The ISO Show

ISO consultancy isn’t a field many aspire to enter, mostly because many don’t know it exists until you’re tasked with either managing an existing ISO Management System or implementing a brand new one.  We’re continuing with our latest mini-series where we introduce members of our team, to explore how they fell into the world of ISO and discuss the common challenges they face while helping clients achieve ISO certification.   In this episode we introduce Sarah Ball, a Senior Isologist® at Blackmores, to learn about her journey towards becoming an ISO Consultant and what drives her to help clients on their ISO journey.   You’ll learn ·      What is Sarah’s role at Blackmores? ·      What does Sarah enjoy outside of consultancy? ·      What path did Sarah take to become an ISO Consultant? ·      What is the biggest challenge she’s faced when implementing ISO Standards? ·      What is Sarah’s biggest achievement?   Resources ·      Isologyhub ·      Productivity Ninja   In this episode, we talk about: [00:30] Episode Summary – We introduce Sarah Ball, a Senior Isologist® here at Blackmores, to discuss her journey towards becoming an ISO consultant who specialises in ISO 9001, ISO 45001, ISO 14001 and ISO 27001. [03:45] What is Sarah’s role at Blackmores? Sarah is a Senior Isologist® with Blackmores, supporting companies with maintaining systems, undertaking internal audits, and supporting with implementing new systems to gain certification utilising our Isology methodology. Sarah also coordinates the development of content of our online learning platform, the isologyhub. [04:50] What does Sarah enjoy doing outside of consultancy?: Sarah has a keen interest in history, having studied it at school, she like to travel to various locations of historical interest. She also spends a lot of time researching her own family tree, learning as much as she can about the far reaching members of the past. Sarah also likes to go jogging outside, as the gym environment didn’t inspire much enjoyment, she instead prefers to be in nature while exercising. She has also participated in long distance running for charity, completing the 10k Race for Life. She’s taking on the more daunting muddy 5K version this year, which includes a number of obstacles, so we’re wishing her luck! One of the new hobbies she’s like to take up this year include mountain climbing, with Mount Snowdon on her to-do list. [06:35] What was Sarah’s path towards becoming an ISO Consultant?: Sarah initially started in Customer Services, working as a customer service advisor in a company and then got promoted to manager of a team. At that point, her role became more about understanding why they were getting certain complaints and what could be done to prevent them happening rather than just resolving them. She ended up spending more time with suppliers and other departments to help prevent some of the recurring issues, and along the line it lead onto being asked to implement an ISO 9001 Quality Management System. Which was a tall request considering the fact that at the time, Sarah knew nothing about ISO 9001 outside of it’s designation and area of focus. As a result, she spent a lot of time researching it, and had the help of an external consultant to Implement the Management System. This was necessary, as knowing how to apply it to a business was something that she needed support with. 2 years later, the company asked Sarah to implement an ISO 45001 Health & Safety management system and an ISO 14001 environmental management system. These two she implemented herself after getting a feel for it during the initial quality management system implementation. For the next 10 years, Sarah worked in other companies, assisting with their integrated management systems. Along the way, she also picked up on ISO 27001 Information Security, before landing in Blackmores in 2020. [09:10] A path people fall onto – Most people don’t actively plan to get into ISO consultancy, it’s usually a result of being tasked with managing or implementing a management system while working in another role.  [10:10] What is Sarah’s favourite aspect of being a Consultant? – Sarah enjoys the variety, not just in the work and tasks but in the companies and industries that she gets to work with. Each have their own way of working, unique approaches and knowledge nuggets in the form of ways of working that can be cherry picked and applied elsewhere. She also likes to see how a management system develops and evolves overtime and how it can become part of a company’s success, driving continual improvement. Sarah enjoys working with people that can see the real benefits of ISO management systems, rather than just focusing on the certificate on the wall. [13:40] Making a Management System your own – Sarah is a big proponent of making a Management system your own, giving it an identity so that it can be fully integrated into the way a business works. Businesses do it all the time, usually by naming large projects that everyone can reference by a common shorthand. A Management System can work in the same way, making it a part of the day-to-day running of the business. She’s also a fan of not worrying about the terminology in Standards. Many of the terms used are meant to be general, this was due to the way international audiences referred to certain aspects of management, it wouldn’t always translate correctly. So many Standards have some admittedly awkward terminology that can be applied to any business, and you by no means have to use their wording, as long as you can explain what relates to what in an audit then you’re free to name things as appropriate to you.   [16:55] What Standards does Sarah specilaise in and why? Starting with: ·      ISO 9001 Quality: This is the main standard that Sarah starting working with, and is one that touches on a lot of areas within other Standards. It’s a great base to build off of, and is the starting point for many venturing into the world of ISO. ·      ISO 14001 Environmental: Sarah got experience with this Standard at her first company, it’s also commonly implemented alongside ISO 9001.   ·      ISO 45001 Health & Safety: Another one of the first Standards Sarah implemented, it’s also a common one to see in integrated management systems.   ·      ISO 27001 Information Security: Sarah got to grips with this Standard through years of working with other companies. Sarah’s favourite Standard is ISO 9001, not only because it was her first experience with implementing ISO Standards, but because it create a blueprint for success. ISO Standards are setting the minimum requirement, not the maximum, they are designed get you started so you can make continual improvements. It also acts as a foundation to build onto, you can pick aspects of other Standards to integrate into your existing system. You don’t necessarily have to certify to those additional Standards, but nothing is stopping you from strengthening your Management System with the best bits from other ISO’s. [21:00] Sarah’s favourite clause in ISO 9001: Sarah personally favors Clause 10 – non-conformity and corrective action. The reason behind that choice is due to that clauses’ importance in driving continual improvement. It’s about taking something negative being turned into a positive, which is what Quality Management is at it’s core. [22:05] What is the biggest challenge Sarah had faced during a project and how did he overcome it?: Molding the Standard to the business. As a consultant, the biggest challenge is understanding how to make the requirements of a Standard fit the business, and not the other way round. It’s all about trying to align the ISO Standard requirements to their values and mission, and then getting people on board with understanding the true benefits of management system implementation. At Blackmores, we ensure that each management system is unique to each business. We don’t operate with a copy paste model. This is another reason why Sarah encourages naming your management system, by branding it you encourage engagement. Sarah highlights the fact that we run a lot of workshops in the initial part of a project, conducting a Gap Analysis, SWOT and PESTLE ect, this helps our consultants to really get a feel for how a business ticks. From that, we can help steer the delivery of the Management System to the wider business, by building it into their existing tools, such as an intranet. [25:45] Leading by example: We revamped our own ISO 9001 Management System a few years ago, with both Rachel Churchman and Sarah Ball leading the refresh. We gave it a name, H20 (How 2 Operate) and integrated it with our Microsoft Teams channels as we’d all swapped to mostly remote work following the COVID pandemic in 2020. As Sarah points out, there are many different ways to display and deliver your management system, including: ·      Microsoft Teams ·      Intranet ·      Google / Google Drive ·      SharePoint ·      CRM’s such as Monday.com The key is building it into the day-to-day tools everyone uses. Make the Management System part of your processes, so adhering and maintaining it becomes part of everyone’s way of working. [28:55] What is Sarah’s proudest achievement? Obtaining her degree through the Open University while still working full time. It took Sarah 8 years of hard work to obtain her honours degree in History, which was one not required by her work or career development. It was simply something she wanted to do to prove to herself that she could achieve it. Many other members of Blackmores can attest to Sarah’s level of determination, and organisation, as she shares many tips and techniques learned from her years of study and work. This includes: The Productivity Ninja – Learned from Graham Allcott’s book, which seeks to help reduce procrastination, and tackle tasks with efficiency. The Second Brain – A tool to help keep track of ideas / tasks that aren’t an immediate priority. These tools are now used by a number of the team, and we have no doubt Sarah will be schooling us on more techniques in future. If you’d like any assistance with implementing ISO standards, get in touch with us, we’d be happy to help! We’d love to hear your views and comments about the ISO Show, here’s how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

We share a lot of success stories here on the ISO Show, along with hints, tips and updates to Standards, including insights from our consultants who work with Standards day in and day out.  In our latest mini-series, we’re taking a step back to introduce members of our team, to explore how they fell into the world of ISO and discuss the common challenges they face while helping clients achieve ISO certification.   In this episode we introduce Darren Morrow, a Senior Consultant at Blackmores, to learn about his journey towards becoming an ISO Consultant and what drives him to help clients on their ISO journey.   You’ll learn ·      What is Darren’s role at Blackmores? ·      What does Darren enjoy outside of consultancy? ·      What path did Darren take to become an ISO Consultant? ·      What is the biggest challenge he’s faced when implementing ISO Standards? ·      What is Darren’s biggest achievement?   Resources ·      Isologyhub ·      Engagement Amplifier Gameplan   In this episode, we talk about: [00:30] Episode Summary – We introduce Darren Morrow, a Senior Consultant here at Blackmores, to discuss his journey towards becoming an ISO consultant who specialises in ISO 9001, ISO 45001, ISO 14001 and ISO 50001.   [03:45] What is Darren’s role at Blackmores? Darren is a Senior Consultant with Blackmores, supporting companies with maintaining systems, undertaking internal audits, and supporting with implementing new systems to gain certification. A key part of his role is translating ISO Standards into plain English, and guides clients on how to apply them in practice. [04:55] What does Darren enjoy doing outside of consultancy?: Darren moved to Norfolk back in 2021 ans has since found the relaxed way of life there to be a great fit. It also offers a lot of good walking opportunities for his 2 Leonberger's (giant breed dogs), who mostly enjoy the local parks and beach walks. Darren is also an avid reader, clocking in a whopping 343 weeks’ worth of reading on his kindle. His favourite genres include:- ·      Crime, thriller, adventure types - Clive Cussler, Michael Connelly, David Baldacci, CJ Box, Dan Brown, James Carol ·      Horror - James Herbert, Stephen King ·      Supernatural, urban fantasy, fantasy - Ben Aaronvitch, Jim Butcher, Raymond E Feist, C S Lewis & Tolkien ·      Historical - CJ Sansom, SJ Parris ·      And Terry Pratchett for a weird dose of reality. He’s also a movie buff, with a collection of over 1,000 films ranging from the 1930’s all the way to modern era. Recently he took on the challenge of watching all the Marvel films in chronological order, which took a few weeks! [10:35] What was Darren’s path towards becoming an ISO Consultant?: Before Blackmores, Darren was the Quality Manager for a company that worked within the Highways Maintenance sector, working there for 8 years. For the first 18 months he was primarily the Quality Manager for a specific contract on the Olympic Park, as that contract came to an end, he moved into the main company Quality Manager role supporting multiple highway term maintenance contracts along with various smaller projects that the business won. Prior to that, he was a SHEQ Advisor within the Rail industry, working for a signaling company. Darren worked there for about 5 years, within head office support roles for quality and health and safety, moving to working on supporting the project teams and project delivery for signaling schemes. Overall, looking back, he’s worked with standards within a quality, health & safety, environmental for around 25 years now.  [13:20] What is Darren’s favourite aspect of being a Consultant? – Darren likes the variety. As an ISO Consultant, he gets to work with lots of different people, companies and industries, so he gets to learn a lot about how they work and how Standards apply to different industries. He also enjoys the fact that after working with clients for a number of years, he becomes just another member of the team.   [15:15] What Standards does Darren specilaise in and why? Starting with: ·      ISO 9001 Quality: This is the main standard that Darren starting working with back in 1999 ·      ISO 45001 Occupational Health and Safety: While working within rail, Darren was given the opportunity to do some training and proceeded to complete NEBOSH courses - general and construction, this proved invaluable in future roles. ·      ISO 14001 Environmental: Darren ended up working with this Standard as part of on-going development. His role as a Quality Manager expanded, and at the time, all external audits with our certification body were coordinated through him. So, for on-going development he completed the NEBOSH environmental managed certificate. ·      ISO 50001 Energy Management: This is one of Darren’s favourites. He’s taken on this standard since working with Blackmores and seemed like a natural progression with the work he was already doing. He likes how this standard helps companies think more about their impacts on the environment in terms of energy consumption. In terms of companies climate change impacts, Darren likes how ISO 50001 can support deep dives into data that is available or not clearly available in many cases to support improvement and reduction in energy consumption. This also can pave the way for those companies that take it more seriously, and progress to newer standards like ISO14064-1 for quantification and reporting of greenhouse gases, but also part 3 for the verification and validation of greenhouse gases. This is where our sister company, Carbonology Ltd, really excel. Darren does his bit with ISO 50001 clients to educate and prepare them for taking more proactive steps towards meaningful energy and carbon reporting. For example, if they grow sufficiently or fall within the parameters of mandatory schemes such as ESOS or SECR reporting, or they just want to do their bit and demonstrate their commitment to minimising their impact on the environment and overall energy consumption. [23:10] What is the biggest challenge Darren had faced during a project and how did he overcome it?: He doesn’t have a single one that stands out, but common issues are usually either down to availability or commitment of the individuals within the company he’s supporting. For example, the company may decide that they require certification to a standard or multiple standards. There will be commitment from some within the business, and there are those that may not see the importance or feel it's not important to them and what they do.  Darren’s job is to support the company in achieving its main goal in gaining certification. His work with the company involved explaining what is to be done and why. He’s found that most of any resistance is because individuals do not know the why and how it impacts them, etc. The other aspect is to make it clear that he is not there to tell them what to do, or that they’re doing it wrong. He works with people to either document the process (where required), help them find improvement in the process and continue to search for improvement. [27:00] What is Darren’s proudest achievement? Darren states that there’s no one definitive achievement to highlight, rather he would say supporting clients who are new to the standards. Working with them and providing knowledge so that they know the 'why' and understand the standards and their processes, and finally seeing the end result with being recommended for certification. The ones that he’s particularly happy with are those that go for multiple standards, that result in recommendation for certification with little or no significant findings from the certification body, it shows that the company has been fully engaged and embedded the overall process into how they work. If you’d like any assistance with implementing ISO standards, get in touch with us, we’d be happy to help! We’d love to hear your views and comments about the ISO Show, here’s how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

A well implemented ISO Management System can improve efficiency, customer satisfaction and drive continual improvement for a business. On the flip side, a poorly implemented Management system will yield little to no results, so what makes the biggest difference between good and bad implementation?  Communication is the key. If no one knows about your Management System, then how can it benefit the business as a whole? In this episode Ian Battersby discusses the importance of effective communication of your Management System, why it’s vital to reap the full benefits of ISO Implementation and gives some examples of how you can communicate elements of your Management system to the wider business. You’ll learn ·      Why do you need to communicate your management system? ·      What do you need to communicate? ·      Why is it important to communicate your Management system? ·      Different ways you can communicate your management system ·      How can you measure effective communication?   Resources ·      Isologyhub ·      How can ISO Standards Support ESG Compliance Workshop   In this episode, we talk about: [00:30] Episode Summary – Ian talks discusses elements of communicating a management system including, why you need to communicate and what needs to be communicated, the importance of doing so and how you can go about doing it. [02:45] Why do you need to communicate your Management System? In every ISO Standard, communication is a requirement. The levels and information specified will vary depending on the Standard, but the principles remain consistent. Ian cites ISO 9004 as providing further guidance to improve on what’s initially required. In Clause 7.4 it states: “The effective communication of policies, strategy, relevant objectives is essential to the sustained success of an organisation.” Going on to state that communication should be “Meaningful, timely and continual” and that there should be some form of feedback within it to be able to address changes in the organisation’s context. So, it’s not just a one time exercise. It also states that: “communication processes should be both vertical and horizontal and be tailored to the differing needs of its recipients, whether internal or external.” So you also need to consider the external communication needs too. [04:35] Empowering through communication: ISO 9004 also talks about engaged, empowered and motivated people and their value as a key resource. These types of people help organisations to create and deliver value, so you should have processes in place for engaging those people, to gather feedback and drive continual improvement. [05:40] Where is Communication referenced in Standards?: Typically, communication is Clause 7.4 in most ISO Standards. Additionally there are elements of communication included in Clause 7.3. Awareness. The Awareness clause focuses on employees knowledge of the Management System, and is more focused on internal communications rather than with external interested parties. [06:25] What should be communicated internally? Under Clause 7.3 Awareness, it requires you to share: ·      Policies ·      Objectives ·      The consequences of non-conformance Other Standards may have additional communication requirements such as ISO 45001, which also highlights the need to share risks, hazards, incidents and the outcomes of investigations.   [07:10] Clause 7.4 Communication – This clause is more about determining internal and external communications. This includes considerations for: ·      What communications are relevant? ·      When should they be communicated? ·      Who should they be communicated to? ·      Who should be the one to communicate this information? Some Standards may also include specifications for communicating legal requirements, such as ISO 14001 and ISO 45001. [08:20] Nuance in effective communication:  One key element of communication is ensuring that it’s understood and applied by the wider business. This doesn’t mean that every employee should be able to parrot a specific policy within a business, but rather they should at least know where to find it and understand the implications for them. [09:40] A link between Communication and Leadership: Leadership plays a key role in communications, and ISO Standards specify that certain elements can’t be delegated to another individual. Clause 5 Leadership specifically states: ·      They shall promote the use of the process approach and risk-based thinking, not delegating that promotion. ·      They should communicate to the importance of the management system and of conforming to that management system. ·      They should engage directly and support persons to contribute to the effectiveness of the system. ·      They should promote continual improvement. ·      They should support other relevant managers to demonstrate their leadership in their areas of responsibility. We’ve stressed the importance of Leadership in the success of a Management System in a previous episode, and their support with communication is a big part of that. [11:20] Communicating Objectives: Clause 6.2 Objectives states that they must be established and communicated. This doesn’t have to be to everyone, so you can be selective and communicate certain objectives relevant to select people. [11:40] How to effectively communicate your management system  – Management systems can be vast, and it can be tricky to know exactly how much to communicate and to who. The first tip is to keep it simple. Translate the ‘Standard speak’ into something recognisable for your business, which may not always be easy if you’re familiar with the Standards terminology. However you need to relate these elements to how people in the business work. Try to keep it brief to avoid confusion. Next, ensure you are assuaging fears. Many are firstly opposed to the introduction of things like Operational Procedures if they’ve not worked with a Management System in place previously. However, all this is in practice is a written format for how they work, it shouldn’t drastically change the way in which they work. Make sure they know this and describe what elements will change i.e. documentation updates. Lastly, they need awareness of the consequences of non-conformance and the need to look for opportunities to improve. [15:25] Communicating Policies – This is a part of all ISO Standards, a Policy can’t just be hidden away in a rarely visited folder. A Policy communicates the intent of top management in an organisation, and is something that should be communicated to everyone, which could include external parties. So, you should try to keep this concise. On one page ideally. As long as you’ve encompassed the vision, values, strategy and top management commitment, and for certain standards a commitment to legal requirements, then you will meet an ISO Standards requirements. Some businesses like to include links to all their procedures within a policy, which by all means, you can, but don’t expect people to read a 48 page policy and understand it enough to apply to their daily working lives.   [17:00] How can you communicate your Management System? – One key objective of communication is to ensure people understand and apply what’s being communicated. To help achieve this, you may want to use multiple methods of communication, including: ·      Feedback options on content i.e. a yes or no check / options to provide feedback ·      Training sessions ·      Intranet page – quick links to relevant content such as policies or audit findings ·      Regular briefings ·      Notice boards ·      Electronic displays ·      Company briefs ·      Team meetings [20:25] How can you measure effective communication? There’s a lot of ways you can assess this, including: ·      E-mail voting – to clarify when people have read specific documents ·      LMS Systems ·      Through SharePoint systems ·      Conduct surveys ·      During Internal Audits All of these can be used as methods of feedback where you can identify further opportunities for improvement from various levels of the business. [21:35] When should you consider external communications? – Clause 4.2 is where you’re required to consider the needs and expectations of interested parties. When going through an anaylsis of these interested parties, you determine what they expect out of your Management System. Standards don’t specify the need to write a communication plan, but they do say who’s going to communicate what to whom, including how and when. In combination with that analysis of interested parties, it creates a solid basis for an effective communications plan. Again, some discretion will be required as not every external party will need to be privy to your internal policies and procedures. Just communicate what’s relevant to them. If you’d like any assistance with implementing ISO standards, get in touch with us, we’d be happy to help! We’d love to hear your views and comments about the ISO Show, here’s how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

Watch the Podcast Video on our YouTube Channel Greenwashing is a concern for both businesses and consumers. The proliferation of it in recent years has caused genuine green claims to be treated with an air of caution rather than being rightfully celebrated.  It’s become clear that there is a need for transparent and substantiated green claims, both to help consumers and stakeholders to make informed decisions and to ensure that real steps towards sustainability are being taken. Is the upcoming EU Green Claims Directive the answer we’ve been looking for? In this episode Mel is joined by Charlie Martin, CEO and Founder of The Anti-Greenwash Charter, to discuss the purpose of the EU Green Claims Directive, who it applies to and what it’s requirements for substantiation and verification mean in practice. You’ll learn ·      What is the purpose of the EU Green Claims Directive? ·      What are the drivers behind this objective? ·      Who is required to comply with the EU Green Claims Directive? ·      What do the requirements for substantiation and verification mean in practice? ·      How will the directive impact the use of carbon offsetting and carbon neutrality claims within the EU?   Resources ·      EU Green Claims Directive ·      Anti-Greenwash Charter ·      How can The Anti-Greenwash Charter can help with the EU Green Claims Directive ·      Green Claims Policy Template ·      Carbonology   In this episode, we talk about: [00:30] Episode Summary – Charlie Martin joins Mel to discuss the upcoming EU Green Claims Directive, who it applies to and what it’s requirements mean in practice. [02:30] What is the purpose of the EU Green Claims Directive?: This directive is a new law, not simply a voluntary scheme that businesses can opt into. It’s a regulation that governs all voluntary green or environmental claims made by organisations operating within the EU, and requires data to back these claims up. Another key fundamental of this directive is the need for independent verification of any claims before they’re made public. [04:35] What are the main drivers for the EU Green Claims Directive?: One of the key drivers is combatting the rampant rise in greenwashing. It’s created a culture of mistrust around green claims, which makes it difficult for stakeholders and consumers to make informed decisions on who to work with or buy from. Greenwashing also makes it harder to tackle bigger environmental concerns. With misleading data, we can’t accurately measure businesses impact on the environment, which is essential if we are to take meaningful action to reduce our impact. Ultimately, greenwashing practices are slowing down our ability to effectively reduce our impact as a collective. We are at a point where sustainability related decisions need to be made quickly. [08:00] Clearer Communications: This directive also has more control over what you can and can’t say in relation to green claims. By waiting until that independent verification has occurred, businesses can feel confident in the information they’re communicating. [09:30] What is Green Masking? Coined by Carbonology, green masking is where organisations are essentially marking their own homework and hiding behind that fact. It’s where no independent verification has taken place, which can result in a lack of accuracy and transparency. [10:25] Who needs to comply with the EU Green Claims Directive? – This is an EU based regulation, so if you’re located within the EU you will be expected to comply with this law. If you do business within the EU, so if you’re based in the UK and sell to Europe, then you will also fall under this jurisdiction as well. [11:25] What is required by the EU Green Claims Directive?: A full summary of the directive’s requirements can be found on the EU website. A simple break down of these requirements is also available on The Anti-Greenwash Charter website. Charlie recommends familiarising yourself with the EU Green Claims Directive requirements initially, which are written to suit how businesses generally operate. He also advises that you seek legal assistance as well as sustainability and marketing experts or consultants to get a full picture of how you can comply with these requirements. [13:35] There is an emphasis on substantiation and verification in the EU Green Claims Directive – what does this mean in practice? A green claim doesn’t account for much if you’re marking your own homework. For it to be truly substantiated, it needs to be verified by an independent third party. The Directive also highlights the need for life cycle data, and its inclusion within the verification process. This will give businesses a more wholistic view of the impact of the materials they use, the products they use and services they deliver. Charlie encourages businesses to get a head start on this now, not only due to the benefits it can bring but also to get ahead of the tightening of sustainability legislation that is coming down the road for the UK. [16:15] How will the directive impact the use of carbon offsetting and carbon neutrality claims within the EU? Businesses are going to have to be crystal clear in their terminology in terms of their substantiated claims. There is going to be a lot more scrutiny on the quality of evidence provided for carbon claims, so businesses may want to outsource help with analysing the relevant carbon data and communicating any claims and offsetting efforts.    [18:25] Is the Directive ambitious enough? Or could it be strengthened?  – Previous attempts to enforce sustainability regulations have been rather weak, and time will tell if this EU Directive is set to change that pattern. Charlie praises the Directives approach to best practice, though that will evolve further as time goes on. He thinks that the use of generative AI and how that impacts and influences sustainability communications needs to be considered further. It’s all still quite new, so this may be added in down the line. The Anti-Greenwash Charter already have considerations for responsible AI use within communications and data processing within their Green Claims Policy Template. They caution any signatories of their Charter to be very careful with the use of AI to support data collection and analysis, as it has the tendency to ‘hallucinate’, and companies will be held responsible for any mishaps related to incorrect results provided by AI. [23:00] What are the potential consequences for businesses that fail to meet the requirements of the EU Green Claims Directive? – The penalties will be significant, including both fines and potential bans in areas such as marketing, advertising and promoting sustainability claims on the basis of malpractice. Time will tell on how these penalties are delivered and to what extent within the EU and UK. It shares similarities with other regulations, such as ESOS, where a phased approach was implemented for organisations that met certain criteria. [25:00] How can The Anti-Greenwash Chater help organisations comply with the EU Green Claims Directive? – Since it’s inception in 2022, they have paid close attention to the Directive’s development, utilising any improvements and iterations to bolster their own process. As a result, a lot of the work they do with signatories directly aligns with and facilitates the delivery of the foundations of the Directive. Examples of this include: Independent verification – Their Green Claims Policy has to include a green claims database, so any claim that a business want to make has to have the relevant data to back it up. It also requires specification of what third party that business used to verify that evidence. Accessibility of evidence – This is stressed within the EU Green Claims Directive, and is easily fulfilled with the creation of a green claims database as specified by The Anti-Greenwash Charters’ Green Claims Policy. A full summary of how The Anti-Greenwash Charter can help with compliance to the EU Green Claims Directive is available on their website. [27:55] How will the EU Green Claims Directive will impact consumer trust in environmental claims? – There’s currently an issue with the flooding of sustainability related communications. With greenwashing so rampant, making an informed decision as a consumer is really difficult. The standardisation of sustainability credibility and substantiation is what the EU Green Claims Directive aims to do. Ultimately, it will act as a trustworthy marker for stakeholders and consumers to make an informed decision quickly. If you’d like to learn more about The Anti-Greenwash Charter, visit their website! If you’d like any assistance with carbon standards, get in touch with Carbonology, they’d be happy to help! We’d love to hear your views and comments about the ISO Show, here’s how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

Watch the Podcast Video on our YouTube Channel We are hitting a crunch point in regard to keeping to the 1.5°C limit as set out in the Paris Agreement. It’s going to take a collective effort to reduce the most catastrophic impacts of climate change, which is exactly why we’re seeing an increase in legislation and regulations that call for tangible evidence of sustainability efforts to combat the rise in greenwashing.  If you’re looking for guidance on sustainability transparency, today’s guest has an initiative that can help. In this episode Mel is joined by Charlie Martin, CEO and Founder of The Anti-Greenwash Charter, to discuss how their charter promotes transparency and accountability for sustainability claims, and how it can help consumers to identify credible carbon claims. You’ll learn ·      What is The Anti-Greenwash Charter ·      How can the Charter ensure credible carbon claims? ·      What are the biggest challenges businesses face in measuring their carbon footprint? ·      How can The Anti-Greenwash Charter help consumers to spot credible carbon claims? ·      What role do governments and regulatory bodies play in combatting greenwashing?   Resources ·      Anti-Greenwash Charter ·      Green Claims Policy Template ·      Carbonology   In this episode, we talk about: [00:30] Episode Summary – Charlie Martin joins Mel to discuss how The Anti-Greenwash Charter can help promote accountability and transparency in sustainability claims, and how it can help consumers identify credible carbon claims.    [01:50] What inspired the creation of The Anti-Greenwash Charter?: Charlie used to run an agency called Gusta, which was a UK based business that worked on sustainability communication for organisations in the built environment. His focused shifted when the Competitions and Markets authority in the UK published their Green Claims Code alongside research which found that 40% of sustainability-related messaging online was misleading. At the same time, they had 2 very proactive clients (1 of which was going through B Corp certification) that highlighted that the CMA had not named the built environment as one of the affected sectors. They pointed out that the built environment accounts for 40% of all emissions, so were likely to be targeted by such regulations next. They asked to run a campaign that would Increase confidence both internally within their sectors and externally in their sustainability messaging. It was decided that a publicly available document would be the best way forward to proactively disclose their carbon reduction related activities. Other ideas were added for an editorial process to include legal, sustainability and marketing feedback ahead of publishing. Essentially, the origins are rooted in the notion of a green claims policy, which developed into a more robust accreditation signatory. [06:30] How does Charlie define Greenwashing?: Charlie defines greenwashing as "overstating or misleading stakeholders regarding the environmental credentials of an organization, service, or product. Charlie explains that there are two types of greenwashing: direct and indirect. Direct greenwashing involves making false claims about a product's environmental benefits, while indirect greenwashing involves making true claims that are irrelevant or misleading. [08:00] What are the key principles of the charter, and how do you ensure adherence among signatories?: The 4 key principles are: ·      Accountability ·      Honesty ·      Fairness ·      Transparency If you’d like to know more about each principle in more detail, visit The Anti-Greenwash Charter website. Taking a look at transparency in more detail, it’s not just about sharing all the best sustainability related news for your business, it’s about being willing and upfront with areas where you’re not as strong. One keyway they ensure signatories adhere to this principle involves publicly displacing their green claims policies. The first section of every policy is ‘where can we improve?’ – they specify this as there isn’t a company that is 100% environmentally sustainable, and businesses need to be honest about this if they want to improve. [12:15] What are Charlie’s thoughts on the current state of Net Zero claims? There are some promising developments, such as the upcoming Green Claims Directive, which has more requirements set around how people make claims and being held accountable for those. It’s challenging for everyone to navigate, and the big thing here to remember is that everyone is clumsy when it comes to Net Zero. Businesses are trying their best, but when getting deep into the topic of sustainability, it becomes clear how broad it truly is. Ultimately, people have to be okay with getting things wrong. Some people see setting ambitious targets as dangerous, but if we don’t push for them, change is going to happen at a snails pace. There is a need for credible, substantiated plans that are in-line with best practice, but we need to be careful to not go too far in that direction to ensure that it helps rather than hinders sustainability efforts. Innovation should be encouraged and not punished if mistakes are made or certain really ambitious targets aren’t met within a certain timeframe. Mel highlights that Standards such as ISO 14064 are great frameworks to guide businesses in measuring their carbon footprint, with guidance that encourages independent third party verification for further transparency. [15:40] The Green Claims Directive and Transparency – Charlie highlights that the Green Claims Directive identifies independent third party verification as a mandatory requirement of claims made before they’re disclosed publicly. As this is also something that The Anti-Greenwash Charter encourages, signatories are already ahead of the curve. [17:10] What are the biggest challenges that companies are facing in accurately measuring their carbon footprint and how does the Charter help to address these challenges? The main challenge is accurately measuring their carbon footprint, and the charter acts as a signpost with referral partners who can assist with this aspect of their sustainability journey. Another challenge is communication. So you’ve got your substantiated claims and green credentials, but how do you go about communicating that? That’s one of the crucial elements that The Anti-Greenwash Charter can help with. As mentioned earlier, they can help verify a publicly available green claims policy, which is a huge step towards credible carbon claims. If you’d like an example of this, you can download Anti-Greenwash Charters’ green claims policy template from their website – which provides a step-by-step guide on producing one of your own.   [20:50] What are the broader benefits for companies that adopt a transparent and credible green claim? Charlie explains that signatories have used their status as a signatory for their Charter on tender frameworks, and won due to that fact. Another benefit is the Charters’ credibility, which gives external stakeholders confidence that a business is doing what they claim to be doing. They also offer anti-greenwashing awareness training, which gives those within the business the tools and techniques that can be utilised in any published content to ensure they aren’t making any greenwashing claims. [22:25] The negative effects of greenwashing on well meaning businesses: Charlie and Mel both highlight the sad reality that many businesses would prefer to simply not make any green initiatives or claims public for fear that if they are not done 100% successfully then there’s a chance for reputational damage. The need for robust sustainability frameworks that build confidence is clear. Due diligence is important, and so is the need to allow room for mistakes to happen, so long as businesses take the necessary steps to fix them and keep continually improving. [27:15] What role does Charlie see governments and regulatory bodies playing in combating greenwashing, and what policy changes would he like to see? – The EU Green Claims Directive is currently best in class as it requires businesses to look at the consequences of their impact on the environment, in addition to the requirement for independent verification to back up any claims made. Other regulations here in the UK, like the Green Claims Code, is weaker in comparison. It was watered down through negotiation into a more voluntary scheme. For us here in the UK, we really do need to align with Europe, as their regulations are a lot more robust and offer a tangible path towards a united greener future. There are other benefits, as Mel highlights from her Masters research, there is compelling evidence that a company’s value increases by an average of 10% if their carbon claims are independently verified. [32:35] What are Charlie’s aspirations for The Anti-Greenwash Charter? And what are his hopes for the future of credible carbon claims? – They’re really keen to become a multinational signatory, which is already showing promise as they’ve had interest from the US and Australia. Charlie envisions a future where businesses publish a green claims policy regardless of if it’s mandated by legislation. This is so we can build confidence in green claims being made and be assured that people are doing what they say they’re doing. To help with credibility and transparency, The Anti-Greenwash Charter has been incorporated as a not-for-profit organisation. Charlie wants to reaffirm that they started this to ultimately reduce the impact businesses make on the planet, and they are fully committed to this goal. If you’d like to learn more about The Anti-Greenwash Charter, visit their website! If you’d like any assistance with carbon standards, get in touch with Carbonology, they’d be happy to help! We’d love to hear your views and comments about the ISO Show, here’s how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

ISO Standards have been at the forefront of creating a unified approach to various aspects of sustainability, ensuring businesses have a robust framework to both manage and reduce their environmental impact.  However, there are a lot of different sustainability Standards that cover specific areas of sustainability, or only apply to certain sectors. Each come with their own pros and cons, making it tricky to pick the best fit for you.   In this episode Steph Churchman introduces four of the leading sustainability focused ISO Standards and explains the benefits and disadvantages of each to help you decide which could be the best fit for your business. You’ll learn ·      Learn about our upcoming ESG Workshop ·      What is ISO 14001? ·      What are the pros and cons of ISO 14001? ·      What is ISO 50001? ·      What are the pros and cons of ISO 50001? ·      What is ISO 20400? ·      What are the pros and cons of ISO 20400? ·      What is ISO 14064? ·      What are the pros and cons of ISO 14064?   Resources ·      Isologyhub ·      Register for our ESG Workshop (26th March 2025)     In this episode, we talk about: [02:05] Episode Summary – Steph discusses the leading sustainability ISO Standards, and explains the advantages and disadvantages of each.   [02:45] ESG Workshop: On the 26th March 2025 we’ll be explaining how ISO Standards directly support ESG compliance, and we’re including the opportunity to participate in 1 of 3 interactive sessions that tackle things like completing a materiality assessment, a balance scorecard and learning more about the current mandatory ESG reporting requirements.  Register your place here. [03:15] What is ISO 14001?: ISO 14001 is the Standard for Environmental Management. Published back in 1996, this Standard is one of the staples in the ISO world. Its main purpose is to establish and implement an effective environmental management system (EMS), with the primary goal of helping organizations to minimize their environmental impact and achieve sustainability objectives. It sets out general requirements for: ·      Pollution control ·      Reduction of your impact on the environment ·      And compliance to relevant legislation It is also due for a revision soon, with the latest version expected to include further considerations for changes to available technology, more emphasis on product life-cycle and supply chain issues and further guidance on integrating environmental issues into your strategic planning. [04:35] What are the benefits of ISO 14001?: Reducing environmental impact: By identifying and controlling environmental aspects, organizations can minimize pollution, reduce waste, and conserve resources. Improved compliance: ISO 14001 helps organizations comply with environmental regulations and legal requirements, such as the environment Act 2021, reducing the risk of fines and penalties. Improved efficiency: ISO 14001 helps to tighten production processes, leading to better efficiency and reduction in the risk of incidents. It also removes uncertainty by managing disruption and waste and helps to clarify staff responsibility. Enhanced reputation: Demonstrating a commitment to environmental responsibility can enhance your reputation and brand image, attracting environmentally conscious customers and stakeholders. Cost savings: Implementing an EMS can lead to cost savings through improved resource efficiency, reduced waste disposal costs, and lower energy consumption. Businesses can also benefit from reduced insurance costs by demonstrating better risk management. Increased competitiveness: ISO 14001 certification can give organizations a competitive advantage in the marketplace, particularly in sectors where environmental performance is a key consideration. [06:45] What are the disadvantages of ISO 14001? Initial costs: Implementing an EMS requires an initial investment in resources, including training, documentation, potentially hiring consultants, and if you’re going for certification, that will incur its own costs  from a certification body too. Ongoing maintenance: Maintaining an EMS requires ongoing effort and resources to ensure compliance with the standard and continuous improvement. Potential for bureaucracy: If not implemented effectively, an EMS can become cumbersome, hindering operational efficiency. Limited scope: ISO 14001 focuses primarily on environmental aspects within an organization's direct control, and may not address broader environmental impacts or social responsibility concerns – which is where other Standards can fill the gap. [08:05] What is ISO 50001? – ISO 50001 is an internationally recognized standard that provides a framework for organizations to establish, implement, and maintain an Energy Management System (EnMS). The primary goal is to help organizations improve energy performance, including reducing energy consumption, increasing energy efficiency, and using energy more effectively.   [08:40] What are the benefits of ISO 50001? Reduced energy costs: By identifying and addressing energy inefficiencies, you can significantly reduce your energy bills. We had great success with this when we worked closely with a branch of the NHS, where their initial energy spend was around £2.8 million which was reduced by £1 million as a result of implementing ISO 50001. Improved energy performance: ISO 50001 helps organizations establish baselines, set targets, and track progress in improving energy performance. This is vital as you can’t hope to reduce what you can’t measure. Enhanced environmental performance: Reduced energy consumption leads to lower greenhouse gas emissions and a reduced environmental impact. Often times, energy usage is the largest impact many organisations have on the environment, especially for those who may only have an office or warehouse. Increased competitiveness: Demonstrating a commitment to energy efficiency can enhance an organization's reputation and attract environmentally conscious customers and stakeholders.   Improved operational efficiency: An energy management system can lead to improved operational efficiency through better resource management and reduced waste. [10:55] What are the disadvantages of ISO 50001? Initial investment: Implementing an EnMS requires an initial investment in resources, including training, data collection, and possible help from a consultancy. Limited Guidance: Calculating your energy usage can be complicated, especially if you’re spread across multiple sites and countries. In cases where you’re renting space, you may face difficulties obtaining the information needed, then on top of that is the actual calculation which may involve conversion factors if you’ve got international sites in scope. Resistance to change: Implementing changes to energy-using processes can sometimes meet with resistance from employees. A lot of practices will require a change in habits, such as turning off and unplugging all devices when leaving an office, or more frequent checks on equipment to ensure it’s running optimally. Limited scope: ISO 50001 focuses primarily on energy performance within an organization's direct control and may not address broader energy-related issues or the entire supply chain – which includes its own energy consumption considerations. [12:30] What is ISO 20400? – ISO 20400 is an internationally recognized standard that provides guidance on sustainable procurement. It helps organizations integrate sustainability considerations into their procurement processes, ensuring that environmental, social, and economic factors are taken into account when making purchasing decisions.   This Standard differs from the others as it’s not a certifiable Standard. It’s a guidance document that you can align with. For those of you looking into ESG schemes, this Standard is often citied as a key tool to help get you in the right place for scoring. In addition, for those of you looking into more comprehensive carbon reporting, Supply chains are often one of the biggest sources of emissions. Alignment with that Standard will allow you to take a good hard look at the suppliers you work with, and determine if they hold the same sustainability values as you. [13:25] What are the benefits of ISO 20400? – Reduced environmental impact: By selecting suppliers with strong environmental performance, businesses can reduce their overall environmental footprint. You also have a great chance to help influence your own supply chain, we know that if you’ve had a reliable supplier for a number of years, it’s not just a simple case of cut and move on. Improved social responsibility: ISO 20400 encourages organizations to consider the social and ethical impacts of their procurement decisions, such as fair labor practices and human rights.  Enhanced reputation: Demonstrating a commitment to sustainable procurement can enhance your reputation and brand image. It shows that you’re thinking and acting sustainably from start to finish for either your product production or service delivery. Cost savings: Sustainable procurement practices can lead to cost savings through reduced waste, improved resource efficiency, and lower long-term maintenance costs. Increased innovation: Working with sustainable suppliers can expose you to new technologies, products, and services that can improve your own operations. [15:35] What are the disadvantages of ISO 20400? – Increased complexity: Integrating sustainability considerations into procurement processes can add complexity and require additional resources. This would include supplier checks before working with new suppliers and a review of all current suppliers to see where improvement could be made. Finding sustainable suppliers: Identifying and qualifying sustainable suppliers can be challenging. Though more businesses are certainly making an effort to be more sustainable, ensuring they have proof of their claims is essential. Potential for higher costs: In some cases, sustainable products and services may have a higher initial cost compared to conventional options. Limited scope: ISO 20400 focuses primarily on procurement practices and may not address broader sustainability issues within the organization. This is where ISO 20400 can be supported by certifiable standards such as ISO 14001 and ISO 50001. [17:00] What is ISO 14064? – ISO 14064-1 is an internationally recognized standard that provides a framework for organizations to quantify and report their greenhouse gas (GHG) emissions and removals. It helps organizations to: ·      Understand their carbon footprint ·      Set reduction targets ·      Engage in carbon markets ·      Improve environmental performance [17:45] What are the benefits of ISO 14064? Improved data quality: The standard provides a robust methodology for collecting, analyzing, and reporting GHG emissions data, ensuring accuracy and consistency. Set achievable reduction targets: By having an accurate way to measure your impact, you can look to set realistic and more importantly achievable reduction targets. Enhanced credibility and transparency: Both consumers and stakeholders are increasingly looking at real tangible evidence of your carbon claims. Simply having a sustainability page full of promises is no longer enough, you need facts and figures to back up what you say you’re doing. Reduced climate risk: By understanding and managing your GreenHouse Gas emissions, you can better mitigate the risks associated with climate change, such as regulatory changes and physical impacts. Competitive advantage: In an increasingly climate-conscious world, businesses that can demonstrate their environmental performance through credible GHG reporting will gain a competitive advantage. [19:30] What are the disadvantages of ISO 14064? Initial investment: Much like the other Standards, if you want to do this right you will have to invest time, resources and money. That could include hiring consultants to help you with the necessary calculations, and if you wish to go for full verification, then there will be an additional cost from a verification body. Ongoing maintenance: Maintaining an accurate and up-to-date GHG inventory requires ongoing effort and resources. Monitoring your emissions doesn’t stop once you get a verification badge, it will be on-going. Data complexity: Collecting and analyzing GHG emissions data can be complex, especially for large and diverse organizations. So, you may need some initial help to do and understand this yourselves. Limited scope: ISO 14064-1 focuses primarily on the quantification and reporting of GHG emissions and removals, and may not address broader sustainability issues. If you’d like any assistance with implementing any of these Standards, get in touch with us, we’d be happy to help! We’d love to hear your views and comments about the ISO Show, here’s how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

If you’ve ever implemented an ISO Standard, then the term Management Review will be familiar to you.  It’s a mandatory part of the implementation process, and a crucial tool for monitoring continual improvement. Somewhere down the line, it’s become a bit of a myth that a Management Review needs to be an annual meeting. That is simply not the case, while required by the Standard, it’s very flexible on how this could be achieved. In this episode Ian discusses the purpose of Management Review, including what you should be including and getting out of the review and breaks down the fallacy of the annual event. You’ll learn ·      What is the purpose of a Management Review? ·      What are the common misconceptions about Management Review? ·      How Management Review supports other clause requirements ·      What are the inputs for Management Review? ·      What are the outputs of a Management Review?   Resources ·      Isologyhub ·      How to conduct a Management Review ·      How to get the most out of your Management Review   In this episode, we talk about: [02:05] Episode Summary – Ian discusses the real purpose of Management Review, and dispels the myth of the annual event. [02:35] What is the purpose of a Management Review?: Management Review is a requirement of all ISO Standards. It’s main purpose is to check if your Management System is fit for purpose, and what needs to be updated to ensure it aligns with your businesses objectives and strategic direction. In short, it’s there as a check to see what’s working well and what’s not working well, in addition to continual improvement considerations. [03:30] What are some common misconceptions about Management Review?: Some common misconceptions include:- ·      That it’s simply a formality – Rubber-stamping things and missing out on the opportunity to effectively monitor management system progress ·      That It must be once a year ·      Having to review everything in excruciating detail i.e. all audit findings ·      The need to update the risk assessment and re-jigging scores ·      That you must review and update your SWOT/PESTLE ·      Or review and update all management system documentation ·      That it’s the perfect opportunity to re-write a policy There is a time and place for all of these, and you could tackle some of this in a Management Review if you really want to, but that is not the main purpose of a Management Review. [04:50] How Management Review supports other clause requirements - Leadership: If we take ISO 9001 as an example, the Leadership clause states: “Top management shall demonstrate leadership and commitment with respect to the quality management system by: a) taking accountability for the effectiveness of the quality management system e) ensuring that the resources needed for the quality management system are available g) ensuring that the quality management system achieves its intended results” These requirements at first glance may seem like they’d require a lot of effort and monitoring of many different factors, but in actuality they can all be satisfied through effective Management Review. [05:55] What involvement is required from top management? As stated in ISO Standards:- “Top management shall review the organization’s management system, at planned intervals, to ensure its continuing suitability, adequacy, effectiveness and alignment with the strategic direction of the organization.” Top management also have involvement in the following elements of implementing and maintaining a management system: ·      Context ·      IPs ·      Risks/Ops ·      Objectives ·      Policy ·      Support ·      Operation ·      Performance monitoring Management Review relates specifically to ‘performance monitoring’, but that in of itself will include elements of all the other clauses within the Standard, and many of those require top managements involvement on some level. [07:45] The fallacy of the annual event – The Management Review clause specifically states that a Management Review should be ‘carried out at planned intervals’. Many had interpreted that as once a year, which has been the prevailing myth for decades. Looking at the Standard, no where does it say ‘once a year’, planned intervals means it could be once a month, it could be once a week, it could be a set points during the summer. When deciding on these planned intervals, take into consideration the nature of your business, the size of your business, the risks associated with it and the maturity of your Management System. This will determine how frequent the Management Review should be, as it will differ for every business. [09:10] Examples of Management Review frequency – Ian has worked in an organisation where they had a rather grand Management Review process, where top management and other relevant individuals meet to review the past year and set the scene for the following year. That same organisation also had monthly meetings with the same members of top management to keep on top of new and on-going issues. That isn’t to say this is the only way to run Management Review. Some opt to have quarterly meetings, others once every 6 months and some even leave it to once a year. [10:40] What is required of Management Review? Inputs – Clause 9.3 details the requirements of Management Reivew in most Standards (some swap 9.3 and 9.2 around, but the contents remains the same). First, the inputs required for Management Review include: The status of actions from previous management reviews - If you said you were going to do something before, how’s that going? Changes in external and internal issues that are relevant to the quality management system - this doesn’t mean that every meeting should consider the SWOT/PESTLE/IP tables, but there must be some determination of when that’s done in detail and when a senior mgt discussion should include the key aspects of that and its impact. There is a need to review these things when required anyway, so doing it only at pre-defined times can be problematic. Information on the performance and effectiveness of the quality management system, including tends in:- ·      Customer satisfaction and feedback from relevant interested parties; ·      The extent to which objectives have been met; ·      Process performance and conformity of products and services; ·      Nonconformities and corrective actions; ·      Monitoring and measurement results; ·      Audit results; ·      The performance of external providers; ·      The adequacy of resources; ·      The effectiveness of actions taken to address risks and opportunities; ·      Opportunities for improvement. [20:45] What is required of Management Review? Outputs – You will also have a number of outputs from Management Review, including:- Opportunities for Improvement – This could be as a result or reviewing audit findings and discussing the OFI’s found and how you can address and implement these. You could also use the Management Review to review and set new objectives for the year ahead. Any need for changes to the management system – You may need to review policies and procedures and see if they’re still fit for purpose, if they’re not then this is a good venue to discuss and update them. Other aspects that may have changed or will have a need to change include: ·      Interested parties – have their needs and expectations changed? ·      People – Do you need to change the people involved with certain processes? ·      Awareness – Do you need to raise more awareness around a specific topic? Resource needs – You may need to raise the need for more resourcing in regard to the management system or related processes. If you’d like to learn about alternative ways to host a Management Review, listen to one of our previous episodes. We’d love to hear your views and comments about the ISO Show, here’s how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

The importance of setting key objectives can’t be understated. They help drive continual improvement and reflect a business’s key metrics for success in various areas. They are also a key aspect of implementing an ISO Standard, with most specifying a dedicated Objectives clause. While most businesses will have objectives irrespective of any ISO certification, many may fall into the familiar trappings of having separate objectives for different departments, which only serves to fragment your measurement of success. In this episode Ian discusses the importance of setting key business objectives, and why you should be aligning these with your strategic direction.   You’ll learn ·      What is the Annex SL format and why was it introduced? ·      What is meant by ‘Strategic Direction’? ·      The importance of risks and opportunities in objective planning ·      Who are setting key business objectives important? ·      How can you align objectives with a businesses strategic direction?   Resources ·      Isologyhub     In this episode, we talk about: [02:05] Episode Summary – Ian discusses how to align objectives with the strategic direction of the business, and why it’s important to do so.    [02:55] What is the Annex SL format and why was it introduced?: The Annex SL format refers to the standard 10 clause structure that we now see in most ISO Standards. Introduced back in 2015, it sought to address the issues with integrating multiple Standards, in addition to making them more accessible to every sector. Prior to 2015, many ISO standards were designed with specific sectors in mind, using terminology that would make sense to them, but perhaps not to others. The Annes SL format now uses the same language across all ISO’s, making It easy to integrate multiple ISO compliant Management Systems. [06:10] What is meant by the term Strategic Direction? Leadership: This is a term that appears in ISO 9001 5 times. We first see it in Clause 5 – Leadership, where it states: “Top management shall demonstrate leadership and commitment with respect to the management system by ensuring that the policy of objectives are established for the management system and are compatible with the context and strategic direction of the organisation.” This is where it’s made explicitly clear that leadership / management are responsible for ensuring the Management System aligns with the way their business runs, in addition to integrating it into existing processes. [07:05] What is meant by the term Strategic Direction? Management Review: It also appear in clause 9.3 Management Review, where it states: “Top management shall review the organisation system at planned intervals to ensure its continuing suitability adequacy, effectiveness and alignment with the strategic direction of the organisation.” Again, this reinforces the need for top management to be involved to ensure that the Management System is in alignment with their overall goals. [08:40] What is meant by the term Strategic Direction? Context of the Organisation: It also appears at the very start of the auditable clauses, in Clause 4 – Context of the organisation, where it states: “The organisation shall determine the external and internal issues which are relevant to its purpose and its strategic direction.” This involves looking at issues from a legal, technical, competitive, cultural and economic point of view, and many of these will be determined by top or broader management within the business. They ultimately have the most influence in how a Management System is built, therefore have the most influence on how the policies and objectives are created. [10:45] The importance of risks and opportunities in Objective planning – Clause 6 (Planning) is where we address risks and opportunities raised in clause 4. It states that ‘Objectives must be established at relevant functions, levels and processes.” For us at Blackmores, we directly relate the findings from a risks and opportunities assessment (such as a SWOT & PESTLE), and link these to our objectives to try and minimise those risks. We also leverage the opportunities, by making them real tangible goals to work towards – seems obvious but we often see businesses missing the link between these exercises! [12:00] How can you set Objectives in alignment with Strategic Direction?: Many businesses now build their mission, values and strategic direction around sustainability and general ESG. When building a management system, you need to consider how it affects those sustainability / ESG goals, because that is essentially the context of your organisation. So, you’d need to consider: How does environmental performance, health & safety performance or legal compliance contribute to the success of the management system as a whole? You don’t have to be going for ISO 14001 or ISO 45001 for these things to matter, even a quality management system can contribute to sustainability goals. This can be through improving economic performance by reducing waste ect. Also, don’t be afraid to relate economic performance to your management system. If you have a turnover goal of X, mention that in your context documentation, and also consider how the management system can contribute to achieving that goal i.e. through processes, controls, monitoring and improvement activity. Also consider your client requirements, they may require an accident rate below X which can also be included in context documentation and can then be factored into your management system measures and objectives if need be to achieve that. [16:55] How do you establish your objectives? – First you must establish context, and that context must be relevant to the purpose and strategic direction of the business. The context setting must include those who understand that context, strategic direction and the purpose of the business, the risks and opportunities must be assessed in relation to that context, which in turn is already aligned with strategic direction. Finally the objectives must be set in relation to those risks and opportunities. It's all about having the right people to identify the relevant issues affecting the organisation, and setting concrete objectives in order to improve that. We’d love to hear your views and comments about the ISO Show, here’s how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

AI usage has skyrocketed in the past 2 years, with many commonplace apps and software now featuring an AI integration in some form.  With the rapid development and possibilities unlocked with this powerful technology, it can be tempting to go full steam ahead with implementing AI use into your day-to-day business activities. However, new technologies come with new risks that need to be understood and mitigated before any potential incidents. In this episode Mark Philip, Information Security Manager at Cloud Direct, joins Ian to discuss emerging AI risks and how you can build AI resilience into your existing practices. You’ll learn ·      Who is Mark? ·      Who is Cloud Direct? ·      How can you assess your current level of AI resilience? ·      What are some of the key threats that AI systems currently face, and how can you mitigate these? ·      How can you utilise AI to enhance your security? ·      What is best practice when responding to an AI related security incident?   Resources ·      Cloud Direct ·      Isologyhub    In this episode, we talk about: [02:05] Episode Summary – We invite Cloud Direct’s Information Security Manager, Mark Philip, onto the show to discuss AI risks and how to build in AI resilience into your existing security practices.   [03:25] Who is Mark Philip?: While his primary role is as an Information Security Manager at Cloud Direct, a little known fact about him is that he is an amateur triathlete! At London earlier in 2024, he was lucky enough to bump into Alistair Brownlee, who is the UK’s two time gold olympic medalist in triathlon. [05:10] Who are Cloud Direct? – Founded in 2003, Cloud Direct are a Microsoft Azure expert MSP that is the top of Microsoft accreditation that any partner can hold, putting them in the top 5% of Microsoft partners globally. They offer consultancy and professional managed services, specialising in Microsoft Cloud, which is all underpinned with security across the whole Microsoft stack. They also assist with digital transformation and modernisation. [06:30] Assessing the current AI risk landscape: Ian points out that a recent report from the Capgemini Research Institute found that 97% or organisations are using generative AI. With this increase in AI use, there is a correlation with an increase in security incidents related to AI. Mark adds that this technology is so new, with a lot of larger software companies such as Microsoft pushing AI elements into their tools. So there is a learning curve involved with utilising the technology. There is also a lack of Risk Assessment being done in relation to AI, not a lot of though is going into the use of AI on a day-to-day basis. If you’re using an AI platform, you need to ask yourself: What is this platform actually doing with the data I’m inputting? There is also the fact that shady individuals are already leveraging this technology with the likes of deep fakes, bad bots and more sophisticated phishing schemes – and the harsh truth is that they’re going to get better at it over time. [08:20] What is AI resilience and why is it so important? – AI resilience is about equipping businesses with the processes that control the use and deployment of AI usage, so that they can anticipate and mitigate any AI risks effectively. Similar to ISO Standards, this would involve a risk-based approach. However, this will look very different depending on your business and how you are using AI. For example, the risks of someone using AI to generate a transcript of meeting notes will be much lower in comparison to a healthcare company using complex sets of data with AI to synthesize new medicines. So, if you are using AI you need to consider what the inherent risks could be, and that would be dependent on the data you’re processing i.e. is it sensitive data? And then factor in if the software is publicly available (such as ChatGPT), or it is a closed model under your control? Asking these types of questions will give you a more realistic outlook on the risk landscape you face. [10:35] How can a business assess their current level of AI resilience? AI is here to stay, so you won’t be able to avoid if forever. So first, you need to embrace and understand it, and that includes creating a clear picture of your use cases. Mark states they did this exercise internally at Cloud Direct when they were starting to use Microsoft’s Co-Pilot. They asked themselves: ·      What sort of data is the software interacting with? ·      What data are we putting into it? ·      How do Microsoft manage the program and related security? ·      Are Mircrosoft storing any of that data? It’s not just about the security either, you need to understand why your using AI and if it will actually be to your benefit. A lot of people are using it because it’s new and shiny, but if it’s not actively helping you achieve your business goals, then it’s more of a distraction than anything else. For those looking for additional guidance on AI policies, risks and resilience, there’s a lot of guidance provided by both ISO and the NCSC. ISO 42001 in particular is useful for both people using AI and developers creating AI. If you’re stuck on where to start, a Gap Analysis is a fantastic tool to see where you are currently and what gaps you need to bridge in your security to cover any AI usage, and to see how well you are complying with current legal requirements (the EU AI Act is now in effect!). Another tool is a Risk Assessment. You may not process what many would consider sensitive data, such as healthcare information, but even if you store and hold customer data, then you need to ensure that any AI you use doesn’t pose a risk to it. [14:30] How can AI improve security and resilience? – Sticking with Microsoft as an example, as they are releasing a lot of AI driven tools, they can be used to fill gaps that humans may not have the time to do. Once example of this is monitoring and sending security alerts, previously a system may have just sent this to a human member of staff to resolve, but now AI security tools can act on those alerts on your behalf. So, if you have limited IT resources, this could be a fantastic addition to your security set-up. It also eliminates the lag of human response, and AI can look at things in a way a human wouldn’t think to.   [17:55] How do people stay ahead of the curve in the evolving AI landscape? – You should be using the myriad of resources available to learn about AI, as there are webinars, social media feeds, blogs and videos released constantly. Microsoft in particular are offering a comprehensive feed of information relating to AI, the risks and new technologies in development. The key is to understand AI before integrating it into your business. Don’t just jump at the new shiny toys being advertised to you, go to reputable sources such as the ICO, NCSC, Cyber Essentials and regulatory bodies to learn about the technology, the benefits it can bring in addition to the risks you need to mitigate against. Mark can vouch for Microsoft’s though leadership in this field, as they keep all of their customers up-to-date with all of their AI related developments. Cloud Direct themselves are also putting out some great content, so don’t forget to check out their resources. If you are already utilising Microsoft’s tools, the Cloud Direct can help explain how their new tools can apply to your business. If you’re looking for assistance with ISO 42001, then Blackmores can help you with implementing a robust AI Management System. [21:40] What is best practice when responding to an AI related incident? – To be honest, there’s no reason to not treat it like any other security incident. We’ve already adapted to more sophisticated security risks as a result of the move towards home and hybrid working over the pandemic. This simply another stage along in this ever changing security landscape. You should treat it like assessing any new step, and you likely have all the processes in place for analysing risk already in place, simply apply them to the usage of AI and put in place the necessary governance based on your findings. Standards such as ISO 20000 IT Service Management and ISO 22301 Business Continuity are fantastic tools of you’re new to this sort of incident response planning. If you’ve already been certified to these standards, then you likely have the following in place already: ·      Risk Assessments ·      Business Impact Assessments ·      Business Continuity Plans ·      Recovery Plans Simply add AI as an additional risk factor into your existing management system and update the necessary documentation to include actions and considerations for its use. If you update your Business Continuity and recovery plans, then make sure to test them! Don’t just assume that they will work, put them to the test and adjust until you’re comfortable that in a real incident, everyone in the business knows how to react, what to communicate and how to get back up and running. [24:00] What are Mark’s predictions for the field of AI resilience? – People need to look at the opportunities in utilising AI, a lot of people are using it without really understanding it so there’s a lot of learning still to do. So, he expects to see a lot of businesses fully grasping how they can use AI to their advantage in the coming years. With that comes the challenge of ensuring it’s integrated safely, with the right governance embedded to ensure its safe and ethical usage across entire organisations. Another big challenge is the handling data privacy within AI. Scams are only going to get more complex as AI develops, and you need to ensure your business can protect against that as much as possible. Also businesses should carefully consider what AI platforms they choose to use. Ensure you understand what data is being input and stored, and the level of control you have over it. All of this to say, there are a lot of massive benefits of using AI and you should shy away from it. But, you need to ensure you are using it safely and ethically. [27:30] What is Mark’s book recommendation? – The hunt for Red October by Tom Clancy [28:45] What is Mark’s favorite quote? – “I have a bad feeling about this…” – Star Wars Want to learn more about Cloud Direct? Check out their website. We’d love to hear your views and comments about the ISO Show, here’s how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

The uptick in greenwashing cases, and subsequent outing of these claims only serves to make stakeholders and consumers dubious of any businesses sustainability pledges. One key way to combat this is to have the information to back up your claims, something that is becoming a mandatory requirement for some depending on  sector, location or company size. In this episode, Mel dives into the use of ISO 14064 and how verification to this internationally recognised Standard can help companies build trust and ensure their climate action claims are genuine and impactful. You’ll learn ·      What is Greenmasking? ·      Why there is a need for transparency in green claims ·      What is Greenhouse Gas Statement Verification? ·      What is ISO 14064? ·      How can ISO 14064 Verification combat greenmasking?   Resources ·      Carbonology ·      7 Shades of Greenwashing Guide   In this episode, we talk about: [02:05] Episode Summary – In this episode, Mel delves into the world of ISO 14064 and explores how verification under this international standard can help companies build trust and ensure their climate action claims are genuine. Catch-up with the previous episodes in the series here: The Rise of Greenwashing The 7 Shades of Greenwashing [03:05] What is greenmasking?: Greenmasking (a term coined by Carbonology®) is used to describe the practice where organisations self-certify their environmental impact without independent verification. This means they claim their green credentials are accurate while avoiding transparency about their methodology and data. Essentially, they are "marking their own homework," which can lead to misleading claims about their sustainability efforts. This could be compared to someone completing their own MOT and signing it off themselves, instead of taking it to a qualified mechanic. Obviously, that MOT certificate wouldn’t be valid in that case, and would have no credibility when it came to selling the car. [04:45] The need for transparency – For carbon reporting to succeed globally, enforcement will need to be standardised across all nations. With transparency around ESG initiatives increasingly important, you need to be able to objectively and accurately measure and report on your carbon footprint. Some to keep an eye on include the Green Claims Directive and the Anti-Greenwashing Charter. Stakeholders are now looking for independent Verification of the accuracy of your emissions data and your calculated carbon footprint through Standards such as ISO 14064-3. [07:05] What is Greenhouse Gas (GHG) Statement Verification? - GHG Verification is the engagement of an independent third-party by an organisation to provide Verification of their GHG statements using standards such as ISO 14064-3. Carbon footprint Verification involves, collecting data and reporting on your emissions from your company’s activities, and then independently verifying its accuracy to provide assurance to stakeholders that your claims are transparent and true. If you’d like to learn more about the differences between the Greenhouse Gas Protocol and ISO 14064, check out a previous episode. [08:10] What is ISO 14064-1 and ISO 14064-3? – This is the specification for Greenhouse Gas emissions reporting and part 3 is the specification for verifying that, covering more elements than the Greenhouse Gas protocol. The reporting requires you to collect data from various sources across your scope 1, 2 and 3 emissions, collating it into a report and then have that report independently checked against the requirements of ISO 14064. [09:45] How can Greenhouse Gas Verification combat greenmasking? – ·      Highlights integrity - Verification against ISO 14064-1 highlights the veracity of your systems and processes to prove your GHG inventory, assertions and reports conform to the ISO 14064 standard; and are free from errors, omissions or misstatements, demonstrating the highest integrity of your GHG reporting. ·      Validation of Net Zero goals - Verification against ISO 14064-1, establishes the integrity of your claims towards Net Zero. ·      Verify success - Verification against ISO 14064-1 provides assurance of your carbon footprint declarations which will give confidence in achieving the projected emission reductions ·      Stakeholder assurance - Stakeholders are increasingly looking for independent Verification of GHG Data to prove reduction are achieved year on year Download a copy of The 7 Shades of Greenwashing from Carbonology’s website here. If you would like some assistance with carbon Standards and reporting, simply get in touch with the team over at Carbonology.   We’d love to hear your views and comments about the ISO Show, here’s how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List