The ISO Show

AI has become inescapable over the past years, with the technology being integrated into tools that most people use every day. This has raised some important questions about the associated risks and benefits related to AI. Those developing software and services that include AI are also coming under increasing scrutiny, from both consumers and legislators, regarding the transparency of their tools. This ranges from how safe they are to use to where the training data for their systems originates from. This is especially true of already heavily regulated industries, such as the financial sector. Today's guest saw the writing on the wall while developing their unique AI software, that helps the financial sector detect fraud, and got a jump start on becoming accredited to the world's first best practice Standard for AI, ISO 42001 AI Management. In this episode, Mel Blackmore is joined by Rachel Churchman, The Global Head of GRC at Umony, to discuss their journey towards ISO 42001 certification, including the key drivers, lessons learned, and benefits gained from implementation. You'll learn · Who is Rachel? · Who are Umony? · Why did Umony want to implement ISO 42001? · What were the key drivers behind gaining ISO 42001 certification? · How long did it take to implement ISO 42001? · What was the biggest gap identified during the Gap Analysis? · What did Umony learn from implementing ISO 42001? · What difference did bridging this gap make? · What are the main benefits of ISO 42001? · The importance of accredited certification · Rachel's top tip for ISO 42001 Implementation Resources · Umony · Isologyhub In this episode, we talk about: [02:05] Episode Summary – Mel is joined by Rachel Churchman, The Global Head of GRC at Umony, to explore their journey towards ISO 42001 certification. [02:15] Who is Rachel?: Rachel Churchman is currently The Global Head of GRC (Governance, Risk and Compliance) at Umony, however keen listeners to the show may recognise her as she was once a part of the Blackmores team. She originally created the ISO 42001 toolkit for us while starting the Umony project under Blackmores but made the switch from consultant to client during the project. [04:15] Who are Umony? Umony operate in the financial services industry. For context, in that industry every form of communication matters, and there are regulatory requirements for firms to capture, archive and supervise all business communications. That covers quite a lot! From phone calls, to video calls, instant messaging etc, and failures to capture that info can lead to fines. Umony are a compliance technology company operating within the financial services space, and provide a platform that can capture all that communications data and store that securely. [05:55] Why did Umony embark on their ISO 42001 journey? Umony have recently developed an AI platform call CODA, which uses advanced AI to review all communications to detect financial risks such as market abuse, fraud or other misconduct. This will flag those potential high-risk communications to a human to continue the process. The benefit of this is that rather than financial institutions only being able to monitor a very small set of communications due to it being a very labour intensive task, this AI system would allow for monitoring of 100% of communications with much more ease. Ultimately, it's taking communications capture from reactive compliance to proactive oversight. [08:15] Led by industry professionals: Umony have quite the impressive advisory board, made up of both regulatory compliance personnel as well as AI technology experts. This includes the likes of Dr.Thomas Wolfe, Co-Founder of Hugging Face, former Chief Compliance Officer at JP Morgan and the CEO of the FCA. [09:00] What were the key drivers behind obtaining ISO 42001 certification? Originally, Rachel had been working for Blackmores to assist Umony with their ISO 27001:2022 transition back in early 2024. At the time, they had just started to develop their AI platform CODA. Rachel learned about what they were developing and mentioned that a new Standard was recently published to address AI specifically. After some discussion, Umony felt that ISO 42001 would be greatly beneficial as it took a proactive approach to effective AI management. While they were still in the early stages of creating CODA they wanted to utilise best practice Standards to ensure that the responsible and ethical development of this new AI system. When compared to ISO 27001, ISO 42001 provided more of a secure development lifecycle and was a better fit for CODA as it explores AI risks in particular. These risks include considerations for things like transparency of data, risk of bias and other ethical risks related to AI. At the time, no one was asking for companies to be certified to ISO 42001, so it wasn't a case of industry pressure for Umony, they simply knew that this was the right thing to do. Rachel was keen to sink her teeth into the project because the Standard was so new that Umony would be early adopters. It was so new, that certification bodies weren't even accredited to the Standard when they were implementing the Standard. [12:20] How long did it take to get ISO 42001 certified? Rachel started working with Anna Pitt-Stanley, COO of Umony, around April 2024. However the actual project work didn't start until October 2024, Umony already had a fantastic head start with ISO 27001 in place, and so project completion wrapped up around July of 2025. They had their pre-assessment with BSI in July, which Rachel considered a real value add for ISO 42001 as it gave them more information from the assessors point of view for what they were looking for in the Management System. This then led onto Stage 1 in August 2025 and Stage 2 in early September 2025. That is an unusually short period of time between a Stage 1 & 2, but they were in remarkably good shape at the end of Stage 1 and could confidently tackle Stage 2 in quick succession. The BSI technical audit finished at the end of September, so in total from start to finish the Implementation of ISO 42001 took just under 12 months. [15:50] What was the biggest gap identified during the Gap Analysis? A lot of the AI specific requirements were completely new to this Standard, so processes and documentation relating to things like 'AI Impact Assessment' had to be put in place. ISO 42001 includes an Annex A which details a lot of the AI related technical controls, these are unique to this Standard, so their current ISO 27001 certification didn't cover these elements. These weren't unexpected gaps, the biggest surprise to Rachel was the concept of an AI life cycle. This concept and its related objectives underpin the whole management system and its aims. It covers the utilisation or development of AI all the way through to the retirement of an AI system. It's not a standalone process and differs from ISO 27001's secure development life cycle, which is a contained subset of controls. ISO 42001's AI life cycle in comparison is integrated throughout the entire process and is a main driver for the management system. [19:30] What difference did bridging this gap make? After Umony understood the AI life cycle approach and how it applied to everything, it made implementing the Standard a lot easier. It became the golden thread that ran through the entire management system. They were building into an existing ISMS, and as a result it created a much more holistic management system. It also helped with the internal auditing, as you can't take a process approach to auditing in ISO 42001 because controls can't be audited in isolation. [21:30] What did Umony learn from Implementing ISO 42001? Rachel in particular learned a lot, not just with ISO 42001 but with AI itself. AI is new to a lot of people, herself included, and it can be difficult to distinguish what is considered a risk or opportunity regarding AI. In reality, it's very much a mix of the two. There's a lot of risk around data transparency, bias and data poisoning as well as new risks popping up all the time due to the developing technology. There's also a creeping issue of shadow IT, which is where employees may use hardware of software that hasn't been verified or validated by the company. For example, many people have their own Chat GPT accounts, but do you have oversight of what emplyees may be putting into that AI tool to help with their own tasks? On a more positive note, there are so many opportunities that AI can provide. Whether that's productivity, helping people focus more on the strategic elements of their role or reduction of tedious tasks. Umony is a great example of where an AI has been developed to serve a very specific purpose, preventing or highlighting potential fraud in a highly regulated industry. They're not the only one, with many others developing equally crucial AI systems to tackle some of our most labour-intensive tasks. In terms of experience with Implementing ISO 42001, Rachel feels it cemented her opinion that an ISO Standard provides a best practice framework that is the right way to go about managing AI in an organisation. Whether you're developing it, using it or selling it, ISO 42001 puts in place the right guardrails to make sure that AI is used responsibly, ethically, and that people understand the risks and opportunities associated with AI. [26:30] What benefits were gained from Implementing ISO 42001? The biggest benefit is having those AI related processes in place, regardless of if you go for certification. Umony in particular were keen to ensure that their certification was accredited, as this is a recognised certification. With Umony being part of such a regulated industry, it made sense that this was a high priority. As a result, they went with BSI as their Certification Body, who were one of the first CB's in the UK to get IAF accredited, quickly followed by UKAS accreditation. [27:55] The Importance of accredited certification: Sadly, a new Standard creates a lot of tempting offers from cowboy certification bodies that operate without a recognised accreditation. They will offer a very quick and cheap route to certification, usually provided through a generic management system which isn't reflective of how you work. Their certificate will also not hold up to scrutiny as it's not accredited with any recognisable body. For the UK this is UKAS, who is the only body in the UK under the IAF that is able to certify companies to be able to provide a valid accredited certificate. There's are easily available tools to help identify if a certificate is accredited or not, so it's best to go through the proper channels in the first place! Other warning signs of cowboy companies to look out for include: · Off the shelf Management system provided for a fee · Offering of both consultancy and certification services – no accredited CB can provide both to a client, as this is a conflict of interest. · A 5 – 10 year contract It's vital that you use an accredited Certification Body, as they will leave no stone unturned when evaluating your Management System. They are there to help you, not judge you, and will ensure that you have the upmost confidence in your management system once you've passed assessment. Umony were pleased to have only received 1 minor non-conformity through the entire assessment process. A frankly astounding result for such a new and complex Standard! [32:15] Rachel's top tip: Firstly, get a copy of the Standard. Unlike a lot of other Standards where you have to buy another Standard to understand the first one, ISO 42001 provides all that additional guidance in its annexes. Annex B in particular is a gold mine for knowledge in understanding how to implement the technical controls required for ISO 42001. It also points towards other helpful supporting Standards as well, that cover aspects like AI risks and AI life cycle in more detail. Rachel's second tip is: You need to scope out your Management System before you start diving into the creation of the documentation. This scoping process is much more in-depth for ISO 42001 than with other ISO Standards as it gets you to understand your role from an AI perspective. It helps determine whether you're an AI user, producer or provider, it also gets you to understand what the management system is going to cover. This creates your baseline for the AI life cycle and AI risk profile. These you need to get right from the start, as they guide the entire management system. If you've already got an ISO Standard in place, you cannot simply re-use the existing scope, as it will be different for ISO 42001. If you're struggling, CB's like BSI can help you with this. [35:20] Rachel's Podcast recommendation: Diary of a CEO with Stephen Bartlett. [32:15] Rachel's favourite quote: "What's the worst that can happen?" – An extract from a Dale Carnegie course, where the full quote is: "First ask yourself what is the worst that can happen? Then, you prepare to accept it and then proceed to improve on the worst." If you'd like to learn more about Umony and their services, check out their website. We'd love to hear your views and comments about the ISO Show, here's how: ● Share the ISO Show on Twitter or Linkedin ● Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

When embarking on your ISO journey, a crucial first step is evaluating your current level of compliance and identifying what gaps need to be filled to gain certification or fully align with a Standard. This is typically done by conducting a Gap Analysis. This exercise sets the foundations for your ISO Implementation project, from setting key actions and objectives, to resourcing and establishing a project timeline. In this episode, Ian Battersby dives into the purpose of a Gap Analysis, who should be involved in the exercise and what inputs and outputs you should expect to have from conducting a Gap Analysis. You'll learn · What is a Gap Analysis? · What is the aim of a Gap Analysis? · What is the process of conducting a Gap Analysis? · Who should be involved in a Gap Analysis? · What inputs should be included in a Gap Analysis? · What outputs can you expect from a Gap Analysis? Resources · Isologyhub In this episode, we talk about: [02:05] Episode Summary – Ian Battersby dives into the first step on any ISO Implementation journey, breaking down what a Gap Analysis is, it's purpose and what you should expect to get out of conducting one. [02:50] What is a Gap Analysis?: Simply put, it's the start of the process. It's a key to understanding where an organisation is right now and establishing what it needs to do on its journey to ISO certification. But it's not just for certification, as certification isn't always what people are trying to achieve. Many businesses opt to align themselves to a standard to ensure they're doing the right thing, but may not go through with full certification. [04:05] Who is the aim of a Gap Analysis? The objective of a Gap Analysis is to carry out a review of your organisation against the requirements of the respective standard. This will help to establish the following: · Areas where you conform to the standard, where you may have established the required processes, procedures, roles, responsibilities, systems, methods, documents · Areas of nonconformity, where such things will need to be developed · You may partly conform, so it's important to understand that as well From that understanding, you can build key actions, timescales and responsibilities for implementing an ISO Standard. It's also very useful to leadership; to clarify what's needed, to look at priorities, to resource what's required and to establish a timeline to your end goal. [06:25] What is the process of conducting a Gap Analysis? It's important to do this in a very structured manner. It's also important to get access to existing documentation and personnel in key roles; they'll be helpful during the gap analysis in providing understanding. You'll need to evaluate your current level of compliance against the following clauses within your desired ISO Standard(s): 4 Context: Understanding the world in which you operate, the people and organisations which are important to you. This is where you will determine the scope of your system (what to include, what parts of the standard are relevant). 5 Leadership: Top management's commitment, how involved they are, their accountability and their commitment to resourcing, promoting, to giving people authority through clear roles and responsibilities. 6 Planning: This is about assessing risks and opportunities; understanding the uncertainty caused by your operating environment (context). It also involves setting objectives and then establishing meaningful plans to address the risks/opportunities and objectives; mitigations; establishing controls; operational processes. 7 Support: This is where you look at people, competence Infrastructure and environment (are your facilities/equipment appropriate to what you need to do). You will also need to identify what you need to monitor and measure to demonstrate the effectiveness of your ISO Management System. Next, you need to cover awareness and communication, i.e. how do you make people aware of your system, policy, processes; what do you tell other interested parties? Lastly, ensure you address how you control the documentation which supports your system. 8 Operation: This address the delivery of a product or service to the customer, including all the processes for doing so. For example, in ISO 9001 this clause defines what's required when designing, developing, controlling externally provided products/services and controlling anything which goes wrong. This is typically the clause that contains the largest difference between ISO Standard, with each one focusing requirements on it's topic focus. For example, ISO 14001 includes requirements for emergency preparedness and response in the event of an environmental incident. 9 Performance evaluation: This is where you review and report on the results of the monitoring and measurement that you've put in place. For those familiar with ISO, this is where the internal audit and management review requirements sit. 10 Improvement: This clause states requirements for addressing any non-conformities that pop-up during your Internal Audits. It also encourages you to address opportunities for improvement to help drive continual improvement and innovation. [13:50] Who should be involved in a Gap Analysis? One key myth that we'd like to clear up is that not everyone in the business needs to be involved in this process, however, we do recommend the following are included: The person responsible for the day-to-day running of the Management System. This may not be known at this early stage, which is fine as the purpose of the Gap Analysis is to identify gaps such as this. Leadership; someone in a senior role; responsible for resourcing the system, communicating its importance to the workforce; responsible for setting the strategic direction and objectives. People who understand the context of the organisation; understanding interested parties (stakeholders); needs of customers and others; the regulatory environment Those involved in risk management; operational, financial, commercial, regulatory, safety or environmental. Someone with knowledge of the legal requirements and how they're evaluated; relative to specific standard. Anyone setting objectives related to the specific standard. Those with knowledge of competence arrangements; not just those responsible for co-ordinating the Management System, but across the board, for delivering operational processes. Those responsible for facilities and equipment; maintenance, service, test, inspection, etc. People responsible for developing and delivering operational processes. People with knowledge of how things are monitored or measured; possibly operations people, data analysis or those who report performance to management. Those who control nonconformity and those who run improvement processes. It can be quite a range of people! However, in smaller organisations there may be quite a limited number who likely wear many hats. Again, that's not a problem, as the Gap Analysis exists to discover that. [21:55] What inputs should be included in a Gap Analysis? This can include a number of things, as not everything will necessarily be a document. Typically, we as consultants will look at: · Management System manual or System Scope · Organisational chart · Mission, vision, values and culture · SWOT/PESTLE and Interested Parties · Policy relevant to the standard · Job descriptions · Risk and opportunities analysis; methodology · Objectives · Legislation register and methods of evaluation · Competence arrangements, training records · Management System awareness, training completion · Details of version and document control in place · Monitoring and measuring plans (KPIs, SLAs, internal performance metrics) · Internal audit programme and audit reports · Management review records · Agendas for any regular management meetings · Nonconformities, incident report and corrective action records · Customer complaints/feedback · Emergency Plans · Process Documentation · Examples of process documentation: · Change control documentation · Sales, tendering, order processing · Procedures for the design and development of products and services · Design and development records stating inputs, verification and validation activities, outputs, and approval of changes · Procedures to approve products and services for release to customers including quality checks · Supplier / third party evaluation and onboarding documents · Non-conformity/complaint information · Traceability documentation [29:40] What is the output from a Gap Analysis? We look at all of this and compare it against the requirements of the Standard to see where you currently stand. In our case, we do this on a spreadsheet with a simple scoring system to give you an overview of what you already have in place and what needs to be addressed. In many cases, businesses already have a lot of the required documentation, but don't have it tied together in one cohesive system. So a large part of implementation is consolidating that existing documentation, process ect. Into an accessible and easily understood system. The key thing to remember is that this is not an audit. The evidence required does not have to be as detailed as an audit; some things can be taken on trust or face value. At this stage we aren't demonstrating anything to a certification body, and you are not being judged. We are simply looking at what needs to be done to achieve full Implementation or certification. If you'd like assistance with carrying out a Gap Analysis, get in contact with us, we'd be happy to help. We'd love to hear your views and comments about the ISO Show, here's how: ● Share the ISO Show on Twitter or Linkedin ● Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

Watch the video interview here One of the common pain points when calculating your carbon emissions is simply gathering the data. When collating data from different departments and suppliers, it can be easy to get overwhelmed. The struggle doesn't stop there, as after obtaining all that data you have to find the best way to capture and display it in a way that's useable for the necessary number crunching. Many will turn to an old favourite, spreadsheets, but these can quickly become very unwieldy and impractical if you've got a lot of data to process. Thankfully, there's a lot of new tech and tools available to help make this task both approachable and integrated within your business. In this episode, Mel Blackmore is joined by Jessica Matthys, Lead Product Manager at Pulsora, to discuss how you can take data complexity from spreadsheets to supply chains, diving into data fragmentation, optimisation and how this can all be balanced for practicality. You'll learn · Who is Jessica Matthys? · Who are Pulsora? · What does data complexity mean in the context of carbon accounting? · What are the requirements for CSRD in California? · What are the biggest pain points relating to data collection? · How can you prevent data fragmentation across your business? · What does 'Comprehensive data' mean in the context of sustainability? · How can Pulsora help a business take their carbon data from spreadsheets to integrated data systems? · How can you make you carbon data more auditable and traceable? · How can new carbon focused technology, such as AI tools, help with seeking investment? · How can you get information from your supply chain to cover scope 3 emissions? Resources · Pulsora · CSRD – California Regulations · SB-253 & SB-261 · Carbonology In this episode, we talk about: [00:25] Episode Summary – Mel Blackmore is joined by Jessica Matthys, Lead Product Manager at Pulsora, to explore how you can take data complexity from spreadsheets to supply chains, diving into data fragmentation, optimisation and how this can all be balanced for practicality. [01:40] Who is Jessica Matthys: Is the Lead Product Manager for carbon solutions at Pulsora. She's been with Pulsora for a year and a half, but has worked within the ESG / carbon / sustainability space for over 8 years in total. Something that people might not know about Jessica is that her passion for sustainability started much earlier than her working career, starting in high school where she opted to live on a farm for one semester. That unique experience of working closely with nature and animals set her on the path that she still walks today. [02:30] Who are Pulsora? Pulsora is an end to end sustainability management AI powered platform. They can manage anything from data collection and carbon accounting all the way towards ESG reporting and audit support. The focus of their platform is auditability and transparency . [04:40] What does data complexity mean in the context of carbon accounting? Jessica breaks this down into three main elements: Disparate nature of data – When compiling data for greenhouse gas accounting, you have to take a lot into consideration including your own production and consumption in addition to all the upstream and downstream relationships across your value chain. The data for all of this will be scattered and will need to be brought together in order to get a full comprehensive view of your emissions data. Missing primary data – Some data may be very difficult to obtain, say from a supplier in a remote region, so in those cases you may need to make estimations to fill those gaps. However, you need to establish a proven and trusted methodology that can be repeated for such instances. Auditability and transparency – Your data needs to be robust enough to hold up to scrutiny in an audit. New and upcoming regulatory requirements will have stricter rules around how you collect and report your emissions. We can see this in regulations such as SB 253 and 261 within CSRD that will affect businesses in California. There's a new focus on mandatory reporting as opposed to voluntary, so you will need to ensure your data is in a good place to be audited when this starts to effect other organisations globally. [07:30] What are the requirements for CSRD in California? There are two main climate bills coming into effect in California in 2026, these are SB-253 and SB-261, which are supported by CARB (California Air Resources Board). These two regulations affect businesses who are either doing business in, have employees located in, or selling products over a certain revenue threshold in California. Affected businesses will be required to report on their scope 1, 2 and 3 emissions. There isn't anything new in these regulations that we haven't already seen in other European focused requirements, aside from the mandatory element. The first deadline for this reporting is expected to be due by June 2026, and this first year they will only be expecting reports for your scope 1 and 2 data. SB-261 has a slightly different focus, with it requiring climate risk reporting. This is similar to existing frameworks like ISSB or TCFD. This report can be published publicly and you just need to submit a link to that report to the appropriate bodies in California. The deadline for this one is fast approaching, with it being set at 1st January 2026. [11:10] What are the biggest pain points relating to data collection?: Jessica shares an example of a company that came to Pulsora with a spreadsheet that they dubbed 'the monster spreadsheet' that contained 100+ tabs with hundreds of people adding to it. It got to the point where it was always crashing and simply became a burden to use. It's a fairly common story, though maybe not to this extreme, that companies find they quickly outgrow spreadsheets as a form of manual data collection. There is also the question of the quality of data provided, how can they trust the insights gained from the data provided from so many different sources? At Pulsora, they've made use of AI within their platform that can help bring all that data together and analyse it to identify any anomalies and duplicated data. They've also focused on creating collaborative workflows, so all communications regarding collection of emissions data can be kept under one roof, meaning you have a fully traceable and auditable trail for all data collected. [15:10] How can you prevent data fragmentation across your business? Pulsora have made use of AI to prevent data fragmentation, they have achieved this with agentic AI, which is AI that can coordinate between different paths and can make decisions without a human in the loop. A use case for this might be where you have a company with thousands of suppliers, but would only be able to get emissions data from the handful of long-term suppliers that are happy to work with them. AI can assist with the remaining suppliers by looking for any published information those suppliers have, and take that emissions and financial data to create an intensity factor for the supplier. This can then make an informed estimate for how many emissions equate from so much spend with that supplier. The AI will of course keep a trail for all it's sourced data so a human can review this and ensure the information is correct if needed. [18:45] What does 'Comprehensive data' mean in the context of sustainability? When gathering emissions data, a business has to consider what part of its operations creates the most emissions. This will differ depending on the sector and nature of your business. Whether you're a B2B business or a manufacturer, you need to confirm where your largest emissions source. It's imperative that your emissions inventory is reflective of your business and its impact. There will also be gaps in the data you want / need to collect. You still need to ensure that data in any reporting provided is reflective of your operations, you can't just leave that data out, especially as there are now tools to help fill those gaps. AI for example can identify representative data to help bridge those gaps to provide a comprehensive inventory. [22:35] How can Pulsora help a business take their carbon data from spreadsheets to integrated data systems?: Jessica uses a company, Franklin Templeton, to explain the process. In this case, the company is a global asset manager and they used Workday for a lot of their HR, procurement and financial data. When it came to collating emissions data, they didn't realise that 95% of the information needed was already stored in Workday. For other companies that are quire energy intensive, there's a high chance that you already have a comprehensive system with most of the data required. In Franklin Templeton's case, they helped them to transfer this over into the Pulsora system with an existing out-of-the-box migration tool for Workday. For the HR data Pulsora were able to assist with ESG reporting. The Pulsora system was able to apply emissions factors to the transferred data automatically, which helped to create a comprehensive view of their scope 1, 2 and 3 emissions. Jessica give another example for a glass manufacturing company called Seagen who are based in Turkey. While they didn't have the monster spreadsheet situation, they had a fairly good system in place but it wasn't quite reaching the mark in terms of being able to report against multiple different carbon frameworks. Pulsora's system help to quantify their data, quite a task in of itself due to how high their emissions were, and it also helped to apply all this gathered data to those carbon frameworks. They also utilised Pulsora to help gather various metrics from 7 business units across 100 sites, that aided in audit preparation and insurance. [29:00] How can you make you carbon data more auditable and traceable?: If you're just starting out on your emissions journey, we highly recommend looking to the GHG protocol for guidance on the scope 1,2 and 3 definitions and what's required of each for reporting. The first step you should take is to determine what scopes and categories are relevant to your business according to the GHG protocol. There are a few different approaches including a percentage based approach or ones that include more detailed data analysis. The second step is emission factors, which is essentially a process of taking your business activities and translating that into emissions. You need to establish a consistent approach to documenting these emission factors, and those emissions factors will be determined by your region. UK for example use DEFRA factors, the US have EPA and Europe uses AIB. There are global data sets available as well, such as IEA. The main key is establishing your methodology early on, and be consistent in your approach while documenting everything in line with that agreed methodology. For a more structured approach to carbon emissions reporting, that includes auditability and traceability at it's core are ISO Standards such as ISO 14064 and ISO 14068. [32:45] How can new carbon focused technology, such as AI tools, help with seeking investment? Jessica shares a sneak peak into a new feature that Pulsora have recently released to help with seeking investment, which is invoice reading. This feature allows users to upload invoices to the Pulsora system, and it will extract the required data without the need for manual input. This aids in the auditability and traceability within the system as this data is displayed right alongside the evidence it was extracted from. The system can also compare file content to spot and flag up any anomalies, so you can ensure your data is as accurate as possible before going through a formal audit process with a third-party such as Carbonology. That stamp of approval from a successful third-party audit can then be used for raising capital and sharing with stakeholders. [35:55] How can you get information from your supply chain to cover scope 3 emissions?: Jessica provides some helpful tips for scope 3 emissions, including:- Don't worry about getting primary information from all of your suppliers. You only need enough data to identify your decarbonization plans and strategy to share with stakeholders with a high degree of confidence. You don't have to get it 100% perfect. Prioritise your suppliers – Consider how much you spend with each supplier, how good are your relationships with them? What impact do your suppliers have on your emissions? You should target the ones that are the most impactful. A lack of response doesn't always mean a lack of data - Some supplier just won't respond to your data requests, but there are ways you can still get some information, such as 10 based emission factors to get a baseline. With publicly available data about specific sectors and regions, you can get pretty close to the info you need. Get creative – There are other ways to gather data, such as using similar more responsive suppliers as a baseline. You could hold an industry group meeting to talk about improving data transparency and data sharing. This process will be beneficial for all involved by driving both costs and emissions down through a collaborative effort. Create a sphere of influence, drive the change you want to see within your supply chain. Create a Supplier Sustainability Strategy – Again, a consistent and planned approach will encourage engagement. Lastly, don't sweat it if you can't always get the data you want. Making a start is more important than getting it perfect. A lot of frameworks are quite forgiving and allow you time to mature your systems to a level where reporting can be repeated on an annual basis. [40:30] What book would Jessica recommend? A Costa Rica travel book. Jessica simply love the country and it's culture, it's also highly immersive in nature and mostly operates on renewable energy. [40:30] What is Jessica's favourite quote? "If you were born with the weakness to fall, you were born with the strength to rise" Ruby Carr – extract from her poetry book 'Milk and Honey' If you'd like to learn more about Pulsora, check out their website. We'd love to hear your views and comments about the ISO Show, here's how: ● Share the ISO Show on Twitter or Linkedin ● Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

An ISO project can typically be completed within 6 – 12 months depending on an organisations size and complexity. Anyone who's been through the process of ISO Implementation knows that there is a lot of work involved in that time span, from coordinating teams, gathering and creating documentation to auditing your processes. Now imagine doing that for 3 ISO Standards simultaneously within 3 months! Which is exactly what today's guest, PUBLIC, have achieved. While it's not a timeframe we recommend, their efforts deserve to be celebrated, and displays what good project management with dedicated individuals can accomplish. In this episode, Ian Battersby is joined by Biba Gonzalez, Senior Associate of Business Operations at PUBLIC, to discuss their 3-month dash to implement ISO 9001, ISO 14001 and ISO 20000-1, and explore the challenges and benefits experienced during the process. You'll learn · Who is Biba Gonzalez? · Who are PUBLIC? · What was the main driver behind ISO 9001, ISO 14001 and ISO 20000-1 Implementation? · What was the biggest gap identified during the Gap Analysis? · What did Biba learn from the experience of implementing 3 standards at once? · What are the main benefits of ISO 9001, ISO 14001 and ISO 20000-1? · Biba's top tip Resources · PUBLIC · Isologyhub In this episode, we talk about: [02:05] Episode Summary – Ian is joined by Biba Gonzalez, Senior Associate of Business Operations at PUBLIC, to learn more about their 3-month whirlwind journey towards ISO 9001, ISO 14001 & ISO 20000-1 implementation. [02:30] Jumping in at the deep end: Biba was tasked with obtaining certification to 3 ISO Standard on returning from maternity leave in July 2025. PUBLIC already held ISO 27001 certification, but were looking to achieve ISO 9001 & ISO 14001 before Christmas of 2025. This was quite the task, especially since Biba had no previous experience with ISO Standards! [04:15] Who is Biba? Biba is the Senior Associate of Business Operations at PUBLIC. She has been the driving force behind PUBLIC's ISO 9001, ISO 14001 and ISO 20000-1 implementation. One fact that not many people might know about her is that she has had a private audience with the pope, by complete accident! Simply a case of wrong queue at the right time while on a family vacation. [06:50] Who are PUBLIC? PUBLIC are a digital transformation partner. They work within the private sector to help improve public services, by providing procurement services, online safety programmes and other digitally enabled services. [08:00] What were the main drivers behind achieving ISO 9001, ISO 14001 and ISO 20000-1?: PUBLIC work with a number of Government departments, and while bidding for various frameworks they noticed a trend in requests for bidding companies to have ISO 9001 and ISO 14001 certification. While not always a strict requirement, it was certainly a desirable trait that was preferred of bidding companies. There's also an increasing number of tenders asking for more environmental requirements, such as carbon emission reporting. What used to be a 'nice to have' is now becoming a requirement, and PUBLIC sought to have these requirements met via the relevant ISO Standards. [09:40] A tight timescale: When Biba had arrived back from maternity leave in July, PUBLIC has already booked in assessment dates with a Certification Body. This left quite a tight timeline of just 3-months to get all 3 Standards implemented to a level that could pass a Stage 1 Assessment. They already had an ISO 27001 system in place, but there was still a lot of work to do. A lot had been discussed about the implementation of additional standards in Biba's absence, but no practical steps had been taken aside from booking the audit dates. She certainly had her work cut out for her as most ISO project typically last between 6 – 12 months! Due to all her hard work, and some assistance from Blackmores, PUBLIC passed their Stage 1 assessment with flying colours and are in a good place to tackle their Stage 2 Assessment in late November 2025. [11:40] What was the biggest gap identified during the Gap Analysis? Thankfully PUBLIC didn't have any huge gaps to fill. Due to their previous work with Government departments, they had a lot of the pieces just not together in a cohesive system. They did identify early on that they wanted a system that worked for them in the long term and were conscious of creating something that fit their way of working. With so many ISO Standards, the upkeep alone would have been overwhelming so they aimed to combine as much as they could into one Business Management System rather than opting to silo each individual Management System. [13:00] What were the benefits of Implementing ISO 9001, ISO 14001 & ISO 20000-1? Biba states that the implementation of these ISO Standards took their business to the next level. Coming from a relatively small start-up, there was some of the micro business mentality that remained despite their growth in recent years. ISO Standards helped to keep everyone adhering to the same requirements. PUBLIC have taken a more hollistic approach to ISO implementation to both make it as simple as possible for everyone to work within, while also driving continual improvement within the business. Having established processes means that everyone is singing from the same song sheet, and provides traceable processes that can be questioned and amended if and when issues occur. [16:15] Additional benefits felt from ISO Implementation: There is greater accountability with the Management system in place. There is also the added benefits of being able to bid and win new business opportunities. [17:25] Biba's top tip for ISO Implementation: Don't try and implement an ISO Standard (or multiple!) in just 3 months. While PUBLIC managed to do so, it was a lot of hard work squeezed into a very tight timeframe, and Biba wouldn't recommend anyone try to match their level of ambition in this regard. Secondly she adds, make the Management System work for you and your business. ISO Standards by their nature read to be fairly generic, and that's by design, so that you have the freedom to implement them in a way that makes sense to you. There is no point implementing an obtuse system that no one wants to interact with, the key is to embed it into the way you already work, with a view to use it as a tool to drive continual improvement as the system matures. [19:00] Looking to the future: Biba is optimistic about the business, as they're looking to grow by 20% next year, supported by all the work done to Implement ISO 9001, ISO 14001 and ISO 20000-1. While they have had to change aspects of how they worked prior, due to being a small business the nature of approvals and ways of working were on a more individual basis, whereas now there is a team-based approach. It's been a learning curve, but ultimately one that will serve them well as they grow over the next few years. [21:30] Biba's book recommendation: Invisible Women: the Sunday Times number one bestseller exposing the gender bias women face every day by Caroline Criado Perez [24:05] Biba's favourite quote: "Not my circus, not my monkey" an idiom which Biba's sure a lot of Operations Directors can sympathise with If you'd like to learn more about PUBLIC, check out their website. We'd love to hear your views and comments about the ISO Show, here's how: ● Share the ISO Show on Twitter or Linkedin ● Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

Continual Improvement is at the heart of ISO Management, a large part of which is dedicated to ensuring issues don't reoccur. This is more than just putting a plaster on it and calling it a day, it's about finding the root cause. This not only eliminates wasted time, effort and money with firefighting repeated mistakes, but also drives meaningful improvement. Over the years, many techniques have been developed to help with finding cause. In this episode, Ian Battersby explores the need to find the root cause of issues in ISO Management and explains some key techniques for root cause analysis that you can put into practice to help stop recurring issues. You'll learn · What is meant by 'finding cause'? · Why do you need to find the cause? · Where is finding cause specified in ISO Standards? · Finding cause in practice · What are the 5 Why's? · What is the fish bone / Ishikawa? · What is FMEA? · What is fault tree analysis? · How do these techniques work in practice? Resources · Isologyhub In this episode, we talk about: [02:05] Episode Summary – Ian dives into finding cause within ISO Management, explaining various techniques to help you prevent recurring issues. [03:15] What is meant by 'Finding cause'? When an output from a process is not what was expected, then it is classed as a non-conformity which will need to be addressed through corrective action. Before you can put that action into place, you need to identify the root cause for the issue. It's about putting right what went wrong. [04:00] Why do you need to find cause? Ian gives an example of a reactive response to resolving an issue, it didn't get to the root of why the mistake happened in the first place. Finding cause is necessary to stop issues from repeating, rather than simply firefighting issues as they occur. ISO terminology has updated to reflect this over the years. There used to be a term called 'Preventive action', but this has since been changed to 'Corrective action' following on from the 2015 Annex SL update to many ISO Standards. This reflects the new risk-based approach to ISO management. The terms are largely the same in nature, but preventive action was widely misunderstood and so this was renamed and clarified following 2015. [05:55] Where is finding cause specified in ISO Standards? As with many aspects of ISO, the need for finding cause can be found in a few places within a Standard, including: - Clause 6.1.1 Planning: It specifies the need to determine risks and opportunities that need to be addressed. This is because they will affect the desired outcome of your Management System. It's also a good place to start thinking about how to reduce those risks. Evaluating your strengths and weaknesses also gives you the chance to contemplate whether your existing processes are good at delivering what you want. Clause 10 Improvement: The Standard states something to the effect of 'the organisation shall determine and select opportunities for improvement and implement any necessary actions to address those opportunities' These opportunities will focus on improving products and services, which includes correcting, preventing or reducing undesired results. Also included under clause 10 is a subclause that directly addresses non-conformities and corrective action. These specify not only the need to resolve issues as they arise, but to evaluate the need for action to eliminate the root cause. Additional requirements include the need to review these actions and determine if they are actually effective. Ian goes into Clause 10 in more detail in a previous podcast specifically looking at opportunities for improvement. [14:20] Finding cause in practice – Why a methodology is necessary: Ian provides an example where an employee may lack confidence completing a certain activity. Their lack of competence could lead to a process being delivered incorrectly. That adverse quality outcome would then likely end up with the customer who would raise a complaint, in this instance that could be a damaged product. The damaged product is what needs correcting, from your perspective you would be looking at what caused that to prevent recurrence. Without knowing the initial cause, you would need to determine whether it's a production issue or a human error. These types of scenarios can branch out further than the initial quality issue. For example, if that damaged product causes harm, then it turns into a health & safety risk. If products need to be scrapped, then there's an environmental factor. Complaints related to product quality may also not be recorded in a standard non-conformity system, and could easily be missed for a full investigation to find root cause. This is why it's important to have a consistent approach, in both logging issues and evaluating them to determine cause. [18:10] What are the 5 Why's? This is one of the more popular methods that people use to determine cause. It's simply a case of asking why a scenario happened, usually 5 times, though you can ask more or less depending on how long it takes to reach the core issue. It doesn't require much training and all it requires is an open and honest response to the questions. This method can get answers quickly and is often utilised as an early problem solving technique. [19:30] What is the fish bone / Ishikawa? This is a more visual method to find cause. Depicting a fish skeleton that categorises possible causes and groups these accordingly. These causes are then discussed for a few minutes, typically with teams of people in order to gain different perspectives to help pull apart complex problems into their contributing factors. This method is particularly useful in cases where there isn't a single underlying cause. [20:30] What is FMEA? FMEA or Failure Modes and Effects Analysis is a more structured technique and acts like a risk assessment in reverse. It looks at what can go wrong, what the effect of failure is and then how critical that failure is to the outcome of what you're trying to do. It uses risk priorities to decide what's more important. [21:15] What is Fault Tree Analysis? This method utilises a top-down logical approach. It's a diagrammatic representation of what's going wrong. It asks, does this happen? Yes or no or both, and branches down paths that explore the issue. It allows for quantitative measures with a number output that can help determine how likely recurrence will be. It's a method that is often used in engineering and manufacturing processes. [22:55] Scatter Diagrams: Scatter diagrams are a good tool to find correlation. They help visualise the relationship between two variables. If you have data rich environments, these can really help you plot out those relationships and make those links that otherwise may have been missed. [23:40] The 5 Why's in more detail: The 5 Why's is a great starting technique as it requires little training. Ian provides an example of using the 5 Why's, with the scenario of a worker who has injured themselves while cutting some wood. Using the 5 Why's, he asks these questions: · Why did the workers hand slip while cutting the wood? – They were holding the material in one had without the use of any clamping device to keep it steady. · Why was the material being held by hand instead of using a clamp? Because there was no clamping device available. · Why was there no clamping device available on the table? The design of that workstation didn't take into consideration the need for a permanent clamping fixture. · Why wasn't that taken into consideration for the workstation? The risk assessment for that workstation was overlooked. From this exercise, you can see how you can get to the root of an issue by simply asking 'Why' a number of times. Again, it can be more or less than 5 times, the name is simply a guideline. [25:40] The Fishbone / Ishikawa method in more detail: Another favoured simple technique for finding cause is the fishbone method. It utilises 6 categories to get to the root of an issue, those being:- · Machine: Addressing the equipment or technology that you use to deliver products and services. · Method: The way in which you deliver products and services. · Material: The raw inputs into your processes. · Measurement: The data and metrics that you use to monitor the successful delivery of your products and services. · Mother Nature: The environment and conditions in which you're operating. · Man – Although this has now been updated to 'People', addresses the human element of product and service delivery. This is a great method for instances where there may be multiple root issues, so you can categorise and analyse each of them with multiple perspectives involved as this is considered a more collaborative method for root cause. [28:15] Record your findings: We dive more into this in a previous episode, but essentially, it's a requirement of every ISO Standard to address these non-conformities as they occur. Going through the process of root cause and rectifying the issue will need documentation to prove that you are actively addressing these issues, as well as doing as much as you can to prevent recurrence. There is no defined way to do this in the Standard, so it can be documented via forms, intranets, other digital systems etc. Documenting all the evidence of resolving issues may seem arduous at times, but it will ultimately lead to genuine continual improvement, and will lead to reduced overall error. If you'd like any assistance with ISO Implementation or support, get in touch with us, we'd be happy to help. We'd love to hear your views and comments about the ISO Show, here's how: ● Share the ISO Show on Twitter or Linkedin ● Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

When thinking of sectors that need effective energy management, the ones that typically come to mind include the likes of transportation and manufacturing. However, energy management is something that any business can benefit from. Such is the case with today's feature, Clyde & Co, a global law firm who made the decision to Implement ISO 50001 energy management to tackle the largest part of their sustainability impact. In this episode, Ian Battersby is joined by Paul Barnacle, Head of Health, Safety, Security and Environment at Clyde & Co, to discuss their journey towards ISO 50001, including the challenges associated with implementation and benefits gained from certification. You'll learn · Who is Paul Barnacle? · Who is Clyde & Co? · What was the main driver behind obtaining ISO 50001? · How long did it take to achieve certification? · What was the biggest gap found during the Gap Analysis? · What has Paul learned as a result of ISO 50001 Implementation? · What are the benefits of gaining ISO 50001 certification? · Paul's top tip Resources · Clyde & Co · ISO 50001 · Isologyhub In this episode, we talk about: [00:25] Episode Summary – We invite guest Paul Barnacle, Head of Health, Safety, Security and Environment at Clyde & Co, onto the show to share his journey with implementing ISO 50001, including the associated challenges and benefits from gaining certification. [02:50] Who is Paul Barnacle? Paul is the Head of Health, Safety, Security and Environment at Clyde & Co , and was the lead for the ISO 50001 Implementation project. One thing that many may not know about Paul is that he's an avid angler, whether rain or shine, he's dedicated to getting the next big catch. [04:45] Who are Clyde & Co? Clyde & Co are a global law firm that helps organisations navigate risk and maximise opportunities across sectors such as insurance, professional services, aviation, marine, construction and energy. The firm has over 500 partners with a total headcount of 5,500 people operating across 70 offices around the world. [05:40] Who is included within the ISO 50001 scope for Clyde & Co? For those that aren't aware, an ISO scope can be against an entire business, a single department or even against a specific product / service. For Clyde & Co, their ISO 50001 scope extends across 9 offices in the UK and Republic or Ireland. [06:15] What were the main drivers behind ISO 50001 Implementation? – One of the main drivers links back to Clyde & Co's Net Zero Strategy, which included the need to identify which sustainability focused ISO Standard would help them the most. Following a lot of internal conversation with their Chief Sustainability Officer, they settled on ISO 50001 as they were seeking more visibility on their energy consumption and help with identifying opportunities for improvement. Ultimately taking the first steps to tackle their scope 1 and 2 emissions. [07:05] Why ISO 50001 over ISO 14001? ISO 14001 Environmental Management was considered, however they don't have any industrial processes, so other environmental factors outside of energy aren't very applicable to a business like Clyde & Co. Seeing as energy was their largest environmental expenditure, ISO 50001 naturally seemed like the best fit. [08:10] How long did it take to achieve ISO 50001? Paul started the Implementation journey back in early August of 2024, and completed the Stage 2 Assessment by April 11th 2025, so a total of nine months. [09:00] What was the biggest gap identified during the Gap Analysis? Paul highlights how key the Gap Analysis was to the whole process, as it gave them a clear picture of the amount of work involved with completing the implementation. One of the biggest gaps identified was the fact that they didn't have a structured management system in place. There was a lack of knowledge when it came to ISO implementation, so some of the terminology was a bit lost on Paul to start with! They also lacked key documentation such as continual improvement log and Register of Energy Saving Opportunities. [10:10] What were the benefits of ISO 50001 implementation? There are a number of benefits, including:- · ISO 50001 allows a business to have a lot more visibility on their energy consumption · ISO 50001 certification demonstrates a proactive approach for energy management to clients and prospects. · The data provided by ISO 50001 allows for more informed decisions on energy saving and reduction opportunities, allowing you to target your biggest emission sources and spot any anomalies. [11:45] Client influence: Clyde & Co were seeing an increase in requests from clients regarding their energy performance indicators and related KPI's. They were also being asked about what they were doing in relation to reducing their scope 1 and 2 emissions. This exercise allowed them to address both, in addition to setting up the infrastructure to continuously monitor this year on year. As a result of ISO 50001 implementation, Clyde & Co now plan to communicate the reduction in their energy consumption on a quarterly basis with staff across all regions. [13:50] Additional Improvement as a result of ISO 50001: Paul enjoys the renewed communication between teams that hadn't really interacted prior to ISO 50001 implementation. Previously the energy management team were fairly siloed in the business, but now they're getting tech champions involved and asking anyone to contribute to the energy performance indicators. It's created a connected culture that encourages new ideas from all corners of the business. They've helped to facilitate this through the use of their intranet with dedicated mailboxes where people can submit any questions or suggestions for improvement. They've also got QR codes set-up for easy access for mailbox submissions. [15:55] Paul's Top Tip: Get a copy of whichever Standard you intend to Implement and read it thoroughly. It's key that you understand what the Standard is asking for. If you're struggling with the ISO terminology, the Standards will include a glossary of terms and definitions to help you. You can also do what Clyde & Co did, which is hire ISO consultants that specialise in ISO implementation. They will help you interpret the Standard and help you establish a Management system that is both compliant with the Standard and also integrates with the way you work. For ISO 50001 specifically, Paul highlights the need for strong data. Energy monitoring will require some number crunching, so you need those figures to be as accurate as possible to get the best results. [15:55] Paul's book recommendation: Sustainable Energy - Without The Hot Air by David MacKay [15:55] Paul's favourite quote: "The best way to predict the future, is to create it." – Abraham Lincoln If you'd like to learn more about Clyde & Co, check out their website. We'd love to hear your views and comments about the ISO Show, here's how: ● Share the ISO Show on Twitter or Linkedin ● Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

The topic of suicide is all too often a discussion avoided due to its tragic and uncomfortable nature. However, the reality is that there are 6,000 deaths by suicide in the UK each year, with in excess of 727,000 deaths annually worldwide. In recent years there has been more awareness about the topic, with a range of resources targeted to help with the prevention and support of those affected. For businesses seeking further guidance, a new Standard is on the horizon. In this episode, Ian Battersby is joined by Marcus Long, Chief Executive at IIOA, who shares his inspirational story of working through an unthinkable tragedy and creating a silver lining that aims to tackle the intervention, prevention and support for people affected by suicide. You'll learn · Who are IIOA? · Who is Marcus Long? · What was the catalyst behind BS 30480? · Who is involved with the development of BS 30480? · What does this Standard hope to achieve? · How does this Standard compare to other ISO Standards? · How will this Standard develop within the next year? · The cost of suicide · What are the benefits of BS 30480? · How can you get involved? Resources · Register your interest in BS 30480 · Contact Marcus Long · IIOA In this episode, we talk about: [00:25] Episode Summary – We invite guest Marcus Long, Chief Executive at IIOA, onto the show to talk about his involvement with the development of BS 30480, a Standard dedicated to the intervention, prevention and support for people affected by suicide. [01:30] Who are IIOA? The IIOA are the Independent International Organisation for Assurance, which is a trade association for global assurance bodies. Their members carry out certification to a wide range of ISO Standards, related Standard schemes, product certification and the provision of validation and verification training. [02:30] Who is Marcus Long? Before becoming the Chief Executive at IIOA, Marcus worked for the national Standards body side of BSI. There he was involved with ISO Standard development and later moved into certification. He's had 20 years' experience within the field of ISO Standards, and spent most of that time pushing the benefits and value of quality infrastructure. One thing many may not know about Marcus is that he spent 48 hours underwater! While not in one stint, Marcus is an avid scuba diver, and has been taking trips under the waves since 1990, with his cumulative underwater adventures reaching 48 hours total to date. [05:30] What was the catalyst behind BS 30480? Marcus experienced an unthinkable tragedy in October of 202, when his son Adam took his life at the age of 21. In the following three years, Marcus sought to find some sort of silver lining to give him some peace. After a while, he turned to look at the industry he worked within, Standards, which is focused on solving problems and finding solutions. Ultimately, it's aim is to make the world a better place, whether that's through sustainability, quality or Health & Safety. So why couldn't that principle be applied to something as difficult and heartbreaking as suicide. With that idea in mind, Marcus got talking to some national standards bodies in different countries around the globe, in addition to ISO, to see if the idea could spark some interest. These discussions reached BSI, who were currently also working on creating a Standards on the topic of menstrual health and menopause in the workplace. Marcus appreciated that they were willing to touch on topics that many shied away from. [08:50] The conception of BS 30480 – The first steps taken included hosting workshops at the Houses of Parliament in February of 2024. There Marcus brought together a wide range of people with different experiences, and asked them if they thought this Standard was a good idea and gather what how they would like to see something like this work in practice. With that encouragement and feedback, Marcus set to work on setting a scope and deciding who should be involved in the development process. [11:05] Who is involved with the development of BS 30480? As with many ISO's, the development team are made up of a wide range of people, including people from academia and business owners. Marcus ensured that healthcare specialists and those who've assisted in suicide prevention schemes were also included. All of these individuals had the same passion to help reduce the rate of suicide within the UK. [13:10] What does this Standard hope to achieve? The sad reality is that in many instances, it's a reactive response to suicide. What Marcus hope BS 30480 can achieve is to encourage the creation of suicide prevention strategies. This turns that reactive response into a proactive one in terms of preventing the worst from happening. As quoted from the Standard: " The aim is to make workplaces more suicide safe, more conducive to suicide prevention, more supportive of those who have been exposed to suicide and more knowledgeable and confident in talking about suicide and taking actions that prevent suicide." [15:30] How does this Standard compare to other ISO Standards? This Standard differs from ISO Standards such as ISO 9001 and ISO 45001 in the fact that it's a guidance Standard, so not one that can be certified to. It provides guidelines and guidance that businesses use, and select the parts that are most relevant to them. The Standard also includes a number of Appendix's that provide more practical guidance to help give businesses a clearer idea on how certain elements can be implemented, for example, the creation and deployment of a suicide prevention plan. So rather than a rigid set of requirements, think of it as a collection of practical ideas and solutions that can aid in the prevention of suicide. [18:20] How will this Standard develop within the next year? BS 30480 is expected to be published in November 2025, as they've just finished the consultation period in August 2025, which was met with a very positive response. Marcus would love to see this Standard move into the international stage by becoming an ISO, but for now it's being published as a British Standard. There are plans to create training and host webinars to spread awareness about the Standard, so keep an eye out on BSI's socials for more about that! The standard is set to enter a phased communication strategy: Phase 1: The launch of the Standard, which has already had some preparation as various other Standard bodies and those involved have been spreading awareness throughout the drafting process. Phase 2: Public awareness – Marcus and those involved in the creation of BS 30480 will be ramping up public dialogue on what the Standard is about and what it can achieve for people. Phase 3: Engagement – Actively getting business to engage with dialogue around suicide prevention, as this is a topic that some businesses are scared to even tough. But if we're to tackle it, it needs to be discussed. There is scope for this Standard to fit in with the likes of ISO 45001 (Occupational H&S) and ISO 45003 (Mental Health in the workplace). Marcus also discusses the opportunities for this to help less traditional workplaces such as educational institutions, sports clubs, charities & youth clubs. [23:30] The cost of suicide: As much as it seems inappropriate to put a price on suicide, there is more to it that the emotional and societal devastation. A report by The Samaritans suggested that each death by suicide resulted in a cost of £500,000. This is due to related costs for emergency healthcare systems and loss of productivity. Marcus emphasizes that if we are to get more businesses, Government and local Governments on board, all impacts of suicide need to be discussed in addition to the benefits of suicide prevention. While odd to approach it from a cost perspective, it's more often than not the language that businesses speak. They need to be informed of the investment required in people, time and cost just as much as they need to be aware of the many benefits of effective and proactive suicide prevention. [26:40] What are the benefits of BS 30480? The ultimate aim is to make workplaces a safer and better place. This Standard can also provide a means of effectively measuring social value, which is often times a rather nebulous metric to grasp. This Standard is here to save lives, and its practical guidance can help businesses create a clear path of actions to help those who may suspect that a colleague is in need of help. [28:25] How can you get involved? Marcus' biggest ambition is for BS 30480 to assist with saving lives, but if it's to achieve it's main aim, it needs advocates. Whether from trade associations, other Standards bodies or just from individuals, spread the word and encourage businesses to adopt the guidance provided. You can register your interest in BS 30480 through BSI's website, this ensures you get updates on the Standards progress and any training opportunities. If you'd like learn more about BS 30480, feel free to contact Marcus Long via LinkedIn. We'd love to hear your views and comments about the ISO Show, here's how: ● Share the ISO Show on Twitter or Linkedin ● Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

When stating ISO Management System 'compliance', that in reality means the conformance to ISO Standard requirements, compliance in ISO terminology actually refers to compliance with legal and other statutory regulations. It may sound like semantics, but the difference is distinct for a reason, as you don't get a 'non-compliance' for not meeting requirements, rather you get a 'non-conformity'. When it comes to compliance with the law as required by ISO Standards, you need more than a Legal Register to prove compliance. In this episode, Ian Battersby dives into what is meant by compliance in ISO, how this relates to legal and statutory requirements, and how businesses can effectively evaluate compliance. You'll learn · What is the difference between 'Compliance' and 'Conformity'? · What are the different types of compliance requirements? · How do Acts and Regulations work in tandem? · Who enforces legal compliance requirements? · Where do these requirements sit in ISO Standards? · How do you prove compliance within ISO management? · How do you evaluate effective compliance? Resources · Isologyhub · From Silos to Synergy: The benefits of Implementing an Integrated ISO Management System Webinar registration In this episode, we talk about: [00:30] Upcoming webinar: If you'd like to learn more about the benefits of integrated management systems, feel free to register for our upcoming webinar here. [01:30] Episode Summary – Ian Battersby discusses the topic of compliance within ISO Standards, and how you can effectively evaluate it within your Management System. [02:30] What is the difference between 'Compliance' and 'Conformity'? It's a common misconception that you 'comply' with an ISO Standard, when in reality, you conform to an ISO Standard, hence why you can receive a 'non-conformity' in audits and not 'noncompliance'. When we talk about compliance within ISO Management, this refers to compliance with the law, regulations and other statutory requirements, as this is a requirement within all ISO Standards. [03:50] What are the different types of compliance requirements? There are many different types of law, Ian focuses on what is known as statute law legislation, as this is distinct from common law, case law and constitutional conventions. Statute law legislation is clearly written and can be cited in something like a Legal Register, or Register of Compliance Obligations. There are different types of legislation that you'll need to document, including: Primary Legislation: These are put in place by acts of UK Parliament and may have involvement from devolved administrations as well. Statutory compliance refers to compliance with primary legislation. An example of this type of legislation includes the Health & Safety at Work Act. Secondary or delegated legislation: Those primary Acts often require a lot more detail regarding the practicalities of applying them, which is delivered through Secondary or delegated legislation, otherwise more commonly known as regulations. These have more input from relevant public bodies to provide the requirements that can be applied. Both regulations are issues under Statutory Instruments (SI's), which are the formal legal vehicle that gives them effect. Put simply, regulations are the rules and Statutory Instruments are the legal mechanism which brings those rules into effect. [06:05] How Acts and Regulations work in tandem: Taking the Health & Safety at Work Act as an example, at the start this was quite a broad and generic act, it wasn't until years later that the workplace health, safety and welfare regulations came about to support the Act. This was further bolstered with the Management of Health & Safety at Work Regulations. Both regulations were developed through consultation between Government departments and other bodies such as the Health & Safety Executive. These regulations gave companies much more detail on what's actually required in order to comply with the Health & Safety at Work Act. [06:50] Who enforces legal requirements? – It's not just the police that enforce legal requirements, there are a number of other bodies independent of government and the judiciary that can enforce regulations and prosecute for breaches caused by organisations and individuals. This can include bodies such as The Health & Safety Executive, The Financial Conduct Authority, The Environment Agency and the Information Commissioners Office. There are more for other areas, and these are often the bodies involved in the development of specific regulations. [07:45] Where do these requirements sit in ISO Standards? As Is the case with ISO Standards, the requirement for compliance is sprinkled throughout the whole document. Starting with Clause 4 Context. Here 'Interested parties' are a focus, of which regulatory bodies can be considered an interested party, as they control the regulations that you are required to comply with by law. Even if you don't think you fall under specific legislation, there are still general applicable business laws that all businesses must comply with. So this exercise is not simply a case of running a Management System, it's also about running an effective business. Ian highlights clause 6.1.3 in ISO 45001, which states the need to determine legal requirements applicable to your business, whereas in ISO 14001 this clause talks about compliance obligations. Despite the difference in wording, they are essentially looking for the same thing, which is detailing what legal requirements you need to comply with. In ISO 9001 it also states that any products or services offered should meet customer and applicable statutory and regulatory requirements. This is then further strengthened in the Leadership clause as leaders are required to ensure that their commitments meet all customer requirements, but also any applicable regulatory and statutory requirements associated with the products and service. This is phrasing that is repeated throughout ISO 9001. Going back to ISO 45001 and ISO 14001, both also require an evaluation of compliance, both the part of monitoring and measuring and the results of them to be submitted through your management review process. The Standards are very clear in that they require you to determine the frequency and methods for evaluation of compliance. [12:00] How do you prove compliance within ISO management? In ISO 45001 there is an appendix that give examples of what you can monitor and measure for the fulfilment and evaluation of legal requirements. As mentioned, many organisations opt to use a Legal Register which states all applicable legislation for your business that will be evaluated in an Internal Audit, but proving genuine compliance is much more than just acknowledging the legislation itself. For larger organisations, this can be a very burdensome task, especially if you find yourself in a position where legal requirements aren't being met. Ian provides an example to illustrate how to prove effective compliance: Waste removal is something that every business has to do, whether they do so through a waste management contractor, or through a landlord, the law states that any waste you generate must be removed, transferred, processed, treated, etc. by licenced organisation in a very specifically regulated fashion. You as an organisation or your landlord may receive an annual season ticket which includes the required demonstration of compliance, which can be in the form of West Carrier license number, the types of waste, the classification codes under the European or waste catalogue, dates and signatures. Now if you run into an instance where something on that waste transfer note was incorrect, like a wrong address or waste type, how do you prove that you were still compliant in the actual activity of removing waste? An Audit will pick up on the note discrepancies and you may be faced with being non-compliant. A way to ensure that you have a record of compliance is to keep electronic copies of all your waste transfer notes, and keep them in a central location, or even possibly linked within your Legal Register if possible. Despite the discrepancy, you will be able to prove that you have a prior record of compliance. Ian gives another example, you may have air conditioning in your area of work that's due for a service. The contractor will need to verify the engineer before you engage with them, including a check to see if they're competent under F Gas Regulations and hold a valid REFCOM Registration Certificate. If you wait to check / validate their certificates of competence, you may run into a situation where they may have an expired certificate at the time that they serviced your aircon, and so that may render that service as inadequate under your legal requirements. To avoid this, you should reference that you've evaluated the contractor within your Legal Register, this would include a check on their registration number and dates of when their F Gas competency certificates are valid, ensuring your service falls within those dates. In short, to demonstrate compliance, you should be keeping on-going records in relation to your legal requirements. These should also be readily available and easily accessible. [20:35] How do you evaluate effective compliance: Legal requirements such as the Health & Safety at Work Act are much broader, and it can be difficult to know exactly what records you need to keep to prove compliance. This is where the supporting regulations can provide the required detail and provide a much clearer picture of what evidence is required. One example is the requirement to carry out sufficient risk assessments, which requires you to identify hazards, assess risks, determine control measures you know, communicate those to people, and review of those assessments regularly. You as the business will need to create a programme to manage the risk assessment process, and this should be documented somewhere, including a note of your review and action dates. This risk assessment list should also be linked within your Legal Register. In short, one of the most effective ways to show and evaluate compliance is to ensure that all relevant evidence is linked or attached in some way to a Legal Register or Register of Compliance Obligations. These evidence documents should be active and hold a record of previous actions and any planned upcoming actions. You could also schedule regular inspections of your legal compliance, to evaluate your level of compliance against different requirements on an on-going basis. The resulting reports can also be linked within the Legal Register. Don't just rely on Internal Audits to cover your legal compliance evaluation. Utilise dedicated legal compliance inspections, link all relevant evidence within your legal register and have on-going reviews and updates throughout the year. If you'd like any assistance with implementing ISO standards, get in touch with us, we'd be happy to help! We'd love to hear your views and comments about the ISO Show, here's how: ● Share the ISO Show on Twitter or Linkedin ● Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

How often have you heard someone say they aspire to be an ISO consultant? Likely not at all! That's not surprising as it's quite a niche world to find yourself in, yet despite that, there are still thousands of ISO professionals worldwide. We're continuing with our latest mini-series where we introduce members of our team, to explore how they fell into the world of ISO and discuss the common challenges they face while helping clients achieve ISO certification. In this episode we introduce Anju Punetha, a QHSE Consultant at Blackmores, to share the journey of how she transitioned from special education in India, to ISO consultancy for international organisations. You'll learn · What is Anju's role at Blackmores? · What does Anju enjoy outside of consultancy? · What path did Anju take to become an ISO Consultant? · What is the biggest challenge she's faced when implementing ISO Standards? · What is Anju's biggest achievement? Resources · Isologyhub · From Silos to Synergy: The benefits of Implementing an Integrated ISO Management System Webinar registration In this episode, we talk about: [02:05] Episode Summary – We introduce Anju Punetha, a QHSE Consultant here at Blackmores, to discuss her journey towards becoming an ISO consultant who specialises in ISO 9001, ISO 14001, ISO 45001, ISO 27001, ISO 20121 and ISO 55001. [04:05] What is Anju's role at Blackmores? Her role primarily involves supporting clients in two key areas: maintaining and continually improving their existing ISO management systems and helping them establish and implement new standards. As part of that support, she: · Conduct internal audits · Reviews and updates management system documentation · Facilitate management reviews · Train internal teams and prepare them for certification audits. When implementing a new ISO standard, she'll start with a gap analysis – i.e comparing their current practices against the standard's requirements. Then break down those requirements into simple, easy-to-understand language and create a practical plan to bridge the gaps. Depending on the standard, she may also facilitate strategic business risk assessments, environmental aspects and impacts assessments, or information security risk assessments. Additionally, Anju helps clients develop and implement policies and procedures, create legal and compliance registers, and verify their readiness for certification body audits. [05:55] What does Anju enjoy doing outside of consultancy?: Anju loves spending time outdoors with long walks being her go-to, as they help her unwind both physically and mentally. She also enjoys cooking for her family and friends. Experimenting with different cuisines and blending spices is something Anju finds incredibly relaxing. [08:00] What was Anju's path towards becoming an ISO Consultant?: Like many of the Blackmores team, Anju never planned to become an ISO consultant. She began her career as a Special Educator, working with children with special needs in India. Later, she transitioned into the development sector as a Research Assistant, working on projects funded by The World Bank and the UN World Food Programme. These projects focused on microfinance, training and development, and women & child health. However, that role involved a lot of travel, which became challenging after the birth of her first son. So, Anju decided that would be a good time to take a career break. When Anju was ready to return to work, she looked for an office-based role which resulted in her joining Ericsson, a Swedish Networking and Telecommunication Company as support staff, and progressed upwards to become the Learning and Development Manager at their rapidly growing Global Service Centre in India. This involved managing training requirements of an employee base of around 4000+ employees, involvement in stakeholder management at all levels and vendor management. As part of the Operational Excellence initiatives, she also got involved in preparing different business teams for their internal and external audits. During that time, Anju became interested in Ericsson's Group Management System, which all legal entities had to comply with. She then moved into the newly formed Quality Department and helped them to gain various ISO certifications. She was the Project Leader for implementing Ericsson's Operational Maturity Model compliant to the requirements of ISO 9001, ISO 14001, ISO 27001 and OHSAS 18001 (ISO 45001's predecessor). Joining Blackmores as an ISO Consultant felt like a natural next step when she relocated to UK. She's now been a member of our team for over six years, and continues to inspire others with her level of dedication to her work and clients. [13:35] What is Anju's favourite aspect of being a Consultant? – The variation in daily activities is a big positive for Anju. One day she may be conducting a gap analysis for Environmental Management System for an IT company, and the next drafting policies and procedures for managing Events Sustainably for an Event Management company or auditing a client on their Information Security Management System. No two days are the same! She also enjoys being able to work with a wide range of clients across sectors like IT, construction, facilities, asset management, event management, and train operating companies, all ranging from small businesses to large, multi-site organisations. She particularly enjoys working on Integrated Management Systems, as they help clients save time and money by streamlining multiple standards into one cohesive system. It reduces duplication, improves efficiency, and encourages collaboration across teams—breaking down silos and building synergy. [15:50] Upcoming webinar: If you'd like to learn more about the benefits of integrated management systems, feel free to register for our upcoming webinar here. [17:30] What Standards does Anju specilaise in and why? Starting with: · ISO 9001 Quality Management: A core foundation that many businesses start with when diving into the world of ISO Standards. This is an essential one for any ISO consultant and is often the first Implementation experience for many who go on to become ISO consultants. · ISO 14001 Environmental Management: This Standard provides a solid base for any business looking to start taking sustainability seriously. · ISO 45001 Health and Safety Management: Anju helped one of her previous employers implement this Standards' predecessor, and has since implemented and supported ISO 45001 for a number of Blackmores clients. · ISO 27001 Information Security Management: An increasingly popular Standard as we see more and more business rely on technology to keep their services running smoothly. · ISO 55001 Asset Management: A popular Standard within the facilities and public transportation sectors. This Standard aims to create a framework to help organisations manage the life-cycle of their assets. ISO 20121 Sustainable Event Management: ISO 20121 focuses on governing principles of sustainable development, which are: · Stewardship · Inclusion · Integrity · Transparency ISO 20121 was revised in 2024. The revised standard explicitly requires considering climate change and its impact on the event and stakeholders. The new version also expands beyond environmental concerns to encompass human and child rights, social impact (including mental health and diversity), and digital responsibility and how organisations should start considering these areas at the early stages of planning an event through post event activities. Recently, Anju has been busy in putting together the toolkit for transition to ISO 20121:2024 and preparing her clients with the implementation of the revised and new requirements. [21:10] What is the biggest challenge Anju had faced during a project and how did she overcome it?: Anju offers one experience in particular: She was working with a company that was implementing its first ISO Standard. The project not only involved creating and implementing standardised policies and procedures but also working on the overall change management within the business. The teams were used to working in silos for many years and were not very forthcoming with the idea of establishing and implementing standardised ways of working. This was due to various reasons, such as lack of awareness, operational activities taking precedence over risk and process-based approach. As a result, project leads struggled in getting support from the project sponsor and the extended project team in terms of time and effort. They had to put the project on halt for few months and only proceeded with the project after getting the full commitment from the sponsor and other project team members. During this time, ISO related roles and responsibilities were built into the job descriptions of the various stakeholders, these were agreed as part of the internal review processes and required time and effort for the different stakeholders within the business was agreed with the Management Team. At the end, this project helped the company to embed the standardised processes within the business, rather than it being just a tick in the box exercise to achieve certification. [25:35] What is Anju's proudest achievement? Anju's proudest achievement in relation to work, is when she's able to see a marked difference in the confidence level of her clients, from the start of the ISO implementation project, which is the gap analysis stage, to confidently facing the certification audit and demonstrating to the external assessors that the implementation of the ISO project was not just a tick in the box exercise for them. One achievement in particular stands out in recent months as she supported a client in successfully transitioning to the revised ISO 20121 standard. If you'd like any assistance with implementing ISO standards, get in touch with us, we'd be happy to help! We'd love to hear your views and comments about the ISO Show, here's how: ● Share the ISO Show on Twitter or Linkedin ● Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

One of the biggest challenges for those looking to achieve Net Zero is tackling scope 3 emissions, which are indirect emissions that typically reside in your supply chain. These can account for up to 70% of your total emissions and can be quite the undertaking to gather the necessary data to be able to complete your calculations needed for carbon verification. In the final episode of the Platform to Proof mini-series, we invite Jay Ruckelshaus, Co-Founder and Head of Policy and Partnerships at Gravity, back onto the podcast to explain how to tackle scope 3 emissions, how it works in practice and how carbon accounting software can streamline the process. You'll learn · What are scope 3 emissions? · What are the drivers for those tackling scope 3 emissions? · Where to start with scope 3 emissions · How does supply chain engagement work in practice? · What are the benefits for suppliers involved? · How can carbon accounting software help with scope 3 emissions? Resources · Gravity · Carbonology In this episode, we talk about: [02:05] Episode Summary – We introduce Jay Ruckelshaus, Co-Founder and Head of Policy and Partnerships at Gravity, who will accompany Mel on a 3-part mini-series diving into carbon accounting software and the value it can bring. In this final part, Mel and Jay dive into scope 3 emissions, the challenges associated with gathering them and how carbon accounting software can help streamline this process. [02:30] Catch-up on the first part – If you missed the first two parts of the series, catch-up with them here: · Part 1: From Platform To Proof – What Is The Business Driver For Carbon Accounting And Reporting? · Part 2: From Platform To Proof – How Carbon Accounting Software and Verification Combine for Carbon Compliance [03:50] What are scope 3 emissions?: The term 'scope 3' comes from a document and initiative called the GHG Protocol, which sets out the core methodology by which companies should measure account for their greenhouse gas emissions. It details 3 different scopes, scope 1 is your direct emissions (i.e. fuel for vehicle use ect), Scope 2 is grid emissions associated with purchased electricity or other forms of energy (i.e. energy for offices). Scope 3 is a very broad term and addresses the emissions created by your value / supply chain. This could include things like transportation of resources you require from a third-party. These emissions can count to upwards of 70% of a companies total emissions, depending on the nature of the business that can even go as high as 90%! [06:50] What are the drivers for those tackling scope 3 emissions? Jay summaries 3 of the main drivers: Biggest emission source: For those looking to truly hit Net Zero, they can't simply ignore their largest emission source. It poses the biggest risk to the company, so it's in their best interest to reduce them where possible. Of course, this isn't easy as it may involve swapping suppliers or working with existing ones to make their practices more sustainable. It's not as straight forward as addressing your scope 1 and 2 emissions. Regulation requirement: Scope 3 is increasingly being included within mandatory regulations, whereas in previous years, it may have been a voluntary part of those requirements. For example, the new regulations coming into effect for California in 2026 will see around 10,000 companies needing to report on their scope 3 emissions. In the EU, regulations such as CSRD also require reporting on these emissions. Though these haven't been made mandatory as of yet, we can see that changing in future. Stakeholder requirement changes: Customers and other stakeholders are asking for more evidence of meaningful sustainability action. Supply chain initiatives now are gearing more towards sustainable procurement, which coincides with the rise of CSR related activities. This drive to evaluate your supply chain is being pushed from all directions. [09:55] Where to start with scope 3 emissions: Likely stating the obvious, but ensure you have addressed your scope 1 and 2 emissions first. When looking to your scope 3 emissions, you'll first need to determine which of the 15 emission categories is going to be important for your business to get a handle on. The nature of your business will determine which of the categories are a priority, so if you're a digital service based business, then the raw materials category likely won't be very appliable to you so you'd only need to provide a very high-level summary of any related emissions. For those categories that are a priority, you should identify how in-depth you would need to get with the data analytics, and create a strategy for each of those categories. If you're struggling to start, there are some industry average statistics out there to help you with those initial calculations. It's key to set up a defined measurement cycle, that will need the ability to get more granular as you progress. This is so you can actively track your reduction efforts. Of course, the level of this will be determined by the resource you and your suppliers have to help facilitate the process. It's definitely worth investing in your supplier relationships to make this process run smoothly year on year. Some business that have say 100+ suppliers will often send out a survey to obtain this data, but the quality of the information returned (if any) can be lacking. So, a more direct approach will likely reap the results you're after. Mel highlights an instance where an organisation had an engagement programme, where they selected 100 of their suppliers and provided training and guidance on understanding and reporting on their emissions. The suppliers could then see how beneficial the process was not just for that organisations, but for their own company as well. It's more than just gathering data, it's about effecting your sphere of influence for meaningful change. [14:15] How does supply chain engagement work in practice? As mentioned, one of the ways many organisations have opted to gather data have been through supplier surveys, however, you need to supplement this with other supplier initiatives to get the best results. Gravity took a more empathetic approach, by looking at this process from the suppliers perspective. They highlighted that this should just be an extractive exercise, the supplier should also be getting something out of this. One such way to do so would be to give them training and / or tools in order to measure their emissions so they can give you the data you need, and also have that data to share with their other customers. You can work with them to identify potential emission reductions and energy saving schemes that could save them money down the line. There are also a number of AI tools that can comb the web and look for any public carbon disclosures or ESG reports that suppliers may have already made. So this saves on the initial outreach and results in less burden for both parties. [17:10] What are the benefits for suppliers involved? By adding further requirements to your supplier relationship, it offers the opportunity to evaluate and develop your supplier engagement strategy. The suppliers can benefit both from your experience with carbon reporting, in addition to gaining access to the same tools you use to manage this. By helping them get a jump start on their carbon disclosures, they can benefits from being ahead of the curve if certain regulations haven't effected them yet. We're seeing these sustainability regulations trickle down to new sectors and smaller companies, so them having the data ready puts them at a great advantage. They can also potentially optimise their own processes and save money from the experience by using their data to identify where further reductions can be made. Those supplier reductions then benefit your organisation as your scope 3 emissions improve, it's a win win situation. [20:35] How can carbon accounting software help with scope 3 emissions? Using Gravity as an example, they've built a lot of tools that can take raw inventory and gather a lot of data concerning purchasing, logistics ect. This is all collated into one area where it can be analysed and used for calculations. They also have an AI agent that can comb the web for specific information that your suppliers may have publicly disclosed. An AI agent can also reach out directly to suppliers for further information which will be collated within your centralised system, checked for accuracy and put into a format that's ready for reporting. This is all done with a full audit trail for transparency. If you'd like to learn more about Gravity and how their energy and carbon accounting software can help you, check out their website. If you'd like to ask Jay any questions directly, feel free to send him an email. If you'd like any assistance with Carbon Verification, get in touch with the Carbonology team, they'd be happy to help! We'd love to hear your views and comments about the ISO Show, here's how: ● Share the ISO Show on Twitter or Linkedin ● Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List