NIST Cybersecurity Framework: Keeping Your Business Safe in an Unsafe IT Ecosystem

The Rising Strategic Risk of Cyberattacks

As the world continues to embrace technology and its many advantages, business also has begun to rely more and more on technology, storing large amounts of sensitive data electronically. The ease at which computers can store and access information is a major reason for the shift toward massive electronic storage and with the efficiencies that computers bring to the market, a new area of risk has been inadvertently created.

Evidently, cyber criminals today are increasingly leveraging malware, bots and other forms of sophisticated threats to attack organizations for various reasons – financial gain, business disruption or political agendas. In many cases, they often target multiple sites and organizations to increase the likelihood of an attack’s initial success and viral spread. With new variants of malware being generated on a daily basis, many companies struggle to fight these threats separately and the majority of attacks are often left undetected or unreported.

Cybercriminals are also no longer isolated amateurs. They belong to well-structured organizations with money, motivation and goals, often employing highly skilled hackers that execute targeted attacks. Such organizations can deploy considerable threat intelligence, time and resources in order to execute attacks that can cost cybercrime victims significant amounts of money. Unfortunately, this trend is only growing more complex as businesses experience a surge in internet use, mobile computing and the cloud, creating more channels of communication and vulnerable entry points into the network.

Cybersecurity – A Global Business Concern 

More and more business value and personal information worldwide are rapidly migrating into digital form on open and globally interconnected technology platforms. As that happens, the risks from cyberattacks become more and more distressing.

Based on 2014 McKinsey and World Economic Forum Research, companies are continuously struggling with their capabilities in cyber risk management and believe that they are losing ground to attackers as visible breaches incessantly occurs in growing scale and severity.

Their findings show that 70% of executives from financial institutions believe that cybersecurity is a strategic risk to companies and considered internal threats (their employees) as big risk as external attacks.  Similarly, product companies such as high-tech firms see the leaking of proprietary knowledge about production process as more damaging than leaks of product specifications given the pervasiveness of “teardown” techniques and the legal protections afforded to product designs. Service companies on the other hand, are more concerned about the loss and release of identifiable information on customers and about service disruptions.

Read More 

 

Advertisements

ISO 20400 – Sustainable Procurement: Purchasing Greener and More Sustainable Products from Greener and More Sustainable Companies

Philippine Procurement Today

The overall consumer expenditure in the Philippines increased to ₱ 1,342,297 Million in the fourth quarter of 2015 from ₱ 1,321,980 Million in the third quarter of 2015. Shifting that spending towards more sustainable goods and services can help drive markets in the direction of innovation and sustainability, thereby enabling transition to a green economy.

Traditional procurement focuses upon value-for-money considerations. Nowadays, procurement go beyond the traditional purchasing criteria of price, performance and quality, taking account also of the environmental and social impacts of your purchasing choices, reducing adverse impacts upon health, social conditions and the environment, thereby saving valuable costs for organizations and the community at large.

Society’s Receptiveness on Sustainable Procurement

Thinking about our purchasing decisions and making informed choices can significantly reduce our environmental and social impacts. Our purchasing power can be used to positively influence supply chains, promoting the productive use of resources and materials and the engagement of ethical and socially responsible suppliers.

price

According to 2014 Nielsen Report, 55% of global online consumers across 60 countries say they are willing to pay more for products and services provided by companies that are committed to positive social and environmental impact. Asian-Pacific region was the most willing to pay more for products with social-good benefits, surpassing the global average at 64%.

These sustainability-minded consumers based their choice of goods and services on:

considerations

Benefits of Responsible Purchasing

Consumers are not the only ones interested in purchasing greener, healthier products. Many organizations from large to small enterprise are looking to make more sustainable choices.

For many of these organizations, responsible purchasing is more than “doing the right thing.” Green purchasing priorities are frequently connected with specific business objectives like:

  • Enhanced Brand Image:An organization that has gone green is seen as a good corporate citizen. This increases its image in the eyes of the public.
  • Customer Satisfaction:An organization that goes green in response to customer concerns increases its levels of customer satisfaction, a key point in customer retention.
  • Reduced Risk:Not only is any company that does not go green risking a run in with the law by failing to comply with green regulations but it is also maintaining more liability than it needs to. Hazardous chemicals are just accidents, and lawsuits, waiting to happen. With green purchasing, you can offset financial and environmental risk, rather than just inheriting it from your suppliers.
  • Cost Reduction:Going green doesn’t cost more. Most of the time it actually saves money, especially when the new products use less energy, generate less waste, and last longer. Plus, sometimes green products work better than their lethal counterparts. Going green can reduce the following costs, among others:
    • hazardous material management costs
    • operational costs
    • repair and replacement costs
    • disposal costs
    • health & safety costs (which often come in the form of liability insurance and expensive settlements)
  • Increased Shareholder Value:A better brand with happy customers who keep coming back and drive up sales while costs keep falling results in significant ROI, interest more shareholders to invest in your company.

ISO 20400 – Sustainable Procurement: Purchasing from Greener and More Sustainable Companies

A purchasing entity, regardless of its location in the world, can now no longer exempt itself from accountability for what occurs at its suppliers. Now, given multiple levels of subcontractors and cross-border procurement, a globally accepted standard will be needed to regulate the best practices of responsible purchasing.

ISO 20400, a standard for Sustainable Procurement provides guidelines on purchasing greener, healthier and more sustainable products from greener and more sustainable companies. Its development started in 2013 with a proposal of France and Brazil. At the moment 33 countries are participating and 7 liaison organizations while 13 countries are observing.

The ISO 20400 Standard is based on several principles, many of which share the intent of SPLC’s Principles for Leadership in Sustainable Purchasing and this includes:

Understanding – Understanding the relevant environmental, social, and economic impacts of its purchasing.

Commitment – Taking responsibility for the relevant environmental, social, and economic impacts of its purchasing by committing to an action plan.

Results – Delivering on its commitment to improve the relevant environmental, social, and economic impacts of its purchasing.

Innovation – Actively promoting internal and external innovation that advances a positive future.

Transparency – Soliciting and disclosing information that supports a marketplace of innovation..

The four main parts of the guidance standard consists of:

sus

Clause 4: Fundamentals

This clause is primarily written for use by top management of an organization to help define the strategy and policies in connection with sustainable procurement. As a result it considers what sustainable procurement is, what the main organizational sustainability issues and drivers are, and how sustainability should be integrated into procurement policies and strategies.

Clause 5: Integrating Sustainability into the Organization’s Procurement Policy and Strategy (Policy and Strategy)

This clause provides guidance about how sustainability considerations should be integrated at a strategic level within the procurement function of an organization to ensure that the intention, direction and key sustainability priorities of the organization are documented and understood by all parties involved in sustainable procurement. This clause is applicable to all but help top management define sustainable procurement policy and strategy.

Clause 6: Organizing the Procurement Function towards Sustainability (Enablers)

Clause 6 is primarily written for use by procurement management and describes the conditions that need to be created and management techniques that should be employed to enable sustainable procurement to be successfully implemented and continually improved. These conditions are key to successfully integrating sustainability considerations into the procurement process described in clause 6. Five enablers are discussed: priority setting, enabling people, governing procurement, engaging stakeholders and measuring performance.

Clause 7. Integrating Sustainability into the Procurement Process (Procurement Process)

This clause addresses the procurement process and is intended for individuals who are responsible for the actual procurement within their organization. This clause may also be of interest to those in associated functions.

When adopting sustainable procurement, it should be integrated into existing procurement process steps like: planning, specifications, supplier selection, contract management and contract review and lessons learnt.

Looking Ahead

Buying greener, healthier, more sustainable products is one way we can all improve our own lives while building a better world. To strengthen this initiative, ISO 20400 was created and launched for a consultation to a wider audience than the experts from the mirror committees of the involved countries. The vote terminates on 2nd of December, 2016 and the final version of the standard is expected to be released on the early 2017. 

References

http://www.triplepundit.com/special/setting-the-standard/sustainable-purchasing-101-tools-buying-greener-products/

https://www.ungm.org/Public/KnowledgeCentre/SustainableProcurement

http://www.greenbiz.com/blog/2013/01/14/how-to-make-balanced-sustainable-purchasing-decisions

http://www.esourcingforum.com/archives/2011/11/29/five-benefits-of-green-procurement/

https://www.jisc.go.jp/international/PC277/E_ISO_DIS_20400.pdf

Paris Climate Agreement: A Turning Point on Climate Change

Climate Change: Vital Signs of the Planet Today

There is now little doubt that climate change is happening. It is seen as the biggest potential threat and environmental challenge of the 21st Century and it affects us all. The group of 1300 independent scientific experts from around the world concludes that there is more than 90% probability that greenhouse gases (GHG) such as carbon dioxide, methane and nitrous oxide, produced by human activity, have caused much of the observed escalation in Earth’s temperatures over the past 50 years. Scientists from the Intergovernmental Panel on Climate carrying out global warming research have recently predicted that average global temperatures could increase between 1.4 and 5.8 °C by the year 2100.

Adoption of Paris Climate Agreement to Roll Back Global Warming

The world needs “a global deal for climate” that keeps the rise of the global average temperature below 2°C.  At Annual Conference of Parties (COP21) held in Paris last December 7th and 8th of 2015, the United Nations Framework Convention on Climate Change (UNFCC) resolved to achieve for the first time, in over 20 years of UN negotiations, a legally binding universal agreement on climate from all nations of the world.

The Paris Agreement is intended to signal the beginning of the end of more than 100 years of fossil fuels serving as the prime engine of economic development and shows the governments from around the world take climate change seriously. The inclusion of both developed and developing countries, including those that depend on revenue from oil and gas production, demonstrate a unity never seen before on this issue.

The purpose is to hold global warming to below 2 °C degrees over pre-Industrial Revolution levels, and to strive for 1.5 °C if possible. Negotiators from nearly 200 countries reached the world’s most significant agreement to address climate change since the issue first emerged as a major political priority decades ago.

Paris Climate Agreement Key Elements

The Role of Business and Industry in COP21

Business has to play a part in the ongoing shift towards a carbon-clean global economic system.  Some companies have already started to do so, either by changing their global strategy, investing in carbon-free energies or through innovations.

Paris Agreement encouraged businesses to commit and to publicly announce actions aiming at reducing emission, overall. Commitments can, for instance, take the form of:

Individual mitigation targets:

  • GHG emission reduction
  • GHG emission reduction in line with the 2°C objective
  • Carbon neutrality
  • Improved energy efficiency target

Targets related to specific themes:

  • Increased produced renewable energy (low‐carbon energy)
  • Increase consumed renewable energy
  • Reduced deforestation
  • Reduced emission from own property/buildings
  • Reduced emission from own fleet
  • Material use reduction
  • Increase the share of recycling

Finance/Investors targets:

  • Carbon accounting implementation
  • Carbon/climate risks assessments & stress testing generalization
  • Green bounds development
  • Portfolio decarbonization

Resilience/adaptation targets:

  • Funding into public and open scientific risk modelling facilities
  • Efforts to adjust business models to minimize vulnerabilities and risks to climate hazards

After COP21: What Needs to Happen for the Paris Agreement to Take Effect?

What occurred on December 2015 at COP21 was the “adoption” of the Paris Agreement by the Conference of the Parties (COP) to the UN Framework Convention on Climate Change (UNFCCC). Countries still need to take steps so that it takes effect.

timeline

Countries must now actually join the Paris Agreement and become Parties to it.  To do this, each country must now sign and indicate their consent to be bound by the Agreement. On April 22, 2016, all Heads of State can sign the Agreement at a high-level signing ceremony at the United Nations in New York.  The Agreement will then be open for signature for one year, until April 21, 2017. After the one-year signing period, the Agreement will be open for what is called “accession” – a country becomes a Party to an international agreement that other countries have already signed.

PARIS-03

Only after at least 55 Parties to the UNFCCC representing at least 55 percent of total global greenhouse gases sign on and indicate their consent to be bound will the Agreement “enter into force” and will come into effect and be legally binding.

 Pushing Forward

Our world is getting hotter, and we can see the evidence in loss of ice sea, accelerated sea level rises, warming oceans, more intense heat waves, and an increase in extreme events such as wildfires, drought, tropical storms and floods. The impact of global warming and climate change is already being felt across the planet.

Paris Agreement represents a huge leap forward in terms of reducing the effect of global warming. Taking the action needed to bring this deal into force is an essential next step for countries to build on the momentum from COP21. If they do so quickly, countries can ensure that the critically important provisions and requirements of the Paris Agreement are fully put into motion.

References

http://www.iso.org/iso/isofocus_114.pdf

http://ec.europa.eu/clima/policies/international/negotiations/future/index_en.htm

http://time.com/4146764/paris-agreement-climate-cop-21/

http://www.wri.org/blog/2016/01/after-cop21-what-needs-happen-paris-agreement-take-effect

http://climateaction.unfccc.int/assets/downloads/LPAA_-_Private_sector_engagement.pdf

 

ISO 9001:2015 – Shifting Gears in the New Quality Management Standard

Moving from ISO 9001:2008 to ISO 9001:2015

ISO 9001 is a standard designed for organizations looking to optimize their operational excellence. It helps businesses and organizations to be more efficient and improve customer satisfaction. A new version of the standard, ISO 9001:2015, has just been launched, taking over the previous version.

^3EDCDDE3892192FAD8492A80F862826FF9545F6CFE1227C9EB^pimgpsh_fullsize_distr

ISO standards are reviewed every five years and revised if needed to ensure that it maintains its significance in today’s market place. This revision will also serve to bring ISO 9001 up to relevancy with regard to both challenges and opportunities that arise from changing technologies, globalization, and a reinforcement of a risk based approach, as well as structuring the standard to deal with future changes.

What are the Major Differences?

The new ISO 9001 standard aligns with high-level organizational structure, requiring all new ISO management system standards to be aligned on a high-level structure with a set of common requirements. Additionally, there is a greater emphasis on risk-based thinking as a basis for the management system, more focus on achieving value for the company and its customers, increased flexibility regarding use of documentation, and a more approachable structure for service businesses.

There are 10 clauses within the standard and here are the changes clause by clause:

Clause 1 is very similar to the 2008 version covering the scope of the standard and there has been very little change to this clause.

Clauses 2 and 3 cover normative references and term and definitions, both these clauses reference ISO 9000, Quality Management System – Fundamental and vocabulary which provides valuable guidance.

The remainder of the clauses includes some new key elements which need to be considered when implementing the new standard.

Clause 4: Context of the Organization

This is a new clause that in part addresses the depreciated concept of preventive action and in part establishes the context for the QMS.

Clause 5: Leadership

This clause places requirements on top management to demonstrate commitment to the QMS through taking accountability for the effectiveness of the QMS, establishing policies, objectives and promotion of continual improvement.

Clause 6: Planning

When planning the QMS, the organization will need to consider the external and internal issues along with needs and expectations of interested parties.

Clause 7: Support

The organization shall determine and provide the necessary resources to establish, implement, maintain and continually improve the QMS.

Clause 8:  Operation

This clause deals with the execution of the plans and processes that enables organization to meet their quality policy and quality objectives.

Clause 9:  Performance Evaluation

This clause sublimates all requirements for monitoring and measurement related to quality performance and effectiveness of their QMS.

Clause 10:  Improvement

The organization must determine the opportunities for improvement to continually improve the organization’s QMS.

qms-01

Impact of the New Standard

ISO 9001:2015 is now taking off to replace ISO 9001:2008. Organizations who are already ISO 9001 certified should begin tracking their progress of the revision process and familiarize themselves with the various changes made. To maintain your certification to ISO 9001, you will need to upgrade your quality management system to the new edition of the standard and seek certification to it. You have a three-year transition period from the date of publication (September 2015) to move to the 2015 version. This means that, after the end of September 2018, a certificate to ISO 9001:2008 will no longer be valid.

According to the International Accreditation Forum (IAF), there are a number of recommended actions that organizations can take to successfully transition to the new requirements of ISO 9001:2015. These include:

  • Conduct a gap analysis

Identifying the gaps between current practices and the new requirements is the most effective way to evaluate the changes that are required in your current QMS.

  • Develop an implementation plan and timetable

A formal implementation plan and schedule will help your organization address the required changes within the anticipated three-year transition period.

  • Provide appropriate training for all parties

Ongoing education and training for all relevant personnel are critical to achieving the goals of your transition plan. More important, educated stakeholders are vital in ensuring ongoing compliance once the transition is complete.

  • Update existing QMS documentation

Clear and thorough documentation is essential to demonstrate compliance with the requirements of the revised standard and to help reduce the risk of nonconformities.

  • Involve your certification partner early in the process

An experienced certification body can provide invaluable assistance in the process of transitioning to the requirements of ISO 9001:2015. Its early involvement can help your organization save time and money.

Conclusion

In a nutshell, there are new areas that organization need contemplate in the implementation of the new standard, but it provides opportunity to review your current approach and modify it if necessary. This can help your business to grow, increase profitability and increase customer satisfaction. It is now a powerful business improvement tool for all sizes and types of organizations to help them remain irrepressible and achieve sustainable growth.

Sources:

http://www.iso.org/iso/iso_9001_-_moving_from_2008_to_2015.pdf

http://www.qualitydigest.com/inside/quality-insider-article/080515-iso-90012015-avoiding-nonconformities-during-transition.html

http://www.qualitymag.com/articles/92754-the-new-iso-90012015-why-its-still-relevant-and-what-are-the-changes

Confidence on the Cloud – A New Cloud Privacy Standard (ISO 27018)

The Cloud Today

The growing marketplace of cloud computing.

Cloud computing’s growth in use and popularity has been soaring at a great pace! According to Gartner (2013), the marketplace for cloud computing will grow ~20% to USD 131 billion in 2017 from USD 111 billion in 2012.

What’s more?

2016 will be a defining year for cloud as this cutting-edge technology will just get more sophisticated in the next few years.

The Cloud Landscape

Cloud computing started as an in-house infrastructure established by companies such as Microsoft, Google and Amazon to serve their individual business needs. This consists of a set of technologies and service models that focus on Internet-based use and delivery of IT applications, processing capability, storage and memory space.

But now it has evolved into a platform that most part of our daily life is dependent on. While public and private cloud offers one means to differentiate the infrastructure sharing options, SaaS (Software as a Service), PaaS (Platform as a Service) and IaaS (Infrastructure as a Service) have come to define the extent and level of control held by the cloud service provider (CSP) vs. the cloud user.

According to National Institute of Standards and Technology (NIST), the “cloud” is composed of five essential characteristics.

  1. the on-demand self-service which implies that a customer can order service via the web or some other method at any point in time, to become immediately available for his or her use.
  2. the broad network access, in the sense that services are available over the network and are accessed through standard mechanisms (mobile phone, tablet, laptop, etc.).
  3. Other characteristics are the rapid elasticity of the cloud capabilities and the fact that it is a measured service – means additional capacity remains available and accessible on an ‘as needed’ basis and customers are automatically billed for their consumption.
  4. Last but not least, resource pool, meaning the provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand.

The Confidence for Tomorrow – ISO 27018

The massive courses of data across cloud computing services are becoming ever more complex. Identifying and protecting personal data in those flows is becoming a daunting issue for many cloud service providers and cloud users. Given the substantial data protection risks, cloud computing measures need to be undertaken in order to mitigate their effect to the benefit of the cloud computing industry and its clients.

While there are several laws and regulations around it, a common benchmark or standard was lacking for some time. ISO 27018:2014 – Information technology — Security techniques — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors is the first set of international privacy controls launched.

Following and using the privacy controls foreseen in ISO 27018 offers greater assurance for service providers that they are doing the right thing and doing everything recommended to protect customers’ personal information. This mechanism also offers beneficial effect for both cloud providers and cloud users – if a consumer is buying cloud services, it can help them to identify the requirements for selecting a cloud provider and in defining contractual clauses and for cloud service provider, it can provide them with a unique selling proposition to potential clients because as more clients become familiar of the standard, the more that they will see it in their request proposal.

ISO 27018 has taken into account as a public policy from around the world as it integrates input from many regional regulators. A cloud service provider and it’s conformation to the standard makes the whole job of compliance to particular legislation in one country or region that much easier. The standard provides a common set of guidelines for the whole industry and adds needed protections to improve PII security and defiance in an increasingly cloud-based information environment.

ISO 27018 – Quick Overview

Key Elements of the Standard

ISO 27018 is a standard out forward by Internal Organization for Standardization (ISO) that seeks to create a common set of security categories and controls that can be implemented by a public cloud computing service provider acting as a data processor. In order to fulfill the standard, cloud service providers must understand the following key elements:

  1. Personally Identifiable Information (PII) instead of Personal Data

Scope of “personal data” is not only about the information that “can be used” or “linked” to a PII principal/ data subject, but “any information” relating to an identifiable natural person 

  1. Cloud Providers as Data Processors

In ISO/IEC 27018 the client is regarded as PII controller and the cloud service provider is the PII processor.

  1. Personal Data Protection Principles

The ISO/IEC 27018 contains a comprehensive set of controls regarding:

  • Information security policies
  • Organization of information security
  • Human resource security
  • Asset management
  • Asset control
  • Cryptography
  • Physical and environmental security
  • Operations and communications security
  • System acquisition, development and maintenance
  • Supplier relationships
  • Compliance
  • Information security aspects of business continuity management.

As the PII processor enables the cloud service client to comply with its regulatory obligations (data protection), through this controls, PII processor conforms to its own obligations, either legal or contractual.

  1. Accountability and Certification

Elements of the principle of accountability are incorporated into the standard, in particular the data breach notification, privacy by design, audits and certifications. In general, the standard may be seen as an instrument that assists the PII processor to comply with the principle of accountability requirements. Key to the demonstration of compliance in the context of the principle of accountability is third party certification. The cloud service provider that implements the new standard may ask for a conformity assessment, in order to be certified for complying with the standard.

In order to comply with the standard, participating cloud service providers must provide transparency in the following practices:

  • only process personal data in accordance with the customer’s instructions;
  • only process personal data for marketing or advertising purposes with the customer’s express consent;
  • be transparent around the use of sub-processors (which will include providing the names of, and any possible locations where the data may be processed by, any sub-processors);
  • ensure that staff who have access to personal data enter into confidentiality agreements and receive appropriate staff training;
  • make required disclosures to law enforcement authorities and/or regulators only when legally bound to do so;
  • assist cloud customers to comply when individuals assert their access rights; and
  • help cloud customers comply with their notification obligations in the event of a data breach.

Top 10 Things to Know about Cloud Security and ISO 27018

Way Forward

The current landscape for cloud security standard is best characterized as immature but emerging. ISO 27018 provides a transparent guidance for cloud service providers to establish privacy protection and allows businesses to make careful decisions about the cloud. But even with the present guidelines that ISO 27018 provides, it can also serve as reference point for standards’ future improvement. As the first international standard dedicated for cloud privacy, it initiated CSPs interchange of ideas on providing the best practice on data privacy and security.  ISO 27018 is an important step to protecting PII in the cloud, it emerges from previous ISO guidelines and it will continue to evolve along with cloud service providers’ technology to provide more secure services for the growth and success of businesses.


ECC International is a leading process improvement solutions provider in Southeast Asia, focused on process consulting, automation solutions and learning outsourcing services. We help companies achieve performance excellence by assisting them implement management systems and international standards/best practices across multiple domains and industries.

Our partnerships with nest-in-class technology companies help drive sustained excellence for our customers. As a solutions provider with instructional design capability and subject matter expertise in niche areas, we help organizations implement learning strategies and design learning content for improved performance.

APEX Global (The Academy for Professional Excellence) is the learning solutions arm of ECCI – the leading process improvement solutions provider in Southeast Asia.

Our sole aim is to promote performance excellence among professionals. We help our customers achieve greater success through effective, experiential and result – oriented training delivery.

Empowered with a strong pool of expert trainers and facilitators having expertise in a niche array of domains and a strong regional presence, we provide an extensive portfolio of excellent industry specific and functional programs coupled with high quality training materials to provide best –in – class services for professionals around.

We are a market leader when it comes to Information Security and Risk Management solutions (in the form of training, consulting and GRC solutions- www.metricstream.com) in SE Asia.

To learn more about cloud security, ISO 27018 guidelines and requirements, correlation with existing standards such as ISO 27001 and EU Data Protection Laws, join us at the Confidence on the Cloud- Data Security Best Practices based on ISO 27018 training program.

Sources

  1. http://www.bishopfox.com/blog/2015/05/iso-27018-the-long-awaited-cloud-privacy-standard/
  2. http://www.kemplittle.com/site/articles/kl_bytes/iso-27018-a-new-cloud-privacy-standard
  3. http://www.iso.org/iso/isofocus_108.pdf
  4. http://www.brusselsprivacyhub.org/Resources/BPH-Working-Paper-VOL1-N2.pdf

 

GRI Sustainability Reporting Standards: Change shall come

Seemingly right on the heels of GRI G4 Guidelines is the GRI Sustainability Reporting Standards. Launched last 19 October 2016, its aim is to set a common language among companies for non-financial information disclosure and provide a means for even greater transparency on the economic, environmental and social impacts companies make.

The GRI Standards: an even better strategic reporting tool

While reception to the GRI G4 Guidelines have been positive and it remains the most widely used framework for sustainability reporting, the G4  guidelines are often subject to misinterpretation and reporting loopholes. We have seen sustainability reports serve as a platform to showcase revenue performance. Sometimes, imbalanced reporting occurs when positive impacts disproportionately outweigh negative effects.

1

Increase in report numbers of GRI G4 Reports in the GRI Sustainability Disclosure Database

 

 

Read More 

ISO 14001:2015 (Environmental Management system) – A tool for managing Environmental Performance

Preface

Managing a system in an effective way is a thorny knack. And when it comes to Environmental Management System, an organisation needs to be systematic in planning the same. Environmental Management System in short is a crucial system that manages an organisation’s various environmental programs that give way to an eminent organisational structure and appropriate resources that ensure a fine policy that is developed, implemented and maintained for environmental protection.

 

Factors Influencing Environmental Management System

In this milieu, Mining Industries seek for an adhesive Environmental Management System that guarantees environmental sustainability in the first place. Mining industries look to track the following factors with an effective EMS:

  1. Water Pollution/Acid Mine Drainage
  2. Air Pollution
  3. Land Disturbance

Not only is tracking, a full-bodied Environmental Management System can also help Mining Industries to both reclaim/restore a mine to its original state from any condition. This short write up will take you into the Operational Efficiencies you can top up with the help of ISO 14001:2015 which hence make you compliant with the government regulations.

Many a company is antagonistic in the advantages that one obtains with an ISO 14001:2015 Certification. In reality, ISO 14001:2015 is not just a certification; it is a tool that enables Living Management System that enhances the operation of every industry to a great level.

With an ISO 14001:2015 Certification, you can do much more than just mapping and staying compliant with the regulations you have documented. With the usual processes you implement you could miss the minor non-compliances, which might later hit as non-compliance and lead to penalising too.

 

ISO 14001 For Operational Efficiencies

ISO 14001:20015 stands as a comprehensive yet robust standard that assists you in documenting all the activities and identifying the risks so as to help designing the best mitigating plans and practices. These plans and practices help you face issues exactly the way it is documented in the papers; go beyond the audits of ISO 14001 and thus rally around operational efficiencies. This could be made by a simple and truthful planning, implementing, measuring and refining all processes so as to gain the substantial Operational Efficiencies. Such an intended standard will obviously result in a more than expected cost diminution, a careful cutback in time consumed and an exceptional responsiveness to the external environment.

Mining companies, in addition to the above-mentioned assistance, can also measure Carbon Footprint Plan:

  • Using the Best Practices of ISO 14064 – GHG Inventory and Management
  • B- By developing Simple Assessment Tools that take into account all the activities that contribute to the GHG Emissions and thus calculate the Carbon Footprint

The main focus of ISO 14001:2015 is to meet the expectations of industries in setting the right standards that ensure environmental protection despite the dust and chemicals that are put into contact to the surroundings. Companies necessitate having standards that communicate internally so that everyone abides by the same.

When it comes to Mining industry, the potential chances and quantity of dust and chemicals exposed to the environment when the ore is transported from the mine site to the port site is huge. Anticipating this, following enhanced processes that make the public realise an adequate cleaning plan is in place becomes quite significant. Properly planned and rightly set standards help companies to be compliant in clearing out and overhauling the roads; and also pour cleaning chemicals that keep the roads clean. This approach not only promises environment protection, but also upholds your grade when a complaint is posed to you proposing your company as an environmental threat.

 

Environmental Control Systems

Environmental Management precisely draws out a picture of all the environmental aspects that have led and will lead to poisonous emissions to the environment. With the figured out issues that are liable to the environment, you can frame the key indicators that contain mitigation or control systems in place which tracks all your actions that affects the environment either in a small level or to a great extent. In addition, action plans that mitigate risks time to time will help you remediate the miss outs due to your daily busy agenda.

A few Action Plans that can be added in your checklist can be:

  • Making confirmatory Rehabilitation and Reforestation processes that replace the used resources in some way to the environment.
  • Reducing Air Pollution and Ensuring Noise Reduction can be made uncomplicated by gauging the pollution level due to the Mining activities and ensuring that the regulatory requirements are met rightly.
  • Monitoring Water Quality in order to make certain that the quality of water is within the recommended standards. With the help of ISO 14001, you can enable many such assessments on a sensible basis that help you to analyze the issues and impacts and thereby keep a track of records from the past and learn to make right implementations in future. ISO 14001:2015 will be effective only when we align the targets to the environmental aspects in order to obtain maximum business results and increase a company’s potential for environmental management.

 

Metrics Matter

A complete metrics and well-planned checklist on:

  • Number of communities
  • Number of people
  • Length of road
  • Index of pollution
  • Complaints Database
  • Stakeholder Community -can help you enhance your compliance policies up to date.

These metrics also pave way for assessment surveys, road monitoring processes and re-cleaning operations that showcase your industry in the high set as you have foreseen. Via this, you can make firm KPI’s of your own that helps you in making continuous improvements to astutely save money, effort and time – every time!

The consequence of having an ISO 14001:2015 as a part of your business year on year eliminates negative impacts that you project to happen without such a standard not put forward into action. When you give discernment to the public that you have implemented actions to ensure a sustainable environment that is when you have succeeded in having an EMS inside your organisation. By making the employees realise that giving back to the environment what is taken from it as a life-size target we can turn out to be an efficient organisation.

 

Benefits of ISO 14001

  • Making it more straightforward, the business benefits that can come out of implementing a robust ISO 14001 system:
  • Perk up your brand reputation by presenting your employees’ commitment towards environmental protection
  • Design a Standard process management that helps your company march towards an effective environmental management
  • Engage employees in such a way that they take up your business initiatives as their own responsibilities to support your initiatives
  • Meet and Match customer/regulatory requirements that leave them satisfied out of your endeavors end of the day
  • Play a part in the reducing the Global Issues that are to be blamed for acute Climatic changes the world is facing today