18 July 2012 was an important day for those of us who pay attention to international standards. Why? Because it was the date that ISO published this document on the pending makeover of the management systems standards.
One could consider this from a surface perspective (i.e. how a management system standard is organized) and completely miss the point!
“So, what’s the point?”, you might ask?
It’s about demonstrating conformance, people!
So what’s the problem?
Ultimately, organizations which pursue certifications aren’t doing this it to “check the box”. While there is some of this type of thinking around today, the current economic environment makes that option unappealing. Generally, there is a relevant corporate (think organizational, not entity type) objective identified which is of sufficient value to warrant the investment of time, resources and effort to obtain the certificate.
As a result, for those organizations who have identified a need to demonstrate conformance with two or more of the management systems standards (ISO 9000, 14000, 20000, 27001, etc.) have a pretty huge task to consider. Right now, they must read and understand the requirements contained in each of the standards and look to harmonize those requirements with the implementation and operation of their management system. On top of that, they need to anticipate the methods and types of questions that their auditor will use to exercise their management system to validate conformance.
This is not an easy proposition, by any stretch of the imagination. The number of moving parts increases substantially and how you identify and resolve inconsistencies and issues is paramount. In a certain sense, the auditee is placing a significant bet on their ability to both read and interpret the guidance AND ensure that this directly translates into operational practice. I don’t believe that most organizations are up to this task, out of the gate. I think that it will require they try and fail, so that it’ll uncover the gaps and weaknesses in their thinking.
I’ll also go on to say that I don’t think that this is a bad thing! Why? Because it’s not about getting the certificate, it’s about putting into place the lasting cultural and mechanical changes (the operating management system) that will have the organization become better able to fulfill its stated objectives. To do this, identifying the old, outmoded ways of thinking and working are required and putting them to rest is needed. Right now, that burden sits on the back of the auditee. They must figure out how to navigate this. It becomes their second job.
What work needs to get done
Unless you are a provider of consulting services and spend your days figuring out the knowledge, approaches and methods that are valuable in facilitating such a change, like we do here at ECI, this becomes that organizations “second job.” And the job is not an easy one! It’ll require time, investment and some trial-and-error. Not everything works right straight out of the gate. Indeed, in standing up our consulting offerings, we continually tune and upgrade our services, as more operational experience is gained.
I am both pleased and honored to offer our services to clients. While our methods help significantly reduce the burden on auditees, the truth is that we cannot help every interested organization prepare in this way. We can provide other support services, but working with clients on a transformation effort to accomplish this result is a significant commitment on both parties. I also respect that there are many organizations that appreciate the challenge, understand the risks, the value proposition and make the decision to source this organically. I think that’s great and applaud the initiative such organizations demonstrate.
“Next Generation Management Systems”?
It’s nice to know that help is on the way, in the form of the next generation of management systems thinking from ISO. This announcement is significant in that, at some point in the future as the various standards are refreshed, we are going to see more consistency in organization and content across the family of management systems standards. This will lessen, but not remove, the burden on the auditee. We can expect that the first steps (after the structural changes are implemented) will be around revisiting the common core management system requirement and watching those changes propagate through the affected standards. Once that’s complete, we should expect to see more granular focus on domain specific requirements that are now the raison d’etre for the current standards. I like this, because I think it’ll help the various ISO Working Groups be more focused on their core content and resolving the current crop of conformance assessment issues that currently exist.
Until then, the hard work is still there to do — understand the harmonized requirements and assess the organizational/structural changes required to build a body of record evidence to demonstrate conformance. In the end, I think it’ll be more appropriate to refer to these as “Business Management Systems”, “Organizational Management Systems” or even “Entity Management Systems”, rather than management systems in general or specific to the type of standard they’re associated with (i.e. ISO 20000 == “Service Management System”).
It’s not easy work, but for those that have done the groundwork to establish the value, this is work worth doing and worth doing well!
If you have questions or comments, please feel free to jump in and get a discussion going. I’d love to talk with you about this.
P.S. If this is of interest to you, please consider taking the time to (at a minimum) either offer your comments to your national standards organization OR get actively involved with the work at hand. If you don’t want to get involved, don’t complain when a substandard product is delivered. You have both the ability to choose and to influence the outcome. It’s never convenient, but never a bad time to get involved!