Every industry has standards. Some are legal standards, set in stone and mandatory. There are also various regulatory compliance measures to ensure conformity. Regulations and legislation set a standard and ensure compliance. But being compliant is not only a regulatory obligation, but is showing that you are compliant is good for business.
Compliance is essential for business, but it can also serve as one of the best tools for promoting a brand, raising standards and driving productivity.
Compliance has many other, notable benefits:
Reducing the risk of costly legal issues
Creating a safer, more efficient workplace (with happier, more motivated teams who stay on board for the long term)
Winning customer trust in a way that few other things can
Compliance can be a powerful tool for public relations
The broad spectrum of compliance in business
If you are looking at compliance for your business, where on earth do you begin? Well, a lot can depend on your service and your industry. There are, however, several key areas applicable to us all.
Health and safety policies:
If your business has five or more employees, a written Health and Safety policy is mandatory. For less than five, however, it is still a good idea.
Data protection & GDPR:
If you are dealing with data, you have to commit to protecting it by the law; your policy should consider your company’s size, activities, and existing IT policies.
Other industry-specific compliance measures include Safeguarding, Cookies, Kite marks and certain pre-requisites if the organisation is looking to partner with Government agencies or the NHS.
Sought-after compliance
For those with the desire to really showcase their brand, its services or products, some standards take customer care and staff welfare to levels above those of the competition. They can demonstrate transparency, ethical practices, philosophy and good principles.
While they might not always be mandatory, we might be foolish to neglect them…
The International Standards Organisation offers a wide range of non-compulsory but highly sought after standards.
ISO 9001 is one such standard linked to Quality Management Systems. It is the yardstick for many businesses looking to demonstrate their products and services meet customer needs and fulfil legal and regulatory requirements.
ISO14001 represents another sought after standard in the business world of today. Focusing on environmental management, it serves as proof of compliance with applicable ecological and environmental regulations. In a world of increasingly aware consumers and potential partners, it can make all the difference.
How can a we support you?
Regardless of whether you are seeking to conform to mandatory legal/regulatory compliance or quality standards that can be either mandatory or highly recommended, then we may be able to help.
Compliance is a specialised field, and many companies can find it challenging to collate the information they need and present it in the correct standardised format. A specialist Virtual Assistant can:
Identify what materials you need for submission and often pinpoint the ones which fulfil multiple criteria
Deliver the help and support you need to collate it
Offer help and advice around the submission process
Support to create your policies and procedures
Ensure your submissions are professional, relevant and on-brand
Help you to create internal audits and self-assessments
Highlight key areas for external audits by independent regulatory bodies
Good compliance is good for business. If you’d like help and support ensuring your business ticks all the boxes and stands proudly above the completion, get in touch today.
Without a doubt, every business aims for success, and even though ‘success’ can mean a range of different things depending on you, your business and the industry you are in. It is almost always linked to a good service or product, delivered safely, ethically, and positively. Therefore it makes sense that you should aim for the best standards of quality and compliance. But what do those things actually mean? How can we make sure those important boxes stay ticked?
How do we take steps to add quality to our services and ensure they operate the way they are legally required to? Well, I’m here to offer help and support to understand (and achieve) both, so let’s take a closer look.
Quality is defined as products and services that deliver intended performance, while compliance is looks at meeting regulatory requirements.
Good products and great service
There is simply no denying it; an amazing product is completely wasted when combined with poor service. Even the most excellent customer service is useless when the product itself isn’t up to scratch.
Those two pillars of every business are a crucial marriage. They go hand in hand. Quality in one area is always going to cause problems. It needs to run throughout, and it can. Here’s how:
Building relationships and seeking feedback
Be bold, be brave and reach out to your customers. If the feedback is good, you already have a firm foundation to blow away the competition. It is a great start to make those areas even better. If there is room for improvement in places, then feedback has made you aware of the issue. You can take steps to improve, and thanks to your feedback, you know exactly where…
Inevitably, things can go wrong. That happens to every business. However, what the best ones do is communicate. If the feedback isn’t ideal (it will sometimes happen, even to the best), then it is a vital early chance to put things right. I can’t stress that enough; communication is key in the quest for quality.
Developing a compliant, ethical business
Compliance, like quality, will mean something slightly different for every company. The one thing they all share in common is that both compliance and quality are important.
Lack of compliance can all too often lead to data breaches, health and safety risks and damage to your business and brand. On the other hand, a compliant, well-run business can mean happy teams working for a first-rate organisation. This combined means great services and a reputation to match.
To start you off on the road to compliance and real quality, here are the initial things to focus upon:
Identify what quality is within your business sector.
Identify the compliance requirements for your business. Some may be unique to you. Others, such as Health & Safety, GDPR etc., are vital to everyone.
Develop in-house policies and procedures around quality and legal responsibility
Undertake audits, adopt a culture of positivity towards self-assessment and personal development
Invest in your business and your people through certification and accreditation. Both are amazing selling points that will enrich your staff, improve your business and earn revenue.
Seek to build lasting relationships and react positively to every kind of feedback
Finally, and perhaps most importantly, don’t be afraid to reach out to a specialist with experience in common compliance issues such as GDPR. With my background in a busy Quality Department, I can help you develop the policies and procedures to make your business better in every way. Let’s work together to add ensure quality and compliance in your organisation.
Nine out of 10 businesses are working in digitally way, and more and more are working virtually. We live online.
But we need to ensure that we are working safely online. The risk of a digital attack is high, and 39% of UK businesses have experienced a cyber security breach. This is according to a report published in March 2022 by the Department for Digital, Culture, Media and Sport.
There are several areas that a business needs to look at to ensure online (cyber) security.
Risk assess
Risk assessments can sometimes be seen negatively or be viewed with fear/disdain. They are a positive tool that can identify strengths and weaknesses in a particular area. Once you know an area that is not so great, an action plan can be created to improve it. Risk assessing raises A LOT of questions, and you will never get to risk-free. However, you can put things in place to reduce the risk.
Have a Bring Your Own Device Policy and Working from Home Policy
On average, 45% of businesses have staff that use their own devices. 84% of workers who had worked from home during the pandemic have said they plan to carry out a mix of home and office working in the future, according to an Office of National Statistics report published in May 2022.
This can raise risks around how secure the equipment or network is.
Having staff use their own devices can save costs, but it can mean less control over IT security.
Have IT support
Having an (external) IT support which provides a portfolio of IT services that are underpinned by a service level agreement. From a cyber security perspective, having someone there to help keep things safe, that can do back-ups and support when things go wrong, is a great unseen benefit to a business.
Having systems in place that can help detect incidents.
Awareness and training
Oh, I mentioned the T word – sorry.
Everyone needs to understand and know where the online risk can come from. Whether it be from phishing, vishing, smishing or pharming, can staff identify the risks, not act on the attack AND report it?
Ensuring there is a plan in place and it is actioned, staff are aware of online threats – not only for the business but also for their personal data.
Ensure you have access to up-to-date information
Cyber security is forever changing. How do we keep up to date with all the information? And how do we ensure it is accurate?
Something has gone wrong; what do you do?
An excellent place to start would be the NCSC or ICO or find an external cyber security consultant. If you have an external IT provider, they could also be a good source of information. Also, remember to check your business insurance.
Keep software updated
Whether it be the operating system or the actual software, updates are pushed out for a reason – they have security patches in them and update glitches or vulnerabilities. Yes, it can be a pain that they are updating, stopping you from working. But do you want your computer to be held captive and not work?
Record and Report
Recording when you have a cyber security attempt, even when they don’t get through, is a great way to assess the effectiveness of online safety.
Have a plan to respond to a cyber incident in advance and check to see if it would work.
Have records of possible attacks, and investigate actual incidents.
Remember that a cyber attack, phishing etc., should be reported to the NCSC. If personal data is lost, risk assess to see if it must also be reported to the ICO.
Secure that data
Securing that data comes in different ways
Ensure that where the data is stored is secure – and data protection compliant.
Only allowing people who need access to the data to access it.
This comes back to risk assessing in a way – doing those checks to ensure everything is ok, but this time of prospective (and current) suppliers to establish any liabilities and evaluate potential.
Check suppliers – where are they, and what is their compliance like?
Scammers and cyber criminals use every tool they can to access data and gain control of computers and mobile devices.
That means businesses and employees must be on guard constantly, treating every email, every phone call and even text message with extreme caution.
Here are some of the techniques they use and how to avoid falling victim to them
Email phishing
Phishing scams try to trick you, and sadly, many people fall for them, getting their passwords, account details and business data stolen.
They may pretend to be from your bank or a company you know and trust; that is why it is good practice to treat every email with suspicion, especially those claiming to have noticed suspicious activity in your account or asking for personal information, as well as those asking you to click links.
In the case of ‘spear phishing’, these emails will appear to be targeted at you.
How to protect yourself and your business from phishing and Spear Phishing scams:
Protect your devices with security software (and set it to update automatically)
Protect your accounts by using multi-factor authentication; this can either be something you have, such as a passcode sent to you via a security key or something you are, like a fingerprint scan, retina or facial scan.
Back up your data regularly to a trusted cloud-based storage solution or an external hard drive.
Whaling
Whaling is similar to phishing but aimed at the highest members of an organisation, such as executives and senior managers, particularly those in financial and payment-related businesses.
A Whaling attack can be well-researched and sophisticated, containing personal information, a sense of urgency and often a solid understanding of the industry’s technical terms and tone. They can cause devastating damage to a company’s reputation.
How to protect yourself and your business from whaling attacks:
Training and awareness at the highest level
More training and awareness, including regular refresher courses
Flag emails that are not from your network automatically
Consider making social media profiles private
Invest in data loss prevention measures and protocols
Smishing
Do we treat the danger of SMS or text-based ‘smishing’ with the same levels of diligence as we might with email phishing? Many might not and fall prey to revealing personal information such as credit card numbers and passwords or downloading malicious programs to their work mobile devices.
How to protect yourself and your business from smishing attacks:
Treat so-called urgent security alerts, offers and deals with extreme caution
Remember, no reputable company will ever ask you to confirm banking details, ATM pin codes or account information via text message.
Avoid storing bank details on smartphones; if the information isn’t there, it can’t be stolen.
Be wary of unfamiliar or suspicious-looking numbers
Vishing
Vishing or voice calls are one of the most widely used methods by fraudsters looking to access data, bank details and personal information.
Many scammers are incredibly good at gaining confidence; combine that with an exponential rise in remote working and the ease with which scammers can access basic information about any of us, and it is easy to see why so many are caught off-guard and fall prey to the (friendly) voice on the end of our phones.
How to protect yourself and your business from vishing attacks:
Calls from your bank or official agency are a mobile number; it is almost always a reason to be suspicious
Check the number even if it appears to be genuine. An automated caller ID is no guarantee of a legitimate call.
If the caller asks for money, mentions a deadline or tries to ask about confidential information, that is a sign of vishing.
Refuse to install software on your devices to fix an alleged problem if prompted to do so
If you would like to learn more about how to make your business stronger against the threat of cybercrime and data theft, I’d love to help. Get in touch today to schedule a free chat.
Threats to our technology come from many different sources, and protecting our data can seem like a never-ending job. It is.
It has been well documented that cyber security increased during recent years in personal attacks and those targeting businesses. The National Cyber Security Centre (NCSC) state in its annual report that there has been an increase in online threats.
Whether we use desktops, laptops, tablets or other mobile devices, they all rely on a range of good housekeeping measures to attain the best possible levels of cyber security for the business and the data it handles.
What is Cyber Security?
Cyber security refers to protecting electronic devices, computer systems and entire networks against data loss, theft or corruption. That might even involve disruption to the business and its services, expensive legal proceedings (in the event of a data breach) and irreparable damage to a business or brand.
As we can see, cyber security is a vital tool for GDPR compliance and the business itself.
With those things in mind, here are just a few important things to ensure you’ve got it right.
Move away from unsupported software.
Software, including operating systems, apps and free trial versions, almost always comes with a limited shelf life. That might not always mean replacing them, but it does mean keeping them up to date, replaced or subscribed to in order to access support and updates.
Always download and install the latest software and app
The latest software and apps are vital. The landscape of cyber security changes daily, with new threats emerging all the time. These threats can take advantage of vulnerabilities in even the most well-known software and apps; updates address them.
Run up-to-date anti-virus (even on a Mac)
One of the most important aspects of IT security is the software designed to identify, locate and remove dangers to your IT infrastructure. Keeping it up to date will ensure the barrier between your data and cyber criminals is as robust as possible.
Yes, it can be a hassle… Those long, alpha-numeric passwords with a capital letter here and there and some symbols are thrown in for good measure. However, they are infinitely more robust than “Password123” or the name of your favourite cat that you might have shared on social media.
Most modern browsers and even some ingenious software apps offer to remember them for you, too, safely and securely.
Two-Factor Authentication
Two-factor authentication sends a message, often to a pre-agreed mobile number or alternate email address. Typically it includes a code or link that forms part of a two-stage login process for websites, apps and software.
You enter your login credentials at stage one.
You enter the code or click the link sent to you (and only you) at stage two.
Delete suspicious emails and avoid clicking links
The human element is one of the weakest links in data loss, making training and awareness important for your teams. Phishing emails can seem incredibly realistic, and sadly, many people fall for them, clicking links that install malware or give cybercriminals access to your data.
Back up your data
It is good practice, and it makes sense. Many IT hosting platforms perform several backups daily for the clients they work with, but for smaller businesses, it isn’t difficult to set up. Backups are one of those things, you might go years with no need to for them, but when you do, you really do.
For help and advice on backing up your data, get in touch.
Training
Even the most secure and up-to-date systems are at risk if people are not trained to get the most out of them. Training your team on cyber security awareness is important. Not just from a hardware point of view but from risks such as social engineering, phishing attacks and the use of deception by cybercriminals to obtain confidential information.
If you would like to learn more about how to make your business stronger against the threat of cybercrime and data theft, I’d love to help. Get in touch today to schedule a free chat.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behaviour or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
