The quarterly magazine of BSI Group • April 2007 • £3/$5 • BusinessStandards.com

BUSINESS STANDARDS

in the vanguard T-Mobile sets the standard for integrated systems

Clean Clothes Is ethical fashion finally coming into vogue?

informed deCisions Information security takes top billing in the boardroom

“We need to create competitive global energy markets”

The Rt Hon David Miliband MP on a three-dimensional approach to energy

SIGN Up AT

Businessstandards.com

andwin an

iPod

NEW

To order please contact BSI Customer Services quoting marketing reference code EMR-BS

Tel +44 (0)20 8996 9001 Fax +44 (0)20 8996 7001 Email orders@bsi-global.com www.bsi-global.com/environmentalstandardsHardcopy standards may also be ordered via the British Standards Online secure credit card service at www.bsonline.bsi-global.com

*P&P £5.95 UK (inclusive of VAT); £9.95 Rest of World (+VAT if applicable), P&P free to BSI Subscribing Members. BSI Memberdiscounts apply to hardcopy standards only. VAT is applicable to all eShop purchases and downloads, CDs, DVDs and otherelectronic products. Pre-payment is required from non-Members. For details of BSI Membership, call +44 (0)20 8996 9001. All prices, content and publishing dates may be subject to change.

raising standards worldwide™

Environmental Management Reports A series of clear and easy to use reports that feature: • Factual information and analysis• Case studies• Statistics

• Best practice• Worked examples• Future visioning

Focus on Sustainability and its Implicationsfor CSRAdrian Henriques & Peter Laerke-Engleschmidt,of the Open University

This report looks at the tools, techniques,standards and methodologies needed forsustainability and helps you to discover which aremost appropriate for your organization toimplement. It also offers support in thepreparation of a business case for moving

towards sustainability.

A4 Wirobound ISBN 978 0 580 49337 9BSI order ref BIP 2101 Price £95*

For more information visit www.bsi-global.com/BIP2101

Focus on Waste ManagementMark Yoxon, Stephen Burnley & Toni Gladding

The report gives clear and practical advice on howto identify areas of waste and how to implementsimple operational procedures to reduce andcontrol it. The author guides the reader throughthe relevant legislation and provides the tools andtechniques to unlock the benefits to business, the

wider economy and the Environment.A4 Wirobound ISBN 0 580 48412 2BSI order ref BIP 2102 Price £95*

For more information visit www.bsi-global.com/BIP2102

Focus on Environment and CorporateResponsibility CommunicationsJane Taylor & Kerry Wastell

This guide describes the key mechanisms for theintegration of corporate responsibility (CR)practices into everyday organizational thinkingand doing: communicating the CR agenda.

A4 Wirobound ISBN 0 580 48671 0BSI order ref BIP 2103 Price £95*

For more information visit www.bsi-global.com/BIP2103

Focus on Climate ChangeJan Vernon

This management report gives a detailed insightinto what climate change actually is, and explainsthe related policies in real terms. The reportanalyses what effect these policies will have onbusinesses and shows what steps can be taken tostay in line with the legislation.

A4 Wirobound ISBN 0 580 48142 5BSI order ref BIP 2105 Price £95*

For more information visit www.bsi-global.com/BIP2105

EMR-BS_Apr07.qxd 19/3/07 15:37 Page 1

Pursuing good environmental practices has to yield results in terms of improved efficiency, reduced risk, less waste...

Chie

f ex

eCu

tive

's l

ette

rBsi Group Chairman sir David John KCMG Chief Executive stevan Breeze Director British Standards Mike low Director of Legal Affairs & Company Secretary richard Catt

heaD offiCe 389 Chiswick High Road, London W4 4AL T +44 (0)20 8996 9000 E info@bsi-global.com W www.bsi-global.com

CustoMer serviCes T +44 (0)20 8996 9001 E info@bsi-global.com

press offiCe T +44 (0)20 8996 6330 E pressoffice@bsi-global.com

Bsi British stanDarDs Director Mike low 389 Chiswick High Road, London W4 4AL T +44 (0)20 8996 9001 E britishstandards@bsi-global.com W www.bsi-global.com/nsb

Bsi ManaGeMent systeMs Managing Director flemming norklit

uniteD KinGDoM Managing Director neil hannah PO Box 9000, Milton Keynes MK14 6WT T +44 (0)845 080 9000 E client.services@bsi-global.com W www.bsi-uk.comaMeriCas President Gary pearsons 12110 Sunset Hills Road, Suite 200 Reston VA 20190-5902 T +1 703 437 9000 E inquiry.msamericas@bsi-global.com W www.bsiamericas.com asia paCifiC Managing Director alwi hafiz 2 Bukit Merah Central, No. 14-02 Singapore 159835 T +65 6270 0777 E infoasia@bsi-global.com W www.bsi-asia.comChina Managing Director Mo yuan liu Rm 2008, East Ocean Center, No 24A JianGuoMen Wai Street, Beijing 100004 National free hotline 800 810 0045 T +86 10 6515 7060Japan Managing Director Mitsumasa tokunaga Toranomon Kotohira Tower 21F, 1-2-8 Toranomon, Minato-ku Toyko 105-0001 T +81 3 5501 7121 CeMea Managing Director filip Buerms 389 Chiswick High Road, London W4 4AL T +44 (0)20 8996 6325 E international@bsi-global.com W www.bsi-emea.com

Bsi proDuCt serviCes Managing Director alastair trivett Maylands Avenue Hemel Hempstead HP2 4SQ T +44 (0)8450 765 600 E product.services@bsi-global.com W www.bsi-global.com/productservices

Bsi entropy international President hewitt roberts 1 Waterview, White Cross Lancaster LA1 4XS T +44 (0)1524 389385 E info@bsi-entropy.com W www.bsi-entropy.com

Much of the focus in this issue of Business Standards addresses and examines issues which are at

the forefront of the business agenda. Whether they relate to energy manage-

ment, carbon policy or indeed sustainable consumption, these challenges are not only topical but will have a profound impact on the way companies do business in the future.

The importance from a standards perspective is how, through standards, we can deliver a set of business tools that generate tangible benefits to a wide audience including consumers, regulators, suppliers and most importantly customers. For any organization, whether large or small, pursuing good environmental practices has to yield results in terms of improved efficiency, reduced risk, less waste or even enhanced brand awareness.

BSI is well positioned to take the lead in this arena, through not only the environmental management system standard iso 14001 originally developed by BSI, but by the way we have taken the lead to develop innovative complementary products for universal and customized applications to help business apply prevailing best practice in addressing these issues.

Indeed, many of these issues are global and through BSI we can continue to develop a range of standards-based solutions that will benefit business, regulators and indeed governments internationally in tackling the changes that are likely to arise. But it is only through the focus of creating tools that deliver economic, as well as social benefits, with a framework that is robust, transparent, embracing, practical and where appropriate verifiable, that we will succeed.stevan Breeze, Chief executive, Bsi Group

www.bsi-global.com

BSI Group: Standards • Information • Training • Inspection • Testing • Assessment • CertificationBSI Group: Standards • Information • Training • Inspection • Testing • Assessment • Certification

raising standards worldwide™

BSI Group has been independentlyvoted one of the UK’s top businessbrands. This is the third time in a rowthat we’ve received this award makingus a “super Superbrand”.

The Business Superbrands awardrecognizes our strength for quality,reliability and distinction across ourbusiness and for the benefits theybring to our customers.

To find out how your business canbenefit from working with the UK’sleading professional services businessthat delivers assurance throughstandards-based solutions, visit ourwebsite at:

www.bsi-global.com

We’re aBusinessSuperbrand!for the thirdconsecutive time

C

M

Y

CM

MY

CY

CMY

K

11116 SB ADVERT 289x210.pdf 30/3/07 10:52:2011116 SB ADVERT 289x210.pdf 30/3/07 10:52:20

241404

04In brIefNews, views and issues from the world of standards. In this edition: taking a carbon neutral approach to business and exploring better waste management, plus an update on the new Thatcham BSI Kitemark®.

09 vIewpoIntDoes business really need an integrated management system? Neil Hannah, David Smith and Hilary Banner offer their views on PAS 99 and bringing standards together.

features

10power pLaYEnergy matters have been high on the agenda for years, with questions of climate change pushing the debate, but what about the busi-ness case for better energy management? We review the intricacies of the issue.

14etHICs In voGueConsumers in the UK are in the vanguard when it comes to fashion, but how many of us take the origins of our clothes into consider-ation before buying? We find out how the industry is dealing with “ethical fashion”.

16safe and seCureA company’s information is its lifeblood. But with lost laptops, hacked systems, employee indiscretion and under-regulated supply chains, the potential for the loss of vital business information is endless. What can organizations do to keep their most valuable asset safe?

20standard bearerWhen T-Mobile UK became the first company in the world to implement PAS 99 and integrate its management systems stan-dards, people watched with interest. The results have been positive, with reductions in bureaucracy and improved focus.

22events, Courses & traInInG

24pLastIC fantastICDespite improvements in recycling technology, plastic waste remains a big concern for its impact on the environment. A new standard aims to provide some common ground.

25about bsI

“Our current and future welfare is dependent on actions beyond our immediate sphere of influ-ence. This is most obviously true in the chal-lenge of energy security and climate change“

Rt Hon David Miliband MP

Contents: apr/07

BSI Group: Group editorial manager Wilma Tulloch Group marketing manager Marc Edney Caspian Publishing: Editor Keith Ryan Creative director Nick Dixon Art director Erroll Jones Senior art editor Gary Hill Production manager Karen Gardner Publishing director Jules Rastelli Commercial director Justin Khaksar Editorial director Stuart Rock Finance director Kate Andrews Chief operating officer Gary Pickett Communications director Matthew Rock PA to the Publisher Sandie Liggett Publisher Mike Bokaie • Caspian Publishing www.caspianpublishing.co.uk Editorial +44 (0)20 7368 7177 Fax +44 (0)20 7368 7178 Photography: Getty Images Cover Photography: Richard Gleed

Business Standards is the official magazine of BSI Group, which is incorporated by Royal Charter, and is circulated quarterly in the UK and overseas. Published for BSI Group by Caspian Publishing Ltd. Editorial opinions expressed in the magazine are not necessarily those of BSI Group or the publishers. Reproduction in whole or in part without written permission is strictly prohibited. All enquiries relating to the distribution of the magazine should be directed to Marc Edney (BSI): +44 (0)20 8996 7737. Printed by Wyndeham Heron Repro by Blaze Creative Business Standards is printed on paper sourced from sustainable forests and supplied from mills certificated in accordance with ISO 14001.

10

� business standards  April 2007

inbriefbsi has published a comprehensive guide to the legislation for manufac- turers, importers and exporters of electrical and electronic equipment: The Waste Electrical and Electronic Equipment Directive – a survey of requirements and implementation (BIP 2117).

The book gives guidance on the Waste Electrical and Electronic Equipment (WEEE) Directive, which came into force in the UK on 1 January 2007 and applies to any busi-ness that manufactures, brands, imports, sells, stores, treats or dismantles electrical or electron-ic products within the EU.

The Directive covers a broad range of electrical and electronic products, including household appliances, IT and telecommunications devices, audio-visual equipment (eg TVs, VCRs, CD play-ers, radios), lighting, tools, toys, leisure goods and sports equipment. It requires producers of EEE to meet the costs of recovering and recycling their products when they become waste.

The book provides background on the directive, as well as details on a range of European coun-tries, focusing on EU Member States. New information on countries’ implementing measures will be added as it becomes available, including information on countries not included in the first edition. Copies of the Directive and Council Decisions are also included in the final part of the book. For more information or to order a copy, visit www.bsi-global.com/apr07weee

Waste not, want not

Nick Terry has been appointed as the new chairman of BSI’s most senior construction committee, the Construction and built environment sector Policy & strategy

Committee (Cbe/-), formerly known as B/-. Currently chairman of Building Design Partnership (BDP) South, he also serves as chairman of the European Interoperability Centre, as the international vice-chair of buildingSMART and as chairman of the International Alliance for Interoperability. His appointment reflects a new approach to this area for BSI to include process issues of key strategic importance to the sector.

In support of BSI Management Systems UK’s commitment to the environment and their carbon neutral status, staff from BSI’s Milton Keynes office took part in a tree planting event in February organized by the Forest of Marston Vale in Bedfordshire. The team joined a task force of over 500 to complete the planting of over 7,500 native trees over a busy 12-day period. This was just one of the many offset projects in which BSI Management Systems UK has been investing in over the past year, including funding a micro-hydroelectric power plant in Bulgaria.

taking the Carbon neutral aPProaCh

sustainability: sign uP nowBSI is hosting the Implementing Sustainable Procurement Conference in London this July (Conference: 3 July; Workshop: 4 July). As sustainable procurement practices gradually take hold in the public sector, the impact is rapidly being felt throughout the private sector supply chain. Most purchasing and procurement professionals know what sustainable procurement is, and understand why it’s important, but this conference is here to help with practical implementation of sustainable procurement in business. for more information, visit www.bsi-global.com/apr07procurement

View all of these stories at www.BusinessStandards.com

surV

ey s

aysThatcham BSI

Kitemark®: Update

With its acquisition of Greenall Barnard Associates Ltd (trading as ASI-QS) in December 2006, BSI’s expertise in Six Sigma training has been significantly enhanced. ASI-QS, established in 1988, has a reputation for Six Sigma training and implementation with major clients including Volvo, Vestas, Bausch & Lomb, Boston Scientific and Schering Plough. ASI-QS staff will work with BSI Management Systems globally with a view to building BSI’s reputation in Six Sigma and related business improvement tools.

“BSI is very pleased to have acquired the depth of knowledge and experience which ASI-QS will bring,” says Flemming Norklit, managing director of BSI Management Systems. “This move enables us to give all our global partners enhanced access to our Six Sigma services and our related business improvements products.”

for more information on six sigma training and services, visit www.bsi-global.com/apr07sixsigma

The new Thatcham BSI Kitemark® for the vehicle repair industry has been accredited by the United Kingdom Accreditation Service (UKAS). This follows on from its successful launch in February, during which three bodyshops received the Kitemark®. AJC Fix Auto (Essex), East Bilney Coachworks (Norfolk) and UK Assistance Accident Repair Centre (Lancashire) were presented with Kitemark® certificates by BSI Group CEO Stevan Breeze and Peter Roberts, Thatcham CEO.

“The Thatcham BSI Kitemark® scheme is based on some sound funda-mental business improvement tools and techniques, and the framework required to attain the Kitemark® means that I know it will deliver huge benefits to our organization,” says Chris Oliver, managing director of AJC Fix Auto. “The scheme has brought about a number of improvements to our infrastructure and this, coupled with the enhanced perception of the business by customers thanks to the Kitemark® symbol, will play an integral role in cementing our long term development and prosperity.”

For more information, visit www.bsi-global.com/apr07thatcham

six sigma: strength to strength

saw

a r

educ

tion

in c

osts

of

dis

rupt

ion

to o

pera

tions

. sa

w a

red

uctio

n in

in

sura

nce

prem

ium

s.

For

mor

e de

tails

on

OH

S m

anag

emen

t sys

tem

s, v

isit

ww

w.b

si-g

loba

l.com

/apr

07oh

s

To fi

nd o

ut w

hat i

s dr

ivin

g th

e gr

owin

g in

tere

st in

Occ

upat

iona

l Hea

lth

and

Safe

ty M

anag

emen

t Sys

tem

s (O

HSM

S) B

SI M

anag

emen

t Sys

tem

s U

K h

as s

urve

yed

exis

ting

OH

SAS

1800

1 cl

ient

s.

of r

espo

nden

ts im

plem

ente

d O

HSA

S 18

001

as b

est p

ract

ice.

29%

17.5

%83

%

Raisingtheir game:Quentin Willson on the body shop RepaiR industRy and the neW thatcham bsi KitemaRK®

FoRWaRd thinKingBusiness continuity management tops the boardroom agenda

cat and mouse gameDo you know what your kids are doing online?

top maRKsRecent research proves Kitemark® remains a solid brand

The quarterly magazine of BSI Group • February 2007 • £3/$5 • BusinessStandards.com

BUSINESSSTANDARDS

� business standards  April 2007

inbriefthrough use of the DTI’s Consultancy Drafting Scheme, BSI committee EPL/66 has developed a new part to BS EN 61010 Safety requirements for measurement, control, and laboratory use, specifically for equipment used in schools, based on UK requirements. Such a stand-ard will maintain and enhance the safety of children using the equipment, while allowing the education authorities to procure on the world market. It will also enable manufacturers to demonstrate compliance with the Low Voltage Directive, 73/23/EEC, allowing free movement of the products in the European Economic Area. Currently published as a Draft for Development (DD), publication of the standard is expected in late 2008.

From the end of April 2007, BSI Product Services will be distributing a brand new toolkit to all Kitemark® licensees. The newly designed format contains clear and dynamic guides for licensees on how, why and where to use the Kitemark® to help promote their businesses, attract more customers and increase revenue. The packs also aim to generate some new ideas for business, such as merchandise and internal promotion. The accompanying CD will include all the necessary logo files in print-ready formats as well as the prestigious swing tags for customers to use on their products and outer packaging.

As a consequence, the kitemark® symbol will be more visible on business premises, stationery, vehicles, merchandise, packaging and on retailers’ shelves, thereby helping the public as well as businesses to make safer and more confident purchasing choices.

“Instead of using only a unique fingerprint to gain access to a network or PC, the [MatchLogon with FingerPIN] system uses a sequence of such prints in a random order known only to the user.

“To overcome the system, an attacker would need to have access not only to four or more of the user’s fingerprints, but would have to enter them in the correct sequence.”Techworld.com, 1 March 2007

“Currently UK organisations that lose sensitive customer or employee data, or expose it to others, do not have to disclose details of the breach – even to those affected.

“Now, in the wake of recent data losses, security experts have called on UK legisla-tors to bring laws in line with US law SB 1386, which was introduced in California in 2003 and has spread to 34 states, requiring full disclosure.”Silicon.com, 16 March 2007

“What looks more innocuous than an iPod hooked up to a PC? What some employers have come to realize is that not every work-er is filling up their MP3 player with music – they may be filling it up with sensitive corporate data, a practice that fraud inves-tigators have observed and which has spawned the term 'pod-slurping'.”Silicon.com, 20 March 2007

Kitemark® toolkit

sChool lab safety

information seCurity: what’s being said online?

View all of these stories at www.BusinessStandards.com

a new online self-assessment tool is soon to be launched to help businesses benchmark their organizations against BS 25999, the new standard for Business Continuity Management (BCM). Business Continuity Assessment Online is a software self-assessment tool, which provides a framework to ensure that BCM practices meet and conform to the standards set by BS 25999 Part 1. Other benefits include practical assistance on getting the best out of the new standard and guidance on how to establish the process, principles and terminology of BCM, based on examples of best practice from across the BCM lifecycle. The tool will provide practical assistance and help to organizations of any size and from any sector. BS 25999 Part 2, which is due for publication at the end of August, will estab-lish the requirements for a BCM System (BCMS) and will allow organizations to be assessed and certified by an independent third party, such as BSI Management Systems. for more information, visit www.bsi-global.com/apr07bcm

Business continuity self assessment

in april 2007, representatives from the world’s contact centre profession-al and trade bodies attended the first ever Contact Centre Global Forum, “to address the challenges facing an increasingly globalized industry”. Speaking at the event was John Hele, global product manager with BSI Management Systems, as part of a panel group speaking on the subject of “Global standards – do we need them and what are they for?”. This conference marks an important step in the ongoing debate surrounding a global standard. The need for an agreed framework of conduct for the Contact Centre industry was first acknowledged back in 2001, when the

Contact Centre Association (CCA) launched the CCA Standard©, “an operating guide designed to assist organizations in delivering increased levels of efficiency and customer service.” Since then, both the industry and businesses have changed significantly, prompting the release of Version 3 of the CCA Standard© for Contact Centres at the end of 2006. This version looks specifi-cally at both “in-house” contact centres and those that operate

on behalf of other organizations. The revised standards were the result of extensive consultation with CCA accredited members, foundation part-ners, BSI and other industry professionals. for more information, visit www.bsi-global.com/apr07cca

For the third consecutive time, BSI Group has been named one of the UK’s top 500 Business Superbrands. The award was based on the vote of an expert panel and, for the first time, a survey of independent business professionals administered by YouGov, the UK’s most accurate online research agency. It serves as an acknowledgement of BSI’s rep-utation for quality, reliability and distinction. for more information, visit www.bsi-global.com/apr07superbrand.

Calling for a global standard

Superbrand status hat-trick

8 business standards  April 2007

inbrief

Cash flow

Links in the supply chain

View all of these stories at www.BusinessStandards.com

by passing its final accreditation visit by Social Accountability International, BSI Management Systems is now one of only 14 certification bodies in the world accredited to offer assessments to SA8000:2001 Social Accountability. This is the most widely recognized global standard for managing human rights in the work-place. It was the first auditable standard, suitable for organizations of all sizes worldwide, and provides a flexible framework for assuring stakeholders that social accountability is being stewarded by management. 

More and more non-governmental organizations (NGOs), investment analysts and other stakeholders – including employees – are evaluating corporate commitment to fair and equitable working environments, as well as transparent business prac-tices both internally and throughout the supply chain. Prompted by a series of sweatshop scandals in the past few years, apparel and textiles now lead the way in certification to SA8000:2001, with the cleaning, food, chemical and toy industries following close behind. 

Certification to the standard demonstrates an organization’s commitment to its employees, which in turn helps maintain stakeholder confidence, resulting in better employee retention and an improved reputation.

for more information on sa8000:2001, visit www.bsi-global.com/apr07sa8000

new anti-money-laundering guidance is being prepared and BSI is looking for documents, supporting material, examples of national best practice and anyone who feels they have demonstrable expertise in this area to take part. If you feel you might be able to help, contact Nicki Dennis on nicki.dennis@bsi-global.com to find out how you can contribute to the debate.

UK retailers are under more pressure than ever to establish due diligence  

  in the supply chain. BSI Management Systems is an accredited provider of 

assessment and certification services to the British Retail Consortium (BRC) 

Global Standard – Food and the BRC/IoP Global Standard – Packaging.  

Both are designed to enhance the ability of companies to supply retailers 

through internationally recognized product assurance. They also ensure 

businesses are meeting their legal and regulatory obligations. BSI is  

also on the UK Accreditation Service (UKAS) accreditation pilot scheme 

for the new BRC Consumer Products standard Issue 2, which was 

developed to assist retailers in their fulfilment of legal obligations  

and protection of the consumer, by providing a common basis for the 

certification of companies supplying consumer products. In addition, 

BSI is seeking accreditation to the new BRC Global Storage and 

Distribution standard, which was developed to help businesses in 

their evaluation of companies storing and distributing products. for more information, visit www.bsi-global.com/apr07brc

human rights in the workPlaCe

“Numerous businesses have found con-siderable benefits in integrating the man-agement systems that they operate. Not only is much duplication avoided, but inte-gration can bring coherence to the opera-tion and better business focus. Guidance on integration is valuable and PAS 99 is a significant contribution in this respect.

“At present, there is no requirement for organizations to demonstrate that they have an integrated management system in place. Companies implementing the guidance outlined in PAS 99 are doing so for the benefits it brings to the business.” David Smith, author of PAS 99 Director, iMS Risk Solutions

“The integrity of Multisol’s management systems stems from their integration at the very start: PAS 99 offers a single framework to address the needs of our suppliers and customers; our environmental responsibili-ties and our place in the local community as well as mapping the demands of our future development. PAS 99 facilitates an ethos of continuous improvement throughout the organization without labelling topics as rel-evant for quality, environment or health and safety, so there is a single holistic focus. PAS 99 has provided Multisol with a struc-ture to refine our management systems and the opportunity to incorporate essential control mechanisms, which previously exist-ed outside our accredited systems. We are now able to identify and incorporate relevant aspects of other accredited systems within our controlled management structure.”Hilary Banner, director, Multisol

integrate or disintegrate... which would you choose? Some ten years ago the environmental standard, ISO 14001, was born and there are now over 100,000 organizations regis-tered to it worldwide.

Some 30 years ago, BSI carried out the first assessments to the standard that later developed into ISO 9001. Today there are 800,000 organizations worldwide registered to it. These standards have proved to be incredibly successful and have been widely adopted worldwide.

In the last few weeks, the world’s first certificate to the integrated management “standard” PAS 99 was issued. How many of these will there be in ten, 20 or 30 years? It seems likely to me that there will be a large number. Of course, by then, I anticipate the “standard” will no longer be called PAS 99: it will be refined and doubtless improved by the rig-ours of the international standardization process but it will be there in big numbers.

At the BSI conference in the UK in early March, five per cent of organizations represented already had fully integrated sys-tems. Thirty per cent had systems that were capable of being integrated or were en route to integration. PAS 99 represents a practical way to meet market demand for integrated registra-tion ensuring high standards across all component parts. It was developed by top class practitioners in the art; it is timely; widely recognized and eminently practical. It will be used. Neil Hannah, managing director, BSI Management Systems UK

“PAS 99... is timely; widely recognized and eminently practical”

View all of these stories at www.BusinessStandards.com

Question: does business really need an integrated management systems standard?

ViewPoint

10 business standards  April 2007

Founded as “a private company set up by

government, to accelerate the transition to a

low carbon economy” according to its website

(www.carbonconversation.co.uk), the Carbon

Trust has worked with some of the UK’s big-

gest names on the business case for energy

management. The results are hard to debate:

> GSK’s Horlicks factory reduced energy

costs by more than five per cent, equivalent

to £35,000.

> BMW’s already energy-efficient Hams

Hall plant improved control of manufactur-

ing equipment, allowing the investment

BMW made in new technology to be paid

back in less than a year – and savings in

2004 amounted to almost £250,000.

> Overall, in 2005-06, Carbon Trust

helped its business and public sector custom-

ers identify 3.9 million tonnes of annual

CO2 savings – with potential annual cost

savings of approximately £390m.

(Source: Carbon Trust)

In addition, “Independent research commis-

sioned by the Carbon Trust (Opinion Leader

Panel, November 2006) revealed that around

half of business leaders feel that the difference

in the gap between words and actions on car-

bon policy will be more readily spotted in

COVer stOrY: energY

Cost or investment? Regulation or voluntary measures? Mark Mcdowall reports

on the business case for energy management.

The environmental case for better energy

management has been made time and again.

It’s underlined in the news every day, with

reports on impending disasters “due to

climate change” and political parties

announcing their green credentials and

efforts to save the planet. But while environ-

mental and climate change issues in the

media have put the onus on the individual –

whether telling people to cut down on air

travel, ditch the car or scrap the standby –

what about companies that rely on large

amounts of energy to do business?

It’s no small question. According to BSI

research, businesses in the UK will account

for 38 per cent of the UK’s greenhouse gas

emissions by 2010 (Source: Focus on climate

change: BSI Environmental Management

Report by Jan Vernon, 2006), and these have

been recognized as a major contributor to

global warming.

With the Kyoto Protocol in force since

December 2005, the task of meeting these

targets has begun in earnest. Business should

no longer be thinking in terms of “why”, but

“how”. For most companies, this will come

down to a straightforward question: is there

a business case for energy management?

It’s a question that has been at the

forefront of the Carbon Trust’s mind for years.

>POWer PLaY

For more information visit www.bsi-global.com/apr07energy

"A number of progressive companies here in the UK have taken a lead on managing their carbon footprint, but we urgently need to spread that good practice across the business community as a whole – especially through the supply chain. Small and medium-sized companies often complain that this is so much harder for them than for bigger companies. But the money to be saved (through increased energy efficiency) still makes this a win-win agenda: better for business and better for the planet."

Jonathon Porritt, co-director  of The Prince of Wales's Business and the Environment Programme

2007, in particular by customers. And that the

issue that should be of most concern to CEOs

in 2007 is ‘energy and the environment’.”

Clearly, there are savings to be made in

the short term and energy management will

remain a priority for business – if only from

a reputation management perspective – but

is there an argument for long-term business

investment in the problem?

The business of climaTe change“Most companies regard energy consumption

as a cost of doing business. But if you look

at it, you see opportunities to make savings,”

says Tim Sunderland, global product manager

with BSI Management Systems, responsible for

sustainability. “The less energy you use, the

more money you save.”

Consider companies that have addressed

energy management seriously: DuPont found

ways to keep energy use flat from 1990 to

2000 and increased production by 35 per

cent, saving US$2bn; Sainsbury’s set out to

control the amount of electricity it used in

refrigeration in 2003 and saw a 12 per cent

reduction in consumption with savings of

£3.8m a year.

In November 2001, Lafarge took the lead in

the cement sector, aiming to cut emissions by

20 per cent by 2010 against a 1990 baseline.

12 business standards  April 2007

Each of the company’s installations is bound

by targets for emission levels and energy

assessments, set by the EU Directive on

Integrated Pollution Prevention and Control

(IPPC), but Lafarge took a step further.

“We have joined both voluntary initiatives:

the UK Emissions trading scheme and the

Climate Change Agreement, which encourages

better energy management,” says Jim

Rushworth, Lafarge Cement’s national energy

manager. “We found we could reduce CO2

from our raw materials by using more pre-

calcide waste raw materials, blending different

materials together rather than using the tradi-

tional lime base.”

He points out that there was an incentive,

and not just in the form of a rebate on their

IPPC climate change levy, if certain targets

were met: “Alternative fuels and raw materials

tend to be derived from waste products. While

there is an up-front cost in getting equipment

to handle these and store

them, and getting the trialling

and testing done so you can get

permission to use them, there tends

to be a lower cost in purchasing the

materials than traditional fossil fuels

or virgin raw materials,” he explains.

With increased competition from outside

the UK and the Eurozone, it makes sense:

“If you want to lead the world in business,

you’ll need to lead the world in energy

efficiency,” Rushworth concludes.

approaches To regulaTion The Lafarge experience raises an

important point: for many busi-

nesses, investment in better energy

management may not be a matter

of choice, but of governmental

control. For example, the afore-

mentioned EU Directive on

IPPC is the second major

pillar of Europe’s climate

change policy. This man-

dates standards in energy processes

from companies like Lafarge in sec-

tors with high-energy requirements

such as aluminium, chemicals, iron

and steel, and ceramics.

One of the IPPC’s central mecha-

nisms however, is the promotion of

Best Available Techniques (BAT),

offering road-maps for companies looking

to switch to gas (which emits less CO2 than

coal or oil) or renewable sources such as solar,

wind or hydropower. It also maps the most

effective ways of managing waste better, cut-

ting the release of methane, another major

greenhouse gas, or fixing leaks, a major con-

tributor to greenhouse gas emissions. And it is

these areas that organizations such as BSI feel

are essential for bringing on board businesses

currently outside the remit of mandatory regu-

lation embodied by the IPPC.

Taking The win-win approach“Standards are based on best practice – if a

company wants to do something differently

and doesn’t know how, then it can refer to

a standard as a framework for best practice.

Companies can follow it without re-inventing

the wheel,” says Sunderland. “Standards are in

place to pre-empt regulation that might force

companies to go down that road in the future

– and in some cases can stave off regulation.

So they can help themselves that way too.”

“One of the key drivers is climate change,

so reducing carbon emissions is a priority

for government and businesses aiming at

sustainability,” adds

Katherine

Hunter, sector

development manager for sustain-

ability at BSI British Standards, “but

cost is a big driver for industry since

energy prices have risen so rapidly in

recent years.” Thankfully, Hunter points

out, standards can address both the busi-

ness and the environmental cases for

better energy management.

“For example, ISO 14001 provides

a framework for businesses to manage

their environmental impacts and demon-

strate they are doing so on a continuing

basis,” she says. “That’s good for busi-

ness, as there’s a lot of pressure from

the supply chain since many companies

now insist their suppliers have environ-

mental policies in place.”

While there is a misconception

that implementing standards means

changing processes or adopting new

technology – which could impose

extra costs in new materials and

equipment as well as management

time in addressing issues and sourcing solu-

tions – according to Sunderland it’s a matter

of looking at it in terms of investment: “It’s

like waste management: most businesses think

it’s a cost they have to pay. Until they start

measuring and managing it they won’t get the

benefit. Those that do will get an immediate

benefit,” he says.

seTTing sTandardsThat industry standards are at the heart of

the business case is something BSI is keen

to demonstrate, drawing up new and often

bespoke standards aimed specifically at

energy management.

Alexandre Bykov, consulting team manager

for BSI Professional Services, for example, has

been working with National Grid on a series

of Gas Industry Standards (GIS), which the

company and its suppliers can adopt to main-

tain safety and efficiency across the entire gas

distribution network. As part of this process,

the Gas Distribution Networks – National

Grid, Scotia Gas Networks, Northern Gas

Networks, and Wales & West Utilities – now

specify Kitemark® certification for products

used on the network, conforming to the initial

set of GIS implemented in October 2006.

“By rolling out these standards, we can

help gas companies lighten the regulatory

burden, comply with regulations in a cost-

effective manner and use standards as a

powerful marketing tool,” he says.

What else is in the green business pipeline?

An energy management systems standard,

which will allow organizations to demon-

strate that they are continually improving the

efficiency of their energy use, and a standard

on energy efficiency and savings calculations,

which aims to give organizations a common

method for calculating energy consumption,

energy efficiency and energy savings. These

moves accompany other EU developments

such as Directive 2005/32/EC on the eco-

design of Energy-using Products (EuP).

For Tim Sunderland, these developments are

vital not just for helping businesses reap mate-

rial benefits from better energy management,

but for giving such green initiatives the credi-

bility they need: “The sooner we tighten up

on standards, the sooner businesses can start

to work to those standards and the more cred-

ible the claims start to be,” he points out. n

For more information visit www.bsi-global.com/apr07energy

the uK government has been stepping up its green creden-tials in recent months and david Miliband, the secretary of state for environment, Food and rural affairs, is certainly trying to do his bit by setting out a series of practical solutions to enable us to live within “environmental limits”.

“the positive news is that there are ways of keeping homes warm and light and powering our transport, that produce little or no greenhouse gas emissions,” he explains. “the practical and technological solutions

are increasingly available and increasingly cost-effective – if we put a price on carbon.”

He calls this fundamental shift in the way we live “the 3d energy revolution” and the key pillars of his long-term strategy are demand reduction (reducing our energy needs through greater efficiency), decarbonization (switching

to zero-carbon sources) and decentralization (ensuring an increasing share of energy production is produced within homes and communities).

the driver is simple: “in most industrialized countries, demand for energy has increased in parallel with economic growth. if we are to grow our economy in the future, we need to find ways of breaking that link.”

the key is Miliband’s sec-ond “d”, decarbonization, an area in which he acknowledges the uK has lagged behind and needs to improve on given the gov-ernment’s commitment to producing 20 per cent of

the country’s electricity from renewables by 2020. Miliband cites wind, wave and solar power as important sources of energy – and, more controver-sially, nuclear power.

“in transport, the solutions are more difficult,” he points out, “and the first focus must be to improve efficiency. but in the short term biofuels and plug-in hybrids can play a big role, with developments in electric cars and hydrogen fuel cells further down the track.”

the keys to the third “d”, decentralization, are two-fold: communities and individual households producing energy from biomass-fuelled power stations or solar panels and

wind turbines; and cutting the amount of energy currently lost through transmission and distribution.

the big question for business, of course, is how he sees this vision materialising.

“the role of government is not to try to prescribe the exact balance between these different solutions,” he says, “it is to use public rules and finance to cre-ate market-based innovation for lowest cost solutions.”

He sees three tools as vital to delivering the 3d future: “We need to create competitive global energy markets in which there are no barriers to invest-ment. We also have to put a price on carbon, either through taxation, emissions trading or regulation. Finally, we should use subsidy, procurement and regulation to drive the transition to new technologies.”

it’s not an impossible task. as Miliband told members of the Lunar society in birmingham in late 2006: “in the 18th century, Josiah Wedgewood captured the spirit of the Lunar members when he said that they were ‘liv-ing in an age of miracles in which anything could be achieved’.”

For Miliband, we need that same spirit of optimism among today’s entrepreneurs, scientists and public service leaders if we are to create a 3d energy revolution. n

For david Miliband, the arguments about climate change are over. The debate is now about what we do, not whether we need to act.

For too long, the science has moved faster than the politics – 2007 needs to be the year when the politics start to catch up“ ”

>Energy in three dimensions

14 business standards  April 2007

>etHiCs in VOGue

sOCial issues: etHiCal fasHiOn

We each spend a whopping

£780on clothes every year on average – but know little about their origins or where the money goes. Melody bartlett tries ethical fashion on for size.

for more information  visit www.bsi-global.com/apr07ethicalfashion

“Organic”, with its compost-like associations, isn’t something we tend

to link with high-street chic. But in

2003 the UK public spent £273m on

organic, fairtrade and recycled clothes,

or so-called “ethical” fashion, according

to a report – Well Dressed – produced by

the Sustainable Manufacturing Group

(Institute for Manufacturing, University

of Cambridge).

Big-name fashion designers such as Stella

McCartney have put ethical fashion firmly on

the public agenda and a new industry of ethi-

cally aware designers and retailers has begun

to take shape in the UK: “People are becoming

far more ethically minded, and retailers and

designers are reacting,” says Emmeline Child,

creative director of Emmeline 4 Re, one of a

new breed of UK fashion labels.

Emmeline 4 Re specialises in clothes made

from recycled materials, but the concept of

ethical fashion encompasses everything from

recycled clothes to those made from organic

and fairtrade crops. Just as we have become

concerned about “food miles”, “clothes miles”

are becoming an issue for consumers.

The Co-operative Bank’s Ethical

Consumerism Report 2006 valued Britain’s

ethical consumer market at £29.3bn in 2005.

The UK has led global demand for organics

with the world’s fastest growing market for

organic food and drink, according to the BSI

2006 Stakeholder Workshop Ethical Fashion

Report. Clearly, the UK could become a trail-

blazer for organic and ethical fashion.

A wOOlly industry?Last year, BSI held a workshop for stake-

holders in the ethical fashion sector to discuss

ways in which the industry can meet consumer

demand. Ethical fashion spending in Britain

rose by 26.1 per cent in 2005 according to

the Co-Op report, and the industry is facing

pressure for transparency and accountability.

Among the many discussions that took place,

the workshop offered a chance to discuss

how to reach a consensus on standards of

“ethical” production and to put

those in place.

“There is a lot of

confusion about what ethical

fashion actually is,” explains

Cyndi Rhoades of Anti-Apathy, a

lobby group that took part in the work-

shop. The organization promotes ethical

fashion and markets Worn Again train-

ers. “People are looking for alternatives

across the board. The movement that

began with organic food has moved on

to fashion and now covers everything

from employment standards to the envi-

ronment, not just organics.”

Cecilia Malvido de Rodriguez, research

associate with Cambridge University’s

Sustainable Manufacturing Group and author

of Well Dressed, says it goes further still.

“It involves every aspect of the supply

chain from design, manufacturing and labour

conditions right through to end-of-cycle –

what happens to clothing after it is thrown

away. It’s important to improve use of resourc-

es and think about the environment in terms

of using renewable materials, organics and

avoiding genetically modified organisms.”

Chemicals used in fabric dyes, bleaches and

softeners are bad for the environment, explains

de Rodriguez, as are some used in man-made

garments – although some man-made fibres

such as viscose, derived from wool, come from

renewable resources, she adds. Providing the

public with consistent information on these

aspects of garment production is difficult. One

outcome from last year’s workshop was the

need for a common approach across the indus-

try – standards being one aspect of such a joint

approach. Standards in the industry would

offer transparency for consumers as well as

a seal of quality for designers and retailers.

“A logo that encompassed the different

aspects of ethical production and indicated

that a high standard was used throughout

would help reward responsible producers,”

says Child, who feels consumers would pay

a little more for that reassurance.

Tamsin Lejeune of the Ethical Fashion

Forum, a group for small fashion businesses,

says a code of conduct for manufacturers and

suppliers, and closer ties between suppliers and

retailers, would help boost the industry’s repu-

tation without making clothes unaffordable:

“Only four or five per cent of the retail price

currently goes to the producer – even doubling

that would make little difference to the price.”

To help the industry work towards these

goals, BSI has proposed a Community of

Practice (CoP) in Ethical Fashion to educate

and reassure consumers, and encourage the

growth of the ethical fashion sector in the UK.

CoPs bring industry stakeholders together

helping to build a recognizable community

and a platform for collaboration.

Knitting tOgetherThere is a strong realization of the need for,

and the benefits of, a collaborative approach

to the development of labelling standards.

“The benefits of membership of a body like

this would outweigh the costs if it meant we

had strong branding to support our ethical

stance,” says Child. Linda Row of

Clothworks, another UK ethical fashion

brand, claims rivalries between fair trade and

labelling bodies are hampering standardiza-

tion, which could damage consumer trust.

While organic certification does already

exist for cotton crops, there is no labelling in

place for other aspects of ethical fashion –

even washing instructions on garments need

to be considered in terms of protecting the

environment, some argue – and the industry

has no single body to oversee standards.

The 2006 BSI workshop report found that

a CoP could help to find champions for the

ethical fashion sector, as well as providing

services such as conferences, discussion groups,

web forums and databases, marketing, brand-

ing and advice on intellectual property rights.

And why stop there – “I have a problem

with the idea of special status and an ethical

fashion stamp,” says Rhoades. “We should

be aiming to make it the norm”. n

Big-name fashion designers such as Stella McCartney have put ethical fashion firmly on the public agenda

16 business standards  April 2007

biG issue: information security

>safe and secureDo you know who has access to your company’s most important asset? Do you even know what that asset is? John coutts investigates the growing importance of information security.

000110101110110010101101110111011010110 01110110101100100110001 000110101110110010101101110111011010110011101 1010110 0111011010110010011000 0001101011101100101011011101110110101100111 011010110111011010 1100100110001110110101100100011010

for more information on iso/iec 27001 visit www.bsi-global.com/apr07infosec

Failure to manage information security

risks can have potentially disastrous conse-

quences. Just ask UK retailer TK Maxx: in

March 2007, it was announced that hackers

had stolen over 45 million credit card num-

bers from the UK clothing stores between

2003 and 2004. According to The Times,

“the theft of customer records held on com-

puters at the company’s British headquarters

in Watford, Hertfordshire, and in the United

States, Puerto Rico and Canada, is the big-

gest theft of credit card information in the

world”. In addition, “customers of the fash-

>safe and secure

ISO/IEC 27001: In a nutShEllISO/IEC 27001 sets out require-ments for information security management systems and it can be applied in just about any organiza-tion that depends on information. It’s an auditable and certifiable international standard, which means that companies and organi-zations can demonstrate their com-pliance with it by getting certified by an independent third party, such as BSI Management Systems. Certification proves that your organization has appropriate secu-rity controls to protect information assets. Certification does not mean that an organization is compelled to replace its IT infrastructure, but it does have to prove that it’s manag-ing information properly. The standard applies equally to elec-tronic and paper-based information systems. A related international standard, ISO/IEC 17799 (soon to be ISO/IEC 27002), can be used as a guidance document to support the development and maintenance of an information security manage-ment system. However, it is not a substitute for ISO/IEC 27001, which provides the auditable management system framework against which organizations can be independently audited.

takIng yOur buSInESS ElSEwhErETransaction processing, call han-dling, manufacturing and software development are among the key business functions that are now routinely outsourced to territories where costs are lower. For those providing outsourcing services, the ability to prove that clients’ confi-dential corporate and customer information is protected to the highest possible standards is vital. Certification to ISO/IEC 27001 provides that proof. “The biggest advantage is to provide the cus-tomer with confidence that their intellectual property or private data is secured using the world’s best practice,” says Eric Rongley, CEO of Bleum, China’s leading software outsourcing provider. “The biggest advantage was in getting certified. Through systematic identification and mitigation of risk, Bleum reduced its risk exposure in its already secure development centre by more than 80 per cent.”

000110101110110010101101110111011010110 01110110101100100110001 000110101110110010101101110111011010110011101 1010110 0111011010110010011000 0001101011101100101011011101110110101100111 011010110111011010 1100100110001110110101100100011010

0001101011101100101011011 101110001001100010001101011101100

ion chain’s 210 stores in Britain have already

had their card details used to make fraudu-

lent transactions” and details of the cards

have appeared for sale on websites known to

be used by organized crime.

As a consequence, the Information

Commissioner’s Office in the UK has

launched an investigation into the retailer’s

security measures, to determine whether or

not there are grounds for prosecution under

the Data Protection Act. As pointed out in

The Times, “if found guilty, the potential fine

is unlimited”. Headline-grabbing cases such as

this highlight just how vulnerable organiza-

tions can be and show how easily information

security can be compromised if the right con-

trols aren’t in place.

Providing a robust framework for protect-

ing confidential and sensitive corporate and

personal information is the role of an inter-

national standard for information security

management, ISO/IEC 27001. It provides a

model for establishing, implementing, operat-

ing, monitoring, reviewing, maintaining and

improving an information security manage-

ment system. ISO/IEC 27001 is the world’s

only certifiable information security standard

and it is suitable for any organization, large

or small, in any sector or part of the world.

“A lot of companies rely on information

these days and to lose that information

would cripple the business – it could also sig-

nificantly damage their brand,” says Robert

Whitcher, BSI Management Systems’ global

00011010111011001010 101110001001100010001101011101100 0100110001000110101110110010101101110111011010110010011000 010110111011101101

product manager responsible for ISO/IEC

27001. “The standard is an investment in the

business and in the future of that business.”

Organizations that implement the standard

must create an information security manage-

ment system (ISMS), develop a documented

information security policy and take steps

to manage identified risks. Although the

standard can be applied to the security man-

agement of information in any form – paper

or electronic – the shift to e-commerce and

new ways of doing business is an important

demand driver for the standard. This is

18 business standards  April 2007

where related standard ISO/IEC 17799 –

soon to become ISO/IEC 27002 – comes in,

as it provides further guidance for organiza-

tions developing and implementing an ISMS.

“We do all our business electronically –

including electronic auctions and electronic

tendering. Any form of compromise and we

just couldn’t do business,” says Mark Buggy,

IT delivery manager for the NHS Purchasing

and Supply Agency (NHS PASA).

Certification to ISO/IEC 27001 not only

helps NHS PASA to protect information, but

the assurances it provides means the organi-

zation is able to leverage the benefits of

e-commerce on an unprecedented scale.

“The positive benefit is very simple: it

means we can exist completely electronically,”

says Buggy. “We were able to do the first

major electronic auction for IT equipment

with absolute certainty that all the procure-

ment rules were met – as a result of which,

the health service saved about £60 million.”

The real value of ISO/IEC 27001 lies

in the fact that it is a certifiable standard.

Companies that choose the certification route

not only comply with the requirements of

the standard, but can also prove their com-

pliance to independent third-party auditors

– and do so on an ongoing basis.

Because certification provides valuable

assurances to customers and regulators, and

therefore a vital competitive edge, a growing

number of companies and organizations are

choosing certification. Since the launch of ISO/

IEC 27001 in 2005, more than 3,000 certifica-

tions have been achieved globally, most

through market leader BSI Management

Systems – and the number is increasing daily.

For example, Reuters is one of a growing

number of companies that have chosen certifi-

cation to ISO/IEC 27001. Founded more than

150 years ago, the company pioneered the idea

for more information on iso/iec 27001 visit www.bsi-global.com/apr07infosec

000110101110110010101 1011101110110101100100110001 00011010111011 00101011011110110 10110010011000 0001 1010111011001010 1101110111011

security management – ISO/IEC 27001 –

replaced the earlier British Standard,

BS 7799-2, which was first published more

than eight years ago. In order to maintain

certifications for their corporate information

security management systems, companies

that originally certified to BS 7799-2 must

certify to the new standard.

ADP is one of the world’s largest

providers of outsourced payroll services.

It’s a global operation, with headquarters

in the US. ADP India is a wholly-owned sub-

sidiary of ADP and it services the company’s

US and other global operations.

“Part of our business was already BS 7799

compliant, so we were familiar with the

majority of the requirements of the new

standard,” says Anoop Ratnaker Rao, senior

manager in charge of information security

and business continuity with ADP India.

“The key difference with ISO/IEC 27001

came with the 133 controls that are there.

It gives me a much more objective view of

things. The risk-based approach highlighting

the key focus areas and plotting them on a

priority risk ranking has helped as well. It’s

a lot more data-driven and a lot more rigour

goes into the whole process.”

Traditionally, the strongest business relation-

ships have been built on trust – both within

organizations and between them. But globali-

zation – and particularly outsourcing – means

that building those relationships is more of a

challenge. ISO/IEC 27001 plays an important

role in strengthening international relation-

ships. For companies that provide outsourcing

services – and for the organizations that use

those services – certification to ISO/IEC 27001

provides a trusted global benchmark.

of harnessing technology to distribute informa-

tion. Today, Reuters provides text, data,

pictures and video to newsrooms and financial

markets, as well as direct to consumers.

“Information is what Reuters does,” says

Malcolm Kelly, head of Europe, Middle East

and Africa Risks and Controls at Reuters.

“Ensuring that it is accurate, timely and

available to the right people has always been

vitally important to us. Gaining formal certi-

fication is a way of continually raising the

bar for service security and quality.”

As the world’s largest financial information

source, Reuters is serious about safeguarding

the security and quality of the proprietary and

third-party information that flows through its

systems: “We’ve taken steps to formalize the

information security management systems at

our major data centres and the operational

services they provide – including attaining cer-

tification to two industry-proven standards:

ISO 9001 and ISO/IEC 27001,” says Kelly.

What makes ISO/IEC 27001 particularly

valuable is that it encourages businesses to

consider the relative importance of informa-

tion assets in the widest sense. Confidentiality,

integrity and the ability to guarantee the avail-

ability of information are part of the equation.

“The standard urges you to mitigate risks,

or remove them by applying controls,” adds

BSI’s Robert Whitcher. But he warns that risk

management is not just an IT-led responsibility.

“The driver should come from the business

and the risk assessments should be carried out

at company level.”

ChangIng InFOrmatIOn SECurItyIntroduced as an international standard in

2005, the current standard for information

Bleum is China’s leading offshore software

outsourcing provider. Based in Shanghai, the

company’s services include managing complete

offshore development centres, developing and

maintaining specific software applications, test

outsourcing and staff augmentation (software

internationalization and localization).

“Bleum chose ISO/IEC 27001 because it is

the most widely respected security framework

in the world,” says Eric Rongley, Bleum’s

CEO. “Since we service large financial institu-

tions our customers have high expectations for

security with their outsource partners and they

most often request ISO/IEC 27001 certifica-

tion. We also found the risk management

methods in ISO/IEC 27001 complemented

Bleum’s statistical management practice well.”

Certification to the standard assists Bleum’s

customers in two ways: “First, the chance of a

security breach is significantly reduced.

Second, due to the rigour and credibility of

ISO/IEC 27001, they also have an easier time

convincing shareholders and regulators that

knowledge assets are not being compromised

through outsourcing.” says Rongley.

CrEdIt ChECk In JapanJapan’s privacy laws are amongst the toughest in the world. For organizations that handle person-al information, such as banks and credit card companies, third-party verification of information security controls is a legal requirement. Certification to ISO/IEC 27001 is central to that requirement and this is one of the reasons Japan has more ISO/IEC 27001 registra-tions than any other country. Certified to ISO/IEC 27001 in 2005, Japanese credit card company JCB Co Ltd employs more than 2,500 people in 50 different departments. The need to mitigate risk and to ensure that customer data is protected are an integral part of the business operation. ISO/IEC 27001 provides a mecha-nism that systematically covers every aspect of information secu-rity risk throughout the company. JCB selected BSI Management Systems as its partner in the certification process.

“We chose BSI because of its ample assessment experience and on-target assessment tech-niques,” says Haruhiko Hitsuji, ISMS project leader in JCB’s compliance department. “A pre-cise evaluation by an independent certification body such as BSI enables us to cover every aspect, including things which internal auditing and monitoring cannot spot. We know BSI’s assessments will continue to further enhance our management systems.”

thE lIFEblOOd OF OrganIzatIOnSBSI Management Systems’ deci-sion to join the Cyber Security Industry Alliance (CSIA), a leading information security advocacy group, underlines its commitment to playing a global leadership role. Gary Pearsons, president of BSI Management Systems Americas said: “Information is the lifeblood of organizations and in today’s competitive business environment, it is increasingly at risk. We look forward to working with CSIA and its members to continue to improve cyber security policy through education, awareness and advocacy, both domestically and internationally.” CSIA is led by CEOs from the world’s top security providers and is the only group of its sort exclusively dedicated to ensuring the privacy, reliability and integrity of information systems through public policy, education and awareness.for more information on csia visit www.csialliance.org

0001101011101100101011011 10111000100110001000110101110110000011010111011001010 1011100010011000100011010111011000100110001000110101110110010101101110111011010110010011000 010110111011101101

ISO/IEC 27001 is designed to work along-

side a suite of other management system

standards including ISO 9001 and ISO 14001.

It is trusted by some of the most security-con-

scious organizations in the world – ones that

stand to lose far more than money and cus-

tomers if they get it wrong.

“There are lots of US government

agencies that are certified to ISO standards

and I think what you’ll find is that they

appreciate the discipline, the focus and the

timelines. I call it enforced common sense,”

says Monroe Ratchford, a consultant with

the Institute for Quality Management (IQM),

a US-based business performance specialist.

IQM works with US government depart-

ments, including the Department of Defense,

and major US intelligence agencies. Although

these cannot be named for security reasons,

at least one agency has been certified by BSI

to ISO/IEC 27001. The fact that the standard

is a trusted component of national security is

a testament to its effectiveness.

“Standards are useful in providing a common

language on how we’re going to operate with

each other,” says Ratchford. “It’s for better exe-

cution, teamwork, knowledge transfer and

articulating budget needs. All of those come in

to play when you do the ISO approach.”

And for those that certify to ISO/IEC 27001,

compliance means not just effective informa-

tion security risk management, but greater

business discipline. “It’s based on the ‘Plan-Do-

Check-Act’ cycle, so an organization can

continuously improve itself,” adds Whitcher.

“If you know there’s going to be an assessment

visit, it provides a timescale and a goal, so it

helps business focus. Certification is not the

end game – it’s the beginning.” n

T-Mobile UK is the first company in the world to attain certification to PAS 99 and, in doing so, it has cleaned up layers that can otherwise clog up a business.

>Standard bearer

The launch of PAS 99 – the integrated man-

agement systems specification – in August

2006 broke new ground as the first guide to

apply a common framework to a number of

different management systems. The primary

goal of PAS 99 was to improve efficiency while

at the same time tackle a lingering critique of

management systems – that they add another

layer of bureaucracy – by actually reducing it.

PAS 99 was initially aimed at integrating

the management processes of two or more

management system standards but now can

be used to integrate any formal or tailored

processes into one system. The premise is

that, as all standards share the same elements

(policy; planning; implementation and opera-

tion; performance management; improve-

ment; and management review) holders of

these standards should be able to look at

them in a holistic manner.

Sounds good in theory, but what about in

the real world? Every organi-

zation has a vested

interest in

improving

efficiency and cutting needless bureaucracy,

but does PAS 99 hold water when it comes

to delivering meaningful benefits? Is a com-

mon approach the best way to tackle issues

as diverse as health and safety, the environ-

ment and information security? Can a reduc-

tion in bureaucracy be achieved without

resorting to an unacceptable level of risk?

Fortunately, the answer to the above ques-

tions appears to be yes, at least according to

one early proponent. In December 2006,

T-Mobile UK became the first organization in

the world to attain PAS 99 certification when it

applied the specification to its ISO 14001 and

OHSAS 18001 systems, and Nigel Wilkinson,

head of Health, Safety and Environment at the

mobile phone operator, believes the whole

experience has been positive.

“We understood there was a good business

case for implementing an integrated manage-

ment system for a number of reasons,” he

says. “First of all, unifying our health and

safety, and environment management systems

into one code helped us to focus on documen-

tation by merging our policies and processes.

For example, we used to use two separate cor-

rective action logs for health and safety and

environment, but now we’ve merged every-

thing into one. It’s difficult to put a numerical

value on the benefits, but we’ve reduced the

amount of paper we use by having fewer doc-

uments in circulation. This has helped us to

work in a more planned and systematic way,

which makes us more customer friendly when

dealing with our internal customers.”

InTAngIble benefITSFeedback from internal customers has so

far been good, says Wilkinson, although he

says that, as with so many areas of business

life, most of the knock-on effects of PAS 99

are intangible and impossible to quantify.

This is not to downplay their importance,

as intangibles account for 90 per cent of

an organization’s net worth these days

according to some studies.

For example, Wilkinson says the new

streamlined environmental management policy

will be key to helping T-Mobile meet its 2007

targets of increasing recycling by 25 per cent

and cutting its carbon footprint by five per

cent, even as it builds its mobile network.

Another area where intangible benefits are

delivered is in employee retention. Wilkinson

says that health, safety and environmental

questions always achieve among the highest

satisfaction levels in the annual employee

survey, and maintaining focus in this area

helps keep morale high.

“Our HR director wants us to become an

HPO – high performance organization – and

being the first organization in the world to

feature: t-mobile

20 buSineSS StandardS  April 2007

officially attain an integrated

health, safety and environmental

management system certainly proves

we are world class,” says Wilkinson.

He adds that attaining PAS 99 was not

difficult given the preparatory work that

the company had done in implementing

ISO 14001 and OHSAS 18001. T-Mobile even

gained certification three months ahead of its

end-Q1 2007 deadline. However, he might be

being modest. BSI Management Systems

encouraged T-Mobile to go for the standard

after having been impressed by the firm’s com-

mitment to ISO 14001 and OHSAS 18001, as

well as its robust internal communication sys-

tem, which enabled it to get the message across

quickly and efficiently across the business.

“We have a team of five in HS&E in

T-Mobile UK and it’s crucial that we had one

member of the team that project managed

ISO 14001 and OHSAS 18001 who was dedi-

cated to the task and mindful of the deadlines

and dates. Also, because I report directly into

the HR director, I sit down with each director

every six months to go through the HS&E

plan. From the top level as well as at grass

roots, we have excellent commitment and this

has been critical. We have an excellent HS&E

culture here and each department is pulling in

the same direction. Culture is the most difficult

thing to get right and we’ve done this.” n

2006:T-Mobile becomes the first organization in the world to attain PAS 99 certification

for more information  visit www.bsi-global.com/apr07pas99

22 business standards  April 2007

bsi british standardsBSI British Standard offers seminars and con-

ferences on standards, covering a diverse 

range of topical issues from the future of the 

security industry to the practical implications 

of a new fire standard. Our events provide del-

egates with the knowledge and understanding 

required to effectively implement and manage 

the legislation, directive or standard in ques-

tion. Consequently, delegates are better 

equipped to face their professional challenges 

and responsibilities.

ConferenCesOur conferences bring together key players  

to debate the latest trends, regulations and 

issues with opportunities for delegates to  

take part in open discussions and debates  

led by panels of expert speakers. In addition, 

these conferences may be accompanied  

by workshops to provide guidance and practi-

cal advice. Past conferences have covered  

Web Accessibility, Biometrics, Employee 

Screening and Freedom of Information in  

the Private Sector.  

Conferences coming soon include: > implementing sustainable procurement:

Moving from strategy to practical implementation in the private and public sectors  

3 July 2007

business inforMation CoursesThese courses offer practical advice and 

guidance on the implementation of legisla-

tion, directives, standards and supporting 

publications. Each course is based on “best 

practice” and delivered by industry experts. 

We can also tailor our training specifically for 

your organization, whereby our expert tutors 

run the course on your premises and focus 

specifically on the issues that affect your 

organization the most.

Medical devices: We have a large portfolio of courses in the Medical Devices area covering issues from risk management and process validation to achieving market entry for medi-cal devices. Your organization is sure to gain invaluable insight.

it service Management: IT service providers need to be confident that their organizations have processes and procedures in place that demonstrate compliance. Our courses focus on ISO/IEC 20000 and will help you bench-mark your capability in delivering managed services, measuring service levels and as-sessing performance.

information security (is): These courses focus on the internationally recognized Infor-mation Security Management Standard (ISMS) – ISO/IEC 17799, also known as BS 7799 . Attending these courses will help you implement the standard, minimizing your organization’s internal and external IS threats.

(iseb) information security examinations

board: Providing you with an industry recognized qualification, we offer seven ISEB Certificates in Data Protection, Freedom of Information, Software Asset Management, IT Service Management, IT Law, Information Risk Management and Information Security

Management Principles. These certificate courses will empower your organization to effectively establish, manage and protect important information while meeting legislative requirements.

fire safety: Our range of fire safety and emergency lighting courses will assist you in designing and implementing company policies regarding fire safety, emergency lighting and sprinkler systems, allowing you to meet your legislative requirements.

information Management: These seminars will help you understand the importance of manag-ing, storing and retrieving information, thereby increasing information management effective-ness and efficiency.

business Continuity Management: New for 2007, BSI Business Information is running a series of courses relating to BS 25999 – the new BCM standard and BCM best practice. Courses range from awareness of the standard to detailed training on particular aspects.

other courses: Include Introduction to PAS 78 Website Accessibility and Understanding and Implementing BS 7858 – Security Screening of Individuals.

for more information on any bsi business information seminars or conferences visit: www.bsi-global.com/apr07seminars, phone Customer services on +44 (0)20 8996 9001 or email info@bsi-global.com.

new titles Now available: three new books from BSI for your reading list.

A Guide to Corporate Social ResponsibilityProvides an introduction to the relevant concepts of CSR with an examination of how these concepts have been brought to bear on the real world, and looks at how these can be incorporated into the life and culture of your business. Price £19.99* bsi order ref biP 2089 www.bsi-global.com/biP2089

events &Courses

bsi trainingBSI Training is a leading international provider 

of training courses on management systems 

standards. We will equip your staff with the 

expertise they need to deliver outstanding 

results when implementing management  

systems. Our courses cover:

Quality ManageMentISO 9001 is the most widely recognized interna-tional standard for quality. Today’s most successful organizations know the importance of having proven Quality Management Systems in place and the benefits achievable through imple-mentation of ISO 9001. Our courses include: >Understanding ISO 9001>Implementing ISO 9001>Auditing to ISO 9001>Internal Auditor: ISO 9001>Lead Auditor: ISO 9001

inforMation seCurityOrganizations are taking positive steps to ensure the integrity and security of their organizational information. ISO/IEC 27001 provides a framework to initiate, implement, maintain and manage information security. BSI provides training in:>Introduction to ISO/IEC 27001>Implementing ISO/IEC 27001>Internal Auditor: ISO/IEC 27001>Lead Auditor: ISO/IEC 27001

integrated ManageMent systeMsOur IMS training allows you to manage your existing management systems more holisti-cally, thereby maximizing your organizational

efficiency and effectiveness. IMS courses are:>Implementing an IMS>Process Audit

health and safety trainingOrganizations employing a well structured and effective Health and Safety Management System are well placed to ensure legislative compliance and to develop a positive approach to safety management within the workplace. Our courses include: >Introduction to OHSAS 18001>Implementing OHSAS 18001>Internal Auditor: OHSAS 18001>Lead Auditor: OHSAS 18001

environMental ManageMentWith environmental issues becoming increas-ingly central to the policy agendas of most organizations, BSI Training provides a series of open courses that will assist individuals and organizations in their understanding of a wide range of environmental issues and management practices. Our courses include:>Introduction to ISO 14001>Implementing ISO 14001>Internal Auditor: ISO 14001> IEMA Advanced Lead Auditor: ISO 14001 

six sigMaSix Sigma is an approach to business improve-ment that focuses on the reduction of variation in all work processes. This results in high quali-ty processes which in turn leads to customer satisfaction and increased profits. Operational Six Sigma is used in the production environ-ment to reduce variation in process output.

Transactional Six Sigma is used to reduce variation in administrative or service related processes. Our courses include:>Introduction to Six Sigma>Transactional Green Belt/ Black Belt>Operational Green Belt/ Black Belt

other bsi training Coursesgreenhouse gas training> Introduction to Greenhouse Gas > Greenhouse Gas Verification> Practical Compliance, Greenhouse Gas

industry specific – automotive> Understanding and Interpreting  

  ISO/TS 16949:2002 Requirements > Implementing the Automotive Process  

  Approach for ISO/TS 16949:2002> Auditing the Automotive  

  Process Approach

it service Management > ISO/IEC 20000 – Understanding  

  and Auditing

Medical device Management> Understanding Medical Device Management 

  Systems – ISO 13485> Internal Auditor: ISO 13485

food safety> ISO 22000: Introduction to Food Safety  

  Management

Complaints Management> Implementing an effective Complaints  

Management Scheme ISO 10002

to find more information about bsi training courses, visit www.bsi-training.com for the uK or www.bsi-global.com/apr07training

Demonstration of Conformity to a StandardExplains the work of those who provide conformity assessment and standardization, to give advice on how to make use of what they can deliver, to provide

assured demonstration of conformity to standards. Price £25* • bsi order ref biP 2113www.bsi-global.com/biP2113

Freedom of InformationExplores the Freedom of Information Act 2000 (FOIA) and the Freedom of Information (Scotland) Act (FOISA) for private sector organizations that

provide information to public authorities. Price £30* bsi order ref biP 0086www.bsi-global.com/biP0086*Plus P&P – UK standard deliv-

ery £5.95 (inclusive of VAT);

Rest of World standard delivery

£9.95 (plus VAT if applicable).

bsi offers training in all of the following Countries, as well as the united KingdoM:France, Hungary, Italy, Poland, Russia, Spain, Turkey, UAE, China, Taiwan, India, Hong Kong, Japan, Korea, Singapore, Thailand, Canada, Brazil, Mexico, USA

training

24 business standards  April 2007

Plastics are so ubiquitous as to go almost

completely unnoticed by the general public

these days – except, it seems, when the issue

of recycling is raised.

“The fate of waste plastics has become a

high priority concern,” says Alex Price, BSI’s

PRI/89 Plastics Recycling committee secretary

and programme manager. “The public percep-

tion of plastics is that they are a ‘necessary

evil’, but they serve a function that we some-

times forget.”

Plastics are lightweight and their use in the

transportation of goods has resulted in signifi-

cant fuel savings, Price points out. They are

also usually flexible enough to withstand drop

test failure and manufacturers are able to pro-

duce new designs easily. In addition, plastics

packaging helps keep food fresh for longer

and prevents contamination.

However, Price agrees that plastics also

present some disadvantages: they require the

use of non-renewable oil-based chemicals, and

waste plastics have long been a problem.

Recycling is one solution, but in fact the

amount of waste plastics remains vast –

approximately 20-25kg per person in the UK

per year, of which only 5kg is ever fully recy-

cled. It represents a considerable amount of

landfill usage, especially when you consider the

impact recycling has: recycling one tonne of

polyethylene terephthalate (PET) plastic bottles

equates to 1.5 tonnes of CO2 saved against

landfill or incineration. In addition, use of

recycled plastics can reduce overall energy

consumption by two-thirds, reduce SO2 and

NO2 emissions by one-third, water wastage by

up to 90 per cent and CO2 by up to 2.5 times

that of production of virgin materials.

Part of the challenge to encourage more

recycling is the lack of standards for recycled

plastics. BSI has been working to “provide

input into the area of recycling of waste plas-

tics, by means of mechanical, feedstock and

chemical processes that will finally enable end-

users to specify these materials with confidence

and to provide an accepted international basis

against which plastics recyclers can classify

their products.”

The intention is to highlight and promote

best practice in the UK, and put this forward to

the European forum. These will form the foun-

dation of the standardization of test methods,

sampling, specifications and conformity assess-

ment in the field of recycled plastics. This work

includes: defining the vocabulary for plastics

recycling; classification and marking of plastics

recyclates; establishing plastics recycling tracea-

bility and assessment of conformity – having

knowledge of the source and use of waste plas-

tics that are due to be reprocessed is essential;

and creating a series of characteristics for plas-

tics recyclate from the main polymers types.

These standards are expected to be published

by the end of 2007. By creating a platform

from which the current status of recycled plas-

tics can be properly and realistically

assessed, it is hoped that we might

be able to put the results to good

use for our environment. n

>PLastiC FantastiC

raising the standard

“The fate of waste plastics has become a high priority concern”

> > > >

For more information, visit www.bsi-global.com

Since its foundation in 1901, BSI Group has grown into a leading independent professional services business. The Group now operates in over 100 countries and has more than 2,250 staff.

> certifies management systems and products;> provides product testing services;> develops private, national and international standards;> provides training and information on standards and international trade; and > provides performance management software solutions.

StandardS & PublicationSBSI British Standards is the National Standards Body of the UK, with a globally recognized reputation for independence, integrity and innovation in the production of standards that promote best practice. It develops and sells standards and standardization solutions to meet the needs of business and society.

aSSeSSment & certificationBSI Management Systems provides independent third-party certification of management systems and BSI Product Services delivers product and service certification and marking, including Kitemark® and CE marking. BSI Entropy provides software solutions to help improve environmental, social and economic performance.

Product teStingBSI Product Services has the capability to test a huge variety of industrial and consumer products such as construction, fire safety, electrical, electronic and engineering products and medical devices and can identify technical requirements, product testing and certification schemes for most countries in the world.

training & conferenceS BSI Group is a leading provider of training, conferences, information and knowledge on standards, management systems, business improvement, regulatory approval and international trade. This includes guidance to help customers understand how standards can be used and applied every day.

AbouT bSI groupbSI group:

Kitemark and the Kitemark logo are registered trademarks of BSI

raising standards worldwide™

REGISTER FOR YOUR FREE PLACE NOW! www.bsi-uk.com/07conferences

Kassam Stadium, Oxford

Wednesday 20 June

Raising the Standard for Risk & SustainabilityC O N F E R E N C E P R O G R A M M E 2007 2

Better Standards, Better Regulation, Better BusinessC O N F E R E N C E P R O G R A M M E 2007

Kassam Stadium, Oxford

Tuesday 19 June

Reserve your free place at a BSI Management Systems’ 2007 conference. You havea choice of attending one of two conferences, delivering thought leadership, updateson the latest management system standards and presentations on topical businessissues surrounding two themes:

For further information or to book yourplace visit:www.bsi-uk.com/07conferences

This event aims to provide delegates with a valuable insight into howstandards integration and business improvement tools such as ISO 9001(Quality), Six Sigma and benchmarking can help their organizationsoptimize business performance and reduce the pain of regulation.

Delegates will have the opportunity to explore the role that standardssuch as ISO 14001 (Environment), BS 8900 (Sustainability Management),OHSAS 18001 (Health & Safety) and BS 25999 (Business Continuity) canplay in helping you manage and strengthen your business.

BSI 2007ConferenceProgramme

UK Conference Advert FINAL2:Layout 1 30/3/07 16:22 Page 1