Helen Molyneux

Venn diagram showing three overlapping types of risk — financial risk (ACA/ACCA), project risk (PMI/APM) and operational risk (ISO 22301) — with their small area of overlap labelled 'Risk: one word, several meanings

Risk means different things to Different People. That’s the whole problem.

I spent a chunk of last weekend scrolling through risk management job vacancies, out of nothing more than professional nosiness (and a need to avoid 24/7 football). It’s not as if the confusion over what “risk” actually means was news to me — I’ve spent the best part of two decades watching it play out

Risk means different things to Different People. That’s the whole problem. Read More »

Relay baton dropped mid-handover, illustrating a failed third-party contract handover

What the Sats Marking Crisis Tells Us About Third-Party Contract Handovers

What the Sats Marking Crisis Tells Us About Third-Party Contract Handovers Every July, Year 6 pupils across England find out how they did in their Sats. This year, a lot of schools found out how their exam board did instead, and the answer wasn’t good. Pearson took over the £180 million Sats marking contract from

What the Sats Marking Crisis Tells Us About Third-Party Contract Handovers Read More »

what makes a supplier risk assessment

What Makes a Supplier (And When a Tool Is Not Simply a Tool)

What Makes a Supplier (And When a Tool Is Not Simply a Tool) Every organisation I’ve worked with over the years has a supplier list. It sits somewhere in a spreadsheet, gets reviewed once a year around audit time, and contains the names you’d expect: the IT support company, the payroll provider, maybe a facilities

What Makes a Supplier (And When a Tool Is Not Simply a Tool) Read More »

Fire extinguisher behind break glass panel in an office corridor — the emergency plan nobody reaches for

Your Business Continuity Plan Exists. So Why Did Nobody Use It?

In my experience, organisations that come to me for consultancy often share a similar story. They had a business continuity plan in place, sometimes one they had developed internally, sometimes one built by a previous consultant. Something went wrong, and nobody invoked it. Not because the disruption was trivial, but because nobody felt confident enough

Your Business Continuity Plan Exists. So Why Did Nobody Use It? Read More »

A gloved hand on a computer mouse next to a keyboard, with a patient record displayed on a hospital computer screen in the background

The NHS doesn’t have a data security problem. It has a culture problem.

The NHS doesn’t have a data security problem. It has a culture problem. This week, Cambridge University Hospitals referred itself to the Information Commissioner’s Office after it emerged that around 40 members of staff had accessed the medical records of a three-year-old boy injured in a crocodile attack. The child was treated at Addenbrooke’s following

The NHS doesn’t have a data security problem. It has a culture problem. Read More »

Aerial view of a stone architectural maze with a clear navy blue path marked through it, representing navigation through complex ISO standards

ISO Spaghetti: Why the Standards Landscape Is Confusing (and What to Do About It)

The five standards worth knowing about ISO Spaghetti: Why the Standards Landscape Is Confusing (and What to Do About It) I have lost count of the number of tender documents I have reviewed that specify ISO 22301 and ISO 27001 and ISO 31000, sometimes with ISO 22361 thrown in for good measure. Occasionally all four

ISO Spaghetti: Why the Standards Landscape Is Confusing (and What to Do About It) Read More »

Aerial view of a port at dusk with a network of connected transport and logistics icons overlaid, illustrating supply chain interdependency.

The cyber law your organisation probably doesn’t need to worry about — and why that might be exactly the problem

The cyber law your organisation probably doesn’t need to worry about — and why that might be exactly the problem The Cyber Security and Resilience Bill passed its third reading in the House of Commons on 16 June and arrived in the Lords the following day. If you’ve seen coverage of it, you could be

The cyber law your organisation probably doesn’t need to worry about — and why that might be exactly the problem Read More »

Teenager holding a smartphone displaying an age verification prompt — illustrating the data protection challenges of the UK social media ban for under-16s

Banning Social Media for Under-16s: The Data Protection Question Nobody’s Answering

Banning Social Media for Under-16s: The Data Protection Question Nobody’s Answering So it’s official. This morning, the Prime Minister stood in Downing Street and announced a full ban on social media for children under 16. TikTok, Instagram, Snapchat, X, YouTube, Reddit — the lot. Legislation before Christmas, enforcement potentially from Spring 2027. As a parent

Banning Social Media for Under-16s: The Data Protection Question Nobody’s Answering Read More »