Whenever compliance and accreditation are discussed, many of us focus on ensuring everything is okay without considering the potential benefits.
We think about the mandatory things we need to do to ensure our products and services are legally safe, that they adhere to the standards set out for them and that our teams are working in a safe, compliant environment.
We invest a lot of time and resources into ensuring those boxes are ticked; we have to, after all! However, there is also a whole range of other accreditation and certification that isn’t mandatory.
You and your business have already put in the hard work to get the compliance you need; is it worth your time to bother with anything else?
Yes, it is. It can pay off in all kinds of ways…
Gaining an edge
You don’t need me to tell you any competitive business advantage is worth grabbing with both arms. Taking compliance and accreditation to the next level is a powerful way to do that…
Boost your reputation and allow you to gain a competitive edge over others in your industry
Win you more business and empower you to bid for lucrative contracts with external agencies
Improve the inner ethos of your organisation, maximising staff morale, productivity and giving your teams a real sense of pride
Win trust and confidence in your business, which can be essential in some sectors, such as social care or the financial sector
Drive growth for small to medium-sized businesses
Accreditation can highlight legal compliance, green credentials, and an ethos of sustainability.
Investing in your business and its people
The range of accreditation out there for your business can be considerable. It ranges from ISO standards like ISO 27001 (managing information), ISO 45001 (occupational health and safety), and ISO 9001 (quality management) to industry-specific accreditation that will allow you to bid for contracts with government agencies, schools, and the NHS. For charitable organisations, accreditations such as NCVO can demonstrate their trustworthiness and win the confidence of potential donors.
On an individual level, accreditation can also have a positive impact; mental health champions, data protection, and safeguarding, to name just a few, are all precious accredited courses for key employees; they might also go some way towards gaining Investors in People accreditation, an award which any forward thinking company should be proud of.
A sign of quality that is easy to share
Showcasing your accreditation is an easy and effective way to show your qualities to the world and prove that you stand head and shoulders above your competitors. You can add them to your website’s homepage as logos, share them via your social media channels, blog about the important part they play in your company’s story, send out newsletters and even contact the local paper!
You’ve gone the extra mile, after all. Why wouldn’t you want to shout about it from the rooftops with pride and passion?
If you are working towards gaining accreditation to drive growth and demonstrate your quality, collating the right materials and information and presenting it in the correct format is essential. Failing to do so can cost you time, money, and more than a bit of frustration.
Every industry has standards. Some are legal standards, set in stone and mandatory. There are also various regulatory compliance measures to ensure conformity. Regulations and legislation set a standard and ensure compliance. But being compliant is not only a regulatory obligation, but is showing that you are compliant is good for business.
Compliance is essential for business, but it can also serve as one of the best tools for promoting a brand, raising standards and driving productivity.
Compliance has many other, notable benefits:
Reducing the risk of costly legal issues
Creating a safer, more efficient workplace (with happier, more motivated teams who stay on board for the long term)
Winning customer trust in a way that few other things can
Compliance can be a powerful tool for public relations
The broad spectrum of compliance in business
If you are looking at compliance for your business, where on earth do you begin? Well, a lot can depend on your service and your industry. There are, however, several key areas applicable to us all.
Health and safety policies:
If your business has five or more employees, a written Health and Safety policy is mandatory. For less than five, however, it is still a good idea.
Data protection & GDPR:
If you are dealing with data, you have to commit to protecting it by the law; your policy should consider your company’s size, activities, and existing IT policies.
Other industry-specific compliance measures include Safeguarding, Cookies, Kite marks and certain pre-requisites if the organisation is looking to partner with Government agencies or the NHS.
Sought-after compliance
For those with the desire to really showcase their brand, its services or products, some standards take customer care and staff welfare to levels above those of the competition. They can demonstrate transparency, ethical practices, philosophy and good principles.
While they might not always be mandatory, we might be foolish to neglect them…
The International Standards Organisation offers a wide range of non-compulsory but highly sought after standards.
ISO 9001 is one such standard linked to Quality Management Systems. It is the yardstick for many businesses looking to demonstrate their products and services meet customer needs and fulfil legal and regulatory requirements.
ISO14001 represents another sought after standard in the business world of today. Focusing on environmental management, it serves as proof of compliance with applicable ecological and environmental regulations. In a world of increasingly aware consumers and potential partners, it can make all the difference.
How can a we support you?
Regardless of whether you are seeking to conform to mandatory legal/regulatory compliance or quality standards that can be either mandatory or highly recommended, then we may be able to help.
Compliance is a specialised field, and many companies can find it challenging to collate the information they need and present it in the correct standardised format. A specialist Virtual Assistant can:
Identify what materials you need for submission and often pinpoint the ones which fulfil multiple criteria
Deliver the help and support you need to collate it
Offer help and advice around the submission process
Support to create your policies and procedures
Ensure your submissions are professional, relevant and on-brand
Help you to create internal audits and self-assessments
Highlight key areas for external audits by independent regulatory bodies
Good compliance is good for business. If you’d like help and support ensuring your business ticks all the boxes and stands proudly above the completion, get in touch today.
Without a doubt, every business aims for success, and even though ‘success’ can mean a range of different things depending on you, your business and the industry you are in. It is almost always linked to a good service or product, delivered safely, ethically, and positively. Therefore it makes sense that you should aim for the best standards of quality and compliance. But what do those things actually mean? How can we make sure those important boxes stay ticked?
How do we take steps to add quality to our services and ensure they operate the way they are legally required to? Well, I’m here to offer help and support to understand (and achieve) both, so let’s take a closer look.
Quality is defined as products and services that deliver intended performance, while compliance is looks at meeting regulatory requirements.
Good products and great service
There is simply no denying it; an amazing product is completely wasted when combined with poor service. Even the most excellent customer service is useless when the product itself isn’t up to scratch.
Those two pillars of every business are a crucial marriage. They go hand in hand. Quality in one area is always going to cause problems. It needs to run throughout, and it can. Here’s how:
Building relationships and seeking feedback
Be bold, be brave and reach out to your customers. If the feedback is good, you already have a firm foundation to blow away the competition. It is a great start to make those areas even better. If there is room for improvement in places, then feedback has made you aware of the issue. You can take steps to improve, and thanks to your feedback, you know exactly where…
Inevitably, things can go wrong. That happens to every business. However, what the best ones do is communicate. If the feedback isn’t ideal (it will sometimes happen, even to the best), then it is a vital early chance to put things right. I can’t stress that enough; communication is key in the quest for quality.
Developing a compliant, ethical business
Compliance, like quality, will mean something slightly different for every company. The one thing they all share in common is that both compliance and quality are important.
Lack of compliance can all too often lead to data breaches, health and safety risks and damage to your business and brand. On the other hand, a compliant, well-run business can mean happy teams working for a first-rate organisation. This combined means great services and a reputation to match.
To start you off on the road to compliance and real quality, here are the initial things to focus upon:
Identify what quality is within your business sector.
Identify the compliance requirements for your business. Some may be unique to you. Others, such as Health & Safety, GDPR etc., are vital to everyone.
Develop in-house policies and procedures around quality and legal responsibility
Undertake audits, adopt a culture of positivity towards self-assessment and personal development
Invest in your business and your people through certification and accreditation. Both are amazing selling points that will enrich your staff, improve your business and earn revenue.
Seek to build lasting relationships and react positively to every kind of feedback
Finally, and perhaps most importantly, don’t be afraid to reach out to a specialist with experience in common compliance issues such as GDPR. With my background in a busy Quality Department, I can help you develop the policies and procedures to make your business better in every way. Let’s work together to add ensure quality and compliance in your organisation.
Nine out of 10 businesses are working in digitally way, and more and more are working virtually. We live online.
But we need to ensure that we are working safely online. The risk of a digital attack is high, and 39% of UK businesses have experienced a cyber security breach. This is according to a report published in March 2022 by the Department for Digital, Culture, Media and Sport.
There are several areas that a business needs to look at to ensure online (cyber) security.
Risk assess
Risk assessments can sometimes be seen negatively or be viewed with fear/disdain. They are a positive tool that can identify strengths and weaknesses in a particular area. Once you know an area that is not so great, an action plan can be created to improve it. Risk assessing raises A LOT of questions, and you will never get to risk-free. However, you can put things in place to reduce the risk.
Have a Bring Your Own Device Policy and Working from Home Policy
On average, 45% of businesses have staff that use their own devices. 84% of workers who had worked from home during the pandemic have said they plan to carry out a mix of home and office working in the future, according to an Office of National Statistics report published in May 2022.
This can raise risks around how secure the equipment or network is.
Having staff use their own devices can save costs, but it can mean less control over IT security.
Have IT support
Having an (external) IT support which provides a portfolio of IT services that are underpinned by a service level agreement. From a cyber security perspective, having someone there to help keep things safe, that can do back-ups and support when things go wrong, is a great unseen benefit to a business.
Having systems in place that can help detect incidents.
Awareness and training
Oh, I mentioned the T word – sorry.
Everyone needs to understand and know where the online risk can come from. Whether it be from phishing, vishing, smishing or pharming, can staff identify the risks, not act on the attack AND report it?
Ensuring there is a plan in place and it is actioned, staff are aware of online threats – not only for the business but also for their personal data.
Ensure you have access to up-to-date information
Cyber security is forever changing. How do we keep up to date with all the information? And how do we ensure it is accurate?
Something has gone wrong; what do you do?
An excellent place to start would be the NCSC or ICO or find an external cyber security consultant. If you have an external IT provider, they could also be a good source of information. Also, remember to check your business insurance.
Keep software updated
Whether it be the operating system or the actual software, updates are pushed out for a reason – they have security patches in them and update glitches or vulnerabilities. Yes, it can be a pain that they are updating, stopping you from working. But do you want your computer to be held captive and not work?
Record and Report
Recording when you have a cyber security attempt, even when they don’t get through, is a great way to assess the effectiveness of online safety.
Have a plan to respond to a cyber incident in advance and check to see if it would work.
Have records of possible attacks, and investigate actual incidents.
Remember that a cyber attack, phishing etc., should be reported to the NCSC. If personal data is lost, risk assess to see if it must also be reported to the ICO.
Secure that data
Securing that data comes in different ways
Ensure that where the data is stored is secure – and data protection compliant.
Only allowing people who need access to the data to access it.
This comes back to risk assessing in a way – doing those checks to ensure everything is ok, but this time of prospective (and current) suppliers to establish any liabilities and evaluate potential.
Check suppliers – where are they, and what is their compliance like?
Scammers and cyber criminals use every tool they can to access data and gain control of computers and mobile devices.
That means businesses and employees must be on guard constantly, treating every email, every phone call and even text message with extreme caution.
Here are some of the techniques they use and how to avoid falling victim to them
Email phishing
Phishing scams try to trick you, and sadly, many people fall for them, getting their passwords, account details and business data stolen.
They may pretend to be from your bank or a company you know and trust; that is why it is good practice to treat every email with suspicion, especially those claiming to have noticed suspicious activity in your account or asking for personal information, as well as those asking you to click links.
In the case of ‘spear phishing’, these emails will appear to be targeted at you.
How to protect yourself and your business from phishing and Spear Phishing scams:
Protect your devices with security software (and set it to update automatically)
Protect your accounts by using multi-factor authentication; this can either be something you have, such as a passcode sent to you via a security key or something you are, like a fingerprint scan, retina or facial scan.
Back up your data regularly to a trusted cloud-based storage solution or an external hard drive.
Whaling
Whaling is similar to phishing but aimed at the highest members of an organisation, such as executives and senior managers, particularly those in financial and payment-related businesses.
A Whaling attack can be well-researched and sophisticated, containing personal information, a sense of urgency and often a solid understanding of the industry’s technical terms and tone. They can cause devastating damage to a company’s reputation.
How to protect yourself and your business from whaling attacks:
Training and awareness at the highest level
More training and awareness, including regular refresher courses
Flag emails that are not from your network automatically
Consider making social media profiles private
Invest in data loss prevention measures and protocols
Smishing
Do we treat the danger of SMS or text-based ‘smishing’ with the same levels of diligence as we might with email phishing? Many might not and fall prey to revealing personal information such as credit card numbers and passwords or downloading malicious programs to their work mobile devices.
How to protect yourself and your business from smishing attacks:
Treat so-called urgent security alerts, offers and deals with extreme caution
Remember, no reputable company will ever ask you to confirm banking details, ATM pin codes or account information via text message.
Avoid storing bank details on smartphones; if the information isn’t there, it can’t be stolen.
Be wary of unfamiliar or suspicious-looking numbers
Vishing
Vishing or voice calls are one of the most widely used methods by fraudsters looking to access data, bank details and personal information.
Many scammers are incredibly good at gaining confidence; combine that with an exponential rise in remote working and the ease with which scammers can access basic information about any of us, and it is easy to see why so many are caught off-guard and fall prey to the (friendly) voice on the end of our phones.
How to protect yourself and your business from vishing attacks:
Calls from your bank or official agency are a mobile number; it is almost always a reason to be suspicious
Check the number even if it appears to be genuine. An automated caller ID is no guarantee of a legitimate call.
If the caller asks for money, mentions a deadline or tries to ask about confidential information, that is a sign of vishing.
Refuse to install software on your devices to fix an alleged problem if prompted to do so
If you would like to learn more about how to make your business stronger against the threat of cybercrime and data theft, I’d love to help. Get in touch today to schedule a free chat.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behaviour or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
