ISO Certification and Objectives – How setting them is not as easy as you’d think

Sep 27, 2018

Archived Blog & News

The content in this blog was accurate at time of publishing, however as standards (and the understanding of their application) change, some of this information may no longer be applicable.
If you have any questions on this or the other topics we’ve covered; please get in touch and we can discuss any queries you may have.

ISO Certification and Objectives – A New Emphasis?

The effect of Annex SL (the document which says how ISO documents should be structured and what they should contain) on ISO 9001, ISO 14001, ISO 27001 and ISO 45001 is raising many questions relating to ISO certification and objectives. This is odd. The requirement for objectives goes way, way back to the 1994 version of ISO 9001. Furthermore, the 1996 version of ISO 14001 even asked for targets, responsibilities and a programme for reaching them. Therefore, ISO Certification and Objectives should not come as a surprise partnership. They’ve been around a while.

(Meanwhile, you did know what Annex SL was, didn’t you? Think “standard for writing standards”. A way of increasing commonality and hopefully reducing administration costs. More here)

The Objective of Objectives.

Objectives are essential if you want your management system to actually deliver something of value. However, my recent experience with several organisations has shown how difficult identifying genuine long term objectives for businesses can actually be. “Objective” seems to be the hardest word.

The responses from certification auditors has also been intriguing, and inconsistent of course. On the one hand, I’ve faced an ISO Fascist. He demanded a table of multiple objectives updated every ten minutes. Furthermore, full details of everybody involved. Conversely, I’ve had several auditors who must have left our planet during the 2015 update of 9001. ISO 9001:2015 was a milestone. They show no interest in targets, actions or responsibilities at all.

Welcome to the future.

So what are you, the customer, supposed to do?

Objectives and targets have to be set for ALL the management system standards. Sadly, there’s no escape. Sorry. Therefore, you need “A Plan”  Exactly how you are going to achieve them? The standard borrows from Kipling’s “Six Honest Serving Men” (What and Why and When, And How and Where and Who).

It’s actually quite straightforward:
In clause 6.2.2, it asks for;

a) what will be done;
b) what resources will be required;
c) who will be responsible;
d) when it will be completed;
e) how the results will be evaluated.

These seem to me to be just good instructions for planning to deliver. So far, so good.

Great Theory – What About The Application?

However, the standards aren’t very helpful when it comes to what can be measured. For those puzzling about what is actually required, here are a few examples:

Quality

[su_list icon=”icon: check” icon_color=”#2E81B7″]

  • Frequency of defects
  • Number of customer complaints
  • How many customers order more than once, and can it be improved?
  • How many customers order more than once, and can it be improved?
  • S/W – How many bugs raised after a release?
  • How long are they outstanding?
  • Can there be a reduction in how much scrap do you produce (in quantity or cost)?
  • Is it possible to reduce the time/cost of making the product or delivering the service?
  • How quickly do you develop and introduce new products or services, can it be improved?

[/su_list]

Health and Safety

[su_list icon=”icon: check” icon_color=”#2E81B7″]

  • Can you reduce accidents or ill health?
  • Are all your risk assessments up to date? Do they cover all processes and services

[/su_list]

Enviroment

[su_list icon=”icon: check” icon_color=”#2E81B7″]

  • How much are your utility bills, and can you reduce them? Can you reduce the energy used while maintaining output? (try comparing the electric bill with the sales generated)?
  • Can you reduce the quantity of packaging on products, or its cost, or improve its recyclability?
  • Is it possible to reduce the waste generated, or increase recycling, or even find an alternative use for the waste?

[/su_list]

Information Security

[su_list icon=”icon: check” icon_color=”#2E81B7″]

  • PEN Testing – No of items identified or how long to fix.
  • Security Incidents, how many, can they be reduced.
  • What is the availability time of your computer networks?

[/su_list]

“Buy-in” to Change.  How to Get Attention.

There are usually many things that most companies can improve on. Furthermore, when setting objectives and targets, it is always sensible to select something that interests your senior management. What might that be? As an older guy once advised me, “if you are talking up the management chain, then always try and talk money. That seems to interest them most”. So it should, business is about making money. There is no problem with having an objective which helps the company’s bottom line. If it does, you’ll find far more management interest in reaching it.

Questions?

ISO Certification and Objectives now appear to be in a long standing partnership. If you need any practical and pragmatic assistance in addressing this need why not give us a call?