Authors Posts by ISOUpdate.com

ISOUpdate.com

185 POSTS 23 COMMENTS
ISO Update aims to provide information, resources, and updates around the Standards and Certification industry. We believe that organizational standards can help businesses of all shapes and sizes become more efficient and successful on a local, federal, or global scale.

by -

Risk-based thinking is one of the major changes introduced in the updated ISO 9001:2015 Standard. While Risk based thinking was addressed in older versions of ISO 9001 implicitly under clause on ‘preventive action’, ISO 9001:2015 increases the focus and explicitly defines the requirement under the clause “Actions to address risk and opportunities”. Therefore, the focus in this new version of the standard is based upon capturing both the risks and opportunities and then, handling them in a structured manner.

ISO defines a risk as ‘effect of uncertainty on the expected result’. Effective management of risk is talked well in advance to ensure there are less surprises, improved planning, effective decision making and better relationships with stakeholders. Effective management of risk leads to better performance, continual improvement and increases customer satisfaction.  Opportunities are considered the positive side of risk which is why, ISO 9001:2015 focuses on reducing risk and enlarging opportunities.



Determining Risk and Opportunities

Risk and Opportunities need to be determined based on the Context of the Organisation, both internal and external and the requirements of applicable Interested Parties. External Context involves the environment in which the organization operate. These can be driven by legal, financial, regulatory, social and cultural factors. Internal Context, involves organization internal environment and is driven by factors such as hierarchy, resource capabilities, organizational structures. Risk which may arise in either of these contexts need to be determined.  Organization then need to determine risks which may arise due to requirements of Interested Parties. The organization need to understand requirements of all its stakeholders and then determine risks involved in achieving these requirements. Some examples of requirements of interested parties are: the customer requires low or zero-defect delivery, employees need for job satisfaction or work-life balance or financial performance. Each of these may lead to risks or opportunities. These need to be understood by the organization and all risks and opportunities which may arise due to context or requirements of interested parties should be determined.

Conduct Risk Assessment and Address Risk and Opportunities

Once risks are identified, a risk assessment will need to be conducted on the risk identified and appropriate actions identified to address these risks. This should result in actions to enlarge the opportunities and mitigate the risks. An organization may define a risk methodology to handle risks. This can involve determining the risk magnitude based on its probability and impact. Risk tolerance criteria may be defined which gives acceptable limit of risk. You can decide based on tolerance criteria and risk magnitude on the level of intervention required to mitigate the risk. Adequate control measures should be identified to ensure the risk falls below the acceptable limit or tolerance criteria.  Alternatively, techniques like FMEA may be used to address the risks. Adequate actions need to be planned to address or enhance the opportunities also.

Monitor and Review Risks and Opportunities

The risks and opportunities identified need to be monitored and tracked on a regular basis. The intent of this is to ensure that after the control measures are implemented, whether the risk falls under the acceptable levels or not and actions taken against opportunities are on track. This should be done on a fixed frequency or on event like changes in staff, process or equipment.

If your organisation still needs to find a Certification Body for its transition to ISO 9001:2015 have a look at the ISO Update Registrar Directory. Here you will find a comprehensive list of Certification Bodies from all over the world.



by -
Key Performance Indicators for an ISO 14001 Management System

Why Do You Need Performance Indicators for Your Environmental Management System?

Performance Indicators are the measures that you put in place on your processes and business that provide you with the information that you need to see how well your ISO 14001 management system is performing. Each process could have a whole series of measures that will let you know how well it is performing financially, with regards to quality, H&S compliance and of course environmentally. After all, as the saying goes, “what gets measured gets done.”

Each process could potentially have many different measures that are important to it. Many of these measures will be monitored, and action taken at a local level. While others that are more important could be elevated to being Key Performance Indicators (KPIs) for the business. This ensures that those measures that are vital to your business or have a potential risk associated to them are highlighted.



What Performance Indicators Do You Need for Your ISO 14001 Management System?

Many businesses are used to implementing performance measures as part of their quality management system, however they are equally as important as part of your ISO 14001 management system. Your measures need to be selected with great care for each process within your business and only those that are truly important should be elevated as KPIs for management monitoring.

Each business is of course different as are each of your processes. Therefore, your indicators and measures will always be different to those employed by other businesses. However, some typical measures are detailed below to give you some idea as to what you should implement within your own business:

Use of Natural Resources:

  • Water, electricity, and gas usage by the business
  • The amount of paper used within the business

Discharges to Air, Land, and Water:

  • Pollutant parts per million measures
  • Weight to landfill

Incidents and Potential Incidents:

  • Number of actual and potential incidents
  • Time lost due to incidents

Proactive Measures:

  • Risk reduction measures implemented
  • Environmental audit scores

Learn about ISO 45001 and how Performance Indicators have changed since OHSAS 18001



by -

Quality Management is the process of monitoring the different activities and tasks involved in producing and delivering a product and/or service in order to maintain its desired quality. The objective of Quality Management is for an organization to develop a long-lasting relationship between the customer and the product or service it provides, and this can only be achieved when these continuously meet customer’s expectations.

To manage the quality of a product or service, organizations are required to establish a set of procedures to successfully oversee the different processes involved within the organization. These different procedures that are linked with each other and which are meant to conduct an organization towards a specific goal is what makes up the Quality Management System. This Quality Management System follows 7 basic principles, which are:

  1. Customer focus
  2. Leadership
  3. Engagement of people
  4. Process approach
  5. Improvement
  6. Evidence-based decision making
  7. Relationship management

Each of these principles are important for the success of Quality Management within an organization. However, the fifth principle; Improvement; is the most crucial for the sustained success of an organization.

Quality cannot be maintained if improvement is not achieved. The business environment is continuously changing, and customers are increasingly demanding better products and services at lower costs. In order to adapt to these constant changes, organizations need to continuously improve, not only their products and services, but their processes. Thus Quality Improvement is a systematic and continuous process aimed at minimizing costs, increasing the quality of product and services, and meeting and exceeding customer satisfaction. While the Quality Management process assist organizations in achieving and maintaining quality, Quality Improvement drives an organization forward by helping it innovate, manage and create opportunities. It could be said that Quality Improvement is the most proactive part of Quality Management.

Some of the key benefits that an organization can achieved through Quality Improvement are:

  • Greater adaptive capacity to meet changing customer’s expectations.
  • Decrease of defects and waste, which increases efficiency and lowers costs.
  • Prevents errors throughout the organization which improves the products and services delivered to customers.

Quality Management focuses on guaranteeing the ability to deliver quality products and services that meet customer’s expectations, and Quality Improvement focuses on increasing an organization’s capacity to meet its customer’s expectations. Quality Management and Quality Improvement have to be seen as counterparts, as they are both part of the same story, a story of long term success of organizations.



by -
Getting Top Management Invested in Certification

The commitment and involvement of top management is essential for the success of any management system. Top management must participate in the implementation process and must ensure the continuity and improvement of the system. Also, they are the ones that should guarantee the availability of resources necessary for the establishment and maintenance of the management system. However, in too many cases, top management’s involvement ends with the appointment of a Management Representative.

There are reasons why top management doesn’t truly commit to a management system, and one of them is that they just don’t see the value of it. They don’t see why they need to be attending management reviews, looking at audit results, and spending money on trainings and “improvements” that don’t seem to improve anything.



Because top management’s involvement is essential for the success of the management system, here are some ways to help them see the true value of any management system.

Speak their language

Management usually speak the language of money. The information presented to them should consist of a cost analysis. They want to know facts such as how the ISO management system will:

  • Help the organization use their resources more efficiently.
  • Promote improvements that reduce cost.
  • Create a work environment that will increase productivity.

Present information that motivates them.

Show them how the ISO management system is helping achieve the organization’s objectives, how targets are being improved, how customer satisfaction has increased (less complaints, increase in sales), or how the organization has received less complaints from other interested parties (regulatory bodies, community, etc). Show them what the system is doing for their business.

Make Management Reviews important to them.

Management doesn’t want to spend time on a meeting just to comply with an ISO requirement. During management reviews, present an overall picture of the organization’s performance; make sure that these meetings represent an opportunity to make important decisions regarding the improvement of processes and performance.

Explain the importance of improvements.

Among other things, top management is responsible for questioning anything that adds activities, time and requires money. When asking for resources for an improvement, show them what the nonconformity or non value added activity is costing the organization, how will the improvement save them money, how will a process become more efficient and how it will help the organization achieve its goals.

Make sure they understand their responsibilities.

Top management needs to understand their role within the ISO management system. They need to know its requirements, the benefits it may bring if it is implemented correctly and what is most important, they need to understand that without their participation, any management system will fail to bring success to the organization.




Learn about how to Outsource an Internal Audit.

by -

The new ISO 31000 Risk Management Standard was released in February. ISO 31000:2018 supersedes ISO 31000:2009. The risks organizations face have changed significantly the last 9 years. Risks such as terrorism and cyber-attacks were not as prevalent a decade ago.  To adapt to these new realities and to facilitate risk management, the standard Risk Management standard ISO 31000 has been revised, and the latest version has just been released.

Simple is the best way to describe the new ISO 31000:2018 standard. It is clear and concise while giving enough detail to be applicable to organization anywhere in the world and applied to different processes from finance to production. It has been presented with a simple language where risk management fundamentals can be understood by everyone. To make the standard accessible and easy to understand, its terminology has been revised and certain terms used in risk management have been moved to ISO Guide 73, Risk Management – Vocabulary.



In addition to the changes aimed at making the standard easier to read and apply, there have also been changes regarding the principles of risk management. In ISO 31000:2018 these principles are designed in order for risk management to provide Value Creation and Protection to every organization. These principles make risk management:

  • Integrated
  • Structured and comprehensive
  • Customized
  • Inclusive
  • Dynamic
  • Based on best available information
  • Aware of human and cultural factors
  • Focused on continual improvement

These principles and the standard’s new definition of risk as the “effect of uncertainty on objectives” will drive organizations to look at the internal and external uncertainties that could jeopardize the accomplishments of their objectives. In this way, risk management is tailored to the needs and objectives of each organization. The integrated and inclusive principles help organizations develop a system which brings risk management to the center of decision making and which supports all activities across the organization.

ISO 31000:2018 recognizes risk as ever changing, therefore the system must be flexible and dynamic to adapt to the changing uncertainties, while always focusing on the continual improvement of processes.

Overall, the new ISO 31000:2018 standard presents guidelines for effective and efficient risk management in a simple manner. These guidelines will help organizations understand and address the different uncertainties which will inevitably appear in their path to achieving their objectives.



by -
Quality

Have you ever stood staring at a range of products in a supermarket trying to make up your mind which one to buy?  They all look quite similar, but one stands out and you buy it.  Why?  It’s got a sign on the shelf and a logo on the product to tell you that it’s won an award for quality.

So you’ve just based your purchase on Quality – Your customers are making the same decision every day!

Quality is more than just finished product, it’s the processes, systems and people that are behind the product.   Quality is everybody’s responsibility.



Quality is the pursuit of excellence, striving to be the best we can and getting ahead of our competitors.  It is meeting the needs and expectations of all stakeholders – our customers, our suppliers, our staff and the community at large.

How can we ensure that we are exploiting all avenues to be the very best?  A recognized standard such as ISO 9001 certification promotes the use of quality tools in business.   The ASQ (American society for quality) estimates that for every €1 spent on a quality management system, such as ISO 9001, returns €6 in revenue, €16 in cost reduction and €3 in profit – that’s €25 for every €1 spent!

93% of organisations agree that the implementation of a quality management system such as ISO9001 was a significant driver of success and most would agree that without it they could not justify their pricing to customers.

If you are looking at ways to improve your ROI by improving your quality then consider ISO certification.   Using an expert to help you implement a quality management system will ensure ISO 9001:2015 accreditation which will in turn help you make significant improvements and lead to significant growth.

 

This post has been a guest posting from Joann O’Brian over at our friends at CG Business Consulting Ireland .



by -
standards moving forward.

All management systems require a periodic review by the organization’s top management. The purpose of such a review is to evaluate if the management system is performing as intended and if it’s producing the desired results as efficiently as possible. While in review, there are steps that can be taken to make sure your organization’s management review process goes smoothly.

The management review inputs for standards may vary however, there are some key characteristics that all management reviews should have to ensure its success.

Top Management Involvement

For this process to have the expected outputs, top management needs to attend; they are the ones that decide where the resources – people, time and money, will be placed to improve the management system.

Clear Presentation

All the required inputs are presented in a simple and clear manner. Every standard is specific about the review’s inputs. This information can sometimes be extensive, therefore, it’s fundamental that it’s presented in an easy to follow way and that it gives an overview of the systems current status, its weaknesses and possible areas for improvement. Here are some examples of the information that needs to be highlighted:

  • Internal and external audit results:
    • number of audit findings
    • current status
    • audit findings increasing or decreasing compared with the year before?
  • Corrective and preventive actions: 
    • current status of corrective/preventive actions
    • are resources available to effectively close them?
    • possible trends – are there fewer corrective and preventive actions compared to previous years?
  • Legal compliance: 
    • is the organization complying with all applicable requirements?
  • Process performance:
    • are targets/objectives being reached and maintained?
  • Communications and complaints:
    • has positive or negative feedback been received from interested parties?
  • Upcoming changes:
    • are there any changes that can affect the effectiveness of the system -i.e., staff changes, new projects or standards, efficiency improvements, etc.?
    • what actions/decisions need to be taken?

Record Outputs

It is essential to record, as a minimum;

  • the date of the review,
  • participants in the review,
  • decisions taken,
  • deficiencies found in the system, and
  • recommendations for improvement or corrective actions.

The actions and recommendations to be taken should stipulate deadlines, resources needed and the individuals responsible for the actions.

Monitor Outputs

The results of this review should be monitored over time, and if problems persist, more frequent reviews should be scheduled.

Frequent Management System Reviews

Management System reviews are required at least once a year. It is recommended that during the first 2 years of the management system, this review is held more frequently (twice a year), and after the system has “matured” it can be performed once a year. However, if it’s considered necessary, a specific topic – i.e., audit findings, corrective actions, process performance, etc. – can be reviewed on a more frequent basis.

Broadly speaking, a successful management review process provides top management; and everyone responsible for the effectiveness of the management system; a diagnosis of the system’s current situation so deficiencies can be identified, changes and/or actions can be established to correct these deficiencies and recommendations for improvement can be made.

 

by -

ISO standards are developed and published following a systematic process involving ISO members and sector specific experts. When the need for a standard has been identified, a panel of experts, within an ISO technical committee (TC), meet to discuss and negotiate the first draft of the standard. Once a draft has been developed, ISO’s members are asked to comment and vote on it. If a consensus is reached, the draft becomes an ISO standard, if not it goes back to the technical committee for further edits.

6 Steps to Creating an ISO Standard

1. Standard Proposed to Relevant TC.

Contrary to what many believe, ISO does not decide when a new standard should be developed. ISO responds to a sector specific need when industry or other stakeholders make a formal request of a standard. Typically, an industry sector or group communicates the need for a standard to its national member who then contacts ISO. Practically every country (163 to be exact) has one ISO member that can be reached for this purpose.The TC reviews the proposal and if it’s accepted, the process will continue.

2. Experts Prepare a Working Draft

These experts negotiate all aspects of the standard, including its scope, key definitions and content. These group of experts are from all over the world and they are part of larger groups that form a TC.

3. Working Draft Shared

TCs are made up of representatives of industry, NGOs, governments and other stakeholders, who are put forward by ISO’s members. Each TC deals with a different subject; ISO has over 250 TC. The relevant TC reviews the first draft and if consensus is reached within the TC, the process moves on.

4. Draft is Shared with all ISO National Members

As mentioned above, there is a member in almost every country. The draft is shared with these member (over 150) and each is asked to review and comment. All these comments are taken into account by the TC and if a consensus is reached, the process continues to step 5.

5. Final Draft Sent to all ISO Members

The final draft is sent to all members for approval. If it is approved by member vote, the process continues to its final step.

6. ISO International Standard

The ISO International Standard is published and available for the public to purchase. This can be purchased from the ISO store or from the ISO national members. A full list of the ISO member of each country is available in the ISO website.

by -
Organization Knowledge and ISO9001:2015
Organization Knowledge and ISO9001:2015

Guest Contributor John Grosskopf - Founder of DeepGreen ConsultingThis column will cover the background and importance of Auditing Multiple and Integrated Management Systems, the advantages and disadvantages organizations accrue when integrating and when auditing their systems. And adjusting their auditing programs to fit the new reality of multiple and integrated management systems (intMS) increasingly prevalent today.

The adoption of formal Management Systems has risen dramatically the past few decades, and an increasing number of organizations have implemented multiple management systems. Organizations are increasingly recognizing the advantages and efficiencies that accrue by their integration, whether it be full, or partial integration.

Integration was more difficult prior to the harmonization of the ISO Standards – now guided by ISO’s Annex SL – the high-level structure that provides identical structure, text, and common terms and definitions for management system standards of the future. This will ensure consistency among future and revised management system standards and make their integration, and integrated use simpler. This is highlighted in the recent adoption of ISO 9001 and ISO 14001: 2015, and ISO 45001, ISO’s Occupational Health and Safety Management System Standard, and ISO’s newest.

With the addition of each management system, auditing resources necessary to ensure their effectiveness could, without integration and streamlining efforts, roughly double. Those organizations with a QMS, EMS, and HSMS could triple the auditing resources – including time, utilized over that of a single system.

For the commonly used 2-3 auditors per system, 6-9 auditors may be necessary for those with a QMS, EMS, and HSMS. For those using 3 or more audit team members, imagine the audit army this creates, let alone the time necessary to audit separate systems, and the disruption to the organization.

Considering all the other financial, customer, supply chain, and other audits organizations are subjected, and you can understand why many organizations are ‘audit weary’!

Integrated Audits

Professionals who have conducted integrated audits recognize how much more efficient they can be. The process under review, along with all its controls; environmental, health, safety, and quality; has to be evaluated only once.

There is less duplication of effort during the planning, execution, and even follow-up phases of the audit. Other efficiencies, often unforeseen, are uncovered or revealed once an organization begins an integrated management system pathway, and is yet another advantage to integrated auditing.

Typically, management systems integration allows the organization to minimize duplication and redundancy of effort, streamline or leverage the use of its limited resources, and reduce or eliminate overlapping responsibilities. This is true of integrated systems in general and is especially true regarding the audit function. minimizing duplication and redundancy of efforts translates to significant cost savings, productivity increases, risk reductions, and enhanced effectiveness and efficiency that the intMS are designed to achieve.

When it comes to intMS registration, Registrars should confer savings when auditing and certifying intMS through the same efficiencies and streamlining efforts organizations achieve internally.

Disadvantages of Integrated Audits

While there are many advantages to implementing and auditing intMS, it is important to recognize that there are disadvantages as well.

If an organization is seeking third-party registration to one or more standards, a non-conformance against a requirement of one standard may carry over to another standard. In the worst case scenario, if the non-conformance is major, all registrations could be at risk unless effective corrective action is taken.

Another disadvantage is the learning curve and attendant training that will likely be an adjustment for staff members, many of whom will not be familiar with the requirements of all the management systems involved in the IntMS.

For example, Quality staff may be intimately familiar with ISO 9001 requirements, while needing extensive and perhaps costly training on ISO 14001. The same will be true of OHSMS staff, and vice-versa for each staff function.

In the next installment of this column, we will dive into the mechanics and logistics of intMS auditing, as well as provide tips and techniques to help improve intMS audit team effectiveness and efficiency.

About John Grosskopf: Since a Dr. Deming led quality and environmental paradigm shift at General Dynamics in the late 80’s, John has been a strong management systems (MS) advocate. He has pioneered advances in auditing, integrating MS, a chief contributor to two national MS Standards, and has led the development, implementation, and improvement of hundreds of MS in the public and private sectors. He is an accredited EMS, HSMS, and QMS auditor (accreditations pending), a published author, instructor/trainer, and has presented widely on MSs. Through his firm, DeepGreen Consulting, he is currently assisting clients to improve their triple bottom line through a combination of MS, best practices, collaboration, and leadership

Reference: Auditing Integrated Management Systems: Considerations and Practice Tips, November 2008, Journal of Environmental Quality Management, John Grosskopf, with co-author Jennifer Kraus.



by -
Writing Effective Standard Operating Procedures - ISOUpdate.com

A Standard Operating Procedure (SOP) is a document that consists of a set of instructions or steps on how to execute a task. A Standard Operating Procedure serves as a tool to ensure that activities are performed properly and follows operational, quality, environmental, and safety requirements. Read on for recommendations on how to write Standard Operating Procedures that have can have a positive impact on operations for your organization:

1. Choose the correct format
Depending on the activity, consider formatting:

  • A simple steps format.This is used for routine procedures that are short and simple. These are usually a set of simple sentences highlighting step-by-step what needs to be done.
  • A hierarchical steps format. This is used for long procedures (more than 10 steps) where decisions need to be made and clarifications and terminology are essential for the activity to be performed correctly. These consist of a list of main steps with sub-steps.
  • A flowchart format. This is used for complex procedures that could have many possible outcomes.


2. Consider the user of the Standard Operating Procedure

Standard Operating Procedures are written for a variety of activities performed by a variety of people. The factors that should be considered to guarantee that the Standard Operating Procedure is understood by the person reading it include: age, education, knowledge, skills, language abilities, etc. This information will determine if it is necessary to include basic terminology, pictures, diagrams, etc.

3. Keep the purpose of the Standard Operating Procedure in mind

Keeping the purpose in mind will help ensure that all relevant information is included. Some of the main reasons for creating Standard Operating Procedures are:

  • Provide all the safety, health, environmental, and operational information required to perform a job properly.
  • Protect the health and safety of employees, the environment and/or the community.
  • Ensure consistency in operations and quality control of processes and products.
  • Ensure activities are completed on time.
  • Prevent failures in manufacturing and related processes.
  • Ensure compliance with company and regulatory requirements.

4. Consider different views and perspectives

Ideally, Standard Operating Procedures should be written by a team that includes personnel from different areas. However, in the real world, they are often written by just one person. If this is the case, the person in charge of creating them should:

  • Interview someone that performs the job, a supervisor, and the people in charge of ensuring that quality, health, safety, and environmental requirements are met.
  • Have people from different areas review and comment before releasing the final Standard Operating Procedure.

5. Keep the writing simple

Standard Operating Procedures should be clear and concise. Sentences must be as short as possible. People usually don’t want to read Standard Operating Procedures, they must, so making them clear and easy to read is essential.

Remember, these documents need to be comprehensive and easy to read, so be sure to consider the reader when you are writing Standard Operating Procedures. If they are never read or understood by the intended audience, they are not likely to serve as an effective tool in any process.


This article was written by The Registrar Company and was published with permission.