Social and legal responsibilities of a business

Companies should not only focus on their business activities; legal and social responsibilities should also be of interest. There are a number of legal and social responsibilities facing the board of directors of an organisation. Socially responsible organisations should go beyond merely complying with legislation. The responsibilities of an organisation are health and safety, environment, data protection, regulatory compliance, discrimination (age, race, sexuality and disability etc), equality, training. There are acts in place relating to these responsibilities.

The following responsibilities are discussed in more detail as these are of high importance.

1.1. Health and Safety:

The first and most important requirement of an organisation is to ensure the health and safety of everyone that may be affected by their activities and/or products.

The health and safety at work act 1974 requires all organisations – that employ more than five people – to have a written health and safety policy in place. The law also requires the organisation to carry out an assessment of the risks that may be present as a result of their activities. The organisation should also put into place measures to remove the risk from occurring. If the risk cannot be removed then organisations should put in place measures to protect people from the risk. These measures should be controlled, monitored, reviewed and where applicable updated on a regular basis. To ensure the company has up to date information; they should also have access to health and safety advice and should be discussing the risks – and the measures in place to prevent them – with their employees. (HSE, 2010)

If organisations fail to follow these fairly straightforward guidelines and an accident were to occur they could face substantial fines, prison sentences or even disqualification. (HSE, 2010)

1.2. Environment:

Organisations should also take account of the affect their business has upon the environment. There are a number of environmental issues facing organisations. They are air pollution, water pollution, soil erosion, climate change, destruction of biodiversity and the diminishing of natural resources.

(Pillai, 2010)

Organisations wishing to be environmentally friendly should be tackling all of the issues affecting the environment. Organisations should be continually monitoring their business processes to enable them to identify areas where they are lacking and thus improve their performance in respect to the environment.

The environmental protection act 1990 defines organisational requirements relating to the environment. The environmental protection act 1990 covers – air, water and land – pollution as well as waste management, statutory nuisances and litter control. (Mod, 2010)

1.3. Data Protection

Organisations should pay particular attention to how they store personal information. The data protection act 1998 defines how organisations should go about storing personal information. The data protection act defines eight principles that set out how personal data should be managed. The principles are:

Data should be processed in a fair and lawful manner

The data should only be held for a specified purpose

Data collected should be relevant to the purpose

Data should be up to date and accurate

Data should not be kept for longer than is required

Data processing methods should comply with the rights of the individual

Security measures should be in place to prevent unauthorised access to the data.

Data should not be transferred out with the European economic area

(City of London, 2010)

Failure to comply with the data protection act 1998 could result in the prosecution of an organisation or even the individual. (Loughborough University, 2010)

Therefore organisations and its employees who handle the data have to be very careful that they are handling the data in accordance with the principles and rights of the individual.

2. Applicable Standards

There are a few international standards that are applicable to the social and legal responsibilities of organisations. Organisations can use these standards to provide evidence that they are complying with the various social and legal responsibilities.

2.1. ISO 9000

ISO 9000 is a name given to a collection of standards that were created to provide organisations with a framework for the successful implementation of a quality management system. (BSI, 2007)

ISO 9001 falls within the ISO 9000 family and is the standard that outlines the requirements of an organisation who wish to meet the ISO 9000 quality management system. (Simply Quality, 2010)

ISO 9001 requires organisations to pay particular attention to their customers as it focuses on satisfying customer expectations. ISO 9001 allows organisations to evaluate how effective their quality management system is. As a result organisations should be able to identify where they are going wrong and are therefore forced to implement improvements. (9000store, 2007)

The ISO 9001 standard does not necessarily define the quality of the final product; it allows the organisation to continually improve their processes. The standard should improve the quality of the processes such that the organisation can make a good quality product every time. (9000store, 2007)

ISO 9001 shows an organisations commitment to providing a quality product/service and that the organisation is putting their customer first. (ISO9000 Council, 2009)

An organisation that wishes to attain ISO 9001 accreditation will benefit if their organisation shows the following key attributes:

Customer focus

Strong leadership

People involvement

Process approach

A systematic approach

Factual decision making

Mutual supplier relations

Willingness to improve

(Tricker and Sherring – Lucas 2005)

If the organisation disbelieves in/lacks any of the above attributes; it is likely they will struggle to meet the requirements of ISO 9001 as these attributes are reflected in the requirements for ISO 9001. ISO 9001 covers the four main areas shown in the model of ISO 9001 i.e. Management responsibility, resource management, product realisation and measurement, analysis and improvement. (Tricker and Sherring – Lucas 2005)

(Tricker and Sherring – Lucas 2005)

There are 5 steps outlined in the ISO 9001 standard that aids organisations in the implementation of a quality management system.

Organisations need to:

Identify the processes required for the successful implementation of a quality management system.

Determine how the processes interact and how they are built up to form the required sequence of events.

Determine how to operate and control the processes effectively

Make sure that all the information that supports the operation and monitoring of the processes are made available.

Measure, observe and analyse the processes, so that any required actions are implemented. Therefore ensuring continual improvement

(ISO9000 Council, 2009)

The ISO 9001 quality management system requires an organisation to document the above steps to provide evidence of compliance with the standard. The documents that are required for evidence of compliance are quality manual, quality policy, quality procedures and quality objectives. The above documents can be combined into a single comprehensive manual.

The ISO 9001 standard also requires an organisation to provide detailed instructions to all its employees outlining how they should go about their work. (ISO9000 Council, 2009)

2.2. ISO 14000

ISO 14000 is a series of international standards based upon environmental management. It provides organisations with a framework for the successful development of an environmental management system. (ISO 14000, 2002)

ISO 14001 falls within the ISO 14000 family and is the standard that outlines the requirements of an organisation who wish to meet the ISO 14000 environmental management system. (ISO14001, 2002)

ISO 14001 is about striking a balance between profitability and environmental impact. ISO 14001 identifies the environmental impacts of an organisation. Once the impacts have been identified ISO 14001 requires organisations to implement an appropriate action to allow for continual improvement. (BSI, 2010)

The ISO 14001 standard does not necessarily define specific levels of environmental performance. However the standard does provide a framework for the implementation of a holistic and strategic environmental policy and for the plans and actions of the organisation. (ISO, 2010)

ISO 14001 has 8 main requirements of an organisation relating to the development of an environmental management system. The 8 requirements are reinforced in the ISO 14001 model.

Organisations need to

Create an environmental policy

Identify and evaluate their environmental impact

Establish legal and regulatory requirements

Develop and regularly review environmental objectives

Document their environmental management system

Continually measure and monitor their operational activities

Carry out regular internal audits

Ensure the continual suitability and effectiveness of their environmental management system.

(Whitelaw 2004)

(Suffolk Council, 2010)

2.3. ISO 27000

ISO 27000 is a series of international standards that were created to provide organizations with a framework for the implementation of an information security management system.

ISO 27001 falls within the ISO 27000 family and is the standard that outlines the requirements of an organisation who wish to meet the ISO 27000 information security management system.

ISO 27001 is capable of identifying, managing and reducing the various risks that organisations information may be subjected to from one day to the next. (7safe, 2010)

An effective information management system should provide the level of integrity, confidentiality and preservation of data to organisations to satisfy the legal requirements. (Calder, 2008)

The term ‘information’ in ISO 27001 context refers to all types of data from documents to telephone conversations. ISO 27001 therefore provides complete data security for an organisation. (Praxiom, 2010)

To meet the requirements of ISO 27001 an organisation needs to:

Create an information management framework

Identify and evaluate the information security risks

Select and implement controls to minimise the risks

ISO 27001 identifies a number of controls that can be used to minimise the risks, they are listed in appendix A

ISO 27001 accreditation does not guarantee that risks will not occur but it does reduce the likely hood and also reduces the cost and disruption if a risk does occur. (Isoqar, 2010)

ISO 27001 utilises a PDCA model.

(Calder 2006)

3. Gaining Accreditation

Organisations may wish to comply with international standards in the aim of gaining accreditation. This may seem like a good idea at first; however it is worth taking a little more to time to consider the pro’s and con’s of the standards.

There are numerous advantages to an organisation in gaining ISO accreditation. The first is a reduction in operating costs through continual improvement and through reduced insurance premiums. Clearly this advantage has a high appeal to an organisation as they could potentially increase their profits and thus please the shareholders. (Iowa State University, 2010)

Another benefit to an organisation is an improvement in their image. This can result in the organisation being awarded more contracts and can result in an improvement in customer retention. (Iowa State University, 2010)

Now let’s consider the cons of the ISO standards. The first disadvantage to an organisation is the cost of gaining accreditation. The cost associated with gaining accreditation stems from: purchasing the standard, upgrading documentation, training employees, measuring performance, certification body audits and the annual fee are all expensive for the company. (Iowa State University, 2010)

The process is also costly in terms of man hours because of the amount of documentation and internal monitoring that is required to satisfy the standards. (Business and companies, 2008)

Another problem with the ISO standards is the fact that they do not demand that a specific level of performance is achieved. Organisations only need to show a continual improvement in each of the standards area. This issue therefore masks the level of performance at which an organisation is currently operating at. This makes things more complex when it comes to comparing two organisations with ISO certifications.

The argument that gaining accreditation to ISO standards is very expensive is a valid point; the expense of ISO accreditation is very high initially; however once accredited the costs falls significantly to just the annual fees.

The cost of accreditation can be offset by the associated cost reductions and the potential of being awarded lucrative contracts that are not accessible without ISO accreditation.

The fact that ISO standards do not demand a specific level of performance be achieved makes the whole thing rather complicated for the customer. The customer may think that all companies with accreditation are operating with equal performance levels. This is done to allow organisations at any performance level the ability to adopt the standard.

The benefit of cost reductions and increased business in most cases will outweigh the costs of ISO accreditation. This does not mean to say it will be a benefit for all organisations; therefore organisations thinking about ISO accreditation should carry out a detailed analysis to determine whether it is worth it. (Ehow, 2010)

All things considered; ISO accreditation is a good thing for organisations as the advantages normally outweigh the disadvantages; however ISO accreditation should be considered on a case by case basis.

4. Corporate Social Responsibility

Corporate social responsibility in organisations is about identifying, evaluating and taking responsibility of the effect their business processes have upon society. Organisations should try to manipulate their business processes so as to eliminate any negative impact upon society. (Baker, 2010).

Milton Friedman once said that “A corporation’s principle responsibility is to maximise returns to its shareholders.” (Reason, 2005)

The idea of maximising returns for shareholders is true of all organisations as this is what business is all about in the eyes of the shareholder. The customers, suppliers and the community have different expectations of an organisation. Therefore maximising returns should not be the main responsibility of an organisation; their social responsibility should be because it has the ability to please all. Organisations can maximise their returns while adopting a corporate social responsibility strategy as they are likely to benefit from a greater public image which could result in more sales and more profit than if they were not operating to a CSR strategy. (Business Link, 2010)

There are some factors that are seen to be more significant than others for a company to be socially responsible.

One of the significant factors is the environmental performance of an organisation. Over the years environmental performance has become more and more important. For example co2 emissions have had a detrimental effect on the Earth’s ozone layer. The damage to the ozone layer is irreversible and therefore organisations need to take action.

Companies should be reducing their environmental impact as it affects the current generation as well as the future generations. Companies should also be reducing their environmental impact because society at large has a greater awareness and understanding of environmental issues.

The company should not only think about their own environmental performance; they should consider that of their suppliers and subcontractors also. There is little benefit to society of an organisation being environmentally friendly if their suppliers have little concern for the environment. No matter how environmentally friendly an organisation is; it is only ever seen to be as good as its poorest performing supplier or subcontractor. Therefore an organisation and its contacts should be working together to achieve an environmentally friendly package. (Business Link, 2010)

Another significant factor that affects the social responsibility of an organisation is their health and safety performance. An organisation must be doing everything in their power to eliminate or reduce the risks that their employees and customers etc are subjected to. It is clearly evident that organisations who have a lot of injuries or deaths on their hands; is not a socially responsible company.

No discrimination of the workforce is another significant factor for socially responsible management. The organisation and its workforce should not discriminate against other people in any way shape or form as it will have a detrimental effect on the morale of the entire workforce. The company should therefore do all in its power to provide employees and the local community with a high quality of life. (Helium)

Other factors that signify an organisations commitment to corporate social responsibility include community involvement, fair trade, equality and to provide customers with a quality service/product.

Therefore it is evident that organisations need to consider their suppliers, customers, employees, community and the environment when going about their business.