iso14001

How an ISO 14001 certification saves money

Being environmentally conscious helps reduce your negative impact on the environment, but of course implementing the ISO 14001 Environment Management System standard is going to cost money. While it costs money, consider how much you will save over the long-term. It’s all about weighing up the benefits and your return on investment (ROI).

ISO 1400 benefits

ISO 14001 helps you to identify where your environmental costs may be — water, power, natural resources. Identifying your costs is crucial so you can reduce them.

The following are six benefits of ISO 14001 accreditation that give you a ROI.

  1. Environmental commitment improves credibility

Many contracts require ISO 14001 accreditation as some people may only want to work with businesses that demonstrate their commitment to the environment. Customers are also now commonly choosing to do business with environmentally friendly companies, so it improves your image and credibility. Investing in an environment management system sends a positive message to consumers who are becoming more discerning about where they spend their hard earned money.

2. Controls costs

It is a fact of life, every business wants to control its costs, so how does implementing ISO 14001 help with that? Use the system to identify, control and reduce environmental incidents which saves the company the cost of fines, cleaning up, paying out compensation, as well as your overall reputation. You can also use it to identify the costs of materials and resources required to create your products. Taking the reuse, reduce, recycle approach can help make tangible cost reductions as well as the tax the business pays.

3. Legal compliance

ISO 14001 provides a framework that puts processes in place to identify, monitor and comply with environmental legislation. While you may already comply with the law, ISO 14001 accreditation helps to maintain that compliance. It also tells people your business cares which will boost your credibility, and has the potential to reduce liability insurances. 

4. Implement changes successfully

A key element of ISO 14001 is collecting good data which helps you implement organisational changes successfully. Even if an initiative goes off track initially, collecting data alerts you to this faster so you can correct the problems and get back on track. Again, this will save your business time and money.

5. Engage employees to improve processes

Continual improvement is central to ISO 14001, so starting with small improvements means moving towards implementing enhancements progressively. In order to do this though, it is important to engage employees in the process. This gives them ownership of improving the company. It creates an inclusive culture that engages employees to work towards a common goal, which is a good ROI.

6. Reduces employee turnover

Engaged employees are far less likely to move on as they feel heard and important to the organisation’s operations. Employee turnover is a huge cost to a business. It costs far less to engage and retain your employees than it does to continually recruit and train new people.

When the environment is important to your business, contact us for more information about ISO 14001 certification. We can show you how to implement an environmental management system that gives you ROI, earn consumer trust while growing your business.

data-decurity

Cybersecurity is a Business Priority

The risk of a cybersecurity breach is high in this day and age. As a business you have a responsibility to protect customer data and to keep company information safe. No longer is ISO 27001 Information Security Management System (ISMS) just a nice thing to have,  it is essential if you take cybersecurity seriously.

Doing business online means you have to guarantee all customer information is secure and that includes credit card information you collect. A security breach can be disastrous to your organisation. One that can cost a lot of money to recover from, let alone the cost to your reputation. There are serious consequences if a hacker breaches your systems. The ISO 27001 certification shows the world you take cybersecurity seriously. The certification process provides a framework that identifies, manages, and controls risks to data and all organisational assets.

Implementing an ISMS simply makes good business sense. Other core activities include allocating security responsibilities to staff for continually managing and assessing the performance of information management through management reviews and internal audits.

Data Hackers Target Businesses

Business data is a target to hackers when it is of value to a third party. Different types of data are more valuable than others and pose different levels of risk to your business. Business data that is at risk includes the following:

  • IT security data such as user names and passwords, the network structure and encryption keys.
  • Financial information such as bank accounts, credit card numbers and expiry dates.
  • Intellectual property which can include marketing material, logos, proprietary software, manuals and other material developed by your business.
  • Personally identifiable information such as contact information and birth dates.

Stolen information has different values such as its use for identity theft and fraud. Intellectual property is valuable when sold to a competitor. IT security data allows a third party access into your computer systems.

Consequences of Data Breaches

Cybersecurity and ISO 27001 accreditation should be a top priority if you want to keep your data safe. It is vital to protect your organisation from the severe consequences of a data breach to not only your company but to your customers and suppliers.

Cybercrime is a big business expected to cost companies $10.5 trillion by 2025. Year by year, there is a higher risk of cyber attack. An Accenture study reported small businesses made up 43% of cyberattacks and as few as 14% were prepared for an attack,  not just big corporate companies are at risk.

Here are some examples of data breaches:

  • In 2019, a NAB worker faced the sack after uploading the data of 13,000 customers to a third party which cost NAB $687,878 in compensation.
  • Victorian hospitals and medical centres faced a cyberattack which caused the postponement of non-urgent surgical procedures.
  • Yahoo’s multiple data breaches between 2012 and 2016, which affected 500 million users, came to light as it was negotiating its sale to Verizon. The sale went ahead at a greatly reduced price and Yahoo paid out $117.5 million in compensation.

No matter the size of your organisation, cybersecurity must be a priority. Contact us for more information about an ISO 27001 certification. We can show you how to protect your information, earn consumer trust, and grow your business so it reaches its potential.

iso27001-computer

ISO 27001 versus ISO 27002

ISO 27001 is the international standard that gives you the framework for an information security management system (ISMSP). You can become ISO 27001 accredited, but there is no certification for ISO 27002. However, you cannot consider the two standards in isolation.

 

What is ISO 27001?

ISO 27001 is a set of guidelines that relate to the security of your organisation’s information. It sets out the requirements to implement ISMS so all your organisation’s information is protected from prying eyes and cyber security incidents. It contains the information you need to implement ISMS as part of your business. For ISO 27001 accreditation, you must:

  • Have an ISMS project team to initiate the project.
  • Complete a gap analysis of your organisation’s information security.
  • Define the scope of your ISMS.
  • Complete a risk assessment.
  • Develop information security policies.
  • Choose and apply security controls throughout the organisation.
  • Develop risk documentation.
  • Hold training to raise information security awareness among your staff.
  • Assess, review, and conduct an internal audit to ensure the controls are effective.
  • Complete an audit for certification.

 

What is ISO 27002?

ISO 27002 is an additional standard that contains more information about information security controls. Where ISO 27001, Annex A only provides little detail of each control, ISO 27002 goes into greater depth for each one. It explains how each control works, its objective and how to implement it.

 

Three main differences between ISO 27001 and ISO 27002

There are three main differences between the two ISO standards. These are:

  • Certification. You can become certified for ISO 27001 as it is a framework for compliance. It is not possible to become certified for ISO 27002 as it only focuses on one element of an ISMS.
  • Level of detail. ISO 27001 only contains an outline of each element for implementing an ISMS where ISO 27002 details security controls in depth. There are other standards within the ISO 27000 family that provide detail for each element of ISO 27001. For example, ISO 27003 provides guidelines for implementation and ISO 27004 covers monitoring, measurement, analysis, and evaluating the ISMS. If all this information were in ISO 27001, the standard would be too long and difficult to work with.
  • Relevance. The key to implementing an ISMS is that not all information security controls are relevant to your organisation.

 

How to begin protecting your information

When starting to plan your ISMS, start out with ISO 27001. Once you have identified your information security controls, refer to ISO 27002 for more insight on how to implement each one.

The whole ISO 27000 family works together, ISO 27001 sets up the framework and the others provide the detail for each ISMS element.

 

If information security is a priority for your organisation, contact us for more information about ISO 27001 certification. We can show you how to protect your information, earn consumer trust and grow your business so it reaches its full potential. 

iso9001-meeting

Difference between ISO 9001 and ISO 9000

Most people understand what ISO 9001 is. It is sought after as a quality standard that can set your business apart from your competitors when you receive accreditation. ISO 9000 is not so well understood as it is a family of standards that ISO 9001 belongs to, but it is also an additional standard on its own. 

 

What is the difference between ISO 9001 and ISO 9000?

ISO 9001 sets the standard for implementing a Quality Management System (QMS) when your business meets a specific set of standards. ISO 9000 is little talked about outside of being the family of standards ISO 9001 belongs to.

 

What is ISO 9000?

ISO 9000 is technically two different things:

  • The name for the entire set of quality standards.
  • It is also a separate standard that outlines the definitions used throughout the entire QMS.

The main purpose of the separate ISO 9000 standard is to outline the terminology the QMS uses. It is something you read to understand the language used across the ISO 9000 family so it remains consistent when implementing ISO 9001. It helps you understand the requirements of implementing and maintaining your QMS. You also cannot become ISO 9000 accredited.

 

What is ISO 9001?

ISO 9001 is a popular standard that many businesses around the world have accreditation for as it sets your business apart from others. To become accredited, you must comply with its guidelines to consistently produce quality controlled products and services. In other words, it is a set guideline for the action your organisation must take for QMS accreditation and to maintain it. Overall, it is highly beneficial to your company and customers.

 

Benefits of ISO 9001

While your business benefits from implementing ISO 9001, so will your management, employees, and customers in the following ways:

  1. Benefits to the business owner. The benefits to the business owner include:
    1. Increasing consumer trust which leads to more customers.
    2. More customers means an increase to your revenue and cash flow.
  2. Benefits to management. Benefits to the management of your organisation include:
    1. Making the workplace more organised.
    2. Giving employees a clear set of guidelines to meet which gives management more control.
    3. Employees understand how they must behave which makes it easier to correct poor employee behaviour.
  3. Benefits to employees. Benefits for your employees includes:
    1. Clear expectations and a more organised workplace. 
    2. Opportunities to correct nonconformances.
    3. Motivation to reach their full potential to earn rewards.
  4. Benefits to customers. The benefits to customers include:
    1. Better quality goods and services that are consistent.
    2. Knowing you listen to their feedback.
    3. Incentives to keep doing business with your organisation.

(Read more about the benefits here)

 

When quality is a priority for your organisation, contact us for more information about ISO 9001 certification. We can show you how to implement a quality management system, earn consumer trust and grow your business so it reaches its potential. 

iso-45001-myths

Top myths about ISO 45001

There are many myths surrounding ISO 45001 implementation. While putting in place an Occupational Health and Safety Management System (OHSMS) you may come across them. Do not let these myths put you off. In this article we cover the top five myths so you understand the difference between fact and fiction.

Myth 1 – It creates unnecessary documentation

This is complete fiction. Yes, you do need to document information for ISO 45001 but this is in relation to your processes and how they affect OH&S. As a business you will probably already have unwritten processes. And older businesses may have documents that slow it down.

The latest version of ISO 45001 has fewer documentation requirements. So you only need to documentation where it is necessary and relevant for the system. For example, for risk mitigation and employee training. How you do this depends on the type of business and its size. And using cloud technology can reduce your documentation further.

Myth 2 – Implementing ISO 45001 has no value

All too often people believe that an OHSMS is just a costly paper exercise with no real value. This is not true if you make the system work for your organisation. The whole point of an OHSMS is to prevent workplace accidents and illness. It will help you continually improve your processes which will help your organisation operate more efficiently.

Myth 3 – ISO 45001 is only for organisations with hazardous operations

ISO 45001 is not only for organisations with hazardous operations. While certification helps these organisations deal with workplace risks, any organisation can benefit from implementing an OHSMS. By embedding the system into your organisation it will improve OH&S performance. Complying with ISO 45001 means all organisations will have cost savings through reducing accidents and risks in the workplace.

Myth 4 – No need for ISO 45001 if legally compliant

All businesses should be legally compliant regardless of whether they have ISO 45001 certification or not. Being legally compliant is an important part of an OHSMS, but it is more than that. As part of implementation, the standard requires that you not only identify the legal requirements for your business, but also to determine how to remain compliant and measure your compliance on an ongoing basis.

Myth 5 – Implementing ISO 45001 is too hard

It may be challenging to implement ISO 45001 if you do not know what you are doing. But it does not have to be hard. Engage an ISO specialist to work with your organisation to achieve certification. A consultant will work with your key people to develop unique solutions specific to the organisation and your way of doing business.

Do not let myths stop you

Do not let myths stop you from implementing ISO 45001. For success, tailor the OHSMS processes to meet staff needs and your organisation’s philosophy. OH&S is important in every workplace.

Contact us for more information about ISO 45001 certification.

business-owners-checklist

Basic requirements needed for ISO 9001

It does not matter what systems you have in place when thinking about ISO 9001 certification. ISO 9001 has a standard set of guidelines for implementing, maintaining and improving a Quality Management System (QMS) for your organisation. These are applicable to any type of organisation of any size.

The requirements are broken down into sections called clauses. The first three clauses are not mandatory but the rest are except for clause 8 which may not be relevant to your organisation.

Clause 4 – Context of the organisation

Context of the organisation deals with the internal and external factors. These affect the objectives you set and how you meet them. External factors can include legal and financial and internal factors include the structure and governance of your organisation. Clause 4 also includes identifying the needs and expectations of stakeholders such as employees and suppliers.

 

Clause 5 – Leadership

Clause 5 focuses on the commitment of top management to implementing a QMS. The requirements include:

  • Developing and implementing a Quality Policy that gives clear direction.
  • Instilling a culture of customer focus throughout the organisation.
  • Determining the roles and responsibilities and authorities for the QMS.
  • How you will communicate objectives and policies across the organisation.

 

Clause 6 – Planning

For an effective QMS, risk-based thinking is essential. It includes the requirements for determining risks and opportunities, and quality objectives that align with the Quality Policy and how you plan you meet them.

 

Clause 7 – Support

Clause 7 is all about top management providing adequate resources to implement and maintain the QMS. These include:

  • Human resources.
  • Work environment such as lighting, dust and temperature control.
  • Infrastructure such as equipment, building facilities, software and hardware.

It also details the importance of communication, competence, awareness, and creating, maintaining and controlling documentation for the QMS.

 

Clause 8 – Operations

You can choose to exclude sections clause 8. For example, your company may not do design work, so you can exclude the design requirements. Clause 8 deals with planning products and services for customers. These include:

  • Determining and reviewing service and product requirements.
  • Testing and monitoring the quality of goods and services.
  • Creating procedures for controlling nonconformities.
  • Processes for generating and storing company records.

 

Clause 9 – Performance evaluation

In Clause 9 contains the requirements for evaluating the performance of the QMS. These include:

  • Assessing customer satisfaction.
  • Monitoring, analysing, and evaluating the performance of your processes.
  • Internal audits.
  • Inputs and outputs of management review meetings.
  • Retaining documentation as evidence.

 

Clause 10 – Continuous improvement

Clause 10 is all about corrective actions to continually improve your QMS to increase customer satisfaction. So you need to implement procedures and policies to investigate incidents, nonconformities and for corrective action. Continually improving quality in your business will benefit you over the long term.

Quality is an important part of all businesses. It can make or break a business. Contact us for more information. We can show you how to grow your business so it reaches its potential.

Office recycling bins

Why more businesses need to put the environment first

Environmental sustainability is the catchcry of the modern world. Consumers want to do business with organisations that demonstrate their care for the environment. But it extends further than consumers. For decades organisations have used natural resources and been generating waste with little thought to the long-term effects. Now is the time for organisations to rethink their management practices to ensure the wellbeing of world for future generations.

 

Environmental impact of businesses

More and more consumers demand that businesses reduce their impact on the environment. And for them to continue doing business ethically, they need to change the way they do business.

Businesses that provide products and services can have a negative impact on the environment by:

  • Consuming vast amounts of power every day.
  • Using raw materials to manufacture products that can cause emissions.
  • Short life cycles of products that end up in landfills.
  • Producing emissions through the transporting products.
  • Generating waste that ends up in the environment which end up affecting our wildlife.

 

Benefits of establishing environmental practices

Committing to establishing environmental practices means it can stabilise the supply of natural resources for the future. These are finite and once they are gone there is no coming back. And as competition for our resources increases, it puts environmental sustainability more at risk. So it is important than ever that businesses become more aware. It is not only the environment that benefits from environmental management systems, but your bottom line benefits as well.

There are now regulatory obligations for businesses to reduce their impact on the environment. ISO 14001 is a global standard that gives your business a framework to work within and ensures your business complies. 

 

Environmental and cost benefits

ISO 14001 certification reminds everyone in your organisation it is their responsibility to protect the environment. It also reduces the waste you produce and the consumption of resource. Certification helps to reduce the number of environmental incidents and helps you to work towards lowering power and resource consumption. All this results in lower operating costs while protecting the environment. 

 

Improves brand credibility

Even where it is not a requirement, implementing environmental management systems tells consumers you care. It improves your brand’s credibility by maintaining a good public image which has a positive impact on community relations. And this can increase your market share with those that care about the environment. 

 

Better legal compliance

ISO 14001 certification gives you the framework to identify, monitor and comply with the legal requirements applicable to producing and delivering your goods and services. While you may already follow the legal requirements, an environmental management system helps maintain compliance and to continually improve. 

 

If environmental ethics is important to your organisation, contact us for more information about ISO 14001 certification. We can show you how to implement sustainable environmental practices to grow your business so it reaches its potential. 

Lots of old standards

The complete history of ISO 9001

ISO 9001 is an international standard that defines the requirements for implementing a quality management system in organisations. It is dynamic and adaptable which makes it suitable for all industries and businesses of any size. And it is the only standard in the ISO 9000 series your organisation can achieve certification for. 

 

ISO 9001 timeline

The ISO 9001 standard has a long history dating back to the 1950s when the US and UK government departments established standards for procuring military supplies. Organisations supplying the military had to comply with quality assurance requirements in their contracts. This led to publishing British Standard 5750 in 1979 which was the first specific quality management system for organisations. 

 

Since its first publication, ISO 9001 has gone through a series of updates to ensure it meets the changing requirements of businesses across the world.

 

The following is the timeline of ISO 9001 since its inception:

  1. 1980. In 1980, the Technical Committee 176 was formed.
  2. 1987. In 1987, ISO 9001 was first published in 1987. 
  3. 1994. In 1994, ISO 9001 went through its first minor update. This included clarifications and changes to improve the design and development clause.
  4. 2000. In 2000, ISO 9001 had its first major revision.
  5. 2008. In 2008, was the second minor revision to clarify the issues raised by the major revision in 2000.
  6. 2015. In 2015, ISO 9001 went through its second major revision. And it remains the current version organisations have to meet for certification.

 

ISO 9001 certification benefits

By achieving ISO 9001:2015 certification, your organisation demonstrates it:

  • Understands, accepts and follows the ISO 9001 guidelines.
  • Works to fulfil the organisation’s own requirements.
  • Maintains the documentation required for a quality management system.
  • Meets customer, regulatory and statutory requirements.

Receiving ISO 9001 certification can improve your organisation’s reputation. It demonstrates to your customers that the services and products you provide meet their expectations. 

 

While ISO 9001 is suitable for all industries, it has particular benefit for the following industries:

  • Construction. By adhering to ISO 9001, construction companies can achieve a reduction in waste, better efficiencies and a safer workplace.
  • Manufacturing. With manufacturing becoming more automated, implementing quality management systems assists in communicating value to local and international markets. 
  • Engineering. Quality assurance is vital for engineering companies. Adhering to ISO 9001 demonstrates the ability to identify nonconformities and potential hazards, and plan to mitigate the risks.
  • Community service organisations. By putting quality management systems in place, community service organisations can better handle feedback and demonstrate an increase in successful projects.
  • Technology service organisations. ISO 9001 helps technology service organisations streamline their complex internal processes for more effective outputs. 
  • Healthcare industry. Implementing quality management systems in health care facilities provides a powerful assessment tool. This will create more efficient and effective operations that benefit the community.

 

So if quality is important to your business, contact us for more information about ISO 9001 certification. We can show you how to implement a quality management system to earn consumer trust and grow your business so it reaches its potential. 

Worker uses forklift

What businesses need health and safety certifications?

Health and safety is the business of every employee and organisation. Under the New Zealand Health and Safety at Work Act 2015, employers must provide a safe work environment for all workers and contractors. So it is advantageous for businesses to have health and safety certification. This demonstrates your commitment to the health and safety of employees and respect for the market. 

ISO 45001 is an international standard. It provides a framework designed for use by all organisations no matter their size. Its purpose is to give you guidelines for the design and application of best practices to prevent accidents, injuries and ill health.  

 

Who needs health and safety certification?

It is not a legal requirement to have and health and safety certification but it contributes positively to brand recognition and business reputation. People want to work with and support businesses that take health and safety seriously.

Traditionally high risk industries such as building trades and road transport industries put health and safety certification in place to curb accidents in the workplace. For example, the building industry experienced 11 workplace deaths in 2019 and 5229 injuries that resulted in a week or more a way from work. This improved in 2020 with a fall in fatalities to four and 1710 (to May 2020) injuries. And of course road transport drivers push hard to reach destinations to deliver on time while facing the many challenges of being on the road. 

But today, new industries are seeing the benefits of health and safety certification — manufacturing, for example. While safety in the manufacturing industry is not a new concept, they have working from ad hoc guidelines gathered over the years. ISO 45001 provides guidelines for a complete health and safety framework for an organisation.

Implementing ISO 45001 allows all industries to look at continual improvement, risk evaluation and opportunities. It supports businesses taking a more proactive and preventive approach instead of just reacting if an incident occurs. Using ISO 45001 helps you to identify opportunities to manage risks and improve safety even when there is no hazard or risk currently identified. 

 

ISO 45001 is flexible and suitable for managing occupational health and safety for a wide range of organisations, including: 

  • Small to medium sized businesses.
  • Non-government organisations and charities.
  • Not-for-profit and public organisations.
  • Large businesses.

 

Benefits of ISO 45001 certification

Implementing an ISO 45001 framework helps drive business excellence while protecting your people. ISO 45001 can deliver the following benefits:

  • Organisational resilience through innovation, continual improvement and being proactive in preventing risks.
  • Growth of consumer and industry trust in your brand because you demonstrate a commitment to health and safety. 
  • Strengthens your compliance to government regulations and legislation while preventing losses to the business.

 

What it comes down to is that every business who hires employees and contractors can benefit from implementing ISO 45001. Health and safety is everyone’s business, Contact us for more information about ISO 45001 certification. We can show you how to manage and continually improve health and safety so your business thrives. 

Security lock on digital devices

Avoiding data breaches with ISO 27001

Cybersecurity is a big concern for all businesses. Data breaches cost big money and loses companies the trust of consumers. People want to do business with those who prioritise protecting their information. How do you protect business data against cyber breaches?

 

 

Cyber criminals targeting small business

The 4iQ Identity Breach Report 2019 found cyber criminals now focused on small businesses with a 424% increase in data breaches since 2017. So having ISO 27001 NZ certification tells the world you take information security seriously. And can be a deterrent.

When you implement ISO 27001, you understand how and what information your organisation collects, stores and uses and your responsibilities. It also means your business has a culture of security where all members of staff take responsibility for information security. ISO 27001 gives you opportunities for continual improvement. By measuring and analysing changes, you can identify risks and opportunities to improve information security across the business.

 

 

Cybersecurity best practices

Cyber criminals are turning their sights to small and medium businesses, probably because they consider them an easier target. So it is important to make sure you have comprehensive cybersecurity policies for staff to follow. And you need everyone to take these policies seriously for them to be adequate. You can have the best software on the market and cybersecurity policies but if no one uses or follows them, they are likely to fail.

 

To protect the organisation from hackers, some cybersecurity best practices include:

  1. Use strong password protection. Use strong passwords that are at least 10 characters long with a mix of lowercase and capital letters, symbols and numbers. Changed them regularly. Also consider using multi-factor authentication for signing into company systems. 
  2. Do not open links, emails or pop-ups from unknown sources. Phishers prey on employees tempting them into opening links, emails or pop-ups that have malicious software embedded. Once someone clicks on it, it can give the hacker access to the organisation’s computer systems. Implement software that blocks suspicious emails and sends them to a quarantine file where you can check their authenticity.
  3. Software updates. Update software, especially security software, when updates become available. Anti-virus software and malware have frequent updates to respond to the latest threats. 
  4. Backing up data. This is so simple but something too many small and medium business do not do. Back up your data. Have a policy that ensures all data is backed up weekly or daily and store a copy offsite. This makes it simple to restore your computer systems and information if there is a data breach.

 

ISO 27001 helps prevent data breaches

ISO 27001 gives you the information security framework to help prevent data breaches. But you cybersecurity strategies must remain agile in response to a changing environment.

 

 

Accreditation helps to:

  • Put clear training policies and practices in place for employees.
  • Identify gaps in security systems to implement solutions.
  • Give a competitive advantage in the industry.
  • Build trust in the organisation.
  • Demonstrate compliance to government legislation and regulations.
  • Win new clients and customers. 
  • Decrease the risk of a cyber-attack.

 

So if information security is a priority, contact us for more information about ISO 27001 certification. We can show you how to protect your information, earn consumer trust and grow your business so it reaches its potential.