![]() Throughout ISO management systems, there is a reliance addressing your organisation's risks and opportunities. These should be relevant to the context of your organisation as well as any interested parties. You should ensure that your organisation has applied a risk identification methodology consistently and effectively. This is very important and at the heart of all four of our ISO standards which all take a risk-based approach. Indeed, in ISO 9001 alone, reference to risk-based thinking is present in all of the following clauses:
ISO defines a risk as the ‘effect of uncertainty on the expected result’. Effective management of risk is talked about well in advance to ensure there are less surprises, improved planning, effective decision making and better relationships with stakeholders. Effective management of risk leads to better performance, continual improvement and increases customer satisfaction. Opportunities are considered the positive side of risk which is why ISO 9001:2015 focuses on reducing risk and identifying opportunities. External and internal issues, and relevant needs and expectations of relevant interested parties, may be sources of risks. All management system processes represent differing levels of risk in terms of your organisation’s ability to meet its objectives. Due to this reason, the consequences of failures or non-conformities in relation to processes, systems, products and/or services will not be the same for all organisations. Risk and opportunity register While not mandated by ISO 9001, ISO 14001, ISO 45001 or ISO 27001, risk and opportunity registers can help identify and record the risks and opportunities facing different areas of the business and identifying risk is a critical step in managing it. Risk and opportunity registers will allow your organisation to assess the risk in context with the overall context of your organisation, and will help to record the controls and treatments of those risks. Risk and opportunity registers can be developed in tiers:
The risk and opportunity register or risk log becomes essential as it records identified risks and opportunity, their severity, and the actions and steps to be taken. It can be a simple document, spreadsheet, or a database system, but the most effective format is a table. A table presents a great deal of information in just a few pages. As the register is a living document, it is important to record the date that risks are identified or modified. Optional dates to include are the target and completion dates.
0 Comments
![]() When implementing an ISO management system, you should check whether your quality, environmental, health & safety and/or information security policies have been communicated and understood throughout your organisation. The policies must also be available to any relevant interested parties. If the personnel interviewed do not know what their measurable objectives are and/or do not know what the organisational objectives are that they have a direct impact upon, then you might need to evaluate the communication of your policies and objectives. Inferred awareness through knowledge of procedures is not considered sufficient - otherwise why have the requirement in the first place? A quick and convenient way to promote and communicate the policy might be to create a shortened version of the main policy - try condensing it to five key words or even a couple of short sentences. This can be posted on bulletin boards, for example. You could even add it to the reverse side of staff security passes or ID badges. The point is that you need to determine if your policy meets the intent and are understood. The exact content of policies does not need to be recited by individuals, but an awareness of the policies and how their job affects the company objectives is what you’re aiming for. Organisational roles, responsibilities and authorities Each employee needs to know who is responsible for the various elements of your management system to ensure a successful implementation. Develop an organisation chart and create job descriptions in order to clearly define roles, responsibilities and authorities and communicate those responsibilities and authorities throughout your organisation. You should develop and make available to all employees a list of key personnel and their job descriptions, responsibilities, along with an organisational chart of key employees as they relate to your management system. This should effectively define, document, and communicate the organisational structure of the management system. There is a need to demonstrate that there are identified staff who are responsible for ensuring parts of your management system is being properly taken care of. The sort of actions to think about might include: • Communication of roles, responsibilities and authority; • Processes and procedures to fulfil requirements are adequately resourced; • Awareness of expectations is demonstrated in all relevant levels of the organisation; • Reporting on the operation (e.g. results of audits and inspections) and performance of the management system (e.g. in business meetings, KPI reviews, etc). You should ensure that your organisation’s personnel have not only been advised of their management system responsibilities and authorities, but also that they understand these in the context of the overall purpose of the management system. You should also ensure that Top Management have assigned responsibility and authority for preserving the integrity of the organisation’s management system during changes (e.g. developing a new product or service line, moving premises, etc). If you would like to look at how to implement an ISO 9001 quality management system, then simply contact us. Or, if you want to see what's involved in more detail, then get a completely free, no obligation, totally tailored ISO Gap Analysis for your business (only available to UK businesses). ![]() ISO 9001:2015 requires your organisation’s quality policy to be appropriate to both its purpose and context. This means that once your organisation has determined its context and the relevant requirements of its interested parties, Top Management must review the quality policy in light of that information. You should review your organisation’s existing quality policy to determine whether it is appropriate to the context of the organisation and its purpose, that there is a commitment to continually improving the quality management system, and the quality objectives are consistent with the quality policy. Top management should demonstrate that the quality policy is compatible with the strategic direction and context of the organisation, as required by Clause 5.1.1 b. Your organisation will need to review its policies as necessary to ensure that any changes in context, interested parties or their requirements is reflected in the quality policy and whether your organisation’s objectives are affected (6.2.1 a). The policy does not have to include objectives but should create a framework for establishing them. The policy should be stated in such a way that it shows you are working towards continual improvement. It should be reviewed and possibly revised to meet higher aspirations. Develop and implement a policy that is consistent with the company’s codes of conduct and business practices. The policy should be signed by Top Management and commit to:
The standard does not require that the quality policy includes the words ‘continual improvement,’ however it must be clear that processes of continual improvement are implied and known throughout the organisation. To meet the intent of this clause, you simply need a clearly defined management system quality policy that is sufficiently detailed to provide a framework for the subsequent objectives which can be monitored for continual improvement. It’s there to assist an organisation in meeting their business objectives, better customer satisfaction and eventually more market share, which, in time, brings more profits for the organisation. For multi-site/corporate certifications, the policy must be applicable for all sites and be fully integrated with the objectives. If you would like to look at how to implement an ISO 9001 quality management system, then simply contact us. Or, if you want to see what's involved in more detail, then get a completely free, no obligation, totally tailored ISO Gap Analysis for your business (only available to UK businesses). ![]() Customer focus involves determining customer requirements and ensuring that processes exist to meet the requirements and achieve customer satisfaction. Enhance customer satisfaction by ensuring that customer requirements are identified. The principal message that Top Management must convey is that the objective of the business is to satisfy your customers by ensuring a process exists to achieve the following:
When auditing customer focus, you should assess whether customer satisfaction is adequately determined and whether appropriate corrective action is undertaken when things go wrong. The customer feedback process should be audited as a process in its own right and not just as a clause in the standard. Determine how this process is planned, implemented and improved as these factors will affect the processes’ ability to provide meaningful information about the effectiveness of the management system. Top Management must also ensure that customer and applicable statutory and regulatory requirements are identified and consistently met and that the focus on enhancing customer satisfaction is maintained. Top Management must also determine and address the risks and opportunities that can affect conformity of products and/or services and the organisation’s ability to enhance customer satisfaction. You should seek and record evidence that Top Management is taking a ‘hands-on’ approach to the management of the management system, so be prepared to constructively challenge Top Management’s commitment. Top Management’s commitment can likely be demonstrated by their actions, and by their views on the what the Management System policies mean to the everyday activities of your organisation, as well as policies’ relationship with your organisation’s strategic direction.
If you would like to look at how to implement an ISO 9001 quality management system, then simply contact us. Or, if you want to see what's involved in more detail, then get a completely free, no obligation, totally tailored ISO Gap Analysis for your business (only available to UK businesses). ![]() Whichever management system you put in place, Top management must ensure that the requirements of the management system, including the policies and objectives, are consistent with the strategic context and direction of your organisation, and that the policies and objectives are established whilst ensuring that the human and financial resources needed for implementing the management system are available. Top Management should take a ‘hands-on’ approach to the management system during interviews and whilst recording compliance to other requirements e.g. determining organisational context, policies, objectives, management review minutes, provision of resources etc.
Without solid management commitment, you will not have a successful management system. This is not a commitment in words, it is the continuous and active demonstration to everyone in the organisation that the need to meet customers’ expectations is vital. The actions required of Top Management must include:
If you would like to look at how to implement an ISO 9001 quality management system, then simply contact us. Or, if you want to see what's involved in more detail, then get a completely free, no obligation, totally tailored ISO Gap Analysis for your business (only available to UK businesses). |
WelcomeHere you'll find the latest blog articles on all things compliance, particularly focussed on quality, environment, health & safety and information security. Get a completely free, no obligation, totally tailored ISO Gap Analysis for your business...
Categories
All
Archives
October 2023
|