System standards are not management systems!
ISO
9001 and
ISO
14001 are management system standards. They do, however, provide a model that an
organization can choose to use to develop their own management system.
Management system standards reflect accepted and agreed good management practices
for determining, fulfilling and delivering upon particular stakeholder requirements.
System standards are often agreed by large groups of people, often from varying
backgrounds. Consequently, system standards will trail the technology curve by 10
to 15 years – but, this does not mean system standards lack great value!
Basis of System Standards
There are many reasons an organization may choose to ensure their system conforms
to national or international management system standards. These include:
- Benefit from lessons learned regarding good management practices shared across countries
and industries
- Better communication across systems (Organization to Customers and Suppliers); individuals
may communicate well, but organizations also need a common “language” to drive action
- Better internal communication across the parts of the system
- Legal protection: ignoring the requirements of national and international standards
is hard to explain in court!
- System certification
System Certification
When we talk about a company becoming “ISO
9000” certified, it means that an independent organization has assessed their management
system and determined that it conforms to
ISO
9001, the standard defining the requirements for quality management systems. These
independent companies are called registrars. A registrar issues a certificate to
the company so they may promote their conformity. The independent organization is
usually accredited by another independent organization (in the United States it
is the
ANSI-ASQ National Accreditation Board
or ANAB) giving additional credibility to the assessment and certificate issued.
System certification has only three purposes: to open new markets, allow the organization
to compete in existing markets or to reduce customer audits.
In theory, a company deciding to purchase goods and services from a company running
a certified system has assurance that their prospective supplier at least meets
the requirements of the system standards to which they are certified. Sometimes
this frees them from verifying conformity on their own (no supplier audit needed);
it also means they have some formal system in place for doing business and can communicate
in the language of “systems”.
Some companies develop management systems and ensure they conform to system standards
and never choose to certify their systems. Certification and the costs and benefits
associated with it is strictly a marketing decision - will you be able to sell to
more companies because you are certified? As you can see, “Getting certified” and
“Developing a Management System” are not the same.
“ISO”
The
International Organization for Standardization
is located Geneva, Switzerland and is responsible for international system standards.
Over 140 nations participate in the standards making process, including the United
States. “ISO”
is Greek for equal (not the International Standardization Organization!). As part
of membership to
ISO, the United States agrees to drop national standards in favor of
the agreed international standards so there is no conflict. So,
ISO
9001 is both our national and international standard for the requirements for quality
management systems. Some common system standards include:
ISO 9001
the requirements for quality management systems. For use by any organization, of
any size, service-based or manufacturing-based or other for systems managing quality.
Part of the
ISO
9000 Series of standards:
ISO
9000 contains fundamentals and vocabulary and
ISO
9004 contains guidelines for performance improvements (often representing future
requirements).
ISO 14001
the requirements for environmental management systems. For use by any organization,
of any size, service-based or manufacturing-based or other for systems managing
environmental performance. Part of the
ISO
14000 Series of standards:
ISO
14004 contains guidelines on principles, systems and supporting techniques.
ISO/TS 16949
technical specification, particular requirements for the application of
ISO
9001 for automotive production and relevant service part organizations. For use
throughout the automotive supply chain, the American and European automobile manufacturers
endorse this standard.
ISO/IEC 27001
Information Technology - Security techniques - Information security management systems
– Requirements replacing the British Standard BS 7799-2 information security management
systems – specifications with guidance for use.
ISO/IEC 17025
general requirements for the competence of testing and calibration laboratories.
ISO 13485
For regulatory purposes - quality management system requirements relating to medical
devices.
ISO/PAS 28000
Specification for security management systems for the supply chain - specifies the
requirements for a security management system, including those aspects critical
to security assurance of the supply chain. Applicable to all sizes of organizations,
from small to multinational, in manufacturing, service, storage or transportation
at any stage of the production or supply chain that wishes to: establish, implement,
maintain and improve a security management system; assure conformity with stated
security management policy; demonstrate such conformity to others; seek certification/registration
of its security management system by an accredited registrar; or make a self-determination
and self-declaration of conformity to the standard.
LE55, Why Concern My Company With ISO?
The
ISO
website provides more information on the role of
ISO and Standards
and their importance to organizations.
Some Other System Standards
Particularly with respect to quality management systems, some industries feel that
some international standards do not provide sufficient depth or cover requirements
unique to a particular industry. These industries, through trade or industry groups,
publish their own system standards, often extending the requirements published by
ISO.
Non-proliferation of system standards is a guiding principle for
ISO, so expect
ISO
to continue to develop system standards so these particular industry requirements
are satisfied – as has happened with
ISO/TS
16949. Some other system standards:
ANSI/AIHA
Z10-2005: Occupational Health and Safety Management Systems: OHSMS voluntary
consensus standard provides critical management systems requirements and guidelines
for improvement of occupational health and safety for widespread benefits in health
and safety, as well as in productivity, financial performance, quality, and other
organizational and business objectives. No international standard for the requirements
of an OH&SMS yet published, but expect it in the next few years.
AS9100: Requirements for quality management systems for companies doing
business in the aerospace industry. This standard contains all of the requirements
of
ISO
9001 and additional requirements specific to the aerospace industry. The requirements
come from several sources, but particularly the AAQG (Americas Aerospace Quality
Group) and the IAQG (International Aerospace Quality Group) with representation
from the major aerospace companies. The Society of Automotive Engineers (SAE) controls
this standard.
TL9000: Requirements for quality management systems for companies doing
business in the telecommunications industry. This standard is controlled by the
QuEST Forum (Quality Excellence for Suppliers of Telecommunications) and contains
cost and performance-based metrics for the system.
ISM
Code: International Safety Management (ISM)
Code for safety management systems responsible for the safe operation of ships and
preventing pollution. This standard is controlled by the International Maritime
Organisation and relates to the management systems on board ships, in the offices
on shore and the relationships between the two.
ISPS Code: International Ship and Port Security (ISPS)
Code for security management systems responsible for the security of port facilities
and the secure operation of ships. This systems standard is controlled by the International
Maritime Organisation for protection from crime, piracy and terrorism. ISPS relates
to the management systems on board ships, ashore, the port facilities and the relationships
between them.
LE58, Differences Between ISO 9001 and ISM Code
One Business Management System, Many System Standards
With so many system standards, it is often difficult to decide which (if any) are
vital to your organization. The grandfather of all system standards is
ISO
9001 (with its predecessors coming from British Standards and United States military
specifications). A system conforming to
ISO
9001 is also able to conform to one or more other systems standards that are deemed
necessary by the organization.
Because system standards are NOT management systems, be sure to develop your management
system around how you do business and not around published system standards. The
approach explained in this site shows you how to do this and still ensure conformity
to any management system standard.