The ISO Show

A crucial part of Implementing any ISO Standard is addressing your risks and opportunities. This is a key part of Clause 4 Context of the organisation, which expresses and explicit need to review and assess what internal and external factors could help and hinder in achieving your business goals. While ISO Standards don't define a definitive method of doing so, many have adopted the practice of carrying out a SWOT and PESTLE analysis. Today Ian Battersby explains what a SWOT and PESTLE analysis is, the key questions you should be asking and the importance of continually reviewing and updating the results as your management system matures. You'll learn · What is a SWOT analysis? · What is a PESTLE analysis? · Examples of questions you should be asking during a SWOT and PESTLE · How often should a SWOT and PESTLE be conducted? · Examples of SWOT and PESTLE in practice Resources · Isologyhub In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:05] Episode summary: Ian Battersby will be explaining what a SWOT and PESTLE exercise is, it's role in fufilling key requirements in Clause 4 of any ISO Standard, and the key questions you should be asking during the exercise. [02:30] What is a SWOT and PESTLE analysis? – This is one is the tools you can use to look at various factors that affect your organisation. SWOT standards for: · Strengths · Weaknesses · Opportunities · Threats PESTLE standards for: · Political · Economical · Social · Technological · Legal · Environmental And in recent years, people have added ethical into PESTLE too. Whether that's on its own or integrated within the other elements is up to the organisation and how they want to run the exercise. Both analysis are fundamental in helping organisations understand the benefits and pitfalls of a project, management system implementation included. [05:05] Where in the Standard is there a need for a SWOT and PESTLE? – Clause 4 in all ISO Standards is known as 'Context of the organisation', which you need to establish early on in order to set the foundations for building your management system. Context is the world in which an organisation works, it is the considerations of the internal and external factors that affect what you do. SWOT and PESTLE, while not specifically referenced in the Standard, is a highly recommended tool as it directly assesses multiple internal and external factors and can fulfil the requirements of any ISO Standard. [06:20] Addressing Context of the Organisation – Clause 4, Context of the organisation states: "The organisation shall determine external and internal issues that are relevant to its purpose and its strategic direction, and that affects its ability to achieve the intended results of its management system. The organisation shall monitor and review information about these external issues." There are also 3 additional notes: #1: Issues can include positive and negative factors or conditions #2: Understanding the external context can be facilitated by considering issues arriving from legal, technological, competitive, market, cultural, ect 3#: Understanding the internal context can be facilitated by considering Issues related to values, culture, knowledge and performance of the organisation. So, there's a lot to consider! [08:10] How SWOT and PESTLE address Context of the Organisation – Taking a look at SWOT, strengths and weaknesses would refer to factors internal to your organisation, while the opportunities and threats would be external. Depending on the focus of your management system, you may also want to complete this exercise through a certain lens. That could be information security, health & safety or environmental. The Standard requires you to align your management system with the strategic direction of the organisation, so even if you are viewing this exercise through a certain lens, don't do so in complete isolation. [09:55] How to conduct a SWOT and PESTLE – The people involved in completing this exercise are important, not just the questions you ask. Senior management should be included as they will have key insight to the strategic direction of the business. You should also include operational managers or other functional managers as they will have more context for how things actually work in practice. The point of a SWOT and PESTLE is to ascertain where you stand in terms of your risks and opportunities, and issues relating to resources, people, information, process, technology, equipment, laws, markets, environment, finance, economy ect from both an internal and external lens. This will give you a solid foundation to build your management system on, which will ultimately help you achieve your intended outcomes and lead to a cycle of continual improvement. [11:55] Considerations for Strengths – Strengths is an internal factor. Questions you could ask include: · What do we control through good processes? · What are we known for? · What does our marketplace and competitors say about us? · What are we good at? · What assets do we have? · What resources and knowledge do we have readily available? · What's the strength in our products and in the processes for delivering those products and the people that run those processes and deliver those products, their skills, their knowledge, their strengths, their weaknesses and their expertise? · What areas in our organisation are already at a high standard and don't necessarily need improvement? · Do we have objectives and targets that we measure against, i.e. KPIs, metrics, success factors and service level agreements, that demonstrate we're good? [13:10] Considerations for Weaknesses – Weakness is another internal factor, one that you have to be brutally honest conducting. Questions you could ask include: · What could you improve? · Where is money being spent poorly, or being lost? · What do your competitors do better than you? · What resources / knowledge / people / expertise do you lack? · What processes do you lack? · Where can your products or services be improved? · What are the constraints on your ability to meet changes in market need or demand? · What does your customer feedback look like? · Do your suppliers meet your requirements or the requirements of your clients? [14:45] Considerations for Opportunities – Opportunities are considered an external factor. Questions you could ask include: · What new opportunities are available in your market? · What data do you have available on market trends, and how can you leverage that? · How changes in compliance requirements in your specific industry or your locality might provide you with opportunity to gain an edge? · What are past identified opportunities that we've not acted on? · What is the competition not taking advantage of that you could? · How can you increase customer satisfaction based on both positive and negative feedback received? [16:00] Considerations for Threats – Threats are also considered an external factor, they are obstacles for you achieving your goals. Questions you could ask include: · What new environmental effects may affect you? Note: there is a new climate change amendment added to many commonly adopted ISO Standards, so this is something you will need to address. · What competitors are a threat to you? · Are other competitors taking advantage of markets that you have not accessed? · Why might competitors be getting ahead? · Are the habits of customers changing, and if so, how? · Are there other interested parties other than customers who present obstacles to you? · Are there any foreseeable resource issues? i.e. loss of experienced staff, lack of relevant talent in the pool of available people ect · Are you adapting to changes in the world? [16:00] PESTLE: Addressing political factors – When you're looking at political factors affecting your intended outcomes, consider the following: · What is happening politically in your environment? - That could be international or local on scale · What is the impact of policy or tax? · What is the impacts of employment trends / trade restrictions / tariffs? · What is the impact of unemployment rates on your organisation? · What is the impact of workforce shortages that may affect you? · Is there any form of Government intervention in your specific market? · Would this government intervention be considered an opportunity or threat? i.e. offering grants [19:20] Join the isologyhub and get access to limitless ISO resources – From as little as £99 a month, you can have unlimited access to hundreds of online training courses and achieve certification for completion of courses along the way, which will take you from learner to practitioner to leader in no time. Simply head on over to the isologyhub to sign-up or book a demo. [21:25] PESTLE: Addressing economic factors – When you're looking at economic factors affecting your intended outcomes, consider the following: · What is the impact of interest rates / exchange rates / inflation? · What is economic policy doing to you and your industry and your clients? · What are the impacts on wage rates / minimum wage changes /affordable living cost of living? [21:50] PESTLE: Addressing social factors – When you're looking at social factors affecting your intended outcomes, consider the following: · What's the impact of changes in the cultural landscape? · What's the impact of the expectation of people? · What's the impact on working people's lives and what their expectations are for working life in general? i.e. working hours and career aspirations · What is the and the emphasis on ethics, safety, Environmental Protection and data privacy for your clients / workforce / suppliers? [22:50] PESTLE: Addressing technology factors – When you're looking at technological factors affecting your intended outcomes, consider the following: · What is happening technology wise which impacts on what you do? · How does this affect the equipment you use? i.e. automation, the age of your equipment ect · What's the impact of emerging technology? · How you decide on the costs and benefits of investing in new technology? · How do you use your website / blogs / social media to interact with your marketplace? · Have you got intellectual property you need to protect? i.e copyright pins that need consideration. [23:40] PESTLE: Addressing legal factors – When you're looking at legal factors affecting your intended outcomes, consider the following: · How does the law affect how you do business? i.e company law, health & safety law, HR law, trade law? · What changes in legislation have occurred recently that you need to have considered? · How do you horizon scan for changes in legislation that affect you in your market? · What's the impact on employment on imports, exports, labour departments? · Have you considered other compliance obligations, such as certification to certain standards? [24:50] PESTLE: Addressing environmental factors – When you're looking at environmental factors affecting your intended outcomes, consider the following: · How do environmental aspects impact you, and how does the way you operate affect the environment? This includes consideration for air, water, land, natural resources, flora, fauna. · How do changes in the energy and utilities markets affect you? · How does your organisation fit in with any carbon reduction targets that your Government may have in place? · Are you required to create a carbon reduction plan? · Do you need to comply with certain environmental reporting requirements? i.e. here in the UK we have schemes like ESOS and SECR [24:50] PESTLE: Addressing ethical factors – This one is optional, but many are choosing to include it as part of their PESTLE now. When you're looking at ethical factors affecting your intended outcomes, consider the following: · How do you stay on the right side of the law with respect to the use of money? · Have you considered human rights / labour / children in the workforce / slavery / health & safety and well-being of local populations? · What charitable contributions do you make as an organisation? [27:15] Assigning significance – The next part of a SWOT and PESTLE requires you to assign significance to the various factors affecting your organisation. So, make sure you document every factor and how those factors affect your ability to achieve what you intend. Ensure that this all remains in alignment with the strategic direction of the business, as ultimately, you want your Management System to help drive those goals forward. [30:25] Frequency of a SWOT and PESTLE: This isn't just a one-off exercise. You should be continually monitoring these internal and external factors, and only updating the exercise during a management review meeting will do you a disservice. This is an ever-changing world, it's the one in which you operate, and you need to ensure you're keeping up with it. You could look at various factors in monthly or even weekly meeting with the appropriate parties, and see if circumstances have changed. [31:25] Examples of why you should continually update your SWOT and PESTLE: Ian recounts an experience he had with a client where they had failed to disclose where they had switched to a digital system for competence related documentation, but it had not met their needs and so they needed to return to manual documentation. This switch made finding the required documentation for internal audits difficult. None of this was recorded in their SWOT and PESTLE. If you'd like to book a demo for the isologyhub, simply contact us and we'd be happy to give you a tour. We'd love to hear your views and comments about the ISO Show, here's how: ● Share the ISO Show on Twitter or Linkedin ● Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

Chris Truss, Global Sustainability Director at Reed & Mackay, leads the charge on sustainable business travel. He discusses the pressing need to reduce greenhouse gas emissions in this sector, highlighting the journey towards ISO 14064 carbon verification. Truss shares insights on the challenges and benefits of achieving this certification, the company's commitment to sustainability, and how transparency in carbon reporting can improve accountability. Listeners will also hear about innovative strategies in sustainable travel policies and the importance of engaging stakeholders in environmental efforts.

Philip Ideson, Founder & Managing Director of Art of Procurement, sheds light on the essential role of procurement in driving ESG compliance. He discusses current trends shaping the procurement landscape and the challenges faced in implementing ESG principles. Philip outlines his mission to 10X the impact of procurement and shares the six principles guiding this transformation. The conversation delves into how procurement can align more closely with sustainability goals, emphasizing the need for collaboration and innovation in the evolving business environment.

Sustainability is an area that affects all businesses, no matter the sector. We are all currently contributing to the climate crisis, from travel and hospitality to manufacturing to those working in an office or from home. You may be surprised to hear that the legal sector is currently one of the leaders in championing sustainability, not just in enforcing new environmental legislation, but also leading by example in the race to net zero. One such stand out leader is today's guest – Clyde & Co, a global law firm that have made great strides in their sustainability journey. In this episode, Mel is joined by Paddy Linighan, Chief Sustainability Officer at Clyde & Co, to discuss their ambitious net zero targets, sustainability initiatives and their journey towards ISO 14064 Carbon Verification. You'll learn What is Paddy Linighan's role as CSO? Who are Clyde & Co? What are their net zero targets according to their responsible Business report? What sustainability initiatives have Clyde & Co introduced? Why get ISO 14064 verified? What were the challenges with obtaining ISO 14064 verification? What are the benefits of obtaining ISO 14064 Verification? Resources Clyde & Co Clyde & Co Responsible Business report Carbonology In this episode, we talk about: [00:25] Episode Summary – We welcome today's guest, Paddy Linighan, Chief Sustainability Officer at Clyde & Co, to dive into their responsible business report, discuss their net zero ambitions and journey towards ISO 14064 Carbon Verification. [01:40] Introduction to Paddy: Paddy has 30 years experience in the legal sector, and was formerly the Chief Operating Officer for Clyde & Co before transitioning to the role of Chief Sustainability Officer. Paddy is also a Director at the Legal Sustainability Alliance, which is an association committed to supporting the legal sector to measure and manage their carbon emissions to achieve net zero. One lesser-known fact is that Paddy was a Latin and ballroom dancer! [02:30] Who are Clyde & Co? – They are a global law firm with 500 partners, 2700 lawyers and 3216 legal professionals across the world and operating out of 70 offices. They set out to help organisations successfully navigate risk and maximise the opportunity in the sectors that underpin global trade, namely insurance, aviation, marine construction, energy, trade and natural resources. They offer a comprehensive range of contentious and non-contentious legal services and commercially minded legal advice to businesses operating across the world in seamless fashion. Clyde & Co are committed to operating in a responsible way by progressing a diverse and inclusive workforce that reflects the communities and the clients it serves, and provides an environment in which hopefully everyone can realise their potential. They use their legal and professional skills to support communities through pro bono work, volunteering charitable partnerships, and minimisation of environmental impact through the pursuit of sustainability standards. [04:25] What are some of the Net Zero targets highlighted in Clyde & Co's responsible business report? Near term target: Reduce their scope 1 and scope 2 emissions by 80% by 2030 and scope 3 emissions by 50% by 2030. Long term target: Have a 90% reduction in emissions by 2038 Focused on decarbonizing their operations across the globe. [06:25] What are some of the sustainability initiatives that Clyde & Co have started? All their initiatives can be broadly groups into 3 categories, but ultimately they seek to decarbonize their operations, address resource consumption and offset emissions where possible. They found that 95% of their emissions reside in their scope 3, which is due to their supply chain. A few of their initiatives include rationalizing their supply chain to reduce the impact of purchasing goods and services. They are also supporting their supply chain to measure and reduce their own emissions. Clyde & Co have also incorporated their sustainability requirements into their Procurement Process and Due Diligence Process. One challenging area for a professional services business like Clydo & Co is sustainable business travel. They have adopted a global note on sustainable travel, which trickles down into regional travel policies. Working with travel management companies, they will implement those new policies, in addition to improving the quality of travel data collection and prioritisation of sustainability over cost. Clyde & Co are also making the move to switch direct and in-direct consumption of fossil fuels to renewable energy in the heating and cooling of their buildings. As of summer 2023, all UK offices were on 100% renewable energy! They aim to roll this out on a global scale, but understand that there are significant challenges with doing so. [09:30] How did Clyde & Co celebrate Earth Day? They introduced climate change awareness training on Earth Day. It wasn't mandatory in any way, and included the rolling out of several blogs and videos which were produced by AXA Climate School in Paris. They ran these through Earth Day (April 22nd) to World Environment Day (5th June). Covering topics such as: Financial disclosures Plastic pollution Saving water Beekeeping Composting This led to a campaign called 'Zero as One' which helped to create of a network of sustainable champions across their organisation, who help to further raise awareness and where there may be regional issues with reducing resource consumption and energy use. This campaign has continued and is beginning to facilitate a structured, bespoke training programme for all Clyde & Co staff which covers climate awareness to climate competency. It will encourage people to think 'How can I, as an individual, make a difference?' [15:30] The Clyde & Co Community Forest – A 6.2 hectare plot of land is shared with 2 other community groups, and is not only being used for reforestation but also biodiversity, focusing on red squirrels in particular. Getting this project set up included: Gauging the appetite of colleagues: They offered increased level of refforestation for every response they had to their annual 'Have your Say' survey. For every response received, they would add 2 square metres of forest. So, 5000 people would give them a hectare. It was a knowledge gathering exercise and experience of what a carbon offset project would look like. They know that they'll never be able to 100% decarbonise their operations, but they hope to get it down to 10% remaining emissions which can be offset with more projects like the community forest. [19:35] What does Paddy think of the sustainability reporting regulatory requirements affecting the legal sector? Not only do lawyers have a key part to play in supporting and advising clients in relation to how they navigate towards a low carbon economy, but they are also a part of many businesses supply chain – meaning they would be included in scope 3 emissions for others. Putting in the work at their end enables them to proactively help and assist clients with their emissions reduction and reporting. The drive in this sector is mostly due to client demand. [21:10] The increase in sustainability targets in North American companies: Paddy highlights that a recent report issued by Climate Impact Partners found that 79% of North American companies now have climate targets, which is up 6% on Asian companies and just shy of European companies. 61% of those North American companies report under ISO 14064. [23:00] What were the drivers behind Clyde & Co getting ISO 14064 verified?: High Transparency: They wanted to ensure that any disclosed information was reliable and that they'd had third-party verification to back that up, making them much more comfortable putting that information out into the public. Financial Benefits: Sustainability and greenhouse gas emission reduction was a part of their main KPI's to tackle, the main reason being to save money through not only the reduction in energy use but also reduced interest rates as a result of their sustainability efforts. [25:20] What were the main challenges in obtaining ISO 14064 verification?: Clyde & Co are a large organisation, so gathering and quantifying the necessary emissions information was like getting blood from a stone! Nearly 65 – 70 sites only have a small team of 5 people, and getting data from each can be time consuming. Also, the quality of data can vary a great degree with that many sites, especially on a global scale as you need to consider the conversion factors when collating all the data into something verifiable. [26:50] What impact has ISO 14064 verification had on Clyde & Co's sustainability credentials?: Very simply, it validates Clyde & Co's claims. With the third-party assessment, it shows that they are actually doing what they say they're doing, and not simply paying lip service. [27:45] What were the main benefits of getting ISO 14064 verified?: Helping to secure financial benefits: ISO 14064 verification is proof enough for banks to issue discounts on interest rates Ease of process: The audit process introduced for ISO 14064 can be repeated as needed. As a result of getting verified, Clyde & Co found the exercise a good stress test for existing auditing procedures, and found a way to simplify them further. Credibility: Third-party verification adds a level of credibility which is lacking from internal calculation alone. [29:00] Paddy's top tip for anyone considering ISO 14064 verification: Do not let perfection get in the way of progress. They found that people can become a bit defensive in audits, trying to avoid errors being picked up, however, audits are meant to be constructive. They are opportunities to pick up on areas for improvement. [30:40] Paddy's book recommendation: The Ministry for the Future by Kim Stanley Robinson [32:10] Paddy's favourite quote: The greatest threat to our planet, is the belief that someone else will save it – Robert Swan OBE If you would like to learn more about Clyde & Co, and their sustainability initiatives, visit their website. To find out more about verification visit www.carbonologyhub.com We'd love to hear your views and comments about the ISO Show, here's how: Share the ISO Show on Twitter or Linkedin Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Don't forget to subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

Did you know that only a third of the emissions reductions required to achieve the country's 2030 target are currently covered by credible plans? As a result, we can expect to see more mandatory and voluntary regulations that require carbon emissions reporting to verify your ESG and net zero claims. In this episode, Mel closes out the ESG Reporting Disclosures series by explaining what Corporate Sustainability Due Diligence Directive (CSDDD) is, it's key emissions reporting requirements, the verification requirements and who qualifies for CSDDD. You'll learn · What is CSRD? · Key requirements of CSDDD · Key emissions reporting requirements · the emissions verification requirements for CSRD? · Who qualifies for CSDDD? · The likely impact of CSDDD Resources · Carbonology · Carbonology LinkedIn · Carbonology Instagram · CSDDD In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:10] Episode summary: Mel closes out the series on ESG reporting requirements by diving into CSDDD. [03:10] What is CSDDD? – The Corporate Sustainability Due Diligence Directive (CSDDD) is a new EU directive that promotes sustainable and responsible corporate behaviour in companies' operations and across their global value chains. Purpose: It aims to promote sustainable business practices, protect human rights, and address environmental challenges. The CSDDD was adopted by the European Commission on the 23rd of February 2022 and approved by the Council of the European Union on the 24th of May 2024. The new rules ensure that companies in scope identify and address adverse human rights and environmental impacts of their actions inside and outside Europe. The CSDDD is expected to start affecting companies from 2027 at the earliest once the directive has been transposed into national legislation. [05:10] What are the key requirements of CSDDD?: · Human rights due diligence: Companies must identify, prevent, and mitigate adverse human rights impacts within their value chains. · Environmental due diligence: They must assess and manage risks related to climate change, biodiversity loss, and pollution. · Disclosure obligations: Companies must disclose their due diligence processes, findings, and any remedial actions taken. [06:20] What are the Emissions Reporting Requirements? Under the CSDDDD, companies are required to report on their greenhouse gas (GHG) emissions within a climate transition plan. This includes considerations for Scope 1, 2 and 3. These were explained in more detail in a previous episode on CSRD, so go check that out if you want to learn more about the individual scope requirements. What if you fit the requirements of both CSRD and CSDDD, do you have to double report on emissions? In short – No! The climate transition plan required by the CSDDD will be reported within CSRD reporting, as organisations just need to adhere to the CSDDD's implementation requirements for the transition plan. [10:10] What are the Emissions Verification Requirements? More definitive guidance on verification requirements is expected closer to 2027. Companies will more than likely need to verify the emissions data reported through CSDDD, as the directive mandates a climate change transition plan that aligns with the Corporate Sustainability Reporting Directive (CSRD), which does require companies to verify their emissions data. [09:55] Who qualifies for CSDDD? The Corporate Sustainability Due Diligence Directive (CSDDD) applies to both EU and non-EU companies depending on their workforce size and revenue: EU and non-EU companies (or the ultimate parent company of a group): · With more than 1,000 employees and a global net turnover of at least €450 million in the last fiscal year; or · Which have franchising or licensing agreements in the EU in return for royalties with more than €22.5 million generated by royalties in the EU and have a net worldwide turnover of over €80 million in the last financial year. [11:10] What is the possible impact of this new directive? Similar to the other ESG disclosures I've covered over the past few weeks in this series on reporting disclosures, the impact of the CSDDD will result in 3 key impacts:- · Increased transparency: This directive will provide stakeholders with a clearer picture of companies' sustainability efforts, to combat greenwashing. · Enhanced accountability: Companies will be held accountable for their environmental and social performance. · Stimulation of sustainable business practices: The directive will encourage companies to adopt more sustainable practices, including regular reporting. If you would like to learn more about CSDDD or inquire about the related course, please get in touch with Carbonology. We'd love to hear your views and comments about the ISO Show, here's how: ● Share the ISO Show on Twitter or Linkedin ● Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

The push for Net Zero by 2030 is causing a major rethink in how businesses report their carbon emissions. The Corporate Sustainability Reporting Directive (CSRD) takes center stage, outlining new obligations for emissions reporting and verification. Companies must understand their eligibility under these regulations to ensure compliance. This discussion shines a light on the impacts of CSRD on ESG reporting, revealing what stakeholders need to know as sustainability standards evolve.

Businesses are coming under increasing pressure to monitor, report and reduce their energy use and carbon emissions to meet net zero targets. As a result, we're seeing an increase in both mandatory and voluntary regulations that require carbon emissions reporting to verify your net zero claims. In this episode, Mel continues the ESG Reporting Disclosures series by explaining what The International Sustainability Standards Board Climate-related Disclosures (ISSB S2) are, the emissions reporting and verification requirements and who qualifies for ISSB S2. You'll learn · What is ISSB S2? · What is the scope of ISSB S2 · What are the emissions reporting requirements for ISSB S2? · Emissions verification requirements · Who qualifies for ISSB S2? Resources · Carbonology · ISSB S2 In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:10] Episode summary: Over the course of September, Mel will be exploring the latest climate change regulations that may affect your organisation. In this episode she dives into The International Sustainability Standards Board Climate-related Disclosures (ISSB S2). [03:20] What is ISSB S2? – The International Sustainability Standards Board Climate-related Disclosures (ISSB S2) is a new global standard that mandates entities to provide comprehensive information about climate-related risks and opportunities. The ISSB S2 was issued by the International Sustainability Standards Board on the 26th of June 2023 and is effective for annual reporting periods beginning on or after the 1st January 2024. The new standard ensures that companies disclose physical and transition risks and their potential impact on the move towards a low carbon economy. [04:20] Further learning with Carbonology: Carbonology have created a half-day course which walks you through all of the various carbon reporting disclosures and sustainability disclosure reporting requirements. If you would like to learn more, get in touch with Carbonology. [07:00] What does 'Acute and Chronic Physical risks' mean in the context of ISSB S2? Climate related physical risks are risks resulting from climate change that could be event driven, so an example of an acute physical risk could arise from weather related events like storms, floods and heatwaves, which are increasing in frequency. These could have a knock-on effect to businesses, taking a heat wave as the example, you will need to consider: · Can your IT systems and datacentres cope with it? · Have you got resilience built in to your operations to be able to deal with that sort of disruption to your organisation? Chronic physical risks arise from longer term shifts in climatic patterns, including changes in precipitation and temperature, which could lead to sea level rises and reduced water availability and changes in soil productivity. These risks could carry a weighty financial burden either through direct damage to assets, or indirectly through supply chain disruption. [09:35] Join the isologyhub and get access to limitless ISO resources – From as little as £99 a month, you can have unlimited access to hundreds of online training courses and achieve certification for completion of courses along the way, which will take you from learner to practitioner to leader in no time. Simply head on over to the isologyhub to sign-up or book a demo. [11:43] What does 'Transition risk' mean in the context of ISSB S2? This is looking for a climate related transition plan, which should include targets, actions and resources for the transition towards a lower carbon economy. This would include actions such as reducing greenhouse gas emissions. [12:30] What is the scope of ISSB S2? This Standard applies to: · climate-related risks to which the organisation is exposed, which are: · climate-related physical risks; and (ii) climate-related transition risks; and · climate-related opportunities available to the entity. Climate-related risks and opportunities that could not reasonably be expected to affect an organisation's prospects are outside the scope of this Standard. · The Standard covers:- · Governance · Strategy · Climate related risks and opportunities · Business Model and Value Chain · Financial position, financial performance and cash flows · Climate resilience · Risk Management [14:10] What are the emissions reporting requirements for ISSB S2? - Under ISSB S2, companies are required to measure and disclose their greenhouse gas (GHG) emissions across three scopes: · Scope 1 Emissions: Direct emissions from owned or controlled sources. For example, emissions from combustion in owned or controlled boilers, furnaces, vehicles, etc. · Scope 2 Emissions: Indirect emissions from the generation of purchased energy. This includes emissions from the production of electricity, steam, heating, and cooling consumed by the company. · Scope 3 greenhouse gas emissions: Indirect greenhouse gas emissions (not included in Scope 2 greenhouse gas emissions) that occur in the value chain of an entity, including both upstream and downstream emissions. Scope 3 greenhouse gas emissions include the Scope 3 categories in the Greenhouse Gas Protocol Corporate Value Chain (Scope 3) Accounting and Reporting Standard (2011). [16:20] Emissions verification requirements - Under ISSB S2, companies are required to have their reported greenhouse gas (GHG) emissions data verified. Verification can provide users of financial reports confidence that the information is complete, neutral and accurate. Disclosure of inputs to Scope 3 greenhouse gas emissions needs to disclose information about the measurement approach, inputs and assumptions it uses. [18:30] Who qualifies for ISSB S2? - ISSB S2 applies to all entities that are required by law, regulation, or administrative provision to prepare financial statements. This includes, but is not limited to: · Publicly listed companies · Large private companies · Financial institutions such as banks and insurance companies · State-owned enterprises Entities are encouraged to adopt the ISSB S2 voluntarily, even if they are not mandated by law or regulation. Early adoption is permitted and encouraged to enhance transparency and accountability in climate-related disclosures. If you would like some help with your carbon emissions reporting, please get in touch with Carbonology. We'd love to hear your views and comments about the ISO Show, here's how: ● Share the ISO Show on Twitter or Linkedin ● Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

Businesses face growing pressure to monitor energy use and carbon emissions to meet net zero targets. The discussion highlights various regulations, including Streamlined Energy and Carbon Reporting (SECR) and its significance in ESG reporting. Key topics include who qualifies for SECR, its reporting requirements, and how it complements other carbon management strategies. With the urgent climate crisis, understanding these regulations is essential for companies aiming for transparency and sustainability.

There have been a reported 9,478 publicly disclosed data incidents in 2024 alone, with that amounting to over 35 million known records breached. It has become clear in recent years that information security isn't just a 'nice to have', it's a necessity to ensure you and your client's data are protected. Which is especially the case for those processing personal and financial data, such as today's guest, Mintago. In this episode, Tom Catnach, Head of Product and Information Security Officer for Mintago, explains their journey towards ISO 27001, the challenges faced and benefits felt from certification to the leading Information Security Standard. You'll learn · Who are Mintago? · Who is Tom Catnach? · What was the main driver behind achieving ISO 27001? · What was the biggest 'gap' identified in the Gap Analysis? · What have they learned from the experience? · What are the benefits of certification to ISO 27001? · What does the threat horizon for information security look like? Resources · Mintago · Isologyhub In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:15] Episode summary: Today we welcome guest Tom Catnach from Mintago to discuss their journey towards ISO 27001 certification. [02:20] Who are Mintago? – Mintago are an employee benefits company, who work with companies to help their employees be financially better off. They do this in a number of ways, including: · Finding lost pension pots · Help to save money through finding discounts · Retirement planning · Offering various salary sacrifice products · Helping companies to be more financially efficient with pension salary sacrifice or other national insurance savings · Helping people to be more financially literate [05:10] Who is Tom Catnach?: Tom has a split role at Mintago, his primary role being Head of Product and secondary being Information Security Officer. Through both roles he looks after all the products and offerings as well as the information security across the business, he was also the driving force behind achieving ISO 27001. Outside of work, Tom likes to travel via motorbike, preferring to stay away from the screens and enjoying the sights. [06:30] What was Mintago's main driver to Implement ISO 27001?: Mintago, and most other businesses by their nature, are required to hold a lot of sensitive data and so have a responsibility to their clients and employees to ensure it's security. Mintago were looking for a robust framework to base their Information Security around, and what better option that the leading Information Security Standard, ISO 27001. ISO 27001 also offers the assessment of general business practice, and allows for growth and scaling. As a start-up, they wanted to have a solid base for policies, training ect to roll out to new hires as they expand. [08:30] Aligning Standards with core values: Trust is one of Mintago's core values and they want to give their clients the assurance that they can be trusted to protect their data. ISO 27001 can be compared to the likes of Bcorp as it's an on-going process. It doesn't just stop at getting the certificate, you have annual surveillance to ensure you are still compliant year on year. [10:15] What was the scope of Mintago's certification?: For the initial implementation, Mintago opted to just scope in Product and Customer Service. This was because all of the sensitive data is handled in those departments and they don't allow access to any other teams, so it made sense to start there with a view to expand the scope after certification. That being said, they still rolled out Information Security training to all staff, and everything has been set-up to allow for an easy business wide roll-out when they're ready. [11:50] How long was Mintago's certification journey?: They started their journey in September 2023, in fact it was Tom's first project with Mintago! Mintago enlisted Blackmores help to implement ISO 27001, and after nine months they have been successfully certified. Tom attributes their ease of implementation to the fact that they are currently a small business, citing that it's an advantage to implement ISO Standards early while your agile so that your management system grows with you. [14:25] What was the biggest 'gap' identified at the Gap Analysis? Mintago are lucky in the fact that they are a new business so are using modern tech, and don't have the burden a larger site or other physical elements such as rack mounted servers. However, policy, procedure and evidence to ensure they were doing the right thing were lacking at the start of their journey. They did have a good 70% in place and that last 30% was mostly down to having the ability to evidence their compliance. There was also some additional work to do to improve existing policies and procedures. One example of this was having a solid Business Continuity Plan in place. [16:35] Did Mintago experience any significant barriers in addressing identified gaps? Being a smaller business, they were able to adapt a lot quicker than a larger organisation may have been able to. One of the biggest struggles for Tom was getting the necessary technology to aid with Information Security. They needed to show that they had a competent Mobile Device Management Solution (MDM), antivirus and anti-phishing in place. When trying to buy some software solutions, Tom encountered a lot of companies simply not replying to his requests due to Mintago's size. Many organisations sadly prioritize bigger potential clients, and so it took a while to finally get all the required software. [18:45] Engagement is key - Getting everyone involved with the management system is critically important. Especially with information security as the people most often targeted are frontline workers, so they need to be actively engaged in security. Mintago also has the advantage of being a smaller business, so getting communication out isn't a hardship and resulted in high engagement. This was benefitted from a top-down initiative via their 'C-Suite'. Tom also states that you can make any necessary training more lighthearted, team based or interactive, as that's something that people would want to engage in. It's also important to stress that any information security training can be beneficial for personal use too to avoid being a victim of fraud or a scam. It can be something people take away to their family members to ensure they stay safe online. [23:10] Did the adoption of ISO 27001 highlight any issues not already considered by Mintago? - The biggest thing was how their internal process could be improved. For example, looking at the scenario of 'what if our back-ups don't work?', ISO 27001 drilled down to ask specifics such as: · How do we recover from that scenario? · Are we 100% confident in our back-ups? · Will they work near instantaneously? · What's Mintago's availability like in that scenario? · How do we prevent disruption to our clients during that scenario? So, while they did have back-ups they weren't necessarily considering the whole scenario, especially if those back-ups were to fail. ISO 27001 ultimately helped to flesh out existing plans to make a much more robust system. In regards to threat horizons, Mintago do practice OWASP and keep the team informed via e-mail, newsletters and GitHub repositories. [25:00] Internal Auditing – A beneficial tool - Tom found the internal auditing process to be very beneficial for Mintago, currently they do a few monthly on average. Blackmores assisted with the audits during implementation to ensure they were in the right place for assessment. Of course, the Certification Body audits were a bit more nerve wracking for Stage 1 and 2 as they would determine if they would be certified. Mintago passed their Stage 1 (documentary review) with flying colours, their Stage 2 (evidence checking) highlighted a few non-conformities that were quickly addressed. Following the Stage 2, they were recommended for ISO 27001 certification. [27:20] Minor Non-conformities aren't the end of the line – There's a common misconception that getting a certain number of minor non-conformities during a Stage 2 assessment means you can't be certified, but that's simply not true! If an Assessor is comfortable that you are in a good position for certification, they will recommend you. ISO Standards are all about continual Improvement, which is something Mintago are embracing as they continue to address issues raised at audits. [29:00] Benefits of ISO 27001 certification – Benefits Mintago are already experiencing include: Internal Stakeholders – The Team worked hard to achieve the Standard and have embraced it's core qualities to the benefit of their own Information Security practices. Positive Market Response – Much larger clients who are also ISO 27001 certified now have a mutual understanding of each other's commitment to information security. Gaining certification early – As a start-up, Mintago are agile and will be able to develop and mature their ISMS (Information Security Management System) as they grow. [31:10] Any concerns on the threat horizon?: As the Information Security Officer, Tom is concerned about new emerging trends in AI led scams. They're going to be a lot more sophisticated and harder to spot and deal with. Thankfully, even if they are impacted, it will be rather isolated. Tom raises concerns for vital services such as Air Traffic Control which could have dire consequences if they were to be affected by a data incident. However, with ISO 27001 Mintago are in a good place to keep on-top of their threat horizon and have the processes in place to mitigate potential incidents and continually improve their own security. [34:30] In Summary: Mintago are a shining example of gaining certification for the right reasons. It's not just about getting a badge, they have truly embraced a culture of continual improvement and are utilising ISO 27001 to ensure they have a robust information security management system in place. If you would like to learn more about Mintago and their financial services, check out their website. We'd love to hear your views and comments about the ISO Show, here's how: ● Share the ISO Show on Twitter or Linkedin ● Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

Explore the world of greenhouse gas accounting and discover how crucial it is for environmental responsibility. Delve into the leading reporting frameworks: the GHG Protocol and ISO 14064-1. Find out their similarities and key differences, including how they address indirect emissions. Learn how these frameworks can complement each other and the importance of choosing the right one for your organization. This conversation is a must-listen for those navigating the complexities of GHG emissions reporting.