13th April, 2018 | by Jay Greensill
Cyber attacks are an inevitable threat to businesses operating in today’s technologically-driven world. With the Notifiable Data Breaches Scheme having recently passed into legislation in Australia, timing is paramount for our country’s businesses to have in place plans and strategies to deal with data breaches.
Under the new legislation, Australian businesses are now compelled to disclose if a data breach occurs. It’s clear from the results of PwC’s Global State of Information Security Survey 2018, that while Australian businesses are aware data breaches can occur, they may not realise how seriously it could impact their business. 40% of respondents cited the disruption of operations as the biggest potential consequence of a cyber attack and 39% cited the compromise of sensitive data. What about damage to business reputation and overall profits? There are many examples of how data breaches can negatively impact these aspects of business, with Facebook and Ashley Madison being recent examples.
With this in mind, it’s staggering that 44% of global respondents said they do not have an overall information security strategy. 48% said they do not have an employee security awareness training program. 54% say they do not have an incident response process.
14th March, 2018 | by Tom Barham
So it’s finally here – ISO has formally published its first standard for Occupational Health and Safety Management Systems: ISO 45001:2018.
ISO 45001:2018 is intended to unify the way Health and Safety is managed across the globe. It also provides the same structure and framework as many other management systems standards, such as ISO 9001:2015 for Quality, ISO 14001:2015 for Environmental, and ISO 27001:2013 for Information Security, enabling much greater integration than what was achievable with AS/NZS 4801:2001 or OHSAS 18001:2007.
In order to help you understand the new standard and what it means, we’ve created a small FAQ below:
22nd January, 2018 | by Andrew Barham
I’ve been working with these tools, methodologies and requirements for over 30 years and I think they’re great. Like all management terms, they drift in and out of favour, get changed, manipulated, criticised, talked about by gurus, turned into training courses, and become hot topics at conferences.
But what are they, and are they the same thing with different names?
21st November, 2017 | by Andrew Barham
Want some tips on how to write an audit report? We have some insider tips on what to include in your report, how long it should be, and how to write your findings.
In this article, we’re going to specifically focus on the final written report (not the verbal report given in the closing meeting – more on that later), and some tips on how to write an audit report that add value to the organisation, and actually be used to help with continual improvement.
29th September, 2017 | by Andrew Barham
Continually improving an organisation is easy… you just have your people do things a little bit better each day, you celebrate and reward good behaviour, you investigate when things don’t go as they should, and you amend processes to ensure issues do not recur. And what possibly could be hard about that?
Lots of things! You’re dealing with people, your measures aren’t robust, you don’t know if things are actually getting better, you don’t have the time to investigate properly, and you certainly do not have the time to celebrate. And of course, nobody wants to amend the process as we all operate using the PDCA method –Please Don’t Change Anything!
In this article, we highlight simple things that an organisation might try, some practical tips for continual improvement. And this can be applied across the organisation as a whole or to single departments or individual processes.
25th September, 2017 | by Andrew Barham
We know that when we do an audit, we use a checklist to help us remember what to ask and what to look for – and it normally has a place for us to write down what we’ve seen (the evidence). There is normally a column that allows us to mark some form of symbol to show the finding: C for conformance, NC for nonconformance, O for observation, or something similar.
28th August, 2017 | by Andrew Barham
Here we talk about some of what we’ve learnt in the past 15 years or so of training and assessing people who want to become auditors.
There are many articles written about public speaking which discuss topics including: grabbing your audience’s attention in the first 10 seconds, being commanding and powerful, waving your arms about, being animated. These are good for a presentation that is going to last an hour or so, maybe less, maybe a little more. But do these “rules” apply when you are training people and the training is going to last at least a day – possibly more?
15th August, 2017 | by Tom Barham
A key component of any management system is the policy; it is a high level document that should be used to guide the organisation in its operation, as well as keep them on track to meet and exceed their goals.
Some elements of a policy are the same across all disciplines – they should always reflect the individual organisation, they should be communicated and documented, and they should include a commitment to continual improvement. Other requirements will vary – a quality policy should include a commitment to meet and exceed customer expectations, an environmental policy should include a commitment to the prevention of pollution, and an OHS policy should include a commitment to eliminate work-related illness and injury… or should it?
With ISO 45001 just around the corner, we thought we’d take the time to have a look at the new policy requirements in detail.
20th July, 2017 | by PwC's Auditor Training & Certification
How ready is your organisation for ISO 45001 – take this quiz to find out.
20th July, 2017 | by Andrew Barham