ISO defines a management system as ‘a set of interrelated or interacting elements of an organization to establish policies and objectives, as well as the processes to achieve those objectives’.
Continuous improvement is central to a management system, the so called PDCA cycle. A management system is therefore a way for the organization to achieve their objectives. Each ISO standard has a different approach.
A management system follows a fixed method. Within an organization plans are devised to achieve objectives. In the ‘do‘ stage the plans are then implemented. The third step in the cycle is checking the actual results, in which it is determined whether the set objectives are being achieved. Finally, action is taken by correcting errors and, where necessary, working methods are adapted so that things go better in the future.
The focus at ISO 9001 is on customer satisfaction. By implementing the ISO 9001 management system, an organization guarantees that products and services meet customer requirements, while at the same time being in line with the normal course of business within the organization.
ISO 27001 and NEN 7510 focus on information security. With this, the organization has specific objectives that are aimed at guaranteeing the availability, integrity and confidentiality of the information provision. The management system then assists the organization achieve those objectives. By following the PDCA cycle, an organization will have to continuously assess whether the system helps to achieve the objectives.
ISO 22301 is a business continuity management system. By focusing on business continuity, an organization looks at implementing, maintaining, and improving a management system to protect against, mitigate, prepare for, respond to, and recover from disruptions when they occur. With the implementation and certification of this standard, the organization demonstrates its ability to meet its business continuity needs and obligations.
A standard has also been developed for a management system with a privacy focus, ISO 27701. This standard specifies requirements and provides guidelines for setting up, implementing, maintaining and continuously improving a management system for privacy information. An organization that meets the requirements of this standard generates evidence regarding its handling of the processing of Personally Identifiable Information (PII).
In the article above we explained what a management system is and that the focus can be placed on different topics. The PDCA cycle is central to all systems. This unified approach allows organizations to implement multiple standards in the same way within the organization.
Our colleagues Bart Versluijs and Jade Reilink are happy to provide you with more information about Brand Compliance’s certification services. You can make an appointment or contact us on telephone number +31 73 220 2030.