The ISO 9001 and 14001 revisions in 2015 and ISO 45001:2015 have a structure which is now common to all ISO Management Systems, whether the system is for Quality, Environment, Health and Safety or IT Security. This means that organizations with more than one management system have a much easier task integrating their systems. ISO 56002:2019 now enables Innovation to be integrated with all of these standards.

The ISO requirements start with a clause ‘The Context of the Organisation’ which asks us to look at what are the external and internal issues impacting an organisation. Right away this draws us into Strategic Planning and engagement of Leadership.

Risk-based thinking then requires us to identify which issues, both external and internal, have the greatest risk for the organization. There is a very logical flow as the standard then asks us to mitigate the higher risks.

This means applying prevention to these risks and we have choices on how to do this. Traditionally this would have been done by writing procedures. Today we can mitigate risk with far more choices such as using technology (software), developing our people’s competencies or the use of simple checklists.   

This means there are far less documentation requirements and the terms ‘documents’ and ‘records’ in previous standards are replaced with ‘Documented information’ which gets us thinking about information and information flow.

In addition, ISO 9001:2015 has been written to address services as well as manufacturing, has fewer prescribed requirements than previously and has no automatic exclusions.

A management system is a ‘set of interrelated or interacting elements’ and for it to be effective, information must flow between people and between processes. Information flow is the lifeblood of our organization.