Tag Archives: ISO 22301

Axis Security picks up record five nominations for 2018 Security and Fire Excellence Awards

Axis Security, a leading provider of bespoke security services, has been shortlisted in five categories at the 2018 Security and Fire Excellence Awards, including the prestigious Security Guarding Company of the Year, an award that the business has been nominated for across seven consecutive years and has won on three occasions.

Five nominations in the Security and Fire Excellence Awards, which are organised and hosted by UBM, marks a record achievement for the company, with the remaining nominations being for Contribution to Standards in the Security Sector, Security Training Initiative of the Year (with ‘Security Masterclass’), the Inspiration in HR Award and the ACS Champion of the Year (an award the company won last year).

Jonathan Levine, Axis Group’s CEO, stated: “The company’s employees are its most important asset, while its key focus is in customer service. By prioritising training and employee welfare initiatives, our officers in turn prioritise excellent service for our customers’ customers. These nominations are testament to this focus.”

7084 Security & Fire Excellence Awards logo 2018

Axis Security’s nomination for the Contribution to Standards in the Security Sector Award recognises the company’s proactive use of training and site audits, internal employee awards and its development of a contract management and performance measurement software platform. Specifically this year, the nomination is a result of Axis’ critical role in one of its customers achieving the ISO 22301 business continuity standard for its flagship building. The award was achieved one month ahead of schedule and is the client’s first property to achieve the accreditation.

The Inspiration in HR Award acknowledges those companies demonstrating that HR is a fundamental part of their business and invest in their people. It’s bestowed by SSR Personnel and adjudicated by a prestigious panel of industry experts.

AxisSecurityIiHRFinalist2018

“To have picked up this number of nominations is evidence of the hard work of all employees from HR, training and operational personnel through to our security officers,” explained Levine. “I’m extremely proud and grateful for all the hard work that has been integral to our successes this year.”

Advertisements

Leave a comment

Filed under Risk Xtra

Cabinet Office minister Francis Maude visits cyber security specialist Advent IM

The Rt Hon Francis Maude MP has visited West Midlands-based cyber security consultancy Advent IM as part of the MPs’ remit as the Minister for Cyber Security. 

Maude met with Mike Gillespie and Julia McCarron, the co-founders of Advent IM, to find out more about the cyber security work the company delivers as one of the UK’s leading independent information security consultancies, the company’s history, its ethos and the business challenges faced by the organisation as an SME.

Topics for discussion on the day were both wide and varied. Mike Gillespie explained the principles of a holistic and risk-based approach to security and the MP was particularly interested in how this translates into solid governance in business.

Maude was also keen to find out more about threat convergence, how cyber threats can now impact our physical environments and steps that can be taken to mitigate those threats.

The team expanded on Advent IM’s development of cyber security training courses specifically for the police in the areas of SIRO and IAO responsibilities and accountability, general cyber security awareness training opportunities currently being developed and Advent IM’s mentoring approach to consultancy delivery, ensuring the company is seen by those involved as a business enabler.

The Advent IM team members meet Francis Maude MP

The Advent IM team members meet Francis Maude MP

The G-Cloud procurement process

Maude and the team discussed the merits of the G-Cloud procurement process and how there’s room to improve the perception that it’s more for technology purchases than consultancy, and how Government is starting to drive the requirement for Best Practice information security and ISO 27001 (more of which anon) through its outsourced service providers.

Changes to the Government Security Classification Scheme and the lack of understanding around its application were touched upon, as were the issues being confronted by local authorities in connecting to PSN and how the latest changes would impact on those either connecting or acting as a provider.

The Cabinet Office Minister also took the time to discuss areas of work with Advent IM staff from the consultancy, marketing and sales teams and the challenges they face when it comes to implementing and promoting cyber security across the UK.

“We greatly appreciate the time Francis Maude has taken to visit us,” said Advent IM’s operations director Julia McCarron. “As cyber security specialists, a number of us have attended events where Mr Maude has been present but we’ve rarely had the opportunity to discuss with him what’s happening in the market or air our views fact-to-face. To be singled out and given the chance to discuss our company, the industry and involve all of our staff in that forum was an honour for the team.”

Advent IM's Mike Gillespie talks cyber security with Cabinet Office minister Francis Maude

Advent IM’s Mike Gillespie talks cyber security with Cabinet Office minister Francis Maude

Holistic security management solutions

Advent IM focuses on holistic security management solutions for information, people and physical assets across both the public and private sectors.

Established in 2002, Advent IM is a Centre of Excellence for security services, promoting the benefits of Best Practice guidelines and standards and the ongoing need to address risk management in order to protect against potential threats.

From offices in the Midlands and London, the company’s consultants work on a nationwide basis and are members of the CESG Listed Advisor Scheme, the Institute of Information Security Professionals, The Security Institute, the Business Continuity Institute and the British Computer Society.

Advent IM consultants are also lead auditors for the international standards on Information Security Management (ISO 27001) and Business Continuity Management (ISO 22301), practitioners of PRINCE2 (a recognised project management methodology widely used within the public sector), CISSP-qualified and also Home Office-trained physical security assessors.

Leave a comment

Filed under Risk UK News

Advent IM confirmed as cyber security solution supplier to Her Majesty’s Government

Holistic security consultancy and a member of the Malvern Cyber Security Cluster, Advent IM Ltd has announced its confirmed status as cyber security solution supplier to Her Majesty’s Government.

The announcement follows on from the company’s long-standing and successful supplier relationships with several Government departments.

The cyber certification scheme is administrated by the Department for Business, Innovation and Skills and enables certified cyber security suppliers to Government to be able to publicise the fact. This offers a distinct advantage to those businesses, further enables the Government’s plan to work with more SMEs and also supports the export of UK cyber security expertise.

Speaking about the news, Advent IM director Julia McCarron told Risk UK: “The supply of specialist IA consultancy services to the UK Government is the foundation upon which Advent IM was built and this remains a very important sector for us. As an SME, we value the relationships we have with Her Majesty’s Government’s departments and agencies. Being awarded this status is important for our continued partnership development in this area and we’re delighted that we’ve been recognised as an official cyber security solution provider.”

Advent IM joins other members of the Malvern Cyber Security Cluster who have been recognised for their contribution to UK Government cyber security by being part of this scheme.

Advent IM has announced the company’s confirmed status as a cyber security solution supplier to Her Majesty’s Government

Advent IM has announced the company’s confirmed status as a cyber security solution supplier to Her Majesty’s Government

Holistic security management solutions

Advent IM is an independent specialist consultancy focusing on holistic security management solutions for information, people and physical assets across both the public and private sectors.

Established in 2002, Advent IM is a Centre of Excellence for security services, promoting the benefits of Best Practice guidelines and standards and the need to address risk management to protect against potential threats.

From offices in the Midlands and London, Advent IM’s consultants work nationwide and are members of the CESG Listed Advisor Scheme (CLAS), the Institute of Information Security Professionals (IISP), The Security Institute, the Business Continuity Institute and the British Computer Society.

Julia McCarron: director at Advent IM

Julia McCarron: director at Advent IM

Advent IM consultants are also lead auditors relating to the international standards for Information Security Management (ISO 27001) and Business Continuity Management (ISO 22301), practitioners of PRINCE2 (a recognised project management methodology widely used within the public sector), CISSP-qualified and Home Office-trained physical security assessors.

Leave a comment

Filed under Risk UK News

Lynn Watts-Plumpkin appointed director and general manager at IQ Verify

The IQ Group – which encompasses Industry Qualifications and the Institute of Administrative Management – has announced the appointment of Lynn Watts-Plumpkin to lead the development of its new certification body entitled IQ Verify.

IQ Verify will specialise in the certification of management systems, products and services, and is in the final stages of UKAS accreditation to ISO 17021 and ISO 17065. This development will allow the IQ Group to provide both individual certification through its awarding organisation as well as organisational certification through IQ Verify. It will be the first multi-sector organisation in the UK with this capability.

Lynn Watts-Plumpkin, whose background includes significant roles at both the NSI and the SSAIB, said: “I’m delighted to be joining the IQ Group at this time, and am excited by the opportunity to lead a new certification body. IQ Verify will be distinct in its offering. The focus will be on standards associated with corporate resilience, the investigations sector and PSC-1 within the security industry. We will also be developing inspection schemes for a number of economic sectors and trade bodies. Announcements will be made over the coming months.”

Lynn Watts-Plumpkin: director and general manager at IQ Verify

Lynn Watts-Plumpkin: director and general manager at IQ Verify

Raymond Clarke, CEO of the IQ Group, said: “We’re delighted to have been able to attract a person of Lynn’s experience and ability to IQ Verify at a very important time in its development. We’ve been working towards UKAS accreditation for a year now, and have conducted a range of trial assessments in advance of UKAS approval to positive acclaim.”

Clarke added: “IQ Verify will be operational from Monday 1 December, offering inspections to BS 102000 (Investigative Services), ISO 27001 (Data Security), ISO 31000 (Risk Management) and ISO 22301 (Business Continuity). We will be offering PSC-1 and ISO 9001 from January, by which time we expect to have obtained full UKAS accreditation.”

*For further information on the work of Industry Qualifications visit: http://www.industryqualifications.org.uk/

Leave a comment

Filed under Risk UK News

Houses of Parliament achieves business continuity management certification

Business continuity management has become a critical business discipline, helping organisations prepare for (and recover from) a wide range of unexpected incidents and unwelcome interruptions. As part of its commitment to ensure there’s a robust business continuity management system in place, the Houses of Parliament has implemented and gained certification to ISO 22301 (the international business continuity management system standard from BSI).

The Houses of Parliament’s management team recognised that effective business continuity management was vital to achieving strategic goals and operational resilience. By implementing ISO 22301 as a Best Practice framework, it was possible to better identify and manage current and future threats and take a proactive approach to minimising the impact of incidents.

If an unforeseen incident should take place, the two Houses of Parliament needed to be resilient enough as an organisation to respond to the incident in order to protect staff, the environment and the services provided, minimise disruption to Parliamentary business and recover from the incident and return to normality as quickly as possible.

Being a UN World Heritage site and an icon of national identity were but two of the unique challenges presented in terms of designing the business continuity management system. Other factors to be considered included the importance of the political dynamic, the traditions and rules of procedure that provide the basis for ‘business as usual’ activities and the dual nature of Parliament and its decision-making processes.

The Houses of Parliament in Westminster

The Houses of Parliament in Westminster

Martin Fenlon, the business resilience co-ordinator for the Houses of Parliament, commented: “We have a responsibility to ensure Parliament can sit – and be seen to be sitting – as and when required. In order to deliver this we needed to develop a business continuity management capability. As a confident, competent organisation we wanted to follow industry Best Practice which is why we pursued certification to ISO 22301.”

Fenlon added: “During the assessment process we worked with BSI to identify opportunities for improvement as well as affirming areas of good practice. The building blocks are now in place for an effective business continuity management system. However, the next step is to embed our business resilience arrangements in a changing business environment.”

Lorna Anderson, global technical manager at BSI, explained: “An effective business continuity management system can go much further than merely being a plan for delivering ‘business as usual’. It’s about building a secure foundation to enable a business to adapt quickly and change in line with the market – protecting current operations but also building a platform for future growth. Our clients tell us that by putting effective business continuity management processes and structured, exercised continuity plans in place, they’ve increased their capability and agility to respond to challenges and are not only more likely to survive but, in many cases, thrive.”

In conclusion, Anderson said: “By gaining certification, the Houses of Parliament has demonstrated to the public and key stakeholders that it takes its responsibilities seriously and follows industry Best Practice. This is testament to the hard work that has gone into ensuring critical services remain resilient.”

*The scope for the certification applies to the Houses of Parliament Administrations only

About BSI: the British Standards Institution

BSI is the business standards company that equips businesses with the necessary solutions to turn standards of Best Practice into habits of excellence.

Formed in 1901, BSI was the world’s first National Standards Body and a founding member of the International Organisation for Standardisation (ISO).

Over a century later, BSI continues to facilitate business improvement across the globe by helping its clients drive performance, manage risk and grow sustainably through the adoption of international management systems standards (many of which were originated by the BSI).

Renowned for its marks of excellence (including the consumer-recognised BSI Kitemark™), BSI’s influence spans multiple sectors including aerospace, the built environment, the food industry, healthcare and ICT.

With over 72,000 clients in 150 countries, BSI is an organisation whose standards inspire excellence across the globe.

Leave a comment

Filed under Risk UK News

‘Fire risk management systems should be formalised’ urges FIA’s Fire Risk Assessment Council

In the wake of prominent multi-fatality fires, organisations have spent considerable sums of money on fire safety but not necessarily achieved an improved level of fire safety assurance. Having spent a number of years undertaking fire risk assessments on the same portfolio of buildings, Ben Bradford states that it’s noticeable some organisations are beginning to wonder if the current practice is sustainable.

It has been almost nine years since the Regulatory Reform (Fire Safety) Order 2005 prompted many organisations to undertake fire risk assessments within the premises under their control. Several have spent significant financial resources on consultant fire risk assessors (a person who carries out and documents the significant findings of a fire risk assessment) only to discover that, although the advice they received may have been offered with the best of intentions, it was not wholly appropriate. Indeed, it may also have differed from the advice of a ‘competent’ fire risk assessor.

At the same time, the fire industry has itself spent a considerable amount of time in the last few years deciding how to define a ‘suitable and sufficient’ fire risk assessment and also how to tackle the ‘cowboy’ market. It would appear that, at long last, there’s now at least a ‘defined’ competency criterion for fire risk assessors and guidance for those charged with delivering fire risk assessment programmes on how to seek the services of a competent fire risk assessor.

Following a recent enforcement review around the Regulatory Reform (Fire Safety) Order 2005, which was undertaken by the Department of Business Innovation and Skills, the Chief Fire Officers Association (CFOA) is now committed to promoting the use – and acceptance – of recognised professional certification and accreditation for commercial fire risk assessors.

Fire risk management is evolving both as a discipline and a practice

Fire risk management is evolving both as a discipline and a practice

Fire risk assessments are the very cornerstone of the Regulatory Reform (Fire Safety) Order, yet the value of such an assessment – even when conducted by a competent fire risk assessor – is largely dependent on the organisation’s ability to manage the outcomes.

A fire risk assessment is a means to an end but not the end in itself. When reviewing the high profile prosecutions that have hit the headlines over the past few years, one quickly realises that failure to undertake a ‘suitable and sufficient’ fire risk assessment (under Article 9) is not the only compliance obligation imposed by the Regulatory Reform (Fire Safety) Order 2005. There are numerous other duties by which the responsible person is bound.

Cost of fire at an all-time high

Enter the concept of ‘fire risk management’. With very few fire fatalities arising in commercial premises, fire risk management is not just about life safety or the risk of injury or death in the event of fire occurrence. Rather, it encapsulates life safety, property protection, mission continuity and sustainability in the face of fire.

In today’s global and interconnected marketplace, issues such as Corporate Social Responsibility and reputational risk are extremely prominent. News headlines travel fast via both traditional and new media forms. The cost of fire is at an all-time high and, in these tough economic times, organisations need to be frugal with finite financial resources. In essence, they require to build resilience and ensure that fire risk assessment programmes deliver the intended outcomes.

Many organisations have a policy in place setting out an overarching statement of intent (signed by the CEO) and firmly establishing the ‘What’ and ‘Why’. Less common, yet essential, is the Fire Risk Management Strategy – a document which defines an organisation’s fire risk management system and method of implementing the overarching policy, and which firmly establishes the details of ‘How’, ‘When’ and ‘Who’.

These two pieces of documentation form the backbone of an organisation’s fire risk management system (a set of interrelated or interacting elements within an organisation designed to establish policies, objectives and processes to achieve those objectives and manage fire risk) and are generally underpinned by operational procedures.

The practice of fire risk management within our built environment is a much broader discipline than many give it credit for. It’s often delegated to the Health and Safety manager or the security manager within an organisation and, while I’m not suggesting that all companies should have a dedicated fire specialist responsible for fire risk management, they must acknowledge that fire safety is not just a sub-discipline of Health and Safety.

With very few fire fatalities arising in commercial premises, fire risk management is not just about life safety or the risk of injury or death in the event of fire occurrence. It encapsulates life safety, property protection, mission continuity and sustainability in the face of fire

With very few fire fatalities arising in commercial premises, fire risk management is not just about life safety or the risk of injury or death in the event of fire occurrence. It encapsulates life safety, property protection, mission continuity and sustainability in the face of fire

Fire risk management is a discipline in its own right with its own set of competencies. It does not always sit neatly in the Health and Safety Department due to the need for interaction with property, estates or facilities management functions. The old adage about ‘Jack of all trades’ most certainly applies. Too many fire safety manager roles are advertised with the essential qualifications stated as a NEBOSH Diploma, which merely emphasises the confusion often found in organisations regarding the scope of the Health and Safety manager’s role.

When undertaking fire risk management system audits, my experience is that those organisations recognising fire risk management as a discipline in its own right – regardless of which department the function sits – are in a far better position to maintain governance over organisational fire risk than those that do not.

Competency criteria to be considered

The Fire Sector Federation has recognised that, having established the Competency Council and published the competency criteria for fire risk assessors, the next logical step is to consider the competency criteria for those actively engaged in fire risk management.

Following an initial meeting of key stakeholders, organised jointly between the Fire Sector Federation and the Fire Industry Association, there’s now a proposal afoot to reform the Competency Council and really tackle this issue.

Some organisations have formalised their fire safety policy, strategy and procedures and are now in the process of gaining fire risk management system certification via a third party certification body. Those organisations that already hold certification of their Health and Safety management system to OHSAS 18001 or business continuity management system to ISO 22301 are well placed to integrate their management systems and streamline the internal or external audit process.

Fire risk management system certification via a UKAS-accredited third party certification body will provide a means to reduce the burden on enforcing authorities and significantly support the Primary Authority (or Fire Authority) partnership schemes.

Fire risk management is evolving (both as a discipline and a practice) as an integrated or holistic approach to understanding and managing the risks posed by the threat of fire which enables an organisation to optimise its underlying processes and achieve more efficient results.

Those responsible for fire safety in organisations would do well to consider formalising their fire risk management system, and not focus solely on the process of documenting fire risk assessments.

Ben Bradford BSc MSc MBA CEng FCIBSE FRICS FIFireE is a member of the FIA’s Fire Risk Assessment Council and the founder/managing director of BB7

Leave a comment

Filed under Risk UK News