Demystifying ISO Management System Standards and related Guidelines
By Stephen Simmonds (Independent Lead Consultant – Integrated Management Systems: CGF Research Institute) and peer reviewed by Terrance M. Booysen (Director: CGF Research Institute)
The number of management systems has risen dramatically in recent years, reflecting the increasing governance demands being placed on more and more organisations and their boards, and especially so in the wake of a myriad of governance scandals and corporate collapses locally and abroad. Indeed, as organisational stakeholders become more informed of business best practices and codes of governance such as King IV™ — which require organisations to report upon their 6-capitals — it comes as no surprise that improving the organisation’s performance across a wide range of areas becomes a critical imperative for the organisation’s overall sustainability. The challenge many organisations have today is that most of them have more than one management system and these are often duplicated, redundant or inadequate which ultimately affects the organisation’s performance and resilience.
In the same way there are many different types of ISO management system standards and related guidelines that have been developed to suit different business sectors. These standards apply to product or service quality, operational efficiency, environmental performance, health and safety in the workplace and many more.
The benefits of applying these standards within an organisation include:
- more efficient use of resources and improved financial performance;
- improved risk management practices;
- increased protection of people and the environment;
- increased capability to deliver consistent and improved services and products, thereby increasing value to customers and vested stakeholders, and
- greater stakeholder assurance that the organisation is being properly governed.
To demystify how all these standards, relate to one another, it is important that organisational leadership — namely the board and its executive — understand the inter-connectedness of these standards, moreover that they also support the principles of many codes of governance adopted across the world. In the illustration, the four (4) quadrants set out some of the ISO (International Standards Organisation) documents and their relevance to the organisation’s management systems.
(Diagram adapted from the MSS Chart published by the BSI (British Standards Institute))
Indeed, the overall standard that covers the actual governing of the organisation and its collective management systems, will be covered by the imminent ISO 37000, which is expected to provide guidelines for governing the organisation as a whole. It is anticipated that ISO 37000 will provide the key principles, relevant practices and a governance framework to assist the organisation’s leadership to direct and control the activities required in the business. In this regard, ISO 37000 is also expected to provide clear guidelines pertaining to the accountability of the board, including management’s responsibilities such that they are adequately equipped to fulfil their purpose and fiduciary duties.
Quadrant 1 in the illustration refers to generic ISO management system standards examples that give requirements (or guidance) to assist organisations to manage their policies and processes in order to achieve specific objectives. Example standards shown in this quadrant are those which organisations can adopt and once implemented, they will make use of an ISO-approved certification body to verify, audit and certify the organisation’s compliance with the applied standard. Each one of the management system standards shown in this quadrant — namely ISO 9001, ISO 14001 and ISO 27001 — have their own family of standards, but the management system standard is the only one in each family that is certifiable.
As an example to understand what a “family” (sometimes known as a series) is, in the context of ISO standards, we can use ISO 9001 as an example. There are three (3) other standards that together with ISO 9001, form a family.
- ISO 9000: Quality Management Systems – Fundamentals and Vocabulary (definitions)
- ISO 9004: Quality Management – Quality of an Organisation – Guidance to Achieve Sustained Success (continuous improvement)
- ISO 19011: Guidelines for Auditing Management Systems
These additional standards provide guidance and direction that assist in the effective implementation of an ISO 9001 management system. Their importance cannot be understated by management responsible for implementing an ISO management system.
Quadrant 2 refers to some of the sector specific management system standards. Sector-specific standards are requirements developed by a particular industry to address their specific needs. These standards are used in the main by subject matter experts that are part of the management system implementation team and provide specific knowledge and experience that is utilised in the design of the content of a generic management system.
Quadrant 3 refers to ISO management system related example standards that provide further guidance on specific aspects of the management system, the standard itself and various support techniques.
ISO 10013 provides guidelines issued by those persons responsible for the development and maintenance of the documentation necessary to ensure an effective quality management system, tailored to the specific needs of the organisation. The use of these guidelines will aid in establishing a documented system as required by the applicable quality management system standard. This standard can be used to document management systems other than that of the ISO 9000 family, for example environmental management systems and safety management systems.
The other examples are related to guidelines for the auditing of management systems. These documents provide guidance on auditing management systems, including the principles of auditing, managing an audit programme and conducting management system audits, as well as guidance on the evaluation of the competence of individuals involved in the management system audit process. These activities include the individual(s) managing the audit programme, auditors and audit teams.
Quadrant 4 refers to some of the ISO management standards that — although specific — have a broad impact on the management system and should be known and understood by leadership and senior management.
The ISO 26000 guideline on social responsibility provides guidance on the underlying principles of social responsibility, moreover, recognising the importance and value of engaging the organisation’s stakeholders pertaining the organisation’s social responsibility programme. The standard furthermore emphasises the importance of results and improvements in performance on the organisation’s social responsibility programme. ISO 26000 can be used with most generic standards where social responsibility should be recognised along with stakeholder identification and engagement.
ISO 31000 provides the organisation with guidelines for managing its risks. The purpose of the risk management framework within ISO 31000 is to assist organisations in integrating risk management into significant activities and functions. The effectiveness of risk management will depend on its integration into the governance structures of the organisation, including decision-making. This requires support from the organisation’s key stakeholders, particularly top management.
ISO 31000 can be used with most generic standards where risk-based thinking needs to be part of the management culture and the treatment of risk managed in a planned manner.
In conclusion, the involvement of the organisation’s leadership — as part of the implementation of management systems — is key to its success as they establish unity of purpose and direction of the organisation. They should create and maintain the internal environment in which people can become fully involved in achieving the organisation’s objectives. Applying the ISO standards as outlined in this article, amongst others, will assist the organisation’s leadership to ensure that:
- people will understand, and be motivated towards the organisation’s goals and objectives;
- activities are evaluated, aligned and implemented in a unified way;
- miscommunication between different levels of an organisation will be minimised;
- a clear vision and purpose of the organisation’s future is established and entrenched;
- challenging goals and targets are set;
- shared values, fairness and ethical role models are established at all levels of the organisation;
- trust is established and fear that paralyses required actions is eliminated;
- people are provided with the required resources, training and freedom to act with responsibility and accountability; and
- people are inspired, encouraged and their contributions to the organisation are
For further information contact:
SynergyGRC (Pty) Ltd
Stephen Simmonds (Director) Cell: 082 881 9389
E-mail: email@example.com | Web: www.synergygrc.com
CGF Research Institute (Pty) Ltd Terrance M. Booysen (Director)
Tel: +27 (11) 476 8264 / Cell: 082 373 2249
E-mail: firstname.lastname@example.org | Web: www.cgfresearch.co.za