When talking about Integrated Management Systems, businesses that are focussing on service delivery typically look to build a management system to comply with and be certified to three main standards. These are:
Traditionally, writing a management system that is compliant with these standards has meant writing pages and pages of manuals, procedures, policies, forms and protocols, and developing documented workflows that produce evidence of compliance. With the three main standards being so different in how they were written, this often meant having three separate systems within your 'Integrated Management System' to enable you to cover the requirements in each standard and to satisfy the auditors when they come knocking.
For a lot of companies, the whole process has generally only ever been a box ticking or compliance exercise to give a competitive edge, create more tendering opportunities or create the façade of a company that would always deliver great results! This last point is the one that we all know of, but nobody really talks about. We've often seen cases where it comes time for an audit, people panic, they run around fixing up files, adding evidence, and selecting a few examples of great work (and hiding the not so great examples) so the auditors can be blown away with their progress. The process itself seems to drive this kind of behaviour.
Recently, two of the above standards were given a complete overhaul by the International Organisation for Standardization (ISO). ISO9001 and ISO14001 were re-written in 2015 so that each clause across the separate standards lined up and made more sense to business, and the focus was shifted from showing a written down process, to simply having documented results of the process working. In addition to this, a new ISO is being developed (ISO45001) to bring us a globally recognised standard for WHS, written using the same framework as the other standards and bringing all three in to line.
What I like about the new framework, and in particular what this means under ISO9001, is that it feels much more relevant to business and to assisting with understanding your business and providing a foundation for growth. These 2015 standards have a higher emphasis on risk, and in particular the risks to your business. Something that every business no matter how big or small they are, should do, is to understand the risks that exist from every angle.
The new ISO9001 challenges businesses to list all the 'Interested Parties' that exist in their business and how they are affected by the business. The next step is to understand the 'Issues' that exist in the business. Once we have a clearly defined list, we can look at opportunities that come out of these. This ends up becoming the risk mitigation strategy and also challenges you to see how you can use the knowledge of these issues and the parties they affect to your advantage and link them to your value proposition, corporate culture and vision/mission.
The Interested Parties and Issues are a part of clause 4 - Context of the Organisation. Once the context is established the standard goes on to set out requirements for Leadership, Planning, Support, Operation, Performance Evaluation and Improvement. If we were to dig deeper into each of these clauses we would find sections on how top management should act in the business, actions to address risks and opportunities, how these actions will be resourced effectively, communication within the organisation, the planning process to tie all of this together, how performance will be monitored, measured & evaluated, and a process to ensure the business continuously improves on all of this. To me, these are the basic requirements of a good business plan.
With all three standards eventually being aligned to this high level structure, aligning the process of gaining certification against them with the business planning process will mean more businesses going through the certification process; as the once rocky road to implementing these systems becomes simpler and more in line with what they were already doing. It will also mean more businesses operating better using proven systems that are meaningful to business.
I believe the new 2015 standards are really a step up from the old versions and I'm excited to see how they can be used to create more robust businesses that are set up for growth and success.