When lockdown ends - if you’re of the mindset that the light at the end of the tunnel is not an oncoming train - do you intend to get everyone back to their ‘usual place of work’, or is flexibility going to be a permanent thing?
The target date for all Covid-related restrictions to be lifted In England is 21 June if everything goes to plan. The dates for the other home nations are less specific.
Many businesses made a swift transition in March 2020 to home working (or ‘remote working’ as it’s often called, or even ‘telecommuting’ if you want to impress your friends). But they did this almost overnight, understandably, with no formal review of policies and procedures.
If you haven’t used the last year to undertake a review, now’s the time. And you may want to consider utilising a range of established management systems to facilitate the change and uphold standards as you face the future, whether it’s from the office or the kitchen table:
Up to 65% of all organisations have either been breached or exposed to a cyber-attack during lockdown, recent research shows. It’s not surprising, as companies have become reliant on decentralised systems. Staff are in many cases using personal devices to access virtual private networks (VPNs). In terms of data security, it’s not always in the digital domain. How many staff have facilities for disposing of confidential waste at home, for example?
The international standard that covers all these bases is ISO 27001 Information Security Management Systems. This popular standard is about more than just cyber security. Whatever form the information takes, or means by which it is shared or stored, ISO 27001 certification helps ensure it’s always appropriately protected to assist with the preservation of:
- Confidentiality – ensuring that access to information is appropriately authorised
- Integrity – safeguarding the accuracy and completeness of information and processing methods
- Availability – ensuring authorised users have access to information when required
Interest in this has risen sharply with the shift toward remote working.
When lockdown came in March 2020, many businesses just came to a halt. Some of those, sadly, will never open their doors again. Some are just about holding on. But those with well-tested business continuity plans were much better placed to survive and even thrive.
The ISO 22301 Business Continuity Management standard is the best system you can put in place, bar none. Not only does it help reduce the likelihood of disruptive incidents and keep your organisation running through challenging times, it also helps organisations recover more quickly too.
Its’s a system to ensure you leave no stone unturned when it comes to planning for worst case scenarios. It’s not just for major events like a lockdown, but also the more minor inconveniences like unscheduled absence of key staff.
Yes, you can have a business continuity plan without going to the bother of getting certified. But far too often those plans are not tested. Only third-party certification from an independent auditor can guarantee that a plan will not be left untended.
So, you can have secure information and plans in place to ensure you don’t have to shut up shop. But your organisation is nothing without healthy, well-motivated people. Never has the health and wellbeing of workers (indeed, every individual) been under the spotlight so much as this last year. The true cost will not be known for some time yet.
There are two complementary systems that can help you protect and enhance the health safety and wellbeing of your staff (and even yourself).
First is the ISO 45001 Occupational Health & Safety Management System. This is one of the most popular of all ISO standards and for good reason. It’s an overarching system that not only helps protect your workers, it also steers you toward legal compliance. Senior managers are now held personally responsible for health and safety in their organisations. In addition, new sentencing guidelines introduced in 2016 have resulted in harsher punishment for failures. The standard provides protection for you, your employees and your organisation. It's the single best way of managing risk in your organisation.
Second is the PAS 3002 Code of Practice on Improving Health & Wellbeing Within an Organisation. It’s not an ISO standard, but a code of practice which is implemented, maintained and certified in just the same way. It’s the perfect complement to ISO 45001 yet can work on its own too. It focuses on some of the ‘softer’ aspects of health and wellbeing such as the psychological health of employees. It helps foster a work culture that offers strong, ethical relationships, a collaborative and communicative management style, and an organisational culture in which learning and development are encouraged.
Robustness of supply chains
When you’re selecting suppliers, what criteria do you use other than financial considerations? Your supply chain needs to be robust and you may even have ethical reasons for wanting to ensure your suppliers operate in a certain way.
Organisations are more frequently demanding that their suppliers are certified to relevant standards such as those above and perhaps ISO 9001 Quality Management and ISO 14001 Environmental Management. It makes the process of selecting suppliers easier and gives you certainty that they can maintain standards.