An Introduction or Refresher
Many businesses become interested in having safety or quality systems certified to a standard. The reasons for this are varied. It may be an internal need to demonstrate an effective management system, but often it is an external requirement – either from a large client as part of their quality management or possibly as part of a tender specification.
There is a lot of confusion around these standards and what is involved in gaining certification. I find there is a general lack of understanding from managers, business owners, and even those tasked with various compliance roles – and for good reason. There is a bunch of different standards that may apply. They also change. Take the recent changes to ISO 9001, and the soon to be created ISO 45001 as examples. So let’s go right back to the start for a full recap.
What are Management System Standards?
If we want to know that our refrigerator is built well, we need to set a standard as to what “built well” actually means. Then we can make sure we buy a fridge that complies with this standard. The same applies to various business management systems. If we, or someone else like a client, wants to know that the company they are to be working with manages their business well, they can look to see that that company has a management system that complies with a relevant standard.
Who sets the standard?
It depends on the standard. In Australia standards are developed and maintained by Standards Australia. The standards themselves (the documents) are sold and distributed by SAI Global. International management system standards are developed and published by the International Organization for Standardization (ISO).
What standards are relevant to Business Management Systems?
Again, there are a variety that may be relevant, depending on the nature of your business, but the standards that are commonly used are those that relate to quality, health and safety and environment. The standards are as follows:
- ISO 9001:2015 – Quality Management Systems. This standard has been recently upgraded from the 2008 version and sets a business standard for how to manage, assure and improve the quality of the product and service that is provided. Standards or guidelines include such aspects as:
- System requirements
- Management commitment
- Planning and processes
- Analysis and improvement
- ISO 14001:2015 – Environmental Management Systems. This standard has also been upgraded in 2015, and as the name implies sets the standard for environmental management. Considerations in this standard are similar to those in the quality standard (there is a reason for this) but relate specifically to the environment. So this standard looks specifically at:
- Planning and processes related to the environment
- Having considered environmental aspects and impacts.
- Resourcing for environmental management
- Analysis and improvement in relation to environmental impacts.
- AS 4801:2001 – Occupational Health and Safety Management Systems. For health and safety, we do not have an international standard, although that will be changing soon. We currently have an Australian Standard which is the one that most business will look to achieve. In 2017 we will see an international health and safety standard (ISO 45001: 2017) introduced. We will review this standard more closely when it becomes applicable, but for now some key requirements of AS 4801: 2001 are:
- OHS Policy
- Planning and Targets
- Resources, Training and Competency
- Documentation and Data Control
- Hazard and Risk Management
- Monitoring and Management
- System Audit and Review
What does certification mean?
Certification involves having an external party audit your system and determine that it complies with one or more of these standards. The external party themselves must be certified to audit to the relevant standard. Some companies will have a single system certified (often quality or safety), or alternatively they may have all the above systems certified (often called triple certification). The certification, if successful, lasts 3 years, but annual “surveillance audits” are required to ensure that the standard is not slipping.
How hard is it to become certified?
This question is very difficult to answer, as it largely depends on what you have in place already, as well as the nature of the business. The key thing to remember is that it is more than just writing some procedures. System implementation requires that you show that the process and procedures that you have in place are being used. As an example, let’s look at training and competency. Yes, you will need to have a procedure that describes your company’s approach to training and competency, but additionally you will need things such as:
- Identification of training and competency needs for each position (implies that you have positons defined and described).
- Evidence of completion of training (internal and external)
- Records that show who has completed training as well as who is due.
- How the training system responds to changes in business need.
Coming from limited or no systems, it is an achievable but considerable task. A person within the company will need to guide the implementation of the system(s), and there will need to be commitment from management. There are also various online systems that perform a considerable amount of backend work to drive the system(s).
If you would like any additional information or an assessment on what would be required for your business to achieve certification, please contact us on 0413 117 0179. We have helped businesses achieve and maintain all the above certifications.