06/21 is to encourage businesses to reach Net Zero before 2050, come up with a plan to do so, and implement emission reduction initiatives in the delivery of Government contracts. [04:35] From a businesses perspective, what are the main benefits? There are 2 main benefits: ● It’s essential for some tendering, with as much as a 10% weighting based on your carbon management and social values. Put simply, if you don’t produce one when needed, you may fail the tender requirements and probably won’t make the sale. ● The second main benefit is that this isn’t just a piece of paper with a graph on it, it’s a great opportunity to investigate your business’ GHG emissions, and put a plan in place to reduce them. This also helps you show to stakeholders that you are actually committed to environmental protection and could identify some cost savings in your business after going through all the data. ● It’s also a great addition to any existing ISO 14001 or ISO 50001 Management Systems! [06:10] What are the key requirements of PPN 06/21? –  Firstly you’ll need to make a commitment to achieving net zero by 2050 at the latest. This includes annually calculating your emissions and updating the Carbon Reduction Plan. Next you’ll need to report on a minimum set of GHG categories: 100% of your Scope 1 emissions, so direct emission from company vehicles, gas heating (so stuff you burn) and any fugitive emissions, which are leaks from HVAC systems for most businesses. 100% of your Scope 2 emissions which is electricity most of the time but can also refer to steam you import from an external source. You’ll also need to report on 5 Scope 3 categories, these are your indirect emissions: ● Waste generated in operations ● Business travel in vehicles you don’t own, so staff cars, flights, trains, etc ● Commuting, so staff traveling to and from work, being careful not to double count business travel not already claimed under expenses ● And arguably the most complicated, upstream and downstream transportation, i.e. goods in, and goods out – physical transport of goods [09:50] Are there any other categories covered by scope 3 that we should consider? – Generally, when we produce a CRP for our clients, we’ll look at a few extra Scope 3 categories such as water, homeworking, or purchased goods, so carbon reduction planning can extend to other elements of the business. In all cases you’ll need to report in tonnes of carbon dioxide equivalent, or tCO2e, as this accounts for the global warming potential of multiple GHGs. [11:30] Are there any ISO standards that you can align the Carbon Reduction Plan to? Yes! At Carbonology, we use ISO 14064-1. This sets out a series requirements and guiding principles for the quantification and reporting of emissions. We wouldn’t necessarily have to go all the way to meeting every single requirement of the standard for your CRP but we always align with the key requirement of the standard when completing a CRP. And if you’re lucky we’ll also cover your SECR figures! [12:05] What is SECR? - Streamlined Energy and Carbon Reporting. This is mandatory reporting for businesses that are defined as large, so 250+ staff, and 36M turnover or 18M on the balance sheet. [18:20] Asset Management - In 8.2 there is a consideration for Asset Management on your side. You should take care of any assets relating to the customer, where it’s stored and how it’s being looked after. Standards such as (Information Security) and (Asset Management) already have some considerations for this. [13:30] You’ve calculated your GHG results, what’s next?- Once you’ve calculated emission from the required sources, you’ll then need to look at the carbon reduction side of your Carbon Reduction Plan. To start with you’ll need to outline existing initiatives you have, for instance, a sustainable travel policy, EV charging on site or a hybrid working model. It’s really important that these are relevant to the delivery of the contract you are trying to secure. Next, you’ll need to outline planned future initiatives, but bear in mind, these will need to be realistic and relevant, so no wild claims about buying an EV fleet or going zero waste next week! Once you’ve done all this you can then start looking at carbon reduction forecasts and what the numbers might look like between now and 2050 (or you chosen date. [15:10] Additional PPN 06/21 tips from David: It will need to be signed off by a director, or equivalent, at your business to demonstrate leadership commitment. If the document isn’t signed off on you may fail on the tender. You’ll need to publish it on your website, making it easy to access. Simple solution to this is just add a link at the bottom of your landing page. And finally, you’ll need to make sure this is kept up to date each year. Reporting for emissions occurs on a 12 monthly basis. This can either be calendar year or your financial year, but ideally, you’ll want to publish the updated version as soon as you can after the year-end, certainly no longer than 6 months after. [16:40] What does a Carbon Reduction Plan look like? - When the government announced this requirement, they also released a template document that businesses can complete. This is to simplify the process for businesses that are reporting on emission for the first time, but more importantly it standardises reporting. However, the template is a bit basic! You’re not marked on presentation, but you can dress it up a little as long as you don’t deviate from the template too much. So feel free to put come company branding on it, make a cover page, change the font, etc. You could also make a ‘full’ version of your CRP that includes further details on boundaries, methodologies and results, just make sure you only submit the template version to tenders. [19:10] What happens if you don’t meet the requirements? - If you don’t meet the requirements without a valid reason, chances are you’ll fail the selection criteria. The selection criteria is a bit like the marking scheme associated with PPN. We can’t say for a fact that this means you’ll subsequently fail the tender, but it will certainly have a negative impact. For further information, David has prepared a quick guide for creating your PPN 06/21 Carbon Reduction Plan. Feel free to download it from the link provided in the Resources section. Lastly, if you have an questions or would like to learn more about how Carbonology can help you, feel free to book a call in via David’s We’d love to hear your views and comments about the ISO Show, here’s how: ● Share the ISO Show on T or ● Leave an honest review on or . Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: | | | | | /episode/index/show/theisoshow/id/28553012

#153 Breaking down ISO 20000 Service Management 10/25/2023

#153 Breaking down ISO 20000 Service Management Last week we gave you an introduction to ISO 20000, the Service Management Standard. As a refresher, the aim of the standard is to provide a framework for an effective end-to-end service management system which encompasses the entire lifecycle of a service from concept and design, through to service removal and end-of-life. It’s best adopted by businesses who provide a service, particularly those that operate a help / service desk system. For some this may still seem a bit nebulous, especially for those that may not be familiar with Service Management terminology. To help demystify this Standard, we’ve brought Steve back to take a deeper dive into what makes this Standard unique. Join Steve Mason and Mel in this weeks’ episode as they explore Clauses 7 and 8 of ISO 20000 in more detail, and how certain aspects can apply to any business. You’ll learn ● What is ISO 20000? ● What is included in Clause 8 of ISO 20000? ● How can ISO 20000 apply to any business? Resources ● ● In this episode, we talk about: [00:43] What is ISO 20000? Go back and listen to our to learn what ISO 20000 is, a brief overview of the key clauses and the benefits of adopting the Service Management Standard. [02:00] A recap of the main requirements of the Standard: · 4.0 Context of the Organisation · 5.0 Leadership · 6.0 Planning · 7.0 Support of Service Management System · 8.0 Operation of the Service Management System · 9.0 Performance Evaluation · 10.0 Improvement Clauses 7 and 8 are where the main differences lie between this Standard and others. It includes requirements for aspects such as: · Service Portfolio · Relationship Agreements · Supply and Demand · Service Design and Transition · Resolution and Fulfilment [03:15] Similarities with other ISO Standards – Ultimately, this standard in terms of the structure, it looks like any other ISO standard, i.e. we've got context of the organisation, leadership, Planning, performance Evaluation and improvement. These will be familiar if you’ve worked with ISO 9001, ISO 14001 or ISO 27001. [04:05] Clause 7 – Support of Service Management System: This is where we’re really looking at the competency awareness communications and documented information required by the standard. In 7.5 there is a really useful list of all the documented information that's required in the management system – one that we wish was included in every ISO Standard! That required documented information doesn’t have to be in writing, it could be on computer or established system. Another key aspect of Clause 7 is Knowledge – this is about ensuring all knowledge is documented and sharable and not just stuck in people’s heads. For Service Management, this may involve the creation of a customer portfolio where you can record any incidents that occur during a service call, and how you dealt with it ect. Competence is also another major component – Make sure people are competent to do their job, i.e. they’ve been trained to do things properly and effectively. [06:40] Different ways of knowledge sharing – Knowledge sharing doesn’t just have to be written down – it could be done via a recorded video. We use a lot at Blackmores to get things across quickly. There are also a number of service desk tools available that can help you put together process flow diagrams to make things easier to understand. [08:15] Clause 8 – Operation of the Service Management System: Before you do any sort of service management, you need to plan it properly – otherwise, if you fail to plan, you’ll plan to fail. First you need to understand what resources you have, what activities there are in the service management to deliver that service to the customer and ensure that they're coordinated. A top tip from Steve: Separate resources into five groups: people, technology, information, finance and service partners. [09:55] Planning your Service – Now you understand what you’re trying to deliver, it’s time to plan your service. First you want to take a look at the flow of the service through the organisation. Which departments does it go into? Is there good connection between departments? Can you ensure that a customer’s order is going to stay the same through the whole process, you wouldn’t want possibilities for miscommunication to occur. We’d recommend drawing up a flow diagram for this process – just so you can clearly see who is doing and communicating what at any stage. [11:20] Getting Operations in order – once you understand what the process is, you need to begin to control and involve the interested parties within the life cycle of your process. This isn’t just the customer; this also includes confirming what services you’re actually delivering – as you’ll be looking to improve these services as time goes on. You also need to consider the whole service life cycle. This includes things like if a customer wants to move to a different service – how would you deal with that? Have you got a process in place to handle the return of customer assets if they disengage from your services? [12:30] Service Level Agreements: It’s a good idea to establish Service Level Agreements and Delivery Level Agreements early on. This is so you typically know what you are going to be delivering to a customer and how quickly can you deliver it and ensure the whole process is sustainable as well. This will also clarify key accountabilities for everyone involved with delivering a specific service. Clearly defined services – Finally, it also provides a clearly defined service for Salespeople. This avoids the situation where they simply sell what they think sounds good but isn’t backed up by any resources to actually deliver the service they sold. You need to have a clear strategy that sales can use and go out and sell – this may be referred to as a Service Catalogue. [15:18] A Service Catalogue in action - In Blackmores case, our Service Catalogue is online on our website. We have all the ISO Standards we can assist with listed, in addition to a description of how we can help companies implement an applicable Management System. You don’t have to have all your prices listed out at that stage, that can come later when you have a full view of the customer requirements and agreements are made. [18:20] Asset Management - In 8.2 there is a consideration for Asset Management on your side. You should take care of any assets relating to the customer, where it’s stored and how it’s being looked after. Standards such as (Information Security) and (Asset Management) already have some considerations for this. [19:05] Configuration Management - Configuration management is understanding how the parts of the service fit, so you don't disassociate them from each other. The Standard asks you to identify what's known as CIS, these are configuration items, and these are all the things that you need to deliver your service. We’ll dig more into this aspect in future content – so keep an eye out! [20:40] A final top tip from Steve: Collaboration and communication that involves leadership. If you just devolve it down to parties doing the work and just get them to work in silo, it will not work for you. It's a collaborative standard – both inside and outside of the business. [21:20] Resources available - We’ve got a number of ISO 20000 related resources available on the islogyhub – to learn more! We’d love to hear your views and comments about the ISO Show, here’s how: ● Share the ISO Show on T or ● Leave an honest review on or . Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: | | | | | /episode/index/show/theisoshow/id/28418453

#152 What is ISO 20000 Service Management? 10/18/2023

#152 What is ISO 20000 Service Management? Often seen as the poor cousin to ISO 9001, ISO 20000 Service Management largely gets ignored in favor of the more popular Quality Management Standard. To be fair, it’s title may have done it a disservice in the past. Being known as the IT Service Management Standard prior to 2018, it was often perceived as only applicable to IT service providers, when in actuality it could be adopted by any business! So, what is ISO 20000 exactly? The aim of the standard is to provide a framework for an effective end-to-end service management system which encompasses the entire lifecycle of a service from concept and design, through to service removal and end-of-life. It’s best adopted by businesses who provide a service, particularly those that operate a help / service desk system. In this weeks’ episode, Steve Mason joins Mel to discuss what ISO 20000 is, who can use and benefit from the Standard and how it fits in with other more widely adopted ISO Standards. You’ll learn ● What is ISO 20000? ● Who is ISO 20000 designed for? ● What are the benefits of ISO 20000? ● A brief overview of the Standard ● How ISO 20000 integrates with other ISO Standards Resources ● ● In this episode, we talk about: [00:50] Why are we talking about this Standard? We’ve had a lot of interest in a few of our informative videos available on YouTube over the past year, with ISO 20000 content constantly ranking in our top 5 most watched videos every month. [01:00] ISO 20000-1 was previously known as the ‘IT Service Management Standard’, but since it’s most recent update in 2018, it’s simply known as the ‘Service Management Standard’ now. [03:10] Why is ISO 20000 one of Steve’s favourite Standards? – It takes some of the aspects of quality a step further and actually gives you much clearer detail on how you can improve your management systems. So, if you've got a Service Management System in any way, shape or form, this is the standard to go. It's also one of the easiest standards to audit because there's some very simple questions to ask that can highlight some very obvious weaknesses. This can lead to significant improvement when compared to the likes of ISO 9001. [04:05] What Is ISO 20000? – ISO20000-1:2018 is a Service Management standard which has evolved from the IT industry and the ITIL Framework for Service Management; but today it can be used in all types of Service Industries particularly where there is a need for a Help Desk / Service Desk system. Some may ask, isn’t this what ISO 9001 can do? In short, no. ISO 9001 will give you a bare framework of how to create a Quality Management System, but it won't give you the fundamental details of how to improve that Service Management System, and that's where ISO 20000 comes in. [05:39] Who is ISO 20000 applicable to? – Any business that provides a service, but more specific examples include: IT Service provider, call centres, gas / electricity providers, retail ect. [07:15] A high level overview of ISO 20000 – This Standard follows the Standard structure that many other ISO Standards follow. The first 3 clauses are all informative, starting from clause 4 we have: · 4.0 Context of the Organisation · 5.0 Leadership · 6.0 Planning · 7.0 Support of Service Management System · 8.0 Operation of the Service Management System · 9.0 Performance Evaluation · 10.0 Improvement Clause 8.0 is where ISO 20000 fills in the gaps for other Standards, as it covers topics such as: · Service Portfolio · Relationship and Agreement · Supply and Demand · Service Design, Build and Transition · Resolution · Service Assurance [08:20] Familiar to some – Those in Service Management may recognise some of those terms, but may not use that exact wording. For example ‘relationships and agreements’ may be more commonly known as Service Level Agreements and Operating Level Agreements – which can be a business critical area for some. [10:45] What are the benefits of ISO 20000? - Improve the planning and introduction of services: This standard would help you understand what it is you need to do to introduce that new service, go through the planning, testing through a proper change management system and launch through a release and deployment management system. SLA’s and OLA’s - Achieve Service Level Agreements (SLAs) and Operating Level Agreements (OLAs) will be achieved consistently month on month. Reduce Stress - It will help to reduce employee stress as service request, incident and problem queues become manageable. Knowledge articles can be created to document incidents and solutions for future reference. Improved quality of service through continual improvement gained from Incidents and Problem fixes resulting in both time and financial savings. [12:30] ISO 20000 to the rescue - Steve recounts an experience he had at a company that had an outstanding issue ticket queue of 800. With the introduction of elements of ISO 20000, they we able to reduce this ludicrous amount down to 30! [14:05] A top recommendation - We’d highly recommend that you consider doing a Gap Analysis against ISO 20000. Even if you have no plans to implement it, you can still benefit from the findings. [14:40] Further resources - You can purchase the Standard directly from the . We also have a number of short courses covering specific clauses in ISO 20000, available in the . [15:55] How does ISO 20000 fit in with other ISO Standards?- ISO20000-1:2018 has now been remodelled using the High Level Standard (HLS) framework so that clauses 4 to 7 and 9 to 10 can all be interconnected with only minor differences due to the nature of each standard. Essentially, if you already have ISO9001:2015 or ISO27001:2013 most of the framework for ISO20000-1:2018 will have already been done; all that would be required is to address the service aspects in those six clause before tackling the main work in clause 8. [18:20] Business Continuity - ISO 20000 specifies a section on ‘service continuity management’ which can neatly slot in with ISO 22301 – the Standard for Business Continuity. While ISO 22301 focuses on the bigger picture, the ISO 20000 element focuses on how a service can continue for a customer during an incident or accident occurring. We’d love to hear your views and comments about the ISO Show, here’s how: ● Share the ISO Show on T or ● Leave an honest review on or . Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: | | | | | /episode/index/show/theisoshow/id/28354082

#151 Where Certification Bodies are failing 10/11/2023

#151 Where Certification Bodies are failing One of the most crucial steps to gaining your ISO certification is the completion of a Stage 1 and Stage 2 assessment, conducted by an accredited Certification Body. A quick reminder - your certification doesn’t mean much if you haven’t received certification from an accredited Certification Body – so make sure you do your research! Businesses going through their final Assessments to gain ISO certification may see any decisions made by Certification Body Assessors as infallible, however there’s still a very human aspect which can lead to some common pitfalls. Last week we dived into the requirements of ISO 17021 – the Conformity Assessment Standard designed for Certification Bodies, and more specifically the requirements in relation to you as a client. In this weeks’ episode, Steve Mason joins Mel once again to share some issues raised by Blackmores’ clients against Certification Bodies, and explains the related rules in ISO 17021 which Certification Bodies should abide by. You’ll learn ● What is ISO 17021? ● Key issues raised by Blackmores’ clients in relation to Certification Bodies ● Related ISO 17021 requirements Resources ● ● In this episode, we talk about: [00:24] What is ISO 17021? It’s the Conformity Assessment Standard designed for Certification Bodies. In effect, it acts as a service level agreement. These are the rules that these certification bodies need to comply with if they are accredited by an accreditation body like UKAS. Listen to the to learn more. [01:10] What are we focusing on in this episode? There have been some issues raised by some of our clients time and time again over the last 6 – 8 months. We want to break some of these issues down, and help listeners to understand what are the actual rules around these areas in relation to ISO 17021. [01:40] Issue #1: Cancellations – Sometimes a cancellation is unavoidable, however there are still rules that any Certification Body needs to follow – most importantly they should notify the client. Steve shares his experience with an Assessor who was due to show up on the 5th September 2023, and never turned up! it turned out that whilst the date was in the previous report, it had been removed from his diary, but it hadn't then been put into somebody else's diary, and because it hadn't been put into somebody else's diary, there was no flag to anybody to let the client know that the visits should take place. Now that visit had to be pushed back into January next year, which is the only time we can make it. [02:50] Balancing Expectations – There's an expectation from certification bodies that clients should not cancel a month or less than a month before they visit. Steve recommends that should apply to certification bodies cancelling for clients too. There are many considerations to Certification Body visits, including:- cost, scheduling the right people to be present, setting time aside for the audit ect. [04:30] One-sided penalties – Penalties seem to be very one-sided. For example: if the client cancelled two or three weeks beforehand because they had personal circumstances which meant that they couldn't attend, they would be penalised and would have to pay in full for that visit. Yet the certification body can not show up on a day, and there's no compensation whatsoever. [05:10] This is not the norm for Certification Bodies – A reminder that the issues were raising are not the norm for Certification Bodies – however we are seeing an increase of complaints raised by our clients. This may have been exacerbated due to the recent shortage of Assessors. [05:50] Issue #2: Planning Audits - Another issue that's been cropping up is about planning audits - not just surveillance audits, but also stage 1 and stage 2 Assessments. In regards to ISO 17021, Certification Bodies should be providing an Stage 1 Audit plan to the client to detail what will happen during the visit. That plan is often not happening, or there's a generic plan that gets sent out by the certification body which bears no relevance to what the assessor ends up doing. So that's as useful as a chocolate teapot. It should be sent a month ahead of the visit, not 2 -3 days before the visit takes place. Companies need time to organise the right people and Certification Bodies need to be considerate of that fact. [07:35] Steve’s experience with a poor Audit plan from a Certification Body – Steve had an occasion where he had to write a plan on behalf of the Certification Body Assessor for the client as they’d neglected to even send one! Steve used to be an Assessor, so is familiar with how these plans should be structured. The designated Assessor ended up using his plan – but this should not have been the case. [07:58] Poor planning - There have been instances where the planning has been so poor that they send the wrong Assessor to a client site. We’ve had experiences where an ISO 27001 Audit was due to take place and the Assessor turned up expecting to Audit against ISO 9001. [08:50] What should Certification Bodies be providing following a Stage 1 Assessment visit? - After your Stage 1, you should have another plan come out of that stage, after what’s known as the Programme Management Day. The reason for that is because the assessor sometimes needs to go away, look at what they've written up, and take into account what they've heard from the client, and put a reasonable plan in place. The assessor should then sit down with the client to discuss the plan and what sites are going to be visited during the Stage 2 Assessment. [09:30] Using the right language - Often we see plans come out with language in the plans that is alright for certification body, but the client has no idea what the assessor is going on about. Steve always used to sit down with his clients and say right, ‘what language do you want me to use?’ And then would use their language and would also put the clause from the related standard next to that and say ‘that's the bit I'm going to audit’. You're writing the plan for the customer, not for yourself. It also acts as assurance for a potential replacement Assessor if the first Assessor is off sick and can’t make the next visit. [11:33] What does ISO 17021 say? - In clause 9, ISO 17021 states that: the certification should ensure that the audit plan is established prior to each audit identified in the audit programme to provide the basis for agreement regarding the conduct and scheduling of the audit activities. If they fail to put a plan in place, they are not meeting a requirement. ISO 17021 also says that if you've got an organisation that's got different sites, then the plan should take into account the different sites and whether the visit is going to be on site off site – as remote audits have become more common place post-pandemic. [12:35] Steve’s experience with a flimsy plan provided by a Certification Body - ‘I came across an audit plan which was just a list of all the requirements a standard. It was across 5 days. But there was no indication as to which day those requirements were going to be assessed. There's no indication as to how long each of those requirements are going to be assessed? So what could the client do to prepare for that?’ Steve did say to client send it back and get a proper plan, but they have absolutely no joy with the certification body. [13:50] Issue #3: Unnecessary charges - Mel recounts a recent incident where a Certification Body cancelled 2 site visits, and due to the long delay between rebooking, the client had moved office. However, they only relocated a few doors down in one instance and across the road in another. The client then received a quote for an extension to scope – amounting to 3 extra days due to the address change! Mel checked ISO 17021 and confirmed that an extension to scope is only applicable if changing what you're doing or you're adding a new location to the scope – however if you’re using the exact same scope and are only moving your business from one location to the next – it is not an extension to scope, it’s just a change of address. Steve recounts a similar instance where a client was charged £160 for the address to be changed on their certificate! Which is a ridiculous and unnecessary admin fee which only serves to upset the client. [17:50] Issue #4: No disclosure of the appeals process - if client a company isn't happy with their nonconformities, there is an appeals process, which is a requirement of ISO 17021. Steve highlights an incident where an Assessor told a client ‘don't bother with the appeals process because it'll only delay the delivery your certificate’ – Which was highly unprofessional of that particular Assessor to say. The appeals process there is there to help clients if they disagree with their assessor, and allow them to go to a sort of third party that's within the certification body and say, look, I don't agree with this. Can you explain why it's a nonconformity? Top tip: If you do get a non-conformity that you’re confused about – Ask the Assessor to show you where in the standard it requires you to do that. If an assessor cannot show you that, then it is not a nonconformity. [20:30] The complaints process - The complaints process really is not about appealing against a nonconformity, but complaining against perhaps not getting your plans in your reports and all that sort of thing. [21:20] These issues are not the norm – don’t be put off ISO certification! - While we have noticed an increase in complaints in the last year, we also want to highlight that these have mostly been for 1 or 2 select Certification Bodies. On the whole, Certification Bodies provide a wonderful service to their clients. We just wanted to bring their code of practice to your attention, that you can check ISO 17021 to verify that the Certification Body is being fair to you and fulfilling their own requirements in relation to customer service. [23:35] Receiving reports - Lastly a reminder that reports to clients following visits should not take months to get to them. Clients should expect reports from Assessors in 2 – 3 days – not months! We’d love to hear your views and comments about the ISO Show, here’s how: ● Share the ISO Show on T or ● Leave an honest review on or . Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: | | | | | /episode/index/show/theisoshow/id/28285550

#150 Why you should be aware of ISO 17021 ahead of your next Certification Body visit 10/03/2023

#150 Why you should be aware of ISO 17021 ahead of your next Certification Body visit If you are going for certification, or currently manage a certified ISO Management System, then you should also be aware of ISO 17021 ahead of any Assessments or Surveillance audits conducted by an accredited Certification Body. ISO 17021 sets out requirements for bodies providing audit and certification of management systems. It ensures that Certification Bodies provide a reliable assessment of compliance with the applicable requirements, carried out by a competent impartial audit team, to achieve a consistent result for all clients. So, why should you be aware of this Standard in particular? ISO 17021 also establishes what you as a client should expect from your Certification Body. Steve Mason, Managing Consultant at Blackmores, joins Mel to discuss what ISO 17021 is, why you should be aware of it and the requirements related to expected service delivery from Certification Bodies. You’ll learn ● What is ISO 17021 ● The difference between accredited and non-accredited certification bodies ● A brief overview of the Standard and client related requirements Resources ● ● ● In this episode, we talk about: [01:40] Why are we talking about ISO 17021 now? In our internal Team Meetings, Certification Bodies are an established talking point. Highlighting the good and the bad, but in recent months it’s been more on the negative side. Steve had highlighted ISO 17021 as the Standard to look at in regard to expected service delivery requirements from Certification Bodies – so here we are! [03:00] What is ISO 17021? The reason for the standard is that it ensures that all certification bodies are delivering the same level of service to all customers. Certification Bodies don’t need to be certified to other standards such as , as ISO 17021 was specifically designed for the purpose of delivering certifications. It’s also the standard where you can find out what’s expected of Certification Bodies – like a Terms and Conditions or service level agreement. [05:00] The difference between accredited and non-accredited Certification Bodies - Go back and watch to learn more. [06:10] Why is it important that the Certification Body is accredited? – Accreditation proves that the Certification Body is being checked by another body. Accreditation is also recognised worldwide – it’s trusted as a gold standard of performance. There are many different accreditation bodies around the world, here in the UK it’s UKAS, but there are others such as ANAB in the US. Check out the to confirm the accreditation body for your country. [08:10] Ultimately, a Certification Body can’t offer accredited certification services unless they've actually been assessed by the applicable accreditation body to ISO 17021, and they need to do that on an ongoing basis like any other certification. They also may not be accredited to deliver every standard they offer – so make sure you verify with the certification body that they are in fact accredited to ISO 9001, ISO 27001 ect. [09:15] A brief overview of what’s included in ISO 17021 – A lot of the clauses before this are really about the management of certification body, but when it comes to clause 9, this is where the customer becomes a lot more involved in the requirements. It covers topics such as planning audits, conducting audits, certification decision making, maintaining certification, the appeals process, the complaints process and then keeping client records. Clause 9 in particular is where you, as a client, should focus. [11:00] What core principles are described in ISO 17021? - Impartiality, competence, responsibility, openness, confidentiality, responsiveness to complaints, risk based approach and legal responsibilities. [12:20] What personal behaviors should you expect from your assessor? – In Steve’s experience, he’s seen more and more assessors not living up to the requirements of ISO 17021. This could be for a number of reasons, i.e. they could have an uncooperative client, they may not have had adequate training, perhaps there’s a break down between clients and client managers. Either way, these are a few of the qualities that Assessors should embody: ethical, fair, truthful, sincere, honest, discrete and open-minded. [14:00] A lack of open mindedness - Steve had encountered an Assessor that stated ‘This must be wrong because I've never seen it done that way’ – which is not open minded in the least. This resulted in a non-conformity which should have never been raised. ISO 17021, clause 9.4.5 states that any non-conformity raised shall be recorded against a specific requirement in the Standard being audited. Assessors need to take heed not to assess to their preference. [15:15] Top Tip - If you get asked a question, then give an answer and they raise that as a non-conformity that you’re unsure as to why it’s being raised - it's always worth asking the Assessor to show you where in the standard they're raising the non-conformity against. It's a case of clarifying the question and verifying what they’re raising a non-conformity against, and if there’s a justification for it. If there is, then great, they’re doing a great job! If not, it may be the Assessor’s personal bias, and there’s a chance you can get that non-conformity down to an opportunity for improvement. [17:05] Other expected traits for Assessors to be aware of - Collaborative: It should be a partnership between the client and Assessor – they want what’s best for you. Tenacious: This can sometimes be taken too far. For example, if your Assessor it still assessing past 5pm, tell them to go home. If they need more time, then it's up to the certification body to work that one out. Other basic traits include: Observational, being perceptive and versatile. We’d love to hear your views and comments about the ISO Show, here’s how: ● Share the ISO Show on T or ● Leave an honest review on or . Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: | | | | | /episode/index/show/theisoshow/id/28209719

#149 10 reasons why ISO Standards help to win Tenders 09/26/2023

#149 10 reasons why ISO Standards help to win Tenders One of the most common reasons why businesses look to achieve certification is because a client or prospective client is demanding it. Questions are often asked in tenders such as do you have an Environmental policy? A complaints procedure? Data privacy controls? And of course do you have ISO 9001 (the quality standard)? Or ISO 14001 (the Environmental Management Standard)? These answers accrue points and when bidding for a contract, the more points you can get the better chance you have of winning that lucrative contract, which could bring your company 1 – 3 years of high value revenue and profit. So why are ISO Standards, Policies and Procedures mentioned in tenders? And why should you look to align your business with quality, environmental and risk standards? Join Mel on today’s episode as she shares 10 reasons why ISO Standards can help businesses win tenders. You’ll learn ● Why are ISO Standards mentioned in Tenders? ● The difference between accredited and non-accredited certification bodies ● 10 Reasons why ISO Standards can help to win Tenders Resources ● In this episode, we talk about: [00:55] Based on 17 years of running four businesses relating to ISO standards, Mel estimates that 8 out of 10 businesses that look to achieve certification is because they want to win or retain a client contract. [01:35] If you've got your Policies, Procedures, Standards and systems in place, it does make the whole process of bidding for tenders a lot easier, in addition to giving you a greater chance of winning those tenders. [02:30] Reason #1: Proof that you have achieved the highest standards - Put yourself in your clients’ shoes – would you rather work with a company that pays lip service to protecting your valuable data? Or that they have over 100 controls to manage your data in the security? (Such as in the Standard for Information Security - ) One of the main reasons your clients will be looking for your company to be certified to an ISO as because it demonstrates that you operate your business to the highest global standards. [04:00] Reason #2: Demonstrates independent 3rd party certification – This means that its not just you that claims that your business has good health and safety controls in place – an ISO certified business has to prove that its compliant year after year. Being certified is proof that you practice what you preach and that there is evidence to back this up. [04:50] Be careful – know the difference between accredited and non-accredited certification – Go back and watch to learn more. [05:45] Reason #3: Recognised across the globe – Passport to trade – When organisations are looking to expand internationally, ISO certification is often a requirement to deliver services or provide products overseas. This is because ISO Standards are recognised globally as they way businesses should be run. ISO’s aren’t just passports to trade internationally – they are also passports to trade in certain sectors. For example in Construction – you aren’t going to get very far in tenders if you don’t have ISO 9001 (Quality), ISO 14001 (Environment) and ISO 45001 (Health and Safety). [08:40] Reason #4 – USP - Many organisations adopt ISO Standards to give them a competitive edge and score more points in a tender. For example, let’s say you’re bidding for a public sector contract worth £2 million, and they are very keen on their suppliers verifying their carbon footprint and being carbon neutral. It would give you a massive competitive edge if you could prove this and demonstrate evidence, once such way would be to get certified to (Carbon Verification) and (Carbon Neutrality). If you’d like to learn more about those Standards, go back and listen to episodes and . Note: PAS 2060 is set to become an ISO in the near future! Keep an eye out for news concerning … [11:55] Reason #5: Risk Management - ISO Standards help to significantly reduce risk. This is why certified business have lower insurance costs and win more business. All businesses need effective risk management – even Law Firms. Over the last few years, we’ve seen more and more law firms achieve certification to ISO 27001 (Info Sec), (GDPR) and business continuity (). [13:20] Reason #6: Meeting customer requirements - The one thing that a client outsourcing services expects as a minimum is that you actually meet their needs. It’s not much to ask is it? Though, you would be surprised how many businesses operate without processes! ISO Standards help to define what your processes, and provide a blueprint for how you run your business – therefore providing clients with a standardised approach that is repeatable and guarantees high standards of quality products and services time and time again. [14:30] Reason #7: Reduce ambiguity - ISO Standards set out very clear specification – Many of them require certain documents that non-certified businesses often don’t have. One such example is a process for dealing with problems, otherwise known as ‘Non-conformities’ in the ISO world. Businesses shouldn’t just bury their heads in the sand, they should have a system in place to log issues / customer complaints, rectify the issue and put preventative measures in place to prevent a recurrence. [16:05] Reason #8: Industry specific standards - Certain ISO Standards prove that you meet the highest quality best practice standards for your industry. Not every industry has specific ISO Standards – but an example of this may be an events company that wants to stand out by being sustainable. (Sustainable Event Management) would give them a huge advantage over competitors. [17:10] Reason #9: Competent personnel with clear accountability and responsibility - ISO Standards do stipulate that you have people that actually know what they're talking about, in some cases, for businesses that don't have ISO’s, this can be a bit of a steep learning curve. If you’re looking to gain some basic competency in ISO Standards – check out our online learning platform, the [18:10] Reason #10: Gives assurance to clients for a period of 3 years – ISO Standards are continuously maintained over a 3-year cycle. It’s not a case of passing an assessment then waving goodbye to the systems you’ve got in place to run the business. You have to prove continued compliance through annual surveillance audits, and recertify after 3 years. We’d love to hear your views and comments about the ISO Show, here’s how: ● Share the ISO Show on T or ● Leave an honest review on or . Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: | | | | | /episode/index/show/theisoshow/id/28144340

#148 How Asynt are embedding Quality and Environmental management with ISO 9001 and ISO 14001 09/13/2023

#148 How Asynt are embedding Quality and Environmental management with ISO 9001 and ISO 14001 Quality and environmental management are top priorities for many organisations, backed up by the increasing number of ISO 9001 and ISO 14001 certificates being issued every year. Aside from being a popular requirement on tenders, ISO 9001 and ISO 14001 provide a robust framework for businesses to ensure they follow Best Practice, enhance their businesses performance and put measures in place to reduce their environmental impact. We often see these two Standards being implemented in tandem, as is the case with todays’ guest, Asynt. Asynt is a global provider of world leading technologies and services for scientific research, developed by chemists for chemists, their laboratory equipment responds to the real demands of industry and academia across the globe. Today we welcome Siobhan Ellwood, Sales Support at Asynt, as she explains their journey towards ISO 9001 Implementation, and how they embedded ISO 14001 along the way using our online learning platform – the isologyhub. You’ll learn ● Who are Asynt? ● How did Siobhan get involved with ISO Standards? ● What was Asynt’s main driver for obtaining ISO 9001 and ISO 14001? ● What did Asynt learn while implementing ISO 9001 and ISO 14001? ● Siobhan’s experience using the isologyhub to implement ISO 14001 Resources ● ● ● ● In this episode, we talk about: [00:55] An Introduction to Asynt - A global provider of world leading technologies and services for scientific research. Based just outside of Ely in Cambridgeshire, they just celebrated 20 years in business! [02:10] Siobhan’s role and how she got involved with ISO Standards: Siobhan is the Sales Support Manager for Asynt, she assist with raising quotations, managing sales orders and providing support for the warehouse. In January 2023, 3 members of the Asynt Team were tasked with researching and obtaining ISO 9001, with a view to adopt ISO 14001 later on. Siobhan had experience working with Quality Standards thanks to her previous work in aviation and automotive companies, and had even previously implemented the Standard. Naturally, she was a perfect fit to head the ISO 9001 and ISO 14001 project at Asynt. [05:40] What did Siobhan enjoy most about Implementing ISO Standards? Initially, realising that she had a lot more knowledge about ISO than she gave herself credit for. Also, making use of the 5 Why’s to identify where something has gone wrong, implement a solution and preventing it from recurring. [06:40] What were the main drivers behind Implementing ISO 9001 and ISO 14001?: For ISO 9001 – Top Management saw the need to have proper procedures in place, to ensure that everything was written down and could be communicated and conducted by other staff if needed. Ultimately, they wanted a cohesive system where everything, included roles and responsibilities, were documented and managed. For ISO 14001 – Customers often ask for ISO 9001, but ISO 14001 was also starting to pop up in conversation more. Top Management at Asynt wanted to get ahead of the curve and make the move towards becoming more environmentally friendly. It was also seen as a stepping stone towards being in a position to calculate their Carbon Footprint and make further improvements. [09:50] The ISO 14001 Coaching Programme – Asynt were one of the first companies to go through our ISO Coaching Programme, hosted via the isologyhub. This programme combined the DIY digital platform with group coaching sessions, allowing all participants to work collaboratively towards creating their own Environmental Management System. [10:20] Siobhan’s experience with the ISO 14001 Coaching Programme: Overall Siobhan had a very positive experience in the coaching programme, a few highlights include: Sharing ideas: Other participants come from a wide range of industries, and each brought their own unique ideas to the table, encouraging others to look at things from many different points of view. Support: If another participant is struggling with something, there is a group of people to support and provide possible solutions. Siobhan gave an example of where she provided an Excel guide to another member who was looking for a solution. Resources: Siobhan had previous experience with implementing ISO Standards, so she was aware of what type of documentation was required. She found the resources on the hub useful to refer to outside of coaching sessions, to enhance Asynt’s own ISO Standard Implementation. [12:20] What was the biggest Gap identified during Asynt’s Gap Analysis? Mostly it was the lack of documentation, which required a lot of work to get everything written down in cohesive processes and procedures. For ISO 14001, Asynt are fortunate enough to own the buildings that they operate in. So, gathering the initial information required where potential energy and environmental improvements could be made was fairly easy. [15:00] What differences did Asynt see after addressing the identified gaps? For ISO 14001 – Some elements were already in place (recycling waste ect), but weren’t being monitored in any meaningful way. Now Siobhan has got processes in place to ensure the recycling is being separated correctly and weighed so they can properly gauge their impact. For ISO 9001 – It was the introduction of the 5 Why’s, which Asynt have used to great effect to identify problems and implement solutions. An example of this can be found in their warehouse, lanes and shelves weren’t labelled, causing confusion. It was a quick fix that could have been implemented years ago, but the 5 Why’s forced a much needed change. [18:00] What did Siobhan learn from the experience of Implementing ISO 9001 and ISO 14001? Integrating a Management System can save on a lot of paperwork! Initially the plan was to have just an ISO 9001 System, with ISO 14001 implemented at a later date. Going through the process of Implementing them as the same time highlighted how much easier it would be to combine them, thanks in part to how many elements overlap between the two. It also makes the system a lot easier to interact with, having everything in one place rather than spread between two separate systems means staff don’t have to waste time digging for policies and Procedures. [20:00] Certification plans: Asynt are well on their way towards ISO 9001 and ISO 14001 certification with their Stage 1 in October and Stage 2 in November 2023. With just under 2 months before the Stage 1, Siobhan plans to continue working through some opportunities for Improvement, raised by Blackmores in some recent Internal Audits. [21:41] Siobhan’s top tip: Trust in the process and make sure that you have the right person in your business to lead the ISO project. Also being open to change, being honest with yourself about where the gaps are and trying to get those closed but also manage expectations within the business. [23:50] Siobhan’s book recommendation: by Raynor Winn. [26:05] Siobhan’s favorite quote: “Personal growth is not a matter of learning new information, but unlearning old limits” – Alan Cohen If you’d like to learn more about Asynt check out their ! We’d love to hear your views and comments about the ISO Show, here’s how: ● Share the ISO Show on T or ● Leave an honest review on or . Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: | | | | | /episode/index/show/theisoshow/id/28019154

#147 How Haymarket are leading the way in Sustainable Event Management with ISO 20121 09/06/2023

#147 How Haymarket are leading the way in Sustainable Event Management with ISO 20121 The UK events industry accounts for 35% of the UK visitor economy and is estimated to be worth £42 billion, yet it is still incredibly wasteful, with 68% of waste going directly to landfill. Haymarket Media Group is a global media data and information company, who offer a wide range of digital print, tech and live event services. Haymarket UK had been certified to (Environmental Management) and (Energy Management) for a few years prior to 2019, covering most aspects of their business from a sustainability point of view. However, their live events still had many sustainability opportunities that were not being taken into consideration by their existing certifications. So, in early 2022 they embarked on their journey to gain ISO 20121 (Sustainable Event Management) certification. Today, Gary Charlton and Natalie Harris from Haymarket join Mel to discuss exactly why they added ISO 20121 to their portfolio, the challenges faced with Implementing the Standard, and the benefits gained from certification. You’ll learn ● Who are Haymarket? ● What is ISO 20121 Sustainable Event Management? ● Why did Haymarket choose to Implement ISO 20121? ● What challenges did they face? ● What are the benefits of ISO 20121? Resources ● ● ● In this episode, we talk about: [00:50] An Introduction to Haymarket Media Group - A global media data and information company, with offices in the UK, US, Germany, India and Asia. They produce live events (including award ceremonies, conferences and exhibitions), digital print, education data and tech services. [02:25] Gary Charlton is the Head of Procurement for the UK - Part of his role includes supporting the Haymarket approach towards sustainability, to ensure their products and services are as environmentally and socially sustainable as possible. [02:45] Natalie Harris is the Procurement Executive at Haymarket – A lot of her role revolves around live events in addition to purchasing our products and services. Additionally, she advises the wider team on buying legally, sustainably and ethically. Both Natalie and Gary form a team, and were the main driving force behind the creation of their Sustainable Event Management System. [03:40] What is ISO 20121?: ISO 20121 was launched for, and named after, the 2012 Olympics, making it the worlds first sustainable Olympics! The Standard provides a framework for managing events sustainably, that includes having the policies, procedures, registers and records to demonstrate that the events are being run in a sustainable manner. Being certified indicates that a company is not just paying lip service to sustainability, it's actually practicing what they preach. If you’d like to learn more about ISO 20121, go back and listen to . [05:30] What was the main driver behind Haymarket achieving ISO 20121?: Haymarket first contacted Blackmores about assisting with ISO 20121 Implementation in 2019. At the time, they were already certified to ISO 14001 and ISO 50001, so they understood the benefits that came with ISO certifications - including the framework to start making better decisions and accurately measure what you're doing. Their head of facilities had started the process of evaluating other areas they could improve with ISO Standards, particularly around sustainability. Live events are a large service offering for Haymarket, which has a significant environmental footprint, so a case was put forward for the benefits if reducing that impact with the help of ISO 20121. The team running their live events were very positive about the potential benefits presented, and the go ahead was given. [07:20] Sustainability is central to how Haymarket wants to operate – Implementing ISO 20121 would ensure that there was more standardisation across their processes. This would introduce some uniformity that could apply to all types of events, which was very important to the Live event lead - Donna Murphy. Natalie was in the right place at the right time, already in the position of working in collaboration with Haymarket’s Live events team on sustainable procurement, ensuring that due diligence was followed with suppliers and their accreditations. So, it was a no-brainer getting her on board with the ISO 20121 project! [09:30] How long did it take to implement ISO 20121?: Haymarket engaged in Blackmores services in February 2022 and were accredited by July 2023. In total, it took 18 months for the planning, creation and development ahead of the assessment. They ensured the system was refined to ensure it worked efficiently, encouraging continual improvement and a harmonious approach for the whole business. [11:15] Above and beyond: Haymarket received a lot of praise from their Assessor – highlighting their thoroughness, including the involvement of top management and many others within the organisation in the creation of the Management System. Also for ensuring that the system would be applicable for the 4 main types of events that Haymarket runs. [12:00] ISO 20121 requires an audit to be conducted during a live event – So Haymarket had a lot to consider when selecting the event to be audited. [13:30] Haymarket’s key insights on Implementing ISO 20121: #1: The Gap Analysis was an integral part of the process – by highlighting the gaps you can clearly see where improvements can be made. While they may have been a bit crestfallen and daunted by the gaps presented, they came out if knowing they already had around 27% of a Sustainable Event Management system already in place – partly due to their existing certifications. This soon bumped up to 59% at the half-way checkpoint! This assured them that ISO 20121 was within reach, and simply required at bit of time and effort to achieve. #2 Having leadership involvement and backing – They were quick to involve their live event lead, Donna Murphy, in key decision making and with the roll-out of the Management System. She was instrumental in ensuring the Standard was in place and being followed. [18:45] What were some of the gap identified and how did Haymarket bridge them? Required documentation – Many ISO standards have required documentation. A lot of times companies do have a lot of it place, but it’s simply just not formalised. Natalie highlights that this was the case with a Risk Register. It’s not a universal company need to have, but as part of the Procurement Team it’s simply a part of who they are and what they do. For live events, they need to do the appropriate health and safety checks, but it wasn’t formalised in any way. Thankfully their facilities and environment specialist, who assisted with the existing ISO 14001 and ISO 50001 certifications, was on hand to help with the creation of risk procedures based on procedures from the existing Management System. With this collaborative approach, using elements from the exiting Management System, they created 31 brand new documents consisting of Procedures, Registers, Log and Records that are continuously used, monitored and updated. This new documentation, while a lot of work to create, ultimately helps Haymarket track, measure and set parameter’s for continuous Improvement. It ensured they have a really visual system, with a clear view of what needs to be done to run sustainable events. [23:00] What difference has Implementing ISO 20121 made?: There was a big amount of short-time work for a long term gain. It’s not simply a stack of useless documents sitting in a corner, it’s a living, breathing system that is injected into the business. The Management system is of benefit to everyone, including those new to Haymarket’s team as it provides a structured and standardised approach to sustainable event delivery. It’s provided knowledge and helped to develop new skills that will stick with all those that interact with the Management system, whether they stay with Haymarket or move elsewhere. Ultimately, it’s all about ensuring they are doing the right thing for the planet. By creating more sustainable events, they are reducing their impact as a whole. [26:00] What is the main achievement from being certified to ISO 20121?: Morale and confidence that they can say they really do practice what they preach. They could hold a mirror up and say, right, we've created this system and we're confident in it – with internal audits conducted by third-parities to confirm they’re on the right track with their intended goals. Certification is not the end goal. You have annual Surveillance Audits to check-in, so the system must be a long-term feature in your business, and it must drive continual improvement. [27:50] What top tip would Gary and Natalie give for ISO 20121 Implementation? Gary: Make sure you’re resolute in your reasoning for Implementing the standard and the implications of doing so. Also, enlist the help of someone with Implementation experience! Natalie: Don’t underestimate the amount of work required. Select someone in-house to manage the project and when / if you can, use external resources such as a consultant to assist. They can also provide unbias, reflective feedback to ensure you’re on the right track. [30:10] What’s a favorite quote? “The greatest threat to our planet is the belief that someone else will save it” – Robert Swan If you’d like to learn more about Haymarket check out their ! We’d love to hear your views and comments about the ISO Show, here’s how: ● Share the ISO Show on T or ● Leave an honest review on or . Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: | | | | | /episode/index/show/theisoshow/id/27954936

#146 5 mistakes to avoid while managing an Energy Management System 08/30/2023

#146 5 mistakes to avoid while managing an Energy Management System Energy Management can be a tricky topic to approach depending on your industry. There are a lot of factors that need to be considered to ensure that you are accurately monitoring and measuring your energy consumption. Thankfully ISO 50001, the Standard for Energy Management, does provide a lot of useful guidance to help you get started. As a reminder, ISO 50001 can help your business to continually improve its energy performance, energy efficiency, energy use and energy consumption. Building an energy management system (EMS) based on the requirements of ISO 50001 will ultimately help you to understand, monitor and measure your use of energy. However, even with the guidance, we often see a few common mistakes companies make while managing their EMS. Today Darren Morrow, Senior Isologist here at Blackmores, joins us to share his top 5 mistakes to avoid while managing an EMS. You’ll learn ● What is ISO 50001? ● 5 mistakes to avoid while managing an Energy Management System ● How can you avoid these mistakes? Resources ● ● In this episode, we talk about: [00:30] What is ISO 50001? ISO 50001 is all about continually improving energy performance, energy efficiency, energy use and energy consumption. By Implementing an energy management system, you will be able to fully understand and monitor and measure your use of energy. Like most other ISO’s, continual improvement is at the heart of ISO 50001, and It’s also based on the Annex SL format. So, it shares some similarities with Standards such as and ISO 14001. If you’ve got , you’re already half-way there! [01:14] We have a more detailed walkthrough of ISO 50001 Implementation available in our steps to success podcast series, which are episodes: , and [02:00] Mistake 1 – Lack of commitment from top management: This can be one of the biggest issues and can cause the most damage in relation to any management system. A lack of support from top management often leads to:- · A loss of motivation for improvement · A lack of financial support and resources – The EMS should be considered in budgets so you can account for any additional maintenance that needs to be done to ensure equipment is running optimally, or possibly investing in newer technology that is designed to be more efficient. · Lack of alignment of the EMS and organisational goals and objectives – Everyone in the business should be aware of the organisation’s goals, if energy management is included as part of those goals, then they are more likely to be fulfilled. Having a commitment from top management ensures that EMS is part of the business and not just a bolt on. [03:25] Mistake 2 – Built by one person or department: If one person is deemed ultimately responsible, even if supported by top management, overall commitment throughout the business can be difficult, sometimes with comments such as 'that’s Bob's job'. With one person or department, there can be the lack of authority to make decisions, and inevitably they can become siloed from the rest of the business - not hearing about improvement opportunities, not being involved in internal projects, etc. Ensure that, even in a smaller businesses where one person may form the 'Energy Team', that everyone is able to contribute. [04:20] Mistake 3 – Rushed Implementation of the Energy Management System: This can lead to confusion as to who is responsible and what responsibilities are shared. It can also lead to failures to record opportunities for improvement, or for monitoring and managing any deviations in energy consumption that may occur and require investigation. There is also the risk of a lack of awareness amongst staff if you’ve not taken the time to communicate roles and responsibilities in relation to the EMS. [05:30] Mistake 4 – Manual controls that can be overridden by staff: A lot of what you monitor and measure may be automated, but there will always be elements where there is a potential for human error. So ideally, where possible during energy reviews or audits, consider those elements that humans have direct impact for the control and influence of energy. Typical examples include: · Heating and cooling - Problems and excessive energy use can be caused through individuals changing temperatures resulting in equipment working harder and on many occasions working against each other. · Lighting - Many companies now have sensor controlled lighting, this ensures lights are only switched on when required. Manual lighting controls typically have resulted in lights being switched on and left on in rooms that are not occupied, example being meeting rooms. [06:50] Mistake 5 – Data collection and monitoring: Data collection is crucial in supporting decision making and also to be able to demonstrate improvement. Common pitfalls in this category include: · Lack of attention to monitoring and measurement results / trends – there is a likelihood that data will not be collected properly, recorded incorrectly, resulting in data that is only used to populate a spreadsheet or software based database, and does not provide any valuable information. Results may not be analyzed at appropriate times to identify any trends or issues / deviations that may arise, potentially leading to inefficiencies in equipment operations, and ultimately increased costs · Poor data collection and record keeping and general housekeeping - Data if not collected periodically, covering determined periods, will result in being unable to compare consumption on a like-for-like basis. This means you will only be recording usage, with significantly reduced means to identify opportunities for improvement and / or causes for deviations. · Relying on energy bills (estimated and not reading meters) – This should be a last resort for data collection. This will not provide accurate information to base decisions on, inevitably bills will show an estimated consumption and cost, followed by a 'reading' sometime during the year, resulting in an amendment or adjustment being made - primarily cost. This has a significant impact the data collected, along with any possibility of accurately identifying improvements and / or deviations that could impact the business [09:40] We’re offering a Buy 1 Get 1 Free offer on memberships until the 31st October 2023! to book a demo. We’d love to hear your views and comments about the ISO Show, here’s how: ● Share the ISO Show on T or ● Leave an honest review on or . Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: | | | | | /episode/index/show/theisoshow/id/27889542

The ISO Show

TOPICS