When it comes to management systems, there are plenty of standards and guidelines out there. They all offer a frame work that allows businesses to sustain their operating model or grow. In the past years, we have seen a massive shift and adaptations from standards to acknowledge the fact that the way services are operated and managed differs from that of tangible products.
ISO 9001 is the Quality Management System (QMS) that many organisations are familiar with. In fact, more and more organisations seeking to outsource their processes are looking for suppliers that are ISO9001 certified. It is the universal language that spreads assurance and trust. But this is only one standard. While I believe it is essential for organisations in the service industry, there are several standards that are becoming also highly required.
While the main stream media is constantly highlighting the cyber attacks that are carried out globally, the awareness of ISO 27001 that addresses IT security is surfacing. There is also another coverage for the environmental importance. Today, I am going to talk about ISO14001, the Environmental Management System (EMS) with ISO9001.
In an organisation where the QMS is well established and a new requirement is determined to have an EMS in place, what would you do?
I have done some research because I want to have a strategy in place for implementing 14001 and align it with a well established 9001.
ISO standards are defined within a high level structure (HLS). It captures leadership involvement, support, product realisation, measurement and analysis, and improvement. This HLS applies to both standards in discussion. All registerars advice quality professionals to have integrated management for efficiencies. In fact, ISO 9001 was revised and launched in 2015 to ensure it operates under the same HLS. Yet, registerars have not upgraded their approach to external audits (certification, surveillance, and recertification).
Here is my scenario:
I totally understand the necessity to have structured audit procedures for each type of audit. And I do understand that while auditors go through a rigorous training and certification process, skills vary based on each experience and exposure to different industries and fields. But I cannot help wonder whether more should be done for the quality profession to increase its agility and adaptability to its customers.
In an organisation that is growing organically with its clients, in an organisation that enterpreneurial skills are welcomed within a structured and productive environment, why is it needed to do things independently when it comes to different ISO standards and their cycles?! Why cannot auditors visit a location and conduct a leadership audit for several standards and delve into different levels of evidence depending on an audit cycle?!
Is this something the auditing profession needs to address? Or is it something the auditing profession have grown to be like?!
Once the context is understood, lots can be achieved. I have conducted an internal audit based on 9001:2008 but incorporated the risk based thinking benchmark for 9001:2015. Yes, this was done in one go. No separate audit schedules, no different audit logs, and certainly no additional resources.
If this can be done on a smaller scale, surely it can be done on a bigger scale.
Have you ever been in a similar experience?
Have you ever managed 2 or more management systems in the same context? If so, please share your comments or get in touch.