Here is a webinar we lead for ASSP on Covid-19 recently. The webinar discusses how organizations can use occupational health and safety management system audits and the corrective action process to respond to Covid-19 challenges.
Leadership commitment to a management system is critical to its performance. Encouraging support is sometimes challenging. The management review process required by ISO management system standards can help gain leadership commitment.
Do’s and Don’ts
Coordinate management review with management other business review meetings. Conducting “management review” during regular business review meetings gives the sense that the management systems is part of the overall business. Management reviews conducted infrequently and apart from the other important business management meetings leads to a silo-ed perception of the management system.
Make management review value added. Ensure the information being presents is actionable by leadership. Give them a few choices for recommendations with supporting information and ask them to decide. They will appreciate your opinion and recommendations to help make decisions.
Do the Math and Have Backup.
Defend your recommendations for improvement with cost and return on investment information. Showing leadership how the management system helps save and even makes money, contributes to their support and commitment.
Take Good Notes
Recording leadership decisions during the management review helps ensures follow-up. Records of management review are also evidence of their leadership commitment, especially during audits.
Timely Management Review Follow-up
Follow-up on management review recommendations in a timely fashion and report on progress at the next management review opportunity. This will enhance leaderships perception of the management system, their support and commitment.
Management Review Frequency
Most organizations perform periodic reviews of the business performance to make sure things are going along smoothly and to make any course corrections needed. Integrating the ISO system management review with these regular business review meetings will help ensure that:
- Management system performance issues are addressed in a timely fashion
- The management system is integrated with all other business processes
- Timely information is provided to leadership to help make important business decisions
Management Review Inputs
Management review meetings should not necessarily address all management review inputs during each meeting. Management review inputs that should be reviewed at every management review include:
- Follow-up from previous management reviews
- Status of actions from previous management reviews;
- Status of corrective actions and incident investigation
- Progress toward achieving objectives.
Management review inputs to be reviewed less frequently and as needed such as
- Customer Complaints and interested party concerns
- Changes including new compliance obligations
- Adequacy of resources
- changes in risks and how they are being addressed
- Audit results
Management Review Outputs
The purpose of management review is to ensure the management system is able to achieve it intended outcomes. The outputs of management review are an important part of the Act part of the Plan-Do-Check-Act continual improvement cycle. It is where leadership has the opportunity to review the information generated in the “Check part of the PDCA cycle and intervene (Act) and continually improve the management system
Records of management review are the notes of the meeting (output notes). They are required by all ISO management system standards. Outputs are what leaderships asks the organization to do to improve performance. These records are also excellent evidence of leadership commitment during third party audits.
The goal of management review is to provide information to leadership that it can act on. Planning and conducting good management reviews will enhance leaderships opinion and support of the management system.
The ISO High-Level Structure (HLS) is the basis for all management system standards and is now being revised by ISO. These changes will affect all management system standards. Users of ISO management system standards such as ISO 14001, 9001 and 45001 will need to evaluate how these changes will affect the organizations ISO management systems.
Introduced in 2012, the HLS was created to help better integrate quality, environmental and health and safety management systems. Prior to its introduction ISO 9001 had a different structure that ISO 14001 that complicated integration of the management core processes such as corrective action and management review. The HLS solved that problem. The revision introduced a new name for the HLS and it is now called Annex L, Appendix 2.
The revision will also introduce guidance on use of the HLS for standard writers and users. This guidance is called Annex L, Appendix 3. Both Annex L, Appendix 2 and 3 will be combined as a table.
Appendix 2 is in the final stages of an initial “limited” revision and not yet available to the public. Appendix 3 is in mid-stage revision and should be approaching the final stage later this year.
Here are a few of the most important changes to Annex L, Appendix 2 from the “limited” revision:
Definition of Risk
A lengthy debate is ongoing within ISO about if a revision to the definition of “Risk” is needed. “Risk” is currently defined in the HLS as “the effect of uncertainty”. Some within ISO argue that a better definition is “the effect of uncertainty on objectives“.
Others fear that the addition of the words “on objectives” to the definition of risk will cause confusion in standards like ISO 9001, 14001 and 45001. They believe this because these standard have a specific requirement to create measurable “objectives” within the management system.
The debate over the definition of risk has lead to several proposals including eliminating the definition of risk entirely from the HLS. A subgroup has been assigned the task of sorting this difficult issue and the results will be reflected in a future revision of the HLS. For now however the definition of “risk” will remain as it is in the HLS.
Expected Outcomes Vs Results
The previous version of the HLS used the term “expected outcomes” to describe the results organizations should expect from its ISO management system. Some users found the term “expected outcomes” confusing so it has been changed to “expected results”. The change was also made to simplify translation to other languages.
The old HLS used the term “outsourced processes”. Manufacturers sometimes send their products to other organizations who perform specialized processes like heat treating or electroplating. This relationship between organizations was called “outsourcing” in the previous version of the HLS. The concept of “outsourced processes” however does not apply as well to other disciplines such as environmental management or health and safety management systems.
The term “external provider” is now being used in place of outsourced process. This change has been made in response to several comments that found the term “outsource” unclear. The use of external provider clarifies that outsourced, contracted, and purchased products, services and processes all need to be controlled by the management system.
The use of the terms “maintain” and “retain” to describe what needs to be done with certain types of documents in the management system has been replaced with the term “shall be available”. This change has been made to avoid confusion between maintaining and retaining documented information. This change is not expected to impact organizations with mature document control process and management systems.
This part of the HLS has been substantially reorganized. The title of 9.2.1 was changed to General and 9.2.2 Internal Audit Program has been added. This change has been made for ease in understanding. Now the two distinct concepts covered in the paragraph (what an audit program entails and what should be considered when establishing an audit program) are listed separately.
Effects of the Annex L, Appendix 2 and 3 Revisions (Whats Next?)
The revision of Annex L is not expected to have a significant immediate effect on ISO standards or ISO management system audits. The revisions will not requires revision of any of the ISO management system standards until these standard are revised and updated as required by ISO. However, organizations in the process of implementing an ISO management system or integrating a new discipline specific standard such as ISO 45001 into an existing management system structure, should anticipate that these changes will appear in future revisions of ISO management system standards.