Which management systems for 2020? Craig D'Souza interview

Craig D'Souza is the Managing Director of E-Risk360, an Australian-based quality consultancy. Craig builds, implements and audits management systems for clients in a string of tightly regulated sectors.

Qualsys spoke to Craig about:

  • The best ISO standards to aim for in 2020
  • Typical mistakes he spots on audit
  • The main change businesses should make to their quality approach



Craig D'Souza Managing Director E-Risk360 consultancy


Qualsys: Which standards are your clients most interested in achieving? What would you say is the management system to have in 2020?

Craig: Actually, I think there are two.

Workplace safety has always been popular, but with the launch of ISO 45001 it's become even more so.

The other is ISO 27001 and information security management systems. The roll-out of the GDPR in Europe has made businesses everywhere think about their data security and encryption. That's getting hot even here in Australia.


Qualsys: Why do you think ISO 45001 has taken off in the way that it has?

Craig: There's obviously a cost associated with having your workers' health and safety compromised. Businesses have always been interested at looking at things like downtime or lagging indicators like lost time injuries, but just looking doesn't help you tackle the risks at source.

Businesses are recognising that safety is a top cost priority. It isn't just about providing things like safe equipment, but following good ergonomic practices and making things like health and wellbeing programmes.

The cost of insurance claims is on the increase among employees as well. So companies just can't afford to be negligent anymore. And regulation is getting more stringent, both here in Australia and in New Zealand.


ISO 45001 Kate hurdles

Qualsys Compliance Director Kate Armitage

speaks at an ISO 45001 workshop in 2019



Qualsys: When you're performing audits, do you see any common mistakes arising again and again? Are there any typical traps that businesses tend to fall into?

Craig: The main mistake is the basic identification of risk. Making sure they've actually undertaken thorough risk assessments on a regular basis.

For example, a construction company might be good at identifying risks on-site. But looking at the company as a whole, considering satellite offices, office environmental risks, having really basic things like a risk register inclusive of all sites rather than just work sites, is something a lot of businesses just don't do.

Just being vigilant in monitoring is crucial as well. It's all very well identifying risks,  but keeping an eye on them and making sure the company does what they say they'd do is just as important. Equipment being tested and tagged is one thing that just gets overlooked sometimes.


Establishing Risk Context (002)

Qualsys: What would you say is the main change that businesses in general should be making in how they approach quality management?

Craig: Being better at collecting data. That could be through a number of mechanisms, not just basic things like customer surveys but more innovative tools and technologies where you can get that feedback more easily - for instance, sensors on pieces of equipment and assets.

Thinking about how to get the data you want with new tools and technologies is the key, I think.


Qualsys: What kind of tools do your clients currently use? Are they still using paper, or are they turning to electronic quality systems like what we provide?

Craig: For auditing, not many businesses I work with here in Australia are using software yet. But things like cloud-based storage tools are getting pretty common now.

Having said that, one client I work with is a mining company. Their sites are heavily regulated in terms of health and safety.

So they are now using a health and safety software tool to collect incident, near-miss and internal auditing data in all their offices across Australia.


auditing 5-1


There was a recognition that they needed to streamline their processes and standardise them across different states and territories, especially with health and safety being at the forefront of their directors' minds.

They recognised the power that these sorts of systems can provide them.LogoPNG

Next steps


Learn more about health and safety management software here.

Connect with Craig on LinkedIn here.

And start your ISO 45001 journey with our toolkit:


ISO 45001 health and safety management toolkit materials


Topics: ISO 45001, ISO 27001, Interviews

Share your thoughts on this article