All Together Now
Integrate management systems during your ISO 9001:2015 transition
by Govind Ramu
Even though my organization focused on integrating quality management systems (QMS, ISO 9001), environmental management systems (EMS, ISO 14001) and occupational health and safety management systems (OHSAS 18001), other organizations also could integrate relevant management systems to their business, including energy management system (ISO 50001), food safety management system (ISO 22000) and information security management system (ISO 27001).1
There are several benefits to having an integrated management system (IMS). In the long term, an IMS helps improve efficiency by removing redundancies of different management systems. Thanks to the high-level structure established for management systems standards,2 it is now possible for key requirements and processes to be integrated without having to add a cross-reference matrix of documented information.
Several requirements and processes in an organization can benefit from integration, as shown in Table 1. Any organization aspiring to set up an IMS should consider a phased implementation approach. As the organizational management system matures and addresses challenges, the organization can gradually integrate other requirements and processes. Forcing an integration all at once isn’t a good idea because your organization simply may not be ready.
Context of the organization
Defining the context of the organization involves determining external and internal issues relevant to its purpose, strategic direction and ability to achieve the intended results3 of the IMS.
An organization’s strategic direction might involve the introduction of new products. Technology, for example, can help with innovation. At the same time, it can be disruptive and require consideration of external issues, such as compatibility with other products in the market, market acceptance, safety concerns and the impact on the environment and local community.
Another example might be when a new blend of a chemical ingredient in a new technology can help to significantly improve product performance, but at the same time, be harmful to the environment if not carefully discarded or hazardous to users if they are not properly trained. An organization that just looks to improve product performance may not consider the perspectives of other management systems.
This is why it’s important that all relevant information be monitored and reviewed, and positive and negative factors or conditions considered. In a larger organization, this is performed during the strategic planning process. In small and medium-sized organizations, this can be done during a periodic integrated management review meeting.
During this review, an organization identifies new interested parties and evaluates the relevance of current interested parties and their needs and expectations. An organization with an IMS takes advantage of such a meeting to explore issues, needs and expectations of interested parties without having to replicate the efforts for each management system separately.
Addressing risks and opportunities
Risk assessments are performed by organizations formally and informally to determine risks and opportunities. An organization may formally call for a meeting with a cross-functional team and invite other interested parties (such as the supplier or customer) to identify issues that affect the organization.
There also are times when organizational members come together periodically to discuss issues relevant to their business process or deliverable and to identify issues that affect their ability to meet needs and expectations. These meetings tend to be smaller and less formal. Examples include a weekly yield review, supplier performance review and safety committee meetings.
The cross-functional approach tends to have broader participation and provide more structure for uncovering issues. The issues captured in the weekly meetings are still relevant, though, and these meetings offer a sense of immediacy for addressing issues.
The formal approach requires management commitment and a willingness by the participants to share their inputs ahead of designing and developing a product and service. In an informal approach to capturing and anticipating issues through the periodic meeting, the main objective is to achieve a certain yield, ensure a certain level of supplier performance or prevent injury to employees.
Action items from these meetings address risks and opportunities. Although you may not necessarily call the outcomes from these meetings "risks and opportunities," and there likely isn’t severity, probability of occurrence or prioritization assigned to them, all risks and opportunities are equally weighted and all are addressed.
Irrespective of how structured or sophisticated the risk assessment, the actions are required to be integrated with the management systems, and their effectiveness should be evaluated. Examples of these action items include implementing new controls, updating documented information and providing additional training.
An organization with an IMS brings representation from all management systems to the formal review and applicable informal reviews (such as weekly meetings) to capture risks and opportunities from all perspectives.
While there is no requirement for a quality, environmental, and occupational health and safety manual, organizations that find value in these materials can continue to keep them after their transition to ISO 9001:2015 and ISO 14001:2015.
IMS organizations combine the requirements from various management systems into one manual to prevent redundancy. Unfortunately, I have seen organizations simply copy and paste individual management systems' content into one document thinking that makes it integrated. In reality, it is only combined content—not integrated.
To provide the most benefit, an IMS manual should truly be integrated. Most organizations start with sections that are common to all management systems. Business processes for managing documentation, measurement and test equipment, internal audits, nonconformities and corrective actions are obvious areas to integrate first. As the organization understands the benefits of integration, more business processes can be gradually integrated.
An organization typically applies its QMS for a process like an incoming quality inspection, for example. The need for doing this is obvious because the specification requires incoming material to meet dimensional, metallurgical and visual criteria.
There are environmental and safety aspects relevant to this process, though, too. The incoming quality inspection could use environmentally unsafe chemicals for cleaning the materials prior to inspection, discard packaging materials that can create environmental impacts, or transport and handle incoming material from warehouse to inspection in a way that creates safety hazards.
An IMS for a process such as this covers requirements from all applicable management systems and ensures the control is effective and efficient. This prevents waste caused by having multiple forms of documented information for the same process.
Organizations often conduct separate internal audits for their QMS, EMS and occupational health and safety management system. QMS audits require an understanding of the business and manufacturing processes. EMS and occupational health and safety system audits require knowledge of environmental aspects and significant impact, health and safety risks, applicable regulatory, statutory and legal requirements. It is rare to find internal auditors with skill sets in all of these areas.
IMS organizations tackle this challenge in a way similar to that of documentation integration. Internal auditors can develop a process approach and cover the items that are common to management systems. When specific knowledge in an area is required, an expert can join the team.
Internal auditing is an important control, so it’s important not to dilute the process. Integration shouldn’t be forced by assigning auditors who lack skills and knowledge to any of the management systems.
In the early stages, even without an integrated audit, efficiency can be realized by conducting management systems audit concurrently for a given process. This will reduce the need for QMS, EMS and occupational health and safety audit managers to bombard business process owners with requests for audits at three different times.
Having a common management review for all the management systems is one of the first things an organization should do to integrate its management systems. This saves significant time for top management and provides an overall picture.
Early in the integration, it is acceptable to have QMS, EMS and occupational health and safety representatives present their results separately in the same meeting. This, however, is more like a consolidated or combined management review rather than an integrated management review.
As the organizational integration matures, results from IMS requirements can be presented as integrated outputs. These would include common issues, such as resources, audit results and corrective actions, which affect all management systems. Actions and opportunities identified also should take all of the management systems into consideration during the development of the plans and the verification of effectiveness.
Dealing with opportunities
Documented information for processes related to nonconformance, corrective action and continual improvement can be readily integrated during the early stages of the integration process.
In an IMS, when a nonconformance is identified in one of the management system implementations, it’s likely the corrective action is applicable to all management system implementations. The lack of a control in one management system could be a systemic issue affecting all management systems.
Likewise, integrated continual improvement processes take all management system perspectives into account. Improvement actions driven by the QMS are evaluated by asking, "Are there any unintended undesirable effects on the environment and employee safety?" In other words, is higher product quality coming at the cost of the environment or safety?
Managing these processes using a tool, such as a software application, can help further enhance efficiency in maintenance of the software tool and employee training.
Challenges and benefits of integration
In the initial stages of implementation, there are situations in which managers responsible for individual management systems may have conflicts as they ascertain their positions and authority. They may not agree on integrating or standardizing some of the processes. These challenges can be resolved by alleviating any concerns that a manager’s individual authority and positions will be eliminated.
Each management system requires unique skills that are not easily replicated by people managing other management systems. It’s important for organizations to recognize and accommodate this in the planning of activities such as internal auditing.
Another challenge is that external auditors with multiple management system qualifications are so few that they may not be available to conduct an audit at a time suitable for your organization.
One of the biggest benefits of IMS implementation is waste reduction achieved by eliminating redundant documentation, processes, actions (which could sometimes be contradictory), software tools, training and meetings.
External certification bodies recognize the benefits of an IMS and offer a reduction in audit days for conducting integrated audits.4
For an organization that has multiple sites with IMSs, this can be a significant cost savings that can be used to solicit top management support. IMS audits also reduce any frequent disruption of day-to-day business activities, keep the audit communication focused and improve employee awareness.
Above all, an organization can benefit from having the ability to understand how all of its business process owners’ actions affect all management systems, opening minds to think more broadly about the life cycle of products and services.
1. Govind Ramu, "Ready, Set, Transition," Quality Progress, December 2016.
2. Stefan Tangen and Anne-Marie Warris, "Management Makeover—New Format for Future ISO Management System Standards," International Organization for Standardization, July 18, 2012, http://bit.ly/2n97em5.
3. International Organization for Standardization, ISO 9001:2015—Quality management systems—Requirements.
4. International Accreditation Forum, "IAF Mandatory Document for the Application of ISO/IEC 17021 for Audits of Integrated Management Systems," Dec. 16, 2013, http://bit.ly/2mosB4I.
Hortensius, Dick, "Integrated Management Systems," International Organization for Standardization, Feb. 18, 2013, http://bit.ly/2nhlQiu.
Kymal, Chad, Gregory Guska and R. Dan Reid, Integrated Management Systems, ASQ Quality Press, 2015.
Govind Ramu is senior director, global quality management systems, at SunPower Corp. in San Jose, CA, and the chair of the U.S. Technical Advisory Group to International Organization for Standardization Technical Committee 176, subcommittee 1, on ISO 9000:2015 standards. Ramu is an ASQ fellow and holds six ASQ certifications: manager of quality/organizational excellence, quality engineer, Six Sigma Black Belt, auditor, software quality engineer and reliability engineer. Ramu is the author of The Certified Six Sigma Yellow Belt Handbook (ASQ Quality Press, 2016), co-author of The Certified Six Sigma Green Belt Handbook, second edition (ASQ Quality Press, 2015) and a contributing author of The Lean Handbook(ASQ Quality Press, 2012). He is also the recipient of the 2017 Crosby Medal.