The Risk Briefing

The Risk Briefing http://www.assentriskmanagement.co.uk/blog/index.php Copyright 2012, Assent Risk Management Assent Risk Management en-US SPHPBLOG 0.5.1 Verify your Supply Chain with Supplier Audits http://www.assentriskmanagement.co.uk/blog/index.php?entry=entry120501-124859 Why Audit the Supply Chain?
It can be very difficult to know if your supply chain is operating in line with the policies and procedures of your business, as each supplier operates independently under its own governance.

However, as a buyer, you may be able to identify opportunities to coordinate the supply chain, achieve cost savings and meet your own environmental or other objectives.

An audit of the supply chain can encompass:
- Environmental impact.
- Information security.
- Data protection compliance.
- Business continuity plans.
- Social impact.
- Technology compatibility.
- Knowledge and cross training.
- Price and value.

For example, software can be a point of failure, as compatibility and version issues arise causing extended cost and delivery times.

ISO 28000 - security management systems for the supply chain
ISO have also looked at security for the supply chain, providing a framework for managing risk and planning for deliberate or environmental threats. Ultimately aiming to minimise disruption.

An Impartial Audit
Outsourcing the verification and monitoring of your supply chain has many benefits. Our auditors can design a programme to meet your verification and monitoring requirements, using some or all of the factors listed above.

We will ensure that the auditors are completely independent of your supply chain, so you can be assured that there are no conflicts of interests. The findings of our audit will be based on no-bias sampling as per the audit programme.

Contact us on 020 3432 2854 for more information.]]> General http://www.assentriskmanagement.co.uk/blog/index.php?entry=entry120501-124859 Assent Risk Management Tue, 01 May 2012 11:48:59 GMT Grants for Manufacturers to implement ISO Standards. http://www.assentriskmanagement.co.uk/blog/index.php?entry=entry120412-132655 ISO 9001 Quality Management and ISO 14001 Environmental Management.

The scheme is provided by the Manufacturing Advisory Services (MAS) for Small/Medium sized manufacturing businesses to help them achieve their ambitions and increase their abilities.

ISO standards are internationally recognised and provide a competitive advantage when tendering for larger contracts. There are many other benefits to implementing a management system, which provides a structured approach to quality assurance and controlling the company's impact on the environment.

Easy To Apply
If you are considering implementing ISO standards in your manufacturing business, we are offering free assistance to apply for funding as part of our quoting process.

Contact us to find out how we can help your business move forward with funding from MAS.]]> General, Health and Safety, Environmental, Quality http://www.assentriskmanagement.co.uk/blog/index.php?entry=entry120412-132655 Assent Risk Management Thu, 12 Apr 2012 12:26:55 GMT Is PAT testing Electrical Equipment a Legal Requirement? http://www.assentriskmanagement.co.uk/blog/index.php?entry=entry120410-120312
Portable Appliance Testing (PAT), is a process of periodically testing electronic devices to ensure they are maintained and safe for use.

If a device has been PAT tested you will usually find a sticker on the plug, which has the date of the last test.

This formal process of regular inspection and testing has clear advantages for reducing risks associated with electronic devices in the workplace. However, I often hear PAT testing quoted as a legal requirement for businesses. This is incorrect.

Electrically Safe - The Law
Regulation 4(2) of the Electricity at Work Regulations 1989 says

"As may be necessary to prevent danger, all systems shall be maintained so as to prevent, so far as is reasonably practicable, such danger"

The Health and Safety Executive (HSE) provides a useful leaflet to help you manage electrical risk in your workplace. In offices and low risk environments, often a visual inspection is all that is required, however with some portable devices, testing may be more appropriate to ensure it's safety.

Think carefully about the best way to manage this risk using the HSE's advice, PAT testing or both.

References

HSE PAT - Portable appliance testing FAQs - May 2012. http://www.hse.gov.uk/electricity/faq-p ... esting.htm

HSE Guidance Leaflet, Maintaining portable electric equipment in office and other low risk environments - April 2011. http://www.hse.gov.uk/pubns/indg236.pdf

HSE Article, Myth: All office equipment must be tested by a qualified electrician every year - July 2007. http://www.hse.gov.uk/myth/july.htm]]> Health and Safety http://www.assentriskmanagement.co.uk/blog/index.php?entry=entry120410-120312 Assent Risk Management Tue, 10 Apr 2012 11:03:12 GMT Business Continuity Planning for Letting Agents http://www.assentriskmanagement.co.uk/blog/index.php?entry=entry120402-115308 The Obvious

Scenario: The office has burnt down/flooded/been broken in to and all our data is lost.

It's important to know your data is back up and available off site, should your main place of business be compromised.

It's also wise to consider:
- an alternative place to trade from,
- how to redirect the telephones,
- how to communicate any issues to landlords and tenants.

The Not So Obvious

Scenario: A natural disaster has damaged a large number of properties on our books.

If you browse the properties you manage, you will probably find that they are all within a close proximity to each other, and your lettings office.

While this is convenient for everyone most of the time, it could leave you vulnerable in the event of a natural disaster.

For example, the great storm of 1987, which was famously unexpected by weather forecasters, left many properties with damage to fences, roofs, windows and worse.

While letting agents are insured for such events, realistically, how many are capable of quickly responding to these incidents, particularly when the trades people required will be in such high demand.

Therefore a prudent letting agent will have invested some time in making a business continuity plan that addresses questions such as:

- Who are our suppliers?
- How good is our relationship with our suppliers and is it formalised?
- Do we have alternative suppliers available, if we need extra capacity?
- How will we manage the increased calls from tenants?
- How will we staff the office?

More Information

If you require some help producing a business continuity plan, call our consultants on 020 3432 2854

See also: BS25999 standard.
]]> Information Security http://www.assentriskmanagement.co.uk/blog/index.php?entry=entry120402-115308 Assent Risk Management Mon, 02 Apr 2012 10:53:08 GMT What Data is Covered by the Data Protection Act? http://www.assentriskmanagement.co.uk/blog/index.php?entry=entry120315-104845
Of course, it is good practice to protect all data relating to the business, it is also important to know your statutory obligations under the Data Protection Act.

"Personal Data"
The act is intended to regulate "Personal Data", which is defined in the act as quoted below:

Personal data means data which relate to a living individual who can be identified –

(a) from those data, or

(b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller,

and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.

Even if a reference number or other code is used in place of a name, it will still be "personal data" covered by the act if there is a method of identifying the individual, whether that method is classed as 'data' or not.

Common "personal data" stored by companies include:
Employment and Payroll information.
Employee medical information.
Customer delivery addresses
Feedback from customers.
Personal contacts within a company, for example emails and letters marked to the attention of.

As part of a structured information security management system, data protection act compliance can be easily measured and managed.

For help with your Data Protection Act Notification or implementing a ISO 27001 Information Security Management System contact our consultants on 020 3432 2854.

References
Key definitions of the Data Protection Act - http://www.ico.gov.uk/for_organisations ... tions.aspx

Data Protections Services at Assent - http://www.assentriskmanagement.co.uk/dataprotection/

ISO 27001 - http://www.assentriskmanagement.co.uk/iso27001/
]]> Information Security http://www.assentriskmanagement.co.uk/blog/index.php?entry=entry120315-104845 Assent Risk Management Thu, 15 Mar 2012 10:48:45 GMT How Green is the Cloud? CEEDA, ISO14001, ISO50001 http://www.assentriskmanagement.co.uk/blog/index.php?entry=entry120313-104841

SAAS - Software as a Service, web based applications run from data centres rather than your PC.
IAAS - Infrastructure as a Service, virtualised systems taking advantage of bandwidth, processing and memory on a scalable basis.
Social Media - Web based communities that are occurring in everyday life.
Media Streaming - Services that provide TV and movies on our Internet enabled devices.

This all raises the question. How Green is the 'Cloud'?

We once saw a statistic which claimed every two Google searches produces the same amount of CO2 as boiling a kettle.

Among the various schemes and tools available to measure and address energy efficiency in data centres is an offering from BCS, The Chartered Institute for IT.

CEEDA - Certified Energy Efficient Data Centre Award sets out to verify the measures implemented by an organisation with three award levels: Bronze, Silver, Gold.

It uses the 'EU Code of Conduct for Data Centres' as the foundation for best practice and assessment, adding a 'continual improvement' element similar to standards issued by ISO.

CEEDA can be applied internationally and has the advantage of being externally verified by the trained assessors.

For further information on CEEDA, please see references below.

Going Greener
There are plenty of other steps that can save energy and money. In order to manage something, it needs to be measured, and this can be done in various ways.

For example, the ISO 50001 Energy Management Standard sets a framework for taking a baseline energy measurement and setting objectives for reducing consumption.

ISO 14001 Environmental Management takes a broad look at aspects of the business which impact the environment and, again, requires objects set to for continue improvement.

For more information, contact us on 020 3432 2854.

References

Official CEEDA Websites
CEEDA Website: http://www.ceeda-award.org
BCS, The Chartered Institute for IT: http://www.bcs.org

External Contacts (Not Affiliated to Assent)
David Carter CEEDA Relationship Manager at DCD - http://www.datacenterdynamics.com
John Booth @Carbon3IT - http://www.carbon3it.com

Other
Two Google searches 'produce same CO2 as boiling a kettle', The Telegraph http://www.telegraph.co.uk/technology/g ... ettle.html
Power Usage Effectiveness (PUE) and Data Centre Infrastructure Efficiency (DCiE): http://www.assentriskmanagement.co.uk/b ... 218-161859
]]> Environmental http://www.assentriskmanagement.co.uk/blog/index.php?entry=entry120313-104841 Assent Risk Management Tue, 13 Mar 2012 10:48:41 GMT Opportunities in the Motor Industry with ISO/TS 16949 http://www.assentriskmanagement.co.uk/blog/index.php?entry=entry120306-143856
It's estimated that 2,000 jobs will be created with 1,600 of those being in the supply chain. This is fantastic news for small manufacturing businesses, but how can they stand the best chance of winning work with one of the worlds biggest car makers.

One way to be competitive is to implement an Automotive Quality Management System and achieve certification to ISO 16949.

The automotive industry recognises ISO/TS 16949 certification in the tendering process, and implementing the system can help you operate more efficiently. Similar to ISO 9001, there are many benefits to controlling the quality of your output.

Assent has consultants with industry specific experience and we can guide you through the process of achieving certification with a recognised body.

For more information, contact us on 020 3432 2854.

References

ISO/TS 16949 Automotive Quality Management: http://www.assentriskmanagement.co.uk/iso16949/

PJC Consultancy - Aerospace and Automotive: http://www.peterjclements.co.uk/about/

BBC News, Nissan to build new car in Sunderland: http://www.bbc.co.uk/news/business-17266087

For Tendering Advice and Services: http://www.assentriskmanagement.co.uk/b ... 206-104003]]> Quality http://www.assentriskmanagement.co.uk/blog/index.php?entry=entry120306-143856 Assent Risk Management Tue, 06 Mar 2012 14:38:56 GMT Social Responsibility - 7 Core Subjects http://www.assentriskmanagement.co.uk/blog/index.php?entry=entry120301-145258
There are several standards, guidelines and tools which address corporate social responsibility, here we take a brief look at the voluntary International Standard, ISO 26000:2010, Guidance for social responsibility.

ISO26001 is not a 'management system' standard and there is no certification for it. It is intended to help organisations of all types and sizes contribute to sustainable development.

The standard defines 7 core subjects for social responsibility which are interdependent:
6.2 Organisational Governance
6.3 Human Rights
6.4 Labour Practices
6.5 The Environment
6.6 Fair Operating Practices
6.7 Consumer Issues
6.8 Community Involvement and Development

Within each of these core subjects, the standard identifies issues which should be addressed.

ISO26000 can be used in conjunction with other measures implemented by a company to managed it's corporate social responsibilities (CSR)

Poor working Conditions in Apple's Supply Chain?
In early 2012, technology company Apple made an unusual move and released a list of it's suppliers in an attempt to deal with poor working conditions in Asian factories that supplied Apple components.

Its said, they conducted 229 supplier audits over the previous year and found various areas for improvement, which the company is now addressing.

Perhaps bold for such a large corporate to admit failings in order to progress to a sustainable supply chain.

References
ISO26000:2010 standard page: http://www.iso.org/iso/iso_catalogue/ma ... o26000.htm

7 Core Subjects poster:
http://www.iso.org/iso/sr_7_core_subjects.pdf

BBC News, Apple publishes supplier details for the first time: http://www.bbc.co.uk/news/business-16570765]]> Social Responsibility http://www.assentriskmanagement.co.uk/blog/index.php?entry=entry120301-145258 Assent Risk Management Thu, 01 Mar 2012 14:52:58 GMT Processes and Process Auditing http://www.assentriskmanagement.co.uk/blog/index.php?entry=entry120209-123359
A process is a "set of interrelated or interacting activities which transforms inputs to outputs". ISO9001

A process "may define policies, standards, guidelines, activities or work instructions if they are needed". ITIL (Service Strategy).

There are particular characteristics you would expect to find in an efficient and effective process such as:
- Defined actions.
- Measurable in terms of cost or quality. Duration or productivity.
- Deliver specific identifiable and countable results.
- Have customers/stakeholders who have expectations of the results of the process.
- React to events in terms of a trigger.

Why use Process Auditing?
Audits use sampling due to time and practical restraints.

Process auditing usually makes the best use of the time available, as a process is often confined to a small area in the business, for example the HR process is in one office and the Accounts process is in another. This way each process can be assess against all relevant parts of the audit without having to visit areas several times during the audit.

We can also get a good idea about how the processes connect, by planning the audit to move from one to the next.

Why have an Audit?
The main reasons you may wish to audit are:
- To verify a process is operating as intended.
- To identify improvements to a process.
- To achieve ISO certification.

Contact us for more information on auditing: 020 3432 2854.]]> General http://www.assentriskmanagement.co.uk/blog/index.php?entry=entry120209-123359 Assent Risk Management Thu, 09 Feb 2012 12:33:59 GMT Win Public Sector Contracts with Accreditations http://www.assentriskmanagement.co.uk/blog/index.php?entry=entry120206-104003 The Benefits
The rewards of public sector tendering are plentiful with over £236 Billion spent in the year 2009/2010.

2500 Contract Notices are published each week and 25% are awarded to Small and Medium Sized Enterprises (SMEs).

Unfortunately many businesses do not take full advantage of these opportunities because they are unclear about the process and how to answer the many intimidating questions.

Achieving accreditations and ISO certification is a great way to demonstrate your commitment and capabilities but it only forms part of the tendering process.

Register for Tender Alerts
It is mandatory that public sector contracts above £173,934 are publicly released. However, many contracts far below this value are put through the same channels.

There are many services that distribute tender notices at varying costs.

Pre - Qualification Questionnaire [PQQ]
If you then decide to apply for a contract the next step will be the PQQ. This can be a daunting document and you may wish to seek advice on how to answer the questions to ensure you represent your company well.

The PQQ gives the awarding authority an opportunity to filter applicants into a short list and, at this stage, accreditations play a vital role!

Invitation To Tender [ITT]
If you successfully reach a short list you may be invited to tender. At this stage the authority is more concerned with the "what, where, when and how" of your service delivery.

This is a good time to seek advice and guidance if you are unsure how to respond.

Tender Award
After successfully completing the process you will be awarded the contract and it's time to deliver. Don't miss the opportunity!

Thank you to Tender Assist for their input into this article. Tender assist can help your business tender for public sector contracts.
Contact 01438 861931 or visit www.tenderassist.co.uk for details.
]]> General http://www.assentriskmanagement.co.uk/blog/index.php?entry=entry120206-104003 Assent Risk Management Mon, 06 Feb 2012 10:40:03 GMT