If you’re responsible for implementing an ISO Standard in your organisation it may feel like you need to tackle every requirement on your own.
And while ISO Consultants from Assent can support you at every stage, there are some things that need the input of other key people in your organisation.
So assembling the right team and engaging them in your ISO Project will help you to build a management system that’s fit for purpose.
Who Should Be Involved?
Choosing the right members for your ISO Team will depend on which standard you are implementing.
All Annex SL standards including clauses addressing ‘Competence’ and ‘Awareness’ in relation to the management system, and while this doesn’t necessarily sit with HR, they will often be able to support these requirements through an HR system or Learning Management System.
Similarly, most management systems directly impact the organisations operations, for example through managing the quality of output, reducing environmental impact or reducing risks to safety. Therefore your ISO Team should include someone with an operations role, who can help you to embed changes and improvements within the organisation’s daily activities.
Some standards have more specific requirements.
For example ISO 27001, the Information Security Management System is different from other standards in that it provides an annex of additional controls to treat risks. These include controls related to IT Infrastructure, Legal Compliance and Supplier Management. So inviting representatives from these areas can help you to build an effective system.
Defining Roles & Responsibilities
When you’ve decided who should be on the team, it’s time to clearly define their roles and responsibilities.
This might include:
- Establishing, Documenting and Communicating Policies.
- Measuring and reporting on some aspect of the system.
- Maintaining records of a business process.
Ensure you document and clearly communicate these to those involved so that clear expectations are set early on.
Holding Forum Meetings
Holding regular forum meetings, or some similar sessions are key to not only building your ISO Management System but also maintaining it in the future.
Building a standing agenda is key to keeping these meetings short and on-track, while conferencing tools can be used to connect team members wherever they might be.
Always keep minutes of these sessions, or as a minimum record the resulting actions, as these can provide vital evidence for your ISO Certification audit.
Embedding ISO at All Levels
While many of the management system tasks will be performed by this small group of people, embedding the Management System throughout the organisation makes it much easier to maintain.
Firstly, decide which policies and procedures within your management system people need to know about, then go about promoting these through awareness campaigns and making them available through your usual documentation channels. See our ISO Software page for ideas on how to use your existing tools to manage your ISO Standard.
Top management should be involved, as required by the Leadership clauses of Annex SL, but to get the maximum benefit from their input it is often important to present the performance of the management system through meaningful data and snap shots.
You’re Not Alone
In all, there’s no right or wrong way to approach this, and your management system will evolve and adapt over time.
Assent Risk Management can support you through the entire implementation process and beyond. Contact us to discuss how we can help.