Guidelines to Implementing Management Systems
This Project Programme applies to the implementation of a Management System such as:
Business Continuity (ISO 22301, BS 25999)
CE Mark (89/106/EEC, BS EN 1090)
Environmental (ISO 14001, ISO 50001)
Food Safety (ISO 22000, BRCGS)
Health & Safety (ISO 45001)
Information Security (ISO 27001)
Quality Assurance (ISO 9001)
Technical (NERS, GIRS, WIRS)
Logistics can deliver 'turn key' certification including internal audits, management review and accompanying the external auditor
Alternatively Logistics can be tasked with implementing any of the 15 steps within the certification process.
Implementation Guidelines
What are 'Risk Assessments'?
Management systems (not just Health & Safety systems) require each hazard (danger) to be evaluated (identified & assessed), taking into account existing controls.
The formula often quoted is Risk = Hazard x Probability (likelihood of occurrence).
Where consequences (Hazard) range: Bruising (First Aid required) → Serious injury (medical treatment, effects reversible) → Fatality
And likelihood of occurrence (Probability) range: 1 in 1 million (extremely remote) → 1 in 10 (frequent)
Risk can affect People, Assets and Reputation/Brand
- 6,000 miles by train (accident)
- 1,000 miles by jet (accident)
- 230 miles by car (accident)
- 17 miles by walking (accident)
- 10 miles by bicycle (accident)
- 6 miles by motorbike (accident)
- 1.4 cigarettes smoked, or living 2 months with a smoker (cancer, heart disease)
- Below 1 micromort/ annum is broadly acceptable (eg business driving 230 miles/year)
- Above 1,000 micromorts/ annum cannot be justified except in extraordinary circumstances (eg business driving 230,000 miles/year)
- The first alcoholic drink of the day adds 1 microlife to your life
- The first 20 minutes of exercise adds 2 microlifes to your life
- One SCUBA dive subtracts 5 microlifes from your life
- one hang-glider flight subtracts 7 microlifes from your life
Risk Assessment is so called in Health & Safety & Information Security, but it is renamed:
Business Impact Analysis in Business Continuity Management;
Context of the Organization in Quality Management;
Data Protection Impact Assessment in Data Protection Management (GDPR);
Determination of Execution Class (EXC1-4) in the Construction Products Regulations;
HACCP (Hazard Analysis and Critical Control Points) in Food Safety Management;
Significant Environmental Aspects in Environmental Management.
Methodologies (of varying complexity) for analysing risk include:
- FMEA (Failure Mode & Effects Analysis) qualitative exercise to analyse the reliability of a system (for example an automtive component)
- FTA (Fault Tree Analysis) qualitative exercise incorporating Event Symbols & Boolean Logic to analyse the reliability of a system
- HAZOP (Hazard & Operability Analysis/Study) qualitative technique aimed to stimulate the imagination of participants to potential hazards
- LOPA (Layer of Protection Analysis) semi-quantitative tool for analysing and assessing risk on a process plant
- PHA (Process Hazard Analysis) general name for qualitative risk assessment by, for example Checklist, What If? Analysis
- RM³ (Risk Management Maturity Model) Office of Road & Rail use this model to assess risk management arrangements within the rail industry
- SWIFT (Structured What If? Technique) qualitative technique to stimulate the imagination of participants by using a checklist of guide words
Are procedures/method statements just bureaucracy?
Management systems are required to be documented, but you will be pleasantly surprised how concise the wording can be, eg use bullet points instead of sentences or paragraphs.
Who writes the procedures/method statements?
We carry out the systems analysis & then document the procedure/method statement for you. Clear, concise documentation is essential to reduce the time/cost of internal & external audits.
Should we write our own the procedures/method statements?
If you wish to write your own manual, avoid unnecessary detail, we will gladly advise you on the required content.
We don't get any complaints, so I don't need a procedure for that?
Even the mildest suggestion is useful feedback, an opportunity to improve. Consequently all management systems require a procedure to address customer complaints. A single 'Problems & Suggestions Spreadsheet' should suffice.
How much?
The Certification Body's fee is based on company size, eg ISO 9001 starts at £800. Our consultancy fees are often grant assisted.
Grant assistance?
We can advise you on European funding, available in most areas.
How long does it take?
A comfortable time for an ISO implementation is 6 months. If urgent, it can be achieved within 2 months.
Project Plan
Step | What to do | Logistics can help | Examples |
1 | Research ISO standard | Present a case study of the ISO Standard as implemented by a company in your industry | Design Procedure |
2 | Establish scope | Produce single page policy statement | Quality Policy |
3 | Establish business objectives | Produce performance objectives | Orders received before 3pm are despatched same day; |
4 | Appoint certification body | Shortlist from 50 certification bodies | BSI |
5 | Establish responsibilities | Identify appropriate staff | Internal auditors |
6 | Identify existing controls | Interview departmental staff | Book, form, spreadsheet, database |
7 | Document existing procedures | Interview departmental staff | Control of documents & records |
8 | Identify standards | Supply library of downloads in .pdf format
| Customer specifications |
9 | Risk assessment | Audit facilities Business risk analysis | Environmental (aspects) |
10 | Action plan | Gap analysis & improvement plan | Implement a customer complaints system (spreadsheet with a shortcut on every PC) |
11 | Internal audits | Select internal auditors | Qualified Internal Auditors |
12 | Internal communication | Staff presentation | Brainstorm hazards |
13 | Management review | Chair management review meeting | Produce agenda & minutes |
14 | Certification | Attend (host) stage 1/ stage 2 assessment | Address any corrective action |
15 | Maintain management system | Helpline support for life | ISO & legislation updates |