- Martin Greenaway
Apologies to regular site visitors for not updating this blog for quite some time, unfortunately work has tended to get in the way !
A lot is happening as per usual in the certification scene with the most significant event being the release of ISO45001 as the new international management systems standard for health and safety. We have long lived with OHSAS18001 in the UK, and its popularity has steadily grown world wide, from my earliest exposure to this standard some 20 years ago there has always been the desire for the OHSAS document to be transformed into an international standard - some said it would never happen but credit to all involved that it has finally been delivered. MGX are currently sourcing additional associate consultants to assist with ISO45001 implementation for organisations and will post further updates shortly.
On the regulatory side GDPR is certainly flavour of the month at the moment, with it coming into force in the UK from May 25th 2018. I have read and heard a lot on this subject and there seems to be a lot of fear and uncertainty surrounding this, particularly for small businesses. My advice would be to only reference authoritative information on this, principally from the ICO website, not to panic, and to take a risk based approach to implementation and actions required. I am sure there are many small organisations, much like MGX, who hold very little personal data and absolutely no sensitive data, hence the impact of GDPR is minimal. I have put a simple privacy statement on this website in the contacts page, perhaps unnecessary but just to makes things clear and put any users mind at ease. Of course if you are involved in more complex marketing activities then you do need to be careful, if you are Facebook or Google and the like then maybe you need to be far more concerned. If you do require formal training on GDPR and a host of other information security related training, as well as training in beautiful surroundings then I would recommend looking up ISOintheSun website for training offerings in Lanzarote given by MGX associate consultant Martin Holzke who has vast knowledge and experience in this area.
To perhaps the more mundane, ISO9001:2008 and ISO14001:2004 expire in just a little over 3 months, so if you haven't made the transition and haven't been audited to the 2015 versions of these standards chances are you have missed the boat, your certificate will expire and should you require these certifications post September 2018 you will probably have to undergo a full initial audit again with your certification body. I do believe that in general the changes to these standards and requirements for transition have been well communicated from all sides this time, so you only have yourselves to blame if you failed to transition.
Finally for now I would like to promote the fact again that I will be conducting quality management related training in Lanzarote via ISOintheSun in the autumn of this year, so please look up the ISOintheSun website to see the training on offer and dates. Training includes ISO9001 lead auditor, ISO9001 lead implementer and Six Sigma Green Belt training and it would be great for me to be able to pass on what is approaching 30 years of quality management experience to those interested - this is a unique opportunity in many respects.