Welcome to the May edition of the QHSE ABERDEEN LIMITED monthly newsletter! As we dive into the vibrant month of May, we’re thrilled to spotlight an essential aspect of our operations…. Information Security, aligning with ISO 27001 standards. This issue promises a comprehensive exploration of our ongoing efforts to fortify data protection and uphold the highest standards of security. Moreover, we’ll be sharing captivating articles contributed by subscribers to our newsletter, offering diverse perspectives and insights into the realm of quality, health, safety, and environmental practices. Alongside these features, we’ll celebrate recent client victories and testimonials, underscoring our unwavering dedication to excellence. Additionally, mark your calendars for upcoming training dates and join us in extending congratulations to the remarkable delegates who completed their training journey with us in April. Join us as we embark on an enriching journey through the latest developments in QHSE practices in Aberdeen and beyond.

Client wins

Last month we celebrated several client wins, recerts, and new ISO Certifications.

This shows our customers’ dedication to continuous improvement and in turn their own customer satisfaction.

For example, our client Appetite for Business Microsoft 365 sailed through their ISO 27001 Recertification Audit, this being their 3rd year holding this certification whilst continually improving their Information Security.

Sheryl Newman – SharePoint said..

ISO 27001 confirms our ongoing commitment to the security, confidentiality, high availability of our services and the continuation of effective and efficient safe operations to our clients worldwide. This certification further strengthens our unwavering commitment to our colleagues, customers and supply chain as a best-in-class Microsoft 365 provider.

Our Customer success stories serve as inspiration and demonstrate the tangible benefits of investing in Information Security, Quality, Health, Safety, and Environmental initiatives.

 

ISO/IEC 27001:2022 – Information Security Management Systems

ISO management system standards are created by experts and outline requirements for internationally accepted best practices.  Although technically, no Company NEEDS certification to any of the ISO Standards to operate, it is something every company should endeavour to obtain.  Organisations, large or small, regardless of their geographic location or sector, find that they have a greater chance of securing contracts and winning tenders if they are ISO Certified.  Certification to an ISO standard such as 27001 also helps to ensure legal compliance and business continuity by establishing robust controls to meet the requirements that can protect against cyber attacks or loss of critical data.

Why is this?

ISO 27001 Information Security Management System is a standard used by organisations to demonstrate their ability to consistently keep information both confidential & protected and to meet regulatory and customer requirements.

Any customer will have basic expectations and requirements for their information to be protected, but a company with a strong commitment to Information Security Management that can demonstrate its progress will not only reassure existing customers but will give confidence to new customers that may be risk adverse due to the nature of their work.  Specific industries with high expectations for information security may include Energy, Public, Banking, MOD or Nuclear sectors.

“ISO 27001 Certified” means that an organisation has met the requirements within ISO 27001.

Will our business benefit from ISO 27001?

ISO 27001 Certification benefits include the following;

• Improve risk management of confidential information
• Improve accessibility to the correct information at the right time
• Improves the protection and controls company assets
• Meet Customer Requirements
• Improve the Consistency of Your Operations
• Provides mechanisms to demonstrate legal compliance
• Improved customer retention and acquisition
• Provide consistent outcomes that can be measured and monitored.
• Helps to Identify applicable information risks and controls
• Positively stand out from competitors.

Another benefit is that the ISO 27001 follows the ISO Annex SL structure allowing for easier integration with other management systems.  This simply means that it follows the same basic requirements and structure as other ISO management system standards.  However, Annex A of ISO 27001 introduces 93 controls for information security that include but are not limited to;

• Physical controls such as restricted access to site and protection of IT cables
• Cryptography controls such as using encryption of information to protect sensitive or critical information, either stored or transmitted
• Communication controls such as segregation of networks

The 93 controls are aligned with and are explained in the ISO 27002 Information Technology — Security Techniques — Code of Practice for information security controls.

Checking that the Information Systems & processes are secure is a vital part of ISO 27001 and an organisation performs internal audits to check how its Information Security management system is working.  Your business can do this by training staff to be Internal Auditors, or, like the majority of our customers they may decide to outsource Internal audits to a specialist consultancy such as ourselves at QHSE ABERDEEN https://www.qhseaberdeen.com/

Most of our Customers start out by enquiring about the process, duration and costs of gaining ISO Certification.  This comes about due to the fact they have heard how it can streamline the business and perhaps they have been asked if they have a certain ISO Certification during a tendering process.

Depending on the size of the organisation and what they already have in place, it can take on average just under 3 weeks to develop and implement an Information Security management system – ISO 27001 from scratch.  Our consultants work closely with our customers to develop the bespoke ISO 27001 ISMS.

Note – ISO 27001 has been updated to the 2022 edition, and we’re approaching a crucial deadline. From the 1st of May 2024, all new certifications and recertification audits will be conducted according to this new standard, focusing on aligning with the latest management system structures and consolidating controls in key areas. You must have transitioned to ISO 27001:2022 by the 31st of October 2025. After this date, certificates based on the old ISO 27001:2013 standard will no longer be valid. The earlier you start, the smoother the process will be.

We always advise our customers to go with a UKAS accredited Certification body.  The terms ‘accreditation’ and ‘certification’ are often used in the wrong context.  Companies that issue certificates or declarations of conformance such as Certification Body, can refer to themselves as being ‘accredited’ if they are monitored by a third party such as UKAS.  The organisations whose management systems are successfully audited by the certification bodies hold ‘certification’.  i.e. QHSE ABERDEEN are certified for ISO 9001, 14001 and 45001 by NQA who are a UKAS accredited Certification Body

“Certification is an audit of whether an organisation, product or individual, conforms to the criteria laid out in a recognised standard or scheme”. (credit – UKAS https://www.ukas.com/accreditation/about/accreditation-vs-certification/)

We understand that ISO 27001 may appear daunting. Our qualified consultants are here to ensure that the process is as smooth as possible and that you gain maximum benefits.

We hope this insight into ISO 27001 Information Security Management system has proved to be beneficial and encouraged you to look further into gaining an ISO Certification to grow your business.

We also sell ready-made ISO 27001 Toolkitsfor you to develop and implement your own Information Management System (with a little help from your IT dept perhaps).

If you would like to discuss where to start with ISO Management Systems or need advice or assistance with any QHSE topic, then please get in touch, we would be more than happy to help. https://www.qhseaberdeen.com/ or look at the “practical guide for SMEs” here.. https://www.iso.org/publication/PUB100484.html

Legal updates

Guidance

Updated Gas Safety (Management) Regs 1996

A guide to the Gas Safety (Management) Regulations 1996 (as amended) – L80 (hse.gov.uk)

Updated Guidance RIDDOR

RIDDOR – Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013 – HSE

Legionnaires’ Disease – Technical guidance – HSE (HSG274 March 2024)

Legionnaires’ disease – Technical guidance (hse.gov.uk)

Updated Guidance Vibration

Vibration – HSE

Also,

Legislation

Pressure equipment (safety) (amendment) regs 2024

https://www.legislation.gov.uk/uksi/2024/490/contents/made

Pensions Increase (Review) (no 2) Order 2024

https://www.legislation.gov.uk/uksi/2024/372/contents/made

Employment tribunals (constitution and rule of procedure) (Amendment) Regulations 2024

https://www.legislation.gov.uk/uksi/2024/366/contents/made

Pensions Act 2004 (Codes of Practice) (Revocation) Order 2004

https://www.legislation.gov.uk/uksi/2024/273/contents/made

DRAFT The Maternity Leave, Adoption Leave and Shared Parental Leave (Amendment) Regulations 2024

https://www.legislation.gov.uk/ukdsi/2024/9780348254846

Carer’s Leave Regulations 2024

https://www.legislation.gov.uk/uksi/2024/251/contents/made

Even with all the H&S regulations and ISO Management Systems we still see too many shocking incidents.

See the latest news from HSE here https://press.hse.gov.uk/?utm_source=govdelivery&utm_medium=email&utm_campaign=press-channels-push&utm_term=intro&utm_content=prosecution-30-apr-24

Here’s one from Consortiq, one of our subscribers to our newsletters…

Are You Aware of Upcoming Changes to Drone Pilot Requirements? The Civil Aviation Authority recently announced changes to remote pilot competence requirements. Remote pilot competence is critical to the ongoing safe operation of unmanned aircraft systems. In July 2023, the CAA published an initial consultation on the future of remote pilot competence standards. The consultation received 112 detailed responses from a wide range of stakeholders. This second consultation builds upon feedback received in the first round. It provides a more detailed policy position on proposed changes. What Changes Are Proposed? The proposal covers amendments to several sections of Acceptable Means of Compliance and Guidance Material related to UK Regulation (EU) 2019/947. The CAA has identified the expansion of the UK remote pilot competence scheme to include training for complex operations such as Beyond Visual Line of Sight as a key enabler for the growth of the UK UAS industry, according to their DiSCO project findings. The AMC introduces four new levels of remote pilot competence ranging from Level 1 to Level 4 based on feedback from the initial consultation. It also includes minor clarifications to supporting guidance to clearly define remote pilot and operator responsibilities. Andy Huggett, Global Training Manager and Regulations Specialist at Consortiq, participated in the DiSCO project. He stated, “We welcome the changes to remote pilot competency standards as it will help professionalise the industry and enable Beyond Visual Line of Sight operations.” If you would like to discuss how these upcoming changes may impact your business, please contact Andy Huggett at Andy@consortiq.com. ARPAS and Consortiq are hosting a free webinar on 25th April at 12:30, sign up here; https://www.linkedin.com/events/7181228109671624706/comments/

ISO Auditor Training

Last month QHSE Aberdeen issued over 30 certificates for ISO Auditor Training.

A huge congratulations and a shout-out to all the delegates concerned.

The next Auditor Training courses are..

ISO 45001 Health & Safety Lead Auditor            27th May  –   5 days

ISO 9001   Quality – Lead Auditor                        10th June  –  5 days

ISO 9001 Quality – CQI and IRCA Certified

Internal Auditor                                                     11th June  –   2 days

IMS – ISO 9001/14001/45001 Internal Auditor    2nd June   – 3 days

Book now to ensure your place.

Training delegates and organisations consistently choose QHSE ABERDEEN for ISO Auditor training due to our unparalleled commitment to delivering comprehensive, practical, and industry-leading courses that empower participants to excel in their roles and drive continuous improvement in quality, health, safety, and environmental management systems.  If you or someone in your organisation would like to become a Lead Auditor or attend one of our CQI and IRCA Certified ISO 9001 Internal Auditor Courses then contact us now to book your place/s.