deGRANDSON Global Blog

Preventing Phishing: Free ISO 27001 Training Video

johnf@degrandson.co.uk (Dr John FitzGerald) — Wed, 03 Jun 2026 06:42:07 GMT

20142014

Recommended as part of ISO 27001 Training or on Day 1 of Induction Training for new recruits

A cyberattack can destroy a business. Whether that involves Denial-of-Service attacks, file deletion, ransomware, or other cyberattacks, the most common factor they share is human failure. Currently, the most common human failure is falling victim to a Phishing e-mail, which has been attributed to >90% of successful information security breaches.

You may be surprised to learn that the most likely target organizations are smaller organizations that are likely to be suppliers to major organizations. The smaller organization is perceived as an easier route to successfully attacking the major one.

The new Global ACI Accreditation is not available for all ISO Standards

johnf@degrandson.co.uk (Dr John FitzGerald) — Fri, 22 May 2026 07:06:48 GMT

Only a limited number of ISO Management System Standards qualify for the new Global ACI logo.

We're all familiar with ISO 9001 Certificates carrying three logos: the Certification Body logo (say, Lloyds Register), the Accreditation Body logo (say, UKAS), and the Global ACI logo. But the Global ACI logo, or its predecessor, the IAF logo, doesn't appear on every Certificate. Why is that? And is it significant?

How to Choose QHSE Courses for ISO 9001, 14001, 45001 in 2026

johnf@degrandson.co.uk (Dr John FitzGerald) — Tue, 19 May 2026 12:59:59 GMT

Choosing the right QHSE course can feel overwhelming when you're faced with multiple standards (ISO 9001, ISO 14001, ISO 45001) and different auditor pathways (Internal Auditor, Lead Auditor, Lead Implementer). deGRANDSON Global makes this decision easier by offering structured, self-paced courses that map directly to your career goals and compliance requirements.

Why ISO 21001 and not ISO 17024 or EXEMPLAR or IRCA Accreditation?

johnf@degrandson.co.uk (Dr John FitzGerald) — Tue, 05 May 2026 06:15:00 GMT

deGRANDSON Global holds ISO 21001 Certification, a university-grade accreditation, because it's the only one that matters.

Without independent auditing to confirm compliance, it's only a badge!

We started by asking what would be the best choice of Learning Provider qualification for ISO Lead Auditors, ISO Consultants, and others wishing to audit, implement, or maintain ISO Management Systems to a high standard.

FDA QMSR and ISO 14971: What to do about Risk Management

johnf@degrandson.co.uk (Dr John FitzGerald) — Thu, 30 Apr 2026 13:00:03 GMT

Don't believe everything you read about ISO 14971!

The FDA's 'Medical Devices; Quality System Regulation Amendments' website explicitly states: All sections of ISO 13485 apply to device manufacturers. While there is much mention of 'incorporating by reference' and many misguided interpretations of that phrase, don't let anyone mislead you. To reiterate, the FDA's website explicitly states that all sections of ISO 13485 apply to device manufacturers.

What then of ISO 14971, Medical devices - Application of risk management to medical devices, which is mentioned in a note to Clause 7.1 of ISO 13485? The note states: 'Further information can be found in ISO 14971.' To use an old-fashioned expression, that's as clear as mud! Does it apply or does it not?

Let's unpick this confusing situation.

Correction, Corrective Action and Preventive Action explained

johnf@degrandson.co.uk (Dr John FitzGerald) — Tue, 28 Apr 2026 12:54:00 GMT

Badly written Corrective Action Clauses in ISO Management System Standards add to the confusion.

Correction, Corrective Action, and Preventive Action (CCAPA) are essential management systems components that help organizations identify, address, and prevent issues to ensure ongoing compliance and improvement. And all three expressions are defined and explained in this Post.

QHSE, HSEQ, SHEQ, IMS explained

johnf@degrandson.co.uk (Dr John FitzGerald) — Thu, 23 Apr 2026 14:52:13 GMT

These are commonly used terms, but they have no official standing

So, where are they used, and what is their significance when you wish to be an Auditor certified to more than one ISO Management System Standard?

ISO 27001, ISO 27701 and GDPR: a natural combination

johnf@degrandson.co.uk (Dr John FitzGerald) — Tue, 21 Apr 2026 10:00:18 GMT

In 2018, many organizations, not only those based in the EU, spent much time and money on compliance with the General Data Protection Regulation (GDPR).

But what actions should we take now to ensure ongoing compliance? It's not enough to have policies and procedures to demonstrate compliance with the requirements. If there is a data breach or similar event, regulators will challenge you to demonstrate how your organization has maintained compliance on a continuing basis. Here's how...

ISO 45001 Risk Assessment & Risk Treatment Tools

johnf@degrandson.co.uk (Dr John FitzGerald) — Thu, 16 Apr 2026 10:44:56 GMT

You'll need OH&S Risk Management Methods & Tools

Unlike ISO 9001, the Occupational Health and Safety Management System (OHSMS) Standard requires the application of OH&S Risk Management Methods in Clause 6.1. So, risk-based thinking alone does not meet requirements. Formal and documented Risk Assessment followed by Risk Treatment is required for compliance.

ISO Auditor Competence: who decides?

johnf@degrandson.co.uk (Dr John FitzGerald) — Wed, 15 Apr 2026 12:54:04 GMT

Your ISO Auditor Certificate doesn't make you competent

Being on a professional ISO auditor register isn't enough either

Competence is defined as the ‘ability to apply knowledge and skills to achieve intended results.’ And so it is with ISO Auditor Competence. Your Lead Auditor Certificate alone does not ensure competence. Nor, when competent, do you suddenly become incompetent three years after receiving your certificate.

Confused? Don't be. For Lead Auditors and their Audit Team Members, the requirements for competency have been defined in ISO standards.