Featured Product
This Week in Quality Digest Live
Risk Management Features
Bryan Christiansen
Make maintenance programs more efficient and effective
Doug Folsom
Unpatched vulnerabilities will become increasingly susceptible to cyberattacks
Gleb Tsipursky
Three reasons companies wait too long to make obvious decisions
Del Williams
Mitigate risk, prevent safety issues by utilizing closed conveyor systems designed with sanitation in mind
Anton Ovchinnikov
The push-pull effects of customization

More Features

Risk Management News
New data suggest most of the growth in the wage gap since 1980 comes from automation displacing less-educated workers
Features customer-driven updates to training management, empowers staff to drive quality improvement
Better manufacturing processes require three main strategies
Easy, reliable leak testing with methylene blue
How ISO/IEC 27001 can help protect your assets
Reduce identifying info in patient health data to enable better treatments and diagnostics

More News

Chad Kymal

Risk Management

Using an Integrated Management System to Implement ISO 9001:2015

Reduce documentation and processes, save on implementation and maintenance costs

Published: Wednesday, May 27, 2015 - 23:00

The final draft international standard (FDIS) of ISO 9001:2015 will be released in July, and the revised standard is slated for publication in September. Per Annex SL of the “Consolidated ISO Supplement,” some elements of the standard will be restructured to allow for easier integration of multiple management systems.

This restructuring follows a high level structure (HLS) required for all ISO management system standards and will result in the same subclause names, common texts, and terms and definitions for all the ISO management system standards. This is one of the major changes that will act as a catalyst for integration between standards or what we call “integrated management systems.” Generally speaking, integrated management systems refers to integrated processes that result in one management system to implement ISO 9001, ISO 14001, OHSAS 18001 (the new ISO number will be ISO 45001) or food safety standards such as FSSC 22000.

Key changes: ISO’s high-level structure

The HLS shown below is the one adopted by ISO. This structure is common between ISO 9001, ISO 14001, ISO 45001 (the new OHSAS 18001 standard), and FSSC 22000. In other words, each of the standards requires an organization to understand the context of the organization, leadership, planning, and so forth. It won’t be difficult for implementers to understand that common requirements can be satisfied by the same process, i.e., one process could identify the “context” of the organization, and this context would apply to quality, environmental, health and safety, or food safety.

1. Scope
2. Normative References
3. Terms and Definitions
4. Context of the Organization
5. Leadership
6. Planning
7. Support
8. Operation
9. Performance Evaluation
10. Improvement

Figure 1: High-level structure (HSL), from Annex SL, Appendix 2 of ISO/IEC Directives, Part 1—“Consolidated ISO Supplement—Procedures specific to ISO” (Sixth Edition, 2015)

Proliferation of standards and the cost of maintaining them

Organizations in many sectors face a proliferation of standards. Not only are there management standards for quality, environmental, occupational health and safety, and food safety, but also other standards such as ISO 17025 for laboratory quality management systems or ISO 26262 for functional safety in automotive organizations. Typically these standards are implemented as stand-alone management systems with their own manuals, procedures, work instructions, forms, and checklists as well as their own process owners. The cost of implementing and maintaining these standards is becoming cost-prohibitive.

For example, a food organization that Omnex works with has different specialists focusing on food safety, quality, environment, and health and safety. Consolidating these stand-alone standards into a single management system that satisfies all the requirements of the four standards will result in reduced documentation and processes to manage, which in turn saves costs in implementation and maintenance. (See figure 2 below.)

IMS pyramid.gif


Figure 2: The HLS, proliferation of standards, and the costs of maintaining stand-alone standards will create an increasing need for integrated management systems.

Integrated management systems

Integrated management systems (IMS) conform to the requirements of quality management systems (QMS), environmental management systems (EMS), occupational health and safety management systems (OHSMS), and food safety management systems (FSMS). The book Integrated Management Systems (ASQ Quality Press, 2015) defines an integrated management system as having integrated processes, risk, and audits:

Integrated processes are defined as management systems processes that are integrated to a large degree, i.e., greater than 70 percent, and have a common process owner between the QMS, EMS, OHSMS, and FSMS.

Integrated management systems have integrated risks (i.e., a common risk methodology) between quality, environmental, health and safety, and food safety and have comparable severity and occurrence risk ratings between the categories. Optimally, one team conducts the risk analysis for the three different categories.

An integrated audit uses one common audit process and audit program for quality, environmental, health and safety, or food safety management systems in one site. The audit process uses an integrated audit checklist and an audit team capable of auditing the integrated system.

Integration and standardization

Stand-alone systems duplicate training processes, document control, and internal audit processes for each standard within the company. Therefore, there’s a tremendous loss of value associated with stand-alone management systems within an organization as discussed above.

Worse yet, many organizations continue this duplication of effort among their different sites—including plants, design centers, and sales offices. If there is a lack of efficiency and confusion caused by the duplication in one site, one can imagine the magnification of these same problems when they are repeated multiple times in a large organization. The article “Juggling Multiple Standards,” which appeared in Quality Digest in 2005, provided a case study of a large European organization and included examples of duplication of management reviews and risk assessments. This same organization had processes such as document control that were repeated no less than 30 to 50 times in their large sites, called campuses, in Silicon Valley or in France.

Here are some of the costs and benefits of integrated management systems, which are based on the cost of implementing three management system standards, $200,000; maintenance costs, $90,000 per year; and third-party auditing costs, $45,000 for three years:
• Savings from implementation (one-time cost): $200,000 x .50 = $100,000
• Savings from maintenance: $90,000 x .66 = $60,000 per year for each site (NPV at 10% would be $600,000)
• Savings from third-party audit costs: $3,000 each year (NPV is $30,000)
• Total savings: $100,000 + $600,000 + $30,000 = $730,000
• Implementation savings: 50 percent, and maintenance savings: 66 percent
• Third-party savings: 20 percent

Reducing process duplication within one organization is referred to asintegration,” and reducing duplication between sites is referred to as “standardization.” Although there is much discussion about integration, there is not much regarding standardization.

Integration and standardization refers to “common” integrated processes, such as integrated risk processes and integrated audits, across the enterprise. The importance of software in implementing enterprisewide integration and standardization can’t be overstated.

In 2002 I published a number of papers emphasizing the need and advent of a class of software called enterprisewide quality management system (EwQMS). At that time, we at Omnex defined an EwQMS as one that would satisfy all the requirements of ISO 9001:2000 and that optimally including advanced product quality planning (APQP), failure mode and effects analysis (FMEA), and production parts approval program (PPAP), a risk-based defect prevention tool used in many sectors. The awareness of enterprise quality has finally arrived in 2015; however, the market need has gone up a notch to enterprise integrated management systems (EIMS).

EIMS software can satisfy the requirements of ISO 9001:2015, ISO 14001:2015, and ISO 45001:2016. In fact, the software must satisfy and conform to the high level structure of all ISO standards in order to meet the core requirements of them all. EIMS software must also satisfy APQP, FMEA, and PPAP, or risk-based phase-gate new product launch processes including design, process, and project risk. Additionally, EIMS should be able to assess risks  in the process map, EMS, OHSMS, or social responsibility risk (i.e., any risk from any standard).

EIMS have at a minimum these characteristics:

1. Enterprisewide web-based system or equivalent
2. Manage multiple sites
3. Support multiple languages and multiple date conventions
4. Integrate with email notification, reminders, and escalation services
5. Integrate with legacy and ERP systems
6. One-point user authentication
7. Role-based security
8. Fully integrated solutions; lean data entry
9. Include enterprise-integrated processes
10. Include minimum functionality of ISO 9001, ISO 14001, OHSAS 18001/ISO 45001, and FSSC 22000
11. Be able to add one site or management system and then scale up

In summary, the advent of the HLS, increased proliferation of standards, and the increased costs of implementing and maintaining standards require integration and standardization of management systems in an organization. Integration is defined as integrated processes, risk, and audits. Organizations need EIMS software to integrate and standardize processes, risk, and audits.

EIMS software must satisfy and conform to the high level structure of ISO standards that satisfies all their core requirements. It must be able to satisfy APQP, FMEA, and PPAP or risk-based phase-gate new product launch processes including design, process, and project risk. Additionally, it should be able to assess the risks of processes in the process map, EMS, OHSMS, or social responsibility risk.

Chad Kymal will be leading a webinar "Implementing ISO 9001:2015 using Integrated Management Systems and Enterprise Wide Quality Software" for Quality Digest on Thurs., June 4, 2015, at 2 p.m. Eastern/11 a.m. Pacific. This is the first of a series of articles on the ISO 9001 revision, enterprise quality, and enterprise integrated management systems.

For more information about the ISO 9001 standard, see the Quality Digest knowledge guide, “What Is ISO 9001:2015?”


About The Author

Chad Kymal’s picture

Chad Kymal

Chad Kymal is the CTO and founder of Omnex Inc., an international consulting and training organization headquartered in the United States. He is also president of Omnex Systems, a software provider of ISO 9001, ISO 14001, and ISO 27001 management systems. He developed and teaches auditor training for ISO 9001, IATF 16949, ISO 14001, and ISO 45001, as well as an Integrated Management Systems Lead Auditor training course where all three standards are combined in a single audit.

Kymal is also on the ISO/TC 176, ISO/TC 207, and PC283 committees for ISO 9001:2015 (quality), ISO 14001:2015 (environmental), and ISO 45001 (health and safety) management system development.





Breathtakingly abysmal.

Breathtakingly abysmal - what does that mean - referring to what

Am confused by "Breathtakingly abysmal." Dan. What do you mean.


ISO DIS 9001 says no Clause based strcutures


Thought I would check ISO DIS 9001:2015 about HLS and Process-appraoch to design of a QMS.

Clause 0.6:

  • the HLS was "developed by ISO to improve alaignment among its International Standards for managment systems" - this does not say as your QD arrticle says that HLS can be used for an IMS
  • ....."It is important to emphasize, however, that organizations are not required to follow an identical clause-by-clause sequence when defining the QMS and are encouraged to use the Process-approach"

I think that you have provided your company's interpretation of HLS to "act as a catalyst for integration between standards or what we call “integrated management systems.” Am I correct in saying that 'we call' is your advice to people to design IMS around and based upon the clauses of the HLS?"

I think you are saying the HLS is the "integrated processes" to build "one management system".

This is only an alignment of various ISO standard clauses and not consolidating them as you rightly suggest, but then the task is to overlay these combined requirements onto and into the organization processes and documented procedures for an IMS.


Integrated Management System

Michael, why do you think Dr. Croft (Chair of TC 176) says that he doesn't like the term "integrated management sytsem"?

Outcomes and Outputs - SMS and IMS

Hi Dan,

Thanks for the Dr Croft YouTube links:

  • Should 5 m 50 secs he eludes to the problem of 'Tick the Box' auditing 
  • I suspect this is to counteract Certification Bodies and people building management systems, to stop them over the next 3 years to NOT document these Systems for Quality and others in the same ANNEX SL format - by clauses; contrary to the process-approach 
  • This means there should no Management System that has Annex SL or other ISO Management System policy manuals with clauses - only the Business Process IMHO
  • Around 7 minutes in Dr crofts speech says something like 'judge Outcomes and key deliverables of the business, the
  • Around 7m 50 secs he says "Output matters"
  • Around 8m 30 secs "build Quality Management into the business processes"
  • Around 13m 40 secs Dr croft says he 'Prefers' a 'single management system' not an IMS

Charles Corrie interview was helpful.


We hope the outputs of a

We hope the outputs of a quality management system satisfy customers, outcomes (results) being customer satisfaction and organizational survival, growth, and prosperity. 

Processes operate in a concerted, systemic effort to output quality product or service; the outputs of each process ultimately culminate in the output of the system--product or service offered to customers.

Once in a while, I hear some person declare, “I’m making a concerted effort to . . .” As a concerted effort is a joint effort, it seems to me that a person making such a statement either doesn’t understand the joint nature of a concerted effort, or the person has multiple personalities that are jointly working together.

A similar question arises with the notion of an “integrated management system.” “Because several different standards are being applied to my management system, I need an integrated management system to address them all.” 

Such a statement suggests failure to recognize that a process-based management system IS a single management system (not in need of “integration”). A management system only becomes fragmented and in need of integration by those who don’t understand the system holistically in the first place, those who instead view a single, simple system through various checklists arising from application of multiple standards. 

Application of standards assessing a management system shouldn’t result in a dissociative identity disorder requiring integration of anything other than internal processing requirements. When single or multiple management system standards’ requirements result in process identity problems for organizations, the standards are being misapplied.

I like how the DIS uses a

I like how the DIS uses a variation of the term "integrated" at 5.1.1 d: "ensuring the integration of the quality management system requirements into the organization’s business processes . . ." Notice it's not ISO requirements being integrated into a QMS, it's QMS requirements (or, internal processing requirements, or, planned arrangements) that are being integrated into organizations' processes.

If an ISO 9001-registered company seeks ISO 14001 registration, processing requirements satisfying the requirements of ISO 14001 are integrated into defined business processes that impact environmental objectives. (It may involve some processes OTHER than the ones defined to manage quality; these OTHER processes are still part of the single robust management system.) It's not the requirements of ISO 14001 (or the requirements of ISO 9001) that are supposed to be integrated into processing, again, it's planned arrangements or processing requirements SATISFYING 9001 and 14001 requirements that are integrated into processing.

A single effective management system designed to manage quality and environmental impact may be robust enough to be assessed to the requirements of both 9001 and 14001 (an integrated audit), but that doesn't make it an integrated management system. 

Agreed Dan. The issue I and

Agreed Dan.

The issue I and others see, is the proponents of Clause-based documented Management Systems. The policy manuals of any system must represent that organizations processes and hence referenced as such, not to headings of standards' clause which is the issue I have in the article Dan.

The book shows this and even the software it appears to use the HLS for the triangles of the schematics with E/OH MS and separately a QMS over the Processes. The article is contrary to ISO DIS 9001:2014. So the Policy Manuals will by implication, words and schematics show they will be clause based and not process-approach frameworks. Even the APQC PCF provides guidance for single or IMS's.

It is simple for companies: does your management system reflect you business needs and its processes. If not, write as such - not by the clauses/requirements of various standards.

AS9100C, ISO TS 16949 provide through their industry bodies provide many 'Process' tools andtechniques - APQP, PFMEA, SPC, PPAP, PCP, which the book include a few. Of course Balanced Scorecards 'Process Perspective', ERP / SAP 'Integrated Bsuiness Process Models'; Lean / Value Stream Analysis and Process Layered Audits are all afforded ease of application when companies have Process Based MS and IMS's and which you detailed, for more effective Internal and 2nd and 3rd party audits.


Thanks, Michael. 

Thanks, Michael. 

Dr Croft

Given Denmark and Spain are apparently developing an IMS Standrad; cluase-based QMS and IMS proponents; and the Process-approach QMS and IMS consultants - I guess he may feel that way. I would not know.

ISO has published a number of IMS documents and guides so I realise his Chairmanship finishes in 2015. He may have his objective achived but I would not know.

IMS Guidebook published by ISO


ISO Handbook for small businesses and the

ISO 9001 : 2008 Continual Improvement Model – Baking firm





Although the entire presentation may be of benefit, Dr. Croft addresses this issue at about 13:30.

If multiple standards are being applied to a management system, sure, the audit could be (and should be) an integrated management system audit. The audit criteria arising from the various standards are “integrated" to allow proper process auditing.

To say that the management system itself is “integrated” to address multiple standards suggests the purpose of the management system is to address requirements of various standards; the objective of establishing (and documenting) a management system is to pass audits. This mistaken notion has been perpetuated long enough. That’s why Dr. Croft pushes the idea that “outputs matter.”

The objective of establishing a quality management system isn’t to pass an ISO 9001 audit; it’s to output quality product. The objective of an environmental management system isn’t to pass an ISO 140001 audit; it’s to manage environmental impact. That’s why ISO is pushing the notion that “outputs matter” (outputs more dear to organizational survival than merely passing ISO audits).

It’s a ROBUST single management system that meets requirements arising from multiple standards. No management system should be defined according to the ISO standards being applied to it. Rather, it should be defined according to how it operates to output whatever it’s designed to output. 

To say that a management system is integrated suggests that the purpose of, or objective of the system, is to pass audits (or address requirements) involving multiple standards used to ASSESS management systems. The objective of a management system shouldn’t be to pass audits, but to output what it’s intended to output; the objective of establishing a management system should NOT be to "pass audits” or to “meet ISO requirements.” 

Outputs or outcomes

Hi Dan,

Understand about the Audits and agree. 

Howver, Outpts come from Processes and not clauses. The Article and the software seems to be saying just document any systems by its clauses or HLS. How can a clause produce an output.

Processes hiopefull efficiently trransform inputs into outputs that it or a combination achive or meet an outcoem for the customer or other stakeholders.

So Dr Croft is right for outputs from ....processes; but organizations seek outcomes.


HLS - a means to PAS 99 and overlay onto Processes for an IMS


Am wondering if I have misread your approach to an IMS. There are indeed benefits in consolidating all the clauses and elements in the various ISO standards. There are other 'Systems' but that a bit later.

The 'HLS' and PAS 99 help consolidate the various standards elements and clauses so that organizations to simplify and consolidate commonised requirements in the various selected ISO and other Industry standards/regulations.

That done then consolidate HLS elements and clauses can then be ready for overlaying tasks.

The APQC PCF, eTOM, IDEFO, ITLL III and then even a Balanced Scorecard or an ERP 'Integrated Business Process Model' are then useful to identify the Management, Core and Support Processes. The Shikume or Value Stream Map can even be used as defining the Core Process.

As ISO 9001.1:1994 (Correct - an oldie but a goodie) explained the Processes should have a BE Models later described that Process should demonstrate the right Approach, Deployment, Results and Improvement. Process Owners are selected and assigned to the various 12 to 14 Processes.

Process Objectives and the SIPOC / Turtle Diagrams can assist define the metrics and support to the 'Process and Activities'.

So we have the Processes or as in ISO DIS 9001:2014 the "Operation" - core, value stream and the Management an system support processes 'mapped' and become the headings of the policy or old Quality Manual - not any mention required for the HLS or PAS 99 elements or clauses - the system is to reflect the context, processes, stakeholders / interested parties of the business - not the headings of a HLS/PAS 99.

Best Practice IMS then is simply overlaying the consolidated HLS / PAS 99 elements and clauses from various ISO Standards the organization is using. This would appear to be as you suggested in your article for your firm you represent and published in your organizations’ software based and HLS / PAS99 directed IMS book, to then integrate them into one HLS / PAS 99 manual and system but not to the Business Processes and ISO DIS 9001:2015 ‘process-approach’.

Your elemental approach from what I read, I could be misreading your intent, is not what is intended or designed and implements as a true IMS. Spain and Denmark are seeking to design an IMS and other National Quality Committee’s including Australia are developing IMS Handbooks and Guides for assisting organizations embrace and implement a process-approach for integrated management systems.

TC 176 and international members have taken feedback and endeavoured to address many criticisms of ISO 9001 from 2008, 2000 and even back in 1994, along with Aerospace, Automotive and other Technical Specifications that seek to enhance the basis ISO 9001 Standard.

We expect the various international committees will have their Process-approach, Risk-based thinking and use of FMEA, Control Plans and other Annex SL intent, taken-up with like vigour and passion you have, to have that ISO DIS 9001:2014 ‘process-approach’ promulgated with integrity to that strategic intent come July 2015.

Why individual or IMS cannot be Clause based post Sept 2015


Worth reading ISI DIS 9001:2015 and why aligning clauses with HLS and PAS 99 is okay but any documentation must be 'Process-approach' structure.


"0.6 Compatibility with other management system standards – organizations are NOT required to follow an identical clause-by-clause sequence when defining their QMS and are encouraged to use the Process Approach as described in clauses 0-3 to 0.5 and in subclause 4.4, establishing a “... process-based quality management system.”