Standards are often misunderstood and misapplied. Too many times I have seen organisations try to address standards as a project which results in a lot of documentation, bound in a folder, only viewed by the auditor and kept away from the business. The key lies in the definition of each one of these management system standards (MSS), which begins:
“That part of the overall organisational management system …”
This indicates that standards are not meant to be delivered as a project in a folder, but embedded in the culture of the business and aligned with the business process and objectives. To be honest, in the best implementations I have seen, the standard seamlessly integrates and updates established business processes. This leads me to think that the best standards are invisible. They have become so embedded in the business process, the staff don’t know they are there.
ISO9001 is the granddaddy of management systems (MS) and therefore a lot of other standards have inherited their terminology and structure from it. It includes 8 quality management principles which all management systems implementers could benefit from understanding.
The 8 quality management principles are:
- Customer focus
- Involvement of people
- Process approach
- Systematic approach to management
- Continual Improvement
- Factual approach to decision making
- Mutually beneficial supplier relationships.
By adopting these principles, and understanding the fundamental nature of an MSS as part of the wider business. Thia means that all standards can all be integrated as parts of a single, wider, integrated corporate management system.
Common elements that can be integrated across the standards include:
- management review
- internal audit
- document control
- record control
- corrective action
- preventive actions.
These apply for all management system standards (MSS) such as 9001, 14001, 18001, 20001, 27001, BS 25999-2, etc.
However, each standard has a specific focus, such as:
- 9001 deals with process conformity to ensure quality of products/services
- 27001 deals with protecting confidentiality, availability and integrity of assets
- 25999 deals with business interruption and disaster by safeguarding critical business activities.
So, each standard has common MS elements, but applies the Plan-Do-Check-Act model with a different focus, to form individual requirements specific to the topic. Looking at the standards, it is easy to break each down into the PDCA, focused on its topic and then the common requirements that can be integrated as a wider MS. Though each certainly has its own certification scheme and certificate, they can be implemented and audited as part of a wider corporate MS, leading to cost savings.
The International Standards Committee is further enhancing this integration by enforcing a future “harmonisation” of all MSS when they are reviewed and superseded, aligning their terminology, clauses, numbers and structure, and ensuring that some MSS contain standard areas of text. The future format is due to be based on a 10 point clause list as follows:
- Normative references
- Terms and definitions
- Context of the organisation
- Performance evaluation
Standards are designed to work together as part of a wider governance picture for the organisation. Organisations with ISO9001 will already have elements in place that will make the others easier to achieve.
Using a documentation toolkit from the ITGP Toolkit suite will also help to ensure harmonisation across multiple management systems. They are designed to help small and medium organisations adapt and adopt best management practice in technology governance, risk management and compliance and have been designed to integrate with each other, saving time and money.
This complete ITGP Suite contains CD-Rom versions of all the following toolkits:
- No 3 ISO27001 Comprehensive ISMS Toolkit (CD-Rom/Download)
- ISO38500 IT Governance Framework Toolkit (CD-Rom)
- Social Media Governance Toolkit (CD-Rom)
- SharePoint Governance Toolkit (CD-Rom)
- BS25999 BCMS Implementation Toolkit (CD-Rom)
- PCI DSS v2.0 Documentation Compliance Toolkit (CD-Rom)
- Complete Data Protection Toolkit and Awareness Posters (CD-Rom)
- ISO9001 QMS Quality Management System Documentation Toolkit (CD-Rom)
- ISO14001 EMS Environmental Management System Documentation Toolkit (CD-Rom)
- OHSAS 18001 Occupational Health and Safety Toolkit (Download)
Not all toolkits will be relevant for your organisation right now but the chances are, in time, they will be! If you only need one toolkit today and another in three months’ time, that’s fine. Buy whichever toolkit you need now, and then, when you are ready, you can buy the next toolkit and integrate it easily into your existing framework – they are designed to integrate in this way.
Price-conscious organisations will see the benefit of purchasing the entire suite and will save £1000.