March 2019
Welcome to your March 2019 Newsletter
This month's newsletter offers insights and free resources to keep you up to date on a range of compliance and risk management issues.
ISO 27001 is an international standard that specifies the requirements for an ISMS (information security management system) in the context of an organization's risks.

With the combination of ever-increasing use of information technology in our business operations and the frequent news coverage of data security breaches, there is a growing awareness of the need for information security. This leads to the growing trend for both public and private sector organizations to implement information security management systems and to get those systems certified. We have noticed an increasingly demand for gap analysis, system development and software to support those systems, and clients are often expanding existing systems (e.g. for ISO 9001 Quality) to integrate information security considerations. Our sister organization Qudos Certification has published a list of  10 frequently asked questions about obtaining ISO 27001 certification .
Qudos is delighted to welcome our newest software re-seller Geoff Manu from Camalige.
Camalige Consulting Pty Ltd is committed to making a positive impact on communities. Geoff and his team provide customised management services, create ground-breaking programs for the community services, and help to establish the best teams for each task within the community care sector. Geoff is keen to utilise Qudos3 as an integrated component of his client's compliance and risk management systems.
For more information on Camalige read  here...
ISO did not have an OHS management system certification standard for many years. Instead, many countries went about developing their own national standards. However, all that changed with the 2018 publication of ISO 45001.

Adoption
The new ISO 45001 is now being adopted around the world. For a start, BSI immediately announced that the new standard would replace BS / OHSAS 18001. Other national standards bodies are also following suit. Certification bodies have been busy getting themselves accredited to deliver certification services for the new standard.

The good news is that ISO 45001 is closely aligned with the current versions of other management system standards (such as ISO 9001 Quality, ISO 14001 Environment, and ISO 27001 Information Security). This provides a great opportunity to more efficiently build an integrated management system. As a result, some organizations are now seeking OHS certification for the first time.

Taking the first step
Whether you are seeking OHS certification for the first time OR updating from an older standard like BS/OHSAS 18001 or AS/NZS 4801, t he first step is the same . That is to conduct a  Gap Analysis  . In other words, a check of the current system and controls against the requirements of ISO 45001. The analysis can be performed in-house or with the help of a professional consultant. Either way, a Gap Analysis checklist is required.


New, fully-integrated Gap Analysis Tool
Qudos has published just such an ISO 45001 Gap Analysis checklist for some time in the  Safety Toolkit   . We are now proud to announce the release of the fully-integrated Gap Analysis software tool in Qudos 3 IMS software . This offers an ISO 45001 checklist with verification and results fields that may each be linked to independently-assigned Actions to address the gaps identified. These Actions may be easily monitored for progress until the gaps are closed out. This powerful tool is available now to all Qudos 3 users. It is just the first of a series of Gap Analysis tools for ISO management system standards.

Contact us  for further details about the new Gap Analysis tool and services.
50 sample objectives for your management system
Most of us respond to a challenge and consequently perform better when we have a target to aim for. In contrast, an organization - just like a person - will probably drift aimlessly without having objectives to work towards.

Furthermore, applying some structure and discipline around the planning of objectives is almost certainly going to add some real value to the process.
All ISO management system standards require your organization to have objectives. They don’t prescribe what those objectives should be, but they do expect you to have some. This article explains principles and provides 50 sample objectives for your management system read more...

The Objectives module in Qudos 3 IMS software . has now been further enhanced. It includes everything you need for effective Objective planning and management in your Organization. Contact us for details or a demonstration.
Ask the experts
The latest in our series of FAQs on compliance and risk management.

What evidence would an auditor be expecting for compliance to ISO 9001:2015 clause 7.1.4 Environment for the operation of processes?

This is one of the clauses that did not change too much when the standard was last updated. The requirement is to provide and maintain a suitable environment for your work to take place, and for your products and/or service to comply with obligations. As with much of the standard, ISO is not prescriptive on what kind of environment is required. That will, of course, depend greatly on the nature of your organization and the work it performs. The notes section of the clause very helpfully breaks the environment down into 3 component parts:

  • Social
  • Psychological
  • Physical

Below are some examples of the kind of evidence that could be provided for each of them (remembering that context is very important here - not everything will be applicable to your organization):

Social
  • Anti-discrimination policy
  • Anti-bullying policy
  • Records of those being communicated and implemented

Psychological
  • Well-being programme
  • Shift / roster arrangements
  • Relevant HR policies
  • Return-to-work programme

Physical
  • Air flow / temperature / humidity controls
  • Cleaning schedule / records
  • Maintenance schedule / records
  • Pest control schedule / records
  • Security controls – these could be physical and software-based

General supporting evidence might include records of management reviews or meetings where the above factors are considered, and relevant internal audit records. This topic is often considered alongside infrastructure e.g. buildings, equipment, transport, telecoms, IT.

To illustrate the linkage between various component parts of a management system, there is a growing recognition that employee well-being can have an effect on customer service and satisfaction. This article by Business Psychologist Gordon Tilnline explores the topic further: Want to improve customer service and satisfaction? Invest in employee wellbeing.
First aid audit template

We usually try to include a free audit template in each of our newsletters. This is no exception. Here is an audit template for First Aid - a topic that should be considered under Emergency preparedness and response (ISO 45001 clause 8.2).

Injury management