Voluntary Engagement Will Help Companies and Auditors Communicate Cyber Risk Readiness
May 4, 2017
Ministers condemned for failing to pledge air pollution standards will be kept post-Brexit
May 4, 2017

Have you noticed that your orange juice may not just be orange juice anymore? While tasty and nutritious, simple orange juice may not always be enough for our increasingly competitive world. Maybe it has added calcium, or extra vitamins; it may even have an optimized amount of pulp for your individual needs. Management system certification has also evolved for an increasingly sophisticated market. Sometimes a single standard is just not enough.

In 1987, when ISO 9001 was first published, organizations were lauded for successfully implementing and maintaining a certified quality management system. Since that time, new management system standards have been created not only for diverse business sectors, but also for varying aspects within an organization, such as environmental, health and safety, and information security management. The Independent Association of Accredited Registrars (iaar.org) lists the following business sectors and aspects, each with their own management system standard or standards.

  • Aerospace
  • Automotive
  • Chemical
  • Disaster / Emergency Management
  • Energy
  • Environmental
  • Food Safety
  • Forestry
  • Hazardous Materials
  • Information Security
  • Information Technology
  • Medical Devices
  • Occupational Health &  Safety
  • Quality
  • Recycling
  • Supply Chain Security
  • Telecommunications

ISO recognized the trend of organizations choosing to implement more than one standard, and took action to facilitate this trend. ISO introduced Annex SL to bring some consistency of approach and terminology to management system standards, and to enhance the process of implementing multiple standards. ISO technical committees developing management system standards are required to use Annex SL. The Annex helps minimize the possibility that two ISO management system standards would have differing, or conflicting, requirements for the same processes. It greatly enhances the efficiency and effectiveness of integrated systems by sharing and dovetailing requirements. This minimizes redundancies and drives more systemic processes to better encompass the needs of different aspects of an organization.

To illustrate this point, let us consider an organization’s continual improvement process. Annex SL section 10.2 includes the following requirement for this. “The organization shall continually improve the suitability, adequacy and effectiveness of the XXX management system.” This leaves plenty of room for each standard to identify the details and specific requirements of the process, while ensuring that the basic goals—improving the suitability, adequacy and effectiveness of the management system—are consistent. Likewise, Annex SL requirements on topics such as competence, internal audit, management review and corrective action allow an organization’s varying aspects to mesh seamlessly into processes that cover the needs of all parties within the organization.

Annex SL requires the following 10 sections:

  • Scope
  • Normative references
  • Terms and definitions, including 21 defined terms
  • Context of the organization, including four sections and six “shalls”
  • Leadership, including three sections and five “shalls”
  • Planning, including two sections and six “shalls”
  • Support, including five sections and nine “shalls”
  • Operation, including one section and three “shalls”
  • Performance Evaluation, including three sections and 11 “shalls”
  • Improvement, including two sections and four “shalls”

Beyond the high level structure and minimum requirements, standards are customized to include their specific requirements. Annex SL is already being used by ISO 9001:2015 Quality management systems – Requirements, ISO 14001:2015 Environmental management systems – Requirements with guidance for use, and a number of other standards.

An example of this trend towards the certification of integrated management systems can be seen within the U.S. client base of Orion Registrar, an accredited mid-size certification body with 10 offices in seven countries, which performs accredited audits to 12 management system standards, and three product certification standards. During our 23 years as an accredited certification body, we have seen a growing trend for clients to pursue accreditation to multiple integrated standards. Within the U.S during each of the last three years, roughly 50% of our audit activities have included integrated standards. If we consider only initial certification activities, such as stage 1, stage 2 and transfer audits, the number varies between 60 and 70%.

For our clients based in the United States, those certified to integrated standards tend to fall into two main categories. The first contains standards that include, in whole or in part, ISO 9001, and are integrated with ISO 9001. These include such standards as the telecom quality management standard, TL 9000, and the three aerospace quality management standards, AS9100, AS9110 and AS9120. The second group includes standards that include, in whole or in part, ISO 14001, such as the e-waste recycling standards e-Stewards, R2 and RIOS. These are generally integrated with ISO 14001. A much smaller category includes clients who have integrated less related standards, for example an occupational health and safety standard such as OHSAS 18001, with ISO 14001, or pursued an integrated management system for ISO 9001 and ISO 14001.

We have very few non-integrated multi-standard clients. These are mostly IS0 9001 and ISO 14001 combinations. They account for less than 1% of our U.S. activities. This percentage has stayed relatively constant. Generally, an integrated audit is the most efficient use of a company’s time and resources when conducting audits to multiple standards.

Within each of the categories mentioned above, the level of integrated activities has stayed relatively flat or increased. The biggest increase has been in the category that includes ISO 14001. Our single-standard activities have likewise increased, keeping the proportion of integrated to single-standard activities within a small range.

It may be useful to note that the percentage of our clients certified to integrated management system standards is much lower for our clients in Bangladesh, Canada, Japan, Korea, Kazakhstan and Mexico. Likewise, our clients in these countries pursue certification to industry-specific standards, such as aerospace, telecommunication and e-waste recycling standards, at a lower rate than our U.S. clients. Of these countries, Japan and Kazakhstan have the highest rates of Orion clients certified to integrated or multiple standards, with 25% and 23% respectively.

According to Paul Burck, president of Orion Registrar, this trend has two main drivers: requirements of business sector-based or aspect-based management system standards, and market pressure. He points out that as the number of standards has increased, so has the number of companies requiring certification to integrated management systems.

Burck emphasized that there are inherent benefits to certification of integrated management systems: “The advantages and the strengths of an integrated management system lie in the fact that the various types of requirements can be blended seamlessly into a worker’s responsibilities, and are not separate, disruptive parts of their job. This can increase both efficiency and job satisfaction.” In an integrated management system, organizations have generally taken care not just to mesh the requirements of the management system standards, but also to assimilate these requirements within their organization’s culture and day to day activities. Overall objectives can more easily encompass all requirements, rather than viewing them in isolation. When an organization does not consider all their objectives in top management level reviews, it is easy to have competing, or even conflicting objectives, which makes their achievement more challenging than necessary. This can also inhibit continuous improvement efforts. Integration makes a management system not only stronger and more efficient, but also more effective.

put significant pressure on the ability to manage negative impacts over time as more people seek out rural and natural living environments.