the complete guide to iso management systems

I

ISO

The Complete Guideto ISO Management Systems

(Ebook for Normal People)

II

Edited byOliver PetersonAdam Henshall

Contributions fromOliver PetersonAdam HenshallBen Mulholland

Thom James Carter

Principle designAdam Mousa

Design assistanceAnnace Dato

Index i

Index

Introduction 1. What is ISO? A Simple Introduction for Normal People 1 2. Management System Standards: 2An Overview of ISO’s Shared Framework 2

Annex L 33. Making ISO Work For (Not Against) Your Organization 4

The Problem of ISO 4The Standard Operating Procedure (SOP) Solution 4The First Ever Business Process 5Using Standardized Processes to Work 5 Times Faster 5SOP Anatomy: What does a SOP Look Like? 6Importance and Benefits of Standardizing Your Processes 7Policy & Procedure: Why Systematize Your Business? 7

4. Best Practices: Writing SOPs for ISO 9Understand How to Present Your SOPs 9

Create a simple checklist 9Create a complex linear checklist 10Map out a process flow diagram 10

Align Your Stakeholders 10Be Clear on the Purpose 11Determine the SOP Scope 11Use a Consistent Style 12Use Correct Notation (If Applicable) 12Determine Each Step of the SOP 13Identify Potential Problems 13Determine Success Metrics 13Test the SOP 14Seek Feedback 14Understand the Process for Optimizing a Process 15Perform a Risk Assessment 15Consider a Flow Diagram 15Finalize and Implement the SOP 16

5. ISO for Business Process Management: More Compliant, More Actionable BPM 176. Continuous Improvement: A Central Theme of ISO 18

The Deming Cycle 18Plan 19Do 20Study 20Act 21

The Important Distinction Between PDSA and PDCA 217. ISO for Quality Management Systems (QMS) 24

What is a Quality Management System? 24Overview of ISO for Quality Management 25

Index ii

Standard Showcase: ISO 9001:2015 for Quality Management 26What Does ISO 9001:2015 Look Like? 26Benefits of Implementing ISO 9001:2015 for Quality Management 27Key Principles of ISO 9001:2015 for Quality Management 27

8. ISO for Environmental Management Systems (EMS) 28What is an Environmental Management System? 28Overview of ISO for Environmental Management 28Standard Showcase: ISO 14001:2015 for Environmental Management 29Benefits of Implementing ISO 14001:2015 29

Risk reduction 29Leading by example 29Tax incentives 29For your employees 30Brand image and PR 30Renewable & non-renewable resources 30

Key Principles of ISO 14001:2015 for Environmental Management 301. Environmental policy 302. Planning 313. Implementation 314. Study & correct 315. Management review 316. Continuous improvement 31

9. ISO for Energy Management Systems (EnMS) 32What is an Energy Management System? 32Overview of ISO for Energy Management 32

Energy audits 32Energy management systems 32Energy services 33Energy savings 33Energy efficiency 33

Standard Showcase: ISO 50001:2018 for Energy Management 33Benefits of Implementing ISO 50001:2018 for Energy Management 33Key Principles of ISO 50001:2018 for Energy Management 34

10. ISO for Food Safety Management Systems (FSMS) 35What is a Food Safety Management System? 35Overview of ISO for Food Safety Management 36Standard Showcase: ISO 22000:2018 for Food Safety Management 36Benefits of Implementing ISO 22000:2018 for Food Safety Management 36

Take control of your processes and procedures 36Document important processes and procedures 37Improve customer & client satisfaction 37Encourage others locally and internationally to work with you 37Eliminate food risks 37

Key Principles of ISO 22000:2018 for Food Safety Management 3711. ISO for Corporate Social Responsibility (CSR) 39

Index iii

What is Corporate Social Responsibility? 39Overview of ISO for Corporate Social Responsibility 39Benefits of Implementing ISO 26000:2010 for Corporate Social Responsibility 40Standard Showcase: ISO 26000:2010 for Corporate Social Responsibility 40Key Principles of ISO 26000:2010 for Corporate Social Responsibility 40

Accountability 40Transparency 41Ethical behavior 41Respect for stakeholder interests 41Respect for the rule of law 42Respect for international norms of behavior 42Respect for human rights 42

Seven Core Subjects of ISO 26000 43Organizational governance 43Human rights 43Labor practices 43Environment 43Fair operating practices 44Consumer issues 44Community involvement and development 44

Sustainable Development 4412. ISO for Risk Management Systems (RMS) 46

What is a Risk Management System? 46Overview of ISO for Risk Management 46Standard Showcase: ISO 31000:2018 for Risk Management 47Benefits of Implementing ISO 31000:2018 for Risk Management 47Key Principles of ISO 31000:2018 for Risk Management 48

13. ISO for Management System Auditing (ISO Audits) 50Overview ISO for Management System 50Auditing 50Seven Principles of ISO Auditing 51

Integrity: The foundation of professionalism 51Fair presentation: the obligation to report truthfully and accurately 52Due professional care: Diligence and judgement in auditing 52Confidentiality: Security of information 52Independence: Audit impartiality and objectivity 52Evidence-based approach: Rational, reliable, reproducible results 53Risk-based approach: Considering risks and opportunities 53

ISO Certification: Is It Necessary? 53Benefits of ISO Certification 54

How ISO 9001 certification benefits your business: 54How ISO 9001 certification benefits your customers: 54How ISO 9001 certification benefits your employees 55

Different Types of ISO Audit 55First-party 56

Index iv

Second-party 56Third-party 56

14. Free ISO Checklists 58 ISO 9001 Internal Audit Checklist for Quality Management Systems 59

How to use this checklist for ISO 9001 60 ISO 14001 Environmental Management Self Audit Checklist 61 How to use this checklist for ISO 14001 62

ISO 19011 Management Systems Audit Checklist 63 How to use this checklist for ISO 19011 64 ISO 26000 Social Responsibility Performance Assessment Checklist 65 How to use this checklist for ISO 26000 66 ISO 27001 Information Security Management System (ISO27K ISMS) Audit Checklist 67 How to use this checklist for ISO 27001 68 ISO 45001 Occupational Health and Safety (OHS) Audit Checklist 69

How to use this checklist for ISO 45001 7015. Agile ISO: How to Combine Compliance with Rapid Process Improvement 71

Recent ISO Changes = Agile Friendly 71But What Makes This Agile? 72Requirements for Agile ISO 72How to Get Started with Agile ISO (5 Easy Steps) 73

16. How Process Street Works 75Stop Tasks 76Conditional Logic 76Dynamic Due Dates 77Task Permissions 77Task Assignments 78Role Assignments 78Webhooks and Integrations 79Approvals 79

Further Reading 80Business Process Management 80Standard Operating Procedures 80Templates 80

General ISO audit 80QMS audit 80EMS audit 80IMSMS audit 80CSR audit 80OHS audit 81SOP 81

Disclaimer 82References 83

Introduction

Introduction

ISO is a constantly changing beast, and as such you can find an abundance of (mis)information online pertaining to outdated terminology, standards, or worse, McArticles that promise to deliver useful, actionable insight when in actual fact the information lacks substance or repeats incorrect information.

This guide is an attempt to provide a useful, actionable overview of ISO for business application; specifically how to implement ISO in a way that works for your organization as an asset, as opposed to a cumbersome and unwieldy system of sluggish documentation for documentation’s sake.

I’ll attempt to outline the most important ideas of ISO, as well as current terminology, and how to approach implementation.

So, let’s start with some basics.

1. What is ISO? 1

1. What is ISO? A Simple Introductionfor Normal People

ISO stands for International Organization for Standardization, and it’s one of the most renowned and well-established entities for setting and maintaining standards in the world. ISO’s standards have been implemented by companies and organizations of all sizes and industries throughout 164 countries since its founding in London, 1947.

So, ISO basically creates new standards; these standards are agreed upon by relevant experts in the field. The point of ISO is to provide an informed and reliable basis for companies and organizations to base their standard operating procedures, and generally run their operations.

A standard can be defined as an established set of requirements that have been agreed upon by many people. This is the same for an ISO standard. In order for an ISO standard to be created, it must be substantiated by a number of experts from many different, autonomous standards organizations.

So, this means that when a company follows an ISO standard, they are following a standard that was agreed upon by 100+ standards organizations as the best possible practice guidelines to follow.

That’s pretty much what ISO is all about. They have published thousands of standards across all types of industries. More recently, ISO has created a shared structure that many of their standards utilize to make cross-functionality and multi-standard integration more easy.

This shared structure is known as the MSS structure.

ISO

2. Management System Standards 2

2. Management System Standards:An Overview of ISO’s Shared Framework

Certain ISO standards focus on management systems, such as: quality management (ISO 9001), risk management (ISO 31000),and environmental management systems (ISO 14001), to name a few.

These are sometimes referred to as “Management System Standards”. They outline specific guidelines for companies to follow in order to effectively build and maintain management systems.

Some of the more popular ISO MSS include:

• ISO 9001:2015 (quality management systems)• ISO 14001:2015 (environmental management systems)• ISO/IEC 27001:2013 (information security management systems)

In addition, there are also ISO MSS that provide guidelines for management standards that operate within specific, somewhat niche, industries or departments, such as:

• ISO 13485:2016 (Medical devices)• ISO/TS 22163:2017 (Railway applications)• ISO/TS 29001:2010 (Petroleum industries)

Certain ISO MSS act as guides or provide further elaboration on particular areas of an organization’s management system, to help deepen the understanding of more complex systems.

• Some of these standards include:• ISO/TS 22003:2013 (Food safety management systems)• ISO/TR 10013:2001 (QMS documentation guidelines)• ISO 19011:2018 (Auditing management system guidelines)• ISO 26000:2010 (Social responsibility guide)• ISO 31000:2018 (Risk management guide)

The one thing many of these standards share is their core structure, known as the Annex L

MS S

2. Management System Standards 3

structure.

Annex L

Annex L (formerly Annex SL) is a high-level, 10-part structure built to optimize the development, upkeep, and continuous improvement of management systems.The purpose of Annex L is to promote uniformity amongst the Management System Standards.

As ISO continues to update its standards, it will eventually conform all its standards to follow the Annex L structure as its foundation, so that the standards are more compatible with each other and easier to integrate.

The Annex L MSS structure is:

1. Scope2. Normative references3. Terms and definitions4. Context of the organization5. Leadership6. Planning7. Support8. Operation9. Performance evaluation10. Improvement

This is the structure shared by all ISO Management System Standards, and as such will be the basis for all standards looked at in this document.

3. Making ISO Work 4

3. Making ISO Work For (Not Against) Your Organization

We’ve looked at some high-level stuff, but what does it really mean to implement ISO in your company? What are the core elements of ISO?

Basically, it comes down to lots of procedures that tie together - checking, auditing, documenting - all of the inner workings of your business, in the form of procedures.

When it comes to ISO, procedures are the base unit of a management system.

That said, the task is to make ISO work for your organization by facilitating more efficient, effective procedures. This brings us to one of the chief problems of ISO.

The Problem of ISO

It is common to see that the core idea of how ISO should be implemented and work for an organization is lost in the idea of documentation vs execution. Too often will there be an obsession with recording and documenting procedures to ensure compliance with requirements of a given standard, without actually asking the crucial question:

“Are the procedures actually good? Do they work, and are they actionable?”

Without considering how to make your procedures actionable and thereby understanding ISO as a tool to facilitate continuous improvement, organizations miss the point of ISO entirely.

ISO is not just about meeting arbitrary requirements for short-term gains (and maybe pleasing a couple of prospective customers on paper) - rather it’s about grasping the core functional units of a business system with an intent to enhance work productivity and efficiency.

The Standard Operating Procedure (SOP) Solution

SOPs go hand-in-hand with ISO standards. With a solid understanding of how to make ISO work for your organization, you can build better SOPs, and vice-versa.

What do we mean by “SOPs”, exactly? Why is it necessary to think about work in such a convoluted manner, you might ask?

The point is that when you formalize a process, you think about the workflow with productivity


in mind and it makes it easier to execute and optimize. Standard operating procedures are essentially just processes; more specifically, they’re ways of formalizing and documenting processes so they’re easier to understand and improve.

The First Ever Business Process

The earliest known definition of a business process comes from Scottish economist Adam Smith. Breaking down his idea to the simplest elements, in 1776 he described a business process in place at a theoretical pin factory, involving 18 separate people to make one pin:

”One man draws out the wire, another straights it, a third cuts it, a fourth points it, a fifth grinds it at the top for receiving the head: to make the head requires two or three distinct operations: to put it on is a particular business, to whiten the pins is another … and the important business of making a pin is, in this manner, divided into about eighteen distinct operations, which in some manufactories are all performed by distinct hands, though in others the same man will sometime perform two or three of them.”

Why should we care about how many people it takes to make the pins, or how many steps are in the process? Well, Smith found that by creating a process and assigning the steps to individual specialists, productivity increased 24,000%.

Using Standardized Processes to Work 5 Times Faster

A process is necessary for the division of labor because the task isn’t just in one person’s head any more.

The full-stack pin engineer might be a fine person to write the process, but shouldn’t be running it from start to end alone — the job is 240 times more efficient when it’s split up amongst pin specialists: the person who cuts pin wires all day is less fallible than the solo pin master craftsman.

Let’s stop talking about pins.

On a winter morning in 1907, Henry Ford took Charles E. Sorensen to Piquette Avenue Plant, an empty building in Detroit that would go on to become the birthplace of America’s first mass-produced affordable car. “We’re going to start a completely new job” he told the head of production.

Ford explained his idea for a new process. Instead of one artisan creating a product alone, everyone was taught to do one of 84 simple, repetitive jobs. With this new approach to processes, Ford cut the manufacturing time of the Model T down from 12.5 hours to 2.5 hours.

Not only was that a triumph for Ford’s bank account, it was one of the most revolutionary moments ever to occur, not just in the history of cars or manufacturing, but in the entire history of business.


SOP Anatomy: What does a SOP Look Like?

The image below shows broadly how standard operating procedure documentation is presented:

Standard Operating Procedure: New Vehicle Purchase Process

Department: Admin Support

14/05/16 - SOP #AS-0013

Department Head Approval:

Purpose:To establish guidelines for purchasing a new vehicle.All Admin Support staff are responsible for following the SOP.

Definitions:- RM: Resource Management- PO: Purchase Order

Procedure:

1. Director approves purchase of the new vehicle(s)

2. Requestor identifies vehicle(s) to be surplused in

exchange for the new vehicle(s). (Process AS-0022)

3. So on...

Title

Department, Date & ID Department

head signs off

Clarify anyupcoming jargon

Users can quickly refer to the purpose and not read the whole SOP

Complete step-by-step instructions

Using Process Street to help you establish SOPs in line with an ISO standard (let’s say ISO 9001) allows you to also follow those procedures in an interactive way. Two birds, one business process management system.

Which format you choose to work with will be dependent on a number of factors. If you work for a large multi-national you’ll need to have standard operating procedures which adhere to the company’s internal policies and standardizations. If you’re a solopreneur, you may want to have a much simpler layout of your SOPs for your own reference.


Importance and Benefits of Standardizing Your Processes

When a company’s processes have been properly standardized, it guarantees consistency, quality, and improves overall productivity.

Some benefits of standardizing your processes include:

• Improves clarity — a standard process will eliminate the need for guesswork or extra searching

• Guarantees quality — work is done in a pre-defined, optimized way• Promotes productivity — your employees won’t need to ask around or comb documentation

to get answers• Boosts employee morale — employees can take pride in having mastered the process

and refined their skills• Perfects customer service — every ticket is handled in the best possible way

Fundamentally, standardization means that your employees have an established, time-tested process to use.

When done well, standardization can decrease ambiguity and guesswork, guarantee quality, boost productivity, and increase employee morale.

Policy & Procedure: Why Systematize Your Business?

According to a 2015 report by Planview, conducted by Loudhouse, poor processes were seen to be the primary cause of company inefficiencies (44%) across a number of western economies including the US, UK, Germany, the Netherlands, and throughout Scandinavia.

The use of processes, then, is to tackle these inefficiencies and improve management practices. So, what does it mean to use processes in your business and what are you trying to achieve? The three key takeaways for utilizing processes in your organization are:

1. Use processes to clarify strategic direction – Processes can help you make sure daily activities are in line with the company’s overall strategic goals. This not only improves business practices but creates a company culture where all employees can feel invested in the company’s aims. You can take the opportunity to critically analyze the processes in use with your employees to gain their insight when assessing whether daily work is adequately adding value to the company’s intentions.

2. Use processes to align company resources efficiently – We’ve already seen that poor processes are resulting in dire inefficiencies across western businesses. Through effective process optimization and monitoring, you can assess how resources are being used and whether this usage is appropriate or not.


3. Use processes to improve daily activities and productivity – The use of processes on a daily level helps to keep your employees adhering to best practices in all their activities, resulting in higher output and consistent quality. This approach can also benefit an employee’s sense of direction and understanding of their own role; meaning greater employee engagement, accountability, and reduced churn.

Putting effective processes in place in your business allows for work to be mapped out, followed, and optimized.

4. Best Practices 9

4. Best Practices: Writing SOPs for ISO

Understand How to Present Your SOPs

There are three main approaches to take:

Create a simple checklist

You can write a simple checklist which outlines the different tasks involved and looks more like a to-do list than a report. This kind of approach has benefits for the solopreneur, or small teams, who don’t require detailed instructions. The advantage of this approach is that it offers a very quick option and allows people to create standard operating procedures as and when they perform new tasks – rapidly noting down the steps they took for future reference. This flexibility can aid startups who are trying new things on a regular basis.

The disadvantage of this approach is that the lack of detail results in difficulties when trying to analyze the process. If the detail is not recorded then optimization and improvement are harder to attain.

ISO9001

Home Inbox 14 Process Street

4. Best Practices 10

Create a complex linear checklist

It doesn’t have to be too complicated, but this should be like a beefed-up version of the above. This checklist should record as much detail in the process as possible. You can consider whether a single task requires a sub-checklist of further tasks to spell it out. You can understand how you’re going to document workflows: when do tasks involve multiple people and how do they fit in together? Including detail means you have more variables to iterate when you come to optimizing the process.

This approach is the one favored by us at Process Street. Our goal is to have processes so watertight that anyone could take over the task and be able to complete it. This was one of our methods for improving our customer support process. When we hired new members of staff, we gave them a checklist with detailed instructions and explanations and gave them level 1 support in their first week.

If they found something difficult, or couldn’t understand it, then there was a problem in the process. This system built optimization into the execution of the process. It wouldn’t have been possible without having a detailed process to begin with.

Map out a process flow diagram

A flow diagram is a useful means of visualizing your standard operating procedures and understanding how the constituent parts come together to form a coherent whole. Flow diagrams are, in general, less actionable than a linear-structured checklist. However, flow diagrams are extremely useful for communication of processes. A process flow chart will help you explain your process structures to others while also easing the analysis of a process when you come to iterate and improve.

Align Your Stakeholders

We’re strong believers in the power of collaborative creation. If you’re going to be creating standard operating procedures for particular tasks, processes, or workflows, then you should probably contact the people who will be, or are already, responsible for those duties.

If you’re a manager and have a team of people working each day on a set of tasks, you’ll want to understand the thoughts of your team in regards to best practices. After all, these are the people you pay to perform these recurring tasks day in day out. Teamwork is vital for any business.

Building processes collaboratively not only brings in more expertise and scrutiny, it also provides a sense of ownership over the process to the people who are following it. By working in this manner, the process feels like less of a diktat and more of an agreement.


Be Clear on the Purpose

What are you looking to achieve as you build these standard operating procedures?

Are they brand new? In which case, you’re trying to create systems which function. But you also want them to function well, and you need to make sure the priorities within the processare aligned with the priorities within the business.

If you’re looking to produce standard operating procedures which cover existing processesand workflows, then you have a few more points to consider.

What are your pain points?

Where are your existing processes letting you down and what can you do to change that? Maybe you don’t know; and this is why you’re documenting - to investigate. Or, more likely, you’ve recognized that the current system is too slow or the final product is not consistentlyof a high quality. You have a pain point which you wish to target.

We spoke to the owner of iQ Food Company, a Process Street user, about how they approached process management in their restaurants.He told us a story of one of the clearest process related pain points he had experienced.Their payroll system was highly unreliable, and they were constantly suffering errors.

To tackle this, he created a detailed process breakdown of the tasks involved and made sure that it was held to every time. He responded to the poor quality with clarity and detail – making the process longer if necessary.

With a possible hint of humor in his voice, he told us: “We have eliminated 100% of mistakes“.

Determine the SOP Scope

If you’re forming a set of standard operating procedures for a particular aspect of a content marketing team’s work, you should be focusing on them and their needs. Learn where to draw the line to stop you wandering off into other teams or departments.

You can discuss how a workflow may span multiple teams, but you should know from the beginning whether that is the case or not. Define the limits of your investigation or you’ll end up with mission creep.

What are you dealing with? What action initiates the process you’re working on? What action finishes the process you’re working on? Define your scope.

If you’re in a large company, the standard operating procedures will take the form of a quite formal report.


The typical approach to a report like this is to include a cover page with the title and all the relevant reference details, followed by a list of chapters, before embarking on the processes themselves.

If you work in a startup or a small company, this level of formality isn’t always kept to. Nonetheless, this approach is founded on common sense structure and it’s a good idea to follow it.

Within the Process Street platform, we’ve constructed our export features to deal with this and to present the online processes report-style when exported to Microsoft Word. This way, we’re able to operate by our processes with the flexibility of the platform while also giving clients who need it the ability to save processes as PDFs for reference purposes in line with ISO-9000.

Use a Consistent Style

Again, if you’re working for a large multinational, everything you do is going to be more formal than Gary and his startup of one.

Whether you’re going to be using sharp formal language or not depends on the professional setting you’re in. However, we do have some tips and tricks built up over time which are broad suggestions applicable in all scenarios.

Start with action commands. Always use a verb at the beginning of a statement for a task.This kind of language makes it clear what you have to do and it packs a punch.

Be concise. Don’t waffle in an SOP report. Be clear and convey the important information only.

Make it scannable. Normally, that might be considered blog writing advice, but when listing detailed instructions for a particular task within the workflow, put the actionable sections first and follow with the explanation. Don’t make readers sift through paragraphs of text every time they want to follow the SOPs.

Use Correct Notation (If Applicable)

If you’re at a large company, they may have a system which you have to learn and follow. Some of these systems are a little idiosyncratic and tied to the company. Most, however, will use a standardized form of notation like BPMN.

No one says you have to use BPMN or any variation thereof, but systems like that are useful in you’re in a corporate environment or one where you have to work closely with people from other companies. Think of tools like BPMN as universal languages, the Esperanto of business process management.

You may be able to employ some of these mapping techniques and methodologies later in the process if they’re visual rather than textual.


Determine Each Step of the SOP

Now it’s time to put in the hard graft.

Collaboratively walk through the process from start to finish noting down every step which must be taken along the way. Allow for input and discussion across the team, and record any further steps which are suggested.

Then, once you have the spine of the process, go through and look at each task you have recorded. Are there sub-tasks which can be added to that task to further explain how it is done, or to recommend productive ways to do it? If so, include the sub-tasks too.

This extra detail is important to make an easy to follow process. Within Process Street, you can create sub-checklists in tasks to tackle this need. Sub-checklists provide a simple way to make processes appear straightforward while also adding actionable detail.

Identify Potential Problems

Once you have your process on paper, it’s time to think about whether things can go wrong.And if they can go wrong, where would that failure likely happen?

If you’re using your standard operating procedures to govern a manufacturing process, which can be accounted for easily by numbers, then you can run the calculations. Maybe your process results in high output in terms of production but puts strain on distribution You know your business better than I, you can make those assessments.

Determine Success Metrics

To know whether your process is performing well or poorly, you need to have metrics to judge it against.

It is not good enough to assume the process is simply working. We need to understand howit is performing so that we can optimize it.

If you’re constructing SOPs for a sales process you may be looking at metrics like:

• How many leads are generated per week?• What is the average length of a sales call?• How many conversions are we getting each week?• What are our sales totals per week?

Once you’ve established what questions you’re asking, you can act upon them. How were you performing against these questions previously? Has the new process improved these numbers? What long-term targets do you want to set for staff to work towards?


With the metrics defined, you can assess the performance of the process, and assess the performance in relation to the company’s broader goals.

Test the SOP

1

60%

15

90%

Create process template Run multiple instances of the template

Track progress andcollaboration with your team

It’s time for the moment of truth.

Now that you’ve defined your standard operating procedures, you can put them into practice. How you implement them is up to you and it depends on the resources you have available.

Maybe, to continue with the sales example given above, you have a sales team of 10 and you set 3 people on the new process. This controlled test of the new potential SOPs will allow you to gather comparative data in real time on the performance of the two models – existing and new.

If you’re happy that your new business process is better than the previous one and you want to implement it straight away so that you can start iterating, then you can test other areas.For example, we have an internal customer support process, as I’ve previously mentioned,which we run every time we deal with a customer question.

This process was forged over time and now functions smoothly and easily. One of the methods we used to test how easy it was to follow was to put new hires in the company on level 1 support in their first week. They were left with customers and a process. This was a baptism of fire – not just for the hire, but for the process. If the process was good enough, the job would be done well regardless of experience.

Seek Feedback

If you’re running your own company, then you may not have any superiors to send your SOPs to.

Really, it’s more about having someone with experience look over the standard operating procedures to give you feedback. Someone who was not involved in the collaborative creation process, and can look at the flows with fresh eyes. If you’re a small business, this could be an investor, someone from your network, or even a valued customer!


If you’re working in a large company, this will likely be a mandated part of your SOP’s writing process in order to seek approval on the work. If so, make sure to send the results of any testing you have undertaken along with the draft SOPs.

Understand the Process for Optimizing a Process

Optimizing the process over time is a crucial step of creating it in the first place. I’m under the belief that the process should be thought of as a living document.

No process is ever perfect, nor can it be. The processes can, however, be as good as we can possibly make them.

Optimizing a process involves a number of the steps we have already covered. It is important to remember that we work as a team and the processes’ strengths and weaknesses might be found by the people who follow them each day. Stay collaborative in the optimization process.

Where you’ll seek to optimize could – and should – be driven by your key metrics. If they are the means by which you’re measuring performance, then they will likely guide you in your pursuit of the perfect process.

Perform a Risk Assessment

A risk assessment is an important part of finalizing any project.

If you’re a software firm, you’ve probably already covered this in one of the above sections where we look at where things go wrong.

However, if you’re in manufacturing, transport, or a range of other industries, the risk assessment is even more important. Whenever you have actual real human beings doing something under your direction, you’re responsible for making sure they’re not going to be hurt in the process.

Don’t overlook safety in favor of speed.

Consider a Flow Diagram

Flow diagrams or workflow maps – or whatever nomenclature you prefer – can be useful in multiple ways:

1. Visual overviews - Sometimes it is useful when presenting information to give visual aids. These aids can contextualize information from the beginning, improving the clarity of your more detailed written explanation.

2. Help employees understand their role - Flow diagrams provide employees with a visual way of understanding what is being asked of them. But that’s not all: when your employees


understand their position within the broader whole, the process works better - and improves employee accountability to boot!

Finalize and Implement the SOP

Congratulations!

You’ve completed your new standard operating procedures. If you’ve followed the process from beginning to end, your SOPs are essentially guaranteed to improve performance. They should have been tested, they have optimization strategies built in, and you’ve made sure they’re safe.

More than this, by systematizing your internal business practices into daily processes that are both easy to use and trackable, you are putting provisions in place to tackle any hidden normalization of deviance or any poor processes which may have been slowing the company down.

5. ISO for Business Process Management 17

5. ISO for Business Process Management:More Compliant, More Actionable BPM

Business Process Management is the idea that you can do better work and achieve better results if you focus on the processes behind the recurring tasks in your business. ISO works great alongside BPM because it allows you to standardize and continuously improve your core processes.

Using BPM software, you can make your SOPs highly actionable and achieve ISO compliance easier than ever would have been possible with paper forms or simple Word documents.

BPM software even allows you to automate aspects of the procedures you implement to the standards of ISO.

Process Street is a type of BPM software. You can use Process Street to implement ISO standards, and build robust, actionable libraries of SOPs that are easy to iterate on and continuously improve.

http://process.st

https://www.process.st/business-process-management-guide/

6. Continuous Improvement 18

6. Continuous Improvement: A Central Theme of ISO

Simply put, continuous improvement is an ongoing process of evaluating your company’s processes and products/services and making improvements based on observations.

Most continuous improvement efforts fall under one of two types:

• Gradual (or “incremental”) improvement, which takes place over a period of time;• “Breakthrough” improvement, which takes place all at once.

A company that utilizes continuous improvement efforts is always evaluating their performance and ability to achieve customer satisfaction, while also continuing to look for ways to correct any issues and streamline processes.

Continuous improvement is one of the main elements of the many ISO management systems. Many management system standards often require that the company regularly assesses their processes and determines whether they align with company goals and objectives.

If you’ve ever heard of lean, kaizen, Six Sigma, or DMAIC then this will sound familiar. Continuous improvement is based on similar principles and forms a key part of those practices. This is because the primary objective of any changes is to reduce waste and streamline your work.

The Deming Cycle

The Deming Cycle, named after prominent American statistician William Edwards Deming, is a continuous quality improvement model which consists of a logical sequence of four key stages: Plan, Do, Study, and Act (PDSA).

In the 1920s, the prominent statistician Walter A. Shewhart introduced a model consisting of Plan, Do, See – which can be considered one of the most important early-stage process improvement perspectives. Deming saw his own cycle as being the natural continuation of this model.

Deming’s experience as an engineer gave him insight into industrial processes and the material reality of trying to standardize operations to function at scale. He later studied mathematical physics which placed him in a strong position to contribute to the growing science of statistics.


Deming’s sampling techniques, for instance, are still in use by the U.S. Department of the Census and the Bureau of Labor Statistics.

One of the great successes of Deming’s work could arguably be seen as his influence on the Japanese post-war economic miracle; where Japan’s economy recovered from wartime damage to assert itself as the second biggest economy in the world.

In 1950 he delivered a speech to the Hakone Convention Centre in Tokyo on his concept of Statistical Product Quality Administration. The key themes of this speech were:

• Having a system in place for continuous quality improvement• Reducing defects through higher levels of quality uniformity• Understanding what quality should mean within context

The Deming cycle is a four-stage approach to continuous improvement. This section describes each of the four stages, and explains how you can implement each stage into your business to continuously improve quality and processes.

Plan

• Understand your definition of quality• How do you know if a change is an improvement?• Can you predict your outcomes?

The first goal within the Deming cycle is to plan ahead to understand what you want to achieve. This is both a practical and theoretical step.

On the one hand, you are not dealing with scientific discovery, you are dealing with business processes. So you have a clear intention of improving something within the business,be it operational or concerning the product. This is guiding your end goal throughout the investigation.

On the other hand, you are also testing your own predictive and analytical methods. To what extent can you diagnose your existing problems? How well can you estimate your attainment? What problems will occur which you can highlight in advance?

The planning stage is both an attempt to improve your outcomes and a scientific investigation of your own capacity to understand your business.

In this stage you will want to test and analyze for what is currently wrong with the product or how it can be improved. You will also attempt to understand what changes you can make to tackle these problems or to make something better. You will look to map out operationally how this improvement can be managed and achieved. Finally, you will hope to be able to predict the outcomes of your process improvement efforts.


Do

• Start with small scale testing• Implement iterative changes to your experiments to test variables• Document every step

In executing the plan, Deming would continue to reiterate the importance of remaining true to the scientific values underlying the investigation.

Instead of simply deciding to make a change and suddenly overhauling all operations, it is vital to bring change about slowly and iteratively while testing hypotheses. Using studies which can be measured against control groups helps you better understand the data you receive, allowing you to not just improve your output but to understand exactly why your output was improved by the changes you enacted.

When working with the Deming Cycle, you should carry out the implementation as if it were a scientific experiment.

Study

• Did your outcomes match with your predictions?• In what ways did the outcomes differ and why?• How could you test variables which were previously unaccounted for?

The study stage is the key point of differentiation from the PDCA (Plan, Do, Check, Act) cycle. For Deming, the outcomes of the planning and implementation will be shown in this stage. However, the outcomes are bigger than simply whether the process improved or not. The outcomes include whether or not the process improved for the reasons you thought it would improve. They would also include whether you were able to predict the changed outcomes in advance.

The study stage teaches us to draw conclusions like a scientist does, instead of simply asking if it worked. The question for Deming is not, “Did it work?” but “Why did it work?”

We can see this ethos in the following quote from The Deming Institute:

Dr. Deming emphasized the PDSA Cycle, not the PDCA Cycle, with a third step emphasis on Study (S), not Check (C). Dr. Deming found that the focus on Check is more about the implementation of a change, with success or failure. His focus was on predicting the results of an improvement effort, studying the actual results, and comparing them to possibly revise the theory. He stressed that the need to develop new knowledge, from learning, is always guided by a theory. By comparison, the Check phase of the PDCA cycle focuses on the success or failure of a Plan, followed by needed corrections to the Plan in the event of failure.”


Act

• Implement your recommended changes• Track performance and data over time• Provide all documentation to the company to improve internal theory• The Act stage is both the final stage of our process and the first stage of our next cycle.

On a practical level, the Act stage may result in the practices of one of the controlled studies being implemented across business operations. Now that we’ve learned that output can be raised by doing action x, we want to do action x in each relevant department.

The Act stage is both the implementation of improvements into the company and the implementation of new knowledge into our theory of our own company. The Act stage should attempt to synthesize the new information gleaned in the Study stage with our broader understanding of how our business operates.

Much like the results of repeated experiments create new knowledge useful for both the conditions of those experiments and the body of scientific knowledge as a whole, so too must your results be incorporated into new premises from which you can begin the cycle again fresh.

The Important Distinction Between PDSA and PDCA

The inclusion of the Study stage may seem like a small difference on the surface, but to Deming, this subtlety ran much deeper in terms of understanding process improvement.

In their paper, Circling Back, Moen and Normal describe how Demin wrote, in a letter to Moen: “Be sure to call it PDSA, not the corruption PDCA.

For Deming, PDCA was about treating your process experiments as hypothesis testing – did it work or did it not work? Was the hypothesis true or the alternative true? He felt that it concerned itself with process improvement through defect reduction, focusing on the mechanics of the process itself.

Deming doesn’t see anything wrong with this when used correctly, but it doesn’t jive with his overall philosophy on what process improvement is. Deming’s goal was to reinterpret Bacon’s scientific method for practical use in the improvement of business processes. In Deming’s eyes, this discussion cuts to the heart of the philosophy of science.

One of the strengths of Bacon’s theory of the scientific method, and one elucidated in greater depth by Immanuel Kant, was the way in which it tied together two competing approaches to how humans can find truth. These two epistemological approaches – simplified – argued between testing things in the material world through observation and experiment,and utilizing tools like logic and math to uncover truths.


Which Cycle to Use?

The great success of science came from philosophers tying these two approaches together and creating a robust multipurpose method of inquiry that has driven human knowledge and innovation.

For Deming, PDSA sought to construct theory. From theory, we can learn more about our businesses and how they exist, in doing so we will be able to improve them and adapt them. We undertake experiments to both test and inform our theory, constructing our knowledge of our company the way we would construct complex scientific theory.

Deming saw PDCA as lacking that scientific rigor and that element of theory – he sees it being too concerned with hypothesis testing and other simplified means of investigation.

The key issue here is quality. Deming is quite damning of the claims that quality is the responsibility of the individual operating in a process, instead, believing that quality lies in the hands of the company president. The reason being is that Deming pushes for quality to be the primary mover within a grand theory of business – how a business should run, operate, design,

What do we want to achieve?

How do we know if a changeis an improvement?

What change will result inimprovement?

Begin the cycle

Find a process to improve

Understand causesof process variation

Identify how to reduce variations

Begin the cycle

1.

2.

3.

4.

5.

6.

7.

PDCA

PLAN

DO

CHECK

ACTPDSA

PLAN

DO

STUDY

ACT


and produce.

As such, quality defined as zero defects – as seen through the eyes of PDCAor Six Sigma – lacks a theory of being.

Deming wants to reinforce the importance of that theory of quality throughout all stages of a process.

7. ISO for Quality Management Systems (QMS) 24

7. ISO for Quality Management Systems (QMS)

What is a Quality Management System?

A quality management system is exactly what it sounds like; a system which lets you define what “quality” means to your business, unite it under that description, design processes to help achieve that goal, and continuously improve your business.

It’s a way to make sure that your company is performing well and serving your customers’ needs in a formally documented (and measurable) system.

It’s also a core aspect to making sure that your organization is ISO:9001 compliant.

While a QMS alone won’t provide you with the certification, the idea of ISO is to be able to prove that your company meets certain standards of performance. If you’re running your operations well and are able to prove as such (by meeting their requirements), then the certification can even be used as a selling point for your business.


Overview of ISO for Quality Management

ISO 9000 can be defined as a family of quality management standards created to help organizations build and maintain an effective QMS. The ISO standards are not restricted to any specific industry and can actually be used by any kind of organization of any size.

Some goals of the ISO 9000 standards include: boosting a company’s customer satisfaction, helping meet regulatory specifications, and encouraging continuous improvement. These standards are meant to act as the foundation for an organization’s QMS.

While ISO 9000 is a family of standards, ISO 9001 is an individual standard within the ISO 9000 family. It’s important to note that there also exists a single ISO 9000 standard that covers the basics and glossary for QMSs, but here the term “ISO 9000” is used in reference to the family of standards, not the individual standard.

QMSQuality Mangement

System

Design ControlRisk Management

Inputs/OutputsVerification/Validation

Change ManagementDesign Change ManagementQMS Change ManagementRisk Review

Product SurveillanceComplaint Handling

Risk MonitoringVigilance

ResourcesPersonnel Competency

InfrastractureWork Environment

Corrective andPreventive Action

Eliminate NoncomformitiesQMS ImprovementVerify Effectiveness

Management ResponsibilityManagement ReviewInspection ReadinessInternal Audit

Process andProduction Control

Design Change ManagementQMS Change ManagementRisk Review


Standard Showcase: ISO 9001:2015 for Quality Management

In 2015, ISO 9001 was revised to be more agile and have the ability to adapt to any organizational environment.

As the most famous standard, ISO 9001 is always under revision, but currently, ISO 9001:2015 is the most recent version.

The review cycle is typically every four years, at which point ISO will assess whether or not any given standard needs to be updated. If no updates are deemed necessary, the current standard will be renewed.

Some changes between the current (2015) and previous (2008) included:

• Integration of the Annex L structure for more consistency with other ISO standards (ISO 45001, ISO 14001, etc.)

• Strengthening the connection between companies and their QMSs• Less binding requirements compared to the previous version to promote more agility• Greater emphasis on customer satisfaction• More simplified terminology throughout the text for better accessibility• Promotion of a process approach for achieving better quality results• Newly established requirements for quality performance for use during company planning

stages• An emphasis on top managers to take the reins on their QMS

What Does ISO 9001:2015 Look Like?

In the newest version of the ISO 9001 standard, it was structured following the Annex L MSS and broken up into 10 sections. The first three sections serve as introductions and the following seven sections offer the main core principles of ISO 9001.

The main seven sections include:

• Context of the organization• Leadership• Planning• Support• Operation• Performance evaluation• Improvement

As you can see, the core structure here is the Annex L structure, which all of ISO management system standards share.


Benefits of Implementing ISO 9001:2015 for Quality Management

A strong and reliable quality management system can offer organizations many benefits, such as:

• Boosting product efficiency• Minimizing excessive waste (materials, profit, time, etc.)• Greater customer satisfaction• More effective marketing• Faster and more reliable employee onboarding• More efficient growth management• Continuous improvement of products, services, and processes• Better product/service quality consistency

Key Principles of ISO 9001:2015 for Quality Management

All of the ISO standards related to quality management are based on these seven quality management principles:

1. Practicing a truly customer-driven approach when manufacturing and selling your product2. Top level management must commit to providing quality3. All company employees should be involved in the achievement of quality4. Quality standards should be met using a process driven approach5. Company decisions should be made based on evidence6. An ongoing commitment to continuous improvement of quality7. Open communication and good relationships between suppliers and customers

Utilizing all of these QMS principles is central to developing a reliable system for your company that meets general ISO objectives.

1.

2.

3.

4.

5.

6.

7.

8.

1. Customer Focus 3. Engagement of People

5. Continuous Improvement

7. Relationship Management

2. Leadership 4. Process Approach 6. Evidence based Approach

8. ISO for Environmental Management Systems (EMS) 28

8. ISO for EnvironmentalManagement Systems (EMS)

What is an Environmental Management System?

An EMS, or environmental management system, is a set of policies and procedures designed to help organizations:

• Reduce negative environmental impact• Improve efficiency and operational effectiveness

Just like a quality management system, an EMS is a set of guidelines for continuous improvement, based on proven methods of business process management and optimization.

It’s essentially a statement of:

• What the EMS is going to do• How is it going to do it• Who’s going to do it• And when it will get done

An effective EMS is made up of clearly defined policies and procedures, actionable steps, and well-documented records of the responsibilities and accountabilities of all relevant personnel.

Overview of ISO for Environmental Management

Standards outlined in the ISO 14000 family are designed with key principles of environmental management in mind:

• To encompass environmental management systems and the environmental aspects of products

• To not be restricted by country or region• To uphold and promote public interest as well as the interests of those who use and will be

affected by the standards• To be cost-efficient, robust, and adapt to many different needs, requirements, and

circumstances, at any scale, globally• As part of their flexibility, to be suitable for internal and/or external verification• To utilize scientific evidence and principles• To continuously improve upon existing principles of environmental management• To be actionable, practical, and useful for organizations using them

ISO 14000


Standard Showcase: ISO 14001:2015 for Environmental Management

ISO 14001 is the most popular of the 14000 family, and sets out the requirements for an effective environmental management system (EMS).

In this way, it is in parallel to the ISO 9001 standard for defining the requirements of a quality management system (QMS); the difference is ISO 14001 focuses on principles of environmental management and sustainable development, instead of quality management.

Benefits of Implementing ISO 14001:2015

In today’s global economy, ISO 14000 is crucial for tackling economic, environmental and social aspects, or the so-called “triple-bottom line” of how they function.

Utilizing ISO 14000 can help to gain advantages in finance, insurance, marketing, regulation, and a wide range of interdisciplinary areas.

The standards help organizations prepare with a proactive approach, as opposed to a reactive one, and totally assess their environmental impact, even addressing certain factors that may be unregulated, such as energy or resource allocation.

Below are just a few of the reasons ISO 14000 is important:

Risk reduction

By assessing and becoming aware of factors such as rising energy costs and uncertainty in supply, companies can take preventative measures and mitigate risk.

Leading by example

Companies will traditionally adopt sustainability strategies for compliance with government regulation and to avoid being fined. However, at this point, adoption of sustainable environmental policies are considered part of a cutting-edge movement of awareness of environmental policy.

Tax incentives

Many federal, state, and local government bodies in the USA offer a wide breadth of tax incentives for companies that choose to adopt and implement environmentally responsible standard operating procedures.

These incentives can take the form of investment-based, production-based,or consumption-based tax credits, improved capital expenses, cash grants, and certain tax exemptions.


For your employees

Many employees are excited and invigorated by the potential of devoting their workplace efforts towards bigger causes, according to Eliot Metzger of the World Resource Institute.When environmental policies are a part of corporate culture, it can go a long way to attract and retain workers.

Brand image and PR

Fostering environmental policies such as those outlined in the ISO 14000 can go a long wayto improve customer relations and ultimately build a long-lasting and positive brand image.

Renewable & non-renewable resources

Natural resources such as fossil fuels are finite; even renewable resources must be managed adequately with standards designed to support sustainability. As resources become more scarce, cost will also rise. Companies will inevitably have to prepare for this eventuality by adopting sustainability plans or planning for alternatives.

So companies need to be prepared to protect those resources so they will be plentiful or find alternate resources for their products and services. The winning companies will do both.” – Emily Reyna, Project Manager at the Environmental Defense Fund’s Corporate Partnerships Program.

Key Principles of ISO 14001:2015 for Environmental Management

Here are the six core elements of an EMS, according to the ISO 14001 standard:

1. Environmental policy2. Planning3. Implementation4. Study & correct5. Management review6. Continuous improvement

1. Environmental policy

Clearly outline the environmental policy.

This is a clearly written statement outlining a business’s objectives and targets, in the context of their environmental policy. It includes principles on environmental sustainability as well as performance indicators relating to the EMS.

Policy should always be clearly communicated both internally and externally, as well as fully implemented.


2. Planning

Make complete, thorough plans for implementing the EMS.

With clear, thorough planning, organizations stand to assess the environmental impact of all operations. The purpose of planning is to develop a process for identifying compliance requirements, documenting targets and objectives, and creating a plan for deployment.

3. Implementation

After planning, this step involves the execution of those plans.

This step will also incorporate adjustments and even building of new processes to adapt to changing requirements. It’s important that organizations clearly define, document, and communicate their implementation procedures for purposes of training and compliance contingency. Well-documented processes also make it easier to improve upon those processes.

Scope of this section also includes emergency response planning and preparedness.

4. Study & correct

After implementing the most basic EMS, observe how it functions, and make corrections or optimizations as needed.

This step involves the management of new and existing procedures to make sure KPIs are hit and that the EMS is functioning as it should be. Organizations will benefit from establishing a system for documentation as well as conducting audits of the EMS.

5. Management review

This could really tie in with the previous section, but it’s important to have a distinguished review of the EMS conducted by management, to make sure that everything is functioning within the scope of successful performance. Management will be best positioned to assess this kind of effectiveness.

6. Continuous improvement

Every EMS will utilize principles of continuous improvement to enable organizations to optimize all aspects of the system.

9. ISO for Energy Management Systems (EnMS) 32

9. ISO for Energy Management Systems (EnMS)

What is an Energy Management System?

An energy management system (EnSM) is the result of a successfully implemented ISO 50001 standard.

More broadly, energy management refers to everything that goes into the coordination of energy production and energy consumption.

An energy management system, on the other hand, is something that allows you to do energy management.

Goals of an energy management system are the conservation of resources, sustainable business (producers), and of course ensuring that end users (consumers) are not inconvenienced and receive the energy they need.

In this context, “management system” specifically refers to the ISO management system standard, shared between multiple ISO management systems. More on that later.

In short, ISO 50001 is the set of requirements for building and maintaining energy management systems.

Overview of ISO for Energy Management

ISO 50001 was first published in 2011, and since then various related standards have been released relating to energy management.

These standards, developed by the ISO technical committee ISO/TC 301 (which is a devision focused specifically on energy management and energy savings) include:

Energy audits

ISO 50002 (Requirements with guidance for use)

Energy management systems

• ISO 50003 (Requirements for bodies providing audit and certification of energy management


systems)• ISO 50004 (Guidance for the implementation, maintenance and improvement of an energy

management system)• ISO 50006 (Measuring energy performance using energy baselines (EnB) and energy

performance indicators (EnPI) – General principles and guidance)• ISO 50015 (Measurement and verification of energy performance of organizations – General

principles and guidance)

Energy services

• ISO 50007 (Guidelines for the assessment and improvement of the energy service to users)

Energy savings

• ISO 50047 (Determination of energy savings in organizations)• ISO 17741 (General technical rules for measurement, calculation and verification of energy

savings of projects)• ISO 17743 (Definition of a methodological framework applicable to calculation and reporting

on energy savings)

Energy efficiency

• ISO 17742 (Energy efficiency and savings calculation for countries, regions and cities)• ISO/IEC 13273-1 (Common international terminology – Part 1: Energy efficiency)• ISO/IEC 13273-2 (Common international terminology – Part 2: Renewable energy sources)

Standard Showcase: ISO 50001:2018 for Energy Management

ISO 50001 is a standard that specifies the requirements needed to plan, implement, maintain, and continuously improve an energy management system (EnMS). This approach in turn allows the organization to systematically record, review, audit, analyze, and optimize the performance of the energy management system, taking into account specific metrics such as energy efficiency, energy consumption, and energy usage.

These requirements cover a broad scope of detail for all things related to energy management systems, from the policies and procedures used within the system, to the measurement and documentation of energy efficiency, to the design and procurement of equipment, processes, and personnel involved with the energy management system.

Benefits of Implementing ISO 50001:2018 for Energy Management

ISO 50001 adoption represents a strategic investment in energy sustainability and efficiency. Businesses can use the standard to achieve considerable savings in energy usage, optimize existing standard operating procedures, gain competitive advantage and execute effective risk management strategies.


Many organizations will be able to utilize ISO 50001 to gain government support and meet compliance needs with regard to carbon emissions, sustainable and responsible growth, energy security, and climate change mandates, alongside similar management system standards like ISO 14001 for environmental management systems.

Key Principles of ISO 50001:2018 for Energy Management

At this point, you’re probably asking why on Earth you should even bother with ISO 50001.

There are a number of reasons you should seriously consider ISO 50001 if you are operating any kind of energy or environmental management business:

• Research has been done to support reasoning for ISO 50001 adoption from both an economic efficiency and business efficiency standpoint, and the results suggest that companies will reduce energy use.

• ISO 50001 is a reputable standard designed and published by a respected organization of international experts, in partnership with over 50 countries.

• ISO 50001 is designed to work alongside business interests and achieve net cost savings, via a design initiative of low or no-cost operational changes.

• As an ISO management system standard, it is compatible with other widely popular MSS such as ISO 9001 for quality management systems, ISO 14001 for environmental management systems, and more.

• ISO 50001 is used globally, and is recognized as a trusted and effective system for energy management and efficiency.

• ISO 50001 is designed to prioritize transparency and reporting, so that climate commitments can be scrutinized and organizations can be held accountable via audits.

• Europe, the United States, India, China, and the United Kingdom represent key markets where ISO 50001 has already been adopted.

• ISO 50001 is based on the principles of continuous improvement, and as such is designed to be robust and endure changes and growth within organizations. Implementing ISO 50001 can help ensure energy efficiency opportunities are continuously identified and acted upon.

10. ISO for Food Safety Management Systems (FSMS) 35

10. ISO for Food Safety Management Systems (FSMS)

What is a Food Safety Management System?

To comply with FDA guidelines, all food processors must have and follow HACCP (hazard analysis critical control point) guidelines, in addition to having CAPAs (corrective actions and preventative actions) in place.

However, following these guidelines isn’t enough. There are so many other areas and instances where food can become prone to contamination.

With a food safety management system – which is an all-enveloping system that considers the entire journey of food, from farm to fork – contamination can be stopped in its tracks.

As already briefly mentioned, a food safety management system is essentially just a collection of processes and procedures related to food safety. A food safety management system can be self-defined and self-governed, but whether it actually works and holds up to internationally-recognized standards is a different matter.

A poor food safety management system – or simply not having one in place – can incur the following costs, detailed by Adam Marsh at Ledge Inc. in Why a Food Safety Management System Is Important:

• Loss of customers and sales• Negative media exposure • Loss of reputation• Lawsuits and legal fees• Increased insurance premiums• Staff missing work• Lower staff morale • Staff retraining costs

No company wants to make others ill, nor would they want to rack up thousands of dollars in fees due to bad food safety practices.



Overview of ISO for Food Safety Management

To ensure none of the negatives happen, a food safety management system – that’s been built and sustained alongside ISO 22000 standards – is one of the best routes to go down as a company in the food industry.

Considering that ISO 22000 is a standard, there are numerous requirements that make up the standard as a whole.

To use an analogy or two, just as a handful of ingredients eventually results in a meal, and a collection of processes results in a system, the same sentiment applies to ISO standards.

Creating a food safety management system that complies with ISO 22000 isn’t as daunting as it may first appear. Especially as it’s a company-wide effort, where multiple minds will come together to build, implement, and sustain the food safety management system in question.

In terms of time, sure, it won’t be the quickest of projects, but the long-term payoff – both literally and metaphorically – is worth it.

Standard Showcase: ISO 22000:2018 for Food Safety Management

ISO 22000:2018 is a standard concerned with food safety and helps those working in the food industry to ensure they’re minimizing food risks. This is achieved via a quality management systems approach.

To gain ISO 22000 certification, a food safety management system needs to be properly built, maintained, and sustained. This means documenting all the individual processes that, as a whole, make up the food safety management system and then having all employees follow those processes.

What’s also worth noting is that ISO 22000 is a derivative of ISO 9000.

Benefits of Implementing ISO 22000:2018 for Food Safety Management

It’s fair to say there are plenty of rewards to be reaped by complying with ISO 22000’s requirements and getting certification.

By doing so, you’ll be able to:

Take control of your processes and procedures

To create a food safety management system that is ISO 22000-approved, you’re first going to need to build out, document, and implement integral food safety processes. This invariably means reassessing, rebuilding, and creating new important processes and procedures from scratch, giving you complete control over all your processes and procedures!


Document important processes and procedures

Documenting business processes is a massive win in itself. By documenting processes, it makes recuring tasks simple to follow (especially if they’ve been documented with digital software), easy to repeat, and any new hires can instantly know what to do and how. Plus, by documenting processes, you can keep human error at bay. Here’s to keeping organized.

Improve customer & client satisfaction

Do you know what keeps customers satisfied? I’ll tell you: consuming tasty produce or goods without getting ill afterward. And without a robust food safety management system, there’s no guarantee you can stop that from happening. Similarly, from a client’s perspective, they’ll be more inclined to work and/or buy from you if you can guarantee that consumers won’t get foodborne illnesses.

Encourage others locally and internationally to work with you

ISO 22000 is an internationally-recognized food safety standard. So, if a retailer from let’s say, France, notices that you, a U.S.-based producer, are ISO 22000 certified, they’ll be more interested in working and collaborating with you than with a company who isn’t. Having ISO 22000 certification is like having a stamp of approval.

Eliminate food risks

At its core, ISO 22000 is all about making sure the way your business handles food doesn’t pose a threat to consumers. By actively following and abiding by ISO 22000’s guidelines, you’ll rest assured knowing you’ve done everything in your power to eliminate food risks.

Key Principles of ISO 22000:2018 for Food Safety Management

In short, the requirements are based on 4 main areas:

• Prerequisite programs (PRPs)• HACCP principles• Interactive communication• System management

Seeing as it can take months to fully create and implement a food safety management system that adheres to the ISO 22000 standard, you’d be right in thinking that there are a lot of requirements to abide by within these 4 main areas.

For a more detailed overview of the requirements involved, Registrar Corp has compiled this nifty list:


• Having an overall Food Safety Policy for your organization, developed by top management• Setting objectives that will drive your companies efforts to comply with this policy• Planning and designing a management system and documenting the system• Maintaining records of the performance of the system• Establishing a group of qualified individuals to make up a Food Safety Team• Defining communication procedures to ensure effective communication with important

contacts outside the company (regulatory, customers, suppliers and others) and for effective internal communication

• Having an emergency plan• Holding management review meetings to evaluate the performance of the FSMS• Providing adequate resources for the effective operation of the FSMS including appropriately

trained and qualified personnel, sufficient infrastructure and appropriate work environment to ensure food safety

• Following HACCP principles• Establishing a traceability system for identification of product• Establishing a corrective action system and control of nonconforming product• Maintaining a documented procedure for handling withdrawal of product• Controlling monitoring and measuring devices• Establishing and maintaining an internal audit program• Continually updating and improving the FSMS

11. ISO for Corporate Social Responsibility (CSR) 39

11. ISO for Corporate Social Responsibility (CSR)

What is Corporate Social Responsibility?

One of the fundamental ideas of ISO 26000 is that of corporate social responsibility.

Sometimes abbreviated to CSR, corporate social responsibility is a broad concept that involves pretty much anything a company does to uphold principles of sustainable development.

More specifically, it’s the collective “responsibility” a corporation or organization has to uphold certain standards of sustainability.

This responsibility refers to the concerns of society in general, as well as the concerns of individual organizations. Of course, these concerns are constantly changing, and the framework of ISO 26000 as a set of guidelines, rather than a rigid set of requirements reflects this.

It’s another way of saying that companies need to be more economically viable, and consider the impact they have on the societies and environments that support them.

Overview of ISO for Corporate Social Responsibility

As IAG puts it:

“Sustainability is neither a program nor an initiative, it’s considered simply good management.”

This statement recognizes the link between an organization and the social, environmental and economic wellbeing of the communities in which they operate.

An organization’s relationship to the society and wider environment in which they exist and operate is a key factor in their ability to succeed and thrive. It can also be an insight into their general performance.

ISO 26000 is a set of guiding principles for businesses and organizations to use to steer them in a more socially responsible direction.

In order to better contribute to the health and welfare of their supporting societies and environments, businesses must enforce principles of ethical and transparent behaviour.

Sustainability

Econ

omic

dev

elop

men

t

Envi

ronm

enta

l pro

tect

ion

Soci

al E

quit

y

Sustainabil ity values include being future-oriented and collaborating accross discipl ines


Benefits of Implementing ISO 26000:2010 for Corporate Social Responsibility

ISO identifies benefits of successfully utilizing the ISO 26000 guidelines for social responsibility as:

• Attracting and retaining workers, members, and clients• Improving brand image and reputation• Improving marketing effectiveness and customer engagement• Increasing commitment and productivity of employees• Improving relationships with stakeholders such as governments, the media, other companies

and communities

Standard Showcase: ISO 26000:2010 for Corporate Social Responsibility

ISO 26000:2010 is the standard pertaining to corporate social responsibility and sustainability. There’s a lot to unpack, and it represents an outlier in that it deviates from the Annex L Management System Standard structure. I will go into detail about the composition of ISO 26000:2010 below.

Key Principles of ISO 26000:2010 for Corporate Social Responsibility

Somewhat confusingly, there are two lists of important ideas that it’s worth getting to grips with, both of which also have seven elements:

• Seven key principles of ISO 26000• Seven core subjects of ISO 26000

Firstly, the seven key principles, which are intended to be understood as the “roots of socially responsible behavior”, are:

Accountability

In principle this means that organizations should be held accountable for their impacts on society, the economy, and the environment.

How to hold them accountable? This basically involves an obligation on management to be answerable to the impact and interests of their organization, and similarly on the organization to be answerable to legal regulation and authority.

Organizations should have to account for:

How their decisions and activities impact society, the environment and the economyRemedial or preventative actions taken in response to or anticipation of unintended and unforeseen negative impacts


Transparency

For decisions and activities that impact society, environment, and economy, organizations should be transparent.

They should disclose in clear, unambiguous terms all policies, decisions, documentation,and activities for which they are responsible.

Such information should be easily available for relevant interested parties, especially those who have been or might be affected in any capacity by the actions of the organization.

However, this doesn’t mean that proprietary information must be made public, or that sensitive information otherwise protected by legal or personal privacy policies must be disclosed.

At the very least, organizations should strive to be transparent about:

• Internal policies and procedures, including standards and criteria the organization uses to evaluate its own performance relating to social responsibility

• Known and potential impacts of decisions and activities on the organization’s stakeholders, as well as the economy and the environment

• How the organization itself defines its stakeholders. That includes a clear definition, and the processes used to identify, select, and engage with them

Ethical behavior

Organizations should behave ethically. Their behaviour should be influenced by clearly defined values of honesty, equity, and integrity.

Ethical behavior implies a genuine concern for the welfare of people, animals, and the environment at large, beyond the conveniently one-dimensional use of the term “stakeholder”.

With this principle an organization commits to addressing the impact of its activities and decisions, including but not limited to:

• Respecting the wellbeing of animals in terms of how the organization’s activities might impact their lives and existence

• Providing adequate and decent conditions for keeping, breeding, producing, transporting, and using animals in any capacity

Respect for stakeholder interests

Stakeholders are defined as individuals or groups who are affected by, or have the ability to impact, the organization’s actions.

In principle, organizations should respect the best interests of their stakeholder, which might


include:

• Clearly identifying its stakeholders• Assessing and considering the ability of stakeholders to engage with and influence the

organization• Considering the views of stakeholders who might be impacted by decisions or activities of

the organization, whether they are formally involved in the organization or not

Respect for the rule of law

The principle here is that organizations should accept and respect the rule of law in the capacity to which it applies to them.

Perhaps it goes without saying, but ISO likely included this clarification in their standard for compliance reasons, and to further the incentive that ISO 26000 should be compatible with any existing framework of regulations and standards.

For example, organizations will have to:

• Comply with legal and regulatory requirements in all jurisdictions in which they operate• Adequately review compliance policies and procedures with any applicable laws and

regulations

Respect for international norms of behavior

Quite simply, organizations should respect international norms while also “respecting the rule of law” as it applies to them locally.

For example:

• When the law doesn’t adequately define environmental, social, or economic safeguarding procedures, an organization should strive to respect, at a minimum, the norms of behavior for the relevant location in which they are operating

• Organizations should also avoid being complicit with other organizations who are obviously not respecting international norms of behavior

Respect for human rights

Organizations should respect and recognize the importance and universality of human rights.

That includes, but isn’t limited to:

• In situations where human rights aren’t protected, not to take advantage of these situations, and to ensure steps are taken to respect human rights

• In situations where the law isn’t as clear as it could be on certain aspects of human rights,


to adhere to the principle of respect for international norms of behavior

Seven Core Subjects of ISO 26000

Similar to the seven key principles, the seven core subjects of social responsibility (as defined by ISO 26000) are:

Organizational governance

Or, how your business makes decisions and takes steps to achieve its objectives.

The decision-making process of an organization should be structured so that principles of social responsibility can be effectively applied.

Human rights

This is also one of the seven key principles.

In this case it refers to how businesses should respect and support basic human rights both internally and externally; within their own operations and when collaborating with stakeholders.

Labor practices

Labor practices must be in line with all other policies of social responsibility.

All practices and policies that relate to the working conditions of the organization, including subcontracted work, are within the scope of this core subject.

That includes, but isn’t limited to:

• Health and safety of workers• Hiring• Promotion• Training• Skill development

Environment

Organizations should be aware of how each and every action and decision they take will impact the environment.

This is typically but not exclusively related to how organizations utilize resources, the location of their activities, waste, and pollution.


Fair operating practices

This refers to ethical codes of conduct, and how organizations should practice accountability and fairness when doing business with others.

Issues such as corruption (and anti-corruption measures), respect for local law, and the promotion of key principles of social responsibility throughout the organization are all part of the singular initiative of striving towards fairer operating procedures.

Consumer issues

Customers must be provided with all relevant information about an organization’s services and products, including issues of:

• Fair marketing• Consumer service• Support• Data collection and protection• Privacy

Community involvement and development

It’s important that organizations acknowledge the value of communities, and how these communities both support and are impacted by their business.

Community involvement is crucial in achieving truly sustainable development.

This might include:

• Providing support for skill development programs• Creation of new jobs within a given area• Other social investments that are mutually beneficial

Sustainable Development

Sustainable development is another important idea of ISO 26000, and it can be understood via three main pillars:

• Economy• Society• Environment

Sustainable development is simply the idea that the actions of a corporation should not be destructive.


At the very least, they should adopt reasonable business practices that serve to “sustain” the delicate systems of economy, society, and environment, as opposed to disrupting them.

ISO 26000, while focusing mainly on the societal aspect, nonetheless incorporates elements of each core pillar of sustainable development.

In this capacity, ISO 26000 as a standard incorporates core principles of sustainable development.

12. ISO for Risk Management Systems (RMS) 46

12. ISO for Risk Management Systems (RMS)

What is a Risk Management System?

ISO 31000 aims to simplify risk management into a set of clearly understandable and actionable guidelines that should be straightforward to implement, regardless of the size, nature, or location of a business.

Risk for ISO 31000 is defined as “the effect of uncertainty” on business objectives. This effect can be both positive or negative.

What exactly does that mean?

Well, ISO 31000 is an effort to acknowledge that business operations always contain a degree of uncertainty, and therefore, risk. No matter what our business goals, there’s always a chance that things might go wrong.

When you break down a business goal into a process, you can look at that process in terms of each step along the way, towards the eventual outcome of that process. Risk management involves looking at the element of risk present in each of those steps, and trying to manage it.

Risk management frameworks use three key concepts to talk about risk:

• Potential event• Probability of that event occurring• The resulting severity of the outcome, should the event occur

This kind of framework produces categorizations like “high-risk events”, meaning an event that has a high likelihood of occurring, as well as a severe outcome.

Overview of ISO for Risk Management

ISO 31000 defines risk slightly differently; however, these old risk assessment frameworks are still largely applicable and useful in an ISO 31000 risk management system.

It’s talking about the same kind of thing, just from a slightly different perspective. ISO is perhaps more optimistic; it focuses on business goals and outcomes, whereas traditional risk management frameworks tend to be more neutral, if not negative, talking about risk in a more detached way that isn’t necessarily taking into account business goals or objectives.



Again, both of these approaches can be used in tandem; they’re not mutually exclusive. It’s just two different ways of thinking about the same problem.

Another important difference is how, traditionally, risk management frameworks tend to focus on the quantification of risk. That means they try and put a number value to risk, worked out by combining the probability and severity values.

ISO 31000 focuses more on conceptual definitions of risk, tied to higher-level concepts of business objectives and context.

Standard Showcase: ISO 31000:2018 for Risk Management

Simply put, ISO 31000 is a standard for risk management. First published in 2009, with the most current version (at the time of writing) being 2018, it describes a set of guidelines intended to streamline risk management for organizations.

To quote the standard itself:

“[ISO 31000 is designed to be used by] any public, private, or community enterprise, association, group or individual.” – ISO 31000:2018

ISO 31000:2018 is a single standard in a larger family of risk management standards, generally referred to as ISO 31000. The risk management standards of ISO 31000 are all designed to be used broadly, across various industries, niches, and business types, to provide the best practice structure and guidance to all operations seeking to use the principles of risk management.

Benefits of Implementing ISO 31000:2018 for Risk Management

Why use ISO 31000? What can it do for your business? Well, aside from streamlining the implementation of a risk management framework by doing most of the structural and conceptual heavy lifting for you, it can also help with:

• Giving you a competitive advantage because ISO is an internationally recognized symbol for quality standards

• Increasing employee awareness of organizational risks by including them in the management framework and giving them responsibility for the processes they commonly use

• Reduce the frequency of, and ultimately eliminate risks by educating employees and stakeholders on identified risks

• Improve trust of stakeholders by maintaining transparency and communicating risks (and demonstrating risk responsibility and mitigation)

• Foster forward-thinking mentalities by encouraging employees to envision all potential outcomes of a given situation

• Improve company culture by bringing disparate departments together to exchange fresh perspectives, and consider how they might work together more effectively

• Improve success rate in all business operations by focusing on the process, thinking


preemptively instead of reactively, and giving employees ownership of their work responsibilities

ISO 31000 can be invaluable for preparing a business for all eventualities; by understanding the worst-case scenario, a business is better equipped to make the most of the resources and opportunities currently available to them.

While ISO 31000 is certainly one of many guideline documents for implementing risk management, one of its stand-out strengths is its concise format. You’d have a hard time finding a more comprehensive document that succeeds in condensing so much information into such a coherent and concise set of guidelines.

Without a doubt, ISO 31000 is one of the foremost documents for those who want to waste no time in getting started with risk management, without sacrificing quality or integrity.

Key Principles of ISO 31000:2018 for Risk Management

One of the core ideas of ISO 31000 is that risk management exists to create and protect value.

This idea is expanded upon by the eight principles of ISO 31000, which are:

1. Risk management must be integrated into all business operations and activities2. The approach must be structured and comprehensive.3. Processes and the risk management framework should be customized to suit the

organization’s goals and context.4. Stakeholders must be involved with the management framework; it must be inclusive.5. Risk management must be dynamic and robust; preemptive thinking, anticipating, detecting,

acknowledging and responding to changes.6. Risk management takes into account any limitations of available information.7. Human and cultural factors are paramount, and should be considered at all stages and

aspects of risk management.8. The risk management framework is continuously improved through learning and experience.

These principles clearly describe the most important factors for an effective and efficient risk management framework, according to ISO 31000.

Principles one through five are concerned with risk management system design and planning. Sometimes, these first five are written with the acronym PACED:

• Proportionate• Aligned• Comprehensive• Embedded• Dynamic


The remaining six through eight focus on implementation and operation of the framework, and are largely similar to other Annex L MSS structures.

13. ISO for Management System Auditing (ISO Audits) 50

13. ISO for Management System Auditing (ISO Audits)

Overview ISO for Management SystemAuditing

ISO 19011 is a set of guidelines for auditing management systems.

It is not a set of requirements. You can’t get “ISO 19011 certified” (similar to ISO 26000).

It’s sort of like a meta-standard designed to inform companies how to prepare audit programs for auditing their management systems (quality management systems, environmental management systems, risk management systems, et cetera).

As of writing, the most recent revision, ISO 19011:2018 (Guidelines for auditing management systems), was published in July 2018 in response to demand for guidance on combined management system audits.

ISO 19011 has three important sections concerning auditing management systems:

• How to manage an audit program• The seven principles of auditing• Approaches for evaluating the competence of auditors

There’s also a big focus on applying principles of continuous improvement to an audit program.

One of the main tenets of such an approach is making sure that the objectives of the audit program are well-aligned with the main business objectives of the organization, and that the needs and best-interests of customers and other stakeholders are prioritized.

An area of increasing importance in the auditing of management systems is the principle of risk management.


Seven Principles of ISO Auditing

ISO 19011 defines seven key principles that help to ensure audits are effective and reliable tools, supporting the management systems they are auditing by providing actionable information that organizations can use to improve performance.

These principles are designed to enable auditors working independently from one another to reach similar conclusions in similar circumstances.

Integrity: The foundation of professionalism

Auditors and audit programme managers should perform their work ethically, in an honest and responsible manner, and using their best judgement should:

• Undertake audit activities only if competent to do so• Perform work in a fair and unbiased manner

1.

2.

3.

4.

5.

6.

7.

8.

!

Integrity

Fairness

Judgement

ConfidentialityIndependence

Evidence

Risk


• Remain sensitive to influences exerted upon their judgement while carrying out audits

Fair presentation: the obligation to report truthfully and accurately

All audit findings, including documented evidence, conclusions and written reports should reflect truthfully and accurately the activities of the audit.

This includes any obstacles, disagreements with other auditors, or difficulties faced during the audit. Everything must be adequately documented.

It goes without saying that all communication, not just documented and reported information, should be truthful, timely, rational, clear, and complete.

Due professional care: Diligence and judgement in auditing

Auditors should exercise due professional care in all tasks performed during the audit, in accordance with the confidence placed in them by the auditee and in recognition of the importance of the task they are performing.

One of the most important requirements of this principle is that auditors have the ability to make reasoned judgements in all situations during the audit.

Confidentiality: Security of information

Auditors should respect the confidentiality of all information they’re dealing with throughout the audit.

This means exercising due diligence in making sure all information acquired during the course of their duties as auditors is respected and adequately protected.

Making sure information is secure includes taking special precautions where necessary, such as handling sensitive or confidential information.

Independence: Audit impartiality and objectivity

Audits, by nature, should be independent of the activity being audited, to the furthest extent possible. They should not interfere with the activity, nor should they hold any bias or conflict of interest.

If possible, internal audits should preferably be independent from the function being audited.

Key to all audits is the pursuit of objectivity via rational process, to make sure all findingsand results from the audit are based only on audit evidence.

Smaller organizations may find it difficult to enlist truly independent auditors; as such every


effort should be made to eliminate bias and encourage the pursuit of rational objectivity.

Evidence-based approach: Rational, reliable, reproducible results

Evidence is one of the pillars of a successful audit, and the foundation of rational, reliable, reproducible results.

Audit evidence should be based on samples of available information, in acknowledgement of the fact that audits are conducted within limited periods of time, with limited resources.

Collection of audit evidence is based on a formalized process known as audit sampling.

Audit sampling typically involves the following steps:

• Setting clear sampling objectives• Determining how much of, and what will be sampled• Selecting a sampling method• Deciding on a sample size• Carrying out the sampling• Documenting and reporting all results

Further details of various audit sampling processes are expanded in annex A.6 of ISO 19011:2018.

Risk-based approach: Considering risks and opportunities

Risk management is a substantial factor when planning for, conducting, and documenting an audit.

The goal of a risk-based approach is simply to orient the audits more clearly towards matters that are important for audit clients and the achievement of audit objectives.

ISO Certification: Is It Necessary?

ISO certification isn’t necessary; you can implement any standard without getting officially certified and still reap the benefits.

However, certification carries some exclusive benefits, some of which have been mentioned above. You may also require ISO certification for specific situations, such as when a client or government body requests it.

To be clear, you can only achieve ISO certification as the result of a successful 3rd party audit. To succeed in a 3rd party audit, you need to have:

1. Built and implemented a quality management system in accordance with the principles of the


relevant standard.2. Have an audit performed by a Certified Body (CB or Registrar) to assess the performance of

your QMS against the relevant standard.3. If you are successful, the certificate will need to be recertified after three years (and every

subsequent three years) to make sure you’re still up to standard (as well as any new changes to the standard).

That said, there are other reasons you may want to perform an ISO audit.

Benefits of ISO Certification

There are a wide range of benefits that make ISO 9001 certification an important consideration for any organization. I’ve listed the main benefits below.

How ISO 9001 certification benefits your business:

• Increased profit potential and market share• Time saved from more efficient resource management• Recurring problems and anomalies reduced or eliminated• Brand image and credibility improved• Manual work is reduced with process integration and process automation• Organizational efficiency and effectiveness is improved by using data and evidence to inform

decision making

The ISO 9001 approach looks at both the individual processes as well as how all of those processes interact with one another. By examining the relationship between all of your business processes in the context of a QMS, you can locate areas ripe for improvement and optimization.

Utilizing data and evidence to inform your decision making is necessary if you want to achieve your business goals. Collecting adequate reports and sufficiently documenting your processes is also necessary, so you have data to work with in the first place. Quality management systems are good at this, and provide a framework for documentation of all processes within your business.

How ISO 9001 certification benefits your customers:

• Provides assurance that you’re a reliable, high quality vendor• Customer satisfaction is a prime focus of ISO 9001• Customer feedback can be quickly and efficiently acted upon• Pre-emptive planning means issues are addressed before they have a chance to cause

problems for your customers

One of the most important factors driving the implementation of quality management systems is the focus on improving customer satisfaction by identifying their needs and goals. Improved customer satisfaction then leads to ongoing business.


When it’s clear to a customer that you have achieved the high standards of quality required by an ISO 9001 certification, they will more readily place their trust in you.

How ISO 9001 certification benefits your employees

• Jobs are more secure thanks to improved business performance• Employees report higher job satisfaction and workplace happiness due to their roles (what to

do, and how to do it) being clearly defined and streamlined• Training, onboarding, and educational resources are more readily available thanks to

improved planning and organizational structuring• Implementation of a QMS can foster a company culture of continuous improvement• Employees become more engaged and feel more responsible for the processes they are

using

Fostering a culture of continuous improvement can help to improve worker morale (as well as general workplace happiness) by making workers feel like they’re actively involved in, and responsible for, the development, implementation, and optimization of the processes they use on a daily basis.

Besides, it makes sense that the people making decisions about design and optimization of a specific process are the ones actually using them on a daily basis.

By bringing your whole workforce together to build on and improve existing processes, you not only foster a culture of continuous improvement, but also align workers with the goals of the organization as a whole.

Different Types of ISO Audit

ISO 19011 is a standard designed to help companies perform audits.

When it comes to ISO standards, there are two main different types of audit:

1st Party Audit

Internal Audit

2nd Party Audit

External provider audit

Other externalinterested party audit

3rd Party Audit

Certification and/or accreditation audit

Statutory, regulatory and similar audit


• Internal audits (first-party)• External audits (second-party and third-party)

ISO 19011 specializes in first and second-party audits, and is designed for use by audit teams of all types and sizes, from single auditors to larger teams suited for full-scale enterprise audits.

Remember that ISO 19011 is a set of guidelines; it’s not a complete set of requirements that needs to be followed step-by-step. The guidance offered by ISO 19011 should be adopted as appropriate to suit the specific needs and requirements of the audit programme in question.

ISO 19011 can also be used as additional guidance for third-party audits, but the specific requirements for auditing management systems are set out in ISO/IEC 17021-1; these requirements are for use by certified lead auditors or registered bodies when carrying out certification audits.

Below you can find a quick breakdown of each type of audit.

First-party

This is simply an internal audit.

Internal audits are conducted by (or on behalf of) the organization itself. These audits are typically in the context of assessing conformity, evaluating effectiveness, identifying areas that could be improved, or as requirements for certain ISO standards specifying that internal audits need to be carried out.

First-party audits may also be done as a preparation for a 3rd party audit; however, first party audits can never result in an ISO certification.

Second-party

External audits encompass both second and third-party audits.

Second-party audits are conducted by, or at the request of relevant interested parties outside of the organization, like customers or contracted organizations on behalf of a customer.

For example, a client and vendor have a contract, and goods or services are being exchanged. Typically, second-party audits will be more formal than first-party, because they will influence the relations with customers or other relevant interested parties.

Third-party

Third party audits are done by independent organizations that have no vested or conflict of interest in the organization being audited, like those that provide certification, or government agencies.


Independence of the audit organization is one of the defining factors of a third-party audit.

Customers can also request third-party audits, and this will usually be in order to verify you conform to some specific requirements.

Only third-party audits can be used to get ISO certified. Third-party audits may also result in other types of registration, recognition, or licensing.

Equally, failing a third-party audit might also result in a fine or citation.

14. Free ISO Templates 58

14. Free ISO Checklists

These checklists are intended as a generic guidance and are not a replacement for ISO standards proper.

They will help you perform internal audits in preparation for external audit or certification,and they will allow you to familiarize yourself with the implementation and auditing process of various ISO standards.

For best results, you are encouraged to edit the checklists and modify the contents to best suit your particular use cases, as the templates cannot provide specific guidance on the particular risks and controls applicable to every situation.

Typically, management system auditors will prepare custom checklists that reflect the specific scope, scale, and objectives of the quality management system being audited.

If you want to use these templates, you can click to open them, and then add them to your Process Street account. From there, you can use, collaborate and edit them however you like.

ISO 9001 Internal Audit Checklistfor Quality Management Systems

4 (Conditional) Prepare for audit follow-up31

532 Assess organizational knowledge of the QMS

6 Prepare audit report33

6 Review audit evidence & findings34

29 Assess QMS infrastracture

Todd

30 Assess QMS Work Environment

Bruce

28 Assess HR integration with QMS

Get your free ISO checklist here


https://www.process.st/checklist/iso-9001-internal-audit-checklist-for-quality-management-systems/


How to use this checklistfor ISO 9001

This checklist is designed to help you implement a quality management system to the requirements of ISO 9001:2015, by aiding you in performing an internal audit.

With a solid checklist to follow, you’ll have more success running an internal audit in preparation for a certified 3rd party audit (and ISO certification) because the whole process is already laid out in front of you. That means saving time and money in your QMS implementation.

There are four main objectives of an ISO 9001 audit:

• To verify opportunities to improve the QMS,• To verify conformance to applicable standards,• To verify conformance to documented processes and procedures,• To verify effectiveness of business processes.

By using this checklist you can ensure a consistently high level of audit quality and discover all potential points of failure or noncompliance in your ISO 9001:2015 QMS implementation.

This checklist is not intended to be a script that the auditor follows verbatim. Rather, it should be used as a tool to ensure that the basic requirements have been addressed and that adequate evidence has been recorded.

The most effective audits are those during which auditors simply talk with the auditees to learn everything they can aboutthe process being audited” - Ann W. Phillips, from ISO 9001:2015 Internal Audits Made Easy

QM

S

6 Assess documentaiton systems10

ISO 14001 EnvironmentalManagement Self Audit Checklist

4 Assess environmental aspects of planning

58 Assess competence, training, awareness

6 Assess communication9

5 Assess legal and regulatory requirements


6 Assess objectives, targets, and strategiesBruce

7 Assess resources, roles, responsibility, and auth...

Todd


https://www.process.st/checklist/iso-14001-environmental-management-self-audit-checklist/



This template is designed to be used to perform a self-audit in accordance with requirements of ISO 14001:2015 for environmental management systems (EMS).

Requirements are presented in the form of tasks with form fields to record various information about the status of each of the 10 high-level clauses as outlined in the Annex L standard for management systems.

These clauses are then further broken down into the Plan, Do, Study, Act segments of the PDSA cycle.

This checklist can be used as an effective tool for implementing the environmental management system and for self-assessment of the system.

Self-auditing can help to define a high-level overview of an organization’s performance, and determine the effectiveness (or not) of its various management systems.

What’s more, it can help to identify problem areas and successfully apply principles of continuous improvement.

Self-auditing is best used as a tool to discover the potential opportunities for innovation and continuous improvement; it is not a replacement for a 3rd party CB (Certified Body) audit and will not necessarily result in an ISO certification.

This checklist was designed to factor in repeat audits, so that continuous improvement principles could be applied over the course of multiple audits, with each successive audit contributing to the inputs of the next.

ISO 19011 ManagementSystems Audit Checklist

4 Establish objectives of the audit programme

6 Communicate the audit programme so far with...9

5 Determine risks and opportunities


6 Establish extent of the audit programme

7 Establish audit programme resources

58 Prepare all documented information so far

Todd

Bruce

6 Ensure relevant duties have been fulfilled so far10


https://process.st/checklist/iso-19011-management-systems-audit-checklist



Since the first edition of ISO 19011 was published back in 2002, many new management system standards have been published. This makes the need for a standardized framework for performing management system audits greater than ever before.

ISO 19011 is that framework. The standard outlines a set of guidelines for performing audits on management systems, from management and planning, to the audit process, and carrying out evaluation of auditor competence.

This broader approach to management system audits is designed to streamline the process by recognizing the common structure that many ISO management systems share.

Management system audits can be conducted against a range of audit criteria, including (but not limited to):

• Requirements set out in existing ISO standards• Policies and requirements defined by customers and stakeholders• Government policy and similar regulatory requirements• Documentation of internal management processes (defined by the organization being

audited)• Documentation of internal management system plans and procedures (relating to

specific process outputs)

This checklist is designed to simplify the process of planning for and carrying out an audit of a management system. The checklist can be used to adapt the audit program for the specific requirements of the audit, regardless of the management system type, the scope, complexity, or scale of the audit.

Focus is placed on internal audits (first and second party), however, this checklist can also be useful to prepare for external audits (though it cannot be used to obtain ISO certification).

ISO 26000 Social ResponsibilityPerformance Assessment Checklist

3 Determine assessment objectives

6 (Conditional) Resolve issues with documented...8

4 Determine scope of the assessment


5 Make necessary arrangements with client

6 Request documented information

57 Review documented information

Todd

6 Assign accountability9Bruce


https://www.process.st/checklist/iso-26000-social-responsibility-performance-assessment-checklist/



Around the world, organizations and stakeholders alike are recognizing the need for socially responsible behavior. By enacting socially responsible policies and procedures, organizations can contribute to sustainable development.

ISO 26000 is designed to support organizations in achieving sustainable development.

Organizations are encouraged to see their corporate social responsibilities as more than mere legal compliance, and ISO 26000 serves as a bridge for implementing actionable policies and procedures in line with socially responsible and sustainable practices.

ISO 26000 is the result of a 10-year long international collaborative effort designed to innovate standards for corporate sustainable development.

Aimed at forming consensus based on a multi-stakeholder participatory approach,ISO 26000 offers guidelines for a common understanding of social responsibility, to be applied together with other certifications and standards for management systems like ISO 9001, ISO 14001, etc.

This checklist is designed to run an internal performance assessment on your organization, to assess the implementation of guidelines outlined in ISO 26000.

Typically, CSR performance assessments will require custom checklists that reflect the specific scope, scale, and objectives of the organization being assessed.

ISO 27001 Information SecurityManagement System (ISO27K ISMS)

Audit Checklist

6 Request documented information from...7

3 Establish objectives of the ISMS audit


4 Determine ISMS audit scope

5 Establish criteria of the ISMS audit

56 Ensure ISMS audit monitoring systems are in place

Bruce

2 Establish context of the ISMS audit

6 Assign audit team8

Todd


https://www.process.st/checklist/iso-27001-information-security-management-system-iso27k-isms-audit-checklist/



This checklist will help you audit your ISMS to the ISO/IEC 27001:2013 standard. By using this checklist, you can save time and ensure lower rates of human error during internal audits, by enforcing process adherence and taking advantage of Process Street features like stop tasks and conditional logic.

One of the biggest challenges for internal audits is proper recording of data and then being in a position to quickly and easily access that data for comparisons against previous audits, as well as for determining action items for nonconformities and process improvements.

One of the core functions of an information security management system (ISMS) is a centralized repository of key information security policies and procedures. This audit checklist will help you gather data and record evidence for convenient access and records management, so future audits are more convenient (and more useful!)

Internal audits are also a key element of a successful ISO 27001 implementation, especially for smaller organizations. This can also be one of the hardest functions to successfully implement in a way that meets the requirements of the standard.

This checklist is designed to streamline the ISO 27001 audit process, so you can perform first and second-party audits, whether for an ISMS implementation or for contractual or regulatory reasons.

You can make your life easier by using this checklist to audit your ISMS.


21 Assess leadership of the OHSMS

ISO 45001 Occupational Healthand Safety (OHS) Audit Checklist

6 Assess actions to address and identify hazards26

22 Assess OHSMS policies

23 Assess OHSMS roles, responsibilities, and authorities

24 Assess consultation and the participation of workers

525 Assess actions to address risks and opportunities

Todd

Bruce

6 Assess determination of legal and other...27



https://process.st/checklist/iso-45001-occupational-health-and-safety-ohs-audit-checklist



ISO 45001 defines the requirements for an occupational health and safety (OHS) management system.

The purpose of the standard is to enable organizations to implement a management system that facilitates continuous improvement of OHS performance, in the interest of preventing injury and ill-health.

Organizations of all sizes and types can use ISO 45001; the standard will enable improvement of performance by:

• Developing and implementing clear policy and objectives• Understanding and considering risks and opportunities• Determining the hazards of the OHS system and implementing controls• Clearly communicating risks throughout the organization• Evaluating performance of the OHS and seeking to continuously improve it• Making sure workers are actively involved in and understand the OHS management

system

By utilizing this checklist to implement an operational health and safety (OHS) management system, organizations will stand to gain the following:

• Improved regulatory and compliance issues response time• Reduced frequency of workplace incidents• Reduced workplace downtime and fewer operational disruptions• Reduced insurance costs• Reduced employee absence and turnover• Recognition of having successfully implemented ISO 45001 (informally, based on

internal audit reports)

This checklist is designed to streamline the process for implementing an operational health and safety (OHS) management system in line with the requirements set out in the ISO 45001:2018 standard.

15. Agile ISO: The Future of Quality Management 71


15. Agile ISO: How to Combine Compliance with Rapid Process Improvement

Agile ISO is about taking the boring rigidity of ISO standard operating procedures, and replacing it with digital tools where process iterations can be rapid, and work instructions can be created from the bottom up, not just from the top down.

You see, the current ISO 9000 is the 2015 revision, which built on and adapted the 2008 version.

And the 2015 version has a host of interesting content which allows companies to be much more agile and flexible in their approach.

Recent ISO Changes = Agile Friendly

For a long time, people have been curious whether agile and ISO style approaches could be married together, but it seems that the architects of the 2015 version were also thinking about this.

The most recent versions, for example, allow the organization themselves to be the judge of how much documentation is required to achieve specific business goals from their processes.

This enables each individual organization to determine the correct amount of documented information needed to demonstrate the effective planning, operation and control of its processes and the implementationand continual improvement of the effectiveness of its QMS.” – From the ISO/TC 176

Plus, the standards now allow for organizations to focus on making sure their operations align with specific business goals, rather than having to create a monolithic QMS that covers the whole company from the outside-in, as opposed to being designed as an integrated system.

Now it allows the QMS to be more of a set of integrated practices within departments or teams to the extent that it benefits and serves strategic goals.

So, if I wanted to do some PPC ads on social media, I could just hire some people who were good at it, give them a bunch of money, and tell them to run ads and test things until they come back to me with something that works. And I would still be ISO compliant. Despite no prior planning or process creation. As long as those ads managers adhere to the spirit of company


policies, we’re good to go.

The third point worth mentioning is that procedures can be stored digitally as well as on paper, which means no more dusty manuals that nobody bothers to read. The new regulations allow for storage on CDs, on word-processing files, or – get this – to the cloud.

But What Makes This Agile?

Now that you can store your procedures in the cloud, we can use technology to get past some of the difficulties we were previously presented with.

Both Nathan Sykes and the academics Tor Stålhane & Geir Kjetil Hanssen have made the point that conformance to ISO fully could lead to more paperwork and prior planning than would be allowed for in an agile setup, and that the extra documentation could undo any agile process improvement benefits. They both propose the solution of underdocumenting procedures while adhering to other aspects of ISO 9001 like the quality policies and assurances. Their suggestions were that you should be able to pass the audit anyway if well-aligned with strategic goals.

But you shouldn’t determine how documented a process needs to be on the basis of what agile theory says nor on the basis of what a bunch of Swiss technocrats say.

You should determine how documented a process needs to be by the nature of that specific process.

Some processes need detailed procedure steps and extensive work instructions. Other processes may need one but not the other. Every process is different and your documentation should be a reflection of your business needs, not of anything else.

It’s the agile vs waterfall debate. Some processes need planning out from the start in detail, others can just get started and form a process as experimentation continues and different stakeholders weigh in to determine what works and what doesn’t.

Agile ISO is about using software to achieve the fully developed process libraries where necessary, and also being able to quickly build new processes in collaboration with others while able to iterate them rapidly over time.

It’s about being able to do both of these things and still get ISO accreditation.

Requirements for Agile ISO

To enable Agile ISO in an organization you need software which can do multiple things:

• Allow you to build rich process libraries with multiple folders, subfolders, and managed permissions.


• Allow you to build large detailed procedures filled with work instructions, media, and reference guides.

• Allow you to interact dynamically with procedures as process instances, recording information through form fields.

• Allow you to see when a process was followed, who followed it, and what progress was made on it.

• Allow you to see the revision histories for set procedures, so you know how they were updated, when, and by whom.

• Allow you to enforce certain procedural paths through things like stop tasks and conditional logic.

• Allow you to quickly create new processes, assign them to individuals or teams, and collaborate on their construction and execution.

• Allow you to update a process model for a procedure and immediately push the new revision live for use.

With this feature set in place, you’re able to bring the best of business process management, agile methodologies, and ISO standards into one practical method of process management.

Your process library acts as a dynamic complete process manual. The revision histories of each procedure contain the date, time, and individual. The procedures can be super complicated or incredibly simple. They can be assigned or scheduled, even triggered automatically by the completion of other tasks.

This process library of digital SOPs is like a manual on steroids which eats HGH for breakfast.

But the best part is, when an employee sets out to complete a task, they just follow a checklist which walks them through the process and makes the process even easier for them to complete.

This raises process adherence, improves output, and enables accountability in the workplace.

Unlike a traditional dusty procedure manual, processes actually get followed by employees.

So, how do we begin with this dream solution?

How to Get Started with Agile ISO (5 Easy Steps)

The answer, as I’m sure you’re now aware, is Process Street.

Process Street does everything described above, and more.

With Process Street, you create templates and then run checklists from them. The template acts as a process model and the checklist as a single instance of the model.

http://process.st


This makes it super easy to build processes, and even easier for employees to follow them. It’s as simple as following a checklist.

You can also connect Process Street up with the third party automation platform Zapier to connect it with over 1,000 other apps and webapps.

But back to Agile ISO.

This is what you need to do to go about becoming ISO compliant via our Agile ISO method:

1. Build your processes in Process Street. If you don’t already have documented processes, then get your different team members or team leaders to build out their processes in Process Street themselves. It should take them no time at all to create a rough skeleton with some accompanying work instructions. Keep it simple. Improve them out over time.

2. Create your folder architecture. You can review our post on process libraries for inspiration, but you can use folders, subfolders, and tags. You can also manage permissions for folders so that some (proprietary info, finances, legal) can be private. Then you can move the process templates your team(s) created into their corresponding homes.

3. Design your meta-processes. These are things like processes for process improvement, processes for risk assessment, processes for creating new processes, process style guides, etc. These processes manage your other processes.

4. Write your policies. These are the boring bits we talked about earlier: Context of the Organization, Operations, Support, etc. You can draft these out and get consultation from others in your company.

5. Create your first official document. You can have a folder in your Process Street process library where you store your policies as templates. You won’t run these templates as checklists, but it makes sense to keep all documents in the same system. Both process templates and individual checklists can be exported to PDFs in case you want to present the documents physically at any point.

16. How Process Street Works 75

16. How Process Street Works

Process Street is a business process management (BPM) software with a bunch of state-of-the-art features to help you streamline your management systems.

It works by powering up your internal processes with checklists and automations, so your daily recurring tasks are less of a burden. Process Street is great for ISO standards because it helps you adhere to your internal procedures, and set clear requirements and guidelines for all of your internal policies and procedures.

Here’s a list of features, with additional info about how that feature makes implementing and auditing ISO easier.

• Stop tasks - collecting audit evidence and enforcing requirements.• Conditional logic - auditing selective areas of an organization, and streamlining the audit

process based on the needs of the auditee.• Dynamic due dates - keeping audits on-time and preventing noncompliance due to untimely

or inefficient workflow management.• Task permissions - restricting sensitive information on a need-to-know basis; useful for

compliance with GDPR or similar data protection requirements.• Task assignments - assigning specific tasks to specific team members; useful for

streamlining procedures and improving efficiency.• Role assignments - similar to task assignments, but allows you to build more powerful

automations where roles are assigned, as opposed to individuals.• Webhooks and integrations - linking Process Street to your other internal tools for a

seamless management system control panel.• Approvals - assigning crucial tasks in the workflow to top management or certified lead

auditors for final approval (approve from mobile or desktop!)• And more!


Stop Tasks

These allow you to halt a process at any given point until all of the requirements of that specific task have been met. For example, you might use a stop task to prevent the checklist from moving forward until all relevant evidence has been gathered, as seen in the screenshot below.

Bruce Wayne OnboardingOracle Proposal

Conditional Logic

Build complex processes with branching logic to account for all possible outcomes. With this feature, your checklists will be robust and less prone to error or failure. You can also streamline audit procedures by using conditional logic to omit certain departments or clauses, for example if you only need to perform a practice run or just want to gather information about a small segment of your organization.

Design a website

If

Then

Design elements

show Design logo

Logohas any of

If

Then

Design elements

show Design Banner images

Banner imageshas any of


Dynamic Due Dates

You can use dynamic due dates to set notifications for important tasks in your recurring checklists. If you need to schedule an internal audit across multiple site visits, these will help you organize deliverables in a timely manner.

Dynamic due date

This task will be due:

months days hours minutes

2 7 2 40

after checklist start date

Task Permissions

For sensitive data or tasks you want to restrict access to, task permissions allow full control of who can access specific parts of a checklist. This is useful for client confidentiality when performing third party audits, as well as streamlining process adherence (so people only see what they need to see - which means they can be more focused!)

Permissions

All MembersGroup

Group

Option

All Guests

Share Link

Add new permission+


Task Assignments

Assign specific tasks to specific people. This helps with simplifying complex processes, and means you can bring people into the process as and when they’re needed - and they’ll understand exactly what work they need to do, immediately. This works great for gathering audit evidence, and rich form fields make it easy to upload documents and additional resources.

Product Presentation

Role Assignments

Task assignments, powered-up. Role assignments allow you to further streamline the audit process by simply defining the role, as opposed to the specific person. This is useful for working between departments, where keeping requirements higher-level keeps things simple and helps procedures be more robust and error-safe.

Product Presentation


Webhooks and Integrations

With our powerful integrations, you can use Process Street to pull data and documents from other software. This makes gathering data and evidence for audits easier than ever.

{ API }

Approvals

Approval tasks allow you to sign-off on important documents ASAP, all from your email inbox. Approve (or reject) work such as audit findings, reports, or anything you can think of with the click of a button.

Basically, Process Street allows you to not only audit your ISO standard implementations, but also BUILD and MAINTAIN complex management systems.

Sales Invoice

!

Further Reading 80

Further Reading

Business Process Management

• Standard Operating Procedure Software for Organized Teams• Business Process Management Software for Streamlined Operations• Workflow Software that Superpowers Your Team• Remote Work Software for Teams Everywhere• Onboarding Software for Consistent, Quality Training• Property Management Software for Business Efficiency• The Complete Guide to Business Process Management [Ebook]• The Ultimate Guide to Business Process Automation [Ebook]• Get More Done: The Complete Introduction to Task Management [Ebook]• The Consultant’s Guide to Process Street [Ebook]

Standard Operating Procedures

• 30+ Free SOP Templates to Make Recording Processes Quick and Painless• How to Write a Proposal and Get What You Want (Free Templates)• 6 Checklists to Perfect your New Employee Onboarding Process• Approvals: How to Streamline Decision-Making in Process Street• Ultimate SOP Guide: Standard Operating Procedures Made Easy (Free Templates!)

Templates General ISO audit

• ISO 19011 Management Systems Audit Checklist

QMS audit• ISO 9001 Internal Audit Checklist for Quality Management Systems• ISO 9004:2018 Self-Audit Checklist

EMS audit• ISO 14001 Environmental Management Self Audit Checklist• ISO 14001:2004 to ISO 14001:2015 EMS Transition Checklist

IMSMS audit• ISO 27001 Information Security Management System (ISO27K ISMS) Audit Checklist

CSR audit• ISO 26000 Social Responsibility Performance Assessment Checklist

https://www.process.st/standard-operating-procedure-software

https://www.process.st/business-process-management-software

https://www.process.st/workflow-software

https://www.process.st/remote-work-software

https://www.process.st/onboarding-software

https://www.process.st/property-management-software

https://www.process.st/business-process-management-guide/

https://www.process.st/business-process-automation-guide/

https://www.process.st/task-management-guide/

https://www.process.st/consultants-guide-to-process-street/

https://www.process.st/sop-templates/

https://www.process.st/how-to-write-a-proposal/

https://www.process.st/new-employee-onboarding-process/

https://www.process.st/approvals/

https://www.process.st/sop/

https://www.process.st/checklist/iso-19011-management-systems-audit-checklist/

https://www.process.st/checklist/iso-19011-management-systems-audit-checklist/

https://www.process.st/checklist/iso-9001-internal-audit-checklist-for-quality-management-systems/

https://www.process.st/checklist/iso-90042018-self-audit-checklist/

https://www.process.st/checklist/iso-90042018-self-audit-checklist/

https://www.process.st/checklist/iso-14001-environmental-management-self-audit-checklist/

https://www.process.st/checklist/iso-140012004-to-iso-140012015-ems-transition-checklist/

https://www.process.st/checklist/iso-140012004-to-iso-140012015-ems-transition-checklist/





Further Reading 81

OHS audit• ISO 45001 Occupational Health and Safety (OHS) Audit Checklist

SOP• ISO-9000 Structure Template• ISO-9000 Marketing Procedures• ISO 14001 EMS Structure Template• ISO 14001 EMS Mini-Manual Procedures

https://www.process.st/checklist/iso-45001-occupational-health-and-safety-ohs-audit-checklist-2/

https://www.process.st/checklist/iso-45001-occupational-health-and-safety-ohs-audit-checklist-2/

https://www.process.st/checklist/iso-9000-structure-template/

https://www.process.st/checklist/iso-9000-marketing-procedures-3/

https://www.process.st/checklist/iso-14001-ems-structure-template/

https://www.process.st/checklist/iso-14001-ems-mini-manual-procedures/

Disclaimer

1. Process Street is not affiliated or in partnership with the International Organization for Standardization (ISO). The materials on Process Street’s website are provided on an as-is basis and are for educational purposes. Process Street makes no warranties, expressed or implied, and hereby disclaims and negates all other warranties including, without limitation, implied warranties or conditions of merchantability, fitness for a particular purpose, or non-infringement of intellectual property or other violation of rights.

2. Further, Process Street does not warrant or make any representations concerning the accuracy, likely results, or reliability of the use of the materials on its website or otherwise relating to such materials or on any sites linked to this site.

Disclaimer 82

References 83

References

Sources

General• ISO: Everything You Need to Know (Ultimate Guide + Free Templates)

Agile ISO• Agile ISO: A Holistic Business Process Management Framework• Agile ISO: How to Combine Compliance with Rapid Process Improvement

Quality management• What is ISO 9001? The Absolute Beginner’s Guide (Free Templates!)• ISO 9001: The Ultimate QMS Guide (Basics, Implementation, ISO Templates)• What is ISO 9000? The Beginner’s Guide to Quality Management System Standards (Free ISO 9001 QMS Template)• What is a Quality Management System? The Key to ISO 9000• What is Quality Management? The Definitive QMS Guide (Free ISO 9001 Template)• Best QMS Software for Quality Management Systems: Which is Right for You?

Environmental management• 5 Free ISO 14001 Checklist Templates for Environmental Management• What is ISO 14000? EMS Basics & Implementation (Environmental Management)• What is Environmental Management? How You Can Implement it Today

Energy management• ISO 50001: The Ultimate Guide to Energy Management Systems (EnMS)

Risk management• What Is ISO 31000? Getting Started with Risk Management

Medical & healthcare• ISO 13485: Basics and How to Get Started (QMS for Medical Devices)

Food safety• ISO 22000: The Farm to Fork Standards for Proper Food Safety Management

Corporate sustainability/social responsibility• ISO 26000 for Corporate Social Responsibility: How to Get Started• Corporate Sustainability: Using System Thinking to Solve a Global Crisis

https://www.process.st/iso/

https://www.process.st/iso/

https://medium.com/@adam_51852/agile-iso-a-holistic-business-process-management-framework-d0167ab31c01

https://www.process.st/agile-iso/

https://www.process.st/agile-iso/

https://www.process.st/what-is-iso-9001/

https://www.process.st/iso-9001/



https://www.process.st/quality-management-system/

https://www.process.st/quality-management/

https://www.process.st/qms-software/

https://www.process.st/qms-software/



https://www.process.st/environmental-management/

https://www.process.st/environmental-management/










https://www.process.st/corporate-sustainability/

https://www.process.st/corporate-sustainability/

References 84

Auditing• ISO 19011:2018 Basics (8 Free Management System Audit Checklists)• What is an ISO Audit? Free ISO 9000 Self-Audit Checklist (ISO 9004:2018)

Certification• What is ISO 9001 Certification? How to Get Certified (For Beginners)

SOP• How to Write an Actionable Policy and Procedure Template (ISO Compliant!)


https://www.process.st/iso-audit/

https://www.process.st/iso-audit/

https://www.process.st/iso-9001-certification/

https://www.process.st/iso-9001-certification/

https://www.process.st/policy-and-procedure-template/

https://www.process.st/checklist/iso-14001-ems-mini-manual-procedures/

the complete guide to iso management systems

Documents