The latest curated content and expert opinion from the team at QCS International.

Auditing Context

As auditors how can we best prepare to investigate whether an auditee organisation has fully considered the requirements of 'context of the organisation'?

The concepts around context of the organisation can be confusing for those new to ISO standards and auditing their requirements. In order for an organisation to have an effective management system it should be aligned with its strategic direction and take into account the internal and external issues that are relevant, when planning to achieve its objectives. For the purpose of effective planning the organisation needs to understand:

?a/ its status,

b/ what it wants to achieve, and

c/ its strategy on how to achieve it. (If you don’t know clearly your starting point for your journey it will be difficult to achieve the desired destination.) Auditors need to evaluate whether the organisation has addressed these issues. This may include the application of PDCA (the Plan Do Check Act Cycle)

What is Context?

Understanding organisational context is fundamental if we are to begin the application of risk management and risk-based thinking in an organisation. Clause 4.1 of modern ISO management system standards provides us with guidance as to gaining an understanding of internal and external issues, in other words the context within which we operate. We mentioned meeting objectives – in section 6 of the standards we find the mitigation of risk and the pursuit of opportunities for improvement – objectives by any other name!

What might we look for as evidence?

There are many ways and supporting techniques for organisations to observe and analyse their context. The output from this activity should be evident in the determined risks and opportunities. Although there is no requirement for documented information in this section (see for example ISO 9001:2015, clause 4.1), most organisations will find it useful to retain documented information to help understand the rationale and level of understanding of their challenges (e.g., “known knowns, known unknowns and unknown unknowns”). The information which might be helpful in this process could include:

?? Business plan

?? Review of strategy plans

?? Competitor analysis

?? Economic reports from business sectors

?? SWOT & PESTLE analysis

?? Minutes of Meetings

?? Action lists

?? Diagrams, Spreadsheets, Mind mapping diagrams

?? External consultant’s reports

?The auditor could approach this area through an interview with members of the organisation’s top management. It should be evident whether top management have adequately considered their organization’s context; the evidence of this may be adequately demonstrated by showing how the review outputs became the inputs into the management system planning process (risk-based thinking). However, in exploring the nature of the risks and opportunities, the auditor should be able to understand the adequacy of the organisation’s review of its context.

It may be that you’re still seeking that lightbulb moment or perhaps you fully understand the importance of organisational context in developing management systems. Whichever it is ensuring that there’s good solid evidence and clarity of process is crucial in auditing management systems.

To continue this discussion on context of the organisation and other management system requirements get in touch with the team at QCS International for an informal chat in the first instance. We’ll be happy to assist and perhaps help you signpost your next steps.

IAF CertSearch and the role of accredited Certification

Exploring Certification Tools: UKAS CertCheck and IAF CertSearch

In our ongoing efforts to ensure the highest standards of certification in our supply chain and partner networks we often rely on tools like UKAS CertCheck. However, there’s another valuable resource worth mentioning: the IAF CertSearch site. Like UKAS CertCheck, IAF CertSearch helps us verify if an organisation is certified to a satisfactory level. The key difference? IAF CertSearch has a broader reach, allowing for global searches as opposed to finding just those organisations that are certified by a UK (UKAS) accredited certification body.

Note: The UK Government supports UKAS as the sole body within the United Kingdom to accredit certification bodies to deliver ISO certification services to organisations. It’s very much a case of buyer beware, there are companies who will offer a simple audit and certificate issue service, these businesses may claim to offer something that is not what it seems. UKAS is the United Kingdom’s representative member organisation of the IAF.

https://www.iafcertsearch.org/

What is the IAF?

The International Accreditation Forum (IAF) is a global association of accreditation bodies and other organisations involved in conformity assessment.?Its primary role is to develop a unified worldwide program of conformity assessment, which reduces risk for businesses and their customers by ensuring that accredited certificates can be trusted globally.?The IAF’s Multilateral Recognition Arrangement (MLA) ensures that certificates issued by accredited bodies are recognised internationally, promoting the elimination of technical barriers to trade.

Why is Accredited Certification Important?

Accredited certification is crucial for several reasons:

Ensures Competency: Accreditation guarantees that certification bodies are competent in assessing specific standards, providing impartial and reliable assessments.

Provides Legitimacy: Accredited certification is recognised internationally, ensuring that the certification body follows strict standards and requirements.

Reduces Risks: It minimises the likelihood of making poor decisions regarding management systems, thereby ensuring better resource allocation.

Supports Market Access: Accredited certification helps businesses access new markets by providing proof of compliance with international standards.

In summary, tools like UKAS CertCheck and IAF CertSearch are invaluable in certification processes, ensuring that we maintain high standards in our supply chain through avoiding the risk associated with non-accredited certification.

ISO 42001 Artificial Intelligence Management System (AIMS)

Understanding ISO 42001 Artificial Intelligence Management Systems

Introduction to ISO 42001

ISO 42001 is a comprehensive standard designed to guide organisations in implementing effective Artificial Intelligence (AI) Management Systems. This standard provides a framework for managing AI technologies responsibly, ensuring they are used ethically, safely, and efficiently.

Key Contents of ISO 42001

1. AI Governance and Leadership: Establishes the roles and responsibilities of leadership in overseeing AI initiatives, ensuring alignment with organisational goals and ethical standards.
2. Risk Management: Outlines processes for identifying, assessing, and mitigating risks associated with AI technologies, including data privacy, security, and ethical considerations.
3. AI Lifecycle Management: Provides guidelines for managing the entire AI lifecycle, from development and deployment to monitoring and decommissioning.
4. Compliance and Legal Requirements: Ensures adherence to relevant laws, regulations, and industry standards, promoting transparency and accountability.
5. Continuous Improvement: Encourages ongoing evaluation and improvement of AI systems to enhance performance and adapt to evolving technological landscapes.

Benefits of Gaining ISO 42001 Certification

1. Enhanced Trust and Credibility: Certification demonstrates a commitment to ethical AI practices, building trust with customers, partners, and stakeholders.
2. Risk Mitigation: By following standardised risk management processes, organisations can reduce the likelihood of AI-related incidents and their potential impact.
3. Regulatory Compliance: Ensures that AI systems comply with current laws and regulations, reducing the risk of legal issues and penalties.
4. Operational Efficiency: Streamlined processes and best practices lead to more efficient AI system management, reducing costs and improving outcomes.
5. Competitive Advantage: Certification can differentiate an organisation in the marketplace, showcasing its dedication to responsible AI use and innovation.

Steps to Achieve ISO 42001 Certification

1.????? Get the Relevant Parties on Board: Ensure that all key stakeholders, including top management, are committed to the certification process. Their support is crucial for resource allocation and overall success.

2.????? Perform a Risk Assessment and Gap Analysis: Identify potential risks associated with your AI systems and conduct a gap analysis to determine where your current practices fall short of ISO 42001 requirements.

3.????? Develop Policies, Objectives, and Controls: Create and implement policies, objectives, and controls that align with ISO 42001 standards. This includes establishing ethical guidelines, risk management procedures, and compliance measures.

4.????? Set Up Monitoring and Documentation Procedures: Implement effective monitoring systems to track the performance of your AI systems. Ensure thorough documentation of all processes, decisions, and changes to maintain transparency and accountability.

5.????? Prepare for the External Audit: Conduct internal audits to identify and address any non-conformities. Once you are confident in your compliance, schedule an external audit with your chosen certification body.

6.????? Establish Post-Certification Maintenance Processes: After achieving certification, maintain and continually improve your AI management systems. Regularly review and update your practices to stay compliant with evolving standards and technologies.

Following these steps will help your organisation achieve and maintain ISO 42001 certification, ensuring responsible and ethical AI management

Conclusion

Adopting ISO 42001 for AI Management Systems is a strategic move for organisations aiming to leverage AI responsibly and effectively. The certification not only enhances operational efficiency and compliance but also builds trust and credibility in the eyes of stakeholders.

Feel free to reach out if you have any questions or need further information on ISO 42001!

Pollution Prevention

Guidance in Pollution Prevention

For those tasked with maintaining environmental management systems whether certified to ISO 14001:2015 or not it is often difficult to find a resource that meets the needs of your organisation. Just what are the likely environmental aspects of your organisation that you should be concerned about and how might you best prepare to control any emergency situations that might arise? The UK regulators themselves provide some useful guidance and in particular we’d like to draw your attention to GPP1 produced jointly by the environmental regulators in Scotland, Northern Ireland and Wales. England’s Environment Agency publishes similar guidance and where assed jointly with the requirements of current environmental legislation you can find guidance to help you manage your environmental responsibilities.

Guidance for Pollution Prevention (GPP1). This document is essential for businesses and organizations aiming to understand and implement good environmental practices to prevent pollution.

Key Points:

1. Introduction to Pollution Prevention: GPP1 provides a basic introduction to pollution prevention, emphasizing the importance of protecting the environment and complying with legal requirements.
2. Drainage Management: It highlights the significance of managing drainage systems to prevent dirty water from contaminating surface water drains.
3. On-Site Water Treatment: The guidance includes recommendations for on-site water treatment facilities to ensure that water discharged from sites meets environmental standards.
4. Safe Storage of Hazardous Materials: Proper storage of fuels, oils, chemicals, and other materials is crucial. GPP1 advises on planning storage areas, using suitable containers, and containing leaks and spills.
5. Legal Compliance: Following the guidelines helps businesses comply with environmental laws and reduces the likelihood of pollution incidents, which can result in criminal offences.

By adhering to the GPP1 guidelines, businesses can significantly reduce their environmental impact and contribute to a cleaner, safer environment. For more detailed information, you can visit the SEPA website or access the full GPP1 document on NetRegs.

Feel free to reach out to us here at QCS International if you have any questions or need further assistance!

QCS International provides a range of environmental consultancy services from implementation of management systems to audit, compliance evaluation and CQI IRCA Registered ISO 14001auditor training.

Safety Procedures

Establishing Best Practices for Workplace Health and Safety in 2025

Introduction

For U.K.-based companies, establishing best practices for health and safety in the workplace is as crucial as managing business finances. Poor working practices not only drain efficiency but also incur hidden costs. According to the Health and Safety Executive (HSE), more than 600,000 U.K. workers sustained non-fatal injuries at work from 2023-24. The main causes? Preventable workplace accidents, primarily from handling or carrying items (20%), falling or tripping (19%), and coming into contact with objects (10%).

The argument to not only manage workplace safety but to implement a compliant ISO 45001 Occupational Health and Safety Management System have never been greater

Steps to a Safer Workplace

1. Identify Notable Hazards

Establishing safety procedures can be challenging due to the complexity of operations across departments. A Job Hazard Analysis (JHA) can help isolate major tasks and identify safety concerns. This involves reviewing each task step-by-step to pinpoint areas of risk. Prioritise tasks with the highest injury or illness risk. Hiring an external consultancy for a safety audit can be invaluable, helping to identify and prioritise safety concerns and legal compliance issues.

2. Collect Relevant Safety Data

Once hazards are identified, the next step is to develop strategies to mitigate them. Key insights include understanding the cause of hazards, legal requirements, and the workplace environment. Internal analysis and HSE regulatory data can provide guidance. External safety advisors can offer thorough assessments and tailored recommendations.

3. Record the Safety Procedures

Documenting safety procedures is crucial. Involve employees in this process to gain their perspectives and ensure the policies are practical. Employees will be responsible for implementing these procedures, so their input is vital.

Consultancy Services for Certification

Engaging consultancy services can streamline the certification process for ISO 45001. QCS International provide expert guidance on risk assessments, gap analyses, policy development, and audit preparations, ensuring a smooth path to certification.

Conclusion

Adopting ISO 45001 certification in 2025 is a strategic move for organisations aiming to ensure a safe working environment. Certification enhances operational efficiency, compliance, and builds trust and credibility with stakeholders.

For more information or to explore QCS International consultancy services, feel free to reach out to us!

We hope you've enjoyed this issues content - we'd love your feedback, do get in touch if you'd like us to cover something we haven't already touched on. We have an appetite for all things ISO and a like nothing more than an opportunity to explore the dusty corners of management system standards.

QCS International are a CQI IRCA approved training partner based in Scotland, supporting organisations throughout the United Kingdom and internationally through our consultancy services, classroom and online training.

#iso9001 #iso45001#iso14001 #iso13485 #iso27001