In the past, business success was relatively straightforward: offer a needed, and affordable product or service, ensure quality to build the reputation, provide good customer service, and communicate effectively to the market. Today, wider trust is a vital part of that mix and independent certification enables companies to respond to new customer demands and risks.
Some risks can happen without any notice; a cyberattack can compromise a business, its customers, and stakeholders at almost any moment. A careless click on a link in an email can install malware or ransomware across networked IT devices, compromising sensitive information or even stealing money and data. In a large enterprise, this could run into hundreds or thousands of affected devices but in a small business even one or two affected devices could cause the business to cease trading.
Food safety is another area of concern. A hiccup in hygiene in one place along the supply chain could mean contaminated products being distributed widely, causing a risk to human health. Even if discovered immediately, the disruption to supplies can mean that contingencies for sourcing safe alternatives need to be put in place.
Energy is also a focus area for companies worldwide. It is becoming ever more expensive, so companies are forced to ensure that processes are efficient and consumption is reduced. Furthermore, in some cases energy use is also subject to emission trading schemes and regimes which add to the financial drain on companies. Then there are areas where customer expectations require companies to look to their sustainability performance (e.g. connected to ESG and SDGs) as well as specific issues such as diversity, equity and inclusion (DEI) to retain customer loyalty. Implementing anti-corruption and bribery measures is also increasingly becoming a focus.
Be prepared by being assured
The best way to manage risks and be prepared is through a structured approach. Exploring best-practice management system standard and independent certification can help companies gain control and build trust in own efforts. Most business activities these days are covered by standards from bodies such as the ISO or one of the more industry specific standards associations or trade bodies, such as the GFSI benchmarked standard for food and beverage.
Meeting these standards is not a legal requirement in most cases, but compliance can be a ticket-to-trade. Moreover, standards and independent certification together can play a crucial role in managing risk, building resilience and ensuring that legal requirements are met.
Having a structured approach coupled with training of employees across all levels means that companies can develop a proactive risk management culture. This comes about partly by fully examining the current business structure and context before implementing processes and policies compliant with the chosen standard and by staff feeling empowered to improve company performance. Involving all employees can also bring specific insights that may otherwise be absent.
It is possible for companies to adopt the measures set out in a standard and not to seek third party certification, but without third party certification by an accredited body, the company cannot provide independent proof of compliance to its customers and stakeholders.
Benefiting from the experience of independents
Involving a third party is not just about obtaining certification to provide assurance to stakeholders that the requirements of a standard have been met. Independent third parties such as DNV can provide valuable insight along the whole journey to certification.
To be approved as a certifying body by an accreditation body or scheme owner, the auditors must have appropriate auditing competence, knowledge of the standards to which they are approved and in some cases industry specific experience. Most third parties offer certification services across a wide range of different standards and industries and therefore understand the complexity of modern risks and how to manage them in an integrated way.
It is based on this, training is built that intends not only to raise awareness but also to help companies drive tangible change, implement a management system, and proactively manage risks in a complex operating environment. The certification processes rely on human contact to audit the implementation of the management system – how robust is it in relation to the standard’s requirements and where may there be deficiencies that must be addressed. However, by gathering and analysing data from such audits, aggregating them across companies, industries and geographies, DNV has developed digital tools that can support companies in their improvement journey, for example when preparing for an audit, addressing findings or working to improve in areas that matter most.
It should also be remembered that as well as businesses needing to be agile and proactively manage the ever-changing risk, so to do standards. Standards are usually under regular review and are continually updated or new standards launched. The information security standard ISO/IEC 27001 was recently updated responding to the extensive developments in technology and cyber attacks, for example, to ensure that companies are able to manage new risks and evolve their defences and resilience. On artificial intelligence, the new ISO/IEC 42001 standard is already helping companies ensure safe, reliable and ethical development, implementation and use of AI.
Standards, management systems and third-party certification is nothing new. However, as the risks to be managed evolve, they continue to help companies build much needed trust in their own operation, innovations and supply chains.
