POPULARITY
ISO consultancy isn't a field many aspire to enter, mostly because many don't know it exists until you're tasked with either managing an existing ISO Management System or implementing a brand new one. We're continuing with our latest mini-series where we introduce members of our team, to explore how they fell into the world of ISO and discuss the common challenges they face while helping clients achieve ISO certification. In this episode we introduce Sarah Ball, a Senior Isologist® at Blackmores, to learn about her journey towards becoming an ISO Consultant and what drives her to help clients on their ISO journey. You'll learn · What is Sarah's role at Blackmores? · What does Sarah enjoy outside of consultancy? · What path did Sarah take to become an ISO Consultant? · What is the biggest challenge she's faced when implementing ISO Standards? · What is Sarah's biggest achievement? Resources · Isologyhub · Productivity Ninja In this episode, we talk about: [00:30] Episode Summary – We introduce Sarah Ball, a Senior Isologist® here at Blackmores, to discuss her journey towards becoming an ISO consultant who specialises in ISO 9001, ISO 45001, ISO 14001 and ISO 27001. [03:45] What is Sarah's role at Blackmores? Sarah is a Senior Isologist® with Blackmores, supporting companies with maintaining systems, undertaking internal audits, and supporting with implementing new systems to gain certification utilising our Isology methodology. Sarah also coordinates the development of content of our online learning platform, the isologyhub. [04:50] What does Sarah enjoy doing outside of consultancy?: Sarah has a keen interest in history, having studied it at school, she like to travel to various locations of historical interest. She also spends a lot of time researching her own family tree, learning as much as she can about the far reaching members of the past. Sarah also likes to go jogging outside, as the gym environment didn't inspire much enjoyment, she instead prefers to be in nature while exercising. She has also participated in long distance running for charity, completing the 10k Race for Life. She's taking on the more daunting muddy 5K version this year, which includes a number of obstacles, so we're wishing her luck! One of the new hobbies she's like to take up this year include mountain climbing, with Mount Snowdon on her to-do list. [06:35] What was Sarah's path towards becoming an ISO Consultant?: Sarah initially started in Customer Services, working as a customer service advisor in a company and then got promoted to manager of a team. At that point, her role became more about understanding why they were getting certain complaints and what could be done to prevent them happening rather than just resolving them. She ended up spending more time with suppliers and other departments to help prevent some of the recurring issues, and along the line it lead onto being asked to implement an ISO 9001 Quality Management System. Which was a tall request considering the fact that at the time, Sarah knew nothing about ISO 9001 outside of it's designation and area of focus. As a result, she spent a lot of time researching it, and had the help of an external consultant to Implement the Management System. This was necessary, as knowing how to apply it to a business was something that she needed support with. 2 years later, the company asked Sarah to implement an ISO 45001 Health & Safety management system and an ISO 14001 environmental management system. These two she implemented herself after getting a feel for it during the initial quality management system implementation. For the next 10 years, Sarah worked in other companies, assisting with their integrated management systems. Along the way, she also picked up on ISO 27001 Information Security, before landing in Blackmores in 2020. [09:10] A path people fall onto – Most people don't actively plan to get into ISO consultancy, it's usually a result of being tasked with managing or implementing a management system while working in another role. [10:10] What is Sarah's favourite aspect of being a Consultant? – Sarah enjoys the variety, not just in the work and tasks but in the companies and industries that she gets to work with. Each have their own way of working, unique approaches and knowledge nuggets in the form of ways of working that can be cherry picked and applied elsewhere. She also likes to see how a management system develops and evolves overtime and how it can become part of a company's success, driving continual improvement. Sarah enjoys working with people that can see the real benefits of ISO management systems, rather than just focusing on the certificate on the wall. [13:40] Making a Management System your own – Sarah is a big proponent of making a Management system your own, giving it an identity so that it can be fully integrated into the way a business works. Businesses do it all the time, usually by naming large projects that everyone can reference by a common shorthand. A Management System can work in the same way, making it a part of the day-to-day running of the business. She's also a fan of not worrying about the terminology in Standards. Many of the terms used are meant to be general, this was due to the way international audiences referred to certain aspects of management, it wouldn't always translate correctly. So many Standards have some admittedly awkward terminology that can be applied to any business, and you by no means have to use their wording, as long as you can explain what relates to what in an audit then you're free to name things as appropriate to you. [16:55] What Standards does Sarah specilaise in and why? Starting with: · ISO 9001 Quality: This is the main standard that Sarah starting working with, and is one that touches on a lot of areas within other Standards. It's a great base to build off of, and is the starting point for many venturing into the world of ISO. · ISO 14001 Environmental: Sarah got experience with this Standard at her first company, it's also commonly implemented alongside ISO 9001. · ISO 45001 Health & Safety: Another one of the first Standards Sarah implemented, it's also a common one to see in integrated management systems. · ISO 27001 Information Security: Sarah got to grips with this Standard through years of working with other companies. Sarah's favourite Standard is ISO 9001, not only because it was her first experience with implementing ISO Standards, but because it create a blueprint for success. ISO Standards are setting the minimum requirement, not the maximum, they are designed get you started so you can make continual improvements. It also acts as a foundation to build onto, you can pick aspects of other Standards to integrate into your existing system. You don't necessarily have to certify to those additional Standards, but nothing is stopping you from strengthening your Management System with the best bits from other ISO's. [21:00] Sarah's favourite clause in ISO 9001: Sarah personally favors Clause 10 – non-conformity and corrective action. The reason behind that choice is due to that clauses' importance in driving continual improvement. It's about taking something negative being turned into a positive, which is what Quality Management is at it's core. [22:05] What is the biggest challenge Sarah had faced during a project and how did he overcome it?: Molding the Standard to the business. As a consultant, the biggest challenge is understanding how to make the requirements of a Standard fit the business, and not the other way round. It's all about trying to align the ISO Standard requirements to their values and mission, and then getting people on board with understanding the true benefits of management system implementation. At Blackmores, we ensure that each management system is unique to each business. We don't operate with a copy paste model. This is another reason why Sarah encourages naming your management system, by branding it you encourage engagement. Sarah highlights the fact that we run a lot of workshops in the initial part of a project, conducting a Gap Analysis, SWOT and PESTLE ect, this helps our consultants to really get a feel for how a business ticks. From that, we can help steer the delivery of the Management System to the wider business, by building it into their existing tools, such as an intranet. [25:45] Leading by example: We revamped our own ISO 9001 Management System a few years ago, with both Rachel Churchman and Sarah Ball leading the refresh. We gave it a name, H20 (How 2 Operate) and integrated it with our Microsoft Teams channels as we'd all swapped to mostly remote work following the COVID pandemic in 2020. As Sarah points out, there are many different ways to display and deliver your management system, including: · Microsoft Teams · Intranet · Google / Google Drive · SharePoint · CRM's such as Monday.com The key is building it into the day-to-day tools everyone uses. Make the Management System part of your processes, so adhering and maintaining it becomes part of everyone's way of working. [28:55] What is Sarah's proudest achievement? Obtaining her degree through the Open University while still working full time. It took Sarah 8 years of hard work to obtain her honours degree in History, which was one not required by her work or career development. It was simply something she wanted to do to prove to herself that she could achieve it. Many other members of Blackmores can attest to Sarah's level of determination, and organisation, as she shares many tips and techniques learned from her years of study and work. This includes: The Productivity Ninja – Learned from Graham Allcott's book, which seeks to help reduce procrastination, and tackle tasks with efficiency. The Second Brain – A tool to help keep track of ideas / tasks that aren't an immediate priority. These tools are now used by a number of the team, and we have no doubt Sarah will be schooling us on more techniques in future. If you'd like any assistance with implementing ISO standards, get in touch with us, we'd be happy to help! We'd love to hear your views and comments about the ISO Show, here's how: ● Share the ISO Show on Twitter or Linkedin ● Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List
Many organizations have addressed their need for good security practices by implementing ISO Standard 27001. The problem is, we often miss how the application of this standard applies to us as resilience professionals. Hello everyone, and welcome to episode 179 of the Resilient Journey podcast, presented by Anesis Consulting Group! This week we're joined by Carolin Hellestam and we're talking about ISO 27001 and how it pertains to risk and resilience programs. Carolin reminds us that the Standard is Risk based, and it is tailored to meet your company's overall requirements. Mark and Carolin walk through the major steps required to become certified, the benefits of certification and the threat of going through the process without actually changing any of your practices. Be sure to follow The Resilient Journey! We sure do appreciate it! Want to learn more about Mark? Click here or on LinkedIn or Twitter. Special thanks to Bensound for the music.
A well implemented ISO Management System can improve efficiency, customer satisfaction and drive continual improvement for a business. On the flip side, a poorly implemented Management system will yield little to no results, so what makes the biggest difference between good and bad implementation? Communication is the key. If no one knows about your Management System, then how can it benefit the business as a whole? In this episode Ian Battersby discusses the importance of effective communication of your Management System, why it's vital to reap the full benefits of ISO Implementation and gives some examples of how you can communicate elements of your Management system to the wider business. You'll learn · Why do you need to communicate your management system? · What do you need to communicate? · Why is it important to communicate your Management system? · Different ways you can communicate your management system · How can you measure effective communication? Resources · Isologyhub · How can ISO Standards Support ESG Compliance Workshop In this episode, we talk about: [00:30] Episode Summary – Ian talks discusses elements of communicating a management system including, why you need to communicate and what needs to be communicated, the importance of doing so and how you can go about doing it. [02:45] Why do you need to communicate your Management System? In every ISO Standard, communication is a requirement. The levels and information specified will vary depending on the Standard, but the principles remain consistent. Ian cites ISO 9004 as providing further guidance to improve on what's initially required. In Clause 7.4 it states: “The effective communication of policies, strategy, relevant objectives is essential to the sustained success of an organisation.” Going on to state that communication should be “Meaningful, timely and continual” and that there should be some form of feedback within it to be able to address changes in the organisation's context. So, it's not just a one time exercise. It also states that: “communication processes should be both vertical and horizontal and be tailored to the differing needs of its recipients, whether internal or external.” So you also need to consider the external communication needs too. [04:35] Empowering through communication: ISO 9004 also talks about engaged, empowered and motivated people and their value as a key resource. These types of people help organisations to create and deliver value, so you should have processes in place for engaging those people, to gather feedback and drive continual improvement. [05:40] Where is Communication referenced in Standards?: Typically, communication is Clause 7.4 in most ISO Standards. Additionally there are elements of communication included in Clause 7.3. Awareness. The Awareness clause focuses on employees knowledge of the Management System, and is more focused on internal communications rather than with external interested parties. [06:25] What should be communicated internally? Under Clause 7.3 Awareness, it requires you to share: · Policies · Objectives · The consequences of non-conformance Other Standards may have additional communication requirements such as ISO 45001, which also highlights the need to share risks, hazards, incidents and the outcomes of investigations. [07:10] Clause 7.4 Communication – This clause is more about determining internal and external communications. This includes considerations for: · What communications are relevant? · When should they be communicated? · Who should they be communicated to? · Who should be the one to communicate this information? Some Standards may also include specifications for communicating legal requirements, such as ISO 14001 and ISO 45001. [08:20] Nuance in effective communication: One key element of communication is ensuring that it's understood and applied by the wider business. This doesn't mean that every employee should be able to parrot a specific policy within a business, but rather they should at least know where to find it and understand the implications for them. [09:40] A link between Communication and Leadership: Leadership plays a key role in communications, and ISO Standards specify that certain elements can't be delegated to another individual. Clause 5 Leadership specifically states: · They shall promote the use of the process approach and risk-based thinking, not delegating that promotion. · They should communicate to the importance of the management system and of conforming to that management system. · They should engage directly and support persons to contribute to the effectiveness of the system. · They should promote continual improvement. · They should support other relevant managers to demonstrate their leadership in their areas of responsibility. We've stressed the importance of Leadership in the success of a Management System in a previous episode, and their support with communication is a big part of that. [11:20] Communicating Objectives: Clause 6.2 Objectives states that they must be established and communicated. This doesn't have to be to everyone, so you can be selective and communicate certain objectives relevant to select people. [11:40] How to effectively communicate your management system – Management systems can be vast, and it can be tricky to know exactly how much to communicate and to who. The first tip is to keep it simple. Translate the ‘Standard speak' into something recognisable for your business, which may not always be easy if you're familiar with the Standards terminology. However you need to relate these elements to how people in the business work. Try to keep it brief to avoid confusion. Next, ensure you are assuaging fears. Many are firstly opposed to the introduction of things like Operational Procedures if they've not worked with a Management System in place previously. However, all this is in practice is a written format for how they work, it shouldn't drastically change the way in which they work. Make sure they know this and describe what elements will change i.e. documentation updates. Lastly, they need awareness of the consequences of non-conformance and the need to look for opportunities to improve. [15:25] Communicating Policies – This is a part of all ISO Standards, a Policy can't just be hidden away in a rarely visited folder. A Policy communicates the intent of top management in an organisation, and is something that should be communicated to everyone, which could include external parties. So, you should try to keep this concise. On one page ideally. As long as you've encompassed the vision, values, strategy and top management commitment, and for certain standards a commitment to legal requirements, then you will meet an ISO Standards requirements. Some businesses like to include links to all their procedures within a policy, which by all means, you can, but don't expect people to read a 48 page policy and understand it enough to apply to their daily working lives. [17:00] How can you communicate your Management System? – One key objective of communication is to ensure people understand and apply what's being communicated. To help achieve this, you may want to use multiple methods of communication, including: · Feedback options on content i.e. a yes or no check / options to provide feedback · Training sessions · Intranet page – quick links to relevant content such as policies or audit findings · Regular briefings · Notice boards · Electronic displays · Company briefs · Team meetings [20:25] How can you measure effective communication? There's a lot of ways you can assess this, including: · E-mail voting – to clarify when people have read specific documents · LMS Systems · Through SharePoint systems · Conduct surveys · During Internal Audits All of these can be used as methods of feedback where you can identify further opportunities for improvement from various levels of the business. [21:35] When should you consider external communications? – Clause 4.2 is where you're required to consider the needs and expectations of interested parties. When going through an anaylsis of these interested parties, you determine what they expect out of your Management System. Standards don't specify the need to write a communication plan, but they do say who's going to communicate what to whom, including how and when. In combination with that analysis of interested parties, it creates a solid basis for an effective communications plan. Again, some discretion will be required as not every external party will need to be privy to your internal policies and procedures. Just communicate what's relevant to them. If you'd like any assistance with implementing ISO standards, get in touch with us, we'd be happy to help! We'd love to hear your views and comments about the ISO Show, here's how: ● Share the ISO Show on Twitter or Linkedin ● Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List
If you've ever implemented an ISO Standard, then the term Management Review will be familiar to you. It's a mandatory part of the implementation process, and a crucial tool for monitoring continual improvement. Somewhere down the line, it's become a bit of a myth that a Management Review needs to be an annual meeting. That is simply not the case, while required by the Standard, it's very flexible on how this could be achieved. In this episode Ian discusses the purpose of Management Review, including what you should be including and getting out of the review and breaks down the fallacy of the annual event. You'll learn · What is the purpose of a Management Review? · What are the common misconceptions about Management Review? · How Management Review supports other clause requirements · What are the inputs for Management Review? · What are the outputs of a Management Review? Resources · Isologyhub · How to conduct a Management Review In this episode, we talk about: [02:05] Episode Summary – Ian discusses the real purpose of Management Review, and dispels the myth of the annual event. [02:35] What is the purpose of a Management Review?: Management Review is a requirement of all ISO Standards. It's main purpose is to check if your Management System is fit for purpose, and what needs to be updated to ensure it aligns with your businesses objectives and strategic direction. In short, it's there as a check to see what's working well and what's not working well, in addition to continual improvement considerations. [03:30] What are some common misconceptions about Management Review?: Some common misconceptions include:- · That it's simply a formality – Rubber-stamping things and missing out on the opportunity to effectively monitor management system progress · That It must be once a year · Having to review everything in excruciating detail i.e. all audit findings · The need to update the risk assessment and re-jigging scores · That you must review and update your SWOT/PESTLE · Or review and update all management system documentation · That it's the perfect opportunity to re-write a policy There is a time and place for all of these, and you could tackle some of this in a Management Review if you really want to, but that is not the main purpose of a Management Review. [04:50] How Management Review supports other clause requirements - Leadership: If we take ISO 9001 as an example, the Leadership clause states: “Top management shall demonstrate leadership and commitment with respect to the quality management system by: a) taking accountability for the effectiveness of the quality management system e) ensuring that the resources needed for the quality management system are available g) ensuring that the quality management system achieves its intended results” These requirements at first glance may seem like they'd require a lot of effort and monitoring of many different factors, but in actuality they can all be satisfied through effective Management Review. [05:55] What involvement is required from top management? As stated in ISO Standards:- “Top management shall review the organization's management system, at planned intervals, to ensure its continuing suitability, adequacy, effectiveness and alignment with the strategic direction of the organization.” Top management also have involvement in the following elements of implementing and maintaining a management system: · Context · IPs · Risks/Ops · Objectives · Policy · Support · Operation · Performance monitoring Management Review relates specifically to ‘performance monitoring', but that in of itself will include elements of all the other clauses within the Standard, and many of those require top managements involvement on some level. [07:45] The fallacy of the annual event – The Management Review clause specifically states that a Management Review should be ‘carried out at planned intervals'. Many had interpreted that as once a year, which has been the prevailing myth for decades. Looking at the Standard, no where does it say ‘once a year', planned intervals means it could be once a month, it could be once a week, it could be a set points during the summer. When deciding on these planned intervals, take into consideration the nature of your business, the size of your business, the risks associated with it and the maturity of your Management System. This will determine how frequent the Management Review should be, as it will differ for every business. [09:10] Examples of Management Review frequency – Ian has worked in an organisation where they had a rather grand Management Review process, where top management and other relevant individuals meet to review the past year and set the scene for the following year. That same organisation also had monthly meetings with the same members of top management to keep on top of new and on-going issues. That isn't to say this is the only way to run Management Review. Some opt to have quarterly meetings, others once every 6 months and some even leave it to once a year. [10:40] What is required of Management Review? Inputs – Clause 9.3 details the requirements of Management Reivew in most Standards (some swap 9.3 and 9.2 around, but the contents remains the same). First, the inputs required for Management Review include: The status of actions from previous management reviews - If you said you were going to do something before, how's that going? Changes in external and internal issues that are relevant to the quality management system - this doesn't mean that every meeting should consider the SWOT/PESTLE/IP tables, but there must be some determination of when that's done in detail and when a senior mgt discussion should include the key aspects of that and its impact. There is a need to review these things when required anyway, so doing it only at pre-defined times can be problematic. Information on the performance and effectiveness of the quality management system, including tends in:- · Customer satisfaction and feedback from relevant interested parties; · The extent to which objectives have been met; · Process performance and conformity of products and services; · Nonconformities and corrective actions; · Monitoring and measurement results; · Audit results; · The performance of external providers; · The adequacy of resources; · The effectiveness of actions taken to address risks and opportunities; · Opportunities for improvement. [20:45] What is required of Management Review? Outputs – You will also have a number of outputs from Management Review, including:- Opportunities for Improvement – This could be as a result or reviewing audit findings and discussing the OFI's found and how you can address and implement these. You could also use the Management Review to review and set new objectives for the year ahead. Any need for changes to the management system – You may need to review policies and procedures and see if they're still fit for purpose, if they're not then this is a good venue to discuss and update them. Other aspects that may have changed or will have a need to change include: · Interested parties – have their needs and expectations changed? · People – Do you need to change the people involved with certain processes? · Awareness – Do you need to raise more awareness around a specific topic? Resource needs – You may need to raise the need for more resourcing in regard to the management system or related processes. If you'd like to learn about alternative ways to host a Management Review, listen to one of our previous episodes. We'd love to hear your views and comments about the ISO Show, here's how: ● Share the ISO Show on Twitter or Linkedin ● Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List
The importance of setting key objectives can't be understated. They help drive continual improvement and reflect a business's key metrics for success in various areas. They are also a key aspect of implementing an ISO Standard, with most specifying a dedicated Objectives clause. While most businesses will have objectives irrespective of any ISO certification, many may fall into the familiar trappings of having separate objectives for different departments, which only serves to fragment your measurement of success. In this episode Ian discusses the importance of setting key business objectives, and why you should be aligning these with your strategic direction. You'll learn · What is the Annex SL format and why was it introduced? · What is meant by ‘Strategic Direction'? · The importance of risks and opportunities in objective planning · Who are setting key business objectives important? · How can you align objectives with a businesses strategic direction? Resources · Isologyhub In this episode, we talk about: [02:05] Episode Summary – Ian discusses how to align objectives with the strategic direction of the business, and why it's important to do so. [02:55] What is the Annex SL format and why was it introduced?: The Annex SL format refers to the standard 10 clause structure that we now see in most ISO Standards. Introduced back in 2015, it sought to address the issues with integrating multiple Standards, in addition to making them more accessible to every sector. Prior to 2015, many ISO standards were designed with specific sectors in mind, using terminology that would make sense to them, but perhaps not to others. The Annes SL format now uses the same language across all ISO's, making It easy to integrate multiple ISO compliant Management Systems. [06:10] What is meant by the term Strategic Direction? Leadership: This is a term that appears in ISO 9001 5 times. We first see it in Clause 5 – Leadership, where it states: “Top management shall demonstrate leadership and commitment with respect to the management system by ensuring that the policy of objectives are established for the management system and are compatible with the context and strategic direction of the organisation.” This is where it's made explicitly clear that leadership / management are responsible for ensuring the Management System aligns with the way their business runs, in addition to integrating it into existing processes. [07:05] What is meant by the term Strategic Direction? Management Review: It also appear in clause 9.3 Management Review, where it states: “Top management shall review the organisation system at planned intervals to ensure its continuing suitability adequacy, effectiveness and alignment with the strategic direction of the organisation.” Again, this reinforces the need for top management to be involved to ensure that the Management System is in alignment with their overall goals. [08:40] What is meant by the term Strategic Direction? Context of the Organisation: It also appears at the very start of the auditable clauses, in Clause 4 – Context of the organisation, where it states: “The organisation shall determine the external and internal issues which are relevant to its purpose and its strategic direction.” This involves looking at issues from a legal, technical, competitive, cultural and economic point of view, and many of these will be determined by top or broader management within the business. They ultimately have the most influence in how a Management System is built, therefore have the most influence on how the policies and objectives are created. [10:45] The importance of risks and opportunities in Objective planning – Clause 6 (Planning) is where we address risks and opportunities raised in clause 4. It states that ‘Objectives must be established at relevant functions, levels and processes.” For us at Blackmores, we directly relate the findings from a risks and opportunities assessment (such as a SWOT & PESTLE), and link these to our objectives to try and minimise those risks. We also leverage the opportunities, by making them real tangible goals to work towards – seems obvious but we often see businesses missing the link between these exercises! [12:00] How can you set Objectives in alignment with Strategic Direction?: Many businesses now build their mission, values and strategic direction around sustainability and general ESG. When building a management system, you need to consider how it affects those sustainability / ESG goals, because that is essentially the context of your organisation. So, you'd need to consider: How does environmental performance, health & safety performance or legal compliance contribute to the success of the management system as a whole? You don't have to be going for ISO 14001 or ISO 45001 for these things to matter, even a quality management system can contribute to sustainability goals. This can be through improving economic performance by reducing waste ect. Also, don't be afraid to relate economic performance to your management system. If you have a turnover goal of X, mention that in your context documentation, and also consider how the management system can contribute to achieving that goal i.e. through processes, controls, monitoring and improvement activity. Also consider your client requirements, they may require an accident rate below X which can also be included in context documentation and can then be factored into your management system measures and objectives if need be to achieve that. [16:55] How do you establish your objectives? – First you must establish context, and that context must be relevant to the purpose and strategic direction of the business. The context setting must include those who understand that context, strategic direction and the purpose of the business, the risks and opportunities must be assessed in relation to that context, which in turn is already aligned with strategic direction. Finally the objectives must be set in relation to those risks and opportunities. It's all about having the right people to identify the relevant issues affecting the organisation, and setting concrete objectives in order to improve that. We'd love to hear your views and comments about the ISO Show, here's how: ● Share the ISO Show on Twitter or Linkedin ● Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List
Altcoins aus den USA profitieren zurzeit besonders stark. Warum die amerikanische Siegesserie gerade erst angefangen hat und warum ein neuer ISO-Standard eine große Chance für Ripples XRP darstellt.
AI has been integrated into almost every aspect of our lives, from everyday software we use at work, to the algorithms that determine what content is recommended to us at home. While extraordinary in its capabilities, it isn't infallible and will open up everyone to new and emerging risks. Legislation and regulations are finally catching up to the rapid adoption of this technology, such as the EU AI Act and new Best Practice Standards such as ISO 42001. For those looking to integrate AI in a safe and ethical manner, ISO 42001 may be the answer. Today Rachel Churchman, Technical Director at Blackmores, explains what ISO 42001 is, why you should conduct an ISO 42001 Gap analysis and what's involved with taking the first step towards ISO 42001 Implementation. You'll learn · What is ISO 42001? · What are the key principles of ISO 42001? · Why is ISO 42001 Important for companies either using or developing AI? · Why conduct an ISO 42001 Gap Analysis? · What should you be looking at in an ISO 42001 Gap Analysis? Resources · Register for our ISO 42001 Workshop · Isologyhub In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:05] Episode summary: Rachel Churchman joins Steph to discuss what ISO 42001 is, it's key principles and the importance of implementing ISO 42001 regardless of if you're developing AI or simply just utilising it. Rachel will also explain the first step towards implementation – an ISO 42001 Gap Analysis. [02:45] Upcoming ISO 42001 Workshop– We have an upcoming ISO 42001 workshop where you can learn how to complete an AI System Impact Assessment, which is a key tool to help you effectively assess the potential risks and benefits of utilising AI. Rachel Churchman, our Technical Director, will be hosting that workshop on the 5th December at 2pm GMT, but places are limited so make sure you register your place sooner rather than later! [03:20] The impact of AI – AI is everywhere, and has largely outpaced any sort of regulation or legislation up until very recently. These are both needed as AI is like any other technology, and will bring it's own risks, which is why a best practice Standard for AI Management has been created. If you'd like a more in-depth breakdown of ISO 42001, check out our previous episodes: 166 & 173 [04:30] A brief summary of ISO 42001 – ISO 42001 is an Internationally recognised Standard for developing an Artificial Intelligence Management System. It provides a comprehensive framework for organisations to establish, implement, maintain, and continually improve how they implement and develop or consume AI in their business. It aims to ensure that AI risks are understood and mitigated and that AI systems are developed or deployed in an ethical, secure, and transparent manner, taking a fully risk-based approach to responsible use of AI. Much like other ISO Standards, it follows the High-Level Structure and therefore can be integrated with existing ISO Management systems as many of the core requirements are very similar in nature. [05:45] Why is ISO 42001 important for companies both developing and using AI? – AI is now becoming commonplace in our world, and has been for some time. A good example is the use or Alexa or Siri - both of these are Large Language AI Models that we all use routinely in our lives. But AI is now being introduced in many technologies that we consume in our working lives - all designed to help make us more efficient and effective. Some examples being: · Microsoft 365 Copilot · GitHub Copilot · Google Workspace · Adobe Photoshop · Search Engines i.e. Google Organisations need to be aware of where they're consuming AI in their business as it may have crept in without them being fully aware. Awareness and governance of AI is crucial for several reasons: For companies using AI they need to ensure they have assessed the potential risks of the AI such as unintended consequences and negative societal impacts, or potential commercial data leakage. They also need to ensure that if they are using AI to support decision making, that they have ensured that decisions made or supported by AI systems are fair and unbiased. It's not all about risk - organisations can also use AI to streamlining processes helping to become more efficient and effective, or it could support innovation in ways previously not considered. For companies developing AI, the standard promotes the ethical development and deployment of AI systems, ensuring they are fair, transparent, and accountable. It provides a structured approach to risk assessment and governance associated with AI, such as bias, data privacy breaches, and security vulnerabilities. And for all, using ISO 42001 as the best practice framework, organisations can ensure that their AI initiatives are aligned with ethical principles, legal requirements, and industry best practices. This will ultimately lead to more trustworthy, reliable, and beneficial AI systems for all. [10:00] Clause 7.4 Communication – The organisation shall determine the internal and external communications relevant to the system, and that includes what should be communicated when and to who. [09:00] What are the key principles outlined in ISO 42001? – · Fairness and Non-Discrimination - ensuring AI systems treat all individuals and groups fairly and without bias. · Transparency and Explainability - Making AI systems understandable and accountable by providing clear explanations of their decision-making processes. · Privacy and Security - Protecting personal data and privacy while ensuring the security of AI systems. · Safety and Security - Prioritising the safety and well-being of individuals and the environment by mitigating potential risks associated with AI systems. · Environmental & Social - Considering the impact of AI on the environment and society, promoting sustainable and responsible practices. · Accountability and Human Oversight - Maintaining human control and responsibility for AI systems, ensuring they operate within ethical and legal boundaries. You'll often hear the term 'Human in the loop'. This is vital to ensure that AI is sanity checked by a human to ensure it hasn't hallucinated or result ‘drifted' in any way. [11:10] Why conduct an ISO 42001 Gap Analysis? What is the main aim? – Any gap analysis is a strategic planning activity to help you understand where you are, where you want to be and how you're going to get there. The ISO 42001 gap analysis will identify gaps and pinpoint areas where your AI practices need to meet the ISO 42001 requirements. It aims to conduct a systematic review of how your organisation uses or develops AI to then assess your current AI management practices against the requirements of the ISO 42001 standard. This analysis will then help you to identify any "gaps" where your current practices do not fully meet the standard's requirements. It also helps organisations to understand 'what good looks like' in terms of responsible use of AI. It will help you to prioritise improvement areas that may require immediate attention, and those that can be addressed in a phased approach. It will help you to understand and mitigate the risks associated with AI. It will also help you to develop a roadmap for compliance to include plans with clear actions identified that can then be project managed through to completion, and as with all ISO standards it will support and enhance AI Governance. [13:15] Does an ISO 42001 gap analysis differ from gap analysis for other standards? – Ultimately, no. The ISO 42001 gap analysis doesn't differ massively from other ISO standard gap analysis, so anyone who already has an ISO Standard and has been through the gap analysis process will be familiar with it. In terms of likeness, ISO 42001 is similar in nature to ISO 27001 in as much as there is a supporting 'Annex' of controls and objectives that need to be considered by the organisation. Therefore the questions being asked will extend beyond the standard High Level Structure format. Now is probably a good time to note that the Standard itself is very informative and includes additional annex guidance information to include · implementation guidance for the specific AI controls, · an Annex for potential AI-related organisational objectives and risk sources, · and an Annex that provides guidance on use of the AI management system across domains and sectors and integration with other management system standards. [14:55] What should people be looking at in an ISO 42001 gap analysis? – The Gap Analysis will include areas such as looking at the 'Context' of your organisation to better understand what it is that you do, or the issues you are facing internally and externally in relation to AI - both now and in the reasonably foreseeable future, and also how you currently engage with AI in your business. This will help to identify your role in terms of AI. It will also look at all the main areas typically captured within any ISO standard to include leadership and governance, policy, roles and responsibilities, AI Risks and your approach to risk assessment and treatment and AI system impact assessments. It also looks at AI objectives, the support resources you have in place to manage requirements, awareness within your business for AI best practice and use, through to KPI's, internal audit, management review and how you manage and track issues through to completion in your business. The AI specific controls look more in-depth at Policies related to AI, your internal organisation in relation to key roles & responsibilities and reporting of concerns, The resources for AI Systems, how you assess the impacts of AI Systems, The AI system lifecycle (AI Development), Data for AI Systems, Information provided to interested parties of AI Systems, and the use of AI Systems and 3rd party and customer relationships. [18:10] Who should be involved in an ISO 42001 Gap analysis? – An ISO 42001 gap analysis looks at AI from a number of different angles to include organisational governance that includes strategic plans, policies and risk management, through to training and awareness of AI for all staff, through to technical knowledge of how and where AI is either used or potentially developed within the organisation. This means that it is likely that there will need to be multiple roles involved over the duration of a gap Analysis. At Blackmores we always provide a Gap Analysis 'Agenda' that clearly defines what will be covered over the duration of the gap analysis, and who typically could be involved in the different sessions. We find this is the best way to help organisations plan the support needed to answer all the questions required. It's also important to treat the gap analysis as a 'drains up' review, to help get the most benefit out of the gap analysis. This will ensure that all gaps are identified so that a plan can then be devised to support the organisation to bridge these gaps, putting them on the path to AI best practice for their business. If you'd find out more about ISO 42001 implementation, register for our upcoming Workshop on the 5th December 2024. If you'd like to book a demo for the isologyhub, simply contact us and we'd be happy to give you a tour. We'd love to hear your views and comments about the ISO Show, here's how: ● Share the ISO Show on Twitter or Linkedin ● Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List
One of the biggest contributors to a stagnating ISO Management System is a failure to communicate. This has certainly been true in our experience with implementing ISO Standards for over 18 years, and as a result, we make sure to highlight awareness and communication as an integral step of the Implementation process. It's a wasted effort only to have your management system gathering dust in a rarely visited folder on your server. If you want to reap the benefits of ISO implementation, it's in your best interest to make everyone aware of their role in relation to your management system and its continual improvement. Today Ian Battersby explains what ISO Standards mean by awareness and communication, why they are so integral to a successful management system and how you can effectively communicate your management system. You'll learn · What does awareness and communication mean in relation to ISO Standards? · Why should you communicate your management system? · The benefits of management system awareness · How can you effectively communicate your ISO management system? Resources · Isologyhub In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:05] Episode summary: Ian Battersby will be explaining what ISO Standards mean by awareness and communication, and why they are so integral to a successful Management System. [02:30] What is awareness and communication so important?– The success and failure of a management system depends on it's existence being known and understood within an organisation. Staff have a key part to play, and they need to know their part in the Management System and how it aligns with the organisations direction. [03:20] Extra guidance available for awareness and communication – There is a Standard that accompanies ISO 9001, called ISO 9004:2018 – Quality of an Organisation: Guidance to achieve sustained success. This is a great companion to any Standard, as it provides general guidance on how to properly embed a management system within your business. It talks at length about people and the need to ensure that they are competent, engaged, empowered and motivated. These are crucial as: Engagement of people enhances the organisations ability to create value for interested parties. Empowerment motivates people to take responsibility for their work and the results of their work. These can be achieved by providing people with necessary information with authority and the freedom to make decisions related to their own work. People should understand the significance and importance of their role, specifically in creating that value to meet and exceed customer expectations. [05:30] What should be communicating according to ISO Standards? – Taking ISO 9001 as the example, because it is the basis for most ISO Standards, it has a specifies the following: 5.2.2 Quality Policy - The policy should be available and maintained as documented information, so must be issued somewhere so that people can see it. But it also, quite importantly, must be communicated, understood and deployed within the organisation. It also needs to be made available to other relevant and trusted parties. 5.3 Organisational roles, responsibilities and authorities - Top management have a responsibility here. They must ensure that responsibilities and authorities for relevant rules are assigned, communicated and understood within the organisation. There's a lot to consider here as this will also take into account for ensuring processes are delivering expected outputs, the reporting of system performance and improvement and the promotion of customer focus throughout the organisation. 6.2 Objectives - The organisation should establish objectives. These will be targeted at relevant functions, levels and processes and should be communicated to the relevant people affected by those objectives. 7.3 Awareness – Includes the specification that anyone working under the organisations control, so this could include indirect workers, must be aware of your quality policy. Also included is the awareness of objectives and staff's contribution to the effectiveness of the management system. People aslo have to be aware of the implications of not conforming to the requirements of the management system or standard. [09:30] The implications of not following requirements – You need to consider what happens if someone doesn't follow a process. For Standards such as ISO 45001 Health & Safety management, following processes could be a matter of someone getting hurt or breaking the law. [10:00] Clause 7.4 Communication – The organisation shall determine the internal and external communications relevant to the system, and that includes what should be communicated when and to who. [10:30] When should you deliver ISO Management System awareness and communication training? – If you're just starting out on your ISO Implementation journey, it's crucial to communicate at the outset the importance of the process of achieving certification. The level of awareness will vary depending on people's roles, i.e: Top Management: Top management must understand the role of the management system in relation to the strategic direction of the organisation as part of context, they must understand what the management system contributes to the overall business outcomes. While top management don't need to know standards inside out, they must be aware and must have understanding of the overall purpose of the standard and the benefits that standard will bring to the organisation. To gauge the level of awareness top management need, ask yourself, would you be happy to let them be interviewed in private by a third-party assessor in regards to all of their responsibilities in relation to the management system? [13:20] General awareness for the workforce– While leadership require a greater level of awareness, there is still a need for general staff to have a certain level of management system awareness. For those on their first implementation journey, you should bring people in from the very beginning, this includes all staff and those working indirectly under your organisation. You will want to make them aware of the following: What is a quality management system? – Define what it is and what it means What's important about the Standard? – People don't need to know the intricacies of standard subclauses, so just select important aspects such as the Plan Do Check Act (PDCA) cycle If you're integrating Standards, what are some common requirements? – If you're integrating a new standard, what requirements specific to that new standard need to communicated? [15:15] Join the isologyhub and get access to limitless ISO resources – From as little as £99 a month, you can have unlimited access to hundreds of online training courses and achieve certification for completion of courses along the way, which will take you from learner to practitioner to leader in no time. Simply head on over to the isologyhub to sign-up or book a demo. [17:20] General awareness for the workforce continued – You will also need to make sure people are aware of: What do they need to know in relation to certification? – This can include the date you're working towards, what might be expected of them during an ISO assessment, what does the certification actually mean for the business? Accessing the Management system – How can people find your management system? What documents does it hold? How do you use it? And how does this impact on staff's day to day activities? Staff's role in relation to the Management system – How do staff contribute to the management system on a daily basis? How do they contribute to business objectives? How does the management system benefit them? – Your management system will include tools and guidance on how to carry out certain activities. It explains how improvements can be suggested and made and how audits work. Ultimately it provides a structured approach to ensure everyone is singing from the same song sheet. The importance of complying with policies, processes and procedures – including the consequences of not complying with them. Raising issues relating to non-conformity, the effectiveness of the management system and any potential improvements – You can't have eyes everywhere, and the people working in alignment with your processes can better highlight where something may not be working. This also increases engagement as people will have a real impact on how your business operates. [20:15] Specific standard considerations for communication – The focus of elements of your communication will be tied to the specific ISO Standard you're implementing. I.e. A Health & Safety management system will include communication of key risks and hazards, how to report safety issues and abiding by Health & Safety law Environmental management systems may include awareness of the need to protect the world we live in, how each person can help lessen their impact on an individual scale ect. [21:00] Other key roles and related communication – There are other key roles within the organisation which will have specific communication requirements. These will be people like operational functional managers with key roles in processes they may be involved in, i.e. sales, design, purchasing, calibration ect. If they've got specific functions in the organisation with respect to the management system, they need to understand them as much as top management needs to know theirs and the general workforce need to know theirs. [21:50] Communicating key changes to the Management system – You need to continually communicate to the workforce when changes occur to the management system. That communication doesn't stop as soon as you're certified! For first time implementation, you'll want to communicate when you've achieved certification. [22:30] The importance of communication within a Management System – If people are aware of their role and importance to a management system, they will be more engaged with its operation. This can include reporting on objectives progress during team briefs, raising potential issues and non-conformities or opportunities for improvement, highlighting customer complaints, monitoring number of incidents at work ect All of these contribute to the success of the business and need to be reported on continually. These can turn into lessons learned, which could lead to major system changes where documentation or processes need to be updated and communicated. [24:30] What's the best way to communicate your ISO management system? – Not all organisations are the same, so there is no right or wrong way to do so. A few suggestions include: · SharePoint · Teams Channel · E-mail / internal newsletters · Bulletins · In-person training · Videos For any of the above you may need to consider how to record who has completed set awareness training. [25:30] A final thought – If an auditor stops and asks a worker about your quality policy, what will that person say to that auditor? We understand that the quality policy must be communicated, but how does each person understand it? Your awareness raising needs to capture methods of ensuring that that happens, which is a tricky task! They do not need to know a Standard verbatim, but they should know the importance of complying with it, what a non-conformity within that system means, and what are the consequences are if they don't follow the rules. If you'd like to book a demo for the isologyhub, simply contact us and we'd be happy to give you a tour. We'd love to hear your views and comments about the ISO Show, here's how: ● Share the ISO Show on Twitter or Linkedin ● Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List
A crucial part of Implementing any ISO Standard is addressing your risks and opportunities. This is a key part of Clause 4 Context of the organisation, which expresses and explicit need to review and assess what internal and external factors could help and hinder in achieving your business goals. While ISO Standards don't define a definitive method of doing so, many have adopted the practice of carrying out a SWOT and PESTLE analysis. Today Ian Battersby explains what a SWOT and PESTLE analysis is, the key questions you should be asking and the importance of continually reviewing and updating the results as your management system matures. You'll learn · What is a SWOT analysis? · What is a PESTLE analysis? · Examples of questions you should be asking during a SWOT and PESTLE · How often should a SWOT and PESTLE be conducted? · Examples of SWOT and PESTLE in practice Resources · Isologyhub In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:05] Episode summary: Ian Battersby will be explaining what a SWOT and PESTLE exercise is, it's role in fufilling key requirements in Clause 4 of any ISO Standard, and the key questions you should be asking during the exercise. [02:30] What is a SWOT and PESTLE analysis? – This is one is the tools you can use to look at various factors that affect your organisation. SWOT standards for: · Strengths · Weaknesses · Opportunities · Threats PESTLE standards for: · Political · Economical · Social · Technological · Legal · Environmental And in recent years, people have added ethical into PESTLE too. Whether that's on its own or integrated within the other elements is up to the organisation and how they want to run the exercise. Both analysis are fundamental in helping organisations understand the benefits and pitfalls of a project, management system implementation included. [05:05] Where in the Standard is there a need for a SWOT and PESTLE? – Clause 4 in all ISO Standards is known as ‘Context of the organisation', which you need to establish early on in order to set the foundations for building your management system. Context is the world in which an organisation works, it is the considerations of the internal and external factors that affect what you do. SWOT and PESTLE, while not specifically referenced in the Standard, is a highly recommended tool as it directly assesses multiple internal and external factors and can fulfil the requirements of any ISO Standard. [06:20] Addressing Context of the Organisation – Clause 4, Context of the organisation states: “The organisation shall determine external and internal issues that are relevant to its purpose and its strategic direction, and that affects its ability to achieve the intended results of its management system. The organisation shall monitor and review information about these external issues.” There are also 3 additional notes: #1: Issues can include positive and negative factors or conditions #2: Understanding the external context can be facilitated by considering issues arriving from legal, technological, competitive, market, cultural, ect 3#: Understanding the internal context can be facilitated by considering Issues related to values, culture, knowledge and performance of the organisation. So, there's a lot to consider! [08:10] How SWOT and PESTLE address Context of the Organisation – Taking a look at SWOT, strengths and weaknesses would refer to factors internal to your organisation, while the opportunities and threats would be external. Depending on the focus of your management system, you may also want to complete this exercise through a certain lens. That could be information security, health & safety or environmental. The Standard requires you to align your management system with the strategic direction of the organisation, so even if you are viewing this exercise through a certain lens, don't do so in complete isolation. [09:55] How to conduct a SWOT and PESTLE – The people involved in completing this exercise are important, not just the questions you ask. Senior management should be included as they will have key insight to the strategic direction of the business. You should also include operational managers or other functional managers as they will have more context for how things actually work in practice. The point of a SWOT and PESTLE is to ascertain where you stand in terms of your risks and opportunities, and issues relating to resources, people, information, process, technology, equipment, laws, markets, environment, finance, economy ect from both an internal and external lens. This will give you a solid foundation to build your management system on, which will ultimately help you achieve your intended outcomes and lead to a cycle of continual improvement. [11:55] Considerations for Strengths – Strengths is an internal factor. Questions you could ask include: · What do we control through good processes? · What are we known for? · What does our marketplace and competitors say about us? · What are we good at? · What assets do we have? · What resources and knowledge do we have readily available? · What's the strength in our products and in the processes for delivering those products and the people that run those processes and deliver those products, their skills, their knowledge, their strengths, their weaknesses and their expertise? · What areas in our organisation are already at a high standard and don't necessarily need improvement? · Do we have objectives and targets that we measure against, i.e. KPIs, metrics, success factors and service level agreements, that demonstrate we're good? [13:10] Considerations for Weaknesses – Weakness is another internal factor, one that you have to be brutally honest conducting. Questions you could ask include: · What could you improve? · Where is money being spent poorly, or being lost? · What do your competitors do better than you? · What resources / knowledge / people / expertise do you lack? · What processes do you lack? · Where can your products or services be improved? · What are the constraints on your ability to meet changes in market need or demand? · What does your customer feedback look like? · Do your suppliers meet your requirements or the requirements of your clients? [14:45] Considerations for Opportunities – Opportunities are considered an external factor. Questions you could ask include: · What new opportunities are available in your market? · What data do you have available on market trends, and how can you leverage that? · How changes in compliance requirements in your specific industry or your locality might provide you with opportunity to gain an edge? · What are past identified opportunities that we've not acted on? · What is the competition not taking advantage of that you could? · How can you increase customer satisfaction based on both positive and negative feedback received? [16:00] Considerations for Threats – Threats are also considered an external factor, they are obstacles for you achieving your goals. Questions you could ask include: · What new environmental effects may affect you? Note: there is a new climate change amendment added to many commonly adopted ISO Standards, so this is something you will need to address. · What competitors are a threat to you? · Are other competitors taking advantage of markets that you have not accessed? · Why might competitors be getting ahead? · Are the habits of customers changing, and if so, how? · Are there other interested parties other than customers who present obstacles to you? · Are there any foreseeable resource issues? i.e. loss of experienced staff, lack of relevant talent in the pool of available people ect · Are you adapting to changes in the world? [16:00] PESTLE: Addressing political factors – When you're looking at political factors affecting your intended outcomes, consider the following: · What is happening politically in your environment? - That could be international or local on scale · What is the impact of policy or tax? · What is the impacts of employment trends / trade restrictions / tariffs? · What is the impact of unemployment rates on your organisation? · What is the impact of workforce shortages that may affect you? · Is there any form of Government intervention in your specific market? · Would this government intervention be considered an opportunity or threat? i.e. offering grants [19:20] Join the isologyhub and get access to limitless ISO resources – From as little as £99 a month, you can have unlimited access to hundreds of online training courses and achieve certification for completion of courses along the way, which will take you from learner to practitioner to leader in no time. Simply head on over to the isologyhub to sign-up or book a demo. [21:25] PESTLE: Addressing economic factors – When you're looking at economic factors affecting your intended outcomes, consider the following: · What is the impact of interest rates / exchange rates / inflation? · What is economic policy doing to you and your industry and your clients? · What are the impacts on wage rates / minimum wage changes /affordable living cost of living? [21:50] PESTLE: Addressing social factors – When you're looking at social factors affecting your intended outcomes, consider the following: · What's the impact of changes in the cultural landscape? · What's the impact of the expectation of people? · What's the impact on working people's lives and what their expectations are for working life in general? i.e. working hours and career aspirations · What is the and the emphasis on ethics, safety, Environmental Protection and data privacy for your clients / workforce / suppliers? [22:50] PESTLE: Addressing technology factors – When you're looking at technological factors affecting your intended outcomes, consider the following: · What is happening technology wise which impacts on what you do? · How does this affect the equipment you use? i.e. automation, the age of your equipment ect · What's the impact of emerging technology? · How you decide on the costs and benefits of investing in new technology? · How do you use your website / blogs / social media to interact with your marketplace? · Have you got intellectual property you need to protect? i.e copyright pins that need consideration. [23:40] PESTLE: Addressing legal factors – When you're looking at legal factors affecting your intended outcomes, consider the following: · How does the law affect how you do business? i.e company law, health & safety law, HR law, trade law? · What changes in legislation have occurred recently that you need to have considered? · How do you horizon scan for changes in legislation that affect you in your market? · What's the impact on employment on imports, exports, labour departments? · Have you considered other compliance obligations, such as certification to certain standards? [24:50] PESTLE: Addressing environmental factors – When you're looking at environmental factors affecting your intended outcomes, consider the following: · How do environmental aspects impact you, and how does the way you operate affect the environment? This includes consideration for air, water, land, natural resources, flora, fauna. · How do changes in the energy and utilities markets affect you? · How does your organisation fit in with any carbon reduction targets that your Government may have in place? · Are you required to create a carbon reduction plan? · Do you need to comply with certain environmental reporting requirements? i.e. here in the UK we have schemes like ESOS and SECR [24:50] PESTLE: Addressing ethical factors – This one is optional, but many are choosing to include it as part of their PESTLE now. When you're looking at ethical factors affecting your intended outcomes, consider the following: · How do you stay on the right side of the law with respect to the use of money? · Have you considered human rights / labour / children in the workforce / slavery / health & safety and well-being of local populations? · What charitable contributions do you make as an organisation? [27:15] Assigning significance – The next part of a SWOT and PESTLE requires you to assign significance to the various factors affecting your organisation. So, make sure you document every factor and how those factors affect your ability to achieve what you intend. Ensure that this all remains in alignment with the strategic direction of the business, as ultimately, you want your Management System to help drive those goals forward. [30:25] Frequency of a SWOT and PESTLE: This isn't just a one-off exercise. You should be continually monitoring these internal and external factors, and only updating the exercise during a management review meeting will do you a disservice. This is an ever-changing world, it's the one in which you operate, and you need to ensure you're keeping up with it. You could look at various factors in monthly or even weekly meeting with the appropriate parties, and see if circumstances have changed. [31:25] Examples of why you should continually update your SWOT and PESTLE: Ian recounts an experience he had with a client where they had failed to disclose where they had switched to a digital system for competence related documentation, but it had not met their needs and so they needed to return to manual documentation. This switch made finding the required documentation for internal audits difficult. None of this was recorded in their SWOT and PESTLE. If you'd like to book a demo for the isologyhub, simply contact us and we'd be happy to give you a tour. We'd love to hear your views and comments about the ISO Show, here's how: ● Share the ISO Show on Twitter or Linkedin ● Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List
Business travel remains one of our largest sources of greenhouse emissions, accounting for 26% of the UK's total emissions. In an ideal world, no one would have to travel to work or events, some might even point to the way everyone adapted in COVID as a prime example of this in practice. However, for many that model of work is not feasible in the long-term. So, how can we reduce this unavoidable stream of emissions? Businesses are starting to take the right steps, however, today's guest is paving the way as a shining example of sustainable business travel and events management. In this episode, Mel is joined by Christopher Truss, Global Sustainability Director at Reed & Mackay, to discuss their impressive existing ISO Standard portfolio and their journey towards ISO 14064 carbon verification. You'll learn · Who is Chris Truss? · Who are Reed & Mackay? · What are the highlights from Reed & Mackay's latest Sustainability and Responsible Business report? · What Standards are Reed & Mackay certified to? · What is the demand for sustainability within the business travel and events management sector? · Why get ISO 14064 verified? · What were the challenges with obtaining ISO 14064 verification? · What are the benefits of obtaining ISO 14064 Verification? Resources · Reed & Mackay · Reed & Mackay Sustainable and Responsible Business Report 2024 · Carbonology In this episode, we talk about: [02:05] Episode Summary – We welcome today's guest, Chris Truss, Global Sustainability Director at Reed & Mackay, to explore their ISO Standards portfolio and journey towards ISO 14064 verification. [02:40] Who is Chris?: Chris has had over 20 years experience in the business travel industry. He is currently responsible for driving the sustainability agenda at Reed & Mackay, which includes the development of services and solutions that their clients require to meet their own sustainability initiatives. He also manages a wide range of third-party suppliers. A lesser know fact about Chris is in a band, playing the folk fiddle and singing in pubs around Yorkshire. He also plays tennis in the over 45 category for Yorkshire! [04:50] Who are Reed & Mackay? – Reed & Mackay are a global travel management and event management business. They help clients all the way from picking up the telephone and making bookings on their behalf, helping them source appropriate venues for their events and then managing the overall spend, the supply chain and ultimately reporting back to them on what they've been up to and how they can improve their processes and save money. Reed & Mackay are highly regarded for their quality of services, especially within the professional services sector, and they proudly boast a number of large blue chip clients. [05:50] What are some of the highlights in Reed & Mackay's Sustainability and Responsible Business Report? When Chris came into his latest role, he looked to tackle two main points: · How can Reed & Mackay operate sustainably? · How can we articulate that to our clients? As a result of the work Chris has done, Reed & Mackay have signed up to the United Nations Global Compact and have aligned themselves with the UN's Sustainable Development Goals. They have also become an EcoVadis rated supplier and are undertaking their first Carbon Reduction Plan disclosure. From a corporate responsibility point of view, they have made great strides to improve their gender pay gap. They are also ensuring the integrity of their charitable partnerships. [08:00] What are some of the sustainability initiatives that Reed & Mackay have started? Reed & Mackay support a charity called 4Ocean, who are trying to remove as much plastic from our oceans as possible. They selected this charity in particular due to it's global reach, embodying the nature of Reed & Mackay's global influence in 13 countries for the past 10 years. They recognised the need to support a sustainability based charity as corporate travel is highly polluting, so this is a form of taking responsibility and looking at where they can assist to reduce environmental damage. 4Oceans also allows their employees to get involved directly, should they choose to take some time out of the office to help with ocean clean-up. [09:55] What ISO Standards are Reed & Mackay certified to? They are currently certified to: · ISO 27001 Information Security · ISO 14001 Environmental Management · ISO 22301 Business Continuity · ISO 9001 Quality Management All of which they have been certified to for over 10 years now! They acted as a foundation for Chris to drive his sustainability agenda. [11:10] How are these ISO Standards managed across the business? – Reed & Mackay have a dedicated Security and Trust team that manage all ISO certifications, in addition to their other responsibilities. All of the ISO Standards are a part of their Integrated Management System, which sits alongside their policies and procedures for the business that are managed by a central team. This has provided them with an invaluable foundation to ensure the delivery of quality services, client satisfaction and continual improvement. [12:45] What is the demand for sustainability within the business travel sector? They are receiving more requirements and requests from clients in regard to their own operational CO2 footprint, which is needed for clients own reporting requirements as Reed & Mackay would count towards many clients Scope 3 emissions. There is also a need for more transparency with carbon reporting, including the use of credible calculation methodology's. The verification of GHG emissions also gives clients more confidence that businesses are doing what they say they're doing. [14:15] What was the main driver behind Reed & Mackay gaining ISO 14064 verification?: While they felt confident in their sustainability efforts up to a certain point, they wanted someone to come in and mark their homework to make sure they were doing the right thing. With the increase in client demand for credible sustainability reporting, it was vital to pursue various CPD disclosures such as EcoVadis and prepare for upcoming legislation like CSRD. To ensure they were in the best possible shape to give the information requested by clients and other stakeholders, they needed am accurate and reliable method of verification, which is what ISO 14064 could provide. [15:40] What were the main challenges in obtaining ISO 14064 verification?: Just getting a hold of the raw data was the most difficult part, although they found it to be a very enlightening experience too. Having to dig to find the right information helped Chris to understand the business better, giving him a greater visibility on where their carbon emissions are coming from and where there are opportunities to reduce those. You have to be very tenacious to get all the necessary data. Chris highlights purchased goods and services data as particularly challenging to obtain due to its granular nature. Now they have been through this process once, they've got a system in place to make data collection a lot easier in future. [18:55] What impact has ISO 14064 verification had on Reed & Mackay?: It's helped from an internal perspective as people now have a greater visibility and understanding of the impact that have on an individual basis. This in turn creates a strong launchpad for their Net Zero strategy. From an external perspective, it's given Reed & Mackay a lot more confidence in their own processes and their ability to work with their clients towards sustainability goals. [20:00] What were the main benefits of getting ISO 14064 verified?: Giving clients, stakeholder and employees confidence: The verification calculation is reliable, and so they can be confident in relaying the facts and figures to interested parties. A great insight: The data has provided huge insights into how the business operates and where it's biggest emissions sources lie. This is vital to know before you take steps to try and reduce your current impact. Ability to create an accurate Carbon Reduction Plan: Once again, with confidence in having the correct data to hand, they are able to formulate an accurate Carbon Reduction Plan which can be realistically achieved. Anti Green-washing: Consumers are crying out for a reliable sign of credibility. Simply having an environmental policy statement may have been enough 10 years ago, but that's not the case now. People expect evidence of your sustainability claims. [21:50] Chris's top tip for anyone considering ISO 14064 verification: Just get started and don't be scared by the process. Though it may seem daunting to start, you will actually be in a much better position than when you started. Having verified data and awareness of where that data comes from and what it means on a larger scale will be vital to looking for opportunities for improvement. So, if you want to improve your sustainability, you just need to get cracking! [23:20] How are Reed & Mackay helping organisations improve the sustainability of their travel?: Reed & Mackay's ambition is to make sure that clients understand the impact of their choices at every single step of their journey. To help, they provide the carbon footprint of every booking they make, whether that be through their site or with a consultant. They also have approval processes built into their systems, which can be based on carbon. For example, if a client doesn't want to take the lowest carbon option on a particular journey, they can add required approval from an additional person within that client's organisation. So it adds a level of accountability over the choices people make. They also provide full reporting on business travel activity and where potential savings have been missed. This is a valuable tool if they need to provide travel data to carbon consultants for example, they'll already have all of those granular reports prepared. These reports will highlight where clients haven't taken the lowest carbon option, i.e. where they could travel in a group instead of individually. Reed & Mackay's intention is to make sure people have visibility of carbon alongside cost so clients can make a fair and balanced decision. Additional services include: · Able to set carbon budgets across a business · Ability to purchase carbon credits for offsetting purposes · Opportunities to mitigate carbon emissions through offsetting, or decarbonise through Carbon Reduction Plans over a period of time [28:50] Chris's book recommendation: His Dark Materials by Philip Pullman [29:15] Chris's favourite quote: You can't measure success if you have never failed – Steffi Graf If you would like to learn more about Reed & Mackay, and their sustainability initiatives, visit their website. We'd love to hear your views and comments about the ISO Show, here's how: ● Share the ISO Show on Twitter or Linkedin ● Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List
Continual Improvement is at the heart of every ISO Standard. The cyclical nature of ISO Standards lends itself to regular review and update of your Management System, to ensure it's working efficiently and to address any issues or opportunities that inevitably crop up. However, Integrating these improvements can be challenging, even for mature systems. Today Ian Battersby explains the concept of Improvement as defined in ISO Standards, how to find root cause for non-conformities and integrating improvement actions from multiple sources. You'll learn · What is meant by ‘Improvement' in ISO Standards? · Common misconceptions about Improvement in ISO Standards · How to address non-conformities in your Management System · Finding the root cause of a non-conformity · Integrating Improvement actions Resources · Isologyhub In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:05] Episode summary: Ian Battersby will be explaining what Improvement means in relation to ISO Standards, how to address non-conformities and integrating the required Improvement actions. [02:30] What is meant by ‘Improvement' in ISO Standards? – One of the requirements of all Management System standards is to determine and select opportunities for improvement (Clause 10). This is the fundamental aim of Management Systems: to make things better In the words of the standards, it is so that an organisation can: “Implement any necessary actions to meet customer requirements and enhance customer satisfaction These shall include: a) improving products and services to meet requirements as well as to address future needs and expectations; b) correcting, preventing or reducing undesired effects; c) improving the performance and effectiveness of the management system.” An organisation going through certification for the first time may never have had in place a system for planning improvements. Some organisations are dealing with improvements, but not necessarily through a single, consistent route. While you can meet the requirements of the standards without a single route, the standard is not prescriptive in how you go about this. [04:45] Common misconceptions about non-conformities – the standard does go on to cover nonconformity and corrective action (10.2); is it suggesting these as the main source of non-conformities (NC). It isn't really explicit about other sources, other than specifically including customer complaints as a form of NC. However, there's a strong argument for consolidating data from different sources, so it's worth considering how complaints data is handled. Other sources of non-conformities can include your Internal Audit findings, addressing where you may not be meeting client expectations, addressing failure to meet legal obligations ect. As a reminder, ISO 9000 (Fundamentals and vocabulary) includes the definition of nonconformity: non-fulfilment of a requirement: need or expectation that is stated, generally implied or obligatory i.e. Legal / client expectation. [10:00] Addressing non-conformities – You need to evaluate the need for action to eliminate the cause of the nonconformity, to ensure that the issues doesn't recur, or pop-up elsewhere. When a non-conformity does occur, you need to: · Determine the causes · Determining if similar nonconformities exist, or could potentially occur; Any corrective actions should be appropriate to the effects of the nonconformities encountered. So, you don't need to commit a huge amount of resource to minor issues. [11:40] Join the isologyhub and get access to limitless ISO resources – From as little as £99 a month, you can have unlimited access to hundreds of online training courses and achieve certification for completion of courses along the way, which will take you from learner to practitioner to leader in no time. Simply head on over to the isologyhub to sign-up or book a demo. [13:40] Finding the cause of non-conformities – Without removing the cause, repetition may occur, and this is where integrating improvement data from multiple sources comes into its own. The idea of Common cause is - a single cause may manifest itself in very different outcomes. For example, a lack of competence could lead to a process being delivered wrongly, leading to reducing level of quality in service or product, which would be picked up as an NC. Competence is an area which can also lead to NC's, through the result of a helath & safety incident or environmental incident if people aren't trained to use equipment or follow set procedures. It can also lead to a customer complaint where the failed process is apparent to a customer. If a product NC isn't spotted until after the product delivered/in service it could lead to a warranty claim Or even a claim for damages should it lead to harm/loss to the customer It could lead to regulatory breach or even enforcement or legal action Some of these outcomes may not be apparent until they have impacted upon a customer or other interested party, so would not be recorded internally through a nonconformity system. All this to say, finding the root cause will require looking in a lot of different places. Having a common methodology in place to address non-conformities, including considerations for different types of issues, makes life a lot easier. [15:55] Integrating Improvements from multiple sources: There are many sources which can highlight opportunities for Improvement, including: Internal Audit – This is a conformity assessment, so any gaps or issues identified will be NC's that need addressing. Surveillance Audit / Certification Audit – Your Certification Body will also be conducting a third-party conformity assessment, which may highlight something you've missed in your own internal audits. Supply Chain Audit – Auditing your supply chain can also highlight NC's that you can encourage them to address, both for your benefit and theirs. Client Audit – You may be audited by clients, especially where there may be specific technical industry related issues. Management Review – This is the perfect platform to identify Opportunities for Improvement. You can highlight NC trends from Internal Audits here and define if they need to be addressed separately. You will often have members of senior management present at a Management Review, so there is a greater chance for you to plan tangible actions to address issues, especially if they are business critical. SWOT / PESTLE – This usually happens early on in the Implementation phase, but there's no reason why you can't repeat the exercise on an annual basis. This exercise directly identifies your risks and opportunities, both from internal and external sources. Getting input from all levels of staff as they may also shed light on potential NC's and opportunities other departments may not even be aware of. Accident reporting / Safety observations – Any incident should be viewed as an opportunity to improve. Some accidents are unavoidable, but many are a result of someone not following instructions, equipment being left unattended or in the wrongs location ect. Addressing these will help you to ensure a safer environment. Site inspections – Just walking around your site can yield new insights. Ask other departments that may not visit your area to do a sweep and report any findings. Sometimes all you need is a fresh pair of eyes to highlight issues you've missed. Complaint / Other customer feedback – Allow clients and stakeholders to have input. Regulatory requirements – You may discover you are breaching a regulation, which needs to be addressed ASAP. Consider a legal register to keep track of all your legal and regulatory requirements. Enforcement (HSE, EA, professional body) – You may have opportunities for improvement enforced by professional bodies such as the HSE or Environment Agency. Management Action – Any management meetings should take opportunity suggestions from both management and the general workforce. Product NC's – If you're in the manufacturing industry, you likely already have a system in place for monitoring any product related non-conformities. This process can be applied on a broader scale, as it embodies the same principles: Identify the problem, find the root cause, address the root cause, put preventative measures in place to stop recurrence. If you'd like to book a demo for the isologyhub, simply contact us and we'd be happy to give you a tour. We'd love to hear your views and comments about the ISO Show, here's how: ● Share the ISO Show on Twitter or Linkedin ● Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List
ISO Standards provide a framework to help businesses manage various aspects of their activities. Whether that's quality, risk, environmental or Information Security management, they provide invaluable guidance to establish an effective Management System. One element that is key, no matter the Standard or subject area, is Leadership. Without this driving force, your Management System will not get the momentum it needs to truly benefit your way of working. Today Ian Battersby will explain the integral role of leadership within the Implementation and maintenance of an ISO Management System, and how their active participation benefits the whole business. You'll learn · What is Leadership? · Where is Leadership referenced in ISO Standards? · How do Leadership get involved with the Implementation and Management of ISO Standards? · How does Leadership participation benefit the business? Resources · Isologyhub In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:05] Episode summary: Ian will be discussing the role of Leadership within ISO Management Systems and how their active participation can benefit the business as a whole. [02:30] What is Leadership? – Leadership is central to success in achieving any goal in business. It involves motivating a group of people toward a common pursuit, and it certainly isn't straightforward without leadership believing in what it's doing. Without showing that belief, why would the workforce sit up and take note: ‘If it's not important to you, why should it be to me?' [03:30] Why should Leadership get involved? – The need for leadership has been recognised by Standards bodies, hence why it's been made central to all Management System Standards. For many years, Management Systems were separate from the day-to-day activities of running a business, often boiled down to just a person in a room with manuals, getting through certifications and earning a nice shiny badge.But this had little to no impact on the bottom line (be honest)! But, a well-run Management System can have huge impacts and benefits on all types of organisation, and updated ISO standards aim to deliver that impact more readily, so leadership gets its own clause (Clause 5 – Leadership) [05:25] Clause 5.1 Top management shall demonstrate leadership & commitment – This boils down to taking accountability for effectiveness of the system, but how do you do this? Firstly, the system can only be effective if it is designed correctly, so leadership must ensure it fits with its context of the organisation, which is required in Clause 4. There are ways of doing this, but we favour a SWOT and PESTLE. This is simply to ensure that those establishing context don't do it in a vacuum, opening up the floor to get input from everyone effected by the Management System. This is key because Senior Managers need active involvement to understand how the system works, its resource needs and its performance. [07:25] Ensuring quality policy and objectives are established and compatible with context and strategic direction – The quality objectives must contribute to the business, so there's a role for senior managers to ensure that they are aligned and have a measurable contribution to the business. What measures are included in your objectives which can demonstrably show that they affect the business in some way in a good way? That's what senior management have to do to link quality objectives with strategic organisational business objectives. [08:20] Ensuring integration into the organisation's business processes – The quality objectives must contribute to the business, so there's a role for senior managers to ensure that they are aligned and have a measurable contribution to the business. They must ensure integration into the organisations' business processes, which in turn must be aligned with the context. They must also be relevant to the way the organisation runs and senior management needs to oversee a system which allows processes to do that. [05:20] Promoting use of the process approach and risk-based thinking – This requires senior management to actually do some promotion – which is stipulated as ‘Shall Promote'. For those that don't know, whenever the word ‘Shall' is used in an ISO Standard, that essentially means you MUST do it. In this instance, that means actually contributing the communications and raising of Management System Awareness. Senior Management have to be involved in the process of describing to people what's important, why the standards are important and that risk and process are central to the organisations operations. [09:35] Providing resources for the system – There's a number of resources that Senior Management need to consider, including: · People - Need to be enlisted to run a system and to operate the system throughout the organisation. · Competence – You may need to invest in training if required. · Expertise in the standard – Do you have expertise in-house on the Standard you're certifying to? If not, you will have to invest in training or additional help from a third-party. · Systems / Access and Documented Information – Do you have a place for hosting of documentation, workflows, forms? Further considerations are needed for required authorization and controlled access. · Time – Implementing and maintaining a Management System is a big task, whether done by an individual or a team, they will need time to complete necessary Management System activities. [10:30] Communicating the importance of an effective system and conforming to its requirements – Everyone looks up to Senior Management in regard to what their priorities are. It's up to them to effectively communicate the importance of the Management System, it's processes, their role in relation to the Management System and how to confirm with it's requirements. Key points to get across: · How this system makes your workplace a better place. · How it contributes to success of the organisation – I.e. happier customers, safer working conditions, ect · How it can make their daily routine more fulfilling – i.e. having a complete picture of their place in the business, how they contribute to its success. · What could nonconformity bring if people choose to step outside a management system? – I.e. With ISO 45001, nonconformance could risk someone getting injured. [13:50] Engaging/directing/supporting persons to contribute to effectiveness of the system – Team managers should be harnessing the people at all levels to be able to fulfil the requirements of the Management System. They should do that by providing clear expectations, which can be done via so communications and objective setting. [14:30] Promoting improvement – Continual Improvement is absolutely key to every management system. When something does go wrong, senior management must provide the resources for actively asking why things may have underperformed, so you can get to the cause of why it's underperforming and put it right. It's also an opportunity to highlight when things have improved and celebrate those that contributed to that success. [15:30] Join the isologyhub and get access to limitless ISO resources – From as little as £99 a month, you can have unlimited access to hundreds of online training courses and achieve certification for completion of courses along the way, which will take you from learner to practitioner to leader in no time. Simply head on over to the isologyhub to sign-up or book a demo. [17:40] Supporting other management to demonstrate leadership in their areas – Leadership drives top to bottom. Everybody can have a role in leadership. Roles and responsibilities are assigned by senior management, and this offers the opportunity for individuals to provide their own leadership in their specific areas. [18:15] 5.2 Policy – The definition of Policy in ISO Standards is: The overall intentions and direction of the organisation, expressed by senior management. A policy exists to govern the behaviour of an organisation and its employees in order to provide the best outcomes. It also provides the basis for the establishment of objectives. It does not explain how the policy is to be delivered through individual tasks. This may not be a detail for top management. What's the requirement?: Top management must ensure its appropriate to the purpose and context of the organization and supports its strategic direction It's not simply just a piece of paper to sign once a year. [19:25] 5.3 Organizational roles, responsibilities and authorities – What does the Standard say: ‘Top management shall ensure that responsibilities and authorities for relevant roles are assigned, communicated and understood within the organization' What does this actually mean?: · Ensuring the Management system conforms to your ISO Standard(s) · Ensuring processes deliver desired results · Performance reporting including opportunities for improvement · Promotion of customer focus · Ensuring integrity of the management system through change and continual improvement [21:30] Leadership in practice – Ian recounts an experience where senior management did regular safety checks in an organisation he worked with previously. Senior Management took an hour out each month to do a floor walk and actually talk to those on the ground floor to ask them about risk, equipment and just generally get a feel for how everything really worked. In turn, they were challenged by their staff on safe working systems and this proper conversation led to better understanding on both parts. The staff got to see their Senior Management genuinely care about their work and well-being, and Senior Management got much needed insight into the actual day-to-day activities and see first hand where improvements could be made. Those familiar with ISO 45001 will know that worker participation is a requirement of the Standard, but there's no reason why you can't apply this to other Standards. If you'd like to book a demo for the isologyhub, simply contact us and we'd be happy to give you a tour. We'd love to hear your views and comments about the ISO Show, here's how: ● Share the ISO Show on Twitter or Linkedin ● Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List
ISO Standards provide a framework to help businesses manage various aspects of their activities. Whether that's quality, risk, environmental or Information Security management, they provide invaluable guidance to establish an effective Management System. However, for those who are new to ISO Standards, the Standards themselves can seem rather intimidating to interpret. Back in 2015, the Annex SL format was introduced to provide a common high-level structure for Management Systems. With 10 clauses now common in most widely adopted ISO Standards, it can still be a bit difficult to understand exactly how these all work together. Today Ian Battersby will explain how ISO Standard clauses work in tandem to create a cohesive cycle, from context of the organisation through to Improvement. You'll learn · What is the high-level structure? · What are ISO Standards structured this way? · How do ISO Standard clauses interconnect? · How does this apply to Quality Management? Resources · Isologyhub In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:05] Episode summary: Ian will be discussing the interconnectedness of clauses, which basically just means explaining the key links between the clauses and how that applies to your management system. [02:40] High level structure – 10 years ago, Annex SL was introduced to create a common framework for ISO Standards. Today, Ian will focus on ISO 9001 as that really is the grandfather of all Management System Standards. ISO 9001 includes elements which are applied to most commonly adopted ISO Standards, and sets the scene in terms of how the clauses link together. [03:20] Why are ISO Standards structured this way? – On their surface, ISO Standards can seem very repetitive in the way that they're written, but there is a good reason for that. There are all based around the Plan-Do-Check-Act cycle. [04:10] What is the Plan Do Check Act cycle? – This is a simple process that all Management System Standards adhere to. So you start with a ‘Plan' to establish objectives, the resources which you need to deliver results, you identify risks and opportunities. From that point you fulfil the ‘Do' part through Implementation and using the Management System. From there you ‘Check' so you monitor against the policies, objectives and any other requirements. Basically monitor against what you said you'd do and then you ‘Act' if you find anything that needs to change, you make that change and you improve as an organisation and you improve that management system. [05:00] A logical path – Management System Standards are designed in such a way that they flow from one clause to the other. One cannot exist without the other. [05:20] How does Clause 4 Context of the Organisation link with Clause 6 Planning? – As clause 4 Context of the Organisation states: ‘external and internal issues relevant to your purpose and strategic direction… …and that affect your ability to achieve intended results' The scope of your management system depends entirely on this. The world in which you operate - what you buy, the people you employ, what you make, who you sell to, the laws you follow… Clause 4 also requires us to identify all interested parties (which we'll address later!). With careful planning, you can align documentation you develop for one clause with other clauses. Clause 4 doesn't tell us how we should work out our context, but it provides some very good clues · NOTE 1 Issues can include positive and negative factors · NOTE 2 Understand the external context by considering issues arising from legal, technological, competitive, market, cultural, social and economic environments So they're not saying how to do it, but they've said what you can consider This sounds a lot like a traditional SWOT/PESTLE analysis… If we skip to Clause 6, Planning, the first thing we must do when we plan is to identify actions to address risks and opps A SWOT will mean you've covered these elements, consider the following = · Weakness = Risk · Threat = Risk · Opportunity = Opportunity We can similarly view the PESTLE in the same light. So you can see that with careful planning, as mentioned you can align documentation for one clause with other clauses. [10:00] How does Clause 6 link with Clause 7 & 8? – Skipping from Clause 6.1 If you've identified what might go wrong (aka - risk), you need to plan to ensure it doesn't happen again. That may involve a single improvement action, which is linked to clause 10 (funnily enough, Improvement) It may be that you need something bigger, involving many steps, over a period of time, say an objective (clause 6.2)? So, the planning of objectives links directly to the context of the organisation, the world in which you operate. It may be that you need an operational control to mitigate risk, a process or procedure that helps to manage the situation as a business as usual situation (clause 7 documented info and clause 8, operation) So the planning of processes and procedures links directly to the context of the organisation, the world in which you operate. In all these circumstances, it's the same for opportunities, except you're putting in place measures to take advantage of the opportunities. [13:05] Join the isologyhub and get access to limitless ISO resources – From as little as £99 a month, you can have unlimited access to hundreds of online training courses and achieve certification for completion of courses along the way, which will take you from learner to practitioner to leader in no time. Simply head on over to the isologyhub to sign-up or book a demo. [15:10] Clause 7 Support and related links – Moving through the standard, clause 7.4 relates to Communications. You need to determine internal and external communications relevant to the QMS (for 9001). In clause 4, you would have looked at interested parties (i.e. stakeholders). You need to determine who affects the way in which you operate and what they need/expect from you. Parties to consider include: · Customers · Employees · Shareholders · Suppliers · Regulators · Neighbours · Media So, by Clause 7 you will have already identified who's interested and what interests them, so it's only a small step to add to this the communications plan. ISO 9001 doesn't ask for one specifically, but it's a good way to fulfil the requirements of clause 7.3. Clause 7 also mentions Monitoring and measuring resources (7.1.5). This is a very brief clause, but central to establishing the means for demonstrating performance. We need reliable results when monitoring or measuring is used to verify the conformity of products and services to requirements, i.e. do we do what we say we do? Clause 7.5 requires us to document how we do things. Again it's very brief in its requirements (leaves it up to you to decide), but clause 8 is all about operation – which is the way you do things. It's much more specific about understanding what the customer wants, designing it correctly, controlling changes, making it, delivery and addressing issues. This is what you measure: 7.1.5 requires you to ensure you can measure, 7.5 requires you to document how you do things, 8 requires you to do things according to the way you've said you will. [20:10] Clause 9 Performance Evaluation and related links – Moving onto Clause 9, Performance Evaluation, again risk appears. We've already assessed risk right at the start, now we evaluate whether we've successfully controlled risk. We decide what to audit based on the level of risk attached to certain controls (policies, procedures, processes…). We've set objectives based on risks and opportunities and now we must measure performance. We've put in place operational controls to mitigate risk (clause 8) and now we measure whether those controls work. [21:30] Clause 10 Improvement and related links – This one is fairly self-evident. If something goes wrong, find out why and put it right and make sure it doesn't happen again. Look at your system and continually improve based on your evaluations in Clause 9. If you'd like to book a demo for the isologyhub, simply contact us and we'd be happy to give you a tour. We'd love to hear your views and comments about the ISO Show, here's how: ● Share the ISO Show on Twitter or Linkedin ● Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List
After 5 years of hosting the ISO Show, Mel Blackmore will be taking a step back as she focuses on her sustainability related endeavors. She's passing the baton onto our new host – Ian Battersby. Ian is a Senior isologist at Blackmores, and while relatively new to the team, he has a wealth of Standard and ISO related knowledge to share with you all. Today we Introduce Ian Battersby as the new host for the ISO Show and learn about his background in Standards and ISO. You'll learn · Taking a step back · Introduction to Steph Churchman · Introduction to Ian Battersby · What Standards has Ian worked with? · What Sectors has Ian worked in? Resources · Isologyhub In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:05] Episode summary: After 5 years of the ISO Show, Mel Blackmore is handing the hosting baton over to Ian Battersby [02:25] Interim host – Ian will be the main host going forward, but there will be additions from Blackmores' Communication Manager – Steph Churchman. You may recognise her from recent episode such as: · Top 10 Reasons to use ISO 42001 AI Management · Top ISO Standard Trends in the Data Centre Industry Steph will be sharing findings from our own research, standards updates and conducting interviews with our isologists. [03:35] An Introduction to Ian Battersby – Ian has been working for Blackmores since August 2023. Although he is meant to be part-time, he's had a very busy first few months here! Ian began working in British Aerospace, specifically manufacturing, in 1984. He later decided to return to university to study electrical and electronic engineering, which was promptly dropped. His return to BAE lasted a few years before he moved onto the civil service for the Department of Health, working with them to conduct safety investigations and helped to create a broader risk profile. When he moved to work with the NHS, firstly, with the litigation authority setting up governance and risk standards and then as a risk manager. Surprisingly, after moving up a few levels, he decided to move onto run a restaurant! A Curry House to be specific, but after a year of rather stressful work that ended up costing a lot more than expected, he returned to work within the construction industry which is where he became more involved with ISO Standards. From there he went onto work in manufacturing of high pressure pumps for a while before moving onto an organisation who rant he estate for the Department of Work and Pensions. In the end, Ian left them due to being unable to live the life he wanted to live. [05:15] What Standards has Ian worked with? – He started with ISO 9001, ISO 14001 and OHSAS 18001 (now ISO 45001). [06:00] Digital Nomad – Ian currently splits his time between Leeds in the UK and Malaga in Spain. Having a lot of experience working remotely in previous industries, this leap didn't impede on his work in any way. [07:15] What other Standards has Ian worked with? – He has assisted with ISO 44001 (Collaborative Business Management), but admittedly it was not his favorite ISO Standard to work with. It's one of the rare instances in ISO where the Standard doesn't quite align with others. [08:00] What Sectors has Ian worked in – Ian's extensive work history has afforded him the opportunity to work in a number of sectors, including: · Construction and Fit out · Manufacturing · Estate Management · Private enterprise · Healthcare / NHS · Facilities With this list growing at a rapid pace since his introduction at Blackmores! [09:45] What's a big challenge that Ian's had to overcome in the past? – In terms of ISO, it has to be Leadership. Ian's found that to always be an issue within businesses attempting to implement ISO Standards. A good looking Management System will only go so far without leadership commitment. While working in facilitating Standards for an organisation, you won't be implementing the whole system yourself. It's more a case of delivering through others, the organisation controls and delivers their own processes and improvements, and so it's imperative that Leadership are also embedding and encouraging these actions. Ian will be going more in-depth on this topic in a future episode. If you'd like to book a demo for the isologyhub, simply contact us and we'd be happy to give you a tour. We'd love to hear your views and comments about the ISO Show, here's how: ● Share the ISO Show on Twitter or Linkedin ● Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List
Data Centres could be considered the powerhouse of thousands of businesses globally. Long gone are the days of small physical servers being housed on-site, instead we rely on data centres to keep all our critical data safe and secure. But how do we know they are doing just that? Many hold certifications to security-based Standards such as SOC 2 or NIST to display their commitment to data security. However, many also hold various ISO certifications that cover other aspects of the business outside of information security. Today Steph Churchman, Communications Manager at Blackmores, will be sharing the top ISO Standard trends within the UK Data Centre industry. You'll learn · Why did we look into the Data Centre industry specifically? · What are the top 5 ISO Standard Trends in Data Centres? · Why are these ISO Standards essential for Data Centres? · Other commonly adopted ISO Standards within the data centre space Resources · Isologyhub · ISO 27001:2022 Transition Gameplan In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:25] Episode summary: We'll be taking a look at the top ISO Standard Trends within the UK Data Centre Industry [02:30] Why did we look into the Data Centre industry specifically? – In the mid 2010's, we noticed an influx in enquiries from Data Centres in regard to Implementation of ISO Standards. That prompted a research project that led to Blackmores working with some of the top UK Data Centres. Now in 2023 and 2024 we're starting to see a similar push for ISO Standards within the same industry. So, we revived the project to get a grasp on the modern ISO landscape, and took a look at the top 100 Data Centres within the UK. [03:34] #1: ISO 27001 Information Security – Out of the 100 data centres sampled 72% of them were certified to ISO 27001. Security is of upmost importance to data centres, and the great thing about ISO 27001 is that it considers security for not only the digital environment, but also for people and physical security. This Standard is also, in most cases, a stakeholder requirement. Certification to ISO 27001 indicates that you're adhering to best practice in information security, and through the creation of an ISO 27001 compliant Management system, you will have documentation in place such as an information security policy and data retention policy, that often get requested by potential clients. If you'd like to learn more about the Implementation process for ISO 27001, we've got a helpful 3-part podcast series that summarises the entire process from Gap Analysis to Assessment preparation. anyone currently certified to ISO 27001:2013 that you have just over 1 more year to complete your transition to ISO 27001:2022. If you don't do so by October 31st 2025, you'll risk losing your ISO 27001 certification. That's not the only reason you should be transitioning though. The new version of the Standard includes 11 new controls, which cover some newer technologies which really weren't around when the 2013 version was published. So regardless of the risk of losing your certification, it's in your best interest to ensure that you're adhering to the latest version. If this is all news to you, then you can also go back and check out episodes 128 through to 133. This was a little mini-series we did to summarise the key changes to ISO 27001 and what actions you need to take to transition. We also have a Transition Gameplan available on the isologyhub if you'd like a more guided approach, including document templates and training videos covering those new controls. [06:25] #2: ISO 9001 Quality Management – The Quality Management Standard is as popular as ever, even within the data centre space, with 51% of the 100 sampled data centres being certified. ISO 9001 is considered the leading ‘Quality mark' for businesses and is often the starting point for many diving into the world of ISO implementation. ISO 9001 creates a well-rounded base Management system to help you manage your risks and opportunities, as well as ensuring you drive a culture of continual Improvement. Its guidance can help you establish your core policies, processes and procedures to ensure everyone is singing from the same song sheet. The fact that this one is popular among data centres isn't too much of a surprise, it's a universally adopted Standard that isn't limited by industry or organisational size. Currently, there are over 1 million ISO 9001 certificates issued worldwide, and that trend shows no signs of slowing down. [08:25] #3 ISO 14001 Environmental Management – A surprising 25% of the sampled data centres were certified to ISO 14001. From an objective point of view, it makes sense for data centres to consider their environmental footprint. But a lot of that would fall under energy usage rather than just general environmental management, so this likely means it's mainly driven by stakeholder requirements. ISO 14001 is being requested more and more for the likes of large Government contracts, so If you want a chance at bidding for these, ISO 14001 is a must. Now don't get me wrong, I'm sure a lot of data centres have implemented this Standard in an earnest effort to monitor and measure their impact holistically. After all ISO 14001 asks businesses to consider how they can prevent environmental impacts such as pollution and degradation of nature. And the additional guidance provides some helpful starting points for those that may not be sure where to start, for example making commitments to recycling, protection of biodiversity and climate change mitigation. For data centres specifically, this may come into effect when we think of the amount of electronic waste that they could potentially produce. Obviously, this can't just be thrown out in a standard green lidded bin, it'll need to be taken to a dedicated electronic waste facility for processing, disposal and recycling. Racking, shelving and cables will all also need to be replaced at some point, and it's up to each data centre to ensure they have the appropriate processes and policies to ensure this is done correctly and more importantly legally, which again, is where ISO 14001 can help put those frameworks in place. [10:30] Join the isologyhub and get access to limitless ISO resources – From as little as £99 a month, you can have unlimited access to hundreds of online training courses and achieve certification for completion of courses along the way, which will take you from learner to practitioner to leader in no time. Simply head on over to the isologyhub to sign-up or book a demo. [12:45] #4: ISO 50001 Energy Management – With just 13% of the 100 sampled data centres certified! This one is a shocker because, typically, data centres highest cost is in relation to their energy usage. They require enormous amounts of energy to keep their facilities running and to cool down their equipment 24/7. Which I imagine they'd be quite keen to reduce if only to save on running costs. This is where ISO 50001 can come in, to help create a structured approach to effectively monitor that energy usage, so you can identify key trends and opportunities to reduce overall energy consumption, which in turn will save a lot of money. With a healthier proportion being certified to ISO 14001, it seems a shame that so many are missing out on the additional benefits that ISO 50001 can bring, especially when it can very easily be integrated with ISO 14001. In fact, if you're already certified to ISO 14001, then you've already done half the work to implement ISO 50001. Both frameworks are based on that Annex SL format, and both have a lot in common in terms of what documentation is required. It can also help with compliance with some UK and EU based energy initiatives. For example, here in the UK we have ESOS (The Energy Savings Opportunities Scheme) which applies to large organisations that fit within its criteria. They're usually required to provide a report once every 4 years, however as of 2023, Phase 3 now requires organisations to provide an Energy Action Plan which details what actions they plan to take to reduce their energy consumption. There are likely a few data centres that would fall into ESOS's criteria, and if you're sick of going through the ESOS song and dance every few years, then ISO 50001 may be the answer for you, as being certified means that you're going above and beyond ESOS's requirements and will be considered compliant. Meaning no more pesky reporting, or having to locate an ESOS assessor to sign off on those reports. [15:10] #5 ISO 22301 Business Continuity Management – With 12% of the 100 sampled data centres being certified. ISO 22301 is the Standard for Business Continuity, and provides a basis for planning to ensure your long-term survivability following a disruptive event. That 12% may not be truly reflective of all the data centres that have business continuity plans in place however, as according to a recent Business Continuity institute survey, 56% of surveyed businesses use ISO 22301 as a framework but aren't certified to it. There will be a fair few data centres in our sample list that fall under that category. Why should this Standard be a priority for Data Centres? Well, the answer should be simple, if a disaster were to knock out a data centre, that has a massive knock-on effect. Many house servers used by hundreds if not thousands of businesses and users. If they're unable to provide services, that will in-turn cause multiple other businesses to grind to a halt. The true cause of failures at data centres can be many things such as hardware failure, human error or a disaster such as flooding or fires. However, the advantage of utilising ISO 22301 is the ability to be able to effectively deal with these incidents and restore services, which is essential for an industry which is quite literally the powerhouse for millions of other business and people. If you fail to plan, you plan to fail Having a robust business continuity plan should be a top priority for any business, especially data centres, seeing as so many rely on them to keep their own services running. Even if you don't want to go through the full certification process, it's worth grabbing a copy of the Standard, as it provides a lot of helpful guidance. If you'd like to learn more about ISO 22301 in general, go back and check out episode 42 where we go over the Standard in more detail and it's many benefits. [17:45] Runner up: ISO 20000 Service Management – Saw 11% of our sample data centres certified to this Standard. This actually used to be known specifically as the IT Service Management Standard, so that probably clues you into why this would be adopted by many with in tech spaces. However, it truly is applicable to any business offering services. The aim of ISO 20000 is to provide a framework for an effective end-to-end service management system which encompasses the entire lifecycle of a service from concept and design, through to service removal and end-of-life. [18:55] Runner up: ISO 27017 information security controls for cloud services – With just 5% of our sampled Data Centres certified. This one is fairly self explanatory in it's relation to data centres, which operate solely on cloud based services. This Standard was introduced after the 2013 version of ISO 27001 was published, as the main standard didn't really address cloud security controls specifically. Mostly because cloud computing and its related security weren't as widely adopted as they are now. So ISO 27017 was created to try and bridge those gaps. In the latest 2022 version of ISO 27001, there's now a new control for cloud security. So, we may see less interest in ISO 27017 certification going forward. If you'd like to book a demo for the isologyhub, simply contact us and we'd be happy to give you a tour. We'd love to hear your views and comments about the ISO Show, here's how: ● Share the ISO Show on Twitter or Linkedin ● Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List
Cyber incidents are on the rise as data shows there was a 20% increase in data breaches from 2022 to 2023. Technology has become an integral part of most businesses, especially post pandemic where many who may have avoided this reliance on tech had no choice but to adapt to survive. As a result, the question of businesses being affected by a cyber incident has become ‘when' rather than ‘if'. However, there are a number of steps you can take to mitigate risks ahead of any potential incidents. We invited Jack Morris, Account Director at Epiq, to discuss cyber incidents, the importance of being proactive in reducing cyber incident risk and the steps you can take to mitigate these risks. You'll learn · Who are Epiq? · What is a cyber incident? · The importance of being proactive in reducing the risk of an incident · What can organisations do to be proactive in mitigating cyber incident risk? · What are forensic tabletop exercises, and how do they enhance preparedness? · Why might an organisation need to get an incident response retainer? · What role do Information Governance consultants play in reducing cyber risk? Resources · Epiq · Isologyhub In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:05] Episode summary: Today Mel is joined by guest Jack Morris, Accoutn Director at Epiq, to discuss how to mitigate cyber incident risk. [02:40] Who are Epiq? – Epic is a global leader in technology enabled legal services. In fact, it supports 90% of the top law firms globally! With over 8000 employees spread over 19 countries, it helps to support corporations, law firms and government agencies across the globe. [04:31] Who is Jack Morris? – Jack joined the industry relatively fresh out of university, starting at an organisation called Kroll where he was focused on data management – including overcoming ransomware infected devices and essentially allowing organisations to get access to data that was previously taken away from them. Kroll was later acquired by Duff and Phelps and went through a turbulent time of many name changes before settling on Kale Discovery. He ended up leaving a year ago and joined Epiq as an Account Director. Jack's role at Epiq includes being a facilitator, introducing law firms, corporations and cyber insurers to best in class people and technology. [06:40] What is a cyber incident?: A Cyber Incident is any unauthorised or unexpected event that compromises the confidentiality, integrity or availability of an organisation's information systems, data or network. Incidents can range from data breaches and malware infections to single mailbox compromises and insider threats. Organisations looking to combat information security risks should consider ISO 27001, as it's key principles include the confidentiality, integrity or availability of your businesses information. [08:29] Why is it important for organisations to be proactive in reducing their risk of an incident, no matter the size of your business? – Let's look at some startling statistics: In 2022, 39% of businesses in the UK identified a cyber attack in the previous 12 months. Of this 39%, 31% of those businesses experienced attacks at least once a week. 48% of Small to Medium Businesses, globally, experienced a cyber incident in the last 12 months, with 61% of all cyber-attacks specifically targeting small business. This is the most shocking of the statistics, and why it's so important for us to be having these kinds of conversations around how business, no matter the size, need to be proactive in mitigating the impact of a cyber incident. 70% of small to medium businesses in the UK believe that they are unprepared to deal with a cyber attack (which excludes those who think they have proper processes in place but ultimately don't). Nearly 60% of businesses that are impacted by a cyber incident go out of business within 6 months following! [12:10] Are there any particular industries that are most at risk from a cyber incident? – Cyber Incidents are not siloed to particular industries, but there are some trends that we see in the market. Looking at Q1 2024: January saw a rise in cyber incidents predominantly affecting retail, education and local government. In February we saw a significant number of breaches, impacting organisations across the full spectrum of markets. All of this to say that regardless of the size of your business and the industry you operate in, the number of cyber incidents are increasing as well as the severity of said incident. [13:35] ISO Standard trends – At Blackmores, we've seen an increase in demand for ISO 27001 and related data privacy standards across the board for all sectors. A stark difference to 10 years ago where it would mostly only be adopted by those in the managed services or tech based industries. [15:30] What can organisations do to be proactive in mitigating cyber incident risk? – Things such as implementing a proactive incident response plan, engaging with law firms and consultancy organisations to become aware of the organisation's requirements and compliance issues arising from a cyber incident. If you were hit with an incident today, you must report any personal data breaches to the relevant regulators within 72 hours of becoming aware of an incident or there can be fines that are implicated. To deal with these types of situations, it's imperative that your organisation has established, sound relationships with law firms and consultants. [17:25] What is the importance of an incident response plan? – Implementing an incident response plan is crucial because it allows organisations to prepare for potential cyber incidents before they occur. By identifying risks, implementing preventive measures, and conducting exercises, organisations can significantly reduce the impact of incidents. Organisations should be aware of both the legal and operational issues that arise from a cyber incident – from regulatory compliance and liability concerns right the way through to loss of systems/data and brand reputation are all key considerations that have an effect on the whole of a business. [18:35] What are forensic tabletop exercises, and how do they enhance preparedness? – Forensic tabletop exercises simulate cyber incidents in a controlled environment. They involve key stakeholders discussing and practicing their roles during an incident. These exercises improve coordination, communication, and decision-making, ensuring a more effective response when a real incident occurs. The workflow here is clearly defined; implement an incident response plan, and then test that plan for robustness – engaging with external providers, like Epiq, to further add to the existing plan and to test how the organisation will manage an active incident. [19:35] Join the isologyhub – Don't miss out on a suite of over 200+ ISO tools, templates and training, sign-up to become a member of the isologyhub [21:45] Links with Business Continuity – Response readiness plans and forensic tabletop exercises both tie into aspects of ISO 22301 – business continuity. In Blackmores' experience, a lot of organisations don't actually test their plans, so when going through the process of implementing ISO 22301, where testing these response plans are a requirement, it's a bit of an eye opener when they realise they're not as resilient as initially thought. It's always better to test these plans in a simulated environment vs a live one, so you can be assured that your plans are up to the task. [23:40] Why might an organisation need to get an incident response retainer? – We're starting to see a number of industries, particularly in regulated verticals, requiring businesses in their supply chain to meet a number of different cyber security requirements. One, which keeps popping up, is to have a plan in place for responding to security incidents. Having a retainer can help meet these compliance requirements. [26:05] What role does Managed Detection and Response (MDR) software play in proactive incident response? – MDR solutions continuously monitor networks, detect threats, and provide real-time alerts. They enhance proactive response by identifying suspicious activities early, allowing organisations to take preventive action before incidents escalate. [27:50] What role do Information Governance consultants play in reducing cyber risk? – : Information Governance (IG) consultants specialise in helping organisation define their Information Governance Strategy encompassing data security and defining compliance policies.. They support organisations in defining: · Data Classification: Identifying Sensitive and PII data and categorising based on their confidentiality or regulatory requirements. · Retention Policies: Defining policies on retention period of records and method of disposition aligned with compliance requirements. · Legal Holds: Ensuring necessary data is preserved for potential litigation, internal investigation or as part of audit process. · Privacy Compliance: Aligning with regulations such as GDPR, DP, DPA, CCPA. [33:30] What are Jack's top tips that the listeners can take away from this podcast session and implement today to begin mitigating their risk? – : Unfortunately mitigating cyber risk isn't a one-size-fits-all response, however I like seeing cyber risk as 3 buckets, that businesses should be aware of and measure their organisation against: Technology & Infrastructure – outdated systems, unpatched software and not fit for purpose IT infrastructure pose risks. These types of vulnerabilities are exploited by attackers, leading to data breaches, malware infections and system disruptions. So, making sure that your technology and infrastructure is fit for purpose, and up to date is a key takeaway. We spoke about Managed Detection and Response solutions earlier in the session, which is a great, cost effective way of adding an additional layer of technology security. Human Factor – for me, this is the number 1 frailty to a business. Business Email Compromise incidents increased by 67% in 2023, with Multi-Factor Authentication (MFA) being bypassed in 29% of these cases. Over recent years, cybersecurity awareness has been the aim of the game. However it is crucial that, as our understanding progresses, we switch our focus to fostering a culture of cybersecurity responsibility among colleagues and employees. Ensuring that your people are aware of cyber incident (perhaps listening to this podcast), and their role in mitigating the risks associated to a cyber incident are crucial in ensuring that your business is secure. Preparation – in just about all walks of life, preparation is key for preventing almost anything. We have spoken today about some of the key preparation themes I'm seeing in the industry, from Response Readiness plans, to MDR, to Incident Response Retainers. Getting sufficient Cyber Insurance coverage is of paramount importance to ensure that your business can respond effectively to an incident, should one occur. If you'd like to learn more about Epiq and how they can help you, visit their website. If you'd like to book a demo for the isologyhub, simply contact us and we'd be happy to give you a tour. We'd love to hear your views and comments about the ISO Show, here's how: ● Share the ISO Show on Twitter or Linkedin ● Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List
We have over 18 years experience of implementing various ISO's, covering a wide range of topics such as Quality, Sustainability, Information Security and Risk. With a 100% success rate, we're confident in our consistent approach to implementing ISO's, so much so that we've coined our own unique methodology. Our regular listeners may be familiar with the term ‘isology' from previous episodes referencing our online platform – the isologyhub. But what is isology exactly? Put simply, isology is our 7-step method for implementing any ISO Standard. Join Mel this week as she breaks down each of the 7 steps, including the planning, creation and review of an ISO Management System. You'll learn · Our experience implementing ISO's · The origin of isology · What is isology? · The seven steps of isology Resources · Isologyhub · Isology synopsis In this episode, we talk about: [00:25] Episode Summary – Mel Blackmore will be explaining our world leading methodology to implement any ISO Standard, which we've affectionately named ‘Isology'. [00:45] The creation of isology: We've been implementing ISO Standards for 18 years, starting with ISO 9001 and have since expanded our repertoire to over 20 ISO Standards covering risk, sustainability, quality and Information Security. The creation of the isology methodology has been a team effort from all of the consultants who have worked with Blackmores over the years, and is primarily built on best practice. [01:35] Step 1: Plan – Get a copy of the Standard, determine your scope, timescales, leadership commitment, resources and selecting a Certification Body. Timescales: This is typically around 6 months, but could be longer or shorter depending on your specific requirements. Resources: As an example, if you were looking to obtain ISO 14001 certification, you may need to appoint a sustainability champion. For ISO 27001 you'll need a representative from the IT department. Selecting a Certification Body: Ensure whichever Certification Body you choose is UKAS accredited. You can check this on the UKAS website. International listeners will need to verify on your country's national accreditation body website. [03:45] Step 2: Discover – Time to understand what you have in place already and what you're missing – this is done through a Gap Analysis. This will often involve an initial meeting with the leadership team to establish what you already have in place, i.e. relevant policies and procedures or any relevant objectives. We break this down step-by-step and document it all in a Gap Analysis, which will deduce your current level of compliance. From this an action plan can be created to indicate what needs to be done to become fully compliant, including assigning roles to assist with the Implementation. [05:30] Step 3: Expose - This is where we look at risks and opportunities related to your desired Standard (both internally and externally). This is typically done through a SWOT (Strengths, Weaknesses, Opportunities and Threats) and PESTLE (Policital, Economic, Social, Technological, Legal and Ethical). In this stage you will also need to understand the key requirements of any relevant stakeholders, so this can include clients, subcontractors, regulatory bodies ect. A Risk Register may be created to capture the findings to be addressed later. Some ISO's require a Risk Register, others don't, but in our experience it's beneficial to have one regardless. Companies are also encouraged to create a Legal Register to keep track of all their statutory, regulatory and contractual requirements. [07:50] Step 4: Create – Time to review the requirements of the Standard in terms of documentation – and create what's needed. This includes capturing your way of working with documented Procedures, so make sure you have the relevant staff involved in their creation. Something to remember, you can have additional policy statements that aren't required by the Standard. If they are important to you, add them in! We're in a modern age now, gone are the days of paper manuals gathering dust on an office shelf. Software and applications may be where the bulk of your Management System documentation lives. For example, at Blackmores we use a combination of Monday.com and SharePoint to manage all of our day-to-day activities, including our own ISO 9001 compliant Management System. The key here is to make your Management System accessible for everyone. [10:20] Step 5: Launch – Once the Management System has found its home, you need to communicate it. Consider the type of launch you want and who will be involved. Make sure you encourage engagement with the Management System. Why should you Launch your Management System? Quite simply, there isn't much point in having controls in your business if no one knows about them! We have 2 key ways of supporting you with the launch of your Management system: 1) We can run an awareness session on your Management System either in person or via Teams. It can then be recorded and used as refresher / induction training. 2) Get access to the isologyhub – out online platform with a suite of over 200 ISO courses, training, tools and templates. [12:15] Step 6: Engage - After the launch you want to ensure that employees are fully engaged and they actually not only are aware of the policies and procedures that you've got in place, but they're actively using them. The only way to verify this is through Internal Audits – that's not just our opinion, that's a mandatory requirement of any ISO Standard. We can assist with conducting these Internal Audits, which double up as a dummy run ahead of your assessment visits. These audits are essentially a show and tell exercise to gather evidence that you're doing what you say your doing. [13:55] Step 7: Review - Time to take a step back and look at what's been achieved and what's been highlighted as areas for improvement through your Internal Audits. This is done at what we call a Management Review. These are typically conducted as meetings, but they don't have to be a meeting specifically. We've done a podcast covering other ways to conduct this review. At this Management Review you will collate data on the performance of your business in relation to the ISO Standard. The minutes must be recorded, as your Assessor will expect to see these as it's a mandatory requirement of any ISO Standard. If you'd like to learn more about what's involved with a Stage 1 and 2 Assessment, go back and listen to a previous episode. If you'd like to book a demo for the isologyhub, simply contact us and we'd be happy to give you a tour. We'd love to hear your views and comments about the ISO Show, here's how: ● Share the ISO Show on Twitter or Linkedin ● Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List
#298"One size bigger and red."Roundtable2023.04.13Dale learned a lot while editing this episode.She learned the board game ‘Spirit Island' is about spirits that protect an island, and she is pretty sure that this is the same premise as hit TV show ‘LOST'.She learns that CSS is not a programming language or a mark-up languageAnd she learns that CSS stands for Cascading Style SheetsShe learns that AAA games are easy (not sure why she struggles with them)That there are either wrong choices in skill trees OR it never really matteredAnd that Stephen wants to fight everyone on DiscordGood luck anyone who isn't a McGregor!Stephen is playing Spirit Island - Board Game GeekRa Ra Boom Trailer (from Max who schedules our interviewsTwin Cities Playtest is the 3rd Wednesday of the Month - EventbriteTwin Cities Playtest is also on YouTube - IGDA Twin Cities, YouTubeCSS9:47Mark LaCroixProgrammingIn this discussion Ellen mentioned accessibility standards for web contentWCAG (Web Content Accessibility Guidelines) - WikipediaMark asked if there is an ISO Standard for this, and there is! ISO 40500:2012There is also one for UI: ISO 30071-1Mark mentions that you should look up the 'Blink' tag, but Dale already did it for you, here.Unity Style Sheet (USS) - UnityThere is a USS Unity in Star TrekAnd Stephen mentions the Div-Div Crow, based on this webcomic.Skill Trees46:38Stephen McGregorGame Design
The deadline is looming over the horizon as October 2025 marks end of the validity of ISO 27001:2013 certificates. Have you made a start on your transition journey? If not, you really should make a start in 2024 to ensure you're all set well before that final deadline. The first step is to decide if you want to do it yourself or enlist the help of a professional consultant. For those that want to tackle it yourselves, you're in luck! As we have just the tool to help: The ISO 27001:2022 Transition Gameplan. In this weeks' episode, Steph Churchman, Communications Manager at Blackmores, explains why you need to transition to the 2022 version of the Standard and outlines the 7-step ISO 27001:2022 Transition Gameplan available on the isologyhub. You'll learn · Why do you need to transition to ISO 27001:2022? · What happens if you don't transition? · What is the ISO 27001:2022 Transition Gameplan? · An overview of the 7-step Gameplan Resources · Isologyhub · ISO 27001 Transition Gameplan In this episode, we talk about: [00:25] A different host – Steph Churchman, Communications Manager at Blackmores, steps in to cover today's episode. She's heavily involved with the development and updating of the isologyhub, and will be explaining one of the latest Gameplan's: The ISO 27001:2022 Transition Gameplan [01:15] Why do you need to transition to ISO 27001:2022? The October 2025 deadline is fast approaching, so you really should be making a start in 2024 if you've not already. [01:45] Who needs to transition to ISO 27001:2022? – Basically, anyone who is currently certified under ISO 27001:2013 will have to transition to the updated Standard. One of the main reasons why we recommend getting a head start on this is , Certification Bodies will undoubtedly have a large demand for transition audits in 2025, when everyone's rushing to get it done last minute. This results in a shortage of resources from the CB's, and you may end up struggling to get booked in time. [02:35] What happens if you don't transition in time? – The harsh truth is you will lose your ISO 27001 certification. This then means you'll be required to go through another Stage 1 and 2 Assessment against the latest version of ISO 27001, which can be costly. Another key reason is the latest version of ISO 27001 also considers a lot of new technologies that weren't around back when the last version was published. You can imagine now that there are a lot more cybersecurity risks to consider with all the latest technology that has been released in that time. Put simply, it's for the benefit of your Information Security to ensure you are adhering to the most recent best practice Standards. [03:40] What is the ISO 27001:2022 Transition Gameplan? This Gameplan will walk you through the stages of transition, which align to our proven isology® approach. Isology being our methodology for implementing any ISO Standard, based on our 18+ years of experience. In this Gameplan we provide training videos on the changes to ISO 27001, along with specific training videos covering each of the new Annex A controls that you will need to be familiar with, along with templates and workbooks to take you through the process from beginning to end. [04:20] Step 1: Plan – Before you begin on your journey, it's advised to understand the main changes to the standard. We've summarised the high-level changes in a previous podcast, and included a quick summary in the first step of the Gameplan. In this first step, you'll also find guidance on how to prepare for your Certification Body visit. You really do need to do this early on to help establish a realistic timeline to complete your transition work. [04:55] Step 2: Discover – At this stage, you need to get to grips with the changes to the Standard. There have been a number of controls changed, and 11 completely new ones added. We did cover a select few of these new controls in a few previous podcasts: #111, #112, #113, #114 In this Discover step we provide a number of awareness videos to explore these new controls and changes in detail, including how they may apply to your business. We've also included a downloadable PDF guide to these changes, in case you'd like to share this information internally. [05:40] Step 3: Expose - In this step we've included an ISO 27001:2022 transition workbook, which will act as a guide for all your transition activities. The first being the conducting of a Gap Analysis against the latest version of the Standard. After completing this, you will have a much better idea of where your main gaps and vulnerabilities are, so you can start putting the necessary controls in place to ensure compliance with ISO 27001:2022. We've also included a summary of the main Management System documentation that will need to be updated ahead of your transition visit. [06:20] Step 4: Create - This is the step where you will be implementing those changes as a result of your Gap Analysis. This will also be guided by that workbook, and we have provided some additional templates and resources to aid you. These include: · A Statement of Applicability Template · Annex A Control Mapping · ISO 27001 Management Review Template [07:15] Step 5: Launch – It's not just about updating your documentation, you will obviously need to communicate these changes to the wider business. In this step we go over a few options for your launch plan – including guidance for both a soft launch and an all-in launch. To help you decide which one would be the best fit for you, we've included a full summary of each method in addition to a pro's and con's list for each. [08:30] Step 6: Engage – The last stages are all about gathering evidence of compliance against new and updated clauses and controls. In this step we provide some insight into what's required from your Internal Audits and Management Review ahead of your transition visit. If you wanted to get some more tips on carrying out internal Audits within your business – we also offer a full Internal Auditor course on the hub that covers the core skills needed to complete those. If you become a member of the hub, you'll get access to our whole library of resources – which includes a wealth of ISO related tools, templates and training videos. [09:20] Step 7: Review – This last step will help you prepare for the transition visit with your certification body. We touch on what you should expect from your Certification Body ahead of the transition visit, and include guidance on carrying out a final Document and evidence check to make sure you're all good to go. If you'd like to book a demo for the isologyhub, simply contact us and we'd be happy to give you a tour. We'd love to hear your views and comments about the ISO Show, here's how: ● Share the ISO Show on Twitter or Linkedin ● Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List
Last week we gave you an introduction to ISO 20000, the Service Management Standard. As a refresher, the aim of the standard is to provide a framework for an effective end-to-end service management system which encompasses the entire lifecycle of a service from concept and design, through to service removal and end-of-life. It's best adopted by businesses who provide a service, particularly those that operate a help / service desk system. For some this may still seem a bit nebulous, especially for those that may not be familiar with Service Management terminology. To help demystify this Standard, we've brought Steve back to take a deeper dive into what makes this Standard unique. Join Steve Mason and Mel in this weeks' episode as they explore Clauses 7 and 8 of ISO 20000 in more detail, and how certain aspects can apply to any business. You'll learn ● What is ISO 20000? ● What is included in Clause 8 of ISO 20000? ● How can ISO 20000 apply to any business? Resources ● isologyhub ● ISO 20000 In this episode, we talk about: [00:43] What is ISO 20000? Go back and listen to our previous episode to learn what ISO 20000 is, a brief overview of the key clauses and the benefits of adopting the Service Management Standard. [02:00] A recap of the main requirements of the Standard: · 4.0 Context of the Organisation · 5.0 Leadership · 6.0 Planning · 7.0 Support of Service Management System · 8.0 Operation of the Service Management System · 9.0 Performance Evaluation · 10.0 Improvement Clauses 7 and 8 are where the main differences lie between this Standard and others. It includes requirements for aspects such as: · Service Portfolio · Relationship Agreements · Supply and Demand · Service Design and Transition · Resolution and Fulfilment [03:15] Similarities with other ISO Standards – Ultimately, this standard in terms of the structure, it looks like any other ISO standard, i.e. we've got context of the organisation, leadership, Planning, performance Evaluation and improvement. These will be familiar if you've worked with ISO 9001, ISO 14001 or ISO 27001. [04:05] Clause 7 – Support of Service Management System: This is where we're really looking at the competency awareness communications and documented information required by the standard. In 7.5 there is a really useful list of all the documented information that's required in the management system – one that we wish was included in every ISO Standard! That required documented information doesn't have to be in writing, it could be on computer or established system. Another key aspect of Clause 7 is Knowledge – this is about ensuring all knowledge is documented and sharable and not just stuck in people's heads. For Service Management, this may involve the creation of a customer portfolio where you can record any incidents that occur during a service call, and how you dealt with it ect. Competence is also another major component – Make sure people are competent to do their job, i.e. they've been trained to do things properly and effectively. [06:40] Different ways of knowledge sharing – Knowledge sharing doesn't just have to be written down – it could be done via a recorded video. We use Loom a lot at Blackmores to get things across quickly. There are also a number of service desk tools available that can help you put together process flow diagrams to make things easier to understand. [08:15] Clause 8 – Operation of the Service Management System: Before you do any sort of service management, you need to plan it properly – otherwise, if you fail to plan, you'll plan to fail. First you need to understand what resources you have, what activities there are in the service management to deliver that service to the customer and ensure that they're coordinated. A top tip from Steve: Separate resources into five groups: people, technology, information, finance and service partners. [09:55] Planning your Service – Now you understand what you're trying to deliver, it's time to plan your service. First you want to take a look at the flow of the service through the organisation. Which departments does it go into? Is there good connection between departments? Can you ensure that a customer's order is going to stay the same through the whole process, you wouldn't want possibilities for miscommunication to occur. We'd recommend drawing up a flow diagram for this process – just so you can clearly see who is doing and communicating what at any stage. [11:20] Getting Operations in order – once you understand what the process is, you need to begin to control and involve the interested parties within the life cycle of your process. This isn't just the customer; this also includes confirming what services you're actually delivering – as you'll be looking to improve these services as time goes on. You also need to consider the whole service life cycle. This includes things like if a customer wants to move to a different service – how would you deal with that? Have you got a process in place to handle the return of customer assets if they disengage from your services? [12:30] Service Level Agreements: It's a good idea to establish Service Level Agreements and Delivery Level Agreements early on. This is so you typically know what you are going to be delivering to a customer and how quickly can you deliver it and ensure the whole process is sustainable as well. This will also clarify key accountabilities for everyone involved with delivering a specific service. Clearly defined services – Finally, it also provides a clearly defined service for Salespeople. This avoids the situation where they simply sell what they think sounds good but isn't backed up by any resources to actually deliver the service they sold. You need to have a clear strategy that sales can use and go out and sell – this may be referred to as a Service Catalogue. [15:18] A Service Catalogue in action - In Blackmores case, our Service Catalogue is online on our website. We have all the ISO Standards we can assist with listed, in addition to a description of how we can help companies implement an applicable Management System. You don't have to have all your prices listed out at that stage, that can come later when you have a full view of the customer requirements and agreements are made. [18:20] Asset Management - In 8.2 there is a consideration for Asset Management on your side. You should take care of any assets relating to the customer, where it's stored and how it's being looked after. Standards such as ISO 27001 (Information Security) and ISO 55001 (Asset Management) already have some considerations for this. [19:05] Configuration Management - Configuration management is understanding how the parts of the service fit, so you don't disassociate them from each other. The Standard asks you to identify what's known as CIS, these are configuration items, and these are all the things that you need to deliver your service. We'll dig more into this aspect in future content – so keep an eye out! [20:40] A final top tip from Steve: Collaboration and communication that involves leadership. If you just devolve it down to parties doing the work and just get them to work in silo, it will not work for you. It's a collaborative standard – both inside and outside of the business. [21:20] Resources available - We've got a number of ISO 20000 related resources available on the islogyhub – contact us to learn more! We'd love to hear your views and comments about the ISO Show, here's how: ● Share the ISO Show on Twitter or Linkedin ● Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List
ISO 9001 Certification: 5 Key Questions Every Boss Should Learn
Want to meet the 13485 ISO standard within a month? It is possible with the right support from experienced professionals. Learn the hook steps here! https://www.quality-assurance.com/blog/the-steps-required-in-order-to-get-iso-13485-certified-in-30-days.html
Play audio-only episode | Play video episode Click above to play either the audio-only episode or video episode in a new window. In this episode, we're taking an insightful journey into the world of project management standards. As you might have experienced, the recent shift of the ANSI standard from a process-based to a principles-based model has left a gap in practical project management guidance. Thankfully, the ISO 21502 standard is here to fill that void, albeit, at just 42 pages, it could use a little more depth. Enter 'Inside the BlackBox Project Management,' an enlightening resource by Bill Dannenmaier that complements the ISO standard with real-world project management experience. Bill joins us today to discuss key principles, real-world scenarios, the ISO 21502 standard, pre-project planning, earned schedule, and much more.
Let's talk about digital identity with Oscar Santolalla, Ann Cavoukian and Katryna Dow. In this latest episode within the Identity Story Series, Ann Cavoukian, creator of Privacy by Design and Katryna Dow, CEO at Meeco, join Oscar to explore the road to becoming ISO 31700 for Privacy by Design. They discuss the importance of Privacy by Design and how it can help organisations protect their customers' personal data and comply with data protection regulations and the impact of Privacy by Design becoming an ISO Standard. [Transcript below] “If you don't have a strong foundation of security from end to end with full lifecycle protection, you're not going to have any privacy.” ~ Ann Cavoukian Dr Ann Cavoukian is recognised as one of the world's leading privacy experts. Dr Cavoukian served an unprecedented three terms as the Information & Privacy Commissioner of Ontario, Canada. There she created Privacy by Design, a framework that seeks to proactively embed privacy into the design specifications of information technologies, networked infrastructure and business practices, thereby achieving the strongest protection possible. In 2010, International Privacy Regulators unanimously passed a Resolution recognising Privacy by Design as an International Standard. Since then, PbD has been translated into 40 languages! In 2018, PbD was included in a sweeping new law in the EU: the General Data Protection Regulation. Dr Cavoukian is now the Executive Director of the Global Privacy & Security by Design Centre. She is also a Senior Fellow of the Ted Rogers Leadership Centre at Ryerson University, and a Faculty Fellow of the Centre for Law, Science & Innovation at the Sandra Day O'Connor College of Law at Arizona State University. Listen to Episode 73, where Ann joined the podcast to discuss Privacy by Design, and connect with Ann on LinkedIn. “One of the really challenging things about privacy and security is if you don't bake it in at the lower layers, if you don't build that foundation, it's really hard to go back and put it into a product or service afterwards.” ~ Katryna Dow Katryna Dow is the founder and CEO of Meeco; a personal data & distributed ledger platform that enables people to securely exchange data via the API-of-Me with the people and organisations they trust. Katryna has been pioneering personal data rights since 2002, when she envisioned a time when personal sovereignty, identity and contextual privacy would be as important as being connected. Now within the context of GDPR and Open Banking, distributed ledger, cloud, AI and IoT have converged to make Meeco both possible and necessary. Find out more about Meeco at meeco.me. For the past three years, Katryna has been named as one of the Top 100 Identity Influencers. She is the co-author of the blockchain identity paper ‘Immutable Me' and co-author/co-architect of Meeco's distributed ledger solution and technical White Paper on Zero Knowledge Proofs for Access, Control, Delegation and Consent of Identity and Personal Data. Katryna speaks globally on digital rights, privacy and data innovation. Listen to Episode 30, where Katryna joined the podcast to discuss Data minimisation, and connect with Katryna on LinkedIn. Go to our YouTube to watch the video transcript for episode 89. We'll be continuing this conversation on Twitter using #LTADI – join us @ubisecure! Podcast transcript Let's Talk About Digital Identity, the podcast connecting identity and business. I am your host, Oscar Santolalla. Oscar Santolalla: Today we're happy to bring you a new episode of our Identity Stories Series. Privacy by Design has just become an ISO standard, which we want to celebrate, so let's go back in time and hear moments of this journey. Let's first hear from Privacy by Design's creator herself, Dr Ann Cavoukian. She is recognised as one of the world's leading privacy experts and she served an unprecedented three terms as the Information & ...
Dale learned a lot while editing this episode.She learned the board game ‘Spirit Island' is about spirits that protect an island, and she is pretty sure that this is the same premise as hit TV show ‘LOST'.She learns that CSS is not a programming language or a mark-up languageAnd she learns that CSS stands for Cascading Style SheetsShe learns that AAA games are easy (not sure why she struggles with them)That there are either wrong choices in skill trees OR it never really matteredAnd that Stephen wants to fight everyone on DiscordGood luck anyone who isn't a McGregor!Stephen is playing Spirit Island - Board Game GeekRa Ra Boom Trailer (from Max who schedules our interviewsTwin Cities Playtest is the 3rd Wednesday of the Month - EventbriteTwin Cities Playtest is also on YouTube - IGDA Twin Cities, YouTube CSS 9:47 Mark LaCroixProgrammingIn this discussion Ellen mentioned accessibility standards for web contentWCAG (Web Content Accessibility Guidelines) - WikipediaMark asked if there is an ISO Standard for this, and there is! ISO 40500:2012There is also one for UI: ISO 30071-1Mark mentions that you should look up the 'Blink' tag, but Dale already did it for you, here.Unity Style Sheet (USS) - UnityThere is a USS Unity in Star TrekAnd Stephen mentions the Div-Div Crow, based on this webcomic. Skill Trees 46:38 Stephen McGregorGame Design
Team SecurityLAH introduces a series of podcast on international standards around cyber security. This is a year long series, with each episode airing beginning of the month.In this episode, team #securityLah explains the standard structure and how one "reads" the standard.
Currently, there are around 1,077,884 valid ISO 9001 certificates globally – which beats the second runner ISO 14001 by over 600,000! There is no doubt that the Quality Management Standard, ISO 9001, is still the most widely adopted ISO Standard – and for good reason! ISO 9001 is basically a model for running a successful and profitable business. It provides a common framework for things that all businesses should have in place, including defining your companies unique ‘way of working'. In addition to being a blueprint for a business's operation, there are many other benefits to be gained from implementing ISO 9001. Today, Mel explains a few of these benefits in greater detail. You'll learn What is ISO 9001? Why Implement ISO 9001? The benefits of ISO 9001 Resources What is ISO 9001? Isologyhub In this episode, we talk about: [00:30] Why talk about ISO 9001 benefits? Often times, Mel gets asked for benefits of ISO 9001 so a business case can be put forward. [01:00] What is ISO 9001? For a detailed break down of the Standard, go back and watch ‘Episode 36 – What is ISO 9001?' [01:45] For those that have Implemented ISO 9001, what are the benefits? We'd love to hear from you! If you have some stories to share – feel free to leave a comment on which ever media player you're listening on – or email us. We'd love to share some of your experiences in a future episode. [02:09] Benefit #1: Win new business – From a sales and marketing perspective, ISO 9001 is essentially a passport to trade. It demonstrates credibility to Stakeholders as it's a mark of quality. [02:55] Benefit #2: A framework that can fit any business – This can be for any industry sector and business size. It helps businesses figure out what is working well and what's not working so well. [03:10] Benefit #3: Identify opportunities for Improvement - It helps businesses figure out what is working well and what's not working so well. It can help identify issues such as: Bottlenecks in processes, resourcing and external factors. [04:05] ISO 9001 helps you to look at your business – warts and all. It does no one any good to bury their head in the sand and ignore issues, especially as Stakeholders and clients will see through this. [04:40] Benefit #4: Put quality controls in place to mitigate risk and raise your standards – If you have complaints or need to do a product recall – you need processes in place to handle this. ISO 9001 gives you the tools to do so, creating an effective framework everyone can follow. [05:40] Benefit #5: Improve efficiency – ISO 9001 helps you identify the best way of working and pushes you to optimise that. That could include eliminating aspects of you business that waste time, or create burdens. [06:05] Benefit #6: Creating a unique Blueprint – ISO 9001 isn't an out of the box solution – it can be tailored to your way of working. It helps to establish relevant Policies and Procedures that improve your business operations. [06:24] Benefit #7: Enhancing customer satisfaction and employee retention – Good quality business practices will inevitably help you to keep ahold of good clients – and good employees too! This can be achieved by having clear roles and responsibilities in addition to vision and goals for the business. [07:20] Benefit #8: Increase profitability – Businesses often look at the cost of poor quality – where is your business leaking money? Addressing those issues is a direct cost saving. [08:21] Businesses who have grown through acquisition often find ISO 9001 a great tool to help standardise their way of working, so they can easily integrate other businesses and services. We'd love to hear your views and comments about the ISO Show, here's how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List
We have over 17 years experience of implementing various ISO's – and we'd like to share some insight into our proven methodology. Our regular listeners may be familiar with the term ‘isology' from previous episodes where we've highlighted our online platform – the isologyhub. But what is isology exactly? Put simply, isology is our 7-step method for implementing any ISO Standard. Join Mel this week as she breaks down each of the 7 steps, including the planning, creation and review of an ISO Management System. You'll learn Our experience implementing ISO's The origin of isology What is isology? The seven steps of isology Resources isologyhub How to choose a Certification Body In this episode, we talk about: [00:31] An overview of isology – a methodology for implementing any ISO. Find out more over on the isologyhub [01:08] How the isology methodology was created – 17 years in the making with the help of our consultants. [01:33] A brief overview of the 7 Steps of isology [03:05] 1st Step - Plan: Get a copy of the Standard, determine your scope, timescales, leadership commitment, resources and selecting a Certification Body. Some choose to implement the system but leave out the badge. There are ISO's that aren't certifiable but good to have i.e. ISO 20400 Sustainable Procurement. [05:38] 2nd Step – Discover: Time to understand what you have in place already and what you're missing – this is done through a Gap Analysis. [06:35] 3rd Step - Expose: This is where we look at risks and opportunities related to your desired Standard (both internally and externally). This is typically done through a SWOT and PESTLE. A Risk Register may be created to capture the findings to be addressed later. Companies are also encouraged to create a Legal Register to keep track of all their statutory, regulatory and contractual requirements. [08:41] 4th Step - Create: Time to review the requirements of the Standard in terms of documentation – and create what's needed. This includes capturing your way of working with documented Procedures – make sure you have the relevant staff involved in their creation. [10:05] 5th Step - Launch: Once the Management System has found it's home (usually an intranet or SharePoint) – you need to communicate it. Consider the type of launch you want and who will be involved. Make sure you encourage engagement with the Management System. [11:18] 6th Step - Engage: There's little point in having a Management System if people don't know about it or have little interest in it. You should train your staff on the Management system, so that they are aware of your policies and procedures and where to find key documents. You must verify compliance through Internal Audits – this is a requirement of any ISO Standard. [13:09] 7th Step - Review: Time to take a step back and look at what's been achieved and what's been highlighted as areas for improvement through your Internal Audits. There's a set list of criteria in each ISO Standard to help you plan an agenda for the Review. We'd love to hear your views and comments about the ISO Show, here's how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List
Adam Firestone is our featured guest for Episode 78 of Underserved. A recovering attorney and platoon leader, Adam believes as Robert Heinlein does: Humans are not meant for specialization. We should be capable in many realms. In Adam's professional life, this means understanding security holistically, architecture natively, and cryptography as a tool, not an end in and of itself. We discuss first aid as a hobby, foiling the magic cookie thieves, and the BFJT. Adam on LinkedIn: https://www.linkedin.com/in/adamfirestone/ CyLogic: http://www.cylogic.com/ Benzi Box: https://www.facebook.com/480735395379220/posts/pfbid026d2JX6hC3oRXJiSTbVtGquwRyqee6zY6pcebtrmNnFBmkHpwv2F4zAPbAYtooTzml/ Tanks and Searchlights: https://www.quora.com/US-Army-tanks-seem-to-have-a-large-spotlight-on-the-turret-What-is-this/answer/Michael-D-Settles?ch=15&oid=75963238&share=7d19973b&srid=up2jTh&target_type=answer Culinary Happiness: https://suebeehomemaker.com/pan-seared-sea-bass/ ISO Standard for Systems Engineering: https://en.m.wikipedia.org/wiki/ISO/IEC_15288
The work doesn't stop once you get ISO certified, there is a requirement to complete an annual surveillance audit to ensure your Management System continues to meet the requirements of the standard(s). Surveillance audits must be carried out by a Certification Body, during which they will typically look at your Management Review, your preventative and corrective actions process, Internal auditing process and the implementation of any recommendations that have come out of an Internal audit. Today, Mel explains how you can prepare for a Surveillance audit and gives examples of some key considerations ahead of the Auditor arriving on site. You'll learn What is a Surveillance Audit? Why there is a requirement for an annual surveillance audit What you need to prepare ahead of a surveillance audit Resources isology Hub Blackmores ISO Support What to expect during your first ISO Assessment In this episode, we talk about: [00:59] A description of a Surveillance Audit [01:30] The purpose of a Surveillance Audit – Ensuring your Management System meets ISO Standard requirements and as an opportunity to demonstrate continual improvement [02:40] There is no right or wrong way to prepare for a Surveillance Audit – but the following tips will be applicable regardless of the standard your certified to [03:30] Tip 1: Check that you have an Agenda for the visit – This should be provided at the end of your last report from the Certification Body [04:25] A brief overview of how the certification cycle works – A 3 year plan is usually provided to you by your Certification Body [05:50] Ensure that you go ahead with a UKAS accredited Certification Body [06:18] Tip 2: Confirm locations – make sure you know where the auditor is being sent and to prepare staff on site about the impending visit. This can also allow you to book out time for specific people that may be required during the audit [07:10] Tip 3: Ensure you book out time for any required key members of staff – it is also advised that you book out a meeting room for the day [08:45] Be prepared for the Auditor to walk around your site – Especially if they're assessing ISO 45001 (Health and Safety) and ISO 27001 (Information Security) [09:40] Double check if the auditor visit is on-site or remote [10:30] Tip 4 – Check that you have all the relevant Management System records in place – and that they're up-to-date [10:50] Examples of what documentation the Auditor will typically look at [13:00] Tip 5 – Make sure you've closed out any opportunities for improvement and non-conformities from your last internal audit [14:30] Tip 6 – Check if there have been any changes to your business that may effect the scope of certification i.e. New products or services with no controls in place yet or a new site [16:00] Tip 6: Confirm the auditor's visit and check if they have any accessibility or dietary needs. [16:30] Tip 7: Warn any relevant reception / security staff about the visit so they know to expect the auditor. Ensure they go through any of your typical security procedures i.e. getting an access card, signing visitor book ect [17:42] Tip 8: Send an email to all staff to remind them about the surveillance visit – good to do this a day or two ahead of the visit [19:45] Tip 9: Do a floor walk – Ensure that any of the physical controls you have in place are working as intended We'd love to hear your views and comments about the ISO Show, here's how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List
5 Steps to revamp your Management System Has your Management System been left to collect dust? Hidden away so that no one except a select few can access and update it ahead of Surveillance Audits. If this sounds familiar, then it's time to revamp your Management System to ensure it's incorporated with your core vision and values and encourages engagement from employees on all levels. Today, Mel takes you through 5 steps that will help to rejuvenate your Management System, including key content considerations, the design and alignment with your company culture. You'll learn How to identify what's essential for your Management System How you can incorporate your Unique way of Working How to take a collaborative approach to revamping your Management System Key considerations for the look, feel and accessibility of your Management System How to align your Management System with your company culture, strategy and goals Resources Need support with revamping your Management System? check out our ISO Support Plan Need guidance and support with ISO Standards? isologyhub In this episode, we talk about: [00:57] What is essential from an ISO perspective [01:22] How having too much in your Management System can lead to a lack of compliance [02:20] Remember – If an ISO Standard states ‘shall' – you must fulfill this requirement [02:55] How to establish what's essential to your business – including your way of working [03:53] Different ways you can add value to your Management System [05:25] An example of how Blackmores have added value with our Client Success Journey [07:15] Why collaboration is so important when revamping your Management system [08:52] How a Quality Circle can assist with a collaborative approach [10:15] How you can align your company culture, strategy, values and goals within the Management System [11:32] Why it's important to share the Management system and any related updates [12:38] Key considerations for the look, feel and accessibility of the Management System [14:05] Examples of different ways you can display and share your Management System [15:36] Consider how easy your Management System is to access and navigate [17:12] Consider different methods of communicating the Management System – i.e. Audio, video, visual, flowcharts ect Just a reminder, we're offering 6 months free access to the isologyhub for anyone who signs up to an ISO Support Plan! We'd love to hear your views and comments about the ISO Show, here's how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List
It's not uncommon to see a businesses Management System left to collect dust, either because it's not fit for purpose or simply a carbon copy of an ISO Standard. Sound familiar? Do you think your business and your employees deserve better? Your ISO Management System should represent your businesses way of saying – “This is what we stand for, this is our vision, values and processes.” Today, Mel explains why it's so vital to ensure your Management System is fit for purpose, and give some examples of where you can add value and reduce risk. You'll learn Pitfalls of an archaic Management System Why you should consider revamping your Management System How you can update your Management System Guidance on what should be included in a Business Management System Examples of what could add value or reduce risk for your Management System How you can update the look and feel of a Management System Resources Need support with revamping your Management System? check out our ISO Support Plan Need guidance and support with ISO Standards? isologyhub In this episode, we talk about: [01:03] Examples of poor quality Management Systems Mel's come across [02:19] The importance of having a bespoke Management System [03:33] How out-of-date Management Systems can be detrimental [04:40] Latest offering: A free Management System review and consultation – Simply contact us [05:05] Why it's important to continually update your Management System [06:25] How initiatives / functions can get overlooked if they're not referenced in your Management System [07:38] Guidance on what should be included within your Management System to add value and reduce risk [08:01] Examples of how a Social Media Policy / Process could be included and how it adds value [09:45] How we at Blackmores follow our Social Media Process, record results and use the captured data [11:10] How you can add risk mitigation to your Management System [12:35] Other reasons why your Management System may be ready for a revamp [13:10] Guidance on how you can improve the look and feel of your Management System We'd love to hear your views and comments about the ISO Show, here's how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List
Photo: Post-1982 Japanese exit sign ("running man") designed by Yukio Ota in 1979. ISO Standard (1987) sign in parts of Asia-Pacific, Europe, and the Americas; actual implementations vary slightly #Ukraine: Search for an exit. Katrina vanden Heuvel, @KatrinaNation @TheNation https://www.washingtonpost.com/opinions/?itid=hp_top_nav_opinions
During this podcast we hear from Organisational Psychologist, Frank O'Connor, who played a major part in the development of the standard, and registered psychologist, Naomi Armitage. We learn about ISO 45003 and unpack this standard to better understand and manage how psychological health and safety can be improved within a working environment. Frank & Naomi's Highlights2:45 - Identifying a Psychosocial Hazard3:55 - Why the ISO Standard was Developed6.48 - How Boards and Executives Should Look at Managing Psychological Safety Risk 9.05 - How the Standard was Developed11.44 - How the Standard will Assist Organisations in Responding to Managing Psychosocial Risks 14.04 - The Challenges and most Efficient ways to Implement the Standard19.00 - The Three Things Organisations Could Do Tomorrow to Start to Work Through the Standard22.30 - The Key Factors that will Lead to the Successful Management of Psychological Health and Safety at Work24.05 - The Benefits of Creating a Psychologically Safe Organisation 25.12 - What do Organisations who are Successful at Managing Psychosocial Risks Look Like? Identifying a Psychosocial Hazard Psychosocial hazards are things that reduce or decrease the mental healthiness of workers (or managers). In a work environment, you must look at the things that make you feel better about what you are doing. Focussing your thoughts to question what you do and whether you are doing a good job can impact your mental health. Identifying these psychosocial hazards and finding ways to manage them are crucial to any workplace. Why the ISO Standard was DevelopedWork capacity loss of more than 4% of GDP is caused by burnout, stress, depression, and other psychosocial sources. Depression is a major health problem which already exists in the workplace. This standard was developed as guidance in the mental and psychological space because health and safety has tended to be physical. How Boards and Executives Should Look at Managing Psychological Safety RiskCompanies are already expressing interest. Some have made a good start. Queries are coming through from others. A systematic approach will be adapted to suit different situations as boards invest more into how they can successfully manage and improve psychological health and safety in the workplace. How the Standard was DevelopedStandards have grown in the different countries that are interested in them. As a timeline, the standard was proposed in June of 2018 and development was approved in August of 2018. Drafting of the standard started in January 2020 and finished in January 2021. It was published by the 8th of June 2021. The ISO 45003 is the work of hundreds of people in industry and academia, including the input of many Australians.How the Standard will Assist Organisations in Responding to Managing Psychosocial Risks Brings an organisational focus into managing psychosocial risks — it was predominately individually focussed. Feeds innovation - adaptation gets better because collaboration is easy where friction is lower. Working well together means thinking well together. ISO 45 003 gives examples and principles, but it doesn't give solutions. It depends on the risk to the particular people and the work situation. Just like the risk of flooding at work depends of where you are and what work is done. The Challenges and most Efficient ways to Implement the StandardThe most efficient way to implement the standard is by taking a systematic Approach: work through the standard and see what the company is already succeeding in, then identify any high-priority gaps. One of the main challenges of using the standard is that it could become a compliance exercise. At present, companies are light on the first step of hazard identification as they don't know what to look for or what the common ones are. The standard helps here.The Three Things Organisations Could Do Tomorrow to Start to Work Through the Standard Look at Section 6 of ISO 45003. Have a look at the list of hazards and ask: “What are we doing around here that already does something about this?” You want to hang on to the things you are doing well. Learn what the likely hazards are and find the courage to do something about it if you find some that matter at your workplaces. Fatigue and sleep quality should be discussed more openly – they matter in most workplaces, and improvements can be quickly made. The Key Factors that will Lead to the Successful Management of Psychological Health and Safety at WorkPut psychological health under a safety lens. Treat it like any other physical hazard in your work environment. Look at what enables better decisions. How can your leaders facilitate action that improves psychological safety along with creating an environment where people feel safe to speak up about something that's doing harm?The Benefits of Creating a Psychologically Safe OrganisationOne of the major benefits of creating a psychologically safe organisation is the high collaboration and business improvement processes it requires. By creating a psychologically safe organisation, you allow employees to feel more valued at work. What do Organisations who are Successful at Managing Psychosocial Risks Look Like? Large-scale organisations are curious, and they like to try things out. They are measuring and where it is working and considering where it could be working better. To measure this, we look at standard safety metrics and productivity returns from harm prevented. Despite taking a while to implement, moving towards a mental incident measure will ensure we are focussing on the good side, just as it has with firms who are now used to counting days without time lost to physical injuries.Resources:Indicator Tool for the UK Health & Safety Executive (HSE) Management Standards, which predate ISO 45003 by some 15 years. https://www.hse.gov.uk/stress/standards/index.htm
In this episode, we speak with AAMVA's Mike McCaskill and Loffie Jordaan about the newly approved and published ISO/IEC 18013-5 International standard: Personal Identification - Mobile Driver's License (mDL). Publication clears the way for global ID and driver's license issuers to confidently deploy mDL solutions, and for verifiers around the world to implement or adopt mDL readers. Host: Ian Grossman Producer: Claire Jeffrey & Chelsey Hadwin Music: Gibson Arthur This episode is brought to you by VINsmart. Need help with your recall campaigns? DMVs, government agencies, and fleet owners can learn more by visiting www.VINsmart.com/for-Businesses or call 1-888-950-9550.
ISO 9001 Certification: 5 Key Questions Every Boss Should Learn
ISO standards demonstrate your business's credibility to the stakeholders. Read this blog to know how to get your company accredited with one. To read more visit: https://www.quality-assurance.com/blog/guide-on-how-to-get-your-company-accredited-with-iso-standards.html
ISO 9001 Certification: 5 Key Questions Every Boss Should Learn
If you own a medical device manufacturing enterprise and do not know what the standard for medical device quality management is, here this blog explains it for you. To read more visit: https://www.quality-assurance.com/blog/what-is-the-iso-standard-for-medical-devices-heres-what-you-should-know.html
ISO standards help you with making a product, managing a process, delivering a service or supplying materials – ISO standards cover a huge range of activities. ISO stands for International Organization for Standardization. Mel Blackmore teaches us about how to use these ISO standards to scale your business and the ways it can elevate your business to make a smoother work process with your own values as priority. Listen to Episode 126 of Small Business Talk for the full details. See omnystudio.com/listener for privacy information.
The aim of this episode is to have a clear plan for your ISO System for Success – from choosing the ISO Standard, to branding and establishing a place where everyone can access the system – so that you can move onto creating your ISO System. You'll learn about: Setting your expectations Deciding which ISO standard(s) and scope Getting leadership buy-in Resourcing Choosing a certification body Creating a Project Plan Deciding on branding of your ISO system Establishing a ‘home' for your system Creating a Communications Plan Identifying your current level of compliance Set your expectations Clarify why you want to achieve an ISO certification Identify what you've already got in place Decide on your goals for the set time Shortlist which ISO Standard (s) to implement Decide whether ISO Certification is the right choice Decide which ISO Standard(s) and scope Research your standards options Identify what your stakeholders are seeking reassurance for Brainstorm where your operational weaknesses are Where do you need to raise standards within your business? What would be beneficial from a Sales and Marketing perspective? Establish the scope of your system Decide what your scope of certification will be Get leadership buy-in Validate your ISO initiative Present the benefits and ROI Establish timescales and resources Resourcing Establish project sponsor Establish a project lead Establish your ISO Champions Consider getting assistance i.e., at isologyhub.com Choosing a Certification body Get quotes from an accredited Certification body Review the costs of certification over the 3 years your certificate is valid. Check if the Certification body has experience in your sector for the standard you are interested in. Create a Project Plan Establish roles, responsibilities, accountabilities Establish Project milestones Decide on timescales for project milestones Identify key dependencies Decide on the branding of your ISO system Decide how you want to position your system within the company Choose a name for your system Choose your system branding Establish a ‘home' for your system Where will your system live? Identify how employees will access the system Decide if the system is to be integrated with other systems Determine how you would like employees to get the most from the system Create a Communications Plan Establish what you are going to communicate, when, how, and with whom Brainstorm ideas for your Launch Start to consider the communication of your success once your company has achieved certification. Identify your current level of compliance Purchase a copy of the ISO Standard Review your company policies and procedures against the requirements of the standard Create an Action Plan with responsibilities and timelines for the completion of tasks. Hopefully, that's helped understand what's involved at the planning stage of introducing an EMS. If you would like any help implementing ISO 14001, then make sure to sign up to the isology hub waitlist! This is going to be a game-changer in the ISO standards field, which is why we won the support of the UK government through their sustainable innovation grant. All the resources that you need on ISO 14001 will be available on www.isologyhub.com. So, click on the link to join the waitlist to be notified of when you can get access to our online membership portal. It is the go-to place for all things ISO. We've got video tutorials, check sheets, quick wins, eLearning courses, and just about everything you need to create, launch and build your ISO system for success. Don't forget to download your FREE ISO standards blueprint here to get your EMS kick started!
In this episode of OEM Industry Update, we speak with Jeff Moredock, Chair, ISO TC-82 Mining Working Group 9 and SVP at Sy-Klone International, about a new ISO standard being developed for cab air quality. ISO 23875 is designed to protect machine operators from harmful, respirable particulate found outside the equipment cab in mining environments. Learn more about your ad choices. Visit megaphone.fm/adchoices
To celebrate hitting 50 episodes, I wanted to bring to bring to you something a little extra special today. and that is ‘How to implement any ISO', but before we do, I'd just like to say a huge thank you to all our listeners. Keep sharing the ISO Love, and share this episode with anyone who is looking to take their business to the next level. In this episode I take you through 4 simple steps to implementing any ISO Standard. Understanding your business (I mean really understand your business – warts and all!) Create Share Engage When you break it down, the same ingredients apply to how you approach to implementing and ISO Standard. To celebrate hitting 50 episodes, I wanted to bring to bring to you something a little extra special today. and that is ‘How to implement any ISO', but before we do, I'd just like to say ……. Thank you, thank you, thank you – for listening in, and giving your time to listen to the ISO Show, I've loved recording the last 50 episodes with some amazing guests, and I really hope you've found them beneficial and taken away some great tips and insights into how other businesses have succeeded and how they've transformed their businesses with ISO Standards. So I hope you've enjoyed listening to them too, if you did please could leave a review and hit subscribe wherever you listen to your podcasts, because that that means that we can continue to inspire and educate others, and it also means we can keep getting epic guests on the show. I'd also like to give a quick shout out to Steph Churchman, our Communications Manager here at Blackmores, who has been my saviour in doing these recording – especially when we've had technical issues, and even lost guests midway through recording. She's been absolutely fabulous in making my vision for the ISO Show become a reality! So huge thank you Steph! You are a star! So, onto today's episode which is ‘How to implement any ISO Standard' – you may think, hey that's a bit of a bold statement, there are thousands of ISO Standards! Yep! But when you are implementing an ISO Standard to improve a business, there are a few secret ingredients, and I'm going to let you in on those today. But I don't just want to do that, I'm going to provide a free check-sheet on ‘How to implement any ISO Standard' which will be available to download from the show notes. I'm going to share with you our ISO Steps to Success – this is a proven methodology that, at we've refined over the last 14 years, and implemented for over 250 companies – 250 companies, in over 20 countries. Not only that – with a 100% success rate, yep, an awesome 100% success rate. So here's what we do # 1 Understanding the organisation You need to fully understand what your businesses biggest risks are but also establish where you most impactful opportunities are. Gap Analysis, Identify risks, opportunities, interested parties, - SWOT/PESTEL Understand legal requirements. – Statutory, regulatory and contractual requirements Finally – establish a clear SCOPE – what is your ISO Management system going to cover? It's only really when you've fully understood your organisation that you can create a roadmap to achieve success with where you are trying to get to. # 2 Creation Create the Management System policies, procedures and templates – long gone are the days of Quality Manual or worse still ISO Manual – you label it to suit your company brand, culture and vision. Give it some thought, as this will be the central point that you want employees to go back to I they need any guidance and support on their way of working. For the purposes of this podcast, I'll simply refer to the Standards terminology of ‘Management System'. So lets get down to the creation of your management system….. Top tip alert – where the standard says ‘shall' it is basically saying – don't bullshit me – you've got to god damn have this in your system or it will fail an assessment! So if the standard says' top Management SHALL establish, implement and maintain an environmental Policy – it means, DO IT! If the standard says ‘The organisation SHALL establish environmental objectives at relevant functions and levels – DO IT! The standard is there to HELP your business, and it is crystal clear in the ‘SHALL's' exactly what you need to do to achieve success. # 3 Sharing There is no point having an awesome ISO Management System sitting in a manual or buried in a server somewhere if no one knows about it, or they can't find it! You need to SHARE it with everyone, after all its been created for the organisation to succeed – to be more profitable, productive, reduce risk, be more sustainable – so everyone needs to be AWARE of the management system AND be empowered to take responsibility for it! There is no point in having an Information Security System in place, if know one knows what a security breach is in your business is or who to report it too! What's the point! So you need to have…. A Communications Plan – Internal Comms, External Comms – website, social, newsfeed. Awareness training (classroom or eLearning), recordings Make it accessible – not everyone may have access to a PC – think outside the box – how can you get your ‘Way of Working' to the workforce? – screens in meeting areas, virtual noticeboards. Themes – World Environment Day – Create a buzz, create energy and enthusiasm for getting involved and making a difference. You can use this either for the launch or for refresher sessions. # 4 - Engagement You need to get the company ‘Way of working' which are your policies and procedures, systems into the business DNA – be crystal clear on accountabilities and responsibilities. Engagement is so critical to making this a success…… If you are launching a new client onboarding process to improve the customer experience – make it clear, how the process works, what results you expect to see, how you are going to monitor the results, and who is going to make it happen! Get those responsible to own it and take pride in their achievements. Next, I know you may think you are wonderful, and I'm sure you are amazing, but in all honesty you can't successfully embed an ISO System on your own! In all businesses there are usually closet ISO Champions – just waiting to be asked to contribute – so why not encourage engagement? Why not Create a hub for Champions? – give them the tools and platform to make it happen! This isn't just about when you launch a new ISO System, but to demonstrate how you are continually raising standards! so let's say you have a Health and Safety System – ISO 45001 – Your H & S Champions could be championing the COVID-19 H & S Risk Assessments, controls and awareness for your employees across all area of your businesses. Having these champions, will make Management's life easier to communicate key issues and solutions, to create a better working environment and happier clients. Carrying out Internal Audits – So this another ‘Shall'. It is not optional, and this is where ISO Standards can get bad press, as a result of lazy or incompetent auditors (or worse still lazy and incompetent) just using it as a ‘tick-box' exercise. Use this opportunity to really engage with your workforce – this is such a value tool in the tool box if done in the right way – it helps you to understand an employees: Level of understanding Opinions and views of the process Opportunities for improvement Gauge level of compliance and readiness for the assessment. Engaging in the Leadership Team through Management Review So that's it in a nutshell, that's how you implement ANY ISO Standards. I'd love to hear what your top takeaways were on the show today, and share that with me, I absolutely love reading the reviews and suggestions. Don't forget to follow us on Linkedin. Also, ISO Show listeners will get a 10% discount on ISO Steps to Success, ISO Support Plans and ISO Elearning. Just quote ‘ISO Show' in your enquiry. ………before I go I just wanted to say thank you so, so much for being here and listening to the ISO Show, and showing up today – if you know anyone, colleagues, associates, friends in your life that would really benefit from having an awesome System in place to take their business to the next level – to be more efficient, sustainable and profitable then please share this episode with them. Thanks once again for listening, and I look forward to catching you on the next ISO Show…. Awesome resources ISO Steps to Success – Free consultation to discuss the feasibility of ISO for your business ISO Support Plan – Free health check on your ISO Management System ISO Elearning – Wide range of ISO Standards courses for just £50 per course. We'd love to hear your views and comments about the ISO Show, here's how: Share the ISO Show on twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud
Idea to Value - Creativity and Innovation with Nick Skillicorn
In today's episode of the Idea to Value Podcast, we speak with Håkan Ozan, who has helped to draft the recent ISO Standard on Innovation Management. See the full article at https://wp.me/p6pllj-1sL Topics covered in today's episode: 00:01:30 His start with innovation management systems 00:02:30 What is an innovation management system 00:07:30 The reaction from the community to the attempt to build a management standard for innovation 00:12:00 The next steps for the ISO Standard Links mentioned in today's episode: Hakan's Blog: http://hakanozan.net/ ISO Standard 56000: Innovation Management: https://www.iso.org/standard/69315.html Bonus: This episode was made possible by our premium innovation and creativity training. Take your innovation and creativity capabilities to the next level by investing in yourself now, at https://www.ideatovalue.com/all-access-pass-insider-secrets/ * Subscribe on iTunes to the Idea to Value Podcast: https://itunes.apple.com/gb/podcast/idea-to-value-creativity-innovation/id1199964981?mt=2 * Subscribe on Spotify to the Idea to Value Podcast: https://open.spotify.com/show/4x1kANUSv7UJoCJ8GavUrN * Subscribe on Stitcher to the Idea to Value Podcast: http://www.stitcher.com/s?fid=129437&refid=stpr * Subscribe on Google Podcasts to the Idea to Value Podcast: https://podcasts.google.com/?feed=aHR0cHM6Ly9pZGVhdG92YWx1ZS5saWJzeW4uY29tL3Jzcw Want to rapidly validate new ideas and innovative products and GROW your online business? These are the tools I actually use to run my online businesses (and you can too): * The best email management and campaigns system: ActiveCampaign (Free Trial) http://www.activecampaign.com/?_r=M17NLG2X * Best value web hosting: BlueHost WordPress http://www.activecampaign.com/?_r=M17NLG2X * Landing pages, Sales Pages and Lead collection: LeadPages (Free Trial) http://leadpages.pxf.io/c/1385771/390538/5673 * Sharing & List building: Sumo (Free) https://sumo.com/?src=partner_ideatovalue * Payments, Shopping Cart, affiliate management and Upsell generator: ThriveCart https://improvides--checkout.thrivecart.com/thrivecart-standard-account/ * Video Webinars for sales: WebinarJam and Everwebinar ($1 Trial) https://nickskillicorn.krtra.com/t/lwIBaKzMP1oQ * Membership for protecting content: Membermouse (Free Trial) http://affiliates.membermouse.com/idevaffiliate.php?id=735 * eLearning System for students: WP Courseware https://flyplugins.com/?fly=293 * Video Editing: Techsmith Camtasia http://techsmith.z6rjha.net/vvGPv I have used all of the above products myself to build IdeatoValue and Improvides, which is why I can confidently recommend them. I may also receive affiliate payments for any business I bring to them using the links above. Copyright https://www.ideatovalue.com
We often get asked which is the best ISO Standard to go for and what are the benefits. In this week's ISO Show we highlight the top 5 from the Annual ISO survey published by the International Standards Organisation.
In this episode of the Managing Uncertainty Podcast, Bryghtpath Principal & Chief Executive Bryan Strawser along with Consultant Bray Wheeler, discuss roles and responsibilities in a business continuity program. Topics discussed include ISO 22301, Business Continuity Governance, roles and responsibilities, executive sponsors, program managers, program management, business continuity leadership, boards of directors, and many more. Related Episodes & Blog Posts Blog Post: 8 Things to consider when choosing a business continuity consultant Blog Post: Using ISO 22301 to evaluate your business continuity program Blog Post: Why invest in business continuity? Blog Post: A look at the new ISO 22317 Standard for Business Impact Analysis (BIA) Blog Post: Rethinking Business Continuity - Applying ISO 22301 to improve resiliency, managing risk, and drive profitability in your organization Blog Post: Presentation - A program management approach for business continuity management Episode Transcript Bryan Strawser: Hello and welcome to the Managing Uncertainty Podcast. This is Bryan Strawser, principal and chief executive here at Bryghtpath. Bray Wheeler: And this is Bray Wheeler consultant here at Bryghtpath. Bryan Strawser: And for today's episode we're going to talk a little bit about the roles and responsibilities within a business continuity program. Or if you want to use the ISO 22301 specific definition. We're going to talk about roles and responsibilities in a business continuity management system. Bray Wheeler: Fancy. Bryan Strawser: Very fancy. A BCMs. But business continuity program, like what are the roles inside of a business continuity program? Bray Wheeler: Well if we want to probably start at the kind of the very top, because we'll probably spend the least amount of time there is that kind of steering committee, kind of the overall kind of governance structure of the program and the process within the organization. Bryan Strawser: And I think we're going to dive more specifically into governance and a steering committee in a future episode. But when we're talking about a steering committee, we're really talking about an interdisciplinary group of leaders probably just below the executive level. But it depends on how your company's size and structure come into play. But it's a group of folks who, if you read the Standards definition right, their role is to make sure that the program is aligned to the strategic objectives of the organization and that the program is achieving its goals and objectives that had been outlined and approved through this governance process. So they're almost at the top. They're not at the executive level, but they could be in your organization, but they're really up here. You can't see me. I've got my hands up in the air. Bray Wheeler: They're taking the proverbial 50,000-foot view of- Bryan Strawser: That's right. Bray Wheeler: ... the program within the organization to make sure that it's not just some kind of sideshow or it's not minimized or that there is that connectivity throughout the organization. Bryan Strawser: And although we'll get into this in another episode as a deep dive. I think it is important to think about this is not just a proforma body that you're going to get in front of and give updates. It needs to be an actual governance body where there's good give and take. Where they're holding the program accountable to the goals and objectives of the program and ensuring that they're aligned against the direction of the company is going. What are the strategic objectives of your organization? Bray Wheeler: So it's not quite like the capital funds committee that you have to go present in front of that we've talked about in past podcasts where it's a thumbs up, thumbs down, Caesar kind of moment. It really is that, does this make sense? Tell me a little bit more about it. Giving that kind of different perspectives on ways that the program could evolve or change or meet. Bryan Strawser: I also think it's a place that takes your kind of intractable challenges that we've talked about related to business continuity and disaster recovery. Crisis management, perhaps if that's the way your governance structure is set up. But we often have this resource competition between, hey, I've got all these things the business says I need to have and then I've got all of these recovery strategies that sit in continuity or DR. I don't have the money to do all of them. So what is the prioritization of strategy here? Or another just more tactical example is the business impact analysis. Not everybody's going to have a high availability under one-hour recovery. There has to be some balancing of this across the organization and this might be the final arbiter of that based upon the various arguments put up by the business teams or the BC program. So we're going to get, we're going to get more into this in a future episode. But I think that's important to consider with this is if you really want to have an effective steering committee and not some kind of rubber stamp, a not challenge kind of situation. Bray Wheeler: Yeah. The next role kind of one layer down from that, that's probably a little bit more tactical within kind of the BC process. And I say tactical, very reserved, but it's more around kind of overseeing the day to day management kind of of the program itself. But it's also that kind of program sponsor has some decision making authority. Has some weight and some clout, within the organization in that role, in order to kind of be that person that can say you have to get this done. It's like it's not an option. Or to be able to describe that value. Or for the program kind of team to be able to go up to say, "Hey, we're, we're having challenges here. How do we need to address it?" And so kind of be that advocate for the program within the organization. Bryan Strawser: Yeah, you might call this the executive sponsor in your organization or the program sponsor, the Standard calls for it is the program sponsor. This is usually a senior executive or someone who reports into the C-suite. For example, in our former employer, this role was held jointly between the general counsel, which is where I reported into and the chief information officer, which is where the DR or technology continuity team reported into. They were the co-sponsors of this. They had equal responsibility from the CEO in terms of being the program sponsor and ensuring that the program was out to achieve its objectives and ensuring proper supervision of the two teams. Two teams, one dream, as we kind of refer to it. Bryan Strawser: But like there was one programmatic approach across two very different organizations and the program sponsors were the ones that not only just made sure that was aligned properly, but they also, I mean they were the connectivity to the executive committee and the board in that environment. But I also made sure that the right level of talent was in the leadership roles that actually oversaw and managed the program both in IT and in the legal department where we reported into. Bray Wheeler: What challenges have you seen or did you experience kind of observing that between kind of a co-sponsor rather than a single sponsor in there? Were there any? Bryan Strawser: I don't, well- Bray Wheeler: Or was it just culturally? Bryan Strawser: I think culturally that was just accepted in that environment. That actually is not what I inherited going into that role 10 years ago, well, 11 years ago now. What I inherited was a single sponsor and there was no connectivity at all on paper to the technology disaster recovery elements of the program. We had to bring that into a programmatic approach and then start to put more onus on the information technology team to accept responsibility for delivering, like, this is your box. Right. Continuity is our box. Bray Wheeler: Sure. Bryan Strawser: Program management is our box. Your job is to deliver these technology components. And so it took a few years to get that to be kind of accepted. And honestly, it did require a change in the level of talent that was leading my peer organization over in the technology environment. I don't think that's unusual though. I think we've seen even last year, you and I, on some consulting engagements where there wasn't a great relationship. Not only was there not a good relationship between leaders, business, and IT around continuity and disaster recovery. But also not good programmatic material in terms of framework, standards, policies, that at least put some governance authority or some expectations in play that these two functions needed to work together. Bray Wheeler: Yeah, it was almost, and not to pick on the organization, but it was, you get into situations where just because it's one line in a document or something like that somewhere, it's not enough. It's enough to cause trouble is what it ends up being is because all it does is kind of force a relationship that doesn't have anything else substantial behind it. So to your point, there is no policies or program documents or process components to this. There's nothing culturally or kind of organically set up for those things that kind of coexist and talk to each other. Except for a line or two somewhere in a document or two that says, "Hey, you do have connectivity. Make it work." Bryan Strawser: Yeah. I think where we see challenges with this beyond what we've talked about, is when just the program sponsor's just not engaged. Or the team, the business continuity program team, the BCMS team according to the Standard, wasn't engaging with the sponsor in a way that made for a very productive and healthy relationship like the Standard calls for, and what an organization will want. So I think that's where you see the breakdown here. Bryan Strawser: I do feel pretty strongly, it needs to be a member of top management, the way the Standard calls. You know, the senior leaders, executive-level leaders of an organization, it needs to be sponsored from there because it's that important. Otherwise, it gets lost in everything else. The program manager could be two or three levels down from that executive sponsor. But you need that executive sponsor's oomph, so to speak, to help make this important in your organization. Bray Wheeler: Because when it's important, it's very important. And everybody starts taking it seriously. But before the boom, as we call it or the- Bryan Strawser: Preboom. Bray Wheeler: ... leak or flu or whatever it is. Bryan Strawser: Whatever the bang is. Bray Wheeler: Nobody finds it inherently interesting necessarily. Because everybody's often running on their areas of the business. Bryan Strawser: Yeah. When you're left of the boom, sometimes there's just not a lot of interest in some of this. So, executive sponsor, I think you've outlined that. The next position we talk about is the program manager. And there are all kinds of titles for this. I mean you could be the manager, senior manager, director, VP of business continuity, or resilience or resiliency or I've seen all kinds of titles involving the word resilience lately. But what the Standard defines is a program manager who is responsible. They are the person responsible for the management, the day to day operations of a business continuity management program. And it's that simple. They own all of the operational responsibilities for making the program go round. Bryan Strawser: It doesn't mean they're doing all of the business continuity work. Bray Wheeler: No. Bryan Strawser: Their job is to manage and set programmatic expectations. And then manage to those expectations that they've established with their executive sponsor and with the steering committee. Not to write everyone's plan. Bray Wheeler: No. And I don't think we can emphasize that point enough. You especially having been in that role, a similar role. You're not writing a plan. Bryan Strawser: I didn't write anybody's plan. Bray Wheeler: No. And nor should that position because they're not best suited. And the reason is they're not best suited to be able to speak on behalf of that process or that teams or that function's kind of responsibilities and what needs to happen in order for them to from normal state to kind of secondary continuity state, to what's important. Bryan Strawser: Yeah. They're running the program. They're setting the programmatic expectations. Like it is this person's job to work with other stakeholders and say, "Here's the required content of a business continuity plan according to our program." But it's the business owners, it's the plan owners, which we'll talk about a moment, it's their job to take that guidance. They might be walked through it by the program manager or someone on the team. Bray Wheeler: They're a wise resource. Bryan Strawser: They're a wise resource, and they're accountable for the program. But the plan owner, the business owner is responsible for the plan. And so I think in new programs, this is something that gets struggled with a lot over, who's doing this, who's writing in the plan? Well, you are, but you're going to write it to the format using that I specify, the template that we've specified for the program and I'm going to help you get there. You're going to do it. Bray Wheeler: But you're going to do it. Bryan Strawser: Right. Bray Wheeler: So kind of those three positions that we outlined the kind of from steering committee to executive sponsor to kind of program manager, insert your business continuity slash resiliency, words of choice- Bryan Strawser: Insert your title here. Bray Wheeler: ... position. Those all have an organizational kind of programmatic view on the strategy of business continuity and the program of business continuity within the organization. Kind of this next role, I think we can even kind of parse it out just a little bit with some different nuances we've seen it play out in some different roles. But this is really, these are the people that are responsible for drafting, writing, reviewing- Bryan Strawser: Approving. Bray Wheeler: ... approving- Bryan Strawser: Attesting. Bray Wheeler: ... kind of, it's on the other half of the plan. It's the plan kind of creative team that has accountability and responsibility to that business process that needs to resume activity. Bryan Strawser: Right. So here we're talking about, well Standard just describes a business continuity planner as being a person who's responsible for using their knowledge of the business to create and maintain and exercise a business continuity plan. But when we work with clients, we like to break this into two roles. One is that you're dealing with a critical business process or a set of processes that are part of a team. That business leader, whatever level that team's organized at, that you're writing the plan to, they're the plan owner. They own the business, they, therefore, own the business continuity plan that supports and helps them work through disruption to that business. They're the one who ultimately approves the plan. We do require next level approval when we're creating systems. But in the end, they're the one that's directly responsible for the business continuity plan. Bryan Strawser: So we want to capture it in that way that they're the owner of the plan. And then if they have other folks involved, we might call them planners or plan designees. But they're the hands-on experts. At usually the lower level, their managers or some position like that. Coordinators. Where they're writing the plan and they're working with their boss, the plan owner, to make sure that this plan is right. But they likely do a lot of the day to day work on creating the plan. Bray Wheeler: They're likely the ones that are engaging with kind of the business continuity team or function to kind of get questions answered, to kind of walkthrough and review the details to make sure they're aligning within the broader organization. But yeah, to your point, they're the doers of- Bryan Strawser: They are the doers. Bray Wheeler: ... creating the plan and making sure that it's workable. Bryan Strawser: And as we said before, the program manager, again, they're doing this to a template and a process and a set of expectations that you have established as the program manager for the overall program. You're looking for that level of consistency in what they're doing. You're not the one going in and creating their plan for them. They're following this direction that you have hopefully put it in writing. And kind of going through with them what needs to be done. So those are the roles as I think we think about them, just programmatically. The steering committee, the program sponsor or executive sponsor. A business candidate program manager overseeing the day to day operations of the program. And then plan owners and planners or plan designees, whatever you want to call that. Bryan Strawser: I would point out too that although we were not going to go much into this, the ISO Standard also defines a role for what it calls top management. The senior-most management in an organization. And that role that they defined for them is essentially about being an example for the rest of the organization by demonstrating a visible commitment to the success and the goals and objectives of the business continuity management program, business continuity management system in the Standard. Bray Wheeler: Interesting. Bryan Strawser: Set the example. Bray Wheeler: Set the example. Bryan Strawser: Set the example. Yeah. When we do the maturity assessments that we do here at Bryghtpath, one of the factors that we're looking at in scoring is demonstration of that visible. Can you visibly see that there has been commitment from senior leaders to participate? It could be as simple as they're on their team call and the minutes of the team call reflect that they talked about the importance of business continuity. Or like next week the business continuity update cycle begins and I expect all of you to do X, Y, Z. Those are the kinds of things that the Standard looks for them to do. Bray Wheeler: Which is good because again, like we've talked about the kind of earlier in this podcast and we've talked on other podcasts. And not to minimize, because business continuity obviously is very important and can be very interesting and can be kind of fun mental problems to try and kind of work through how different things work. At the same time, it is not an everyday task within the organization. And so to have that reinforcement of it is important to do these things. It is important to talk about these things. It is important to have these things in place. And that's my expectation as a top leader is that these things are in place, that should boom happen we're not guessing. I want business back running as quickly as possible. And that should be everybody's expectation is let's get this thing back going. Bryan Strawser: So that's our take on the top roles or the, I'm sorry, that's our take on the roles and responsibilities in a business continuity management program. I think briefly it would be important to point out, some of these roles they're held by the fact that you're leading something else. Like if you're the leader of a critical business function or team, then you're going to be the plan owner for that plan. You're not raising your hand and volunteering. But there might be a choice involved in picking your steering committee members, your program sponsor. Or if you're managing that team, you might be picking your planners that are going to work on this for you. Bryan Strawser: And I think there's a couple of factors to keep in mind as you're choosing those folks. And the first one is you want to make sure that you're choosing people who understand that this is important. That they grasp that this is not a check the box kind of thing, that they need to be committed to doing this right and doing it effectively because it matters. It might not matter today, but at some point, the boom will happen and you're going to be right of that and now you're going to have to act and man, if your plan is not ready, that's a bad place to be. Bray Wheeler: A very bad place to be. Bryan Strawser: It's a very bad place to be because you may not have time to think about alternative solutions to what you're going to do because your plan's inadequate. It's also important, I think just to get folks that have the capacity to be able to do this work. It does require, I'm not going to pretend it's always the sexiest thing in the world to write a business continuity plan. But it does require someone who has some good critical thinking skills to think about how do I mitigate the risk of something happening? How do I respond when something happens? How do I innovate a solution at the moment when the main elements of my plan aren't working? Bray Wheeler: How are things connected? Bryan Strawser: And how are things connected? Bray Wheeler: Because that's usually a pretty common trip point. It's pretty easy to say, "Okay, let's draft a contact list and this is how we're going to do it." But what are those kinds of secondary and tertiary things that are happening if we make this choice or we enact this option in our business continuity plan? What ripple effects does that have? Or what partners do we need to make sure that that happens? So good visibility, a good kind of organizational awareness is always a nice bonus. Bryan Strawser: Yeah. Good strategic understanding of how your company works and the interdependencies of processes and people are a really important part to making this world go round. So for reference, if you want to learn more about the roles and responsibilities that are in the ISO Standard, I'm going to encourage you to get a copy of the ISO 22301 Standard. I think they do a pretty good job of breaking down roles and responsibilities into some simple bullet points. You do kind of have to read between the lines sometimes to understand what's the strategic intent of the role that you're getting at. But it doesn't get much simpler than the way that they're outlined within the Standard. Bray Wheeler: Yeah. That's it for this episode of the Managing Uncertainty Podcast. We'll be back next week with another new episode. Thanks for listening.
The International Organization for Standardization (ISO) standard on sustainable cocoa will help mainstream ethical cocoa, says the chair of the standard, while an NGO worries uptake will be limited.
The International Organization for Standardization (ISO) standard on sustainable cocoa will help mainstream ethical cocoa, says the chair of the standard, while an NGO worries uptake will be limited.
The International Organization for Standardization (ISO) standard on sustainable cocoa will help mainstream ethical cocoa, says the chair of the standard, while an NGO worries uptake will be limited.
In this episode, Michael Ruff - a global pioneer and expert in wide format and screen printing, author of ISO Standard 12647-5, Idealliance G7® Expert, G7® Process Control Expert, member of the Idealliance Print Properties & Colorimetric Council, and contributor to USTAG and CGATS - shares his extensive experience and stories from the field on achieving unwavering confidence in color management and how it boosts morale and profitability. Guest: Michael Ruff GAMUT is produced and published by Idealliance - become a member today and join us in creating the future of our industry. Learn more about Idealliance Certification Programs such as: G7®, BrandQ®, Color Management Professional® and Print Planning & Estimating Professional®. This episode of GAMUT is brought you by Canon. Support the show (https://www.idealliance.org/idealliance-membership)
Marcelo Antunes from SQR Consulting is walking us through the process of Standard creation. You'll understand how you can participate to it and why it is so important. We will also discuss about the Elsmar Cove Forum that is a great source of support. The post Episode 12 – How to create an ISO Standard with Marcelo Antunes appeared first on Medical Device made Easy Podcast.
För första gången finns det nu en global ISO-ledningssystemstandard för arbetsmiljö, ISO 45001. I det här avsnittet av Standardpodden samtalar SIS projektledare Björn Nilsson med Anna Gruffman, arbetsmiljö- och säkerhetschef, Bonava, och Stefan Larsson, konsult 6D Sustainability, om vikten av ett strategiskt arbetsmiljöarbete och tittar närmare på vad standarden kan tillföra och hur den kan användas. Innehåll (med tidsangivelser) 00: 00 - Inledning med presentation av gäster, förklaring om vad ett ledningssystem är och vad ISO 45001 är. 16:10 - Standardens innehåll med genomgång av viktiga kapitel och krav 43:55 - Experternas tips på hur du kommer igång med ISO 45001., hur certifiering går till och hur man skapar förutsättningar för att få nöjda arbetstagare.
In our first episode of 2016 I sat down with Steph Taylor and Ed Pinsent to talk about their new, and free, OAIS online course. We discussed: why they decided to make the OAIS reference model their first short online course; why OAIS is a useful sta...
SPaMCAST 296 features our interview with Jeff Dalton we talked about Agile and resiliency. If Agile is resilient it will be able to spring back into shape after being bent or compressed by the pressures of development and support. In the conversation, Jeff and I discussed whether Agile was resilient and how frameworks like the CMMI can be used to make Agile more resilient. Jeff is Broadsword’s President, Certified Lead Appraiser, CMMI Instructor, ScrumMaster and author of “agileCMMI,” Broadsword’s leading methodology for incremental and iterative process improvement. He is Chairman of the CMMI Institute’s Partner Advisory Board and former President of the Great Lakes Software Process Improvement Network (GL-SPIN). He is a recipient of the Software Engineering Institute’s SEI Member Award for Outstanding Representative for his work uniting the Agile and CMMI communities together through his popular blog “Ask the CMMI Appraiser.” He holds degrees in Music and Computer Science and builds experimental airplanes in his spare time. You can reach Jeff at appraiser@broadswordsolutions.com. Contact Data: Email: appraiser@broadswordsolutions.com. Twitter: @CMMIAppraiser Blog: http://askthecmmiappraiser.blogspot.com/ Web: http://www.broadswordsolutions.com/ also see: www.cmmi-tv.com Next week we will feature our essay on IFPUG Function Points. IFPUG function points are an ISO Standard means to size projects and applications. IFPUG function points are used across a wide range of project types, industries and countries. Upcoming Events Upcoming DCG Webinars: July 24 11:30 EDT – The Impact of Cognitive Bias On Teams Check these out at www.davidconsultinggroup.com I will be attending Agile 2014 in Orlando, July 28 through August 1, 2014. It would be great to get together with SPaMCAST listeners, let me know if you are attending. I will be presenting at the International Conference on Software Quality and Test Management in San Diego, CA on October 1 I will be presenting at the North East Quality Council 60th Conference on October 21st and 22nd in Springfield, MA. More on all of these great events in the near future! I look forward to seeing all SPaMCAST readers and listeners that attend these great events! The Software Process and Measurement Cast has a sponsor. As many you know I do at least one webinar for the IT Metrics and Productivity Institute(ITMPI) every year. The ITMPI provides a great service to the IT profession. ITMPI’s mission is to pull together the expertise and educational efforts of the world’s leading IT thought leaders and to create a single online destination where IT practitioners and executives can meet all of their educational and professional development needs. The ITMPI offers a premium membership that gives members unlimited free access to 400 PDU accredited webinar recordings, and waives the PDU processing fees on all live and recorded webinars. The Software Process and Measurement Cast some support if you sign up here. All the revenue our sponsorship generates goes for bandwidth, hosting and new cool equipment to create more and better content for you. Support the SPaMCAST and learn from the ITMPI. Shameless Ad for my book! Mastering Software Project Management: Best Practices, Tools and Techniques co-authored by Murali Chematuri and myself and published by J. Ross Publishing. We have received unsolicited reviews like the following: “This book will prove that software projects should not be a tedious process, neither for you or your team.” Support SPaMCAST by buying the book here. Available in English and Chinese.