RKMS Group Logo
Facebook-f Twitter Google Linkedin-in Youtube
RKMS Group Logo

Blog

What is ISO 27001?

by

What is ISO 27001?

What is ISO 27001?

ISO or IEC 27001 is a well-known and widely used Information Security Management System (ISMS). Companies using them can rest assured that all of their business-critical information is kept secure, free from misuse or poaching if they adhere to the standards of the various products in the ISO 27001 family.

Origins/History of ISO 27001

ISO or IEC 27001 was first developed by the International Organisation for Standardisation (ISO), in collaboration with the International Electrotechnical Commission (IEC), in 2005. The standards were subsequently updated in 2013 and again in 2022.

The current version of the ISMS is ISO 27001:2022. The standard adopts a process through which a user can establish, implement, operate, maintain, monitor and consistently improve it’s information security management system.

Who is ISO 27001 Meant for?

The ISO 27001:2022 standard is currently the internationally recognised “best practices” framework for ISMS. The standard complies with the General Data Protection Regulations (GDPR) and the standards set under the US Data Protection Act of 2018.

ISO/IEC 27001 can be used by any organisation that produces and needs to manage information assets, especially when they share data or information with outside bodies.

For example, government bodies, nor for profit organisations and commercial enterprises can all use ISO 27001 standards for creating, using and maintaining their Information Security Management Systems.

Any organisation that needs to protect its key data, including but not limited to intellectual property, financial data, employee details or information that it handles on the basis of third parties can benefit from following the ISO 27001 standard.

In terms of industry, sectors that handle confidential client information, especially large volumes of it, are particularly prone to threats from breaches. From this viewpoint, two types of organisations can use ISO 27001 to great advantage:

  • Companies that regularly handle confidential information and need to protect it on behalf of their clients, users and partners – such as banks and other financial institutions, healthcare organisations, Information Technology vendors and public sector enterprises.
  • Other organisations make a living out of archiving and working with other companies’ data, so ISO 27001 is also critical for their business success. Examples would include IT outsourcing organisations or data centres.

Basis of Evaluation

ISO 27001:2022 is evaluated on a CIA (Confidentiality, Integrity and Availability) basis. This presents a three hundred and sixty degrees view on ISMS, beyond just preserving and protecting confidential information.

Integration involves measures that prevent data from being wrongfully manipulated, while Availability refers to creating a system that will ensure that your data is never rendered inaccessible.

Why Would You Need It?

While there are more than a dozen standards in the ISO 27000 family, the ISO/IEC 27001 stands out from an ISMS standpoint. Companies have confidential data that could either be critical to their own business, or that falls under confidentiality agreements that they have executed with third party partners.

In the modern day and age, cybersecurity is key to continuity and success. The ISO 27001 standards ensure peace of mind in that regard.

ISO 27001:2022 certification is not only about the technical measures that get put into place to prevent cybercrimes or inadvertent data leaks. The system is designed in such a way that management processes and key business controls are set up in a customised fashion – so that each company can protect itself from identified threats in a manner commensurate with the risk assessment while minimising business interruptions.

Benefits of ISO 27001

As mentioned above, protecting your company’s mission critical data is critical for both short and long term business success. It also ensures that other organisations will be willing to collaborate with you, since they know you will be able to preserve and protect their confidential data. Getting certified in ISO 27001 will lead to these general rewards as well as many specific benefits, including but not limited to:

  • Keeping critical and confidential information fully secure.
  • Creating a framework for critical exchange of information with outside organisations.
  • Helping the company comply with essential regulations such as Sarbanes-Oxley.
  • Ability to easily comply with ISO audits with regard to ISMS.
  • Ability to incorporate Six Sigma style efforts in the field of ISMS.
  • Assisting in the minimisation and management or risk exposure.
  • Producing an aura of security in the marketplace, thus providing confidence to key stakeholders and customers about how you protect confidential information, as well as your approach to risk management in general.
  • Elevate your business standing through a consistent delivery of your product or service, which then enhances customer satisfaction, helps build a reputation and aids customer retention.

Overall, companies that use ISO 27001 standards have a demonstrable culture of security. Not only is every critical piece of data protected, but a crucial message is shared with every director, shareholder and key stakeholder – you are serious about protecting the company and its assets.

How Can Companies Get Certified?

In every jurisdiction, there are accredited agents that can take companies through the process whereby they get ISO 27001:2022 certified. While it’s possible to get certified through other means, the impact and branding is not the same.

For example, in the UK, the ISO 27001:2022 certification is most valuable when the certification has been obtained via a United Kingdom Accreditation Service (UKAS) accredited certification organisation that can conduct an independent audit on the path to setting up their systems and obtaining the certificates. Checkout our blog on UKAS vs Non-UKAS Certification to learn more.

Similar organisations exist elsewhere in the world.

The Final Word

To get certified in ISO 27001:2022 is often a gold standard for a corporation which handles critical and confidential data, both its own and on behalf of partners, clients and key stakeholders. In the modern age, with hackers everywhere and social media and connectivity being enablers of mischief if confidential data goes awry, it is almost inconceivable for a successful company to not get certified.

Once the ISMS standards are set, the company and it’s key stakeholders can all enjoy peace in terms of knowing that they will not be subject to a random act of data piracy – either due to a mistake or deliberate actions by a competitor or a hacker.

Do you want us to take care of your ISO 27001 journey?

At RKMS we have over 25 years worth of experience in assisting companies achieve ISO 27001 with a 100% success rate. All our consultants are IRCA lead auditors so we know exactly what the auditors want to see.

Learn More

Share

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

Get in Touch

Related Resources

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

Get in Touch
John Keen
Apart from work John enjoys sports (football, karate & walking) as well as travel & spending time with friends & grandchildren.
About Me

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

Get in Touch

The Difference Between UKAS and Non-UKAS Certification

by

The Difference Between UKAS and Non-UKAS Certification

Difference between UKAS and Non-UKAS Certification

We have recently seen an increase in organisations claiming they have achieved “certification” to various International or ISO Standards such as ISO 9001 Quality, ISO 14001 Environmental, ISO 27001 Information Security or ISO 45001 Occupational Health & Safety amongst others. At RKMS we regularly receive calls from companies that have genuinely thought they had achieved a certification but to find their new certification has been rejected by a client during the tendering process. We know how devastating and costly this can be for businesses and as such are releasing this information in an attempt to try and protect UK businesses.

Difference Between UKAS and Non-UKAS Certification

While the low cost of obtaining non-UKAS ISO certification may seem tempting to some businesses, it isn’t long after that many discover the certification is effectively useless. The difference between UKAS and non-UKAS certification often results in the latter having a lack of recognition outside of certain situations. The low cost of non-UKAS certification can very quickly translate to lost revenue for a business.

It is important that those seeking to obtain ISO certification understand the key differences between UKAS and non-UKAS certification. it is also important to understand how these differences can have an impact on your bottom line. 

What is also becoming more prevalent is longer contractual tie in periods, a UKAS accredited Certification Body HAS to allow you to move to another CB providing you have paid your subscriptions to date, many non UKAS organisations are charging a higher day rate for assessment and putting 10 year contracts in place meaning your “certification” may not only be worthless but could cost far more than a bone fide certification!

Accreditation Bodies

The UK Accreditation Service, or UKAS for short, is the only accreditation body officially recognised by the British Government. Operating under the Department for Business, Energy, and Industrial Strategy, UKAS is responsible for ensuring that any organisation offering ISO certification in their name conforms to strict standards. Any organisation that offers UKAS certification must have its processes regularly vetted to ensure that they meet ISO requirements.

There is no accrediting body for non-UKAS certification. Many of the businesses offering non-UKAS certification design their own certification processes, and the lack of oversight quite often results in them being slow to change their processes when ISO standards change. This is because there is often very little incentive for them to do so. The lack of accrediting body can also mean that many of these businesses are not really checking to see whether a company meets ISO standards, and thus the certification will hold no value.

Guidance from https://www.gov.uk/guidance/conformity-assessment-and-accreditation

BEIS is aware that UK certification bodies and representative associations are concerned at the increase in the number of organisations offering certification when they are not accredited to do so.

BEIS has advised certification representative organisations in the UK that:

  • the only ‘authoritative statement’ of competence, that has public authority status – providing the last level of control in the conformity assessment chain – is from the UK’s sole national accreditation body, UKAS
  • any organisation that suggests it is accredited in the sense of the Regulation on accreditation and market surveillance (765/2008) as it has effect in Great Britain or Regulation (EC) 765/2008 in Northern Ireland when they are not, may be guilty of an offence under the Busines Protection from Misleading Marketing Regulations 2008 (Statutory Instrument 2008/1276)
  • certification bodies or representative organisations should refer these cases to trading standards or UKAS in the first instance

Differences in the Certification Process

Any organisation that offers certification in the name of UKAS must have its processes regularly vetted. Obtaining initial UKAS accreditation is a lengthy and arduous process. Keeping hold of UKAS accreditation is even tougher. This is because UKAS wants to ensure that any assessment bodies that operate in their name are competent enough to assess businesses to ensure that they meet ISO standards.

Any UKAS accredited organisation must employ competent assessors and have technical experts ‘on hand’. This is to help ensure that any certification provided by these bodies means something. It guarantees that an industry professional has determined that a company does, indeed, meet ISO standards.

Non-UKAS certification providers will come up with their own certification processes. They are under absolutely no obligation to ensure that they are genuinely assessing businesses to ISO standards. In fact, many are not.

Constant changes in ISO standards can make it tough for non-UKAS certification providers to adapt their processes quickly. In many cases, there is no financial incentive to do so. Therefore, many of these certification providers may be offering ISO certification to old standards. This means the certificate is worthless.

Non-UKAS certification providers do not have any obligation to employ competent assessors or technical experts. In fact, many do not. Their certification process may often be nothing more than a few checkboxes. This is how these certification providers are able to offer their services so cheaply and quickly. There have been several cases where these organisations have been successfully prosecuted by Trading Standards.

Impartiality

A key provision for obtaining UKAS accreditation is impartiality. Any accredited ISO 9001 consulting organisation must adhere to strict guidelines on the advice that they are able to offer to their clients. UKAS prohibits any assessment organisation from receiving accreditation if they also offer consultancy services. As a result, any accredited body is solely an assessor. While they may be able to provide transparent advice for companies wishing to meet ISO standards, these organisations are not permitted to offer any paid advice outside of the assessment services that they offer.

Non-UKAS certification providers do not have to meet the same standards. In fact, offering consultation is often a key part of their business model. This can create a conflict of interest where the certification provider is unwilling to offer their certification unless the business they are working with is willing to pay for their expensive consultation services. While the initial cost of obtaining the certification may be cheap, the long-term costs may end up becoming rather extravagant.

Recognition of the Certification

Many businesses obtain certification because their industry requires it. Demonstrating that a business conforms to ISO standards may often form a key part of the tendering or sales process. We often come across organisations that inadvertently engaged with a non UKAS body and have been rejected from the tendering process.

If businesses hold a non-UKAS certification instead, they will often find themselves struggling to make sales. Quite often, these businesses may be excluded from any tendering process. When they contact potential clients directly, they may struggle to receive a response. This is because businesses that work with non-UKAS certification holders are taking a huge risk. If the businesses that they work with do not meet ISO standards, then it could mean huge financial penalties and a massive reputation hit if something goes wrong. 

It should also be noted that many businesses that seek non-UKAS certification do so in order to save money. Other companies recognise this. They often feel that businesses cutting costs in such an important area are likely to be going through strict cost-cutting elsewhere too. This means that they may not be receiving the best service possible. 

Any business holding non-UKAS certification that is able to make headway in the sales or tendering process may be required to demonstrate that their business meets ISO standards in other ways. This, quite often, means a costly process. In fact, this process can quite often cost more than applying for UKAS certification in the first place.

UKAS Certification Can Increase Business Profitability

While the lower upfront costs of applying for non-UKAS certification may be tempting, in the long run, it could end up costing businesses a significant amount of money.

In the long run, businesses that obtain UKAS certification are more profitable, and they grow far quicker. This is because they have demonstrated a commitment to ensuring that their business operations meet international standards. Clients enjoy this and, in many cases, will pay more for services that have been backed by UKAS.

If you are looking to obtain certification that your business meets ISO standards, make the right decision. Only work with UKAS-accredited certificate providers. It will only benefit your company in the long term. It is one of the best investments you can make in your business.

See more out about ISO certification costs here.

Share

Book a Free Consultation

Get free advice and guidance tailored to your exact business needs

Book Your Free Consultation

Related Resources

Book a Free Consultation Consultation Consultation Consultation

Get free advice and guidance tailored to your business needs

Book Your Free Consultation

What are External Audits?

by

What are External Audits?

What are External Audits

What to Expect from External Audits and ISO Certification

Audits are an important part of a company’s application for ISO certification. These tests and inspections can verify if the processes and systems comply with standards and follow best practices. They can identify areas that need improvement or provide proof that the company has met the ISO requirements.  

ISO certification requires both internal audits and external audits. In this article, we’ll look at the latter—including the types of audits you will need, what the auditor will look for, the steps and time involved, and tips on preparing for them.

The External Audit Process

External audits will examine your business from different perspectives and points of view and are conducted in stages.  

An external audit is done by a third-party auditor who is licensed by the Certification Body. Usually, the auditors are selected based on their experience, qualifications, as well as their understanding of your specific industry.

During the three-year cycle of ISO certification, you can expect least one day initial audit of all your processes, and another one audit during the surveillance cycle to check whether the recommendations have been effective.  

Types of External Audits

Customer Audit

The first step is the Customer Audit, where a potential or existing customer reviews your processes from the lens of whether you are able to meet their needs, expectations and requirements. For some businesses, this can be replaced or augmented by a supplier audit. The schedule of auditing varies from customer to customer.

Certification Audit

This is a critical step in the ISO process. Your registrar will do a thorough check of your business processes and practices to check if they conform to the ISO standard. You can expect to have this done every three years.

Stage 1 is a preliminary audit that determines your company’s level of readiness for ISO. This allows you to spot areas where you need to improve, or understand the documents and reports that you need to provide. This is sometimes done remotely.

Stage 2 is a more thorough, on-site inspection where the auditor will review procedures, interview your employees, and check if you meet the criteria for an official ISO certificate.

Surveillance Audits

Even after your company gets ISO certification, your registrar will do annual surveillance audits. Much like a car tune-up or the annual doctor check-up, this external audit determines if you are still meeting the ISO requirements or if there are areas that need to be improved or revised. Should you have received any non-conformities or areas for improvement on your stage 2 audit. The Surveillance Audit will be focused on what you have done to correct the issues.

You will not be given a new certificate, but this is required so you can keep your ISO certification.

Methods and Processes

Audits can be performed in different ways, depending on your company’s needs and what is being checked. This can include remote audits which include teleconferences or online consultations, on-site audits, and self-audits.  

The self-audits can help you prepare for the official external audits. You can select employees to join the audit team, but they shouldn’t audit their department or area of responsibilities. You can also hire professional auditors who can train or guide this team, or completely outsource the internal audit to them.

While the external audit is clearly the most critical part of getting ISO certification, an internal audit is what helps you meet the criteria. Conduct one at least three months before you do a certification audit, and make sure that you document the process.

The internal audit will help you find out your “non-conformities” or where you do not meet criteria and create an action plan. These records will actually be reviewed during the external audit and can make or break your company’s ability to proceed to the next step.

For that reason, it’s worth utilising professional auditors from respected ISO 9001 consultants even during the internal audit stage in order to lay the proper groundwork for the rest of the process.

How to Prepare for an External Audit

  • Use the PDCA model. PDCA stands for “Plan Do Check and Act”. It is one of the best approaches for business improvement, and can help give you a systematic, verifiable way of meeting the ISO criteria.  Plan includes identifying your competencies and gaps, and then create a strategy. Do includes your action plan, including your activities and the timelines. Check refers to monitoring and evaluating your progress, and Act means creating your next steps based on the results.
  • Create process documents and checklists for all business activities. Your auditor will check if employees follow best practices as they go about their work. In order to train your employees, and provide your auditor with a guide, create a process document. This prevents inconsistencies, and expedites the auditing process.
  •  Check employee intent and effectiveness. Ask employees to describe their work, and then review if they are able to do it – and do it effectively.  While ISO often looks at the big picture, this step enables you to see beyond compliance and actually understand if your company processes enable productivity and high performance.

These are just some of the things you can expect during an external audit, and what you can do to prepare for it. Your auditor can help answer your questions, or provide more specific plans and checklists.  

Share

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

Get in Touch

Related Resources

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

Get in Touch
John Keen
Apart from work John enjoys sports (football, karate & walking) as well as travel & spending time with friends & grandchildren.
About Me

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

Get in Touch

Maintaining your ISO Certification

by

Maintaining your ISO Certification

Maintaining ISO Certification

Earning and maintaining the right ISO certification (like ISO 9001 or ISO 27001, for example) is critically important for businesses that want to compete in the 21st century.

An international standard that can either open doors to opportunities that would not have existed otherwise or cause great businesses to lose a lot of sales and credibility in their industry, it is not just enough to earn the ISO certification – it’s important to maintain that certification moving forward, too.

Below we highlight important details that will better illuminate the ISO certification process as well as the ongoing maintenance routine that businesses will need to adhere to.

Let’s get right into it.

Choosing the Right Standard

While ISO 9001 is often the most popular of the ISO standards to move forward with, there are other options to consider as well.

Let’s run through them quickly:

  • ISO 9001 – This standard focuses on management and organisational processes, improving efficiency across the board
  • ISO 14001 – This standard deals mostly with environmental management standards
  • ISO 27001 – This standard focuses exclusively on cybersecurity, letting the international business community better understand how seriously your operation takes data protection and digital privacy rights
  • ISO 45001 – This is the standard that pertains most to health and safety standards

All of the standards have ongoing certification procedures that go beyond the initial certification process. We talk more about that in just a moment.

Choosing the Right Certification Organisation

Choosing the right ISO standard is (obviously) important, but so is choosing the right certification organisation.

For starters, you’ll want to choose an organisation that has United Kingdom Accreditation Service (UKAS) accreditations. This accreditation is the only accreditation recognised by the government for not only providing the initial certification but also testing and handling ongoing certifications, too.

From there, you’ll want to look into the reputation of the certifying body as well.

Have a look at the reviews that organisation has, dig deeper into the testing protocols that they take advantage of, and see if they provide any extra value on top of the certification and ongoing certification procedures they offer.

Above all else, make sure that they are a legitimate organisation. The last thing you want to worry about is pursuing ISO certification and ongoing certification only to find out that opportunities start to disappear because the accrediting body was in some way illegitimate or not UKAS approved provider.

How Long Does Certification Take?

Each ISO certification process is going to unfold in a unique pattern, dependent entirely upon the size of that organisation as well as the structure of that company, too.

To streamline things significantly, it’s important to designate a specific representative of your business that will move through the ISO certification process and handle ongoing certification, too.

You do not necessarily have to hire a “Quality Manager” or “Compliance Manager” with these kinds of responsibilities exclusively in their purview, but you are going to want to make sure that a management or executive level employee is spearheading the initial and ongoing certification process.

As a general rule of thumb, it’s not a bad idea to expect that the entire ISO initial certification process to take anywhere between four months and seven months to be completed. It may take a little bit longer than that to be awarded this certificate from an accredited agency, but it will very rarely take less than three months.

The Ongoing Certification Process

Ongoing certification, however, is a “permanent” process that will involve (at the very least) one surveillance audit each and every year.

The surveillance audits are designed to ensure that ISO certified organisations are continuing to take advantage of these principles, continuing to leverage your management systems, and are still embracing and embodying all that the ISO certification embodies.

On top of the on-site surveillance audits that will happen at least once per year a written report may be required as well.

Every three years businesses are required to undergo a complete recertification audit from top to bottom.

This kind of recertification audit involves a deeper look at the entire business structure, the strengths and weaknesses of that particular business, and the creation of a plan to better optimise things going forward.

Third-year audits are significantly more extensive and a lot more time intensive than traditional on-site annual audits. Unsurprisingly, these in-depth audits are usually more expensive as well.

Businesses should also know that while an ISO 9001 consultancy (especially one  that is accredited through the UKAS) is entitled and empowered to provide insight and information into their findings, they aren’t allowed to cross the line between objectivity and impartiality.

Most of these agencies will try and provide informational resources about how there ISO ongoing certification clients can best move forward, often times pointing them towards best practices and shining a light on what can be improved without abandoning their core principles.

At the end of the day, it’s important to remember that the ongoing certification process is intended not just to confirm that businesses are still abiding by ISO principles but that they are continuing to find new ways to fold ISO principles into a business that grows and evolves over time.

Clear goals, open lines of communication across all levels of management and staffing, and regular trainings regarding ISO certification and best practices will go a long way towards making sure that ongoing certification is relatively simple, straightforward, and almost effortless.

It is never a bad idea conduct internal audits quarterly to prepare for the annual surveillance audit, either.

This will ensure compliance, help to find inefficiencies wherever they might exist, and to guarantee that there are not any surprises that pop up when the auditors are actually brought in to do their official certification.

Annual audits can also be a great time to address any of the major or minor nonconformities and observations that were discovered during the more traditional surveillance or three-year audits as well.

Take advantage of every opportunity to adhere more closely to ISO standards and ongoing certification turns into just another day at the office.

Share

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

Get in Touch

Related Resources

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

Get in Touch
John Keen
Apart from work John enjoys sports (football, karate & walking) as well as travel & spending time with friends & grandchildren.
About Me

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

Get in Touch

10 Benefits of ISO 9001

by

10 Benefits of ISO 9001

Benefits of ISO 9001

The 10 Benefits of ISO 9001

Table of Contents

Increase Efficiency

Companies that go through the ISO 9001 certification process have to give a lot of thought to their processes and how they can maximise quality and efficiency. ISO 9001 sets the bar internationally that it is the standard to have.

Increase Revenue

Studies have shown that ISO 9001 certified companies experience increased productivity and improved financial performance, compared to uncertified companies. This goes hand in hand with winning new contracts, tenders etc.

Employee Morale

Defined roles and responsibilities, accountability of senior management, established training systems and a clear picture of how their roles affect quality and the overall success of the company, all contribute to more satisfied and motivated staff. Once you have the buy in from your staff, they are less likely to leave meaning no extra costs with rehiring and training.

International Recognition

The International Organisation for Standardisation (ISO) is recognised worldwide as the authority on quality management. With membership now exceeding 160 you can see why it’s the go to standard. http://www.iso.org/iso/about/iso_members.htm

Factual Approach to Decision Making

The ISO 9001 standard sets out clear instructions for internal audits and processes with self-assessment being high on the agenda, in turn, this makes information gathering and decision making most efficient. 

Supplier Relationships

If you have clients, then you will have suppliers and by employing the processes set out you will be able to find a mutually beneficial supplier relationship. The process also requires thorough evaluation of new suppliers before a change is made and/or consistency with respect to how and where orders are placed.

Documentation

The bane of most companies’ existence is documentation. Having the ISO 9001 in place helps keep everything on an even keel without being so intrusive you cannot function.

Consistency

One of the foundations of ISO; All processes from research and development, to production, to shipping, are defined, outlined and documented, minimising room for error. Even the process of making changes to a process is documented, ensuring that changes are well planned and implemented in the best possible way to maximise efficiency.

Customer Satisfaction

Client confidence is gained because of the universal acceptance of the ISO standard (160+ countries) Customer satisfaction is ensured because of the benefits of ISO 9001 to company efficiency, consistency and dedication to quality service.

Improvement Processes

The ISO 9001 outlines audit processes, management review and improvement processes based on collected data. Improvements are carefully planned and implemented based on facts, using a system of documentation and analysis, to ensure the best decisions are made for your company – see more here.

Do you want us to take care of your ISO 9001 journey?

At RKMS we have over 25 years worth of experience in assisting companies achieve ISO 9001 with a 100% success rate. All our consultants are IRCA lead auditors so we know exactly what the auditors want to see.

Learn More

Share

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

Get in Touch

Related Resources

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

Get in Touch
John Keen
Apart from work John enjoys sports (football, karate & walking) as well as travel & spending time with friends & grandchildren.
About Me

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

Get in Touch

How issosmart™ can assist you with ISO compliance

by

How issosmart™ can assist you with ISO compliance

issosmart™ logo

Being ISO compliant, whether it’s required by law or not, has become a necessity in business these days. Companies that wish to develop efficiencies in business processes, solve recurring problems and provide better customer service on a consistent basis opt for ISO certification – it becomes a way to promote your brand to the marketplace.

The online issosmart™ tool allows companies to set up a customised ISO compliant management system in a mere 30 minutes or so. At the end, the complete roster of documents – user guide, manual, registers, forms and procedures – required for ISO compliance will be at your fingertips.

Trust the smart consultants behind issosmart™

The issosmart™ tool has been designed by the RKMS Group, a UK based management consulting company with a stellar track record – in fact a 100% success rate – over its 25+ years of existence. All consultants on your project will be IRCA lead auditors.

Besides issosmart™, RKMS also provides services focused on ISO 9001, ISO 14001 and ISO 45001; Lean Management; Primary Risk Manager – an online Fire Risk Assessment tool and Accredited Training Courses.

Customised industry specific solutions

In addition to the general version of issosmart™, RKMS also provides industry specific support through the following solution kits:

  • issosmartfire™ – developed to support fire safety standards
  • issosmart™ Healthcare – developed to support documentation and standards for healthcare
  • issosmart™ Green Deal – developed to support standards in the renewable and energy efficiency industry

Easy to setup, implement and use

An ISO implementation process often involves tedious paperwork to stay current, input updates and comply with audits. No more!

issosmart™ is not only easy to install, set up and access through your company web browser, it will take the pain out of updates and audits. RKMS’s process includes an automatically updated legal register, which guarantees compliance with legal standard.

Other features include, but are not limited to:

  • The ability to add and implement according to multiple standards
  • Ultimate ease of access – via computer, tablet and smartphone
  • Ability to generate business insights through setting up and tracking KPIs

Overall, this is a system YOU design – its tailored to your specific needs and laser focused on reducing your costs of operation and implementation while improving the core efficiencies of your business processes.  

issosmart™ will help to streamline your business and eliminate redundancies and unnecessary activities.

Three easy options

RKMS provides three tiers of pricing for issosmart™, all of which come with email support. There is an option for everyone, trading off against your in-house expertise, needs and budget.

Feel free to ask our support personnel if you are unsure about which option is right for you.

Learn More

Be sure to ask about training

RKMS offers accredited training to help companies achieve and maintain ISO compliance.

The Level 3 Award in Effective Auditing and Inspection is awarded to those who have gained the specific knowledge required to conduct internal audits.

Contact RKMS Group today

Set up a free consultation with one of our experts today!

RKMS provides expert ISO 9001 consultant guidance, both email and phone support, plus training on issosmart™ as required. Our customer service representatives are always ready to support your needs.

Contact Us

Share

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

Get in Touch

Related Resources

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

Get in Touch
John Keen
Apart from work John enjoys sports (football, karate & walking) as well as travel & spending time with friends & grandchildren.
About Me

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

Get in Touch

What is PAS 2060?

by

What is PAS 2060?

What is PAS 2060?

PAS 2060: A Guide to Getting Certification and Contributing to the Race Against Global Warming

Global warming and climate change are a serious problem. If we do not act now—and countries, companies and communities do not work together to lower the emissions of carbon dioxide and other heat-trapping gases—the Earth will be inhabitable. We destroy the planet, millions of plant and animal species, and the entire human race.

That is why the industrial and business sectors are working to reduce carbon emissions and become “carbon neutral”. They are replacing fossil fuels with renewable energy, reducing waste, and looking for sustainable materials and packaging.

But the most important step that a company can take to reduce its carbon footprint is to analyse its greenhouse emissions. You have to know the problem before you can solve it. That is where the PAS 2060 standard can help.

What is the PAS 2060 standard?

The PAS 2060 standard is the only internationally recognised, accepted and respected standard for carbon neutrality.

It is based on the PAS 2050 standard, which was first released in 2008 by the British Standards Institution. This was the first framework for measuring a company’s carbon footprint.  

The updated PAS 2060 standard, which was released in 2014, has a more detailed methodology for measuring the life cycle of greenhouse gases across the entire value chain. Companies can use this to measure reduce and offset emissions, and the impact of their goods and services on climate change.

Ho do you apply for PAS 2060 certification?

The PAS 2060 methodology and framework has four steps, which require both a thorough evaluation of your processes and verification from accredited bodies.

  1. Measure Emissions
  2. Reduce Emissions
  3. Offset Emissions
  4. Document Success

Mesure Emissions

PAS 2060 divides emission sources from different areas, called Scopes.

  • Scope 1 includes direct emissions like fuel combustion. This is under the company’s direct control.
  • Scope 2 includes indirect emissions, which are created by electricity, heating, or cooling. This is not under the company’s control, but can be properly managed or minimised.
  •  Scope 3 includes emissions from activities that are part of the business value chain, but are beyond the control. This can include transportation or waste treatment.

To get PAS 2060 certification, companies must meet standards for Scope 1 and 2, and limit Scope 3 emissions to 1% of their total footprint.

Reduce Emissions

The next step in PAS 2060 certification is to present a Carbon Management Plan, which includes a timeframe, specific targets, and how they plan to reduce or offset emissions. Each activity should have a justification, and provide a methodology and timeframe for measurement.  

The company must also make a public commitment to carbon neutrality, and declare a maximum amount of annual emissions, or the ratio of emissions per unit of production.

Offset Emissions

To achieve carbon neutrality, companies don’t just have to reduce emissions but offset them. This can include investing in environmental projects like tree planting, using clean energy technology or programs like capturing methane gas from landfills, or buying carbon credits.

Unfortunately, carbon offsetting has generated a lot of public mistrust, after several reports of abuse and fraud. To avoid a backlash, make sure to engage in quality programs that provide real environmental benefits.

The offset credits must also be documented and verified by an independent third party, and meet the criteria. There are different standards for the compliance market and voluntary market, so you should know where the programs fall under and the necessary requirements.

Any offset credits have to be used within 12 months from the date they have been declared to be achieved.

Document Success

At the end of the program, the company must present a report, which includes supporting documents such as a copy of their Carbon Management Plan, proof of reduced emissions, and the Carbon Footprint Report.

Who can apply for PAS 2060 certification?

Companies and organisations can get carbon neutral certifications for products, services, buildings or sites, transportation systems, and even events.

What are the benefits of applying for PAS 2060?

  • Stronger brand image. Being an environmentally responsible company or brand can help build customer trust and loyalty, and improve your relationships with stakeholders. This includes the media, local government, stockholders, and investors.   
  • Increased credibility. You will be able to declare certification on product labels and marketing collaterals. Since PAS 2060 is the only internationally recognised standard, you immediately differentiate yourselves from other companies who can only “claim” that they are Clean and Green.
  • Clear action plans. The PAS 2060 framework can help you find clear, concrete and cost-effective ways to lower your carbon emissions. This is better than blindly implementing projects without knowing the real impact on your business and global decarbonisation efforts.

Align your business with global initiatives

The PAS 2060 framework also companies align with a global target, set by the 2015 Paris Agreement. You could call it the biggest business plan in history: world governments committed to lower the rise of global temperature to below 2°C, in order to prevent the catastrophic effects of climate change.  

The only way to meet this goal is for companies worldwide to cut emissions by 50% before 2030, and achieve net-zero by 2050. The clock is ticking. While everyone plays an important role, most carbon emissions are generated by the business and industrial sector.

Unfortunately, total carbon emissions increase every year. Even with the existing commitments from countries, we are still producing 60% more carbon than safe levels. In other words, companies need to try harder. It is not enough to “reduce, reuse and recycle” while hoping that it is enough.

The PAS 2060 framework provides a more systematic way to reduce emissions and measure success.  It can serve as the foundation for long-term environmental strategies, while setting milestones for every year. It can be a tedious procedure, but there are companies that can assist with the process, from developing a plan to gathering the necessary documents, reports, offsetting credits, and third-part accreditation.  

With the global warming crisis, PAS 2060 is not just a standard, but a tool for survival.  

Do you want us to take care of your PAS 2060 journey?

At RKMS we have over 25 years worth of experience in assisting companies achieve PAS 2060 with a 100% success rate. All our consultants are IRCA lead auditors so we know exactly what the auditors want to see.

Learn More

Share

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

Get in Touch

Related Resources

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

Get in Touch
John Keen
Apart from work John enjoys sports (football, karate & walking) as well as travel & spending time with friends & grandchildren.
About Me

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

Get in Touch

Improving Productivity in the UK

by

Improving Productivity in the UK

Improving productivity in the UK

The UK has fallen behind many of its competitors but why?

Germany is 34.5% more productive than the UK, whilst the G7 average is 16% higher than the UK. This has slipped since 1995.

The UK has not adopted lean management techniques to the same extent as other industrialised Nations.

The words “six sigma”, “world class manufacturing”, “lean management systems”, are often banded around as the new buzz word and even to add a scientific approach to it. Whilst the statistical element of lean management is no doubt a powerful tool, it also makes it incredibly difficult for the average worker to understand, thereby creating a barrier to adoption. Lean seems to be exclusively seen as a manufacturing or engineering methodology, even the awarding bodies for qualifications are predominantly engineering based.

Real lean management is fundamentally common sense and is most effective by cultural implementation rather than sat behind a spreadsheet or a PC screen with statistical software installed, generating a mass of statistics, that the majority do not understand. 

The lean management thinking programme has been running in Scotland for the past 15 years with over 450 organisations taking part from a diverse range of industries including veterinary suppliers, events management companies, even the Scottish FA. They’re about as far removed from engineering or manufacturing as they can be, yet the results of the programme speak for themselves. Using ERDF funding the programme has consistently delivered a fully auditable trail of GVA (Gross Value Added) of around £100K per participating organisation on the first lean project. 

So why is this?

This programme is pragmatic and simplistic involving senior management as well as hourly paid staff. It uses simple techniques and delivers cultural change by engaging all in the process from start to finish ensuring all have a vested interest in the outcome, which is sustainable continual improvement. The programme arms all levels with simple, easy to use techniques that are embedded in the minds of those that take part, thereby becoming a way of life rather than the latest management buzz word.  

Are we missing a trick by trying to overcomplicate simplicity?

Interested in implementing a lean project within your organisation?

Our lean programme, which attracts 95% funding, has run for over 20 years throughout the UK being and has been applied to nearly every industry. To date the programme has identified in excess of £65m in benefits across 650+ companies.

Talk to us today to see how the programme can assist your business.

Learn More

Share

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

Get in Touch

Related Resources

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

Get in Touch
John Keen
Apart from work John enjoys sports (football, karate & walking) as well as travel & spending time with friends & grandchildren.
About Me

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

Get in Touch

10 Benefits of ISO 14001 in 2021

by

10 Benefits of ISO 14001 in 2021

Benefits of ISO 14001

So you’re probably familiar with what ISO 14001 is, but maybe you’re thinking why your business would need it? Or whether it is worth the effort?

Here’s some reaons for why ISO 14001 can benefit your business.

The 10 Benefits of ISO 14001

Table of Contents

Improve Tender Chances

It increases chances of winning public and private sector tenders. It has become more and more important over the last 10 years for companies to show that they are thinking but also following the green trend.

Leaders in Industry

It will make your competitors take note that you are going above and beyond of what is expected from someone in your industry.

Ensure Legal Compliance

It helps your organisation meet legal and regulatory requirements. It does depend on which sector you work within but having the 14001 in place will eliminate any potential banana skins for you.

Reduce Insurance Premiums

It can lower insurance premiums. It has been shown time and again that lowering risks make you safer which in turn reduces premiums.

Improve Environmental Performance

It reduces consumption of raw materials. We all have an impact on mother earth however if we can highlight and reduce the impact it can only be good for everyone.

Reduce Operational Waste

It reduces waste and repetition. As you will be looking at your operations we will be able to identify where you are using too much raw material and where savings could be found.

Increase Profitability

It increases profit margins. If you reduce your waste, it’s not only good for the planet but good for the balance sheet.

Increase Efficiency

It streamlines operations. If we can streamline what you do it will naturally make things work more efficiently.

Improve Employee Morale

It can increase employee motivation and participation. What be buy in is the staff, and with a proper process in place staff will be able to see their development into an import cog in the business wheel.

Promotes Continual Improvement

It promotes continual improvement. How can improvement be bad? Answer it can’t.

Do you want us to take care of your ISO 14001 journey?

At RKMS we have over 25 years worth of experience in assisting companies achieve ISO 14001 with a 100% success rate. All our consultants are IRCA lead auditors so we know exactly what the auditors want to see.

Learn More

Share

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

Get in Touch

Related Resources

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

Get in Touch
John Keen
Apart from work John enjoys sports (football, karate & walking) as well as travel & spending time with friends & grandchildren.
About Me

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

Get in Touch

ISO 9001 Cost of Certification

by

Find Out More: How Much Does ISO 9001 Cost?

How Much Does ISO 9001 Certification Cost?

The typical cost for ISO 9001 certification is between £3,000 and £6,000.

This includes certification body audit fees in the UK. This is via the UKAS accredited route. Initial costs for non-accredited certification can be cheaper but in the long run tends to be more expensive. Read our article on the differences between UKAS and non-UKAS certification to explore the differences further. 

Cost Of ISO 9001 Certification in The UK – 2024

The cost for ISO 9001 certification including implementation and accreditation ranges from £3,000 to £6,000.

Not all ISO 9001 certificates are the same. A low cost or quickly available certificate may not be accepted by your customers. UKAS, the well respected UK accreditation body are themselves, independently accredited as a certification body by the IAF. The IAF ensure that “accreditation is the independent evaluation of conformity assessment bodies against recognised standards to ensure their impartiality and competence.” Read more here.

ISO Standards

An ISO 9001 Price List?

ISO 9001 consultancies delivering accreditation for professionally recognised UK industry certification bodies like UKAS cannot provide a standard price list for accreditation services.

This is because the cost of ISO 9001 certification varies depending on a number of factors including:

  • Number of sites
  • Number of staff
  • Annual turnover
  • Existing levels of documentation
  • Complexity of audits required
ISO 9001 Cost

Using a UK ISO 9001 Consultancy - Cost & Time Saving Benefits

A consultancy with a successful record of accomplishment can add a lot of value and benefits to a customer’s business. They have skills, knowledge, resources and experience built up over time from working in many types of industry, market sectors and different enterprises.

Reputable UK ISO Consultancies Add Value by Improving Company Operations

Implementing the ISO 9001 standard is not just about creating a quality system to obtain an ISO certification.

It is also about bringing improvements to a firm’s procedures, company employees and methods. In turn, this will reduce costs and improve productivity. Then better products, services, and revenue growth will be possible.

Expert Consultancy Saves Time & Money On Your ISO 9001 Certification Cost

ISO 9001 consultancies bring unparalleled capability to the planning and delivery of ISO management system projects and optimise your ISO 9001 cost UK.

The expertise of a professional ISO 9001 consultancy services can minimise the ISO 9001 cost UK burden of financing new quality procedures.

Moreover, deployment of cloud support systems reduce the audit workload on company employees. They will speed up project times. And, provide support continuity with the consultancy after completing the initial system creation and certification phase.

Efficient Consultancy Minimises Project Delivery Times

Your business will benefit from the new quality management system as soon as possible.

Using external expertise will ensure that standards projects keep moving forward. This ensures that a business is not wasting time and resources eg: like production of unnecessary audit documentation.

They act as a catalyst for effective planning and “fast track” the process by securing management commitment for adequate funding. 

ISO 9001 Cost

In House Implementation – The Hidden ISO 9001 Cost UK

Adopting an unsupported “do it yourself” process audit approach involves learning all about the ISO 9001 quality management standard. In addition, the roles and responsibilities of all individuals that need to be involved in the process must be identified. 

Sufficient knowledge of the ISO 9001 quality management system (QMS) standard and accreditation bodies must be obtained by staff. Then, employees must translate that knowledge into efficient processes suitable for their organisation and industry can put into practice.

Sometimes this aspect is not measured by a business and hidden ISO 9001 accreditation costs usually prevail with customers’ in-house project management.

Acquisition of Skills and Knowledge

In addition, in depth training must be organised to ensure efficient and effective implementation of the standard throughout the customer’s processes.

The downside is the significant amount of time and resource required to create the process and mandated documentation. Additional employee training may be required and a longer project lead time will be ensue.

Employees – ISO 9001 Accreditation Cost

More often than not, employees in a business will be spending a fair amount of time implementing the quality management system rather than their core duties. This can result in hidden ISO 9001 cost UK businesses can avoid.

This can be quite expensive if a highly paid line manager or senior engineer is involved. They may be creating methodologies and documentation for ISO 9001 certification instead of doing operational job properly.

Explore the UK cost of ISO 27001 certification.

Build Your Own ISO Management System with issosmart™

issosmart™ is a cloud ISO 9001 standard compliance system and monthly prices start from a modest £120 plus VAT.

issosmart™ enables our clientele to build an ISO quality management system themselves and, besides ISO certification, provides additional benefits:

  • Business Insights
  • Increased Efficiency
  • Legal Compliance
  • Cost Reduction

issosmart™ provides all the evidence needed for ISO 9001 certification including a manual, user guide, procedures plus forms and registers. There are three service options that clients can select from:

  • Self Install – you populate all information yourself.
  • Facilitated Install – guidance on action plan, gap analysis, internal auditing & management review.
  • Complete Install – full support throughout the process and “guaranteed” certification.
Learn More

Share

Book a Free Consultation

Get free advice and guidance tailored to your exact business needs

Book Your Free Consultation

Related Resources

Book a Free Consultation Consultation Consultation Consultation

Get free advice and guidance tailored to your business needs

Book Your Free Consultation