Compass Assurance Services http://compassassurance.com.au Helping you manage risks more effectively Mon, 22 May 2017 02:40:48 +0000 en-US hourly 1 Ransomeware & Cyber Security http://compassassurance.com.au/blog/ransomware/ http://compassassurance.com.au/blog/ransomware/#respond Mon, 22 May 2017 02:28:45 +0000 http://compassassurance.com.au/?p=6620 Many of us awoke this Monday morning to hear of the latest wave of ransomware attacks on business globally. As many as 200,000 businesses over 150 countries were targeted with… read more →

The post Ransomeware & Cyber Security appeared first on Compass Assurance Services.

]]>
Many of us awoke this Monday morning to hear of the latest wave of ransomware attacks on business globally. As many as 200,000 businesses over 150 countries were targeted with at least three being identified as Australian businesses.

For those who aren’t familiar with ransomware, it attacks users’ computers, encrypting files and places a ransom on their release with the threat of deleting the data permanently. In this instance hackers took advantage of vulnerabilities in older outdated versions of Microsoft users had installed and failed to update. Ransom was demanded in Bitcoin and the attack generated around USD$55,000 of payments. The attack was halted when a 22-year-old discovered a kill-switch in the code.

The attack disrupted operations at car factories, shops and schools. a UK Hospital was even forced to turn away some patients as they could not access their patient records. Such attacks have the potential for devastating effects on government and larger organisations operations. Fortunately, in this attack, no critical functions appear to have been affected.

Small businesses are often targeted by cyber security threats with a third documented cyber-attacks in Australia occurring upon small-to-medium businesses. SME’s often make easy targets for cyber crooks as business owners-operators have been found to have lower levels of concern and measures in place around protecting their cyber security. In this instance, the vulnerabilities that supported these attacks could have bene prevented if the hardware was updated regularly. Yes, we all know updating computers can be an annoying with updating requiring computers to be restarted disrupting your working day. However, this is a clear example of why it is so important to keep all software up to date as required. Take a look at out blog post here for 4 easy tips to protecting your information security.

These are precisely the types of issues that ISO27001 Information security management is aimed at preventing. ISO 27001 certification is aimed at creating and establishing processes to safeguarding information your Information Security from unauthorised access, use, destruction, modification or disclosure. As organisations have become more connected with increased information flows productivity has improved dramatically. The flip side to all this is that we are now more reliant on this data and information than ever before. If our organisation’s data becomes corrupted, destroyed or falls into the wrong hands it can have serious commercial and legal consequences.

The post Ransomeware & Cyber Security appeared first on Compass Assurance Services.

]]>
http://compassassurance.com.au/blog/ransomware/feed/ 0
A guide to ISO 14001 certification: your environmental controls http://compassassurance.com.au/blog/guide-iso14001-certification-environmental-risks/ http://compassassurance.com.au/blog/guide-iso14001-certification-environmental-risks/#respond Tue, 09 May 2017 23:15:02 +0000 http://compassassurance.com.au/?p=6607 It’s time for the next instalment in our new blog series; Your Guide to ISO 140001 Certification. In the last post, we covered how to identify your environmental risks. After going… read more →

The post A guide to ISO 14001 certification: your environmental controls appeared first on Compass Assurance Services.

]]>
It’s time for the next instalment in our new blog series; Your Guide to ISO 140001 Certification. In the last post, we covered how to identify your environmental risks. After going through this processes your business should now have a list of environmental risks that your environmental system can now be establish controls around.

One key thing/consideration a lot of people tend to get wrong is to consider your environmental issues without controls in place. It is common for a client in their initial audits or interactions with ISO 14001 to say but we don’t have any environmental issues – often this is because they are already managing them

For example: If you run a cleaning business with a warehouse full of cleaning products and chemicals. You may initially say there are no environmental risks, but this is because they are already securely stored with drainage and stormwater runoff managed within the warehouse.

 

To create an EMS you need to analyse this risk without the pre-existing controls in place.

This can be a difficult process for some clients to go through as often these practices are common knowledge and almost second nature or may be so integrated into the business or industry that they are often difficult to identify as risks.

 

If you take the controls away does the risk increase?

Some clients can also take the other approach, they already have adequate controls in place but may think they aren’t doing enough or put extras controls or procedures in place in order to gain ISO 14001 certification. This is where risk-based thinking comes in,  if that risk is already being managed, then creating extra procedures to manage it will only waste your businesses time and resources. As we’ve said in previous posts don’t create procedures because you think ISO certification requires them. All procedures need to make sense within the context of your business.

When creating controls around your environmental outputs you must go back to first steps and ask the question is this risk significant to my business. Often clients/businesses will put in place controls around their environmental outputs they have determined are an insignificant risk.

ISO 14001 only requires businesses to put controls around risks that are significant to the business. If you determine and justify why an environmental aspect is not a significant risk then you don’t have to out controls around that risks to satisfy the requirements of ISO 14001 environmental certification.

 

So to recap when working towards ISO 14001 certification you need to come up with your environmental outputs, consider if they are a significant risk to your business and then place adequate controls around the risks you have considered significant.

The post A guide to ISO 14001 certification: your environmental controls appeared first on Compass Assurance Services.

]]>
http://compassassurance.com.au/blog/guide-iso14001-certification-environmental-risks/feed/ 0
HACCP and your CCP’s – How to determine your critical control points http://compassassurance.com.au/blog/haccp-ccps-determine-critical-control-points/ http://compassassurance.com.au/blog/haccp-ccps-determine-critical-control-points/#respond Wed, 26 Apr 2017 03:33:14 +0000 http://compassassurance.com.au/?p=6602 HACCP food safety certification takes a fundamental approach to assessing and preventing risk at any stage of the food production and handling stage from transportation to being served on your… read more →

The post HACCP and your CCP’s – How to determine your critical control points appeared first on Compass Assurance Services.

]]>
HACCP food safety certification takes a fundamental approach to assessing and preventing risk at any stage of the food production and handling stage from transportation to being served on your plate at your favourite restaurant. Defining and identifying Critical Control Points (CCP’s) is an essential step to both getting and maintaining your HACCP food safety certification.

 

Did you notice it’s even referenced in the term HACCP food safety Certification? HACCP stands for Hazard Analysis and Critical Control Points.

 

HACCP food safety certification can have a huge range of benefits for any organisation willing to implement a compliant food safety management system. Take a read of our Top 5 Reasons to get HACCP certified post. We’ve worked on a guide to how to identify what your business’ CCP’s are as an essential step to getting HACCP food safety certification.

 

What is a Critical Control Point?

A critical control point is the point where the failure of a standard operation procedure (SOP) could cause harm to a consumer. This concept is not exclusive to food preparation and handling; it can be applied to any form of service or product. CCP’s are particularly relevant to the food preparation and other subsidiary industries as food products are vulnerable to cross contamination. Cross contamination comes in many forms including; microbiological, physical, chemical and allergens. This is covered in HACCP Principle 1: Hazard Analysis (HA).

HACCP is a tool that focuses on prevention rather than relying on end-product testing. HACCP can be applied through the food chain from primary production to final consumption and its implementation is guided by scientific evidence of risks to human health.

 

How to identify your CCPs.

A key competent of CCP’s is the term Critical: you only need to implement controls around the control points in your food handing processes that are deemed critical to the safety of consumers of the product. CCP’s can be based upon Established food safety principles or published research, Legislative requirements and are ideally be measurable and quantitative. It is not enough to simply check the finalised product; each critical step in the process for a product needs to be regarded.

 

Example: Chicken sandwich.

A cooked chicken sandwich is produced for wholesale to a café. A critical element regarding the safety of the customer consuming that sandwich would be is the chicken cooked correctly to avoid food poisoning? A CCP control would be measuring the internal temperature (74oC for 15 seconds) of the chicken before it is placed in the sandwich.

 

CCP’s between businesses and industries will be unique and all must be considered within the context of the business, its industry and operating environment.

Want more information on HACCP certification? Contact our friendly and knowledgeable team for help.

The post HACCP and your CCP’s – How to determine your critical control points appeared first on Compass Assurance Services.

]]>
http://compassassurance.com.au/blog/haccp-ccps-determine-critical-control-points/feed/ 0
Guide to Management Review http://compassassurance.com.au/blog/guide-management-review/ http://compassassurance.com.au/blog/guide-management-review/#respond Thu, 20 Apr 2017 13:48:55 +0000 http://compassassurance.com.au/?p=6596 Conducting regular management reviews are a compulsory requirement for both getting and maintaining your ISO9001 Quality Management certification. However, they don’t need to be a tedious, “chore”. We’ve come up… read more →

The post Guide to Management Review appeared first on Compass Assurance Services.

]]>
Conducting regular management reviews are a compulsory requirement for both getting and maintaining your ISO9001 Quality Management certification. However, they don’t need to be a tedious, “chore”. We’ve come up with a few tips for getting the most out of your ISO9001 Quality Management review meetings and how to make them more engaging and valuable.

 

But what is it meant to look like?  

Our auditors often get clients asking what an ISO9001 management review is supposed to look like. A common first impression is the traditional sit down around the table style “board” meeting. The ISO9001 management standard does not specify any requirements about the structure or the “how” management reviews are to be conducted.

As long as you can demonstrate to your auditor that;

  • management review has occurred and;
  • provide evidence of the management review

It can take whatever form works best for your business. This is particularly useful if your management team are in different areas around the country or travel often; e.g Head of Quality based in Sydney with a Managing Director based in Melbourne or prefer to work remotely.

A common piece of feedback from clients is that management reviews conducted offsite in a less formal setting are generally more effective and engaging than the traditional let’s all sit around a board room table. Think about holding your reviews out of the office or site to keep the management team focused.

 

So what do we have to talk about?

The ISO9001 standard is much clearer on what is required to be covered for a management review as opposed to what they need to look like.

The first thing you need to consider is the changes both within your business (internal) and changes in the industry and operating environment (external) that will have impacts on your quality management system. These could include things like hiring of new staff or offering a new product range or service or for external issues changes in regulations or new competitors in your market.

A management review also requires you to cover the following key components of your ISO9001 Quality management system

  • customer satisfaction and stakeholder feedback
  • quality objectives performance
  • product performance and conformity
  • nonconformance and corrective action
  • monitoring and measurement including audits
  • external providers
  • process performance and conformity of products
  • services and;
  • adequacy of resources`

 

Tip: Think about these reviews as an opportunity to improve your business and drive business development

ISO9001 requires management review to cover; actions taken regarding risk and opportunity, improvement of the QMS and opportunities for improvement. Approaching a management review as a business development review can drive further improvements and help achieve organisational goals.

If this isn’t your first management review then don’t forget to cover the status of actions identified in your previous management review.

ISO9001 is a business management and systems standard – it is designed to ensure business are operating optimally and be a great tool for business development and improvement if approached with the right mindset.

The post Guide to Management Review appeared first on Compass Assurance Services.

]]>
http://compassassurance.com.au/blog/guide-management-review/feed/ 0
Your Guide to ISO14001 certification: Environmental risks http://compassassurance.com.au/blog/guide-iso-14001-certification-environmental-risks/ http://compassassurance.com.au/blog/guide-iso-14001-certification-environmental-risks/#respond Mon, 10 Apr 2017 13:30:30 +0000 http://compassassurance.com.au/?p=6590 It’s time for the next instalment in our new blog series; Your Guide to ISO140001 Certification. In the last post we covered a range of useful tips to identify your… read more →

The post Your Guide to ISO14001 certification: Environmental risks appeared first on Compass Assurance Services.

]]>
It’s time for the next instalment in our new blog series; Your Guide to ISO140001 Certification. In the last post we covered a range of useful tips to identify your environmental outputs, an essential component of getting ISO14001 Environmental certification. If you haven’t read this post yet you can check it out below. Now it is time to take a look at your environmental risks and how they impact your environmental management system (EMS).

Your guide to ISO14001 Certification: Your Environmental outputs

The next thing that needs to/could occur is to consider the risk associated with each of these interactions. It can be useful here to take a safety based concept of risk when considering the risks associated with your environmental interactions and their impacts. An example of an acceptable risk could be I have an interaction with the environment because I use my car to travel between client’s locations however I am a small business with only one or a few vehicles which I operate and maintain efficiently to reduce C02 omissions this level of risk would be considered acceptable.

 

When considering what makes a risk acceptable or not is to consider the controls that can be put in place as part of the environmental management system to reduce this risk and whether or not this adds value to your system.You also need to think about what other stakeholders both internal and external to your business want to see. For example your business may pride themselves on being Co2 emission conscientious and may wish to see some further controls or changes put around the use or types of vehicles the business uses. This would add value to your management system.

 

It is also key to consider what your clients want to see. If your clients value how you manage an environmental output – be it air or noise pollutions, or run off into waterways, it would add value to your business and management system to place appropriate/adequate controls around that output. Legal requirements also need to be included, it is essential your business is aware of what the law requires you to do regarding environmental outputs.

 

“What do your clients say? What does the law say?”

 

Example: A client may only wish to use local suppliers to reflect a concern around the amount of energy needed to transport supplies from out of state or internationally whereas a business operating in the same industry may not see the value in only using local suppliers and therefore would not integrate this output into their environmental management system.

This also emphasis that a business’s EMS is truly unique to that business, no two would be identical as different operators and clients will have different environmental concerns and values.

If you haven’t already and think you are ready for certification contact us now and request a quick quote including answers to all your questions on everything ISO14001 certification.

The post Your Guide to ISO14001 certification: Environmental risks appeared first on Compass Assurance Services.

]]>
http://compassassurance.com.au/blog/guide-iso-14001-certification-environmental-risks/feed/ 0
ISO45001 and OHSAS18001: Updates & Key Changes http://compassassurance.com.au/blog/iso45001-ohsas18001-updates-key-changes/ http://compassassurance.com.au/blog/iso45001-ohsas18001-updates-key-changes/#respond Thu, 06 Apr 2017 13:30:25 +0000 http://compassassurance.com.au/?p=6588 ISO45001 is the currently unpublished safety management systems standard that has been developed to replace the current OHSAS 18001 standard. The revised standard brings with it a range of changes,… read more →

The post ISO45001 and OHSAS18001: Updates & Key Changes appeared first on Compass Assurance Services.

]]>
ISO45001 is the currently unpublished safety management systems standard that has been developed to replace the current OHSAS 18001 standard. The revised standard brings with it a range of changes, updates and a new approach to OHSAS management systems. The ISO45001 revision was approved and the first draft published back in 2014 and it is now nearly time for ISO45001 to be formally published with the new standard currently being expected to be published early 2018.

 

What is changing in ISO45001?

What this revision of the safety standard aims to do is to draw the safety management system closer to an organisations core operational processes. By further integrating the safety system to the organisations core activities ISO45001 aims to establish a strong safety culture. The newer version of the safety standard also asks for leadership from management across all levels and pushes consultation with those affected by the systems including employees and contractors as well.

 

What does this mean for my current OHSAS 18001 certification?

As ISO45001 is superseding OHSAS 18001 if your business is currently certified to OHSAS 18001 you will need to transition your certification to the new standard. The good news here is ISO45001 shares a majority of it’s framework with both AS/NZS4801 and OHSAS18001 so if your business is certified to or familiar with either of these standards the transition will be smoother. The new standard also follows the same Annex SL structure as the ISO9001:2015 and ISO14001:2015 revisions for ease of integration with your existing systems.

The final version of the standard is yet to be published but the new standard will include an additional focus on top management buy-in and safety culture that organisations can work towards creating in anticipation of the final publication;

 

  • Worker participation
  • Continual improvement
  • Hierarchy of control
  • Risk management (and emergency management)
  • Compliance status
  • Contractors, procurement and outsourcing

 

Keep an eye on our blog posts and emails for more information on the transition as the publication of the revised standard is finalised.

The post ISO45001 and OHSAS18001: Updates & Key Changes appeared first on Compass Assurance Services.

]]>
http://compassassurance.com.au/blog/iso45001-ohsas18001-updates-key-changes/feed/ 0
ISO19600 Compliance Certification: how it can help smaller businesses http://compassassurance.com.au/blog/iso19600-compliance-small-business/ http://compassassurance.com.au/blog/iso19600-compliance-small-business/#respond Mon, 03 Apr 2017 13:30:02 +0000 http://compassassurance.com.au/?p=6582 ISO19600:2014 Compliance management aims to establish and evaluate a compliance managements systems – compliant to any set of rules, laws or standards an organisation wishes to be measured against. It… read more →

The post ISO19600 Compliance Certification: how it can help smaller businesses appeared first on Compass Assurance Services.

]]>
ISO19600:2014 Compliance management aims to establish and evaluate a compliance managements systems – compliant to any set of rules, laws or standards an organisation wishes to be measured against. It is more commonly implemented in larger financial institutes like banks than many other smaller enterprises. Despite it’s popularity among larger businesses ISO19600 Compliance certification can also have valuable benefits to smaller to medium size businesses that are willing to work towards the standards requirements.

 

The ISO19600 standard has been constructed in a manner to make it adaptable to smaller enterprises despite being primarily implemented by larger organisations. The compliance standard makes recommendations that SME’s are given a greater degree of freedom in and consideration is given to ensure that compliance measures are appropriate considering the size of the organisation.

 

An organisations size is given key consideration when defining the scope of the compliance program and the allocating of roles and resources. This is based upon one of the key principles the standard is built around; proportionality. (For more about the standard generally read this blog post here)

 

One key benefit of being a smaller organisation working within ISO19600 is that in order for a compliance program to be successful it is essential that top management are invested in the program. Smaller organisations with small or even single person management roles are more agile and responsive that large corporations with hundreds of employees, making demonstrating that top management is responsible for the compliance program easier.

 

SME’s should also consider the industry in which they operate. Businesses operating in highly regulated industries could considering using ISO19600 to measure compliance against industry codes of practices or standards. This would be an effective method of demonstrating to your clients, external parties, competitors and investors that your organisation is compliant with industry measures.

 

If 19600 sounds like something your business or organization wants to work towards contact us for a quick quote or further information from our experienced team.

The post ISO19600 Compliance Certification: how it can help smaller businesses appeared first on Compass Assurance Services.

]]>
http://compassassurance.com.au/blog/iso19600-compliance-small-business/feed/ 0
A quick guide to getting HACCP food safety certification http://compassassurance.com.au/blog/quick-guide-getting-haccp-certified/ http://compassassurance.com.au/blog/quick-guide-getting-haccp-certified/#respond Wed, 29 Mar 2017 13:30:51 +0000 http://compassassurance.com.au/?p=6562 For many smaller organisations without dedicated Food Safety or Quality Assurance staff the whole idea of implementing a Food Safety system such as HACCP Food Safety certification can appear daunting… read more →

The post A quick guide to getting HACCP food safety certification appeared first on Compass Assurance Services.

]]>
For many smaller organisations without dedicated Food Safety or Quality Assurance staff the whole idea of implementing a Food Safety system such as HACCP Food Safety certification can appear daunting and expensive. The first step is to get in touch with a reputable certification body, they can give you some initial guidance on:

 

  • If you need HACCP Food Safety certification?
  • If you require any training?
  • How best to utilise your available funds?

Once you have the capacity to either develop your system by yourself or in conjuction with a consultant you need to check what you are developing against the standard itself. most certification bodies will at this point provide you with a self assessment checklist to keep your work focused on meeting the needs of the standard. Take a look at our HACCP Self-Assessment checklist – it breaks down the standard point by point to help you achieve HACCP Food Safety certification.

 

Once you think your system has addressed all the criteria of the check list  you are ready for your first assessment.  We will send an auditor to your premises who will check the documentation you have produced against the standard and indentify any gaps. A report will be produced that highlights any areas that require more work to be done. It is now back to you to close the gaps identified in the report.

During this assessment the auditor will be looking for evidence that what you have written in your Food Safety sytem you are actually doing. If evidence cannot be provided the auditor will identify these areas in a second report. It is now back to you to either change what you have written in your HACCP Food Safety system or change the way you are doing things.

Once the auditor is satisfied that what you have documented is what you are actually doing certification will be granted.

If HACCP Food Safety certification is something your business needs contact us now for a quick quote.

The post A quick guide to getting HACCP food safety certification appeared first on Compass Assurance Services.

]]>
http://compassassurance.com.au/blog/quick-guide-getting-haccp-certified/feed/ 0
Your guide to ISO 14001 Certification: Your Environmental outputs http://compassassurance.com.au/blog/guide-iso-14001-certification-environmental-outputs/ http://compassassurance.com.au/blog/guide-iso-14001-certification-environmental-outputs/#respond Sun, 26 Mar 2017 13:30:00 +0000 http://compassassurance.com.au/?p=6559 Whether you’ve decided it’s time to work towards implementing ISO 14001 environmental management to your business or are still weighing it up determining your environmental outputs is a key first… read more →

The post Your guide to ISO 14001 Certification: Your Environmental outputs appeared first on Compass Assurance Services.

]]>
Whether you’ve decided it’s time to work towards implementing ISO 14001 environmental management to your business or are still weighing it up determining your environmental outputs is a key first step to gaining ISO 14001 Certification. What your business determines around your environmental outputs will form the foundation for the rest of your environmental management system. This post is the first in a short series covering the fundamentals of ISO 14001 certification aimed at helping your business achieve ISO 14001 certification.

 

One common way businesses tend to get wrong is that they analyse the elements of the standard; the legal and others, aspects and impacts, controls and they plan them all in isolation from the way the business operates. Examples of this being that the standard says that I need to have an aspects and impacts register so a client will go and create one without consideration to their operating environment.

 

Considering the context of your organisation and the wider industry is a key part of achieving ISO 14001 certification – read our blog post, The importance of establishing context for ISO 14001 for more.  Everything being created in isolation means that the system was not purpose built for the client’s business and will often ensure that the system does not add value to the business.

 

A stronger approach here would be to consider the inputs into the business and the outputs – what goes in and what goes out approach. What goes out includes outputs into the air, water, ground, land, landfill, sewers, water, stormwater, air, dust – these are your interactions with the environment

 

Anything that exits the boundary of your site needs to be considered in your environmental management plan, After this analysis, you should end up with a list of interactions your business has with the environment. What makes up this list will vary greatly between different businesses and industries, for example a civil construction company would have very different environmental impacts to an office based architecture firm.

 

It is these outputs that you need to consider your environmental risks and implement controls for that will form parts of your ISO 14001 environmental management system. This post is the first in a short series covering the fundamentals of ISO 14001 certification aimed at helping your business achieve ISO 14001 certification. Our next post will look at assessing your environmental risks.

 

If you haven’t already and think you are ready for certification contact us now and request a quick quote including answers to all your questions regarding certification.

 

The post Your guide to ISO 14001 Certification: Your Environmental outputs appeared first on Compass Assurance Services.

]]>
http://compassassurance.com.au/blog/guide-iso-14001-certification-environmental-outputs/feed/ 0
Why ISO 19600 is important to your business http://compassassurance.com.au/blog/iso19600-important-business/ http://compassassurance.com.au/blog/iso19600-important-business/#respond Thu, 23 Mar 2017 13:30:09 +0000 http://compassassurance.com.au/?p=6556 ISO 19600:2014 is the international standard regarding compliance management systems and is one of the lesser known ISO standards, it may not have the popularity or “rockstar status” of ISO… read more →

The post Why ISO 19600 is important to your business appeared first on Compass Assurance Services.

]]>
ISO 19600:2014 is the international standard regarding compliance management systems and is one of the lesser known ISO standards, it may not have the popularity or “rockstar status” of ISO 9001 quality certification or ISO 14001 for environmental certification but it can still have substantial benefits for any organisation willing to implement a compliant system.

 

So what is ISO 19600 standard striving to do? It is trying to measure how compliant a business’ management system – which raises the question compliant to what? You can measure compliance against anything – a set of rules, legislation, standards of practice or industry guidelines; but compliance need not be measured against an external document- compliance could also be measured against internal standards or policies for example, employee codes of conducts or ethics.

 

The ISO 19600 Compliance Management standard is grounded in four principles;

  1. Governance
  2. Proportionality
  3. Transparency
  4. Sustainability

By working within these principles, the standard establishes an organisations management system based upon the chosen measure of compliance

 

ISO 19600 sets out how a Compliance Management system should function in a logical manner. As such Risk Management forms a central part of this standard. Because risks are identified, analysed and evaluated to meet compliance requirements and establish controls, countermeasures that are established to meet these risks and are applied for the highest compliance risks. The standard focuses upon two aspects of an organization’s management systems; firstly, the effectiveness and suitability of compliance measures implemented and the responsibilities and roles of top and senior management in compliance activities.

 

If ISO 19600 sounds like something your business or organization wants to work towards contact us for a quick quote or further information from our experienced team.

 

The post Why ISO 19600 is important to your business appeared first on Compass Assurance Services.

]]>
http://compassassurance.com.au/blog/iso19600-important-business/feed/ 0