The ISO Show

The importance of setting key objectives can’t be understated. They help drive continual improvement and reflect a business’s key metrics for success in various areas. They are also a key aspect of implementing an ISO Standard, with most specifying a dedicated Objectives clause. While most businesses will have objectives irrespective of any ISO certification, many may fall into the familiar trappings of having separate objectives for different departments, which only serves to fragment your measurement of success. In this episode Ian discusses the importance of setting key business objectives, and why you should be aligning these with your strategic direction.   You’ll learn ·      What is the Annex SL format and why was it introduced? ·      What is meant by ‘Strategic Direction’? ·      The importance of risks and opportunities in objective planning ·      Who are setting key business objectives important? ·      How can you align objectives with a businesses strategic direction?   Resources ·      Isologyhub     In this episode, we talk about: [02:05] Episode Summary – Ian discusses how to align objectives with the strategic direction of the business, and why it’s important to do so.    [02:55] What is the Annex SL format and why was it introduced?: The Annex SL format refers to the standard 10 clause structure that we now see in most ISO Standards. Introduced back in 2015, it sought to address the issues with integrating multiple Standards, in addition to making them more accessible to every sector. Prior to 2015, many ISO standards were designed with specific sectors in mind, using terminology that would make sense to them, but perhaps not to others. The Annes SL format now uses the same language across all ISO’s, making It easy to integrate multiple ISO compliant Management Systems. [06:10] What is meant by the term Strategic Direction? Leadership: This is a term that appears in ISO 9001 5 times. We first see it in Clause 5 – Leadership, where it states: “Top management shall demonstrate leadership and commitment with respect to the management system by ensuring that the policy of objectives are established for the management system and are compatible with the context and strategic direction of the organisation.” This is where it’s made explicitly clear that leadership / management are responsible for ensuring the Management System aligns with the way their business runs, in addition to integrating it into existing processes. [07:05] What is meant by the term Strategic Direction? Management Review: It also appear in clause 9.3 Management Review, where it states: “Top management shall review the organisation system at planned intervals to ensure its continuing suitability adequacy, effectiveness and alignment with the strategic direction of the organisation.” Again, this reinforces the need for top management to be involved to ensure that the Management System is in alignment with their overall goals. [08:40] What is meant by the term Strategic Direction? Context of the Organisation: It also appears at the very start of the auditable clauses, in Clause 4 – Context of the organisation, where it states: “The organisation shall determine the external and internal issues which are relevant to its purpose and its strategic direction.” This involves looking at issues from a legal, technical, competitive, cultural and economic point of view, and many of these will be determined by top or broader management within the business. They ultimately have the most influence in how a Management System is built, therefore have the most influence on how the policies and objectives are created. [10:45] The importance of risks and opportunities in Objective planning – Clause 6 (Planning) is where we address risks and opportunities raised in clause 4. It states that ‘Objectives must be established at relevant functions, levels and processes.” For us at Blackmores, we directly relate the findings from a risks and opportunities assessment (such as a SWOT & PESTLE), and link these to our objectives to try and minimise those risks. We also leverage the opportunities, by making them real tangible goals to work towards – seems obvious but we often see businesses missing the link between these exercises! [12:00] How can you set Objectives in alignment with Strategic Direction?: Many businesses now build their mission, values and strategic direction around sustainability and general ESG. When building a management system, you need to consider how it affects those sustainability / ESG goals, because that is essentially the context of your organisation. So, you’d need to consider: How does environmental performance, health & safety performance or legal compliance contribute to the success of the management system as a whole? You don’t have to be going for ISO 14001 or ISO 45001 for these things to matter, even a quality management system can contribute to sustainability goals. This can be through improving economic performance by reducing waste ect. Also, don’t be afraid to relate economic performance to your management system. If you have a turnover goal of X, mention that in your context documentation, and also consider how the management system can contribute to achieving that goal i.e. through processes, controls, monitoring and improvement activity. Also consider your client requirements, they may require an accident rate below X which can also be included in context documentation and can then be factored into your management system measures and objectives if need be to achieve that. [16:55] How do you establish your objectives? – First you must establish context, and that context must be relevant to the purpose and strategic direction of the business. The context setting must include those who understand that context, strategic direction and the purpose of the business, the risks and opportunities must be assessed in relation to that context, which in turn is already aligned with strategic direction. Finally the objectives must be set in relation to those risks and opportunities. It's all about having the right people to identify the relevant issues affecting the organisation, and setting concrete objectives in order to improve that. We’d love to hear your views and comments about the ISO Show, here’s how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

AI usage has skyrocketed in the past 2 years, with many commonplace apps and software now featuring an AI integration in some form.  With the rapid development and possibilities unlocked with this powerful technology, it can be tempting to go full steam ahead with implementing AI use into your day-to-day business activities. However, new technologies come with new risks that need to be understood and mitigated before any potential incidents. In this episode Mark Philip, Information Security Manager at Cloud Direct, joins Ian to discuss emerging AI risks and how you can build AI resilience into your existing practices. You’ll learn ·      Who is Mark? ·      Who is Cloud Direct? ·      How can you assess your current level of AI resilience? ·      What are some of the key threats that AI systems currently face, and how can you mitigate these? ·      How can you utilise AI to enhance your security? ·      What is best practice when responding to an AI related security incident?   Resources ·      Cloud Direct ·      Isologyhub    In this episode, we talk about: [02:05] Episode Summary – We invite Cloud Direct’s Information Security Manager, Mark Philip, onto the show to discuss AI risks and how to build in AI resilience into your existing security practices.   [03:25] Who is Mark Philip?: While his primary role is as an Information Security Manager at Cloud Direct, a little known fact about him is that he is an amateur triathlete! At London earlier in 2024, he was lucky enough to bump into Alistair Brownlee, who is the UK’s two time gold olympic medalist in triathlon. [05:10] Who are Cloud Direct? – Founded in 2003, Cloud Direct are a Microsoft Azure expert MSP that is the top of Microsoft accreditation that any partner can hold, putting them in the top 5% of Microsoft partners globally. They offer consultancy and professional managed services, specialising in Microsoft Cloud, which is all underpinned with security across the whole Microsoft stack. They also assist with digital transformation and modernisation. [06:30] Assessing the current AI risk landscape: Ian points out that a recent report from the Capgemini Research Institute found that 97% or organisations are using generative AI. With this increase in AI use, there is a correlation with an increase in security incidents related to AI. Mark adds that this technology is so new, with a lot of larger software companies such as Microsoft pushing AI elements into their tools. So there is a learning curve involved with utilising the technology. There is also a lack of Risk Assessment being done in relation to AI, not a lot of though is going into the use of AI on a day-to-day basis. If you’re using an AI platform, you need to ask yourself: What is this platform actually doing with the data I’m inputting? There is also the fact that shady individuals are already leveraging this technology with the likes of deep fakes, bad bots and more sophisticated phishing schemes – and the harsh truth is that they’re going to get better at it over time. [08:20] What is AI resilience and why is it so important? – AI resilience is about equipping businesses with the processes that control the use and deployment of AI usage, so that they can anticipate and mitigate any AI risks effectively. Similar to ISO Standards, this would involve a risk-based approach. However, this will look very different depending on your business and how you are using AI. For example, the risks of someone using AI to generate a transcript of meeting notes will be much lower in comparison to a healthcare company using complex sets of data with AI to synthesize new medicines. So, if you are using AI you need to consider what the inherent risks could be, and that would be dependent on the data you’re processing i.e. is it sensitive data? And then factor in if the software is publicly available (such as ChatGPT), or it is a closed model under your control? Asking these types of questions will give you a more realistic outlook on the risk landscape you face. [10:35] How can a business assess their current level of AI resilience? AI is here to stay, so you won’t be able to avoid if forever. So first, you need to embrace and understand it, and that includes creating a clear picture of your use cases. Mark states they did this exercise internally at Cloud Direct when they were starting to use Microsoft’s Co-Pilot. They asked themselves: ·      What sort of data is the software interacting with? ·      What data are we putting into it? ·      How do Microsoft manage the program and related security? ·      Are Mircrosoft storing any of that data? It’s not just about the security either, you need to understand why your using AI and if it will actually be to your benefit. A lot of people are using it because it’s new and shiny, but if it’s not actively helping you achieve your business goals, then it’s more of a distraction than anything else. For those looking for additional guidance on AI policies, risks and resilience, there’s a lot of guidance provided by both ISO and the NCSC. ISO 42001 in particular is useful for both people using AI and developers creating AI. If you’re stuck on where to start, a Gap Analysis is a fantastic tool to see where you are currently and what gaps you need to bridge in your security to cover any AI usage, and to see how well you are complying with current legal requirements (the EU AI Act is now in effect!). Another tool is a Risk Assessment. You may not process what many would consider sensitive data, such as healthcare information, but even if you store and hold customer data, then you need to ensure that any AI you use doesn’t pose a risk to it. [14:30] How can AI improve security and resilience? – Sticking with Microsoft as an example, as they are releasing a lot of AI driven tools, they can be used to fill gaps that humans may not have the time to do. Once example of this is monitoring and sending security alerts, previously a system may have just sent this to a human member of staff to resolve, but now AI security tools can act on those alerts on your behalf. So, if you have limited IT resources, this could be a fantastic addition to your security set-up. It also eliminates the lag of human response, and AI can look at things in a way a human wouldn’t think to.   [17:55] How do people stay ahead of the curve in the evolving AI landscape? – You should be using the myriad of resources available to learn about AI, as there are webinars, social media feeds, blogs and videos released constantly. Microsoft in particular are offering a comprehensive feed of information relating to AI, the risks and new technologies in development. The key is to understand AI before integrating it into your business. Don’t just jump at the new shiny toys being advertised to you, go to reputable sources such as the ICO, NCSC, Cyber Essentials and regulatory bodies to learn about the technology, the benefits it can bring in addition to the risks you need to mitigate against. Mark can vouch for Microsoft’s though leadership in this field, as they keep all of their customers up-to-date with all of their AI related developments. Cloud Direct themselves are also putting out some great content, so don’t forget to check out their resources. If you are already utilising Microsoft’s tools, the Cloud Direct can help explain how their new tools can apply to your business. If you’re looking for assistance with ISO 42001, then Blackmores can help you with implementing a robust AI Management System. [21:40] What is best practice when responding to an AI related incident? – To be honest, there’s no reason to not treat it like any other security incident. We’ve already adapted to more sophisticated security risks as a result of the move towards home and hybrid working over the pandemic. This simply another stage along in this ever changing security landscape. You should treat it like assessing any new step, and you likely have all the processes in place for analysing risk already in place, simply apply them to the usage of AI and put in place the necessary governance based on your findings. Standards such as ISO 20000 IT Service Management and ISO 22301 Business Continuity are fantastic tools of you’re new to this sort of incident response planning. If you’ve already been certified to these standards, then you likely have the following in place already: ·      Risk Assessments ·      Business Impact Assessments ·      Business Continuity Plans ·      Recovery Plans Simply add AI as an additional risk factor into your existing management system and update the necessary documentation to include actions and considerations for its use. If you update your Business Continuity and recovery plans, then make sure to test them! Don’t just assume that they will work, put them to the test and adjust until you’re comfortable that in a real incident, everyone in the business knows how to react, what to communicate and how to get back up and running. [24:00] What are Mark’s predictions for the field of AI resilience? – People need to look at the opportunities in utilising AI, a lot of people are using it without really understanding it so there’s a lot of learning still to do. So, he expects to see a lot of businesses fully grasping how they can use AI to their advantage in the coming years. With that comes the challenge of ensuring it’s integrated safely, with the right governance embedded to ensure its safe and ethical usage across entire organisations. Another big challenge is the handling data privacy within AI. Scams are only going to get more complex as AI develops, and you need to ensure your business can protect against that as much as possible. Also businesses should carefully consider what AI platforms they choose to use. Ensure you understand what data is being input and stored, and the level of control you have over it. All of this to say, there are a lot of massive benefits of using AI and you should shy away from it. But, you need to ensure you are using it safely and ethically. [27:30] What is Mark’s book recommendation? – The hunt for Red October by Tom Clancy [28:45] What is Mark’s favorite quote? – “I have a bad feeling about this…” – Star Wars Want to learn more about Cloud Direct? Check out their website. We’d love to hear your views and comments about the ISO Show, here’s how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher

The uptick in greenwashing cases, and subsequent outing of these claims only serves to make stakeholders and consumers dubious of any businesses sustainability pledges. One key way to combat this is to have the information to back up your claims, something that is becoming a mandatory requirement for some depending on  sector, location or company size. In this episode, Mel dives into the use of ISO 14064 and how verification to this internationally recognised Standard can help companies build trust and ensure their climate action claims are genuine and impactful. You’ll learn ·      What is Greenmasking? ·      Why there is a need for transparency in green claims ·      What is Greenhouse Gas Statement Verification? ·      What is ISO 14064? ·      How can ISO 14064 Verification combat greenmasking?   Resources ·      Carbonology ·      7 Shades of Greenwashing Guide   In this episode, we talk about: [02:05] Episode Summary – In this episode, Mel delves into the world of ISO 14064 and explores how verification under this international standard can help companies build trust and ensure their climate action claims are genuine. Catch-up with the previous episodes in the series here: The Rise of Greenwashing The 7 Shades of Greenwashing [03:05] What is greenmasking?: Greenmasking (a term coined by Carbonology®) is used to describe the practice where organisations self-certify their environmental impact without independent verification. This means they claim their green credentials are accurate while avoiding transparency about their methodology and data. Essentially, they are "marking their own homework," which can lead to misleading claims about their sustainability efforts. This could be compared to someone completing their own MOT and signing it off themselves, instead of taking it to a qualified mechanic. Obviously, that MOT certificate wouldn’t be valid in that case, and would have no credibility when it came to selling the car. [04:45] The need for transparency – For carbon reporting to succeed globally, enforcement will need to be standardised across all nations. With transparency around ESG initiatives increasingly important, you need to be able to objectively and accurately measure and report on your carbon footprint. Some to keep an eye on include the Green Claims Directive and the Anti-Greenwashing Charter. Stakeholders are now looking for independent Verification of the accuracy of your emissions data and your calculated carbon footprint through Standards such as ISO 14064-3. [07:05] What is Greenhouse Gas (GHG) Statement Verification? - GHG Verification is the engagement of an independent third-party by an organisation to provide Verification of their GHG statements using standards such as ISO 14064-3. Carbon footprint Verification involves, collecting data and reporting on your emissions from your company’s activities, and then independently verifying its accuracy to provide assurance to stakeholders that your claims are transparent and true. If you’d like to learn more about the differences between the Greenhouse Gas Protocol and ISO 14064, check out a previous episode. [08:10] What is ISO 14064-1 and ISO 14064-3? – This is the specification for Greenhouse Gas emissions reporting and part 3 is the specification for verifying that, covering more elements than the Greenhouse Gas protocol. The reporting requires you to collect data from various sources across your scope 1, 2 and 3 emissions, collating it into a report and then have that report independently checked against the requirements of ISO 14064. [09:45] How can Greenhouse Gas Verification combat greenmasking? – ·      Highlights integrity - Verification against ISO 14064-1 highlights the veracity of your systems and processes to prove your GHG inventory, assertions and reports conform to the ISO 14064 standard; and are free from errors, omissions or misstatements, demonstrating the highest integrity of your GHG reporting. ·      Validation of Net Zero goals - Verification against ISO 14064-1, establishes the integrity of your claims towards Net Zero. ·      Verify success - Verification against ISO 14064-1 provides assurance of your carbon footprint declarations which will give confidence in achieving the projected emission reductions ·      Stakeholder assurance - Stakeholders are increasingly looking for independent Verification of GHG Data to prove reduction are achieved year on year Download a copy of The 7 Shades of Greenwashing from Carbonology’s website here. If you would like some assistance with carbon Standards and reporting, simply get in touch with the team over at Carbonology.   We’d love to hear your views and comments about the ISO Show, here’s how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

The rampant rise of greenwashing threatens to undermine genuine sustainability efforts and mislead consumers, with over 900 businesses in Europe being accused of the practice in 2024.  Greenwashing can come in many different forms, and the tactics used aren’t always easy to spot. In this episode, Mel dives into the 7 shades of greenwashing and explains the common greenwashing tactics you should be on the lookout for. You’ll learn ·      What is Greencrowding? ·      What is Greenlighting? ·      What is Greenshifting? ·      What is Greenlabelling? ·      What is Greenrinsing? ·      What is Greenhushing? ·      What is Greenmasking?   Resources ·      Carbonology ·      7 Shades of Greenwashing Guide   In this episode, we talk about: [02:05] Episode Summary – In the 2nd part of this 3-part series on greenwashing, we dive into the various methods and tactics used by businesses to avoid their sustainability obligations. [03:05] What is greencrowding?: This tactic relies on safety in numbers and occurs when different groups (like governments, organisations and companies) join forces to create the impression of making significant environmental changes. For example, 8 of the world’s biggest 20 plastic polluters including companies such as Royal Dutch Shell, Coca-Cola, and BP are part of the Alliance to End Plastic Waste, however the group moves at the speed of the slowest member and sets low environmental targets to stall action as it is often costly and involves a lot of the companies resources and time [03:55] What is greenlighting? – This is when companies spotlight a particularly ‘green’ product or operation which helps to draw attention away from tis otherwise environmentally damaging activities. Commonly seen in the car industry, recent BMW campaigning highlights the company’s electric vehicles, despite being heavily invested in combustion engine vehicles therefore not addressing their major source of emissions. Another example is Exxonmobil, who heavily advertised its “advanced biofuels” made from algae, however didn’t mention the fact that the biofuels made up a miniscule part of production. Since coming under scrutiny Exxonmobil have rescinded this project altogether and haven’t looked to practical alternatives. [05:15] What is greenshifting? - This is where the blame gets shifted onto consumers. BP’s “Know your carbon footprint” campaign is a key example, it invited customers to share pledges for reducing their individual emissions yet BP’s core business continue to partake and scheme hugely polluting oil and gas projects. Another example include H&M who urged consumers to recycle their old clothes yet, the company continues to be a prime culprit in fast-fashion and have a significant part to plat in over-consumerism leading to environmental degradation. [06:10] The growing need for comprehensive carbon reporting – This occurs when companies use words like ‘eco’, ‘sustainable’ or related wording or symbols conveying green messaging with no evidence to support it. Kohl’s and Walmart were sued for labelling toxic rayon textiles as eco-friendly bamboo. Another more recent example is McDonald's Paper Straws where In 2019 a paper straws to introduced to replace plastic ones, claiming it was an eco-friendly move. However, it was later revealed that these paper straws were not recyclable, leading to criticism that the company was misleading consumers about the environmental benefits. [07:15] What is greenrinsing? - This is where companies change their sustainability commitments or targets before actually achieving them. Repeatedly, Coca-cola has missed and moved its recycling targets. Between 2020 – 2022, the company dropped its targets for using recycled packaging from 50% by 2030 to 25% proving these targets were not sufficiently made. BP and ExxonMobil are two more examples of being criticized for frequently updating their climate targets without substantial progress. Various ambitious goals were announced over the years, but critics argue that these targets are often revised or postponed making it hard to assess real achievements and also trust between consumers, investors and legal frameworks are lost. So the takeaway here is, make sure you’re targets are realistic! [08:45] What is greenhushing? – This occurs when companies deliberately underreport or hide green credentials to evade scrutiny, which is a rising practice found in larger firms who struggle to successfully hit their targets/ aims. Commonly found with firms that make distant net zero targets but do not report on progress. It allows them to hide the fact that they are not taking meaningful steps. Companies often avoid reporting positive environmental measures they may be taking to prevent greenwashing accusations which can be argued as counter-productive in the efforts to help drive systemic and industrial change in the most polluting industries. H&M and ExxonMobil are key examples of greenhushing and no-longer actively promote their sustainability practices as they have faced criticism over false / limited actions in the past.  This one is rather damaging, especially to those who are taking meaningful sustainable action, but may not be keeping up with their targets. This is why it’s so crucial to make those targets obtainable. If this practice continues, then there is less pressure overall for businesses to do their part for sustainability. It’s important to celebrate the victories, no matter how small, as it all adds up to the bigger picture. [10:55] What is greenmasking? - Greenmasking (a term coined by Carbonology®) is used to describe the practice where organisations self-certify their environmental impact without independent verification. This means they claim their green credentials are accurate while avoiding transparency about their methodology and data. Essentially, they are "marking their own homework," which can lead to misleading claims about their sustainability efforts. Some companies offer ISO 14064 consulting and verification services that may not always adhere to the rigorous standards required for genuine verification. This can result in poor practices and undermine the credibility of the certification. For example, some consulting firms might offer ISO 14064 verification as part of their services but fail to conduct thorough and independent audits. Instead, they may ‘verify’ the data is correct in-house. This can lead to situations where companies are able to self-label their environmental impact as compliant with ISO 14064 without truly meeting the standard's requirements. This results in a vast amount of unreliable and untrustworthy data that is purportedly verified. Furthermore, with some consultancy companies asserting that offering both consultancy and verification within the same firm is a viable option, it paves the way for poor reporting standards to be accepted, only worsening the problem in the long run. Greenmasking can have significant implications for stakeholders, including investors, customers, and regulators, who rely on accurate and transparent environmental reporting. To combat greenmasking, it is crucial for organisations to seek independent and accredited verification of their GHG emissions ensuring that their sustainability claims are credible and based upon the rigorous standards stated in ISO14064-3. Download a copy of The 7 Shades of Greenwashing from Carbonology’s website here. If you would like some assistance with carbon Standards and reporting, simply get in touch with the team over at Carbonology.   We’d love to hear your views and comments about the ISO Show, here’s how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

In a world increasingly concerned about environmental impact, companies are under immense pressure to demonstrate their sustainability credentials. But how can businesses truly differentiate themselves from those simply paying lip service to green practices? Greenwashing is a term that you will likely be familiar with, as it’s one that’s been on the rise as consumer preference steers towards those who are seen to be doing the right thing. Alarmingly, high-severity cases, which involve companies that took a purposeful and systematic approach to concealing ESG violations, rise by more than 32% year on year. In our upcoming 3-part series we’ll be exploring the impact of greenwashing on business, the different types of greenwashing and the role verification can play in building genuine evidence based sustainability strategies. In this episode, Mel dives into the first of this 3-part series to explain what greenwashing is, the common tactics used in greenwashing and how businesses can build genuine sustainability. You’ll learn ·      Who is greenwashing? ·      Where did the term originate from? ·      The rise of greenwashing ·      What are some of the common greenwashing tactics used? ·      The danger of greenwashing ·      How can businesses build genuine sustainability strategies?   Resources ·      Carbonology     In this episode, we talk about: [02:05] Episode Summary – We kick off our 3-part greenwashing series with an exploration of what greenwashing really is, the common greenwashing tactics businesses employ and how you can avoid those pitfalls to build genuine sustainability within your business. [05:25] What is greenwashing?: Greenwashing, in essence, is the deceptive use of environmental claims to mislead consumers into believing a company's products or services are more environmentally friendly than they actually are. [05:45] Where did the term ‘greenwashing’ originate from? – The term "greenwashing" was coined in 1986 by Jay Westerveld, an American environmentalist.   Westerveld first used the term in an essay describing his experience at a hotel in Fiji. The hotel encouraged guests to reuse towels to "save the environment," but Westerveld observed that the hotel was simultaneously expanding its operations, significantly impacting the local environment. This contradiction highlighted the hotel's primary intent to cut costs rather than genuinely conserve resources.   Westerveld's observation exemplified how businesses could deceptively use environmental claims to mislead consumers into believing their products or services are more environmentally friendly than they actually are.  [06:35] The rise of greenwashing: Many businesses over a wide range of industries have made a pledge to reduce their carbon impact by 2050, driven by both an increase in regulation and consumer perception. However, the Economist highlighted some troubling research, citing that while many businesses will puff out their claims of sustainable practices, many don’t have the evidence to back them up. Many should have the resource, say an Asset Manager, that could provide tangible reports on their carbon consumption each year, and yet they choose not to publicly disclose any such reports. So, a lot of talking the talk, but not walking the walk! [07:40] The growing need for comprehensive carbon reporting – There are a number of sustainability and ESG regulations now in effect, with more to come in 2025 (such as the Green Claims Directive that is due to come into affect on the 27th March 2025) that require businesses of different sizes and sectors to report on their carbon consumption and reduction. If you’d like to learn more about a few of these, check out our previous episodes on: ·      SECR ·      ISBB S2 ·      CSRD ·      CSDDD [08:15] What are the common tactics used in greenwashing? These can include:- ·      Vague and Ambiguous Claims: Phrases like "eco-friendly" or "sustainable" are often used without specific, quantifiable data.  However, the EU Green Claims Directive, in theory help address this, although this only applied in Europe. ·      Focus on Single Issues: Highlighting one minor environmental benefit while ignoring significant negative impacts across the supply chain. ·      False Labels and Certifications: Creating misleading labels or misrepresenting genuine certifications.  There are numerous ‘Green certifications’ out there that charge for a badge, without providing any evidence, of for those that do provide information it could just be a document that isn’t evidence based i.e. a Policy statement or ‘pledge’ or ‘commitment’ ·      "Greenwashing by Association": Implying a connection to environmental causes through sponsorships or marketing campaigns. [10:15] The danger of greenwashing – The danger with greenwashing is the negative impact it has through an Erosion of Consumer Trust. People are becoming increasingly skeptical of environmental claims, making it harder for truly sustainable companies to gain credibility. Greenwashing can also lead to Distorted Market Signals: creating a false impression of progress, hindering genuine innovation and investment in sustainable solutions. [11:30] How can businesses build genuine sustainability strategies? ·      Transparency and Accountability: Disclose environmental data openly and transparently. Seek independent third-party verification of sustainability claims.   Focus on Life-Cycle Assessment: Evaluate environmental impacts across the entire product or service lifecycle, from raw material extraction to end-of-life disposal.   Continuous Improvement: Set ambitious, measurable, and time-bound environmental targets. Regularly review and refine sustainability strategies based on performance data.   Engage with Stakeholders: Collaborate with suppliers, customers, and other stakeholders to identify and address environmental challenges. If you would like some assistance with carbon Standards and reporting, simply get in touch with the team over at Carbonology.   We’d love to hear your views and comments about the ISO Show, here’s how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

The end of another year has rolled around in the blink of an eye! We’ve managed to publish a whopping 42 episodes this year, pushing us over the 200 episode mark.  We want to thank all our listeners, both old and new, for allowing us to continue to share both ISO tips and success stories from our wonderful clients. We hope you’ll follow along as we continue our podcasting journey in 2025. To close out the year, Ian Battersby and Steve Mason share some of their stories of misadventures during audits, from common mistakes, to broom battles and forklift mishaps, they really have seen it all! Listen, laugh and learn what not to do during an audit. You’ll learn ·      What not to do in an audit   Resources ·      Isologyhub   In this episode, we talk about: [02:05] Episode Summary – Ian and Steve share some of their experiences from their time as auditors. From common mistakes to outlandish situations that you’d have to see to believe, listen and learn what shouldn’t happen during an audit.  [03:40] Lazy Copycats: Steve recounts a time where a company had copy and pasted their Management Review for years, which rightfully earned them a non-conformity. Ian shares a similar story where a construction company submitting a tender had copy pasted the content and included the wrong company name! The copying doesn’t stop there, as Steve remembers a company Quality Manual that managed to include multiple company names. It was found that they’d simply copy and pasted example pages they’d found online that looked good, but didn’t bother to update any of the content to be relevant to them. [06:30] Training Troubles – Ian recounts a time where he was auditing a subcontractor for a construction company that required a record of training. The induction was very important and obviously needed to be documented. When he checked the documents, though all the forms had different names, all the signatures suspiciously had the exact same handwriting! Turns out the Director was signing them all off, which is obviously in breach of a number of health and safety related regulations. [08:00] IT Security slip-ups – Steve recounts a time where a Finance Director had good intentions, but poorly implemented his idea. The Finance Director didn’t trust their IT system back-up and instead backed-up all his information on a memory stick. Steve had pointed out the flaws with this, such as losing the memory stick, data getting corrupted ect. It just simply isn’t a safe or reliable way to store such important information. [09:05] Disconnected Leadership – Ian shares a time where an auditor caught the lack of leadership commitment to their management system. Despite it being a very nice looking management system by all accounts, the cracks showed enough for an outsider to spot the flaws. Steve adds that sometimes, you can over engineer a management system to a point past useful. It needs to work for your business, otherwise people will work around it to get what they need done. Steve had a rather obvious example if this when he required a chat with a member of leadership, who refused on the day initially, despite it being scheduled for 6 months. The person relented a few minutes over lunch where he posed his complete commitment to BS 5750 – A standard that existed 20 years ago and had since been replaced by ISO 9001. Very telling for his level of ‘commitment’. As we have covered in a previous episode – Leadership commitment is imperative to a successful management system. [11:40] Skip Diving for Secrets – Steve shares his experience of conducting a skip diving exercise, which is following a document waste trail. At a certain company, they ended up looking in an actual skip only to find what looked like a lot of confidential documents, when questioned someone had said that they looked like they belonged in the CEO’s filing cabinet. When questioned, the CEO remarked ‘I didn’t want you to catch me with anything that I shouldn’t have, so I threw it all out last night’. This warranted a non-conformity as anyone could have gone past and fished out that confidential information just as Steve had. Ian also adds a time where he worked in the NHS and a local hospital had an accident where a lot of confidential medical files ended up scattered across the floor. These were documents that should have been disposed of securely. [14:05] PPE? You’ve got to be kidding me! – Ian recounts a time working for a manufacturing company that was part of a large international firm. Their UK operation had to abide by strict PPE requirements, proper shoes, eye protection ect. It was something that everyone on the premises had to adhere to. One day, a Director walked in with none of the PPE which was clearly labelled on many of the signs decorating the shop floor. He had incorrectly assumed that because of his position, he could walk around with no PPE whatsoever. Fortunately the shop floor supervisor set him right and sent him to get properly suited up. [15:35] Data Centre security says no – Steve recalls a time when a member of top management went to visit one of their own data centre’s, on getting to the gate the security had told him ‘I don’t care who you are, your name isn’t on the list so you’re not getting in.’ That person hadn’t gone through the process of being approved for entry. Yet, predictably, they sent complaints everywhere, but the head of the UK branch had quite rightly praised the security personnel for simply following protocol. [16:55] Private bank details? Don’t mind if I do! – While Steve was auditing physcial security for an office, a printer ended up printing the payroll of every employee at the business. This wasn’t in a private room, this was in the middle of the office, so anybody could walk up and see bank account details and salaries! When questioned, it turned out their Finance Director was working from home, and hadn’t bothered to contacts anyone to retrieve the documents. So unsurprisingly, they received a non-conformity. [19:55] Do not goad the auditor -  A bit of advice from Steve “Never say ‘this is our most secure room’ to an auditor” – that is essentially a challenge, and one that you’ll likely lose if you don’t follow your own processes. Steve put this to the test when someone had claimed only 3 people had access to a certain room. Out of curiosity, Steve used his visitor badge to gain entry, and asked if he was included in that 3. Obviously he wasn’t, and this was simply down to access control being a bit muddled at that particular company. [21:25] Mistaken Identity: Steve recalls a time when he was given a visitors badge with a completely different person as the photograph. It had no effect on the correct access rights, but amusing all the same. He shares another story where he shared a waiting room with another Steve. When they called only the first name, the other Steve was taken into that business and questioned on ISO, to which the poor man had to inform them that he had no idea what they were talking about! Shortly after, the correct Steve was collected. But it goes to show how important it is to ensure you’re giving access to the right people. [24:20] Battle of the Broomsticks: Ian recalls another time when working in construction, when he had the opportunity to work at a horse racecourse. They were looking to achieve what was OHSAS 18001 at the time (now known as ISO 45001), and it was going so well until a few new hires came running across the stable yard wielding 2 brooms, battling like gladiators in view of their auditor. Thankfully they weren’t really harming each other, but it was enough for the auditor to raise a few questions about subcontractor controls. You really couldn’t write the timing any better (or worse, I suppose!). [26:15] Clearly a certified forklift driver:  While Steve was working at a warehouse, the manager there stressed how well trained all of their forklift drivers were, how sensible they all were. Though, Steve could see a person dancing, speeding and popping wheelies with his forklift over the managers shoulder. After he’d been alerted to the wannbe stunt driver, the manager went to have a word with them. [27:30] Accidents don’t happen after 5pm: Ian was working at a company that highly valued the use of PPE on-site, everyone did a good job of abiding by that, until it came to the end of the day. One person leaves across the shop floor in just a normal t-shirt and jeans, waving them all off happily as he leaves for the day. He still had to cross the shop floor, and being off the clock doesn’t make you invincible. [29:10] Fire Door Dramas: Steve recalls a time during an ISO 9001 audit where he spotted a fire door had been blocked by pallets in a warehouse. Another time he saw a fire door that was actually chained and padlocked! On another occasion, a local council had put their rubbish bins outside the fire door for the building, and during a fire drill, they couldn’t get out.   Ian states how many times he’s seen signs ignored by drivers who park in front of fire exits. All this to say that a little awareness goes a long way. [31:10] Emergency Plans for the avid reader: During an incident at an NHS hospital where they’d suffered a long term major power outage, Ian and the staff had found that the emergency plans were 144 pages long! With Senior responsibilities hidden away in an Appendix on the last few pages. Well thought out plans are necessary, but the actual procedure needs to be something that can be followed in the event of an emergency. A little common sense should be applied when deciding what needs to be communicated. [34:00] Risk Assessment disaster: While working with a team in a manufacturing plant, Ian helped them to streamline their risk assessment process as their previous one needed too many signatures to actually go anywhere. This bottleneck was resolved with months of hard work, or so they thought… When it came to being audited, the auditor asked the team manager what happened to all of the risk assessments, he’d then pointed towards the Health & Safety Management and claimed they had them all, who had to admit that he didn’t. Later that evening a director called the administration and asked to hide all of the documentation, to which she rightly refused to do. This also linked back to when the auditor had asked about how the apprentices were trained, and it happened that the apprentice supervisor was on holiday and so they were just let onto the shop floor. Suffice to say, this didn’t reflect well on the resulting audit results. [36:30] Against the wire: Ian states that manufacturing companies are not famous for admin. He had one experience while trying to get a recertification booked in, which went up against the wire for their current certification running out. The CB obliged and sent a very qualified Health & Safety assessor there, who took them to pieces. It didn’t take long for him to point out that they had a really nice management system with no commitment from managers to use it. A word to the wise – don’t leave your recertification up until the last minute! If a CB tried to move your recertification past that expiry date, you can and should push back.   [39:00] Password palavers: Steve shares an experience when he interviewed a very organised PA who managed 7 Directors. At the end of the audit he pointed out a folder on her computer called ‘passwords’, to which she obliged to show him the contents. Predictably it contained all the usernames and passwords for various accounts the Directors owned. She knew about the secure passwords policy, but no one could realistically remember that many! When Steve questioned the technical team, they states only selected people needed one, and she wasn’t one of them. Steve pointed out that she did, and had done the best she could with the tools available, and gifted them a non-conformity as a result as they hadn’t done a good job of ascertaining who should get additional security tools. By the end of that day, the PA had their own password vault. [41:30] A fire extinguisher as useless as a chocolate teapot: In another company Steve had noted that they still had a black fire extinguisher. When asked, the staff replied that they were all up-to-date as of 2007. On checking, it was revealed that it had last been serviced in August 1997 – so no, it was not in fact ‘up-to-date’. It may be innocuous to some, but when it comes to safety equipment, that could be the difference between life and death in an emergency. [42:40] Technophobes in a modern age: Ian recounts a past quality audit he did for an engineering company. They require a lot of specific ISO Standards for that industry, and so the company paid a subscription service to ensure they had digital copies of all these Standards to refer back to. One such standard was on verification, and on asking a particular quality engineer about how he verifies a specific product, he pulls out a printed hard copy of a standard from 1993. Ian was interviewing him in 2017, there had been at least 2 updated versions of the Standard out by that point. When probed about why he wasn’t using the online standards library paid for by the company, he simply stated ‘I don’t like computers’. [45:00] The case of the mysterious ghost file: Steve once had an audit with a relatively nervous member of staff, after explaining that all he has to do is explin how he works, the interview went rather smoothly. At one point he photocopied a bit of paper, hole punched it and filed it away on a shelf in the corner. Steve initially thought ‘good admin, he’s clearly following a process’, so when he returned Steve asked why he filed that particular bit of information away, to which the staff member said ‘I don’t know, I’ve just been told to do it’. Steve then questioned the Quality Manager there about that document and they replied with the same. He then questioned the warehouse personnel to get the same answer. So, you have this document being photocopied over and over, filed away each time and no one knows why! Steve politely pointed out that it might be a good idea to rethink that pointless process. [47:50] Useless numbering systems: Ian had a similar experience with a numbering system that nobody knew the origins of. The staff involved simply shrugged it off and stated it was simply just what they used. Ian decided to put something to the test, by getting rid of it. He removed an entire archive system from a company’s network folder, as back then file space was a big cost and concern. He kept the files and waited to see if anyone actually needed them. After months, he only had 2 requests for documents. It’s important to ask both what is and isn’t working well. Getting input from all levels of staff can be eye opening, and empower those employees who can help shape up company processes to work more efficiently. [49:50] Allergic to Audits: Ian shares a secondhand story where a trainer for the HSE was conducting a site visit, where he needed to question the shop supervisor on a few things. He asked him for something he couldn’t see, and the guy agreed to go get it, and just never came back. Apparently he was so scared of the auditing process that he just went home!   [54:00] Shady police and stolen cars: One of Steve’s previous clients had an experience where what they thought was a policeman asked about a hire car the company owned, stating it had been involved in a crime. They didn’t think much of letting him take it for his ‘investigation’. Later when the hire company asked about getting their car back, the staff let them know what happened, rightly confused this led to a lot of discussion. As you can probably tell, the man was not a policeman and had made off with a nice shiny BMW simply by asking for it. If something like this happens to you, always ask for documentation from the police. [55:00] The Great Computer Caper: Ian recalls a training centre incident where a lot of computer equipment is stored in one suite. One day a few  guys came in and started lifting stuff out, people were holding doors open for them, not at all thinking them to be thieves. Low and behold, they were and took everything. Steve recounts a very similar experience where the thieves posed as a computer service company, stripping the entire office on a Friday afternoon. It wasn’t until Monday when everything was still gone that people thought to question who those people really were. Thank you all for a great 2024, we look forward to bringing you more ISO tips and success stories in 2025. We’d love to hear your views and comments about the ISO Show, here’s how: ●

On average, international events emit over 2,000 tonnes of greenhouse gases, which is the equivalent to what 270 UK citizens emit in a whole year.  The events industry has been under scrutiny for a number of years in regard to its sustainability, with many factors such as international and domestic travel and exhibition waste to consider, it’s quite a beast to tackle! Back in 2012, to coincide with the London Olympics, a new Standard dedicated to Sustainable Events Management was launched. ISO 20121 provides a robust framework for those seeking to take actionable steps to tackle their sustainability, such as todays’ guest FESPA.    In this episode Ian is joined by Graeme Richardson-Locke, Head of Associations & Technical Lead at FESPA, to discuss FESPA’s journey towards achieving ISO 20121, the challenges faced along the way and benefits felt from certification. You’ll learn ·      Who is Graeme Richardson-Locke? ·      Who are FESPA? ·      What was the main driver behind obtaining ISO 20121? ·      What was the biggest gap identified in the initial Gap Analysis? ·      What did FESPA learn from the experience of implementing ISO 20121? ·      What are the main benefits of ISO 20121 certification?   Resources ·      FESPA ·      FESPA Sustainability Spotlight ·      Isologyhub   In this episode, we talk about: [02:05] Episode Summary – We welcome today’s guest, Graeme Richardson-Locke, Head of Associations & Technical Lead at FESPA, to discuss their journey towards achieving the best practice standard for Sustainable Event Management – ISO 20121. [02:40] Who is Graeme?: Graeme has spent 40 years in the print sector, from textiles to graphics to industrial printing. Starting from an apprenticeship in screen printing, which moved onto industrial printing and then finally into digital print. A little known fact about Graeme, he used to live on a goat farm on the Isle of Isla in the inner Hebrides. He speaks fondly of his time in a small community of just over 3,000 people, taking long walks and admiring the rich landscape. [06:00] Who are FESPA? – FESPA is the global Federation of National Specialty Print Trade Association. They work to support visual communication businesses in wide format and production of wide format products, so this includes things like garment decoration, interior décor, signage and industrial products. Their association have members across 37 countries with around 1400 businesses within their membership. They ultimately seek to reinvest their profits for the purpose of inspiring, educating and growing the industry. Their roots can be found in creativity, with some of their founding members coming from a background of screen printing. [09:55] What is the scope of FESPA’s ISO 20121 certification? Currently it extends to their major European based exhibition – Global Print Expo, which also includes their European Sign Expo. They thought it best to roll out certification to the Standard against their largest event. Outside of the certification scope (so far) they do run events in Mexico, Brazil, Africa and the Middle East. It would be much too large of an undertaking trying to certify all their events initially, so they started with the European events with a view to expand their scope of certification at a later date. [11:05] What was the main driver for achieving ISO 20121? Their was a clear need for sustainability related materials to be made available to their members. So FESPA started to develop a guide on sustainability certification schemes, a glossary of terms and a calculating carbon guide. As a result, they set-up a feature on their website called Sustainability Spotlight, which highlights new sustainability produced materials coming to market. So it was clearly a topic of focus for their members. They also sought to increase the positive impact they can have within their community, reduce the negative impacts and further develop their overall value. [13:05] The ethical way forward – As an internal advocate, Graeme wanted to put forward a proposal for something that was really meaningful and not just a greenwashing exercise. This is something that seeking certification, which includes third-party verification, can provide. [13:35] How long did it take FESPA to achieve ISO 20121? – FESPA began looking into the Standard back in 2022, but it was mired with other turbulence that needed their focus. The pandemic, the war in Ukraine, supply disruption and inflation, there was a lot happening in a short space of time. They made a start on their journey in the Summer of 2022, but it was slow going as they were still building back from the pandemic. The slow burn picked up speed in 2023, with their certification being secured in May 2024. [15:45] What was the biggest Gap identified during the Gap Analysis? FESPA have a lot of talented members, with a lot of competence, but the experience of creating formalised policies, procedures and a Management System that had to meet the set requirements of the Standard was a learning curve. FESPA didn’t have the benefit of other ISO certifications, and this was the first time they were implementing an audited Standard, so the whole process was very eye opening. [16:40] What impact did Implementing ISO 20121 have on FESPA? It provided a new perspective on their business, and has helped to develop a greater awareness of sustainable development opportunities. An example of this includes when they started to really dig deeper into how they build and run events, from stand materials to catering. They found that switching their stand build materials to fiber build materials reduced their carbon footprint by 90%! By simply thinking more carefully about what they were doing, they managed to make a massive carbon reduction, with an appetite to reduce this even further. They worked with a company called Quota to calculate their carbon emissions, as they didn’t have that particular expertise in-house. With that massive reduction as a motivator, they are now looking at stand material lifecycle, with a view to use more recycled materials that can be reprocessed. [19:00] An eye opening experience -  Completing exercises like a SWOT and PESTLE and rolling out a risk register which is reviewed on a quarterly basis, allows them to really keep an eye on how things are changing and any available opportunities.   All of these feed into their objective setting for the next year, establishing a solid path of progression to drive the business forward. [20:10] Keeping up with an ever changing world: FESPA have molded their Management to suit the way they work, which is not linear. Venues change ever year, and it’s critical that their management system assist in asking the right questions for new event locations. One of their recent events took place in The Rye in Amsterdam, and they had zero emissions relating to energy because the Rye had their own sustainability related policies and procedures in place.   [21:15] The event industry’s collective effort: Many venues and other businesses involved in the events sector are large organisations with high energy consumption. Many will already fall under legislative requirements to address and reduce their energy consumption. So, everyone is working in step with each other for the most part. FESPA’s own members are showing trends of steering more towards utilising more sustainable materials such as recycled fabrics, as these have less weight, less cost to ship and more opportunity for reprocessing. It’s still very much a work in progress, but it’s being driven in the right direction. [24:20] Graeme’s Top Tip:  The power of systematic thinking, Implementing a Management System requires a new way of working. Graeme ran into trouble when first providing auditable evidence, as it was not something FESPA had ever done before. They encountered a minor non-conformance for F gas leakage in their head office air conditioning, and while they could confirm that their provider was F gas certified but they hadn’t checked to make sure the certificate was in date. Little examples like this proved that they need a more systematic approach in all aspects of the business to ensure they complied with all relevant regulations, while also providing a solid framework for continual improvement. [26:15] Celebrating ISO Success: Graeme was fortunate to attend a Certificate ceremony, put on by their Certification Body, BSI. The acknowledgement of not only his effort, but others who had been through a similar experience made for a fantastic celebration of FESPA’s achievements. [27:20] Graeme’s book recommendation: Green Swans, The Coming Boom in Regenerative Capitalism – By John Elkington [29:15] Chris’s favourite quote: The biggest threat to this planet is the belief that someone else will save it – Robert Swan If you would like to learn more about FESPA, and their sustainability initiatives, visit their website. We’d love to hear your views and comments about the ISO Show, here’s how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

AI has been integrated into almost every aspect of our lives, from everyday software we use at work, to the algorithms that determine what content is recommended to us at home. While extraordinary in its capabilities, it isn’t infallible and will open up everyone to new and emerging risks. Legislation and regulations are finally catching up to the rapid adoption of this technology, such as the EU AI Act and new Best Practice Standards such as ISO 42001. For those looking to integrate AI in a safe and ethical manner, ISO 42001 may be the answer. Today Rachel Churchman, Technical Director at Blackmores, explains what ISO 42001 is, why you should conduct an ISO 42001 Gap analysis and what’s involved with taking the first step towards ISO 42001 Implementation.   You’ll learn ·      What is ISO 42001? ·      What are the key principles of ISO 42001? ·      Why is ISO 42001 Important for companies either using or developing AI? ·      Why conduct an ISO 42001 Gap Analysis? ·      What should you be looking at in an ISO 42001 Gap Analysis?   Resources ·      Register for our ISO 42001 Workshop ·      Isologyhub     In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:05] Episode summary: Rachel Churchman joins Steph to discuss what ISO 42001 is, it’s key principles and the importance of implementing ISO 42001 regardless of if you’re developing AI or simply just utilising it. Rachel will also explain the first step towards implementation – an ISO 42001 Gap Analysis. [02:45] Upcoming ISO 42001 Workshop– We have an upcoming ISO 42001 workshop where you can learn how to complete an AI System Impact Assessment, which is a key tool to help you effectively assess the potential risks and benefits of utilising AI. Rachel Churchman, our Technical Director, will be hosting that workshop on the 5th December at 2pm GMT, but places are limited so make sure you register your place sooner rather than later! [03:20] The impact of AI – AI is everywhere, and has largely outpaced any sort of regulation or legislation up until very recently. These are both needed as AI is like any other technology, and will bring it’s own risks, which is why a best practice Standard for AI Management has been created. If you’d like a more in-depth breakdown of ISO 42001, check out our previous episodes: 166 & 173 [04:30] A brief summary of ISO 42001 – ISO 42001 is an Internationally recognised Standard for developing an Artificial Intelligence Management System.  It provides a comprehensive framework for organisations to establish, implement, maintain, and continually improve how they implement and develop or consume AI in their business. It aims to ensure that AI risks are understood and mitigated and that AI systems are developed or deployed in an ethical, secure, and transparent manner, taking a fully risk-based approach to responsible use of AI. Much like other ISO Standards, it follows the High-Level Structure and therefore can be integrated with existing ISO Management systems as many of the core requirements are very similar in nature.  [05:45] Why is ISO 42001 important for companies both developing and using AI? – AI is now becoming commonplace in our world, and has been for some time.  A good example is the use or Alexa or Siri - both of these are Large Language AI Models that we all use routinely in our lives.  But AI is now being introduced in many technologies that we consume in our working lives - all designed to help make us more efficient and effective.  Some examples being: ·      Microsoft 365 Copilot ·      GitHub Copilot ·      Google Workspace ·      Adobe Photoshop ·      Search Engines i.e. Google Organisations need to be aware of where they're consuming AI in their business as it may have crept in without them being fully aware.  Awareness and governance of AI is crucial for several reasons:  For companies using AI they need to ensure they have assessed the potential risks of the AI such as unintended consequences and negative societal impacts, or potential commercial data leakage.  They also need to ensure that if they are using AI to support decision making, that they have ensured that decisions made or supported by AI systems are fair and unbiased.   It's not all about risk - organisations can also use AI to streamlining processes helping to become more efficient and effective, or it could support innovation in ways previously not considered. For companies developing AI, the standard promotes the ethical development and deployment of AI systems, ensuring they are fair, transparent, and accountable.  It provides a structured approach to risk assessment and governance associated with AI, such as bias, data privacy breaches, and security vulnerabilities. And for all, using ISO 42001 as the best practice framework, organisations can ensure that their AI initiatives are aligned with ethical principles, legal requirements, and industry best practices. This will ultimately lead to more trustworthy, reliable, and beneficial AI systems for all. [10:00] Clause 7.4 Communication – The organisation shall determine the internal and external communications relevant to the system, and that includes what should be communicated when and to who. [09:00] What are the key principles outlined in ISO 42001? – ·      Fairness and Non-Discrimination - ensuring AI systems treat all individuals and groups fairly and without bias. ·      Transparency and Explainability - Making AI systems understandable and accountable by providing clear explanations of their decision-making processes. ·      Privacy and Security - Protecting personal data and privacy while ensuring the security of AI systems. ·      Safety and Security - Prioritising the safety and well-being of individuals and the environment by mitigating potential risks associated with AI systems. ·      Environmental & Social - Considering the impact of AI on the environment and society, promoting sustainable and responsible practices. ·      Accountability and Human Oversight - Maintaining human control and responsibility for AI systems, ensuring they operate within ethical and legal boundaries.  You'll often hear the term 'Human in the loop'.  This is vital to ensure that AI is sanity checked by a human to ensure it hasn't hallucinated or result ‘drifted’ in any way. [11:10] Why conduct an ISO 42001 Gap Analysis? What is the main aim? – Any gap analysis is a strategic planning activity to help you understand where you are, where you want to be and how you’re going to get there.  The ISO 42001 gap analysis will identify gaps and pinpoint areas where your AI practices need to meet the ISO 42001 requirements.  It aims to conduct a systematic review of how your organisation uses or develops AI to then assess your current AI management practices against the requirements of the ISO 42001 standard. This analysis will then help you to identify any "gaps" where your current practices do not fully meet the standard's requirements.  It also helps organisations to understand 'what good looks like' in terms of responsible use of AI.   It will help you to prioritise improvement areas that may require immediate attention, and those that can be addressed in a phased approach. It will help you to understand and mitigate the risks associated with AI.  It will also help you to develop a roadmap for compliance to include plans with clear actions identified that can then be project managed through to completion, and as with all ISO standards it will support and enhance AI Governance. [13:15] Does an ISO 42001 gap analysis differ from gap analysis for other standards? – Ultimately, no. The ISO 42001 gap analysis doesn't differ massively from other ISO standard gap analysis, so anyone who already has an ISO Standard and has been through the gap analysis process will be familiar with it. In terms of likeness, ISO 42001 is similar in nature to ISO 27001 in as much as there is a supporting 'Annex' of controls and objectives that need to be considered by the organisation.  Therefore the questions being asked will extend beyond the standard High Level Structure format. Now is probably a good time to note that the Standard itself is very informative and includes additional annex guidance information to include ·      implementation guidance for the specific AI controls, ·      an Annex for potential AI-related organisational objectives and risk sources, ·      and an Annex that provides guidance on use of the AI management system across domains and sectors and integration with other management system standards.  [14:55] What should people be looking at in an ISO 42001 gap analysis? – The Gap Analysis will include areas such as looking at the 'Context' of your organisation to better understand what it is that you do, or the issues you are facing internally and externally in relation to AI - both now and in the reasonably foreseeable future, and also how you currently engage with AI in your business.  This will help to identify your role in terms of AI.  It will also look at all the main areas typically captured within any ISO standard to include leadership and governance, policy, roles and responsibilities, AI Risks and your approach to risk assessment and treatment and AI system impact assessments.  It also looks at AI objectives, the support resources you have in place to manage requirements, awareness within your business for AI best practice and use, through to KPI's, internal audit, management review and how you manage and track issues through to completion in your business. The AI specific controls look more in-depth at Policies related to AI, your internal organisation in relation to key roles & responsibilities and reporting of concerns, The resources for AI Systems, how you assess the impacts of AI Systems, The AI system lifecycle (AI Development), Data for AI Systems, Information provided to interested parties of AI Systems, and the use of AI Systems and 3rd party and customer relationships. [18:10] Who should be involved in an ISO 42001 Gap analysis? – An ISO 42001 gap analysis looks at AI from a number of different angles to include organisational governance that includes strategic plans, policies and risk management, through to training and awareness of AI for all staff, through to technical knowledge of how and where AI is either used or potentially developed within the organisation.  This means that it is likely that there will need to be multiple roles involved over the duration of a gap Analysis. At Blackmores we always provide a Gap Analysis 'Agenda' that clearly defines what will be covered over the duration of the gap analysis, and who typically could be involved in the different sessions.  We find this is the best way to help organisations plan the support needed to answer all the questions required.  It's also important to treat the gap analysis as a 'drains up' review, to help get the  most benefit out of the gap analysis.  This will ensure that all gaps are identified so that a plan can then be devised to support the organisation to bridge these gaps, putting them on the path to AI best practice for their business. If you’d find out more about ISO 42001 implementation, register for our upcoming Workshop on the 5th December 2024. If you’d like to book a demo for the isologyhub, simply contact us and we’d be happy to give you a tour. We’d love to hear your views and comments about the ISO Show, here’s how: ●     Share the ISO Show on T

One of the biggest contributors to a stagnating ISO Management System is a failure to communicate. This has certainly been true in our experience with implementing ISO Standards for over 18 years, and as a result, we make sure to highlight awareness and communication as an integral step of the Implementation process. It’s a wasted effort only to have your management system gathering dust in a rarely visited folder on your server. If you want to reap the benefits of ISO implementation, it’s in your best interest to make everyone aware of their role in relation to your management system and its continual improvement. Today Ian Battersby explains what ISO Standards mean by awareness and communication, why they are so integral to a successful management system and how you can effectively communicate your management system.   You’ll learn ·      What does awareness and communication mean in relation to ISO Standards? ·      Why should you communicate your management system? ·      The benefits of management system awareness ·      How can you effectively communicate your ISO management system?   Resources ·      Isologyhub   In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:05] Episode summary: Ian Battersby will be explaining what ISO Standards mean by awareness and communication, and why they are so integral to a successful Management System. [02:30] What is awareness and communication so important?– The success and failure of a management system depends on it’s existence being known and understood within an organisation. Staff have a key part to play, and they need to know their part in the Management System and how it aligns with the organisations direction. [03:20] Extra guidance available for awareness and communication – There is a Standard that accompanies ISO 9001, called ISO 9004:2018 – Quality of an Organisation: Guidance to achieve sustained success. This is a great companion to any Standard, as it provides general guidance on how to properly embed a management system within your business. It talks at length about people and the need to ensure that they are competent, engaged, empowered and motivated. These are crucial as: Engagement of people enhances the organisations ability to create value for interested parties. Empowerment motivates people to take responsibility for their work and the results of their work. These can be achieved by providing people with necessary information with authority and the freedom to make decisions related to their own work. People should understand the significance and importance of their role, specifically in creating that value to meet and exceed customer expectations. [05:30] What should be communicating according to ISO Standards? – Taking ISO 9001 as the example, because it is the basis for most ISO Standards, it has a specifies the following: 5.2.2 Quality Policy - The policy should be available and maintained as documented information, so must be issued somewhere so that people can see it. But it also, quite importantly, must be communicated, understood and deployed within the organisation. It also needs to be made available to other relevant and trusted parties. 5.3 Organisational roles, responsibilities and authorities - Top management have a responsibility here. They must ensure that responsibilities and authorities for relevant rules are assigned, communicated and understood within the organisation. There’s a lot to consider here as this will also take into account for ensuring processes are delivering expected outputs, the reporting of system performance and improvement and the promotion of customer focus throughout the organisation. 6.2 Objectives - The organisation should establish objectives. These will be targeted at relevant functions, levels and processes and should be communicated to the relevant people affected by those objectives. 7.3 Awareness – Includes the specification that anyone working under the organisations control, so this could include indirect workers, must be aware of your quality policy. Also included is the awareness of objectives and staff’s contribution to the effectiveness of the management system. People aslo have to be aware of the implications of not conforming to the requirements of the management system or standard. [09:30] The implications of not following requirements – You need to consider what happens if someone doesn’t follow a process. For Standards such as ISO 45001 Health & Safety management, following processes could be a matter of someone getting hurt or breaking the law. [10:00] Clause 7.4 Communication – The organisation shall determine the internal and external communications relevant to the system, and that includes what should be communicated when and to who. [10:30] When should you deliver ISO Management System awareness and communication training? – If you’re just starting out on your ISO Implementation journey, it’s crucial to communicate at the outset the importance of the process of achieving certification. The level of awareness will vary depending on people’s roles, i.e: Top Management: Top management must understand the role of the management system in relation to the strategic direction of the organisation as part of context, they must understand what the management system contributes to the overall business outcomes. While top management don't need to know standards inside out, they must be aware and must have understanding of the overall purpose of the standard and the benefits that standard will bring to the organisation. To gauge the level of awareness top management need, ask yourself, would you be happy to let them be interviewed in private by a third-party assessor in regards to all of their responsibilities in relation to the management system? [13:20] General awareness for the workforce– While leadership require a greater level of awareness, there is still a need for general staff to have a certain level of management system awareness. For those on their first implementation journey, you should bring people in from the very beginning, this includes all staff and those working indirectly under your organisation. You will want to make them aware of the following: What is a quality management system? – Define what it is and what it means What’s important about the Standard? – People don’t need to know the intricacies of standard subclauses, so just select important aspects such as the Plan Do Check Act (PDCA) cycle If you’re integrating Standards, what are some common requirements? – If you’re integrating a new standard, what requirements specific to that new standard need to communicated? [15:15] Join the isologyhub and get access to limitless ISO resources – From as little as £99 a month, you can have unlimited access to hundreds of online training courses and achieve certification for completion of courses along the way, which will take you from learner to practitioner to leader in no time. Simply head on over to the isologyhub to sign-up or book a demo. [17:20] General awareness for the workforce continued – You will also need to make sure people are aware of: What do they need to know in relation to certification? – This can include the date you’re working towards, what might be expected of them during an ISO assessment, what does the certification actually mean for the business? Accessing the Management system – How can people find your management system? What documents does it hold? How do you use it? And how does this impact on staff’s day to day activities? Staff’s role in relation to the Management system – How do staff contribute to the management system on a daily basis? How do they contribute to business objectives? How does the management system benefit them? – Your management system will include tools and guidance on how to carry out certain activities. It explains how improvements can be suggested and made and how audits work. Ultimately it provides a structured approach to ensure everyone is singing from the same song sheet. The importance of complying with policies, processes and procedures – including the consequences of not complying with them. Raising issues relating to non-conformity, the effectiveness of the management system and any potential improvements – You can’t have eyes everywhere, and the people working in alignment with your processes can better highlight where something may not be working. This also increases engagement as people will have a real impact on how your business operates.   [20:15] Specific standard considerations for communication – The focus of elements of your communication will be tied to the specific ISO Standard you’re implementing. I.e. A Health & Safety management system will include communication of key risks and hazards, how to report safety issues and abiding by Health & Safety law Environmental management systems may include awareness of the need to protect the world we live in, how each person can help lessen their impact on an individual scale ect.   [21:00] Other key roles and related communication – There are other key roles within the organisation which will have specific communication requirements. These will be people like operational functional managers with key roles in processes they may be involved in, i.e. sales, design, purchasing, calibration ect. If they've got specific functions in the organisation with respect to the management system, they need to understand them as much as top management needs to know theirs and the general workforce need to know theirs. [21:50] Communicating key changes to the Management system – You need to continually communicate to the workforce when changes occur to the management system. That communication doesn’t stop as soon as you’re certified! For first time implementation, you’ll want to communicate when you’ve achieved certification.   [22:30] The importance of communication within a Management System – If people are aware of their role and importance to a management system, they will be more engaged with its operation. This can include reporting on objectives progress during team briefs, raising potential issues and non-conformities or opportunities for improvement, highlighting customer complaints, monitoring number of incidents at work ect All of these contribute to the success of the business and need to be reported on continually. These can turn into lessons learned, which could lead to major system changes where documentation or processes need to be updated and communicated. [24:30] What’s the best way to communicate your ISO management system? – Not all organisations are the same, so there is no right or wrong way to do so. A few suggestions include: ·      SharePoint ·      Teams Channel ·      E-mail / internal newsletters ·      Bulletins ·      In-person training ·      Videos For any of the above you may need to consider how to record who has completed set awareness training. [25:30] A final thought  – If an auditor stops and asks a worker about your quality policy, what will that person say to that auditor? We understand that the quality policy must be communicated, but how does each person understand it? Your awareness raising needs to capture methods of ensuring that that happens, which is a tricky task! They do not need to know a Standard verbatim, but they should know the importance of complying with it, what a non-conformity within that system means, and what are the consequences are if they don’t follow the rules. If you’d like to book a demo for the isologyhub, simply contact us and we’d be happy to give you a tour. We’d love to hear your views and comments about the ISO Show, here’s how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or

A crucial part of Implementing any ISO Standard is addressing your risks and opportunities.  This is a key part of Clause 4 Context of the organisation, which expresses and explicit need to review and assess what internal and external factors could help and hinder in achieving your business goals. While ISO Standards don’t define a definitive method of doing so, many have adopted the practice of carrying out a SWOT and PESTLE analysis.   Today Ian Battersby explains what a SWOT and PESTLE analysis is, the key questions you should be asking and the importance of continually reviewing and updating the results as your management system matures.    You’ll learn ·      What is a SWOT analysis? ·      What is a PESTLE analysis? ·      Examples of questions you should be asking during a SWOT and PESTLE ·      How often should a SWOT and PESTLE be conducted? ·      Examples of SWOT and PESTLE in practice   Resources ·      Isologyhub   In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:05] Episode summary: Ian Battersby will be explaining what a SWOT and PESTLE exercise is, it’s role in fufilling key requirements in Clause 4 of any ISO Standard, and the key questions you should be asking during the exercise.   [02:30] What is a SWOT and PESTLE analysis? – This is one is the tools you can use to look at various factors that affect your organisation. SWOT standards for: ·      Strengths ·      Weaknesses ·      Opportunities ·      Threats PESTLE standards for: ·      Political ·      Economical ·      Social ·      Technological ·      Legal ·      Environmental And in recent years, people have added ethical into PESTLE too. Whether that’s on its own or integrated within the other elements is up to the organisation and how they want to run the exercise. Both analysis are fundamental in helping organisations understand the benefits and pitfalls of a project, management system implementation included. [05:05] Where in the Standard is there a need for a SWOT and PESTLE? – Clause 4 in all ISO Standards is known as ‘Context of the organisation’, which you need to establish early on in order to set the foundations for building your management system. Context is the world in which an organisation works, it is the considerations of the internal and external factors that affect what you do. SWOT and PESTLE, while not specifically referenced in the Standard, is a highly recommended tool as it directly assesses multiple internal and external factors and can fulfil the requirements of any ISO Standard. [06:20] Addressing Context of the Organisation – Clause 4, Context of the organisation states: “The organisation shall determine external and internal issues that are relevant to its purpose and its strategic direction, and that affects its ability to achieve the intended results of its management system. The organisation shall monitor and review information about these external issues.” There are also 3 additional notes: #1: Issues can include positive and negative factors or conditions #2: Understanding the external context can be facilitated by considering issues arriving from legal, technological, competitive, market, cultural, ect 3#: Understanding the internal context can be facilitated by considering Issues related to values, culture, knowledge and performance of the organisation.   So, there’s a lot to consider! [08:10] How SWOT and PESTLE address Context of the Organisation – Taking a look at SWOT, strengths and weaknesses would refer to factors internal to your organisation, while the opportunities and threats would be external. Depending on the focus of your management system, you may also want to complete this exercise through a certain lens. That could be information security, health & safety or environmental. The Standard requires you to align your management system with the strategic direction of the organisation, so even if you are viewing this exercise through a certain lens, don’t do so in complete isolation. [09:55] How to conduct a SWOT and PESTLE – The people involved in completing this exercise are important, not just the questions you ask. Senior management should be included as they will have key insight to the strategic direction of the business. You should also include operational managers or other functional managers as they will have more context for how things actually work in practice. The point of a SWOT and PESTLE is to ascertain where you stand in terms of your risks and opportunities, and issues relating to resources, people, information, process, technology, equipment, laws, markets, environment, finance, economy ect from both an internal and external lens. This will give you a solid foundation to build your management system on, which will ultimately help you achieve your intended outcomes and lead to a cycle of continual improvement. [11:55] Considerations for Strengths – Strengths is an internal factor. Questions you could ask include: ·      What do we control through good processes? ·      What are we known for? ·      What does our marketplace and competitors say about us? ·      What are we good at? ·      What assets do we have? ·      What resources and knowledge do we have readily available? ·      What's the strength in our products and in the processes for delivering those products and the people that run those processes and deliver those products, their skills, their knowledge, their strengths, their weaknesses and their expertise? ·      What areas in our organisation are already at a high standard and don't necessarily need improvement?   ·      Do we have objectives and targets that we measure against, i.e. KPIs, metrics, success factors and service level agreements, that demonstrate we're good? [13:10] Considerations for Weaknesses – Weakness is another internal factor, one that you have to be brutally honest conducting. Questions you could ask include: ·      What could you improve? ·      Where is money being spent poorly, or being lost? ·      What do your competitors do better than you? ·      What resources / knowledge / people / expertise do you lack? ·      What processes do you lack? ·      Where can your products or services be improved? ·      What are the constraints on your ability to meet changes in market need or demand? ·      What does your customer feedback look like? ·      Do your suppliers meet your requirements or the requirements of your clients? [14:45] Considerations for Opportunities – Opportunities are considered an external factor. Questions you could ask include: ·      What new opportunities are available in your market? ·      What data do you have available on market trends, and how can you leverage that? ·      How changes in compliance requirements in your specific industry or your locality might provide you with opportunity to gain an edge?

Business travel remains one of our largest sources of greenhouse emissions, accounting for 26% of the UK’s total emissions. In an ideal world, no one would have to travel to work or events, some might even point to the way everyone adapted in COVID as a prime example of this in practice. However, for many that model of work is not feasible in the long-term. So, how can we reduce this unavoidable stream of emissions? Businesses are starting to take the right steps, however, today’s guest is paving the way as a shining example of sustainable business travel and events management.   In this episode, Mel is joined by Christopher Truss, Global Sustainability Director at Reed & Mackay, to discuss their impressive existing ISO Standard portfolio and their journey towards ISO 14064 carbon verification. You’ll learn ·      Who is Chris Truss? ·      Who are Reed & Mackay? ·      What are the highlights from Reed & Mackay’s latest Sustainability and Responsible Business report? ·      What Standards are Reed & Mackay certified to? ·      What is the demand for sustainability within the business travel and events management sector? ·      Why get ISO 14064 verified? ·      What were the challenges with obtaining ISO 14064 verification? ·      What are the benefits of obtaining ISO 14064 Verification?   Resources ·      Reed & Mackay ·      Reed & Mackay Sustainable and Responsible Business Report 2024 ·      Carbonology   In this episode, we talk about: [02:05] Episode Summary – We welcome today’s guest, Chris Truss, Global Sustainability Director at Reed & Mackay, to explore their ISO Standards portfolio and journey towards ISO 14064 verification. [02:40] Who is Chris?: Chris has had over 20 years experience in the business travel industry. He is currently responsible for driving the sustainability agenda at Reed & Mackay, which includes the development of services and solutions that their clients require to meet their own sustainability initiatives. He also manages a wide range of third-party suppliers. A lesser know fact about Chris is in a band, playing the folk fiddle and singing in pubs around Yorkshire. He also plays tennis in the over 45 category for Yorkshire! [04:50] Who are Reed & Mackay? – Reed & Mackay are a global travel management and event management business. They help clients all the way from picking up the telephone and making bookings on their behalf, helping them source appropriate venues for their events and then managing the overall spend, the supply chain and ultimately reporting back to them on what they've been up to and how they can improve their processes and save money. Reed & Mackay are highly regarded for their quality of services, especially within the professional services sector, and they proudly boast a number of large blue chip clients. [05:50] What are some of the highlights in Reed & Mackay’s Sustainability and Responsible Business Report? When Chris came into his latest role, he looked to tackle two main points: ·      How can Reed & Mackay operate sustainably? ·      How can we articulate that to our clients? As a result of the work Chris has done, Reed & Mackay have signed up to the United Nations Global Compact and have aligned themselves with the UN’s Sustainable Development Goals. They have also become an EcoVadis rated supplier and are undertaking their first Carbon Reduction Plan disclosure. From a corporate responsibility point of view, they have made great strides to improve their gender pay gap. They are also ensuring the integrity of their charitable partnerships. [08:00] What are some of the sustainability initiatives that Reed & Mackay have started? Reed & Mackay support a charity called 4Ocean, who are trying to remove as much plastic from our oceans as possible. They selected this charity in particular due to it’s global reach, embodying the nature of Reed & Mackay’s global influence in 13 countries for the past 10 years. They recognised the need to support a sustainability based charity as corporate travel is highly polluting, so this is a form of taking responsibility and looking at where they can assist to reduce environmental damage. 4Oceans also allows their employees to get involved directly, should they choose to take some time out of the office to help with ocean clean-up. [09:55] What ISO Standards are Reed & Mackay certified to? They are currently certified to: ·      ISO 27001 Information Security ·      ISO 14001 Environmental Management ·      ISO 22301 Business Continuity ·      ISO 9001 Quality Management All of which they have been certified to for over 10 years now! They acted as a foundation for Chris to drive his sustainability agenda. [11:10] How are these ISO Standards managed across the business? – Reed & Mackay have a dedicated Security and Trust team that manage all ISO certifications, in addition to their other responsibilities. All of the ISO Standards are a part of their Integrated Management System, which sits alongside their policies and procedures for the business that are managed by a central team. This has provided them with an invaluable foundation to ensure the delivery of quality services, client satisfaction and continual improvement. [12:45] What is the demand for sustainability within the business travel sector? They are receiving more requirements and requests from clients in regard to their own operational CO2 footprint, which is needed for clients own reporting requirements as Reed & Mackay would count towards many clients Scope 3 emissions. There is also a need for more transparency with carbon reporting, including the use of credible calculation methodology’s. The verification of GHG emissions also gives clients more confidence that businesses are doing what they say they’re doing. [14:15] What was the main driver behind Reed & Mackay gaining ISO 14064 verification?: While they felt confident in their sustainability efforts up to a certain point, they wanted someone to come in and mark their homework to make sure they were doing the right thing. With the increase in client demand for credible sustainability reporting, it was vital to pursue various CPD disclosures such as EcoVadis and prepare for upcoming legislation like CSRD. To ensure they were in the best possible shape to give the information requested by clients and other stakeholders, they needed am accurate and reliable method of verification, which is what ISO 14064 could provide. [15:40] What were the main challenges in obtaining ISO 14064 verification?: Just getting a hold of the raw data was the most difficult part, although they found it to be a very enlightening experience too. Having to dig to find the right information helped Chris to understand the business better, giving him a greater visibility on where their carbon emissions are coming from and where there are opportunities to reduce those. You have to be very tenacious to get all the necessary data. Chris highlights purchased goods and services data as particularly challenging to obtain due to its granular nature. Now they have been through this process once, they’ve got a system in place to make data collection a lot easier in future. [18:55] What impact has ISO 14064 verification had on Reed & Mackay?: It’s helped from an internal perspective as people now have a greater visibility and understanding of the impact that have on an individual basis. This in turn creates a strong launchpad for their Net Zero strategy. From an external perspective, it’s given Reed & Mackay a lot more confidence in their own processes and their ability to work with their clients towards sustainability goals. [20:00] What were the main benefits of getting ISO 14064 verified?: Giving clients, stakeholder and employees confidence: The verification calculation is reliable, and so they can be confident in relaying the facts and figures to interested parties. A great insight: The data has provided huge insights into how the business operates and where it’s biggest emissions sources lie. This is vital to know before you take steps to try and reduce your current impact. Ability to create an accurate Carbon Reduction Plan: Once again, with confidence in having the correct data to hand, they are able to formulate an accurate Carbon Reduction Plan which can be realistically achieved. Anti Green-washing: Consumers are crying out for a reliable sign of credibility. Simply having an environmental policy statement may have been enough 10 years ago, but that’s not the case now. People expect evidence of your sustainability claims. [21:50] Chris’s top tip for anyone considering ISO 14064 verification: Just get started and don’t be scared by the process. Though it may seem daunting to start, you will actually be in a much better position than when you started. Having verified data and awareness of where that data comes from and what it means on a larger scale will be vital to looking for opportunities for improvement. So, if you want to improve your sustainability, you just need to get cracking! [23:20] How are Reed & Mackay helping organisations improve the sustainability of their travel?: Reed & Mackay’s ambition is to make sure that clients understand the impact of their choices at every single step of their journey. To help, they provide the carbon footprint of every booking they make, whether that be through their site or with a consultant. They also have approval processes built into their systems, which can be based on carbon. For example, if a client doesn’t want to take the lowest carbon option on a particular journey, they can add required approval from an additional person within that client’s organisation. So it adds a level of accountability over the choices people make. They also provide full reporting on business travel activity and where potential savings have been missed. This is a valuable tool if they need to provide travel data to carbon consultants for example, they’ll already have all of those granular reports prepared. These reports will highlight where clients haven’t taken the lowest carbon option, i.e. where they could travel in a group instead of individually. Reed & Mackay’s intention is to make sure people have visibility of carbon alongside cost so clients can make a fair and balanced decision. Additional services include: ·      Able to set carbon budgets across a business ·      Ability to purchase carbon credits for offsetting purposes ·      Opportunities to mitigate carbon emissions through offsetting, or decarbonise through Carbon Reduction Plans over a period of time [28:50] Chris’s book recommendation: His Dark Materials by Philip Pullman [29:15] Chris’s favourite quote: You can't measure success if you have never failed – Steffi Graf If you would like to learn more about Reed & Mackay, and their sustainability initiatives, visit their website. We’d love to hear your views and comments about the ISO Show, here’s how: ●     Share the ISO Show on T

Purchasing goods and services is a necessity for any business, whether that’s simply stocking up on office supplies, or looking for someone to manage your IT environment. Procurement has a key role to play in keeping things running smoothly, along with facilitating the core values of businesses as priorities change, such as a commitment to ESG compliance.   In this episode, Ian is joined by Philip Ideson, Founder & Managing Director of Art of Procurement, to discuss procurement’s role in ESG compliance, the challenges procurement faces with ESG, and learn about their mission to 10X the impact of procurement. You’ll learn ·      Who is Philip Ideson and the Art of Procurement? ·      What are the current trends in procurement? ·      What is procurement’s role in relation to ESG? ·      How do ESG deliverables fit in with the other results procurement is expected to deliver? ·      What are the greatest challenges procurement currently faces with ESG? ·      What is Art of Procurement’s mission to 10X the impact of procurement? ·      What are the 6 principles of this mission?     Resources ·      Art of Procurement ·      Art of Procurement Podcast ·      The Art of Procurement philosophy ·      ESG Compliance     In this episode, we talk about: [00:25] Episode Summary – We welcome today’s guest, Philip Ideson, Founder and Managing Director of the Art of Procurement, to discuss the role procurement has in ESG compliance. Additionally we will dive into Philip’s mission to increase the impact of procurement. [03:00] Who is Philip?: Philip has been in the procurement space for almost 25 years now! He started at Ford Motor company, in direct Procurement where he was purchasing parts for car manufacture. He later moved into indirect Procurement, which is essentially everything you need to operate on a day-to-day basis i.e. office supplies, childcare facilities ect. Philip has worked in the UK, Europe, India and has been based in the US for the past 19 years. To get a perspective on the other side, he joined a Service Provider who provided outsourced procurement, that company later got bought out by Accenture, which was when Philip decided to go out on his own and started ‘Art of Procurement. His podcast has been running for 9 years, and has the aim to share inspiring stories of companies who think differently about procurement. [06:05] Hard Truth: Inside the Football Industry Podcast – Philip also co-hosts another podcast in his spare time, which was awarded the EFL podcast of the year in 2023! Hard Truth delves into the behind the scenes aspects of football, co-hosted by the owner and Chairman of Peterborough United, it also gives an owner perspective of the football season. [07:05] What are some of the top trends and priorities in procurement currently? Digitisation: Procurement was an area where technological change happened relatively slowly, at least up until around 5 years ago there weren’t many tech solutions built specifically for procurement. However, a lot of money has been poured into the space, so now there’s the challenge of ‘How can we digitise?’ The problem with a lot of technology solutions is that they often become obsolete quickly, and with the rise of AI it’s trickly to keep up, let alone get ahead.   [08:10] What is something about procurement that might surprise people who don’t work in the field? Procurement gets a bad rep for trying to save every last penny at the cost of bullying suppliers. However, they are a lot more passionate around the role that suppliers can play in the growth of a business. It’s all about marrying together the capabilities of supply chains with the needs of a business, rather than trying to squeeze every last penny’s worth out of suppliers. [09:15] Procurement put into a box: In a lot of businesses, procurement kind of professionalised the profession based on an ROI which was tied to cost savings, because procurement sold that value proposition to get the investment, it means that that's the only thing businesses think they can do. Procurement gets put in this box within a business of when I need to save money, you know break the glass, bring out procurement and they can do that. Where you actually get a much better result by working more collaboratively with your procurement team. There’s a lot more tied to business objectives than with procurement objectives, instead of focusing on what procurement can do to save you money, look at what other objectives they can help you achieve. [10:35] What is procurement’s role with regard to ESG? – Philip was involved in a  research study that was done by The Economist, where they surveyed approximately 2300 C-Suite executives, procurement and non-procurement individuals. It was revealed that ESG was the number 2 priority right now, specifically where sustainability was concerned. Modern slavery is also becoming more of a concern. [12:00] A fad or long term change? Priorities like this for any business are subject to the politics of the day. They are important now as that’s where a lot of focus in from many different sources, but they are likely temporary and will be dependent on geographical location and available investment. However, the impact of emissions reporting as a result of ESG will have a longer term affect as scope 3 emissions include supply chains. More businesses will be expecting their supply chains to meet their emissions reporting requirements going forward. [13:20] How long has procurement been doing ESG/CSR type work?: Back 14 years ago, when they had to report back on supplier diversity spend, they had very little data. It involved a lot of extrapolating data so that you have something to report back with. More accurate data reporting has picked up in the last 6 years, and is more on an organisation by organisation basis. The key driver for procurement involvement in any aspect of sustainability is due to regulatory requirements. [15:00] Innovation for a better future: The digitisation and other technological advancements will allow for better ESG support, with more accurate data and reporting capabilities. Back in the day, it may have been a case of sampling some 100 suppliers out of a pool of 10,000 listed on a simple spreadsheet, and then googling them to see which ones would be considered diverse suppliers. It short, it used to involve a lot of manual data gathering, which is rapidly getting replaced by new tech tools. [26:20] What are the greatest challenges procurement currently faces with ESG? One of the challenges is internal. When ESG is brought to the table, decisions have to be made about selecting suppliers who would align with their ESG requirements, which is a decision that is ultimately made by the budget holder. Procurement can do everything they can to mitigate any additional cost, but they do not decide who spends the money with who. A lot of the role procurement can play in supporting ESG is dependent on the organisational focus on those initiatives and how well everything is communicated to all involved. [17:20] Looking to the future of procurement: Procurement was once seen as a cost management function, now professionals like Philip are looking at how they can demonstrate the additional value they can bring to an organisation, including supporting ESG compliance. Procurement has shifted more towards risk management, with a greater focus on risk factors such as cost and sustainability. There’s still a lot of uncertainty around what the next 10 years will look like. Philip predicts that procurement will become a smaller, yet more impactful area than it is today. The operating model will likely shift to a more service-based approach with a more nuanced approach to supporting businesses. Philip can see a world where sustainability and supply chains merge as third-party suppliers will have an increased effect on an organisations ability to meet its sustainability goals. [20:30] What is Art of Procurements’ mission to 10X the impact of procurement?: Philip aims to change the mindset of procurement leaders, and get them to think outside of the box. Procurement can have a significant impact on organisations, in the form of additional support like ESG, but also because they have a much wider field of view regarding potential suppliers. It’s about going back to basics, asking: ·      What is procurement? ·      How should it operate? ·      How can procurement best support businesses? Their mission aims to rethink how procurement works, and refining how to best work with organisations to achieve their goals. [22:25] What are the principles of this mission?: Philip highlights a few that he’s passionate about, including: Focus on driving business outcomes: How can procurement build their capabilities around what the business truly needs? There can be conflict between an organisation and its procurement, whether that be with stakeholders or selecting suppliers. So, it’s about finding a balance between doing what can be done to further an organisations goals while also saving them money. Procurement facilitating differentiated decision making: Procurement can offer some crucial insight into potential suppliers for organisations, but they can only do so if they have the correct data to help make those decisions. When it comes to measurable data, like many aspects of how sustainable a supplier may be, this is where procurement can help businesses make smarter decisions. Overseeing not managing spend: Procurement should not necessarily have complete control over the spend of an organisations, but using technology they should be able to understand what is being spent and with who. It’s keeping an eye on potential risk factors with suppliers and helping organisations decide who to continue to work with. [28:00] How are the Art of Procurement philosophically different? They see procurement as a journey, where many organisations are on a different part of the maturity curve and may need help bridging those gaps to keep moving forward. Art of Procurement seek to accelerate that speed of maturity by working smarter with new technology, and in alignment with an organisations goals. Procurement is facing a battle currently, where if they don’t adapt, they run the risk of losing out to purely AI driven tools. This is of course, not a concern unique to the world of procurement, it’s actively affecting HR, IT support and the creative industry in a huge way. [30:40] Connect over common goals: Procurement professionals often want to be more collaborative than people may think. Don’t be afraid to reach out to your procurement team to see what common goals you can try to achieve. They are there to work with you, not against you. [32:45] Procurement and ISO: Philip has seen a lot of instances where an internal audit finding will lead to procurement success. In some cases, this may be from an identification of a need for investment in procurement, it’s seen as necessary tool for the organisation and so they approach it with that mindset in mind. Internal Audits, a staple in the world of ISO, offer the opportunity to highlight where improvements can be made. They also compile credible evidence to put a case forward to relevant individuals, who may have not listened to previous grievances. If you would like to learn more about the Art of Procurement, check out their podcast available on their website. If you’d like to hear more from Philip, he also co-hosts the hard truth - inside the Football Industry podcast. We’d love to hear your views and comments about the ISO Show, here’s how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes:

Sustainability is an area that affects all businesses, no matter the sector. We are all currently contributing to the climate crisis, from travel and hospitality to manufacturing to those working in an office or from home. You may be surprised to hear that the legal sector is currently one of the leaders in championing sustainability, not just in enforcing new environmental legislation, but also leading by example in the race to net zero. One such stand out leader is today’s guest – Clyde & Co, a global law firm that have made great strides in their sustainability journey. In this episode, Mel is joined by Paddy Linighan, Chief Sustainability Officer at Clyde & Co, to discuss their ambitious net zero targets, sustainability initiatives and their journey towards ISO 14064 Carbon Verification.   You’ll learn What is Paddy Linighan’s role as CSO? Who are Clyde & Co? What are their net zero targets according to their responsible Business report? What sustainability initiatives have Clyde & Co introduced? Why get ISO 14064 verified? What were the challenges with obtaining ISO 14064 verification? What are the benefits of obtaining ISO 14064 Verification?   Resources Clyde & Co Clyde & Co Responsible Business report Carbonology   In this episode, we talk about: [00:25] Episode Summary – We welcome today’s guest, Paddy Linighan, Chief Sustainability Officer at Clyde & Co, to dive into their responsible business report, discuss their net zero ambitions and journey towards ISO 14064 Carbon Verification. [01:40] Introduction to Paddy: Paddy has 30 years experience in the legal sector, and was formerly the Chief Operating Officer for Clyde & Co before transitioning to the role of Chief Sustainability Officer. Paddy is also a Director at the Legal Sustainability Alliance, which is an association committed to supporting the legal sector to measure and manage their carbon emissions to achieve net zero. One lesser-known fact is that Paddy was a Latin and ballroom dancer! [02:30] Who are Clyde & Co? – They are a global law firm with 500 partners, 2700 lawyers and 3216 legal professionals across the world and operating out of 70 offices. They set out to help organisations successfully navigate risk and maximise the opportunity in the sectors that underpin global trade, namely insurance, aviation, marine construction, energy, trade and natural resources. They offer a comprehensive range of contentious and non-contentious legal services and commercially minded legal advice to businesses operating across the world in seamless fashion. Clyde & Co are committed to operating in a responsible way by progressing a diverse and inclusive workforce that reflects the communities and the clients it serves, and provides an environment in which hopefully everyone can realise their potential. They use their legal and professional skills to support communities through pro bono work, volunteering charitable partnerships, and minimisation of environmental impact through the pursuit of sustainability standards. [04:25] What are some of the Net Zero targets highlighted in Clyde & Co’s responsible business report? Near term target: Reduce their scope 1 and scope 2 emissions by 80% by 2030 and scope 3 emissions by 50% by 2030. Long term target: Have a 90% reduction in emissions by 2038  Focused on decarbonizing their operations across the globe. [06:25] What are some of the sustainability initiatives that Clyde & Co have started? All their initiatives can be broadly groups into 3 categories, but ultimately they seek to decarbonize their operations, address resource consumption and offset emissions where possible. They found that 95% of their emissions reside in their scope 3, which is due to their supply chain. A few of their initiatives include rationalizing their supply chain to reduce the impact of purchasing goods and services. They are also supporting their supply chain to measure and reduce their own emissions. Clyde & Co have also incorporated their sustainability requirements into their Procurement Process and Due Diligence Process. One challenging area for a professional services business like Clydo & Co is sustainable business travel. They have adopted a global note on sustainable travel, which trickles down into regional travel policies. Working with travel management companies, they will implement those new policies, in addition to improving the quality of travel data collection and prioritisation of sustainability over cost. Clyde & Co are also making the move to switch direct and in-direct consumption of fossil fuels to renewable energy in the heating and cooling of their buildings. As of summer 2023, all UK offices were on 100% renewable energy! They aim to roll this out on a global scale, but understand that there are significant challenges with doing so. [09:30] How did Clyde & Co celebrate Earth Day? They introduced climate change awareness training on Earth Day. It wasn’t mandatory in any way, and included the rolling out of several blogs and videos which were produced by AXA Climate School in Paris. They ran these through Earth Day (April 22nd) to World Environment Day (5th June). Covering topics such as: Financial disclosures Plastic pollution Saving water Beekeeping Composting This led to a campaign called ‘Zero as One’ which helped to create of a network of sustainable champions across their organisation, who help to further raise awareness and where there may be regional issues with reducing resource consumption and energy use. This campaign has continued and is beginning to facilitate a structured, bespoke training programme for all Clyde & Co staff which covers climate awareness to climate competency. It will encourage people to think ‘How can I, as an individual, make a difference?’ [15:30] The Clyde & Co Community Forest – A 6.2 hectare plot of land is shared with 2 other community groups, and is not only being used for reforestation but also biodiversity, focusing on red squirrels in particular. Getting this project set up included: Gauging the appetite of colleagues: They offered increased level of refforestation for every response they had to their annual ‘Have your Say’ survey. For every response received, they would add 2 square metres of forest. So, 5000 people would give them a hectare. It was a knowledge gathering exercise and experience of what a carbon offset project would look like. They know that they’ll never be able to 100% decarbonise their operations, but they hope to get it down to 10% remaining emissions which can be offset with more projects like the community forest. [19:35] What does Paddy think of the sustainability reporting regulatory requirements affecting the legal sector? Not only do lawyers have a key part to play in supporting and advising clients in relation to how they navigate towards a low carbon economy, but they are also a part of many businesses supply chain – meaning they would be included in scope 3 emissions for others. Putting in the work at their end enables them to proactively help and assist clients with their emissions reduction and reporting. The drive in this sector is mostly due to client demand. [21:10] The increase in sustainability targets in North American companies: Paddy highlights that a recent report issued by Climate Impact Partners found that 79% of North American companies now have climate targets, which is up 6% on Asian companies and just shy of European companies. 61% of those North American companies report under ISO 14064. [23:00] What were the drivers behind Clyde & Co getting ISO 14064 verified?: High Transparency: They wanted to ensure that any disclosed information was reliable and that they’d had third-party verification to back that up, making them much more comfortable putting that information out into the public. Financial Benefits: Sustainability and greenhouse gas emission reduction was a part of their main KPI’s to tackle, the main reason being to save money through not only the reduction in energy use but also reduced interest rates as a result of their sustainability efforts. [25:20] What were the main challenges in obtaining ISO 14064 verification?: Clyde & Co are a large organisation, so gathering and quantifying the necessary emissions information was like getting blood from a stone! Nearly 65 – 70 sites only have a small team of 5 people, and getting data from each can be time consuming. Also, the quality of data can vary a great degree with that many sites, especially on a global scale as you need to consider the conversion factors when collating all the data into something verifiable. [26:50] What impact has ISO 14064 verification had on Clyde & Co’s sustainability credentials?: Very simply, it validates Clyde & Co’s claims. With the third-party assessment, it shows that they are actually doing what they say they’re doing, and not simply paying lip service. [27:45] What were the main benefits of getting ISO 14064 verified?: Helping to secure financial benefits: ISO 14064 verification is proof enough for banks to issue discounts on interest rates Ease of process: The audit process introduced for ISO 14064 can be repeated as needed. As a result of getting verified, Clyde & Co found the exercise a good stress test for existing auditing procedures, and found a way to simplify them further. Credibility: Third-party verification adds a level of credibility which is lacking from internal calculation alone. [29:00] Paddy’s top tip for anyone considering ISO 14064 verification: Do not let perfection get in the way of progress. They found that people can become a bit defensive in audits, trying to avoid errors being picked up, however, audits are meant to be constructive. They are opportunities to pick up on areas for improvement. [30:40] Paddy’s book recommendation: The Ministry for the Future by Kim Stanley Robinson [32:10] Paddy’s favourite quote: The greatest threat to our planet, is the belief that someone else will save it – Robert Swan OBE If you would like to learn more about Clyde & Co, and their sustainability initiatives, visit their website. To find out more about verification visit www.carbonologyhub.com We’d love to hear your views and comments about the ISO Show, here’s how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Don’t forget to subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

Did you know that only a third of the emissions reductions required to achieve the country’s 2030 target are currently covered by credible plans? As a result, we can expect to see more mandatory and voluntary regulations that require carbon emissions reporting to verify your ESG and net zero claims. In this episode, Mel closes out the ESG Reporting Disclosures series by explaining what Corporate Sustainability Due Diligence Directive (CSDDD) is, it’s key emissions reporting requirements, the verification requirements and who qualifies for CSDDD. You’ll learn ·      What is CSRD? ·      Key requirements of CSDDD ·      Key emissions reporting requirements ·      the emissions verification requirements for CSRD? ·      Who qualifies for CSDDD? ·      The likely impact of CSDDD   Resources ·      Carbonology ·      Carbonology LinkedIn ·       Carbonology Instagram ·       CSDDD   In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:10] Episode summary: Mel closes out the series on ESG reporting requirements by diving into CSDDD. [03:10] What is CSDDD? – The Corporate Sustainability Due Diligence Directive (CSDDD) is a new EU directive that promotes sustainable and responsible corporate behaviour in companies’ operations and across their global value chains. Purpose: It aims to promote sustainable business practices, protect human rights, and address environmental challenges. The CSDDD was adopted by the European Commission on the 23rd of February 2022 and approved by the Council of the European Union on the 24th of May 2024. The new rules ensure that companies in scope identify and address adverse human rights and environmental impacts of their actions inside and outside Europe. The CSDDD is expected to start affecting companies from 2027 at the earliest once the directive has been transposed into national legislation. [05:10] What are the key requirements of CSDDD?: ·      Human rights due diligence: Companies must identify, prevent, and mitigate adverse human rights impacts within their value chains. ·      Environmental due diligence: They must assess and manage risks related to climate change, biodiversity loss, and pollution. ·      Disclosure obligations: Companies must disclose their due diligence processes, findings, and any remedial actions taken. [06:20] What are the Emissions Reporting Requirements? Under the CSDDDD, companies are required to report on their greenhouse gas (GHG) emissions within a climate transition plan. This includes considerations for Scope 1, 2 and 3. These were explained in more detail in a previous episode on CSRD, so go check that out if you want to learn more about the individual scope requirements. What if you fit the requirements of both CSRD and CSDDD, do you have to double report on emissions? In short – No! The climate transition plan required by the CSDDD will be reported within CSRD reporting, as organisations just need to adhere to the CSDDD’s implementation requirements for the transition plan. [10:10] What are the Emissions Verification Requirements? More definitive guidance on verification requirements is expected closer to 2027. Companies will more than likely need to verify the emissions data reported through CSDDD, as the directive mandates a climate change transition plan that aligns with the Corporate Sustainability Reporting Directive (CSRD), which does require companies to verify their emissions data. [09:55] Who qualifies for CSDDD? The Corporate Sustainability Due Diligence Directive (CSDDD) applies to both EU and non-EU companies depending on their workforce size and revenue: EU and non-EU companies (or the ultimate parent company of a group):   ·      With more than 1,000 employees and a global net turnover of at least €450 million in the last fiscal year; or ·      Which have franchising or licensing agreements in the EU in return for royalties with more than €22.5 million generated by royalties in the EU and have a net worldwide turnover of over €80 million in the last financial year. [11:10] What is the possible impact of this new directive? Similar to the other ESG disclosures I’ve covered over the past few weeks in this series on reporting disclosures, the impact of the CSDDD will result in 3 key impacts:- ·      Increased transparency: This directive will provide stakeholders with a clearer picture of companies' sustainability efforts, to combat greenwashing. ·      Enhanced accountability: Companies will be held accountable for their environmental and social performance. ·      Stimulation of sustainable business practices: The directive will encourage companies to adopt more sustainable practices, including regular reporting. If you would like to learn more about CSDDD or inquire about the related course, please get in touch with Carbonology. We’d love to hear your views and comments about the ISO Show, here’s how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

2030 is fast approaching and we’re already falling behind on our Net Zero targets, which will take a coordinated collective effort to get back on track. As a result, businesses are coming under increasing pressure to monitor, report and reduce their energy use and carbon emissions to meet net zero targets. This has led to an increase in both mandatory and voluntary regulations that require carbon emissions reporting to verify your net zero claims. In this episode, Mel continues the ESG Reporting Disclosures series by explaining what the Corporate Sustainability Reporting Directive (CSRD) is, how it affects your emissions reporting, the verification requirements and who qualifies for CSRD. You’ll learn ·      What is CSRD? ·      How will the CSRD affect your Emissions Reporting? ·      What are the emissions verification requirements for CSRD? ·      Who qualifies for ISSB S2?   Resources ·      Carbonology ·      Carbonology LinkedIn ·      Carbonology Instagram ·      CSRD     In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:10] Episode summary: Over the course of September, Mel will be exploring the latest climate change regulations that may affect your organisation. In this episode she dives into Corporate Sustainability Reporting Directive (CSRD). [02:55] What is CSRD? – The Corporate Sustainability Reporting Directive (CSRD) is a new EU directive that modernises and strengthens the rules concerning the social and environmental information that companies have to report. It revises the 2014 Non-Financial Reporting Directive (NFRD), extends the scope of covered companies, and strengthens the reporting requirements. The CSRD was formally adopted by the European Council on 28 November 2022. The directive is transforming ESG reporting and will start affecting almost 50,000 companies from 2024 by expanding the scope to include all large companies, all companies listed on regulated markets, and non-EU companies with substantial activities in the EU. This includes non-EU companies with subsidiaries operating within the EU or those listed on EU regulated markets. Many companies located both within and outside the EU will be affected during the CSRD’s phase-in period beginning in fiscal year 2024.   [05:10] How will the CSRD affect your Emissions Reporting?: Under the CSRD, companies are required to report on their greenhouse gas (GHG) emissions. This includes: ·      Scope 1 Emissions: Direct emissions from owned or controlled sources. For example, emissions from combustion in owned or controlled boilers, furnaces, vehicles, etc. ·      Scope 2 Emissions: Indirect emissions from the generation of purchased energy. This includes emissions from the production of electricity, steam, heating, and cooling consumed by the company. ·      Significant Scope 3 Emissions: Other indirect emissions that occur in a company’s value chain. Companies are required to report on significant Scope 3 sources. This could include emissions from business travel, employee commuting, waste disposal, etc. [07:10] What are the Emissions Verification Requirements? Under the CSRD, companies are required to have their reported GHG emissions data verified by an independent third party. The verification process ensures the accuracy and reliability of the reported information. Verification options for CSRD include: ·      Independent Verification: Companies must engage an accredited third-party verifier to audit and confirm the accuracy of their GHG emissions reports. ·      Verification Standards: The verification must be conducted in accordance with recognised international standards, such as ISO 14064-3. ·      Assurance Levels: The verification should provide a reasonable level of assurance that the emissions data is accurate and complete. ·      Frequency of Verification: Verification is required on an annual basis to ensure ongoing accuracy and compliance with the CSRD. [10:10] Who qualifies for CSRD? The Corporate Sustainability Reporting Directive (CSRD) applies to a broad range of companies based on the following criteria: 1)    Companies listed on regulated markets in the EU (excluding listed micro-enterprises). 2)    Large companies, classified as those meeting at least two of the following three conditions: ·      More than 250 employees. ·      A turnover of over €40 million. ·      Over €20 million in total assets. 3)    Listed Small and Medium-sized Enterprises (SMEs), although there will be a transitional period when SMEs can opt out until 2028. 4)    Non-EU companies with a net turnover of €150 million in the EU, and with at least one subsidiary or branch in the union. If you would like to learn more about CSRD or inquire about the related course, please get in touch with Carbonology. We’d love to hear your views and comments about the ISO Show, here’s how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

Businesses are coming under increasing pressure to monitor, report and reduce their energy use and carbon emissions to meet net zero targets. As a result, we’re seeing an increase in both mandatory and voluntary regulations that require carbon emissions reporting to verify your net zero claims. In this episode, Mel continues the ESG Reporting Disclosures series by explaining what The International Sustainability Standards Board Climate-related Disclosures (ISSB S2) are, the emissions reporting and verification requirements and who qualifies for ISSB S2. You’ll learn ·      What is ISSB S2? ·      What is the scope of ISSB S2 ·      What are the emissions reporting requirements for ISSB S2? ·      Emissions verification requirements ·      Who qualifies for ISSB S2?   Resources ·      Carbonology ·      ISSB S2     In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:10] Episode summary: Over the course of September, Mel will be exploring the latest climate change regulations that may affect your organisation. In this episode she dives into The International Sustainability Standards Board Climate-related Disclosures (ISSB S2). [03:20] What is ISSB S2? – The International Sustainability Standards Board Climate-related Disclosures (ISSB S2) is a new global standard that mandates entities to provide comprehensive information about climate-related risks and opportunities. The ISSB S2 was issued by the International Sustainability Standards Board on the 26th of June 2023 and is effective for annual reporting periods beginning on or after the 1st January 2024. The new standard ensures that companies disclose physical and transition risks and their potential impact on the move towards a low carbon economy. [04:20] Further learning with Carbonology: Carbonology have created a half-day course which walks you through all of the various carbon reporting disclosures and sustainability disclosure reporting requirements. If you would like to learn more, get in touch with Carbonology. [07:00] What does ‘Acute and Chronic Physical risks’ mean in the context of ISSB S2? Climate related physical risks are risks resulting from climate change that could be event driven, so an example of an acute physical risk could arise from weather related events like storms, floods and heatwaves, which are increasing in frequency. These could have a knock-on effect to businesses, taking a heat wave as the example, you will need to consider: ·      Can your IT systems and datacentres cope with it? ·      Have you got resilience built in to your operations to be able to deal with that sort of disruption to your organisation? Chronic physical risks arise from longer term shifts in climatic patterns, including changes in precipitation and temperature, which could lead to sea level rises and reduced water availability and changes in soil productivity. These risks could carry a weighty financial burden either through direct damage to assets, or indirectly through supply chain disruption. [09:35] Join the isologyhub and get access to limitless ISO resources – From as little as £99 a month, you can have unlimited access to hundreds of online training courses and achieve certification for completion of courses along the way, which will take you from learner to practitioner to leader in no time. Simply head on over to the isologyhub to sign-up or book a demo. [11:43] What does ‘Transition risk’ mean in the context of ISSB S2? This is looking for a climate related transition plan, which should include targets, actions and resources for the transition towards a lower carbon economy. This would include actions such as reducing greenhouse gas emissions. [12:30] What is the scope of ISSB S2? This Standard applies to: ·      climate-related risks to which the organisation is exposed, which are: ·      climate-related physical risks; and (ii) climate-related transition risks; and ·      climate-related opportunities available to the entity. Climate-related risks and opportunities that could not reasonably be expected to affect an organisation’s prospects are outside the scope of this Standard. ·      The Standard covers:- ·      Governance ·      Strategy ·      Climate related risks and opportunities ·      Business Model and Value Chain ·      Financial position, financial performance and cash flows ·      Climate resilience ·      Risk Management [14:10] What are the emissions reporting requirements for ISSB S2? -  Under ISSB S2, companies are required to measure and disclose their greenhouse gas (GHG) emissions across three scopes: ·      Scope 1 Emissions: Direct emissions from owned or controlled sources. For example, emissions from combustion in owned or controlled boilers, furnaces, vehicles, etc. ·      Scope 2 Emissions: Indirect emissions from the generation of purchased energy. This includes emissions from the production of electricity, steam, heating, and cooling consumed by the company.   ·      Scope 3 greenhouse gas emissions: Indirect greenhouse gas emissions (not included in Scope 2 greenhouse gas emissions) that occur in the value chain of an entity, including both upstream and downstream emissions. Scope 3 greenhouse gas emissions include the Scope 3 categories in the Greenhouse Gas Protocol Corporate Value Chain (Scope 3) Accounting and Reporting Standard (2011). [16:20] Emissions verification requirements -  Under ISSB S2, companies are required to have their reported greenhouse gas (GHG) emissions data verified. Verification can provide users of financial reports confidence that the information is complete, neutral and accurate. Disclosure of inputs to Scope 3 greenhouse gas emissions needs to disclose information about the measurement approach, inputs and assumptions it uses. [18:30] Who qualifies for ISSB S2? - ISSB S2 applies to all entities that are required by law, regulation, or administrative provision to prepare financial statements. This includes, but is not limited to: ·      Publicly listed companies ·      Large private companies ·      Financial institutions such as banks and insurance companies ·      State-owned enterprises Entities are encouraged to adopt the ISSB S2 voluntarily, even if they are not mandated by law or regulation. Early adoption is permitted and encouraged to enhance transparency and accountability in climate-related disclosures.   If you would like some help with your carbon emissions reporting, please get in touch with Carbonology. We’d love to hear your views and comments about the ISO Show, here’s how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

As the urgency to address the climate emergency heightens, businesses are coming under increasing pressure to monitor, report and reduce their energy use and carbon emissions to meet net zero targets. As a result, there is an increase in regulations to ensure that companies are taking the climate emergency seriously and not pay lip service to climate action. During September, we’ll be taking a look at a few of the latest regulations that may affect your organisation, including: ·      SECR – Streamlined Energy and Carbon Reporting ·      ISSB S2 - International Sustainability Standards Board Climate related disclosures ·      CSRD - Corporate Sustainability Reporting Directive ·      CSDDD - Corporate Sustainability Due Diligence Directive In this episode, Mel Blackmore breaks down what Streamlined Energy and Carbon Reporting (SECR) is, its reporting requirements, it’s qualifiers and how it can work in tandem with other carbon management initiatives. You’ll learn ·      How do these regulations relate to ESG reporting? ·      What is Streamlined Energy and Carbon Reporting? ·      What are the SECR Emissions Reporting Requirements? ·      Who qualifies for SECR? ·      How can SECR work with other carbon management initiatives?   Resources ·      Carbonology ·      SECR     In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:10] Episode summary: Over the course of September, Mel will be exploring the latest climate change regulations that may affect your organisation. In this episode she dives into Streamlined Energy and Carbon Reporting (SECR). [03:20] How do these regulations relate to ESG reporting? – ESG requirements include a commitment to sustainability, and reducing your overall impact. All of these regulations contribute towards an organisations ESG reporting requirements, as they require tangible proof to back up your ESG claims. They will require you to provide comprehensive emissions reporting, the level of detail of which will depend on the specific applicable regulation. [04:05] Future content to look forward to: During September Mel will look at involuntary emissions reporting schemes, but in October she will be looking into the voluntary schemes that many are already adopting as part of their Stakeholder requirements. This will include: ·      CDP (Carbon Disclosure Project) ·      EcoVardis [05:50] What are the SECR Emissions Reporting Requirements?: SECR has been around since April 2019, and was originally introduced to replace the Carbon Reduction Commitment Scheme. This is a mandatory scheme, so it is a legal requirement for those that meet it’s criteria. For those that are familiar with ESOS (The Energy Savings Opportunity Scheme), it functions in a very similar way. This scheme isn’t solely focused on reporting energy usage and carbon emissions, it’s also looking for organisations to report on efficiency measures that are undertaken on an annual basis. Which is reflected in the financial reporting that you will also have to submit. It’s important to note that SECR has specific requirements for the disclosure of greenhouse gas (GHG) emissions and energy consumption. Emission reporting requirements vary slightly between quoted companies and large unquoted companies and LLPs. For quoted Companies: ·      Global Scope 1 and 2 GHG emissions must be reported. Scope 3 emissions reporting is strongly recommended but voluntary. For large unquoted companies and LLPs: ·      UK based Scope 1 and Scope 2 emissions and associated energy consumption. Scope 3 emissions from the combustion of fuel in vehicles or equipment not owned by the company. [10:10] Join the isologyhub and get access to limitless ISO resources – From as little as £99 a month, you can have unlimited access to hundreds of online training courses and achieve certification for completion of courses along the way, which will take you from learner to practitioner to leader in no time. Simply head on over to the isologyhub to sign-up or book a demo. [12:05] Who qualifies for SECR?:  All UK Quoted Companies: Any company that has shares listed on the UK Stock Exchange is required to comply with SECR. Large Unquoted Companies and Large LLPs: These are companies and Limited Liability Partnerships (LLPs) that are not listed on the UK Stock Exchange but meet two or more of the following criteria: ·      Turnover: More than £36 million per annum. ·      Balance Sheet Total: More than £18 million. ·      Number of Employees: 250 or more employees. These criteria ensure that SECR framework targets large organisations that have a significant impact on the UK’s energy consumption and carbon emissions. By complying with SECR, these organisations can contribute significantly to the UK’s sustainability goals. [14:10] When is the SECR disclosure made? SECR reporting must occur alongside financial reporting, being included within annual reports and Directors’ Reports, which are then filed with Companies House. [14:30] The importance of Accurate SECR Reporting and Carbon Reduction -  The reporting process can unlock valuable insights and opportunities for operational improvements, leading to enhanced energy efficiency and reduced carbon emissions over time. Demonstrating your organisation’s commitment to energy efficiency and carbon reduction can enhance brand perception and foster positive relationships with stakeholders, including investors, clients, and regulators. [16:05] Integrating SECR Reporting with Other Carbon Management Initiatives -  You are missing a trick if you’re keeping your SECR reporting separate from the rest of your business activities. It should be included as a part of your sustainability umbrella, and can be invaluable if you’re going for other reporting requirements such as EcoVardis and CSRD. There’s no need to reinvent the wheel if you already have something like an Environmental Management System in place, simply weave the additional requirements in with your usual annual maintenance. Established systems will already be adhered to across the business, meaning any new requirements will soon become business as usual. You could incorporate this as part of your Net Zero strategy, or Carbon Reduction Plan if PPN 06/21 is one of your reporting requirements. You could also incorporate this into your supply chain emissions reporting. If you would like some help with SECR, please get in touch with Carbonology. We’d love to hear your views and comments about the ISO Show, here’s how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

There have been a reported 9,478 publicly disclosed data incidents in 2024 alone, with that amounting to over 35 million known records breached. It has become clear in recent years that information security isn’t just a ‘nice to have’, it’s a necessity to ensure you and your client’s data are protected. Which is especially the case for those processing personal and financial data, such as today’s guest, Mintago. In this episode, Tom Catnach, Head of Product and Information Security Officer for Mintago, explains their journey towards ISO 27001, the challenges faced and benefits felt from certification to the leading Information Security Standard. You’ll learn ·      Who are Mintago? ·      Who is Tom Catnach? ·      What was the main driver behind achieving ISO 27001? ·      What was the biggest ‘gap’ identified in the Gap Analysis? ·      What have they learned from the experience? ·      What are the benefits of certification to ISO 27001? ·      What does the threat horizon for information security look like?   Resources ·      Mintago ·      Isologyhub     In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:15] Episode summary: Today we welcome guest Tom Catnach from Mintago to discuss their journey towards ISO 27001 certification. [02:20] Who are Mintago? – Mintago are an employee benefits company, who work with companies to help their employees be financially better off. They do this in a number of ways, including: ·      Finding lost pension pots ·      Help to save money through finding discounts ·      Retirement planning ·      Offering various salary sacrifice products ·      Helping companies to be more financially efficient with pension salary sacrifice or other national insurance savings ·      Helping people to be more financially literate [05:10] Who is Tom Catnach?: Tom has a split role at Mintago, his primary role being Head of Product and secondary being Information Security Officer. Through both roles he looks after all the products and offerings as well as the information security across the business, he was also the driving force behind achieving ISO 27001. Outside of work, Tom likes to travel via motorbike, preferring to stay away from the screens and enjoying the sights. [06:30] What was Mintago’s main driver to Implement ISO 27001?: Mintago, and most other businesses by their nature, are required to hold a lot of sensitive data and so have a responsibility to their clients and employees to ensure it’s security. Mintago were looking for a robust framework to base their Information Security around, and what better option that the leading Information Security Standard, ISO 27001. ISO 27001 also offers the assessment of general business practice, and allows for growth and scaling. As a start-up, they wanted to have a solid base for policies, training ect to roll out to new hires as they expand. [08:30] Aligning Standards with core values: Trust is one of Mintago’s core values and they want to give their clients the assurance that they can be trusted to protect their data. ISO 27001 can be compared to the likes of Bcorp as it’s an on-going process. It doesn’t just stop at getting the certificate, you have annual surveillance to ensure you are still compliant year on year. [10:15] What was the scope of Mintago’s certification?: For the initial implementation, Mintago opted to just scope in Product and Customer Service. This was because all of the sensitive data is handled in those departments and they don’t allow access to any other teams, so it made sense to start there with a view to expand the scope after certification. That being said, they still rolled out Information Security training to all staff, and everything has been set-up to allow for an easy business wide roll-out when they’re ready. [11:50] How long was Mintago’s certification journey?: They started their journey in September 2023, in fact it was Tom’s first project with Mintago! Mintago enlisted Blackmores help to implement ISO 27001, and after nine months they have been successfully certified. Tom attributes their ease of implementation to the fact that they are currently a small business, citing that it’s an advantage to implement ISO Standards early while your agile so that your management system grows with you.   [14:25] What was the biggest ‘gap’ identified at the Gap Analysis?  Mintago are lucky in the fact that they are a new business so are using modern tech, and don’t have the burden a larger site or other physical elements such as rack mounted servers. However, policy, procedure and evidence to ensure they were doing the right thing were lacking at the start of their journey. They did have a good 70% in place and that last 30% was mostly down to having the ability to evidence their compliance. There was also some additional work to do to improve existing policies and procedures. One example of this was having a solid Business Continuity Plan in place. [16:35] Did Mintago experience any significant barriers in addressing identified gaps?  Being a smaller business, they were able to adapt a lot quicker than a larger organisation may have been able to. One of the biggest struggles for Tom was getting the necessary technology to aid with Information Security. They needed to show that they had a competent Mobile Device Management Solution (MDM), antivirus and anti-phishing in place. When trying to buy some software solutions, Tom encountered a lot of companies simply not replying to his requests due to Mintago’s size. Many organisations sadly prioritize bigger potential clients, and so it took a while to finally get all the required software. [18:45] Engagement is key -  Getting everyone involved with the management system is critically important. Especially with information security as the people most often targeted are frontline workers, so they need to be actively engaged in security. Mintago also has the advantage of being a smaller business, so getting communication out isn’t a hardship and resulted in high engagement. This was benefitted from a top-down initiative via their ‘C-Suite’. Tom also states that you can make any necessary training more lighthearted, team based or interactive, as that’s something that people would want to engage in.   It’s also important to stress that any information security training can be beneficial for personal use too to avoid being a victim of fraud or a scam. It can be something people take away to their family members to ensure they stay safe online. [23:10] Did the adoption of ISO 27001 highlight any issues not already considered by Mintago? -  The biggest thing was how their internal process could be improved. For example, looking at the scenario of ‘what if our back-ups don’t work?’, ISO 27001 drilled down to ask specifics such as: ·      How do we recover from that scenario? ·      Are we 100% confident in our back-ups? ·      Will they work near instantaneously? ·      What’s Mintago’s availability like in that scenario? ·      How do we prevent disruption to our clients during that scenario? So, while they did have back-ups they weren’t necessarily considering the whole scenario, especially if those back-ups were to fail. ISO 27001 ultimately helped to flesh out existing plans to make a much more robust system. In regards to threat horizons, Mintago do practice OWASP and keep the team informed via e-mail, newsletters and GitHub repositories. [25:00] Internal Auditing – A beneficial tool -  Tom found the internal auditing process to be very beneficial for Mintago, currently they do a few monthly on average. Blackmores assisted with the audits during implementation to ensure they were in the right place for assessment. Of course, the Certification Body audits were a bit more nerve wracking for Stage 1 and 2 as they would determine if they would be certified. Mintago passed their Stage 1 (documentary review) with flying colours, their Stage 2 (evidence checking) highlighted a few non-conformities that were quickly addressed. Following the Stage 2, they were recommended for ISO 27001 certification. [27:20] Minor Non-conformities aren’t the end of the line – There’s a common misconception that getting a certain number of minor non-conformities during a Stage 2 assessment means you can’t be certified, but that’s simply not true! If an Assessor is comfortable that you are in a good position for certification, they will recommend you. ISO Standards are all about continual Improvement, which is something Mintago are embracing as they continue to address issues raised at audits. [29:00] Benefits of ISO 27001 certification – Benefits Mintago are already experiencing include: Internal Stakeholders – The Team worked hard to achieve the Standard and have embraced it’s core qualities to the benefit of their own Information Security practices. Positive Market Response – Much larger clients who are also ISO 27001 certified now have a mutual understanding of each other’s commitment to information security. Gaining certification early – As a start-up, Mintago are agile and will be able to develop and mature their ISMS (Information Security Management System) as they grow. [31:10] Any concerns on the threat horizon?:  As the Information Security Officer, Tom is concerned about new emerging trends in AI led scams. They’re going to be a lot more sophisticated and harder to spot and deal with. Thankfully, even if they are impacted, it will be rather isolated. Tom raises concerns for vital services such as Air Traffic Control which could have dire consequences if they were to be affected by a data incident. However, with ISO 27001 Mintago are in a good place to keep on-top of their threat horizon and have the processes in place to mitigate potential incidents and continually improve their own security. [34:30] In Summary: Mintago are a shining example of gaining certification for the right reasons. It’s not just about getting a badge, they have truly embraced a culture of continual improvement and are utilising ISO 27001 to ensure they have a robust information security management system in place. If you would like to learn more about Mintago and their financial services, check out their website.   We’d love to hear your views and comments about the ISO Show, here’s how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes

Greenhouse Gas (GHG) accounting has become increasingly important in recent years due to the demand for more environmental accountability. Whether by choice or due to legislation or mandatory Government led schemes, organisations need to able to effectively calculate their current impact before they can the right steps to reduce and offset the remaining emissions. There are a lot of different routes to take, and some may look so similar that you have to squint to see a difference. In this episode, Mel Blackmore breaks down the similarities and differences between the leading GHG emission reporting frameworks, ISO 14064-1 and the GHG Protocol Corporate Standard. You’ll learn ·      What are the 2 leading GHG accounting frameworks? ·      What are the similarities between the GHG Protocol and ISO 14064? ·      What are the differences between the GHG Protocol and ISO 14064? ·      Reporting on indirect emissions ·      Choosing the right framework ·      How can the GHG Protocol and ISO 14064 complement each other? Resources ·      Carbonology   In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:30] Episode summary: Mel will look at the similarities and differences between the 2 leading GHG emissions reporting frameworks, the GHG Protocol and ISO 14064-1:2018. [02:20] What are the 2 leading GHG accounting frameworks? – Greenhouse gas (GHG) accounting has become increasingly important for organisations seeking to manage their environmental impact and contribute to climate change mitigation efforts. Two prominent frameworks guide this process: ISO 14064-1:2018 and the GHG Protocol Corporate Standard. Climate change concerns necessitate robust methodologies for quantifying and reporting organisational GHG emissions. Standardised frameworks offer a transparent and reliable approach for organisations to measure their impact and contribute to environmental sustainability goals. This article examines two leading frameworks: ISO 14064-1:2018 and the GHG Protocol Corporate Standard. [06:10] What are the similarities between the GHG Protocol and ISO 14064? – GHG Scope Definition: Both frameworks categorise emissions into three scopes: Scope 1 (direct emissions from owned or controlled sources), Scope 2 (indirect emissions from purchased electricity, heat, or steam), and Scope 3 (other indirect emissions throughout the value chain). In general, the GHG Emissions covered in the GHG Protocol Corporate Standard conform to ISO 14064-1 if significant Sope 3 GHG emissions and GHG removals are both considered. Quantification Principles: Both emphasize the importance of accuracy, completeness, consistency, transparency, and relevance when quantifying emissions. GHG Reporting Boundaries: Both require clear definition of the organisational boundaries for which emissions are quantified. GHG Inventory: Both frameworks guide the development of a GHG inventory, a comprehensive record of all organisational emissions. [09:15] What are the differences between the GHG Protocol and ISO 14064? – Focus: ISO 14064-1 is a more procedural framework, outlining the steps for quantifying, reporting, and verifying GHG emissions. The GHG Protocol, on the other hand, offers detailed guidance on calculating emissions for various activities and sectors but lacks formal verification requirements. Level of Detail: The GHG Protocol provides a more comprehensive and detailed approach, including calculation methods, guidance on emission factors, and best practices. ISO 14064-1 offers a less prescriptive approach, allowing organisations to choose calculation methodologies based on their specific needs. Avoided GHG Emissions: The concept of avoided GHG emissions is not addressed in ISO 14064-1.  However, the GHG Protocol Corporate Standard addresses the quantification of avoided emissions, which are required to be reported separately. Verification: Verification by a third-party verifier is optional under the GHG Protocol but mandatory for organisations seeking public disclosure or certification under ISO 14064-1. Verification enhances the credibility and reliability of reported emissions data, this could be to schemes like EcoVadis. Value Chain Emissions: While both frameworks acknowledge Scope 3 emissions, the GHG Protocol offers a dedicated standard - the Corporate Value Chain (Scope 3) Standard - providing specific guidance on quantifying these emissions. Addressing GHG Emissions and Removals: ISO 14064-1 clearly address GHG emissions and removals for each  category and removals are therefore an inherent part of the GHG quantification. The guidance in the GHG protocol is not as clear but allows for the reporting of removals separately from GHG Emissions. [13:30] Join the isologyhub and get access to limitless ISO resources – From as little as £99 a month, you can have unlimited access to hundreds of online training courses and achieve certification for completion of courses along the way, which will take you from learner to practitioner to leader in no time. Simply head on over to the isologyhub to sign-up or book a demo. [17:05] Reporting on indirect emissions:  The main challenge for organisations is the reporting of indirect emissions (Scope 3), often leading to confusion based on a lack of clarity and understanding of how granular the data needs to be, combined with challenges extracting data from third-parties.  ISO 14064-1 is very clear regarding which Scope 3 emissions are to be included, whereas the GHG Protocol standard maybe viewed as more open to interpretation. In contrast, GHG Protocol standards require the inclusion of Scope 2 (indirect emissions from purchased energy); the inclusion of other indirect GHG Emissions under scope 3 is optional. The GHG Protocol standard is referred to in various GHG reporting and disclosure initiatives whose requirements for the reporting of the Scope 3 emissions vary.  Whereas ISO 14064-1 has been created and approved by representatives from 61 nations to determine a specification for Scope 3 emissions reporting. [20:30] Choosing the right Framework: The choice between ISO 14064-1 and the GHG Protocol depends on an organisation's specific needs and goals. Here are some considerations: ·      Is there a need for Verification? i.e. is it a mandatory requirement ·      What level of detail is required? If a detailed approach with extensive calculation guidance is preferred, the GHG Protocol might be more suitable. ·      Resource availability – Do you have the resource to do this yourself or will you need a helping hand? ·      Disclosure reporting requirements – check what you need to comply with as this could determine which framework you use. [23:30] How can the GHG Protocol and ISO 14064 complement each other? -  This podcast may have you thinking that it has to be one or the other, but in actuality the two frameworks can be used together effectively. Organisations can utilise the GHG Protocol's detailed guidance to develop their GHG inventory and then follow ISO 14064-1's process for verification and reporting. If you would like some help with GHG reporting or Verification, please get in touch with Carbonology. We’d love to hear your views and comments about the ISO Show, here’s how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

ESG is a very broad topic to try and address for any organisation, leaving many scratching their heads on where to start with ESG reporting. Currently, there is no official certification for ESG, however there are a number of schemes that will give you either a score or rating for your level of compliance against their requirements. For those currently working towards one of these schemes, you may already have a solid foundation in place if you’re certified to one or many ISO Standards. In this episode, Ian Battersby and Ali Henshaw discuss ESG compliance and how elements of an ISO Management system can help with ESG reporting.   You’ll learn ·      What is ESG? ·      Is ESG reporting required? ·      Is ESG a nice to have or good solid business practice?  ·      Is ESG certifiable? ·      How can ISO Standards help to address the 3 pillars of ESG? ·      How ESG compliance helps to combat Greenwashing Resources ·      Isologyhub ·      ESG Audit     In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:00] Episode summary: Ian and Ali will be discussing how ISO Standards can help with ESG reporting.   [02:20] What is ESG? – ESG stands for Environmental, Social, and Governance. Analysis and evaluation against these three elements help organisations to consider different areas within their overall sustainability profile. The Environmental section looks at issues surrounding climate change and actions to address an organisation’s environmental responsibility. This includes monitoring and management of your energy consumption, waste management and pollution. It also seeks to tackle how organisations can address, reduce and mitigate their overall environmental impact. The Social aspect is based around the relationships an organisation has with its stakeholders. This is focused on employees and looks at a broad range of topics including employee wellbeing, fair and competitive pay, benefits and human resource related policies. Considerations can also include wider business relationships such as supplier relations, local community and government work. [05:00] The pillars of ESG aren’t silos – You shouldn’t approach each pillar of ESG in isolation, as they cross over in a lot of areas. For example, in environmental management you may manage hazardous substances, you’ll have a duty to ensure those substances don’t pollute the surrounding area or bodies of water. However, you will also need to consider the health and safety aspect of storing and working with that material. So already you have 1 issue that crosses both the Environmental and Social pillar of ESG.  [05:50] What does the Governance pillar cover? – Governance criteria focuses on creating a business environment that is fair, transparent, and accountable. Considerations in this area include board composition, fairness in pay structures and executive compensation, business ethics and risk management. [07:05] What types of ESG reporting are required?  – For small organisations, there is currently no set requirement as it stands, but you many encounter stakeholder or customer requirements that encourage ESG reporting on some level. For larger organisations at certain sizes there are mandatory reporting frameworks that you will be required to fulfill. At the moment it’s quite sector specific but this is a trend that will only increase over time. Like with anything new, this is likely to trickle down to smaller organisations over time, however there will likely be funding and grants available to assist when that time comes. [08:25] Is ESG a nice to have or good solid business practice?  If you want to be a sustainable business, with good legacy that has the ability to grow and develop, ESG is a fantastic tool. Investors are now looking for sustainable businesses, it’s become a market trend for an ever increasingly environmentally conscious consumer base. You either need to move with the times of get left behind, and sustainability is one key factor that will determine which of those categories you fall into. [09:50] Which ISO Standards can support ESG?: From a holistic point of view, the structure of ISO standards, the plan do check Act (PDCA) cycle, the need for monitoring and measurement and the need for improvement supports the principles of ESG in terms of quantifiable results. The additional aspect of having set objectives and proof of tangible improvement actions was something that fulfilled CSR (Corporate Social Responsibility), which in turn has been superseded by ESG. ISO Standards high-level structure and life cycle approach lend themselves to support various aspects of ESG, depending on the Standard you implement. ISO 14001 for example, would support the environmental pillar, as it looks at your significant aspects and impacts in addition to that of your supply chain. You’ll need to factor these into your objectives and overall business strategy. ISO 45001 would tackle elements of the social pillar as it directly addresses the well-being of your employees. It also includes a clause for the consultation and participation of workers, so work directly with employees to identify and address risks that may be missed by management. [13:40] Is there a certifiable Standard for ESG?: Not currently, but an ISO guidance document is in the works. Standards that address core elements of ESG include ISO 26000 (Social Accountability) and ISO 20400 (Sustainable Procurement). Again, these aren’t certifiable, but provide invaluable guidance. Guidance documents have the advantage of being selective in what elements you decide to adopt. The ESG one in development is a good example, ESG as a topic is huge, a smaller organisation may not realistically be able to implement all of the advice. But, it can be used as a starting point for a materiality assessment that will allow you to be selective of the core subjects you apply to your business. The idea of guidance documents is not to be a bolt on, as those quickly get forgotten. It’s all about embedding their elements into existing processes. [17:10] Utilising elements of ISO Implementation for ESG reporting:  If you’ve already got an ISO Management System in place, i.e. ISO 14001 or ISO 45001, then you’ll already have objectives, processes  and monitoring & measurement in place to address those elements. ISO 26000 is another good example as it covers a wide range of topics, including human rights, labour practices, the environment, community involvement and development, consumer issues and fair operating practices. Some may not be applicable to you, but as mentioned, it’s a guidance document so you have the freedom to be selective about the aspects you incorporate into your management system. You need to decide what really applies to you. It’s better to prioritise and take 10 steps on one subject vs 1 on 10 subjects. [20:25] ESG isn’t a once a year activity:  There’s no tick box exercise that you can do once a year and claim compliance, ESG is an on-going endeavor for as long as your business is running. It’s a way of operating, much like ISO Standards. It will develop and grow with your business.   [21:30] Join the isologyhub and get access to limitless ISO resources – From as little as £99 a month, you can have unlimited access to hundreds of online training courses and achieve certification for completion of courses along the way, which will take you from learner to practitioner to leader in no time. Simply head on over to the isologyhub to sign-up or book a demo. [23:36] Will elements of ESG become certifiable down the line? We’ll never say never! It’s still very much a developing field. There is currently a framework being developed by the International Standards Organisation, it’s currently in draft form.   Ali herself is on the commenting committee for it’s development, and can confirm that the framework is looking at the links between certifiable Standards and the tangible application.   ISO Standards require third-party verification of your claims before getting certified. In that aspect, they’re the perfect tool to provide tangible proof that you are doing what you say you’re doing, but only in select aspects.   ESG is broad, almost too broad to certify. It’s not really feasible for one person to come in and assess a whole business like they would do for an ISO Assessment, there’s simply too much to cover!   [25:00] The trouble with ESG verification: Currently, a lot of voluntary schemes require you to report against and fulfill, but they are very sector specific because a general one would be too broad and likely will not cover every aspect appliable to every business. Schemes out there are doing something to battle greenwashing, as the environmental aspects are easier to verify, however social aspects are a lot more tricky and can get even more complicated outside of the UK where there is no HSE annual reporting available. [26:20] How can you support the Social aspect of ESG?: Measuring your social value can difficult, many think of education as the solution. Here are some ideas to consider: ·      Working with local schools – Improvement projects driven by Student run business studies ·      Work experience ·      Charitable work – allow staff to have a charity day as part of a benefits package [28:10] How can we prevent the greenwashing of ESG compliance?: Government Bodies are working to tackle this. It’s being built into legislation to prevent greenwashing in future where self-policing hasn’t gone far enough. Trade Associations are also pushing their members towards more legitimate frameworks to ensure they do remain accountable and transparent about their activities in relation to ESG compliance. [30:00] What resources do Blackmores have to help? We’ve developed an ESG Gap Analysis, based on the guidance provided in ISO 26000 Social Accountability. This ESG Gap Analysis will highlight where you’re already compliant and where there is work to be done. You may be surprised to see that you’re more compliant that you think! Especially if you’re certified to one or many ISO Standards. We also have a Materiality Assessment, which will help you to determine which topics are of importance to your business and your stakeholders. You can take the findings from both to help develop your ESG Strategy. If you’re not mandated to do any reporting, you can leave it at that. However, you may want to consider sector specific frameworks to get ahead of the curve for when elements of ESG do become mandated down the line. [36:00] Where should you start with tackling ESG using ISO Standards? If you’re certified to one or many ISO Standards, then you will have processes in place that can support an ESG initiative program strategy, and you can make it as big or as small as you want. Start by looking at your environmental, social and governments impacts and work to embed ESG into your existing ISO Management System before they become mandated by stakeholders and legislation – being ahead also feeds into the principles behind social responsibility. You're embedding a culture, and it becomes a norm which can be developed further. Then, when legislation or customer requirements come in, you’re already prepared to answer. Also, with ESG there is a focus on people and you can't have a successful business without good people. ESG isn’t only attractive to your customers, but also to potential employees who will want to work for ethical, sustainable businesses. If you aren’t keeping up and fulfilling that, you will struggle to find new talent. It also goes without saying that being ESG compliant will attract consumers. Greenwashing, as frustrating as it is, exists for a reason - because people want businesses to be sustainable. People wouldn't lie about it if it wasn't important to someone, so stand out by beating the greenwashing allegations and take the right steps towards tacking ESG. If you’d like to book a demo for the isologyhub, or would like help with an ESG Gap Analysis, simply contact us and we’d be happy to give you a tour. We’d love to hear your views and comments about the ISO Show, here’s how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: