ISO, The Next Steps
03 January 2012
Mike Page[MIRM,BEng hons]
SHEQ Manager for Subscan Technology Ltd.
Having attained accreditation in ISO 9001 (Quality), 14001 (Environmental) & 18001 (Occupational Health & Safety) here at Subscan Technology we’re now considering our next steps.
Certification is great recognition that we’ve met the desired standard within the ISO systems but it’s not the last word. Anyone who knows the pains and gains of implementing an ISO system will fully understand that accreditation is just the start of a long journey of continuous improvement which brings with it a gradual culture change; a change that can only improve the way we work and how we deal with threats and opportunities.
As a Quality Facilitator, Health Safety & Environmental Manager, a professional Risk Manager and active member of The IRM, I’m naturally gravitating towards ISO 31000 which provides principles and generic guidelines on risk management.
For a SME with only 40 employees you might wonder why we would want to go down such an arduous route … surely the threats and opportunities are well known and management are on top of these? Where’s the commercial advantage in ISO 31000?
Of course the threats and opportunities are well known, but the risk management process defined by ISO 31000 lends itself to the Management of objectives, processes, and projects as well as being flexible enough to allow for the occasional curved ball or unforeseen events and can assist with management of change. For example, the recent moves to develop a British standard for Utility Mapping (BSI) and the emergence of the Utility Mapping Association (UMA) both present certain challenges to the Utility Mapping Industry with the potential for significant changes. The commercial advantage comes from understanding and managing these challenges from threat to opportunity through the Company’s readiness for such change.
So where to start?
A step change would create too many challenges and may be disastrous, as the culture has to be just right. A much better way is to introduce the change slowly by concentrating on improvements to the existing management systems and reinforcing existing practices with appropriate risk management tools. As the organisation gets used to these tools the Risk Management System slowly becomes embedded and the Risk Management ethos goes viral.
All ISO processes have to be in place; ownership and accountability for these has to be embedded; the continuous improvement cycle must become second nature and staff appraisals given a more risk based direction; objectives and targets must all align with the company vision and everyone must be in full support of the Company commitment to change.
This requires careful assessment by management. Acting on gut feelings may have worked well in the past but the quality process demands that we act on facts. To do this we must capture real data about areas of concern, asses the threats and opportunities and set objectives and targets accordingly.
So when is this likely to be in place?
How long is a piece of string?… until we assess exactly where we are with our culture and support it with real data we can only guess at how much there is to do. I would aspire to having a workable risk management system in place that is aligned with and supports the existing ISO Management Systems within 12- 18 months. However, the BSI and UMA timescales may influence how quickly we need to move and will affect out programme to a greater or lesser extent.
Improving Risk Awareness and fully understanding where our management efforts need to be targeted can only help to strengthen our Company values;
1. Accuracy
2. Reputation
3. Expertise
4. Client Focus
5. Value for Money
However appropriate risk management is absolutely imperative if we wish to achieve our Company Vision: to be the market leader in underground utility and ground penetrating radar surveys.
We will achieve it but it will not be an easy journey, but then implementing change rarely is.
This is a journey of discovery and your input, experiences and comments would be most welcome. Please e-mail m.page@subscantech.co.uk.