The Risk Briefing2012-02-07T09:42:02ZAssent Risk ManagementCopyright 2012, Assent Risk ManagementSPHPBLOGWin Public Sector Contracts with AccreditationsThe Benefits The rewards of public sector tendering are plentiful with over £236 Billion spent in the year 2009/2010.
2500 Contract Notices are published each week and 25% are awarded to Small and Medium Sized Enterprises (SMEs).
Unfortunately many businesses do not take full advantage of these opportunities because they are unclear about the process and how to answer the many intimidating questions.
Achieving accreditations and ISO certification is a great way to demonstrate your commitment and capabilities but it only forms part of the tendering process.
Register for Tender Alerts It is mandatory that public sector contracts above £173,934 are publicly released. However, many contracts far below this value are put through the same channels.
There are many services that distribute tender notices at varying costs.
Pre - Qualification Questionnaire [PQQ] If you then decide to apply for a contract the next step will be the PQQ. This can be a daunting document and you may wish to seek advice on how to answer the questions to ensure you represent your company well.
The PQQ gives the awarding authority an opportunity to filter applicants into a short list and, at this stage, accreditations play a vital role!
Invitation To Tender [ITT] If you successfully reach a short list you may be invited to tender. At this stage the authority is more concerned with the "what, where, when and how" of your service delivery.
This is a good time to seek advice and guidance if you are unsure how to respond.
Tender Award After successfully completing the process you will be awarded the contract and it's time to deliver. Don't miss the opportunity!
Thank you to Tender Assist for their input into this article. Tender assist can help your business tender for public sector contracts. Contact 01438 861931 or visit www.tenderassist.co.uk for details. ]]>http://www.assentriskmanagement.co.uk/blog/index.php?entry=entry120206-1040032012-02-06T00:00:00Z2012-02-06T00:00:00ZProposals for Tougher European Data Protection Laws Expected There will also be stiffer penalties for companies that do not meet the legal requirements.
Three main requirements included in a leaked draft are:
1. Mandatory notification of data breaches. Recommending relevant Data Protect Authorities are noticed and any affected individuals, within 24 hours of a data protection incident.
2. Requirement of named data protection officers in public sector organisations and all companies exceed 250 employees.
3. Increased fines for non-compliance, up to one million Euros, or up to 5% of an enterprise's annual world wide revenue.
Social Networks Another interesting comment is regarding social networking website, which may be required to hand back data to a user, when they close their account, for them to post else where.
Right to be Forgotten The phrase right to be forgotten means Internet companies would be required to erase all data their held and, in some cases, all traces of that data on search engines, if members withdrew their consent for it to be used.
ISO 27001 Information Security One way to mitigate the risk on non-compliance under the new data protection legislation is to implement an Information Security Management system to the requirements of ISO 27001.
This risk based standard provides a management framework that will insure correct policies and procedures are in place for all applicable legislation. More Information
Conclusion In the mean time, we look forward to European Commissioner Viviane Reding's presentation later today.
]]>http://www.assentriskmanagement.co.uk/blog/index.php?entry=entry120125-1146112012-01-25T00:00:00Z2012-01-25T00:00:00ZFSC Paper Stock - 3 Sustainable Optionshttp://www.assentriskmanagement.co.uk/b ... 330-132211) it is easy for companies to gain certification to this standard and thus significantly reduce their impact on the world's forestry.
Here we focus in on the 3 types of paper stock certified under FSC CoC:
1. FSC Certified Stock Completely sourced from sustainable, well managed forestry. However this stock takes around 70% more energy than recycled stock (Below). However, FSC Certified Stock is still a good choice as it can be traced back to source.
2. FSC Mixed Sources Blends virgin fibres with recycled fibres. At least half of the virgin fibres must be FSC certified.
3. Recycled Fibre. 100% recycled from post-consumer waste from accredited paper-mills.
Conclusion As you can see, although often considered to be sold at a premium, there are several options for buying sustainable paper product.
For more information on the scheme please contact us on 020 3432 2854.]]>http://www.assentriskmanagement.co.uk/blog/index.php?entry=entry120124-1327502012-01-24T00:00:00Z2012-01-24T00:00:00ZThe Green Deal Under the Green Deal, there will be no need to pay 'up front' for energy efficiency improvements to properties, instead the cost is recovered through savings on energy bills.
Installers and Assessors are required to complete accredited certification to provide services under the Green Deal and use the Green Deal Mark. The Department for Energy and Climate Change has appointed UKAS to accredit certification bodies for the certification of Green Deal installers and advisors.
It is intended that the Green Deal Scheme will be operational by October 2012.
Contact us for more information contact Assent on 020 3432 2854.
Green Deal Website: http://www.decc.gov.uk/en/content/cms/t ... _deal.aspx]]>http://www.assentriskmanagement.co.uk/blog/index.php?entry=entry120105-1037022012-01-05T00:00:00Z2012-01-05T00:00:00ZStart Ups in Shoreditch and London's Tech City could benefit from ISO Certification. All around Shoreditch and the Silicon Roundabout on Old Street, there are companies that depend on the security and continuity of I.T systems in order to trade.
This is where we have been able to help companies achieve certification to ISO 27001, an Internationally recognised Information Security Standard. The implementation process involves a series of risk assessments across a wide range of business areas.
There is also a basic element of business continuity planning involved, however we usually assist clients in preparing a comprehensive business continuity plan, which could later be certified to BS 25999 standard.
The London Riots, which occurred in several areas of London, demonstrated how unpredictable and fast such events can be and our clients who operated an ISO 27001 management system were able to quickly react.
There is also competitive advantage to be gained from ISO certification, with many public sector bodies requesting it during the tendering process.
Call our office on 020 3432 2854 to arrange a free consultation with one of our ISO consultants.]]>http://www.assentriskmanagement.co.uk/blog/index.php?entry=entry111212-1345402011-12-12T00:00:00Z2011-12-12T00:00:00ZRevision C Update to Aerospace AS/EN9100 Standard Key changes to the standards include: • broadening the scope to cover Aviation, Space & Defence. • greater emphasis on the process approach and project management. • a Risk Management Process is now required. • processes must be measured for effectiveness.
The auditing process now focuses more strongly on objectives, with the scoring system being replaced by 'Process Effectiveness Assessment Reports'.
Organisations currently registered will need to make the transition to Revision C by 1st July 2012.
For help and guidance on the change please call our aerospace consultants on 020 3432 2854.
]]>http://www.assentriskmanagement.co.uk/blog/index.php?entry=entry111123-1309032011-11-23T00:00:00Z2011-11-23T00:00:00ZISO/IEC 27035:2011 Information Security Incident Management The ISO standard aims to help organisations reduce the impact of I.T security threats by implementing the defined incident management approach.
Although Incident management is addressed within ISO/IEC 27001 the Information Security Management System Standard, ISO/IEC 27035:2011 supports and expands guidance.
ISO describe the standard as a solution to "help businesses respond to information security incidents, including the activation of appropriate controls for the prevention and reduction of, and recovery from, impacts, and, in so doing, learn and improve their overall approach."
Many organisation are vulnerable to security incidents and the increased resources needed to recover the business. Incidents could also result in a criminal investigation and/or ICO fine, which could be prevented using the methods contained within this standard.
For advice on Incident Management contact Assent on 020 3432 2854
]]>http://www.assentriskmanagement.co.uk/blog/index.php?entry=entry111101-1151162011-11-01T00:00:00Z2011-11-01T00:00:00ZManaged Audit ProgrammesAuditing is an important part of maintaining a management system, so be sure that your auditors' programme is effective for your business.
Here we take a look at our own audit programmes and the best practises we apply.
Guidelines for Auditing Management Systems
As you would expect, there are ISO standards specifying guidelines for auditors. The recently updated ISO 19011:2011 'Guidelines for Auditing Management Systems' is a good place to start.
Principles of Auditing The standard defines the following six principles of auditing which all our auditors adhere to:
Integrity - Ethical Conduct. Fair Presentation - report truthfully and accurately. Due Professional Care - application of diligence and judgement. Confidentiality - security of knowledge acquired. Independence - objectivity of audit results. Evidence-Based Approach - rational method fro reaching reliable and reproducible conclusions.
Choosing the Audit Team When establishing an audit programme we consider which of our auditors has the relevant experience to evaluate the evidence presented. It's important that the auditor understands the business they are auditing.
We ensure competence by using IRCA training lead auditors, who have experience of implementing and auditing management systems. Continued Professional Development is also an important part of our auditor training.
Schedule and Programme Improvement Where ever possible, we will fit the audit schedule around you. Our auditors will be looking for evidence to support your management system, but will not want to disrupt the running of your business. Therefore we may prepare some aspects pre-audit.
The audit team will also be improving their audit programme with each visit, and may identify areas that they would like to revisit more often.
Conclusion Our audit team will apply the 6 auditing principles to establish and maintain an appropriate audit programme for your management systems. Their feedback is intended to identify weaknesses that you can improve and strengthen.
To discuss the audit of your management systems or suppliers contact 020 3432 2854.
More on Auditing.]]>http://www.assentriskmanagement.co.uk/blog/index.php?entry=entry111024-1120122011-10-24T00:00:00Z2011-10-24T00:00:00ZSmartphone Outage Exposes Business Risk Many businesses are left asking 'where' in the world their services are held and what are the points of failure.
Internet technology is deployed in the production of goods and provision of services globally. Therefore it's important to evaluate the risks your business is exposed.
One way to identify and manage this risk is to implement a management system to ISO 27001. The standard provides a plan, do, check, act approach to identify, treat and reduce business risks. It's also possible to quantify the risk and apply a monetary value to non-compliance.
The standard also requires risks with 3rd parties and suppliers be evaluated, which can lead to some interesting discoveries.
If you are interested in implementing ISO 27001 Information Security Management, please contact our consultants on 020 3432 2854]]>http://www.assentriskmanagement.co.uk/blog/index.php?entry=entry111014-1306312011-10-14T00:00:00Z2011-10-14T00:00:00ZRisk Assessment Guiding Principles - Baseline Audit The first stage is to evaluate with a baseline audit those areas where they already meet the requirements of a corporate operation of a standard management system.
Whereas the implementation of an Occupational Health and Safety Management system is a crucial part in an organisations ability to meet the health and safety legislation and setting targets to meet policy. It is not at present a legal requirement for the organisation to be certified to OHSAS 18001, but organisations with ISO 9001 will find common elements in all three systems 9001 – 18001 and 14001.
The baseline audit sets out to establish the effectiveness of what is and evaluate closely the present system and documentation meet the Health and Safety at Work Act sections 2, 3, 4, and 7 primarily general duties of Employers to their employees, the environmental legislation and Corporate Social Responsibility. Each with their own policy statements and arrangements for carrying out and monitoring the arrangements.
Areas for Review. Health and Safety at Work Act Section 2
Prepare and revise as appropriate a written policy statement, its operation and arrangements.
Comprehensive Risk Assessments of the following: Regulations and one all embracing Act that require a Risk Assessment. • The Health and Safety (Display screen equipment) Regulations 1992 • The Manual Handling Operations Regulations 1992 • The Personal Protective Equipment at Work Regulations 1992 • The Workplace (Health, Safety and Welfare) Regulations 1992 • The Construction (Design and Management) Regulations 1994 • The Construction (Health, Safety and Welfare) Regulations 1996 • The Lifting Operations and Lifting Equipment Regulations 1998 • The Provision and Use of Work Equipment Regulations 1998 • The Management of Health and Safety at work Regulations 1999 • The Control of Lead at Work Regulations 2002 • The Control of Noise at Work Regulations 2005 • The Control of Vibration at Work Regulations 2005 • The Work at Height Regulations 2005 • The Control of Asbestos Regulations 2006
Maintenance of a safe working environment. S.F.A.R.P. regards any place of work, provision and maintenance of means of access and egress.
Provision and maintenance of equipment and safe systems of work.
Safety and absence of risk to health with use, handling, storage and transport of articles and substances.
Provision of such information, training and supervision. S.F.A.R.P. for the Health and Safety of employees.
Environmental, pollution prevention and control.
Control and maintenance of air quality. Use and maintenance of water – drinking etc. Waste streams – packaging – recycling etc. Chemical use and disposal Statutory nuisance and noise. Land contamination. Environment work place assessment. Corporate social responsibility.
Typical Topics Staff Support – The Community – The Environment
Corporate Social Responsibility) The Board Published and operating
Society – Environmental impact Measure reduction in cost Economy in use of fuel Vehicles – Plants/Equipment – lighting – Heating
Set up a C.R.S. Group Consideration of existing core values Prepare a written strategy plan Agree and adopt a mission statement Set Targets Appoint a Support Team – senior members
Target key elements
Environmental Considerations ) Senior Management
Economy Fuels: - heat – light – vehicles
Regular internal audits followed by compliance certification.
Directors/Senior managers.
Responsibilities and accountability.
Corporate Governance ACA – IoD – External audits. Records Management, Statutory retention. Monitoring by senior management and independently.
Contact Us for more information on a baseline audit, 020 3432 2854. ]]>http://www.assentriskmanagement.co.uk/blog/index.php?entry=entry110929-1608582011-09-29T00:00:00Z2011-09-29T00:00:00Z
;)
]]>