For an organization to flourish, standard operating procedures (SOPs) cannot exist in a vacuum. Yes, it is critical to develop, implement, and manage SOPs but without the other elements of an effective management system how do you know if your organization's procedures are appropriate, or effective, or even if they align with your policy and objectives?
To ensure your SOPs provide the correct levels of control, result in optimal outputs, and that the inputs, procedures, and outputs are in alignment with your core business they should be part of a wider management system.
In an effective management system you can expect to see:
Management systems do not have to be verified by an external body to be effective. However, a growing number of organizations require their suppliers to have an ISO certification before working with them.
With its headquarters in Switzerland, the International Standards Organization is an independent, non-governmental organization made up of representatives of the 164 member countries. Since its foundation in 1947 it has published over 20,000 standards covering everything from food safety and manufactured products to environmental management, and health and safety systems.
Some standards are industry specific such as the AS9100D series of standards in use by the aerospace industry, while others, such as ISO9001 are applicable to all organizations.
Interesting Random Fact
The organisation is called ISO but, ISO is not an acronym. Although it is called the International Standards Organization in English, the organization's name in other languages does not abbreviate to ISO. Instead ISO is instead a reference to the Greek isos (ίσος) which means "equal."
There are multiple ISO standards, such as ISO 9001:2015, which applies to quality management, and ISO 14001:2015, which applies to environmental management. These ISO standards lay out a set of criteria against which the framework of a management system is assessed, rather than the specific content of the management system.
For example, section 5 of ISO 9001:2015 covers leadership and requires the organization clearly document organizational roles, responsibilities, and authorities. However, it does not dictate what those roles, or their responsibilities and authorities should be.
The most commonly seen cross organizational management system standard is the ISO 9001:2015 standard for quality management. ISO 9001 is the quality management system standard and 2015 is the year of the current revision so you may see this written as either ISO 9001 or ISO 9001:2015.
All of the cross organizational standards follow the same basic structure, whether they cover health and safety management, environmental management or any other function. So, for the sake of clarity, for the rest of this post I'll refer to management systems to encompass all non industry specific standards, no matter what area of an organization they are meant to cover.
ISO management systems are built on a process approach to organizational management. It requires you to:
At first glance this seems to be a huge burden. However, points 2-4 & 6, can be created fairly quickly and simply using readily available template. It is the process mapping and operational management (discussed next) that takes the time.
Standard operational procedures are arguably the most important element of any management system. Without accurate, up to date, SOPs for staff to follow, a business places itself at significant risk of customer satisfaction or regulatory non-compliance.
This is why Keeni was developed, to allow you to create, use, and manage operational procedures interactively. With Keeni you no longer have to:
Instead, everyone can have access to the same version of your virtually hosted management system documentation all of which can be interactive. That means your workforce can access relevant procedures, utilize checklists and other fillable documents right there on their devices, and have their inputs immediately available to those with a need to know.
To achieve ISO certification a business must first design and implement an internal management system. This system must comply with the criteria of the standard for which the business wishes to be certified.
Once the management system is established, and at least two full internal audit cycles have taken place, the organization can request an external audit from their national certification body.
Each ISO member country has their own certification body which is responsible for providing certification audit services.
The certification body allocates a specially trained auditor to work with a business. The auditor will:
There is no easy answer to how many non-compliances will result in a fail. If there are one or two non-compliances in a couple of areas in a large and complex management system, that would not be a problem. On the other hand, if the same number of non-compliances were identified in a much smaller business, or all in the same area of a larger business this could result in a pass or a fail.
However, if there is a significant issue with any area of the management system this will result in a "major non-compliance." Any non-compliance will result in a failure to be certified or, if the business is already certified they will be given a specific timeframe in which to correct or their certification will be revoked.
There are multiple internal and external benefits of implementing a management system and having it certified as complying with an ISO standard. Internal audits will provide:
A simplified explanation of business stability expected for certification can be illustrated by the the "Run Over By A Bus" narrative and it goes like this:
Implement an effective management system and your business should carry on without you without missing a beat.
Product And Service Continuity
As part of a management system you will identify a specific standard against which you will measure your goods or services. Then, once you have mapped processes and developed and documented your procedures every person carrying out a specific task should:
In addition, you will put in place a system to monitor and review your output, preventing your customer receiving sub-standard goods or services.
By identifying any current, future, and potential risks to your business you will minimize the possibility of customer dissatisfaction or regulatory non-compliance.
Meanwhile, by obtaining certification you can:
An internal auditor who has developed and implemented a management system, may not be the best person to highlight any issues. If a mistake has been made with the development or implementation of the system then the person who made that mistake is unlikely to notice it. Either that or they may be unwilling to bring the non-conformance to anyone's attention.
Avoid Familiarity Blindness
An internal auditor may become overly familiar with the systems they are auditing. This can lead to oversights which, in turn, can compromise the effectiveness of the system as a whole.
Prevent Hierarchy Issues
In both the public and the private sectors, implementing a management system can reduce employee related obstacles. An external audit and the requirement for certification minimizes these issues.
Learn From The Experiences Of Others
While certification auditors cannot provide consultative services and, technically speaking, should not provide any advice at all, they are helpful souls who genuinely want people to achieve certification to ISO standards.
Consequently when there is an issue with a client management system it is not unheard of for auditors to share an anonymised account of another client in the same or similar situation. This can help an organization improve not only it's management systems, but in some cases it's processes and procedures.
Bid For Projects And Contracts
More and more businesses are using International Standards as a way of ensuring their suppliers and partners meet a specific minimum standard.
For example, the AS9100 series of standards is specific to the aerospace industry. A significant proportion of organizations, up and down the supply chain, require proof of AS9100 certification before contracting.
Have you had experience with ISO standards? If so, was it a positive or negative experience?