Scope of the Business Management System and Exclusions

The Business Management System (BMS) forms the basis for ORS’ day-to-day working practices, bringing together our Quality Management System (QMS), our Information Security Management System (ISMS) and our Personal Information Management System (PIMS).

Quality Management System (ISO 9001:2015, ISO 20252:2012)

Considering the context of the organisation (Appendix E), the aims, needs and expectations of interested parties, and the interfaces with external organisations (Appendix F), the scope of the QMS is:

The provision of applied social research services; including primary quantitative and qualitative research activities, consultation management and strategic assessments.

The preparation of evidence-based reports for clients with associated project management; and, where required, the collection, processing and analysis of data using internal resources managed from the ORS main office and telephone unit in Swansea.

Our QMS primarily relates to the provision of applied social research services that involve primary quantitative and qualitative research activities; based on ISO 9001:2015 (the international standard for quality management) and ISO 20252:2012 (the international standard for market and social research), encompassing the requirements of the Interviewer Quality Control Scheme (IQCS) accreditation (the benchmark quality standard for data collection).

ORS has elected to include Sampling excluding access panels, Fieldwork, Self-completion and Data management and processing to be attested to ISO 20252:2019 in accordance with Annexes A, B, E and F. ORS has elected to exclude Annexes C and D from attestation. Details of ORS attested annexes are described as follows:

Annex Attested Excluded Explanation Owners
Annex A
Sampling excluding access panels
Sampling team Access Panels Not running access panels Leanne Hurlow/DPO
Annex B
Fieldwork
Face to face fieldwork
Telephone fieldwork
Qualitative team
None NA Fieldwork Manager
CC & CC Duty Managers
Head of Research Projects

Head of Qualitative Research
Head of Survey Research
Annex C
Physical observation
None All None conducted Not Applicable
Annex D
Digital observation
None All None conducted Not Applicable
Annex E Self-completion Postal surveys
On-line surveys
None NA Head of Survey Research
Leanne Hurlow/DPO
Annex F
Data management and processing
Coding
Data processing
Data analysis
NoneNALeanne Hurlow/DPO

Projects that do not typically involve primary quantitative and qualitative research activities (including consultation management, strategic and local housing need and market assessments, gypsy and traveller accommodation assessments, housing stock condition assessments, neighbourhood renewal assessments, economic viability assessments and other strategic needs assessments) are not included within the scope of ISO 20252:2012, although they are included within the scope of our general QMS under ISO 9001:2015.

Information Security Management System and Personal Information Management System (ISO27001:2013, BS10012:2017)

Information security and data protection are critical to our business; as ORS collects, collates, analyses and reports on information which can be of a sensitive nature, much of which comes within the remit of the UK General Data Protection Regulation (UK GDPR). To give our clients, respondents, colleagues and partners the highest level of confidence that their information is in safe hands, we ensure we have secure and resilient systems backed up by robust policies and procedures which follow current best practices.

Our ISMS is based on ISO 27001:2013 (the international standard for information security management), and encompasses the requirements of the government-backed Cyber Essentials scheme (a set of technical controls to protect against common cyber-attacks). Considering the context of the organisation (Appendix E), the aims, needs and expectations of interested parties, and the interfaces with external organisations (Appendix F), the scope of the ISMS is:

The security of information owned by and entrusted to Opinion Research Services (ORS) in relation to the provision of research services, and the protection of associated physical and electronic information assets from relevant threats, whether internal or external, deliberate or accidental.

The management of physical and electronic access to company networks, devices and data storage, physical and electronic information assets, physical and electronic media, application development, and third parties in their provision of services.

Assessed in accordance with ISMS Statement of Applicability v7.0

Our Personal Information Management System (PIMS) is based on BS10012:2017 which integrates with our ISMS and QMS and provides framework for maintaining and improving compliance with data protection requirements and good practice.