The UK Government has now set out its roadmap for the Employment Rights Bill as part of the wider “Make Work Pay” plan. The reforms are expected to roll out from April 2026 and continue in stages through to 2027, bringing some of the biggest changes to employment law in years. These changes mainly affect HR, senior leaders and line managers across all sectors. Understanding the roadmap early means you can plan your policy updates, training and communication in good time.
The Employment Rights Bill was first introduced to Parliament in October 2024 as phase one of the Plan to Make Work Pay, aiming to boost job security, raise living standards and modernise employment protections.
In July earlier this year, the Government published a roadmap setting out how the reforms are expected to be implemented between 2026 and 2027. According to GOV.UK the announcement highlights the following:
ACAS has also published a clear summary of the Bill, explaining that protection from unfair dismissal is now expected to become a right after six months’ service rather than day one, with implementation likely in 2027.
For ongoing monitoring, you may find it useful to keep an eye on the following:
Under the current law, most employees need two years’ service before they can claim ordinary unfair dismissal. According to GOV.UK and ACAS summaries, the Employment Rights Bill will reduce this qualifying period to six months, following a Government compromise that moved away from an earlier “day one” proposal.
This is expected to take effect around 2027 and, according to parliamentary briefings, will be accompanied by a statutory framework for probationary periods, setting clearer expectations for how dismissals during probation should be handled.
For HR, this means:
The roadmap confirms that day-one rights to statutory sick pay for many lower earners, and day-one parental and paternity leave, are planned from early 2026, according to GOV.UK.
This will require updates to:
The Bill aims to clamp down on “one-sided flexibility” by strengthening rights for workers on zero-hours and very low-hours contracts. According to GOV.UK, CIPD and legal commentators, current proposals include:
These changes are expected to be phased in from 2027, according to the published roadmap.
The Make Work Pay programme and supporting commentary around the Employment Rights Bill point to:
According to CIPD and House of Lords Library analysis, many of these measures will build on recent changes to flexible working and existing equality legislation, rather than starting from scratch.
For many organisations, this will mean refreshing consultation processes, reviewing how organisational change is handled, and making sure people managers are confident navigating these conversations.
Taken together, the Employment Rights Bill roadmap will reshape key parts of the employment relationship. From a practical HR perspective, this is a good opportunity to step back and review how you attract, manage and support people – and to put clear, confident processes in place.
Areas to focus on include:
Contracts and handbooks
Reviewing probation clauses, notice periods and dismissal provisions in light of the proposed six-month unfair dismissal qualifying period, building in day-one rights to sick pay, parental and paternity leave once timelines are confirmed, and clarifying how zero-hours and low-hours contracts are used.
HR policies and procedures
Refreshing dismissal, capability, disciplinary and redundancy procedures, as well as flexible working, family leave, absence management, wellbeing, anti-harassment, anti-bullying and complaints handling, so they are consistent, clear and joined up.
Line manager capability
Making sure managers feel confident running structured probation reviews, performance conversations and dismissal processes, handling flexible working and predictable hours requests fairly, and managing sensitive situations around pregnancy, caring responsibilities and health conditions.
Culture and “good work”
Using these changes as a catalyst to strengthen trust, fairness and transparency, and checking that your approach to good work, wellbeing and equality is reflected in everyday HR decisions – not just in policy documents.
We are already working with clients to turn these proposals into a structured plan of action. Our HR consultancy support can include:
Contract and handbook reviews – auditing existing documentation and drafting updated contracts and handbooks that are both compliant and practical.
Policy refresh and development – updating or creating policies on dismissal, probation, flexible working, zero-hours arrangements, family leave, absence, wellbeing and conduct.
Ongoing HR advisory support – acting as a sounding board as new guidance emerges, and helping you balance legal compliance with employee experience and operational needs.
Roadmap and planning – working with HR and leadership teams to create a clear, phased Employment Rights Bill implementation plan you can track and review.
The next two years will bring real change for employers, but with the right preparation the transition can be smooth. If you would like to explore how these employment law changes could affect your organisation, we would be happy to talk things through in more detail. You can get in touch with our team or send us an enquiry to discuss the support that would work best for you.
October marks Cybersecurity Awareness Month — a reminder for every organisation to pause and consider how resilient their systems really are. Cyber-attacks are no longer isolated incidents; they’ve become part of everyday business risk. According to the Government’s Cyber Security Breaches Survey 2025, almost half of UK businesses and a third of charities experienced a cyber breach or attack in the past year.
What’s more, the likelihood of being targeted grows with size — around two-thirds of medium-sized businesses and three-quarters of larger organisations reported incidents. Even smaller firms are not exempt, with more than four in ten facing attacks that can cost thousands to recover from.
Phishing remains the most common entry point for attackers, while more complex threats such as ransomware, AI-driven scams and supply chain compromises continue to rise. The message is clear: cybersecurity isn’t just an IT concern — it’s a vital part of business continuity, reputation, and customer trust.
Why Cybersecurity Awareness Month Matters
Cybersecurity Awareness Month is more than just a reminder to update your passwords. It’s an opportunity for every organisation to pause, review and strengthen its defences. This month encourages us all to:
Four Simple Steps to Stay Secure
While advanced tools and standards play an important role, many attacks can be stopped by following a few consistent best practices. The 2025 campaign focuses on four simple yet powerful actions – the Core 4:
1. Use strong, unique passwords
Encourage staff to use long, unique passwords for every account. A password manager can make this much easier, helping avoid the temptation to reuse weak passwords.
2. Turn on Multi-Factor Authentication (MFA)
MFA adds an extra layer of security, so even if a password is stolen, an attacker still can’t get in.
3. Be alert to phishing
Phishing emails and texts are more convincing than ever. Regular training helps staff recognise and report suspicious messages before any damage is done.
4. Keep software up to date
Most cyberattacks exploit known vulnerabilities. Regular updates and patching are simple ways to close those doors to attackers.
Small, everyday actions like these create a stronger security culture and can prevent the majority of common cyber incidents.
How ISO 27001 Strengthens Your Security
Good habits are essential, but to build lasting resilience, organisations need a structured and proactive approach. That’s where ISO 27001, the international standard for information security management, comes in.
Implementing ISO 27001 helps you:
Achieving ISO 27001 certification may sound like a big step, but with the right planning and guidance, many organisations complete the process within six to eighteen months. The result is stronger resilience, reduced risk, and greater confidence from everyone who relies on your business.
How Critical Path Can Help
At Critical Path, we make ISO 27001 simple and achievable by working alongside your team to design, implement and embed an Information Security Management System that fits your organisation.
We can help you:
Whether you’re starting your information security journey or looking to improve an existing system, ISO 27001 offers a proven framework to protect your organisation. Get in touch with our friendly team to find out more.
Organisations are gearing up for the ISO 9001:2026 revision, the first major update to the Quality Management System (QMS) standard since June 2015. The new ISO 9001:2026 is expected to be published by September 2026, with ISO 9001:2015 remaining valid for a standard three-year transition period, until around September 2029.
This means organisations will have plenty of time to upgrade, and your current ISO 9001:2015 certification will stay valid through 2029. This blog post breaks down the key changes between ISO 9001:2015 and ISO 9001:2026, covering important dates and how to prepare. We will also explain how Critical Path International can support Quality Managers in smoothly transitioning to the new standard, whether as a guiding hand alongside your team, or as an outsourced ISO resource to lighten the workload.
Why ISO 9001 Is Being Revised
ISO 9001 is periodically reviewed to keep it relevant in a changing world. The last full revision was back in 2015, and by 2023 it became clear an update was needed. In August 2023, after extensive international consultation, ISO’s technical committee agreed that revising the standard would “enhance its value” and address evolving needs (ISO.org). Since 2015, the business landscape has shifted significantly, with factors such as:
In order to remain valuable and effective, ISO 9001:2026 aims to address these trends. The ISO has indicated the revision will include adjustments related to the following: resilience, supply chain management, change management, sustainability, risk management, and organisational knowledge.
Timeline of the ISO 9001:2026 Revision
2023: ISO approves the revision of ISO 9001:2015
2024: Amendment adds climate change to clause 4.1.
2025: Draft Internationak Standard (DIS) released 27th August
2026: Final Draft International Standard (FDIS) expected
2027: ISO 9001:2026 officially published
This timeline means there is no immediate rush to transition, but it’s wise to stay informed and start planning for gradual changes. The three-year transition period provides plenty of breathing room to update documentation, train staff on new requirements, and address any gaps. Next, let’s look at what changes are actually coming with ISO 9001:2026.
Key Changes from ISO 9001:2015 to ISO 9001:2026
The revision will refine and clarify the 2015 requirements rather than introduce sweeping new ones. Many core concepts (process approach, plan-do-check-act and risk-based thinking) will remain intact. However, there are several targeted updates and new emphases to be aware of. Below we highlight the most significant changes expected in ISO 9001:2026, compared to ISO 9001:2015.
Leadership and Quality Culture
Top management will be expected to show how they promote a culture of quality and integrity. Leaders must set clear values, encourage ethical behaviour, and lead by example. This goes further than 2015 by making culture and ethics an explicit duty.
Risk and Opportunity
Risks and opportunities will be treated separately for clarity. Clause 6.1 will have new sub-clauses to ensure organisations identify and manage risks and opportunities independently. This strengthens the focus on proactive risk management without demanding a formal risk framework.
Climate and Context
Clause 4.1 will now require organisations to consider climate change and sustainability when reviewing their external context. This could mean looking at resource availability, environmental conditions, or carbon reduction commitments. Stakeholder expectations (Clause 4.2) may also expand to cover wider societal needs.
Interested Parties
There will be greater emphasis on engaging with stakeholders such as customers, suppliers, employees, and regulators. Organisations may be expected to seek feedback and show how they address the needs of these groups within the QMS.
Sustainability and Responsibility
ISO 9001:2026 will link quality management more closely to sustainability and corporate responsibility. It will encourage objectives such as reducing waste or improving efficiency, recognising that quality performance supports broader ESG goals.
Resilience and Change Management
The new edition will highlight business continuity and managing change. Organisations should plan for disruptions, build resilience into their systems, and ensure their QMS can maintain quality even during crises.
Digitalisation and Knowledge
The standard will acknowledge digital tools and knowledge management. Organisations should ensure data integrity, manage digital documents effectively, and retain critical knowledge as staff or systems change.
Annex A and Alignment
The 10-clause structure will stay the same, but terminology will be updated to align with other ISO standards. Annex A will be expanded to give clearer explanations and practical guidance, making the standard easier to apply.
Despite these updates, it’s important to highlight that most of the core ISO 9001:2015 requirements remain intact. The process approach, documentation needs, internal audit, management review, corrective actions – all those familiar elements will still be there. So, if you have a robust ISO 9001:2015 QMS, you already have the foundation for ISO 9001:2026.
Preparing for ISO 9001:2026
The prospect of a new ISO 9001 standard can sound daunting and time consuming. But the good news is that this revision is more about fine-tuning rather than a complete overhaul. Here’s how Critical Path recommend navigating the transition:
Step 1: Plan
Firstly, recognise that your ISO 9001:2015 certificate remains valid until late 2029. There is no sudden drop-dead date in 2026; you will have about three years to transition. Certification bodies will likely start offering ISO 9001:2026 audits in 2027, so use 2026 and 2027 as planning and preparation years. Keep an eye out for when your certification body announces it is ready to audit against ISO 9001:2026, and schedule your transition audit at a sensible time, perhaps you could align it with a re-certification cycle.
Step 2: Assess the Gaps
Once the final standard is published (or even when the FDIS is available), perform a gap analysis against your current QMS. Identify what new or changed requirements apply to your organisation. You may only find a few small gaps, e.g. needing to document how leadership promotes quality culture, or updating your context analysis to mention climate factors. One advantage of the expanded Annex A guidance is that it can help interpret any new clauses during your gap analysis.
Step 3: Continual Improvement
If you’ve been maintaining your ISO 9001:2015 system with regular improvements, you are likely already well prepared for ISO 9001:2026. By continuing regular internal audits and management reviews with these updates in mind, you’ll have clear evidence of conformity when it comes time to transition.
Step 4: Staff Training
Ensure that your teams (especially quality managers/internal auditors) are aware that the revision is coming and what the high-level changes are. You don’t need to retrain everyone on a whole “new standard” since much is the same but do highlight the new focus areas. For example, conduct a briefing on what “quality culture” means for day-to-day operations, or update risk management training to reflect clearer separation of risk vs. opportunity.
Step 5: Engage with Experts
At Critical Path, we offer complete flexibility to suit your organisation’s needs. You may prefer a tailored document pack to manage the ISO 9001:2026 transition internally, or a fully dedicated support package where we carry out the majority of the work on your behalf. The level of involvement is entirely your choice. To help keep costs down, we provide a mix of remote and on-site support, giving you access to expert guidance without the expense of a full-time resource.
If you’re considering how best to begin or resource the transition, our team is here to help. We’d be pleased to discuss your requirements and outline a support plan that works for you.
We’re committed to staying ahead of industry developments. Keep an eye on our website and social media for ongoing updates as ISO 9001:2026 progresses. For official announcements, visit ISO.org.
If your organisation is ISO 9001 certified or you’re planning to become certified, you’ve likely heard about ISO 9001:2026 – the upcoming revision of the world’s most recognised quality management standard.
ISO 9001:2026 is scheduled for official publication in September 2026, following a public consultation on the Draft International Standard (DIS) expected in mid-2025. Organisations will have around three years, until approximately September 2029, to transition from ISO 9001:2015.
While the details continue to evolve, key anticipated updates include the following:
ISO 9001:2015 brought numerous benefits to organisations worldwide, including:
With ISO 9001:2026, these benefits are set to be enhanced further:
Stronger Risk Management
Enhanced frameworks for deeper risk analysis and more proactive risk mitigation.
Advanced Digital Capabilities
Incorporating new technologies such as AI, IoT, and automation to further streamline and optimise operations.
Greater Sustainability and Ethical Focus
Stronger integration of ESG principles to improve long-term resilience and stakeholder trust.
Leadership and Cultural Alignment
Reinforced leadership roles and a deeper embedding of quality culture across the entire organisation.
If you’re feeling uncertain about the upcoming transition to ISO 9001:2026, don't worry—Critical Path consultants are here to simplify your journey.
We strongly recommend beginning your preparation by booking an internal gap analysis of your current ISO 9001 Quality Management System. Typically, just one day onsite with one of our experts is enough to give you clarity and a structured plan for the transition ahead.
Conducting a gap analysis helps you by:
Get in touch with our friendly consultants today to schedule your gap analysis – this first step will pinpoint exactly where your QMS needs to evolve and prepare for ISO 9001:2026. And don’t forget to visit ISO.org regularly for official updates and the latest information on ISO standards.
Opting to achieve ISO certification for your organisation requires understanding whether to go for a UKAS or a non-UKAS certification. Both these routes offer a means to achieve ISO certification. However, they differ in their approach, recognition and credibility.
Here at Critical Path, we understand that achieving ISO for the first time can be an overwhelming experience, so we have covered the key differences in this blog post to answer some of your questions.
The United Kingdom Accreditation Service (UKAS) is a government-appointed agency that assesses the competence and capability of organisations offering certification, testing, inspection, and calibration services against globally recognised standards.
Organisations who are certified are assured of a high standard of quality and reliability. The "crown and tick" signifies a company's achieving the gold standard in ISO certification.
A non-UKAS ISO certification is granted by a body not accredited by the United Kingdom Accreditation Service (UKAS). Unlike UKAS-accredited certifications, which undergo rigorous assessment and meet internationally recognised standards, non-UKAS certifications may lack the same level of credibility and assurance.
These certifications may be less widely recognised or accepted in tendering processes and industry settings, potentially raising concerns about their reliability and compliance with ISO standards. While anyone can issue an 'ISO Certificate', only UKAS-accredited bodies have undergone independent assessment and approval.
For organisations achieving ISO as a prerequisite when tendering for work, UKAS certification will stand out more prominently than a non-UKAS certification because it ensures the certification is internationally recognised and held to rigorous standards.
Many tendering processes require UKAS-accredited certification to mitigate risks associated with non-compliance and ensure that the awarded organisation meets the highest quality and safety standards. Without the accreditation, ISO certification may not carry the same weight or credibility, potentially jeopardising opportunities for securing contracts or projects.
Opting for this accreditation when achieving ISO certification for your company has many benefits; below, we will cover five main benefits.
UKAS accreditation is recognised as a symbol of quality, competence, and integrity. Organisations accredited by UKAS demonstrate their adherence to internationally accepted standards and best practices, assuring customers, partners, and regulators worldwide. This global recognition opens doors to new markets, enhances reputation, and facilitates international trade agreements and collaborations.
Achieving UKAS accreditation enhances an organisation's credibility and reputation within its industry and among stakeholders. Accreditation signifies that the organisation has undergone rigorous assessment by an independent and authoritative body, validating its competence, reliability, and commitment to quality management systems. This enhanced credibility builds trust with customers, suppliers, investors, and other stakeholders, leading to increased confidence and loyalty.
UKAS accreditation improves market access by demonstrating compliance with regulatory requirements, industry standards, and customer expectations. Accredited organisations have a competitive advantage in procurement processes, tendering opportunities, and supply chain relationships. Market access is not limited to domestic markets but extends to international markets where UKAS accreditation is recognised, facilitating trade agreements and market expansion strategies.
UKAS accreditation helps mitigate risks associated with product failures, safety incidents, and legal liabilities. Accredited organisations adhere to recognised standards and best practices, reducing the likelihood of quality issues, non-compliance with regulations, and reputational damage. By implementing robust quality management systems and continuous improvement processes, accredited organisations can identify, assess, and mitigate risks effectively, ensuring operational excellence and business resilience.
UKAS accreditation instils confidence in customers by assuring them of consistent product quality, reliable services, and adherence to industry standards. Accredited organisations prioritise customer satisfaction and loyalty by maintaining high standards of performance, transparency, and accountability. Customer confidence leads to repeat business, positive referrals, and long-term relationships, driving revenue growth and sustainable business success.
Here at Critical Path, we understand the complexities and challenges involved in achieving ISO certification, especially for the first time. While it's important to note that we do not conduct the ISO audit ourselves, we do play a huge part in thoroughly preparing your organisation for it.
We offer a mock audit service, and we cover the following standards:
Our mock audit service, also known as a pre-audit, includes a detailed review of documentation, on-site assessments, gap analysis, risk assessment, continual improvement recommendations, and training and support. Through this comprehensive approach, we identify areas for improvement, provide actionable recommendations, and prepare your organisation to confidently achieve ISO certification.
Selecting the appropriate path for ISO certification—whether UKAS or non-UKAS—requires careful consideration of various factors. UKAS accreditation, endorsed by the British government, signifies credibility and reliability due to its stringent standards and comprehensive audits. On the other hand, non-UKAS options offer a faster, more budget-friendly approach, albeit with potentially less industry recognition.
The choice really comes down to what suits your organisation best. But no matter which path you choose, Critical Path will be here to support you. We're not here to conduct the audit ourselves (that would be like grading our own homework!), but we're here to make sure you're well-prepared for it. With Critical Path as your partner, you're in good hands to achieve and continually maintain ISO certification for your organisation.
The International Standards Organisation (ISO) has recently announced significant amendments to its management systems standards. These changes particularly affect the following top 10 management system standards: ISO 9001, ISO 14001, ISO 45001, ISO/IEC 27001, ISO 22000, ISO 13485, ISO 50001, ISO/IEC 20000-1, ISO 37001, and ISO 22301. These changes introduce climate change considerations into the core of organisational management systems, taking a big step towards making businesses worldwide more sustainable and environmentally responsible.
The recent amendments to management systems standards, particularly clauses 4.1 and 4.2, focus on understanding the organisation's context and the needs of interested parties. A significant addition is the requirement for organisations to evaluate the relevance of climate change in ISO standards to their operations and strategic objectives. This ensures that "climate change" is now incorporated into the management system as an essential consideration.
These changes reflect a broader shift in the global business landscape towards acknowledging and addressing the pressing challenge of climate change. By incorporating climate change in ISO standards, organisations are encouraged to evaluate and mitigate their environmental impact, aligning their operations with global sustainability efforts. This amendment not only underscores ISO's commitment to combating climate change but also elevates the role of businesses in contributing to environmental sustainability.
Organisations certified under these ISO standards are now expected to:
These expectations aim to ensure that organisations are not only compliant with ISO standards but also actively contributing to global climate action initiatives.
As an ISO consultancy provider, Critical Path is ready to assist organisations in navigating these amendments through a suite of services designed to ensure seamless compliance and integration of climate change considerations:
Our consultants conduct a thorough review of your current management system, identifying areas requiring updates to align with the latest ISO standards. This includes examining policies, procedures, and documentation related to quality, environmental, and health and safety management.
We assess the impact of climate change on your operations, identifying specific risks and opportunities. This involves reviewing existing risk management processes and documentation. Additionally, we conduct interviews and site visits to gather relevant information.
Our team offers expert advice on integrating climate change considerations into your management system. This includes developing tailored climate change policies and procedures, updating operational processes, and providing training to staff. We also assist in documenting these changes to ensure compliance with ISO standards.
We help prepare the necessary documentation to meet audit requirements. This includes updating manuals, procedures, and records to reflect the integration of climate change considerations into your management system. We ensure that all documentation is comprehensive and aligned with ISO standards.
We conduct onsite or remote training sessions to enhance organisational awareness of climate change issues. This involves developing training materials, delivering interactive sessions, and providing ongoing support to staff as they implement changes. We also assist in documenting training activities and outcomes for compliance purposes.
We provide continuous support to ensure your management system remains effective in addressing climate change challenges. This includes monitoring changes in ISO standards and best practices, conducting regular reviews of your system, and offering guidance on improvements. We assist in documenting these ongoing efforts to demonstrate compliance and continual improvement.
The integration of climate change into ISO management systems marks a major shift in how organisations address sustainability. As businesses strive for a greener future, Critical Path pledges to assist them in meeting new ISO standards and aiding the global fight against climate change.
Process mapping is a key strategy for optimisation, offering a structured visual representation of business workflows. This blog post will explore the essence, significance, various types, and benefits of process mapping alongside how Critical Path can assist you with business process mapping services.
Process mapping is a strategic tool that provides a visual diagram detailing the steps required to complete a specific task or achieve a goal within an organisation. It acts as a blueprint, illustrating every action, decision point, and sequence of activities from commencement to conclusion. Process maps use various symbols and visual cues to depict the flow of work, making complex procedures more straightforward to understand and analyse.
Process mapping is crucial for businesses aiming to enhance efficiency and achieve their objectives more effectively. It offers a clear roadmap of decision-making and workflow, aiding in identifying inefficiencies, redundancies, and bottlenecks within processes. The visual nature of process maps facilitates broader understanding and engagement, simplifying complex documentation and fostering a collaborative environment for process improvement.
High-Level Process Maps: Offer a bird's-eye view of a process, identifying critical elements like suppliers, inputs, processes, outputs, and customers (SIPOC).
Basic Flowcharts: Offer a straightforward visual overview of a process, highlighting its inputs and outputs.
Deployment Maps: Also known as cross-functional flowcharts, these maps illustrate the interactions between different departments using swimlane diagrams.
Detailed Process Maps: Provide an in-depth look at a process, including its sub-processes.
Value Stream Maps (VSM): A lean six sigma tool documenting the steps needed to deliver a product or service from start to finish.
Rendered Process Maps: Visualise current and future state processes to pinpoint areas for improvement.
Before creating a process map, gathering information about the process itself is crucial. Brainstorming sessions involving key stakeholders can be invaluable at this stage. Encouraging open discussion allows for identifying various process steps, potential bottlenecks, and areas for improvement.
Additionally, data collection plays a fundamental role in understanding the current state of the process. This can involve gathering quantitative data, such as cycle times and error rates, as well as qualitative data, including feedback from employees involved in executing the process. By combining brainstorming sessions with thorough data collection, organisations can ensure that their process maps accurately reflect the reality of their operations.
Various tools are available to assist in process analysis and process map creation. These tools range from simple flowcharting software to more advanced process modelling platforms. Flowcharting tools allow for the visual representation of process steps and decision points, making it easier to identify inefficiencies and areas for improvement.
For more complex processes, process modelling software offers additional capabilities such as simulation and optimisation. These tools enable organisations to conduct in-depth analysis of their processes, including scenario planning and "what-if" analysis. By leveraging process analysis tools, businesses can gain deeper insights into their operations and make more informed decisions about process improvements.
Involving stakeholders throughout the process mapping process is essential for its success. Stakeholders can include individuals directly involved in executing the process, managers, and other relevant parties. By engaging stakeholders from different departments and levels of the organisation, businesses can ensure that their process maps accurately reflect all stakeholders' diverse perspectives and requirements.
Stakeholder involvement also helps to build buy-in and support for process improvement initiatives. When stakeholders feel heard and involved in the process mapping process, they are more likely to embrace changes resulting from process improvements. Regular communication and feedback sessions with stakeholders can help keep them engaged and informed throughout the mapping process.
Several software applications are specifically designed for process mapping and analysis. These applications offer features such as drag-and-drop interfaces, pre-built templates, and collaboration tools to streamline the process mapping process. Some popular examples of process mapping software include Microsoft Visio and Lucidchart.
These tools make it easy for businesses to create, edit, and share process maps with stakeholders across the organisation. Additionally, many process mapping software applications integrate with other business process management tools, allowing for seamless workflow automation and continuous improvement. Investing in software applications for process mapping can help businesses streamline their operations and drive efficiencies across the organisation.
We can help organisations of all sizes with process mapping services, and we typically follow the four steps below:
We start by meeting with you and your leadership team to understand what you're looking to achieve with process mapping. This process helps us get a clear picture of your goals and how we'll scope out the work.
Then, we talk directly with your team members who handle the day-to-day tasks. By chatting one-on-one, we get real, unfiltered insights into how things are done, which helps us understand your processes.
With all the insights in hand, we create a visual map. This map is designed to be straightforward and easy to understand, showing how tasks flow within your organisation.
Once the draft of the process map is ready, we'll share it with you for feedback. We need to know if we've hit the mark or if there are areas that need tweaking. After incorporating any feedback, we finalise the process map and present it to you, ensuring it meets your needs and is ready for implementation.
Process mapping is helpful for any business trying to make sense of its complicated day-to-day tasks. It's like drawing a map that shows how work gets done, helping everyone see where things can get better or faster. This way, businesses can keep improving over time, ensuring they're set up for success, no matter what they do or how big they are.
Small businesses often face unique challenges in maintaining quality and efficiency. In a world of fierce competition, credibility and reliability can make or break your business. This is where ISO standards come to the rescue. Critical Path, a leading consultancy provider, is here to guide you through the journey of understanding how ISO standards can be a game-changer for small businesses.
ISO, or the International Organisation for Standardisation, develops and publishes a wide range of international standards that ensure products, services, and systems meet specific quality, safety, and efficiency criteria. These standards provide a globally recognised framework for businesses to improve operations and meet customer expectations.
Small businesses often wonder if ISO standards are meant for them. The answer is a resounding yes!
Quality is the cornerstone of any successful business. ISO 9001 helps small businesses implement efficient quality management systems. It's not about adding bureaucracy but rather streamlining processes to consistently deliver better products and services.
Being environmentally responsible is not just for big corporations. ISO 14001 allows small businesses to reduce their environmental footprint, save resources, and demonstrate their commitment to sustainability.
Ensuring the safety and well-being of employees is paramount. ISO 45001 helps small businesses create a safe workplace, reduce accidents, and comply with legal requirements.
Protecting sensitive information is crucial in today's digital age. ISO 27001 helps small businesses safeguard data, build customer trust, and mitigate the risks of data breaches.
Now that you know which ISO standards are relevant, let's dive into the benefits they bring:
ISO certification is a globally recognised badge of quality. It shows your customers and partners that you are committed to meeting high standards, which can boost trust and credibility.
Implementing ISO standards often involves streamlining processes. This can lead to cost savings, improved resource utilisation, and greater efficiency.
Small businesses can find it challenging to stand out in a crowded market. ISO certification can give you an edge over competitors and open new opportunities.
ISO standards include risk assessment and management components. This helps small businesses identify and mitigate risks, ensuring smoother operations even in uncertain times.
The path to ISO certification might seem daunting, but it's entirely achievable for small businesses with the proper guidance. Critical Path specialises in assisting small enterprises on this journey. As a trusted consultancy provider, we work with many auditing bodies and can recommend a third-party auditing body to help companies achieve ISO certification. Here's how the process typically works:
The journey towards ISO certification begins with an initial assessment conducted by our expert consultants. We'll thoroughly evaluate your current practices and perform a comprehensive gap analysis to identify areas where your business doesn't conform to the requirements of the ISO standard you are working towards. This assessment serves as the foundation for developing a customised plan to achieve certification.
Once the gaps are identified, our team will work closely with you to develop a tailored plan and strategy for achieving ISO certification. We'll set clear objectives, define roles and responsibilities, and establish a roadmap for implementation that aligns with your business goals and timelines.
The next crucial step involves developing the necessary documentation for ISO certification. Our consultants will collaborate with your team to create a suite of documents, including a bespoke manual, procedures, work instructions, forms, and records. These documents will be customised to meet your business's specific requirements and ensure compliance with ISO standards.
With the documentation in place, we'll guide you through the implementation of ISO requirements. Our comprehensive training programs are designed to educate your staff on ISO principles, processes, and best practices. From top management to frontline employees, everyone will receive the necessary training to effectively implement and maintain ISO standards within your organisation.
Internal audits play a crucial role in ensuring ongoing compliance with ISO standards. Our consultants will conduct thorough internal audits to assess the effectiveness of your management system and identify areas for improvement. We'll work with your team to address any findings and implement corrective actions, fostering a culture of continuous improvement within your organisation.
As you approach the final stages of certification, we'll conduct a mock audit to simulate the official certification audit process. This mock audit will help prepare your team for the rigorous assessment and ensure readiness for certification. Additionally, we'll provide guidance and support as you engage with an independent auditing body for the verification audit, offering assistance throughout the audit process to maximise your chances of certification success.
Even after achieving ISO certification, our support continues. We'll continue to provide ongoing support and assistance to help you maintain compliance with ISO standards. From addressing non-conformities to conducting periodic reviews and updates, we'll be by your side every step of the way to ensure your certification remains valid and effective.
Whether you are looking to achieve ISO 9001, ISO 14001, ISO 45001, or ISO 27001, Critical Path has got you covered. Our step-by-step process is very similar for each ISO standard, ensuring a seamless journey towards certification. We understand the unique needs of small businesses and can offer as little or as much support as you require.
ISO standards offer a structured approach for small businesses to enhance quality, credibility, and efficiency. With our expert guidance and support, you can navigate the complexities of ISO certification with confidence. Our consultants are supportive and will be there to guide you every step of the way.
ISO is a globally recognised standard that signifies an organisation's commitment to quality, efficiency, and continuous improvement. By achieving ISO certification, businesses can streamline their processes, enhance customer satisfaction, and gain a competitive edge in the market.
Choosing the right partner for ISO certification ensures a smooth and successful implementation process. Critical Path offers comprehensive consultancy services tailored to your organisation's needs. With our expertise and personalised approach, we guide you through every step of the certification journey, from initial assessment to final audit.
ISO is more than just a badge of quality; it's a strategic tool that can give your business a competitive advantage. Here's how:
It demonstrates to customers, suppliers, and stakeholders that your organisation adheres to internationally recognised quality, safety, and efficiency standards. Aligning your processes with ISO standards can improve operational performance, reduce errors, and enhance overall competitiveness.
ISO certification builds customer trust and credibility by assuring that your products or services consistently meet their expectations. It signals to potential clients that your organisation is committed to delivering high-quality outcomes and adhering to best practices, thus strengthening your reputation in the market.
ISO standards open doors to new markets and business opportunities. Many government agencies and multinational corporations require suppliers to be ISO-certified, giving certified businesses a competitive advantage when bidding for contracts or expanding into new territories. It also demonstrates compliance with regulatory requirements, which can be a key differentiator in highly regulated industries.
Enhance customer satisfaction and streamline processes with the ISO 9001 standard. Critical Path's specialists will guide you through the implementation process, ensuring your quality management system truly benefits your business. From initial assessment to final audit, we help you establish efficient quality control measures, improve product or service quality, and enhance overall customer satisfaction.
Demonstrate your commitment to environmental sustainability with ISO 14001 certification. Our experts assist you in implementing environmental management practices that minimise harm to the environment and comply with applicable laws and regulations. From conducting environmental impact assessments to establishing pollution prevention measures, we ensure that your organisation operates in an environmentally responsible manner.
Promote a safe and healthy working environment for your employees with ISO 45001 certification. Our expert guidance ensures that your business meets the standards required for occupational health and safety. We help you identify and assess workplace hazards, develop comprehensive safety policies and procedures, and implement effective risk management strategies to prevent accidents and injuries.
Ensure your organisation's resilience to unforeseen disruptions with ISO 22301 certification. Our experts support you in establishing a robust business continuity management system, ensuring uninterrupted business operations in the face of emergencies or disasters. From risk assessment and business impact analysis to developing continuity plans and conducting drills, we help you mitigate risks and minimise the impact of disruptions on your business.
Protect sensitive data and maintain stakeholder trust with ISO 27001 certification. Our comprehensive guidance ensures that your information security management systems are up to the mark and safeguarded against potential threats. From identifying security risks and vulnerabilities to implementing data protection measures and conducting regular security audits, we help you maintain your information assets' confidentiality, integrity, and availability.
With ISO 50001 certification, you can optimise energy usage and reduce costs. Our experts assist you in implementing energy management practices that improve energy efficiency, reduce greenhouse gas emissions, and enhance sustainability. From conducting energy audits to developing energy management plans and implementing energy-saving initiatives, we help you achieve significant energy savings and demonstrate your commitment to environmental responsibility.
Critical Path has successfully assisted organisations across various industries in achieving and continually managing ISO standards, including:
No matter the industry or size of your organisation, our team can help you navigate the complexities of ISO. We provide a wide range of packages to suit your timescale and budget.
ISO enhances credibility and trust among customers and stakeholders and opens doors to new opportunities and markets. Businesses that embrace ISO standards demonstrate their dedication to continuous improvement, setting themselves apart from competitors and positioning themselves as industry leaders. With Critical Path's support, businesses can leverage ISO certification to gain a competitive edge, drive growth, and achieve long-term success.
Late last year, a replacement of ISO 27001 was announced, designed to help businesses improve their cybersecurity, information security, and privacy protection. All organisations who wish to remain ISO 27001 certified will need to transition to the ISO 27001:2022 update before the end of the transition period in October 2025.
What exactly is the ISO 27001:22 update, though, and what are the requirements businesses need to follow to ensure they remain certified? In this latest blog, we thought we would take a closer look…
The ISO 27001:2022 certification is the leading international standard for information security. It was published in partnership between the International Organisation for Standardisation (ISO) and the International Electrotechnical Commission (IEC), forming part of a set of standards outlining how businesses should handle information security.
The framework is designed for use by any organisation, regardless of size or industry. Its aim is to provide clear guidance on establishing, implementing, maintaining, and improving information management systems.
As cybercrime rises, ISO 27001 emerges as a crucial certification for every organisation. Predominantly adopted by businesses in the Information Technology (IT) sector, any company achieving this certification can show customers their commitment to data safeguarding and security.
The standard is a key component of an Information Security Management System (ISMS), a set of policies and procedures designed to manage sensitive data systematically. An ISMS addresses everything from employee behaviour to data processes and technology usage.
There are many benefits to achieving the ISO 27001:2022 certification, including:
Having ISO 27001 certification provides a clear overview of your current information security. Maintaining the certification involves regular audits and reviews to ensure continual improvement against ever-changing cyber threats.
As your business grows and new technology gets adopted, it can quickly become a confusing landscape. ISO 27001:2022 helps to clearly outline the responsibilities that organisations need to follow. This can help to increase productivity by ensuring everyone understands who is responsible for information management, while it can also help to improve decision-making by helping businesses understand the risks and how to best manage them.
With the threat of cyber attacks on the rise, ISO 27001:2022 certification helps to protect your business from these risks, demonstrating to your customers that you have taken steps to protect their data. This is a very important step in improving your reputation, helping you to take your brand to the next level.
Finally, ISO 27001 certification ensures that your business is complying with all legal, contractual and regulatory requirements around GDPR and NIS.
The announced update of the ISO 27001 certification is in response to the rapidly changing environment. The 2022 version features several important improvements and updates alongside new guidance and requirements around the governance of data, keeping the supply chain secure, and how to use cloud services.
One of the biggest changes in the 2022 update is the addition of a new risk assessment process. The process is based on the same risk management standards found in ISO 31000, creating a more flexible and adaptable process for risk assessment. This allows organisations to better tailor the strategies to their specific circumstances and needs.
The update also saw a number of new controls added, including
Alongside announcing the details of the update, when ISO 27001:2022 was released a transition period was also launched. This means that in order to remain certified, businesses will need to implement these changes within this time period. Some key dates to remember:
31st October 2022
This was the date that the transition period began.
1st May 2024
From the 1st of May, all new certifications should conform to the ISO 27001:2022 standards, making this an important date. It is also from this date that all recertification audits will need to utilise the criteria set out in the 2022 update.
Until then, though, organisations can still submit certification applications under the original 2013 criteria.
21st July 2025
All ISO 27001 transition audits should be complete by this date.
31st October 2025
The end of October 2025 is when the ISO 27001 transition period comes to an end, and all certificates for ISO/IEC 27001:2013 will no longer be valid.
To maintain compliance, all organisations must implement necessary changes within the ISO 27001 transition period. Initially, updating your management system to align with the new guidelines is crucial. This update must occur before the audit, demonstrating documentation changes and any process requirements adjustments.
Before the formal audit, businesses should conduct an internal audit and management review to ensure they implement all new changes. If uncertain about meeting the required changes, businesses should consider arranging an ISO 27001 transition audit for certification maintenance. This audit will verify that all required revisions are implemented, either alongside an existing audit or as a standalone option, with the duration depending on your chosen approach.
In this fast-paced digital world, ensuring that your business is keeping client data safe and secure from the growing threat of cybercriminals is essential. Here at Critical Path, our mission is to help our clients to plan, monitor and control their projects effectively, ensuring they can reach their goals and overcome any obstacles they may face.
We can help you with your ISO 27001 transition, supporting you every step of the way to ensure that you are fully compliant. Get in touch today to learn more about our services and how we can help you.
