Home Resources Blog January 2021

Meet our Partners - Teamwork IMS

27 January 2021
This month's Meet Our Partner is Salli Lucas from Teamwork IMS, find out how they can help you reap the benefits from your management system and understand some of the more complex issues.

What standards can you help NQA clients with?

  • ISO 9001 - Quality Management Systems

  • ISO 27001 - Information Security Management Systems

  • ISO 27701 - Personal Information Management (PIM)

  • GDPR - General Data Protection Regulation

  • ISO 20000 - IT Service Management

  • ISO 22301 - Business Continuity Planning & Management

  • ISO 14001 - Environmental Management Systems

  • ISO 45001 - Occupational Health & Safety (formerly OHSAS 18001)

  • ISO 50001 - Energy Management

  • ISO 44001 - Collaborative Business Relationships

Teamwork also provides expert information security advice covering all aspects from physical security reviews to compliance with legislation, including:

  • ISO 27017 - Cloud Security
  • Cyber Essentials Scheme
  • PCI DSS (Payment Card Industry Data Security Standard)
  • QSA (Qualified Security Assessors)
  • Public Services Network (PSN) compliance
  • SOC 2 audit readiness, assessment and remediation support
  • Design and Consultancy in the Public Sector
  • Data Protection (GDPR / Data Protection Act / PECR etc)
  • HSCN Data Security and Protection Toolkit (DSPT)
  • Gambling Commission Security Audit
Additional Teamwork compliance services for other legislation and best practice Standards include:
  • ESOS - Energy Savings Opportunity Scheme
  • SECR - Streamlined Energy and Carbon Reporting

About your company

Since 2007, Teamwork has been solving compliance challenges for a huge range of organisations, from SMEs to large corporates. We have developed and led UKAS accredited ISO and other service improvement programmes using Standards as best practice models.

We also provide outsourced services assisting many types of organisations to maintain their compliance programmes.

Our team of 20 professionals including HMG, CISSP, PCI Security Standards Council QSA, MBCI, GDPR, IEMA, ESOS and CMIOSH qualified consultants support private and public-sector organisations across the UK, EMEA, US and beyond, from 5 to over 20,000 people businesses.

We work with some interesting NQA clients, from multi-nationals including Lockheed Martin, household names like Wren Kitchens, to established ICT sector companies Engage Hub and TriOpsis for example, to more embryonic ones, such as Physiotherapy App Developers On The Mend.

Our experience of delivering certification projects enables us to be cost effective, pragmatic, focused and happily, successful, even throughout these strange times.

Why do you like working with NQA?

We do like working with NQA! We find them to be highly professional, responsive to our enquiries, with keen pricing and commercial awareness. The Assessment experience is consistently good and constructive, and certificates are issued without delay.

On the rare occasions when any issues have arisen NQA have worked with us to quickly and effectively resolve things.

NQA’s commitment to effective communications, ethics and transparency has been very clear during the peculiar and unexpected challenges that the Covid pandemic has presented to them (and the Certification sector as a whole for that matter).

Top tip for people looking at certification?

As we often hear, it is one thing to achieve a certification – it is another to retain that certification!

A key part of UKAS Accredited Certification is that there must be a programme of continuing assessment. In many cases this will be conducted every 6 months. No resting on your laurels!

Therefore, we strongly recommend you consider during your implementation programme (and definitely before going through your initial Assessment with your Accredited Certification Body) how you will deal with the ongoing maintenance and continual improvement requirements.

There is certainly a great deal of effort needed to successfully achieve Certification and this is usually followed with a big sigh of relief. However, it is amazing how quickly the next Assessment visit comes around again, and you really do not want the stress of having to scramble to catch up at the last minute. Indeed, if you find yourself in this position, that means that the Management System you have put so much effort into implementing, will not actually be as effective as it should be, and you will not be getting the Return on Investment that you deserve!

So, make sure you build a good view of your plans for audit, compliance, continual improvement, risk review, etc, and  what resources and competency levels you will need to achieve this. This may simply mean that you need to train existing internal people, or that you need to supplement your team with outsourced expertise from a consultancy such as ours. Indeed, many of our clients retain a subset or a range of our services for years to enable them to focus on their ‘day job’!

What do you find is the most common point of misunderstanding regarding certification or specific standards when visiting clients?

UKAS! UKAS! UKAS! Oh, and did I say… UKAS!

Well… Who Audits the Auditors? And are they themselves completely independent of the Auditors?

A rigorous global governance framework has been developed over many years, so that effective standards of auditing, as well as vital independence and impartiality is built into the UKAS Accredited ISO Certification process.

Unfortunately, this is not always well understood or even well known, and it’s particularly unfortunate when we find procurement teams asking their suppliers:
“Do you have ISO 9001/ISO 27001/ISO 14001” etc and then not fully qualifying a simple “Yes” response!

The question to ask is really:
“Do you have UKAS Accredited ISO 9001/ISO 27001/ISO 14001” etc, and to ask for a copy of their certificate(s) to verify this.

But what is the difference? And how do you verify it? A quick glossary of terms to start with:

  • ISO – the ‘International Organization for Standardization’ develops and publishes Standards worldwide, but does not audit them.

  • IAF - International Accreditation Forum provides a single worldwide programme for Conformity Assessment Accreditation bodies to comply with when they conduct audits against ISO Standards.

  • UKAS - United Kingdom Accreditation Service, is the sole national accreditation body recognised by the UK government to assess the competence of organisations that provide certification (and other) services. UKAS is also recognised as a Signatory to the IAF MLA (Multilateral Recognition Arrangement). This means that in practice, UKAS Accredited Certifications to ISO Standards are recognised internationally.

NQA is accredited by UKAS which means that NQA not only have to conform with ISO 17021 (Conformity assessment — Requirements for bodies providing audit and certification of management systems) but also to be assessed by UKAS that they are meeting the ISO 17021 requirements. This is demonstrated by the UKAS ‘Crown and Tick’, plus NQA’s UKAS accreditation number being shown on certificates for ISO Standards awarded by NQA to their customers.

To be absolutely certain that you are looking at a genuine certificate too, you can check with the Certification Body who issued it, to confirm that it is valid and has not been suspended for any reason.

This governance framework therefore reduces risk throughout national and international supply chains, by assuring them that UKAS accredited certificates can be relied on.

The absence of UKAS Accreditation for an ISO Certificate should really ring alarm bells to anyone purchasing or using a product or service - how do you know it’s not “just a piece of paper”, without assurance of proper implementation that this robust governance framework provides?

Is there anything else you'd like to let our readers know?

What is the value of consultancy?

Consultancy costs can often seem high in comparison to applying your own resources to managing a project to implement your ISO Standards. But we see over and over again, how the value of using a consultancy can outweigh the cost considerably.

It can be an unexpectedly complex project to manage, and even more so if you are implementing more than one Standard. and/or your existing teams are busy focusing on other operational priorities.

Bringing in external, and highly experienced resource to avoid your teams being distracted from the things that they already do best, can actually pay dividends.

It is just like outsourcing other specialist services such as your HR or IT support – so why not outsource compliance services to specialists too?

For more information please visit us at:

Website:  www.teamworkims.co.uk

-------------------------------------------------------------------------------------

* Disclaimer:

NQA does not provide consultancy in order to remain impartial from management systems implementation.

NQA shall not imply that certification would be simpler, easier, faster or less expensive if a consultancy listed on the ACR is used.

ACR Consultants shall not imply that NQA certification would be simpler, easier, faster or less expensive if their services are used.

NQA remains impartial from our partners on our Associate Consultant Register and does not endorse one partner over another.

‘Our consultants’ do not work for NQA, they work as independent bodies in partnership with us through our Associate Partner Programme. In accordance with the accreditation standard ISO 17021-1:2015 NQA does not provide consultancy in order to remain impartial from management systems implementation.