Friday, 19 January 2018

Chapter Three Consulting Become ISO 27001 Accredited

Chapter Three Consulting are delighted to announce that they have achieved ISO 27001 accreditation awarded by the British Assessment Bureau.

ISO 27001 is the internationally recognised Information Security Management Standard (ISMS) that proves an organisation’s commitment to the security of their customers. With ISO 27001 in place, Chapter Three Consulting are able to minimise risks to potential data security breaches and reduce errors and costs, while demonstrating credibility and trust.

An ISMS is a set of policies, procedures, processes and systems that manage information risks, such as cyber-attacks, hacks, data leaks or theft. Businesses have been encouraged to identify risks of all shapes and sizes for many years now, and once identified they must be managed, and risk mitigation must be considered.

Cyber-attacks are increasing in volume and strength daily, and the financial and reputational damage caused by an ineffectual information security system can be fatal. Implementing an ISO 27001-certified ISMS helps to protect an organisation against such threats and demonstrates that the necessary steps have been taken to protect the business.

An IBM Survey, allocates 49% of breaches to malicious activity, 23% to system glitches and the remaining 28% to human error.

The Standard is designed to ensure the selection of adequate and proportionate security controls that help to protect information in line with increasingly rigid regulatory requirements such as the General Data Protection Regulation (GDPR), the NIS Directive and other cyber security laws.

The benefits of certification to ISO 27001 include:
  •         Proving to clients an organisation keeps their information secure
  •         Achieve operational excellence
  •         Minimise risk of potential data security breaches
  •         Protects reputation
  •         Reduces errors and costs
  •         Increases business profitability
  •         Engages employees

The Standard also helps businesses become more productive by setting out clear information risk responsibilities and ensuring continual improvement.

Chapter Three Consulting are a business support consultancy who focus on bringing specialist knowledge and expertise to companies who wish to fulfil their compliance obligations.

Providing specialist compliance knowledge and GDPR expertise to SMEs they are able to assist with auditing, managing and maintaining compliance.

Visit the website or call 0330 004 0020 for more information


Tuesday, 21 November 2017

Is your business ready for the introduction of the new General Data Protection Regulation known as the GDPR in May 2018?

A recent IT Security survey found that 61% of UK companies don’t realise that the new Regulation applies to them.

A further study has shown that 21% of senior management have little or no awareness about the effect that the GDPR will have on their organisation. While 31% of the companies questioned had experienced an incident in the last 12 months due to staff negligence or bad practice.

It is essential that companies are made aware of the changes and new obligations in the legislation by May 2018 and time is running out.

The Regulation contains new rights for people to access the information companies hold about them, obligations for better data management and a new regime of fines. Incidents with serious consequences can have fines of up to €20 million or 4% of a firm's global turnover whichever is greater.

Companies covered by the GDPR will be more accountable for the handling of people's personal information. This will include having data protection policies, data protection impact assessments and data mapping showing how the data is processed.

Companies will need to obtain consent and demonstrate why people's information is being collected and processed, providing descriptions of the information that is held, how long it is being kept for and descriptions of the technical security measures in place.

As well putting new obligations on the companies and organisations collecting personal data, the GDPR also gives individuals more power to access the information that is held about them free of charge.

To help prepare for the GDPR the ICO has created a 12-step guide which includes steps such as making key people aware of the Regulation, determining what information is held, reviewing current privacy notices, identifying the lawful basis for processing the data and what should happen in the event of a data breach.

Chapter Three Consulting are a business support consultancy who provide specialist compliance knowledge and GDPR expertise. As an ISO accredited organisation their consultants are able to assist in auditing, supporting the implementation of any changes required and maintaining ongoing compliance.

For further information contact us on 0330 004 0020 or email

Tuesday, 4 July 2017

What is GDPR?
The General Data Protection Regulation is a new set of rules that governs the privacy and security of personal data and replaces the Data Protection Act.

GDPR will apply from 25th May 2018 and from this date, all companies must be fully compliant.

Any fines imposed for not being compliant are required to be effective, proportionate and dissuasive and can be up to €20 million or 4% of turnover, whichever is the greater.

The definition of 'Data' is more detailed than before and includes online identifiers such as IP addresses. 

GDPR applies to both automated personal data and to manual filing systems where personal data are held.

In summary, if you keep any customer or staff records you will need to comply with the new rules.

Lawful processing
For processing of data to be lawful under GDPR, you need to identify a lawful basis before you can process the data. You need to identify the lawful basis for the processing and document it, before the processing takes place.

You are expected to put in place comprehensive but proportionate governance measures and in some circumstances, privacy impact assessments and privacy by design are legally required.
These measures are aiming to minimize the risk of data breaches but will mean that more policies and procedures are required.

How we can help?
We are able to audit and provide a gap analysis to identify where work is required to become GDPR compliant.

We can assist with data impact assessments, provide regular support and audits to prove compliance, and have a comprehensive toolkit to make the process of preparing the required policies and procedures as easy as possible.

Visit or call us on 0330 004 0020 to find out more.

Tuesday, 30 May 2017

Chapter Three Consulting ISO 9001 Case Study - British Assessment Bureau

Chapter Three Consulting are a leading compliance consultancy specialising in Licensing, GDPR, and Health & Safety compliance.

We achieved certification to the internationally recognised ISO 9001 standard earlier this year. 

Click on the link to see the British Assessment Bureau’s recently published case study about our success.

The independent assessment was conducted by the British Assessment Bureau, a leading Certification Body, and demonstrates Chapter Three Consulting’s commitment to use this for ISO 9001: customer service and quality in delivery.

About ISO 9001

ISO 9001 was first introduced in 1987 and requires organisations to demonstrate that they do what they say they do. That they have a Quality Management System in place to ensure consistency and improvement; leading to high levels of performance and customer satisfaction.

Certified organisations are committed to continuous improvement and are assessed to ensure progress is being maintained.

The benefits of certification to ISO 9001 include:
  •          Streamlining an organisation’s procedures
  •          Bringing consistency to an organisation’s service delivery
  •          Reducing cost and rework
  •          Improving an organisation’s management practices
  •          Enhanced status
  •          Competitive advantage
  •          Lower insurance premiums

About the British Assessment Bureau

The British Assessment Bureau’s reputation was established in 1969 as a specialist in certification scheme management. In 1997, the Secretary of State for Trade and Industry approved the use of the word ‘British’ in their title, in recognition of their pre-eminent status.

Today, they certify organisations to recognised standards, including ISO 9001 (quality management), ISO 14001 (environmental management), ISO 27001 (information security management) and OHSAS 18001 (occupational health and safety management). 

They also design and manage bespoke assessment schemes. Such schemes are based on the establishment of standards, which can be developed to be recognised company-wide, industry-wide, nationally, or internationally.

Visit us at or call us on 0330 004 0020 for more information about our services.

Tuesday, 16 May 2017

Licensing and Immigration – the Government get serious….

Licensing and Immigration – the Government get serious….

From the 6thApril 2017 the changes to the Immigration Act 2016 come into force via the regulations made by the Government under the Licensing Act 2003.

Premises Licence Holders and managers of Licensed Premises have had the responsibility to ensure that all employees have the correct Immigration status to work legally in the United Kingdom.

The new regulations create further responsibilities for Licensing Authorities and the Home Office. In future all Premises Licence applications, Change of DPS applications and Temporary Event Notices have amended application forms requiring nationality and immigration status to be confirmed by the applicant.

In addition, the Home Office is now scrutinizing licensing applications to ensure compliance with the new regulations and they have power to make representations within the Licensing process.

Chapter Three Consulting is able to assist Premises Licence Holders in all sectors with this vital work, which can have an immediate effect on the usability of your Licence and viability of the business concerned.

Read the Poppleston Allen article Home Office Announces Change to Application Procedure by Jonathan Smith here.

Visit or call us on 0330 004 0020 to find out how we can help you.

Wednesday, 3 May 2017

Craft Beer & The Phenomenon of the Pop-Up Bar

Craft Beer & The Phenomenon of the Pop-Up Bar

There are now over 1700 small breweries in the UK which is a response to the increase in demand for quality.

Artisan beers have their own local identity and represent quality in the market place.

Whether they are sold from a shop with a Premises Licence for ‘Off Sales’ or sold from a bar with a Premises Licence for ‘On Sales’ or a combination of both, there are a growing number of outlets for these products.

Premises who specialize in selling craft beer from the UK, Europe and other parts of the world as well as other local products including British wine and spirits do not fit neatly into the Pub, Bar and Off-Licence model.

Pop-ups enable retailers to try out new locations and test products without committing to long leases or expensive refits.

They have varying opening times and can operate as Pop-up sites often on a single day each week.

Your local Licensing Authority may not understand this growing phenomenon and that is where professional assistance is needed.

Chapter Three Consulting recently enabled Four Hops Shop, a beer emporium in Reigate to obtain a Premises Licence that is suitable for this new business start up and clients elsewhere are starting to manage their premises and amend their Licences to adjust to this developing market.

Read Gemma McKenna’s intriguing article for the Morning Advertiser Pop Up Bars Hit The Pub World to find out the benefits of running a pop up bar.

Call us today on 0330 004 0020 or visit us at to find out how we can help you. 

Tuesday, 28 March 2017

The Importance of a Fire Risk Assessment

A fire risk assessment is a mandatory undertaking that must be carried out in all places of work and in areas that are accessible to the general public.

A fire risk assessment helps you identify all the fire hazards and risks in your premises. You can then decide whether any risks identified are acceptable or whether you need to do something to reduce or control them.

A risk assessment should be carried out by someone who has had sufficient training, and has good experience or knowledge of fire safety.

For fire to occur there must be a source of ignition, fuel and oxygen. If all three are present and in close proximity, then the fire risk could increase as a result.

In the average premises fire hazards will fall into the first two categories, while the oxygen will be present in the air in the surrounding space. Occasionally oxygen can be found in chemical form (oxidising agents) or as a gas in cylinders or piped systems.

If there is a fire, the greatest danger is the spread of the fire, heat and smoke through the premises. If this happens, the main risk to people is from the smoke and products of combustion, which can very quickly incapacitate those escaping.

If a premises does not have adequate means of escape or if a fire can grow to an appreciable size before it is noticed, then people may become trapped or overcome by heat and smoke before they can evacuate.

If your premises are situated in a relatively modern building, it should already incorporate important control measures, e.g. fire escape staircases, fire lobbies, fire doors, emergency lighting etc.

Many of these measures will also be found in older buildings. If your building was issued with a fire certificate under the Fire Precautions Act, details of existing control measures will be detailed in that document.

It is important to remember that fire risk assessment is a continuous process and as such must be monitored and audited. New and existing control measures should be maintained to make sure they are still working effectively.

However, if you introduce changes into your premises your original risk assessment may not address any new hazards or risk arising from them. For this reason it is also important to review and revise your assessment regularly.

This doesn’t mean it is necessary to amend your assessment for every trivial change that occurs, but the impact of any significant change should be considered.

For more information visit the Chapter Three Consulting website at or call us on 0300 004 0020