Episode 22 – ISO – What is an IMS?
Episode 22 – ISO – What is an IMS?
Discover the transformative power of integrated management systems (IMS) in this engaging podcast episode. Join host Xavier Francis and Suzanne Strausser, VP of Consulting and Development at Core Business Solutions, as they unravel the benefits of harmonizing ISO standards into a seamless framework. Learn how IMS not only saves time and resources but also enhances communication, and more!
Core Business Solutions publishes ISO Certification podcast episodes weekly. You can find more episodes here.
Episode 22 Key Content
Hello, everyone, and thanks for listening to the Quality Hub chatting with ISO experts. I’m your host, Xavier Francis, and today we’re here with the fan favorite, Suzanne Strasser, VP of Consulting and Development here at Core. So glad you could be with us again, Suzanne.
Thank you. Xavier
Oh, you are more than welcome. And we love it when you’re here. Well, over the next several months, we’re going to have an exciting lineup of diverse topics to explore. Apart from the well-known ISO 9001 quality management standard.
We’ll dive in, the various other ISO standards, and these include ISO 14001 EMS focusing on environmental management systems, and ISO 45,001. Occupational Health and Safety. ISO 1345 for medical devices and ISO 27,001 for information security management systems.
Additionally, we’ll examine AS 9100 9120 and the crucial realm of cybersecurity. We’re thrilled that you’ll be joining us on this journey and we encourage you to stay tuned for each of these insightful discussions.
But today’s focus is on understanding an IMS or integrated management system, and we’ll be exploring its significance in integrating multiple management systems seamlessly into your business. But before we dive in, let’s hear from Suz and learn a little bit more about her.
Well, thank you. As you said, I am the vice president of Consulting and Development here at Core Business Solutions. Next weekend, I’ll be otherwise known as the mother of the groom. So there’s that. That’s an exciting time.
A very exciting time.
But yeah, it’s been fun being here and watching the growth of all the different standards that we’ve been involved with over the years.
Yes, Yes, I know 9001 is probably our most common, but I know even since I’ve been here, we’ve just expanded on to quite a few different standards that we’re helping people with.
That’s right.
Well, it’s great that you’re here, and we do appreciate you taking time from your busy schedule to be with us. So to start us off, what is an integrated management system or an IMS, and how does it differ from other management systems?
Well, it’s an IMS you said, it’s integrated. So, you know, things are put together. So that’s it. I think we’re done here then.
Yeah, I think that’s about it. Good. Okay, so you just put in a bunch of systems together. Got it.
You know, listener, sometimes it would be nice to have a video of our shoots here, so you can see Xavier’s face when I just said that,
She just totally throws it right at me like, that’s not what you were supposed to say.
Anyway, an integrated management system, really comes into existence when any two or more standards are implemented in a way that combines their common parts. So, for example, document control, corrective action, having an internal audit, having a management review. Why do I feel like I’m on the $100,000 pyramid here?
That was a game for those of you.
What are common parts of an ISO standard?
Yes, one of the common parts, I’ll tell you, I’ll take management is management review for 100 different ones and the different games. Yes, different game.
But. But in any event, these are all common to, you know, all the standards. And so integrated management systems, really capitalize on the overlap between those common sections of the standards.
You’re sort of leveraging things that you’re already doing that are required for one system. Hey, why not just add another?
Yep. There’s a document which is called Annex L, which outlines the structure of management system standards. Wow. You know, a standard about standards.
Oh, boy. That’s how much more exciting.
Yeah, super exciting. Well, I mean, I know how it sounds, but what it does is save us all time and money, so that’s a little more exciting, right?
Yeah, absolutely.
But when standards began to take on this structure as they got revised, it meant it was easier than ever to integrate them. And that means documents such as a manual can be used for multiple standards. Training for multiple standards can be combined. Management review meetings can address all the requirements of all the standards all at once.
So you’re not adding another one on.
Exactly.
You’re just adding maybe some more. A few more bullet points you have to cover.
Internal audits can cover overlapping sections once you know. So that saves us time on the internal audit.
Absolutely.
And I think most importantly, certification bodies or registrars, they’ll often discount integrated audits because of that overlap that I just mentioned.
So you’re not paying as much?
Yep. Less time spent than done separately leads to dollar savings, which is great.
It is great.
And you’ll get one certificate that outlines all the standards and that can be helpful if you’re notifying your customer base or you’re, you know, having customer audits or surveys or whatever. Here it is all together.
Wow. Yeah. You’ve got everything. It’s not just one and another and another.
Yes.
I can certainly see why combining or integrating more than one standard can save you time and money, especially doing two different standards, you know, doing them separately. So with that in mind, what are some of the common standards that we see in the IMS, and what industry sectors benefit most from these IMS?
Well, we see a lot of different bundles, as we call them. So ISO 9001 for quality, 27,001 for information security, and 20000-1 for service management. They’re frequently implemented together because they deal with quality and security. So government contractors, call centers, and software developers are most likely to put these in place.
I can see where those would all fit together. Absolutely.
And then we also see 9001 combined with 14001 for environmental and 45001 for health and safety manufacturers, as are most likely to implement these together. But these standards can be combined in all sorts of ways. So sometimes even when they don’t quite fit. We’ve done ISO 13485 for medical devices with AS 9100 for aerospace.
That’s an interesting combination.
Yeah. And you could see the industries that these guys are in. But the standards aren’t exactly aligned because 13485 doesn’t follow that same structure as the ANNEX L. So that means the numbering, the terminology, they’re different and so they don’t line up between those two standards. But there’s still enough overlap to implement these misaligned standards at the same time, and the generalities are still the same.
Now, would you still give us one certificate as well?
In that case, it’s likely to be certificates from the registrar.
Okay. I certainly can see how bundling some of these different standards makes a lot of sense in a company’s market or type of business. Manufacturing you’re going to have you’re more likely going to have an environmental impact and you’re dealing probably with something that tools big pieces of equipment.
You’re going to deal with health and safety where you may not if you’re in a call center as much. You touched on this a little bit, but how does an IMS help an organization streamline its processes and improve its efficiency?
Well, some of the reasons that we talked about with resources and time and money, you know, internal and external audits, taking less time, that sort of thing. But I think there are other benefits if you have people from different parts of the organization who have to be in the same meetings talking about improvements and results, sometimes that can be eye-opening.
I would yeah, I would say a majority of the time when we go into organizations, the one thing that we ensure is that people, you know, talk to each other. Go figure. It’s often common that they don’t.
Yeah. I mean, you see, you know, getting more people together and in line with the company direction, their goals, etc., all of that type of stuff is going to pull in the same direction. I can see where that would be beneficial.
Yeah, absolutely. And you know, because we get to see the big picture in a company many times will be in a conversation about something that rings a bell from another department that we’ve seen, you know, and we’ll say, Hey, did you know this is happening in production, too? And I think Bob mentioned the same customer.
You might want to touch base but when a team is having these regular structured meetings about improvement, these scenarios are a lot less frequent.
Yeah, I could see that. It is amazing the synergy that can happen when more and more people start to pull in the same direction. Also sharing information, like you said, you know, just because one might be production, another might be design and development doesn’t mean there’s not something that you both can help one another with.
Absolutely.
And that’s going to benefit. I can see that’s where that could be a really big help. So what are some of the challenges that you might face if you’re working with an implementation of an IMS? And how do you know if this might be good for your company?
Well, one thing to note if you are implementing standards together is that it’s a lot more work upfront. So if you want an expedited implementation, for example, don’t do this.
Right. So if you’re having a hard timeline and say, hey, I need to be ISO 9001 certified by May. Yeah, look to do this later or something later. Don’t try to implement it once an IMS rate at that particular price.
And it’s easy to add on other standards once you have this structure in place. Ideally, though, do it from the start. And as far as if you know it’s right for your business, I would say sometimes it does depend on how big you are.
If you have separate departments and software systems for, say, quality and safety and environmental, maybe it doesn’t benefit you to integrate, though. As a manager, I’d say all the more reason to make sure your folks are aligned.
Yeah. So if you have a group that’s this. Here’s your quality group. Here’s your safety group. Here’s your environmental group. Maybe it might not be as easy to implement it, but you’re still getting those people together.
So you might have valid business reasons for keeping things separate. But it also may depend in part on your customers and if they want you to be nine and they truly don’t care about 27001, you may choose to keep the certification separate.
That’s interesting, you know, because I guess you may choose to keep it together because you feel from a business standpoint, you want to have that 27001. Let’s say you’re you don’t need to be, but you’re dealing with a lot of customer information and you want to deal with the security of that 27001 may help you in a way that might not benefit your customer on the front, but it might in the back end where you’re dealing what you’re you’re making their information more safe.
As you said, this can initially take a lot more time and it means more money. So you may consider it at a later date when you have the capital or maybe when you’re looking to branch out into another sector. That might be the time that you look at IMS maybe adding a product line, or something like that. And adding another standard would make sense.
Right. And as I said, it’s really easy. We do this all the time to add on extra standards. You know, once somebody is 9001 or AS certified, for example, adding on 14 or 27 or both or whatever, it’s really easy to do right down the road. Keep building Once you have those blocks in place.
Could you go into a little bit about how that might happen? Let’s let’s say we have a customer now for 9001. They’re listening in that, you know what we’ve been chewing on the cyber 27001 information security thing. And we have some closed companies, you know, be breached. You know, get into malware or ransomware. And we’re thinking about this. How would that look to implement those today?
Well, I will say, that if you were one of our previous customers, it’s super, super easy because you’ve got our documentation structure already in place. Which is nice to kind of add on to. If not, we take a look at what you already have in place first and maybe suggest, you know, one or two tweaks, the documents that kind of make it easier to integrate what we’ll be putting in place, you know, in the future. But it’s kind of an assessment up front to see what you have to see, what your gaps are and kind of go from there.
So similar to implementing a standard in general where your gaps when you already have, hey, take credit for error to do exactly like these things, these two things together. Now you’ve got one.
Yeah. And if you do have a quality management system in place already, it, it does save a lot of time, you know, with the newer standard because you’re like we said before, you’re already doing management review or you’ve already done an internal audit.
So we know how to do your documentation.
Yep exactly.
Well, this is great and you have a ton of experience. Do you have any stories where a company did this? Maybe one of ours, you know, one that we work with. They added an IMS and it did make a difference in their business.
Well, I could start with us. You know, so we were 9001 certified forever. And because we were getting into the information security market, we decided it was a, you know, best idea for us to get 27001 certified ourselves. And we started with separate systems.
But we have combined since then and honestly have seen some a lot of benefit in, as I said before, just talking to each other, you know, things that maybe I didn’t know was going on in the security area that now I do because we’re in the same meetings.
Right. And from a security standpoint, that’s going to help because you have to have training. Yeah. So if you can get all of your leadership on board, hey, we’re going to be incorporating this kind of training this kind of policy. You’re in those management review meetings you already know what’s coming and it’s not that strange.
Yeah, and it does save on the internal audit time and you know, all those same benefits. So it’s nice, you know, from my perspective rather than, you know, deploying resources to do both. But as I said before, we do this all the time, you know, a lot of folks implement 927 and 20 together and a lot also do 945 and 14 together. You know, for those the reasons we talked about.
And there are other standards, you know, hey, you know, give us a call if you if you don’t feel like, hey, what about this one? We learned a lot this year that we’re now covering. So if there’s any way we can help pick companies, that would just be great. And as you listen on through the next couple of months of the podcast, you are going to be talking about those standards a little bit more in-depth.
You may be able to find out whether they’re right for you in your company or not, and maybe we can help you out with that. Well, I certainly do appreciate you being here today. Sue’s always a pleasure. It’s always fun. You always throw me a curveball, which is always enjoyable for our listeners. I’m sure we do appreciate you being here and thank you so much.
Thank you.
We want to thank everyone here who’s listened to her podcast today, and we hope that it has been informative for you. If you haven’t already followed us on your favorite podcast platform, be sure to do so. That way you won’t miss the next Quality HUB podcast when it’s released next week. Thanks again for listening and have a great day.