As an ISO consultant, I frequently encounter businesses that believe a gap analysis is essential before starting an ISO project. But in my experience, traditional gap analyses often provide little real value, and sometimes, they even distract from what really matters.     Gap Analyses: Who Are They Really For? Most businesses operate with one goal in mind: making money. ISO compliance is important, but it isn’t the driver of daily decisions. Companies already manage operation

Internal audits are a core requirement across ISO standards, but many businesses treat them as a formality. If you're preparing for an external audit or just trying to make your internal audits more effective, watch out for these common pitfalls: 1. Auditing Your Own Work Even in small teams, audits must be objective. If independence isn’t possible, introduce peer review or rotate roles. 2. Using the Same Checklist Every Time Audits should evolve. Static checklists miss emer

ISO 17012, which was published in July 2024, provides useful guidance on the application of remote methods in auditing management systems, and is applicable to other types of audit and assessment. It is intended for use by 1st, 2nd and 3rd party auditors, and supplements the guidance provided in ISO 19011 and the requirements in ISO 17021 Part 1 for certification bodies. The document fulfils two primary functions, firstly in providing guidance as to how to get the most from t

When must I transition to ISO 27001:2022? As of 30 April 2024, certification bodies can no longer offer (re)certification to the 2013 edition of the Standard. Even if your organisation’s ISMS was (re)certified to ISO 27001:2013 by 30 April 2024, that certificate will expire on 31 October 2025 – even if it has been in place for less than three years (the normal duration of an ISO management system certificate). We therefore advise you start adopting the 2022 Standard as soon a

ISO 27001 / GDPR / Data Protection ICO Registration Fee Increase   From 17th February, the fee that must be paid to the ICO by data controllers is increasing by 29.8% across all tiers to take account of inflationary increases and in order to provide the ICO with the necessary funding to discharge their legal responsibilities: Charges for Tier 1 (10 or fewer employees or an annual turnover of less than £632,000 per annum) are increased from £40 to £52 Charges for Tier 2 (250 o

Keeping your personal data safe from prying eyes is crucial. Our experts share simple yet effective ways to secure your device in just a few minutes. Why Device Security Matters For most of us, our smartphones are an essential part of everyday life. They help us stay connected, manage payments on the go, and store sensitive information. That’s why it’s vital to take steps to protect your device from security threats. Fortunately, enhancing your phone’s security doesn’t have t

A question we're asked a lot when we use the term 'IMS'..... This blog should hopefully provide you with an overview and understanding of an Integrated Management System (IMS). An Integrated Management System (IMS) is a comprehensive approach that combines multiple management systems into a unified framework within an organisation. It aims to streamline and harmonise various management systems to improve efficiency, effectiveness, and overall performance. Traditionally, org

This month's blog we'll be briefly touching on ISO/Standard(s)-related legislation updates. ISO 14001 Circular Economy (Scotland) Act 2024   This Act  received Royal Assent on 8th August 2024, and will commence on a date to be decided by the Scottish Ministers. It introduces measures to facilitate the transition of Scotland's economy to a circular model, as well as modernise Scotland's waste and recycling services, by: requiring Ministers to prepare a circular economy strateg

We've been in this situation many times where we find ourselves competing against pre-written document toolkits. This month we decided to outline some of the benefits and pitfalls of toolkits vs using consultants. The benefits/pitfalls include: As consultants, we do 95% of the work involved in building the system v the client sifting through a mass of policies, procedures, forms etc We do not over-write systems i.e. we don’t make them more complex for what the business needs,

ISO Systems UK are a registered provider for NBSL’s North East Business Support Fund helping businesses to improve their competitiveness. Find out more at https://nbsl.org.uk/nebsf   Process Summary  -  The below image provides an overview of the Client Journey and highlights what NBSL need from you as the providers of the services. This can also be downloaded here: download here If you would like to speak with us prior to applying for funding, you can contact us via our dedi

Hiring a consultant to assist with an ISO 9001 project can provide several benefits to an organisation. Here are some key advantages : Expertise and Knowledge: ISO 9001 is a complex standard that requires a deep understanding of its requirements and implementation best practices. A consultant specialising in ISO 9001 can bring valuable expertise and knowledge to the project. They are familiar with the standard's intricacies, interpretation, and practical application, which c

ISO management standards are a series of internationally recognised frameworks that can assist you to manage your business processes more effectively. Independent third-party certification to ISO Standards is evidence that you conform to the ISO management standard(s) that you wish to adopt. ISO certification can give your organisation local, regional, national & international credibility. Is ISO certification right for you? - This is quite a simple Process...    If you answe

The new ISO/IEC 27001:2022 has been published on October 25, 2022. Some of the main new updates of ISO/IEC 27001:2022 include a major change of Annex A, minor updates of the clauses, and a change in the title of the standard. The latest version of ISO/IEC 27002 has been published at the beginning of 2022, and its latest changes have also impacted ISO/IEC 27001. The new changes of ISO/IEC 27001:2022 As the world is facing new evolving security challenges, the internationall

What we know so far about ISO/IEC 27001:2022 and ISO/IEC 27002:2022 The information security management standard ISO 27001 and its code of practice ISO 27002 were last updated almost a decade ago. A new iteration of ISO 27002 was published in February 2022, and a revised version of ISO 27001 is expected to be published by October 2022. This page explains what we know about the changes to ISO 27001 and ISO 27002, and how these changes affect organisations that are certified o

There’s no way around it, passwords are a pain in the butt. The internet is filled with lists of rules for making good passwords , most of which boil down to “make it something you’ll never be able to remember.” For most people, it comes down to two options. One is to use the same handful of easy-to-remember passwords across multiple sites, which — spoiler alert! — is a really bad idea. The other is to find some way to store your passwords, so you can use a set of strong,

Data and information protection is now a hot topic for the government, businesses and the public, particularly after significant cyber-attacks have drawn attention to the security weaknesses of large businesses and organisations such as NHS hospitals and local councils. To help all organisations, large and small, keep their information safe and their reputations intact, the ISO (International Organisation for Standardisation) developed ISO 27001 , the Standard for information

News the European Commission has approved UK data adequacy decisions was today welcomed by the Law Society of England and Wales, as it heralds the continuation of the free flow of data from the European Economic Area (EEA) to Britain and Northern Ireland. Law Society president I. Stephanie Boyce said: “Data adequacy recognition from the EU means that personal data can continue to pass from the EEA to the UK without the need to introduce additional safeguards. “This decision b

Why FluBot is a major threat for Android users, how to avoid falling victim, and how to get rid of the malware if your device has already been compromised Android malware known as FluBot is continuing to cause mayhem across some European countries, and there is speculation that the threat actors behind it may decide to target other geographies, including the United Kingdom. Here’s why you should be vigilant, how FluBot operates, and how you can remove this Android nasty from

Cybersecurity predictions for 2021 show the ripple effect of COVID-19 is likely to continue, leading to a rise in thread hijacking, whaling and human-operated ransomware PALO ALTO, Calif., December 1, 2020 – HP today released its 2021 predictions on how security threats – such as human-operated ransomware, thread hijacking, unintentional insider threats, business email compromise and whaling attacks – are set to increase in the next 12 months. HP’s cybersecurity experts inclu

With media headlines focusing on household names like British Airways, Travelex, and Uber, it can be tempting to assume that cyber criminals only target big companies with deep pockets. But the truth is that six out of ten SMEs suffer cyber attacks , and a quarter of the UK’s charities suffered an attack in 2019 . So what can you do to protect your organisation against this kind of crime? Training Many organisations are not supporting their staff with the appropriate trainin