- Date: Wednesday 19th July 2017
- PDF: Download
Hearing the words “I shall be recommending your management system for certification” are music to the ears of many an organisation, usually marking the end of a long and stressful journey. However, the temptation of thinking we can all relax now and forget about ISO stuff for a long time is sadly all too common, often resulting in even more stress and problems when the next surveillance audit comes round (surprisingly quickly).
After the certification audit
An external audit will often identify opportunities for improvement or non-conformances. The first thing to do is to do the unthinkable – embrace these and see them as useful pointers which will help your system get better. An OFI or NC must not be seen as negative!
The management review clause requires the consideration of the results of audits, so a summary of the results should be prepared for senior management, along with an action plan. However, it’s critical to look into the root cause of NCs as a ‘quick fix’ will not prevent it happening again. Certification bodies require root causes and corrective actions to be reported to them where NCs have been issued, so it’s not an optional process.
Successful organisations realise that it’s wise to continue to ‘ride the wave of enthusiasm’ created on the road to certification, and continue to ensure that staff are involved and empowered to drive ongoing increases in performance and control – this is known as continuous improvement and is a mandatory clause requirement.
Where system elements are managed by a select few, or where knowledge or skills are limited to certain staff members, it may be wise to find ways to get others involved and ‘buying in’ to the system.
The old way of managing ISO systems all too often involved one person being named as the ‘XYZ Manager’ and anything that came up relating to the system was directed their way. Times have moved on considerably, and organisations now need to demonstrate both good, effective Leadership and diverse staff responsibility to show that a strong, effective and embedded system is in place.
Systems do not remain current for long - things move on very quickly. If you allow a system to stagnate it will lose its effectiveness and you will quickly be seeing lots of NCs popping up at external audits.
Common problems include:
- Compliance Obligations / Legal Requirements not kept up-to-date
- Internal audits not completed on time or linked to NCs and corrective actions
- Corrective actions not being closed out in a timely manner
- Management reviews not being conducted at planned intervals
- Document control not being maintained, resulting in incorrect versions/dates
A sensible idea might be to create a system maintenance checklist to identify the various parts of the system which you need to keep an eye on so they stay current. This might be completed on at least a quarterly basis, and could even form part of other management system processes, such as management review. Alternatively, SSG can provide support service to do this for you.
If you would like further advice or assistance with maintaining your existing management system please ask one of the SSG team about our Advisor ISO membership package.
Source: Chris Prior, SSG