The best form of defence is preventive action, get in there first

Hi all

You may well know that I am an advocate of International Standards, very much so, so it was a little bit of a surprise to many when the ISO dropped the preventive action clause from it's standards in the 2010's. I felt that they missed a trick here.

Preventive action is the best form of defence in information security, health and safety and quality, whilst the ISO may have removed the clause of preventive action, implementing a standard in itself is considered a preventive action vehicle. Using standards is using and leaning upon the experience of what others have learned previously, the ISO (International Organisation for Standardization) has technical committees, these technical committees are staffed by people from relevant sectors such as engineering, health and safety, pharmaceutical, to name but a few.

The ISO don't take chances, they use industry experts to gain insight into current trends and conditions and develop standards in order to protect industry from harm, weaknesses and lawsuits.

Preventive actions are always being implemented in organisations, they are the best method of improvement because preventive actions lower risk, make your company more efficient and make you look far more attractive to customers and investors because you are always planning to be better - and this will show in your product and service delivery, something to consider when applying standards.

In industry, it's easy to forget that standards and preventive actions are applied for a reason, it is for increasing health and safety in the workplace, it's about committing to technical excellence, it's about using standards as a benchmark for growth and it's about committing to best practices that support and sustain your organisation.

What examples can you come up with of preventive action? Have a think about it. If in engineering it could be applying calibration to machinery, in product testing it could be through monitoring and measurement against known results, in pharmaceutical it could be the strict control of drugs and testing of ingredients, in aerospace it could be the testing of airframes or engines to known standards, in personnel it could be training your staff in relevant and suitable areas. We often do these beforehand but forget that it is preventive action driving your companies and organisations forward. It's all about foresight and this is such a valuable commodity.

Preventive actions also consist of inviting new personnel, consultants, auditors and regulators into your organisation, to help you to improve, if you embrace preventive action through applying standards, your business will go from strength to strength.

Here's to the ISO.



Steven Burgess is a Consultant to companies in the UK and also a Data Protection Officer for Disclosure Services Limited, a company that process data relating to criminal record checks.