Tag Archives: Compliance

“Early compliance engagement is key to raising building standards” urges Bureau Veritas

With reports suggesting that the construction sector will continue to grow over the next two years, Bureau Veritas has been quick to assert that an industry shift towards earlier engagement with compliance partners is vital when it comes to raising quality and safety standards for all.

Despite a momentary downtime, largely the result of a post-Brexit slump in confidence and weakening pound, the consensus is that commercial construction will regain pace in the coming months. According to the latest Construction Products Association report, UK construction output will increase by 2.3% in 2019, primarily due to major infrastructure projects.

Concern focuses on the fact that an increased pressure on commercial and residential developers to build more properties, despite a declining workforce, presents a risk to ‘deliverability’ and quality control. A recent study, for example, estimated that over half of all new build properties have ‘major faults.’

BureauVeritasConstructionSite

Andy Lowe, director for building control at Bureau Veritas, commented: “Amid incredibly tight construction deadlines, cost pressures and a raft of legislation, it’s understandable that the modern builder and developer has a lot to come to terms with. That’s why we always advocate early engagement with a certification specialist. Without the ability to influence the wider project, it can be incredibly difficult to optimise quality control procedures and enhance safety measures, while at the same time enabling developers to achieve stated targets.”

Lowe continued: “In some cases, it can even help streamline proceedings and improve efficiencies, and particularly so when it comes to ensuring that the design aspect correlates with the compliance requirements. Without the approver’s early input, for example, any decisions made by a design team could be borderline in terms of interpretation and, upon review, it may be that items such as the fire strategy or the number of staircases are questionable, thus affecting the design as a whole and even resulting in the need for a redesign.”

In conclusion, Lowe stated: “In this way, we believe an industry shift towards earlier engagement is core to not only increasing quality and safety standards, but also optimising efficiencies on current major projects going forward.”

Advertisements

Leave a comment

Filed under Risk UK News

Bored and distracted employees “could be biggest data security risk” warns Centrify

Employees who become distracted at work are more likely to be the cause of human error and a potential security risk. That’s according to a ‘snapshot’ poll conducted by Centrify.

While more than a third (35%) of survey respondents cite distraction and boredom as the main cause of human error, other causes include heavy workloads (19%), excessive policies and compliance regulations (5%), social media (5%) and password sharing (4%). Poor management is also highlighted by 11% of security professionals, while 8% believe human error is caused by not recognising data security responsibilities at work.

According to the survey, which examines how human error might lead to data security risks within organisations, over half (57%) of respondents believe businesses will eventually trust technology enough to replace employees as a way of avoiding human error in the workplace.

CentrifyDataSecurity

Despite the potential risks of human error at work, however, nearly three-quarters (74%) of respondents feel that it’s the responsibility of the employee, rather than technology, to ensure that the host company avoids a potential data breach.

“It’s interesting that the majority of security professionals we surveyed are confident that businesses will trust technology enough to replace people so that fewer mistakes are made at work, yet on the other hand firmly put the responsibility for data security in the hands of employees rather than technology,” commented Andy Heather, vice-president and managing director at Centrify EMEA.

“It seems that we as employees are both responsible and responsible: responsible for making mistakes and responsible for avoiding a potential data breach. It shows just how aware we need to be at work about what we do and how we behave when it comes to our work practices in general and our security practices in particular.”

Leave a comment

Filed under Risk UK News

Organisations “need to do more” to ensure EU GDPR compliance

Organisations need to do more work to ensure compliance with the European Union’s General Data Protection Regulation (GDPR) which is due to come into force in May 2018. While organisations are largely aware of their upcoming obligations, levels of maturity to meet the new standards are low.

Overall, organisations are only complaint with less than 40% of the principles laid out in the GDPR. DLA Piper’s Global Data Privacy Snapshot 2017 notes that some industries are progressing towards compliance better than others. The hospitality and banking sectors are ahead of the rest with 48% and 43% compliance respectively, compared to the average of around 37%. Healthcare and manufacturing are at the bottom end of the scale with 34% and 35% compliance.

Data breaches are already the second greatest concern for business continuity professionals. That’s according to the latest Horizon Scan Report published by the Business Continuity Institute. Unless organisations become compliant by the time the GDPR comes into force then a breach could become even more disruptive.

Patrick Van Eecke, partner and global co-chair of DLA Piper’s Data Protection practice, said: “The responses show that many organisations still have work to do on their data protection procedures. Any organisations operating in Europe will need to see major improvements in their score by May 2018 if they’re to avoid potentially heavy financial penalties under the GDPR, not to mention serious reputational damage as people become more and more aware of their rights in this area.”

eugdprweb

Van Eecke added: “With more and more organisations placing data centre stage, data protection will become an increasingly prominent issue. It’s vital that organisations invest now in the strategy and processes needed to help them to meet their obligations.”

Jim Halpert, the US co-chair of DLA Piper’s Global Data Protection practice, added: “As privacy requirements such as privacy by design, data portability and extensively documenting a privacy program become more complex, compliance demands significant operational work that takes time. In this sense, the results are not surprising. The time to step up compliance efforts is this year, not next.”

The GDPR will apply to processing carried out by organisations operating within the EU and to organisations outside the EU that offer goods or services to individuals in the EU.

The UK Government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR. Organisations failing to comply with the GDPR after its implementation in 2018 could face fines as high as 4% of global annual turnover.

Leave a comment

Filed under Risk UK News, Uncategorized

Telefonica UK Property and ISS choose Ideagen’s Enlighten system to manage governance, risk and compliance

Telefonica UK, a leading digital and communications company, and ISS, the global facilities management service provider, are set to work with software firm Ideagen on improving governance, risk and compliance operations across the O2 estate.

Ideagen Enlighten, Ideagen’s cloud-based GRC application, is to be implemented and rolled out to bring several operational improvements to Telefonica UK’s Property department. The software will provide one source of truth for the management of controlled documentation, improve visibility of audit scheduling and automate action management and escalation. Enlighten will also enhance levels of reporting and increase accessibility for Telefonica’s mobile workforce.

Darren Bryanton, Telefonica’s national FM operations manager, said: “We regularly participate in audits to assist Telefonica UK in retaining an impressive portfolio of certifications and standards which are essential in demonstrating world class service to our customers. Enlighten will manage audits and document control for the department.”

Suzanne Burge, ISS’ quality and assurance manager, added: “After a thorough review of the market, we selected Enlighten due its scalability, accessibility and ease of use. We wanted a product that we could design ourselves to fit the needs of the business, not just now but also in the future.”

ideagencorplogo

Tim Blackburne, ISS’ account director, explained: “Telefonica UK’s high standards of operational compliance and audit success rely on clear governance, audit readiness and document management. Ideagen Enlighten gives us this.”

Andrew Neish, Telefonica’s head of property, commented: “Both Ideagen and Telefonica UK share the same vision of how innovation can drive improvement in business. This opportunity to provide a game-changing and transformational system is one that we’re very excited about.”

Ideagen is a supplier of information management software with operations in the UK, the United States and the Middle East. The company specialises in eGRC (Enterprise Governance, Risk and Compliance) and healthcare solutions for organisations operating within highly regulated industries.

Leave a comment

Filed under Risk UK News, Uncategorized

The Legal Risk Management Handbook set for publication by KoganPage

Legal risk covers all areas of business where regulation and the law impact on operations and decisions. From risks arising from contract drafting and management through to regulators’ new focus on conduct, as well as compliance, regulatory and dispute risks, the effective management of legal risk is key for organisations that want to maximise value while minimising cost and exposure to legal losses. The Legal Risk Management Handbook, to be published by KoganPage on 3 December, is a practical guide to making sure your business is legal, protected and making the most of its opportunities.

Written by experts in law and risk management, this highly practical guide sets out a clear definition for legal risk and a framework for its management. Covering the full spectrum of legal risks that international businesses can face, it translates legal concepts into clear mitigatory actions.

Whether you’re an in-house lawyer needing a clear approach to managing risk in your areas of influence, or a member of the risk management function needing a jargon-free guide to your company’s legal responsibilities, you will find authoritative insight and guidance in this publication.

Containing Case Studies from international businesses and real-life insights from those at the coalface of legal risk management, The Legal Risk Management Handbook is essential reading for everyone who needs a better understanding of this important business topic.

legalriskmanagementhandbook

Simon Nasta, general counsel for FBN UK, has provided advance praise for the book, calling it a ‘must read’ for in-house lawyers and new general counsels. “I particularly like the simple and practical guides to implement what are quite advanced legal risk management techniques,” explained Nasta.

Professor Stuart Weinstein of the Faculty of Business and Law at Coventry University commented: “The Legal Risk Management Handbook contains a wealth of information useful for any company involved in international business to consider when managing legal risk. What sets this book apart is that it translates complex legal principles into practical operating tools that business managers and the lawyers who work with them can use on a day-to-day basis. An indispensable compendium for the legal and compliance team, the executive suite and the Boardroom who must work hard to ensure that legal risk management is at the top of the agenda in every organisation.”

Matthew Kellett, EY UK law leader (FSO) stated: “This book challenges all organisations to review their legal risk management strategies and provides practical suggestions on how to flex their approach to enhance legislative and regulatory compliance. All those in leadership or front line advisory roles will relate to the issues raised and can benefit from the proposed solutions to manage their forward exposures to legal loss.”

The book’s authors are Matthew Whalley and Chris Guzelian. Whalley has a unique blend of practical experience and strategic insight into legal risk management and law department operations. He created the UK’s first and only Legal Risk Consultancy in 2012, and has helped FTSE 100 and Fortune 500 clients alike take their first steps towards developing a structured approach to legal risk. Whalley was shortlisted for the Laurie Young Memorial Global Thought Leadership Award in 2014 for his detailed papers on legal risk management.

Chris Guzelian is an associate professor at the Thomas Jefferson Law School in San Diego, California where he teaches business, criminal and American constitutional law courses. Previously, he was a state prosecutor, a civilian officer with the US Department of Defence and a lawyer with the Us bankruptcy courts. Guzelian advises a number of corporate, non-profit and Government authorities on risk-related matters.

  • EAN: 9780749477974
  • Edition: 1
  • Published: 3 December 2016
  • Format: Paperback
  • 232 pages

*To order your copy visit: https://www.koganpage.com/product/the-legal-risk-management-handbook-9780749477974

 

Leave a comment

Filed under Risk UK News, Uncategorized

Advanced recognised by BSI for decade of standards excellence in fire systems sector

Global fire safety systems developer Advanced has received an award from BSI, the business standards company, in recognition of ten years of standards excellence in the field of fire systems.

The award recognises Advanced’s role in driving higher standards in the fire industry and its ongoing role in relevant fire standards committees. For example, Advanced was one of the first to adopt EN54-13, the European standard that ensures optimal fire system performance at all times through rigorous third party testing.

advancedbsiaward

Dave Wilson, who’s responsible for standards and compliance at Advanced, commented: “Our ethos is that our products set the standard in fire systems. We work closely with quality, standards and industry bodies around the world to ensure we remain at the forefront of the market. We’ve worked very closely with BSI for many years now, and it’s a real pleasure to receive this award for our work and the partnership we’ve developed in terms of fire systems and BSI Kitemark-licensed product approvals.”

As a business, Advanced designs intelligent fire systems approved to key international, regional and local standards including UL 864 and EN54. Its products are used in prestigious and challenging locations all over the world, from single panel installations through to large multi-site networks.

Advanced’s products include complete fire detection systems, multi-protocol fire panels, extinguishing control and fire paging systems.

Leave a comment

Filed under Risk UK News, Uncategorized

“UK businesses could spend £1.2 million recovering from a cyber security breach” states new research from NTT Com Security

Most business decision-makers in the UK admit that their organisation will suffer from a cyber security breach at some point. They also anticipate that recovering from a data breach would cost upwards of £1.2 million on average for their organisation. That’s according to the Risk:Value report issued by information security and risk management company NTT Com Security, which surveyed business decision-makers in the UK as well as the US, Germany, France, Sweden, Norway and Switzerland.

While nearly half (48%) of UK business decision-makers say that information security is ‘vital’ to their organisation, and just half agree it’s ‘good practice’, a fifth admit that poor information security is the ‘single greatest risk’ to the business ahead of ‘decreasing profits’ (12%) and ‘competitors taking market share’ (11%) and on a par with ‘lack of employee skills’ (21%).

Well over half (57%) agree that their organisation will suffer a data breach at some point, while a third disagree. One-in-ten state that they simply don’t know if this will be the case.

Respondents estimate that a breach would cost them an average of £1.2 million, even before ‘hidden costs’ like reputational damage and brand erosion are taken into consideration. Again, on average it would take around two months to recover from a breach. Respondents to the comprehensive survey also anticipate a 13% drop in revenue, on average, following a breach episode.

Starting to hit home

The survey shows that recent high-profile data breaches are starting to hit home. A similar report published by NTT Com Security in 2014 revealed that 10% of an organisation’s IT budget was spent on information security compared to 11% this year. However, in the latest report, around a quarter (23%) of UK businesses reveal that more is spent on Human Resources than information security.

In terms of remediation costs following a security breach, nearly a fifth (18%) of a company’s costs would be spent on legal fees, 18% on fines or compliance costs, 17% on compensation to customers and 11% set aside for third party remediation resources. Other anticipated costs include PR and communications (14%) and compensation paid to both suppliers (12%) and employees (11%).

CyberPadlock1

According to the report, the majority of respondents in the UK admit they would suffer both externally and internally if data was stolen, including loss of customer confidence (66%) and damage to reputation (57%) as well as suffering direct financial loss (41%). Over a third of decision-makers (34%) expect to resign (or expect another senior colleague to do so) as a result of a breach.

Stuart Reed, senior director for global product marketing at NTT Com Security, commented: “Attitudes towards the real impact of security breaches have really started to shift. That’s no surprise given the year we have just had. We’ve seen several major brands reeling from the effects of serious data breaches, and struggling to manage the potential damage, not only to their customers’ data, but also to their own reputation. While the majority of people we spoke to expect to suffer a cyber security breach at some point, most fully expect to pay for it as well, whether that’s in terms of third party and other remediation costs, customer confidence, lost business or even, possibly, their jobs.”

Who’s responsibility is it anyway?

*41% of UK organisations have a disaster recovery plan in place, with 40% having a formal security policy in place. In both cases, almost half are in the process of implementing or designing one

*When it comes to responsibility for managing the company’s recovery plan, 15% say the CEO now has responsibility, although this still largely falls to the Chief Risk Officer (CRO), the Chief Information Officer (CIO) or the Chief Security Officer (CSO)

*While 77% agree it’s ‘vital’ their business is insured for security breaches, only 26% have dedicated cyber security insurance. However, 38% of those questioned are in the process of obtaining a policy

*One-in-five respondents in the UK say they don’t know if their organisation has any type of insurance in place to cover for the financial impact of data loss or an information security breach

“It’s encouraging to see that almost all UK businesses now have a disaster recovery and formal information security policy in place, or are at least planning to implement one soon,” added Reed.

“Clear, concise internal processes and policies for employees and contractors have so often been overlooked, and this is what can lead to complacency and poor security hygiene. When we talk to clients, we make it absolutely clear that educating staff about security should be a top priority, supported all the while by clear and simple procedures and backed up by a solid incident response plan.” 

*The Risk:Value Executive Summary report can be downloaded here

Leave a comment

Filed under Risk UK News, Uncategorized