ISO 13485, ISO 9001, ISO 27001, ISO 14001 are all examples of standards in management systems. All of them are based on the same kind of principle, but they do have their own specific approaches and focuses.
How can your company fulfill these different requirements, and what can you do to avoid nonconformity during your next audit?
Here we present 5 possible mistakes you want to avoid:
1. Not knowing what you have and what is missing
Let’s say you already have a Quality Management System in place according to ISO 13485 and you would like to add ISO 14001 to it. A good start is to see which requirements of ISO 14001 you can already address with your current procedures and which ones are not answered.
2. Duplicating procedures
Unless everyone in your organization is able to switch continuously between multiple sets of procedures, it’s probably not the best idea to have an independent set of procedures per standard. It makes much more sense to see if there can be one procedure that covers requirements of all your management system standards.
3. Forgetting to update your templates
When you use templates in order to address the requirements from a standard, don’t forget to include possible new requirements. Let’s take the example of a Management Review template. Most management system standards require you to conduct Management Review meetings. In general, they have the same overall structure. However, each standard focuses on specific topics.
If you decide to have one big Management Review meeting and you can use a template to make sure that all the mandatory topics are addressed. Don’t forget to update it so that it includes topics from the different standards.
4. Not paying attention to the details
Even though requirements look similar, some differences can be hidden in the details which could lead to nonconformity.
For example, in ISO 13485:2016 requires you to monitor and measure the performance of the quality management system. If the monitoring finds problems or insufficient performance, action should be taken (i.e using CAPAs).
ISO 27001 has a similar requirement to monitor and measure the performance of the information security management system. They also require you to define what, how, when and by whom the monitoring and evaluation of the monitoring will take place.
5. And losing the big picture
Make sure that you have (and keep updated) an overview of which standards affect which procedures. Standards are not static. At least every 5 years they are being reviewed and chances are that requirements are changed. Having an overview of which procedures are impacted, makes life easier to keep your management systems up to date and workable.
In short, it is perfectly possible to comply to different standards and have multiple management systems, each focusing on different aspects. But you want to integrate them well so that the one big system is still workable and not holding you back.
Interested in reading how we integrated ISO 27001 requirements into our existing ISO 13485 compliant Quality Management System? Check our next blog post.