InfoSaaS and Axora have concluded a partnership agreement intended to transform the processes and costs of achieving and retaining information security, data protection and business compliance ISO management system certifications for companies operating in the oil, gas and mining sectors. Companies in these sectors are subject to the same compliance requirements as other organisations, but the very nature of their business activities means their sites are frequently in difficult-to-reach and/or inhospitable locations. As a result it can be both difficult and/or expensive to: Bring and keep compliance managers on-site to implement procedures and processes, collaborate with local teams, and generally prepare for certification or surveillance audits Bring auditors from Certification Bodies on-site to conduct the initial audits necessary for the awarding of certifications or to carry out the annual surveillance audits required for organisations to retain those certifications. SaaS software solutions InfoSaaS provides SaaS software solutions for achieving and retaining multiple ISO management system certifications. By virtue of being platform-based, these solutions enable: Compliance managers (or whoever is responsible for ISO compliance within their organisation) to collaborate with colleagues on-site, and to conduct "internal audits" to ensure that standards are met ahead of any external audit; and Certification Bodies to conduct surveillance audits remotely – eliminating the need for auditors to travel to difficult-to-reach locations. Axora and InfoSaaS collaboration Axora works specifically with companies in the oil, gas and mining sectors Axora works specifically with companies in the oil, gas and mining sectors, identifying technologies with the potential to shape the future of such businesses, helping them understand the key opportunity areas that sit across the value chain, and connecting them to the innovators. Several InfoSaaS solutions are available on Axora’s platform, supporting: ISO27001 (information security management), ISO9001 (quality management), ISO14001 (environmental management) and ISO18001/ISO45001 (health and safety management). ISO certifications costs and challenges InfoSaaS and Axora intend to leverage each other’s expertise in information security, data protection solutions" Peter Rossi, co-founder of InfoSaaS, said: “ISO certifications are valuable for any business to earn. But, for otherwise similar companies that happen to be in different industries, there can be huge disparities in the costs of doing so. InfoSaaS and Axora intend to leverage each other’s expertise – in information security, data protection and business compliance solutions, and the oil/gas/mining industries respectively – to transform the processes and associated costs of certification and surveillance audit for companies operating in those sectors, where simple ‘geography’ may currently make it expensive and difficult.” Energy and mining sectors The energy and mining sectors are under increasing pressure to adhere to the ever-changing compliance certification criteria" Dr. Nick Mayhew, Chief Commercial Officer for Axora said: “The energy and mining sectors are under increasing pressure to adhere to the ever-changing compliance certification criteria and improve their strategies. With this comes additional overhead in terms of resource, time and effort required to obtain and maintain these standards. We are excited to help organisations leverage the InfoSaaS platform to drastically simplify and manage their compliance operations in key business areas including environmental, security, health and safety.” Demand for remote audits ISO management system certifications have grown in importance to organisations operating in increasingly competitive markets around the world, clearly communicating relevant or important competencies to potential customers. Demonstrating certification against industry standards and evidencing a mature approach to the protection of sensitive information and personal data have become baseline requirements in many markets and for some customers. The global coronavirus pandemic has driven a surge in demand for remote audits generally, requiring businesses to adopt new approaches and solutions that allow teams, compliance managers and auditors to collaborate effectively to achieve and retain certifications.
Thousands of valuable ISO management system certifications earned by UK companies may now be at risk because auditors from Certification Bodies may not have been able to attend organisations’ premises to conduct essential re-certification audits during the current coronavirus pandemic. Worldwide, hundreds of thousands of certifications are at risk of lapsing as lockdown conditions look set to continue for the foreseeable future. Current UKAS guidelines - unchanged since August 2016 - state that: If [a] recertification assessment cannot be undertaken within six months of the anniversary of the certificate being issued], the certificate should be suspended, and a new initial assessment will be required. Business compliance requirements An average of 2,500 UK certifications per month could be at risk of lapsing due to the break in audit activities" To restore their certifications, affected organisations may incur financial costs easily three times higher than they were expecting to pay for their annual audits - plus considerably higher levels of time and resources - as well as having to remove any reference to their certifications from their websites and other collateral in the meantime. The issue has been raised by InfoSaaS, a provider of industry-renowned software solutions that help customers achieve information security, data protection and business compliance requirements, up to and including ISO management system certification level. ISO management system Peter Rossi, Co-Founder of InfoSaaS, said: “Across just three [ISO9001, ISO27001 and ISO45001] of the five ISO management system standards that we help organisations to achieve, an average of 2,500 UK certifications per month could be at risk of lapsing due to the break in audit activities - never mind all other ISO standards, and notwithstanding any backlog of audits, whenever they can resume at scale.” The International Organisation for Standardisation (ISO) doesn’t publish figures for the number of certifications granted across every standard. However, there are more than 1.3 million certifications worldwide across 12 standards for which it has most recently published numbers, in the form of the ISO Survey 2018 (including ISO9001, ISO14001, ISO20000, ISO22000, ISO22301, ISO27001, ISO28000, ISO45001, ISO50001, ISO 13485, ISO37001 and ISO 39001). Health and safety management Some organisations may decide not to be re-audited and simply to let their ISO certifications lapse" Worldwide there are over 870,000 certifications for ISO9001 alone, indicating that - six months on from the start of lockdowns - over 70,000 per month may be at risk of lapsing should surveillance audits remain halted. “The uncomfortable truth is that, under current circumstances, some organisations may decide not to be re-audited and simply to let their ISO certifications lapse. Any such de-prioritisation may, in turn, lead to an unwanted decline in standards for the likes of information security, environmental management, health and safety and quality management. This is not a good outcome for anyone,” explained Rossi. Remote surveillance audits Remote audits are impossible when organisations rely on outdated approaches tools such as multiple spreadsheets, which require in-person explanation, justification and cross-reference. Accordingly, InfoSaaS wants to see Certification Bodies conducting remote surveillance audits where the candidate organisation is using an integrated, platform-based solution such as InfoSaaS’s own Compliance Framework platform, which make it easy for auditors to conduct the necessary surveillance and auditing activities. Enhanced security control ISO certifications to various standards have become increasingly important to organisations “Frankly, it’s unnecessary and inefficient for any organisation still to be using the likes of spreadsheets for this purpose. It would make achieving business compliance objectives via a modern platform even more attractive if organisations could be confident that remote audits were not only possible but preferred,” Rossi added. InfoSaaS’s platform helps organisations achieve and retain several ISO certifications: ISO27001 (information security management), ISO27017 and ISO27018 (enhanced security control sets for cloud services), ISO9001 (quality management) and ISO45001 (health and safety risks) - as well as data protection workflows in support of GDPR. Management system certificates ISO certifications to various standards have become increasingly important to organisations operating in increasingly competitive markets around the world: having valid ISO management system certificates clearly communicates relevant or important competencies to potential customers. In particular, demonstrating certification against industry standards and evidencing a mature approach to the protection of sensitive information and personal data have become baseline requirements in many markets and for some customers.