5 Benefits of Outsourcing Your Fire Compliance Competent Person

Benefits of Outsourcing Fire Compliance Competent Person

5 Benefits of Outsourcing Your Fire Compliance Competent Person

Benefits of Outsourcing Fire Compliance Competent Person

There are questions every business needs to be asking when it comes to the longevity of its operations. Finances, people, future growth—we need to have our finger on the pulse in all areas of our businesses to give them the best chance of success.

There are questions we need to be asking when it comes to fire compliance, too. Questions like:

  • Do we employ a competent person who meets our legal duty as a business?
  • Do we have a written fire compliance policy statement?
  • Do we have processes in place to recognise and report fire compliance issues?

You might be surprised at how many business owners and key stakeholders answer no to some—or all—of these questions. If you are one of them, you are not alone. And, fortunately, the solution could be very simple: outsourcing.

In this article, we’re exploring the 5 key benefits of outsourcing your fire compliance competent person. You’ll learn what makes a good competent person, what they can bring to the table, and why it’s so crucial that you get it right now.

Here’s what you need to know.

What is a Competent Person?

The Regulatory Reform (Fire Safety) Order states that there are two ways to identify a competent person. They must either:

  • Have sufficient training and experience to properly carry out the task at hand, or
  • Possess knowledge and other qualities to properly carry out the task at hand.

There is a common misconception in the business sector that the competent person assigned to fire compliance only needs to be familiar with the current legislation. Ensuring people within the business have an awareness of your legal fire compliance requirements is an asset, of course—but it doesn’t meet the requirements of the competent person role.

Put simply, the person assigned the role of a competent person must be competent to fulfil the task at hand.

Here’s the tricky part: as the ‘task at hand’ could range from the mundane to the complex, the level of competency expected needs to cover a broad range, too. The expectation and demand on a person’s training, experience, knowledge, and ‘other qualities’ will increase in accordance with the complexity of any given situation when it comes to fire compliance.

Effectively, your fire compliance competent person must display the relevant competencies to meet the situation in question—for the safety, wellbeing, and health of your business and its people.

Why Do You Need One?

In a nutshell: it’s the law.

Your business has a legal obligation to provide competent fire compliance support. Whether you employ someone within the business structure, or outsource the role, there must be a person responsible for taking appropriate general fire precautions.

So if you know you need one—and you don’t have one—let’s unpack why outsourcing could be a strong business solution.

The 5 Benefits of Outsourcing Your Fire Compliance Competent Person

1. It Reduces Business Risk

Outsourcing your fire compliance gives your business—and your personnel—greater clarity around risks. Having a specialist analyse areas of risk within your business structure ensures you have identified the hazards associated with your specific business—and supports you in managing those hazards.

Digging further, we can also look at non-compliance risks: the legal and financial ramifications of falling short in your fire compliance. If the worst happens, and your business is faced with a fire—are you sure your competent person was up to the task?

When you outsource a professional, you improve your chances from a legal standpoint, and protect the people within your organisation.

2. It Can Improve Brand Management

Being an employer of choice can help you draw the best candidates in a competitive job market—and a positive culture of health and safety makes your business a more desirable employer.

Recruiting top candidates and promoting a safe work culture drive your business’s reputation, and your brand in the eyes of shareholders, consumers, and competitors. In a climate where value and integrity matter, a fire compliance professional can set you ahead of the pack.

3. It Increases Productivity

The legislation around fire compliance—and health & safety in general—changes rapidly. It can be difficult for small and medium enterprises to keep up with amendments that may be vital if your business is faced with a fire.

By bringing in a specialist fire compliance consultant, you can be assured that they bring the knowledge, experience, and up-to-the-minute training you need to stay compliant—and to stay safe.

The added bonus: your team can stay focussed on your business, instead of reacting to legislative changes that reduce productivity and efficiency.

4. It Can Save Money

Fire compliance takes time—and time is money. Outsourcing your fire compliance competent person can eliminate the added time involved in:

  • Studying the relevant legislation
  • Identifying weak points within your organisation’s fire compliance
  • Becoming compliant

Further, bringing in a professional can protect you against the steep fines involved in non-compliance, and help you eliminate the risks of deadly, dangerous, and destructive fire damage.

For small businesses in particular, the prospect of employing a qualified fire compliance person isn’t justifiable for the business. When you outsource, you pay for the service as you need it—leaving you to run the business lean the remainder of the time.

5. It Can Reduce Stress

Let’s face it: running a business is stressful. Rewarding and challenging and stressful. Eliminate the added stressor of getting fire-compliant by outsourcing the role and putting yourself—and your key stakeholders—in a position to monitor the bigger picture.

Outsourcing your competent person means your business is less reactive to issues that arise—and more prepared for the future.

One More Thing

So, have you got somebody within your team with the level of knowledge and experience to face down complex compliance issues?

If not, consider outsourcing.

From protecting your brand and your people, to reducing the impact on your bottom line, now you’ve got five ways outsourcing your fire compliance competent person could be a game-changer in your business.

Share

Share on facebook
Share on twitter
Share on linkedin
Share on whatsapp
Share on email

Related Resources

What is ISO 27001?
Blog

What is ISO 27001?

ISO or IEC 27001 is a well-known and widely used Information Security Management System (ISMS). Companies using them can rest assured that all of their

Read More »

H&S Competent Person – 6 Reasons You Should Be Outsourcing Your Health and Safety Competent Person

Health and Safety Competent Person

H&S Competent Person – 6 Reasons You Should Be Outsourcing Your Health and Safety Competent Person

Health and Safety Competent Person

As a business, you know the value of good people within your business. You’ve invested a lot of time and energy into the team you have, because they can be the drivers behind the success of a project—and even the success of an entire operation.

Is it really in your best interest to pull them from their roles to focus on your health & safety procedures?

Typically, the answer is no.

So you employ someone in a health & safety capacity, and absorb the costs of recruiting, screening, and hiring them. You pay top dollar and hope they have the initiative, training, and knowledge to deliver what your organisation needs. You take the risk that the ongoing investment will pay off.

Is that your only option?

Again, the answer is no. If moving an existing employee into health & safety is counter-productive, and hiring a new employee into the role is too risky, your third option could be the best: outsourcing.

If your business doesn’t have the competence under UK legislation to manage H&S in house—maybe your business is too complex or too high-risk—outsourcing could have far-reaching benefits. We’ll unpack those benefits here.

First Up: What is a Competent Person?

In the Health & Safety sphere, a competent person is one who has the:

“Necessary skills, experience and knowledge to manage health and safety.”

As an organisation, you are required under UK legislation to appoint a competent person to help you achieve your health and safety obligations. More than just someone who can safely perform the tasks required of your business, a competent person will be tasked with ensuring all areas of your business adhere to best practice.

In essence, a Health & Safety competent person can recognise risks and hazards within your operations, and help to structure controls that protect you, your people, and your business.

Does My Business Need a Health & Safety Competent Person?

In a nutshell: Yes.

While the standards for health and safety in the UK workplace are set in the Health and Safety at Work, etc Act 1974 and the Management of Health and Safety at Work Regulations 1999, it’s the latter standards that specify:

“Employers must appoint a ‘competent person’ to oversee health and safety in the workplace.”

Appointing a Health & Safety competent person is crucial to the longevity and compliance of your business, but it can also be a time- and money-consuming task. When you’re looking for a more effective way to stay compliant in the workplace, here are 6 reasons you might want to consider outsourcing the role.

6 Benefits To Outsourcing Your Health & Safety Competent Person

1. It Frees Up Your People

The most valuable resource most businesses have is its people. A large amount of time, energy, and financial support goes into putting the best people into the right roles, so it makes sense to keep those people where they best achieve your business outcomes.

Hiring a new employee is a costly process in general, and more so for businesses that are unsure of what they should expect from a health and safety role. Onboarding a new employee is a period of adjustment and managing expectations, and in many cases, this just isn’t feasible for the business in the short-term.

For these reasons, bringing in a consultant who specialises in health and safety outcomes keeps your team free to drive strong outcomes for your business.

2. It Drives Efficiency

Health & Safety legislation in the UK is wide-ranging and ever-changing. This is a space that becomes even more complex when you factor in industry-specific caveats and expectations.

What we’re saying is: staying across health and safety obligations takes focus.

Outsourcing your health and safety competent person can give your organisation the peace of mind in knowing an expert is laser-focused on managing the risks and liabilities in a way that is compliant, effective, and efficient.

3. It Can Streamline Costs

One of the most important considerations in business is costs. Wage costs can quickly get out of control, and productivity—especially in a role in the health and safety sphere—can be difficult to measure.

Outsourcing can help maintain more consistency in running costs, whilst avoiding the high cost of a full-time health and safety officer.  

In addition, employing a health and safety competent person as an employee comes with its own set of legal requirements and compliance tests. If your business isn’t prepared for this level of investment, bringing in a contracted professional could be a more simple, cost-effective solution.

4. It Protects Your Business

Any good business owner or operator wants to protect its people. A safer, healthier workplace is a happier workplace—and a better place to work.

By gaining clarity from a professional surrounding your health and safety obligations, you reduce your risk of non-compliance fines, legal trouble, damage to your business brand, and loss of productivity.

When you are seeking to build confidence within your team, with external stakeholders, and key investors, outsourcing a professional advisor can help you achieve that outcome.

5. It Promotes Strong Company Culture

Research has shown that a positive company culture improves employee wellbeing, and reduces accidents in the workplace by up to 50%. It reduces employee turnover, drives productivity, and increases consumer engagement.

And the #1 factor in a positive company culture? Employees feeling valued in the workplace.

Demonstrate how much you value your team by delivering a robust, professional health and safety process that protects everybody in the workplace. Emphasise your company’s commitment to a safe working environment through quality procedures and consistent monitoring—and enjoy the tangible benefits.

6. It Puts You in The Driver’s Seat

Have you heard the phrase, “I can’t see the wood for the trees.”?

When you are heavily involved in developing and maintaining the health and safety processes within your business, you may struggle to see the big picture. As you—or any key member of your management team—becomes caught up in “putting out fires” it becomes incredibly difficult to navigate the HSE ship as a part of your overall business convoy.

An independent consultant allows you to step back and consider practical solutions, rather than to operate your business from a reactive response position.

Final Thoughts

A strong health and safety process can keep your business agile, help you identify and prepare for HSE issues, and support you in making compliant, flexible, and well-informed decisions.

It can keep your team free to focus on driving your business forward and reaching crucial outcomes. Most importantly, it keeps your people and your organisation safe.

The question is: do you really have time to do it yourself? If not, outsourcing your Health & Safety competent person could be the strong solution for your business.

Share

Share on facebook
Share on twitter
Share on linkedin
Share on whatsapp
Share on email

Related Resources

What is ISO 27001?
Blog

What is ISO 27001?

ISO or IEC 27001 is a well-known and widely used Information Security Management System (ISMS). Companies using them can rest assured that all of their

Read More »

What is ISO 27001?

What is ISO 27001?

What is ISO 27001?

What is ISO 27001?

ISO or IEC 27001 is a well-known and widely used Information Security Management System (ISMS). Companies using them can rest assured that all of their business-critical information is kept secure, free from misuse or poaching if they adhere to the standards of the various products in the ISO 27001 family.

Origins/History of ISO 27001

ISO or IEC 27001 was first developed by the International Organisation for Standardisation (ISO), in collaboration with the International Electrotechnical Commission (IEC), in 2005. The standards were subsequently updated in 2013.

The current version of the ISMS is ISO 27001:2013. The standard adopts a process through which a user can establish, implement, operate, maintain, monitor and consistently improve it’s information security management system.

Who is ISO 27001 Meant for?

The ISO 27001:2013 standard is currently the internationally recognised “best practices” framework for ISMS. The standard complies with the General Data Protection Regulations (GDPR) and the standards set under the US Data Protection Act of 2018.

ISO/IEC 27001 can be used by any organisation that produces and needs to manage information assets, especially when they share data or information with outside bodies.

For example, government bodies, nor for profit organisations and commercial enterprises can all use ISO 27001 standards for creating, using and maintaining their Information Security Management Systems.

Any organisation that needs to protect its key data, including but not limited to intellectual property, financial data, employee details or information that it handles on the basis of third parties can benefit from following the ISO 27001 standard.

In terms of industry, sectors that handle confidential client information, especially large volumes of it, are particularly prone to threats from breaches. From this viewpoint, two types of organisations can use ISO 27001 to great advantage:

  • Companies that regularly handle confidential information and need to protect it on behalf of their clients, users and partners – such as banks and other financial institutions, healthcare organisations, Information Technology vendors and public sector enterprises.
  • Other organisations make a living out of archiving and working with other companies’ data, so ISO 27001 is also critical for their business success. Examples would include IT outsourcing organisations or data centres.

Basis of Evaluation

ISO 27001:2013 is evaluated on a CIA (Confidentiality, Integration and Availability) basis. This presents a three hundred and sixty degrees view on ISMS, beyond just preserving and protecting confidential information.

Integration involves measures that prevent data from being wrongfully manipulated, while Availability refers to creating a system that will ensure that your data is never rendered inaccessible.

Why Would You Need It?

While there are more than a dozen standards in the ISO 27000 family, the ISO/IEC 27001 stands out from an ISMS standpoint. Companies have confidential data that could either be critical to their own business, or that falls under confidentiality agreements that they have executed with third party partners.

In the modern day and age, cybersecurity is key to continuity and success. The ISO 27001 standards ensure peace of mind in that regard.

ISO 27001:2013 certification is not only about the technical measures that get put into place to prevent cybercrimes or inadvertent data leaks. The system is designed in such a way that management processes and key business controls are set up in a customised fashion – so that each company can protect itself from identified threats in a manner commensurate with the risk assessment while minimising business interruptions.

Benefits of ISO 27001

As mentioned above, protecting your company’s mission critical data is critical for both short and long term business success. It also ensures that other organisations will be willing to collaborate with you, since they know you will be able to preserve and protect their confidential data. Getting certified in ISO 27001 will lead to these general rewards as well as many specific benefits, including but not limited to:

  • Keeping critical and confidential information fully secure.
  • Creating a framework for critical exchange of information with outside organisations.
  • Helping the company comply with essential regulations such as Sarbanes-Oxley.
  • Ability to easily comply with ISO audits with regard to ISMS.
  • Ability to incorporate Six Sigma style efforts in the field of ISMS.
  • Assisting in the minimisation and management or risk exposure.
  • Producing an aura of security in the marketplace, thus providing confidence to key stakeholders and customers about how you protect confidential information, as well as your approach to risk management in general.
  • Elevate your business standing through a consistent delivery of your product or service, which then enhances customer satisfaction, helps build a reputation and aids customer retention.

Overall, companies that use ISO 27001 standards have a demonstrable culture of security. Not only is every critical piece of data protected, but a crucial message is shared with every director, shareholder and key stakeholder – you are serious about protecting the company and its assets.

How Can Companies Get Certified?

In every jurisdiction, there are accredited agents that can take companies through the process whereby they get ISO 27001:2013 certified. While it’s possible to get certified through other means, the impact and branding is not the same.

For example, in the UK, the ISO 27001:2013 certification is most valuable when the certification has been obtained via a United Kingdom Accreditation Service (UKAS) accredited certification organisation that can conduct an independent audit on the path to setting up their systems and obtaining the certificates. Checkout our blog on UKAS vs Non-UKAS Certification to learn more.

Similar organisations exist elsewhere in the world.

The Final Word

To get certified in ISO 27001:2013 is often a gold standard for a corporation which handles critical and confidential data, both its own and on behalf of partners, clients and key stakeholders. In the modern age, with hackers everywhere and social media and connectivity being enablers of mischief if confidential data goes awry, it is almost inconceivable for a successful company to not get certified.

Once the ISMS standards are set, the company and it’s key stakeholders can all enjoy peace in terms of knowing that they will not be subject to a random act of data piracy – either due to a mistake or deliberate actions by a competitor or a hacker.

Share

Share on facebook
Share on twitter
Share on linkedin
Share on whatsapp
Share on email

Related Resources

What is ISO 27001?
Blog

What is ISO 27001?

ISO or IEC 27001 is a well-known and widely used Information Security Management System (ISMS). Companies using them can rest assured that all of their

Read More »

The Difference Between UKAS and Non-UKAS Certification

Difference between UKAS and Non-UKAS Certification

The Difference Between UKAS and Non-UKAS Certification

Difference between UKAS and Non-UKAS Certification

We have recently seen an increase in organisations claiming they have achieved “certification” to various International or ISO Standards such as ISO 9001 Quality, ISO 14001 Environmental, ISO 27001 Information Security or ISO 45001 Occupational Health & Safety amongst others. At RKMS we regularly receive calls from companies that have genuinely thought they had achieved a certification but to find their new certification has been rejected by a client during the tendering process. We know how devastating and costly this can be for businesses and as such are releasing this information in an attempt to try and protect UK businesses.

Difference Between UKAS and Non-UKAS Certification

While the low cost of obtaining non-UKAS ISO certification may seem tempting to some businesses, it isn’t long after that many discover the certification is effectively useless. The difference between UKAS and non-UKAS certification often results in the latter having a lack of recognition outside of certain situations. The low cost of non-UKAS certification can very quickly translate to lost revenue for a business.

It is important that those seeking to obtain ISO certification understand the key differences between UKAS and non-UKAS certification. it is also important to understand how these differences can have an impact on your bottom line. 

What is also becoming more prevalent is longer contractual tie in periods, a UKAS accredited Certification Body HAS to allow you to move to another CB providing you have paid your subscriptions to date, many non UKAS organisations are charging a higher day rate for assessment and putting 10 year contracts in place meaning your “certification” may not only be worthless but could cost far more than a bone fide certification!

Accreditation Bodies

The UK Accreditation Service, or UKAS for short, is the only accreditation body officially recognised by the British Government. Operating under the Department for Business, Energy, and Industrial Strategy, UKAS is responsible for ensuring that any organisation offering ISO certification in their name conforms to strict standards. Any organisation that offers UKAS certification must have its processes regularly vetted to ensure that they meet ISO requirements.

There is no accrediting body for non-UKAS certification. Many of the businesses offering non-UKAS certification design their own certification processes, and the lack of oversight quite often results in them being slow to change their processes when ISO standards change. This is because there is often very little incentive for them to do so. The lack of accrediting body can also mean that many of these businesses are not really checking to see whether a company meets ISO standards, and thus the certification will hold no value.

Guidance from https://www.gov.uk/guidance/conformity-assessment-and-accreditation

BEIS is aware that UK certification bodies and representative associations are concerned at the increase in the number of organisations offering certification when they are not accredited to do so.

BEIS has advised certification representative organisations in the UK that:

  • the only ‘authoritative statement’ of competence, that has public authority status – providing the last level of control in the conformity assessment chain – is from the UK’s sole national accreditation body, UKAS
  • any organisation that suggests it is accredited in the sense of the Regulation on accreditation and market surveillance (765/2008) as it has effect in Great Britain or Regulation (EC) 765/2008 in Northern Ireland when they are not, may be guilty of an offence under the Busines Protection from Misleading Marketing Regulations 2008 (Statutory Instrument 2008/1276)
  • certification bodies or representative organisations should refer these cases to trading standards or UKAS in the first instance

Differences in the Certification Process

Any organisation that offers certification in the name of UKAS must have its processes regularly vetted. Obtaining initial UKAS accreditation is a lengthy and arduous process. Keeping hold of UKAS accreditation is even tougher. This is because UKAS wants to ensure that any assessment bodies that operate in their name are competent enough to assess businesses to ensure that they meet ISO standards.

Any UKAS accredited organisation must employ competent assessors and have technical experts ‘on hand’. This is to help ensure that any certification provided by these bodies means something. It guarantees that an industry professional has determined that a company does, indeed, meet ISO standards.

Non-UKAS certification providers will come up with their own certification processes. They are under absolutely no obligation to ensure that they are genuinely assessing businesses to ISO standards. In fact, many are not. Constant changes in ISO standards can make it tough for non-UKAS certification providers to adapt their processes quickly. In many cases, there is no financial incentive to do so. Therefore, many of these certification providers may be offering ISO certification to old standards. This means the certificate is worthless.

Non-UKAS certification providers do not have any obligation to employ competent assessors or technical experts. In fact, many do not. Their certification process may often be nothing more than a few checkboxes. This is how these certification providers are able to offer their services so cheaply and quickly. There have been several cases where these organisations have been successfully prosecuted by Trading Standards.

Impartiality

A key provision for obtaining UKAS accreditation is impartiality. Any accredited ISO 9001 consulting organisation must adhere to strict guidelines on the advice that they are able to offer to their clients. UKAS prohibits any assessment organisation from receiving accreditation if they also offer consultancy services. As a result, any accredited body is solely an assessor. While they may be able to provide transparent advice for companies wishing to meet ISO standards, these organisations are not permitted to offer any paid advice outside of the assessment services that they offer.

Non-UKAS certification providers do not have to meet the same standards. In fact, offering consultation is often a key part of their business model. This can create a conflict of interest where the certification provider is unwilling to offer their certification unless the business they are working with is willing to pay for their expensive consultation services. While the initial cost of obtaining the certification may be cheap, the long-term costs may end up becoming rather extravagant.

Recognition of the Certification

Many businesses obtain certification because their industry requires it. Demonstrating that a business conforms to ISO standards may often form a key part of the tendering or sales process. We often come across organisations that inadvertently engaged with a non UKAS body and have been rejected from the tendering process.

If businesses hold a non-UKAS certification instead, they will often find themselves struggling to make sales. Quite often, these businesses may be excluded from any tendering process. When they contact potential clients directly, they may struggle to receive a response. This is because businesses that work with non-UKAS certification holders are taking a huge risk. If the businesses that they work with do not meet ISO standards, then it could mean huge financial penalties and a massive reputation hit if something goes wrong. 

It should also be noted that many businesses that seek non-UKAS certification do so in order to save money. Other companies recognise this. They often feel that businesses cutting costs in such an important area are likely to be going through strict cost-cutting elsewhere too. This means that they may not be receiving the best service possible. 

Any business holding non-UKAS certification that is able to make headway in the sales or tendering process may be required to demonstrate that their business meets ISO standards in other ways. This, quite often, means a costly process. In fact, this process can quite often cost more than applying for UKAS certification in the first place.

UKAS Certification Can Increase Business Profitability

While the lower upfront costs of applying for non-UKAS certification may be tempting, in the long run, it could end up costing businesses a significant amount of money.

In the long run, businesses that obtain UKAS certification are more profitable, and they grow far quicker. This is because they have demonstrated a commitment to ensuring that their business operations meet international standards. Clients enjoy this and, in many cases, will pay more for services that have been backed by UKAS.

If you are looking to obtain certification that your business meets ISO standards, make the right decision. Only work with UKAS-accredited certificate providers. It will only benefit your company in the long term. It is one of the best investments you can make in your business.

Share

Share on facebook
Share on twitter
Share on linkedin
Share on whatsapp
Share on email

Related Resources

What is ISO 27001?
Blog

What is ISO 27001?

ISO or IEC 27001 is a well-known and widely used Information Security Management System (ISMS). Companies using them can rest assured that all of their

Read More »

What are External Audits?

What are External Audits

What are External Audits?

What are External Audits

What to Expect from External Audits and ISO Certification

Audits are an important part of a company’s application for ISO certification. These tests and inspections can verify if the processes and systems comply with standards and follow best practices. They can identify areas that need improvement or provide proof that the company has met the ISO requirements.  

ISO certification requires both internal audits and external audits. In this article, we’ll look at the latter—including the types of audits you will need, what the auditor will look for, the steps and time involved, and tips on preparing for them.

The External Audit Process

External audits will examine your business from different perspectives and points of view and are conducted in stages.  

An external audit is done by a third-party auditor who is licensed by the Certification Body. Usually, the auditors are selected based on their experience, qualifications, as well as their understanding of your specific industry.

During the three-year cycle of ISO certification, you can expect least one day initial audit of all your processes, and another one audit during the surveillance cycle to check whether the recommendations have been effective.  

Types of External Audits

Customer Audit

The first step is the Customer Audit, where a potential or existing customer reviews your processes from the lens of whether you are able to meet their needs, expectations and requirements. For some businesses, this can be replaced or augmented by a supplier audit. The schedule of auditing varies from customer to customer.

Certification Audit

This is a critical step in the ISO process. Your registrar will do a thorough check of your business processes and practices to check if they conform to the ISO standard. You can expect to have this done every three years.

Stage 1 is a preliminary audit that determines your company’s level of readiness for ISO. This allows you to spot areas where you need to improve, or understand the documents and reports that you need to provide. This is sometimes done remotely.

Stage 2 is a more thorough, on-site inspection where the auditor will review procedures, interview your employees, and check if you meet the criteria for an official ISO certificate.

Surveillance Audits

Even after your company gets ISO certification, your registrar will do annual surveillance audits. Much like a car tune-up or the annual doctor check-up, this external audit determines if you are still meeting the ISO requirements or if there are areas that need to be improved or revised. Should you have received any non-conformities or areas for improvement on your stage 2 audit. The Surveillance Audit will be focused on what you have done to correct the issues.

You will not be given a new certificate, but this is required so you can keep your ISO certification.

Methods and Processes

Audits can be performed in different ways, depending on your company’s needs and what is being checked. This can include remote audits which include teleconferences or online consultations, on-site audits, and self-audits.  

The self-audits can help you prepare for the official external audits. You can select employees to join the audit team, but they shouldn’t audit their department or area of responsibilities. You can also hire professional auditors who can train or guide this team, or completely outsource the internal audit to them.

While the external audit is clearly the most critical part of getting ISO certification, an internal audit is what helps you meet the criteria. Conduct one at least three months before you do a certification audit, and make sure that you document the process.

The internal audit will help you find out your “non-conformities” or where you do not meet criteria and create an action plan. These records will actually be reviewed during the external audit and can make or break your company’s ability to proceed to the next step.

For that reason, it’s worth utilising professional auditors from respected ISO 9001 consultants even during the internal audit stage in order to lay the proper groundwork for the rest of the process.

How to Prepare for an External Audit

  • Use the PDCA model. PDCA stands for “Plan Do Check and Act”. It is one of the best approaches for business improvement, and can help give you a systematic, verifiable way of meeting the ISO criteria.  Plan includes identifying your competencies and gaps, and then create a strategy. Do includes your action plan, including your activities and the timelines. Check refers to monitoring and evaluating your progress, and Act means creating your next steps based on the results.
  • Create process documents and checklists for all business activities. Your auditor will check if employees follow best practices as they go about their work. In order to train your employees, and provide your auditor with a guide, create a process document. This prevents inconsistencies, and expedites the auditing process.
  •  Check employee intent and effectiveness. Ask employees to describe their work, and then review if they are able to do it – and do it effectively.  While ISO often looks at the big picture, this step enables you to see beyond compliance and actually understand if your company processes enable productivity and high performance.

These are just some of the things you can expect during an external audit, and what you can do to prepare for it. Your auditor can help answer your questions, or provide more specific plans and checklists.  

Share

Share on facebook
Share on twitter
Share on linkedin
Share on whatsapp
Share on email

Related Resources

What is ISO 27001?
Blog

What is ISO 27001?

ISO or IEC 27001 is a well-known and widely used Information Security Management System (ISMS). Companies using them can rest assured that all of their

Read More »

Maintaining your ISO Certification

Maintaining ISO Certification

Maintaining your ISO Certification

Maintaining ISO Certification

Maintaining your ISO Certification

Earning and maintaining the right ISO certification (like ISO 9001 or ISO 27001, for example) is critically important for businesses that want to compete in the 21st century.

An international standard that can either open doors to opportunities that would not have existed otherwise or cause great businesses to lose a lot of sales and credibility in their industry, it is not just enough to earn the ISO certification – it’s important to maintain that certification moving forward, too.

Below we highlight important details that will better illuminate the ISO certification process as well as the ongoing maintenance routine that businesses will need to adhere to.

Let’s get right into it.

Choosing the Right Standard

While ISO 9001 is often the most popular of the ISO standards to move forward with, there are other options to consider as well.

Let’s run through them quickly:

  • ISO 9001 – This standard focuses on management and organisational processes, improving efficiency across the board
  • ISO 14001 – This standard deals mostly with environmental management standards
  • ISO 27001 – This standard focuses exclusively on cybersecurity, letting the international business community better understand how seriously your operation takes data protection and digital privacy rights
  • ISO 45001 – This is the standard that pertains most to health and safety standards

All of the standards have ongoing certification procedures that go beyond the initial certification process. We talk more about that in just a moment.

Choosing the Right Certification Organisation

Choosing the right ISO standard is (obviously) important, but so is choosing the right certification organisation.

For starters, you’ll want to choose an organisation that has United Kingdom Accreditation Service (UKAS) accreditations. This accreditation is the only accreditation recognised by the government for not only providing the initial certification but also testing and handling ongoing certifications, too.

From there, you’ll want to look into the reputation of the certifying body as well.

Have a look at the reviews that organisation has, dig deeper into the testing protocols that they take advantage of, and see if they provide any extra value on top of the certification and ongoing certification procedures they offer.

Above all else, make sure that they are a legitimate organisation. The last thing you want to worry about is pursuing ISO certification and ongoing certification only to find out that opportunities start to disappear because the accrediting body was in some way illegitimate or not UKAS approved provider.

How Long Does Certification Take?

Each ISO certification process is going to unfold in a unique pattern, dependent entirely upon the size of that organisation as well as the structure of that company, too.

To streamline things significantly, it’s important to designate a specific representative of your business that will move through the ISO certification process and handle ongoing certification, too.

You do not necessarily have to hire a “Quality Manager” or “Compliance Manager” with these kinds of responsibilities exclusively in their purview, but you are going to want to make sure that a management or executive level employee is spearheading the initial and ongoing certification process.

As a general rule of thumb, it’s not a bad idea to expect that the entire ISO initial certification process to take anywhere between four months and seven months to be completed. It may take a little bit longer than that to be awarded this certificate from an accredited agency, but it will very rarely take less than three months.

The Ongoing Certification Process

Ongoing certification, however, is a “permanent” process that will involve (at the very least) one surveillance audit each and every year.

The surveillance audits are designed to ensure that ISO certified organisations are continuing to take advantage of these principles, continuing to leverage your management systems, and are still embracing and embodying all that the ISO certification embodies.

On top of the on-site surveillance audits that will happen at least once per year a written report may be required as well.

Every three years businesses are required to undergo a complete recertification audit from top to bottom.

This kind of recertification audit involves a deeper look at the entire business structure, the strengths and weaknesses of that particular business, and the creation of a plan to better optimise things going forward.

Third-year audits are significantly more extensive and a lot more time intensive than traditional on-site annual audits. Unsurprisingly, these in-depth audits are usually more expensive as well.

Businesses should also know that while an ISO 9001 consultancy (especially one  that is accredited through the UKAS) is entitled and empowered to provide insight and information into their findings, they aren’t allowed to cross the line between objectivity and impartiality.

Most of these agencies will try and provide informational resources about how there ISO ongoing certification clients can best move forward, often times pointing them towards best practices and shining a light on what can be improved without abandoning their core principles.

At the end of the day, it’s important to remember that the ongoing certification process is intended not just to confirm that businesses are still abiding by ISO principles but that they are continuing to find new ways to fold ISO principles into a business that grows and evolves over time.

Clear goals, open lines of communication across all levels of management and staffing, and regular trainings regarding ISO certification and best practices will go a long way towards making sure that ongoing certification is relatively simple, straightforward, and almost effortless.

It is never a bad idea conduct internal audits quarterly to prepare for the annual surveillance audit, either.

This will ensure compliance, help to find inefficiencies wherever they might exist, and to guarantee that there are not any surprises that pop up when the auditors are actually brought in to do their official certification.

Annual audits can also be a great time to address any of the major or minor nonconformities and observations that were discovered during the more traditional surveillance or three-year audits as well.

Take advantage of every opportunity to adhere more closely to ISO standards and ongoing certification turns into just another day at the office.

Share

Share on facebook
Share on twitter
Share on linkedin
Share on whatsapp
Share on email

Related Resources

What is ISO 27001?
Blog

What is ISO 27001?

ISO or IEC 27001 is a well-known and widely used Information Security Management System (ISMS). Companies using them can rest assured that all of their

Read More »

10 Benefits of ISO 9001

Benefits of ISO 9001

10 Benefits of ISO 9001

Benefits of ISO 9001

The 10 Benefits of ISO 9001

  1. Increase Efficiency
  2. Increase Revenue
  3. Employee Morale
  4. International Recognition
  5. Factual Approach to Decision Making
  6. Supplier Relationships
  7. Documentation
  8. Consistency
  9. Customer Satisfaction
  10. Improvement Processes

Increase Efficiency

Companies that go through the ISO 9001 certification process have to give a lot of thought to their processes and how they can maximise quality and efficiency. ISO 9001 sets the bar internationally that it is the standard to have.

Increase Revenue

Studies have shown that ISO 9001 certified companies experience increased productivity and improved financial performance, compared to uncertified companies. This goes hand in hand with winning new contracts, tenders etc.

Employee Morale

Defined roles and responsibilities, accountability of senior management, established training systems and a clear picture of how their roles affect quality and the overall success of the company, all contribute to more satisfied and motivated staff. Once you have the buy in from your staff, they are less likely to leave meaning no extra costs with rehiring and training.

International Recognition

The International Organisation for Standardisation (ISO) is recognised worldwide as the authority on quality management. With membership now exceeding 160 you can see why it’s the go to standard. http://www.iso.org/iso/about/iso_members.htm

Factual Approach to Decision Making

The ISO 9001 standard sets out clear instructions for internal audits and processes with self-assessment being high on the agenda, in turn, this makes information gathering and decision making most efficient. 

Supplier Relationships

If you have clients, then you will have suppliers and by employing the processes set out you will be able to find a mutually beneficial supplier relationship. The process also requires thorough evaluation of new suppliers before a change is made and/or consistency with respect to how and where orders are placed.

Documentation

The bane of most companies’ existence is documentation. Having the ISO 9001 in place helps keep everything on an even keel without being so intrusive you cannot function.

Consistency

One of the foundations of ISO; All processes from research and development, to production, to shipping, are defined, outlined and documented, minimising room for error. Even the process of making changes to a process is documented, ensuring that changes are well planned and implemented in the best possible way to maximise efficiency.

Customer Satisfaction

Client confidence is gained because of the universal acceptance of the ISO standard (160+ countries) Customer satisfaction is ensured because of the benefits of ISO 9001 to company efficiency, consistency and dedication to quality service.

Improvement Processes

The ISO 9001 outlines audit processes, management review and improvement processes based on collected data. Improvements are carefully planned and implemented based on facts, using a system of documentation and analysis, to ensure the best decisions are made for your company – see more here.

Share

Share on facebook
Share on twitter
Share on linkedin
Share on whatsapp
Share on email

Related Resources

What is ISO 27001?
Blog

What is ISO 27001?

ISO or IEC 27001 is a well-known and widely used Information Security Management System (ISMS). Companies using them can rest assured that all of their

Read More »

How issosmart™ can assist you with ISO compliance

issosmart™ logo

How issosmart™ can assist you with ISO compliance

Being ISO compliant, whether it’s required by law or not, has become a necessity in business these days. Companies that wish to develop efficiencies in business processes, solve recurring problems and provide better customer service on a consistent basis opt for ISO certification – it becomes a way to promote your brand to the marketplace.

The online issosmart™ tool allows companies to set up a customised ISO compliant management system in a mere 30 minutes or so. At the end, the complete roster of documents – user guide, manual, registers, forms and procedures – required for ISO compliance will be at your fingertips.

issosmart™ logo

Trust the smart consultants behind issosmart™

The issosmart™ tool has been designed by the RKMS Group, a UK based management consulting company with a stellar track record – in fact a 100% success rate – over its 25+ years of existence. All consultants on your project will be IRCA lead auditors.

Besides issosmart™, RKMS also provides services focused on ISO 9001, ISO 14001 and ISO 45001; Lean Management; Primary Risk Manager – an online Fire Risk Assessment tool and Accredited Training Courses.

Customised industry specific solutions

In addition to the general version of issosmart™, RKMS also provides industry specific support through the following solution kits:

  • issosmartfire™ – developed to support fire safety standards
  • issosmart™ Healthcare – developed to support documentation and standards for healthcare
  • issosmart™ Green Deal – developed to support standards in the renewable and energy efficiency industry

Easy to setup, implement and use

An ISO implementation process often involves tedious paperwork to stay current, input updates and comply with audits. No more!

issosmart™ is not only easy to install, set up and access through your company web browser, it will take the pain out of updates and audits. RKMS’s process includes an automatically updated legal register, which guarantees compliance with legal standard.

Other features include, but are not limited to:

  • The ability to add and implement according to multiple standards
  • Ultimate ease of access – via computer, tablet and smartphone
  • Ability to generate business insights through setting up and tracking KPIs

Overall, this is a system YOU design – its tailored to your specific needs and laser focused on reducing your costs of operation and implementation while improving the core efficiencies of your business processes.  

issosmart™ will help to streamline your business and eliminate redundancies and unnecessary activities.

Three easy options

RKMS provides three tiers of pricing for issosmart™, all of which come with email support. There is an option for everyone, trading off against your in-house expertise, needs and budget.

Feel free to ask our support personnel if you are unsure about which option is right for you.

Be sure to ask about training

RKMS offers accredited training to help companies achieve and maintain ISO compliance.

The Level 3 Award in Effective Auditing and Inspection is awarded to those who have gained the specific knowledge required to conduct internal audits.

Contact RKMS Group today

Set up a free consultation with one of their experts today!

RKMS provides expert ISO 9001 consultant guidance, both email and phone support, plus training on issosmart™ as required. Our customer service representatives are always ready to support your needs.

Share

Share on facebook
Share on twitter
Share on linkedin
Share on whatsapp
Share on email

Related Resources

What is ISO 27001?
Blog

What is ISO 27001?

ISO or IEC 27001 is a well-known and widely used Information Security Management System (ISMS). Companies using them can rest assured that all of their

Read More »

What is PAS 2060?

What is PAS 2060?

What is PAS 2060?

PAS 2060: A Guide to Getting Certification and Contributing to the Race Against Global Warming

Global warming and climate change are a serious problem. If we do not act now—and countries, companies and communities do not work together to lower the emissions of carbon dioxide and other heat-trapping gases—the Earth will be inhabitable. We destroy the planet, millions of plant and animal species, and the entire human race.

That is why the industrial and business sectors are working to reduce carbon emissions and become “carbon neutral”. They are replacing fossil fuels with renewable energy, reducing waste, and looking for sustainable materials and packaging.

But the most important step that a company can take to reduce its carbon footprint is to analyse its greenhouse emissions. You have to know the problem before you can solve it. That is where the PAS 2060 standard can help.

What is PAS 2060?

What is the PAS 2060 standard?

The PAS 2060 standard is the only internationally recognised, accepted and respected standard for carbon neutrality.

It is based on the PAS 2050 standard, which was first released in 2008 by the British Standards Institution. This was the first framework for measuring a company’s carbon footprint.  

The updated PAS 2060 standard, which was released in 2010, has a more detailed methodology for measuring the life cycle of greenhouse gases across the entire value chain. Companies can use this to measure reduce and offset emissions, and the impact of their goods and services on climate change.

Ho do you apply for PAS 2060 certification?

The PAS 2060 methodology and framework has four steps, which require both a thorough evaluation of your processes and verification from accredited bodies.

  1. Measure Emissions
  2. Reduce Emissions
  3. Offset Emissions
  4. Document Success

Mesure Emissions

PAS 2060 divides emission sources from different areas, called Scopes.

  • Scope 1 includes direct emissions like fuel combustion. This is under the company’s direct control.
  • Scope 2 includes indirect emissions, which are created by electricity, heating, or cooling. This is not under the company’s control, but can be properly managed or minimised.
  •  Scope 3 includes emissions from activities that are part of the business value chain, but are beyond the control. This can include transportation or waste treatment.

To get PAS 2060 certification, companies must meet standards for Scope 1 and 2, and limit Scope 3 emissions to 1% of their total footprint.

Reduce Emissions

The next step in PAS 2060 certification is to present a Carbon Management Plan, which includes a timeframe, specific targets, and how they plan to reduce or offset emissions. Each activity should have a justification, and provide a methodology and timeframe for measurement.  

The company must also make a public commitment to carbon neutrality, and declare a maximum amount of annual emissions, or the ratio of emissions per unit of production.

Offset Emissions

To achieve carbon neutrality, companies don’t just have to reduce emissions but offset them. This can include investing in environmental projects like tree planting, using clean energy technology or programs like capturing methane gas from landfills, or buying carbon credits.

Unfortunately, carbon offsetting has generated a lot of public mistrust, after several reports of abuse and fraud. To avoid a backlash, make sure to engage in quality programs that provide real environmental benefits.

The offset credits must also be documented and verified by an independent third party, and meet the criteria. There are different standards for the compliance market and voluntary market, so you should know where the programs fall under and the necessary requirements.

Any offset credits have to be used within 12 months from the date they have been declared to be achieved.

Document Success

At the end of the program, the company must present a report, which includes supporting documents such as a copy of their Carbon Management Plan, proof of reduced emissions, and the Carbon Footprint Report.

Who can apply for PAS 2060 certification?

Companies and organisations can get carbon neutral certifications for products, services, buildings or sites, transportation systems, and even events.

What are the benefits of applying for PAS 2060?

  • Stronger brand image. Being an environmentally responsible company or brand can help build customer trust and loyalty, and improve your relationships with stakeholders. This includes the media, local government, stockholders, and investors.   
  • Increased credibility. You will be able to declare certification on product labels and marketing collaterals. Since PAS 2060 is the only internationally recognised standard, you immediately differentiate yourselves from other companies who can only “claim” that they are Clean and Green.
  • Clear action plans. The PAS 2060 framework can help you find clear, concrete and cost-effective ways to lower your carbon emissions. This is better than blindly implementing projects without knowing the real impact on your business and global decarbonisation efforts.

Align your business with global initiatives

The PAS 2060 framework also companies align with a global target, set by the 2015 Paris Agreement. You could call it the biggest business plan in history: world governments committed to lower the rise of global temperature to below 2°C, in order to prevent the catastrophic effects of climate change.  

The only way to meet this goal is for companies worldwide to cut emissions by 50% before 2030, and achieve net-zero by 2050. The clock is ticking. While everyone plays an important role, most carbon emissions are generated by the business and industrial sector.

Unfortunately, total carbon emissions increase every year. Even with the existing commitments from countries, we are still producing 60% more carbon than safe levels. In other words, companies need to try harder. It is not enough to “reduce, reuse and recycle” while hoping that it is enough.

The PAS 2060 framework provides a more systematic way to reduce emissions and measure success.  It can serve as the foundation for long-term environmental strategies, while setting milestones for every year. It can be a tedious procedure, but there are companies that can assist with the process, from developing a plan to gathering the necessary documents, reports, offsetting credits, and third-part accreditation.  

With the global warming crisis, PAS 2060 is not just a standard, but a tool for survival.  

Share

Share on facebook
Share on twitter
Share on linkedin
Share on whatsapp
Share on email

Related Resources

What is ISO 27001?
Blog

What is ISO 27001?

ISO or IEC 27001 is a well-known and widely used Information Security Management System (ISMS). Companies using them can rest assured that all of their

Read More »

10 Benefits of ISO 14001

Benefits of ISO 14001

10 Benefits of ISO 14001

Benefits of ISO 14001

So you’re probably familiar with what ISO 14001 is, but maybe you’re thinking why your business would need it? Or whether it is worth the effort?

Here’s some reaons for why ISO 14001 can benefit your business.

The 10 Benefits of ISO 14001

  1. Improve Tender Chances
  2. Leaders in Industry
  3. Ensure Legal Compliance
  4. Reduce Insurance Premiums
  5. Improve Environmental Performance
  6. Reduce Operational Waste
  7. Increase Profitability
  8. Increase Efficiency
  9. Improve Employee Morale
  10. Promotes Continual Improvement

Improve Tender Chances

It increases chances of winning public and private sector tenders. It has become more and more important over the last 10 years for companies to show that they are thinking but also following the green trend.

Leaders in Industry

It will make your competitors take note that you are going above and beyond of what is expected from someone in your industry.

Ensure Legal Compliance

It helps your organisation meet legal and regulatory requirements. It does depend on which sector you work within but having the 14001 in place will eliminate any potential banana skins for you.

Reduce Insurance Premiums

It can lower insurance premiums. It has been shown time and again that lowering risks make you safer which in turn reduces premiums.

Improve Environmental Performance

It reduces consumption of raw materials. We all have an impact on mother earth however if we can highlight and reduce the impact it can only be good for everyone.

Reduce Operational Waste

It reduces waste and repetition. As you will be looking at your operations we will be able to identify where you are using too much raw material and where savings could be found.

Increase Profitability

It increases profit margins. If you reduce your waste, it’s not only good for the planet but good for the balance sheet.

Increase Efficiency

It streamlines operations. If we can streamline what you do it will naturally make things work more efficiently.

Improve Employee Morale

It can increase employee motivation and participation. What be buy in is the staff, and with a proper process in place staff will be able to see their development into an import cog in the business wheel.

Promotes Continual Improvement

It promotes continual improvement. How can improvement be bad? Answer it can’t.

Share

Share on facebook
Share on twitter
Share on linkedin
Share on whatsapp
Share on email

Related Resources

What is ISO 27001?
Blog

What is ISO 27001?

ISO or IEC 27001 is a well-known and widely used Information Security Management System (ISMS). Companies using them can rest assured that all of their

Read More »
RKMS Pulse

join the family

Subscribe to RKMS Pulse

Download your resource now