GDPR and ISO27001

ISO27001, the international information and data security Standard, is a standard that offers companies the ability to demonstrate compliance with GDPR. My company can offer assistance to companies in the West Midlands, who need to demonstrate that they are compliant to ISO27001. contact me through the website for further details.


transition to the ISO9001 and 14001 2015 Standards

In mid September this year companies, who have not considered transitioning to the 2015 Standards from ISO9001 2008 and ISO14001 2004 standards, will lose their ISO certification and will then be required to go through the Stage 1 and Stage 2 assessment processes before their certification can be reinstated. There are only 3 months before the cut offf date so companies in this position need to act fast if they are going to avoid the additional cost of a complete reassessment.I can help companies through the transition process but they need to start the process in the near future as the certification companies are already very busy assessing companies that have updated their systems to meet the requirements of the 2015 Standards.

requirement for additional auditing support

Due to business expansion my business is looking for an auditor for both ISO9001 and ISO14001 to provide auditing support to the business. My clients are based in Herefordshire, Shropshire, Worcestershire and Gloucestershire and I am particularly interested in talking to nyone who could cover Gloucestershire, South Herefordshire and South Worcestershire.

Changes in Data Protection Regulations and ISO Standards which will happen in 2018

The data protection regulations (GDPR) will come into effect in late May this year to be followed by the requirement for companies with ISO9001 and/or ISO14001 Certifiction to transition to the 2015 versions of these 2 Standards by mid September this year.
Do companies appreciate the full implications of GDPR and do they realize the full extent of the data they will need to protect? I suspect that in many small companies the senior management are struggling to fully protect data held by the company such as customer information and employee records.
As regards the ISO9001 and ISO14001 2015 Standards the requirements for senior management to have full ownership of the Quality and Environmental Management Systems will in some cases be a wake up call for the Senior Management. No longer will this be delegated to a management representative and furthermore they must be able to convince external auditors that they are fully committed to the Management Systems.
The new clauses in the Standards regarding, Context of the organisation; assessment of risks and opportunities and Leadership have to be fully addressed by company senior management.

2015 standard deadlines due next year

the ISO9001 2008 and ISO14001 2004 Standards were both reissued in 2015 and companies were given 3 years to achieve certification to these revised Standards. Certification to the previous versions of the Standard will no longer be valid after September 2018. However it would appear that a significant proportion of companies with certification to the old version of the Standards have yet to apply for certification to the revised Standards.
The big question is will companies get round to registering for transition to the revised standards and if so, will the certification companies have the capacity to carry out the necessary audits? Or will companies let their certification lapse as happened when ISO9001 2000 replaced the previous 1994 version of ISO9001?

new additions to Philbrown Consultancy

2 new associates have joined my business in the last few weeks; these are John Inwood of Outwood Business Services who can provide consultancy support on data and information security and prepare companies to get certification for ISO27001, the information security Standard. Also joining the consultancy is Michael Doolin of Clover HR, who is drawing on 25+ years experience working on HR for BA and PWC . Michael has set up his consultancy to provide support to SME businesses.

A very busy period for me

Since Easter I have so far had 7 1/2 days supporting through either their annual ISO9001 surveillance visit or Stage 2 certification for ISO9001 or Achilles 1st review assessment. All have gone really well with virtually no non-conformances and very few observations. Next week I am supporting a further 2 of my clients with their annual surveillance visits. Alongside these audits I am working with a client who requires certification for ISO9001 2015, having not renewed his certification when ISO9001 2000 replaced the 1994 Standard. Hopefully June will be a little quieter!

New business gained this year

Since the start of the year I have had five new enquiries to help companies achieve ISO9001 certification. 3 of these companies are in manufacturing and 2 in the service sector. In addition I have also been asked by 2 companies to provide a part time Quality Manager role for them. This business represents more work for me than I had in the whole of 2015. In addition this year with the publishing of ISO9001 2015 last September I will be working with my existing client base of 20+ companies to modify their management systems to enable them to achieve certification to ISO9001 2015 before their current certificate expires or by September 2018 at the latest.

ISO9001 2015 and ISO14001 2015

The revised standards were published this autumn. Companies have until autumn 2018 to change their ISO9001 2008 and ISO14001 2004 Certification to the revised standards but ,once UKAS has approved the certification companies to certify to the revised standards, companies will be encouraged to change their systems to comply to the revised standards.