Management system standards

What are management system standards?

The nature of standards will be addressed in the section on standards development and in the context of management systems these standards: establish concepts, principles, guidelines and criteria for establishing, maintaining and improving the processes by which an organization defines and achieves its goals (see explanation below).

As most management system standards address specific organizational goals, like product quality, environment or health and safety, they apply to different processes within an organization.

Management system standards are not product standards; there are no requirements that govern the characteristics of particular products or services in management system standards. These standards apply to organizations as a whole rather than to the products and services they supply.

More on this in the member pages

How have management system standards evolved?

The evolution of formal management system standards has taken a rather interesting path. It has been driven primarily by customers in the regulated industry sector and legislation rather than internal economics but it is important to recognise that this evolution continues.

The failure of organizations to regulate their own outputs forced some stakeholders (primarily customers and society) to impose requirements that constrain an organization's policies and practices. Such measures have been deemed necessary since time immemorial to ensure the supply of conforming products and services, prevent accident and injury to personnel and damage to and loss of property and to protect the natural environment.

As the bodies engaged in standards development approached this problem by looking inwardly on an organization instead of looking outwardly from it, separate standards focused on the needs of these two stakeholders - customers and society. This created two quite separate evolutionary strands, one focused on product and service quality and the other following several years later focused on the duty of care which an organization has to the society in which it operates.

Standardisation in product and service quality has led the field and developed concepts that were later adopted by the standards in the field of duty of care. We are now at a stage when these two strands might come together into one harmonised series of standards focused on all the outputs of an organization but first we will explore the evolution of these separate strands.

Commencing with product quality, the evolution of management system standards over the last 50 years has diversified as shown in the list below. The publishers are identified in parenthesis. Further details on specific standards may be found by clicking the links

1959 - Mil Q 9858, Quality Program Requirements (US DoD)

1968 - AQAP 1, NATO Quality Control Requirement for Industry (NATO)

1972 - BS 4891, a guide to quality assurance (BSI)

1973 - Def Stan 05-21, Quality Control Requirements for Industry (UK MoD)

1974 - BS 5179, Guide to the operation and evaluation of quality assurance systems (BSI)

1979 - BS 5750, quality systems (BSI)

1987 - ISO 9000, Quality Management Systems - first series (ISO)

1990 - Investors in People Standard (Originally DfEE now IIP)

1992 - BS 7750, Specification for environmental management systems (BSI)

1994 - ISO 9000, second series

1995 - BS 7799, Information security management (BSI)

1996 - ISO 14001, Environmental management systems - requirements with guidance for use

1996 - BS 8800, Guide to occupational health and safety management systems (BSI)

1997 - SA 8000Social Accountability (originally the Council on Economic Priorities Accreditation Agency now Social Accountability International)

1999 - OHSAS 18001, occupational health and safety management systems specifications (BSI)

2000 - ISO 9000, third series (ISO)

2003 - The small business standard - a basic standard for quality management systems in micro, small or medium sized businesses where certification is not a requirement

2005 - ISO/IEC 27001 Information security management systems requirements (ISO)

The above standards are generic in that they can be used regardless of the size and scope of an organization and the market in which it primarily operates. There are sector and product specific management systems standards that are sometimes based on one of these generic standards. ISO/TS 16949 for the automotive industry is a typical example.

The above reflect formal management system standards but there are other informal standards emerging in related fields:

  • content management system as used in web site design
  • course management system as used in universities to allow the creation of online course content and the subsequent teaching and managing of that course and interaction with students
  • database management system as used in IT systems
  • enterprise management system used for processing and managing transactions between customers, producers, suppliers and others in a wide area telecommunications network
  • flight management system which is a computerized system found on most commercial and business aircraft to assist pilots in navigation, flight planning, and aircraft control functions
  • national incident management system as used in the USA integrates effective practices in emergency preparedness and response into a comprehensive national framework for incident management
  • knowledge management system used for the creation, capture, storage and dissemination of information
  • team management system used in multi-site projects that provides a system of work-based, research-proven assessments and feedback instruments

These types of management systems are different to those serving specific business goals. Many of these systems are computerized which focus on a specific entity and therefore might be not only multi-functional but also multi-organizational.

There are also standards addressing a particular management discipline such as the risk management standard published by the Institute of Risk Management or those that address a particular process such as.

  • production management systems as used by Toyota
  • design management systems as defined by BS7000
  • supply chain management systems as used by Dell Computers

Such standards should be viewed as contributing to the broader management system standards rather than replacing or over-arching them

More detail on the evolution of the various standards is given in the member pages

What is their purpose and intent?

As there are many standards in this category, you will find that each has been developed from a different perspective. However, setting aside the separate issue of whether we are referring to requirements or guidelines, there are clear indications from these standards of a particular intent but this intent has changed through evolution.

The intent behind the early defence standards was to ensure delivery of products and services that met contractual requirements by requiring contractors to control operations that affect quality and demonstrate the adequacy of such controls.

The national standards that followed went further than this. The customer is interested in product that meets the technical requirement but also do not want to pay over the odds for it because of the contractor's inefficient working practices. This aspect was brought out in ISO 9000:1987 in which the intent was stated as:

' To achieve and sustain good economic performance through continual improvement in the customer specification and the organizational system to design and produce the product or service to satisfy the user's needs or requirements.'

The management system standards therefore aim to improve the product/service and the system for defining, producing and delivering it.

Management systems standards also serve a number of functions:

  • The quality assurance function which is about giving confidence to customers that the products and services are what they are claimed to be
  • The quality management function which is about defining, planning, organizing and achieving goals
  • The social responsibility function which is about managing the impact of operations on other stakeholders
  • The integrated management function which is about visualising the organization as a system of interconnected processes and managing these processes so as to satisfy the expectations of all stakeholders

Further detail on the purpose and intent of these standards can be found in the member pages.

How are they structured?

There are families of management systems standards and series of particular standards in a family eg the ISO 9000 family includes all standards concerned with quality management and quality assurance so include standards outside the range 9000 to 9999. An example is ISO 10006 Guide to quality in project management. Similarly the ISO 14000 family is concerned with the environment.

The ISO 9000 series only includes the core standards ISO 9000, ISO 9001 and ISO 9004 but oddly enough, in the ISO 14000 family there is no standard with the number ISO 14000.

The structure of specific ISO management system standards varies because some of the standards in the class define requirements and others are simply guides. Basically the current requirement standards are structured around a plan-do-check-act cycle (PDCA) (see Problem diagnosis and improvement tools) but particularly in ISO 9001 constraints imposed through permitted exclusions, distort this (see members pages for further explanation).

Some contain a glossary of terms others such as ISO 9001 do not, the terms being defined in another standard in the family. Some group requirements in one section such as in section 4 of ISO 14001, others such as ISO 9001 attempt to fit the requirements onto the PDCA cycle among several sections. Some include the guidance as with ISO 14000, others do not as with ISO 9001. All this tends to indicate that there is no common structure among the management systems standards but there is some structure within a particular family of standards.

More detail on structure is on the member pages.

What are the principle requirements?

Although the management system standards developed at different times, they have matured over the last 8 years and we can now see common features in the requirements even though they are not structured identically as yet. The requirements in general address:

Policy

Defining, documenting, maintaining and communicating overall intentions relative to an aspect of organizational performance eg quality, environment, profit and safety.

Planning

Establishing objectives, measures and targets for fulfilling the policies, assessing risks and developing plans and processes for achieving the objectives that take due account of these risks.

Implementation

Resourcing, operating and controlling the processes as planned, including the handing of conforming and nonconforming outputs.

Measurement

Monitoring, measuring and auditing processes, the fulfilment of objectives and policies and satisfaction of stakeholders.

Review

Analysis and evaluation of the results of measurement, determination of performance against objectives and determination of changes needed to policies, objectives, measures, targets and processes for the continuing suitability, adequacy and effectiveness of the system.

How do these requirements relate to other models?

All the principles of the quality management system standards can be related to the principles and concepts within the European excellence model (see Excellence models and awards). Hoyle suggests in Quality Management Essentials that depending on the meaning of the words used there is no conflict but ISO 9001 does not include requirements on results orientation and public responsibility.

How should these standards be used?

An organization has many stakeholders (see Stakeholders) and delivers outputs than are in the main intended to satisfy these stakeholders. The management system standards serve the achievement, control, assurance and improvement of stakeholder requirements and their applicability to the various stakeholders is shown in the table below:

Stakeholder Applicable management system standards
Customers ISO 9001
ISO 9004
ISO/IEC 27001
Shareholders FS 9000
ISO 9004
ISO/IEC 27001
Employees OHSAS 1800
IIP
ISO 9004
Suppliers ISO 9004
ISO/IEC 27001
Society ISO 14001
SA 8000
ISO 9004

You will observe that ISO 9004 features in all of these categories. This is because ISO 9004 applies to all the organizations goals and activities and thus has an impact on all stakeholders.

There are three ways of using these standards.

  • As a source of information on best practice that can be consulted to identify opportunities for improvement in business performance
  • As a set of requirements that are implemented by the organization
  • As criteria for assessing the capability of a management system or any of its component parts

The pros and cons of either consulting, implementing or applying management system standards follow.

Consulting management system standards

The range of management systems standards is quite varied and they can capture what may be regarded as best practice in a particular field. The information in these standards has been vetted by those deemed to be experts by the issuing bodies and therefore one can defer to any of these standards as a legitimate authority in the absence of anything more appropriate. They are, however, but one of several sources of authoritative information.

With this caveat in mind, these standards can be useful in:

  • forming ideas
  • settling arguments
  • clarifying terminology, concepts and principles
  • identifying the right things to do
  • identifying the conditions for ensuring things are done right

Before consulting the standards

Before consulting any of the management system standards either a need for improvement in performance or a need for demonstration of capability should have been identified and agreed by the senior management.

Ideally the objectives for change and a strategy for change should also have been established in order to indicate the direction and the means of getting there. This will place these standards in the correct context. Consulting the standards before doing this will prejudice the strategy and may result in compliance with the standard becoming the objective thereby changing perceptions as to the motivator for change.

The need for improvement might arise from:

  • a performance analysis showing a declining market share or significant number of customer complaints either with the product or the associated services
  • a competitor analysis showing that resource utilisation needs to be increased to compete on price and delivery
  • a market analysis shows a demand for confidence that operations are being managed effectively. This might arise from EU directives
  • an analysis of the environment identifies opportunities for creating new markets, products or services

If the organization is currently satisfying its stakeholders but lacks a means of demonstrating its capability to customers or regulators that demand it, certification to one or more of the assessment standards may provide a satisfactory solution but it is not the only solution unless given no option by the customer.

There is no doubt that ISO 9001 is the top selling international standard of all time but other standards in the family have not had similar success, which creates a major problem with the use of these standards.

When consulting these standards, bear the following in mind:

  • They reflect the collective wisdom of various organizations that participate in the development of national and international standards.
  • They have been produced by different bodies or committees and therefore as a group of standards will contain inconsistencies, ambiguities and even conflicting statements.
  • Compromises often have to be made in order for the standards to be accepted by at least 75% of the voters.
  • What you read is not necessarily the latest thinking on a topic or the result of the latest research primarily because of the review cycle(often 5 years).
  • The standards reflect practices that are well proven and possibly now outdated in some quarters but have stood the test of time and are used universally.
  • Common terms may be given an uncommon meaning but terminology is by no means consistent across this class of standards thus making their use more difficult
  • Some phrases might appear rather unusual in order to preserve meaning when translated into other languages.
  • Requirements are not necessarily placed in their true relationship and context due to the constraints of the medium by which the requirement are conveyed. As a result, users and auditors often treat requirements in isolation when in fact they are all inter-related

Although there is the opportunity for changing these standards there may not be any desire for change because of the various vested interests. If organizations have based their approach on one or more of these standards they will be reluctant to sponsor any change that might result in additional costs, regardless of the benefits. These organizations might be willing to institute the changes informally rather than have them imposed through an externally assessed standard.

When a family of standards is embraced, studied and applied intelligently there can be enormous benefits from its use. However, standards can lend themselves to misuse by spreading the information so widely across a number of documents and by not translating the concepts into requirements with a clarity that removes any ambiguity.

The most important factor is that whatever the statement in these standards, it is necessary to understand the intent ie what it is designed to achieve. There is simply no point in following advice unless you fully understand the consequences (ie what the result will be) and have a good idea of what you might have to do to make it happen and sustain the benefits it will bring. This makes it imperative that you do not limit your reading to the assessment standards alone but also include the guidance standards and other relevant literature.

After consulting the standards

Having consulted the standards you need to:

  • put your findings in context as not everything you read will be applicable in your organization.
  • establish the impact (benefits, drawbacks) on the organization should the advice which is applicable be followed
  • validate your findings with other sources (books, articles, peers etc)

If it seems like what is expressed in the standards accords with best practice and offers practical benefits then by all means follow the advice given.

Implementing management system standards

The way some standards have been promoted has not helped their cause because they have been perceived as addressing issues separate from the business of managing the organization. Invariably organizations are being told to implement ISO 9000 or some other standard but implementation is often not the best approach to take. Hence, in response, some organizations have set up new systems of documentation that run in parallel to the operating systems in place.

Regrettably, certification has followed implementation and it is certification that has driven the rate of adoption rather than a quest for economic performance.

When we implement something we put it into effect; we fulfil an obligation. In fact many organizations have implemented these standards because they have put it into effect and fulfilled an obligation (possibly through contract) to do as required and recommended by the standard.

Implementation implies we pick up the standard and do what it requires. As the standards don't tell us to stop doing those things that adversely affect performance, these things continue. If the culture is not right, these things will not only continue but make any implementation of standards ineffective.

This approach is like taking medicine but continuing the lifestyle that prompted the medication.

Doing as the standards require will not necessarily result in improved performance. A far better way is to consult the standards (as described above), establish a management system that enables the organization to fulfil its goals then assess the system by applying them as described below.

Applying management system standards

By the organization

If we apply these standards instead of implementing them, it's like applying the handbrake or applying a set of rules. If applied like a handbrake, we may be more aware of the state of the business and make an attempt to remove the barriers to success before we start.

In applying these standards you should not create a separate system but look at the organization as a system of processes and look for alignment with the requirements and recommendations of the various standards. Where there is no alignment:

  • verify that the requirement is really applicable in your circumstances
  • change the organization's processes only if it will yield a business benefit

Changing a process simply to meet the requirements of a standard is absurd, there has to be a real benefit to the organization. This is self assessment and will be addressed further in Audit, self assessment and appraisal.

Only change the organization's processes to bring about an improvement in its performance, utilisation of resources or alignment with stakeholder needs and expectations.

By the customer or a third party (conformity assessment)

Customers and third party certification bodies use the assessment standards such as ISO 9001 and ISO 14001 to determine the capability of other organizations to satisfy certain requirements (customer, environment, security etc).

These organizations apply these standards. They don't implement them except within their own organizations. This is called conformity assessment. ISO/IEC Guide 2 defines conformity assessment as 'any activity concerned with determining directly or indirectly that relevant requirements are fulfilled'. In more tangible terms, conformity assessment refers to a variety of processes whereby goods and/or services are determined to meet voluntary or mandatory standards or specifications.

In the case of management systems there are standards that have been produced for this purpose. ISO 9001 is a typical example. It is an assessment standard not a design standard ie it specifies acceptance criteria and not design criteria. However, ISO 14001 is both an assessment and a design standard as, unlike ISO 9001, the scope of ISO 14001 states that it is applicable to any organization that wishes to establish, implement, maintain and improve an environmental management system.

Conformity assessment is therefore limited to the scope of the standard being used and thus (unlike the excellence model) it is not intended to grade organizations on their capability. An organization either conforms or it doesn't conform.

Unfortunately a preoccupation with conformity assessment has resulted in a 'tick in the box approach'. So instead of auditors focusing on the objectives of the standard as applied to a particular organization they are driven to confirming conformity regardless of the relevance or significance of the requirements. For example this led to auditors demanding that tape measures be calibrated, when they don't need to be, procedures written when they add no value, or documents having a signature without any reference to the organization's need.

The proposed revision to ISO 9004 includes a maturity grid for sustainability development thus presenting a model for a grading scheme and hence varying levels of conformity. However, this standard is not an assessment standard so graded conformity assessment appears some way off.

What impact have they had?

Management system standards from Mil Q 9858 to ISO 9000:2000 have had a significant impact on all organizations that have either chosen to adopt them or been coerced into using them.

In the defence industry, for example, contractors had to conform to certain standards if they wished to be invited to tender for government contracts. This has also been true in other sectors where the procurement agency has adopted a policy of awarding contracts only to 'approved' suppliers.

Although the requirement for certification is not part of any management system standard, we cannot discuss the impact of these standards without mentioning certification (see conformity assessment above). Without the associated third party certification infrastructure, these standards would have remained just another standard that customers invoked in contracts.

During the 1980s the UK Ministry of Defence (MoD) realized that they were carrying the burden of responsibility for verifying that contactors had basic systems in place for ensuring compliance with government requirements, when in fact it should be the contractor's responsibility. So in a move that reduced defence spending at a stroke, the MoD eagerly adopted ISO 9000 and confined its verification activities to contract specific requirements. This event triggered a boom in third party certification and a relationship between management system standards and certification that is inextricably bonded.

ISO 9001 has caused organizations to do all manner of things that had little to do with quality. In the early days of third party certification, with encouragement from the certification bodies, it caused organizations to create mountains of paper and procedures for every clause and records for every activity despite there being little evidence of a direct connection between the stated quality policy and business performance. The auditors often preferred this approach and did not discourage it because it made their job easier. Because it was not an auditable requirement, firms continue to this day to draw up their quality manual around the clauses of the standard instead of the business processes.

ISO 14000 had a different impact but also suffers from misapplication. Its intent was to reduce the environmental impact of the big polluting industries but we have seen its application in areas where the most significant environmental aspect has been the use of tungsten filament light bulbs.

The drive for certification fuelled not only the certification industry but the consulting and training industry which could be said are responsible for the misconceptions surrounding the application of these standards. Had the consultants and trainers understood the true intent of ISO 9001 and educated their clients, and had the certification bodies listened to their clients instead of selling them a badge to put on the wall, not only would ISO 9001 have been used properly but all the standards in the family would have become familiar to everyone in the supply chain.

Whether the application of management system standards has met the intent is certainly debatable. The UK government's white paper on quality, standards and competitiveness launched the 1983 quality campaign with the intent of turning around the UK economy by making it more competitive in the wave of imports from the far east. Although there is more to competitiveness than product quality, the application of BS 5750 and its successors do not appear to have brought about the expected changes in product and service quality. Customers still undertake surveillance and industry sectors, such as the automotive industry (http://www.iaob.org/showPage.php), have imposed their own certification scheme as confidence in the national scheme diminished.

While the concepts and principles that underpin management systems standards are indeed soundly based there is still much to be done to create and sustain the environment in organizations in which these concepts and principles are applied effectively to deliver the intended benefits. There is also much to be done to improve clarity, consistency and coherence within this group of standards.

Further resources

Member pages

  • More about the nature of management system standards
  • More on the history of management system standards
  • More on the purpose and intent
  • More on the structure
  • Whether to adopt these standards
  • How to apply the standards

Related publications and web sites

http://www.iso.ch/iso/en/iso9000-14000/index.htmlAn authoritative site with lots of information about the various management system standards and their application. It is biased as ISO develops the standards.

http://www.iosh.co.uk/for details of occupational health and safety standards

http://www.emas.org.uk/for details of environmental standards and their assessment

http://www.bsi-global.com/en/Standards-and-Publications/Industry-Sectors/ICT/Information-Security/for details of information security standards.

Further information on management systems can be found athttp://www.transition-support.com/

Further information on systems thinking can be found at http://www.thinking.net/Systems_Thinking/OverviewSTarticle.pdf

http://www.open2.net/systems/

http://openlearn.open.ac.uk/course/view.php?id=1289

SA 8000 on social accountability and other resources can be obtained from this web site http://www.mallenbaker.net/csr/CSRfiles/SA8000.html

Investors in People standard http://www.investorsinpeople.co.uk/needs/3minutes/pages/standardbeyond.aspx

Related articles

To what is it related How is it related
The evolution of quality thinking, post c1970 The evolution of management system standards
The quality infrastructure – roles of the different bodies The development and use of management system standards is part of the infrastructure
Suppliers Certification to certain management system standards givers suppliers a competitive advantage
Communication Certain management system standards impose requirements in this area.
Leadership, empowerment, motivation and teamworking Certain management system standards impose requirements in this area
Performance management Certain management system standards impose requirements in this area
Specifying, designing and developing processes, products and services Certain management system standards impose requirements in this area
Problem diagnosis and improvement tools Certain management system standards impose requirements in this area
Managing continual improvement Certain management system standards impose requirements in this area
Excellence models and awards The principles, scope and content of certain management system standards are shared with these
Strategic management Certain management system standards impose requirements in this area
Corporate governance Certain management system standards impose requirements in this area
Management systems All management system standards impose requirements in this area

Comment on this article

Log in or register to comment on this article.

Chartered Quality Institute

Please log in to see your personalised content, or register if you have not done so already

Log in Join Register

See Also

Author: David Hoyle

David Hoyle's  passion for quality developed as he qualified as a chartered engineer while working on Britain's fledgling space programme.

Find out more...