Standards are solid, fixed and monolythic...but the key to understanding them is in the layers they bring together and knowing how to build them together in the right order.
This interesting rock was spotted on a beach in Looe, Devon by HCS Consulting Partner Ian Holroyd
© 2017 Ian Holroyd - all rights reserved
When all is said and done, that's the purpose of a Standard isn't it? External recognition that your hard work and achievement hits a benchmark that other people can recognise and compare to their own expectations.
Externally certified standards provide a badge-on-the-wall, a mark that says succinctly to others: you can have confidence that we do this well. Many of our clients choose certification to a standard as a short-cut to answer a long questionnaire or a validation that their approach is robust.
Nuance, understanding and clear logic are key to aligning your system with a published standard and getting certification. Whatever your aims, our experience and understanding will help you to navigate the layers of a standard and find a way of meeting its requirements which fits in with your business's needs and culture.
Several standards are going through a transition process at the moment: where you will ned to update your system to address the new published standard if you want to stay registered (at the moment it is ISO 9001:2015 and ISO 14001:2015).
Sometimes this means a change in vocabulary, new ways in which you are asked to think about things or specific requirements which will change what your documents have to say and what you have to do.
We've found that this is a great time to review your Management System - addressing the new requirements, but also making sure that it really works for your business. We can offer a range of support services to help your business make the most of this time as an opportunity, not a threat.
The Quality Management Standard is at the heart of many people's Integrated Management System and arguably requires you to address other Subjects that are important to your business or interested parties. It has evolved from Quality Control to Quality Management. When its done well, this includes managing the direction of your business as well.
The 2015 ISO 9001 standard focusses on much more extensive planning to understand and manage the context of your business: what does good look like? what can go wrong? which groups shape the way you operate. We have a wealth of experience applying this standard across a range of sectors, and particular expertise in understanding what it means for service-sector and professional-services businesses
Information Security Management deals with assuring the Confidentiality, Integrity and Availability of the information passing through your business. Traditionally, this standard has been the preserve of tech and financial industries, where companies safeguard exploitable financial details or deliver technology platforms. Increasingly though, people are turning to ISO 27001 to assure their customers about their information processes and as part of GDPR readiness.
Don't let anyone tell you the this standard is just about technology. ISO 27001 provides a highly structured approach (it requires you to have a clear, defined Risk Management Structure, and map the way you treat risk against a catalogue of Controls) but it can help you to understand and assure the flow of information into, from and around your business.
Understand and systematically improve impact on the Environment - reducing or eliminating negative impacts and achieving positive benefits wherever possible - through the ISO 14001 standard. Registered organisation will have defined compliance obligations and their environmental aspects, then set out systematic improvement programmes that demonstrate real improvement.
The OHSAS standard remains the de facto benchmark for a robust system to manage Health & Safety. It requires you to clearly understand the legal framework, assess risk and put in place programmes that improve safety performance. As the last of the major standards to still use the older structure, 18001 remains an accessible, straightforward framework to take good Health & Safety practice and turn it into a system of control and improvement
In 2018, the last of the major standards becomes aligned to Annexe SL. This has the potential to challenge a lot of existing Health & Safety Management Systems - does the system have a wide enough reach (are groups other than employees properly considered), how robust is performance monitoring and evaluation of compliance to both regulation and other obligations. This standard replaces OHSAS 18001 in 2018 and starts a period where registered organisations will have to look closely at their systems as they transition.
The introduction of a standard model for Management System Standards (Annexe SL) has produced fantastic new opportunities to extend the conformity and registration of your Business Management System. In addition to the four major Standards we discuss here, there are ISO Management Systems standards for Business Continuity, Bribery & Corruption Management and a host of other disciplines. And there are nearly as many SL standards in development as published, so the list is ever growing. Add to that a wide body of British Standards and the ability to use an external registration to assure your customers is amazing. Registration can be a bit more tricky, as many of these standards tend to have a niche selection of Certification Bodies and attract a premium registration cost, but the ability to demonstrate conformity to a published benchmark can be valuable.
Separate to the Management System requirements, many industries have published detailed specifications which explain how part or all of a Management System should be delivered to their interest or industry.
We have helped clients use the core of an effective Integrated Management System to deliver a wide range of other compliances, including PAS43:2015 Roadside Working compliance, BS EN 1090 Structural Steel conformity, Authorised Economic Operator status, BS 10012:2009 Data Protection compliance, the FORS Fleet Operation Recognition Standard for Vehicle Operations. A solid Integrated Management System gives you the foundation to tackle any issue robustly and effectively, so make your system explain what is important to you and your customers.