The ISO Show Blackmores UK

Can you believe we’ve been publishing the ISO Show for 5 years now! We certainly can’t!
The ISO Show began back in 2019, following a trip to Cumbria by the host Mel Blackmore. She was, and still is, an avid fan of podcasts and while listening to a few of her favourites on the 4 hour trip, she got to wondering if there were any podcasts about ISO Standards.
As it happened, there wasn’t at the time, and so the idea for the ISO Show was born. Not more than a few months later the first episode went live, and the rest is history.
For the past 5 years, we’ve had the honour of sharing our team’s combined 18 years of knowledge, including amazing insights from our clients and industry experts along the way.
Today Mel Blackmore will reflect on the ISO Show so far and share it’s next evolution as we introduce a new host.  
You’ll learn
·      Why was the ISO Show created?
·      Why is Mel taking a step back?
·      What will be the focus for the future?
·      An introduction to the new host(s)
 
Resources
·      Isologyhub
 
 
In this episode, we talk about:
[00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo.
[02:05] Episode summary: After 5 years of the ISO Show, it’s hitting a turning point as we introduce a new host.  
[02:25] An amazing journey – It’s been an amazing 5 years of digging deep into some of the most pressing issues we’ve faced, sharing tips and dispelling myths about ISO Standards.
We’ve explored a lot of topics over the years, including:
·      Sharing our ISO 22301 (Business Continuity) knowledge when COVID hit, to help people with future and current response plans.
·      Transitioning to new versions of Standards, such as ISO 27001:2022
·      Interviewing leaders within the ISO space, such as Kit Oung, who helped to develop the UK’s current energy and climate change regulations.
[04:05] Mel’s sustainability journey – why she’s taking a step back as host – Mel’s made it no secret that her passion lies with Sustainability Standards. This podcast has helped to amplify their importance within our space, but she wants to take this a step further.
Going forward, Mel will be dedicating herself full-time to researching the crucial role of carbon standards in achieving Net Zero emissions by 2050.
[05:00] An evolution for the ISO Show – All this to say, the ISO Show isn’t going anywhere, rather we are introducing a new main host – Ian Battersby!
[05:05] Who is Ian Battersby? – Ian is a senior Isologist here at Blackmores. Ian brings a wealth of knowledge, expertise and a passion for helping businesses raise their game with ISO standards.
He’s a bit of a digital nomad, splitting his time between working from Span and England, he works part-time at Blackmores.
So he is very much involved in the day-to-day understanding of challenges of ISO Management, This includes the frustrations that businesses face and also how ISO standards support the achievement of greater productivity and profitability.
Ian will be introducing himself fully on the next episode 😊
[06:25] Thank you for making the ISO Show such a success! – We’ve now got a few thousand subscribers, with a global reach, we honestly never expected to have so many listeners when we started.
So whether you’re a regular or occasional listener, thank you for being here with us, we truly hope that our knowledge has helped you on your own journey to continual improvement within your own organisation.
[07:25] A long journey – A lot has happened over the past 5 years. In addition to being the CEO of Blackmores, Mel has also developed the isologyhub – an on-line learning platform which helps to raise awareness and understanding of ISO Standards.
She has also founded Carbonology

Data Centres could be considered the powerhouse of thousands of businesses globally. 
Long gone are the days of small physical servers being housed on-site, instead we rely on data centres to keep all our critical data safe and secure. But how do we know they are doing just that?
Many hold certifications to security-based Standards such as SOC 2 or NIST to display their commitment to data security. However, many also hold various ISO certifications that cover other aspects of the business outside of information security.
Today Steph Churchman, Communications Manager at Blackmores, will be sharing the top ISO Standard trends within the UK Data Centre industry.
You’ll learn
·      Why did we look into the Data Centre industry specifically?
·      What are the top 5 ISO Standard Trends in Data Centres?
·      Why are these ISO Standards essential for Data Centres?
·      Other commonly adopted ISO Standards within the data centre space
 
Resources
·      Isologyhub
·      ISO 27001:2022 Transition Gameplan
 
In this episode, we talk about:
[00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo.
[02:25] Episode summary: We’ll be taking a look at the top ISO Standard Trends within the UK Data Centre Industry
[02:30] Why did we look into the Data Centre industry specifically? – In the mid 2010’s, we noticed an influx in enquiries from Data Centres in regard to Implementation of ISO Standards. That prompted a research project that led to Blackmores working with some of the top UK Data Centres.
Now in 2023 and 2024 we’re starting to see a similar push for ISO Standards within the same industry. So, we revived the project to get a grasp on the modern ISO landscape, and took a look at the top 100 Data Centres within the UK.
[03:34] #1: ISO 27001 Information Security – Out of the 100 data centres sampled 72% of them were certified to ISO 27001.
Security is of upmost importance to data centres, and the great thing about ISO 27001 is that it considers security for not only the digital environment, but also for people and physical security.
This Standard is also, in most cases, a stakeholder requirement. Certification to ISO 27001 indicates that you’re adhering to best practice in information security, and through the creation of an ISO 27001 compliant Management system, you will have documentation in place such as an information security policy and data retention policy, that often get requested by potential clients.
If you’d like to learn more about the Implementation process for ISO 27001, we’ve got a helpful 3-part podcast series that summarises the entire process from Gap Analysis to Assessment preparation.
anyone currently certified to ISO 27001:2013 that you have just over 1 more year to complete your transition to ISO 27001:2022. If you don’t do so by October 31st 2025, you’ll risk losing your ISO 27001 certification.
That’s not the only reason you should be transitioning though. The new version of the Standard includes 11 new controls, which cover some newer technologies which really weren’t around when the 2013 version was published. So regardless of the risk of losing your certification, it’s in your best interest to ensure that you’re adhering to the latest version.
If this is all news to you, then you can also go back and check out episodes 128 through to 133. This was a little mini-series we did to summarise the key changes to ISO 27001 and what actions you need to take to transition. We also have a Transition Gameplan available on the isologyhub if you’d like a more guided approach, including document templates and training videos covering those new controls.
[06:25] #2: ISO 9001 Quality Management – The Quality Management Standard is as popular as ever, even within the data centre

Working towards a sustainable future is going to require a joint effort from everyone if we’re to reach our 2030 and 2050 targets. 
Several initiatives have come out in recent years to try and address one of our biggest challenges, energy consumption. Many of us in the UK will be familiar with ESOS (The Energy Savings Opportunities Scheme), which involves regular reporting from those that fit its criteria. It’s also recently updated to include a stipulation to include an ESOS Energy Plan, which requires you to detail a route to reduce your energy consumption.
However, many businesses would prefer a more consistent approach to energy management, such as today’s guest – Daisy Corporate Services.
Today Mel is joined by Damian Edwards, ISO Standards Manager at Daisy Corporate Services, to discuss why they Implemented ISO 50001, what they’ve learned from the experience and the benefits gained from implementing an Energy Management System
You’ll learn
·      Who is Damian and who are Daisy Corporate Services?
·      Why did they decide to Implement ISO 50001?
·      What was the biggest gap identified during their Gap Analysis?
·      What lessons did they learn from Implementing ISO 50001?
·      What benefits did they gain from ISO 50001 certification?
 
Resources
·      Isologyhub
·     Daisy Corporate Services
·     Daisy Corporate Services ESG
 
In this episode, we talk about:
[00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo.
[02:30] Episode summary: Mel is joined by guest Damian Edwards, ISO Standards Manager at Daisy Corporate Services, to discuss their journey towards ISO 50001 certification.
Daisy are not strangers to ISO Standards, already having achieved: ISO 9001, ISO 14001, ISO 27001, ISO 45001, ISO 20000 and ISO 22301!
They have also recently won the Sustainability and Tech Awards 2024 and the Green Shoots Awards too.
[04:15] Who is Damian Edwards? – Damian has worked at Daisy as their ISO Standards Manager for the past year. A little known fact about Damian: He listens to classical music as a way to focus.
[05:25] Who are Daisy Corporate Services? – The are primarily a provider of IT and Communications. They currently supply a range of services including:
·      Unified Communications
·      Connectivity
·      Modern Workplace
·      Cyber Security
·      Cloud services
·      Managed Services
·      Operational Resilience
[06:25] What were the main drivers behind obtaining ISO 50001 Certification? – In addition to the office spaces Daisy controls, they also have a number of data centres, which use massive amounts of energy. Finding ways to monitor, measure and potentially reduce that energy use, and subsequently cost, was essential. 
The second main driver is mainly for commercial reasons. Without Standards like ISO 50001, you can’t bid for larger contracts or Government frameworks.
[08:30] Daisy’s commitment to ESG  – Daisy have a made a solid commitment to ESG, explained further on their website as they break it down into 10 key focus areas. Energy Management is one of the logical steps to tackle reducing carbon emissions.
Data centres can be very inefficient, so being able to consistently monitor, measure and improve their energy consumption is a key part of tackling some of their ESG related goals.
Also being certified means you have the certificate to back up your claims. It’s not you just making a statement, it has to be verified by a third-party.
[10:30] How long did it take to Implement ISO 50001? – It took between 8 – 11 months. For a Standard like ISO 50001, it’s important to do it properly. Some organisations may request it in 6 months, but for larger organisations, that would be a

In February 2024, the ISO and IAF issued an unprecedented change to 31 commonly adopted ISO Standards, such as ISO 9001, ISO 14001 and ISO 27001. 
This change saw the addition of a new ‘Climate Change Amendment’, which was applied in part due to the ISO’s resolution in support of the ISO London Declaration on Climate Change.
So what does this mean for ISO certified businesses? 
Join Mel as she discusses what this new ISO Climate Change Amendment is, why it was introduced, what are the consequences if you don’t address it and the benefits of its introduction.
You’ll learn
·      What is the ISO Climate Change Amendment?
·      Why was it introduced?
·      What are the consequences if you do not address the change?
·      What are the benefits of the Climate Change Amendment?
 
Resources
·      Isologyhub
·      ISO Climate Change Amendment Workshop
 
In this episode, we talk about:
[00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo.
[02:30] Episode summary: We break down the new ISO Climate Change Amendment, including why it was introduced and why you should address it ahead of your next Certification Body visit.
[02:55] Join our Workshop– If you’re not sure where to start with addressing this amendment, join our interactive workshop taking place on the 20th May (14:00 – 16:00 GMT). There we will explain how you can integrate the new changes into your existing ISO Management System. Register your place here.  
[04:30] What is the new ISO Climate Change Amendment? – A key clarification before we go into more detail, this is not a new version of a Standard i.e. ISO 27001:2022, where you must transition to a new version.
So, what is it? In February 2024, the International Organization for Standardization (ISO) introduced a groundbreaking amendment to integrate climate change considerations into various management system standards.
The amendment doesn't assign specific actions. Instead, it adds text to existing clauses in 31 standards (including ISO 9001, 14001, 27001) requiring organizations to consider:
·      Relevance of climate change: Organizations must assess if climate change is a relevant issue for their operations and context (Clause 4.1).
·      Stakeholder expectations: Note added: Relevant Interested Parties can have requirements related to climate change (Clause 4.2).
As we’ve learned from our sister company, Carbonology, it is often Stakeholders driving forward that need to verify a business’s carbon footprint and take steps towards Net Zero.
[09:30] Why was this change Introduced? – This change was in part due to ISO’s resolution in support of the ISO London Declaration on Climate Change. The aim is making climate change considerations an integral part of management systems, their guiding policies and practises – not simply as an afterthought.
As we all know, climate change will affect everyone, and should be a concern that every business fully considers to ensure they are resilient and adaptable enough to deal with climate related risks.
This amendment means businesss will need to address these risks where relevant, and integrate them into strategic objectives and look what can be done from a risk mitigation perspective.
The global business community will be one of the driving forces for paving a way to a more sustainable future – It all starts with changing the way we work, making the shift towards embedding environmental consciousness into the very heart of your business.
ISO Standards are widely adopted, and this change offers a catalyst for meaningful climate action on a global scale.
[11:00] Join the isologyhub and get access to limitless ISO resources  – From as little as £99 a month, you can have unlimited access to hundreds of online train

ISO 42001 was published in December of 2023, and is the first International Standard for Artificial Intelligence Management Systems.
It was introduced following growing calls for a common framework for organisations who develop or use AI, to help implement, maintain and improve AI management practices.
However, its benefits extends past simply establishing an effective AI Management System.
Join Steph Churchman, Communications Manager at Blackmores, on this episode as she discusses the top 10 reasons to adopt ISO 42001.
You’ll learn
·      What is ISO 42001?
·      What are the top 10 reasons to use ISO 42001?
·      What risks can ISO 42001 help to mitigate?
·      How can ISO 42001 benefit both users and developers of AI? 
 
Resources
·      Isologyhub
·      ISO 42001 training waitlist
 
In this episode, we talk about:
[00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo.
[02:30] What is ISO 42001?: Go back and listen to episode 166, where we discuss what ISO 42001 is, why it was introduced and how it can help businesses mitigate AI risks.  
[02:45] Episode summary: We take a look at the top 10 reasons why you should consider implementing ISO 42001.
[02:55] #1: ISO 42001 helps to demonstrate responsible use of AI.  – , ISO 42001 helps ensure fairness, non-discrimination, and respect for human rights in AI development and use.
Remember, AI can still be bias based on the fact that AI models are typically trained on existing data, so any existing bias will carry over into those AI models – an example of this is the existing lack of representation for minority groups.
We also need to take care in the use of AI over people, as staff being replaced by AI is a very real concern and should not be treated lightly. We’ve already seen a few cases where this has happened, especially across the tech support field where some companies mistakenly think that a chatbot can replace all human staff.
We also need to consider the ethics of AI content. It’s predicted that 90% of online content will be AI generated by 2026!
A lot of this generated content includes things like images, which poses a real concern over the values we’re translating to people. The content we consume shapes the way we think and if all we have is artificial, then what message is that conveying?
An example of this is Dove’s recent advert, which showed an example of AI generating images of very unobtainable ideals of a beautiful face. Which were predictably absolutely flawless, almost inhuman and something that can only be achieved through photo editing. If the internet was flooded with this sort of imagery, then that starts to become the expectation to live up to, which can be tremendously damaging to people’s self-esteem. They then went on to show actual unedited people, in all their varied and wonderful glory and stated that they will never use AI imagery in any of their future marketing or promotional material.
Which sends a very strong message – AI definitely has its place, but we need to fully consider the implications and consequences of it’s use and possible oversaturation.
[05:20] #2: Traceability, transparency and reliability - Information sourced via AI is not always correct – It collates information published online, and as many of us are aware, not everything on the internet is correct or accurate.
Data sets carelessly scrapped from online sources may also contain sensitive or unsavoury content. We’ve had cases where people have managed to ‘break’ Chat GPT, causing it to spew out nonsense answers which also contained sensitive information such as health data and personal phone numbers. While not usually accessible when requested, it does not stop the risk of this data being dug up through exploits. AI is like any other

Nearly 60% of businesses that are impacted by a cyber incident go out of business within the 6 months following.
With our heavy reliance on technology to keep both businesses and services running, it’s imperative that everyone take cyber risk seriously.
However, incidents will inevitably happen and it’s up to you to ensure that your business is prepared to ride out the wave, and hopefully make a full recovery!
We invited Jack Morris, Account Director at Epiq, back onto the show to discuss the consequences of not being prepared for a cyber incident and the key steps businesses should take in the event of an incident.
You’ll learn
·      Who are Epiq?
·      What does the current cyber incident landscape look like? 
·      What are the consequences if a business does not respond to a cyber incident effectively?
·      How can a business detect if they’re being attacked?
·      How should businesses respond in the event of a cyber incident?
·      What role does a legal team play in incident response?
 
Resources
·      Epiq
·      Isologyhub
 
In this episode, we talk about:
[00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo.
[02:05] Episode summary: Today Mel is joined by guest Jack Morris, Account Director at Epiq, to discuss how businesses should respond to a cyber incident.
[03:00] Who are Epiq?  – Epic is a global leader in technology enabled legal services. In fact, it supports 90% of the top law firms globally! With over 8000 employees spread over 19 countries, it helps to support corporations, law firms and government agencies across the globe.
[04:35] What constitutes a cyber incident and why is it so important to respond effectively? – A cyber incident refers to unathorised access or attempted access to an organisation’s IT systems. Types of incident include breaches, malicious attacks (e.g. Ransomware), and accidental events (e.g. Fire Damage). Responding effectively is crucial to minimize damage and protect sensitive data.
[05:40] What does the cyber incident landscape currently look like, and what challenges will organisations face in responding to an incident? : The cyber incident landscape is ever evolving, but here are some key trends we saw in 2023:
Attacks on the rise – the number of organisations posted on ransomware and data theft sites increased by over 70% year-on-year.
Business Email Compromise (BEC) incidents surged by 67% in 2023 – these events are where people within an organisation fall victim to phishing or similar – clicking on malicious links which ultimately compromise your mailbox.
For me, there are 3 main challenges that organisations face when responding to a cyber incident:
·      Day-to-day management – balancing the technical aspects of the incident with broader business continuity, communications, financial and legal considerations. This can be hugely difficult for an organisation, during and already high stakes situation.
·      Expertise and support – navigating the complex legal, technical and operational aspects of an incident
·      Data-focused impact – understanding and assessing the risk to data after resolving an incident.
[10:00] What are the solutions to these challenges?  – Understanding the various external expertise and support available to a business, whether that be engaging with a law firm, a cyber incident response expert and cyber insurer will give you access to support with both the day-to-day management of an incident, as well as the legal, operational and commercial impact of said incident.
 [12:10] What are the consequences for an organsiation that does not respond effectively to a cyber incident? – : Failing to respond effectively to a cyber incident often leads to a variety of sever co