Episodios

  • #186 Business Continuity lessons learnt from CrowdStrike

    #186 Business Continuity lessons learnt from CrowdStrike
    Aug 13 2024
    In July 2024, A logic error in an update for CrowdStrike’s Falcon software caused 8.5 million windows computers to crash. While a fix was pushed out shortly after, the nature of the error meant that a full recovery of all effected machines took weeks to complete. Many businesses were caught up in the disruption, regardless of if this affected them directly or by proxy due to affected suppliers. So, what can businesses learn from this? Today, Ian Battersby and Steve Mason discuss the aftermath of the CrowdStrike crash, the importance of good business continuity and what actions all businesses should take to ensure they are prepared in the event of an IT incident. You’ll learn · What happened following the CrowdStrike crash? · How long did it take businesses to recover? · Which ISO management system standards would this impact? · How can you use your Management System to address the affects of an IT incident? · How would this change your understanding of the needs and expectations of interested parties? · How do risk assessments factor in where IT incidents are concerned? Resources · Isologyhub · ISO 22301 Business Continuity In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:05] Episode summary: Ian Battersby is joined by Steve Mason to discuss the recent CrowdStrike crash, the implications on your Management system and business continuity lessons learned that you can apply ahead of any potential future incidents. [03:00] What happened following the CrowdStrike crash?– In short, An update to CrowdStrike’s Falcon software brought down computer systems globally. 8.5 million windows systems, which in reality is less than 1% of windows systems, were affected as a result of this error. Even still, the damage could still be felt from key pillars of our societal infrastructure, with a lot of hospitals and transportation like trains and airlines being the worst affected. [04:45] How long did it take CrowdStrike to issue a fix? – CrowdStrike fixed the issue in about 30 minutes, but this didn’t mean that computers affected would be automatically fixed. In many cases applying the fix meant that engineers had to go on site to many different locations which is both time consuming and costly. In some cases Microsoft said that some computers might need as many as 15 reboots to clear the problem. So, a fix that many were hoping would solve the issue ended up taking a few weeks to fully resolve as not everyone has IT or tech support in the field to issue a manual reboot. A lot of businesses were caught out as they don’t factor this into their recovery time, some assuming that an issue like this is guaranteed to be fixed within 48 hours, which is not something you can promise. You need to be realistic when filling out a Business Impact Assessment (BIA). [07:55] How do you know in advance if an outage will need physical intervention to resolve? – There is a lesson to be learnt from this most recent issue. You need to take a look at your current business continuity plans and ask yourself: · What systems to you use? · How reliable are the third-party applications that you use? · If an issue like this to reoccur, how would it affect us? · Do we have the necessary resource to fix it? i.e. staff on site if needed? Third-parties will have a lot of clients, some may even prioritise those that pay a more premium package, so you can’t always count on them for a quick fix. [09:10] How does this impact out businesses in terms of our management standards? – When we begin to analyse how this has impacted our management systems, we can’t afford to say ‘We don’t use CrowdStrike therefore it did not impact us’ – it may have impacted your suppliers or your customers. Even if there was zero impact, lessons can be learned from this event for all companies. Standards that were directly affected by the outage were: · ISO 22301 – Business Continuity: Recovery times RPO and RTO; BIA; Risk Assessments · ISO 27001 – Information Security: Risk Assessment; Likelihood; Severity; BCP; ICT readiness · ISO 20000-1 – IT Service Management; Risk Assessment of service delivery; Service continuity; Service Availability Remember, our management systems should reflect reality and not aspiration [11:30] How do we use our Management Systems to navigate a path of corrective action and continual improvement? – First and foremost an event like this must be raised as an Incident – in this case it would no doubt have been a Major Incident for some companies. This incident will typically be recorded in the company’s system for capturing non-conformities or ...
    Más Menos
    37 m
  • #185 Addressing Opportunities for Improvement

    #185 Addressing Opportunities for Improvement
    Aug 6 2024
    Continual Improvement is at the heart of every ISO Standard. The cyclical nature of ISO Standards lends itself to regular review and update of your Management System, to ensure it’s working efficiently and to address any issues or opportunities that inevitably crop up. However, Integrating these improvements can be challenging, even for mature systems. Today Ian Battersby explains the concept of Improvement as defined in ISO Standards, how to find root cause for non-conformities and integrating improvement actions from multiple sources. You’ll learn · What is meant by ‘Improvement’ in ISO Standards? · Common misconceptions about Improvement in ISO Standards · How to address non-conformities in your Management System · Finding the root cause of a non-conformity · Integrating Improvement actions Resources · Isologyhub In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:05] Episode summary: Ian Battersby will be explaining what Improvement means in relation to ISO Standards, how to address non-conformities and integrating the required Improvement actions. [02:30] What is meant by ‘Improvement’ in ISO Standards? – One of the requirements of all Management System standards is to determine and select opportunities for improvement (Clause 10). This is the fundamental aim of Management Systems: to make things better In the words of the standards, it is so that an organisation can: “Implement any necessary actions to meet customer requirements and enhance customer satisfaction These shall include: a) improving products and services to meet requirements as well as to address future needs and expectations; b) correcting, preventing or reducing undesired effects; c) improving the performance and effectiveness of the management system.” An organisation going through certification for the first time may never have had in place a system for planning improvements. Some organisations are dealing with improvements, but not necessarily through a single, consistent route. While you can meet the requirements of the standards without a single route, the standard is not prescriptive in how you go about this. [04:45] Common misconceptions about non-conformities – the standard does go on to cover nonconformity and corrective action (10.2); is it suggesting these as the main source of non-conformities (NC). It isn’t really explicit about other sources, other than specifically including customer complaints as a form of NC. However, there’s a strong argument for consolidating data from different sources, so it’s worth considering how complaints data is handled. Other sources of non-conformities can include your Internal Audit findings, addressing where you may not be meeting client expectations, addressing failure to meet legal obligations ect. As a reminder, ISO 9000 (Fundamentals and vocabulary) includes the definition of nonconformity: non-fulfilment of a requirement: need or expectation that is stated, generally implied or obligatory i.e. Legal / client expectation. [10:00] Addressing non-conformities – You need to evaluate the need for action to eliminate the cause of the nonconformity, to ensure that the issues doesn’t recur, or pop-up elsewhere. When a non-conformity does occur, you need to: · Determine the causes · Determining if similar nonconformities exist, or could potentially occur; Any corrective actions should be appropriate to the effects of the nonconformities encountered. So, you don’t need to commit a huge amount of resource to minor issues. [11:40] Join the isologyhub and get access to limitless ISO resources – From as little as £99 a month, you can have unlimited access to hundreds of online training courses and achieve certification for completion of courses along the way, which will take you from learner to practitioner to leader in no time. Simply head on over to the isologyhub to sign-up or book a demo. [13:40] Finding the cause of non-conformities – Without removing the cause, repetition may occur, and this is where integrating improvement data from multiple sources comes into its own. The idea of Common cause is - a single cause may manifest itself in very different outcomes. For example, a lack of competence could lead to a process being delivered wrongly, leading to reducing level of quality in service or product, which would be picked up as an NC. Competence is an area which can also lead to NC’s, through the result of a helath & safety incident or environmental incident if people aren’t trained to use equipment or follow set procedures. It can also lead to a customer complaint where the failed process is apparent to a customer. If a product NC isn’t spotted ...
    Más Menos
    22 m
  • #184 Proactive Hazard Reporting – Consultation and Participation in ISO 45001

    #184 Proactive Hazard Reporting – Consultation and Participation in ISO 45001
    Jul 30 2024
    In the workplace, everyone is responsible for safety. It’s not just for managers or senior management to worry about where legislation is concerned, everyone from the top to the bottom needs to be actively ensuring the safety of others. ISO 45001 highlights the importance of this in its most recent iteration, which includes a specific requirement for the consultation and participation of workers. But, how does this work in practice? Today Ian Battersby explains what consultation and participation of workers in ISO 45001 is, and how you can incorporate elements of reactive and proactive hazard reporting to meet that requirement. You’ll learn · What is consultation and participation of workers in ISO 45001? · What is the identification of hazards? · What’s the difference between reactive and proactive hazard reporting? · Common approaches to reactive and proactive hazard reporting · Proactive hazard reporting in action Resources · Isologyhub In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:05] Episode summary: Ian Battersby will be explaining reactive and proactive hazard reporting, and how this relates to the consultation and participation of workers (clause 5.4) requirement in ISO 45001. [02:30] What is ‘Consultation and Participation of workers? – ISO 45001’s clause 5.4 states: “The organization must have a process for consultation and participation of workers at all levels and functions, and their representatives in the development, planning, implementation, performance evaluation and actions for improvement of the OH&S management system.” ISO 45001 expects occupational health and safety aspects to be fully embodied within the organisation structure. All workers should be aware of their responsibilities, and work together to meet the organisation’s health and safety goals. Everyone is responsible for safety. Consultation implies two-way communication, so workers can provide feedback to be considered by the organisation before taking a decision. This is important; the organisation has to consider workers’ feedback before making decisions Participation implies the contribution of workers, including non-managerial workers, to decision-making related to OH&S performance and to proposed changes. [05:50] Hazard Identification – A specific issue which must be considered is the identification of hazards: · Identifying hazards and assessing risks and opportunities (Clauses 6.1.1 and 6.1.2); · Determining actions to eliminate hazards and reduce OH&S risks There are numerous sources for consideration when it comes to hazards · How work is organised · Routine/non-routine activities · Past incidents · Emergency situations · People · Processes · Workplace design · Equipment · Change [07:35] What’s the difference between proactive and reactive hazard reporting? – Proactive is about spotting hazards in advance and putting in place measures to minimise the chances of them materialising and causing harm (eg, through an accident) Reactive is in response to an event which has already occurred, such as an accident; a hazard existed without being spotted already and dealt with. [08:20] A common approach to proactive hazard reporting – Risk Assessment. Consider hazard sources (i.e. people, processes, equipment, workplace etc) and consider what may happen; what could go wrong. Then consider what controls could be put in place to try and prevent that happening. Risk assessment can help you to demonstrate worker consultation and participation by including those affected: · Involved in or affected by an activity · Those delivering a process · Using equipment · Occupying a workplace Those people have valuable knowledge and understanding, sometimes moreso than someone in a supervisory / managerial role. And an absolute must: recording that all employees have read, understand and are committed to the controls included in Risk Assessments; that process may also give rise to workers’ further involvement – through querying, suggesting change etc This also helps the culture of hazard spotting and promotes engagement among the workforce, both of which are vital in driving a proactive approach [11:10] A common approach to reactive hazard reporting: Accident reporting systems is the obvious choice. However, there are ways you can make this more proactive. There are various levels to accident reporting. Traditional systems wait until an accident occurs before recording and acting upon it. Some organisations also record near misses: where an event has...
    Más Menos
    26 m
  • #183 How can ISO Standards help with ESG Compliance?

    #183 How can ISO Standards help with ESG Compliance?
    Jul 17 2024
    ESG compliance has fast become a focus for many organisations looking to address their wider sustainability profile. However, its broad framework has left many scratching their heads on exactly where to start with evaluating and addressing various elements of Environmental, Social, and Governance compliance. For those looking for some direction, you may already have a solid foundation in place if you’re certified to one or many ISO Standards. Today Steph Churchman will explain what ESG is, how it can be scored and what role ISO Standards can play in ESG compliance. You’ll learn · What is ESG? · What scoring systems are available for ESG? · How can ISO Standards support ESG compliance? · What ISO Standards can support each pillar of ESG? Resources · Isologyhub In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:05] Episode summary: Steph will be breaking down what ESG compliance means, how ISO Standards can support ESG compliance and give some examples of what ISO Standards can support each pillar of ESG. [02:50] What is ESG? – ESG stands for Environmental, Social, and Governance. Analysis and evaluation against these three elements help organisations to consider different areas within their overall sustainability profile. The Environmental section looks at issues surrounding climate change and actions to address an organisation’s environmental responsibility. This includes monitoring and management of your energy consumption, waste management and pollution. It also seeks to tackle how organisations can address, reduce and mitigate their overall environmental impact. The Social aspect is based around the relationships an organisation has with its stakeholders. This is focused on employees and looks at a broad range of topics including employee wellbeing, fair and competitive pay, benefits and human resource related policies. Considerations can also include wider business relationships such as supplier relations, local community and government work. Governance criteria focuses on creating a business environment that is fair, transparent, and accountable. Considerations in this area include board composition, fairness in pay structures and executive compensation, business ethics and risk management. [04:15] An evolution of CSR – CSR (Corporate Social Responsibility) is very similar to ESG, but is less sustainability focused. It also lacked substance in the form of effective and accountable scoring systems that held businesses to account. This is where ESG differs, with many scoring systems, certifications and even mandatory requirements driving businesses to address their compliance. [04:45] ESG scoring – There are many schemes, scoring systems and certifications available for ESG, some of which are specific to industry sectors and company sizes. What one you pick will be up to you (note that some many be mandatory in select countries), however, here are a few examples: The S&P Global ESG Score – This assesses a company's performance and management of ESG risks and opportunities using a combination of company disclosures, media analysis, and industry-specific questionnaires. A score of 0-100 is given based on their findings and are relative within a company’s industry sector. Fitch Ratings ESG Relevance Scores - Fitch Ratings assigns ESG Relevance Scores alongside their traditional credit ratings. These scores assess how ESG factors could impact a company's creditworthiness. Their scores range from 1-5, with 5 indicating the highest ESG relevance to credit risk. MSCI – They offer ESG ratings for a broad range of companies, it’s not really limited by sector or size. They use a letter grade system, going from AAA-CCC, to assess a company's relative ESG risks and opportunities compared to its peers. The scoring for this one assigns companies as either an ESG leader, average or laggard within their industry. [06:10] How can ISO Standards support ESG Compliance – It's important to clarify that there's no single ISO standard that guarantees ESG compliance because ESG is a broad framework. However, ISO standards provide a strong foundation for implementing many aspects of an ESG strategy. [06:35] Supporting ESG – Structure and Framework: ISO standards offer a structured approach to managing environmental, social, and governance practices. This helps companies identify key areas for improvement and develop a systematic plan to address them. [07:10] Supporting ESG – Improved Performance: By following ISO standards, companies can demonstrably improve their environmental performance, social responsibility, and governance structures by putting in frameworks that align with best practice standards [07:30] Supporting ESG – ...
    Más Menos
    19 m
  • #182 ISO 20121:2024 updates – What you need to know ahead of your transition

    #182 ISO 20121:2024 updates – What you need to know ahead of your transition
    Jul 10 2024
    ISO 20121:2012, the Standard for Sustainable events management, was originally created and launched in coordination with the London 2012 olympics. 12 years on, it seems only fitting that its next revision would applied to the 2024 Paris Olympic Games. 10 Years on from it’s original release, the Standard has received a substantial update to not only bring it in-line with other ISO Standards, but to also address additional elements within event management, such as human rights and legacy. Today Steph Churchman will explain the changes to ISO 20121:2024, what certified companies must do to transition and the consequences of not doing so before the deadline. You’ll learn · What is ISO 20121? · What are the changes to ISO 20121:2024? · What steps should certified companies take to complete their transition? · What should you be updating? · What are the consequences for not completing your transition ahead of the deadline? Resources · Isologyhub In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:05] Episode summary: Steph will be discussing the changes to the Sustainable Event Management Standard, ISO 20121:2024, in addition to outlining what you should be updating ahead of your transition to the latest version of the Standard. [02:30] What is ISO 20121? – . The Standard for Sustainable events management was originally created and launched in coordination with the London 2012 olympics. When it came to planning the 2012 Olympic Games, they took a step back and considered the impact of required development and construction would have on biodiversity, as well as how they could reduce their Greenhouse Gas emissions and general waste in the preparation and running of the event. 12 years on, it seems only fitting that it’s next revision would applied to the 2024 Paris Olympic Games. ISO 20121 specifies the requirements for an Event Sustainability Management System to improve the sustainability of events. The standard applies to all types and sizes of organisations involved in the events industry – from caterers, lighting and sound engineers, security companies, stage builders and venues to independent event organisers and corporate and public sector event teams. [04:45] A high-level overview of the changes to ISO 20121:2024 – One of the biggest and most welcomed changes is the fact that the Standard is now aligned with the familiar High Level Structure that many other ISO’s follow. This means it will be easier to integrate with other Standards like ISO 9001 and ISO 14001. Next, there is a bigger focus on climate change, legacy and human rights. These elements weren’t necessarily missing from the previous version, but they weren’t a key focus either. [05:10] Climate Change in ISO 20121:2024 – , ISO 20121:2024 now explicitly requires considering climate change and its impact on your event and stakeholders. So, this might involve carbon emission reduction strategies and adapting to potential climate-related disruptions. Biodiveristy may also fall under this, especially if your events require construction, or take place in an outside venue such as a park or field. A quick reminder that 31 common ISO Standards also received a Climate Change Amendment, so if you haven’t addressed that yet, check out our podcast episode and workshop recording to learn about what you need to do. What does this focus on climate change mean for certified companies?: · It provides an opportunity for event professionals and event organisers to demonstrate leadership in taking action around climate change · Certified organisations are required to ensure that any carbon offsetting completed via carbon credits are credible · ISO 20121:2024 Standard facilitates the process of taking credible action and aligns ISO 20121 with big changes relating to climate change [06:55] Human Rights in ISO 20121:2024 – The new version also expands beyond environmental concerns to encompass human and child rights, social impact (including mental health and diversity), and digital responsibility. Your management system will need to address these aspects throughout the event lifecycle. What does the increased focus on human rights in ISO 20121 mean for certified organisations?: · Certified organisations will need to demonstrate and adhere to UN Guiding Principles on Business and Human Rights. · The revised standard also now references social impact in its definitions – primarily in the definition for Sustainable Development and Stewardship. · A new Annex has been added – Annex D: Guidance on Human and Child Rights. · Added guidance states that event organisers should consult with Human and Child ...
    Más Menos
    21 m
  • #181 The Integral Role of Leadership within ISO

    #181 The Integral Role of Leadership within ISO
    Jul 3 2024
    ISO Standards provide a framework to help businesses manage various aspects of their activities. Whether that’s quality, risk, environmental or Information Security management, they provide invaluable guidance to establish an effective Management System. One element that is key, no matter the Standard or subject area, is Leadership. Without this driving force, your Management System will not get the momentum it needs to truly benefit your way of working. Today Ian Battersby will explain the integral role of leadership within the Implementation and maintenance of an ISO Management System, and how their active participation benefits the whole business. You’ll learn · What is Leadership? · Where is Leadership referenced in ISO Standards? · How do Leadership get involved with the Implementation and Management of ISO Standards? · How does Leadership participation benefit the business? Resources · Isologyhub In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:05] Episode summary: Ian will be discussing the role of Leadership within ISO Management Systems and how their active participation can benefit the business as a whole. [02:30] What is Leadership? – Leadership is central to success in achieving any goal in business. It involves motivating a group of people toward a common pursuit, and it certainly isn’t straightforward without leadership believing in what it’s doing. Without showing that belief, why would the workforce sit up and take note: ‘If it’s not important to you, why should it be to me?’ [03:30] Why should Leadership get involved? – The need for leadership has been recognised by Standards bodies, hence why it’s been made central to all Management System Standards. For many years, Management Systems were separate from the day-to-day activities of running a business, often boiled down to just a person in a room with manuals, getting through certifications and earning a nice shiny badge.But this had little to no impact on the bottom line (be honest)! But, a well-run Management System can have huge impacts and benefits on all types of organisation, and updated ISO standards aim to deliver that impact more readily, so leadership gets its own clause (Clause 5 – Leadership) [05:25] Clause 5.1 Top management shall demonstrate leadership & commitment – This boils down to taking accountability for effectiveness of the system, but how do you do this? Firstly, the system can only be effective if it is designed correctly, so leadership must ensure it fits with its context of the organisation, which is required in Clause 4. There are ways of doing this, but we favour a SWOT and PESTLE. This is simply to ensure that those establishing context don’t do it in a vacuum, opening up the floor to get input from everyone effected by the Management System. This is key because Senior Managers need active involvement to understand how the system works, its resource needs and its performance. [07:25] Ensuring quality policy and objectives are established and compatible with context and strategic direction – The quality objectives must contribute to the business, so there's a role for senior managers to ensure that they are aligned and have a measurable contribution to the business. What measures are included in your objectives which can demonstrably show that they affect the business in some way in a good way? That's what senior management have to do to link quality objectives with strategic organisational business objectives. [08:20] Ensuring integration into the organisation’s business processes – The quality objectives must contribute to the business, so there's a role for senior managers to ensure that they are aligned and have a measurable contribution to the business. They must ensure integration into the organisations’ business processes, which in turn must be aligned with the context. They must also be relevant to the way the organisation runs and senior management needs to oversee a system which allows processes to do that. [05:20] Promoting use of the process approach and risk-based thinking – This requires senior management to actually do some promotion – which is stipulated as ‘Shall Promote’. For those that don’t know, whenever the word ‘Shall’ is used in an ISO Standard, that essentially means you MUST do it. In this instance, that means actually contributing the communications and raising of Management System Awareness. Senior Management have to be involved in the process of describing to people what's important, why the standards are important and that risk and process are central to the organisations operations. [09:35] Providing resources for the system – There’s a number of resources that Senior ...
    Más Menos
    25 m
  • #180 Carbon Reporting – To Verify or Not To Verify

    #180 Carbon Reporting – To Verify or Not To Verify
    Jun 25 2024
    There is a growing pressure on businesses to address their environmental impact, both from the Government as well as a more sustainably minded consumer base. As a result, the need to carry out Greenhouse Gas (GHG) emissions reporting is being introduced as a mandatory requirement for tenders, and Government led initiatives such as Streamlined Energy and Carbon Reporting (SECR). Today Mel Blackmore will discuss Greenhouse Gas (GHG) emissions reporting, and how verifying GHG Statements in alignment with ISO 14064-1 can benefit your business. You’ll learn · Why is there a growing need to report on GHG emissions? · What is the difference between certification and verification? · What is ISO 14064-1? · What are the benefits of ISO 14064-1? Resources · Carbonologyhub In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:05] Episode summary: Mel will be discussing GHG emissions reporting, and why verifying your businesses GHG Statements in alignment with ISO 14064-1 is a smart move. [02:30] What’s the difference between Certification and Verification? – We covered this in detail on a previous episode, go back and listen to episode 162 [02:40] Why is there a growing need to address GHG emissions? – Climate change is a top concern for many. Consumers, investors and governments across the globe are all demanding greater transparency and accountability from businesses regarding their environmental impact. In particular, the carbon footprint a business claims to have. [03:25] What is ISO 14064-1? – ISO 14064-1 is in internationally recognised Standard for quantification of Greenhouse Gas (GHG) emissions and removals at the organisational level. In simple terms, this is the go-to Standard for businesses looking to calculate, verify and publish its carbon emissions. [03:40] Benefit #1: Making compliance and reporting easier – Now, it’s important to note that the first time you go through this process will be like pulling teeth. You will need to do a fair bit of work initially, but once that’s set-up, it will make the necessary annual reporting a much easier process. ISO 14064-1 verification ensures you are complying with applicable regulations such as SECR and the Governments requirement for a PPN 06/21 (within the UK). If you are based in the UK, there is now Public Sector tendering requirement to identify what your carbon footprint is and make recommendations for reductions in the form of a Carbon Reduction Plan (CRP). It can also help to streamline initiatives like the CDP (Carbon Disclosure Project) or EcoVardis. [05:40] Benefit #2: Taking a deeper look at your emissions footprint – Verification is not simply just ticking a box, it’s about providing a clear picture of your organisations’ total GHG emissions. Not just your CO2 emissions, ISO 14064-1 ensure you account for different types of emissions sources. This granular understanding will be crucial in identifying areas for improvement and developing an effective reduction strategy. [06:25] Benefit #3: Providing Trust and Transparency – Having your report verified by am independent third-party adds a layer of credibility to your GHG reporting. Anyone can just say their carbon emissions are X, but it’s another to have that backed up by a third-party. They can ensure your claims are true, correct and that there is a credible methodology behind it. Stakeholders such as investors, consumers and regulators will then have the confidence that your emissions data is accurate and transparent. Carbonology can assist you with the training resources needed to do this – so check out their website to learn more. [07:30] Benefit #4: Pave a way for Carbon Reduction Strategies – We mentioned earlier about the requirement for a PPN 06/21, this requires a Carbon Reduction Plan (CRP). Whether you create one based on a mandatory requirement or not, having a CRP is a no brainer for any business. It helps you to understand your emissions, which is the first step towards reducing them. ISO 14064-1 verification lays the ground work for developing and implementing an effective CRP. This can translate into significant cost savings and a competitive edge in the long run. [08:30] Benefit #5: Embrace Mitigation – The verification goes beyond just cutting emissions. It supports mitigation actions like carbon removal projects, allowing you to demonstrate a holistic approach to tackling climate change year on year. [08:50] Benefit #6: It’s a global Standard – ISO 14064-1 was created by over 140 representatives from over 50 countries globally to define exactly what greenhouse gas emission verification should look like. While there are lots of other ways to achieve Net Zero, it makes more sense to...
    Más Menos
    13 m
  • #179 The Interconnectedness of Clauses

    #179 The Interconnectedness of Clauses
    Jun 19 2024
    ISO Standards provide a framework to help businesses manage various aspects of their activities. Whether that’s quality, risk, environmental or Information Security management, they provide invaluable guidance to establish an effective Management System. However, for those who are new to ISO Standards, the Standards themselves can seem rather intimidating to interpret. Back in 2015, the Annex SL format was introduced to provide a common high-level structure for Management Systems. With 10 clauses now common in most widely adopted ISO Standards, it can still be a bit difficult to understand exactly how these all work together. Today Ian Battersby will explain how ISO Standard clauses work in tandem to create a cohesive cycle, from context of the organisation through to Improvement. You’ll learn · What is the high-level structure? · What are ISO Standards structured this way? · How do ISO Standard clauses interconnect? · How does this apply to Quality Management? Resources · Isologyhub In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:05] Episode summary: Ian will be discussing the interconnectedness of clauses, which basically just means explaining the key links between the clauses and how that applies to your management system. [02:40] High level structure – 10 years ago, Annex SL was introduced to create a common framework for ISO Standards. Today, Ian will focus on ISO 9001 as that really is the grandfather of all Management System Standards. ISO 9001 includes elements which are applied to most commonly adopted ISO Standards, and sets the scene in terms of how the clauses link together. [03:20] Why are ISO Standards structured this way? – On their surface, ISO Standards can seem very repetitive in the way that they’re written, but there is a good reason for that. There are all based around the Plan-Do-Check-Act cycle. [04:10] What is the Plan Do Check Act cycle? – This is a simple process that all Management System Standards adhere to. So you start with a ‘Plan’ to establish objectives, the resources which you need to deliver results, you identify risks and opportunities. From that point you fulfil the ‘Do’ part through Implementation and using the Management System. From there you ‘Check’ so you monitor against the policies, objectives and any other requirements. Basically monitor against what you said you'd do and then you ‘Act’ if you find anything that needs to change, you make that change and you improve as an organisation and you improve that management system. [05:00] A logical path – Management System Standards are designed in such a way that they flow from one clause to the other. One cannot exist without the other. [05:20] How does Clause 4 Context of the Organisation link with Clause 6 Planning? – As clause 4 Context of the Organisation states: ‘external and internal issues relevant to your purpose and strategic direction… …and that affect your ability to achieve intended results’ The scope of your management system depends entirely on this. The world in which you operate - what you buy, the people you employ, what you make, who you sell to, the laws you follow… Clause 4 also requires us to identify all interested parties (which we’ll address later!). With careful planning, you can align documentation you develop for one clause with other clauses. Clause 4 doesn’t tell us how we should work out our context, but it provides some very good clues · NOTE 1 Issues can include positive and negative factors · NOTE 2 Understand the external context by considering issues arising from legal, technological, competitive, market, cultural, social and economic environments So they’re not saying how to do it, but they’ve said what you can consider This sounds a lot like a traditional SWOT/PESTLE analysis… If we skip to Clause 6, Planning, the first thing we must do when we plan is to identify actions to address risks and opps A SWOT will mean you’ve covered these elements, consider the following = · Weakness = Risk · Threat = Risk · Opportunity = Opportunity We can similarly view the PESTLE in the same light. So you can see that with careful planning, as mentioned you can align documentation for one clause with other clauses. [10:00] How does Clause 6 link with Clause 7 & 8? – Skipping from Clause 6.1 If you’ve identified what might go wrong (aka - risk), you need to plan to ensure it doesn’t happen again. That may involve a single improvement action, which is linked to clause 10 (funnily enough, Improvement) It may be that you need something bigger, involving many steps, over a period of time, say an objective ...
    Más Menos
    25 m