The ISO Show

Blackmores UK
  • 0.0 (0)
  • MANAGEMENT
  • UPDATED WEEKLY

Blackmores is a pioneering consultancy firm with a distinctive approach to working with our clients to achieve and sustain high standards in Quality, Risk and Environmental Management. We'll be posting podcasts discussing ISO standards here very soon!

  1. #242 Surface Print – The Commercial Advantage of ISO 14001 for SME's

    1 DAY AGO

    #242 Surface Print – The Commercial Advantage of ISO 14001 for SME's

    A Standard like ISO 14001 may seem more appropriate for large enterprises looking to address their environmental footprint, however it can apply to any business no matter the size. All businesses produce waste, and we can all do more to save energy, resources and money in the process. For some SME's, tackling resource wastage through effective environmental management can make a huge difference. Such is the case for today's guest, Surface Print, a family owned wallpaper manufacturer managed by its 4th generation. In this episode, Ian Battersby is joined by James Watson, Managing Director of Surface Print, to discuss why they implemented ISO 14001, the related resource challenges for SME's seeking ISO Standards and benefits gained from certification. You'll learn ·      Who is James? ·      Who is Surface Print? ·      Are there any other Standards Surface Print have to adhere to as a wallpaper manufacturer? ·      Did those other Standards help with understanding the process for ISO implementation? ·      What was the driver behind ISO 14001 implementation? ·      How long did it take them to achieve ISO 14001? ·      Have they considered any other ISO Standards? ·      What were the challenges for an SME seeking ISO certification? ·      What were the benefits of implementing ISO 14001? ·      How have Surface Print leveraged ISO 14001 in marketing and communications? ·      James' top tip   Resources ·      Surface Print ·      James Watson   ·      Isologyhub ·      What is the Isologyhub?   In this episode, we talk about: [02:05] Episode Summary – Managing Director of Surface Print joins Ian to discuss their journey towards ISO 14001 certification, the challenges involved with ISO implementation for SME's and the benefits felt after certification. [03:25] Who is James Watson? James Watson is the Managing Director of Surface Print, a wallpaper factory that is a family-owned business based in Lancashire. Both he and he sister are the current directors, he 88 year old father is still involved within the business. They are the 4th generation in their family to be involved with wallpaper, starting with their great-grandfather, Walter Watson, who started the business all the way back in the 1880s! [04:35] Who are Surface Print? Surface Print operate in both analogue and digital printing, with 10 large analogue printing presses and 6 state-of-the-art HP digital presses. They have two elements to the company, with Surface Print handling 3rd party printing and white labelling for interior design brands. The second is 1838 Wall Coverings, which is the original design branch that sells their designs worldwide. Surface Print are not a volume printer, they focused on high-quality manufacturing with a key focus on attention to detail. All the manufacturing occurs at the UK factory. Their typical clientele include the likes of John Lewis, Harrods and other high-end interior stores. Their 1838 Wall Coverings branch recently had a collaboration for the past 3 years with the Victoria and Abbot Museum in London, where they were allowed access to their archive for inspiration on designs. [07:35] Are there any other Standards Surface Print have to adhere to as a wallpaper manufacturer? Mainly it's the Construction Products Regulation EN 15102, which is specifically for construction products used in buildings. They also needed to get FSC certified as they were dealing with paper and wood pulp. [08:20] Did those other Standards help with understanding the process for ISO implementation? James quite honestly admits that no, none of the previous mandatory regulations helped with understanding the ISO process. As they understood that it was going to be quite the task, they outsourced help from Blackmores to assist with implementation. Alison Henshaw from our Team worked alongside Surface Print's ISO committee to break down the Standard and offer valuable consultancy on aspects such as legislation.   [09:05] What was the driver for ISO 14001 Implementation? Wallpaper manufacturing is very heavy waste. Analogue machines can have up to 10% - 20% waste per production order. With that much waste, it can quickly make the entire process very inefficient. There was also the spend on energy and gas to consider as all of those prices are increasing year-on-year. ISO 14001 could solve both of these issues while saving them a significant amount of money. [10:15] How long did it take Surface Print to achieve ISO 14001? In total, around 12 months. It would have been quicker, but there were some administration issues with the Certification Body that delayed the final Assessment.   [11:55] Have Surface Print considered any other ISO Standards? As they're only just into their first year of ISO 14001 certification, they've opted to stay focused on maturing that system before opting to go for any other Standards. [08:20] What were the challenges for an SME seeking ISO certification? Surface Print initially struggled with the administration side of ISO 14001, things like keeping on top of document and process updates, updating the legal register etc. This is where Blackmores Consultant Alison came in to bridge the gap and ensure they kept all the necessary paperwork up-to-date. They also needed more technical expertise in the area of environmental management. Their ISO committee weren't ISO experts and so there was a gap of knowledge between understanding the ISO Standard and how to apply it to the business, which is where Alison helped once again to guide them on their journey. [13:35] What were the benefits of implementing ISO 14001? Their ISO 14001 certification affects every decision made. It's not just about environmental management, it's about managing your business as a whole. The Standards actively require leadership commitment, so it starts from the top down. It's led to a more cohesive structure to making business decisions and thinking from a more environmental perspective. There have also been cost savings. Manufacturing in the UK is generally very expensive, so the more environmentally focused you can be results in savings on energy and resources. For example, Surface Print use a lot of electricity for both the machines and drying process involved in wallpaper manufacturing. They now measure their monthly energy usage against the rolls of wallpaper produced. They also installed solar panels which saved them a significant amount of electricity usage over the last year. They're also investing in newer equipment to help with efficiency, making plans on how to reduce gas usage. It's also helped with their general business administration as documentation needs to be kept up-to-date. The whole process is now a lot more thorough, and has greatly improved their general monitoring and measurement processes. They also have confidence in their regulatory and legal compliance, as ISO Standards have this as a basic requirement. Many opt to use a Legal Register to help keep all this information in one location. Surface Print also found that they can answer client questions quicker due to the amount of documented information at their fingertips, this now includes more environmental based questions, which are cropping up more often.   [18:35] How have Surface Print leveraged ISO 14001 in marketing and communications? Surface Print often get asked by potential brand clients 'What's the benefit of working with you?', to which they can answer with a sustainability statement which lists all of the benefits. The first point of which is ISO 14001 certification, which is a globally recognised mark of effective environmental management. They ensure that their environmentally conscious stance is first and foremost in marketing and external communications. This is not done out of a forced obligation, Surface Print have chosen to do the right thing, which is becoming the norm. To not think about the environment, especially in high-waste industries, is generally frowned upon. [20:25] James' top tip for those thinking about implementing an ISO Standard – ISO implementation can cost a fair amount up-front, but the cost saving benefits within a year can supersede that investment. You will see a lot of big improvements at the start, once your system matures you can expect to see those improvements slow in rate while still driving continual improvement at a steady pace. With the addition of effective monitoring and measurement, those improvements are quantifiable, so you can really see the results of your investment. [23:25] James' book recommendation – Guinness Book of World Records [23:55] James' favourite quote – "You can take a horse to water, but you can't make it drink" If you'd like to learn more about Surface Print, check out their website. We'd love to hear your views and comments about the ISO Show, here's how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

    26 min
  2. #241 Raise your Game With The Leadership Powerup Gameplan

    28 JAN

    #241 Raise your Game With The Leadership Powerup Gameplan

    An ISO Management System can't survive without Leadership engagement. It was seen as such an essential aspect that 'Leadership commitment' became a key requirement of many ISO Standards back in 2015 when the Annex SL format was adopted. It's easy to see why. An effective Management System will provide vital information for top management to make decisions on processes, policies and strategic direction. So, how do you get leadership involved with your ISO management system? In this episode, Steph Churchman is joined by Sarah Ball, the Service Improvement Manager at Blackmores, to discuss why leadership involvement is so crucial to effective ISO management, and explains how you can get their buy in whether you've got a mature system or are newly implementing ISO Standards. You'll learn ·      What is the isologyhub? ·      What issue is the Leadership Powerup tackling? ·      Who is the Leadership Powerup aimed at? ·      What are the six steps in the Leadership Powerup Gameplan?   Resources ·      Isologyhub ·      What is the Isologyhub? ·      The Integral Role of Leadership within ISO ·      Aligning Objectives with Strategic Direction   In this episode, we talk about: [02:05] Episode Summary – Blackmores Service Improvement Manager joins Steph on this episode to talk about the crucial role leadership plays in ISO management, and how you can get the most out of their involvement. [00:45] What is the isologyhub? The isologyhub is our online learning platform for all things ISO. Its main feature is the ISO Roadmap, a 7-step guided approach to implementing your own bespoke ISO 14001 compliant Environmental Management System. Since it's creation, it's grown to hold a library of over 200+ ISO related resources. The content available varies from quick accessible content such as ISO templates, ISO handbooks and short from video training we call Coffee Break Training which explain key elements of ISO Standards. This goes onto more in-depth content such as our ISO Pathways which take you through 3 levels of learning to help you progress from Learner to leader in your chosen subject area. There's other exclusive content on there which you can dip into, including ISO templates, training videos and previous workshops covering topics such as ESG and AI management. We also have a number of Gameplans, which are essentially guides where people can work through a particular set of information about a topic and get practical guidance that can be applied within their own organisation.   [02:05] What issue is the Leadership Powerup tackling? In the past, it was quite easy for leadership to lose interest in the Management System once it had been implemented. This was in part due to how Standards used to be written, and would result in the system being delegated to specific individuals. In 2015 this, along with a number of other issues, were addressed and a new clause structure was introduced. This means that Leadership Commitment now isn't optional, as it's a direct requirement of all ISO Standards (Clause 5 typically).   The Leadership Powerup Gameplan aims to help leadership understand their role in making the Management System effective for the wider business. It helps to assess their current level of commitment and guides you through a path of improvement to get them to be a positive ambassador for the Management System. Where leadership is concerned, it's important to remember that you're leading by example. If you don't care about the Management System, why should anyone else? For those that want more of a deep dive on Leadership's role within ISO, check out a previous podcast. [06:05] Who is the Leadership Powerup aimed at?: As a minimum it should be the individual or team that have day-to-day responsibilities relating to the management system. Ideally you would also want a member of leadership, as you'll need their input to gauge the current level of commitment. [06:50] What are the six steps in The Leadership Powerup?: Step 1: Evaluate Leadership – For this step it's important that you're 100% honest in your reflection of how leadership are currently promoting and engaging with the management system. It includes a workbook to help you self-score, though we recommend getting a team involved who can help shape a full perspective their engagement in reality.  The included workbook also contains examples of key causes for a lack of leadership engagement. It walks you through the reasons for these causes, as it's only through understanding why something is happening is when you can seek to resolve the issues. Step 2: Boosting Knowledge - This section works through what good looks like in terms of effective leadership commitment. You need to be able to understand the ideal end point before you can plan on how to get there. Included in this section are key definitions and videos that break down what good looks like for leadership commitment. Step 3: Planning Your Process – During this step you will plan on how to reach your end goal. By this point you will have assessed your current level of leadership commitment and you will have a good idea of what good looks like. Included in this step is another workbook that will guide your planning process to answer the following questions: ·      What do you want to achieve by the end of the Gameplan? ·      What does good leadership engagement look like for us specifically in this business? There's also a helpful section on understanding how processes interact, which is a fundamental part of ISO management. It's about how your business operates as one big system and not as siloed departments and processes. Having leadership understand that big picture so that they can communicate that impacts to certain teams does affect the whole business. Step 4: Deliver Data – This section is all about information. Leaders love data as it helps them to make informed business decisions. This step guides you through what sort of data you should be gathering and how it can be presented to leadership. This is crucial as it links back to one of the fundamentals of quality management, that being data-driven decision making. This could be in the form of customer feedback or employee feedback, or in other metrics such as health & safety incident etc. It's all about making the most of this data. Step 5: Strengthening Strategy – It's very important that your ISO management system aligns with your businesses' strategic direction. This is a key way that you can get leadership involved in the management system, as the business direction will already be a key focus for them. Ensuring the management system not only aligns but helps to facilitate that will ensure that it stays at the forefront of their minds. This step provides you with guidance on how to go about aligning leadership priorities and management system priorities. Step 6: Consolidating Compliance – This step is about ensuring that you are doing what you say you're doing. The key part of leadership involvement includes leading by example, such as reviewing policies and updating them if they are no longer working for the business. It's about continuous review and implementation of key feedback and communication of changes happening within the management system from top management down. This Gameplan can be useful for businesses where the Management System has been in place for a while and may not require their direct attention once certification has been achieved. In order to drive effective continual improvement, it's key that they still keep that management system at the core of their activities. It can also be helpful when there is a change in leadership, and new individuals may not know what their level of involvement should be.  If you'd like to become a member of the isologyhub, we have an exclusive 20% discount available for listeners, simply Contact Us and quote: Isologyhub20 to claim that discount. We'd love to hear your views and comments about the ISO Show, here's how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

    17 min
  3. #240 Revitalise your Audits with the Audit Accelerator Gameplan

    21 JAN

    #240 Revitalise your Audits with the Audit Accelerator Gameplan

    Internal Audits are a key part of any ISO Implementation journey, they are also a necessary vehicle to drive continual improvement. For those with more mature ISO Management Systems, it can be easy for Internal Audits to become a bit of a rinse and repeat exercise. This can lead to stagnation of meaningful results, especially if you're asking the same people the same questions year on year. So how can you revitalise the Audit process? In this episode, Steph Churchman is joined by Sarah Ball, the Service Improvement Manager at Blackmores, to discuss the challenges associated with repeated internal audits, and how you can refresh the process to ensure you get meaningful results to drive continual improvement. You'll learn ·      What is an Isologyhub Gameplan? ·      What issue is the Audit Accelerator tackling? ·      Who is the Audit Accelerator aimed at? ·      What are the five steps in the Audit Accelerator Gameplan?   Resources ·      Isologyhub ·      What is the Isologyhub?   In this episode, we talk about: [02:05] Episode Summary – Blackmores Service Improvement Manager joins Steph on this episode to talk about the challenges many face when completing internal audits in an annual basis, and how these can be refreshed to ensure valuable output.    [00:45] What is the isologyhub? The isologyhub is our online learning platform for all things ISO. Its main feature is the ISO Roadmap, a 7-step guided apprach to implementing your own bespoke ISO 14001 compliant Environmental Management System. Since it's creation, it's grown to hold a library of over 200+ ISO related resources. The content available varies from quick accessible content such as ISO templates, ISO handbooks and short from video training we call Coffee Break Training which explain key elements of ISO Standards. This goes onto more in-depth content such as our ISO Pathways which take you through 3 levels of learning to help you progress from Learner to leader in your chosen subject area. There's other exclusive content on there which you can dip into, including our full workshop recordings which have covered topics such as utilising ISO Standards for ESG compliance, how to integrate ISO Standards and how to complete an AI impact Assessment. [02:10] What is an isologyhub Gameplan? Gameplans have been designed to be actionable pieces of content within the Isologyhub. They are guides where people can work through a particular set of information about a topic and practical guidance that can be applied within the own organisation. Each game plan is structured around a kind of area that is quite commonly a difficult area for many organisations managing ISO Standards. Each Gameplan also includes a number of Workbooks to help you through each step, whether as an individual or as part of a team. [04:00] What issue is the Audit Accelerator tackling? internal audits are a fundamental part of any ISO management system, but it's also something that can get a little bit stale when you've had a management system for a while. It can tend to feel a little bit like a rinse and repeat exercise where you're having similar conversations with the same people about the same processes, which isn't what internal audits should be. The reason they're in the standards in the first place, is to help push continual improvement. For example, if you've got a quality management system, you'll be looking to ensure that processes are being followed, but also where there are opportunities to improve. This is where a lot of people drop the ball in mature systems. Internal Audits can be intimidating for some, and can be rushed as just something that needs to get done. But by rushing them, by not talking the proper time to speak to different individuals, you are missing out on valuable information that can ultimately help you improve your services and way of working. The Audit Accelerator Gameplan was designed to help you to really get the most out of those internal audits, give the process a bit of a refresh and rethink how you're approaching your audit planning. It also provides guidance on how you can get better engagement from the wider business with audits. Refreshing the process will help you to gain new perspectives, and ensure that internal audits becomes a positive experience that everyone can engage with, no matter what level they are at within the business.   [08:15] Who is the Audit Accelerator aimed at?: The person who's responsible, or personal team who is responsible for coordinating the internal audit plans within an organisation. It's aimed at those so that they can help the wider business to understand what audits are about, and also so that they can also look at how they're planning audits. [09:15] What are the five steps in The Audit Accelerator?: Step 1: Check – This step helps you to assess where you currently are with your Audit Program. It includes a workbook with a checklist that you can work through, this will give you a score to indicate how well you're doing and where you can improve. It asks questions such as: ·      How effective are the audits that you're doing in your business? ·      Are there areas that you could perhaps make improvements? Step 2: Challenging Assumptions - This step provides information about what the purpose of internal audits are, why people have misconceptions about them, what some of the common fears and concerns are about audits, so that you can start addressing them within your business. This can include simply talking to your colleagues in a more positively framed way about Internal Audits. Another suggestion is changing the name 'Internal Audit', especially if it has negative connotations within the business. The Standard doesn't say they have to be called anything, as long as you're asking people about how things are done, ensuring processes are being followed and allowing people to suggest improvements, the way you go about doing to (including the name) can be done in whatever way works best for your business. This step also includes the main workbook that you will work through for the rest of the steps. Step 3: Change It Up – This sections includes a few different videos about different ways of planning audits and different ways of explaining audits to your colleagues so that they feel a little bit more comfortable about them and understand the benefits and real opportunities that come from participating in audits as well. Step 4: Collaboration – This step stresses that it's really important that Internal Audits is not something driven solely by just one person. Everyone has a positive part to play in the process. This includes Management, as they need to hear audit feedback and make changes where required. This helps to show that audits drive meaningful change, and should encourage everyone to have their say. So, this step is really about making sure that management, audit planners and auditees understand their role in the process. Step 5: Check Again – This involved going back to that initial assessment of where you were when you started the Gameplan, and reassessing after you've implemented some of these improvements through the improvement workbook and seeing if you have moved the goalpost from that initial assessment. Hopefully you'll have a much higher score to show how much you've progressed after following the Gameplan steps.  If you'd like to become a member of the isologyhub, we have an exclusive 20% discount available for listeners, simply Contact Us and quote: Isologyhub20 to claim that discount. We'd love to hear your views and comments about the ISO Show, here's how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

    17 min
  4. #239 2025 ISO Standard Wrap Up and Looking Ahead

    17/12/2025

    #239 2025 ISO Standard Wrap Up and Looking Ahead

    It's been a busy year for ISO Standards, with that set to ramp up in 2026 thanks to upcoming Standard transitions. Before we dive into a new year, we'd like to take a step back and highlight some of the key ISO milestones from 2025.  In this episode, Steph Churchman, Communications Manager at Blackmores, looks back at the major Standard updates from 2025, including changes to existing Standards, new ISO's published and key upcoming changes you need to be aware of for 2026.   You'll learn ·      What ISO Standards have been updated in 2025? ·      What new ISO Standards were published in 2025? ·      What Standards are due to be published in 2026? ·      What ISO transitions do you need to be aware of in 2026? Resources ·      Isologyhub   In this episode, we talk about: [02:05] Episode Summary – Steph reviews major ISO Standard updates from 2025, including changes to existing ISO Standards, new Standards published and what you need to know going into 2026.   [02:34] What ISO Standards have been updated in 2025?: ISO 27701:2025: This is the Standard for Privacy Information Management and it recently received an update in October 2025. Key updates to this Standard include: ·      This is now a stand-alone Standard and can be implemented without an existing ISO 27001 ISMS in place. ·      The addition of further guidance for data processors and controllers. ·      Provides greater clarity on managing personal data within AI and digital ecosystems ·      More focus on organisational leadership involvement. ·      The update now aligns ISO 27701 more closely with global regulations such as GDPR, CCPA and LGPD. ISO 37001:2025, the Standard for Anti-bribery. This one was well overdue an update, with its last version being 2016! It's update arrived on 2nd Feb 2025, and included: - ·      Text harmonisation with the other ISO 37000 family of Standards, such as ISO 37301 (compliance management systems), ISO 37000 (governance of organisations) and ISO 37008 (internal investigations of organisations) to ensure consistency and easier integration. ·      The latest version now formally introduces the concept of anti-bribery culture and emphasises its importance for the effectiveness of the management system. ·      A greater emphasis on the role of top management and their involvement in overseeing the management system. ·      A new requirement has been added for awareness and training as fundamental asset for management system results. ·      It also receives the added climate change amendment, which many ISO's already embedded back in 2024 – learn more about that here. ·      And lastly, there's more comprehensive definitions of conflict-of-interest as well as procedures to raise awareness on reporting potential and actual conflicts. ISO 50002, the standard for energy audits. This isn't a certifiable standard, but rather a guidance document to support the energy management standard ISO 50001. The recent update has now split this Standard into 3 parts: ·      ISO 50002 part 1: General requirements with guidance for use. ·      ISO 50002 part 2: Guidance for conducting an energy audit in buildings. ·      ISO 50002 part 3: Guidance for conducting an energy audit in processes Most of the revisions focused on strengthening and adding further clarification to energy auditing principles such as Competency, Confidentiality, Objectivity, access to equipment, resources and information, Evidence-based approach and Risk-based approach Lastly, this update also clearly specifies the requirements for energy auditor competence. [07:10] What new ISO Standards were published in 2025? ISO 42006 - Requirements for bodies providing audit and certification of artificial intelligence management systems. This is a guidance Standard that actually relates to certification bodies rather than businesses choosing to implement ISO 42001. It builds on ISO 17021-1 and ensures that certification bodies operate with the competence and rigour necessary to assess organisations developing, deploying or offering AI systems. While one that you as a business may not have to worry about, it's a positive addition to the growing ISO 42000 family of Standards, which are currently the only global frameworks for best practice for AI Management. ISO 17298 Biodiversity - Considering biodiversity in the strategy and operations of organizations. ISO 17298 ultimately aims to help organizations of all types and sizes understand how they depend on and impact nature – and take concrete action to address it. It includes guidance to help you: ·      Understand your biodiversity impacts, dependencies and risks ·      Identify opportunities for green growth and nature-positive finance ·      And develop and implement a credible biodiversity action plan   [09:45] What new ISO Standards are due to be published in 2026? ISO 53001 management system requirements for the United Nations Sustainable Development Goals. Many businesses have already done the hard work behind aligning their ESG activities with the UN SDG's, and will soon be able to benefit from certification to an internationally recognised Standard to help manage and improve their performance against those SDG goals. The Standard provides a framework for an SDG management system that will: ·      Enhance the organization's SDG performance. ·      Fulfil compliance obligations. ·      Achieve selected SDG objectives. ·      Create trust and confidence to relevant existing and future stakeholders If you wanted to get a head-start, the guidance document ISO 53002: Guidelines for contributing to the United Nations Sustainable Development Goals is available to download for free right now. ISO 14060: Net Zero Aligned Organisations. This Standard details requirements for how any type of organization can demonstrate that their net zero strategy is achievable, and that they are making credible and verifiable progress towards contributing to global net zero in line with the Paris Agreement. There are a lot of country specific legislation and regulations now in effect, or soon to be in effect, but there is a lack of clarity around what it actually means to be Net Zero. This is where ISO 14060 comes in, to create a globally accepted definition of what it means for an organisation to be net zero. In addition, this Standard will also: ·      Define what constitutes a credible net zero strategy at an organisational level ·      Establish how targets should be set, measured and delivered ·      Require organisations to align with the goals of the Paris Agreement ·      Build on existing ISO standards such as ISO 14064 for GHG verification and ISO 14068-1 for Carbon Neutrality ·      Have a focus on organisational claims, not product or event-level claims ·      And lastly it will be globally applicable and adaptable across sectors. [12:50] What ISO Standard updates do you need to be aware of for 2026?: The anticipated update to the leading environmental management system Standard, ISO 14001, is expected to be published in Q1 of 2026. It doesn't appear to have many major changes, but rather just further guidance and clarification in a few areas, including: ·      Modernised terminology and harmonised structure that aligns with other ISO Standards ·      Stronger focus on environmental conditions ·      Clearer EMS scope with life-cycle perspective ·      Again, we see a greater focus on leadership accountability ·      Refined risk-based planning ·      Introduction of a new change-management clause ·      Extended operational control to suppliers ·      Restructured management review ·      And an expanded Annex A for explanatory notes ISO 9001 is also due a revision. It was expected out around a similar time as ISO 14001, but following its public comment round, it's gone back under revision to make more changes after that feedback. As a result, this has pushed the expected publication date to either Q3 or possibly even Q4 of 2026. Now despite it going back into revision following feedback, the changes are still expected to be minor. Some of the expected changes include: ·      Impact of digital transformation – such as AI ·      Improved supply chain resilience ·      Proactive risk management and risk-based thinking ·      Quality culture and awareness of ethical behaviors ·      And increased attention to customer satisfaction Looking even further forward, ISO 45001 will also be up for revision soon, though that isn't expected to be published until 2027. We'll give you more details as soon as a draft version has been made available. All of these transitions will include a 3-year grace period, so there's no need to panic. Over the next year, we'll cover these changes in more detail, and will provide a variety of ISO Support options to help you manage and complete your ISO transitions. That's it from us for 2025! We look forward to brining you more ISO knowledge in 2026 😊 We'd love to hear your views and comments about the ISO Show, here's how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

    17 min
  5. #238 Umony's ISO 42001 Journey - Setting the Standard for effective AI Management

    12/12/2025

    #238 Umony's ISO 42001 Journey - Setting the Standard for effective AI Management

    AI has become inescapable over the past years, with the technology being integrated into tools that most people use every day. This has raised some important questions about the associated risks and benefits related to AI. Those developing software and services that include AI are also coming under increasing scrutiny, from both consumers and legislators, regarding the transparency of their tools. This ranges from how safe they are to use to where the training data for their systems originates from. This is especially true of already heavily regulated industries, such as the financial sector. Today's guest saw the writing on the wall while developing their unique AI software, that helps the financial sector detect fraud, and got a jump start on becoming accredited to the world's first best practice Standard for AI, ISO 42001 AI Management. In this episode, Mel Blackmore is joined by Rachel Churchman, The Global Head of GRC at Umony, to discuss their journey towards ISO 42001 certification, including the key drivers, lessons learned, and benefits gained from implementation.    You'll learn ·      Who is Rachel? ·      Who are Umony? ·      Why did Umony want to implement ISO 42001? ·      What were the key drivers behind gaining ISO 42001 certification? ·      How long did it take to implement ISO 42001? ·      What was the biggest gap identified during the Gap Analysis? ·      What did Umony learn from implementing ISO 42001? ·      What difference did bridging this gap make? ·      What are the main benefits of ISO 42001? ·      The importance of accredited certification ·      Rachel's top tip for ISO 42001 Implementation   Resources ·      Umony ·      Isologyhub   In this episode, we talk about: [02:05] Episode Summary – Mel is joined by Rachel Churchman, The Global Head of GRC at Umony, to explore their journey towards ISO 42001 certification. [02:15] Who is Rachel?: Rachel Churchman is currently The Global Head of GRC (Governance, Risk and Compliance) at Umony, however keen listeners to the show may recognise her as she was once a part of the Blackmores team. She originally created the ISO 42001 toolkit for us while starting the Umony project under Blackmores but made the switch from consultant to client during the project. [04:15] Who are Umony? Umony operate in the financial services industry. For context, in that industry every form of communication matters, and there are regulatory requirements for firms to capture, archive and supervise all business communications. That covers quite a lot! From phone calls, to video calls, instant messaging etc, and failures to capture that info can lead to fines. Umony are a compliance technology company operating within the financial services space, and provide a platform that can capture all that communications data and store that securely. [05:55] Why did Umony embark on their ISO 42001 journey? Umony have recently developed an AI platform call CODA, which uses advanced AI to review all communications to detect financial risks such as market abuse, fraud or other misconduct. This will flag those potential high-risk communications to a human to continue the process. The benefit of this is that rather than financial institutions only being able to monitor a very small set of communications due to it being a very labour intensive task, this AI system would allow for monitoring of 100% of communications with much more ease. Ultimately, it's taking communications capture from reactive compliance to proactive oversight. [08:15] Led by industry professionals: Umony have quite the impressive advisory board, made up of both regulatory compliance personnel as well as AI technology experts. This includes the likes of Dr.Thomas Wolfe, Co-Founder of Hugging Face, former Chief Compliance Officer at JP Morgan and the CEO of the FCA. [09:00] What were the key drivers behind obtaining ISO 42001 certification? Originally, Rachel had been working for Blackmores to assist Umony with their ISO 27001:2022 transition back in early 2024. At the time, they had just started to develop their AI platform CODA. Rachel learned about what they were developing and mentioned that a new Standard was recently published to address AI specifically. After some discussion, Umony felt that ISO 42001 would be greatly beneficial as it took a proactive approach to effective AI management. While they were still in the early stages of creating CODA they wanted to utilise best practice Standards to ensure that the responsible and ethical development of this new AI system. When compared to ISO 27001, ISO 42001 provided more of a secure development lifecycle and was a better fit for CODA as it explores AI risks in particular. These risks include considerations for things like transparency of data, risk of bias and other ethical risks related to AI. At the time, no one was asking for companies to be certified to ISO 42001, so it wasn't a case of industry pressure for Umony, they simply knew that this was the right thing to do. Rachel was keen to sink her teeth into the project because the Standard was so new that Umony would be early adopters. It was so new, that certification bodies weren't even accredited to the Standard when they were implementing the Standard. [12:20] How long did it take to get ISO 42001 certified? Rachel started working with Anna Pitt-Stanley, COO of Umony, around April 2024. However the actual project work didn't start until October 2024, Umony already had a fantastic head start with ISO 27001 in place, and so project completion wrapped up around July of 2025. They had their pre-assessment with BSI in July, which Rachel considered a real value add for ISO 42001 as it gave them more information from the assessors point of view for what they were looking for in the Management System. This then led onto Stage 1 in August 2025 and Stage 2 in early September 2025. That is an unusually short period of time between a Stage 1 & 2, but they were in remarkably good shape at the end of Stage 1 and could confidently tackle Stage 2 in quick succession. The BSI technical audit finished at the end of September, so in total from start to finish the Implementation of ISO 42001 took just under 12 months. [15:50] What was the biggest gap identified during the Gap Analysis? A lot of the AI specific requirements were completely new to this Standard, so processes and documentation relating to things like 'AI Impact Assessment' had to be put in place. ISO 42001 includes an Annex A which details a lot of the AI related technical controls, these are unique to this Standard, so their current ISO 27001 certification didn't cover these elements. These weren't unexpected gaps, the biggest surprise to Rachel was the concept of an AI life cycle. This concept and its related objectives underpin the whole management system and its aims. It covers the utilisation or development of AI all the way through to the retirement of an AI system. It's not a standalone process and differs from ISO 27001's secure development life cycle, which is a contained subset of controls. ISO 42001's AI life cycle in comparison is integrated throughout the entire process and is a main driver for the management system.   [19:30] What difference did bridging this gap make? After Umony understood the AI life cycle approach and how it applied to everything, it made implementing the Standard a lot easier. It became the golden thread that ran through the entire management system. They were building into an existing ISMS, and as a result it created a much more holistic management system. It also helped with the internal auditing, as you can't take a process approach to auditing in ISO 42001 because controls can't be audited in isolation.   [21:30] What did Umony learn from Implementing ISO 42001? Rachel in particular learned a lot, not just with ISO 42001 but with AI itself. AI is new to a lot of people, herself included, and it can be difficult to distinguish what is considered a risk or opportunity regarding AI. In reality, it's very much a mix of the two. There's a lot of risk around data transparency, bias and data poisoning as well as new risks popping up all the time due to the developing technology. There's also a creeping issue of shadow IT, which is where employees may use hardware of software that hasn't been verified or validated by the company. For example, many people have their own Chat GPT accounts, but do you have oversight of what emplyees may be putting into that AI tool to help with their own tasks? On a more positive note, there are so many opportunities that AI can provide. Whether that's productivity, helping people focus more on the strategic elements of their role or reduction of tedious tasks. Umony is a great example of where an AI has been developed to serve a very specific purpose, preventing or highlighting potential fraud in a highly regulated industry. They're not the only one, with many others developing equally crucial AI systems to tackle some of our most labour-intensive tasks. In terms of experience with Implementing ISO 42001, Rachel feels it cemented her opinion that an ISO Standard provides a best practice framework that is the right way to go about managing AI in an organisation. Whether you're developing it, using it or selling it, ISO 42001 puts in place the right guardrails to make sure that AI is used responsibly, ethically, and that people understand the risks and opportunities associated with AI. [26:30] What benefits were gained from Implementing ISO 42001? The biggest benefit is having those AI related processes in place, regardless of if you go for certification. Umony in particular were keen to ensure that their certification was accredited, as this is a recognised certification. With Umony being part

    43 min
  6. #237 Gap Analysis – The First Step In ISO Implementation

    26/11/2025

    #237 Gap Analysis – The First Step In ISO Implementation

    When embarking on your ISO journey, a crucial first step is evaluating your current level of compliance and identifying what gaps need to be filled to gain certification or fully align with a Standard. This is typically done by conducting a Gap Analysis. This exercise sets the foundations for your ISO Implementation project, from setting key actions and objectives, to resourcing and establishing a project timeline.   In this episode, Ian Battersby dives into the purpose of a Gap Analysis, who should be involved in the exercise and what inputs and outputs you should expect to have from conducting a Gap Analysis.   You'll learn ·      What is a Gap Analysis?   ·      What is the aim of a Gap Analysis? ·      What is the process of conducting a Gap Analysis? ·      Who should be involved in a Gap Analysis? ·      What inputs should be included in a Gap Analysis? ·      What outputs can you expect from a Gap Analysis? Resources ·      Isologyhub   In this episode, we talk about: [02:05] Episode Summary – Ian Battersby dives into the first step on any ISO Implementation journey, breaking down what a Gap Analysis is, it's purpose and what you should expect to get out of conducting one. [02:50] What is a Gap Analysis?: Simply put, it's the start of the process. It's a key to understanding where an organisation is right now and establishing what it needs to do on its journey to ISO certification. But it's not just for certification, as certification isn't always what people are trying to achieve. Many businesses opt to align themselves to a standard to ensure they're doing the right thing, but may not go through with full certification. [04:05] Who is the aim of a Gap Analysis? The objective of a Gap Analysis is to carry out a review of your organisation against the requirements of the respective standard. This will help to establish the following: ·      Areas where you conform to the standard, where you may have established the required processes, procedures, roles, responsibilities, systems, methods, documents ·      Areas of nonconformity, where such things will need to be developed ·      You may partly conform, so it's important to understand that as well From that understanding, you can build key actions, timescales and responsibilities for implementing an ISO Standard. It's also very useful to leadership; to clarify what's needed, to look at priorities, to resource what's required and to establish a timeline to your end goal. [06:25] What is the process of conducting a Gap Analysis? It's important to do this in a very structured manner. It's also important to get access to existing documentation and personnel in key roles; they'll be helpful during the gap analysis in providing understanding. You'll need to evaluate your current level of compliance against the following clauses within your desired ISO Standard(s): 4 Context: Understanding the world in which you operate, the people and organisations which are important to you. This is where you will determine the scope of your system (what to include, what parts of the standard are relevant). 5 Leadership: Top management's commitment, how involved they are, their accountability and their commitment to resourcing, promoting, to giving people authority through clear roles and responsibilities. 6 Planning: This is about assessing risks and opportunities; understanding the uncertainty caused by your operating environment (context). It also involves setting objectives and then establishing meaningful plans to address the risks/opportunities and objectives; mitigations; establishing controls; operational processes. 7 Support: This is where you look at people, competence Infrastructure and environment (are your facilities/equipment appropriate to what you need to do). You will also need to identify what you need to monitor and measure to demonstrate the effectiveness of your ISO Management System. Next, you need to cover awareness and communication, i.e. how do you make people aware of your system, policy, processes; what do you tell other interested parties? Lastly, ensure you address how you control the documentation which supports your system. 8 Operation: This address the delivery of a product or service to the customer, including all the processes for doing so. For example, in ISO 9001 this clause defines what's required when designing, developing, controlling externally provided products/services and controlling anything which goes wrong. This is typically the clause that contains the largest difference between ISO Standard, with each one focusing requirements on it's topic focus. For example, ISO 14001 includes requirements for emergency preparedness and response in the event of an environmental incident. 9 Performance evaluation: This is where you review and report on the results of the monitoring and measurement that you've put in place. For those familiar with ISO, this is where the internal audit and management review requirements sit. 10 Improvement: This clause states requirements for addressing any non-conformities that pop-up during your Internal Audits. It also encourages you to address opportunities for improvement to help drive continual improvement and innovation. [13:50] Who should be involved in a Gap Analysis? One key myth that we'd like to clear up is that not everyone in the business needs to be involved in this process, however, we do recommend the following are included: The person responsible for the day-to-day running of the Management System. This may not be known at this early stage, which is fine as the purpose of the Gap Analysis is to identify gaps such as this. Leadership; someone in a senior role; responsible for resourcing the system, communicating its importance to the workforce; responsible for setting the strategic direction and objectives. People who understand the context of the organisation; understanding interested parties (stakeholders); needs of customers and others; the regulatory environment Those involved in risk management; operational, financial, commercial, regulatory, safety or environmental. Someone with knowledge of the legal requirements and how they're evaluated; relative to specific standard. Anyone setting objectives related to the specific standard. Those with knowledge of competence arrangements; not just those responsible for co-ordinating the Management System, but across the board, for delivering operational processes. Those responsible for facilities and equipment; maintenance, service, test, inspection, etc. People responsible for developing and delivering operational processes. People with knowledge of how things are monitored or measured; possibly operations people, data analysis or those who report performance to management. Those who control nonconformity and those who run improvement processes. It can be quite a range of people! However, in smaller organisations there may be quite a limited number who likely wear many hats. Again, that's not a problem, as the Gap Analysis exists to discover that. [21:55] What inputs should be included in a Gap Analysis? This can include a number of things, as not everything will necessarily be a document. Typically, we as consultants will look at: ·      Management System manual or System Scope ·      Organisational chart ·      Mission, vision, values and culture ·      SWOT/PESTLE and Interested Parties ·      Policy relevant to the standard ·      Job descriptions ·      Risk and opportunities analysis; methodology ·      Objectives ·      Legislation register and methods of evaluation ·      Competence arrangements, training records ·      Management System awareness, training completion ·      Details of version and document control in place ·      Monitoring and measuring plans (KPIs, SLAs, internal performance metrics) ·      Internal audit programme and audit reports ·      Management review records ·      Agendas for any regular management meetings ·      Nonconformities, incident report and corrective action records ·      Customer complaints/feedback ·      Emergency Plans ·      Process Documentation ·      Examples of process documentation: ·      Change control documentation ·      Sales, tendering, order processing ·      Procedures for the design and development of products and services ·      Design and development records stating inputs, verification and validation activities, outputs, and approval of changes ·      Procedures to approve products and services for release to customers including quality checks ·      Supplier / third party evaluation and onboarding documents ·      Non-conformity/complaint information ·      Traceability documentation [29:40] What is the output from a Gap Analysis? We look at all of this and compare it against the requirements of the Standard to see where you currently stand. In our case, we do this on a spreadsheet with a simple scoring system to give you an overview of what you already have in place and what needs to be addressed. In many cases, businesses already have a lot of the required documentation, but don't have it tied together in one cohesive system. So a large part of implementation is consolidating that existing documentation, process ect. Into an accessible and easily understood system. The key thing to remember is that this is not an audit. The evidence required does not have to be as detailed as an audit; some things can be taken on trust or face value. At this stage we aren't demonstrating anything to a certification body, and you are not being judged. We are simply looking at what needs

    38 min
  7. #236 Taking Data Complexity From Spreadsheets To Supply Chains With Pulsora

    19/11/2025

    #236 Taking Data Complexity From Spreadsheets To Supply Chains With Pulsora

    Watch the video interview here One of the common pain points when calculating your carbon emissions is simply gathering the data. When collating data from different departments and suppliers, it can be easy to get overwhelmed. The struggle doesn't stop there, as after obtaining all that data you have to find the best way to capture and display it in a way that's useable for the necessary number crunching. Many will turn to an old favourite, spreadsheets, but these can quickly become very unwieldy and impractical if you've got a lot of data to process. Thankfully, there's a lot of new tech and tools available to help make this task both approachable and integrated within your business. In this episode, Mel Blackmore is joined by Jessica Matthys, Lead Product Manager at Pulsora, to discuss how you can take data complexity from spreadsheets to supply chains, diving into data fragmentation, optimisation and how this can all be balanced for practicality. You'll learn ·      Who is Jessica Matthys? ·      Who are Pulsora? ·      What does data complexity mean in the context of carbon accounting? ·      What are the requirements for CSRD in California? ·      What are the biggest pain points relating to data collection? ·      How can you prevent data fragmentation across your business? ·      What does 'Comprehensive data' mean in the context of sustainability? ·      How can Pulsora help a business take their carbon data from spreadsheets to integrated data systems? ·      How can you make you carbon data more auditable and traceable? ·      How can new carbon focused technology, such as AI tools, help with seeking investment? ·      How can you get information from your supply chain to cover scope 3 emissions?   Resources ·      Pulsora ·      CSRD – California Regulations ·      SB-253 & SB-261 ·      Carbonology   In this episode, we talk about: [00:25] Episode Summary – Mel Blackmore is joined by Jessica Matthys, Lead Product Manager at Pulsora, to explore how you can take data complexity from spreadsheets to supply chains, diving into data fragmentation, optimisation and how this can all be balanced for practicality. [01:40] Who is Jessica Matthys: Is the Lead Product Manager for carbon solutions at Pulsora. She's been with Pulsora for a year and a half, but has worked within the ESG / carbon / sustainability space for over 8 years in total. Something that people might not know about Jessica is that her passion for sustainability started much earlier than her working career, starting in high school where she opted to live on a farm for one semester. That unique experience of working closely with nature and animals set her on the path that she still walks today. [02:30] Who are Pulsora? Pulsora is an end to end sustainability management AI powered platform. They can manage anything from data collection and carbon accounting all the way towards ESG reporting and audit support. The focus of their platform is auditability and transparency . [04:40] What does data complexity mean in the context of carbon accounting? Jessica breaks this down into three main elements: Disparate nature of data – When compiling data for greenhouse gas accounting, you have to take a lot into consideration including your own production and consumption in addition to all the upstream and downstream relationships across your value chain. The data for all of this will be scattered and will need to be brought together in order to get a full comprehensive view of your emissions data. Missing primary data – Some data may be very difficult to obtain, say from a supplier in a remote region, so in those cases you may need to make estimations to fill those gaps. However, you need to establish a proven and trusted methodology that can be repeated for such instances. Auditability and transparency – Your data needs to be robust enough to hold up to scrutiny in an audit. New and upcoming regulatory requirements will have stricter rules around how you collect and report your emissions. We can see this in regulations such as SB 253 and 261 within CSRD that will affect businesses in California. There's a new focus on mandatory reporting as opposed to voluntary, so you will need to ensure your data is in a good place to be audited when this starts to effect other organisations globally. [07:30] What are the requirements for CSRD in California? There are two main climate bills coming into effect in California in 2026, these are SB-253 and SB-261, which are supported by CARB (California Air Resources Board). These two regulations affect businesses who are either doing business in, have employees located in, or selling products over a certain revenue threshold in California. Affected businesses will be required to report on their scope 1, 2 and 3 emissions. There isn't anything new in these regulations that we haven't already seen in other European focused requirements, aside from the mandatory element. The first deadline for this reporting is expected to be due by June 2026, and this first year they will only be expecting reports for your scope 1 and 2 data. SB-261 has a slightly different focus, with it requiring climate risk reporting. This is similar to existing frameworks like ISSB or TCFD. This report can be published publicly and you just need to submit a link to that report to the appropriate bodies in California. The deadline for this one is fast approaching, with it being set at 1st January 2026. [11:10] What are the biggest pain points relating to data collection?: Jessica shares an example of a company that came to Pulsora with a spreadsheet that they dubbed 'the monster spreadsheet' that contained 100+ tabs with hundreds of people adding to it. It got to the point where it was always crashing and simply became a burden to use. It's a fairly common story, though maybe not to this extreme, that companies find they quickly outgrow spreadsheets as a form of manual data collection. There is also the question of the quality of data provided, how can they trust the insights gained from the data provided from so many different sources? At Pulsora, they've made use of AI within their platform that can help bring all that data together and analyse it to identify any anomalies and duplicated data. They've also focused on creating collaborative workflows, so all communications regarding collection of emissions data can be kept under one roof, meaning you have a fully traceable and auditable trail for all data collected. [15:10] How can you prevent data fragmentation across your business? Pulsora have made use of AI to prevent data fragmentation, they have achieved this with agentic AI, which is AI that can coordinate between different paths and can make decisions without a human in the loop. A use case for this might be where you have a company with thousands of suppliers, but would only be able to get emissions data from the handful of long-term suppliers that are happy to work with them. AI can assist with the remaining suppliers by looking for any published information those suppliers have, and take that emissions and financial data to create an intensity factor for the supplier. This can then make an informed estimate for how many emissions equate from so much spend with that supplier. The AI will of course keep a trail for all it's sourced data so a human can review this and ensure the information is correct if needed. [18:45] What does 'Comprehensive data' mean in the context of sustainability? When gathering emissions data, a business has to consider what part of its operations creates the most emissions. This will differ depending on the sector and nature of your business. Whether you're a B2B business or a manufacturer, you need to confirm where your largest emissions source. It's imperative that your emissions inventory is reflective of your business and its impact.  There will also be gaps in the data you want / need to collect. You still need to ensure that data in any reporting provided is reflective of your operations, you can't just leave that data out, especially as there are now tools to help fill those gaps. AI for example can identify representative data to help bridge those gaps to provide a comprehensive inventory. [22:35] How can Pulsora help a business take their carbon data from spreadsheets to integrated data systems?: Jessica uses a company, Franklin Templeton, to explain the process. In this case, the company is a global asset manager and they used Workday for a lot of their HR, procurement and financial data. When it came to collating emissions data, they didn't realise that 95% of the information needed was already stored in Workday. For other companies that are quire energy intensive, there's a high chance that you already have a comprehensive system with most of the data required. In Franklin Templeton's case, they helped them to transfer this over into the Pulsora system with an existing out-of-the-box migration tool for Workday. For the HR data Pulsora were able to assist with ESG reporting. The Pulsora system was able to apply emissions factors to the transferred data automatically, which helped to create a comprehensive view of their scope 1, 2 and 3 emissions. Jessica give another example for a glass manufacturing company called Seagen who are based in Turkey. While they didn't have the monster spreadsheet situation, they had a fairly good system in place but it wasn't quite reaching the mark in terms of being able to report against multiple different carbon frameworks. Pulsora's system help to quantify their data, quite a task in of itself due to how high their emissions were, and it also helped to apply all this gathered data to those carbon frameworks. They also utilised Pulsora to help gather variou

    44 min
  8. #235 PUBLIC's 3-Month Journey towards ISO 9001, ISO 14001 and ISO 20000-1

    12/11/2025

    #235 PUBLIC's 3-Month Journey towards ISO 9001, ISO 14001 and ISO 20000-1

    An ISO project can typically be completed within 6 – 12 months depending on an organisations size and complexity. Anyone who's been through the process of ISO Implementation knows that there is a lot of work involved in that time span, from coordinating teams, gathering and creating documentation to auditing your processes. Now imagine doing that for 3 ISO Standards simultaneously within 3 months! Which is exactly what today's guest, PUBLIC, have achieved. While it's not a timeframe we recommend, their efforts deserve to be celebrated, and displays what good project management with dedicated individuals can accomplish. In this episode, Ian Battersby is joined by Biba Gonzalez, Senior Associate of Business Operations at PUBLIC, to discuss their 3-month dash to implement ISO 9001, ISO 14001 and ISO 20000-1, and explore the challenges and benefits experienced during the process. You'll learn ·      Who is Biba Gonzalez? ·      Who are PUBLIC? ·      What was the main driver behind ISO 9001, ISO 14001 and ISO 20000-1 Implementation? ·      What was the biggest gap identified during the Gap Analysis? ·      What did Biba learn from the experience of implementing 3 standards at once? ·      What are the main benefits of ISO 9001, ISO 14001 and ISO 20000-1? ·      Biba's top tip   Resources ·      PUBLIC ·      Isologyhub   In this episode, we talk about: [02:05] Episode Summary – Ian is joined by Biba Gonzalez, Senior Associate of  Business Operations at PUBLIC, to learn more about their 3-month whirlwind journey towards ISO 9001, ISO 14001 & ISO 20000-1 implementation. [02:30] Jumping in at the deep end: Biba was tasked with obtaining certification to 3 ISO Standard on returning from maternity leave in July 2025. PUBLIC already held ISO 27001 certification, but were looking to achieve ISO 9001 & ISO 14001 before Christmas of 2025. This was quite the task, especially since Biba had no previous experience with ISO Standards! [04:15] Who is Biba? Biba is the Senior Associate of Business Operations at PUBLIC. She has been the driving force behind PUBLIC's ISO 9001, ISO 14001 and ISO 20000-1 implementation. One fact that not many people might know about her is that she has had a private audience with the pope, by complete accident! Simply a case of wrong queue at the right time while on a family vacation. [06:50] Who are PUBLIC? PUBLIC are a digital transformation partner. They work within the private sector to help improve public services, by providing procurement services, online safety programmes and other digitally enabled services. [08:00] What were the main drivers behind achieving ISO 9001, ISO 14001 and ISO 20000-1?: PUBLIC work with a number of Government departments, and while bidding for various frameworks they noticed a trend in requests for bidding companies to have ISO 9001 and ISO 14001 certification. While not always a strict requirement, it was certainly a desirable trait that was preferred of bidding companies. There's also an increasing number of tenders asking for more environmental requirements, such as carbon emission reporting. What used to be a 'nice to have' is now becoming a requirement, and PUBLIC sought to have these requirements met via the relevant ISO Standards. [09:40] A tight timescale: When Biba had arrived back from maternity leave in July, PUBLIC has already booked in assessment dates with a Certification Body. This left quite a tight timeline of just 3-months to get all 3 Standards implemented to a level that could pass a Stage 1 Assessment. They already had an ISO 27001 system in place, but there was still a lot of work to do. A lot had been discussed about the implementation of additional standards in Biba's absence, but no practical steps had been taken aside from booking the audit dates. She certainly had her work cut out for her as most ISO project typically last between 6 – 12 months! Due to all her hard work, and some assistance from Blackmores, PUBLIC passed their Stage 1 assessment with flying colours and are in a good place to tackle their Stage 2 Assessment in late November 2025. [11:40] What was the biggest gap identified during the Gap Analysis? Thankfully PUBLIC didn't have any huge gaps to fill. Due to their previous work with Government departments, they had a lot of the pieces just not together in a cohesive system. They did identify early on that they wanted a system that worked for them in the long term and were conscious of creating something that fit their way of working. With so many ISO Standards, the upkeep alone would have been overwhelming so they aimed to combine as much as they could into one Business Management System rather than opting to silo each individual Management System. [13:00] What were the benefits of Implementing ISO 9001, ISO 14001 & ISO 20000-1? Biba states that the implementation of these ISO Standards took their business to the next level. Coming from a relatively small start-up, there was some of the micro business mentality that remained despite their growth in recent years. ISO Standards helped to keep everyone adhering to the same requirements. PUBLIC have taken a more hollistic approach to ISO implementation to both make it as simple as possible for everyone to work within, while also driving continual improvement within the business. Having established processes means that everyone is singing from the same song sheet, and provides traceable processes that can be questioned and amended if and when issues occur. [16:15] Additional benefits felt from ISO Implementation: There is greater accountability with the Management system in place. There is also the added benefits of being able to bid and win new business opportunities. [17:25] Biba's top tip for ISO Implementation:  Don't try and implement an ISO Standard (or multiple!) in just 3 months. While PUBLIC managed to do so, it was a lot of hard work squeezed into a very tight timeframe, and Biba wouldn't recommend anyone try to match their level of ambition in this regard. Secondly she adds, make the Management System work for you and your business. ISO Standards by their nature read to be fairly generic, and that's by design, so that you have the freedom to implement them in a way that makes sense to you. There is no point implementing an obtuse system that no one wants to interact with, the key is to embed it into the way you already work, with a view to use it as a tool to drive continual improvement as the system matures. [19:00] Looking to the future:  Biba is optimistic about the business, as they're looking to grow by 20% next year, supported by all the work done to Implement ISO 9001, ISO 14001 and ISO 20000-1. While they have had to change aspects of how they worked prior, due to being a small business the nature of approvals and ways of working were on a more individual basis, whereas now there is a team-based approach. It's been a learning curve, but ultimately one that will serve them well as they grow over the next few years. [21:30] Biba's book recommendation:  Invisible Women: the Sunday Times number one bestseller exposing the gender bias women face every day by  Caroline Criado Perez [24:05] Biba's favourite quote:  "Not my circus, not my monkey" an idiom which Biba's sure a lot of Operations Directors can sympathise with If you'd like to learn more about PUBLIC, check out their website. We'd love to hear your views and comments about the ISO Show, here's how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

    26 min
See All (200)

About

Blackmores is a pioneering consultancy firm with a distinctive approach to working with our clients to achieve and sustain high standards in Quality, Risk and Environmental Management. We'll be posting podcasts discussing ISO standards here very soon!

Information

  • Creator
    Blackmores UK
  • Years Active
    2019 - 2026
  • Episodes
    200
  • Rating
    Clean
  • Copyright
    © All rights reserved
  • Show Website
    The ISO Show