By spending some time in the business and recording all vital processes a Business Impact Analysis (BiA) will be produced to highlight where any impact could take place and grade that impact.
Following on from this a through Business Continuity Plan can be produced so everyone knows what is required of them to help get the business back running on an even keel. Support and advice can also be provided on ensuring your suppliers have BC Plans in place
The plan will include
· Loss of Building / Denial of Access
· Loss of IT / Business Critical Systems
· Key Personnel shortages
· Loss or Failure of Key Suppliers
· Response Arrangements for Key Identified Threats
For larger companies a further level can be introduced, that of Incident Management. This will bring wider departments together to ensure cross-functional working is implemented and reporting structure defined up to senior management
The Risk Register starts, of course with a risk plan or BiA. The register becomes essential as it provides a framework in which problems that threaten the delivery of the business are captured. Actions are then instigated to reduce the probability and the potential impact of specific risks.
The General Data Protection Regulation (GDPR) was adopted by the EU in April 2016 to replace the Data Protection Directive. It introduces new obligations to data processors and controllers and with fines of 4% of turnover it is vital for companies to assess how GDPR affects them in being compliant from May 2018.
Most people are aware of the right of obtaining consent from individuals but there are many more aspects including rights for requesting information held, for data to be deleted, how their data is shared with 3rd parties, how long the information is kept for and portability.
Businesses must consider all security measures including encryption, ongoing confidentiality and the new concept of ‘pseudonymization’ has been introduced.
Businesses have accountability obligations such as needing to maintain relevant documentation and ensuring effective procedures are in place to handle all relevant risks under a risk-based approach.
Claritas has the knowledge and understanding to create bespoke policies and procedures thus ensuring your business are able to demonstrate GDPR compliance
As part of managing the health and safety of your business you must control the risks in your workplace. To do this you need to think about what might cause harm to people and decide whether you are taking reasonable steps to prevent that harm.
If you have fewer than five employees you don't have to write anything down but is beneficial to do so.
For some risks, other regulations require particular control measures, such as lone workers, under 18’s and pregnant workers. Your assessment can help you identify where you need to look at certain risks and these particular control measures in more detail.
It’s all well and good telling people you are a well-run business, it’s quite another showing them proof. The ISO 9001 is a quality standard accreditation that provides a customer with precisely that. It is recognised across the globe, with an estimated 750,000 businesses (only 60,000 in the UK) deemed worthy of the mark.
Although called a quality standard it is really a business model, ensuring processes are in place for every aspect of the business including handling complaints and highlighting training requirements. When fully embraced it helps to structure the business, employees have a clear process to follow and it encourages continued improvement and continuity of the quality of service you provide whilst encouraging transparency and accountability. But it’s not just important within the business. It means you can build a business faster, as once the formula has been created and documented, it is easier to replicate as you expand as larger companies will be looking for assurances you can complete any business they want to give you.
Claritas can help you implement and document all the required processes and documentation and work with you towards this accreditation.