2015 ESOS Guidelines Chapter 6 – Role of Lead Assessor

The primary role of the lead assessor is to make sure the enterprise?s assessment meets ESOS requirements. Their contribution is mandatory, with the only exception being where 100% of energy consumption received attention in an ISO 50001 that forms the basis of the ESOS report.

How to Find a Lead Assessor

An enterprise subject to ESOS must negotiate with a lead assessor with the necessary specialisms from one of the panels approved by the UK government. This can be a person within the organisation or an third party. If independent, then only one director of the enterprise need countersign the assessment report. If an employee, then two signatures are necessary. Before reaching a decision, consider

  • Whether the person has auditing experience in the sector
  • Whether they are familiar with the technology and the processes
  • Whether they have experience of auditing against a standard

The choice rests on the enterprise itself. The lead assessor performs the appointed role.

The Lead Assessor?s Role

The Lead Assessor?s main job is reviewing an ESOS assessment prepared by others against the standard, and deciding whether it meets the requirements. They may also contribute towards it. Typically their role includes:

  • Checking the calculation for total energy consumption across the entire enterprise
  • Reviewing the process whereby the 90% areas of significant consumption were identified
  • Confirming that certifications are in place for all alternate routes to compliance chosen
  • Checking that the audit reports meet the minimum criteria laid down by the ESOS system

Note: A lead assessor may partly prepare the assessment themselves, or simply verify that others did it correctly.

In the former instance a lead assessor might

  • Determine energy use profiles
  • Identify savings opportunities
  • Calculate savings measures
  • Present audit findings
  • Determine future methodology
  • Define sampling methods
  • Develop audit timetables
  • Establish site visit programs
  • Assemble ESOS information pack

Core Enterprise Responsibilities

The enterprise cannot absolve itself from responsibility for good governance. Accordingly, it remains liable for

  • Ensuring compliance with ESOS requirements
  • Selecting and appointing the lead assessor
  • Drawing attention to previous audit work
  • Agreeing with what the lead assessor does
  • Requesting directors to sign the assessment

The Environment Agency does not provide assessment templates as it believes this reduces the administrative burden on the enterprises it serves.

Check our similar posts

Solutions to Password Overload

If only technologists had their way, passwords and PINs would have long been replaced with more innovative (and admittedly, better) security solutions. But such is not the case. Those alternative solutions, which include biometrics, smart cards, and password fobs, effective as they may be, are just way too expensive to implement.

So although passwords and PINs may not be here to stay, they certainly won’t be going away soon either.

Why keeping passwords in memory is no longer possible

A couple of decades ago, it would have been nearly impossible to crack an eight-character password using brute force. Today, however, advancements in computing power are rendering the typical passwords of the past easily decipherable, forcing us to come up with passwords that are not only much longer, but also much more complex and hence difficult to recall.

For instance, memorable words like your favourite character (e.g. ‘skywalker’) may have been acceptable then, but not anymore. Today?s security systems will encourage you to insert numbers or even other keyboard characters as a means to once again counter brute force. Hence, ‘sk5%ywa936lker@#’ may be more acceptable.

Remembering that one alone can be pretty daunting.

To further complicate matters, the number of applications that require passwords for access is much greater than before even for a single end user. Ordinary end users have to keep track of passwords for their email account, network login, workstation login, online services, and so on.

The burden is even greater for your IT admins, who have to remember a larger collection of passwords that protect business critical systems and applications. Clearly, the team in charge of your IT security will need a way to manage all these passwords.

Password management solutions

Existing password management solutions typically come in the form of software applications that store passwords. Basically, all you need to remember are your login details for the app a.k.a. the ?master password?. Once you’ve gained access inside, you can then retrieve any password you stored there.

Some of these apps are installed in portable devices like Pocket PCs, PDAs, or smartphones, which you would normally take along with you. For as long as the device stays with you, your passwords will be in safe hands. What’s more, you can retrieve them anywhere you go.

But obviously, there’s a problem. What if the device gets misplaced or stolen? Although the person who ends up with your device may not be able to gain access into the app and your passwords, neither will you. A better solution would therefore be an app that can be accessed anywhere but is not susceptible to getting lost.

Web-based password manager

A web-based password manager fits the bill. You don’t have to take it with you, but still you can access it almost anywhere. A typical web-based password manager will have all your passwords stored in a centralised, highly secure location.

If you want, you can even use your mobile password manager along with the web-based one. Ideally, your web-based password manager would have a copy of all the end-user passwords as well as the master passwords of your organisation.

With an easy to access but highly-secure web-based password manager, you no longer have to come up with passwords that (ironically) are supposed to be easy to remember but hard to crack at the the same time.

Furthermore, password managers are ideal for keeping passwords that have to be changed every-now-and-then; a requirement that’s becoming all too common in organisations bent on enforcing more stringent controls.

IT Systems Implementation

Are you ready to find out how your newly accepted IT system fares in the real world? Although a rigorous Acceptance testing process can spot a wide spectrum of flaws in a newly constructed IT system, there is no way it can identify all possible defects. The moment the IT system is delivered into the hands of actual end users and other stakeholders, it is effectively stepping out of a controlled and secure environment.

Thus, it is during this phase wherein issues having direct impact on the business can arise.

It is our duty to ensure that the Systems Implementation phase is carried out as thoroughly, professionally, and efficiently as possible.

Thoroughly, because we need to include all relevant data and other deliverables, eliminate hard-to-detect miscalculated results, and substantially reduce the probability of business and mission critical issues popping up in the future;

Professionally, because it is the best way to address the sensitive process of turning over a new system to users who have gotten used to the old one;

And efficiently, because we want to minimise the duration over which all stakeholders have to adapt to the new system and allow them to move on to the process of growing the business.

Preparation

Louis Pasteur once said, “Luck favours the mind that is prepared.”

While we certainly won’t leave anything to chance, we do put substantial weight on the Preparation stage of Systems Implementation. We’re so confident with the strategies we employ in Preparation, that we can assure you of an utterly seamless Deployment and Transition phase.

By this we mean that issues that may arise during Deployment and Transition will be handled smoothly and efficiently because your people will know exactly what to do.

Here’s how we will prepare your organisation for Deployment:

  • Identify all key players for the Systems Implementation phase and orient them on their specific roles. We’ll make sure they know what possible hitches may come their way and how to deal with them.
  • Identify all end users and their corresponding functions, then assign appropriate access rights.
  • Draw multi-layered contingency plans to capture and address each possible concern that may crop up during Deployment.
  • Prepare a systematic step-by-step procedure and checklist for the entire Deployment stage. Both of them should have been copied from a similar procedure and checklist used in the Acceptance testing phase.
  • Make all stakeholders understand the conditions required before Deployment can commence.
  • Set the appropriate environment so that all stakeholders know what to expect and when to expect them the moment Deployment commences.
  • Prepare Technical Services and Technical Support personnel for the gruelling mission ahead.
  • Make sure all communication processes are well coordinated so that everyone affected will know who to contact and how to get in touch with them when a problem arises.
  • Plan and schedule training sessions so that they can be conducted “just in time”. Training sessions conducted way ahead of Deployment are often useless because the trainees tend to forget about what they learned when the time comes to apply them. Similarly, training sessions conducted way after Deployment also become useless because trainees are seldom able to internalise instructions delivered during crash courses.

Deployment

There are two sets of issues to keep an eye on during Deployment:

  1. Issues directly related to the technology itself, e.g. application functionality and data integrity, and
  2. Issues emanating from the end users, i.e., their unwillingness to use the new system. One reason may be because they find the interface and procedures too confusing. Another would be due to other inconveniences that come with adapting to a new set of procedures.

Despite all the meticulous scrutiny employed during Acceptance testing, there are just some problems that are made obvious only during Deployment. Issues belonging to the first set are dealt with easily because of the plans and procedures we put in place during the Preparation stage. As an added measure, our team will be on hand to make sure contingency plans are executed accordingly.

While the second set of issues is often neglected by many IT consultancy companies, we choose to meet it head on.

We fully understand that end users are most sensitive to the major changes that accompany a new system. It is precisely for this reason why our training activities during Deployment are designed not only to educate them but also to make them fully appreciate the necessity of both the new system and the familiarisation phase they will need to go through.

The faster we can bring your end users to accept the new system, the faster they can refocus on your company’s business objectives.

Here’s what we’ll do to guarantee the smoothest Deployment process you’ve ever experienced.

  • Employ the procedure and checklist formulated during the Preparation stage.
  • Ensure all end users are well acquainted with any additional tasks they would need to perform (e.g. filling up manual logs).
  • Assess which legacy systems can still be used alongside the new technology and which ones have to be retired.
  • Supervise the installation and optimal configuration of all supporting hardware and software to make sure the likelihood of errors originating from them are brought to near-zero levels.
  • Supervise the installation and optimal configuration of the products themselves.
  • Carry out data migration tasks if necessary.
  • Organise and oversee parallel runs to check for data and report inconsistencies.
  • Conduct training sessions in a professional and well-timed manner to eliminate end-users’ feelings of agitation and to take advantage of memory absorption and retention duration as with regards to their assigned duties and responsibilities.

Transition

Do you often feel uneasy whenever the reins to a newly purchased IT system are handed over to you? Perhaps there are some issues that you feel haven’t been fully settled but, at the same time, find it too late to back out, having already invested so much time and resources.

Alright, so maybe the thought of “backing up” never crossed your mind. However, the concern of being “not yet ready” is raised by many organisations towards the tail end of most Deployment stages. This usually drags the Deployment stage into a never-ending process.

Our team of highly experienced specialists will make sure you reach this point with utmost confidence to proceed on your own.

To wrap up our comprehensive IT Systems Implementation offering, we’ll take charge of the following:

  • Verify that all deliverables, including training materials and other technical documentation, are accomplished and expected outcomes are realised.
  • Make sure all technical documentation are placed in a secure and accessible location.
  • Institute best practices to ensure the IT system becomes fully utilised and to reduce its exposure to avoidable risks.
  • Establish open communication lines with the Technical Support team to enable quick resolution of issues.
  • Ensure complete knowledge transfer has been fully achieved so that your people will spend less time calling Technical Support and more on operations contributory to business growth.
How SOA can help Transformation

Undoubtedly, today’s business leaders face myriad challenges ranging from fierce market competition to increasing market unpredictability. In addition, the modern consumer is more informed and in control of what, where and how they purchase. Couple these challenges with effects of globalization, and you will appreciate that need for business transformation is more of a necessity than a privilege.

As recent business trends show, top companies are characterized by organizational and operational agility. Instead of being shaken by rapid technological changes and aftershocks associated with market changes, they are actually invigorated by these trends. In order to survive in these turbulent times, business leaders are opting to implement corporate transformation initiatives to develop leaner, more agile and productive operations. In line with this, service oriented architecture (SOA) has emerged as an essential IT transformation approach for implementing sustainable business agility.

By definition, service oriented architecture is a set of principles and techniques for developing and designing software in form of business functionalities. SOA allows users to compile together large parts of functionality to create ad hoc service software entirely from the template software. This is why it is preferred by CIOs that are looking to develop business agility. It breaks down business operations into functional components (referred to as services) that can be easily and economically merged and reused in applicable scenarios to meet evolving business needs. This enhances overall efficiency, and improves organizational interconnectivity.

SOA identifies shortcomings of traditional IT transformation approaches that were framed in monolithic and vertical silos all dependent on isolated business units. The current business environment requires that individual business units should be capable of supporting multiple types of users, multiple communication channels and multiple lines of business. In addition, it has to be flexible enough to adapt to changing market needs. In case one is running a global business enterprise, SOA-enabled business transformation can assist in achieving sustainable agility and productivity through a globally integrated IT platform. SOA realizes its IT and business benefits by adopting a design and analyzing methodology when developing services. In this sense a service consists of an independent business unit of functionality that is only available through a defined interface. Services can either be in the form of nano-enterprises or mega-enterprises.

Furthermore, with SOA an organization can adopt a holistic approach to solve a problem. This is because the business has more control over its functions. SOA frees the organization from constraints attributed to having a rigid single use application that is intricately meshed into a fragmented information technology infrastructure. Companies that have adopted service oriented architecture as their IT transformation approach, can easily repurpose, reorganize and rescale services on demand in order to develop new business processes that are adaptable to changes in the business environment. In addition, it enables companies to upgrade and enhance their existing systems without incurring huge costs associated with ‘rip and replace’ IT projects.

In summary, SOA can be termed as the cornerstone of modern IT transformation initiatives. If properly implemented great benefits and a sharp competitive advantage can be achieved. SOA assists in transforming existing disparate and unconnected processes and applications into reusable services; creating an avenue where services can be rapidly reassembled and developed to support market changes.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Ready to work with Denizon?

Contact Us Today