The ISO Show Blackmores UK

Cyber incidents are on the rise as data shows there was a 20% increase in data breaches from 2022 to 2023. 
Technology has become an integral part of most businesses, especially post pandemic where many who may have avoided this reliance on tech had no choice but to adapt to survive.
As a result, the question of businesses being affected by a cyber incident has become ‘when’ rather than ‘if’.  However, there are a number of steps you can take to mitigate risks ahead of any potential incidents.  
We invited Jack Morris, Account Director at Epiq, to discuss cyber incidents, the importance of being proactive in reducing cyber incident risk and the steps you can take to mitigate these risks. 
You’ll learn
·      Who are Epiq?
·      What is a cyber incident?
·      The importance of being proactive in reducing the risk of an incident
·      What can organisations do to be proactive in mitigating cyber incident risk?
·      What are forensic tabletop exercises, and how do they enhance preparedness?
·      Why might an organisation need to get an incident response retainer?
·      What role do Information Governance consultants play in reducing cyber risk?
 
Resources
·      Epiq
·      Isologyhub
 
In this episode, we talk about:
[00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo.
[02:05] Episode summary: Today Mel is joined by guest Jack Morris, Accoutn Director at Epiq, to discuss how to mitigate cyber incident risk.
[02:40] Who are Epiq?  – Epic is a global leader in technology enabled legal services. In fact, it supports 90% of the top law firms globally! With over 8000 employees spread over 19 countries, it helps to support corporations, law firms and government agencies across the globe.
[04:31] Who is Jack Morris? – Jack joined the industry relatively fresh out of university, starting at an organisation called Kroll where he was focused on data management – including overcoming ransomware infected devices and essentially allowing organisations to get access to data that was previously taken away from them.
Kroll was later acquired by Duff and Phelps and went through a turbulent time of many name changes before settling on Kale Discovery. He ended up leaving a year ago and joined Epiq as an Account Director.
Jack’s role at Epiq includes being a facilitator, introducing law firms, corporations and cyber insurers to best in class people and technology.
[06:40] What is a cyber incident?: A Cyber Incident is any unauthorised or unexpected event that compromises the confidentiality, integrity or availability of an organisation’s information systems, data or network. Incidents can range from data breaches and malware infections to single mailbox compromises and insider threats.
Organisations looking to combat information security risks should consider ISO 27001, as it’s key principles include the confidentiality, integrity or availability of your businesses information.
[08:29] Why is it important for organisations to be proactive in reducing their risk of an incident, no matter the size of your business?  – Let’s look at some startling statistics:
In 2022, 39% of businesses in the UK identified a cyber attack in the previous 12 months. Of this 39%, 31% of those businesses experienced attacks at least once a week.
48% of Small to Medium Businesses, globally, experienced a cyber incident in the last 12 months, with 61% of all cyber-attacks specifically targeting small business.
This is the most shocking of the statistics, and why it’s so important for us to be having these kinds of conversations around how business, no matter the size, need to be proactive in mitigating the impact of a cyber incident.
70% of small to medium businesses in the UK believe that th

Businesses looking to tackle their environmental impact will need to look at how they can reduce their carbon emissions and offset any remaining emissions to ensure that they reach Net Zero.
One of the most common ways businesses offset their emissions is through the purchasing of carbon credits that typically go towards planting trees or re-wilding.
However, there are a number of new emerging trends following on from the current commodification of nature, resulting in an attitude shift from businesses who are looking to get a lot more involved in the offsetting process.
We invited Luke Baldwin, Co-founder and CEO of Nature Broking, back onto the show to explain the latest trends in the carbon market.  
You’ll learn
·      What are the latest trends in the carbon market?
·      The importance of high integrity within carbon offsetting
·      Looking for impactful solutions
·      Why education around carbon offsetting is key for long-term sustainability commitment
·      How buying carbon credits now can lead to significant savings
 
Resources
·      Nature Broking
·      Isologyhub
 
In this episode, we talk about:
[00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo.
[02:05] Episode summary: Today Mel is joined by guest Luke Baldwin, Co-founder and CEO of Nature Broking, to discuss emerging trends in the carbon market that help businesses tackle their carbon offsetting.  
[02:50] What are the key trends in the Carbon Market  – As of 2024, Luke states the leading trends as:
·      High Integrity
·      Impactful solutions
·      Education
·      Purchase carbon credits now and save later
[04:10] High Integrity – There’s now a lot of carbon credits available and due to the nature of the unregulated carbon markets, it’s led to an increase in bad actors generating revenue in a bad way.
Once example of this is Kariba, a project in Zimbabwe that aimed to tackle deforestation, which was recently exposed in the Guardian and The New Yorker for having incorrect calculations. Credits purchased towards that programme were then called into questions and any associated companies were accused of greenwashing.
To avoid this, businesses are now putting a greater focus on high integrity solutions, which involves considerations such as:
·      Are the credits durable? Will the carbon be stored long term?
·      Are their significant CO2 benefits?
·      Are the credits contributing anything besides just removing carbon? i.e. regenerative agriculture or woodland plantation
[06:20] Impactful Solutions: The carbon markets offers a lot of fantastic solutions and businesses are moving away from the quick commodification of those solutions, and are instead looking to really understand the impact of how they chose to offset their emissions.
It’s becoming more of a question of buying carbon credits that align with your values, whether this be social values or sustainability values.
They’re looking to invest in projects that will have a tangible outcome. Which is exactly what Nature Broking sets out to assist businesses with by tailoring bespoke solutions that adhere to their specific values.
[08:10] Education  – The need for more education around the carbon markets is crucial.
Luke remembers the quote “you can't love what you don't know”, which applies as how can a business truly invest in something that they don’t fully understand.
Sustainability is a mindset, and a cultural shift towards more sustainable practices starts with an education.
Carbonology uses an ISO framework, but also provide an education around the carbon reduction plan provided to inspire a mindset shift change towards sustainability.
[09:05] Blackmores experience – Blackmores

The UK is the first major economy to achieve it’s 50% reduction target for Greenhouse Gas Emissions (between 1990 and 2022). However, we’ve still got a lot of work to do to reach our 2023 target of a 68% reduction.
Many businesses are already making great strides to reduce their Impact, and while you can reduce, achieving true carbon neutrality will involve offsetting a certain amount of emissions.
One of the biggest challenges for businesses in terms of completing their offsetting is finding a credible carbon offsetting scheme.
Mel is joined by Luke Baldwin, Co-founder and CEO of Nature Broking, to discuss credible nature-based solutions for carbon offsetting.
You’ll learn
·      Who are Nature Broking?
·      What is Natural Capital?
·      How can we restore nature at scale?
·      Financing transition regenerative agriculture through the sale of natural capital
·      How have Nature Broking worked with clients to complete their carbon offsetting?
·      How can you demonstrate a credible carbon offsetting scheme?
·      What projects are Nature Broking currently working on?
 
Resources
·      Nature Broking
·      Isologyhub
In this episode, we talk about:
[00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo.
[02:05] Episode summary: Today Mel is joined by guest Luke Baldwin, Co-founder and CEO of Nature Broking, to discuss credible nature based solutions for carbon offsetting and explore some of the wonderful projects Nature Broking have been involved with.
[04:10] What is natural capital?  – Natural capital is the idea of creating value from nature. What natural capital does is, it encompasses all the things that we get from nature that we rely on. That could be the shelter in your house all the way through to carbon offsets.
[04:55] Who are Nature Broking? – Nature Broking’s story starts off on a somber note. Sadly, Luke lost one of his friends in a mountaineering accident, and in his memory, Luke and another friend rewilded one acre of Scottish Borders Woodlands. This is something they make a point to visit every year, to pay tribute and to keep their living, breathing monument of his friends memory alive and well.
The experience was an eye opening one. For as lovely as the process was, it was incredibly expensive, and not very easy to do. Luke then realised that philanthropy alone wasn't going to be able to cover the costs of what we required to restore nature.
Looking into the matter further he found that 50% of the world's GDP is moderately or highly dependent on nature and that the UK, whilst green and beautiful, sits in the bottom 10%.
And so, an idea was sparked. Together his friend and Co-founder Andy started down the nature restoration path and created Nature Broking.
[06:20] What is Nature Broking’s mission?: Nature Broking have 2 major missions:
#1: Help restore nature at scale
#2: Help finance a transition to regenerative agriculture
[06:34] How can we restore nature at scale?  – The UK Government has set targets of halting nature decline by 2030, with a view to increase nature by 2045.
The Green Finance Institute has calculated that there is a funding gap of about 56 billion in order for us to achieve our legally binding environmental targets. That’s a hefty sum to put on public money and philanthropy, which is where private markets and business can make a big impact.
Frameworks like PAS 2060 (ISO 14068) help businesses invest in nature, and with the creation of carbon credits, carbon has been commodified to make it more accessible for businesses to contribute to carbon offsetting.
[08:20] How can we help finance transition regenerative agriculture through the sale of natural capital? – Regenerative agriculture is about restoring the soils, restorin

The UK recently hit a huge milestone, according to the Department for Energy Security and Net Zero (DESNZ), the UK have reduced their Greenhouse Gas Emissions by 50% between 1990 and 2022. 
The UK are the first major economy to achieve this, however we’ve still got a lot of work to do to meet our 2030 target of a 68% reduction.
Over the past few years there have been a number of schemes aimed at businesses to help tackle their impact, specifically their energy consumption. Here in the UK, ESOS (The Energy Savings Opportunities Scheme) was introduced as an implementation of the EU Energy Efficiency Directive and has been a mandatory undertaking for large organisations that fit the criteria.
Recently, that scheme has been updated and a number of changes have come into effect for Phase 3. 
Ian Boylan, Chief Executive Officer at ISO Baseline, joins Mel to explain the recent changes to ESOS, how they affect organisations in the UK and EU and how ISO Baseline’s software can help businesses consistently manage their energy consumption in alignment with ISO 50001 (The Energy Management Standard).
You’ll learn
·      Who are ISO Baseline?
·      What is the Energy Savings Opportunities Scheme (ESOS)?
·      What are the changes to ESOS?
·      How do the changes affect those who currently comply using ISO 50001
·      What are the changes to the ESOS eligibility requirements?
·      How can ISO Baseline help businesses with their ISO 50001 and ESOS compliance?
 
Resources
·      ISO Baseline
·      Isologyhub
·      ISO 50001
 
In this episode, we talk about:
[00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo.
[02:05] Episode summary: Today Mel is joined by guest Ian Boylan, Chief Executive Officer at ISO Baseline, to discuss the changes to The Energy Savings Opportunities Scheme (ESOS), and how the changes will affect the European Directive on energy management and energy reporting.
[03:20] Who is Ian and ISO Baseline?  – Ian has been involved with ISO Standards for a number of years, starting with the technical aspects of building Management Systems, to working with Certification Bodies as an auditor for Management Systems.
From this experience, Ian really got to understand the challenges that organisations face when implementing ISO Standards. Challenges such as maintenance to ensure they are achieving their requirements and objectives.
Which is where the concept for ISO Baseline was born. Targeted specifically towards the Energy Management Standard ISO 50001, ISO Baseline’s software allows organisations to manage their energy processes and provide evidence that you are meeting your energy objectives.
[05:30] What features are included in ISO Baseline’s software? – Features include:
Energy reporting: Information can be displayed in graph or Sankey diagrams to help visualize your energy performance.
Identification of opportunities: Any opportunities for improvement found in the provided energy report will be recorded in an ‘Opportunities Register’
Financial Assessments: Work out life-cycle costs for assets, which can be used as a guide to establish possible savings by implementing suggested improvements.
[07:25] What is ESOS?: ESOS was introduced when we were still a part of the European Union, when there was a European Directive on energy efficiency.
It placed a requirement on member states in the EU to put together schemes for ensuring that large organisations undertake energy audits on a regular 4 yearly basis. In the UK this was adopted as the ESOS regulations.
For many years, if a business’s ISO 50001 certification scope covered all of its energy usage, then your business was considered compliant with ESOS.
If you didn’t have an ISO 50001 Management System in plac

According to the ISO Survey, there’s been a 82.9% increase in worldwide ISO 22301 certificates issued following 2020.
Business Continuity is a must have for businesses who want to ensure long-term survivability following a disruptive event. Many turn to ISO 22301 to help put a framework in place, including today’s guest – Lifelong Learner.
However, what usually takes businesses a minimum of 6 months, Lifelong Learner managed to accomplish in just 4 months across an international organisation! That is no small part due to the tremendous effort of Lifelong Learner’s Manager of Information Security, Governance, Risk and Compliance, Lauren Taylor.
Lauren joins Mel on this weeks’ episode to share her journey and explains the challenges associated with implementing a Business Continuity Management System in just 4 months.
You’ll learn
·       Who are Lifelong Learner?
·       Why did they decide to Implement ISO 22301?
·       What did they learn from implementing ISO 22301?
·       What was the biggest challenge with Implementation?
·       What are the benefits of implementing ISO 22301?
 
Resources
·       Isologyhub
·       Lifelong Learner
·       PSI Testing Excellence
·       Talogy
 
In this episode, we talk about:
[00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo.
[02:05] Episode summary: Today Mel is joined by guest Lauren Taylor who is the Manager of Information Security, Governance, Risk and Compliance at Lifelong Learner Holdings LLC.
Lifelong Learner and it’s brands represent a fusion of comprehensive workforce solutions, with a human-first focus of changing lives through assessment. This includes helping people advance in educational and career aspirations, earning or maintaining licensing or certifications, or providing the tools to develop future leaders.
Lauren has helped Lifelong Learner accomplish a massive milestone, and that’s the implementation of the Business Continuity Standard ISO 22301 across an international organisation, which she managed to do in just 4 months! She’s here to share her journey and lessons learned from implementing ISO 22301.
[03:30] Not many people know this about Lauren  – She had previously trained to be a mental health counsellor.
[04:05] Who are Lifelong Learner LLC? – Lifelong Learner is the parent company of two subsidiaries:
PSI Testing Excellence: a leading provider of assessment solutions for the licensing and certification markets, to Educational Testing Services.
Talogy: A market leader in the talent management space whose core purpose is helping organizations achieve their potential. They manage the talent management side of the business. So what they'll do is they'll put together psychometric tests that help companies find the right person for the right job, and will assist with skills development.
[05:00] Adding to Lifelong Learner’s ISO Collection: Lifelong Learner already have an impressive ISO Library, being certified to:
·       ISO 9001 – Quality Management
·       ISO 14001 – Environmental Management
·       ISO 27001 – Information Security Management
[05:20] What was the main driver behind obtaining ISO 22301? – The main driver, as with most companies, is usually a client contractor requirement, but business continuity has been something that we've wanted to look further into for a while, just because there's elements of ISO 27001 that cover the business continuity.
While we were able to get through the audits with what we had, we just felt that it just needed a little bit more building out. Business Continuity is a requirement in part of ISO 27001, but for Stakeholders that want assurance that a business has robust business continuity plans in place, ISO 22301 is

There’s no escaping it, AI is here to stay. Over the course of 2023 we’ve seen more general and public use of popular AI tools such as ChatGPT and Gemini (previously Google Bard).
It’s now even being integrated into everyday applications such as Microsoft Word and Teams. There is no doubt that there are a lot of benefits to using AI, however, with new technology comes new risks.
So how do we address the growing concerns around AI development and use? That’s where the new Standard for AI Management Systems, ISO 42001 comes in!
Join Mel this week as she explains exactly what ISO 42001 is, who it’s applicable to, why it was created and how ISO 42001 can help businesses manage AI risks.
You’ll learn
·       What ISO 42001 AI Management Systems is
·       Who it’s applicable to
·       Why it was created
·       How ISO 42001 can help businesses manage AI risks
 
Resources
·       Isologyhub
·       ISO 42001 Webinar registration
 
In this episode, we talk about:
[00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo.
[02:05] Episode summary: Today we’re touching on a very topical subject – AI, and more specifically the brand new AI Management System Standard – IS0 42001. We’ll also be exploring who it’s applicable to, why it was created and how it can help businesses manage AI risks.
[03:30] What is AI? – AI – otherwise known as Artificial intelligence, as it’s most simplest description is the science of making machines think like humans.
We’ve seen a lot of AI tools be released to the public over the last year or so, tools such as ChatGPT and Google Bard. It’s already being integrated with some of the most commonly used apps and programs like Microsoft word and Teams.
In short, AI integration is here to stay, so we may as well get to grips with it and make sure we’re using it responsibly.
[05:10] What is ISO 42001? – , ISO 42001 is the first International Standard for Artificial Intelligence Management Systems, designed to help organisations implement, maintain, and improve AI management practices.
It was jointly published in December 2023 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
The emphasis of ISO 42001 is on integrating an AI Management System with an organisations existing management system – i.e. ISO 9001 or ISO 27001 compliant management systems.
Interestingly, a lot of the specific mentions of Artificial Intelligence and Machine Learning are within the Annexes rather than the body of the Standard. The Standard itself is very similar to ISO 27001 in that it’s mostly about what organisations should be doing to manage computer systems regardless of any AI components.
[08:00] The 4 Annexes of ISO 42001:
Annex A: This acts as a Management guide for AI system development, with a focus on trustworthiness.
Annex B: This provides implementation guidance for AI controls, with specific measures for Artificial intelligence and Machine Learning – if you’d like to learn more about the difference between the two, go back and listen to episode 135.
Annex C: Which addresses AI-related organisational objectives and risk sources.
Annex D: This one is about the domains and sectors in which an AI system may be used. It also addresses certification, and we’re pleased to see that it actively encourages the use of third-party conformity assessment. This just ensures that your AI claims have more validity.
[09:15] Who is ISO 42001 applicable to? – Those annex descriptions may have you assuming that this Standard is only applicable to organisations developing AI technology but in actuality it’s applicable to any organisation who is involved in developing, deploying OR Using AI systems.
So if you’re