The ISO Show

Today Mel Blackmore is joined by Richard Turner, the Head of Asset Management at Greater Anglia, a train operating company in the UK. We're going to be talking about his journey in relation to asset management and ISO 55001. Greater Anglia have been certified to this standard for a few years now, and they're a bit of a trendsetter, as far as asset management and certification to ISO 55001 is concerned.   What you’ll learn: What is Asset Management? What made Greater Anglia consider ISO 55001? Tackling the challenge of total buy-in Coordinating with stakeholders Benefits for Greater Anglia   First of all, let’s talk about what Greater Anglia is and does…   What does Greater Anglia do? Greater Anglia was one of the first train operating companies to embark on a full repairing lease in 2012. That means having a full responsibility as opposed to the normal setup (with Network Rail as the landlord and the train operating company as a tenant). It was a first for a train operating company to have their own Asset Management Department and it was a really big deal for a lot of those that joined asset management. Richard came from Network Rail, doing asset management in a department where a train operating company was leading from an asset management point of view.   Let’s get to know more about Richard’s background… Richard joined Network Rail around the year 2000. He was an asset manager at the start, and then the senior asset manager, soon after becoming a root asset manager – he went right through the asset management field! So, when the Greater Anglia job came around in 2012, Richard jumped at it because it was a massive new challenge for him, as it was a new thing for a train operating company to start off with an Asset Management Department which never existed before. Now for those of you who aren't actually familiar with asset management, let’s take a moment to understand what it is and why it’s important to an organisation…   Asset Management From the asset management side for Greater Anglia, they look after the stations, depots, all the assets within the station demise that sit under their responsibility, maintain, renew, enhance and they look at longevity. They see themselves literally from inception to completion…they are like a landlord effectively. From an asset management point, it’s really, really key that they are involved every step of the way from design to construction essentially. It's an interesting role that is very varied. One day you could get involved in the refurbishment of a waiting room, then the next day, you would be discussing a brand-new station that's going to be built. It's so varied and what Richard loves about his job is that every day is so different. It’s safe to say he definitely needs to work in collaboration with lots of different stakeholders in this role! And that's a key point, actually…Richard tells us that one thing you learn through asset management is how to meet the expectations of your stakeholders, how you have performed, and what their expectations are. So, the stakeholder internally and externally is vital for any business to succeed. Because if you haven't got the buy-in of your stakeholders, then you're going to really struggle.   Now let's dive into ISO 55001… What made Greater Anglia consider ISO 55001? Striving for excellence, once the franchise agreement was in place, Richard was keen to set a high standard and embed Asset Management ‘Best practice’ into the DNA of the organisation.  ISO 55001 was the ideal framework for this. So, let’s find out how Greater Anglia went about tackling the challenge of achieving certification… Tackling the challenge There was a massive change of direction in everything Greater Anglia did with regards to presentations, training, updating their process strategy and getting everybody's buy-in, and inductions in what they do within the company. Richard thinks they got this from the ISO standard itself -in terms of the structure of how it was set out and what they did going forward. The improvement within the team at Greater Anglia and the structure are more defined. And even the line of sight, when it goes right up to the managing director and down to the person at the station…you can see that link. Richard sees this as the most impressive part. At one point, when going on an ISO audit with BSI (British Standards Institution), they were speaking to a member of staff at a ticket office and asked him ‘Do you know much about asset management and the asset management system here?’…And he said ‘Yes!’. This really goes to show that how far it filters down. It definitely is very challenging to ensure everyone is on the same page. But it’s so rewarding when you see it happening. At Greater Anglia, they learned so many lessons from when they started, they were in such a different position to where they are now. Richard sees this as a massive learning curve for them!   What’s interesting is that Greater Anglia has a broad range of different suppliers. So, let’s find out how having structure, policies and systems in place helped to coordinate operations with stakeholders… Coordinating with stakeholders When they started the franchise in 2012, they’d inherited the existing asset management system via Network Rail. Stakeholder engagement and collaboration were key, so to encourage feedback they liaised with various parties to ask the question about the current systems, ‘what do you want it to do for you?’ this included their commercial team, project team, assets team, and so on. This resulted in constructive feedback which helped Greater Anglia to initiate various improvements. Their supply chain now is very consistent, and there's a link to their system with regards to reactive and renewals, etc.   So, let’s find out what benefits Greater Anglia have seen as a result of having that asset management system in place... Benefits for Greater Anglia Richard reveals that prior to setting up their new system, everything was managed so differently. Now they have one big unit that manages all assets. So, information with regards to surveys, renewals, stakeholder projects, or third party is all linked. Whereas before, it would have been harder to manage…now, it's all unified. This clearly saves Greater Anglia a lot of time by having information at their fingertips, together with knowing how it all connects with other areas of the business   Now finally, let’s see what kind of hints and tips Richard has for individuals that are responsible for asset management within an organisation and are considering implementing ISO 55001 and some kind of framework to have that structure.   Richard sees it as absolutely crucial that you find somebody (like Blackmores!) to help you, as they will guide you through the process. You need someone to look at your setup, and how your structure and strategy are, etc so they can tell you what you need and how to improve. The daunting part is actually looking at the standard as a technical specification and wondering ‘how is this going to be interpreted for our business?’ and so that’s how Blackmores helped. Greater Anglia is now up to its third year of recertification, which is just fantastic!

If you're wondering where to begin with strengthening your environmental credentials, a great way to do this is to implement ISO 14001. This is a world-leading standard for businesses on environmental management. In the last episode, I shared with you what an environmental Management System (EMS) is. So, if you haven't heard that yet, I'd recommend that you have a quick listen before listening to this one because it's essential listening, it provides an overview of what an EMS is.   Now, I'm going to just provide a high-level overview of ISO 14001. But if you'd like to get all the resources on implementing ISO 14001, then the isology hub membership is the place to go. It has everything that you need, including video tutorials, downloads, workbooks, check sheets, and also a stack of training classes as well to help you to create your very own bespoke ISO 14001 compliant EMS. We're super excited to be launching this game-changer in ISO standards. So, if you don't want to miss out, go over to the membership site, which is www.isologyhub.com to join the waitlist, and don’t forget to download our free ISO Standards Blueprint here, which provides you with all the information that you need on the key steps to plan, create, launch and get certified to an ISO standard.   Let's dive into ISO 14001!   What you’ll learn: The purpose of ISO 14001 and why it exists. The structure of the standard (including the key clauses) Key ISO 14001 principles Key benefits of ISO 14001   Let's start right back at the beginning… Key purpose of ISO 14001 This standard is a specification. It's a document that you can purchase online, which provides a framework for actually building an EMS   An EMS is to provide a framework to help support any organisation to improve its overall environmental performance and provide a sound basis for sustainable development initiatives.​   It's designed to embrace continual improvement, and enhance operational performance, which is similar to any other ISO standard. So, if you've already got an ISO standard in place, the chances are that you're in a really good position to integrate the elements of ISO 14001 because there are quite a lot of similarities.   The structure of ISO 14001 The first 3 clauses within the standard are actually auditable. Clause 4 is all about understanding your organisation and its context. Clause 5 is leadership commitment. This is all about leadership and commitment, roles, responsibilities and authorities. Clause 6 is the planning stage, which is all about addressing actions to mitigate risks, and enhancing your opportunities as well. Clause 7 is called support. This is actually around things like resources, both physical, processes, facilities, competence, and awareness. Clause 8 is all about operations. So, these are your operational controls for reducing your environmental footprint, and also having controls in place for things like emergency preparedness, and how you respond to an environmental incident. Clause 9 is performance evaluation. So, once you've got your operational controls in place, it's really important that you evaluate the effectiveness of those controls. Finally, clause 10 is the improvement clause that focuses on non-conformity, corrective action, and continual improvement​.   So, by just running through that briefly, you'll probably be thinking, “oh yeah, well we've got that and yep we've got that too”…but it might just not cover environmental management. So, that's where you need to make those tweaks and changes.   For those of you that aren't familiar with ISO standards you might be thinking, “well that's pretty comprehensive”. And yes, it is actually! It does provide you with a holistic framework for managing environmental performance.   Key principles of ISO 14001 Now, looking at the key principles then of ISO 14001…ultimately, it's down to: Protecting the environment by preventing or mitigating adverse environmental impacts​ Mitigating the potential adverse effect of environmental conditions on the organization​ Assisting the organisation in the fulfilment of compliance obligations​ Enhancing environmental performance​ Controlling and/or influencing product and services design, manufacturing, distribution, consumption, and disposal, using a life cycle perspective​ ​ So, those are the fundamental principles of ISO 14001. If you’re focusing on achieving certification to this standard, then you really need to focus on clauses 4 to 10 of the standard. These are the elements that are implemented within your business and they are the areas that the independent third-party body will be looking at when it comes to your stage one and stage two assessment. There’s a lot more advice and information on that over at www.isologyhub.com, which provides a full list of the key and essential documents, what is desirable and provides examples of those using templates, guidance, and training.   So, to wrap up… What are the benefits of ISO 14001? Reduced costs due to less wastage​ Simplified and effective documentation​ Improved sales and marketing opportunities​ Improved communication and morale company-wide​ The acquisition of a symbol representing the internationally recognised environmental standard ISO 14001.​   ​ If you'd like all the resources needed to implement ISO 14001 yourself or if you'd like to join one of our ISO 14001 six-month coaching programmes, we've got seven places available! So, head over to www.isologyhub.com to find out more, and don’t forget to download your FREE ISO Standards Blueprint here.    I look forward to catching up with you on the next episode, where I'm going to be sharing with you how to plan your ISO 14001 implementation project!

 An exciting announcement about a game-changer in the world of ISO standards was made in the last episode….which was about the isology hub! Let’s have a little reminder… What is the isology hub? It's a Netflix version of unlimited ISO standards support, which includes videos, checklists, sample policies, templates, plus many other things such as eLearning courses! You’ll get access to binge-worthy content to help you raise your game and take your business to the next level. So, what is it that makes the isology hub such a game-changer you ask? Well, it's a game-changer because it provides a DIY (do it yourself) solution to implementing an ISO standard. Our inaugural ISO Roadmap is for an Environmental Management System (EMS). So, in effect, it’s a roadmap for you to implement an ISO 14001 EMS.   Over the next few episodes, I'm going to be sharing with you some of the topics that we cover in the isology hub in terms of ISO 14001. We have an ISO 14001 roadmap, and we kick off by explaining what an EMS is, and we feature step by step, specific actions that you can take to make your business more sustainable and take it to the next level!   But before I kick off with explaining what an EMS is in this episode, I’d just like to announce that we have an awesome ebook guide for your ISO project. And it's free of charge! It's called the ISO Standards Blueprint simply go to isologyhub.com to download it for free. The great thing about it is that it's a guide for any ISO standard. So that's why the ISO Standards Blueprint is a blueprint for implementing any ISO standard.   Now, let's dive into explaining what an EMS actually is…   What is an EMS? An EMS is a blueprint for how you run your business sustainably and be kinder to the planet. It provides a framework (a home) for your policies and procedures Helps you to identify and reduce its impact on the environment. A system to optimise your resources to be as efficient as possible Leads to reduced operational costs, and therefore increase in bottom-line profitability.   So…what is actually inside an EMS? Policies Procedures Documents Records   Which documents must you include? Where the standards say ‘SHALL’ you must obey…. Scope and boundaries of the EMS (4.3) Environmental Policy (5.2) Environmental Aspects and Impacts (6.1.2) Compliance obligations (6.1.3) Environmental Objectives (6.2) And… Documented information determined by your organisation as being necessary for the effectiveness of the Environmental management system.   Examples of Documented Information include: Aspects and Impacts Register  - captures your environmental footprint Roles and responsibilities – Who does what Operational procedures – How things are done Core ISO System procedures – document control, communication, Management Review, Internal audit – these all help you keep on top of the management of your business. Environmental legal register Risk Register Environmental objectives/KPI’s Environmental Policy Metrics to monitor and measure  – what do you need to monitor and measure that will help shift the needle in the direction you want to go. Meeting minutes Samples / Supplier records   In Summary…What can an EMS help with? Assign roles and responsibilities, and see exactly where there are bottlenecks, Ensure value-adding monitoring, measurement, and analysis of data, that in turn will assist the business to make better-informed business decisions, Identifies all the statutory and regulatory requirements – and helps keeps your business compliant and avoid reputational damage and fines. Understand where corrective action needs to be taken, and how this can be potentially avoided in future   Hopefully, that's given you a snapshot of what an EMS is! We go into this in a lot more detail in the isology which is where you’ll find everything you need to implement an EMS and achieve certification to ISO 14001   So, don't forget to download your FREE ISO Standards Blueprint over at isologyhub.com

Today’s podcast is unlike any other podcast we’ve recorded before. That’s because we’ve got a special announcement to make about a ground-breaking innovative gamechanger in the ISO Standards landscape – the isology hub, which is due to be launched in May 2021.   What you’ll learn: March 2020 - how the isology concept was born Innovate UK competition The isology hub Who is the isology hub not for? B1G1 ISO Coach   Now, I’m recording this in April 2021, but I’d like to take you back to March 2020 to explain when and why my journey began with initiating this innovative online solution. I think it’s quite important to appreciate that this sort of innovation probably would have taken us three to four years to come up with. But COIVD-19 has encouraged many organisations to think outside of the box, to think differently, and to look at sustainability in a very different way.   So, let’s go back to March 2020 and find out how the isology concept was born! March 2020 In March 2020, the UK like many other countries across the globe were thrown into lockdown, and life was turned upside down, as we were hit with a global pandemic. Little did we know…that life as we know it was never going to be quite the same again! Now, at the time, we felt that we had the curve. Partly because we’d already been using Teams to have meetings online and to do internal audits, mostly with some of our international clients at Blackmores. Many of you know me as the Managing Director of Blackmores (as well as the podcaster on the ISO Show). Blackmores is my primary business and very dear to my heart. I’ve been running that business for 15 years and immediately I was concerned about the welfare of our employees and clients, and like many other businesses thinking “Okay, so how are we going to best get through this?!”. We went into our BCP mode (Business Continuity Planning mode) and we actually shared a lot of that information on the ISO Show! We felt that we owed it to our listeners and our clients at Blackmores to share examples of pandemic business continuity plans. And at the time, it was really well received! In fact, we didn’t realise until we did that how much of a wide global reach of listeners we had. It was amazing! We had people contacting us from Papua New Guinea, Kula Lumpur and places all across the globe saying “thank you this is great!” or “this is really helpful” because at the time, businesses were looking for reassurance as well. So, we were more than happy to provide the support.   Not long after that… it was just before the Easter weekend, so April last year. We had a quarter of our clients cancel within the span of 10 days! Straightaway we thought ‘okay, this is going to affect us’. We quickly realised that a lot of our clients are in manufacturing or in the events industry, and they simply could not operate!   So, we had to shift gear…and adapt! We had to change the way assessments were undertaken and the way we deliver our consultancy services to do it all remotely. That’s when I realised that actually…there is an opportunity for certification bodies to do part of their assessments remotely. Obviously, for some types of assessments this wouldn’t be applicable. But in many cases, I could see that there was a significant opportunity for us to reduce our environmental footprint and work remotely! At that time, we were already creating eLearning courses, and there was some work taking place internally within our team on developing a learner profile. So, taking an individual from a grassroot level, with no knowledge whatsoever about an ISO standard, right through to professional status. So, work was already underway. When we looked at the possibility of offering our services online and after the research we did, we realised that actually, it would be really good if we could provide an online solution that all of our ISO show listeners could also access! That was when the initial concept was born for creating a state-of-the-art online, learning and support membership. This was made for organisations looking to not only achieve ISO certification, but also for those businesses that are already certified to ISO standards, but their system just isn't working for them. They might be stuck in a rut…they're stuck in the trenches there because there may be certain issues like a lack of engagement, leadership, or even compliance. So, I came up with this concept of creating an online membership platform so that it was accessible to all regardless of the industry, the location, the time zone, and to be able to provide the equivalent of a Netflix version of ISO standards support!   I had heard from a funding body, within the government in the UK, about an Innovate UK competition. This competition was all about helping businesses to be innovative and provide sustainability solutions as well and to help businesses through COVID. It was then that the penny dropped… I thought well, actually, why not go for it! If we win it, we win it. If we don't, then we don't! So, I put together a business plan and got a lot of advice from a European enterprise network and put together a bid for this competition.   There were actually three rounds to it! Let’s find out how they went… Innovate UK competition So, round one… I hadn't done anything like this before and it had taken weeks to put together that bid. We found out about a month later...that we had failed! But only by a very slim margin, which was very frustrating. But this encouraged me, particularly as a result of the positive comments from the assessors, that assess the application, saying that there was quite a bit of mileage in this innovation.   Now onto the next round… The deadline for the second round was only two days after we got the feedback from the first round. My advisor said “you know there isn't much point in rushing this, you want to spend time to get this absolutely perfect, so that you can absolutely smash it at round three”. This was the final bite of the cherry…it was a last chance saloon. I thought well…if we get it, we get it, and this is going to be a game-changer. If we don't, that's it. Fortunately…we won the competition; we won the funding!   There are five different assessors from all sorts of different industries that recognise this as being a game-changer in our field. They believe it could have a significant positive impact on the environment. Because our MVP (minimum viable product) is a part of this membership platform and is all about environmental management standards. So, we've been working hard over the last few months to bring together this MVP, and we're due to launch it in May 2021. It's going to be called the isology hub and it's based on isology methodology…which is ultimately seven steps to implementing any ISO standard! Now, I’m sure you’re wondering…who is isology for? The isology hub This membership platform is for anybody who needs to achieve ISO certification. This might be because you need to win a tender, or you just want to raise standards within your business, or you may have stakeholders that are demanding that you provide some type of commitment in some area, whether it be sustainability or information security. It's also for those people that have spent countless frustrating hours trying to understand how an ISO standard could actually be interpreted within their business. It's also for those people who have an ISO management system…but it's archaic. It was written in the dark ages! And it doesn't bear any resemblance to how you operate as a business right now. In effect, it's working against you. So, you need some type of solution to revamp it, give it a makeover, getting engagement and in making sure that it is a system that helps you to build success for the future of your business. It's also for those of you that would like to integrate other standards into your existing management system. So, you might be looking at cloud security standards, or carbon neutrality standards. So, it's for those businesses that are already working hard to raise standards within their business, but they want to go the extra mile…they want to go above and beyond, and they need the systems, tools, templates, eLearning and guidance to help them to do that. It's also for those individuals that would like to achieve qualifications in ISO standards to improve their knowledge and to support career development as well.   So, what we're trying to avoid here is having any overly technical and expensive training courses. You can access it whenever you want, from wherever you want. It's a place for organisations to learn how to achieve ISO standards, and also to get gameplans for raising their game. It's packed with in depth, practical training and resources on all aspects of planning, creating and managing a successful ISO system. Now, we have also created an ISO standards blueprint, which is a free download for you to get access to, if you come over to the isology hub website. All you need to do is Google www.isologyhub.com and you'll be able to download your free ebook on how to plan, create and manage a successful ISO system ready to get you certified And that applies to all ISO standards!   Now, I’m sure you must be thinking…what makes isology hub so different? Well, this is a ground-breaking approach. It's the quickest and easiest way to get ISO certification that gets results. But it's not just about the accolade of getting certification through your certification body, but having that results driven, systemised way of managing your business, to give you that freedom and time so that you can grow your business. It also gives access to expertise. Over the last 15 years, we have implemented ISO standards for hundreds of organisations across the 19 standards and over 25 different countries. So, you're actually tapping into over 200 years of combined experience now (that's not me personally obviously) that's our team! It's our team that's helped put this together. All our intellectual property and all of the work that we've been doing over the years to support businesses in all industries is going to be put together in the isology hub. That's where you can get access to that.   And, of course, we walk the talk… We have done this time and time again. These are the proven concepts. Isology and the seven steps have been put to the test and it's been successful…time after time!   And we are pretty straight talking! We are very friendly, very approachable and we want that to come across with the membership platform. So, you'll be able to listen to our tutorials and join us for our monthly live Q&A sessions if you've got any questions or if you'd like to discuss anything at all to do with ISO standards. Ultimately, we live and breathe ISO standards…you get our full commitment, and you get that team behind you through the membership portal.   But I must say…the isology hub isn't for everybody! Who is the isology hub not for? If you simply want to tick a few boxes and get the badge…this isn't the right solution for you. If you want to go down the non-accredited certification body route…it's not for you. And If you're looking for ISO in a box so you don't have to do any work at all…it's not for you either. It's also not for you if you're expecting guaranteed results. That's because it is down to you to put the effort in to actually make it happen. Although we've got 100% success rate in helping our clients get through certification because we've helped to do a lot of the work with them, the membership portal is there to guide and support you…so you have to put the work in yourself. The templates, tutorials, guidance, action plans are all provided for you. But you do need to spend the time to actually completing them and implementing them within your business.   B1G1 One of the things that we're passionate about at Blackmores is acting responsibly and doing the right thing. With having an online system, we are donating for every new member that joins the isology hub. This will be done through B1G1 (buy one, give one!) We will tackle climate change and poverty, one member at a time. The project we have selected is in Madagascar. Unfortunately, Madagascar is a country in crisis. 70% of the country lives in poverty and half of its rainforest has been eradicated due to the strain of population growth in the country. So, we’ve picked out a project whereby we can support the planting of trees and also provide sustainable agriculture training as well so that the communities are self-sufficient. This will enable them to send their children to school to be educated. We'll also have a live widget on the isology hub website. So that we can see our STG goals are updated whenever a new member joins!   Now let’s get back to isology! There is a wealth of information in there, and it's not just about documents…we've got a unique roadmap that's been trademarked, and this is based on our seven-step isology concept! We've provided an ISO roadmap for ISO 14,001 for the launch. This will take you through everything that you need to do to get ready for an assessment for ISO 14,001. It also provides everything that you need for an environmental management system, even if you don't want to go for certification! So, how to create an environmental policy, what to look for in terms of creating your objectives, how to identify your environmental aspects and impacts, and how to launch your management systems…it takes you through the seven steps. In addition to that, we've also given you access to our eLearning courses. A lot of the learning is through videos, to action plans, guiding you step by step through your ISO roadmap. We also include checklists workbooks, cheat sheets, and templates, as well, to support you. So, some examples of those could be a launch communications planner, or even an email launch sequence and templates to go with it. Things like internal audit scheduled templates, report templates, samples of policies and procedures and so on. As I said it's not ISO in a box, these are just examples of best practice. And we guide you through creating your own documentation for your own bespoke management system. And, of course, we’ve got our live Q&A’s, feel free to join us for those live Q&A’s within the membership, or we can answer any questions that you've got.   The other thing that we're really excited about launching as well is our ISO coach programme! ISO Coach We're conscious of the fact that some businesses might just want to join the membership and get on and do it all themselves. Or they might need some guidance and support. There is an upgrade available, which is the ISO coach programme and that's a six-month programme, where you'll be part of a small group of up to seven other individuals. On a fortnightly basis, you will have group coaching sessions on the seven steps. Then on the alternate fortnight's, you can book one-to-one sessions with your ISO coach to go through and discuss any queries concerns or review documents that you've created, just to help you on your journey and make sure that you stay on track as well. This programme does start at specific dates! The next date that we've got starting will be the 2nd of June. So, if any of you are interested in joining the ISO coach programme, please do get in touch with us!   Because the isology hub is new, we would absolutely love to hear about any suggestions or ideas on content that you'd like to include within the isology hub. Every single month we'll be adding new content, whether it's an ISO roadmap for implementing another ISO standard. So, I'd be delighted to hear from you and also to answer any questions that you might have about the isology hub.   So regardless of whether you're just starting out on your ISO journey, or you've already got a system in place but just want to raise your game that bit further, we would love for you to join us as a member on the isology hub! Thanks very much for listening and I look forward to catching up with you on the next ISO show!

Dinesh Sharma, Director of Information Security Governance at Epiq, joins us on the ISO Show today. He discusses ISO 27001, his in-depth experience of this standard, how it’s working for Epiq, lessons learned, and how he manages this globally for Epiq Global. We are so excited to interview Dinesh! He has a wealth of experience in terms of implementing frameworks like ISO 27001 and PCI DSS. He’s got plenty of experience ranging from developing information security policies, procedures, managing risk assessments, to delivering security training and awareness, and overseeing internal audits. He also has expert experience in security management and governance as his last 15 years focused on information security.   You’ll learn about: What Epiq does What it means to be Director of Information Security Governance Setting up a security team and managing it in terms of global responsibilities Continual improvement at Epiq Dispelling ISO 27001 myths What has worked well for Epiq in relation to ISO 27001   First and foremost, let’s dive into what Epiq is and does… What does Epiq do? Epiq, primarily based in the U.S, is a global professional services company, operating in approximately 25 countries including Germany, Belgium, India, London and so many more. Epiq primarily provides support to the legal industry (so to law firms and the legal departments within large organisations). Their key service is around E-discovery. This is where there is potentially an investigation, or if two parties are about to enter a litigation. Some processes need to happen around data collection, data review, forensics, processing and document review. Epiq can make all of this so much more efficient and cost-effective for clients! Another core service Epiq provides is court reporting and transcription services. Other services include business transformation services, class-action and a range of other services.   Now, let’s find out more about Dinesh’s role… Role at Epiq Dinesh is part of the Global information security function at Epiq. They have a dedicated Global information security team to support the business. Dinesh’s specific role is to lead the security governance side of things. This means that he manages and helps to define the information security policy set and Information Security Management System (ISMS) within Epiq. He also leads and coordinates the internal security assessments (part of which is internal ISMS audits as well as internal security audits across Epiq). He even reviews and provides input on contracts of clients and vendors around security clauses to ensure they align with the policies of Epiq. His team also delivers staff security awareness and training. Finally, his team manages security certifications including ISO 27001 (very relevant for today!).   So, let’s explore how a mature ISMS is managed… How to go about setting up a security team and manage it in terms of global responsibilities? At Epiq they have a dedicated team within their information security function for security operations. This team oversees the security toolset, they monitor the alerts from this toolset, such as their end-point detection and the logging and alerting around network security. This security operations team also takes the lead on defining their processes and handling any security incidents. So, they have a separate team for this specifically. They also have a separate team for security architecture and security engineering. These teams work very closely with the business to make sure that security is considered and embedded within the projects and new offerings Epiq has as a business, as well as developing their tools. So, if Epiq is looking to implement a new security tool, this team will be very involved in looking at the different vendors that provide that offering, how that would be embedded and work within the infrastructure of Epiq, and the environments with which they serve their clients. So, Epiq has got the structure of sub-teams within the security function well defined! Of course, sitting on top of this, Epiq is very fortunate to have some very experienced and very qualified leadership come into that team. The governance and operations side is managed by a gentleman called Jason. He has lots of experience and brings experience from other industries he’s worked with. He has a peer called Andrew, who looks after the engineering and architecture side. Epiq also has a new Chief Security Officer (CSO) who is very knowledgeable and savvy. He is doing a really good job of lifting the profile of not only security within the organisation, but also Epiq’s security functions. So, they are fortunate to have that leadership as well.   This is fantastic…when organisations are starting with implementing an ISMS, we always find that leadership commitment is so key! It’s great to hear that Epiq has got a mature management system yet are still continuing to focus on leadership commitment and bringing that in from various angles across the organisation as well.   In terms of the ISMS then… Epiq has got many other security standards, so what we want to know is how their ISMS helps them to manage all their activities. Well, looking at the requirements of ISO 27001 and setting up an ISMS that works, Dinesh thinks the most important thing it gives an organisation, regardless of what level of maturity it is at, is what the basic components and principles are in terms of a framework that you should be having in place or that you should consider having. This is because if you want to go for certification to ISO 27001, then you must have some of these things in place.   Dinesh very much sees this as a baseline! Once, you establish that baseline and you’ve got the documentation, the processes which support the documents and the staff in place who can deliver on those processes. You then think…‘what can you do to increase the maturity’? A big part of ISO 27001 is continual improvement. This is something Dinesh thinks is very important and puts a lot of focus on in his role. So, that’s all tied with the kind of internal security reviews that they do with the internal assessments that happen. But any feedback they get from the business, or any input or discussions they have with the business which can raise or flag something, e.g., as a potential block, are put onto their continual improvement register to work with the team or the business area. It might be something they have to work on themselves. The important thing is to always look out for these kinds of things. That’s why this is a key area of focus for Dinesh, in his role, as he thinks about what can improve each step of the ISMS in Epiq.   However, a lot of companies, once they’ve completed the assessment, think that’s the job done. But you can’t put your feet up just yet! This is only the beginning of the journey, which is why Dinesh identifies this as the baseline and the foundation to be used for continual improvement. So, let’s look at what Epiq has implemented in relation to continual improvement, which has been above and beyond this baseline.   Epiq and continual improvement Epis has implemented a Critical Asset Reviews. They identified their 15 most critical assets and instead of doing a full security review, they pick the 10 most important controls and other controls they think would deliver the highest level of security if they had it in place. So, they have done a very focused security review, based on risk and what they think their most important assets are. They dig deep into what are the risks and issues and by acting on these, it moves Epiq to another level. Now, let’s move onto the part where we dispel myths around ISO standards! Dispelling ISO 27001 myths Dinesh believes that a good understanding of ISO 27001 is needed to know what the standard actually means. There is a difference between being aligned and being certified to ISO 27001. So, an independent review of your ISMS is really important as it shows you haven’t just picked and chosen which parts of the core standard you’re going to implement. It shows that you’ve had to do them all and have had that verified and tested. This would provide a level of assurance to your organisation and stakeholders. That’s why there is such a big difference between being aligned to the standard and being compliant with it.   Finally, I’m sure our audience would love to know… What has worked well from an information security perspective in relation to ISO 27001? Dinesh identifies the top-level management commitment within a business as the most crucial thing in any implementation of a standard. The business needs to understand the importance of information security. So, everyone needs to be aware of what the benefits are, what’s going on and what is important…having this conversation in your business really makes everything easier according to Dinesh. Epiq does this during their management reviews, where all four of their CEOs attend. They take the management review section of ISO 27001 and cover most of it in their quarterly meetings, and because this is visibly supported by their CEO, the business leaders reporting to the CEO and all their directors attend the management reviews as well. So, they all understand what’s going on, what’s important and what the key risks are from the security team’s perspective. Having this conversation just makes everything a lot easier according to Dinesh.   That’s it from Dinesh! We hope you enjoyed learning about Epiq’s journey…it’s inspirational to hear how Epiq is still developing, evolving, improving and still getting such fantastic commitment from the very top as well. It clearly demonstrates Epiq Global’s commitment to information security without a shadow of a doubt! Contact details for Dinesh, if you have any enquires or would simply like to connect with him, you can get in contact using one of the ways below: Email: dsharma@epiqglobal.co.uk Website URL : Epiqglobal.com LinkedIn handle: uk.linkedin.com/in/dineshcsharma

Seacourt is the highest scoring B Corp printing company on the planet, they believe in business as a force for good for society. Fun facts: Seacourt is the winner of the Queens award for sustainable development. They’ve won this three times! In 2017, they were also crowned Europe’s most sustainable SME! No wonder they are recognised as one of the top three leading environmental printers in the world! Seacourt Managing Director, Gareth Dinnage, joined us for an interview to tell us about Seacourt’s journey and its initiatives. Gareth has been part of Seacourt’s sustainability journey from the very start. He started his journey first as apprentice and then heading up to Sales and Marketing and finally owner and Managing Director.   You’ll learn about: Seacourt’s sustainability journey Environmental management as a guiding principle for Seacourt and their contributions to the environment Seacourt’s journey to understanding their carbon footprint Significance of being Net Carbon Zero B Corp How ISO 9001 and 14001 helps Seacourt run their business Understanding your supply chain   Let’s start right back at the beginning of Seacourt’s journey! Where did Seacourt begin and where did its sustainability journey begin? Seacourt started in 1946! They were set up as a commercial printing company in Oxford, working with local businesses. Not much changed for them until the mid-90s, when the owners at the time had the good fortune to attend a seminar focused on sustainability. We know what you must be thinking, whoever put together this seminar must have had incredible foresight, to have looked into commercial impacts and sustainability! The owners realised that the printing industry is among the fifth largest manufacturing sectors in the UK since 1996… And that it’s also the fourth worst polluter! That’s when they decided that they don’t want to be part of the problem, but a part of the solution. This thought marks the moment of a change of goals and priorities for Seacourt. From this point in 1996, the business changed from a linear business model, focusing on outputs, to becoming a value-based business, to considering the impacts on the environment and society, as well as profits. This marked the magic transformation of Seacourt! For the last 25 years, their philosophy has been “will this improve the environmental performance of our business. If the answer is “yes!”, then they do it regardless of the financial cost. So, without this fundamental change in mindset, Seacourt would not have been where it is today.   Guiding principle for Seacourt Environmental management has been a guiding principle for Seacourt for the past 25 years. It’s fundamental and core to the company. Currently: Seacourt runs on 100% renewal energy (and have done so for decades) They invented their own printing process called ‘LightTouch’. This has saved them gallons of fresh litres of water Seacourt no longer uses water or chemicals in their printing process! They have been zero waste to landfill for over a decade. They are carbon positive -and that’s scope 1,2 and 3! What this means, for those of you that aren’t familiar with this concept, is that Seacourt sees their impact in every element that they as a business effect. This includes their supply chain, so as a printing industry, they take their impact all the way back to forestry they use for their natural resources. They consider how trees are transported to the papermill, how papermills are run, the energy this it is run on and much more! They consider the end-of-life process by producing a natural material that has a massive recycling rate. So, when you wrap all of this up in its entirety, Seacourt has created a concept called Planet Positive Thinking -which means that they give back more carbon into the atmosphere than they are responsible for consuming.   Seacourt’s journey to understanding their carbon footprint A lot of businesses are new to the concept of Net Carbon Zero. So, let’s find out how Seacourt went about understanding what their carbon footprint was. Seacourt does this by unravelling their entire supply chain and ask challenging questions to their supply chain, such as how they power their plants, what is the carbon impact per tonne of paper they are using, how they transport their materials from the forest and much more never before asked questions! They used the amount of paper they have purchased over a 12-month period and worked with their suppliers to get an accurate carbon impact figure. They created their own methodology and matrix, using the same process to identify the carbon impact figure that they used for their paper, for other areas in their operations, for example their ink. By this point, Seacourt knew their carbon impact holistically for a 12-month period and sought to work on a regenerative project in the Amazonian basin. In this project, Seacourt safeguards 86,000 hectares of endangered forestry and are reforesting 12,000 hectares of deforested lands. They also have a social element where they support a programme with indigenous people. So, this is how Seacourt maintains their Planet Positive Thinking element, as they give back more than they consume in everything they have an impact on.   Significance of being Net carbon zero Of course, we are conscious of the fact that we are in a lockdown where many businesses are struggling financially. So, this is for those of you thinking “is it going to be really costly for me to be Net Carbon Zero or Carbon positive?”. Gareth emphases the need to understand the impact of sustainability, to have a strategic plan and an idea of what goal you want to reach and how you will achieve it. Otherwise, your business will get left behind! Other business will pick up this leadership agenda and show exactly what business can do. Gareth identifies these businesses as the ones to be the most successful. This is already evident among investors refusing to work with fossil fuel-based business. That’s why business need to act responsibly to stay ahead of the game!   How management systems help Seacourt run their business Seacourt has been certified to ISO 9001 and ISO 14001 for years. These management tool helps Seacourt set the business up to the highest standards and ensure continual improvement. The quality environmental management system provides a framework for delivering sustainable best practice.   B Corp Now let’s move on to talk about B Corp! B Corp is the global movement that aligns businesses who share the same philosophy, which is that businesses can and should be a force for good. Certified B Corps meet the highest standards of verified social and environmental performance, transparency, and accountability. The unifying goal of B Corps is that the main driver is stakeholder value, not shareholder value.     Understanding your supply chain For those of you who have not yet looked into their supply chain, Gareth recommends: Observing and controlling your building in terms of energy efficiency (make sure its insulated and you use renewable power) Then send out supplier surveys to find out what your suppliers are doing or working on that you are not aware of Then look at your key supply chain and identify if you can start mapping the carbon impact. These steps would give you key findings and insights that you can use in your goals and strategy.     Contact details for Gareth, if you have any enquires or would simply like to connect with him, get in contact using one of the ways below: Email: garethdinnage@seacourt.net Website URL : www.seacourt.net Twitter handle: @seacourtltd LinkedIn handle: Garethdinnage

Today, we’re joined by the Director of Corporate Assurance at Totally PLC, Falu Bharmal. Falu plays a key role in working with NHS England and has in-depth knowledge and understanding of ISO implementation, Legal Policy relating to corporate governance, health and safety, and integrated Risk Management. He has extensive experience in establishing new corporate governance structures, systems, and processes to ensure organizations are fit for purpose. Today, Falu is here to discuss ISO 27001 (Information Security Management), and why it’s so important to have consistent practices throughout a company. Falu explains how he’s able to implement new ISO’s so effectively and some of the biggest improvements ISO 27001 has allowed him to make. We talk about how best you can prepare before implementing a new standard, and how ISO’s can help systemise your way of working across a company. Website: Mobile phone: Email: You’ll learn The benefits of working as a group with consistent practices throughout a company. How to effectively prepare for and implement new standards. How ISO 27001 is used as a best practice mechanism. How implementing standards can help to systemise the ways of working across a company. How many people you need to be involved with the implementation of new standards. Resources Blackmores Totally PLC In this episode, we talk about: [00:29] The services Totally PLC supplies and how they support the NHS and reduce A&E waiting times. [03:30] The different divisions that makeup Totally PLC. [05:36] The ways Falu as Director of Corporate Assurance is involved with ISO implementations. [06:34] How Falu implements ISO standards effectively. [07:21] How ISO 27001 is used as a best practice mechanism for Totally PLC. [08:20] Some of the biggest improvements Falu’s made through using ISO 27001. [09:25] How ISO standards help to systemise ways of working across a company. [10:14] The different roles Totally PLC has dedicated to ISO implementation. [12:18] The best things you can do before implementing a new standard. [13:46] The extra pressures Totally PLC has faced due to the pandemic, and the new opportunities this has brought. If you need assistance with implementing ISO 27001 – Contact us! We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud

Steve Mason is a Senior Consultant at Blackmores (UK) Ltd, and has a 100% success rate of supporting clients in achieving their ISO 9001 & ISO 27001 certifications on their first time. With over 38 years of experience working with standards, Steve is incredibly knowledgeable about how to ensure companies get the best benefits when implementing new standards. Steve has never stopped advancing himself and continues to broaden his knowledge of new standards as they come into existence. Today, Steve is back to discuss the new ISO 27017 (Information Security Controls for Cloud Services Standard), and why it is needed in addition to ISO 27001. The current publication of ISO 27001 was released back in 2013 before cloud security was as big of a concern. Due to this, it does not adequately cover cloud security and hence the new standard ISO 27017 was released. It is wise not to assume that the cloud is secure on its own, you need a provider that can demonstrate protection from hacking and guarantee you security. There are 7 new controls that the ISO 27017 standard brings - 3.1 Shared roles and responsibilities within a cloud computing environment 1.5 Removal of cloud service customer assets 5.1 Segregation in virtual computing environments 5.2 Virtual machine hardening 1.5 Administrator’s operational security 4.5 Monitoring of cloud services 1.4 Alignment of security management for virtual and physical networks In this episode, Steve talks through some of these new controls, explains why they’re so important, and describes who can benefit from implementing this new standard. You’ll learn How the ISO 27017 standard works for both customers and providers. How ISO 27017 works as a unique selling point for businesses. The new controls that ISO 27017 has and how it demonstrates security within the cloud. The benefits of adopting ISO 27017. How doing a gap analysis can help you to understand what cloud controls you already have in place. Resources Blackmores In this episode, we talk about: [01:30] Why it’s important to have a standard for cloud security when we already have ISO 27001. [02:46] The type of new controls in ISO 27017 and how they make the standard ‘cloud effective’. [05:37] Some examples of the new controls that ISO 27017 has. [07:20] The prerequisites you need before implementing ISO 27017. [08:37] The type of certificate you get with ISO 27017. [10:22] How ISO 27017 can set companies apart from their competitors. [11:03] What the future for ISO 27001 and ISO 27017 looks like. [13:03] Advice for anyone thinking of implementing ISO 27017. [14:20] The main benefits there are from implementing ISO 27017. If you need assistance with implementing ISO 27017 – Contact us! We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud

Steve Mason is a Senior Consultant at Blackmores (UK) Ltd, and has a 100% success rate of supporting clients in achieving their ISO9001 & ISO27001 certifications on their first time. With over 38 years of experience working with standards, Steve is incredibly knowledgeable about how to ensure companies get the best benefits when implementing new standards. Steve has never stopped advancing himself and continues to broaden his knowledge of new standards as they come into existence. Today, Steve is here to discuss ISO 27701 (Data Privacy), and why it’s so important to have so that you can prove you are GDPR compliant. Since the new European Data Privacy Laws were introduced in May 2018 there have been over 150,000 personal data breaches within Europe, and the estimated total of GDPR fines total a little over 220 million euros. Steve explains why GDPR is so important, how companies can avoid having data breaches, and what makes ISO 27701 different from previous standards. You’ll learn How ISO 27701 can help companies demonstrate compliance with the requirements of GDPR. The ways ISO 27701 is different from ISO 27001 and why you need both standards. Who you can share PII with while still maintaining GDPR compliance. The correlations ISO 27701 has with ISO 27002. The potential impact implementing ISO 27702 can have. Resources Blackmores In this episode, we talk about: [00:29] The big personal data breaches that have happened in the last 2 years, and the fines the companies received for not being compliant with the data protection laws. [04:11] Why we have General Data Protection Regulations and what they are there to protect. [06:36] What ISO 27701 is and how it helps companies be GDPR compliant. [09:26] What PII (Personally Identifiable Information) is. [11:41] An overview of ISO 27701 and what its main clauses are. [14:04] What the two control sets of the standard are and what the difference between a data controller and a data processor is. [17:20] How this standard helps companies know what needs to be put in place to be GDPR compliant. [18:51] What makes ISO 27701 better than BS 10012 and why it will eventually completely replace it. [22:14] What you already need in place to get ISO 27701 certified. [24:10] The main benefits for companies implementing this standard has. If you need assistance with implementing ISO 27701 – Contact us! We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud

So this is for our ISO Show listeners that are already certified to ISO Standards, in some cases – not that often, some companies can get really fed up or frustrated with their certification body provider.   Now on the whole, accredited CB’s are great – however over the last 14 years we’ve come across the good, the bad and the ugly too!   So, this podcast is for those companies that maybe looking to switch, so we’ll cover…….   Why companies decide to change CB’s   Can’t get hold of anyone to help them – inform them of change in business and the CB is not adaptable.   Frustrated with lack of organisation – not keeping client informed, assessor showing up to audit the wrong standard.   Their CB is not listening to them   Not happy with the assessor – No really a hard reason – Just request a different Assessor   Lack of value – assessor shows up later and leaves at 2.00pm and you don’t get the report for another 2 -3 weeks after chasing.   Why switch?   Because you can – you have a choice You are the customer – if you raise your concerns and are not being heard, go to another CB that will look after your every need. You may get a more competitive service and costs - example clients grown through acquisition You are expanding internationally – need a CB with an international presence   How to switch   Here in the UK - If you are certified by a UKAS accredited certification body the switch is free of charge to another UKAS accredited CB. Establish your scope of certification and requirements – sites, services, standards. Review your timings – should it be before or after your next surveillance visit? Get three quotes from accredited Certification bodies – explain you’d like a quote for the period of certification including the recertification costs. Provide your requirements – also explain why you are looking to change CB’s as you want assurance that they will be able to provide you with the service you need.   Consider – Costs number of assessors for your standards on the payrole, Continuity of assessors Location of assessors and your locations Support Key Account Manager / customer services Experience/reputation in your sector / standards Any value adds i.e. webinars, whitepapers, events.   How we can help? – Free service to send an RFQ to CB’s so you can get comparative quotes. We don’t have an exclusive relationship with any 1 Certification Body, but we can help you gain a quote as a free service we offer. If you need help getting a quote, contact us! Look out for our directory of recommended CB’s in 2021.