The Cost Of ISO 27001 Certification

Find Out More: How Much Does An ISO 27001 Information Security Management System Cost In The UK?

The Cost of ISO 27001 Certification UK

Typically, the cost for ISO 27001 certification ranges from £9,900 to £14,000.

The ISO 27001 Information Security Management System costs are for consultancy, UKAS accreditation and include UK certification organisation auditing fees. Initial fees can be cheaper for professional certification that is not accredited. However, in the long term can be much more costly. You can find out more about this here.

ISO/IEC 27001 is a very detailed and complicated standard with probably more requirements than ISO 9001, 14001 and 45001 combined! 

ISO 27001 Certification Cost In The UK – 2024

The cost of ISO 27001 certification in 2024 including accreditation and implementation can range between £9,900 and £14,000.

Beware Of Certification Organisations That Are Not Accredited! 

It is important to understand that some ISO 27001 certificates are different from others. You see, a readily available or supposedly economical certificate might not be suitable for your customers because the certification body that issues them are not independently assessed by the IAF.

A highly respected UK accreditation body like UKAS is accredited independently as a certification organisation by the International Accreditation Forum (IAF).

The IAF’s role is to ensure accreditation is an independent assessment of the conformity of assessment organisations to make sure they are operating with competence and impartiality in line with recognised International Organization for Standardization standards. See more.

How Much Does It Cost To Get ISO 27001 Certified?

ISO 27001 consultancies that provide accreditation recognised professionally by UK certification organisations such as UKAS, are not able to publish a list of prices for the accreditation service they provide.

The reason for this is that cost of ISO 27001 certification can vary as a result of these factors:

  • annual sales revenues
  • business process
  • IT infrastructure
  • the number of operational employees
  • how may locations an organisation has
  • how complex are the required audits
  • current documentation levels

UK ISO 27001 Consultants – Saving Time & Money Benefits

An ISO 27001 consultancy practice that has a successful track record of achievement are an asset able to add lots benefits and value to a client’s management organisation. They possess knowledge, skills, experience and resources relative to IT risk management built over a long time from working with many different enterprises, industries and markets. 

UK ISO 27001 Consultants, Improve Company Operations By Adding Value To Them  

Implementing ISO 27001 is not just concerned with creating an information security management system to obtain ISO certification.

It’s also concerned with improving an organisation’s risk management, methods, procedures, systems and employees. In good measure, this will enable cost effective information security compliance to be delivered to its stakeholders.

Expert Consultancy Saves You Money & Time With Your ISO 27001 Certification

ISO 27001 consultancies deliver unrivalled capability to delivery and planning of ISO standard projects and optimise your ISO 27001 cost UK.

An expert ISO 27001 consultancy minimises the burden of financing new information security management systems.

In addition, utilisation of cloud based management and support systems minimise company employees’ auditing workload. Project times are reduced and they maintain support to the client from the consultancy long after the system has been created and certified.

Project Delivery Time Is Minimised By Efficient Consultancy Practices

Your organisation will derive benefit from its new information security management policy and system very quickly.

Utilising external consultants means that projects are kept on track to make sure that an organisation isn’t wasting resources and time for instance on,  producing audit documentation that is not required.

Consultants provide a “catalyst” for effective implementation and planning by obtaining senior management investment in appropriate project funding.

Implementation In House – The Hidden ISO 27001 Cost UK

Utilising a “do-it-yourself”, unsupported approach to implementation and auditing will involve in depth learning of all aspects of the ISO 27001 information security management standard. This entails the employment, establishment and allocation of the responsibilities and roles of all employees that will be involved in the implementation and ongoing management of the system. 

Proficient knowledge of the ISO 27001 information security management system (ISM) standard and certification organisation accreditation bodies must be acquired by staff. In turn, employees must be able to convert that knowledge into the creation and establishment of information security processes suitable for their organisation’s information technology and computing platform and put them into practice.

This issue can be overlooked by an organisation. Hidden costs often go unmeasured and arise from an organisation’s internal project management team.

Acquisition Of Computer Security Knowledge & Skills

Additional comprehensive training must also be delivered to ensure effective and efficient implementation of this standard throughout an organisation’s processes and systems.

The drawback her is the significant additional cost and time needed to establish security controls, software maintenance, processes and their requisite documentation.

Employees & Management – ISO 27001 Accreditation Cost

It may not be appreciated by organisations at first but employees in an organisation will probably spend a lot amount of their time implementing the information security management system instead of their normal duties. This often results in hidden ISO 27001 “opportunity costs” UK businesses can avoid.

These costs can be really expensive if highly paid specialist engineers and line managers are involved. Their time may be diverted with the creation of methods, systems and documents for ISO 27001 certification instead of concentrating on their day to day operations tasks.

Find out about ISO 9001 costs here.

ISO 27001 Consultancy Done For You

The RKMS “done for you” service will give you a faster pay back on your information security management investment.

An ISO 27001 information security management system helps safeguard against the threat to your organisation and its reputation from cyber-crime, computer threats and data breaches. It also demonstrates that your organisation is very serious about information security and will avoid fines for regulatory non-compliance.

Therefore, using a specialist external ISO 27001 consultancy makes a lot of sense. Organisations will save money and time by obtaining a quicker payback on their information security and ISO accreditation investment.

Build An ISO 27001 Management System with issosmart™

issosmart™ is a cloud ISO 27001 compliance management system with prices starting from a modest £100 plus VAT per month.

issosmart™ provides the evidence required for ISO 27001 certification including a user guide, manual, procedures plus registers & forms. It also provides these additional benefits:

  • Risk & threat management
  • Increased protection & control
  • Legal compliance
  • Business insights

Three options are available for clients to choose from:

  • Install Yourself – client populates all information themselves.
  • Expedited Install – RKMS guidance provided gap analysis, action planning, internal audits & management review.
  • Entire Install – comprehensive support from RKMS through the whole process with guaranteed certification.

Share

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

Related Resources

ISO 9001 Cost
Play Video

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

Administrator

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

Case Study: Concept Management

Concept Management

ISO 9001, ISO 14001, ISO 27001

Concept Management

ISO 9001, ISO 14001, ISO 27001

Case Study Overview

Industry:

Data Security / Destruction

Service:

ISO 9001

ISO 14001

ISO 27001

Outcome:

UKAS accredited certification and improved efficiency

Contacts

About Concept Management

Concept Management Consultants provide a confidential and secure data destruction service for many private and public sector organisations including the Ministry of Defence, Police Forces, Local Authorities and NHS sites.

As such we must ensure we have the highest level of compliance with our policy and procedures as well as complying with our operating licences.

www.conceptmanagement.co.uk

“We have engaged with RKMS for the past 3 years to assist Concept Management Consultants to achieve and maintain certification to ISO 9001, ISO 14001 & ISO 27001 and to also assist with general H&S support.

RKMS manage our internal audit process ensuring we cover all areas of the standards we are certified to by BSI as well as attending the external certification audit(s) and providing evidence of compliance. We find their audit practice is extremely useful in identifying any areas of improvement as well as providing advice and guidance on suitable and effective action(s) to rectify any issues identified during the internal audit process.

 We also use their issosmart online portal which greatly assists us in task management and relaying information throughout our organisation.

 During the past 3 years we have found the auditors provided by RKMS to be completely professional and have assisted us greatly in improving our performance and compliance and feel this has helped us develop and grow as company knowing we have solid foundations in place and effective operational procedures that are challenged and enhanced by the internal audit process.  

 I would have no hesitation in recommending RKMS”

Consultancy Project

RKMS has provided HSQE & Infosec support to assist Concept Management Consultants to achieve and maintain certification to ISO 9001, ISO 14001 & ISO 27001.

Provision of outsourced support to undertake internal audits of processes ensuring compliance to the standards certified to by BSI. This also involves as attending the external certification audit(s) and providing evidence of compliance.

RKMS also provide a cutting-edge cloud hosted issosmart™ online portal which greatly assists us in task management and relaying information throughout our organisation.

Outcomes

Since engaging with RKMS Concept Management have transferred their initial ISO 9001 certification to a UKAS accredited Certification Body BSI and have also gained & maintained certification to ISO 14001 & ISO 27001 with minimal issues. The support provided has assisted the organisation to make significant advancements in compliance through continual improvement driven by the internal audit process.

Teamworking and transparency of processes have been enhanced to new levels.

Interested in implementing an ISO standard?

We have been trading for over 25 years throughout the UK in nearly every industry. To date we have assisted over 5,000 clients, installing in excess of 6,000 management systems. We have a 100% success rate in clients achieving UKAS certification.

Talk to us today to see how our IRCA lead auditor trained consultants can assist your business.

Related Case Studies

Case Study: Neales Waste Management

Services:
ISO 9001, ISO 14001, H&S Support, First Aid Training, issosmart™
Outcome:
Successfully retained certification to ISO 9001 and ISO 14001 ensuring continuation of current accredited certification.

Successfully trained staff in Level 3 First Aid at Work.

Read More »

Find out more!

Have a question?

Speak to our team on 0300 373 0128

Case Study Overview

Industry:

Data Security / Destruction

Service:

ISO 9001

ISO 14001

ISO 27001

Outcome:

UKAS accredited certification and improved efficiency

Contacts

Case Study: WH Scott & Son Engineers

WH Scott & Son Engineers Ltd

ISO 9001, ISO 14001, ISO 45001, EN 1090, PAS 2060, HSQE Support

WH Scott & Son Engineers Ltd

ISO 9001, ISO 14001, ISO 45001, EN 1090, PAS 2060, H&S Support

Case Study Overview

Industry:

Lifting / Infrastructure

Service:

ISO 9001

ISO 14001

ISO 45001

EN 1090

PAS 2060

H&S Support

Outcome:

Successful certification leading to larger contracts

Contacts

About WH Scott & Son Engineers Ltd

WH Scott & Son Engineers, which includes Hiltonne Engineering (our fabrication and design department) and Re-Ropes Ltd our elevator division, is a market leader in the design and manufacture of highly engineered lifting and handling solutions, used in lifting, rigging and material handling applications. We stock large amounts of high running lifting and rigging products, such as electric chain hoists, manual chain and lever hosts, shackles, snatch blocks, sheaves and all related fittings, G8 & G10 chain slings and components like hooks, swivels, connectors and clamps under leading brands, which include Tiger, ELD, Stahl, and Righetti to name a few.

WH Scott & Son Engineers supports Critical National Infrastructure including MoD naval dockyards and nuclear power stations.

For more information visit whscottlifting.com

“Dealing with RKMS has been excellent from day one. They have worked quickly to understand our business and integrated themselves into all of our operations.

During each audit the Certification Body has commented about the robustness and useability of the system developed by RKMS. This has been echoed by our staff who have fully bought into the system and the benefits it generates.

 We have also started our PAS 2060 journey with RKMS which is progressing well. RKMS carry out all internal audits at our depots and client sites. They provide clear and concise audit reports to the management team at WH Scott and assist in manging the close out of any OFI/NCR’s raised.

 I would have no hesitation in recommending RKMS for HSQE consultancy and audit activities. As a result of their excellent work WH Scott has extended their contract with RKMS beyond the original agreed term.”

Consultancy Project

RKMS provides a full HSQE support service, overseeing customer and supplier audits from the likes of Babcock, Constructionline, Acclaim and Safe Contractor, as well as a host of international standards such as ISO 9001, quality management, ISO 14001 environmental management, ISO 45001 OH&S management and EN 1090 structural steel fabrication.

This service means we are effectively embedded as their HSQE department, offering WH Scott & Son Engineers support from a team of highly qualified and experienced professionals.

RKMS provides ongoing support including undertaking all internal audits, chairing the monthly HSQE committee meetings, hosting external audits by customers and certification bodies, undertaking accident and incident investigation, addressing non-conformances and identifying continual improvement initiatives, which in turn enables the organisation to grow and improve services.

Outcomes

WH Scott & Son Engineers has been successful in gaining certification to all standards at the first attempt. This has in turn opened more opportunities for the business to tender for and secure larger contracts in both the private and public sector.

The company is now in the process of working to achieve PAS 2060 Carbon Neutrality.

Interested in implementing an ISO standard?

We have been trading for over 25 years throughout the UK in nearly every industry. To date we have assisted over 5,000 clients, installing in excess of 6,000 management systems. We have a 100% success rate in clients achieving UKAS certification.

Talk to us today to see how our IRCA lead auditor trained consultants can assist your business.

Related Case Studies

Case Study: Neales Waste Management

Services:
ISO 9001, ISO 14001, H&S Support, First Aid Training, issosmart™
Outcome:
Successfully retained certification to ISO 9001 and ISO 14001 ensuring continuation of current accredited certification.

Successfully trained staff in Level 3 First Aid at Work.

Read More »

Find out more!

Have a question?

Speak to our team on 0844 815 77 65

Case Study Overview

Industry:

Lifting / Infrastructure

Service:

ISO 9001

ISO 14001

ISO 45001

EN 1090

PAS 2060

H&S Support

Outcome:

Successful certification leading to larger contracts

Contacts

What is ISO 45001?

What is ISO 45001?

What is ISO 45001?

So, what exactly is ISO 45001? ISO 45001 is the international standard for the promotion of Occupational Health and Safety (OH&S). The ISO 45001 Occupational Health and Safety Management System (OHSMS) is meant to provide standards through which organisations can protect both physical and mental health, and aid in the prevention and reduction of workplace injuries and diseases.

Why Would You Need It?

Occupational Health and Safety Management Systems are an essential element of any legitimate organisation operating under normal standards anywhere in the world, regardless of the industry, size and other characteristics.

Who is the ISO 45001 Standard Meant for?

According to the International Labour Organisation, over 7,500 workers die from diseases or work-related incidents every day. While there have been workplace safety standards put in to address safety and health issues on a national or regional basis, ISO 45001 is a concerted attempt to cover all the bases as far as OH&S is concerned.

ISO 45001 can be applied to organisations of all sizes, sectors and industries, regardless of where they are located or other distinguishing characteristics. Workplace safety is one of the primary matters that businesses are globally asked to adhere by – the ISO 45001 standard is meant to both protect the workers as well as the business owners from occurrences that jeopardize safety and cause untoward incidents.

The ISO 45001:2018 standard is constructed along the same principles as the ISO 9001 or the ISO 14000 series of standards, which make it easier for organisations to follow along with it.

According to the deployment plan, the OHSAS 18001 expired earlier this year (March of 2021) and organisations were supposed to have migrated to the ISO 45001 standard by that point.

Benefits of ISO 45001

As mentioned above, worker health and safety protocols are an essential part of any company operating in any jurisdiction of the world.

Companies certified in ISO 45001 reap a number of benefits, including but not limited to:

  • Comply with international, national and local regulations on worker safety.
  • Reduce operational risk while maintaining efficiency – effectively, adhering to OHSMS standards signifies that the company is not “cutting corners” in a manner that endangers its workforce.
  • Protect the organisation against the possibility of costly legal actions and settlements in the event of an untoward incident.
  • Help win contracts, especially those designated for organisations with the proper licensing and safety standards.
  • Help attract customers and form business partnerships.
  • Be able to participate in RFPs and RFQs where an ISO 45001 certification may be required.
  • Increase stakeholder and key investor confidence.

Overall, companies that use the ISO 45001 standard will be able to expand their business more readily, given that their workers, leadership, key stakeholders and investors are likely to be confident that there will be a very low chance of business interruptions due to health and safety violations or unsafe work conditions that result in costly accidents.

ISO 45001, ISO 9001 and ISO 14001

There are many common requirements between ISO 9001, ISO 14001 and ISO 45001 standards. Companies may combine implementations of these standards, especially since (as explained above) the three standards all adhere to the ISO’s new organisational structure.

ISO 9001 is a Quality Management Standard (QMS) which helps companies deliver consistent quality while meeting customer objectives. ISO 14001 is an Environmental Management Standard (EMS) which is broadly adhered to on a global basis.

The three standards share a PDCA (Plan, Do, Check, Act) structure that would allow companies to evaluate and deploy them simultaneously.

How Can Companies Get Certified?

Companies seeking certification have to go to an accredited third-party auditor to get certified. It is important to note that organisations may choose to adhere to the standards without getting certified. However, as mentioned above, certification does open up more doors and provide concrete benefits.

In order to get certified, the following steps are necessary:

  • The company must develop and implement an ISO 45001 management system.
  • They must appoint an accredited third party to audit the system, so they can review the processes and implementation of the standard and certify compliance.
  • If gaps are identified, the company should address them.

Upon the completion of these steps, an ISO 45001 certificate will be issued.

One thing to be cautious of is non-accredited certification bodies claiming to be accredited. Check out this article to learn the difference between accredited and non-accredited certification and how costly it can be to get it wrong.

Origins of the ISO 45001 Standard

The ISO 45001 standard was published in March 2018 by the International Standards Organisation (ISO). The initiative for publishing the standard was developed based on previous standards such as the OHSAS 18001 and the International Labour Organisation’s ILO-OSH guidelines, alongside various national and regional standards that have been created to protect laborers from workplace injuries and safety violations.

The ISO 45001:2018 standard is part of a number of standards introduced by the ISO to cover the Environmental, Energy, Health & Safety, and Quality (EEHSQ) standards for organisations. The full family includes the following standards:

Basis of Evaluation

ISO 45001:2018 covers all the aspects that were part of the OHSAS 18001 standard, with a few important amendments. The main aspect is that the standard now adheres to the ISO’s new organisational structure, which all ISO based management systems (e.g. ISO 9001, 14001 etc.) fall under. A Plan-Do-Check-Act (PDCA) model is instilled into the ISO 45001 structure as part of this new structure.  

In particular, the ISO 45001:2018 standard helps organisations promote safety, security and health through engagement with all stakeholders.

The changes introduced as part of the ISO 45001 standard include:

  • Context of the organisation
  • Leadership and worker participation
  • Planning
  • Support
  • Operation
  • Performance Evaluation
  • Improvement

The Final Word…

The ISO 45001 standard is now the standard that companies must adhere to from an OHSMS standpoint. The grace period allowed to migrate from the OHSAS 18001 standards has expired, which means that the new standards are now fully in vogue.

The many benefits to be derived from enhanced worker health and safety extend beyond cosmetic changes. In conjunction with other critical standards such as ISO 9001 and 14001, the ISO 45001:2018 standard foretell that a company is fully equipped to conduct its business with full corporate and human responsibility in the modern world. 

Hopefully we have answered your question on what is ISO 45001. If there is anything you’re still unsure of, check out our other resources or drop us an email. We’re more than happy to help.

Share

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

Related Resources

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

John Keen
Apart from work John enjoys sports (football, karate & walking) as well as travel & spending time with friends & grandchildren.

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

Transitioning to UKCA from CE Marking

Transitioning to UKCA from CE Marking

UKCA Marking

UKCA markings are in the process of replacing CE markings in the UK market. While UKCA officially became the standard on the first day of 2021, manufacturers, retailers and distributors have been given a years’ time to transition and conform to UKCA standards for all products sold in the UK.

What are CE and UKCA Markings?

Conformité Européenne (French for European Conformity) or CE markings are a self-declaration by a manufacturer that their product(s) are complaint with the health, safety and environmental protections prevalent across the European Union (EU) and conform with other relevant requirements.

The UK Conformity Assessment (UKCA) refers to the current standards by which manufactures selling products in the UK market are complying with UK legislation in a similar way that adhering to the CE standard demonstrates compliance per the EU guidelines.

It is important to note (as explained below), that the CE and UKCA marking are self-declarations. The proof of compliance is produced by the documentation held by the company.

Why Do Companies Need to Transition from CE to UKCA?

According to the UK Government, all products manufactured, distributed and retailed within Great Britain (which covers all products previously covered by the CE standard), must meet the UKCA standards. While the standards and processes for assessment of products is similar, the UKCA is a distinctly separate marking which is required to be carried on products by law.

Some products are legally required to have the CE / UKCA mark under the Construction Products Regulations. Where there is a “harmonised standard” e.g Structural Steel, you can self-declare up to execution class 2 but 3 and 4 require testing by a notified body as well as external assessment to the EN 1090 standard.

Exclusions on the Marketing of UKCA Marked Products

A few things should be noted (check the UK Government’s site for more details):

  • The UKCA standard cannot be used to sell products in the EU – there, the CE standard is currently still required. Over time, some convergence of standards is to be expected.
  • The UKCA standards are applicable to products sold within Great Britain – that is, England, Scotland and Wales.
  • The guidance for Northern Ireland is slightly different.
  • Products that are covered include most of those covered by CE, along with some others. There are, however, a number of products that have separate guidance, including:
    • Medical Devices
    • Civil Explosives
    • Construction material and products
    • Rail interoperability constituents.

Medical devices, for example, are sold under guidelines published by the Medicine and Healthcare Regulatory Agency. They can be sold in Great Britain, Northern Ireland and the EU after meeting said standards.

Who Needs to Transition from CE to UKCA?

All companies – manufacturers, distributors and retailers – that market, distribute and sell products (provided those were not part of existing stock that had been ready for sale prior to January 1, 2021) must have the UKCA mark affixed on their product and/or packaging to offer their products for sale in the Great Britain market.

The responsibility for getting the products assessed for UKCA conformity and marked accordingly falls upon the manufacturers of the product.

As discussed below, there is a one-year period when such products can be sold with CE marking. Also, we describe later how any product a third-party conformity assessment is required to have the UKCA mark.

When Does the Transition Need to be Completed by?

UKCA markings have replaced CE markings earlier this year – on January 1, 2021, to be more precise. In theory, any products that had CE markings as of that date must now have UKCA markings in order to be sold in the UK.

Having said that, a one-year transition period is still under way, which means that companies actually have till Jan 1, 2022, to transition fully into UKCA marking their products.

How Can Companies Get their UKCA Requirements Met?

The UK Government has clearly articulated steps that would evaluate manufacturers of all products that previously required CE markings, along with certain additional products (such as aerosol products that previously required the “reverse epsilon” marking), to evaluate their existing product standards vis a vis the requirements of UKCA and then carry out a series of steps to enable the company to get the marking.

As part of the process, products being marketed in the UK must undergo a third-party conformity assessment carried out by an appropriately licensed UK body. A UK Conformity Assessment Body (UK CAB) covers a range of approved bodies, Recognised Third-Party Organisations (RTPOs), Technical Assessment Bodies (TABs) and User Inspectors (UIs). There is also a class of UK Notified Bodies, who are able to produce certification for products sold in Northern Ireland.

Typical UKCA and CE Conformity Assessment Steps

The Conformity Assessment for a manufactured product consists of the following steps:

  1. The company will identify the directives and standards that apply to the specific product being tested.
  2. They will then verify the specific requirements that the product must comply with.
  3. At this stage, the company will assess whether a third-party review is necessary.
  4. The product will be tested by the third-party assessor, who will then …
  5. Draw up the required technical documentation in support of the review and findings.

After these steps are completed and the documentation safely in place, either the UKCA (or CE, as the case may be) marking can be placed on the product and/or its packaging. 

Companies could transfer their conformity files to a recognised EU body, in which case they may not fall under the requirement of needing to obtain CE and UKCA marking.

Why Would You Need It? Benefits of UKCA Marks

The answer is obvious. Companies will not be able to distribute and sell their products in the Great Britain market without UKCA marks in the very near future. CE and UKCA markings are mandatory for whichever classes of products they pertain to.

While there is not much debate on the benefits, a word of caution is warranted. A UKCA Declaration of Conformity is a legal claim that the products being marketed and sold comply with all of the UK Government’s directives and standard. However, it is not evidence that the product is actually in compliance with said standards.

In other words, placing a UKCA mark on the product or its packaging does not prove compliance with the standards. The company must carry technical documentation and updated files that can prove such a claim if challenged.

It is also to be noted, however, that a manufacturer placing a UKCA or CE mark on their product is not making any implicit statement about the quality of the product but merely asserting compliance with the requirements within the relevant jurisdiction.

UKCA Marking Consultants

RKMS provide extremely cost effective UKCA marking consultancy. Our consultants have vast experience in helping clients transition from CE to UKCA marking in a smooth manner.

Why not get in touch and see how we can make your life a lot simpler and ensure your compliance as soon as possible?

The Final Word…

UKCA markings are here to stay. Manufacturers need to check whether they need to switch from CE to UKCA and ensure that they employ a UK CAB to assess and provide necessary documentation. Time is running out, so it’s important to look into the matter sooner rather than later. 

Share

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

Related Resources

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

John Keen
Apart from work John enjoys sports (football, karate & walking) as well as travel & spending time with friends & grandchildren.

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

What is ISO 14001?

What is ISO 14001?

What is ISO 14001?

ISO 14001 is the definitive international standard that provides the framework, and specifies requirements, for companies to create an environmental management system (EMS).

Historically, organisations have taken very different approaches towards environmental management, which made collaborations and comparisons difficult. The ISO 14000 series, out of which ISO 14001 is the most popular standard, was launched to satisfy an industry wide need for standardisation.

Why Would You Need It?

The landscape that deals with environmental compliance changes over time.  The ISO 14001:2015 standard was designed to be flexible, taking into account the three main prongs of compliance – regulatory needs, stakeholder requirements and legal compliance.

While each of the above may be changing or evolving, an ISO 14001:2015 review and subsequent monitoring will advise your internal leadership, key stakeholders, customers and business partners that you are seriously committed to doing the right thing in terms of environmental compliance and that they can rely on you.

Who is ISO 14001 Meant for?

The ISO 14001 standard is part of the ISO 14000 series of standards, that were developed to provide affordable tools that operate in a framework that uses best practices to organise and apply information related to environment management.

ISO 14001 can and should be used by any organisation that is setting up or wishes to maintain and/or improve its EMS.

The US Environmental Protection Agency (EPA) defines an EMS as a framework that helps companies improve their environmental management function through regular and consistent reviews that help evaluate existing protocols for the organisation’s environmental performance and lays out means to improve the same.

The ISO 14001:2015 standard has some in-built flexibility in that its requirements can be tailored to fit an organisation’s core characteristics – be it the product and service offerings, location, industry or environmental policy.

As such, the ISO 14001:2015 standard can be used by organisations of all sizes, sectors, industries and locations.

ISO 14001:2015 is the most frequently used EMS standard, the other notable one being Eco-Management and Audit Scheme (EMAS) which was developed by the European Union in 1993 and is used in Europe and elsewhere.

Benefits of ISO 14001

As mentioned above, environmental management is a key factor for all companies, especially those operating in Europe and North America. ISO 14001 is the gold standard among EMS.

About 250,000 companies globally are ISO 14001 certified, and many “green” companies have declared that they will only do business with ISO 14001 certified companies. Similar trends have evolved in certain consumer product segments – for example, coffee.

When an organisation gets certified in ISO 14001, it leads to a number of specific benefits, including but not limited to:

  • Improve resource efficiency and reduce waste
  • Help to reduce costs
  • Reduce employee turnover
  • Help companies design of supply chains that lets them gain a competitive advantage
  • Help implement process change initiatives on a more efficient basis
  • Help to procure new business and enhance customer trust
  • Help drive higher ROI from internal change initiatives
  • Assure that the environmental impact is being accurately measured; helping to improve the overall impact and managing environmental obligations consistently
  • Increase stakeholder trust
  • Help to form business relationships with green companies
  • Help to meet legal obligations

Overall, companies that use the ISO 14001 standard have a far better chance of connecting to clients and business partners in a global economy that values environmental responsibility. Moreover, they know that their overall compliance with environmental and other legal authorities will never get violated if they adhere to the standard. It’s become an essential tool for most companies in this day and age.

Learn more about the benefits of ISO 14001.

ISO 14001 and ISO 9001

There are many common requirements between ISO 9001 and ISO 14001 standards. Companies may combine implementations of these two standards.

ISO 9001 is a Quality Management Standard (QMS) which helps companies deliver consistent quality while meeting customer objectives.

The two standards share a PDCA (Plan, Do, Check, Act) structure that often finds them being evaluated and deployed simultaneously.

How Can Companies Get Certified?

Companies seeking certification in ISO 14001:2015 need to work with an accredited auditor and usually, but not required to, with a consultant. The process of an audit can take anywhere from three months to two years, with a step-by-step review of methodologies, context (of the organisation), current steps taken and existing documentation.

It is likely that knowledgeable third-party auditors will both suggest improvements and continuous monitoring guidelines.

One thing to be cautious of is non-accredited certification bodies claiming to be accredited. Check out this article to learn the difference between accredited and non-accredited certification and how costly it can be to get it wrong.

Origins/History of the ISO 14001 Standard

The first-generation environmental management system, BS 7750, was developed in 1992 by the BSI Group. In 1996, the International Standards Organisation developed the ISO 14000 family of standards.

ISO 14001 went through two revisions, first in 2004 and then again in September 2015. The current generation of the ISO 14001:2015. As described above, the standard is applied when companies set up their environmental management systems (EMS).

Basis of Evaluation

ISO 14001:2015 covers all the standard topics required under an EMS, taking account of the mission, vision and industry/sector of an organisation, it’s leadership and support, operations and planning. The goal is to evaluate performance and suggest improvements.

The basis of an ISO 14001:2015 evaluation is covered under Clause 9 (Performance Evaluation) of the standard. This clause sets the guidelines to help measure and evaluate performance. It also sets up the compliance requirements, which include ongoing monitoring of the EMS post implementation, with internal audit and archived documentary evidence.

In particular, the ISO 14001:2015 performance evaluation standards help companies evaluate their EMS through:

  • Evaluating effectiveness, esp. with regard to the minimal requirements per the standard.
  • Evaluating how organisational, stakeholder and legal requirements are being met.
  • Demonstrate effective implementation of planning and conduct a process-level performance review.

Identifying gaps in, or opportunities for, improvements in the installed EMS.

The Final Word …

The ISO 14001 standard, along with the rest of ISO 14000 family of standards, have been around for a while. The ISO 14001:2015 has been designed to accommodate industry, sector, size, objectives and other considerations that a typical organisation may be subjected to.

In the modern world, most companies that depend on business partnerships with green companies or depend on their products being certified “environmentally sound” should look into getting an ISO 14001:2015 certification. The process could be a bit tedious, but the results are going to benefit your business tremendously.

Do you want us to take care of your ISO 14001 journey?

At RKMS we have over 25 years worth of experience in assisting companies achieve ISO 14001 with a 100% success rate. All our consultants are IRCA lead auditors so we know exactly what the auditors want to see.

Share

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

Related Resources

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

John Keen
Apart from work John enjoys sports (football, karate & walking) as well as travel & spending time with friends & grandchildren.

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

5 Benefits of Outsourcing Your Fire Compliance Competent Person

5 Benefits of Outsourcing Your Fire Compliance Competent Person

Benefits of Outsourcing Fire Compliance Competent Person

There are questions every business needs to be asking when it comes to the longevity of its operations. Finances, people, future growth—we need to have our finger on the pulse in all areas of our businesses to give them the best chance of success.

There are questions we need to be asking when it comes to fire compliance, too. Questions like:

  • Do we employ a competent person who meets our legal duty as a business?
  • Do we have a written fire compliance policy statement?
  • Do we have processes in place to recognise and report fire compliance issues?

You might be surprised at how many business owners and key stakeholders answer no to some—or all—of these questions. If you are one of them, you are not alone. And, fortunately, the solution could be very simple: outsourcing.

In this article, we’re exploring the 5 key benefits of outsourcing your fire compliance competent person. You’ll learn what makes a good competent person, what they can bring to the table, and why it’s so crucial that you get it right now.

Here’s what you need to know.

What is a Competent Person?

The Regulatory Reform (Fire Safety) Order states that there are two ways to identify a competent person. They must either:

  • Have sufficient training and experience to properly carry out the task at hand, or
  • Possess knowledge and other qualities to properly carry out the task at hand.

There is a common misconception in the business sector that the competent person assigned to fire compliance only needs to be familiar with the current legislation. Ensuring people within the business have an awareness of your legal fire compliance requirements is an asset, of course—but it doesn’t meet the requirements of the competent person role.

Put simply, the person assigned the role of a competent person must be competent to fulfil the task at hand.

Here’s the tricky part: as the ‘task at hand’ could range from the mundane to the complex, the level of competency expected needs to cover a broad range, too. The expectation and demand on a person’s training, experience, knowledge, and ‘other qualities’ will increase in accordance with the complexity of any given situation when it comes to fire compliance.

Effectively, your fire compliance competent person must display the relevant competencies to meet the situation in question—for the safety, wellbeing, and health of your business and its people.

Why Do You Need One?

In a nutshell: it’s the law.

Your business has a legal obligation to provide competent fire compliance support. Whether you employ someone within the business structure, or outsource the role, there must be a person responsible for taking appropriate general fire precautions.

So if you know you need one—and you don’t have one—let’s unpack why outsourcing could be a strong business solution.

The 5 Benefits of Outsourcing Your Fire Compliance Competent Person

1. It Reduces Business Risk

Outsourcing your fire compliance gives your business—and your personnel—greater clarity around risks. Having a specialist analyse areas of risk within your business structure ensures you have identified the hazards associated with your specific business—and supports you in managing those hazards.

Digging further, we can also look at non-compliance risks: the legal and financial ramifications of falling short in your fire compliance. If the worst happens, and your business is faced with a fire—are you sure your competent person was up to the task?

When you outsource a professional, you improve your chances from a legal standpoint, and protect the people within your organisation.

2. It Can Improve Brand Management

Being an employer of choice can help you draw the best candidates in a competitive job market—and a positive culture of health and safety makes your business a more desirable employer.

Recruiting top candidates and promoting a safe work culture drive your business’s reputation, and your brand in the eyes of shareholders, consumers, and competitors. In a climate where value and integrity matter, a fire compliance professional can set you ahead of the pack.

3. It Increases Productivity

The legislation around fire compliance—and health & safety in general—changes rapidly. It can be difficult for small and medium enterprises to keep up with amendments that may be vital if your business is faced with a fire.

By bringing in a specialist fire compliance consultant, you can be assured that they bring the knowledge, experience, and up-to-the-minute training you need to stay compliant—and to stay safe.

The added bonus: your team can stay focussed on your business, instead of reacting to legislative changes that reduce productivity and efficiency.

4. It Can Save Money

Fire compliance takes time—and time is money. Outsourcing your fire compliance competent person can eliminate the added time involved in:

  • Studying the relevant legislation
  • Identifying weak points within your organisation’s fire compliance
  • Becoming compliant

Further, bringing in a professional can protect you against the steep fines involved in non-compliance, and help you eliminate the risks of deadly, dangerous, and destructive fire damage.

For small businesses in particular, the prospect of employing a qualified fire compliance person isn’t justifiable for the business. When you outsource, you pay for the service as you need it—leaving you to run the business lean the remainder of the time.

5. It Can Reduce Stress

Let’s face it: running a business is stressful. Rewarding and challenging and stressful. Eliminate the added stressor of getting fire-compliant by outsourcing the role and putting yourself—and your key stakeholders—in a position to monitor the bigger picture.

Outsourcing your competent person means your business is less reactive to issues that arise—and more prepared for the future.

One More Thing

So, have you got somebody within your team with the level of knowledge and experience to face down complex compliance issues?

If not, consider outsourcing.

From protecting your brand and your people, to reducing the impact on your bottom line, now you’ve got five ways outsourcing your fire compliance competent person could be a game-changer in your business.

Share

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

Related Resources

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

John Keen
Apart from work John enjoys sports (football, karate & walking) as well as travel & spending time with friends & grandchildren.

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

H&S Competent Person – 6 Reasons You Should Be Outsourcing Your Health and Safety Competent Person

H&S Competent Person – 6 Reasons You Should Be Outsourcing Your Health and Safety Competent Person

Health and Safety Competent Person

As a business, you know the value of good people within your business. You’ve invested a lot of time and energy into the team you have, because they can be the drivers behind the success of a project—and even the success of an entire operation.

Is it really in your best interest to pull them from their roles to focus on your health & safety procedures?

Typically, the answer is no.

So you employ someone in a health & safety capacity, and absorb the costs of recruiting, screening, and hiring them. You pay top dollar and hope they have the initiative, training, and knowledge to deliver what your organisation needs. You take the risk that the ongoing investment will pay off.

Is that your only option?

Again, the answer is no. If moving an existing employee into health & safety is counter-productive, and hiring a new employee into the role is too risky, your third option could be the best: outsourcing.

If your business doesn’t have the competence under UK legislation to manage H&S in house—maybe your business is too complex or too high-risk—outsourcing could have far-reaching benefits. We’ll unpack those benefits here.

First Up: What is a Competent Person?

In the Health & Safety sphere, a competent person is one who has the:

“Necessary skills, experience and knowledge to manage health and safety.”

As an organisation, you are required under UK legislation to appoint a competent person to help you achieve your health and safety obligations. More than just someone who can safely perform the tasks required of your business, a competent person will be tasked with ensuring all areas of your business adhere to best practice.

In essence, a Health & Safety competent person can recognise risks and hazards within your operations, and help to structure controls that protect you, your people, and your business.

Does My Business Need a Health & Safety Competent Person?

In a nutshell: Yes.

While the standards for health and safety in the UK workplace are set in the Health and Safety at Work, etc Act 1974 and the Management of Health and Safety at Work Regulations 1999, it’s the latter standards that specify:

“Employers must appoint a ‘competent person’ to oversee health and safety in the workplace.”

Appointing a Health & Safety competent person is crucial to the longevity and compliance of your business, but it can also be a time- and money-consuming task. When you’re looking for a more effective way to stay compliant in the workplace, here are 6 reasons you might want to consider outsourcing the role.

6 Benefits To Outsourcing Your Health & Safety Competent Person

1. It Frees Up Your People

The most valuable resource most businesses have is its people. A large amount of time, energy, and financial support goes into putting the best people into the right roles, so it makes sense to keep those people where they best achieve your business outcomes.

Hiring a new employee is a costly process in general, and more so for businesses that are unsure of what they should expect from a health and safety role. Onboarding a new employee is a period of adjustment and managing expectations, and in many cases, this just isn’t feasible for the business in the short-term.

For these reasons, bringing in a consultant who specialises in health and safety outcomes keeps your team free to drive strong outcomes for your business.

2. It Drives Efficiency

Health & Safety legislation in the UK is wide-ranging and ever-changing. This is a space that becomes even more complex when you factor in industry-specific caveats and expectations.

What we’re saying is: staying across health and safety obligations takes focus.

Outsourcing your health and safety competent person can give your organisation the peace of mind in knowing an expert is laser-focused on managing the risks and liabilities in a way that is compliant, effective, and efficient.

3. It Can Streamline Costs

One of the most important considerations in business is costs. Wage costs can quickly get out of control, and productivity—especially in a role in the health and safety sphere—can be difficult to measure.

Outsourcing can help maintain more consistency in running costs, whilst avoiding the high cost of a full-time health and safety officer.  

In addition, employing a health and safety competent person as an employee comes with its own set of legal requirements and compliance tests. If your business isn’t prepared for this level of investment, bringing in a contracted professional could be a more simple, cost-effective solution.

4. It Protects Your Business

Any good business owner or operator wants to protect its people. A safer, healthier workplace is a happier workplace—and a better place to work.

By gaining clarity from a professional surrounding your health and safety obligations, you reduce your risk of non-compliance fines, legal trouble, damage to your business brand, and loss of productivity.

When you are seeking to build confidence within your team, with external stakeholders, and key investors, outsourcing a professional advisor can help you achieve that outcome.

5. It Promotes Strong Company Culture

Research has shown that a positive company culture improves employee wellbeing, and reduces accidents in the workplace by up to 50%. It reduces employee turnover, drives productivity, and increases consumer engagement.

And the #1 factor in a positive company culture? Employees feeling valued in the workplace.

Demonstrate how much you value your team by delivering a robust, professional health and safety process that protects everybody in the workplace. Emphasise your company’s commitment to a safe working environment through quality procedures and consistent monitoring—and enjoy the tangible benefits.

6. It Puts You in The Driver’s Seat

Have you heard the phrase, “I can’t see the wood for the trees.”?

When you are heavily involved in developing and maintaining the health and safety processes within your business, you may struggle to see the big picture. As you—or any key member of your management team—becomes caught up in “putting out fires” it becomes incredibly difficult to navigate the HSE ship as a part of your overall business convoy.

An independent consultant allows you to step back and consider practical solutions, rather than to operate your business from a reactive response position.

Final Thoughts

A strong health and safety process can keep your business agile, help you identify and prepare for HSE issues, and support you in making compliant, flexible, and well-informed decisions.

It can keep your team free to focus on driving your business forward and reaching crucial outcomes. Most importantly, it keeps your people and your organisation safe.

The question is: do you really have time to do it yourself? If not, outsourcing your Health & Safety competent person could be the strong solution for your business.

Do you want us to take care of your Health & Safety Compliance?

At RKMS we have over 25 years worth of experience in assisting companies with Health & Safety matters. Leave your H&S compliance in the safe hands of our expert consultants.

Share

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

Related Resources

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

John Keen
Apart from work John enjoys sports (football, karate & walking) as well as travel & spending time with friends & grandchildren.

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

What is ISO 27001?

What is ISO 27001?

What is ISO 27001?

ISO or IEC 27001 is a well-known and widely used Information Security Management System (ISMS). Companies using them can rest assured that all of their business-critical information is kept secure, free from misuse or poaching if they adhere to the standards of the various products in the ISO 27001 family.

Origins/History of ISO 27001

ISO or IEC 27001 was first developed by the International Organisation for Standardisation (ISO), in collaboration with the International Electrotechnical Commission (IEC), in 2005. The standards were subsequently updated in 2013 and again in 2022.

The current version of the ISMS is ISO 27001:2022. The standard adopts a process through which a user can establish, implement, operate, maintain, monitor and consistently improve it’s information security management system.

Who is ISO 27001 Meant for?

The ISO 27001:2022 standard is currently the internationally recognised “best practices” framework for ISMS. The standard complies with the General Data Protection Regulations (GDPR) and the standards set under the US Data Protection Act of 2018.

ISO/IEC 27001 can be used by any organisation that produces and needs to manage information assets, especially when they share data or information with outside bodies.

For example, government bodies, nor for profit organisations and commercial enterprises can all use ISO 27001 standards for creating, using and maintaining their Information Security Management Systems.

Any organisation that needs to protect its key data, including but not limited to intellectual property, financial data, employee details or information that it handles on the basis of third parties can benefit from following the ISO 27001 standard.

In terms of industry, sectors that handle confidential client information, especially large volumes of it, are particularly prone to threats from breaches. From this viewpoint, two types of organisations can use ISO 27001 to great advantage:

  • Companies that regularly handle confidential information and need to protect it on behalf of their clients, users and partners – such as banks and other financial institutions, healthcare organisations, Information Technology vendors and public sector enterprises.
  • Other organisations make a living out of archiving and working with other companies’ data, so ISO 27001 is also critical for their business success. Examples would include IT outsourcing organisations or data centres.

Basis of Evaluation

ISO 27001:2022 is evaluated on a CIA (Confidentiality, Integrity and Availability) basis. This presents a three hundred and sixty degrees view on ISMS, beyond just preserving and protecting confidential information.

Integration involves measures that prevent data from being wrongfully manipulated, while Availability refers to creating a system that will ensure that your data is never rendered inaccessible.

Why Would You Need It?

While there are more than a dozen standards in the ISO 27000 family, the ISO/IEC 27001 stands out from an ISMS standpoint. Companies have confidential data that could either be critical to their own business, or that falls under confidentiality agreements that they have executed with third party partners.

In the modern day and age, cybersecurity is key to continuity and success. The ISO 27001 standards ensure peace of mind in that regard.

ISO 27001:2022 certification is not only about the technical measures that get put into place to prevent cybercrimes or inadvertent data leaks. The system is designed in such a way that management processes and key business controls are set up in a customised fashion – so that each company can protect itself from identified threats in a manner commensurate with the risk assessment while minimising business interruptions.

Benefits of ISO 27001

As mentioned above, protecting your company’s mission critical data is critical for both short and long term business success. It also ensures that other organisations will be willing to collaborate with you, since they know you will be able to preserve and protect their confidential data. Getting certified in ISO 27001 will lead to these general rewards as well as many specific benefits, including but not limited to:

  • Keeping critical and confidential information fully secure.
  • Creating a framework for critical exchange of information with outside organisations.
  • Helping the company comply with essential regulations such as Sarbanes-Oxley.
  • Ability to easily comply with ISO audits with regard to ISMS.
  • Ability to incorporate Six Sigma style efforts in the field of ISMS.
  • Assisting in the minimisation and management or risk exposure.
  • Producing an aura of security in the marketplace, thus providing confidence to key stakeholders and customers about how you protect confidential information, as well as your approach to risk management in general.
  • Elevate your business standing through a consistent delivery of your product or service, which then enhances customer satisfaction, helps build a reputation and aids customer retention.

Overall, companies that use ISO 27001 standards have a demonstrable culture of security. Not only is every critical piece of data protected, but a crucial message is shared with every director, shareholder and key stakeholder – you are serious about protecting the company and its assets.

How Can Companies Get Certified?

In every jurisdiction, there are accredited agents that can take companies through the process whereby they get ISO 27001:2022 certified. While it’s possible to get certified through other means, the impact and branding is not the same.

For example, in the UK, the ISO 27001:2022 certification is most valuable when the certification has been obtained via a United Kingdom Accreditation Service (UKAS) accredited certification organisation that can conduct an independent audit on the path to setting up their systems and obtaining the certificates. Checkout our blog on UKAS vs Non-UKAS Certification to learn more.

Similar organisations exist elsewhere in the world.

The Final Word

To get certified in ISO 27001:2022 is often a gold standard for a corporation which handles critical and confidential data, both its own and on behalf of partners, clients and key stakeholders. In the modern age, with hackers everywhere and social media and connectivity being enablers of mischief if confidential data goes awry, it is almost inconceivable for a successful company to not get certified.

Once the ISMS standards are set, the company and it’s key stakeholders can all enjoy peace in terms of knowing that they will not be subject to a random act of data piracy – either due to a mistake or deliberate actions by a competitor or a hacker.

Do you want us to take care of your ISO 27001 journey?

At RKMS we have over 25 years worth of experience in assisting companies achieve ISO 27001 with a 100% success rate. All our consultants are IRCA lead auditors so we know exactly what the auditors want to see.

Share

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

Related Resources

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

John Keen
Apart from work John enjoys sports (football, karate & walking) as well as travel & spending time with friends & grandchildren.

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

The Difference Between UKAS and Non-UKAS Certification

The Difference Between UKAS and Non-UKAS Certification

Difference between UKAS and Non-UKAS Certification

We have recently seen an increase in organisations claiming they have achieved “certification” to various International or ISO Standards such as ISO 9001 Quality, ISO 14001 Environmental, ISO 27001 Information Security or ISO 45001 Occupational Health & Safety amongst others. At RKMS we regularly receive calls from companies that have genuinely thought they had achieved a certification but to find their new certification has been rejected by a client during the tendering process. We know how devastating and costly this can be for businesses and as such are releasing this information in an attempt to try and protect UK businesses.

Difference Between UKAS and Non-UKAS Certification

While the low cost of obtaining non-UKAS ISO certification may seem tempting to some businesses, it isn’t long after that many discover the certification is effectively useless. The difference between UKAS and non-UKAS certification often results in the latter having a lack of recognition outside of certain situations. The low cost of non-UKAS certification can very quickly translate to lost revenue for a business.

It is important that those seeking to obtain ISO certification understand the key differences between UKAS and non-UKAS certification. it is also important to understand how these differences can have an impact on your bottom line. 

What is also becoming more prevalent is longer contractual tie in periods, a UKAS accredited Certification Body HAS to allow you to move to another CB providing you have paid your subscriptions to date, many non UKAS organisations are charging a higher day rate for assessment and putting 10 year contracts in place meaning your “certification” may not only be worthless but could cost far more than a bone fide certification!

Accreditation Bodies

The UK Accreditation Service, or UKAS for short, is the only accreditation body officially recognised by the British Government. Operating under the Department for Business, Energy, and Industrial Strategy, UKAS is responsible for ensuring that any organisation offering ISO certification in their name conforms to strict standards. Any organisation that offers UKAS certification must have its processes regularly vetted to ensure that they meet ISO requirements.

There is no accrediting body for non-UKAS certification. Many of the businesses offering non-UKAS certification design their own certification processes, and the lack of oversight quite often results in them being slow to change their processes when ISO standards change. This is because there is often very little incentive for them to do so. The lack of accrediting body can also mean that many of these businesses are not really checking to see whether a company meets ISO standards, and thus the certification will hold no value.

Guidance from https://www.gov.uk/guidance/conformity-assessment-and-accreditation

BEIS is aware that UK certification bodies and representative associations are concerned at the increase in the number of organisations offering certification when they are not accredited to do so.

BEIS has advised certification representative organisations in the UK that:

  • the only ‘authoritative statement’ of competence, that has public authority status – providing the last level of control in the conformity assessment chain – is from the UK’s sole national accreditation body, UKAS
  • any organisation that suggests it is accredited in the sense of the Regulation on accreditation and market surveillance (765/2008) as it has effect in Great Britain or Regulation (EC) 765/2008 in Northern Ireland when they are not, may be guilty of an offence under the Busines Protection from Misleading Marketing Regulations 2008 (Statutory Instrument 2008/1276)
  • certification bodies or representative organisations should refer these cases to trading standards or UKAS in the first instance

Differences in the Certification Process

Any organisation that offers certification in the name of UKAS must have its processes regularly vetted. Obtaining initial UKAS accreditation is a lengthy and arduous process. Keeping hold of UKAS accreditation is even tougher. This is because UKAS wants to ensure that any assessment bodies that operate in their name are competent enough to assess businesses to ensure that they meet ISO standards.

Any UKAS accredited organisation must employ competent assessors and have technical experts ‘on hand’. This is to help ensure that any certification provided by these bodies means something. It guarantees that an industry professional has determined that a company does, indeed, meet ISO standards.

Non-UKAS certification providers will come up with their own certification processes. They are under absolutely no obligation to ensure that they are genuinely assessing businesses to ISO standards. In fact, many are not.

Constant changes in ISO standards can make it tough for non-UKAS certification providers to adapt their processes quickly. In many cases, there is no financial incentive to do so. Therefore, many of these certification providers may be offering ISO certification to old standards. This means the certificate is worthless.

Non-UKAS certification providers do not have any obligation to employ competent assessors or technical experts. In fact, many do not. Their certification process may often be nothing more than a few checkboxes. This is how these certification providers are able to offer their services so cheaply and quickly. There have been several cases where these organisations have been successfully prosecuted by Trading Standards.

Impartiality

A key provision for obtaining UKAS accreditation is impartiality. Any accredited ISO 9001 consulting organisation must adhere to strict guidelines on the advice that they are able to offer to their clients. UKAS prohibits any assessment organisation from receiving accreditation if they also offer consultancy services. As a result, any accredited body is solely an assessor. While they may be able to provide transparent advice for companies wishing to meet ISO standards, these organisations are not permitted to offer any paid advice outside of the assessment services that they offer.

Non-UKAS certification providers do not have to meet the same standards. In fact, offering consultation is often a key part of their business model. This can create a conflict of interest where the certification provider is unwilling to offer their certification unless the business they are working with is willing to pay for their expensive consultation services. While the initial cost of obtaining the certification may be cheap, the long-term costs may end up becoming rather extravagant.

Recognition of the Certification

Many businesses obtain certification because their industry requires it. Demonstrating that a business conforms to ISO standards may often form a key part of the tendering or sales process. We often come across organisations that inadvertently engaged with a non UKAS body and have been rejected from the tendering process.

If businesses hold a non-UKAS certification instead, they will often find themselves struggling to make sales. Quite often, these businesses may be excluded from any tendering process. When they contact potential clients directly, they may struggle to receive a response. This is because businesses that work with non-UKAS certification holders are taking a huge risk. If the businesses that they work with do not meet ISO standards, then it could mean huge financial penalties and a massive reputation hit if something goes wrong. 

It should also be noted that many businesses that seek non-UKAS certification do so in order to save money. Other companies recognise this. They often feel that businesses cutting costs in such an important area are likely to be going through strict cost-cutting elsewhere too. This means that they may not be receiving the best service possible. 

Any business holding non-UKAS certification that is able to make headway in the sales or tendering process may be required to demonstrate that their business meets ISO standards in other ways. This, quite often, means a costly process. In fact, this process can quite often cost more than applying for UKAS certification in the first place.

UKAS Certification Can Increase Business Profitability

While the lower upfront costs of applying for non-UKAS certification may be tempting, in the long run, it could end up costing businesses a significant amount of money.

In the long run, businesses that obtain UKAS certification are more profitable, and they grow far quicker. This is because they have demonstrated a commitment to ensuring that their business operations meet international standards. Clients enjoy this and, in many cases, will pay more for services that have been backed by UKAS.

If you are looking to obtain certification that your business meets ISO standards, make the right decision. Only work with UKAS-accredited certificate providers. It will only benefit your company in the long term. It is one of the best investments you can make in your business.

See more out about ISO certification costs here.

Share

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

Related Resources

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?

John Keen
Apart from work John enjoys sports (football, karate & walking) as well as travel & spending time with friends & grandchildren.

Do you want us to take care of your fire compliance? H&S compliance? ISO certification? training? human resources?

At RKMS we are determined to make a business run as efficiently as possible. Will that next business be yours?