Integrated Management Systems


Published on

Management systems are merging. Is quality at the center or part of the mix?

Published in: Business, Technology

Integrated Management Systems

  1. 1. Management Systems Integration: Big Q or little q? Dennis Arter, FASQ October 2013
  2. 2. Eras of management Control era (product) 1925-1975 Define characteristics and inspect to those characteristics (form, fit, function) Assurance era (process) 1975-2000 Define processes to achieve results and make sure those processes are being followed. (Say what you do and do what you say)
  3. 3. Eras of management Management era (system) 2000-2012 Develop organization systems to achieve results and provide resources to achieve success. Integration era (whole) 2012-2018 Combine quality, environment, safety, security into a holistic view. More emphasis on risk management.
  4. 4. Back to Basics Plan Do Act Check From our Quality history
  5. 5. PDCA means Plan Identify item or service characteristics (form, fit, function) Define methods, material, and machines to make or deliver that product Define the systems in which the product is made or delivered
  6. 6. PDCA means Do Provide people, equipment, material and infrastructure to make or deliver the product Follow the defined methods
  7. 7. PDCA means Check Measure progress in achieving defined products, processes, and systems This can be through inspection, audit, customer satisfaction, SPC, or any number of such tools
  8. 8. PDCA means Act Reduce differences between desired and actual states Make things better and smarter Note: Deming (PDSA) and Six Sigma (DMAIC) are versions of this.
  9. 9. Good and evil Some systems promote Good Quality management tries to achieve excellence, efficiency, satisfaction, delight. Financial management tries to improve efficiency. Human resource management tries to maximize people resources.
  10. 10. Good and evil Some systems prevent Evil Environmental management tries to prevent harm to the planet. Safety management tries to prevent harm to people. Security management tries to keep bad guys away. Financial management tries to protect assets Note: These can also save resources if done right.
  11. 11. Quality management model Material Ideas Bring things together People Machines Make it Deliver it Change Evaluate it
  12. 12. Environmental Management model Sources Pollutants Acceptable? Conditions No Avoid Take Action Transfer Change Mitigate Effects Evaluate
  13. 13. Safety management model Sources Conditions Energy Acceptable? No Barriers Change Effects Evaluate
  14. 14. Security management model Acceptable? Threat No Barriers Change Target Monitor
  15. 15. Recent initiatives ISO 19,011:2011, Management systems – Guidelines for auditing management systems ISO 17,021:2012, Conformity assessment auditing ISO Annex SL:2012, Proposals for management system standards ISO 9001:2015, Quality management systems – requirements
  16. 16. Common elements 4. Context of the organization 5. Leadership 6. Planning 7. Support 8. Operation 9. Performance evaluation 10. Improvement
  17. 17. Emerging trends Access to information Global market Sustainability Climate change Business continuity Social conditions Triple bottom line: People, Profit, Planet
  18. 18. Social responsibility 1. Consider social and environmental effects of operations when making decisions. 2. Be accountable for social and environmental effects of operations. ISO 26,000:2010, Guidance on social responsibility, released in Dec 2010. Not meant for conformity assessment use. Big in Europe and Asia; not N. America
  19. 19. General risk model 1. Define risk Quantitative (What is out there?) Qualitative (How bad is it?) 2. Judge risk Risk effects analysis (What happens?) Acceptable and unacceptable risk (Worth it?) 3. Provide countermeasures (ATM) Avoid (physical and admin) Transfer (buy insurance or sell to Moldova) Mitigate (process design)
  20. 20. Risk issues Good or evil Quality profession emphasis on making better Risk professions emphasis on preventing evil Is it actually increasing? Attention to risk concepts is increasing every day
  21. 21. Future: Big Q? Quality heart and soul Environmental brain Safety shoes Security skirt Sustainable energy Low carbon emissions
  22. 22. Future: or little q? Quality is part of the stew
  23. 23. Let’s have a conversation Preserve emphasis on goodness Big Q or little q
  24. 24. Thank You Dennis Arter, the Auditguy Kennewick, Washington, USA Mail: Web: Blog: Twitter: @Auditguy
  25. 25. Reference
  26. 26. Quality ISO 9000 family and spin-offs ISO 9001:2008 is quite mature. Current emphasis is on processes and how they form systems. No big changes expected. Most of the world sees quality as conformity assessment (registration/certification).
  27. 27. Quality Medical device and pharmaceutical Device is mature. FDA 21 CFR 820 (Quality System Requirements) and ISO 13,485:2003 apply. Pharma moving towards harmonization, with FDA 21 CFR 210 as the start.
  28. 28. Quality Food safety ISO 22,000:2006 (HACCP and ISO 9001 and GMP) British Retail Consortium (BRC codes) Safe Quality Food 2005 (SQF) is quite mature Consolidation effort by Global Food Safety Initiative Consumer interest strong and getting stronger
  29. 29. Environment ISO 14001:2004, Environmental management systems -- Requirements and rest of family. Quite mature and merging with 9001. Expect much more activity on labeling and claims of conformance. ISO 50,001:2011, Energy management systems
  30. 30. Occupational safety Still pretty reactive and lacking maturity of other systems. (Lawyers?) OHSAS 18,001:2007 (Requirements) developed by ISO and ILO. Not much interest in No. America. Responsible Care and Process Safety Management (21 CFR 1910) for chemical industry in USA.
  31. 31. Information security ISO 27,001:2005 (Info Security). Started out as BS 17,799. ISO 13,335:2004 (IT/MIS Security) available for free. Identity theft and password capture are huge revenue generators for bad guys. Cyber-warfare is being developed (StuxNET worm). Zero Day thriller novel recently released. Governments and multi-nationals interested in registration/certification.
  32. 32. Business security NFPA 1600:2007 on Disaster Planning, Emergency Response, and Business Continuity used by US Dept. of Homeland Security. ISO 22301:2012 Societal security - Business continuity management systems Requirements
  33. 33. Supply chain security Supply chain risk (sole source, lean, safety, terrorism) ISO 28,001:2007 Security management systems for the supply chain used for registration
  34. 34. Risk management ISO 31,000:2009 says that Risk management: 1. Creates and protects value 2. Is an integral part of all organizational processes 3. Is part of decision making 4. Explicitly addresses uncertainty
  35. 35. Risk management ISO 31,000:2009 says that Risk management: 5. Is systematic, structured and timely 6. Is based on best available information 7. Is tailored 8. Takes human and cultural factors into account
  36. 36. Risk management ISO 31,000:2009 says that Risk management: 9. Is transparent and inclusive 10. Is dynamic, iterative and responsive to change 11. Facilitates continual improvement of the organization See also ISO 14,971:2001 (Risk management for medical devices)
  37. 37. Corporate social responsibility CSR is not SR. Focus is on business Some national standards being developed, especially in Eastern Europe, but not ISO Conformity assessment, with government encouragement Used in USA as shorthand for green and corporate charity No ISO movement (that I am aware of)