GDPR workshop: 23 February 2018

Posted by Alex Pavlovic on Tue, Jan 23, 2018

Qualsys will be hosting a full-day GDPR workshop at our Sheffield office on 23 February 2018.

Do you know your ARs from your IPRs? Can you conduct a PIA? Do you know who the data controller in your business is? If, like hundreds of businesses in the UK, you need more information about preparing for GDPR, don't panic. A Qualsys survey in November 2017 found that 87% of businesses don't feel ready

The General Data Protection Regulation constitutes the largest overhaul of data protection regulation in twenty years - and comes into force on 25 May 2018.

From that date, businesses found to be in breach of the regulation will be susceptible to fines of up to €20m (£17.56m) or 4% of their annual turnover, whichever is greater.

It's not surprising that businesses are nervous and scrambling to prepare and adapt before the big day. There's confusion and uncertainty about what compliance means and what steps to take. 

Image result for gdpr

The Qualsys team will be offering expert support and guidance to businesses wanting to inform themselves about preparing for GDPR. Whether you're a Qualsys customer or not, our doors will be open on Friday 23 February for a full-day informative workshop in Sheffield.

Come join us and learn:

  • What GDPR means for your business
  • What to do before 25 May
  • How to conduct a PIA, manage risks, handle security breaches and prepare staff
  • How to manage assets, data types, customers and suppliers
  • Ten top tips from the Qualsys team

And much more. We will provide all delegates with a free information pack (and plenty of ideas!) to take away with them. To provide the most focused and valuable experience we can, places will be limited to ten delegates only on a first-come-first-served basis.

Get the knowledge you need to approach GDPR with confidence.

The workshop is priced as follows:

£399 (Qualsys customers)

£449 (non-customers)

GDPR workshop - Qualsys ltd (002).png

What you should do now

Sign up for the workshop here

Read how our software suite helps businesses prepare for GDPR here

Tags: Governance Risk and Compliance News, European Data Regulation, EU GDPR

7 questions to ask if you're planning to buy a document management system

Posted by Emily Hill on Tue, Oct 13, 2015

For companies with hundreds of governance, risk and compliance documents, using an intuitive document management system to organise, share and control documentation is critical. So when you decide to invest in a new document management system, it is essential that the solution will meet the unique requirements of your organisation. 

When choosing a document management system, it can be very difficult to decide which system and which vendor will be the best fit for your requirements. To help you to narrow the playing field, we have provided you with seven questions to ask your selected vendors. 

1. How will the software help to overcome documentation issues? 

document managment software

Make sure that the software will overcome your document management issues. 

If your company has too many paper-based processes and needs a document management system to digitise paper documentation, you will require a different document management system than if your main problem involves ensuring that policies and procedures are available for all members of staff to access.

By discussing your current problems with vendors, you will be able to ensure that the document management system will align with the strategic direction of your organisation. 


2. How configurable is the system?

compliance management software

When managing governance, risk and compliance documents, you may not want everyone to be able to access all documentation. Request information about how configurable the system will be and whether that level of configuration is necessary for your requirements. 

Whilst bespoke document management systems are configured entirely around your requirements, these systems can also be unreliable, expensive to update and often take a long time to develop. You may also be dangerously exposed to the developers availability to improve the software or fix any bugs. 

Off-the-shelf document management systems will vary in terms of how configurable they are. Mature off-the-shelf software will more than likely have very sophisticated options for configuration. By discussing your requirements with your selected vendors, they should be able to provide examples of how their software can be configured to suit your requirements. 


3. Who is using the document management system and what do they say about it?

best document management software

You wouldn't buy a new bike or a new car without first researching the company you are buying it from. You would spend hours looking at web reviews, talking to friends and looking on social media to see what is being said about it. Document management systems are the same, so you will want to ask for reviews, references and case studies. 

Some things you will probably want to know are: how the customer would rate the system & service, does the vendor understand the industry and regulations, how have system updates been managed and how long the system has been used. This will validate the vendors ability to provide a high level of service and give you an insight into the maturity of the software.


4. How can the document management system be accessed? 

using a new electronic document management system

The document management system needs to work cohesively with the ways your employees are accessing information. 

If your employees use SharePoint, you may want a document management system that can be accessed from SharePoint. If your employees access documents on their mobile phones, it fits that your document management solution is either mobile friendly or can be accessed by a mobile application. 

By asking how the document management system can be accessed, you will be able to make sure that the software will meet the requirements of all employees. 


5. What is the cost of the software? 

cost of grc software

Assess whether the vendor is a good fit by requesting cost information.

It is highly likely that every vendor will use a different costing structure which makes it difficult to compare. A more comprehensive way to determine which document management software will provide you with the best value to your company is to request information about the expected return on investment.

This ROI Calculator can be used to give you an estimate of the four year return on investment of EQMS Document Manager. 


6. How does the document management system prevent outdated documents being used?  

grc document management software

If you will be using the document management system to manage policies, processes, SOP's, quality, regulatory or compliance records, your document management system must prevents out-of-date documents from being used.

Request information from your selected vendors about how the system will help you to manage the delivery, acknowledgement and review cycle of documents. 


7. What level of support will be available?

governance, compliance and risk managment support documentation

Most vendors will provide you with software training. However, after this initial training, find out what other support the vendor will be able to provide you with. 

You may need user-guides, online help desks and extra training further down the line, so make sure that the vendor has the resources to support your ongoing training requirements. 

It can also be helpful to ask the vendor about what other governance, risk and compliance management software is available in case your requirements change. For example, EQMS is also available for auditing, supplier management or training records management. By finding a vendor who can provide you with more software solutions, you will save time and money in the future. 


What Next? 

Knowing the answers to these questions means that you will be more likely to find a solution which aligns with your overall business goals, organisational culture and future plans. 

If you need more information on getting a new document management system into your organisation, download the EQMS Buying Toolkit to access a number of resources to support you throughout the buying process of your document management software. 


Governance risk and compliance management software


Image Credits: 


Tags: Document Management, Governance Risk and Compliance News

Information governance: 3 ways EQMS creates value

Posted by Emily Hill on Thu, Oct 08, 2015

Quality managers are required to govern an ever-increasing amount of information. Managing this information effectively is a demanding challenge.  In this article we look at three benefits of effective information governance and how EQMS creates value. 

1) Unlock Corporate Information Assets:

What do polar ice caps, North American oil reserves and your corporate information assets have in common? A question posed by Ed Dobson, Enterprise Content Management Lead at Deloitte during his presentation at the AIIM Trade Members Meeting.

Approximately 70% of the world's fresh water is frozen in ice-caps, rendering it inaccessible for use. 70-80% of the North American oil reserves are also inaccessible. Equally so, approximately 70-80% of valuable corporate information assets are locked up in information silos. 

If 70-80% of information assets are locked away in information silos, it reduces productivity, workflow and general well-being. With regards to policies, procedures and process information, if employees can not access the most current documents, they will risk non-conformances. 

EQMS is a cloud-based software solution which has also been designed to work within SharePoint, Word, Outlook, Excel and Powerpoint, facilitating collaborative and productive workflows by making the information readily available for stakeholders with permission. 


2) Manage Information Chaos:

buy in for document management


It should come to no suprise to you that the amount of data we consume, create and share has exploded in recent years. CSC Insights claims that corporate data doubles every 14 months. 

Controlling the explosion of information in your organisation is also key to gaining greater insights into how your organisation can grow and where your weaknesses are. 

EQMS enables organisations to effectively gain control over information by using one interface. All compliance, governance and risk management documents can be found in one place. 


3) Promote Rapid Change:




Gone are the days when software needed to provide a rapid return on investment, according to Gartner in “Why CIOs Must Flip Three Leadership Behaviours”. Instead, Gartner argues that software must be valued dynamically by the way that it can deal with rapid change.

Although EQMS tends to provide most organisations with a rapid ROI, EQMS also enables rapid change to take place within an organisation. For example, if your organisation has an ambition to achieve a new ISO standard within the next few months, EQMS provides the digital framework to upload all supporting documentation to demonstrate that you meet the standards' requirements. Furthermore, authorised users can also edit workflows without IT intervention, which maintains the momentum on projects. EQMS evolves and scales with an organisation to promote rapid change. 


What next?  

For more information on implementing EQMS into your organisation, download the EQMS buyers toolkit below. The buying kit includes datasheets, a case for document management whitepaper, case studies and much more. 


Governance risk and compliance management software



Image Credits: 


Tags: Quality Management Software, EQMS, Governance Risk and Compliance News

Volkswagen and ISO 9001:2015 - How ISO 9001:2015 can Prevent Compliance Scandals

Posted by Emily Hill on Fri, Sep 25, 2015

Large Scale Noncompliance at Volkswagen

One of the world’s largest car manufacturers, Volkswagen, had billions of pounds wiped off the value of the company following a scandal whereby software was deliberately designed to deceive emissions tests.

The scandal came about following a compliance violation letter issued by the US Environmental Protection Agency (EPA) and California Air Resources Board (CARB) after a discussion with Volkswagen representatives who admitted that diesel vehicles had been deliberately fitted with software designed to deceive nitrogen emissions tests.

The scope of the scandal is still being investigated. However, it is expected that 11 million Volkswagen cars worldwide have been fitted with rigged software and it has also been speculated that other automotive manufacturers are also involved.

Whether Volkswagen will be able to survive such a reputational and financial hit is uncertain. However, what is clear from this scandal is that there was an evident requirement for a more robust system for managing governance, risk and compliance.

To support organisations to avoid such damaging scandals, the revised quality management standard, ISO 9001, focuses even more on top management taking the lead to ensure governance controls are in place, risks are identified, assessed, and applicable standards & regulations are complied with.

The revision of the ISO 9001 standard is an opportune time to advance, scale and evolve a quality management system to ensure regulations are adhered to, to avoid expensive losses and use the QMS to develop competitive advantage and drive bottom-line corporate growth.

This article discusses five new requirements of the ISO 9001:2015 framework and apply this to the Volkswagen emissions scandal. The article aims to support you to emphasise the importance of implementing the improved standard into a quality management system.



  Is this Volkswageddon? - Image Credits:


Context of the organisation:

Section four of the revised ISO 9001: 2015 framework puts a stronger focus on understanding the context of the organisation by assessing the needs of stakeholders, ensuring strategic cohesion and determining the scope of the quality management system within the organisation.

The new requirement specifies that the organisation should determine external and internal issues that are relevant to its purpose and its strategic direction. Volkswagen neglected to integrate strategic direction with internal issues. For example, Volkswagen communicated a strategy as a thought-leader in supplying environmentally sustainable cars - in Volkswagen’s sustainability strategy, the company claims “Environmental protection is an essential element of our corporate strategy aimed at long-term growth in value”, and the car maker launched a number of environmentally-friendly campaigns such as “Blue Motion” and “Think Blue”. It is estimated that Volkswagen diesel vehicles’ nitrogen oxide emissions exceeded regulatory limits by up to 40 times and caused up to one million tonnes of extra air pollution. Not only do the internal issues not align with the strategic goals of the company, it neglect the needs of stakeholders.

A key new requirement of ISO 9001 is ensuring that the organisation meets customer, statuary and regulatory requirements. The framework states the organisation must understand the needs and expectations of interested parties by providing products and services which meet customer and applicable statutory and regulatory requirements. The revised ISO 9001 standard will support companies to assess, manage and practise greater cohesion by putting the context of the organisation at the centre of the quality management system.



The ISO 9001 revision emphasises the importance of managing governance, risk and compliance from the top of the organisation. Section 5, Leadership, requires top management to develop the quality policy. This is to prevent CEO’s being surprised with any wrongdoing in the organisation – exactly the situation Martin Winterkorn, Volkswagen Chief Executive, supposedly found himself in.

Winterkorn claimed: "I am shocked by the events of the past few days. Above all, I am stunned that misconduct on such a scale was possible in the Volkswagen Group."

By ensuring that quality is managed from the top of the organisation, Winterkorn would avoid, or at least mitigate such large-scale noncompliance scandals.



Section eight of the revised ISO 9001 standard includes a new clause on operational planning and control. The clause focuses on establishing criteria for the processes and the acceptance of products.

Volkswagen developed processes and procedures to deliberately bypass the vehicles emission control system. In fact, in a compliance violation letter from the EPA and CABR Volkswagen admitted that vehicles were designed and manufactured with a defeat device to bypass, defeat and render inoperative elements of the vehicles emission control system.

By systematically planning, implementing and controlling the processes needed to meet the requirements of the products or services, the QMS can be used to avoid wide-scale operational problems.



There is a much greater focus on risk management in the revised ISO 9001 standard. Organsiations are required to assess risks when planning for QMS to ensure that they can enhance desirable effects or prevent and reduce undesirable effects.

In the Volkswagen emissions scandal, it is reported that Volkswagen used deceptive software since 2009. To meet the regulatory standards, Volkswagen inserted intricate code into the vehicle software that tracked steering and pedal movements which detected when the car was in a laboratory. The rest of the time, the pollution controls switched off. Rather than improving the issue over the past six years, Volkswagen neglected the risk and in return lost 30% off the value of the company in a week.



Communication in large, multi-national organisations is key to avoiding noncompliance. Clause 7.4 of the revised ISO 9001 standard requires organisations to determine what the quality management system will communicate, when, with whom and how it will communicate.

Standardised protocol for communicating quality management can avoid governance, risk and compliance issues by quickly identifying who is responsible and why an issue as occurred. This can help prevent organisations such as Volkswagen being liable for billions of dollars’ worth of fines.

EQMS by Qualsys is an intuitive software solution which supports companies to manage, document and assess governance, risk and compliance regulations. With built-in electronic signatures and a range of other governance, risk and compliance tools, EQMS can support companies who need to meet the requirements of ISO 9001 .


What Next?

What exactly went wrong for such a popular and trusted brand to cause such as huge environmental, reputational and financial catastrophe is yet to be known. ISO 9001:2015 is undoubtedly the best global quality management standard available to support an organisation to ensure a well-managed and cohesive governance, risk and compliance strategy.


Download the ISO 9001:2015 Revision Toolkit for checklists, guides and more.


ISO 14001 Revision

Tags: ISO 9001:2015, Governance Risk and Compliance News

The Top 5 GRC Twitter Accounts You Need To Follow

Posted by Callum Hornigold on Mon, Feb 03, 2014

Callum Hornigold Qualsys

Want to stay on top when it comes to governance, risk and compliance? We’ve compiled an executive list of the top GRC Tweeters to follow to ensure you're at the forefront of the latest news, events and opinion.

Michael Rasmussen

Twitter handle @GRCPundit

Michael Rasmussen

Known by the self-styled but equally justified moniker “The GRC Pundit”, Rasmussen holds over 18 years’ experience in GRC. Showcasing his expertise on the topics of enterprise GRC, GRC technology, corporate compliance, and policy management, not only is he an active Tweeter but also a regular keynote speaker, author, and advisor. He’s also noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester. If you’re not following him, you’re simply behind the curve.


Matt Kelly

Twitter handle @complianceweek

Matt Kelly

Matt Kelly is editor of the globally revered Compliance Week, one of the leading information services on corporate governance, risk and compliance. A serial Tweeter at the vanguard of GRC news, if any breaking information surfaces you can guarantee he will have a handle on it.


Tammy Whitehouse

Twitter handle @tammywh

Tammy Whitehouse Twitter resized 600

Another member of the Compliance Week team, Whitehouse is a long-standing business writer who’s been a regular contributor since 2005. Specialising in auditing, her work has been featured in an impressive index of journals and periodicals including Journal of Business Strategy, Strategy & Leadership, Compensation & Benefits Review, Inc, and Buyside. What’s more, her Tweets are purely business-orientated and highly focused.


Ted Bilich

Twitter handle @TBilich

Ted Bilich

A reverend of risk, Bilich is CEO of Risk Alternatives, providing world-class governance, risk management, compliance, and dispute resolution services. Having counselled, facilitated, and taught in a wide variety of settings, including Fortune 100 companies, growing businesses and non-profits, Bilich is one of the world’s leading experts in risk management and compliance – a title cemented by over 8000 Twitter followers.


Norman Marks

Twitter handle @normanmarks

Norman Marks

When Marks’ Twitter bio states he’s “considered by some as a thought leader”, this may well be a modest understatement with over 3,577 followers. An “evangelist” and expert in internal audit, risk management, compliance and ethics, Marks has led large and small internal audit departments, been a Chief Risk Officer and Chief Compliance Officer, and managed IT Security and governance functions.


And Not To Forget....

Be sure to follow us @QualsysEQMS for the latest news, events and opinion within governance, risk and compliance and feel free to get in touch with any questions you may have regarding our software.

Tags: GRC Resources, Governance Risk and Compliance News, Who to Follow for GRC

4 GRC Events You Can't Afford To Miss

Posted by Callum Hornigold on Thu, Jan 30, 2014

At Qualsys, we’re committed to providing you with the very latest opportunities for continuous professional development. This is the first in a series of blogs that will profile upcoming governance, risk & compliance events. If you have an event you’d like us to feature, then please contact me at:

IRMS Conference 2014 

information and records management society

When: 18-20 May 2014

Where: Hilton Brighton Metropole Hotel, Brighton, UK

Why: With businesses facing increasing regulatory requirements, it’s essential for organisations to systematically and cohesively manage information, data and records in order to maintain compliance.


Overview: The theme for this year's IRMS conference is "Luxury Or Necessity? Information and Records Management in the world of Governance, Risk and Compliance". A friendly event famed for knowledge-sharing and exciting speakers, the conference welcomes all those who work in or are concerned with information, data and records management, regardless of their professional or organisational status or qualifications, and who may be part of any of the following disciplines:

  • Information, Data and Records Management
  • Information Assurance
  • Enterprise Information
  • Business Intelligence
  • Governance, Risk & Compliance
  • Information Security
  • Data Protection
  • Freedom of Information
  • Knowledge Management
  • Archives Administration and Management

grc conference

2014 Governance, Risk & Compliance Summit

11 0111 gsmi 72dpiWhen: 4-6 March 2014

Where: Hyatt Boston Harbour, Boston, MA, USA

Why: Today, organisations are expected to manage a variety of risks that would have been unthinkable a decade ago. The GRC summit provides risk & governance audit, and compliance executives a platform to share ideas, learn from peers and improve upon existing methodologies that have been created to support the people, process and technologies of their organisation.

Overview: Over the course of three days, using specific examples and case studies, the GRC summit participants will discuss how to increase effectiveness of current GRC programs. The summit will show you how to:

  • streamline the multiple business units into a cohesive GRC process
  • learn the ROI potential of a comprehensive GRC control framework
  • analyse risk appetite and find opportunity in risks that were once seen as a liability
  • access implementable solutions to take back to your company
  • networking opportunities will introduce you to colleagues throughout the GRC space
  • enable internal audit to provide assurance and insight beyond annual auditing plans
  • identify and implement sustainable practices
  • assess real privacy risks to your organisation
  • learn how to proactively monitor change
  • understand IT change management issues facing your company
  • IT data management, risk management, audit management, and compliance

Speakers include:

GRC Summit resized 600
Aiim Forum UK

AIIM newstrap 2009 3colWhen:
25 June 2014

Where: London, UK

Why: Exponential growth in mobile data, social networks, and the cloud is resulting in a relentless onslaught of new information. To survive this information maelstrom, businesses need to continuously connect staff, suppliers, partners and customers with accurate and up-to-date information.

Overview: AIIM is the global community of information professionals, providing the education, research and certification required to manage and share information assets in an era of mobile, social, cloud and big data. The AIIM forum will teach participants to take control of their information assets. You will discover how the latest innovations in information management can help your organisation to:

  • improve customer service
  • reduce process costs
  • support business integration
  • minimise risk
  • gain competitive advantage.

aiim conference 

Pharma Compliance UK Conference

When: 8-9 October 2014

Where: London, UK

Why: Pharma is facing a deluge of ever-increasing transparency regulations in Europe. Adopting ethical business practises is imperative to curb the risk of severe fines or a tarnished reputation.

Overview: Pharmaceutical, medical device and regulatory agencies across Europe will discuss the challenges and best practices to manage risk and enhance your compliance program. Attendees of the Pharma Compliance Conference 2014 can expect industry thought leaders from an impressive list of companies providing invaluable advice on how to implement a compliance program that works for your business.

This conference will revolve around the themes of:

  • operational compliance best practices
  • regional transparency, disclosure and aggregate spend requirements
  • global anti-bribery and corruption developments review
  • third-party intermediaries, due diligence and monitoring considerations
  • compliant communication with customers of today and tomorrow
  • product promotional compliance

pharma compliance 

Promote an Event

Got a GRC event you’d like us to feature? Then feel free to contact our friendly team.


Click to contact us


Tags: Events, Governance Risk and Compliance News