ISO certification at Vitis Regulatory

Our ISO-certified business management systems* can help and support the Vitis Regulatory businesses to deliver provision of consultancy services to international clients on the assessment and management of the exposure, hazards, and risks of industrial, professional and consumer products in the UK and EU regulatory context.

We aim for Vitis Regulatory to be a rewarding and motivating environment in which to work, and to be known for high quality and professional service, within this specialist technical area. Our consultancy staff apply and develop their expertise in paid-for projects and services, which achieve sufficient income for the business to continue, while our systems and administrative staff apply their own skills on ongoing business operations and systems.

To support these activities and aims, Vitis Regulatory Limited and SRL has defined policies, principles, objectives and targets as set out below.  For further information please do not hesitate to contact us.

 * Vitis Regulatory SRL: ISO 9001; Vitis Regulatory Limited: ISO 9001, ISO 14001 and ISO 27001

Policies

To establish ways of working to facilitate high quality in project work and services, without disproportionate burden for the staff either of administrating the system or working within it. Clear and effective communication, both between Vitis Regulatory and the client and also within the wider Vitis Regulatory team, is very important for this. Client satisfaction with Vitis Regulatory project work and services, and also reflections of the project team members, are both important elements of project quality.

Information security procedures to ensure availability, integrity and confidentiality of all the physical and electronic information assets are maintained, with careful planning around significant infrastructure and IT system changes.

To minimise our impact upon the environment in the course of our work, Vitis Regulatory defines and communicates good practice guidance to staff.

All Vitis Regulatory team members are encouraged to apply a risk-conscious approach, and recognise and alert management attention to possible issues in the course of their work. Guidance and control measures for project management, document organisation, team members availability, handling of confidential business information or personal data, and quality control (among other provisions, including business continuity) are maintained and made available to support this. In some areas we seek to be flexible, recognising that different people operate in a different way and a common objective can be fulfilled successfully by different approaches.

Principles

Vitis Regulatory recognises the Principles defined in the ISO standards, which are applied within the business as set out below.

Quality

·       Project leaders engage with the client’s requirements associated with the project, and communicate effectively within project teams. Clear communication around project needs, resource needs, technical planning, team members and their roles and tasks, budgets, external deadlines and other requirements that might require specific risk management steps are particularly important.

·       Project teams plan, execute and deliver project work with due care, including appropriate review processes prior to delivery.

·       Staff members apply their individual expertise and skills collaboratively to fulfil the needs of each project communicating effectively about changes arising while work is in progress.

·       Leaders within the company are empowered and supported to take action on fulfilment of commitments to clients and business operational needs, including professional development of individuals. 

·       At the end of a project, or at appropriate intervals, feedback from the client and from project team members is taken on board.

Environmental impact

·       Managers and the ISO team understand activities within the company’s control that have the potential to impact the environment, taking into account pollution, generation of CO2, consumption of energy and water, depletion of natural resources and generation of waste, and consider how these impacts can be minimised.

·       Managers and the ISO team support employees to take action to minimise environmental impact associated with their work, whether working at the office, from a home office, or travelling on business, by making available good practice guidance.

·       Managers take environmental impact into account in business procurement and operational decisions.

Information Security

·       Information is categorised and allocated to authorised persons for access from within or outside the company.

·       Confidentiality of information held by Vitis Regulatory is reviewed and maintained.

·       Integrity of information is maintained throughout the standard business practice.

·       Business continuity plans are established, maintained, reviewed, and tested.

·       All personnel are trained on information security and are informed that compliance with the policy is mandatory.

·       All breaches of information security and suspected weaknesses are reported and investigated.

·       Procedures that exist to support the policy, include non-exhaustively; asset control, risk and threat assessment, business continuity plans and access control. Availability of information systems and integrity will be maintained.

·       New threats, issues and service interruptions are communicated conveniently in real-time to staff members.

 The ISO team engages staff by delivering regular staff refresher training on the ISO system’s requirements, including security refresher.

 The ISO team and managers continue to develop awareness of the activities within the company’s control that have the potential to enhance quality, environmental performance and information security in the context of the business’ wider objectives, so that improvements to the systems can be planned.

 Objectives

In order to understand our performance in the context of the Principles the ISO systems team analyses data relating to client feedback, internal financial and business performance.

 ·       Objective: messaging to staff is clear and consistent regarding the quality, environmental and information security policies (targets: documents and templates easily available, new joiners are briefed and all staff receive refresher training on a regular basis)

In connection with quality, the team monitors and discusses with management findings in the following areas: 

 ·       For each project, project needs, team members and their roles and key actions, budgets, deadlines, and any steps to manage project risks are discussed from the outset and throughout the project

·       Client feedback on completed projects or at interim review intervals

·       Outcomes of team discussion of completed projects or at interim review intervals

·       Findings of internal auditing, including number and nature of non-conformances

 In connection with environmental impact, the team monitors and discusses with management findings in the following areas:

 ·       Good practice guidance is available and relevant

·       Carbon footprint – travel and non-travel

·       Consumption of office consumables

 In connection with Information Security the team monitors and discusses with management findings in the following areas:

 ·       Asset register, changes / events logs and risk assessments are maintained and reviewed

·       Potential changes affecting the system in the context of information security, in advance of implementation

·       Changes to the identified threats, risks and opportunities to the business, and business continuity arrangements, well understood and documented

·       Number and nature of events recorded in the security log

·       Findings of internal auditing, including number and nature of non-conformances