Choosing Routes for ESOS Compliance

Along the introduction of Energy Savings Opportunity Scheme in UK is the quick emergence of various companies that offer ESOS compliant services. While some energy audit providers can help, qualified businesses should understand what their compliance options are, how these routes work and learn both the pros and cons in order to carefully take their pick.

Independent ISO 50001 Certification

ISO 50001 comprises the integration and application of processes geared to motivate energy saving and overall improvement. Simply stated, it is a framework that drives the organisation’s governance to realise energy saving strategies by allocating resources and participating in energy management. The good thing about ISO 50001 is that it includes an energy review that documents ideas and opportunities to save more energy.

However, ISO 50001 does not obligate organisations to cover 90% of their overall energy consumption. In case of partial coverage, the company needs to undergo additional energy assessments to evaluate all the significant energy consumption areas.

In order for an ISO 50001 certification to be valid, it must be certified by the United Kingdom Accreditation Service (UKAS), by an accreditation body which is a member of the International Accreditation Forum, or by a body accredited by another EU member state?s national accreditation body.

Display Energy Certificates and Green Deal Assessments

These two kinds of energy assessment reports can also contribute to ESOS compliance. Both of them are carried out by qualified lead assessors and valid for 10 years. However, they are only based on the building structures and services. They do not cover the overall significant areas in energy consumption. Since these reports are valid for 10 years, they would be used for two ESOS reporting periods. Thus, they would not be as current as the ISO 50001 certification. Aside from that, the assessments are purely based on energy efficiency and anyone can qualify to use the software that produce the certifications after taking the accreditation course.

Energy Audits

A successful energy audit leads to better understanding of the company?s energy consumption, identify alternatives, determine cost-effective energy saving opportunities and stimulate energy efficiency. Energy audits are beneficial to the organisation. What makes it complex is that the organisation applying it, needs to clearly define the scope and type of energy audit to use in order to comply with ESOS. Furthermore, the organisation also has to identify the teams that would be competent enough to do the audit work for the building, transport and industrial area, respectively.

Each route is not formed equal. Thus, organisations have the option to either choose one or combine the routes and meet their company needs. The options mentioned are different approaches to ESOS and the core value is to grab the opportunity towards acquiring more savings through efficient energy system.

How Ecovaro Can Help

Ecovaro is passionate about making a difference. We are knowledgeable when it comes to ESOS legislation and regulation, ISO 50001 energy management system, DECs and Green Deal Assessments. More than that, we recognise the great impact of efficient management system to your organisation. And with this, we provide an enthusiastic team of software engineers and expert project managers to offer you our professional help at reasonable price. Ecovaro comes to you fully equipped with services tailored to your organisation’s energy management needs.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

Is the GDPR Good or Bad News for Business

The European Union?s General Data Protection Act (GDPR) is a new data authority coming into force on 25 May 2018. It replaces the current Data Protection Directive 95/46/EC, while extending the remit to include the export of personal data outside the EU. It aims to give EU citizens and residents living there more control over their personal information. It also hopes to make regulatory compliance simpler for participating businesses.

The Broad Implications for Business
The GDPR puts another layer of accountability on businesses falling within its remit. It requires them to implement ?comprehensive but proportionate governance measures? including recording how they make decisions. The long-term goal is to reduce privacy infringements. In the short run, businesses without good governance may find themselves writing new policies and procedures.

Article 5 of the European Union?s General Data Protection Act lays down the following guidelines for managing personal data. This shall be ?
? Processed transparently, fairly, and lawfully
? Acquired for specific, legitimate purposes only
? Adequate, relevant and limited to essentials
? Not used for any other, incompatible purpose
? However it may be archived in the public interest
? Kept up to date with all inaccuracies corrected
? Ring-fenced when the information becomes irrelevant
? Adequately protected against unauthorised access
? Stored in a way that prevents accidental loss
Furthermore, affected businesses shall appoint a ?controller responsible for, and able to demonstrate, compliance with the principles.?

Implementing Accountability and Governance
The UK Information Commissioner?s Office has issued guidelines regarding provisions to assure governance and accountability. These are along the lines of the ?don’t tell me, show me? management approach the office has generally been following. In summary form, a business, and its controller must:
? Implement measures that assist it to ensure demonstrated compliance
? Maintain suitable, relevant records of personal data processing activities
? Appoint a dedicated data protection officer if scale makes this appropriate
? Implement technologies that ensure data protection by design
? Conduct data protection assessments and respond to results timeously

Implementing the General Data Protection Act in Ireland
The Irish Data Protection Commissioner has decided it is unnecessary to incorporate the GDPR into Irish law, since EU regulations have direct effect. The office of the Commissioner is working in tandem with data practitioners, and industry and professional bodies to raise awareness in business through 2017. It has produced a document detailing what it considers the essentials for business compliance. Briefly, these pre-requisites are:
? Ensure awareness among key personnel, and make sure they incorporate the GDPR into their planning
? Conduct an early assessment of quality management gaps, and budget for additional resources needed
? Do an audit of personal data held, to determine the origin, the necessity to hold it, and with whom shared
? Inform internal and external stakeholders of the current status, and your future plans to implement the GDPR
? Examine current procedures in the light of the new directive. Could you ?survive? a challenge from a data subject?
? Determine how you will process requests for access to the data in the future from within and outside your organization
? Assess how you currently obtain customer consent to store their data. Is this “freely given, specific, informed and unambiguous”?
? Find how you handle information from underage people. Do you have systems to verify ages and obtain guardian consent?
? Implement procedures to detect, investigate, and report data breaches to the Data Protection Commissioner within 72 hours
? Implement a culture of always assessing the effect on individual privacy before starting new initiatives

So Is the GDPR Good or Bad for Business
The GDPR should be good news for business customers. Their personal data will be more secure, and they should see their rate of spam marketing come down. The GDPR is also good news for businesses currently investing resources to protect their clients? interests. It could however, be bad news for businesses that have not been focussing on these matters. They may have a high mountain to climb to come in line with the GDPR.
Disclaimer: This article is for information only and not intended as a comprehensive guide.

Contact Us

  • (+353)(0)1-443-3807 (IRL)
  • (+44)(0)20-7193-9751 (UK)
Disadvantages of Spreadsheets – Obstacles to Compliance in the Healthcare Industry

Most of the regulatory compliance issues we talked about concerning spreadsheets have been related to financial data. But there are other kinds of data that are stored in spreadsheets which may also cause regulatory problems in the future.

In the US, a legislation known as HIPAA or Health Insurance Portability and Accountability Act is changing the way health care establishments and practitioners handle patient records. The HIPAA Privacy Rule is aimed at protecting the privacy of individually identifiable health information a.k.a. protected health information (PHI).

Examples of PHI include common identifiers like a patient’s name, address, Social Security Number, and so on, which can be used to identify the patient. HIPAA covers a wide range of health care organisations and service providers, including: health plan payers, health care clearing houses, hospitals, doctors, dentists, etc.

To protect the confidentiality, integrity, and availability of PHI, covered entities are required to implement technical policies such as access controls, authentication, and audit controls. These can easily be implemented on server-based systems.

Sad to say, many health care organisations who have started storing data electronically still rely on spreadsheet-based systems. Those policies are hard to implement in spreadsheet-based systems, where files are handled by end-users who are overloaded with their main line of work (i.e. health care) and have very little concern for data security.

In some of these systems, spreadsheet files containing PHI may have multiple versions in different workstations. Chances are, none of these files have any access control or user authentication mechanism whatsoever. Thus, changes can easily be made without proper documentation as to who carried out the changes.

And because the files are normally easily accessible, unauthorised disclosures – whether done intentionally or accidentally – will always be a lingering threat. Remember that HIPAA covered entities who are caught disclosing PHI can be fined from $50,000 up to $500,000 plus jail time.

But that’s not all. Through the HITECH Act of 2009, business associates of covered entities will now have to comply with HIPAA standards as well. Business associates are those companies who are performing functions and services for covered entities.

Examples of business associates are accounting firms, law firms, consultants, and so on. They automatically need to comply with the standards the moment they too deal with PHI.

 

More Spreadsheet Blogs

 

Spreadsheet Risks in Banks

 

Top 10 Disadvantages of Spreadsheets

 

Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry

 

How Internal Auditors can win the War against Spreadsheet Fraud

 

Spreadsheet Reporting – No Room in your company in an age of Business Intelligence

 

Still looking for a Way to Consolidate Excel Spreadsheets?

 

Disadvantages of Spreadsheets

 

Spreadsheet woes – ill equipped for an Agile Business Environment

 

Spreadsheet Fraud

 

Spreadsheet Woes – Limited features for easy adoption of a control framework

 

Spreadsheet woes – Burden in SOX Compliance and other Regulations

 

Spreadsheet Risk Issues

 

Server Application Solutions – Don’t let Spreadsheets hold your Business back

 

Why Spreadsheets can send the pillars of Solvency II crashing down

?

Advert-Book-UK

amazon.co.uk

?

Advert-Book-USA

amazon.com

 

Matrix Management: Benefits and Pitfalls

Matrix management brings together managers and employees from different departments to collaborate with each other towards the accomplishment of the organizational goals. As much as it is beneficial, matrix management also has limitations. Hence, companies should understand its benefits and pitfalls before implementing this management technique.

Benefits

The following are some of the advantages of matrix management:

Effective Communication of Information

Because of the hybrid nature of the matrix structure, it enables different departments to closely work together and communicate frequently in order to solve project issues. This leads to a proficient information exchange among leaders and subordinates. Consequently, it results to developed strategies, enhanced performance and quick productivity.

Efficient Use of Resources

Resources can be used efficiently in the organisation since it can be shared among functions and projects. As the communication line is more open, the valuable knowledge and highly skilled resources are easily distributed within the organisation.

Increased Motivation

The matrix structure promotes democracy. And with the employees working on a team, they are motivated to perform their duties better. The opinions and expertise of the employees are brought to the table and considered by the managers before they make decisions. This leads to employee satisfaction, empowerment and improved performance.

Flexibility

Since the employees communicate with each other more frequently, decision making becomes speedy and response is adaptive. They can easily adjust with diverse situations that the company encounters.

Skills Development

Matrix employees are pooled out for work assignments, even to projects that are not necessarily in line with their skill background. With this approach to management, employees have the chance to widen their skills and expertise.

Discipline Retention

One significant advantage of matrix management is that it enables the employees to maintain their skills in functional areas while working with multidisciplinary projects. Once the project is completed and the team wraps up, the members remain sharp in their discipline technically and return to their home functions.

Pitfalls

Here are some disadvantages of matrix management:

Power Struggle

In the matrix structure, there is always tension between the functional and project manager. Although their intent is polite, their conflicting demands and competition for control over the same resources make it more difficult.

Internal Complexity

Having more than one manager, the employees might become confused to who their immediate leader is. The dual authority can lead to internal complexity and possible communication problems. Worst, employee dissatisfaction and high employee turnover.

Heightened Conflict

In any given situation where people and resources are shared across projects, there would always be competition and conflict. When these issues are prolonged, conflicts will heightened and will lead to more internal problems.

Increased Stress

For the employees, being part of a matrix structure can be stressful. Their commitment is divided among the projects and their relationship with multiple managers requires various adjustments. Increased stress can negatively affect their performance in the long run.

Excessive Overhead Expenses

Overhead administrative costs, such as salaries, increase in a matrix structure. More expenses, more burden to the organisation. This is a challenge to matrix management that leaders should consider carefully.

These are just some of the advantages and disadvantages of matrix management. The list could go on, depending on the unique circumstances that organisations have. The key is that when you decide to implement matrix management, you should recognise how to take full advantage of its benefits and understand how to lessen, if not eradicate, the pitfalls of this approach to management.

Ready to work with Denizon?

Contact Us Today