Close Navigation

Search

Call us on 0800 031 5404

0 My Cart
Search Seguro
0 My Cart

Category: Health and safety blog

Health & Safety Myth Buster Part 2

Insight by

amanda

Amanda Lambert

Published on

17 May 2016

Health and safety blog

 

Health & Safety Myth Buster Part 2

We hope after our initial post in June you have been keeping on eye on the myth busters posted on the HSE website. Here at Seguro we enjoy reading the responses from the panel!

The myths continue to amuse us and you wouldn’t believe some of the things people blame on Health & Safety. Dont forget the panel are there if you ever have a story that doesn’t ring true you never know you might appear on the site.

We all know there are Health & Safety implications for almost everything we do but i think some of these guys need to sit through a few Tool Box Talks or take the time out to complete one of our E-learning courses!

Here are the some of our favourites since June:

 

Safecontractor Scheme

Insight by

amanda

Amanda Lambert

Published on

5 January 2016

Health and safety blog

Safecontractor Scheme

Safecontractor is part of the Alcumus Group. The Safecontractor scheme is a web based portal where suppliers can complete an online version of an Health & Safety PQQ. This is then assessed and measured to ensure that your company complies with the guidelines set out.

As Safecontractor is a set of guidelines clients can use this to measure companies without having to get individual PQQ’s filed in for each occasion. There are over 24,000 members currently in the scheme.

The process for safe contractor takes on average 8 weeks once you have submitted your documentation to them for review. Safecontractor is a good way to show you have demonstrated your Health & Safety competence and both new and existing clients will recognise that.

Safecontractor is part of the SSIP umbrella organisation of accreditations so gaining Safecontractor can also deem you to satisfy for other accreditations should your clients require them such as CHAS of exor.

To find out more about deeming to satisfy please read our blog

If you are looking for help in completing your Safecontractor application get in touch with us today.

How to make sure you are compliant in 2016

Insight by

amanda

Amanda Lambert

Published on

22 December 2015

Competent person

How to make sure you are compliant in 2016 – Health & Safety Legislation

Throughout the year the HSE release various updates to existing legislation in order to ensure that the legislation stay current and suitable for the changing workplaces we all work in.

There are various ways for you find this information out:

  • Periodically visit the HSE website to see if there are any changes posted.
  • Search online to see if you can find anything.
  • Become a member of a professional body
  • Sign up to various magazines.
  • Outsource your Competent Safety Advisor resource.

As part of our Competent Safety Advisor service we ensure that on a monthly basis you are provided with all changes should they affect you or not. That way you are fully informed and up to date on all changes and can make the business decision yourselves if you need to be aware.

There are additional benefits to our service that can ensure that going into 2016 Health & Safety isnt something yo need to worry about you can concentrate on your business.

  • A comprehensive Health and Safety Management System – complete with policies, procedures, forms, checklists, etc to ensure compliance with legislation
  • Development of your company Health and Safety Policy
  • Development of a company employee handbook
  • Development of an Environmental Policy
  • Assistance in Accident Reporting to Enforcing Authorities/Accident Investigation
  • Liaison with Enforcing Authorities on your behalf
  • Access to telephone advice on an unlimited number of occasions
  • Updates on any changes in Health and Safety legislation

Below is a copy of our latest legislation updates, if you think we may be able to help you on a monthly basis please get in touch.

Legislation/Consultation In Force/
Closes		 Need to Know Applies In Resource
Construction (Design and Management) Regulations 2015 23rd Dec 15 Transitional period for projects started before April 2015 ends. Works with more than one contractor must have appointed a principal designer. GB hse.gov.uk
Transportation of Directive 2013/35/EU on exposure to electromagnetic fields (EMFs) 3rd Dec 15 Proposed Control of Electromagnetic Fields at Work Regulations will require duty holders to assess exposure to EMFs GB hse.gov.uk
Deregulation Act 2015 3rd Dec 15 Turban wearing Sikhs do not have to wear head protection in any industries. GB hse.gov.uk
The Health and safety at Work ect. Act 1974 (General Duties of Self-Employed Persons ) (Prescribed Undertakings) Regulations 2015 Oct-15 Changes the law to exempt self-employed people whose work activity poses no potential risk to other workers or the public. GB hse.gov.uk
Offshore Installations (Offshore Safety Directive) (Safety Case ect) Regulations 2015 Jul- 15 Applies to offshore oil and gas operators, interoperating additional requirements of directive 2013/30/EU GB External Waters hse.gov.uk
Control of Major Accident Hazards Regulations (COMAH) 2015 Jun-15 Main Duties unchanged from 1999 regs; lower tier operators must provide public information about their site and its hazards for the first time; both upper tier and lower tier operators must provide public information electronically. GB hse.gov.uk
Control of Asbestos Regulations 2012 May-15 Workers undertaking non-licensed work for the first time must have a medical examination before they start. England and Wales legislation.gov.uk
Construction (Design and Management) regulations 2015 Apr-15 CDM coordinator replaced with principal designer, prescriptive requirements for duty holders to check contractors’ competence removed, CDM duties extended to domestic clients. GB hse.gov.uk
Road Traffic Act 1988 Mar-15 Section 5 amended to include an offence of driving under the influence of a controlled drug – including some prescription medications. England and Wales lexisurl.com

How to stay safe this christmas

Insight by

amanda

Amanda Lambert

Published on

15 December 2015

Fire safety

How to Stay Safe at Christmas

Christmas is a special time for celebration and should not end in tragedy because of the extra hazards that are present at this time of year.

Here are a few hints and tips to keep you aware:

Fairy Lights

  • Check the fuses are the right type (see the box for the maximum size of fuse you should use).
  • If bulbs blow, replace them.
  • Don’t leave fairy lights on when you go out or when you go to sleep.
  • Don’t let the bulbs touch anything that can burn easily, like paper.
  • Don’t overload sockets.

Decorations

  • Decorations made of light tissue paper or cardboard burn easily.
  • Don’t attach them to lights or heaters.
  • Don’t put them immediately above or around the fireplace.
  • Keep them away from candles.

The awareness video below has been used by fire services and safety consultants to demonstrate how quickly something small can take hold.

More information can be found on the fire saftey website

Costs of applying for CHAS

Insight by

amanda

Amanda Lambert

Published on

24 November 2015

CHAS

Costs of Applying for CHAS

Are you thinking about applying for CHAS but not sure what the fees will be?

The most common CHAS applications are for appendix 2 and 2a and they vary depending on the number of employees you have.

CHAS is becoming more and more popular as members with the accreditation have shown and demonstrated an understanding for practicing Health & Safety.

The fees are listed below:

Details Fee Total Inc 20% VAT
Appendix 2 (>5 employees) £236 £283.20
Appendix 2A (<5 employees) £157 £188.40
Designer £283 £339.60
Joint Principal Designer & Designer £338 £405.60
Group (for 1-3 offices) £674 £808.80
4-6 Offices £50 £60
7-10 Offices £39 £46.80
11+ Offices £33 £39.60
Deem to Satisfy – SSIP Member £124 £148.80
Deem to Satisfy (Designer) £168 £201.60
Deem to Satisfy (Joint Principal Designer & Designer) £225 £270
Deem to Satisfy (Group up to 20 offices) £420 £504
Training for buyers £95 £113.50
Care Service Providers £236 £283.20

CHAS is part of the SSIP umbrella group and can lead to you being able to qualify for other accreditation within the group.

If you have any questions about CHAS please get in touch.

Cost of applying for Constructionline

Insight by

amanda

Amanda Lambert

Published on

17 November 2015

Constructionline

Cost of applying for Constructionline

Applying for Constructionline and working out if it is going to be cost effective for you as a business can sometimes prove difficult as unlike many qualifications there is no set fee it is based on turnover.

The fee may seem daunting if you have a large turnover at the time you apply but the additional work that you can get from being a member far outweighs the initial costs. Constructionline not only saves money but can save time as well as being a member can mean you only have to fill out one PQQ.

If you are unsure what the costs would be please see the chart below:

Yearly Turnover Fee (ex. VAT) Cost payable
£0 to £99,999 £90 £108.00
£100,000 to £249,999 £95 £114.00
£250,000 to £999,999 £250 £300.00
£1,000,000 to £1,999,999 £435 £522.00
£2,000,000 to £4,999,999 £490 £588.00
£5,000,000 to £19,999,999 £735 £882.00
£20,000,000 to £49,999,999 £1,075 £1,290.00
£50,000,000 and above £1,565 £1,878.00

Above chart is from www.constructionline.co.uk

Part of the membership benefits include being able to see the opportunities board which alerts you with the latest projects that are relevant to your companies experience.

Constructionline was established in July 1998 when CMIS and ConReg were merged. It is well established qualification and has proven to be beneficial to companies for many years.

If you are struggling with an application or would like us to complete one for you get in touch.

Reasons to join the Safecontractor scheme

Insight by

amanda

Amanda Lambert

Published on

21 October 2015

Health and safety blog

safe-contractor-logoReasons to join the Safecontractor scheme

Have you been asked to get the Safecontractor accreditation by one of your clients? Do you know what it is? Safe Contractor is one of the largest expanding health and safety accreditation schemes in the UK, it currently has more than 270 clients and over 24,000 contractor members.

Fully Qualified Assessor

Safecontractor has a unique level of specialist knowledge unrivaled by competitors, built on 10 years’ experience of delivering market leading accreditation services. This is further reinforced by engaging only directly employed, experienced and qualified assessors to carry out audits.

Health & Safety Compliance

If you are a service supplier or contractor and want to show new and existing clients your health and safety competence, then you can register with the scheme as a contractor. Being a member of the Safecontractor scheme means you will not have to carry on filling in PPQ for every job you tender for as you can use the Safecontractor accreditation to show your compliance.

Members of SSIP

As part of the SSIP, Safe contractor can help you to satisfy other accreditations your client may need such as:

All you need to do is visit the SSIP site and see how to get in touch.
If you need any help with completing your application for Safecontractor or any of the SSIP accreditations visit our site for more details.

5 Key Points for Managing Asbestos

Insight by

Bob Evans

Bob Evans

Published on

28 September 2015

Asbestos

Managing Asbestos

Mesothelioma -Do You Know Enough About this Deadly Disease?

Asbestos contains tiny fibres which are too small for the eye to see, yet they can do great damage to the lungs if breathed in. Mesothelioma is a cancer of the lining of the lung and is just one of the diseases associated with the material. The latency period for symptoms of the disease can be long – often 10 or more years – and there is currently no cure.

 

5 Key Points for Managing Asbestos

  1. Asbestos could be present in any building either built or refurbished before the year 2000. Check building and renovation plans if you are unsure, as well as any asbestos surveys undertaken. Ceiling and floor tiles, older boilers, lagging and asbestos cement are often key areas to look at.
  2. The material only poses a significant risk to health if it is accessible and in a poor or damaged condition. It is therefore important that you know what type of asbestos you have and the condition it is in.
  3. Those most at risk are people who work on the fabric of the building – carpenters, plumbers, electricians and builders, for example, as well as any maintenance staff on site. There is therefore a duty to tell those who may be on your premises about any asbestos in the building before they undertake work. You should do this before they carry out a risk assessment/method statement so that all risks and control measures are factored in.
  4. Some work with asbestos – either removing it or working with it – may require a licensed asbestos contractor. Check that any contractors you use have the correct licence to do the work.
  5. Making others aware of the existence of asbestos is vital. As a visual prompt, label your asbestos with industry-recognised stickers so that it is clear that asbestos is in the vicinity should anyone be undertaking work in the area.

Asbestos is a killer and any amount of exposure can be dangerous – preventing exposure is therefore the key to limiting the number who develop asbestos-related diseases. Protect your staff, contractors and visitors so they never have to suffer.

What is CHAS Accreditation?

Insight by

amanda

Amanda Lambert

Published on

19 August 2015

CHAS

Compliance image

CHAS Accreditation, is a government run (not for profit) scheme administered by the London Borough of Merton. CHAS (Contractors Health and Safety Assessment Scheme) has been developed and refined over a number of years by local government health and safety and procurement professionals, with the support of the Health and Safety Executive.

Although CHAS has been developed by government bodies, it is available for use by any public and private sector organization as an aid when short listing contractors, suppliers and consultants who apply to work for them. CHAS provides information and assurances about the health and safety systems and competences of the organizations who have been CHAS assessed or are registered as CHAS accredited.

To become registered with CHAS, organizations have to submit an application to CHAS and then have a CHAS assessment carried out. By doing so their potential clients know that they meet minimum acceptable standards of health and safety compliance. Clients from both the public and private sectors use CHAS to make assessments of contractors in this way.

Once the CHAS application has been approved for an organization, their details are uploaded to the CHAS database where client members of the Scheme can review an organizations details to check that they are in fact CHAS registered. One of the benefits to contractors is that by making a successful CHAS application, they can demonstrate to a wide number of potential clients that they achieve or exceed the minimum standards laid down by the assessment scheme.

Furthermore with the implementation of the Construction (Design and Management) Regulations 2007 (CDM), there are stricter requirements on Clients and Principal Contractors to ensure that they only employ ‘Competent Contractors’. CHAS has been named in the CDM Regulations by the Health and Safety Executive as being one of the assessment schemes that can be used when demonstrating your competence as an organization.

If you have any questions on CHAS and how to submit and application please get in touch.

Growth of networked electronic controls is a safety issue

Insight by

Bob Evans

Bob Evans

Published on

5 July 2015

Health and safety blog

Internet Security

Growth of networked electronic controls is a safety issue.

No self regarding health and safety professional would disregard hazard evaluations and systems for Asbestos, work at height or manual handling; yet I’ll wager that the only risk assessment you have for IT is a display screen assessment. In any case, on the off chance that you have equipment in your business that connects with the web and to something important — from a central heating thermostat to a blast furnace — electronic health and safety ought to be on your radar.

Numerous organizations have an IT office and a health and safety division, whose sole contact is the point at which somebody needs another laptop or fails to remember their password. Some have an unclear dependence on Google or the gentleman in PC World for support. As of not long ago that didn’t do much for your possibilities of recuperating an erased email, however it wasn’t going to kill anybody.

When we discuss the web, a great many people think about the human-driven traffic it conveys: email messages, website pages, instant messaging and videos. In truth most activity is not between people, it’s between computers: automated, quiet packets of data containing database questions, records, sensor information and control signals.

At the beginning of ARPAnet, the web’s forerunner, this movement was under the control of the US military. The outcomes of somebody playing about in there were possibly spectacular. In spite of the fact that the thought that you could sign in and launch a nuclear missile was never true, it was worthy of a few film scripts.

Then the worldwide web arrived and the entire system became a means of pouring cat videos and niche adult entertainment into every home. But the undercurrent of the internet carried on regardless.

Next year the internet will carry a zettabyte (one trillion gigabytes) of data. By 2019, two-thirds of all traffic will be from non-PC devices, and there will be three devices connected to the internet for every person on the planet.

Wired world

Networked control systems are nothing new, but in the 1990s, when they consisted of ISDN lines to the company mainframe, they were point to point and secure, though slow and expensive.

Then the internet arrived, and everything changed. People wanting access to their emails and the web installed modems and broadband routers, and all those machines suddenly had access to, in effect, a cost free means of talking to one another; instead of renting a dedicated phone line, just plug it into the net.

Manufacturers stopped putting serial ports on their devices, and started adding ethernet sockets. Later, even those disappeared, replaced by wifi antennas. Volume sales drove research and development and, as the technology became smaller and cheaper it spread from hulking great computers and rack mounted servers into individual switches and sensors.

For the price of a decent lunch you can put a camera the size of a golf ball in your house. It will automatically register with your wifi router, stream the images through a server in China, and you can sit in the restaurant and on your iPhone watch your cat shred your curtains, live and in high definition. Most of the people who buy them have no idea about that Chinese detour by the data. If you missed it too, it’s time to put down your sandwich and say hello to the Internet of Things (IoT).

Chips in everything

The IoT includes every one of the devices that operate the internet to communicate with each other. They can be transmitting information for remote examination by PCs or people (as cameras, indoor regulators, wellness trackers), they can be receiving commands (valves, programmable logic controllers (PLCs), electronic locks) and they could be doing both, as on account of mobiles, smart TVs and remote hard drives. Frequently the end purposes of that information are inside of meters of one another, yet the traffic jumps around the world to get there.

Presently, the internet conveys the control signals for all things from petrol pumps to nuclear power stations. A large portion of the devices are a piece of supervisory control and data acquisition (SCADA) frameworks,a generic term for any network of sensors, controllers and actuators that can be operating numerous different types of hardware and software.

SCADA devices are designed to be simple and reliable inside a factory, but tend to be woefully ill-prepared for connection to the internet, thanks to lax security and poorly written software. It’s often trivially simple to reprogramme a petrol pump to say something rude — it happened in the US in February — or infect the control systems of a nuclear power station — achieved in South Korea in December. All you need is to find the plant on the net and ask nicely.

Spun out

The first contact with this type of cyber attack was Stuxnet (see graphic below), a PC virus identified in 2010 that was said to be created to destroy uranium enrichment centrifuges —and it was somewhat great at it.. The code searched networks for PLCs running a specific piece of software from Siemens, and changed it;in the case of the centrifuges, to spin them into oblivion.

The problem is that, as with any virus — electronic or biological — it was rather good at destroying other things too. The original code was targeted and time limited, but it opened the eyes of hackers, from state sponsored teams to bored kids, to the opportunities for mayhem if you could seek out and take over a logic controller.

Stuxnet was dissected and improved, and its code is still used today to attack networks around the world. The reason it’s so effective is that the manufacturers of these internet connected SCADA devices almost always used trivially simple default passwords or “back door” access codes for factory testing. Many systems run firmware that is impossible to upgrade without a soldering iron, so when a hacker finds the way in they can run riot for years, and are often very hard to detect. If a device has no display screen, how do you know what it’s really doing?

You’d imagine that device designers had taken in their lesson at this point, yet a long way from it. Near enough everything that you connect to the internet, from a broadband router to a baby monitor,will have at least one security gap that hackers about. Since every one of these devices are joined with one another, and the security in local networks is dependably at the edges, it’s exceptionally easy to break in through a weakly protected device then bounce around searching for something else.

If I know you run a manufacturing plant, then first I find the unique IP address of your broadband router, which will be in the header information of every email you send, and every web page you visit. I can try to connect to the router, using the default manufacturer password.

Most of the time I’ll get in; but if access is only possible from inside your local network, I can send you a virus by email or through a malicious piece of code on a website. I could send you a free brochure on DVD or USB drive, with a virus payload attached, and your computer can open the doors for me.

Once inside, my virus sees every device on the network, and all the data flowing between them. It can see which devices are laptops, sensors, cameras and PLCs. It can try sending a few commands for fun — open a valve or two or change a temperature limit. It can reprogramme them so the emergency stop buttons become emergency start buttons.

The German Federal Office for Information Security reported last December that an anonymous steel factory had endured “massive harm to plant” following a cyber-attack demolished parts of the control framework, leaving the engineers unable to close down a blast furnace.

How Stuxnet works

Auto configured

Hackers are exploiting two simple facts: the average user of an IoT device is not a programmer, and it’s cheaper to write a program than to design a chip.

Devices have to be extremely simple to set up, often doing lots of automatic configuration without telling the user what’s happening, and 90% of the time users don’t even know how to change the default password or PIN.

We’re all familiar with automatic updates for Windows and mobile apps, yet updating the operating system on IoT devices can be difficult and is hardly done. This is despite the fact that, instead of custom made chips that can only do one thing, nearly almost every IoT device uses a tiny embedded computer, with an operating system and software.

Your broadband router uses Linux, and many PLC controllers use Windows. Both are capable of running other programs — including a tweaked version of the factory installed application that appears to be doing everything normally — until someone on the other side of the planet clicks a button and unleashes a SCADA worm to disable all your interlock switches.

Thanks to the ubiquity of Bluetooth and wifi, you don’t even need to plug in anything. Your attacker can be walking past with a mobile phone or sitting in a basement on the other side of the world.

As we’ve seen in the news many times, the value of things like credit card numbers and identity theft bundles drove hackers to seek out customer databases in big corporations, but the cost/benefit ratio for IoT hacks is potentially far greater and is receiving more attention.

Hackers get long term access because the devices are hard to patch, don’t run anti-virus software, and users are oblivious to what you’re doing.

The rewards are huge; stealing an out of date customer list is nothing compared with blackmailing someone with a fleet of wind turbines that you can disable at will from anywhere in the world. That’s exploit CVE-2015-0985, in which turbines made by XZERES would obligingly send anyone the admin password for their control systems if they connected on the default web page. It made life easy for the engineers; easier still for the hackers. There were lessons learned on both sides.

Under your nose

Apart from causing physical damage and putting lives in danger, hackers can re-purpose the embedded software to work on their behalves; some of the biggest cyber attacks in recent months were carried out using botnets; hundreds of thousands of compromised systems in homes and offices working together under the control of hackers. These weren’t computers; they were broadband modems and PLCs. Millions of little boxes with flashing lights that are always connected, always vulnerable, and never checked. What’s yours doing now?

You may not be in charge of a nuclear reactor, but an outdated PLC or embedded Windows XP system controlling a printer in some far flung site is the perfect place to hide the command and control software that attacks something else. Stuxnet infected computers in Iran mainly, but many businesses in other countries suffered because they happened to have the same model of PLC.

You’ll need the IT department to work in partnership. Auditing firmware isn’t yet part of the NEBOSH exam; but making sure nothing on the network has a default password is simple enough, and educating your staff about the real-world hazards of a cyber-attack should be as important as toolbox talks on manual handling because in many cases they are the chinks in your armour. The German blast furnace was taken out by a free gift USB drive sent to a random employee. Stuxnet was an email attachment.

The IoT isn’t just for industry. People are inseparable from their smartphones, smart watches, portable hard drives and memory sticks, all of which can be re-purposed to inject viruses and scan your internal networks, sniffing for passwords and reporting back to their unseen masters.

Your IT department should be all too aware of the need to scan emails and change wifi passwords regularly, but if the security camera in your car park is accessible from anywhere and answers to “Password123”, you’re one hop away from chaos.

In a few years time the IoT will invade every aspect of our lives, from internet-enabled swimsuits to wireless cat-feeding stations. Some of it will control your production line, filter your drinking water and keep your doors locked. It will be marketed as efficient and easy to use. It will be promoted at individuals who think SCADA is a brand of car. It will be hacked. It will be watching you. You ought to be watching it as well.