With the concerns around the Covid-19 pandemic, many companies are wondering if maintaining their management systems is necessary. This question can be raised for any management system based on any of the ISO standards, be it an ISO 9001:2015 Quality Management System (QMS), an Occupational Health & Safety Management System (OHSMS) per ISO 45001:2018, or an ISO 27001:2013 Information Security Management System (ISMS). Whatever management system you have in place should be maintained during the coronavirus pandemic, because maintaining the management system can actually help you in your pandemic response.
Why should companies care about certification during a pandemic?
It is important to note that the reasons you have chosen to implement a management system, such as to improve your quality management, the health and safety in your workplace, or the data protection of your IT system, have not really changed due to the onset of the coronavirus that we are all fighting. In fact, now—more than ever—it is important to keep up the controls you have put in place to safeguard against IT attacks, as these are now emphasized more due to many people working from home.
Likewise, your management of quality to provide products and services that meet customer needs is even more critical now, particularly if you have expanded into a new market to meet pandemic needs; it is crucial that any expansion like this is done in a systematic way. In fact, some processes that you have put in place, such as hazard assessment in the OHSMS, can become even more important now that you are trying to assess new hazards quickly, and using the systematic approach you created will ensure that this fast assessment is also a correct assessment.
In many ways, it is more important to maintain your management systems now than ever before due to additional strains from the pandemic. For more information on how ISO standards can help you during the coronavirus, read this article: How to use ISO standards to address a pandemic.
How to maintain ISO compliance during the coronavirus
To maintain your certification, you need to maintain your management system—the best way to do it is through risk management, internal audit, monitoring & measurement, and management review.
Risk management. As it turns out, many of the processes implemented as part of the ISO standards can be used to help to maintain your compliance during the coronavirus crisis. To start with, controls you have in place for better data protection can help with security of your IT systems through heightened attacks that may occur, and the security of your data can also be heightened. The processes you have put in place for risk assessment and risk management can be used to address any additional risks that are now present due to the coronavirus, and this assessment and control process can happen quickly and correctly even under time pressure.
Internal audit. Another tool in the management system that can aid in your pandemic response is that of the internal audit, which helps you to check if processes are meeting their requirements, and to find improvement in the processes. This critical management system activity can help in the pandemic by ensuring that the changes you have made to address Covid-19 concerns have been adequately implemented and understood. Auditors can also provide additional improvement ideas on an ongoing basis to help find even better changes than first identified.
Monitoring & Measurement. Maintaining the measurements you use to tell if processes are meeting their requirements can become even more critical when fewer people are around to monitor what is happening. Continuing to collect, analyze, and evaluate data that can tell you how well your processes are doing can be the difference between your processes remaining on track, and having problems slowly creep in without anyone noticing.
Management Review. Finally, keeping up the review of your QMS data by top management can ensure that resources are maintained so that your processes don’t stray from their requirements. The QMS can help your leadership team to better manage resource assessment during the pandemic, ensuring that adequate resources get to the right place.
You can find out more on the certification audit process in this white paper: What to expect at the ISO certification audit: What the auditor can and cannot do.
Remote solutions for ISO compliance activities
Even with all of these benefits and reasons to maintain your management system compliance, it is important to note that the world is not business as usual, so some changes are bound to be required to make your processes work. One of the main issues that you may need to deal with is that many of your employees may not be co-located during the pandemic, and working closely for an activity such as an internal audit might be problematic. This is why considering remote solutions is an important part of maintaining your compliance.
Remote solutions are any activities you can perform while not face-to-face with another person. This can include performing audits through a shared screen, where the auditor and auditee can both look at the same records being displayed and answer the audit questions posed. Due to the pandemic, there have been big improvements in the collaboration tools that can make this easy. You may also investigate secure ways to make your procedures, forms, and records accessible to employees who need them while working away from the office, such as at home. Secure online storage of documents can become an indispensable tool for allowing activities to occur while people are remote from the workplace.
To learn more about the remote audits, read this article: What are the benefits and barriers when performing remote audits?
Maintaining certification: A little work now, less work later
A final thought on maintaining certification is that the pandemic will be over one day, and when this happens it can be a lot of work to assess and re-align your processes in order to re-certify your management systems. Any work that you do now to maintain and improve your processes, aligned with the ISO standards, will ensure that you do not drift too far away from what is required in the management system to meet the international requirements. It will be much easier when things become more normal to have your system still in place and functioning, rather than struggling to bring it back to where it needs to be.
To learn more about what the certification auditors will be seeking from you, download this free white paper: What to expect at the ISO certification audit: What the auditor can and cannot do.
Mark Hammar is a Certiﬁed Manager of Quality / Organizational Excellence through the American Society for Quality, and has been a Quality Professional since 1994. Mark has experience in auditing, improving processes, and writing procedures for Quality, Environmental, and Occupational Health & Safety Management Systems, and is certiﬁed as a Lead Auditor for ISO 9001, AS9100, and ISO 14001.