ISO 9001:2015 – Expert Tips for Setting Quality Objectives

Share on facebook
Share on email
Share on twitter
Share on linkedin

Identifying and tracking quality objectives are a requirement of the ISO 9001:2015 Quality Management standard. In this blog, we asked Quality Management guru Tony Cunningham, MD of Wynleigh International Certification Services, to share his insights and tips for establishing measurable Quality Objectives.


The first step in planning your Quality Management System is to identify quality objectives that are consistent with your organisation’s Quality Policy. The SMART criteria/framework is a popular tool used for establishing quality objectives, which should be:

Specific: an objective must be clearly defined or identified so everyone is able to interpret it in the same way.

Measurable: an objective should be quantifiable and interpreted in terms of size or degree.

Attainable: an objective should be achievable.

Relevant: an objective should be relevant to the organisation’s context and align with the quality policy and customer, statutory or regulatory requirements so that it is relevant to the strategic direction of the organisation.

Time-oriented: an objective should be time-bound in order to establish that it is met.

Learn more about Risk-based Thinking in a Quality Management System. Download our FREE Guide: How to: Address Risk-based Thinking in A Quality Management System.


The ISO 9001:2015 standard stipulates requirements that need to be satisfied for quality objectives. Let’s take a closer look at these:

1. Objectives must be established at relevant functions, levels and processes within the QMS. Consider these factors as you begin to formulate your objectives:

  • Legal and compliance requirements.
  • Significant aspects directly related to significant impacts.
  • Significant hazards related to risks.
  • Financial, operational, and business requirements.
  • Views of interested parties.

2. Objectives must be consistent with your quality policy, relevant to product / service conformity and the enhancement of customer satisfaction.

3. Objectives must be measurable. A measure or metric must be quantifiable to track performance. A performance indicator or key performance indicator (KPI) evaluates the success of an organisation or of a particular activity and should follow the SMART criteria/framework. The following are examples of KPIs:

  • The quantity of raw material or energy used
  • The amount of waste produced
  • The number of incidents/accidents
  • The percentage of waste recycled

Actions to address risks and opportunities

This is a new requirement that stipulates that a process be implemented to determine and evaluate applicable risks. Examples of risks that the QMS will not achieve its objectives include the failure of processes, products and services to meet their requirements, or the organisation not achieving customer satisfaction.

Examples of opportunities include the potential to identify new customers, to determine the need for new products or services or to determine the need for revising or replacing a process in order for it to become more efficient.

4. Objectives must take into account applicable requirements and comply with the ISO 9001:2015 standard requirements.

5. Objectives must be relevant to the conformity of products and services. Objectives should have an impact on products, services, and/or customers and be tied directly to products or customers’ expectations .

6. Objectives must be monitored. Periodically evaluate and review progress and results of actions taken towards the objectives. The leadership team can review results at the management review meeting or at set intervals between management reviews.

7. Objectives must be communicated. Employees need to be aware of the organisation’s goals, why they are important, what value they provide, how they are measured and how they impact progress towards the goals.

8. Objectives must be updated as appropriate. Objectives must be periodically reviewed and updated. The management review meetings is probably the best forum for this. Leadership should consider the goal of each objective and current results towards those goals. Options might be to eliminate the objective, replace it with a new objective, modify the associated metric or target goal, or change the timeline to achieve it.

9. Objectives must be documented. You must maintain documented information defining your business objectives and update them periodically. Auditors will expect to review a set of objectives to ensure that they are consistent and aligned with the strategic direction of your organisation.

10. Objectives must be planned. Planning must define the work or tasks to be done, the required resources, who has overall responsibility for the project, dates for completion, and how the results will be reviewed and evaluated.


  • Use the SMART Framework when establishing your quality objectives.
  • Include team members in the establishment of quality objectives.
  • If you are struggling to come up with ideas then look at non-conformances and customer complaints.
  • Communication is KEY! Ensure all team members are aware of the objectives and the steps to meet them.
  • Monitor the process.
  • Evaluate the results!

Are you having a difficult time identifying quality objectives for your organisation? You’re not alone!

Risk ZA can help you to become an expert in the ISO 9001:2015 Quality Management standard! We offer Training, Online Learning and Consulting – whereby we are able to assist you right from the basic, through to becoming a full-fledged pro when it comes to Quality.

Learn more about Risk-based Thinking in a Quality Management System. Download our FREE Guide: How to: Address Risk-based Thinking in A Quality Management System.

Join us for upcoming ISO 9001:2015 Public Training events:

Visit our Training Date schedule to find upcoming dates: Training Date Schedule

Pressed for time or working in a remote location?  Our online learning courses are the perfect solution for you! Sign Up for the ISO 9001:2015 Quality Management online learning course here.

Risk ZA provides and wide range of training, consulting and software services for ISO Management Systems. To enquire further, contact our expert team on +27 (0) 31 569 5900, email  or view our Training Schedule here.

You can share this blog post on your preferred social media platform:

Share on facebook
Share on email
Share on twitter
Share on linkedin

A 10 Step Action Plan for Safety Management Implementation

Share on facebook
Share on email
Share on twitter
Share on linkedin

To thrive in today’s competitive global market, businesses need to ensure they manage all their Occupational Health and Safety risks. ISO 45001:2018 has been developed by a committee of Occupational Health and Safety experts who have set out best-practice advice and guidance.

ISO 45001:2018 emphasises risk and expects organisations to identify workplace hazards and address them, with the aim of improving your organisation’s OH&S performance. This makes ISO 45001:2018 one of the most valuable Health and Safety Management Systems available.

Download our FREE Guide on Preparing for ISO 45001:2018 Implementation and use our readiness checklist to guide your project.


The Health & Safety Management System provides a framework for:

  • Employee participation and consultation
  • The assessment, evaluation and resolution of organisational risks, opportunities and hazards
  • The management of legislative change
  • Setting and achieving H&S objectives
  • The management of resources
  • Staff training and awareness
  • Managing both external and internal communication
  • Effective control of documents and records
  • Effective operational control
  • Managing the impact of change
  • Managing procurement
  • Managing emergency preparedness and response
  • Monitoring, measurement, analysis and performance evaluation
  • Internal and external auditing
  • Management review
  • Continual improvement


If you are planning on implementing an Occupational Health & Safety (OH&S) Management System using the requirements of ISO 45001:2018, you will need to take steps towards ensuring your system is implemented right the first time. Although the steps we highlight below are not guaranteed to help you pass your audit, they will go a long way saving you time and keeping your project on track.

1. Get top management support

How will you go about achieving critical support from top management? Safety professionals and Risk Managers should understand the standard’s requirements and how it can positively impact the company’s bottom line. Armed with these insights, you can develop a strong business case for why your organisation should implement the standard.  

For guidance on the differences between OHSAS 18001:2007 and ISO 45001:2018, click here to read our blog Migrating from OHSAS 18001 to ISO 45001:2018?

2. Know the legal requirements  

Do you know all the health and safety laws applicable to your industry? Section 6.1.3 of ISO 45001:2018 outlines the requirements for knowing and maintaining your compliance, so that your implementation will succeed.

3. Define the scope of the OH&S Management System

Is your OH&S management system applicable to your entire enterprise or only one location of a multi-location company? This is critical for writing your OH&S Policy, that will guide your OH&S Management System.

4. Define processes and procedures

What processes and procedures need to be defined to control OH&S hazards? How will you identify them? What risk assessment do you need to do? What can be controlled through proper training and awareness?

5. Implement the OH&S processes and procedures

What do you need to do to put into place the processes and procedures from Step 4? How will you roll-out and manage the additional responsibilities that some employees will now have?

6. Train your employees 

How will you make your employees aware of the ISO 45001:2018 requirements? Will they attend training sessions and where? Who needs to be trained? It is important that everyone knows how they fit into the OH&S Management System structure and what is required of them.

7. Keep records

What do OH&S records tell you about your processes? Do you need to modify anything through your corrective action process? Do your employees understand what they need to do or is further training needed? Do you see areas for improvement and how can you take advantage of this?  

8. Conduct internal audits

Internal audits are the tools you use to check each of your processes. What are they telling you? Are your records adequate to show the process is working? Are there any problems that you need to fix with the corrective action process? Do some areas need more frequent audits?

9. Conduct a management review

Is your OH&S Management System functioning as expected? Is it properly implemented and effective? Are improvements being made and are adequate resources being supplied to the effort?

10. Corrective actions

Are there problems in your OH&S Management System you need to fix?  Use your corrective action process to find the root cause of the problem and address this cause with corrective action.

Download our FREE Guide on Preparing for ISO 45001:2018 Implementation and use our readiness checklist to guide your project!


Take the time to create a good project plan and ensure adequate resources are applied from the start. Having a project plan will help to make sure that implementation runs smoothly and prevent wasting time and resources.

Do you need assistance with training, Gap Analysis or developing a project plan?

Risk ZA can assist you with a number of consulting interventions, project planning, and bespoke Onsite and Public Training courses. For assistance, please contact our expert consultants on +27 (0) 31 569 5900 OR email

You can share this blog post on your preferred social media platform:

Share on facebook
Share on email
Share on twitter
Share on linkedin

ISO Auditing: How can you take your business to the ‘Next Level’?

Share on facebook
Share on email
Share on twitter
Share on linkedin

Organisations that use ISO Management Systems enjoy many advantages. Even if you don’t plan to go for ISO certification, your business can extract great value from an internal audit and it can provide top management a realistic view of how likely they are to meet objectives.

There are so many reasons to think about audit as a partner in your management operations, so let’s dive into the world of ISO audits and discover the benefits.

Learn more about the Risk-based Auditing Approach! Download our FREE guide Risk-Based Approach to Auditing an ISO Management System.


An ISO audit can apply to an entire organisation or it may be applied to a specific function, process or production step. Some audits serve an administrative purpose, such as auditing documents, risk or performance or following up on completed corrective actions.

The formal definition of an ISO audit is found in the ISO standard – Guidelines for Auditing Management Systems Standards, which is:

“the systematic, independent and documented process for obtaining audit evidence (records, statements of fact or other information which are relevant and verifiable) and evaluating it objectively to determine the extent to which the audit criteria (a set of policies, procedures or requirements) are fulfilled.” ISO 19011:2018 – Guidelines for Auditing Management Systems.


There are three main types of ISO audits:

  • First-party (internal)
  • Second-party (external / supplier)
  • Third-party (certification)

First-party Audit

An Internal Audit is conducted on a process or set of processes to ensure they meet the organisation’s internal requirements and is used for evaluating the effectiveness of the Management System. The value of the Internal Audit is that it takes a critical look at your company and how it operates and improves the effectiveness of risk management, control and governance processes.

Second-party Audit

A Second-party or Supplier Audit is valuable for strengthening a company’s supply chain and verifying that suppliers meet or exceed predetermined requirements. A Supplier Audit can prevent quality, environmental or health and safety issues from reaching your customers.

Third-party Audit

A Third-party or Compliance audit is carried out by a Certification Body (CB) and evaluates whether the Management System meets the requirements of a specific ISO standard. If successful, the Third-party Audit will provide the organisation with a certification of conformity with the given standard.

The ISO 19011:2018 standard stipulates that a third-party Auditor must acquire the necessary knowledge and skills to be employed by a CB and pledge to abide by a code of ethical conduct in the performance of an audit. ISO certification confers numerous benefits such as increasing your organisation’s credibility and enabling you to secure business.

Surveillance Audit

These audits are held in years one and two after initial certification and in years one and two following each recertification. The audit is conducted by a Certification Body.

Recertification Audit

These audits are held every three years with a Certified Body performing the audit The goal is to continue to demonstrate management’s commitment to and ongoing improvement of the Management System to ensure its effectiveness.


Knowledge of the ISO standard(s) and conducting effective interviews are essential parts of the Internal Auditor’s job. Unskilled auditors will collect little useful information and their interview questions are likely to elicit predictable answers which are of no value. So ensure that your Internal Auditors are properly trained.

Our ISO Auditor Training courses are an efficient way of doing this: View our public Auditor Training courses here or Sign Up for an Online Learning Course here.


Audits are aimed at enhancing productivity, detecting problems at an early stage and ensuring that policy and objectives are being followed by everyone in the organisation. Below is a roundup of the benefits offered by auditing your ISO Management System:

  • Audits help us to analyse the compliance of our process with respect to the set ISO standards.
  • Audits aid us in identifying our strengths and weaknesses, which are necessary for us to tackle the various opportunities and threats in our industry.
  • We are able to assess and identify the areas for improvement of our efficiency.
  • Audits help us to identify deviations from our objectives and goals and provide us with the opportunity to correct them.
  • Above all, audits helps to bring in positive changes in departments by correcting the nonconformities observed and preventing them from recurring.


Are your Internal Auditors adequately trained to sufficiently audit ISO Management Systems?

Risk ZA’s focus is to conduct audits according to the new ISO 19011:2018 standard’s requirements which focus on a Risk-based Approach during the audit process.

Learn more about the Risk-based Auditing Approach! Download our FREE guide Risk-Based Approach to Auditing an ISO Management System.


Risk ZA assists businesses in Southern Africa make excellence a habit. We are experts in delivering a cost-effective route to ISO certification and make sure that ISO Management Systems work for you through our ISO Training, Auditing of Management Systems and our Consulting Services.

For more information about our wide range of training and consulting services, please contact our expert team on +27 (0) 31 569 5900, email

You can share this blog post on your preferred social media platform:

Share on facebook
Share on email
Share on twitter
Share on linkedin

Producing Superior Quality Food To Protect Customers

Share on facebook
Share on email
Share on twitter
Share on linkedin

The last couple of years have provided ample evidence that control of food safety is critical. Recent media reports have clearly shown severe shortcomings in the food industry that have threatened consumers’ health and safety.

Unsafe food is a risk for all of us – consumers can become seriously ill and the food industry can face costly corrective actions. These ongoing problems cry out for additional tools to reduce or eliminate risks. Communication and raising awareness of potential hazards throughout the entire food chain are crucial as food safety is a joint responsibility for all participating parties.

The ISO 22000:2018 Food Safety Management System aims to ensure that there are no weak links in the food supply chain.

Since ISO 22000 was first published in 2005, the standard has been well received by the food industry but new food safety risks prompted the need for a revision. The latest edition was published on 19th June 2018 and maintains a strong link to the Codex Alimentarius standards. It also addresses emerging food safety challenges and aligns the strategic direction of an organisation with its Food Safety Management objectives.


The ISO Food Safety Management System is flexible and can be used by all organisations in the food chain. By using the standard the food industry shares a common food safety language, thus reducing the risk of critical errors and maximising the use of resources. Enterprises that can apply the standard include:

  • Growers
  • Transporters
  • Packagers
  • Processors
  • Retailers
  • Bottlers, and
  • Restaurants


Food companies applying the ISO Food Safety Management System will be able to:

  • Embed and improve internal processes and provide consistently safe food.
  • Provide confidence that their organisation’s practices and procedures are effective and robust.
  • Assure customers and other parties through the certification process that food safety hazards are controlled and that their enterprise can provide safe products.
  • Continually improve their Food Safety Management System by reviewing and updating the system at planned intervals so that all activities related to food safety are always optimised and effective.
  • Ensure adequate control at all stages of the food supply chain to stop the introduction of food safety hazards.


To increase the acceptance of the ISO 22000:2018 Food Safety Management System and ensure that accredited certification programmes are implemented in a professional and trustworthy manner, the technical specification: ISO/TS 22003:2013 Food safety management systems – Requirements for bodies providing audit and certification of food safety management systems was published in 2007 and reviewed in 2016.


The British Retail Consortium (BRC) and the International Featured Standard (IFS) are standards that are recognised by many European retailers and are now required from suppliers of private-label goods.

BRC and IFS include provisions to prevent malicious acts (food defence) and to manage the authenticity of raw materials (food fraud). This is not the case with ISO 22000:2018 but the 2018 version allows for these provisions to be incorporated into the Food Safety Management System.


FSSC 22000 or Food Safety System Certification 22000 is a certification system, which incorporates ISO 22000 and other requirements, in particular food fraud and food defence. FSSC 22000 is recognised by the Global Food Safety Initiative (GFSI) and can be used by many agri-food businesses.
All of the GFSI-benchmarked Food Safety Management Systems are based on the following three components which must function as a system to minimise the risks for creating a food safety incident:

  • PRPs
  • Other requirements needed for a management system


Risk-based thinking plays a central role in the ISO 22000:2018 Food Safety standard. Organisations are given the tools to assess, identify and evaluate food safety hazards and address how to reduce their impact on consumers. ISO 22000:2018 follows the risk management principles outlined in the ISO 31000:2018 Risk Management standard but there are differences between the two standards.

Download our FREE Guide to learn about the importance of Risk-based Thinking in Food Safety Management.


Better processes
Dynamic control of food safety hazards through HACCP and PRPs is a cost-effective way of controlling food safety, from ingredients to production, storage and distribution.

  • HACCP (Hazard Analysis and Critical Control Points) requires that potential hazards are identified and controlled at specific points in the process.
  • PRPs (Prerequisite Programmes) stipulate the prerequisites for producing safe food in various food sectors.

Better competence
Workers learn good hygiene practices through training programmes.

Better infrastructure
Sites, production flows and factory layouts are arranged for satisfactory sanitary conditions.

Better planning
A clear project plan defines how, when and by whom risks and objectives should be managed.

Better teamwork
Effective communication helps employees work towards the same goal of food safety.

Better leadership
Management shows commitment to food safety through policies, resources and actions.

Better performance
Management reviews performance and objectives regularly to drive continual improvement

Better documentation
Food safety policies, procedures, work instructions and records are carefully documented for reference.

Click here to read about ISO Document and Control procedures and Software Solutions.

The ultimate goal of the ISO 22000:2018 Food Safety Management System is to put good quality, safe food on the tables of consumers. Now that’s something to celebrate! Bon appétit!


Are you ready to update your Food Safety Management System?

Risk ZA offers a wide range of ISO 22000:2018 Food Safety Management Training courses. Grow your skills by attending our courses which are presented by leading industry experts. Click here to check the training course schedule and find the one that suits you best.

For more information and assistance, please contact our friendly team on
+27 (0) 31 569 5900, email

You can share this blog post on your preferred social media platform:

Share on facebook
Share on email
Share on twitter
Share on linkedin

Risk Management: Improving Business Performance with Proactive Risk Reduction

Share on facebook
Share on email
Share on twitter
Share on linkedin

Business leaders navigate a complex environment in which the pace of change is rapidly accelerating and this has put pressure on companies to focus on risk management. The risk environment is equally challenging. Organisations are juggling a multitude of risks and it is becoming extremely difficult for enterprises to identify and reduce the impact of risk on their organisations. While managing the failure of critical assets is the top pressure, executives should not forget the risks associated with non-compliance, environmental, financial, logistical and supplier issues.

As such, Enterprise Risk Management (ERM) and Enterprise Resilience have become hot topics. But what are they and are they the same concept?

Enterprise resilience and ERM are related concepts that are associated with risk, but they are different. Enterprise Risk Management is a process that organisations use to rigorously identify, assess, manage and monitor risks that may affect their operations and objectives.

Enterprise resilience, on the other hand, is a capability. It describes an organisation’s capacity to anticipate and react to change that could represent opportunities and threats. Resilience includes two important components: organisational capacity and the ability to adapt and grow from a disruptive experience.


There are four stages to achieving enterprise which include:

  • Stage 1 – prepare and plan for the risk event
  • Stage 2 – absorb the consequences of the risk event
  • Stage 3 – recover from the risk event
  • Stage 4 – successfully adapt to the risk event

ERM is the mainstay of Stage 1 and assists with the other three stages as it cuts across organisational silos and considers internal and external risks, such as cyber-attacks and natural disasters. In this way, ERM allows management to identify risks and absorb the negative impact and assists with recovery by allowing organisations to assess and mitigate risks and plan for adverse events.


A healthy corporate culture promotes long-term resilience. The opposite may also be true. If the board and senior leadership are too focused on containing incidents and minimising bad press to preserve reputation and share value, this may lead to inappropriate responses in crises, and to inappropriate strategies to prepare the company to bounce back better.

Your governance, your values and your stakeholder relationships all determine your resilience. So do your processes.


Good governance comprises four essential elements:

Transparency – being clear and unambiguous about the company’s structure, operations and performance, both externally and internally; and, maintaining a genuine dialogue with and providing insights to stakeholders and the market.

Accountability – ensuring that there is clarity of decision-making within the company; with processes in place to ensure that the right people have the right authority to make effective and efficient decisions; with appropriate consequences delivered for failures to follow those processes.

Stewardship – developing and maintaining a company-wide recognition that the organisation is managed for the benefit of its shareholders, taking into account the interests of other stakeholders.

Integrity – developing and maintaining a corporate culture committed to ethical behaviour and compliance with the law.


Almost all organisations have faced adversity at some point in their history. Those that prosper over long periods of time display a remarkable ability to bounce back from adversity time and time again and to create value in changing circumstances.

Business turbulence and disruptions need to be addressed in the same manner as any other material business risk. Directors have a duty to ensure that the organisations which they govern are sustainable through disruptive events and create a culture in which business opportunities are chosen wisely.

A sustainable organisation is able to quickly adapt and align its strategy, operations, management systems, governance structure, and supply chain to meet the challenges of significantly changing environments. It is also able to create competitive advantage by maximising opportunities in an informed manner.

Sustainability is not only about being able to respond to a single crisis or setback but about continuously anticipating and adjusting to trends that can permanently alter the viability of a business. Traits of sustainable organisations include:

A culture of sustainability – a clear purpose and a core set of values which are more than just platitudes. Leaders of sustainable organisations strive to make the purpose and value a compelling reality at all levels of the organisations. The measure of success of a culture of sustainability is the degree to which the organisation’s people, from the board down, are active participants in understanding and addressing the opportunities and risks associated with the achievement of the organisation’s objectives.

A strong understanding of risks aligned to business strategy – all strategies and all opportunities worth pursuing involve risks that must be monitored and managed. Risk management is about both protecting value and creating value.

Accurate monitoring and detection with relevant reporting to management and the board – reporting mechanisms to raise alerts about risks may also be used to identify opportunities.

Reliable and sustainable processes and infrastructure which balance efficiency with flexibility – contingency and recovery planning and competitive advantage are founded on risk-based analysis and are embedded in operational plans encompassing people, processes, systems and data.


The ISO 31000:2018 Risk Management standard provides principles and generic guidelines on risk management. The framework seeks to replace the myriad of existing standards, methodologies and paradigms that differed between industries, subject matters, and regions. It assists organisations to gain better control and visibility into the risks within their operations.

Cross-functional involvement and collaboration are the keys to a successful risk management and risk mitigation program and these are focus areas in the latest version of the ISO 31000:2018 Risk Management standard.

In a risk environment that is growing more perilous and costly, boards and business owners need to help steer their enterprises toward resilience and value by embedding strategic risk capabilities throughout the organisation. But how do you achieve this? Learn more! Download our FREE guide on How to Achieve A Best-In-Class Risk Management System.


Risks ZA works with organisations in numerous ways to help you understand and manage your risks.

Don’t miss our ISO 31000:2018 Introduction to Risk Management Public Training Event which aims to deliver better solutions for managing complex risks and identifying competitive advantages in an ever-changing business environment.

Gain invaluable insights into Risk Management principles and be in a position to establish best-in-class Risk Management practices. Visit our Training Schedule page to view when the next course is running in your area!

To book your seat, call our team on +27 (0) 31 569 5900, email or complete our Online Booking Form.

You can share this blog post on your preferred social media platform:

Share on facebook
Share on email
Share on twitter
Share on linkedin

Smart Cities of Tomorrow: How will our future urban spaces look?

smart cities with ISO
Share on facebook
Share on email
Share on twitter
Share on linkedin

Imagine a city of the future. Do you see clean streets, electric cars and robots doing all the work?

Or perhaps your vision is more dystopian. The Los Angeles in the Blade Runner movies is a grim depiction of the city in 2019 and 2049. The sea has risen to dangerous levels, the sky is dark and foreboding, and the skyline is dominated by ominous skyscrapers.

Philip K. Dick’s iconic 1968 novel, Do Androids Dream of Electric Sheep?, on which the Blade Runner films are loosely based, is a dystopian yet ultimately hopeful novel about human engagement with artificial intelligence. The book makes profound comments on human relationships and explores the questions that plague us: Why are we in such a mess? And: Why has society degenerated to such a degree?


The dystopian future of Blade Runner intersects with what experts and scientists predict our world and cities will become like in the very near future – more populous, more polluted, more crime-ridden and facing the imminent collapse of basic services, all compounded by unpredictable weather events.

Almost half of the world’s population currently lives in cities, and by 2050 this figure is projected to increase to 75%.

“Cities are reaching breaking point,” says Professor David Gann, who heads up the London Imperial College’s Digital Economy Lab.

The time is upon us, say the experts, to start designing smarter urban environments. New cities are needed to sustain an ever-growing population, and the urban spaces that we have lived in for centuries need to be retrofitted. But what kind of cites will we be living in?


The cities of the future will be shaped by ideas, and there are plenty of competing ideas about how futuristic urban spaces should look.

Some of these centre around the idea that smarter means greener.

Sustainability experts are working towards carbon-neutral cities with electric vehicles and bike-sharing schemes and improved air quality so that office workers in the smoggiest cities can actually open their windows.

Visions of a green city often include high-rise building where living and office spaces are surrounded by floating greenhouses or vertical gardens and green roofs.

Imagine our harbours filled with floating farms? It sounds absurd. But the Jellyfish Barge could be the answer to future urban farming. The barge is a floating greenhouse that desalinates seawater to irrigate and grow plants. Using solar energy, it mimics the water cycle and turns salt water into clean, freshwater which is recycled over and over again to irrigate hydroponically grown crops.

“We can save 70% of water compared to traditional cultivation,” says Cristiana Favretto, one half of the Italian architectural duo at Studimobile who came up with the concept. Each barge has the potential to produce around 1000 to 1500 edible plants per month.


Technology companies like IBM believe that the smartest cities will be those that are connected into the Internet of Things, where objects are made smart by being connected to each other.

A network of sensors will provide a host of data about how a city is performing. This will allow systems to be joined up and to work more efficiently. It will also bring unimaginable new services to citizens, or at least Professor David Gann thinks so.

IBM currently has projects in cities around the world, from crime prevention analytics to water databases and smarter public transport systems in Zhenjiang, China.

IBM’s flagship project is in Rio de Janeiro and it’s the work of IBM’s Smarter Cities Unit.

IBM has created data centres for single agencies like police departments. But this is a citywide system integrating data from 30 government agencies and providing mobile applications to keep citizens in touch with city updates such as accident blackspots and flood warnings.


Smart City and smart city projects are intended to make cities work better and more liveable. They apply information and communications technology to monitor, measure and control city processes, from transportation to water supplies, and the location of vehicles to the performance of electric grids.

Smart Cities are all about saving money, becoming more efficient and delivering better services and living spaces to citizens. The elements of Smart Cities include:

Smart Energy

Smart energy uses digital technology for the intelligent and integrated transmission and distribution of power.

Smart Buildings

Smart buildings are green and energy-efficient, with advanced automated infrastructure.

Smart Mobility

Smart mobility enables intelligent mobility through the use of innovative and integrated technologies.

Smart Technology

Smart technology connects the home, office, mobile phone and car on a single wireless IT platform.

Smart Healthcare

Smart Healthcare uses eHealth and mHealth (mobile health) systems and intelligent and connected medical devices. Johannesburg started rolling out its e-health programme in 2016, and has extended eHealth to include a smart queuing system.

Smart Infrastructure

Smart Infrastructure includes intelligent and automated systems that manage, communicate and integrate different types of intelligent infrastructure such as energy grids, transport networks, water and waste management systems and telecommunications.

Smart Governance

Smart Governance includes policies and digital services from the government that help and support businesses and citizens adopt green and intelligent solutions through incentives, subsidies or other schemes.

Smart Citizens

Smart Citizens embrace smart and green solutions in their day-to-day work activities and choose products and services  that fit their “smart” lifestyle choices.

While critics are up in arms about President Ramaphosa’s inaugural speech and in particular his vision of creating a new African smart city, South Africa has been preparing to embrace smart cities for a number of years.

Recognising that cities hold the key to so many different aspects of a sustainable future, the Cities Support Programme (CSP) was set up by National Treasury in 2011, and within every major municipality, examples of smart projects can be found.

It’s easy to be cynical, and even easier to be apathetic. But that’s not where the solutions lie… and that’s not the future.


Did you know that ISO has published over 22 000 International Standards on a variety of subjects and all of them are designed to support sustainability? 

Finding innovative, sustainable solutions to the problems our businesses and communities are facing is possibly the greatest leadership challenge of our time.

To find out how ISO standards can assist you on your sustainability journey, download our FREE Guide on the Top Six Sustainability Standards that Drive Results for Businesses.


How is your organisation preparing for a sustainable future? We can help you discover the sustainability issues affecting your business and provide workable solutions through our various ISO public training courses, online learning solutions and consulting services.

Need more information? Call our team today on +27 (0) 31 569 5900 to discuss solutions for building a future-proof business that is both sustainable AND profitable.

PLUS! Ask us if we have any specials to offer you at the moment!

You can share this blog post on your preferred social media platform:

Share on facebook
Share on email
Share on twitter
Share on linkedin

Cleaning Up Your Business: 7 ‘deadly’ Wastes ALL Companies Must Combat

Share on facebook
Share on email
Share on twitter
Share on linkedin

One of the key aspects of driving your business forward is being able to identify and tackle waste.

Taiichi Ohno is credited with being the father of the Toyota Production System. He created a Lean Manufacturing framework based on the idea of preserving or increasing value with less work. Anything that doesn’t increase value for the customer is waste and every effort should be made to eliminate that waste.

Environmental waste is any unnecessary use of resources or a substance released into the air, water, or land that could harm human health or the environment. Environmental wastes are often a sign of inefficient production, and frequently indicate opportunities for saving costs and time.

Lean efforts can lead to significant environmental gains since environmental wastes are related to Ohno’s 7 wastes.


Yet the latest draft of State of Waste Report and statistics from the CSIR show without a shadow of doubt that South Africa has a massive waste problem, which we are doing little to solve through our own initiates.

Quite shockingly, only 10% of the waste produced annually is recycled, leaving a staggering 54 million tons of general waste to be transported to landfill.

Much of the waste sent to landfill can be reused. These resources that we are throwing in the bin have an annual value of R17 billion according to the CSIR.

Waste management changes on the horizon

However, a raft of legislative and regulatory changes are looming on the horizon. These are set to radically alter the waste management landscape and are intended to move South Africa towards a more resource-efficient economy.

Various industries such as paper and packaging have already submitted Industry Waste Management Plans for approval by the Minister of Environmental Affairs, and retailers are busy phasing out single-use plastic bags to meet the 2020 deadline.

By the end of 2021, liquid waste and batteries will be banned from landfill sites. Targets for reducing organic waste disposal by 50% in 2023 have been set and include food and garden waste both produced in vast quantities by several industries.

Landfill sites are poised to increase gate fees as they become ever-more squeezed for space.

We have already seen the first phase of Carbon Tax implemented on 1 June 2019. Carbon Tax adopts the ‘polluter-pays principle’ to reduce greenhouse gas emissions. Even if you’re not liable to pay Carbon Tax, you should be able to benefit if you invest in products and processes with lower carbon footprints and make use of National Treasury’s Carbon Offset Scheme.

But what steps can you take to improve your processes and manage all these changes?

How can I change the way I do business?

We recommend that the best way to manage the threats posed by the impending legislation is to understand the potential risks that they pose to your business. This knowledge can then be used to identify opportunities to alleviate the risks, increase your business’s resilience and ideally realise competitive advantage.

In our experience, it’s quite possible to decrease or stop generating certain types of waste by changing processes. You can achieve this by implementing policies and procedures that refine or change the way you run your business and are based on the clearly-defined principles of Environmental Management.

One of the biggest benefits of implementing an Environmental Management System is the potential it offers to reduce waste.

Click here to find out How ISO 14001:2015 can help your organisation achieve Zero Waste to Landfill.


In nearly every organisation, 95 percent or more of the activities and time in business processes do not add value. Below are the 7 wastes according to Taiichi Ohno and their environmental impacts:
Waste TypeEnvironmental Impact
1. Overproduction (the biggest waste)
  • More raw materials and energy consumed in the making of unnecessary products.
  • Extra products may require disposal.
  • Extra materials used in production result in more emissions, waste disposal, water usage etc.
2. Waiting
  • Potential material spoilage or component damage causing waste.
  • Wasted energy from heating, cooling and lighting during production downtime.
3 & 4. Transportation & Motion
  • More energy used for transportation.
  • Emissions from transport.
  • More packaging required to protect products during movement.
  • Damage and spills during transport.
5. Over-processing
  • More parts and raw materials consumed per unit of production.
  • Unnecessary processing increases energy and water use and emissions.
6. Defects
  • More raw materials and energy consumed in making defective products.
  • Defective products require recycling or disposal.
  • More space required for rework and repair, increasing energy use.
7. Inventory
  • More packaging to store work-in-process (WIP).
  • Waste from deterioration or damage to stored WIP.
  • More material need to replace damaged WIP.
  • More energy used.



The ISO 14001 family and ISO 14000:2015 in particular can help you to measure and improve your environmental performance in a number of areas, including:

  • Resource management
  • Waste reduction and treatment
  • Recycling
  • Energy savings

Why should I care about the environment?

In short, because it’s what your customers want, and it can save you money. A lot of consumers care about the planet. A Unilever study reveals that:

  • 33% of consumers prefer buying goods and services from “socially or environmentally active” brands.
  • 21% of consumers prefer brands that use sustainable packaging.

Essentially, consumers want to know that their brand of choice is doing something to support the environment.

South Africa's waste management leaders

A handful of South Africa’s corporates lead the pack in waste management. One of these companies is Consol Glass. South Africa’s biggest glass manufacturer uses ISO 14001:2015 to manage a sizeable sustainability programme and has implemented clean production technologies to reduce energy consumption and their carbon footprint.

Since 2011, 80 South African companies became part of the National Cleaner Production Centre’s Industrial Energy Efficiency Project to implement cleaner production processes and use less energy, water and materials.

Together these companies have saved enough electricity to supply 120 000 middle-income South African families with power for a whole year!

A fantastic effort, don’t you agree? And the reason why more and more organisations are choosing to use ISO 14000:2015! This Environmental Management System encourages you to think about risks and opportunities and find innovative solutions to challenging problems that will ultimately provide you with a competitive edge and significant cost savings.

Want to find out more about the benefits of the fabulous ISO 14000 family of Environmental Standards?

Download our FREE Guide: ISO Environmental Management Systems 101: Basic Concepts & Principles Explained!


We have collective experience of over 30 years in training, consulting and implementing ISO related management solutions for organisations of all types and sizes in the Southern African region. Our expert team has helped dozens of businesses transform their organisations, from simply assessing their risks, to helping them find sustainable solutions to challenging environmental problems.

Does your team need guidance on ISO 14001:2015? Contact us on +27 (0) 31 569 5900 or email, and let us help you through the process.

You can share this blog post on your preferred social media platform:

Share on facebook
Share on email
Share on twitter
Share on linkedin

7 Top Online Learning Benefits For Busy People Always On The Run

Share on facebook
Share on email
Share on twitter
Share on linkedin

Do you have a busy work schedule, a hectic personal life and a lengthy list of responsibilities that prevent you from continuing your education or learning a new skill? Have you ever considered Online Learning?

Thanks to our partnership with Erudio Global, it’s possible for you to further your education and develop new skill sets. Online courses relating to ISO 9001:2015 Quality Management and ISO 14001:2015 Environmental Management are currently on offer, with a few more expansions to take place in the months to come!

ISO 9001 and ISO 14001 are amongst some of the most globally demanded Management Systems due to requirements from various stakeholders. There are several key requirements within each of these two standards, which mean that you and your organisation need to get up to scratch, and fast!

Our ISO Quality Management and Environmental Management Online Learning courses are geared for the busy professional and anyone who wants to boost their career opportunities.

If you want to make a habit of lifelong learning, which let’s be honest has become a necessity to keep up with changes in our fast-paced world, Online Learning offers endless possibilities.

Here, we highlight a few of the many benefits that Online Learning offers busy people.


If you simply don’t have the time or money to attend traditional classes or training events to develop skills that will help you achieve your personal and professional goals, consider these benefits of Online Learning:

1. Online Learning Improves Knowledge Retention

Every learner, no matter their age or educational background, can benefit from an Online Learning experience. It gives you the ability to learn at your own pace and on your own terms, which boosts knowledge absorption and retention.

You get to choose how you want to study. Sometimes, that means choosing when to move on to the next module, rather than moving along at the pace of a tutor, your peers or colleagues. If you are able to learn when it’s most convenient for you, you are more likely to become immersed in the learning experience.

2. Online Learning Fits Into Your Schedule

You can access our ISO Online Learning courses during work breaks, while you’re waiting to board a flight, or when you have free time in the evening and over the weekend.

Online Learning fits into your schedule because you can access the courses and learning materials whenever and where ever it’s most convenient for you.

You don’t have to follow a specific schedule or attend training events. With some courses, you simply download online material and access it even when you don’t have an internet connection.

If you need more structure, there are also options for this which still won’t absorb a huge amount of your time. You get the structure through a facilitator-led online course, whilst still conveniently fitting it into your busy schedule.

3. You Don't Need to Travel for Online Learning

With ISO Online Learning you don’t have to worry about traffic or take time out of your busy work schedule to attend a training event. It’s all done virtually, so there’s no need to factor in travel time and transport costs.

Even if you have a busy lifestyle or live in a remote area, you can still access our high level ISO online training… Just make sure you have good internet and a pair of headphones for the videos.

4. You Can Customise Your Online Learning Experience

No two people learn alike, which means that no two learning experiences should be the same. Our ISO Online Learning gives you the opportunity to customise your learning experience and have control over what and how you learn.

You’re able to access the course videos and material as frequently as you need to! Online access means you’re able to login and revisit whatever part of the course you need to, at any time of the day.

5. Online Learning Doesn't Interfere with Your Work or Home Life

The main reason many busy people don’t enroll in classes or hesitate to attend training events is because they don’t want to have to choose between learning and personal or professional obligations.

With Online Learning, you don’t need to miss out on invaluable learning opportunities that could improve all aspects of your life… Be sure to eliminate any distractions during your stud session though!

6. Online Learning Empowers and Motivates You

If you’re feeling stuck in your daily work routine, a significant benefit of Online Learning is that it empowers you to learn new skills and take control of your personal and professional goals. By becoming an active participant in your own learning experience, you can get that dream job or secure a promotion and further your career.

7. Online Learning Removes the Fear of Failure

Online learners don’t have to stress about not passing a test or failing in front of their peers or colleagues. The Online Learning environment takes the risk out of learning because learners no longer have to worry about the fear of failure.

By removing the fear of failure, the potential to acquire new knowledge and skills becomes limitless. People become more willing to test their boundaries and to experiment when they aren’t afraid of being judged.

Mistakes can be a powerful learning tool and a chance to gain experiences that you would not have gathered otherwise. Online Learning offers you the opportunity to explore a topic and expand your knowledge without consequences.

These are just a handful of the benefits our ISO Online Learning offers busy people. In short, it’s a great way to get started on accomplishing your goals!


Whilst we do offer Online Learning 365 days in the year, we’re offering all our clients the opportunity to beat the winter-blues with a really great special!

Get in touch with the Risk ZA team to learn more about it. Call +27 (0) 31 569 5900 or email


Are you ready to begin the Online Learning journey? Does Online Learning need more, less or the same level of commitment as the traditional instructor-led training you are used to?

Before you commit to our online learning platform, Download our FREE Guide to find out the 10 Top Study Tips For Online Learners That Guarantee Success!

You can share this blog post on your preferred social media platform:

Share on facebook
Share on email
Share on twitter
Share on linkedin

Do Revised ISO Standards Mean NEW Documents & Control Procedures?

Share on facebook
Share on email
Share on twitter
Share on linkedin

Both large and small organisations have gained from using Management Systems standards to improve their quality and compliance and achieve efficient reliable processes – amongst multiple other improvement factors.

Documentation and Document Control supports all ISO Management Systems. For instance: in a Quality Management System, adequate documentation and document control ensures that documented processes and related controls are consistently implemented across an organisation and helps to identify and deal with non-compliance issues quickly and effectively.

Changes to the requirements for documentation have attracted a lot of attention in the latest versions of the ISO Management Systems standards. People are asking: “Can I get rid of documented procedures?” and “Are there no longer requirements for documents and records?”

Before going into Document Control here’s a brief look at the new ISO Management Systems standards’ requirements for Documented Information.


Documents that are directive in nature, such as policies, procedures, instructions, templates and documents that contain historical information, previously termed records, are now collectively called Documented Information, but what is the difference?

The latest ISO standards have replaced the terms documented “procedures” and “records” with “Documented Information”. According to ISO, Documented Information is:

“meaningful data that is required to be controlled and maintained by the organisation and the medium on which it is contained.”

The difference between a record and a document is that records are Documented Information that are “retained” and documents are Documented Information that are “maintained”. A form is a document; when the form is filled out it becomes a record, which you will “retain” to provide ease of retrieval.


While the ISO 9001:2008 version was explicit about documentation, ISO 9001:2015 allows more freedom in how, what, and when to document a Quality Management process (such as specific procedures). This allows an organisation the flexibility to use appropriate information, maintain current versions easier, provide broader access/distribution and reduce costs associated with documentation, as long as it conforms to the requirements pertaining to their Management System.

So, adequate documentation, maintenance and control of documents remain very important in the latest versions of the ISO Management Systems standards because Documented Information:

  • Provides evidence of conformance to the ISO Management Systems standard
  • Is an important consideration for auditing purposes
  • Provides a ‘single point of truth’ in how a process is carried out
  • Assists with staff training
    Prevents the loss of institutional knowledge

But what is Document Control according to ISO and how do you control documented information?


When dealing with ‘Maintaining Documented Information’, previously referred to as document control. The intent of the revised ISO standards is that once you decide on the need for a document — the means to convey critical information or a template to collect data, for example — then you will want to make it available to the staff who need it. You will also want to make sure that the information is always up-to-date and correct.

In short, Maintaining Documented Information, or Document Control, entails setting up arrangements to ensure that Documented Information of the ISO Management System remains relevant, up-to-date, accessible and aligned to the organisation’s strategy.  

Unfortunately, what goes into setting up, executing and managing the Document Control process often leaves people confused.  

Document Control Software, for example, can potentially provide you with a simple way of controlling important documentation. But, first, you need to ask yourself: What type of Document Control Software do I need, and will it provide me with a secure, cost-effective solution to managing my Document Control process?

Want to find out more? Click here to Download our FREE Guide — Automated Document Control: A Key Component of ISO Management Systems.​


We have many years of experience with various Document Control Software Solutions, which means we are able to give you good, solid advice on which route is best for you and your organisation. Give us a call to chat about how these Document Control Software options can streamline the way that you:

  • Maintain important documentation
  • Review, Approve, Share and Control Change of documents
  • Archive and retrieve information

Call us on +27 31 569 5900 or email

You can share this blog on your preferred social media platform:

Share on facebook
Share on email
Share on twitter
Share on linkedin

Are You A Risk Ready Organisation?

Share on facebook
Share on email
Share on twitter
Share on linkedin

As the speed of change increases, organisations need to adapt quickly. The age that we are living in will show no mercy for the risk-averse. From cyber risk to terrorism, climate change, and reputation risk, mounting a credible defence against these risks will depend very much on our ability to harness them and improve overall organisational resilience.

Organisations that embrace risk agility will be able to quickly reinvent themselves and establish a company culture that recognises when the enterprise is in danger by either an internal course of action or an external threat.

Based on our research and experience, almost all organisations in South Africa have been hit by a major operational ‘surprise’ in the past two years. The disastrous consequences of the recent rolling blackouts on businesses are all too fresh in our memories, as are the severe water restrictions imposed in the Western Cape.

Yet, we see few organisations that have a ‘complete’ Enterprise Risk Management (ERM) framework in place. Many do not maintain a Risk Register, and formal Risk Management training for executives and business owners is something that is often overlooked.

On the upside, the speed of change presents a myriad of opportunities. By embracing the reality that risk and return are related, and investing in enterprise risk oversight, there is plenty of evidence to support the fact that an organisation’s resilience and agility will strengthen.

Risk management can be a valuable aid to help people in organisations think through ‘what might happen’. Some of the benefits that good risk management can provide include:

  • Helping to set a successful strategy and governance
  • Helping to foster a good culture
  • Helping to achieve good, risk-informed decision-making
  • Assisting with new innovation and technological change
  • Ensuring there is an appropriate level of organisational resilience
  • Helping operations and projects to achieve successful outcomes


Top performing organisations view risk management as a strategic asset, which can sustain value over the long term. Ideally, risk management and compliance are addressed as strategic priorities by leadership and day-to-day management.

In the ISO 31000:2018 Risk Management Standard, risk oversight is presented as a process that is underpinned by a set of 9 core principles. These principles are supported by a structure or a framework that is appropriate to the organisation and its external environment. This is key in our view.

Your Risk Management framework should be fit for purpose and integrated into how your organisation works. ISO 31000:2018 doesn’t provide details about different organisational processes because you know what yours are. So ISO 31000:2018 gives you the freedom to stitch ‘risk-thinking’ into your core processes in a simple and effective manner.

You may also want to read our blog post “ISO 31000:2018 Risk Management – Accelerate Business Performance”.

ISO 31000:2018 recommends that a successful Risk Management initiative should be:

  • Proportionate to the level of risk in the organisation
  • Aligned with other corporate / business activities
  • Comprehensive
  • Embedded into routine activities
  • Dynamic by being responsive to changing circumstances

This approach enables a Risk Management program to deliver outputs, such as compliance with applicable governance legal requirements, assurance to stakeholders regarding the management of risk and improved decision-making.

The benefits associated with these outputs, which need to be sustainable and measurable, include more efficient operations and a more effective business strategy.

In summary, you can use the guidance in ISO 31000:2018 to help people in your organisation think through what might happen and work collaboratively to achieve your business goals and objectives in a fast-changing world.


Megan Cunningham, MD of Risk ZA, shares her insights into the benefits that an ERM System can bring to your organisation.

Could you talk about your perceptions of the benefits that an ERM program can bring to an organisation?

From my perspective, ERM positions an organisation to better manage uncertainties, reduce volatility and add measurable value if integrated correctly. ERM also positions organisations to communicate with internal and external stakeholders on what they are doing to address risk.

ERM promotes risk awareness throughout the organisation. It provides an avenue for risk discussions and assists business owners to know what they are doing to address risk and what is being done to address risk so that the business owner or top management is not left wondering: “Okay, we have this big risk out there, what are we doing about it?”

Risk Management provides that avenue and that structure so that everybody in an organisation is informed about what is being done to assess risk.

Have you any advice for an organisation that is getting started with ERM?

Yes. Enterprise Risk Management is not a race. It’s a journey. It’s also not a check-the-box approach to Risk Management.

For ERM to be sustainable, it’s very important to get buy-in from Top Management and to make sure that it becomes part of the organisational culture.


Risk ZA has a collective experience of over 30 years in training, consulting and implementing ISO related solutions for organisations of all types and sizes in the Southern African region.

We are leading experts in the field of Enterprise Risk Management and Corporate Sustainability. We are well-positioned to assist your organisation build a solid foundation for growth.

If you want to learn more about adopting the principles of Risk Management, or want to implement ISO 31000:2018 into your organisation, give us a call – we would be happy to walk with you through the process +27 (0) 31 569 5900!

You can share this blog on your preferred social media platform:

Share on facebook
Share on email
Share on twitter
Share on linkedin