An effectively implemented management system aligns the policy with strategic and management system objectives and provides the framework upon which to translate these objectives into functional targets. Establish and maintain documented quality objectives and targets at each relevant function and level within the organisation. The objectives and targets establish an important link between the policies and the management programmes. The objectives and targets must be consistent with the policies, including the commitment to, for example in the case of ISO 14001, prevention of pollution and c ..read more

The objective of Risk Treatment and Risk Mitigation is to identify how your identified risks will be treated. Risk treatment involves identifying the options for treating each risk, evaluating those options, assigning accountability (for Very High, High and Moderate residual risks) and taking relevant action. For each risk, the risk owner must establish an appropriate level of treatment. Control measures in addition to those already existing may be needed to achieve this level of mitigation. Accountable managers should engage with risk owners to develop a satisfactory response for each risk ..read more

Understanding the risks and managing them appropriately will enhance your organisation’s ability to make better decisions, safeguard assets, and enhance your ability to provide products and services and to achieve your mission and goals.   By considering risk throughout your organisation the likelihood of achieving stated objectives is improved, output is more consistent and customers can be confident that they will receive the expected product and/or service. Risk-based thinking therefore helps to:   Improve customer confidence and satisfaction; Assure consistency of quality of go ..read more

Risk identification should be carried out with the full involvement of the relevant parties to ensure the relevant perspectives and expertise should be represented (e.g. appropriately qualified representatives from various functions, contractors, stakeholders, suppliers and specialists as appropriate). Risk and opportunity identification is a critical activity at both a strategic and operational level. It needs to include all significant sources of risk, including those beyond our organisation’s control. If a risk, threat, or opportunity is not identified, there can be no strategy to address ..read more

Throughout ISO management systems, there is a reliance addressing your organisation's risks and opportunities. These should be relevant to the context of your organisation as well as any interested parties. You should ensure that your organisation has applied a risk identification methodology consistently and effectively. This is very important and at the heart of all four of our ISO standards which all take a risk-based approach. Indeed, in ISO 9001 alone, reference to risk-based thinking is present in all of the following clauses: Determine and address risks (Clause 4.4.1); Promote risk ..read more

When implementing an ISO management system, you should check whether your quality, environmental, health & safety and/or information security policies have been communicated and understood throughout your organisation. The policies must also be available to any relevant interested parties. If the personnel interviewed do not know what their measurable objectives are and/or do not know what the organisational objectives are that they have a direct impact upon, then you might need to evaluate the communication of your policies and objectives. Inferred awareness through knowledge of proced ..read more

ISO 9001:2015 requires your organisation’s quality policy to be appropriate to both its purpose and context. This means that once your organisation has determined its context and the relevant requirements of its interested parties, Top Management must review the quality policy in light of that information. You should review your organisation’s existing quality policy to determine whether it is appropriate to the context of the organisation and its purpose, that there is a commitment to continually improving the quality management system, and the quality objectives are consistent with the qua ..read more

Customer focus involves determining customer requirements and ensuring that processes exist to meet the requirements and achieve customer satisfaction. Enhance customer satisfaction by ensuring that customer requirements are identified. The principal message that Top Management must convey is that the objective of the business is to satisfy your customers by ensuring a process exists to achieve the following: Identifying customer requirements; Meeting customer requirements; Enhancing customer satisfaction. When auditing customer focus, you should assess whether customer satisfaction is a ..read more

Whichever management system you put in place, Top management must ensure that the requirements of the management system, including the policies and objectives, are consistent with the strategic context and direction of your organisation, and that the policies and objectives are established whilst ensuring that the human and financial resources needed for implementing the management system are available. Top Management should take a ‘hands-on’ approach to the management system during interviews and whilst recording compliance to other requirements e.g. determining organisational context ..read more

Outsourced processes must be controlled by the organisation and these controls must be defined and described within their system. Organisations are required to identify the controls they apply for any outsourced processes. Examples of some outsourced processes include: A process completed wholly or partially by a sister facility outside the scope of management system, such as performing design, purchasing or customer related processes, including management activities such as business planning, goal setting, resources, data analysis, budgeting, etc. This may include the entire element or a s ..read more