April 2021 Blog Header image

This is one of the most frequently asked questions by our prospective clients, and, although it’s not easy to explain, it’s one of the best things that can be done to run a successful high quality business. 

In this blog we’ll aim to clarify what it means to have an established and successfully implemented Management System in your business, ready for Certification to the most common internationally recognised ISO Management System Standards, such as ISO 9001 for Quality Management, ISO 14001 for Environmental Management and ISO 45001 for Occupational Health and Safety Management.

A Management System is a framework of policies, processes, procedures, templates, and other relevant documents that an organisation implements in order to run the business towards its objectives and goals.

When it comes to meeting the requirements of one or more ISO Management System Standards, the business Management System needs to follow and conform to the requirements of one or more Standards. For instance, the ISO 9001 Quality Management System Standard is a set of quality management best practice requirements that a business needs to conform to in order to achieve ISO 9001 Quality Certification. This results in your business becoming acknowledged as running in accordance with an internationally recognised quality standard.

To give you an idea of what’s required, a Management System in a small to medium sized organisation can simply be established as an electronic folder structure saved on your server or on the cloud, consisting of sections such as:

  • Company policies

  • Management, support and operational procedures

  • Templates and registers

  • Business planning documentation

Larger organisations can sometimes have these items (e.g. policies, procedures, templates, etc) already embedded as part of their particular operational software tools that are in place across the business.

It’s important to understand that an effective Management System doesn’t just mean writing policies and procedures – it’s about aligning the documented information with the goals of the business, with effective and consistent implementation to create a business framework for continual improvement.

Employees working together to implement Management System

What policies, procedures, templates, and business planning documentation does my business need?

This depends on the ISO Management System Standard(s) you decide to implement in your business, and also on what the organisation does and its needs – the way you run your business. For example, if a manufacturing firm wants to achieve Certification to the requirements of the ISO 9001:2015 Quality Management Systems Standard, they will need to develop and implement a number of documents that reflect the way they operate, such as:

  • Business planning documented information from planning activities such as identification of the interested parties to the business and their needs, SWOT (Strengths, Weaknesses, Opportunities and Threats) analysis, company objectives and targets and management plans, risk and opportunity assessment, business continuity plan;

  • Policies, including but not limited to Quality Policy, Risk Management Policy, Code of Conduct; 

  • Management Procedures, such as legal and other requirements procedure, nonconformance management, internal audit procedure, etc.;

  • Supporting Procedures including document control, human resource management, change management, management of external suppliers, just to name a few;

  • Core/Operational Procedures such as tendering, sales, manufacturing, warehousing, dispatch, etc; and

  • Templates and Registers which may be referenced in the above procedures, and should be accessible by the relevant responsible workers and used on a regular basis or as required.

How can these documents and processes be implemented in my business?

Every policy and procedure should be effectively implemented in the business.

But what does the effective implementation of the company processes mean? 

It means that the developed policies and procedures are assigned to a respective responsible person, who ensures the process is correct (according to the relevant ISO Standard and to the way the business operates) and that it is effectively implemented. ie. Our Management System achieves what we need it to and we are doing what our management system says we do.

Let’s take a look at a couple of examples:

A procedure about external providers should explain how the company assesses, selects, and evaluates the performance of their external providers (i.e. suppliers, contractors, outsourced activities). In order for these procedures to be effectively implemented, the organisation should also be able to show evidence, such as the assessments of critical external providers, documented reference checks, signed supplier/contractor agreements, and regular records/documented evidence of their performance evaluation throughout the year. 

Why do we do this?

To ensure that our external providers meet our requirements on an ongoing basis and, where they’re involved in providing products and/or services to our customers, we’re certain they’ll meet our quality standards and our customer requirements.

Another good example is the implementation of Human Resources (HR) processes. In the HR procedure, the process regarding onboarding new employees should be explained with reference to the induction process including the necessary forms, training and competency documents, review responsibilities, etc. The relevant templates and/or registers should be kept in the designated locations. Implementation of this process can be demonstrated through records of employee inductions, competency assessments, training certificates, staff performance reviews and the currency of any related registers that hold related information.

Why do we do this?

To ensure our employees who are delivering our products and/or services to our customers have the appropriate training and competency to meet our customer requirements, on an ongoing basis.

Framework of policies and procedures

How can we help you to develop and implement an effective Management System?

The ISO Management System Standards are quite flexible and don’t specify exactly which documents you need to have in place to successfully meet the requirements. This is quite beneficial because it means each organisation can develop their Management System to meet their own operational requirements, to suit the way they run their business. However, without the knowledge of the ISO Management System Standards and experience in implementing the requirements, this can become challenging.

Our ISO Certification Experts team specialise in developing Management Systems and improving structures that are customised for each client organisation and are then further verified by the external auditors.

We divide the project for Management System development and implementation into three phases, as shown below:

Management System development and implementation phases
  • In Phase 1, we get to know your organisation, scope of work, your current systems, and how you’re delivering your products and/or services to your customers. We spend time with you to identify your organisation’s interested parties and their needs, conduct a SWOT analysis, set up objectives and targets for your business, conduct a risk and opportunity assessment and map your core/operational processes. This is conducted through a number of workshops which we schedule based on ours and your availability.

  • In Phase 2, we reverse-engineer your Management System to suit your business, from all the information we gain during Phase 1, to develop customised policies, procedures, processes, templates and registers for your organisation.

  • In Phase 3, we conduct awareness training and coaching with your team to ensure that you have a clear understanding on how to successfully implement the newly established Management System. Then you will have a few weeks to run with the system before we come back and conduct the internal audit to ensure that you are now “doing what your Management System says you do”. The very last thing before your external audit is conducting your first management review meeting and ensuring that you’re ready for the external auditor from your chosen Conformity Assessment Body (certifier).

After all that, your system should be ready to successfully go through the external audits, with the outcome of achieving ISO Certification (issued by your chosen Conformity Assessment Body) –Phase 4 in the infographic above.

Since we started the business in 2007, every company that has followed our recommendations has achieved certification first time, and, as a result, we offer a Certification Readiness Guarantee – by following our proven planning process and advice, supported by our extensive industry experience, we can get you certified first time – Guaranteed!

If you still feel that you need assistance with interpreting any of the ISO Management Standard requirements in relation to your business activities, call us now on 1300 614 007, email us, or book your FREE strategy session.

About the author

Consultant at ISO Certification Experts

Ivona develops customised management systems for our clients, to meet the certification-readiness requirements of ISO 9001, ISO 14001 and ISO 45001. She has a Master of Business Administration and Diploma in ISO Integrated Business Management Systems.