176 episodes

Blackmores is a pioneering consultancy firm with a distinctive approach to working with our clients to achieve and sustain high standards in Quality, Risk and Environmental Management. We'll be posting podcasts discussing ISO standards here very soon!

The ISO Show Blackmores UK

    • Business
    • 4.9 • 7 Ratings

Blackmores is a pioneering consultancy firm with a distinctive approach to working with our clients to achieve and sustain high standards in Quality, Risk and Environmental Management. We'll be posting podcasts discussing ISO standards here very soon!

    #176 Top ISO Standard Trends in Data Centres

    #176 Top ISO Standard Trends in Data Centres

    Data Centres could be considered the powerhouse of thousands of businesses globally. 
    Long gone are the days of small physical servers being housed on-site, instead we rely on data centres to keep all our critical data safe and secure. But how do we know they are doing just that?
    Many hold certifications to security-based Standards such as SOC 2 or NIST to display their commitment to data security. However, many also hold various ISO certifications that cover other aspects of the business outside of information security.
    Today Steph Churchman, Communications Manager at Blackmores, will be sharing the top ISO Standard trends within the UK Data Centre industry.
    You’ll learn
    ·      Why did we look into the Data Centre industry specifically?
    ·      What are the top 5 ISO Standard Trends in Data Centres?
    ·      Why are these ISO Standards essential for Data Centres?
    ·      Other commonly adopted ISO Standards within the data centre space
     
    Resources
    ·      Isologyhub
    ·      ISO 27001:2022 Transition Gameplan
     
    In this episode, we talk about:
    [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo.
    [02:25] Episode summary: We’ll be taking a look at the top ISO Standard Trends within the UK Data Centre Industry
    [02:30] Why did we look into the Data Centre industry specifically? – In the mid 2010’s, we noticed an influx in enquiries from Data Centres in regard to Implementation of ISO Standards. That prompted a research project that led to Blackmores working with some of the top UK Data Centres.
    Now in 2023 and 2024 we’re starting to see a similar push for ISO Standards within the same industry. So, we revived the project to get a grasp on the modern ISO landscape, and took a look at the top 100 Data Centres within the UK.
    [03:34] #1: ISO 27001 Information Security – Out of the 100 data centres sampled 72% of them were certified to ISO 27001.
    Security is of upmost importance to data centres, and the great thing about ISO 27001 is that it considers security for not only the digital environment, but also for people and physical security.
    This Standard is also, in most cases, a stakeholder requirement. Certification to ISO 27001 indicates that you’re adhering to best practice in information security, and through the creation of an ISO 27001 compliant Management system, you will have documentation in place such as an information security policy and data retention policy, that often get requested by potential clients.
    If you’d like to learn more about the Implementation process for ISO 27001, we’ve got a helpful 3-part podcast series that summarises the entire process from Gap Analysis to Assessment preparation.
    anyone currently certified to ISO 27001:2013 that you have just over 1 more year to complete your transition to ISO 27001:2022. If you don’t do so by October 31st 2025, you’ll risk losing your ISO 27001 certification.
    That’s not the only reason you should be transitioning though. The new version of the Standard includes 11 new controls, which cover some newer technologies which really weren’t around when the 2013 version was published. So regardless of the risk of losing your certification, it’s in your best interest to ensure that you’re adhering to the latest version.
    If this is all news to you, then you can also go back and check out episodes 128 through to 133. This was a little mini-series we did to summarise the key changes to ISO 27001 and what actions you need to take to transition. We also have a Transition Gameplan available on the isologyhub if you’d like a more guided approach, including document templates and training videos covering those new controls.
    [06:25] #2: ISO 9001 Quality Management – The Quality Management Standard is as popular as ever, even within the data centre

    • 21 min
    #175 How Daisy embedded effective energy management with ISO 50001

    #175 How Daisy embedded effective energy management with ISO 50001

    Working towards a sustainable future is going to require a joint effort from everyone if we’re to reach our 2030 and 2050 targets. 
    Several initiatives have come out in recent years to try and address one of our biggest challenges, energy consumption. Many of us in the UK will be familiar with ESOS (The Energy Savings Opportunities Scheme), which involves regular reporting from those that fit its criteria. It’s also recently updated to include a stipulation to include an ESOS Energy Plan, which requires you to detail a route to reduce your energy consumption.
    However, many businesses would prefer a more consistent approach to energy management, such as today’s guest – Daisy Corporate Services.
    Today Mel is joined by Damian Edwards, ISO Standards Manager at Daisy Corporate Services, to discuss why they Implemented ISO 50001, what they’ve learned from the experience and the benefits gained from implementing an Energy Management System
    You’ll learn
    ·      Who is Damian and who are Daisy Corporate Services?
    ·      Why did they decide to Implement ISO 50001?
    ·      What was the biggest gap identified during their Gap Analysis?
    ·      What lessons did they learn from Implementing ISO 50001?
    ·      What benefits did they gain from ISO 50001 certification?
     
    Resources
    ·      Isologyhub
    ·     Daisy Corporate Services
    ·     Daisy Corporate Services ESG
     
    In this episode, we talk about:
    [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo.
    [02:30] Episode summary: Mel is joined by guest Damian Edwards, ISO Standards Manager at Daisy Corporate Services, to discuss their journey towards ISO 50001 certification.
    Daisy are not strangers to ISO Standards, already having achieved: ISO 9001, ISO 14001, ISO 27001, ISO 45001, ISO 20000 and ISO 22301!
    They have also recently won the Sustainability and Tech Awards 2024 and the Green Shoots Awards too.
    [04:15] Who is Damian Edwards? – Damian has worked at Daisy as their ISO Standards Manager for the past year. A little known fact about Damian: He listens to classical music as a way to focus.
    [05:25] Who are Daisy Corporate Services? – The are primarily a provider of IT and Communications. They currently supply a range of services including:
    ·      Unified Communications
    ·      Connectivity
    ·      Modern Workplace
    ·      Cyber Security
    ·      Cloud services
    ·      Managed Services
    ·      Operational Resilience
    [06:25] What were the main drivers behind obtaining ISO 50001 Certification? – In addition to the office spaces Daisy controls, they also have a number of data centres, which use massive amounts of energy. Finding ways to monitor, measure and potentially reduce that energy use, and subsequently cost, was essential. 
    The second main driver is mainly for commercial reasons. Without Standards like ISO 50001, you can’t bid for larger contracts or Government frameworks.
    [08:30] Daisy’s commitment to ESG  – Daisy have a made a solid commitment to ESG, explained further on their website as they break it down into 10 key focus areas. Energy Management is one of the logical steps to tackle reducing carbon emissions.
    Data centres can be very inefficient, so being able to consistently monitor, measure and improve their energy consumption is a key part of tackling some of their ESG related goals.
    Also being certified means you have the certificate to back up your claims. It’s not you just making a statement, it has to be verified by a third-party.
    [10:30] How long did it take to Implement ISO 50001? – It took between 8 – 11 months. For a Standard like ISO 50001, it’s important to do it properly. Some organisations may request it in 6 months, but for larger organisations, that would be a

    • 30 min
    #174 What is the new ISO Climate Change Amendment?

    #174 What is the new ISO Climate Change Amendment?

    In February 2024, the ISO and IAF issued an unprecedented change to 31 commonly adopted ISO Standards, such as ISO 9001, ISO 14001 and ISO 27001. 
    This change saw the addition of a new ‘Climate Change Amendment’, which was applied in part due to the ISO’s resolution in support of the ISO London Declaration on Climate Change.
    So what does this mean for ISO certified businesses? 
    Join Mel as she discusses what this new ISO Climate Change Amendment is, why it was introduced, what are the consequences if you don’t address it and the benefits of its introduction.
    You’ll learn
    ·      What is the ISO Climate Change Amendment?
    ·      Why was it introduced?
    ·      What are the consequences if you do not address the change?
    ·      What are the benefits of the Climate Change Amendment?
     
    Resources
    ·      Isologyhub
    ·      ISO Climate Change Amendment Workshop
     
    In this episode, we talk about:
    [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo.
    [02:30] Episode summary: We break down the new ISO Climate Change Amendment, including why it was introduced and why you should address it ahead of your next Certification Body visit.
    [02:55] Join our Workshop– If you’re not sure where to start with addressing this amendment, join our interactive workshop taking place on the 20th May (14:00 – 16:00 GMT). There we will explain how you can integrate the new changes into your existing ISO Management System. Register your place here.  
    [04:30] What is the new ISO Climate Change Amendment? – A key clarification before we go into more detail, this is not a new version of a Standard i.e. ISO 27001:2022, where you must transition to a new version.
    So, what is it? In February 2024, the International Organization for Standardization (ISO) introduced a groundbreaking amendment to integrate climate change considerations into various management system standards.
    The amendment doesn't assign specific actions. Instead, it adds text to existing clauses in 31 standards (including ISO 9001, 14001, 27001) requiring organizations to consider:
    ·      Relevance of climate change: Organizations must assess if climate change is a relevant issue for their operations and context (Clause 4.1).
    ·      Stakeholder expectations: Note added: Relevant Interested Parties can have requirements related to climate change (Clause 4.2).
    As we’ve learned from our sister company, Carbonology, it is often Stakeholders driving forward that need to verify a business’s carbon footprint and take steps towards Net Zero.
    [09:30] Why was this change Introduced? – This change was in part due to ISO’s resolution in support of the ISO London Declaration on Climate Change. The aim is making climate change considerations an integral part of management systems, their guiding policies and practises – not simply as an afterthought.
    As we all know, climate change will affect everyone, and should be a concern that every business fully considers to ensure they are resilient and adaptable enough to deal with climate related risks.
    This amendment means businesss will need to address these risks where relevant, and integrate them into strategic objectives and look what can be done from a risk mitigation perspective.
    The global business community will be one of the driving forces for paving a way to a more sustainable future – It all starts with changing the way we work, making the shift towards embedding environmental consciousness into the very heart of your business.
    ISO Standards are widely adopted, and this change offers a catalyst for meaningful climate action on a global scale.
    [11:00] Join the isologyhub and get access to limitless ISO resources  – From as little as £99 a month, you can have unlimited access to hundreds of online train

    • 19 min
    #173 Top 10 Reasons to Use ISO 42001 AI Management

    #173 Top 10 Reasons to Use ISO 42001 AI Management

    ISO 42001 was published in December of 2023, and is the first International Standard for Artificial Intelligence Management Systems.
    It was introduced following growing calls for a common framework for organisations who develop or use AI, to help implement, maintain and improve AI management practices.
    However, its benefits extends past simply establishing an effective AI Management System.
    Join Steph Churchman, Communications Manager at Blackmores, on this episode as she discusses the top 10 reasons to adopt ISO 42001.
    You’ll learn
    ·      What is ISO 42001?
    ·      What are the top 10 reasons to use ISO 42001?
    ·      What risks can ISO 42001 help to mitigate?
    ·      How can ISO 42001 benefit both users and developers of AI? 
     
    Resources
    ·      Isologyhub
    ·      ISO 42001 training waitlist
     
    In this episode, we talk about:
    [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo.
    [02:30] What is ISO 42001?: Go back and listen to episode 166, where we discuss what ISO 42001 is, why it was introduced and how it can help businesses mitigate AI risks.  
    [02:45] Episode summary: We take a look at the top 10 reasons why you should consider implementing ISO 42001.
    [02:55] #1: ISO 42001 helps to demonstrate responsible use of AI.  – , ISO 42001 helps ensure fairness, non-discrimination, and respect for human rights in AI development and use.
    Remember, AI can still be bias based on the fact that AI models are typically trained on existing data, so any existing bias will carry over into those AI models – an example of this is the existing lack of representation for minority groups.
    We also need to take care in the use of AI over people, as staff being replaced by AI is a very real concern and should not be treated lightly. We’ve already seen a few cases where this has happened, especially across the tech support field where some companies mistakenly think that a chatbot can replace all human staff.
    We also need to consider the ethics of AI content. It’s predicted that 90% of online content will be AI generated by 2026!
    A lot of this generated content includes things like images, which poses a real concern over the values we’re translating to people. The content we consume shapes the way we think and if all we have is artificial, then what message is that conveying?
    An example of this is Dove’s recent advert, which showed an example of AI generating images of very unobtainable ideals of a beautiful face. Which were predictably absolutely flawless, almost inhuman and something that can only be achieved through photo editing. If the internet was flooded with this sort of imagery, then that starts to become the expectation to live up to, which can be tremendously damaging to people’s self-esteem. They then went on to show actual unedited people, in all their varied and wonderful glory and stated that they will never use AI imagery in any of their future marketing or promotional material.
    Which sends a very strong message – AI definitely has its place, but we need to fully consider the implications and consequences of it’s use and possible oversaturation.
    [05:20] #2: Traceability, transparency and reliability - Information sourced via AI is not always correct – It collates information published online, and as many of us are aware, not everything on the internet is correct or accurate.
    Data sets carelessly scrapped from online sources may also contain sensitive or unsavoury content. We’ve had cases where people have managed to ‘break’ Chat GPT, causing it to spew out nonsense answers which also contained sensitive information such as health data and personal phone numbers. While not usually accessible when requested, it does not stop the risk of this data being dug up through exploits. AI is like any other

    • 19 min
    #172 Effectively Responding to a Cyber Incident with Epiq

    #172 Effectively Responding to a Cyber Incident with Epiq

    Nearly 60% of businesses that are impacted by a cyber incident go out of business within the 6 months following.
    With our heavy reliance on technology to keep both businesses and services running, it’s imperative that everyone take cyber risk seriously.
    However, incidents will inevitably happen and it’s up to you to ensure that your business is prepared to ride out the wave, and hopefully make a full recovery!
    We invited Jack Morris, Account Director at Epiq, back onto the show to discuss the consequences of not being prepared for a cyber incident and the key steps businesses should take in the event of an incident.
    You’ll learn
    ·      Who are Epiq?
    ·      What does the current cyber incident landscape look like? 
    ·      What are the consequences if a business does not respond to a cyber incident effectively?
    ·      How can a business detect if they’re being attacked?
    ·      How should businesses respond in the event of a cyber incident?
    ·      What role does a legal team play in incident response?
     
    Resources
    ·      Epiq
    ·      Isologyhub
     
    In this episode, we talk about:
    [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo.
    [02:05] Episode summary: Today Mel is joined by guest Jack Morris, Account Director at Epiq, to discuss how businesses should respond to a cyber incident.
    [03:00] Who are Epiq?  – Epic is a global leader in technology enabled legal services. In fact, it supports 90% of the top law firms globally! With over 8000 employees spread over 19 countries, it helps to support corporations, law firms and government agencies across the globe.
    [04:35] What constitutes a cyber incident and why is it so important to respond effectively? – A cyber incident refers to unathorised access or attempted access to an organisation’s IT systems. Types of incident include breaches, malicious attacks (e.g. Ransomware), and accidental events (e.g. Fire Damage). Responding effectively is crucial to minimize damage and protect sensitive data.
    [05:40] What does the cyber incident landscape currently look like, and what challenges will organisations face in responding to an incident? : The cyber incident landscape is ever evolving, but here are some key trends we saw in 2023:
    Attacks on the rise – the number of organisations posted on ransomware and data theft sites increased by over 70% year-on-year.
    Business Email Compromise (BEC) incidents surged by 67% in 2023 – these events are where people within an organisation fall victim to phishing or similar – clicking on malicious links which ultimately compromise your mailbox.
    For me, there are 3 main challenges that organisations face when responding to a cyber incident:
    ·      Day-to-day management – balancing the technical aspects of the incident with broader business continuity, communications, financial and legal considerations. This can be hugely difficult for an organisation, during and already high stakes situation.
    ·      Expertise and support – navigating the complex legal, technical and operational aspects of an incident
    ·      Data-focused impact – understanding and assessing the risk to data after resolving an incident.
    [10:00] What are the solutions to these challenges?  – Understanding the various external expertise and support available to a business, whether that be engaging with a law firm, a cyber incident response expert and cyber insurer will give you access to support with both the day-to-day management of an incident, as well as the legal, operational and commercial impact of said incident.
     [12:10] What are the consequences for an organsiation that does not respond effectively to a cyber incident? – : Failing to respond effectively to a cyber incident often leads to a variety of sever co

    • 43 min
    #171 Proactive Steps to Mitigate Cyber Incident Risk with Epiq

    #171 Proactive Steps to Mitigate Cyber Incident Risk with Epiq

    Cyber incidents are on the rise as data shows there was a 20% increase in data breaches from 2022 to 2023. 
    Technology has become an integral part of most businesses, especially post pandemic where many who may have avoided this reliance on tech had no choice but to adapt to survive.
    As a result, the question of businesses being affected by a cyber incident has become ‘when’ rather than ‘if’.  However, there are a number of steps you can take to mitigate risks ahead of any potential incidents.  
    We invited Jack Morris, Account Director at Epiq, to discuss cyber incidents, the importance of being proactive in reducing cyber incident risk and the steps you can take to mitigate these risks. 
    You’ll learn
    ·      Who are Epiq?
    ·      What is a cyber incident?
    ·      The importance of being proactive in reducing the risk of an incident
    ·      What can organisations do to be proactive in mitigating cyber incident risk?
    ·      What are forensic tabletop exercises, and how do they enhance preparedness?
    ·      Why might an organisation need to get an incident response retainer?
    ·      What role do Information Governance consultants play in reducing cyber risk?
     
    Resources
    ·      Epiq
    ·      Isologyhub
     
    In this episode, we talk about:
    [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo.
    [02:05] Episode summary: Today Mel is joined by guest Jack Morris, Accoutn Director at Epiq, to discuss how to mitigate cyber incident risk.
    [02:40] Who are Epiq?  – Epic is a global leader in technology enabled legal services. In fact, it supports 90% of the top law firms globally! With over 8000 employees spread over 19 countries, it helps to support corporations, law firms and government agencies across the globe.
    [04:31] Who is Jack Morris? – Jack joined the industry relatively fresh out of university, starting at an organisation called Kroll where he was focused on data management – including overcoming ransomware infected devices and essentially allowing organisations to get access to data that was previously taken away from them.
    Kroll was later acquired by Duff and Phelps and went through a turbulent time of many name changes before settling on Kale Discovery. He ended up leaving a year ago and joined Epiq as an Account Director.
    Jack’s role at Epiq includes being a facilitator, introducing law firms, corporations and cyber insurers to best in class people and technology.
    [06:40] What is a cyber incident?: A Cyber Incident is any unauthorised or unexpected event that compromises the confidentiality, integrity or availability of an organisation’s information systems, data or network. Incidents can range from data breaches and malware infections to single mailbox compromises and insider threats.
    Organisations looking to combat information security risks should consider ISO 27001, as it’s key principles include the confidentiality, integrity or availability of your businesses information.
    [08:29] Why is it important for organisations to be proactive in reducing their risk of an incident, no matter the size of your business?  – Let’s look at some startling statistics:
    In 2022, 39% of businesses in the UK identified a cyber attack in the previous 12 months. Of this 39%, 31% of those businesses experienced attacks at least once a week.
    48% of Small to Medium Businesses, globally, experienced a cyber incident in the last 12 months, with 61% of all cyber-attacks specifically targeting small business.
    This is the most shocking of the statistics, and why it’s so important for us to be having these kinds of conversations around how business, no matter the size, need to be proactive in mitigating the impact of a cyber incident.
    70% of small to medium businesses in the UK believe that th

    • 39 min

Customer Reviews

4.9 out of 5
7 Ratings

7 Ratings

Princessdandyrichbrandywine ,

Really appreciate these episodes!

Thank you for creating a great show that’s thought provoking and interesting!
Many thanks,
Doone

Alistair MacFadyen ,

Great ISO Podcasts

Thanks for the podcasts they all are informative, keep up the great work.

Thank you

Lorna@LSL ,

Opening Eyes to ISO

I have always seen ISO as a tool for big companies I have helped to achieve certification in this arena what I was not aware of was that Micro businesses can also benefit and for me that is a game changer these shows are informative but easy to listen too a definite call to action for any business and I would recommend it to everyone

Top Podcasts In Business

The Diary Of A CEO with Steven Bartlett
DOAC
A Book with Legs
Smead Capital Management
The Martin Lewis Podcast
BBC Radio 5 Live
Prof G Markets
Vox Media Podcast Network
Working Hard, Hardly Working
Grace Beverley
More or Less: Behind the Stats
BBC Radio 4

You Might Also Like

Coaching for Leaders
Dave Stachowiak
The Virtual CISO Podcast
John Verry
Today in Focus
The Guardian
The Case for Safety Podcast
The Case for Safety Podcast