The ISO Show

There’s no escaping it, AI is here to stay. Over the course of 2023 we’ve seen more general and public use of popular AI tools such as ChatGPT and Gemini (previously Google Bard). It’s now even being integrated into everyday applications such as Microsoft Word and Teams. There is no doubt that there are a lot of benefits to using AI, however, with new technology comes new risks. So how do we address the growing concerns around AI development and use? That’s where the new Standard for AI Management Systems, ISO 42001 comes in! Join Mel this week as she explains exactly what ISO 42001 is, who it’s applicable to, why it was created and how ISO 42001 can help businesses manage AI risks. You’ll learn ·       What ISO 42001 AI Management Systems is ·       Who it’s applicable to ·       Why it was created ·       How ISO 42001 can help businesses manage AI risks   Resources ·       Isologyhub ·       ISO 42001 Webinar registration   In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:05] Episode summary: Today we’re touching on a very topical subject – AI, and more specifically the brand new AI Management System Standard – IS0 42001. We’ll also be exploring who it’s applicable to, why it was created and how it can help businesses manage AI risks. [03:30] What is AI? – AI – otherwise known as Artificial intelligence, as it’s most simplest description is the science of making machines think like humans. We’ve seen a lot of AI tools be released to the public over the last year or so, tools such as ChatGPT and Google Bard. It’s already being integrated with some of the most commonly used apps and programs like Microsoft word and Teams. In short, AI integration is here to stay, so we may as well get to grips with it and make sure we’re using it responsibly. [05:10] What is ISO 42001? – , ISO 42001 is the first International Standard for Artificial Intelligence Management Systems, designed to help organisations implement, maintain, and improve AI management practices. It was jointly published in December 2023 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). The emphasis of ISO 42001 is on integrating an AI Management System with an organisations existing management system – i.e. ISO 9001 or ISO 27001 compliant management systems. Interestingly, a lot of the specific mentions of Artificial Intelligence and Machine Learning are within the Annexes rather than the body of the Standard. The Standard itself is very similar to ISO 27001 in that it’s mostly about what organisations should be doing to manage computer systems regardless of any AI components. [08:00] The 4 Annexes of ISO 42001: Annex A: This acts as a Management guide for AI system development, with a focus on trustworthiness. Annex B: This provides implementation guidance for AI controls, with specific measures for Artificial intelligence and Machine Learning – if you’d like to learn more about the difference between the two, go back and listen to episode 135. Annex C: Which addresses AI-related organisational objectives and risk sources. Annex D: This one is about the domains and sectors in which an AI system may be used. It also addresses certification, and we’re pleased to see that it actively encourages the use of third-party conformity assessment. This just ensures that your AI claims have more validity. [09:15] Who is ISO 42001 applicable to? – Those annex descriptions may have you assuming that this Standard is only applicable to organisations developing AI technology but in actuality it’s applicable to any organisation who is involved in developing, deploying OR Using AI systems. So if you’re a company who is only utilising AI in your day to day activities, it’s still very much applicable to you! [10:20] Join the isologyhub and get access to limitless ISO resources  – From as little as £99 a month, you can have unlimited access to hundreds of online training courses and achieve certification for completion of courses along the way, which will take you from learner to practitioner to leader in no time. Simply head on over to the isologyhub to sign-up or book a demo. [12:25] Why was ISO 42001 created?: ·       To address the unprecedented rapid growth of AI and all the risks that come with this new technology. ·       To ensure that AI development and use are trustworthy and above all, ethical. ·       The public are also reasonably wary of this new technology, so ISO 42001 aims to help build more public trust and confidence in the future use of AI . ·       ISO 42001 acts as guidance for organisations on exactly how to integrate AI Management controls with their existing systems. [14:05] AI risks you should be aware of – This isn’t an exhaustive list, as the technology develops, more risks will become known. However, as of the start of 2024, you should be aware of: Inaccurate information – Many of the chat bots and public AI tools are trained on publicly available information, and as we all know, not everything on the internet is true. So the output from these chat bots will need to be checked and verified by a person before being used or published. AI bias – Studies have proven that AI results can still be bias. As all the data fed into it is all based on existing information, it still presents the issue of a lack of information from underrepresented groups, or existing bias based on existing data. Time sensitivity – Not all AI use live data sets. Google Bard does, however Chat GPT is only accurate up until 2021. So double check whichever tool you’re using to make sure the information it produces is up-to-date. Plagiarism – Data gathered using AI came from somewhere! If you simply copy and paste information provided by AI platforms, there’s a chance you may be plagiarising existing content. Be sure to just use AI as a starting point! Security risks – Use of AI can expose you to additional security risks, For example, malicious actors could send someone an email with a hidden prompt injection in it. If the receiver happened to use an AI virtual assistant, the attacker might be able to manipulate it into sending the attacker personal information from the victim’s emails. Data Poisoning – AI uses large data sets to train its models, and we currently rely on these data sets being relatively accurate. However, researchers have found that it’s possible to poison data sets – so in future, AI may not be very reliable if preventative measures aren’t put in place by AI developers. [17:45] How can ISO 42001 help business manage these risks? – Above all, it provides a structured approach to identify, assess, and mitigate AI risks. ISO 42001 includes the guidance needed to put this in place from the start to ensure you don’t fall prey to the risks mentioned, with a view to monitor and update to address new risks in future. It promotes transparency and accountability throughout the AI life cycle. It helps ensure fairness, non-discrimination, and respect for human rights in AI development and deployment. It will help minimise potential legal and ethical liabilities associated with AI. The UK’s current GDPR and Data Protection Act can loosely cover aspects of AI, depending on how the terminology is applied, but there are already dedicated AI based regulations being developed within the EU which will likely be adopted by the UK.  It can foster innovation and accelerate adoption of responsible AI practices. And lastly, it provides a common language and framework for collaboration on AI projects. [21:35] Don’t miss out on our ISO 42001 webinar – We’re partnering with PJR to bring you a 2-part webinar series on ISO 42001. Catch the first part on the 5th March 2024 at 3pm GMT, register your interest here. If you’d like to book a demo for the isologyhub, simply contact us and we’d be happy to give you a tour. We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

We have over 18 years experience of implementing various ISO’s, covering a wide range of topics such as Quality, Sustainability, Information Security and Risk. With a 100% success rate, we’re confident in our consistent approach to implementing ISO’s, so much so that we’ve coined our own unique methodology.   Our regular listeners may be familiar with the term ‘isology’ from previous episodes referencing our online platform – the isologyhub. But what is isology exactly? Put simply, isology is our 7-step method for implementing any ISO Standard. Join Mel this week as she breaks down each of the 7 steps, including the planning, creation and review of an ISO Management System. You’ll learn ·       Our experience implementing ISO’s ·       The origin of isology ·       What is isology? ·       The seven steps of isology   Resources ·       Isologyhub ·       Isology synopsis   In this episode, we talk about: [00:25] Episode Summary – Mel Blackmore will be explaining our world leading methodology to implement any ISO Standard, which we’ve affectionately named ‘Isology’. [00:45] The creation of isology: We’ve been implementing ISO Standards for 18 years, starting with ISO 9001 and have since expanded our repertoire to over 20 ISO Standards covering risk, sustainability, quality and Information Security. The creation of the isology methodology has been a team effort from all of the consultants who have worked with Blackmores over the years, and is primarily built on best practice. [01:35] Step 1: Plan – Get a copy of the Standard, determine your scope, timescales, leadership commitment, resources and selecting a Certification Body. Timescales: This is typically around 6 months, but could be longer or shorter depending on your specific requirements. Resources: As an example, if you were looking to obtain ISO 14001 certification, you may need to appoint a sustainability champion. For ISO 27001 you’ll need a representative from the IT department. Selecting a Certification Body: Ensure whichever Certification Body you choose is UKAS accredited. You can check this on the UKAS website. International listeners will need to verify on your country’s national accreditation body website.   [03:45] Step 2: Discover – Time to understand what you have in place already and what you’re missing – this is done through a Gap Analysis. This will often involve an initial meeting with the leadership team to establish what you already have in place, i.e. relevant policies and procedures or any relevant objectives. We break this down step-by-step and document it all in a Gap Analysis, which will deduce your current level of compliance. From this an action plan can be created to indicate what needs to be done to become fully compliant, including assigning roles to assist with the Implementation. [05:30] Step 3: Expose - This is where we look at risks and opportunities related to your desired Standard (both internally and externally). This is typically done through a SWOT (Strengths, Weaknesses, Opportunities and Threats) and PESTLE (Policital, Economic, Social, Technological, Legal and Ethical). In this stage you will also need to understand the key requirements of any relevant stakeholders, so this can include clients, subcontractors, regulatory bodies ect. A Risk Register may be created to capture the findings to be addressed later. Some ISO’s require a Risk Register, others don’t, but in our experience it’s beneficial to have one regardless. Companies are also encouraged to create a Legal Register to keep track of all their statutory, regulatory and contractual requirements. [07:50] Step 4: Create – Time to review the requirements of the Standard in terms of documentation – and create what’s needed. This includes capturing your way of working with documented Procedures, so make sure you have the relevant staff involved in their creation. Something to remember, you can have additional policy statements that aren’t required by the Standard. If they are important to you, add them in! We’re in a modern age now, gone are the days of paper manuals gathering dust on an office shelf. Software and applications may be where the bulk of your Management System documentation lives. For example, at Blackmores we use a combination of Monday.com and SharePoint to manage all of our day-to-day activities, including our own ISO 9001 compliant Management System. The key here is to make your Management System accessible for everyone. [10:20] Step 5: Launch  – Once the Management System has found its home, you need to communicate it. Consider the type of launch you want and who will be involved. Make sure you encourage engagement with the Management System. Why should you Launch your Management System? Quite simply, there isn’t much point in having controls in your business if no one knows about them! We have 2 key ways of supporting you with the launch of your Management system: 1)    We can run an awareness session on your Management System either in person or via Teams. It can then be recorded and used as refresher / induction training. 2)    Get access to the isologyhub – out online platform with a suite of over 200 ISO courses, training, tools and templates. [12:15] Step 6: Engage - After the launch you want to ensure that employees are fully engaged and they actually not only are aware of the policies and procedures that you've got in place, but they're actively using them. The only way to verify this is through Internal Audits – that’s not just our opinion, that’s a mandatory requirement of any ISO Standard. We can assist with conducting these Internal Audits, which double up as a dummy run ahead of your assessment visits. These audits are essentially a show and tell exercise to gather evidence that you’re doing what you say your doing. [13:55] Step 7: Review - Time to take a step back and look at what’s been achieved and what’s been highlighted as areas for improvement through your Internal Audits. This is done at what we call a Management Review. These are typically conducted as meetings, but they don’t have to be a meeting specifically. We’ve done a podcast covering other ways to conduct this review. At this Management Review you will collate data on the performance of your business in relation to the ISO Standard. The minutes must be recorded, as your Assessor will expect to see these as it’s a mandatory requirement of any ISO Standard. If you’d like to learn more about what’s involved with a Stage 1 and 2 Assessment, go back and listen to a previous episode. If you’d like to book a demo for the isologyhub, simply contact us and we’d be happy to give you a tour. We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

The deadline is looming over the horizon as October 2025 marks end of the validity of ISO 27001:2013 certificates. Have you made a start on your transition journey? If not, you really should make a start in 2024 to ensure you’re all set well before that final deadline. The first step is to decide if you want to do it yourself or enlist the help of a professional consultant. For those that want to tackle it yourselves, you’re in luck! As we have just the tool to help: The ISO 27001:2022 Transition Gameplan. In this weeks’ episode, Steph Churchman, Communications Manager at Blackmores, explains why you need to transition to the 2022 version of the Standard and outlines the 7-step ISO 27001:2022 Transition Gameplan available on the isologyhub. You’ll learn ·       Why do you need to transition to ISO 27001:2022? ·       What happens if you don’t transition? ·       What is the ISO 27001:2022 Transition Gameplan? ·       An overview of the 7-step Gameplan   Resources ·       Isologyhub ·       ISO 27001 Transition Gameplan   In this episode, we talk about: [00:25] A different host – Steph Churchman, Communications Manager at Blackmores, steps in to cover today’s episode. She’s heavily involved with the development and updating of the isologyhub, and will be explaining one of the latest Gameplan’s: The ISO 27001:2022 Transition Gameplan [01:15] Why do you need to transition to ISO 27001:2022? The October 2025 deadline is fast approaching, so you really should be making a start in 2024 if you’ve not already. [01:45] Who needs to transition to ISO 27001:2022? – Basically, anyone who is currently certified under ISO 27001:2013 will have to transition to the updated Standard. One of the main reasons why we recommend getting a head start on this is , Certification Bodies will undoubtedly have a large demand for transition audits in 2025, when everyone’s rushing to get it done last minute. This results in a shortage of resources from the CB’s,  and you may end up struggling to get booked in time. [02:35] What happens if you don’t transition in time? – The harsh truth is you will lose your ISO 27001 certification. This then means you’ll be required to go through another Stage 1 and 2 Assessment against the latest version of ISO 27001, which can be costly. Another key reason is the latest version of ISO 27001 also considers a lot of new technologies that weren’t around back when the last version was published. You can imagine now that there are a lot more cybersecurity risks to consider with all the latest technology that has been released in that time. Put simply, it’s for the benefit of your Information Security to ensure you are adhering to the most recent best practice Standards. [03:40] What is the ISO 27001:2022 Transition Gameplan? This Gameplan will walk you through the stages of transition, which align to our proven isology® approach. Isology being our methodology for implementing any ISO Standard, based on our 18+ years of experience. In this Gameplan we provide training videos on the changes to ISO 27001, along with specific training videos covering each of the new Annex A controls that you will need to be familiar with, along with templates and workbooks to take you through the process from beginning to end.  [04:20] Step 1: Plan – Before you begin on your journey, it’s advised to understand the main changes to the standard. We’ve summarised the high-level changes in a previous podcast, and included a quick summary in the first step of the Gameplan. In this first step, you’ll also find guidance on how to prepare for your Certification Body visit. You really do need to do this early on to help establish a realistic timeline to complete your transition work. [04:55] Step 2: Discover  – At this stage, you need to get to grips with the changes to the Standard. There have been a number of controls changed, and 11 completely new ones added. We did cover a select few of these new controls in a few previous podcasts: #111, #112, #113, #114 In this Discover step we provide a number of awareness videos to explore these new controls and changes in detail, including how they may apply to your business. We’ve also included a downloadable PDF guide to these changes, in case you’d like to share this information internally. [05:40] Step 3: Expose - In this step we’ve included an ISO 27001:2022 transition workbook, which will act as a guide for all your transition activities. The first being the conducting of a Gap Analysis against the latest version of the Standard. After completing this, you will have a much better idea of where your main gaps and vulnerabilities are, so you can start putting the necessary controls in place to ensure compliance with ISO 27001:2022. We’ve also included a summary of the main Management System documentation that will need to be updated ahead of your transition visit. [06:20] Step 4: Create - This is the step where you will be implementing those changes as a result of your Gap Analysis. This will also be guided by that workbook, and we have provided some additional templates and resources to aid you. These include: ·       A Statement of Applicability Template ·       Annex A Control Mapping ·       ISO 27001 Management Review Template [07:15] Step 5: Launch – It’s not just about updating your documentation, you will obviously need to communicate these changes to the wider business. In this step we go over a few options for your launch plan – including guidance for both a soft launch and an all-in launch. To help you decide which one would be the best fit for you, we’ve included a full summary of each method in addition to a pro’s and con’s list for each. [08:30] Step 6: Engage – The last stages are all about gathering evidence of compliance against new and updated clauses and controls. In this step we provide some insight into what’s required from your Internal Audits and Management Review ahead of your transition visit. If you wanted to get some more tips on carrying out internal Audits within your business – we also offer a full Internal Auditor course on the hub that covers the core skills needed to complete those. If you become a member of the hub, you’ll get access to our whole library of resources – which includes a wealth of ISO related tools, templates and training videos. [09:20] Step 7: Review – This last step will help you prepare for the transition visit with your certification body. We touch on what you should expect from your Certification Body ahead of the transition visit, and include guidance on carrying out a final Document and evidence check to make sure you’re all good to go. If you’d like to book a demo for the isologyhub, simply contact us and we’d be happy to give you a tour. We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

Did you know that in the UK alone, 22 million pieces of furniture are discarded each year, the majority of which goes directly to landfill. That amounts to an estimated 670,000 tonnes of furniture wasted, where a significant portion could be recycled and reused. (Source) It’s clear to see the need for a more sustainable approach to furniture design, manufacture and lifecycle, which is where today’s guest, Design Conformity, come in. Design Conformity live and breathe circular design, the process for creating products sustainably from the beginning, and offer a Life Cycle Assessment Certification Process which has already led to significant carbon reductions. Mel is joined by Adam Hamilton-Fletcher, Founder and Director at Design Conformity, to discuss the application of circular design within the furniture manufacture industry and explain how their Life Cycle Assessment certification process can help businesses reduce their carbon footprint. You’ll learn ·       Who are Design Conformity? ·       What is circular design and how does it help companies reduce their carbon footprint? ·       What are the benefits of Design Conformity’s certification? ·       Can sustainability be of financial and environmental benefit to businesses? ·       Examples of circular design in practice   Resources ·       The ISO Show ·       Design Conformity ·       Carbon Calculator ·       Circular Design Guide   In this episode, we talk about: [00:25] Introducing today’s guest – We welcome Adam Hamilton-Fletcher, Founder and Director at Design Conformity, onto the show. Design Conformity are currently setting the standard in retail sustainability, particularly in relation to the furniture industry. [01:30] Who are Design Conformity? Adam worked in the manufacturing industry for about 15 years, designing lighting systems for major retailers like boots, Next, Marks & Spencers and Morrisons. He worked primarily with the lighting used in displays, and had been tasked with selling lighting products. In order to do so, he needed to develop a specification to help understand customer requirements, which would then be used to develop their ideal solution. The problem: There were little to no Standards in UK and Europe for the retail display industry. Which directly led to the creation of Design Conformity – who started out as an electrical and lighting Standard certification company, that developed into a full carbon certification company. They aim to become the gold Standard for sustainable furniture design. [03:10] What is Circular Design? – Circular design is born out of this principle of a circular economy. To compare, a linear economy is when we take a raw material, use it, process it, and then it’s just disposed of, usually straight to landfill. Whereas, circular economy is where we take that waste product and we design it so that it can be repurposed and refreshed and reused. Those materials can then eventually be recycled – so the goal is to not use any raw materials at any point. Circular design is the intent to minimise environmental impact, to design equipment that could be reused and repurposed, and then at the end of its life be recycled. [04:05] How do Design Conformity operate? – Design Conformity look at the way that companies design their furniture and then take them through a learning process (online course). They help businesses to understand how to design a product in such a way where it can be repurposed or reused, where raw material usage can be reduced and where the shipping requirements can be reduced. They provide guidance and advice on recommended materials, including the provision on an online carbon calculator. They also provide reporting in alignment with existing carbon standards, such as ISO 14064, for product evaluation. [06:55] How can the Carbon Calculator help? By selecting a product of a particular type, you can use the estimator by entering the details of where and what you’re manufacturing, and then it will give you a carbon footprint for that, which you can use to compare that against other industry designers. It displays these other designers anonymously, but you can get a feel for if your product is above or below the average for carbon emissions.  [08:55] An example of the Carbon Calculator in practice –  Design Conformity recently worked with Costa Coffee, who were looking to reduce the environmental impact of their of their shops and coffee lounges. The beginning of that process is to work with their manufacturers, to identify the environmental impact of the furniture that they've got. They used the Carbon Calculator to help create an initial benchmark, which highlighted key indicators that can lead to carbon reductions. [09:35] Design Conformity’s Certification – They’ve borrowed the concept used by existing Energy Performance Certificates, by having a carbon efficiency index, ranging from C1 – C7. Their score is a bit more unique however as it incorporates elements of circular design. Their score is based on a products total carbon emissions, divided by it’s size and total lifespan. An Ecolabel is then awarded based on the final score. [11:45] What are the benefits of Design Conformity’s certification?:- ·       It’s a mix between carbon reporting and a carbon rating. ·       It’s easier for consumers to understand the benefits in comparison to companies that advertise compliance with ISO 14064 and PAS 2060. ·       Not just a green label, as reporting is a key component of gaining certification. ·       It provides a cradle to cradle analysis on a products carbon footprint and translates that into something that is recognisable. [14:15] Are businesses right to be skeptical about the value of the cost versus the value of environmental certification?– 100%! It’s not uncommon for eco labels to be more of a marketing tool rather than a tool for tangible carbon reduction. A lot of them out there are unregulated and are contributing to green washing. That’s where Design Conformity’s differs, as they actually collate and process real data to provide tangible value and add credibility to their claims.  [16:10] Will there be a time where sustainability can be of financial and environmental benefit to businesses? – Yes, absolutely!  And if there is a way to do that, it’s through Circular Design. As an example, if you’re a manufacturing company that’s producing shelving, you need to buy in steel, which can fluctuate a lot in price at any given time. But you don’t need to buy more steel every time, where instead you could get your original product back, reprocess and redistribute. Adam has experience of suppliers who are practicing this, they purchase their products back at 40%-50% of the price, saving a lot of money in raw material! [19:00] Examples of companies who have embraced circular design – Tesco: They’ve introduced a policy whereby they purchase metal shelving, use it for 5 years, then take it back out of the store to get powder coated, cleaned and reintroduced to the store. That reduces the carbon footprint by 70% in comparison to buying a new shelving set! Boots: Their beauty halls wanted to introduce a lot of new brands, which meant a lot more displays were needed. Boots started working with Design Conformity towards earning their certification, specifically in relation to the lighting they used in stores. With Design Confomity’s help, they managed to reduce the carbon footprint at selected stores by 39%! [21:20] Circular Design Guide – 14 people were involved in creating this guide, which is designed to give you an introduction to and overview of circular design. Access it over on their website. If you’d like assistance with any ISO Standards, get in contact with Blackmores and we’ll be happy to help 😊 We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

For those in the ISO Space, you may be very familiar with the term ‘Certification’ in relation to ISO Standards. However, for certain ISO Standards there is a different type of terminology you need to be aware of. The demand for a more unified and structured approach to reduce carbon emissions has resulted in a few carbon related ISO Standards to be published over the last few years. Standards such as ISO 14064 (Carbon Verification) and ISO 14068 (Climate Change Management) use the term ‘Verification’ rather than ‘Certification’. So, what’s the difference between the two? Join Mel in this weeks’ episode as she explains the key differences between the terms ‘Certification’ and ‘Verification’ in relation to ISO Standards. You’ll learn ·       What is Certification? ·       What is Verification? ·       What is the difference between certification and verification? ·       What’s involved with Verification? ·       Is there a demand for Verification in the UK and overseas?   Resources ·       The ISO Show ·       Carbonology   In this episode, we talk about: [00:25] Episode summary – Listeners familiar with the world of ISO will know of the term ‘Certification’, however the release of new Carbon related Standards such as ISO 14064 and ISO 14068 has brought in a new term: ‘Verification’ This episode, we’ll explain the difference between the two. If you’d like to learn more about ISO 14064 and ISO 14068, check out episode 72 and episode 158. [02:00] What is Certification? – Quiet simply, Certification is for businesses who wish to certify an ISO Management system – so a company wishing to implement a Quality Management system to ISO 9001, would get the ISO System certified by an accredited Certification Body. [02:25] What is Verification? – Verification is the confirmation of a claim, through the provision of objective evidence, that specified requirements have been fulfilled.  Therefore ISO 14064 the carbon footprint verification standard is a standard that is verified not certified. The ‘claim’ or ‘statement’ is typically the QES ‘Qualifying Explanatory Statement’.  If you’d like to find out more about this, then checkout Episodes 91 to 97, where David Algar, Principal Carbonologist at Carbonology explains in more detail. [03:35] Setting the record straight – Some organisations (and even Certification Bodies!) have been stating they have been certified to PAS 2060 or ISO 14064 – which is technically incorrect.  As a certificate is not issued and they're not certified. [04:30] Think of Verification as an MOT: A simple analogy for Verification is a car MOT. This is an annual check to verify that a claim is correct, much like an MOT, someone must inspect evidence and check that everything is as claimed – not unlike checking under a car bonnet and checking tires to see if everything is in working order. [05:20] What is the difference between accreditation for certification and verification bodies? –  For ISO Certification, certification bodies must adhere to ISO 17021:2015. This standard basically provides a requirements for bodies providing audit and certification of management systems, and applies to CB’s like BSI or NQA. There are many others here in the UK, simply visit the UKAS website to find a list of accredited CB’s. In other countries, simply go to your national accreditation body website to find a full list. [06:40] Accreditation for Verification Bodies – Verification Bodies need to adhere to ISO 17029, which was a Standard first published in 2019. That standards title is: Conformity assessment, general principles and requirements for validation and verification bodies. Both Standards provide structure and governance to basically ensure that standards are either certified or verified to a level playing field. [07:20] Watch out for the cowboys – Unfortunately, there are some fake third party so-called certification and verification bodies that offer certification and verification. They do not adhere to either ISO 17025 or ISO 17029, and instead play by their own rules. Which results in utterly worthless (and very expensive) ‘certificates’ that won’t hold up under scrutiny in tendering applications. So please ensure you use an Accredited Certification or Verification Body! [07:48] What are the differences between Certification and Verification? Certification in more detail – Certification of an ISO Management System means of providing assurance that the organisation has implemented a system, so they've got the policies, procedures and controls in place against the relevant activities for their products and services to be delivered. Certification for management system provides that independence, that impartiality that the company is actually doing what they say that they're doing, and that it's effectively implemented. If you want to get certified, you need to undertake an Assessment. Typically this is done in two parts – A Stage 1 Assessment is a document review and Stage 2 Assessment is the evidence to prove that the companies following its policies and procedures. [09:35] What are the differences between Certification and Verification? Verification in more detail – There are actually 2 definitions for Verification: 1: The process for evaluating a statement of historical data and information to determine the statement is materially correct and conforms to criteria in 3.6.10. 2: It's a confirmation of a claim through a provision of objective evidence that specified requirements have been fulfilled. There are a couple of notes with this one, including: ·       Verification is considered to be a process for evaluating a claim based on historical data and information to determine whether the claim is materially correct and conforms with specified requirements. ·       Verification is applied to claims regarding events that have already occurred are results that have already been obtained, confirmation of truthfulness. [11:30] Avoiding Greenwashing – Now more than ever is the time to actually have systems in place to be able to verify that claims are factually correct. A key thing to note with both Verification definitions is that they state you can only make a claim for a certain period – again, much like an MOT. [12:55] What’s involved with Verification? – There are a few ways to gather the historical data needed for verifiers, here’s a few: ·       Observation; ·       Inquiry; ·       Analytical testing; ·       Confirmation; ·       Recalculation; ·       Examination; ·       Retracing; ·       Control testing; ·       Estimate testing; ·       Cross-checking; ·       Reconciliation From those terms alone, you can tell that this is a much more analytical approach than compared with Certification. [14:30] What’s the current status of Verification in the UK and overseas (as of 2024) – In addition to being the Managing Director of Blackmores, Mel is also CEO of Carbonology – a sister company dedicated to Carbon Standards. Across both companies, we’re seeing a lot of interest in Sustainability Standards such as ISO 14001 and ISO 50001. At this current time, there is not so much of a demand for Verification and as such, there’s not a demand for third-party verification at this stage. There is however, a demand for an impartial second-party Verification to back up an organisations’ claims. [16:15] Need any help with ISO 14064 or ISO 14068? – Get in contact with Carbonology and speak to our expert Carbonologists.   If you’d like assistance with other ISO Standards, get in contact with Blackmores and we’ll be happy to help 😊 We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

ISO Standards are internationally recognised as the gold standard for best practice within a variety of subjects and sectors.  But what ISO Standards are the most popular across the whole globe? And are there any trends that can be gleaned? Thankfully, the International Standards Organization runs a yearly survey to find out! Join Mel in this weeks’ episode as she breaks down the top 10 ISO Standards Implemented globally, where they are most popular and identifies key trends. You’ll learn ·       What are the top 10 Implemented ISO Standards? ·       What Standards are gaining traction? ·       Where are the top 10 Standards most popular? ·       Are there any trends within the top 10 Implemented ISO Standards?   Resources ·       The ISO Show ·       ISO.org   In this episode, we talk about: [00:25] Don’t forget to subscribe and leave a review – We love sharing top tips and dispelling myths about ISO Standards. Help us reach a wider audience by subscribing on your preferred media player, and leaving us a review 😊   [01:10] Episode summary – We’ll be taking a look at the top 10 most popular ISO Standards based on the ISO Survey, run annually by iso.org. The survey results break down the number of ISO Certificates issued, and highlights which countries and sectors these Standards are most popular in. We’re basing this episode on the 2022 results, as the 2023 results won’t be out until later this year. We’ll do another episode on the 2023 results to see what’s changed – so keep an eye out for that! [02:14] #1: ISO 9001 – No surprises here! The Quality Management Standard is still top of the pops. It’s holding strong with a 12% increase based on the previous year. It’s most popular within the Construction, wholesale & retail, electrical, machinery & equipment sectors. China is in the lead with number of certificates issues (by a very large margin!), followed by Italy, India, Germany and the UK. [03:30] #2: ISO 14001 – We’re happy to see the Environmental Management Standard so popular! In fact, it’s had a 21% increase over the previous year! It’s most popular in China, Japan, Italy, UK and Spain. Construction is the leading sector, but we’ve also seen an increase in the number of professional services choosing to adopt this Standard. [04:15] #3: ISO 45001: Coming in at #3 we have the Occupational Health & Safety Management Standard. This has seen an even bigger increase in demand, 29% more than the previous year. China still leads the way with number of certificates issued, but the UK and Australia are not far behind. Interestingly, there is little uptake within the Agriculture sector, which is concerning considering they consistently have the highest injury and death statistics year on year (in the UK according to the annual HSE reports). [05:25] #4: ISO 27001 –  The Information Security Management Standard comes in at #4, with a 21% increase in demand over the previous year. Unsurprisingly, it’s increased primarily in the IT sector, but that’s followed by transport, storage and communications, along with financial services and real estate / renting. [06:00] #5: ISO 22000 – The Standard for Food Safety Management makes it into the top 10, with it being more popular in Taiwan and Greece. The sector specific information for this particular Standard is slim, but it’s applicable to any organisation involved in the making, packing and distribution of food, as well as organisations in the hospitality sector. [06:30] #6: ISO 13485 – This is the Standard for Medical Devices. The USA are leading the way with certificates issued, followed by France, Germany and Italy. We’re pleased to see that none of these ISO Standards are in any decline, and only seem to be increasing in popularity as the years go by. [07:20] #7: ISO 50001 – This is the Standard for Energy Management, if you’d like to learn more about this Standard, check out a few of our previous episodes. ISO 50001 has seen a 33% increase in demand, which is amazing to see! We hope this is a sign of more organisations taking climate change seriously, and taking the appropriate steps to start reducing their impact. China is still in the lead where number of certificates issued is concerned, followed by Germany, Spain, Italy and France.   [08:25] #8: ISO 20000 – The Service Management Standard is still very popular within countries where we see a lot of call center activity. This used to be known as the ‘IT Service Management Standard’, but it has since evolved and encompasses Service Management as a whole. We did a podcast episode covering this Standard in 2023, so go back and listen if you’d like to find out more. No surprises to see China still in the lead with number of certificates issued, followed by USA, India, Italy and Spain. [09:15] #9: ISO 37001 – This one was a surprise, ISO 37001 is the Anti-Bribery Standard. Blackmores have implemented this Standard in the Construction and Facilities Management sectors, but it’s a shock to see it in the top 10 as it’s always been very niche here in the UK. This particular Standard is most popular in Peru, followed by Italy, Indonesia, Korea and Brazil. We were curious about why Peru were in the lead, and it seems that there may be a requirement for certain organisations to have this. Back in 2017, we knew there was a voluntary requirement, but perhaps this has changed in the last few years. If we have any listeners in Peru – we’d love to hear your feedback on this subject! [10:35] #10: ISO 22301 – The Business Continuity Standard. This Standard is most popular in the UK, and based on our experience, it’s commonly adopted by those in the professional services and IT managed services sectors to help provide resilience and continuity for their Stakeholders. Other countries where it’s popular include India, China, Greece and Korea. [11:20] The runners up – These Standards didn’t make it to the top 10, but they were very close: ·       ISO 55001 – Asset Management ·       ISO 20121 – Sustainable Event Management ·       ISO 44001 – Collaborative Business Management [12:10] Conclusions – It’s clear to see that sustainability based Standards are becoming very popular. We’re particularly pleased to see the 33% increase in demand for ISO 50001! If you’d like to request a specific topic, or be a guest on a future episode, get in contact and let us know. We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

Before we dive into the new year, we’d like to take a step back and reflect on 2023.  Last year was filled with a lot of topics and challenges, from tackling the transition to ISO 27001:2022, to finding credible ways to offset your carbon emissions within the UK. With a total of 33 episodes published last year, Mel looks back on the 5 most popular episodes of 2023, including some highlights from each episode. You’ll learn ·       What were the top 5 most popular podcast episodes of 2023? ·       A highlight from each of the top 5 episodes   Resources ·       The ISO Show   In this episode, we talk about: [00:45] Editor shoutout – A special shout out to the Blackmores Communication Manager, Steph Churchman, who helps organise, produce and publish the ISO Show podcast!   [01:20] Information Security was a favorite topic for 2023 – ISO 27001:2022 was definitely a hot topic in 2023, which is not a surprise seeing as anyone currently certified to ISO 27001:2013 will need to transition to the latest standard by October 2025. Many were making a start on this in 2023, or looking to plan it in for 2024. [02:10] #1: Episode 128 What’s new with ISO 27001:2022? – Orginially published as part of a series of podcasts explaining the new Standard. This episode focuses on a high-level overview of the major changes. Here are a few highlights from the snippet: ·       Steve Gives an overview of what’s new in ISO 27001:2022 – The updated version of ISO 27001 was released on the 26th Oct 2022. The new version included 24 changes and clarifications within the main clauses. ·       The controls for the new standard are now categorised into 4 groups: Organisation, People, Physical and Technology  ·       We covered some of the new controls in more detail in previous episodes: #109, #110, #111, #112, #113 and #114 ·       The 24 changes and clarifications to Clauses include older existing clauses which have been tidied up to be more transparent. We recommend reviewing to ensure that you are complying in a way that aligns with the Standard. ·       There are 11 new Controls. 56 controls from the 2013 version have been reduced to 24 with 58 remaining unchanged. So, in short, Annex A has been simplified with less duplication of controls.   [09:15] #2: Episode 130 What are the 11 new controls in ISO 27001:2022? – In this episode we brought Steve Mason back to discuss the 11 new controls in ISO 27001:2022, and delve into the context of why these were added. We also highlight some of the resources we’ve made available in the isologuhub, including mention of our ISO 27001 Transition Gameplan. Here are a few highlights from the snippet: ·       These new controls are nothing to worry about – they are simply aligning the Standard with more modern security considerations. You may already be complying with them! ·       Control A.5.7 Threat intelligence – ‘To provide awareness of the organization’s threat environment so that the appropriate mitigation actions can be taken.’ – This can come from many different sources, such as the NCSC or local police websites. There are also additional tools you can add to detect possible phishing attacks. This also includes consideration to external threats – Information Security is about much more than just protecting data! It also includes physical security. ·       Control A.5.23 Information security for use of cloud services – “To specify and manage information security for the use of cloud services.” – More and more businesses reply on cloud-based computing. It’s important to verify the security of your service provider to ensure it’s adequate. You can check to see if they have any valid Information Security related credentials such as CSA Star, Cyber Essentials, SOC. You could also adopt principles of ISO 27017 (certification for cloud security), ISO 27018 (Protection of PII in the public cloud) and ISO 27701 (PII security Standard). ·       Control A.5.30 ICT readiness for business continuity –‘ To ensure the availability of the organization’s information and other associated assets during disruption’ – There a few standards that could assist with this, including ISO 27031 (ICT readiness for Business Continuity). Those that have ISO 22301 may want to look at how ISO 27001 elements can be integrated and improved in any disaster recovery plans. ISO 27001 needs to be an integral part of any business continuity plans – not just a bolt on. Small business may not want to conduct a full business impact analysis, but should carry out a risk assessment around business continuity at the very least.   [21:20] #3: Episode 134 Credible Carbon offsetting with Treeconomy: We had some fantastic guests on the show last year, such as Harry Grocott – CEO of Treeconomy. We invited him on to talk about how we can demonstrate credible carbon offsetting through schemes here in the UK, and how you can avoid falling prey to greenwashing. Here are a few highlights from the snippet: ·       Can we quantify the value of nature? Short answer right now is no, but there is a lot of nuance. Nature offers ecosystem services i.e. farms offer a calorific benefit, we can put a price on the value that offers. The same principle applies to resources such as wood or oil. Now we are gaining the ability to quantify CO2 removal, which is undeniably valuable to humanity. ·       Other more recent services such as biodiversity projects are a bit harder to quantify – as they vary so much depending on the country. However, we are starting to assign value to these. ·       How can people be sure that they don’t fall prey to Greenwashing? There are 2 main issues to consider: 1) Are your carbon credits credible? 2) what claims are top management making? ·       Tackling claims made by leadership: ISO standards are starting to solve this issue. There are clear requirements and certifications that need to be in place to back those claims.  ·       Tackling carbon credits: The carbon offsetting market is heavily unregulated currently. Essentially it’s a lot of people trading in invisible gas. There are a number of carbon standards (Not quite at the same level as ISO Standards), such as the Woodland Carbon Code and the Peatland Code, and Internationally there are standards such as Verra VSC – unfortunately, a lot of these standards aren’t very robust and aren’t enforced. ·       Many companies will often look to buy the cheapest offsets available, which are likely to be non-credible and will provide no evidence of actual offsetting occurring. But, there are a lot of new companies emerging that provide tangible evidence of offsetting (such as Treeconomy  )   [33:50] #4: Episode 136 dotdigital’s sustainable transformation with ISO 14001 –  We’re always delighted to share stories about our clients’ ISO journeys. In this case we got the chance to talk to Steve Shaw, the Chief Product and Technology Officer at dotdigital, about their journey to achieve ISO 14001. Dotdigital have a habit of going above and beyond when it comes to implementing ISO Standards, and this time is no different as Steve explains some of the fantastic sustainability initiatives introduced as a result of gaining certification. Here are a few highlights from the snippet: ·       dotdigital was the worlds first carbon neutral marketing automation platform that was ISO 14001 certified. They also aim to be net zero by 2030! ·       They have a relatively small footprint as a primarily digital based company, only really having to consider the running of computers, air conditioning and standard office facilities. So it can be a challenge to reduce! ·       What led to the success of dotgreen? – dotdigital launched a group called dotgreen, which has since thrived into a community of likeminded individuals all working together to improve and reduce dotdigital’s impact. They were fortunate to have an Executive group sponsor who can take ideas and suggestions to other leadership for consideration. This grassroots group encourages suggestions from everyone – no idea is a bad idea. Over time, the group evolved and helped to develop a sustainability programme for the business.  ·       What was one of the initiatives implemented from dotgreen? – They identified that existing data centers used by the business weren’t always utilising renewable energy. So, over the course of 2 years, they worked with Microsoft to build on their Azure platform to enable dotdigital to make the switch. Azure runs on renewable energy sources, and any remaining emissions can be offset through carbon credits. ·       A green option for their customers – As a result of their cloud platform now being run through green partners, they can extend the environmental benefit to their customers.    [42:25] #5: Episode 135 Emerging SaaS Trends in Health and Safety – Health and Safety can be quite the task to keep on top of, a well known fact for anyone certified to ISO 45001. Thankfully, there are a number of Software as a Service options out there to make the lives of Health and Safety professionals much easier. New and emerging technologies are only going to develop more rapidly with the integration of AI and machine learning. We invited James Sharp, Chief Technical Officer at Riskex, onto the show to discuss the top 10 emerging SaaS trends, including how each can help streamline processes and gather and analyse large amounts of data. Here are a few highlights from the snippet: ·       Riskex have been certified to a number of ISO Standards, including ISO 18001 (Prior Health and Safety Standard, now certifying to the latest version, ISO 45001), ISO 27001 (Information Security) and ISO 9001 (Quality Management) ·       Software as a Service became very popular during Covid, as business became very fragmented and were looking for solutions that could be rolled out across multiple sites. Riskex also created their own track and trace system based on established software they were already offering – helping businesses manage Covid safely. ·       Trend #1 – Artificial Intelligence – Artificial learning is all around us and with vast volumes of data being collected by safety management platforms.   AI allows decision engines to predict and provide guidance based on key trends or established KPI’s. For example, if accident rates were to increase but at the same time risk levels have been reducing, it could soon highlight this trend and look at other surrounding data or previous trends to establish a pattern.  This will lead to a more pro-active approach to reporting and subsequent decision-making. ·       Trend #2 – API Connectivity – Providing an open API platform will allow businesses to integrate internal systems and external services to digest data. As more organisations adopt Cloud solutions, connectivity between platforms has become increasingly important. With a robust API offering, multiple business services can interact with ease and become part of the safety management space, without incurring significant cost or time. ·       Trend #3 – Low-Code Optimisation – Developing generic components within software to allow for quicker builds, implementations and tailoring requests. As stand-alone and generic component development increases, solutions can offer more flexibility and self-serve options to the end user to assist them with aligning platforms with their specific processes. ·       Trend #4 – Mobile Optimisation – More and more end-users are accessing health and safety software via their mobiles but for various reasons, are not always able to use native apps (installed on the device). Therefore, health and safety software platforms need to adapt use on multiple devices, without the loss of features. We can’t wait to dive into new topics this year! If you’d like to request a specific topic, or be a guest on a future episode, get in contact and let us know. We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

Trying to achieve Carbon Neutrality can feel like a monumental task, especially with so many separate elements that you have to complete. From quantifying your data, reducing where possible and offsetting the remainder, it can be hard to keep track of it all with taking a structured approach.  Which is where ISO 14068 comes in. This is the new Standard for Climate Change Management, and it’s specially designed to help businesses with the transition to Net Zero. In this weeks’ episode Mel explains 10 reasons why you should use ISO 14068 – the new Standard for Carbon Neutrality.    You’ll learn ·       What is ISO 14068? ·       Why should you adopt ISO 14068? ·       How can Carbonology Support you with ISO 14068?   Resources ●      Carbonology ●      Grab a copy of our Net Zero Planner ●      ISO 14068   In this episode, we talk about: [00:25] What is ISO 14068? – This is standard for Climate Change Management. If you’d like to find out more about the Standard, it’s purpose and how it can prevent green washing, go back and watch our previous episode. [00:55] Where to find more information – This podcast is based off BSI’s most recent Publication on ISO 14068: ‘Climate Change Management – Transition to Net Zero – Part 1: Carbon Neutrality (A BSI Executive Briefing). You can download this from a recent blog on BSI’s website. [01:05] Reason 1: A structured approach – Mel found out firsthand from a recent EMEX event that people are looking for a structured approach to carbon neutrality. ISO 14068 gives organisations a structured process for developing a detailed carbon neutrality management plan with short- and long-term targets. [02:10] Reason 2: Quality - In contrast to unsubstantiated claims of neutrality, claims under ISO 14068 have to be based on all GHGs, take a lifecycle approach and can only be made after the development of long-term planning, with real GHG reductions in place, and offsetting restricted to residual emissions using high quality carbon credits. [03:10] Reason 3: Credibility: Use of this internationally recognised standard can offer market benefits by increasing the credibility and verifiability of a product or organisational claim of carbon neutrality. This Standard has been developed by international technical committees and subject matter experts across the globe, which gives it a lot more credibility in the eyes of Stakeholders. They will have confidence that claims are transparent and reliable from those who adopt ISO 14068. [04:22] Reason 4: Global Recognition –  A quick reminder - Those who have been listening to the ISO Show for a while now may remember our previous podcasts on PAS 2060 – the previous Standard for Carbon Neutrality. Companies will now have 2 years to transition to ISO 14068. We’ll be doing a podcast on how to go about doing that in 2024! Circling back to Global Recognition, ISO 14068 provides a common set of criteria for measuring and reporting carbon neutrality. This ensures consistency across different organizations and industries, underpins easer comparisons for carbon neutrality efforts between entities, allows stakeholders to assess and benchmark efforts, and supports global recognition for claims of carbon neutrality. [05:30] Reason 5: Convenience – If you’ve already got other ISO’s in place, good news! ISO 14068 is designed to work with other quantification standards such as ISO 14064 or other equivalents. [05:55] Reason 6: Flexibility - ISO 14068 can be used by any sized organisation, in any country or sector. It can also be applied to whole organisations or individual products. [05:55] Reason 7: Responsibility - The standard encourages organisations to take responsibility for minimising their own carbon footprint before paying third parties to offset their emissions. We’ve seen in the past where people think just paying for carbon credits will work in the long-term – which just isn’t sustainable. You should be looking to reduce as much as possible before moving onto the Offsetting stage. [08:00] Reason 9: Risk Mitigation – Adopters of ISO 14068 will be in a strong position to manage current and emerging regulatory and market risks in relation to GHG emissions. It’s a competitive market place out there, with ESG requirements appearing more on tenders year on year. Many will now require you to prove your commitment to carbon neutrality, and it’s become clear that we need Standards to be able to provide that evidence. This is where ISO 14068 comes in, as you will have that proven methodology that you can then demonstrate to those stakeholders. [09:30] Reason 10: Competitiveness –  ISO 14068 demonstrates a commitment to climate action can also mitigate reputational risks and enhance brand value, market access and competitiveness [10:30] Further Information –  Our sister company, Carbonology, will be publishing more content around ISO 14068 in 2024. Check back on their website to find out more. We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

We’re inching closer to our 2030 and 2050 Net Zero targets, and if we keep going the way we are, we’re not going to hit either one.   This is unsurprising considering the lack of a unified approach to achieving Net Zero. There are a lot of options to tackle certain aspects of sustainability, but few outline an entire pathway to guide businesses towards a tangible goal.  However, that may be set to change with the release of ISO 14068-1:2023 – Climate Change Management! In this weeks’ episode Mel explains what BS ISO 14068 is, who can use the Standard, and how this Standard can combat green washing.   You’ll learn ·       What is ISO 14068? ·       Who is this Standard for? ·       Why was this Standard created? ·       How can ISO 14068 help businesses to tackle climate change ·       How can ISO 14068 help combat green washing   Resources ●      Carbonology ●      Grab a copy of our Net Zero Planner ●      ISO 14068   In this episode, we talk about: [00:25] Introduction and episode summary – ISO 14068 has just been published, superseding PAS 2060. In this episode, we’ll explore what this Standard is all about, how it can help you and help prevent green washing. Keep an eye out for our follow-up episode, which will give you more insight into the 10 reasons for adopting this Standard to achieve Net Zero in 2024. [01:40] A passion for Sustainability – If you’re new, you may not be aware that Mel is the CEO of both Blackmores and Carbonology. Carbonology was created as a sister company in 2023, and it’s sole purpose is to help businesses to be able to demonstrate with credibility and complete transparency - A legitimate route to achieving carbon neutrality. [03:00]  What is ISO 14068-1:2023? – This is standard for businesses transitioning to Net Carbon zero. The standard for specifies the requirements for achieving and demonstrating carbon neutrality through the quantification, reduction, removal and offsetting of greenhouse gas (GHG) emissions. [03:30] Who can use this Standard? BS ISO 14068-1:2023 can be used by any organization, in the private or public sectors, that wishes to make either the organization or a product climate neutral. Products may be consumer-facing or business to business, and include all types of goods and services, including events and financial services. [04:05] Why has this Standard been developed now?: To avoid the worst effects and keep the rise in global temperatures to no more than 1.5°C, the Intergovernmental Panel on Climate Change (IPCC) of eminent scientists has identified that we need to cut emissions of greenhouse gases by 40% in this decade and to global net zero by 2050. However, working towards a long-term target of net zero can be difficult without recognition of achievements along the pathway. That’s where carbon neutrality can help; organisations that have a clear plan and have started making real greenhouse gas (GHG) reductions can counterbalance their remaining carbon footprint using high quality carbon credits / offsets to achieve carbon neutrality. ISO 14068-1 is the new International Standard that sets out requirements for organisations wishing to achieve carbon neutrality, including for products, such as goods, services or events. ISO 14068-1 also provides a rigorous and robust framework for avoiding greenwashing, and builds on the 15 years’ experience of the previous Standard – PAS 2060. Organizations using the standard will benefit in two main ways: internally, through having a clear guide on best practice in reaching carbon neutrality; and externally, by demonstrating compliance with a rigorous standard on carbon neutrality. [06:40] How can the standard help businesses that are still scratching their heads about how to tackle climate change? -  The standard provides clear principles that entities need to consider when seeking carbon neutrality. These include establishing a hierarchy, so that GHG emission reductions are made first – and reductions are often the most cost-effective way of reducing a carbon footprint, avoiding the need for potentially costly carbon credits. The hierarchy is then used to determine a pathway to carbon neutrality, including short- and long-term targets for minimising the carbon footprint. The standard also explains how the pathway is used in developing a detailed carbon neutrality management plan, which provides clear guidance for those responsible for the implementation of carbon neutrality. [08:30] How can the standard combat green washing? In recent years, there have been many claims of carbon neutrality that are unsubstantiated or supported only by purchasing a few carbon credits, with a consequent risk of greenwashing. Following BS ISO 14068-1 means organiations will be able to demonstrate that their claim of carbon neutrality is underpinned by real action to reduce GHG emissions and includes a clear pathway to eliminate all possible GHG emissions, so it does not just fall back on purchasing carbon credits in the market. This significantly improves the credibility of a claim. [09:45] Keep an eye out for future episodes! We’ll be talking more about ISO 14068 in future episodes, including the benefits of adopting this Standard. We’ll also dedicate an episode to explaining the difference between Certification and Verification – so stay tunned! We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

The use of AI within business is starting to become more common place. With major applications like Microsoft Teams and Word integrating many new features designed to make our lives easier.  However, we still need to exercise caution with this new technology and consider what we can put in place to mitigate any potential security risks while developing or utilizing it. Which is precisely what today’s guest, Monolith, has done. Monolith provide a machine learning program that engineers can adopt to build highly accurate self-learning AI models that instantly predict the performance of systems in a wide variety of operating conditions. In this weeks’ episode Mel is joined by Æsc George, Senior Software Engineer at Monolith, to discuss why they have adopted ISO 27001, explain their implementation journey and the benefits of having an Information Security Management System.  You’ll learn ·       Who are Monolith AI? ·       What was their main driver behind obtaining ISO 27001? ·       What was the biggest Gap identified in the initial Gap Analysis? ·       What benefits did Monolith AI gain from implementing ISO 27001?   Resources ●      Monolith ●      ISO 27001 Transition Gameplan   In this episode, we talk about: [00:25] An introduction to Monolith and Æsc George – Monolith AI is all about empowering engineers to develop self-learning models from their engineering test data. With this they can develop machine learning models to really accelerate new product introductions and get these new products to market much more quickly, primarily by using these models to accelerate and streamline their testing. They are currently recommended for ISO 27001 certification, and are eagerly awaiting the arrival of their physical certificate. Æsc George is a Senior Software Engineer of this web browser based software. He is also the interim security officer, which is why he was tasked with obtaining ISO 27001. Fun fact about Æsc: He was a proud owner of a colony of 8 rats! He currently takes care of 4 cats, which have access to a plethora of enrichment in his home 😊 [03:35] What was the main driver for Monolith to obtain ISO 27001? – There were a few drivers, the most obvious being that they want to display their commitment and credibility when it comes to Information Security. Acquiring ISO 27001 makes it easier to show their clients and prospects that their engineering data is in safe hands. Monolith also know that there's a lot of buzz about artificial intelligence and machine learning at the moment, and that buzz covers both sides of the coin. What good it can do for the world and the harms it can do, so aligning with ISO 27001 shows that they’re trying to use AI in a responsible way. [05:10] The start-up is getting a head start! – Monolith AI is a start-up company, only a year in and already leading the way for AI development by ensuring security is a priority from the start. [05:40] How long did it take to implement ISO 27001? Nine months from the point of contacting Blackmores to assist to being recommended for certification. Æsc recounts his experience: “My perception is that the effort was quite front loaded, so the amount of effort involved in the process almost wound down towards the end - even with the external audit happening towards the end. I think once the information security management had been established and we'd worked it into our day-to-day, the perceived effort was lower. So I felt pretty confident going through our audit processes because I've experienced the system working already.” [08:15] What was the biggest gap identified at the Gap Analysis?: There wasn’t a formal approach to information security risk and risk treatment. There were already a number of existing systems and ad-hoc arrangements to mitigate information security risks – but they had been framed in terms of risk. They hadn’t gone through a process where risks were quantified and weighed against each other. So following the gap analysis, one of the many actions Monolith took was to make sure they were consistently and regularly assessing information security risk in various dimensions. They now have the right framework in place to allocate the appropriate time and resources towards information security, and to prioritise the biggest risks. [10:10] What difference has Implementing ISO 27001 made? -  It’s given Monolith more confidence in their understanding of Information Security risks, and assurance that there aren’t any massive, unidentified risks that may cause trouble later down the line. It’s also made it easier to discuss information security risk and policy decisions. Monolith AI are a remote first company, allowing their staff the freedom to experiment with new technologies, and be in an environment where they feel comfortable. Having formal risk treatment in place means they can maintain this highly flexible, highly innovative and productive way of working – but with their eyes wide open. [11:40] What has Æsc learned from the experience of Implementing ISO 27001? Æsc is not new to ISO Management Systems, having been involved with the maintenance and implementation of a few in the past. However, he has gained an appreciation for the nuance in ISO 27001. For example, the knowledge that the standard uses words like ‘should’ and ‘shall’ that have particular intentions – ‘shall’ being mandatory and ‘should’ being recommended. His previous experiences with Management systems had more available resource than at Monolith, so learning this nuance has been important in the prioritization of focus and resources in his current position. [13:30] What have been the main benefits from Implementing ISO 27001? Having a holistic and formal approach to Information Security and risk management compared to the ad-hoc approach they had prior. It’s brought the company together on a really important issue, and helped everyone to understand the role they play in Information Security. Personally, Æsc has enjoyed reaching out to people he may not ordinarily get the chance to work with, as a result of this unifying issue that everyone at Monolith cares about.  [17:00] Once Monolith formally receive their ISO 27001 certificate, what benefits will that bring? – Currently Monolith AI are recommended for Certification, and are simply waiting on the delivery of their physical certificate. Once received, they will be able to present it to prospects and clients if they are questioned on information security credentials – to show that they are serious about their commitment to security. It will also open doors to new prospects that may bother considering them as a supplier due to the lack of ISO 27001 certification. They are also a leading example in the relatively new industry of AI, those with ISO 27001 certification at this stage stand out from other competitors. [19:15] What tips does Æsc have for those starting out on their ISO jorney? –  Speaking from experience, Æsc recommends hiring a specialist in ISO to assist with your implementation. In his case, Blackmores helped to organise the process, drive a lot of the early gap analysis and gave him confidence in going through internal and external audits. Having someone with experience acting as a guiding hand makes the whole process go a lot more smoothly. This could be a consultant, or someone you train within your own business. These projects are the sort of thing that turn passion into action. Whether that’s information security or environmental management ect, it’s better to have someone experienced or trained in the nuances of the Standard to ensure it’s implemented in a way that truly benefits your business.  [21:20] Æsc’s book recommendation -  Nature's Calendar: The British Year in 72 Seasons by Kiera Chapman, Rowan Jaines, Lulah Ellender and Rebecca Warren. It’s Inspired by a traditional Japanese calendar which divides the year into segments of four to five days, this book guides you through a year of 72 seasons as they manifest in the British Isles. As Æsc describes: “Lots of the seasons will be very familiar to people who've lived in this country their whole life, but they may not have necessarily thought about the context of it. So I think is really grounding. Time and the way we measure it can seem so arbitrary and abstract sometimes, and measuring minutes and hours is responsible for so much stress and anxiety, so taking a breath, thinking about how nature moves at a different, slower, more deliberate pace, and finding the time to synchronise with that move with nature can be a really rewarding experience” [24:15] One of Æsc’s favorite quotes -  “I went to the woods because I wished to live deliberately, to front only the essential facts of life, and see if I could not learn what it had to teach, and not, when I came to die, discover that I had not lived” - Henry David Thoreau (from his book ‘Walden’) [26:10] Need help with your ISO 27001 transition? – We have an ISO 27001 Transition Gameplan available on the isologyhub. This Gameplan provides a step by step guide for you to transition to the latest 2022 Standard. If you’d like to learn more about Monolith AI, check out their website. We’d love to hear your views and comments about the ISO Show, here’s how: ●      Share the ISO Show on Twitter or Linkedin ●      Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List