Guidelines to Implementing Management Systems - Logistics Consultants

to make you more productive . . .
Go to content

Guidelines to Implementing Management Systems

This Project Programme applies to the implementation of a Management System such as:

  • Business Continuity (ISO 22301, BS 25999)

  • CE Mark (89/106/EEC, BS EN 1090)

  • Environmental (ISO 14001, ISO 50001)

  • Food Safety (ISO 22000, BRCGS)

  • Health & Safety (ISO 45001)

  • Information Security (ISO 27001)

  • Quality Assurance (ISO 9001)

  • Technical (NERS, GIRS, WIRS)

Logistics can deliver 'turn key' certification including internal audits, management review and accompanying the external auditor
Alternatively Logistics can be tasked with implementing any of the 15 steps within the certification process.

Implementation Guidelines
What are 'Risk Assessments'?

Management systems (not just Health & Safety systems) require each hazard (danger) to be evaluated (identified & assessed), taking into account existing controls.

The formula often quoted is Risk = Hazard x Probability (likelihood of occurrence).

Where consequences (Hazard) range: Bruising (First Aid required) Serious injury (medical treatment, effects reversible) Fatality

And likelihood of occurrence (Probability) range: 1 in 1 million (extremely remote) 1 in 10 (frequent)

Risk can affect People, Assets and Reputation/Brand

Risk is instinctively underestimated for activities that:
a) Are familiar eg People are content to cycle on roads (often high-risk), but some are nervous of air travel (which is relatively safe)
b) Have delayed consequences (eg smoking, tanning beds)

Stanford University quantifies the level of risk as 1 micromort defined as a 1 in a million chance of death:
  • 6,000 miles by train (accident)
  • 1,000 miles by jet (accident)
  • 230 miles by car (accident)
  • 17 miles by walking (accident)
  • 10 miles by bicycle (accident)
  • 6 miles by motorbike (accident)
  • 1.4 cigarettes smoked, or living 2 months with a smoker (cancer, heart disease)

The Health & Safety Executive (HSE) quantifies the level of risk, at which an employer should consider action:
  • Below 1 micromort/ annum is broadly acceptable (eg business driving 230 miles/year)
  • Above 1,000 micromorts/ annum cannot be justified except in extraordinary circumstances (eg business driving 230,000 miles/year)
The Cambridge Professor for the Understanding of Risk quantifies a different unit: the microlife, defined as an activity which extends or reduces your life by 1 millionth, which equates to half an hour (30 minutes is equal to 1 millionth of 60 years):

  • The first alcoholic drink of the day adds 1 microlife to your life
  • The first 20 minutes of exercise adds 2 microlifes to your life
  • One SCUBA dive subtracts 5 microlifes from your life
  • one hang-glider flight subtracts 7 microlifes from your life

Risk Assessment is so called in Health & Safety & Information Security, but it is renamed:

  • Business Impact Analysis in Business Continuity Management;

  • Context of the Organization in Quality Management;

  • Data Protection Impact Assessment in Data Protection Management (GDPR);

  • Determination of Execution Class (EXC1-4) in the Construction Products Regulations;

  • HACCP (Hazard Analysis and Critical Control Points) in Food Safety Management;

  • Significant Environmental Aspects in Environmental Management.

Methodologies (of varying complexity) for analysing risk include:

  • FMEA (Failure Mode & Effects Analysis) qualitative exercise to analyse the reliability of a system (for example an automtive component)
  • FTA (Fault Tree Analysis) qualitative exercise incorporating Event Symbols & Boolean Logic to analyse the reliability of a system
  • HAZOP (Hazard & Operability Analysis/Study) qualitative technique aimed to stimulate the imagination of participants to potential hazards
  • LOPA (Layer of Protection Analysis) semi-quantitative tool for analysing and assessing risk on a process plant
  • PHA (Process Hazard Analysis) general name for qualitative risk assessment by, for example Checklist, What If? Analysis
  • RM³ (Risk Management Maturity Model) Office of Road & Rail use this model to assess risk management arrangements within the rail industry
  • SWIFT (Structured What If? Technique) qualitative technique to stimulate the imagination of participants by using a checklist of guide words

Are procedures/method statements just bureaucracy?

Management systems are required to be documented, but you will be pleasantly surprised how concise the wording can be, eg use bullet points instead of sentences or paragraphs.

Who writes the procedures/method statements?
We carry out the systems analysis & then document the procedure/method statement for you. Clear, concise documentation is essential to reduce the time/cost of internal & external audits.

Should we write our own the procedures/method statements?
If you wish to write your own manual, avoid unnecessary detail, we will gladly advise you on the required content.

We don't get any complaints, so I don't need a procedure for that?
Even the mildest suggestion is useful feedback, an opportunity to improve. Consequently all management systems require a procedure to address customer complaints. A single 'Problems & Suggestions Spreadsheet' should suffice.

How much?
The Certification Body's fee is based on company size, eg ISO 9001 starts at £800. Our consultancy fees are often grant assisted.

Grant assistance?
We can advise you on European funding, available in most areas.

How long does it take?
A comfortable time for an ISO implementation is 6 months. If urgent, it can be achieved within 2 months.

Project Plan


What to do

Logistics can help



Research  ISO standard

Present a case study of the ISO Standard as implemented by a company in your industry

Design Procedure
Administration Procedure


Establish scope

Produce single page policy statement
Determine exclusions to ISO standard

Quality Policy
Health & Safety Policy
Environmental Policy


Establish business objectives

Produce performance objectives
Produce improvement objectives

Orders received before 3pm are despatched same day;
ISO9001 certification by 31/12/14


Appoint certification body

Shortlist from 50 certification bodies
UKAS accredited
Coporate image:cost
Relevant experience

LRQA (Lloyds)


Establish responsibilities

Identify appropriate staff

Internal auditors


Identify existing controls

Interview departmental staff

Book, form, spreadsheet, database


Document existing procedures

Interview departmental staff
Produce a concise Procedures Manual, summarising critical business processes
Works Instructions (defined as non audited)

Control of documents & records
Corrective & preventive action
Internal audit


Identify standards

Supply library of downloads in .pdf format

  • Legislation
  • Standards
  • (Approved) Codes of Practice

Customer specifications
Manufacturer's instructions
Trade Association code of practice
British Standards
Health & Safety Executive guidance
Environment Agency pollution prevention


Risk assessment

Audit facilities
Checklist of common business hazards
Hazard Analysis & Critical Control Points
Method statements
Business continuity (disaster recovery)

Business risk analysis
Residual risk report

Environmental (aspects)
Financial (fraud, theft)
Food Safety (HACCP)
Health & Safety
Human Resources (employment law)
Information Security
Marketing (SWOT)
Quality Assurance (context of the organization)
Technical (workmanship)


Action plan

Gap analysis & improvement plan
Develop system improvements
Healthcheck prior to assessment

Implement a customer complaints system (spreadsheet with a shortcut on every PC)


Internal audits

Select internal auditors
Train internal auditors
Carry out internal audits

Qualified Internal Auditors
Cannot audit their own work
Agree achievable audit programme


Internal communication

Staff presentation

Brainstorm hazards
Explain ISO
Explain changes to system


Management review

Chair management review meeting

Produce agenda & minutes



Attend (host) stage 1/ stage 2 assessment

Address any corrective action


Maintain management system

Helpline support for life

ISO & legislation updates

Back to content