1. BUSINESSSTANDARDS
The quarterly magazine of BSI Group • July 2008 • £3/$5 • BusinessStandards.com
A low Carbon
revolution
Hilary Benn MP on the
business of carbon
danger room
Risk management –
an old dog learns
some new tricks
choose wisely
Tesco’s quest for
more ethical trade
Win
an iPod at
BusinessStandards.com
“Children have a developmental
imperative to take risks... If they
can’t do that outside, they’re going
to go online and do it”
Dr Tanya Byron
2. raising standards worldwide
TM
Power to
access markets
worldwide
We can help you take your products and services further.
From industrial products to electrical goods, building materials to life-saving medical
equipment and trade services, our knowledge, network and relationships, can provide the ideal
partnership. Let BSI Product Services add value to your business through Kitemark, CE Marking,
and Product Testing.
As a UKAS Accredited Certification Body and a holder of Notified Body Status for many
European Directives – BSI Product Services has the power to deliver the advantage.
To find out how your business can benefit, call: +44 (0)8450 765600,
email: product.services@bsigroup.com or visit www.bsigroup.com now
Kitemark and the Kitemark logo are registered trademarks of BSI
PS1144/0708
3. “Child safety is everyone’s
responsibility... companies
should not hide behind the law”
Executivechairman’sletter
On the face of it, the subjects in this
issue of Business Standards may seem
unconnected, but they have one theme in
common: responsibility. Whether keeping our
children safe online, preparing our businesses for
challenging times or trying to do what’s right for the environment and
the supply chain, it’s a question of taking responsibility for our actions.
Take child safety online: responsibility needs to be taken at the
highest level if we are to truly safeguard our children. Companies
and regulators need to address this issue now without total reliance
on legislation. As Dr Tanya Byron points out in her recent report to
the government, “Child safety is everyone’s responsibility and I believe
that on this issue companies should not hide behind the law.”
As business leaders, we must not shy away from such
responsibilities. We should step up and act before we may be
required to do so by circumstance or regulation, and look at how the
implementation of best practice provides a more attractive solution.
This also means recognizing that some of the greatest challenges we
face are also some of our greatest opportunities. A low-carbon revolu-
tion, for example, is opening doors to a whole new segment of business:
environmental industries are already worth around £25bn a year.
Effective risk management helps businesses thrive in a turbulent eco-
nomic climate. Ethical trading practices help improve a company’s brand
and reputation. And our cover story about protecting our children repre-
sents the great opportunity of all: contributing to a safer, happier society.
Thankfully, businesses and individuals are proving up to the task,
as Hilary Benn points out: “There is a growing number of people in the
business community who say we have to take responsibility to provide
part of the solution, without somebody else coming along and saying
you have to do it”.
Sir David John KCMG, Executive Chairman, BSI Group
BSI Group
Executive Chairman Sir David John KCMG
Group Finance Director Martin Hannah
Director, BSI British Standards Mike Low
Director of Legal Affairs & Company
Secretary Richard Catt
Head office
389 Chiswick High Road, London W4 4AL
T +44 (0)20 8996 9000
E info@bsigroup.com
W www.bsigroup.com
Customer services
T +44 (0)20 8996 9001
E info@bsigroup.com
Press Office
T +44 (0)20 8996 6330
E pressoffice@bsigroup.com
BSI british standards
Director Mike Low
389 Chiswick High Road, London W4 4AL
T +44 (0)20 8996 9001
E britishstandards@bsigroup.com
W www.bsigroup.com/britishstandards
BSI Management Systems
Managing Director Flemming Norklit
UNITED KINGDOM
Managing Director Rob Wallis
PO Box 9000, Milton Keynes MK14 6WT
T +44 (0)845 080 9000
E client.services@bsigroup.com
W www.bsigroup.co.uk/certification
AMERICAS
President Todd VanderVen
12110 Sunset Hills Road, Suite 200
Reston VA 20190-5902
T +1 703 437 9000
E inquiry.msamericas@bsigroup.com
W www.bsiamericas.com
ASIA PACIFIC
Managing Director Alwi Hafiz
2 Bukit Merah Central, No. 14-02
Singapore 159835
T +65 6270 0777
E infoasia@bsigroup.com
W www.bsi-asia.com
CHINA
Managing Director Mo Yuan Liu
Rm 2008, East Ocean Center, No 24A
JianGuoMen Wai Street, Beijing 100004
National free hotline 800 810 0045
T +86 10 6515 7060
E bj@bsigroup.com
W www.bsigroup.cn
JAPAN
Managing Director Mitsumasa Tokunaga
Toranomon Kotohira Tower
21F, 1-2-8 Toranomon, Minato-ku
Toyko 105-0001
T +81 3 5501 7121
E japan.info@bsigroup.com
W www.bsigroup.jp
CEMEA
389 Chiswick High Road, London W4 4AL
T +44 (0)20 8996 6325
E international@bsigroup.com
W www.bsi-emea.com
BSI product services
Kitemark House, Maylands Avenue
Hemel Hempstead HP2 4SQ
T +44 (0)8450 765 600
E product.services@bsigroup.com
W www.bsigroup.com/productservices
www.bsigroup.com
4. raising standards worldwide™
BSI Certification to ISO/IEC 27001
* on submission of a completed “Request a Quote”
SAVE
UP
TO
£200
*
O
N
IN
FO
RM
ATIO
N
SECURITY
CO
URSES
*APPLIES
TO
LEAD
IM
PLEM
ENTER
AND
LEAD
AUDITO
R
Register your interest for certification or training
and receive a FREE laptop lock* at
www.bsigroup.co.uk/is_bs
Business information is more vulnerable than ever.
Prevent it falling into the wrong hands and protect
your most valuable corporate asset with certification
to ISO/IEC 27001.
BSI Management Systems provides a fully integrated range of Information
Security products and services designed to minimise the risk to your
business from compromised Information Security. Our Information
Security portfolio provides your business with a robust platform upon
which you can develop procedures to protect and secure your information.
The Information Security portfolio includes assessment and certification
services as well as a comprehensive training programme.
Assure your customers
Protect your information
0102_InfoSec BS Advert_v01:Layout 1 8/7/08 14:36 Page 1
5. 04
04
In brief
News, views and issues from the
world of standards. In this edition:
getting “Fit to Supply” for the Olympics,
a new standard for whistleblowers and
business continuity goes online.
09
viewpoint
Why is risk management important
to business? BSI’s John Hele and Mike
Softley of Ultima Risk Management Ltd
offer their insights.
features
10
Do you know where
your kids are surfing?
Eight out of ten children in the UK
have access to the internet today, but
fewer than 50 per cent of parents use
internet safety software to help protect
their children. A new Kitemark scheme
offers greater protection.
14
The low carbon
revolution
There is a climate of change facing
businesses today and time is running
out. Hilary Benn MP, Secretary of State
for Environment, Food & Rural Affairs,
outlines the low carbon economy.
16
A new risk
Risk isn’t just about prevention –
there are opportunities to be had as well.
An effective risk management system
can make all the difference and help
a business thrive in both good and bad
economic times.
20
Making the right choices
Why does one of the world’s largest
retail operations feel compelled to
trade ethically? Will Stephens, Tesco’s
ethical trading co-ordinator for food,
explains the benefits of a better way
of doing business.
22
Conferences,
Exhibitions
& training
24
raising
the standard
Sometimes, a standard
is needed that ensures things
remain distinct. Such is the case with
BS EN 15546-1, a new standard for
medical connectors used in different
fields of medical application.
25
about bsi
“Adults are trying to
manage behaviour
around risk. Offline,
it’s fine, because
we grew up with
the offline world and
we understand how
the real world works.
But online, there is
a real issue”
– Dr Tanya Byron,
author of the Byron Review
CONTENTS:July⁄08
BSI Group: Group editorial and marketing manager Marc Edney
Caspian Publishing: Group Editor (Contracts) Keith Ryan Creative director Nick Dixon Senior art editor Gary Hill Art editor David Twardawa
Production manager Karen Gardner Account manager Tina Franz Commercial director Justin Khaksar Editorial director Stuart Rock
Finance director Kate Andrews Communications director Matthew Rock Publisher Mike Bokaie
Caspian Publishing www.caspianpublishing.co.uk Editorial +44 (0)20 7368 7177 Fax +44 (0)20 7368 7178
Cover photograph: Jim Marks
Business Standards is the official magazine of BSI Group, which is incorporated by Royal Charter, and is circulated quarterly in the UK
and overseas. Published for BSI Group by Caspian Publishing Ltd. Editorial opinions expressed in the magazine are not necessarily those
of BSI Group or the publishers. Reproduction in whole or in part without written permission is strictly prohibited. All enquiries relating to the
distribution of the magazine should be directed to Marc Edney (BSI): +44 (0)20 8996 7737. Printed by Headley Brothers Repro by Zebra
Business Standards is printed on paper sourced from sustainable forests and supplied from mills certificated in accordance with ISO 14001.
2010
16
6. business standards July 2008
Read these stories and more online at BusinessStandards.com
Award winner for BSI
In May 2008, BSI British Standards was presented with
the Continuity Insurance Risk (CIR) Award for Industry
Advancement for its work in developing BS 25999, in
recognition of the outstanding contribution made by BSI to
the world of Business Continuity Management. CIR is the
UK’s leading bi-monthly risk management and insurance
journal. This ceremony marked the tenth anniversary of the
awards, which recognize excellence in business continuity
and operational risk management.
“I am delighted that CIR has decided to honour BSI
with this award for its work on BCM,” said Mike Low,
Director of BSI British Standards, on accepting
the award. “Both parts of the BS 25999 standard
were developed through a rigorous process,
working with business, and as a result are robust and
extremely valuable to industry at large. The possibilities
for developing further standards in the areas of risk,
quality and security are great, and we are now working with
industry to create ‘value-add’ solutions.” For more
information: www.bsigroup.com/july08CIRaward
inbrief
Business Link, the support and networking agency
funded primarily by the Department for Business, Enterprise
and Regulatory Reform (BERR), is working with BSI to
help companies in their goal to win contracts for the 2012
Olympic Games. According to the Business Link website
(www.businesslink.gov.uk), “Purchasing decisions are
increasingly based on whether suppliers can demonstrate
their ability to deliver services and products to consistently
high levels of quality, efficiency and competence. As well
as private sector companies, central government and local
authority bodies are particularly attracted to businesses
with management systems standards in place.”
The site goes on to point out that standards such as
ISO 9001 for quality management, OHSAS 18001 for health
and safety management and ISO 14001 for environmental
management provide these assurances, as well as a
framework to monitor and control business processes
and risks. As a consequence, BSI and Business Link have
created the “Fit to Supply” scheme, which offers a “simple,
structured and cost-effective way for businesses to
demonstrate competence through official certification”.
The scheme helps identify what is compliant and whether
there are any gaps in a company’s practices and procedures.
Certified companies will be able to “confirm to existing and
potential customers, investors, shareholders, employees and
suppliers that they are officially Fit to Supply”, the site points
out – a major step on the road to London 2012. For more
information: www.bsigroup.com/july08fittosupply
Photography:GettyImages,istockphoto
Barnsley based Norvik PVCu Window Systems Ltd has achieved Kitemark certification
to BS EN 1279 for its new range of double-glazed sealed units in record time, following
assessment from BSI Product Services. Norvik, a specialist in the new build sector, was
looking to expand the business and, with an annual outsourcing cost of over £500,000 for
glass, the decision to start manufacturing its own sealed units and invest in the necessary
production equipment was a logical progression. The company was concerned that the
time involved in the Kitemark approval process – up to four months – would mean a loss
of sales while it was being carried out.
“We contacted BSI Product Services and explained our concerns,” says Steve Day,
managing director of Norvik, “and they were able to offer us a very
interesting option. They would carry out a short seven-week
moisture penetration test on our products, in line with Part 6 of
BS EN1279. If the units passed, we would be given permission
to use the Kitemark immediately.”
Seven weeks from the submission of samples, Norvik was granted
permission to apply the Kitemark to its new range of double-glazed
sealed units. The test continued for the full 16 weeks prescribed by Part 2
of the standard in accordance with testing requirements and was passed,
and the permission to use the Kitemark granted at seven weeks was made
unconditional. For more information: www.bsigroup.com/july08glass
Are you “Fit to supply”
2012Olympic Games?
Fast glass: Kitemark® for Norvik
7. BSI British Standards has launched a new online standards portal, which will provide Chinese
industry stakeholders and policy officials with access to international standards information and
technical regulations. With this launch, British Standards continues to make inroads into the world’s
second largest economy. The bilingual portal (www.standardsgateway.org) was developed jointly
by BSI and the Standardization Administration of the People’s Republic of China (SAC). It is intended
to facilitate international trade between the UK and the People’s Republic of China. The portal offers
access to nearly 100,000 national, regional and international standards and guidelines, as well as
a core database containing 3,000 standards records considered vital to successful trade between
the two nations. In addition, the portal includes educational materials on the structure, history and
operation of the UK and Chinese standards systems. For more information: www.standardsgateway.org
Ever had to move office? Ever struggled with your moving company and wished there
was a better way to find a reliable supplier? There is an answer: BSI Product
Services, working with the British Association of Removers (BAR), has
published PAS 126:2008, covering commercial furniture removal activities. The
Publicly Available Specification (PAS) was designed to established a minimum
level of service and performance in organizations dealing with the moving of
office or business equipment, furniture and goods as a service to commercial
entities and other organizations. Companies that pass an audit of their
services against the standards set out in PAS 126 are eligible for
Kitemark certification. PAS 126 covers all forms of such service, no
matter what means of transport and handling is being used, or the type of
property being moved, and whatever the type of customer organization. It includes
office-based property as well as industrial and manufacturing, government body or others.
The guidance in the PAS is intended to help customers identify and compare the services
offered by companies. Companies that have earned the Kitemark will provide a level of
reassurance for customers and, it is hoped, lead to more consistent service levels across
the industry. For more information: www.bsigroup.com/july08removals
BSI Management Systems has become one of the first organizations
to be independently accredited to deliver global certification against
BS 25999, the business continuity management standard. BSI’s
accreditation has been granted by UKAS (United Kingdom Accreditation
Service), the globally recognized accreditation body. BSI began working
with a wide range of international clients to develop an assessment
and certification programme several months in advance of the final
publication of BS 25999, in anticipation of market demand for certification.
BSI was the first certification body in the world to award non-accredited
certification to clients to the standard in November 2007. A series of launch
events followed introducing BS 25999 certification, which attracted
thousands of attendees. Current clients stem from a range of industries
across many countries including the UK, Korea, Japan, Brazil and India.
“This is another
example of BSI’s
commitment to sustain its
leadership role in the world market
by helping our clients manage their risk,” says BSI Management
Systems’ managing director Flemming Norklit.
“We have seen a wide range of organizations asking us for
certification to the standard, including governments, banks, retailers
and ICT businesses. From today, accredited BS 25999 certification
from BSI provides the independent assurance that organizations
really do meet BCM best practice and so are ready to protect their
businesses,” he adds.
For more information: www.bsigroup.com/july08bcm
Kitemark® for furniture removers
Change comes to China
Global BCM
accreditation for BSI
8. The road less travelled
The London European Partnership for Transport (LEPT)
has engaged BSI British Standards to develop a new Publicly
Available Specification – PAS 500 – for travel plans, designed
to encourage more environmentally friendly transport.
This is timely: the government-commissioned King Report,
published in March 2008, examined the vehicle and fuel
technologies which over the next 25 years could
help to decarbonize road transport. It
concluded that all large public sector
bodies should have a workplace travel
plan in place by 2010.
Travel plans can be designed and
used by an organization to encourage
safe, healthy and sustainable travel
options. By reducing unnecessary car
travel, such plans can improve
individual health and wellbeing, make
more efficient use of car parking space,
improve efficiencies and make a positive
contribution to the community and environment.
“We believe that the development of a national standard
for this industry will improve the quality and effectiveness of
travel plans, and provide a valuable resource that travel plan
professionals can rely on,” says Paul Henderson, European
Project Manager at LEPT. “We look forward to engaging with
key stakeholders to ensure that the standard is fit for
purpose and a true benefit to travel planning.”
An independent BSI steering group
representing a cross-section of the
industry has been brought together to
provide feedback on the best practice
specification before it goes through for
stakeholder consultation. The steering
group includes: LEPT, Department for
Transport, National Business Travel
Network, ACT Travelwise, Transport for
London and an independent expert in
this field. Publication is expected in
November 2008. For more information:
www.bsigroup.com/july08travelplans
business standards July 2008
inbrief
Read these stories and more online at BusinessStandards.com
Audatex UK, a leading provider of insurance
claims management solutions, has become the
first company in the world to simultaneously
attain certification to ISO/IEC 27001
Information Security Management and
BS 25999 Business Continuity Management
from BSI Management Systems.
“There were strong business drivers for
certifying to both standards,” explains Ross
McEleny, IT services director, Audatex UK.
“By adopting best practice in both business
continuity and information security
management, and having our management
systems certified by a leading independent
authority, we are able to demonstrate to all
our stakeholders our proactive approach to
keeping data secure and ensuring continuity
of service delivery.”
Certification was achieved following a
rigorous assessment programme by BSI during
which potential risks were analysed, existing
processes reviewed and policies refined.
The dual certification complements the
company’s implementation of a Sarbanes-
Oxley control framework and the adoption of
ITIL best practice (IT Information Library) and
ITSM (IT Service Management) within its
customer service and IT functions.
To achieve certification, Audatex worked
with Ultima Risk Management (URM), a
company that specialises in providing training
and consultancy services in information
security and business continuity. The company
played a key part in the certification process by
conducting risk assessments, testing business
continuity plans and conducting internal audits.
“As a global provider of claims solutions,
we operate at the highest level in terms of
information security and business
continuity,” says Paul Tucker, managing
director of Audatex UK. “Being the first
company in the world to simultaneously
attain both ISO/IEC 27001 and BS 25999
certification is an important achievement;
underpinning our continual improvement
strategy and demonstrating our ability to
lead the way by adopting internationally
recognized business standards.”
The new business continuity portal from BSI is now live at:
www.talkingbusinesscontinuity.com. The site brings together all BSI
business continuity services under one umbrella and on one site. It provides
a platform to support organizations wishing to engage with business continuity.
Audatex: two for one
Business Continuity: online
9. BSI British Standards and the independent authority
Public Concern at Work have launched PAS 1998:2008,
new guidance for organizations on whistleblowing
arrangements. The launch marked the tenth anniversary
of the Public Interest Disclosure Act (2 July 2008), itself
recognized as an international benchmark on the subject.
Whistleblowing is now seen as an essential element of
risk management across private and public sectors, and
can be used as a key tool in tackling fraud and crime.
However, a recent Grant Thornton International Business
Report suggests that only 40 per cent of UK businesses
provide a comfortable environment for staff wishing to
report misconduct. PAS 1998:2008 seeks
to change this as it guides
organizations on how to run,
promote and review effective
whistleblowing arrangements.
“Ten years ago, the UK passed the
most far-reaching whistleblowing
legislation in the world to protect employees
who blow the whistle on organizations doing
wrong,” says Guy Dehn, director of Public Concern at
Work. “PAS 1998:2008 is equally important as it sets out
how organizations can get this right in the first place.”
PAS 1998:2008 was developed by a Steering Group
which included the Audit Commission, the Institute of
Directors and Trades Union Congress. The CBI,
Information Commissioner and the National Consumer
Council were among experts bodies on the review panel.
PAS 1998:2008 can be downloaded free of charge
from www.bsigroup.com/july08whistleblowing or
www.pcaw.co.uk/bsi
High Wycombe-based Motofix has become the 100th bodyshop to earn certification to the
Thatcham BSI Kitemark, having demonstrated that it conforms to Kitemark standards.
These include skills, repair methods, equipment and materials. The bodyshop was assessed
by BSI inspectors and met stringent benchmarks in order to achieve Kitemark status.
“This is the first of our three sites that will have Kitemark certification,” says Richard Tutt,
managing director of Motofix. “We have already noticed the benefits from the scheme, which
boasts a tighter framework in place for recruitment and reviews. Overall the scheme has given
Motofix strong recognition and support, and we are thrilled to be the 100th workshop to gain
Kitemark status.” To date, 433 sites have applied for Kitemark status in total, with 333 going
through various stages of assessment. For more information: www.bsigroup.com/july08bodyshop
More than 100 years after BSI was founded – based
in part on its work on the standardization of tramway
rails – the Group continues to work with the railway
industry to maintain and improve its services and
equipment. BSI does so by providing assessment and
certification services against IRIS (International Railway
Industry Standard), the quality standard for the railway
industry. Developed by UNIFE, the Independent
Association of European Railway Industries, and
supported by system integrators, equipment
manufacturers and operators, IRIS is an internationally
recognized standard for the evaluation of railway industry
management systems. IRIS is principally for any
equipment or component suppliers to the European
railway industry. IRIS certification becomes mandatory
for many suppliers to the Big Four system integrators
in 2009. These companies – Bombardier Transport,
Siemens Transport, Alstom and AnsaldoBreda – initiated
the development of the IRIS best practice standard. For
more information: www.bsigroup.com/july08iris
Blowing the
whistle
Still on the right track
Driving change in the
bodyshop industry
10. business standards July 2008
Read these stories and more online at BusinessStandards.com
inbrief
In a world first, BSI British Standards and UK
web compliance expert Magus have launched
PAS 124 Defining, implementing and managing
website standards, a Publicly Available
Specification that aims to improve the
effectiveness of corporate websites through a
new best practice approach to the application
and management of website standards.
Says Simon Lande, CEO of Magus:
“Our experience shows that businesses
are actually reducing the impact and value of
their web presence, despite the millions
invested each year, because they are not
implementing website standards successfully.”
Website standards include those defined by
organizations (eg brand and editorial standards)
and those specified by external bodies (eg legal
and accessibility standards).
PAS 124 provides the first-ever procedural
framework to help organizations deploy website
standards efficiently and harness their full
potential. It is organized around three key
processes: defining, implementing and
managing website standards. Business
benefits offered by the PAS 124 framework
include brand protection, minimization of
online risk, improved financial return and
workflow, and the provision of objective
targets against which performance can be
tracked and measured.
For more information: www.bsigroup.com/
july08websites
Elaine Westwood, founder and CEO of The Glassworks – one of the largest glass processors in the Midlands area – was
named The Midlands Business person of The Year’ 2008 at the inaugural Midlands Business Awards. The Glassworks is a
BSI client and has already achieved certification to BS EN 12600:2002, BS EN 12150 Class 1 (toughening) and BS EN ISO
9001:2000, and is aiming to achieve the standard for laminating as well. What’s the secret to her award-winning success?
“I emphasized my use of the Kitemark and its importance to us as a company within my personal statement to the
judges,” she says. In Westwood’s statement, she said, “Last year saw the biggest rise in sales at 16 per cent... During
the year, I worked closely alongside BSI with the aim of becoming the first business in the UK to be granted a British
and European Kitemark licence to produce a new decorative form of laminated and toughened laminated safety glass.”
Manchester-based Out There Events is among the first companies to
participate in a pilot programme, launched by BSI Management Systems
in April, to assess the opportunities for creating official certification for
BS 8901, the sustainable event management standard.
“The event industry is extremely fragmented, with companies varying
massively in size and specialism,” says Out There Events’ chief executive
Marcie Incarico. “I will endeavour to ensure that BSI produces a
certification scheme that is all encompassing, and does not hinder
smaller agencies from achieving something that will be hugely beneficial
to their businesses.” She also says that her agency would be among the
first to achieve certification if the scheme gets the go-ahead. If the pilot
is successful, it is hoped that BS 8901 assessment and certification will
be available by the end of 2008.
A Glass act
New web standards:
first in class
The Newport call centre for the Yellow Pages 118 24 7 directory
enquiries service from international directories business Yell, has
achieved certification to the CCA Global Standard. The call centre was
independently assessed by BSI Management Systems over two days
and measured against strict criteria including quality of customer
service skills; performance and operational effectiveness of the
team; and recruitment, selection and retention strategies, among
other criteria. The quality of service, the approachability of
management, the working environment and the development
opportunities available at the centre were all cited as strengths.
“This recognizes the high quality of service that our advisors
provide when callers ask us for in-depth business information,”
says Andrew Bradshaw, Newport call centre manager.
Anne-Marie Forsyth, chief executive of the CCA, agrees:
“The certification is a true reflection of the commitment and
drive demonstrated by Yell in delivering consistency, efficiency
and continual improvement in its Yellow Pages 118 24 7 team.”
For more information: www.bsigroup.com/july08cca
Calling for
higher standards
Sustainable events
standard takes off
11. VIEWPOINT
Risk management is the discipline of identifying and evaluating levels of risk using an
appropriate, consistent and repeatable process across parts or the whole of an organization.
Risk management does not seek to eliminate risk, as this is rarely achievable, rather to create
an environment where appropriate business decisions can be made.
The benefit that it brings is to allow an organization’s management team to make decisions
based on objective and comparable information, rather than subjective intuition. Risk
management identifies where resources should be directed to reduce or mitigate unacceptable
risks. Just as importantly, risk management also identifies those risks that can appropriately
be accepted thereby avoiding or reducing unnecessary spending, or transferred by, for example,
insurance or outsourcing. The Combined Code for Corporate Governance describes profit as
being, in part, the reward for successful risk taking in business. By adopting a structured and
objective approach to risk management, the organization will have a greater control over its
destiny and is more likely to reap a higher reward.
Mike Softley, senior risk consultant, Ultima Risk Management Ltd
Question: Why is risk management important to business?
First, there’s more to risk management than
just managing risk. Most organizations will
talk about risk assessments, but the question
is: what are they assessing? If you don’t know
what the threats are, then how can you
conduct an effective risk assessment?
Organizations should assess the threats
to the business and then determine the risk
of those threats coming to fruition and
damaging the business. It may be that only
a few threats need to be considered. This is
important because otherwise businesses
could waste time reviewing every single
possible risk and try to cope with all of them,
when it could be that they don’t need to do
half as much as they think they need to do.
This is where guidance found in standards
such as BS 31100 is invaluable.
Second, risk can represent opportunity.
After all, there are always risks involved in
business, but sometimes those can become
opportunities, if handled properly. If organiza-
tions conduct their assessments from a
positive perspective, wherein risk doesn’t
automatically equate to a cost, then this can
have very positive impact on the business. In
some cases, risks are good things and a choice
has to be taken whether it’s worth the risk.
Third, most business already employ some
degree of risk management. However, many
do not have a formal risk management system
in place; they tend to be reactive, rather than
based on potential risks. Instead of asking why
risk management is important to business, the
real question is: why is it important to
implement a formal risk management system,
such as that outlined by BS 31100?
The simple answer is that it’s important for
the same reason that any formal management
system is important: they help organizations
put controls in place so that risks are kept to a
minimum and opportunities are maximized.
All management systems standards –
whether ISO 14001 Environmental Manage-
ment Systems, OHSAS 18001 Health and
Safety or BS 25999 Business Continuity have
an element of risk management. Any business
that has an effective management system in
place is already employing a form of risk
management or at least risk mitigation. Using
BS 31100 to assist with risk management is
not difficult and could have tremendous impact
on the business as a whole.
John Hele, global product manager – risk,
BSI Management Systems
“Risk management identifies those risks
that can be appropriately accepted”
12. 10 business standards July 2008
Childhood has changed dramatically over
the last 20 years and some argue that today’s
children enjoy less freedom than ever before.
For worried parents, the world beyond the
front door now seems just a bit too risky.
Anxieties about everything from road
accidents to “stranger danger” mean that
children are increasingly being kept indoors.
But it’s becoming clear that there are
risks at home too and, despite its multitude
of benefits, content encountered via the
net can be one of them. The risk of children
encountering potentially harmful or
inappropriate content online is now a worry
for many parents. With children spending
less time outside and more time indoors
using computers, the chances of them
encountering inappropriate material are
greater than ever.
Improving child safety online is the role
of a new Kitemark scheme developed by
BSI. Launched by the Home Secretary in
April 2008, the Kitemark for Child Safety
Online and its supporting guidance set the
standard for internet filtering software for
internet browsing packages used on home
computers. Only products that pass a series
of rigorous independent tests – including
the ability to restrict access to websites
featuring pornography, racism and violence
– will be awarded the Kitemark to
demonstrate conformity.
Safety net
Unveiling BSI’s Kitemark scheme, the Home
Secretary Jacqui Smith said: “The launch of this
new guidance and the BSI Kitemark alongside
our plans to crack down on sex offenders on
the web, sends a clear message that keeping
children safe is a priority for us all.”
Eight out of ten children now have
access to the internet at home. But research
by Ofcom, the UK’s communications
regulator, indicates that less than half of all
parents use internet safety software to help
protect their children. The Kitemark scheme
is the first of its sort, and will allow parents
to choose internet browsing software that
has been proven independently to be
effective. The first Kitemark products are
expected to be available later this year.
Concerns about the risks posed by the
online world – and particularly the risks
for children – have grown in recent years.
The need for concerted action was
recognized back in 2001 with the formation
of the Home Secretary’s Taskforce on Child
Protection on the Internet, which brought
together government, online technology
providers, law enforcement and child
protection experts.
But the internet is evolving fast – and,
as in any environment, so are the potential
risks that go with it. In September 2007,
the government commissioned Dr Tanya
Byron, a consultant clinical psychologist
specialising in child and adolescent mental
health, to carry out an independent review
of the risks children face online and through
video games.
One of the key issues identified in the
Byron Review is the increasing gulf between
computer-savvy children and their parents
and carers, many of whom are still
struggling to get to grips with the web.
“The digital technological divide is key
to the arguments that I put forward in my
review,” says Dr Byron. “We have this very
interesting time in the development of
technology where children not only know
more about the technology and understand
it better, using it more creatively and widely,
but are also creating an awful lot of the
content that drives these technologies.
“Adults are trying to manage behaviour
around risk. Offline, it’s fine, because we
grew up with the offline world and we
understand how the real world works.
But online, there is a real issue,” believes
Dr Byron.
“I wouldn’t want to say that there is
moral panic to the degree that it then
trivialises the real risks online for children
and young people, but I think it’s important
also to put it into the context of any new
technology. We can look back in history and
see this even when Caxton first developed
Cover story: child safety
Do you know
where your kids
are surfing?
John Coutts explains how a new initiative
by Ofcom and the Home Office, in association with
BSI, is helping to safeguard children on the net.
For more information: www.xxxxxxxxxxxxxxxxxxxxxxxx.com
14. 12 business standards July 2008
the printing press: developments like this
were met with real panic and the fear that
there would somehow be moral contagion.
What I found in my review was how polarized
the debate has become when you start to talk
about these new technologies,” she says.
Cutting through the myths, misunderstand-
ings, hype – and sometimes apathy – that
surround online risks is a very real problem for
those charged with keeping children and young
people safe. And the polarization is evident.
Banning children from the internet is probably
not a solution. But neither is allowing them
free rein to do what they like. It’s confusing for
many parents and the worry is understandable.
Risk factor
“It’s certainly an issue which parents feel very
anxious about,” believes John Carr, secretary of
the Children’s Charities’ Coalition on Internet
Safety. “Polling is being done all the time by the
internet companies, the mobile phone compa-
nies, by independent academics, by newspapers
– and anxieties about children being exposed to
risks online are featured very high up the scale.”
But what are the risks? Carr identifies three
principle areas of concern: “There’s exposure
to illegal or age inappropriate content, exposure
to contacts which are either again illegal or are
inappropriate – I’m thinking here about
paedophiles grooming children, or cyber
bullying. Then there’s commerce, situations
where children are exposed to scams of one
kind or another, or access sites where things are
for sale that are not appropriate to children
according to their age,” he says.
“Take some of the hard facts,” says Carr.
“In Operation Ore, 7,200 men in the UK were
identified as having bought child pornography
off a single internet website, and there were
300,000 names altogether. In 1997, an
investigation for the government on child abuse
described this as being a cottage industry. Ernie
Allen, president of the National Center for
Missing and Exploited Children in the USA,
recently described child pornography on the
internet as a multi-billion dollar industry.
There’s been a phenomenal increase.”
With the number of pornography websites
now measured in the hundreds of thousands,
there’s no shortage of explicit content online.
Carr points to a recent investigation of internet
use among children aged nine to 19 years old
[UK Children Go Online published by the
London School of Economics in 2006], which
states that pornography is a “commonplace but
often unwelcome experience for children and
young people”. More than 20 per cent of the
nine year old children surveyed claim to have
seen pornography online.
“There is a problem and it’s one that concerns
parents and schools greatly,” says Carr.
Online pornography is as old as the net, and
most parents and carers are aware of the need
to protect young children from stumbling across
pornography and violence – or to restrict their
ability to seek it out deliberately as they get
older. What’s less well understood is the way
that the net has been changing, particularly over
the last five years. Web 2.0, characterized by
“ImprovingchildsafetyonlineistheroleofanewKitemark
schemedevelopedbyBSI.LaunchedbytheHomeSecretary
theKitemarkforChildSafetyOnlineanditssupporting
guidancesetthestandardforinternetfilteringsoftware
forinternetbrowsingpackagesusedonhomecomputers”
For more information: www.bsigroup.com/july08childsafety
15. user-generated content and interactivity, presents
a whole new set of challenges and risks.
“Kids are on social networking sites – which
are a brilliant way for kids to explore, create
and communicate – but few parents are chatting
with them about privacy settings, because they
don’t understand it,” observes Dr Byron.
“Children don’t understand when they put up
photos of themselves that unless they put their
settings to ‘privacy’, anybody can see them.
That’s when you see the risks start to crank up.”
The right tools
Providing people with the tools to protect
themselves – and that includes browsing
software with BSI Kitemark assurance – is one
of the cornerstones of the government’s strategy
on protecting children online. Regulating
material on the net is next to impossible and
traditional approaches that worked for
broadcasting don’t work in the online world.
For communications regulator Ofcom,
which works to promote people’s understanding
of media and services, this presents new
challenges and demands a new type of
approach. In tandem with the Home Office,
Ofcom initiated a discussion with BSI Product
Services about setting up a Kitemark scheme,
after it became clear that existing internet
filtering software was not being used as
extensively, or as effectively, as it could be.
“Ofcom does not have any statutory
responsibilities for content delivered over the
internet,” explains Robin Blake, Head of Media
Literacy at Ofcom. “What we do have is a duty to
promote media literacy. If you imagine communi-
cations as a pipe, traditionally we dealt with the
question about what goes into the pipe at one
end, being appropriate for the audience, accurate
and balanced – that’s the broadcasting pipe. But
in the internet space, regulators no longer have
any influence over what goes in at one end of the
pipe, so we’ve got to deal with what’s at the
other end of the pipe – and that’s
human beings. We need to give
them the skills, knowledge,
understanding and tools to
enable them to take control
of, and responsibility for
what they’re seeing.”
BSI’s Kitemark
scheme and the minimum
performance requirements
needed to obtain it, which
are set out in PAS 74:2008
Internet safety, are an integral
part of this effort. The Kitemark
can be applied to any type of software
that can access the internet. In addition to
browsers on home computers, the Kitemark is
also applicable to games console software, which
is increasingly used across the web, as well as
internet service providers’ browsing facilities.
“What it’s looking to do is help protect
children when they’re surfing the net, to make
sure that they’re not going to inadvertently
come across any adult content, any gratuitous
violence, sex and material of that nature,” says
Ian Harper, sales and marketing director of BSI
Product Services. “It’s to make sure that there’s
a robust validation of the screening facilities
offered in browsing software.”
BSI’s vetting programme for the Kitemark
is rigorous. Companies seeking to display it on
their products must first submit their software
for scrutiny and testing by independent experts.
To prove that software offers effective filtration,
it’s tested against a list of websites known to
contain explicit content. This list is drawn up
by the Home Office and Ofcom, and it’s kept
secret. In order to continue displaying the
Kitemark on software, manufacturers must
re-submit their products for regular testing.
The initial validation process is expected to
take around eight weeks.
“The Kitemark not only looks at the
effectiveness of the software, but also the ease
with which it can be installed, the completeness
of the user information, the ability to provide
online support and the ability for a parent
to be able to put a security password in to
prevent things being changed,” says Harper.
“It’s all-encompassing.”
With children spending increasing amounts
of time indoors – and online – the need for
solutions of this sort has never been greater.
And there’s anecdotal evidence
to support the theory that
if children aren’t allowed
to take risks in the
real world, they’ll
take them on the
net instead.
“We’re
bubble-wrapping
our children.
But children have
a developmental
imperative to take
risks, to socialise and
to communicate. If they
can’t do that outside, they’re
going to go online and do it,” warns
Dr Byron.
“This Kitemark scheme is great. It’s the
first step towards actually thinking strategically
about safety and being able to talk to children
about it. I see this as the first part of a process
of changing a mindset. It’s actually pushing
adults into a contemplation stage where they
can then start to think with their children. For
me, this is a good thing,” concludes Dr Byron.
“We just have to be careful that we don’t view
it as a magic bullet.”
Photography:GettyImages
“Children have
a developmental
imperative to
take risks, to
socialize and to
communicate.
If they can’t do
that outside,
they’re going to
go online and do it”
– Dr Tanya Byron,
author of the Byron Review
16. 14 business standards July 2008
“Successful economies, successful
countries, successful companies, in future are
going to be low carbon. Those who get in first
in order to shape this low carbon revolution
are going to have a big advantage over those
who don’t.
“However, while countries and governments
will say they understand the science, they worry
about the impact of dealing with climate change
on their economic development.
“The challenge is to show that it is
possible to combine sustainable low carbon
development with the fight against climate
change – the British experience over the
last decade is a modest example of that.
The economy has grown by around a quarter,
in real terms, while our greenhouse gas
emissions have come down by just under
eight per cent. As soon as you begin to show
that, then you can open up a conversation
with emerging economies.
“The great challenge looking ahead to
the UN Climate Change Conference 2009
and negotiating the deal internationally is
how we’re going to get sufficient contribu-
tions on the table to deal with the problem.
It’s inconceivable that this will happen
without the US – the largest economy in the
world – playing its part. But you also need
China, India and other countries to be in,
because even if our rich ‘developed’ world
could kick the carbon habit tomorrow
morning, we would still be facing the threat
of dangerous climate change because of rising
emissions from emerging economies.
“Consider all the benefits we have in our
society in comparison to those where they
don’t have healthcare for everyone, where
not every child is in school and not everyone
has a job or a reasonable standard of living.
How can we help them pursue development
but in a low carbon way?
“China’s in a very different position
economically to Mali or Burkino Faso,
but they’re all members of the G77 group
big issue: low carbon economy
The low
carbon
revolution
Hilary Benn MP,
Secretary of State
for Environment,
Food Rural
Affairs, highlights
the climate
of change facing
businesses of all
sizes today.
For more information: www.bsigroup.com/july08cfv
17. The carbon question
Measuring, calculating and declaring your organization’s direct and indi-
rect greenhouse gas emissions (GHG) is becoming increasingly important.
The launch of BSI Management Systems’ Carbon Footprint Verification
(CFV) scheme in the UK is for businesses seeking not just to declare
their corporate carbon footprint, but to reassure customers, employees,
shareholders, potential investors, environmental groups, and the
media of the integrity and completeness of their calculations. The scheme
includes training courses on best practice approaches to footprinting and
is relevant to all types of organizations that are looking to enhance their
environmental credentials, or move towards carbon neutral status. This
includes those already reporting for mandatory GHG emission reporting
schemes wanting to widen the scope to cover their whole organization, as
well as those in industries that will be next into mandatory GHG schemes.
BSI’s CFV service is delivered in accordance with the principles laid out for
GHG verifiers in ISO 14065 and can be verified against ISO 14064-1 and the
WBCSD/WRI GHG Protocol for Corporate Accounting and Reporting.
[the largest intergovernmental organization
of developing states in the United Nations].
How are you going to unlock their commit-
ment to low carbon?”
The potential for change
“The greatest risk we face is that we fall prey
to despair, transfixed in the headlights of the
enormity of the problem.
“I don’t believe this needs to be the case –
human beings are rational, creative and
imaginative. History has taught us that what
may seem absolutely impossible today may be
possible tomorrow.
“For example, imagine if someone had
popped up ten years ago and claimed that
within a decade, we would be able to get
the government in Britain to put forward
a bill to Parliament establishing carbon
budgets for the UK and set up a Climate
Change Committee that would advise on
those budgets. Imagine he went on to claim
that the government would set targets for
reductions in CO2 emissions for 2020 and
2050. And that it might be possible to get
every country in the world to sign up to an
agreement that recognizes climate change
and acknowledges that human activity
is the cause, agreeing that we need to make
deep cuts in emissions. Most people would
have thought this person completely mad.
“Ten years on, those things have either
happened or they’re in the process of
happening. This shows what is possible –
we’ve done it. That demonstrates the
capacity of our society, our politics, to see
what is happening and to begin to respond.
But we’ve got to get our skates on.”
Legislation versus
voluntary regulation
“Current UK emissions are just under
550,000,000 tonnes of CO2 a year and
we’ve got to bring it down. Forty per cent
of our emissions are down to the choices
that we make as citizens, whether in our
own lives or in the businesses for which
we work.
“There’s a growing number of people
in the business community who say we
have to take responsibility to provide part
of the solution without somebody else
coming along and saying you have to do it.
“As such, I think we need a combination
of voluntary and regulatory influences in
play. The markets send signals through price,
regulation is introduced where appropriate
and taxation provides an incentive. Trading
schemes like the European Union Greenhouse
Gas Emission Trading Scheme (EU ETS) raise
awareness at boardroom level of the impact
that carbon can have on the bottom line.
“An example from the UK is the zero
carbon homes initiative. We have an
imbalance between existing housing stock
and the need for new homes, so this new
initiative was set up and it in turn ratcheted
up building regulations.
“Another example is the voluntary
agreement that was reached with retailers
and lighting manufacturers to phase out
old Thomas Edison Victorian technology
light bulbs between now and 2011. This
should save upwards of 5,000,000 tons
of CO2 a year and we will achieve this in
advance of whatever regulatory decision
Europe might take (the EU can’t actually
ban these light bulbs because they fall under
the free circulation of goods that meet a
common standard).
“Look at the Carbon Emission Reduction
Target, another clever scheme. Energy
companies have to save a certain amount of
CO2 and they have to focus 40 per cent of their
efforts on people on low incomes. As a result,
some energy companies will send free low
energy light bulbs through the post or will come
and do insulation in lofts or cavity wall, or offer
discounts if you buy low energy appliance.
These are all the result of government
regulation mixed with voluntary self-regulation,
and companies are being creative about finding
ways to implement these initiatives.”
The change is coming
“There’s going to be a temptation for some
to say, ‘The economy has to come first and
the environment will just have to wait for
a bit’. I think that would be a profound
mistake. This change is coming and the
science isn’t backing off.
“But if we do get on with what needs
to be done first, there’s a real opportunity
here. Environmental industries, in a broad
sense, are worth £25bn a year, employ
400,000 people and they’re forecast to
grow considerably in the next few years.
It’s already a significant industry and it’s
going to be more significant in future.
“Fundamentally, this is a low carbon
revolution, not just in our society and in
our economies, but in the developing world
as well. How do we get from where we are
to where we need to be, recognizing that
we share the planet and that climate change
expresses human interdependence? We can’t
opt out of this – and there are going to be
nine billion of us in the next 50 years.
We have to do it.”
“The challenge is to show that it is possible to
combine sustainable low carbon development
with the fight against climate change”
18. 16 business standards July 2008
The concept of risk management
has sometimes struggled for recogni-
tion within the wider business
community. Management of risk,
so orthodoxy goes, means putting
the brakes on, curbing exuberance,
avoiding losses. It is a defensive move
and a narrow interpretation of risk
that belies the importance that the
discipline can have in actually driving
profits forward.
Monographic interpretations of
risk management have been the norm
in recent times. Take Basel II, the
international code governing capital
structure within banks, a dry
document whose syntax is aimed
squarely at forcing banks to avoid
loss through over exuberant lending.
This is not unreasonable, but it
neglects the major benefits to be
gained from risk management, the
fact that increased awareness of risk
equals greater sustainable profitability.
“There is a lot of regulation at the
moment that is raising the profile of
operational risk,” says Michael Faber,
vice-chairman of the Institute of
Operational Risk and a member of the
drafting committee for a new standard
on risk management, BS 31100, due
to be published this summer. “The
problem with Basel II is it’s very much
concerned with the negative side of
risk management, for example laying
down actions you must comply with
rather than focusing on what you
can do for the good of the business.”
According to American risk
management guru Felix Klomans, risk
management strategies should address
three separate goals: to build and
maintain the confidence of stakehold-
er groups; to teach organizations how
to cope with uncertainty and doubt;
and to encourage opportunism.
This last point has been lost on
previous authors of standards,
something that has arguably set the
development of risk management as a
business discipline back several years.
“There is continual debate about
the positives and negatives of risk,”
says David Adamson, secretary of
the committee responsible for
drafting BS 31100. “Most people
think negatively when they think
of risk – for example, the dangers
to be had from taking risks –
but there is a school of thought
that looks at the positives.
For example, new customers that
you might attract were you to
move locations, rather than just
focusing on what might go wrong.
What we had to decide is whether
these should be talked about in a
standard or whether this was too
avant-garde in the current climate.”
“Risk management is as important
as any other area of business, it just
happens that up until now there
has lacked a set of clear, simple and
unambiguous guidelines,” says Julia
Graham, chief risk officer of global
legal practice DLA Piper and chair of
With the global and UK economies
headed for uncertain times, the
need for risk management is at
an all time high, writes Oliver Cann.
the BS 31100 drafting committee. “From
a timelines point of view, risk manage-
ment is coming under the spotlight in
the current economic climate.
“Read any CEO survey these
days and the top answer as to what’s
keeping them awake at night will be
economic volatility. The credit crunch
Anewrisk
For more information: www.bsigroup.com/july08risk
19. BS31100doesn’t get rid of good
things, but teaches
how to use risk to
convert opportunity
and what has followed after has
woken a few boards up to the fact
that failures in risk management
are fundamental problems and part
of the reason why they are in the
position they are in now.
“In this respect, BS 31100 is raising
the profile of risk management at just
the right time and I think it could
become a benchmark for organiza-
tions that do not want to make the
same mistakes others have made.”
One could argue that the long
bull market of the past few years
was created by financial markets that
failed to heed the warning signs over
US sub-prime mortgages and other
indicators of an overheating economy.
Graham’s view is that, had an
effective risk management policy
been widely employed, far from
putting an end to the human
behaviour that fuelled the boom,
organizations in the City and
elsewhere would have been able to
profit in this period while avoiding
the hangovers many are now feeling.
“We need to recognize the
opportunity value of risk as well as
the negative value of risk,” she says.
“We could have a booming economy
based on more robust business
models. BS 31100 doesn’t get rid of
good things, but teaches how to use
risk to convert opportunity.”
A standard of two halves
The committee that drafted BS 31100
approached risk management from
two angles. First, it dealt with
practical solutions: the principles,
framework and processes required
for an effective and scaleable code
of practice.
20. The second half of the standard
contains classifications of risk
categories, risk management tools,
maturity models and other features that
help outline the positive consequences
of risk. This format encapsulates the
committee’s vision of not only creating
a document to promote good practice
but also one to attempt to steer the
debate towards aligning good risk
management with better performance
and higher profits.
Ultimately, though, it was about
recognizing risk management as an
opportunity and a business driver:
“We’ve tried to demonstrate the
positive aspects of risk management
and to demonstrate the opportunity
associated with the discipline. In this
respect, BS 31100 is very much an
aspirational standard,” says Faber.
“There is no firmly established
process for risk management, no
document saying exactly what people
already know. The trick was to make
the language understandable and the
solutions scaleable so that anyone
from a sole trader to a multinational
could make use of it,” adds Adamson.
“Smaller organizations don’t have
the resources to employ risk manage-
ment professionals, so we tried to make
it as jargon-free as possible. But a really
successful standard also needs to be
scalable and in this case that meant
making sure the final document didn’t
lose the ‘what if’ high level thinking
that was applicable to the most
advanced multinational organizations.
“Standards are not monographs
or text books: the content really had
to be digestible,” Adamson continues.
Inclusiveness is the key
Inclusiveness is a key element in the
formulation of BS 31100, which perhaps
goes some way to its wide-ranging appeal
across stakeholder groups. The drafting
committee, whose 40 representatives
comprise groups from industry,
government and academia, and was
so well supported that, by the time the
committee issued a Draft for Public
Comment (DPC) in 2006, it received
3,000 comments back from the
approximately 30,000 entities that had
received the draft. This in turn resulted in
the committee taking the unusual step of
issuing a second DPC a few months later
to take into account all the recommenda-
tions received the first time around.
Towards a risk informed future
While the economic climate has
conspired to push risk management up
the business agenda, Faber argues that
recent successes in promoting business
continuity management (BCM) have
also played a part in paving the way
for a renewed effort to modernize
thinking on risk management.
“BSI’s BCM standard BS 25999
has had a big impact on business life.
I was recently on a judging panel for
the Business Continuity Awards and
almost every entrant on every award
cited BS 25999 in their nomination pitch.
This has changed the way business views
the field of business continuity
management,” he says. BSI was
given an award at the ceremony
for its contribution to business
continuity management through
the publication of BS 25999.
Of course, BS 25999 came to
life via PAS 56, which described
an effective BCM process and
provided a series of recommen-
dations for good practice. Thus,
its passage was smoother than
the two years that it has taken
BS 31100 to get to publication.
Nevertheless, given the amount
of ground covered by the new
standard, the dearth of best
practice out there and the need
for the new standard to work
within the confines of existing
terminology used in BS 25999
and other standards, two years
does not seem long.
“This guidance has not been
produced in isolation of related
standards,” says Graham.
“The committee has used a
bible of what are considered
leading works in the area of
risk management, kept
closely aligned to the work
of BS 25999, and taken a pro-
active role in the development
of the proposed ISO standard
on risk management ISO 31000.
After all, why have three
definitions for a common issue?”
Faber’s hope is that the
introduction of BS 31100 will
have a wide-reaching effect on how
the discipline is regarded, both in the
UK and internationally: “BS 31100
will definitely bring together more
specialisms in risk management. What
you tend to have at the moment is lots
of silos or fiefdoms in risk management,
from health and safety to information
security. It’s about time the discipline
grew up and we all worked more closely
together. Risk management professionals
need to provide good, consistent,
consolidated information to the board to
enable them to make informed decisions:
boards cannot make informed decisions
if they do not get a consistent view.
Download BCM whitepaper: www.bsigroup.com/july08BCMwhitepaper
18 business standards July 2008
BS25999came to life via PAS 56,
which described an effective
BCM process and provided
a series of recommendations
for good practice
21. BS 31100: in a nutshell
BS 31100, BSI’s new code of practice for risk management, began
life in 2006. Drafted by a 40-strong technical committee made up of
representative bodies from industry, government and academia, the
standard went through two public consultations before it was ready
for publication. Unlike other standards that concentrate on reducing
losses, BS 31100 aims to widen the discipline’s appeal by focusing on how
it can be employed to help drive profits through responsible risk-taking.
BS 31100 is aimed at all sizes of organization and its language has
been especially adapted in order to be understandable to both small
organizations and multinationals, and to reduce duplication as much
as possible by tying in language and methodologies from existing or
future bodies of work, such as ISO 31000. BS 31100 will be published
this summer.
“There is continual debate
about the positives and
negatives of risk,” says David
Adamson, secretary of the
committee responsible
for drafting BS 31100
“Risk management is ready to enter
an aspirational stage,” Faber adds. “People
in government acknowledge that in some
places there is too much regulation and that
what is really needed is good self-regulation.
There is a role here for BS 31100 and if
we can get good take up from within
government and the private sector, I think
this standard will be a success.
“BSI doesn’t want to increase regulation
– it wants to increase good practice
without diluting what is already out there.
The irony is, good risk management
enables companies to take far greater
risks in a more controlled manner, thus
creating greater shareholder value.”
Photography:GettyImages
22. 20 business standards July 2008
Retailers have never had a stronger set of
reasons to trade – and to be seen trading –
ethically. In the wake of a number of high
profile cases of global sweatshops, increased
media scrutiny and growing public conscious-
ness of a range of social and environmental
issues, retailers are under pressure to prove
that their supply chains operate not only to
the benefit of the customer and the company,
but also to thousands of stakeholders.
Trading ethically is a complex business,
however. Retail supply chains are vast,
involving thousands of suppliers and
partners, and many countries. The potential
for ethical problems to arise – and the
embarrassment and opprobrium that goes
with them – is sizeable. What’s more, the
expectations of stakeholders – which include
campaign groups and NGOs, the media,
investors, unions and government – evolve
over time, placing new requirements on
companies to act responsibly.
Tesco, the UK’s largest retailer, faces as
much ethical trading complexity as any
British company. Accounting for one in every
eight pounds spent on the UK high street, not
to mention its burgeoning operations in
eastern Europe, the US and Asia, it has more
than 5,500 primary suppliers in 94 countries.
This primary tier alone employs up to two
million people worldwide; their suppliers, in
turn, employ many millions more.
According to Will Stephens, Tesco’s ethical
trading co-ordinator for food, retailers are
under constant pressure to account for their
supply chain activities from a variety of
quarters. He says Tesco sees trading ethically
as important for a range of reasons: protecting
the company’s brand and managing risk,
because it’s “good for business” (improving
product quality and limiting accidents) and
because it improves the morale of Tesco’s own
employees (who, like everyone else, want to
work for a firm that acts reputably).
By improving the transparency of its
supply chain, Tesco also has an opportunity
to get a competitive advantage over its rivals,
Stephens believes.
For more information: www.bsigroup.com/july08socialresponsibility
Making the
right choices
Will Stephens, Tesco’s ethical trading co-ordinator for food,
explains to Ben Schiller why one of the world’s largest retail
operations feels compelled to trade ethically.
23. “More awareness creates more risk. But,
on the other hand, it’s not just Tesco that gets
targeted. That accountability offers another
point of differentiation,” he says.
With so many partners, however, keeping
tabs on the whole supply chain is difficult
for an organization as extensive as Tesco.
Increased transparency is tough on suppliers
as well, as they must account for their
activities – often in great detail –
to retailers with slightly
different demands.
“Tesco may define good as
‘A’. Sainsbury’s demands ‘B’.
And then Asda comes along
and demands ‘C’ and so on.
If you are a single supplier, you
can’t do A, B and C, you can
only do one of them,” Stephens
explains. The growing complexity
of ethical trading led to calls for greater
standardization, with suppliers and retailers
agreeing what is “good”.
Getting it together
In 2004, a range of suppliers and retailers,
including Tesco, came together to form the
Suppliers Ethical Data Exchange (Sedex),
a web-based system that enables suppliers to
record and demonstrate their performance on
labour standards. Retailers can use the system
to monitor performance and improvements
on labour standards in their supply chains.
“Sedex is really a fundamental step forward
in standardizing the ethical trading require-
ments of the various organizations involved,”
Stephens says.
Sedex is useful in two main ways. First,
it gives retailers a detailed view of its supplier
relationships: “We can get visibility of what the
relationships are in our supply chain. It means
we can quickly check the system in the event
of a call from a factory or farm, or if the media
is making an allegation,” says Stephens. “If you
want to improve standards in your supply base,
or reassure yourselves of standards in your
supply base, you need visibility of what’s going
on. It’s the old mantra: if you can see and
measure it, you can manage it.”
Second, it is a tool for assessing risk. Each
supplier is asked to fill in a questionnaire based
on the provisions of the Ethical Trading Initiative
(ETI) – an organization formed in the mid-
nineties to raise ethical standards among retailers.
Retailers can add their own provisions as well –
for instance, on issues such as bribery, corrup-
tion, the environment, and health and safety.
The retailer then uses the questionnaire to
establish a “risk rating” for each supplier –
high, medium or low. For example, suppliers
with a greater proportion of temporary
workers will likely be seen as a higher risk
than those with more permanent workers.
Likewise, garment-makers are
generally higher risk, as
are suppliers from
China’s Export
Processing Zones.
Stephens concedes
that Sedex is not a
panacea – neither fixing all
the ethical problems in Tesco’s supply chain,
nor placating outside observers who are
demanding that retailers do more. However,
he argues that the standardization of ethical
practice and the growing scope of Sedex – now
with over 19,000 partners around the world
and adding more every day – is a step forward.
In the future, Stephens hopes that the move
to greater standardization will continue:
“Having different targets and requirements is
really costly and confusing for the supply base.
It’s also quite confusing to customers when it
comes to communicating these things. In five
years time, I think it will be more standardized
and more normal.”
“Tesco, the UK’s largest retailer,
faces as much ethical trading
complexity as any British company”
An ethical
approach
BSI has recently been approved
by Tesco to carry out Sedex
audits, but its work on ethical
business practices goes back
even further.
It can also carry out checks
against the internationally-
recognized social accountability
standard, SA8000 or other
recognized ethical trade schemes
such as Worldwide Responsible
Apparel Production (WRAP).
SA8000 in particular represents
a unique step for businesses
hoping to establish or reaffirm
their ethical credentials.
It is the first auditable standard
to provide a framework for assur-
ing all stakeholders that social
accountability is being stewarded
by a company’s management.
This is essential: NGOs (non-
governmental organizations),
analysts and consumers are
putting pressure on organizations
to demonstrate that minimum
standards are upheld in the
workplace and ensure that
workers are getting a fair deal.
Photography:GettyImages
24. Our conferences bring together key players to provide
the latest information on standards and best practice,
to debate the latest trends, regulations and issues,
and to give opportunities for delegates to take part
in open discussions and debates led by panels of
expert speakers. In addition, these conferences may
be accompanied by workshops to provide guidance
and practical advice. Past conferences have covered
topics as diverse as business continuity, health and
safety, employee screening, sustainable design and
cleanroom contamination.
22 business standards July 2008
CONFERENCES
Come and visit us as at the following
events where we will be exhibiting:
BCI Symposium
Hilton Metropole, Brighton
9-10 October 2008
Firex North
Harrogate, Yorkshire
Stand A32
21-22 October 2008
The Big 5
Dubai International
Conference Centre
Dubai, UAE, Stand GG
23-27 November 2008
Online Information
Grand Hall, Olympia
London, Stand 625
2-4 December 2008
Intersec
Dubai International
Conference Centre
Dubai, UAE
18–20 January 2009
CIES International Food
Safety Conference
Barcelona, Spain
4-6 February 2009
Ecobuild
Earls Court 1
London, Stand 632
3-5 March 2009
Business Continuity Expo
Excel, London
24-25 March 2009
For more information on conferences visit www.bsigroup.com/
july08conferences, phone Customer Services on +44 (0)20 8996 9001
or email info@bsigroup.com.
Exhibitions
LIFE CYCLE COSTING
Introducing BS ISO 15686-5
24 September 2008
London
Confusion exists about the best
method to realize the economic
and environmental benefits
of LCC. This conference explains
the new British Standard BS ISO
15686-5 Buildings and constructed
assets. Service life planning. Life
cycle costing.
www.bsigroup.com/lifecyclecosting
RISK MANAGEMENT
BS 31100 Code of Practice
for Risk Management
22 October 2008
London
A concise briefing on the
first British Standard for risk
management, BS 31100. Find
out how your risk management
strategies and processes could
be improved by utilizing this
new code of practice.
www.bsigroup.com/
riskmanagement
Second Annual
Conference on
SUSTAINABLE
PROCUREMENT
Delivering Improvements
in Strategy and Process
12 November 2008
London
Hear the latest developments on
how sustainable procurement can
benefit your business and save
you money, which standards are
in development and how existing
ones can help you.
www.bsigroup.com/
sustainableprocurement
FIRE SAFETY
Design, Management
and Use of Buildings
Autumn/Winter 2008
London
This conference will look at the
forthcoming British Standard BS 9999
and its likely impact on good practice
for fire safety in the design manage-
ment and use of buildings in the UK.
www.bsigroup.com/fireconference
25. TRAINING
We are one of the world’s leading providers of training,
information and knowledge on standards, management
systems, business improvement and the achievement of
regulatory approval products.
Our expert teams provide training to organizations of
all sizes and every type of activity, ranging from leading multina-
tionals to small innovative start-ups and from governments to
charities. From understanding how a standard can help your
business, to implementing, monitoring and auditing your
compliance to that standard, we can support you all the way.
Our training includes the following subjects:
BSI Learning
In the coming months, BSI members can expect to see a new
approach to training focusing on the growing and changing
learning requirements of customers around the world. BSI is
consolidating all its training and educational services into a more
integrated whole and under a single brand: BSI Learning.
BSI Learning will be offering a far wider range of products and
services which will enable customers to generate the greatest
business benefit from the use of standards. This will encompass
all aspects of BSI’s training programme, and enable members to
benefit from a truly one-stop-shop experience.
By introducing state of the art learning technologies in 2008, BSI
Learning will be making it as easy as possible to take advantage of
the many courses and options available, including e-learning. BSI
will also be offering specific services for global companies wishing
to deliver training on standards throughout the world.
BSI Learning will equip staff with the
confidence and expertise they need to deliver
outstanding results. BSI Learning will put
you in touch with the right course or experts
in order to improve and enhance the skills of
your management systems professionals.
Learning
New titles
Now available: three new books
from BSI for your reading list.
Managing Risk and Resilience
in the Supply Chain
This book offers a practical
approach to managing risk
and resilience in the supply
chain. It explores the
co-dependence inherent in
supply chains; it discusses
the opportunities, and analyzes
the threats, in order to gain an
understanding of the strategic
risk and management of supply.
Price: £30*
BSI Order ref: BIP 2149
www.bsigroup.com/BIP2149
A Manager’s Guide to the
Long-term Preservation
of Electronic Documents
Digital documents are being
created at an unprecedented rate,
while increasing regulation is
placing ever more stringent
requirements on the need for
retention of those documents.
This book provides guidance about
the adoption of standards and
practices organizations can
implement so digital documents
will be preserved for the long-term.
Price: £55* • BIP 0089
www.bsigroup.com/BIP0089
*Plus PP – UK standard delivery £5.95 (inclusive of VAT);
Rest of World standard delivery £9.95 (plus VAT if applicable).
Compendium of symbols
for use on electrical equipment
and for diagrams
This CD-ROM and book set is for
designers, manufacturers and techni-
cal writers of a wide range of electri-
cal equipment, both consumer and
industrial. It contains both sets of the
universal symbols required for use
on electrical equipment, covering the
symbols and hazard warnings required.
Price: £275* • BSI Order ref: BIP 3086
www.bsigroup.com/BIP3086
For more information on UK training courses,
visit www.bsigroup.com/july08trainingUK or phone
+44 (0)8450 086 9000, or for courses throughout the rest
of the world visit www.bsigroup.com/july08TrainingWorld
Business continuity management
Complaints management
Environmental management
Fire safety
Food safety
Greenhouse gas emissions
Information management and law
Information security
Integrated management
ISEB
IT service management
Lean Six Sigma
Medical devices
Occupational health and safety
Quality management
Security screening
Social accountability
Upcoming Business Forum dates – FREE to attend
10 September 2008, Bristol
14 October 2008, Newcastle
20 November 2008, Towcester
For more information: www.bsigroup.com/july08forums
26. 24 business standards July 2008
While standards have
typically focused on
commonality and creating
a universally agreed set of
rules and principles, from
time to time a standard is
needed that ensures things
stay very distinct indeed.
Take the case of small
bore connectors – such
as the “Luer” connection
system – used in different
fields of medical application.
In simple terms, these are
commonly used in a variety
of healthcare equipment,
including drug
administration, feeding and
monitoring. It is possible to
interconnect a wide range of
equipment using such
connectors and misconnection
may have a potentially harmful
effect. The past decade has
seen several cases of injury or
death as a result of medicines
administered via such universal
small bore connectors.
As a consequence, BSI has
recently published BS EN 15546-1, a new
standard that aims to prevent injury or death as
a result of cross-connection between small bore
connectors used in different fields of medical
application. BS EN 15546-1 Small bore
connectors for liquids and gases in healthcare
applications provides a test method for
manufacturers to ensure that small-bore
connectors for different applications are not
compatible with either Luer connector or
each other. Doing so will help prevent the
wrong medicine reaching the wrong person.
“This is an important milestone in the
development of international standards to
minimize misconnection errors that cause
patient safety incidents in the NHS,” says
David Cousins, head of safe medication
practice and medical specialties, National
Patient Safety Agency (NPSA).
“It complements two Patient Safety Alerts
issued by the NPSA to provide guidance to
minimize the risk of misconnections of oral
and epidural devices intended for intravenous
use. This standard paves the way for further
requirements for connectors which will
introduce a physical barrier to prevent error.”
BS EN 15546-1 was developed at
a European level and has been adopted
in the UK by BSI British Standards.
Organizations involved in the development
of the standard for the UK include the
National Patient Safety Agency, the
Department for Health and the Association
and Royal College of Anaesthetists as well
as expert health practitioners and
manufacturers of medical devices.
“BS EN 15546-1 is an important standard
for industry, healthcare professionals and
the public,” adds Mike Low, director of BSI
British Standards. “We have brought together
experts on all sides to produce a standard
which has patient safety at its core.”
Photography:GettyImages
raising the standard
“We have brought together experts
to produce a standard which has
patient safety at its core”
Good
medicine
27. For more information: www.bsigroup.com
Since its foundation in 1901, BSI Group
has grown into a leading global inde-
pendent business services organization.
The Group now operates in over 120
countries and has more than 2,300 staff.
certifies management systems and products;
provides product testing services;
develops private, national and international standards;
provides training and information on standards
and international trade; and
provides performance management software solutions.
Standards
Publications
BSI British Standards
is the National
Standards Body of
the UK, with a
globally recognized
reputation for
independence,
integrity and
innovation in the
production of
standards that
promote best
practice. It develops
and sells standards
and standardization
solutions to meet the
needs of business
and society.
Assessment
Certification
BSI Management
Systems provides
independent third-
party certification
of management
systems. BSI Product
Services delivers
product and service
certification and
marking, including
Kitemark® and
CE marking.
Entropy Software™
provides solutions
to help improve
environmental,
social and economic
performance.
Product
Testing
BSI Product
Services has the
capability to test
a huge variety
of industrial and
consumer products
such as construction,
fire safety, electrical,
electronic and
engineering products
and medical devices,
and can identify
technical
requirements,
product testing and
certification schemes
for most countries
in the world.
Training
Conferences
BSI Group is a
leading provider of
training, conferences,
information and
knowledge on
standards,
management
systems, business
improvement,
regulatory approval
and international
trade. This includes
guidance to help
customers
understand how
standards can be
used and applied
every day.
AbouTBSIgroup
BSI Group:
Kitemark and the Kitemark logo are registered trademarks of BSI