PROMISE: Our kitties will never sit on top of content. Please turn off your ad blocker for our site.
puuuuuuurrrrrrrrrrrr
Inderjit Arora
Published: Monday, September 30, 2019 - 11:03 Every company uses a system to understand the requirements and inputs of its customers, and then plans to deliver outputs meeting those requirements as a conforming product or service. The International Organization for Standardization (ISO) publishes management system standards that, when correctly interpreted, enable companies to systematically and consistently provide desired outputs while addressing risks. Using the framework provided by ISO, companies can design systems and processes that work together to deliver desired outputs (i.e., products or services). An organization should endeavor to define its outputs accurately, after understanding customer requirements, both stated and unstated. ISO standards allow companies of any size and industry to implement them; hence, a lot is left open to interpretation. Despite this, certification to these management system standards delivers confidence to potential and existing customers that the company is implementing a process with the intent of continual improvement. Across the globe, an ISO management system certification, such as ISO 9001, gives confidence of a certain basic framework being implemented and followed. Risks are identified in the context of the organization. The organization’s core process derives its objectives directly from the company policy. Key and support procedures ensure that these objectives are met in order to deliver a confirming product or confirming service. This understanding of how a management system works to deliver products and services must be understood in the spirit of the ISO standard. The standard is not like a magic wand that will guarantee excellence or success. It needs careful interpretation to design the processes necessary to meet stakeholder requirements. Unfortunately, many companies try to “ISO-ize” their management systems by simply writing processes and procedures around the standard’s clauses, with no regard to whether the processes or procedures make sense for their business. Many ISO-ized management systems fail to deliver sustained success because such systems can’t deliver the feedback that a good system should. Processes must be documented around what users actually do. These processes then need to be resourced, controlled, monitored, audited, and reviewed for continuing suitability, adequacy, and effectiveness. Organizations blunder into believing that ISO-izing their systems is the panacea to all their problems. It is not. Management systems documented to reflect a standard’s clauses only benefit external auditors of the systems. Auditors and auditing are an integral part of a system, but they are meant to provide objective inputs for improvements, not to dictate how the system functions. Good management systems should be documented for easy use by their users. A process-based approach is fundamental to implementing a management system. Success in implementing ISO management standards—for efficiency, managing risk, security, environment, aerospace quality, food safety, or whatever—lies in a good plan that accounts for system risks, given the organizational business context. Ideally, a management system should capture the “as-is” of the system, compare it to requirements, and identify any gaps between the two. This enables the design of new procedures and an update of existing procedures. A process approach is designed to meet measurable objectives, ones that are based on the policy of the organization’s leadership. System users do the work to meet the objectives, and the procedures must capture the “how” of what they do. The relationship between understanding requirements, risks, and inputs to creating the policy should be systematically considered when designing a management system and prior to resourcing it. The system approach as prescribed by ISO standards allows for involvement of the leadership throughout the entire implementation process, i.e., from planning and implementing to monitoring and reviewing for performance for improvement. This motivates top management to take personal ownership of their management systems. ISO management system standards are not prescriptive and need interpretation by users of the system. Using the plan-do-check-act (PDCA) cycle approach, leaders convey their policy to the system users. The system ensures adequate controls and resources so that outputs correlate with inputs and meet measurable objectives as set. The system allows for feedback to be captured, so risks and opportunities for improvement are identified and addressed in a timely manner. As for the auditors, let us encourage them to use their innovative approaches to identify how the system meets the standard’s requirements and intent. To make it easy, we could provide them with a cross-reference matrix to demonstrate where the standard’s requirements are met within the documented system procedures. Bottom line: Embrace your system when developing it to meet requirements, including those per ISO standards, and you will see the benefits of a “de-ISO-ized” system. Quality Digest does not charge readers for its content. We believe that industry news is important for you to do your job, and Quality Digest supports businesses of all types. However, someone has to pay for this content. And that’s where advertising comes in. Most people consider ads a nuisance, but they do serve a useful function besides allowing media companies to stay afloat. They keep you aware of new products and services relevant to your industry. All ads in Quality Digest apply directly to products and services that most of our readers need. You won’t see automobile or health supplement ads. So please consider turning off your ad blocker for our site. Thanks, Inderjit Arora is the President and CEO of Quality Management International Inc. (QMII). He serves as a team leader for consulting, advising, auditing, and training in management systems. He specializes in several ISO and industry specific standards. He is an Exemplar Global certified Lead Auditor and is on the US TAG-176 committee, and a member of the US Submarine League. IJ is a popular speaker at several universities and forums on management systems, conflict management, crisis communication and leadership. Dr. Arora is a Master Mariner with an MBA from the College of William and Mary and additionally MSC in defense studies and graduation in nuclear sciences. He has a 32 year record of achievement in the military, mercantile marine, and civilian industries. He writes a blog and contributes to several professional magazines, including Quality Digest. His articles have been published in the USCG Proceedings.Myth: Your Management System Documentation Must Resemble the ISO Standard
A management system written just to align with ISO QMS clauses won’t deliver the feedback you need
Why ‘ISO-ized’ systems fail
The process approach to systems
Conclusion
Our PROMISE: Quality Digest only displays static ads that never overlay or cover up content. They never get in your way. They are there for you to read, or not.
Quality Digest Discuss
About The Author
Inderjit Arora
© 2023 Quality Digest. Copyright on content held by Quality Digest or by individual authors. Contact Quality Digest for reprint information.
“Quality Digest" is a trademark owned by Quality Circle Institute, Inc.
Comments
Documentation Must Resemble ISO
The point is well taken that a QMS should be tailored to the culture and processes of each organization. The downside to using a different numbering system or structure to the documentation is that you will have to build a crosswalk for your external auditor.
They are in 2-3 companies a week and their brain is hard-wired to the Standard and its numbering system. Using a different structure will increase audit hours and lead to confusion by the auditor. If it is a new registration, the quality manual might not pass the desk audit by the registrar.
Management System aligned to the Standard
Dear Tom,
With due respect to your views and concerns here are my thoughts. First please don't write a management system (MS) for auditors. Audits are meant to provide inputs for TM to better resource the systema and appreciate risks. The system should be written for the users of the system. The Employees of the organization work to their procedures to meet requirements and produce confirming products and services. The MS therefore (per clause 4.4 of ISO 9001) should be designed to processes and provide the interactions between processes. A system written to clauses will never meet this requirement nor be user friendly. The very purpose of the MS is lost. For certification or otherwise, it is the auditors job to audit and see confirmity. Lot of the auditors are confused because they come in search of non-confirmty. Good auditors should be auditing to look for conformity. It is a total waste of money if the system is written for the purpose of auditing!
IJ
RE; RE Documentation must resemble ISO
Indeed a QMS should be tailored to the culture and processes of each organization. In my view, this is far more important than squeezing audit hours or satisfying hard-wired auditors. New technology can help us serve both sides as IT_enabled DMS systems facilitate easy cross-referencing of procedures/processes and ISO requirements. This will support a QMS tailored for the organization and keep costs in control, even with hard-wired auditors.
Management System aligned to the Standard
I agree. Apart from the IT and availability of tools, the basic principle is to write a management system (MS) for the organization. Not for the auditors.