Standards International Ltd ISO 22222 Overview

Standards International Ltd

ISO 22222 – Training and Gap Analysis WorkshopWorkshop

Welcome…

How to get the most out of the day..

Learning Styles.Light Bulb

M tMoment

ThinkDO

WritePlan

Talk

Raising the standards…

Agenda

• ISO 22222 - The story so far.

• ISO 22222 - An insight.

• What makes ISO 22222 different.

Th K El t• The Key Elements.

• How to document your practice management system.

• How to create an implementation plan.

• Self Assessment Gap Analysis• Self Assessment Gap Analysis.

• What happens next?

• Any Questions?Raising the standards…

Who we are

• Established in June 2007 (Pilot Scheme launched in April 2006).

• Independent leaders in the market place.

• UKAS Accredited Certification Body• UKAS Accredited Certification Body.

• We work with the profession’s leading advisers.

• Pioneering Best Practice.

• Privately Owned - Unique Offering.

• Work done so far:

Awareness Campaigns Professional and Consumero Awareness Campaigns - Professional and Consumer.

o Articles, Features, Presentations and The Book.

P t hi P f i Wido Partnerships - Profession Wide.

o The Approved Associate Programme (AAC) .


What are ISO Standards?

• More common to the business market.

• ISO – International Standards Organisation • ISO International Standards Organisation

• Demonstrate the ability to consistently provide a product or service that meets customer requirements in line with regulatory requirements and…

• Addresses customer satisfaction through the effective application of • Addresses customer satisfaction through the effective application of the system, developing processes for continual improvement and the prevention of errors and mistakes.


Why have national and international standards?

• The CE Mark • The Kitemark

Id tif d t th d d t ti f it t

• They help businesses to:

o Identify and meet the needs and expectations of its customers and other interested parties, e.g. employees, suppliers, owners, societies, to achieve a competitive advantage and to do this in an effective and efficient mannereffective and efficient manner.

o Achieve, maintain and improve overall performance and capabilitiescapabilities.


Why have an ISO standard for financial planners?

• Increased pressure to demonstrate professionalism.• Demand from clients, professional associations and the regulator.

2000 ANSI t t d BSI (B iti h St d d I tit t ) h t d t th • 2000 ANSI contacted BSI (British Standards Institute) who turned to the FSA for guidance.

• A UK Committee was formed – headed by David Jackman (Head of I d d T i i )Industry and Training).

• Development supported by 17 other worldwide committees.• Developed over nearly 7 years and in March 2006 – ISO 22222 was p y y

launched!• April 2006 – SI launched their ISO 22222 Pilot Scheme.• Research carried out by Which? – consumers confused about where to • Research carried out by Which? consumers confused about where to

turn for the right financial planning advice.• ISO 22222 – Addresses this, which is why Which? fully support any work

to increase professional standardsto increase professional standards.


Why have an ISO standard for financial planners?


Adviser Quotes

“Going through the ISO process has enabled us to look at our business in way never before possible. The net result for

the consumer is a more efficient and transparent process the consumer is a more efficient and transparent process in receiving holistic financial planning advice”

Andrew Reeves, The Investment Coach Limited

“ISO 22222 certification process was the best available overall assessment of knowledge, competency and fair customer

treatment”treatment

Robin Keyte, director of Towers of Taunton


ISO 22222 – An Insight

• Enables consumers to identify financial planners who possess the right knowledge, skills, ethics and experience to deliver their desired level of service.service.

• Codifies professional best practice in financial planning from across the world, and will help to increase consumer confidence.

• Not another qualification.

• Exemption from AF5 – Financial Planning Process (CII).

• Not a “tick box” exercise – assessment methods include:• Not a tick box exercise – assessment methods include:

File checks / Role Plays / Case Studies / On the job observation.Certification Awarded to the individual within a firm.

• Ongoing assessment (encourages internal audits).


Where does ISO 22222 fit in with the Where does ISO 22222 fit in with the current and future landscape?

C lt ti P CP09/31 D li i g th R t il Di t ib ti

• Four key documents to review:

o Consultation Paper – CP09/31 Delivering the Retail Distribution Review (December 2009).

P li St t t # 1 10/6 Di t ib ti f t il i t t o Policy Statement # 1 – 10/6 Distribution of retail investments (March 2010).

C lt ti d f db k t t t # 2 (A t 2010) o Consultation and feedback statement # 2 – (Autumn 2010).

o Remuneration Code – (Quarter 2 2010).

o Forcing best business principles to professionals who primarily are

• Key Objective:

seen as doing a job.


Key Themes - Proposals

1. Improve the clarity with which firms describe their services toclients.

2. Address the potential for adviser remuneration to distortconsumer outcomes; andconsumer outcomes; and

3. Increase the professional standard of advice.



1. Improve the clarity with which firms describe their services toclients.

• Description of advice services (Independent or restricted)

• Clarity of - Scope of service, service level agreements, brochures marketing website restricted). brochures, marketing, website, personal profile, company letters and literature.

• Plus: client authorisation.



2. Address the potential for adviser remuneration to distortconsumer outcomes.

• Introduction of Adviser Charging.

• Undervaluing knowledge, wisdom and experience. Value of services delivered, what is charged for and when, clarity of message and literature. Ongoing services!

• Setting your own charging • Setting your own charging tariffs. • How calculated, fair!

• Individual adviser • Targets KPIs (quality) and pay remuneration.

• Targets, KPIs (quality) and pay structure.


3. Increase the professional standards of advice.

• More focus on setting, monitoring and enforcing standards of competence

d h l b h

• In-depth assessment methods, scope of service understood, competence and CPD activity li dand ethical behavior. aligned.

• Need to “prove” initial and ongoing

• Assessment report and feedback independently and ongoing

competence.feedback, independently assessed annually!


Key Themes – Proposals cont…

3. Increase the professional standards of advice.

• Increase in quality and control over CPD activity.

• How selected, recorded and implemented.

• Increase level of qualification to QCF

• Already a requirement of eligibilityq Q

Level 4.

Vi ibl dh t th

eligibility.

Ethi l i i l d • Visibly adhere to the required ethical standards.

• Ethical principles assessed and evidenced.


ISO 22222 - Key Differentiators

1. All about Best Practice – not just about regulatory adherence.

2. The rules coming out now were already introduced in 2000 withthe ISO.

3. Supports your existing compliance provision.

4. Identifies opportunities for improvement – good businessprinciples (IS, BC, CI).

5. Not limited to UK rules – internationally recognised andrespectedrespected.


Financial Planner Benefits

• Improved performance.

• Simplified and effective processes and documentation.

• Standardisation of good working practices.

• Improved communication (internally/externally).

P t f lit d f i li b tt bli • Promotes awareness of quality and professionalism, better public awareness and public image.

• Improved sales and marketing opportunities.p g pp

• Reduced risk = potential reduced insurance costs.

• Supports regulatory requirements.

• The acquisition of a symbol representing

the internationally recognised

quality standardquality standard.


Consumer Benefits

• Receive a value added service. • Assurance of quality through independent third-party

ifi icertification.• Assurance that regulatory requirements are being adhered to and

monitored.• Evidence that continual improvement and their needs are core to

the business.• Confidence in the sustainability of the business.y• Confidence that the adviser has the right level of knowledge and

skills to deliver their desired level of service.


ISO 22222 – The Key Elements

1. The Six Steps of the Financial Planning Process.

• Establishing and defining the client and personal financial planner

relationship.

• Gathering client data & determining goals and expectations.

• Analysing and evaluating the client’s financial status• Analysing and evaluating the client s financial status.

• Developing and presenting the financial plan.

• Implementing the financial planning recommendations.

• Monitoring the financial plan and the financial planning relationship.

2. Ethical Behaviour and Ethical Financial Planning.

3. Information Security, Client Confidentiality and Data Protection.

4. Risk Management and Business Continuity.

5. Continual Improvement.Raising the standards…

Refreshment Break

Back in 5 minutes


ISO 22222 – The Six Steps

1. Establishing and defining the client and personal financial planner relationship.p

2. Gathering client data & determining goals and expectations.

3. Analysing and evaluating the client’s financial status.y g g

4. Developing and presenting the financial plan.

5 Implementing the financial planning recommendations5. Implementing the financial planning recommendations.

6. Monitoring the financial plan and the financial planning relationship.


ISO 22222 – The Financial Plan

1. Key Areas:

• Financial Statement Analysis, Investment Planning, Tax Planning, Risk

Management and insurance, Retirement Planning and Estate Planning.

2. To include, but not limited to:2. To include, but not limited to:

• Client data - including a schedule of investments, client goals, assumptions,

balance sheet/net worth statement, current cash flow statement -

incorporating an income tax assessment, statement of financial position in

the event of death and disability, retirement planning analysis, investment

l l f h f f l lanalysis, analysis of other specific future monetary goals, estate planning,

recommendations, implementation programme, periodic review and

plan update strategy.


plan update strategy.

Ethics & Ethical Financial Planning


The 10 Key Ethical Principles

• Putting clients’ interests first.

• Behaving with integrity.

• Exercising due care and diligence.

• Working within regulatory and legislative frameworks.

• Carefully and comprehensively managing conflicts of interest.

• Communicating in a clear and appropriate manner.

• Providing suitable and objective recommendations.

• Protecting client confidentiality.

• Making all material disclosures.

• Demonstrating and maintaining appropriate competence.


What is ethical financial planning?

• Using a client centred approach.

• Understanding what the client’s real concerns are.

• Using screened and environmentally focussed investments.

• Being aware of and considering ethical implications of all financial. g g p

products and providers – mortgage, protection, etc.

• Balancing ethical and investment objectives.g j


Issues for advisers

• Assessing ethical profiles.

o Client discussions.

o Profiling forms and software (synaptics).

o Negative and positive screening.

o Asset allocation.

o Balancing, risk, objectives and values.


Why are ethics important?

• It’s the client money.

• Their values - not yours.

• Acting in the interest of your client.

• Ethical clients are more ‘connected’.Ethical clients are more connected .

• … it’s the professional thing to do.


Life as an ethical planner

• Not all clients are eco warriors.

• … or treehuggers.

• Interesting.Interesting.

• Varied.

Challenging• Challenging.

• Rewarding.


Life as an ethical planner

• Clients tend to be:o Caring professions.o Academicso Academics.o 3rd sector.o Independently wealthy.

• They are also:

o Loyal.o Loyal.

o Sticky.

o and well connected.


For more information

• UKSIP – Advisers Toolkit and training materials – www.uksif.org• EIA – Quarterly conferences, IFA Directory –

www.ethicalinvestments.org.uk• EIRiS – ethical funds research – www.eiris.org• National Ethical Investment Week – 7-13 November 2010 – www.neiw.org


The Ethical Question

Q: Do you have any social, ethical, environmental or religious considerations that you would like us to take into account considerations that you would like us to take into account in our work for you ?


Information Security


Introduction

• “The blunt truth is that all organisations need to take the protectionof customer data with the utmost seriousness. I have made clearpublicly on several occasions over the past year that organisationspublicly on several occasions over the past year that organisationsholding individuals’ data must in particular take steps to ensure thatit is adequately protected from loss or theft. There have beenseveral high-profile incidents of data loss in public and privatesectors during that time which have highlighted that someorganisations could do much better. The coverage of these incidentshas also raised public awareness of how lost or stolen data can beused for crimes like identity fraud. Getting data protection wrongcan bring commercial, reputational, regulatory and legal penalties.can bring commercial, reputational, regulatory and legal penalties.Getting it right brings rewards in terms of customer trust andconfidence”.

Ri h d Th I f i C i i


Richard Thomas – Information Commissioner

Data protection

Principles of the Data Protection Act 1998The eight principles require that personal information:

1. shall be processed fairly and lawfully and, in particular, shall not be processed unless specific

conditions are met;

2. shall be obtained only for one or more specified and lawful purposes, and shall not be further

processed in any manner incompatible with that purpose or those purposes;

3. shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they

are processed;

4 shall be accurate and where necessary kept up to date;4. shall be accurate and, where necessary, kept up to date;

5. shall not be kept for longer than is necessary for the specified purpose(s);

6. shall be processed in accordance with the rights of data subjects under the Act;

7 should be subject to appropriate technical and organisational measures to prevent the unauthorised or 7. should be subject to appropriate technical and organisational measures to prevent the unauthorised or

unlawful processing of personal data, or the accidental loss, destruction, or damage to personal data;

8. shall not be transferred to a country or territory outside the European Economic Area unless that

country or territory ensures an adequate level of protection for the rights and freedoms of data


country or territory ensures an adequate level of protection for the rights and freedoms of data

subjects in relation to the processing of personal data.

FSA Principles for Businesses

Principle 2 – Skill, care and diligence

• A firm must conduct its business and organise its affairs with due • A firm must conduct its business and organise its affairs with due skill, care and diligence. This will include arranging adequate protection for customers’ assets when responsible for them.

• The concept of ‘care’ includes care towards customers: to the extent that the firm owes duties to its customers, it must discharge those duties with care. What is ‘adequate’ will, of course, depend

th t f th fi d it t ti d th b i it on the nature of the firm and its counterparties and the business it undertakes.

htt // f k/ b / / 13 dfhttp://www.fsa.gov.uk/pubs/cp/cp13.pdf


Information Security is critical for SMEs

Th F tThe Facts:

• 52% of organisations reported misuse of internet resources. The two most common being access to inappropriate websites (41%) and excessive web surfing (36%) - (DTI Information Security Breaches survey)

• Employees waste more than 2 hours a day on recreational computer activities – research by AOL & Salary.com

• 30 percent to 40 percent of Internet use in the workplace is unrelated to business. (IDC)

• 70 percent of all Internet porn traffic occurs during the 9 to 5 workday. (Sextracker)

• 85% of all malware threats are delivered by visiting infected websites, three quarters of which are legitimate websites.

• over 90% of cyber attacks exploit known security flaws for which remediation is available through timely patch management. (Gartner Research)

• Phishing attacks are increasing by 25% month on month. (Symantec 2009) – rogue anti virus, banking details, promised tax rebates, email account details, etc. http://www.silicon.com/publicsector/0,3800010403,39582315,00.htm?s_cid=235

Information security is critical for SMEs

hThe Facts:

• 53 % of staff say they would take sensitive information from their employers if they were fired or made redundantemployers if they were fired or made redundant

• 40%+ of emails at work are non-business related (IDC research)

• A staggering 8500 mobile devices were lost at UK airports in 2007, A staggering 8500 mobile devices were lost at UK airports in 2007, with 400 laptops lost at London airports alone. Even more worrying, a Ponemon Institute report in 2008 found that 49% of European business travellers said their laptops contained confidential information and p p42% said their data was not backed up, or encrypted.

• 67% of UK organizations do nothing to prevent confidential data from leaving on USB sticks and other removable devices even though 57% leaving on USB sticks and other removable devices, even though 57% had serious data breach incidents in 2008.


What are the risks?

• Lost productivity and billing time – irresponsible browsing can be costing tens of thousands of pounds for even the smallest organisation.

• Damage to reputation – can you be trusted to keep my information confidential?

• Loss of business – 50% of any loss due to a data breach is the result Loss of business 50% of any loss due to a data breach is the result of clients moving their custom elsewhere.

• Loss of competitive advantage – your client database could well be in the hands of a competitor or worse a criminalin the hands of a competitor, or worse, a criminal.

• Disclosure of intellectual property – how long have you been developing and protecting that new project?

• Fines or even closure – The Information Commissioners Office and regulatory bodies are taking a much tougher stance on those who are negligent, whatever the size or profile of the organisation.


What are the risks?

• An unencrypted laptop containing details on 109,000 pension schemesmembers with UK pension funds service provider, The Pensions Trust, hasbeen stolen from a third-party office in Marlow, Buckinghamshire.

• The laptop theft is believed to have been targeted, and was carried out atThe Pensions Trust’s software provider, NorthgateArinso’s offices.NorthgateArinso, a global human resources software and services provider,says the laptop was stored in a locked room and that the machine itself hady p ppassword protection. The lost data, however, which includes names,addresses, national insurance numbers, and bank details for those alreadyreceiving their pension, was not encrypted.

• Skipton Financial Services has been found in breach of the Data ProtectionAct for not encrypting the information of 14,000 customers on a laptopthat was stolen.

• The laptop - which contained names, dates of birth, national insurancenumbers and investment amounts - was stolen from a contractor in Decemberlast year.


What are the risks?Capita Financial Administrators limited were fined £300 000 in 2006 for • Capita Financial Administrators limited were fined £300,000 in 2006 for failing to conduct its business with due skill, care and diligence in considering the risks posed by financial crime and by failing to take reasonable care to organise and control its affairs responsibly and g p yeffectively.

• Merchant Securities Group Limited were fined £110,000 in 2008 for not taking reasonable care to establish and maintain effective systems and controls for ycountering the risk that customer information held by the Firm might be compromised by theft, loss or unauthorised alteration.

• The UK branch of Zurich Insurance has reported the loss of a back-up data p ptape in South Africa that contained the details of 51,000 general insurance customers. It claimed that it had written to the customers and ‘other parties in the UK' to inform them of the loss and the remedial actions being takenbeing taken.

• Do not think you are too small to be affected – from April 2010 the ICO will have greater powers to impose sanctions, financial or otherwise, on those organisations involved in “The knowing or reckless misuse of personal data”


organisations involved in “The knowing or reckless misuse of personal data”.

http://www.fsa.gov.uk/Pages/library/

What are the risks?


The solution - a 14 point plan

1 Governance

• Develop a security policy document that everyone from senior t t j i b f t ff ‘b i t ’management to junior members of staff can ‘buy into’

2 Training and awareness

• Make everybody aware of the risks

o Innovative training programmes

o Wall posters

o Screensavers

o Newsletters


The Solution – a 14 point plan

3 Servers, desktops and laptops

• If customer data is stored on a laptop, desktop or a file server, you need to have the following security precautions in place:to have the following security precautions in place:

o Firewall

o Antivirus and antispyware softwareo Antivirus and antispyware software

o Full disk encryption

o Removable device encryptionyp

o Encrypted backups



4 Password protection

• Password protection for all computers is essential!!!

o Your password should be at least 8 characters long o It should include letters, numbers, capitals and other symbols,

for example: P@nD4b34Rfor example: P@nD4b34Ro It should be easy to remember but hard to guesso Avoid any work in the dictionary, personal information such as a

child or partner’s name or a football team common names and child or partner s name or a football team, common names and slang

o Try playing on normal words such as England – 3enG1@Nd!d do Do not write passwords down

o Do not tell anyone else your passwordso Change your password every 90 days at the very least!g y p y y y



5 Email security

• All emails containing customer data must be secure

• Avoid spam and email borne viruses and malware

• Police your email usage policy to avoid data leakage and litigation

6 Ph i l i6 Physical security

• Physical security is a key factor in securing your data

Your file database and e mail servers should all be kept in a locked • Your file, database and e-mail servers should all be kept in a locked cabinet within a secure room to prevent casual access

• External hard drives that contain customer data should be locked away when not in use



7 Backups

• Full backups of all critical date should be standard practice:

o Backup media should be locked away securely while not in use

o Only authorised personnel should have access to backup media

B k di h ld b h ld ff i f di o Backup media should be held off site for disaster recovery

o If the media is held off site it should be transported and stored securely i.e. a lock box or safey

o Back up media needs to be encrypted



8 Access control

• Users should only have permission to access confidential information they need to do their jobthey need to do their job

o You should review access permissions for every user at regular intervals

o Each employee should have their own logon account

o Employee access should be revoked as soon as they leave the d dcompany or are suspended

o Locations where sensitive or confidential information is stored should be audited



9 Data transfer

• Any movement of data outside of your secure environment eg USB or CD, needs to follow these guidelines:needs to follow these guidelines:

o Encrypt all portable media using a suitable encryption technique

o Use device control software to control and detect unauthorised access to external media such as CDs and USB devices

o Keep a record of all of these devices and which personnel are allowed to use them and for which purposeallowed to use them and for which purpose

10 Asset management

• You need to keep a record of all computers, laptops, USB devices, You need to keep a record of all computers, laptops, USB devices, external hard drives that exist in your business

• You need to maintain a record of all data copied onto media moving outside your secure environment and the reason for doing sooutside your secure environment and the reason for doing so



11 Data destruction

• Data removal and destruction is an important part of keeping your clients’ information secureclients information secure

o Paper records need to be shredded in house or by an approved agency that must be vetted

o Hard drives should be disposed of securely ensuring all data is destroyed

C tifi t h ld b bt i d f i fi i o Certificates should be obtained from agencies confirming destruction of data from hard drives and recycled computer systems



12 Remote access

• Remote access to your network needs to be secure

• Remote access and VPN software needs to be configured properly for the highest possible security level

• Home workers need to ensure that any wireless network is encrypted to Home workers need to ensure that any wireless network is encrypted to the highest possible standards

• Home workers need to prevent unauthorised access to their computer t th h d t ti t l tsystems through password protection at least



13 Staff recruitment

• Where legally possible carry out every background check on staff who will be exposed to confidential information:will be exposed to confidential information:

o Credit references

o CRB checkso CRB checks

o CIFAS staff fraud database

o References

o CV validation

o Assess regularly if staff in higher-risk positions may be susceptible to coercion



14 Email and internet access

• Implement monitoring controls for email and internet activity to identify potential data leakageidentify potential data leakage

• Filter access to content that allows web based communication such as webmail (Hotmail, Gmail, Yahoo, MSN instant messaging) social networking sites like Facebook and Myspace

• Restrict or block access to file sharing site



14 Email and internet access (continued)

• Why?Why?

• More than 60% of companies have disciplined – and more than 30% have terminated – employees for inappropriate use of the internet in the workplace

• 80% of companies reported that employees had abused internet privileges, such as downloading pornography or pirated software

• 70% of all pornographic downloads occur between 9:00am and 5:00pm• 25% of employees admit to spending between 10 and 30 minutes per day surfing

non-work related websites. 22% admit to spending between 30 minutes and 1 hour. 12% said they spent between 1 and 2 hours online and 13% admitted to spending more than 2 hours per day visiting non-work related websitesspending more than 2 hours per day visiting non-work related websites

• 46% of online shopping during the Christmas period occurs at work – is this your busiest time of the year?


Business Continuity and Risk Management



• Identifying areas of potential risk.

An Holistic Management Process.

• Evaluate the possible threats;

• Choose appropriate strategies to reduce the likelihood and impact of incidents;

• Choose appropriate strategies that provide for the continuity or recovery of the critical activitiesof the critical activities.

Possible Risks Key Persons Information Technology (IT) Data and Information Financial Resources Key Persons, Information Technology (IT), Data and Information, Financial Resources,

Human Resources, Service, Money Laundering, Data Protection and Processing,

Quality and Suitability of Advice, Accounts and Commissions, The Economy, Regulation, Q y y , , y, g ,

Complaints, Training and Competence Requirements, Location and Premises and

Health and Safety.


• Team Lists and Alert Procedure.

Write a Plan.

• Plan for Major Incidents – Fire, Flood or Attack.

• Business Critical Systems.

• Key Contacts and Business Partners.

• Emergency Procedure – Meeting Place.

Test and Communicate.


Continual Improvement



• Two Areas of Continual Improvement.

o Business o Business o Personal

• PDCA

o Plan, o Do, o Check & o Act.

• Client feedback – Positive and negative.



Training and Competence

• FSA current focus on outputs from firms to demonstrate effectiveness and to ensure customers are protected.

• No formal requirement from FSA for a written T&C scheme but,

d d d d d ff• FSA does require adequate procedures, records and effective management controls to be in place.

• All of these achieved by T&C scheme. A good T&C scheme is central All of these achieved by T&C scheme. A good T&C scheme is central to ensuring that customers are treated fairly.

• A Training Needs Analysis is essential to its success (plugs the GAP).



What should be covered in a T&C scheme?

• Scope - types of staff and activities of firm. Include non-th i d ll th i dauthorised as well as authorised.

• Achieving competence - stages of competence, training needs, regulatory exams.regulatory exams.

• Maintaining competence - keeping relevant knowledge, skills and understanding of the market up to date.

• Supervision - additional knowledge and skills requirements, level of supervision, spans of control.

• Record keeping - regulatory requirements, methods.



Achieving and Maintaining Competence

• What does competence look like? Job description, accountability profile and person specification.

• Stages required in achieving competence and standards to be reached at each stagereached at each stage.

• Use of KPIs in driving standards and further training needs.

Qualification requirements FSSC list• Qualification requirements - FSSC list.

• Ongoing assessment - what and how, assessment type, failure policy, core and specialist areas.p y, p

Records

• Meet regulatory requirements and achieve good practice.g y q g p

• Use technology. Record keeping should not become a burden!


Continual Professional Development (CPD)

• Importance – Helps to maintain competence, Relevant and interesting, include regulatory changes i.e TCF.

• CPD – Should be planned and include objectives and success criteriacriteria.

• Records – activity undertaken, time spent, objectives met or not!, further development needs, how the knowledge has been applied and what are the benefits!.

• Signed off against objectives!


Continual ImprovementContinual Professional Development (CPD) - MethodsContinual Professional Development (CPD) - Methods

• Web Research & Online Tutorials and Webinars.

• Exam Study & BooksExam Study & Books.

• Newspapers/Broadsheets & Newsletters.

• Current Affairs.

• Professional/technical seminars, workshops and events – Internal.

• Professional/technical seminars, workshops and events – External.

• Technical product and provider presentation Internal• Technical, product and provider presentation – Internal.

• Professional/business and personal development seminars, workshops and events.

• Audio CDs.

E i t Ch g O g i ti Ch g d th

Must change when:

• Environment Changes, Organisation Changes and there are individual performance issues.


How can firms maximise both internal and external learning?

Internal:• Formal training.

External:• Formal training courseg

• Work shadowing.• One to one coaching.• Job rotation

Formal training course.

• Exam preparation.

• Distance learning.• Job rotation.• Role play.• Accompanied call.

• Case studies.

• Conferences.

• Mentoring.



Maximise your learning by:

• Teaching Others.

• Writing Articles, White Papers and Books.

• Get involved with the profession.Get involved with the profession.

• Get involved with local universities, schools and your community.


Continual Improvement – Client Feedback

Internal and External Feedback

• Client Feedback – Manual or Electronic.

• Client Advisory Board.

Key Considerations

• Establish current feedback methods and process.

• Review current success, outputs and response rates.

• Identify any gaps in the system, define and agree your wish list.

• Research market and available options.

l h h d d l• Select chosen methods and tools.

• Update or create operational procedures and supporting documents.

• Record monitor measure and ACT!• Record, monitor, measure and ACT!


Documenting your Practice Management System

Two Main Levels

• Level 1 – Guidelines.

• Level 2 – Processes.



• Identify who does what

Key Steps

• Identify who does what.

• How best should it be documented?

• What is your desired outcome?

• How best should it be documented?

• Who is currently responsible for the process?

• What tools support the process? – Software systems

• Roll Out, Test and Amend.

• Include in your Practice Management System

• What tools support the process? Software systems.

• Include in your Practice Management System.



• Meet contractual, statutory and regulatory guidelines.

• Unique reference number, authorisation.

• Clear and concise, simple and understandable, tested and amended, , p , ,quality controlled and well communicated.

• Quality at the core.Q y

• Interrelated and interactive processes.

• Create a library of templates letters emails and forms• Create a library of templates, letters, emails and forms.



• Telephone and email enquiries

Examples….

• Telephone and email enquiries.

• First meeting confirmation and information.

• Conducting a first meeting and follow up.

• Information gathering.

• Creating a financial plan.

I l ti th l ti d t t i• Implementing the solutions and strategies.



Creating A Process Improvement Culture

• Have all key processes been identified and documented?y p

• Are they effective in producing the desired results?

A th il bl i b th h d d ft f t ?• Are they available in both hard and soft copy formats?.

• Have they been effectively implemented?

• Have they been logged and quality controlled?


How to prepare for an assessment

• Review your gap analysis.

• Identify your gaps• Identify your gaps.

• Set yourself an assessment deadline.

All t “G M ” d ti f• Allocate “Gap Manager” and agree timeframes.

• Brief the rest of the team.

• Work through tasks, roll out to the team.

• Engage with a SI Approved Associate Consultant (AAC).

• Collate Evidence ready for the assessment.


Lunch


Welcome Back

ISO 22222 - Gap Analysis


What happens next?

• Assessment Preparation.

• Assessment.

o Portfolio of Evidence: case studies, testimonials,

client feedback. client files, business processes.• De-brief.

o OBS, MiNC, MaNC• Assessor Submits Report.ssesso Sub ts epo t.

• Independent Assessment – HQ.

• If Happy - Confirmation of Certification• If Happy Confirmation of Certification.

• If not Happy – Rebook Assessment.

• Certification Awarded – Guideline and Letter.Certification Awarded Guideline and Letter.


Any Questions..?


Standards International Ltd ISO 22222 Overview

Documents

Transcript of Standards International Ltd ISO 22222 Overview