The ISO Show Podcast Por Blackmores UK arte de portada

The ISO Show

The ISO Show

De: Blackmores UK
Escúchala gratis

Blackmores is a pioneering consultancy firm with a distinctive approach to working with our clients to achieve and sustain high standards in Quality, Risk and Environmental Management. We'll be posting podcasts discussing ISO standards here very soon!All rights reserved Economía Gestión Gestión y Liderazgo
Episodios
  • #246 Pedalling Towards Purpose – Forests Journey To B Corp Accreditation

    #246 Pedalling Towards Purpose – Forests Journey To B Corp Accreditation
    Mar 19 2026
    Watch the video interview here Europe is only partially on track to meet its 2030 environment and sustainability objectives, and while some objectives are being scaled back, we are seeing the introduction of more regional regulations that require tangible annual sustainability reporting. Businesses that have built sustainability into their way of working from the start are leading the charge and defining what it means to operate responsibly. As with today's guest, Forest, an e-bike provider that is not only 100% powered by renewable energy but has also achieved the coveted B Corp Accreditation. In this episode, Mel Blackmore is joined by Laura Elms, VP of Sustainability & Corporate Affairs at Forest, to discuss how they embedded sustainability from the start and explore their journey towards B Corp Accreditation. You'll learn · Who are Forest? · Who is Laura? · Why was B Corp important to Forest from the start? · What other Standards do Forest currently hold? · What does Forest's higher B Corp score of 99 mean in reality? · How did Forest embed sustainability into a business from day one rather than retrofitting it later? · How has Forest balanced growth with genuine environmental accountability? · What does tackling Scope 3 look like in urban mobility? · Why did they also attain Verra Validation, and why does third-party validation matter? · How do sustainability, communications and public policy intersect in Laura's role? · Advice for those seeking B Corp Accreditation · B Corp Version 7 · What role do you think sustainable transport should play in helping cities to meet their net zero targets? Resources · Forest · B Corp Accreditation · Carbonology In this episode, we talk about: [00:30] Episode Summary – Mel is joined by Laura Elms, VP of Sustainability & Corporate Affairs at Forest, to explore how they lead the way in sustainability including insight into their journey towards B Corp Accreditation. [01:10] Who are Forest? Forest is the only shared E-Bike operator to power its entire fleet with 100% renewable energy. It's also one of the world's first micro-mobility companies to have B Corp Accreditation and Verra Validation. [01:40] Who is Laura and how did she get involved with sustainability? Laura admits that she had a rather non-linear approach to getting into sustainability. She started her career shortly after graduating in financial communications and investor relations. Working in her first firm, she worked closely with a women called Caroline who went on to found Forest along with two other co-founders. Caroline reached out to her 2 years after starting Forest and Laura felt it was a no-brainer as she had a pre-existing interest in sustainability, and had come to prefer the start-up space over a more corporate setting. As is typical with the nature of start-ups, Laura wore many hats from the outset as it was a small team of four. Sustainability was what she was most passionate about, and has been the area she nurtured for Forest over the course of her six years working with them. [03:40] Why was B Corp important to Forest from the start? Laura noticed that B Corp was gaining traction back when Forest started in 2020. She was curious about the intersection between B Corp and ESG, particularly from a start-up perspective. When starting at Forest, she knew it would be a significant benefit to utilise renewable energy, but she felt like they needed to go above and beyond that. From there she researched B Corp and the costs involved, which were affordable as it's relative to your revenue, which is a great advantage to start-ups. She was pleased to find that Forest could cover the 5 pillars of B Corp's credentials, not only providing bikes for urban settings but also providing excellent governance and additional benefits to their surrounding community, workers and environment. In short, B Corp helped set the foundations for a good well rounded company that could grow. [05:15] What other Standards do Forest currently hold? Forest currently hold ISO 9001 certification and are looking to implement ISO 14001 in the near future. They currently operate within 18 boroughs in London, and are expanding from one central hub to several more warehouses, which is what will be covered under that ISO 14001 scope. With B Corp as their guiding North Star, they're confident they have all the right foundations in place to grow as needed. [06:10] What does Forest's higher B Corp score of 99 mean in reality? Within B Corp there are 5 pillars: · Community · Environment · Governance · Customers · Workers Its core focus is sustainability, but its approach is much more holistic and similar to the way ISO's implement a system that ...
    Más Menos
    24 m
  • #245 What's The Difference Between TISAX and ISO 27001?

    #245 What's The Difference Between TISAX and ISO 27001?
    Mar 4 2026
    For those in the automotive industry, namely suppliers working with European OEM's, you're likely familiar with TISAX but not necessarily with the Standard that many of its requirements originate from. ISO 27001 is the leading Information Management Standard, and its Annex A forms the basis of TISAX, however there are many differences between the two. For Automotive suppliers looking to create a more holistic Information Security Management System, it can be beneficial to implement elements of both even if you don't intend to certify to both. In this episode, Ian Battersby is joined by Emma Coxhill, isologist at Blackmores, to explore the differences between TISAX and ISO 27001, how existing ISO 27001 compliant management systems can be leveraged for TISAX compliance and the benefits of implementing both Standards for automotive suppliers. You'll learn · How does TISAX differ from ISO 27001? · How does the recertification / annual surveillance for TISAX and ISO 27001 differ? · Can a company have TISAX without ISO 27001 and vice versa? · How can an existing ISO 27001 certification be leveraged for TISAX? · What are the additional benefits of implementing both TISAX & ISO 27001? · What is a reasonable timeframe for implementing TISAX? · The key role of Internal Audits · How can Blackmores support companies in implementing TISAX? Resources · Register for our TISAX webinar here · ENX · Isologyhub In this episode, we talk about: [02:05] Episode Summary – Emma Coxhill joins Ian to dive into the key differences between ISO 27001v Information Security and TISAX, including the benefits of implementing both and how each can be leveraged to assist in the implementation of the other. [03:10] What is TISAX? TISAX was developed for the automotive industry by the German Association of the Automotive Industry, VDA, and it's managed by the ENX Association. It's based on the ISO 27001 Annex A controls, and was created for the automotive industry because they were looking to standardise the framework for assessing and sharing information security results between manufacturers and their suppliers. [04:20] How does TISAX differ from ISO 27001? ISO 27001 is a general Information Security management Standard, it can be applied to any business, whereas TISAX is only applicable to the automotive industry. ISO 27001 includes a framework of requirements that everyone must implement, whereas TISAX has a more customisable element. With TISAX you can select an applicable level and relevant subject areas for your operations. The last main difference is the fact that ISO 27001 certification ends in a certificate which can be shared and displayed wherever you want. TISAX in comparison has Labels, which are only available through the ENX portal where you have control over who can access them. [05:15] How does the recertification / annual surveillance for TISAX and ISO 27001 differ? The good news is that TISAX is a bit more forgiving than ISO when it comes to a recertification cycle. TISAX does not require an annual Surveillance like ISO 27001, instead once you've earned a Label it remains valid for 3 years. ISO 27001 in comparison requires an annual Surveillance for each year until the 3rd when you have your Recertification Audit. If you have a significant change to scope part way through your 3 years of TISAX, you will need to have a chat with your auditor to see if extra work is required. This will depend on your level, with higher levels likely to require some additional work and for you to adjust your scope within the ENX portal. Overall, a TISAX label is less of a burden than traditional Management System Standards like ISO 27001. However, TISAX is a lot more strict and will require more upfront preparation ahead of earning your Label. [07:30] Are Internal Audits required for TISAX? They are, but the amount and frequency are a lot more flexible than ISO 27001. You can do as many as you like, but at a bare minimum we recommend you conduct internal audits 6 months ahead of your TISAX label expiring to ensure you're ready for re-certification. You can of course carry on with annual internal audits to make sure you're on track. This can be handy if specific clients ask for further evidence of you following processes in accordance with TISAX requirements. [08:35] Can a company have TISAX without ISO 27001 and vice versa? You can! Both are independent Standards, however they do compliment each other. Organisations that hold both have a competitive advantage, as ISO 27001 applies to all industries and is more widely recognised. However, if you only operate in the automotive space, TISAX may be sufficient. If you supply to multiple sectors, it's worth considering implementing both TISAX and ISO 27001. [09:25] How can an existing ISO 27001 certification be leveraged for ...
    Más Menos
    24 m
  • #244 What is TISAX?

    #244 What is TISAX?
    Feb 25 2026
    The modern automotive industry faces many new challenges, as vehicles evolve with more complex data requirements and supply chains become increasingly interconnected, major Original Equipment Manufacturers (OEMs) require certain Standards as a mark of trust from potential suppliers. Currently, this trust is codified in TISAX (Trusted Information Security Assessment Exchange). For businesses that have not previously dealt with Standards, TISAX can be seen as a daunting regulatory hurdle. However, a TISAX label is more than a compliance check, it's a recognised mark that your organisation has robust information security measures in place specific to the automotive industry, including considerations for protecting key intellectual property and prototype innovations. In this episode, Ian Battersby is joined by Emma Coxhill, isologist at Blackmores, to explore what TISAX is, who it applies to, what it requires and how OEM's and automotive suppliers can take their first steps towards earning a TISAX label. You'll learn · What is TISAX? · Who is TISAX applicable to? · Why is TISAX important? · What are the 3 assessment levels within TISAX? · What are the 3 different subject areas within TISAX? · How is TISAX implemented? · Why does TISAX use labels instead of certificates – and how can people verify these? · What is the ENX portal and how does this help with supplier onboarding? · Where should companies start if they want to earn a TISAX label? Resources · Register for our TISAX webinar here · ENX · Isologyhub In this episode, we talk about: [02:05] Episode Summary – Emma Coxhill joins Ian to dive into the topic of TISAX, including who it's applicable to, why it's important and how businesses can make a start on earning a TISAX label. [03:40] What is TISAX? TISAX was developed for the automotive industry by the German Association of the Automotive Industry, VDA, and it's managed by the ENX Association. It's based on the ISO 27001 Annex A controls, and was created for the automotive industry because they were looking to standardise the framework for assessing and sharing information security results between manufacturers and their suppliers. [04:40] Who is TISAX applicable to? While applicable to the automotive industry, it encompasses quite a lot of businesses within this. This is because is applies to any organisation that handles sensitive data relating to vehicle development, manufacture and marketing. So, this can include any company providing car parts, vehicle software, cloud services, testing labs, engineering etc. Basically, any service providers to OEMs (original equipment manufacturers) will be applicable. TISAX can also be applicable for those dealing with automotive related events, marketing and photography, as new models are protected IP and will require related business to prove that they have the correct security requirements to ensure any potential prototypes are protected. [06:50] Why is TISAX important? Mainly, it gives the automotive industry a trusted, standardised way to ensure information security across the entire supply chain. Without it, the OEMs and suppliers can conduct their own audits, but it'll be their own interpretations or what is considered an adequate level of security. The industry saw this as an open door to chaos, so TISAX was created to protect highly confidential automotive information and support compliance with relevant data protection laws. However, now it's not so much a 'nice to have' Standard as it is a requirement to trade, especially within Europe. It's fast becoming a tender requirement, and many OEMs won't make it past the procurement process without a valid TISAX label. The ENX portal, where labels are registered, can also help speed up the on-boarding process. So, the whole TISAX system has been built for ease of access to help manufacturers choose suppliers that prioritise information security. [09:00] What's the consequence of not having a TISAX label? A loss of opportunities. Those within the automotive industry that don't have a valid label will be seen as a security risk, leaving them at a competitive disadvantage. [10:30] What are the 3 levels within TISAX? Unlike ISO 27001, TISAX has levels that depend on the level of data sensitivity that you're dealing with. Level 1: Self-assessment – Considered as 'normal risk' with general processing of data. Level 2: Remote Audit – Applicable to those dealing with confidential information such as design documents or internal projects. This requires both a self-assessment and an audit. Level 3: On-site Assessment – Highly confidential information, so this applies to those dealing with sensitive research, development information or prototype data etc. This requires a physical on-site assessment, as the qualified TISAX auditor will ...
    Más Menos
    30 m
Todavía no hay opiniones