Featured Product
This Week in Quality Digest Live
Management Features
Chad Kymal
Future systems start with documentation hierarchies but focus on electronic process documentation
Julie Winkle Giulioni
Take back your power to move business plans forward
Steve Hawk
How a nonprofit gave birth to a company that aims to disrupt Big Pharma
Larry Emond
Distributing leadership, decentralizing decisions, and pursuing local talent
Brian Charles
Is IIoT adoption inevitable?

More Features

Management News
Awards to be presented March 24, 2020, at the Quest for Excellence Conference, in National Harbor, MD
Workers more at ease about job security. Millennials more confident regarding wages.
46% of creative workers want video games in the office
A guide for practitioners and managers
Provides eight operating modes and five alarms
April 25, 2019 workshop focused on hoshin kanri and critical leadership skills related to strategy deployment and A3 thinking
Process concerns technology feasibility, commercial potential, and transition to marketplace
Identifying the 252 needs for workforce development to meet our future is a complex, wicked, and urgent problem
How established companies turn the tables on digital disruptors

More News

Inderjit Arora


Myth: Your Management System Documentation Must Resemble the ISO Standard

A management system written just to align with ISO QMS clauses won’t deliver the feedback you need

Published: Monday, September 30, 2019 - 11:03

Every company uses a system to understand the requirements and inputs of its customers, and then plans to deliver outputs meeting those requirements as a conforming product or service. The International Organization for Standardization (ISO) publishes management system standards that, when correctly interpreted, enable companies to systematically and consistently provide desired outputs while addressing risks.

Using the framework provided by ISO, companies can design systems and processes that work together to deliver desired outputs (i.e., products or services). An organization should endeavor to define its outputs accurately, after understanding customer requirements, both stated and unstated. ISO standards allow companies of any size and industry to implement them; hence, a lot is left open to interpretation.

Despite this, certification to these management system standards delivers confidence to potential and existing customers that the company is implementing a process with the intent of continual improvement. Across the globe, an ISO management system certification, such as ISO 9001, gives confidence of a certain basic framework being implemented and followed.

Risks are identified in the context of the organization. The organization’s core process derives its objectives directly from the company policy. Key and support procedures ensure that these objectives are met in order to deliver a confirming product or confirming service.

Why ‘ISO-ized’ systems fail

This understanding of how a management system works to deliver products and services must be understood in the spirit of the ISO standard. The standard is not like a magic wand that will guarantee excellence or success. It needs careful interpretation to design the processes necessary to meet stakeholder requirements. Unfortunately, many companies try to “ISO-ize” their management systems by simply writing processes and procedures around the standard’s clauses, with no regard to whether the processes or procedures make sense for their business. Many ISO-ized management systems fail to deliver sustained success because such systems can’t deliver the feedback that a good system should.

Processes must be documented around what users actually do. These processes then need to be resourced, controlled, monitored, audited, and reviewed for continuing suitability, adequacy, and effectiveness. Organizations blunder into believing that ISO-izing their systems is the panacea to all their problems. It is not. Management systems documented to reflect a standard’s clauses only benefit external auditors of the systems. Auditors and auditing are an integral part of a system, but they are meant to provide objective inputs for improvements, not to dictate how the system functions. Good management systems should be documented for easy use by their users.

The process approach to systems

A process-based approach is fundamental to implementing a management system. Success in implementing ISO management standards—for efficiency, managing risk, security, environment, aerospace quality, food safety, or whatever—lies in a good plan that accounts for system risks, given the organizational business context. Ideally, a management system should capture the “as-is” of the system, compare it to requirements, and identify any gaps between the two. This enables the design of new procedures and an update of existing procedures. A process approach is designed to meet measurable objectives, ones that are based on the policy of the organization’s leadership. System users do the work to meet the objectives, and the procedures must capture the “how” of what they do.

The relationship between understanding requirements, risks, and inputs to creating the policy should be systematically considered when designing a management system and prior to resourcing it. The system approach as prescribed by ISO standards allows for involvement of the leadership throughout the entire implementation process, i.e., from planning and implementing to monitoring and reviewing for performance for improvement. This motivates top management to take personal ownership of their management systems.


ISO management system standards are not prescriptive and need interpretation by users of the system. Using the plan-do-check-act (PDCA) cycle approach, leaders convey their policy to the system users. The system ensures adequate controls and resources so that outputs correlate with inputs and meet measurable objectives as set. The system allows for feedback to be captured, so risks and opportunities for improvement are identified and addressed in a timely manner.

As for the auditors, let us encourage them to use their innovative approaches to identify how the system meets the standard’s requirements and intent. To make it easy, we could provide them with a cross-reference matrix to demonstrate where the standard’s requirements are met within the documented system procedures.

Bottom line: Embrace your system when developing it to meet requirements, including those per ISO standards, and you will see the benefits of a “de-ISO-ized” system.


About The Author

Inderjit Arora’s picture

Inderjit Arora

Inderjit Arora is the president and CEO of Quality Management International Inc. (QMII). He serves as a team leader for consulting, advising, auditing, and training regarding management systems. He has conducted many courses for the United States Coast Guard, and is a popular speaker at several universities and forums on management systems. Arora is a Master Mariner who holds a Ph.D., a master's degree, an MBA, and a 32-year record of achievement in the military, mercantile marine, and civilian industry.


Documentation Must Resemble ISO

The point is well taken that a QMS should be tailored to the culture and processes of each organization. The downside to using a different numbering system or structure to the documentation is that you will have to build a crosswalk for your external auditor.

They are in 2-3 companies a week and their brain is hard-wired to the Standard and its numbering system. Using a different structure will increase audit hours and lead to confusion by the auditor. If it is a new registration, the quality manual might not pass the desk audit by the registrar.

Management System aligned to the Standard

Dear Tom,

With due respect to your views and concerns here are my thoughts. First please don't write a management system (MS) for auditors. Audits are meant to provide inputs for TM to better resource the systema and appreciate risks. The system should be written for the users of the system. The Employees of the organization work to their procedures to meet requirements and produce confirming products and services. The MS therefore (per clause 4.4 of ISO 9001) should be designed to processes and provide the interactions between processes. A system written to clauses will never meet this requirement nor be user friendly. The very purpose of the MS is lost. For certification or otherwise, it is the auditors job to audit and see confirmity. Lot of the auditors are confused because they come in search of non-confirmty. Good auditors should be auditing to look for conformity. It is a total waste of money if the system is written for the purpose of auditing!


RE; RE Documentation must resemble ISO

Indeed a QMS should be tailored to the culture and processes of each organization. In my view, this is far more important than squeezing audit hours or satisfying hard-wired auditors. New technology can help us serve both sides as IT_enabled DMS systems facilitate easy cross-referencing of procedures/processes and ISO requirements. This will support a QMS tailored for the organization and keep costs in control, even with hard-wired auditors.

Management System aligned to the Standard

I agree. Apart from the IT and availability of tools, the basic principle is to write a management system (MS) for the organization. Not for the auditors.