I am often asked about training by the management systems staff that I regularly work with.  The question is typically: “I now feel competent with the ISO standards that I am working with, so what training should I pursue next?”  I almost universally answer with Project Management for these reasons:

• Management Systems staff have significant Project requirements since most of the management system activities are expected to be driven by them, but are completed by people that do not report to them, Including, but not limited to:
  • Completing internal audits
  • Preparing and conducting management reviews
  • Measuring effectiveness and efficiency of processes through metrics and KPIs
  • Completing continuous improvement projects
  • Completing a host of required tasks related to the management system over the course of a year (e.g. environmental and safety reporting…)

So being a competent project manager can help to accomplish these responsibilities more efficiently and effectively, reduce stress, and help to hold the process owners accountable.  It can make the difference between struggling and career success. 

With this in Mind, Management Solutions Group, Inc. had created a training workshop focused on Management Systems staff.  This course would be helpful for anyone with Quality, Environmental, Laboratory, IT, or safety management systems responsibility – including any who support these systems with technical tasks.

The ISO Standards have attempted to be normalized across the specific management systems. ISO 9001, IATF 16949, 14001, 45001, 27001 et.al. have similar structures.  Because they span a number of standards they are called High Level Structures.  They were created and used as guidelines during the creation of the latest and future versions. For example the structure or areas covered in the standard (i.e. clauses) are:

The clauses of the High Level Structures were formed based on the Plan-Do-Check-Act (PDCA) improvement cycle.


The modern ISO management system standards are based on this common structure - High Level Structure. These include:

• Quality management: ISO 9001
• Environmental protection: ISO 14001
• Security and health at work: ISO 45001
• Energy management: ISO 50001
• Information security: ISO 27001
• Compliance management: ISO 37301
• Business continuity management: ISO 22301

These are some of the more recent Nonconformances found in IATF 16949 Quality Management Systems including both internal and registrar audits:

• Product and Layered Process Audits are not being performed to the documented schedule
• Contingency Plans do not address all requirements (Including Sanctioned Interpretations) and / or are not tested / simulated
• Key performance indicator metrics are not meeting goals, and have no documented countermeasures
• Customer Specific requirements are not implemented (The specific requirements could be from revised customer specifics or implementation could have lapsed)
• Off site warehousing has been added, but internal documentation has not been updated, material / part identification does not meet requirements (Including nonconforming product)
• Changes to Outsourced Processes not included in the required quality management system documentation, Approved Supplier Lists, or records of required certifications and supplier development

This applies to all standards (ISO 9001, ISO 14001, ISO 45001, ISO 17025, IATF 16949, AS9100, ISO 13485, ISO 27001…)

• Has your Management System become a One person show?
• Does Management struggle during audits when asked questions about the management system?
• Do you feel that the support for activities is not there as intended in the standard?

Why does this occur?

There can be many reasons that this occurs, and sometimes it is partially the fault of the management rep. If you are taking care of the auditors and audits all by yourself, updating documents for processes where you are not the owner, and creating records necessary to pass audits, this may indicate that you have taken too much control.
(I can personally relate to this!)

While the Management Representative for the Management System will most likely need to support all processes with knowledge of the standard, they need to let (And encourage) the Process owner dictate the processes. They also need to be less concerned when there are nonconformances identified in audits due to issues with different processes having issues – this just allows for the re-evaluation and improvement to occur. (This can be difficult to those of us that like to be in control to achieve)

Other times it can come from management system staff struggling to present information in the language best understood by upper management (This is where accounting training can help)

Things to try:

Good place to start would be with a thorough internal audit by a competent and independent auditor (This could be a resource like Management Solutions Group). This audit would include interviewing process owners and more in-depth assessment of the system and the implementation. This information would arm the organization with the knowledge of the best areas to focus on first.

As part of the cannabis legalization process, most states are requiring testing labs become accredited to the ISO 17025 standard as part of their licensing.

We have noticed an increase in Cannabis Testing labs needing assistance.  There are many issues to consider when developing management systems to meet the ISO 17025 requirements. For example, Michigan requires a laboratory achieve accreditation within 12 months after the date the laboratory license is issued.

We have worked with many small labs.  From that experience MSG has developed a process to quickly prepare a laboratory for accreditation with lower costs. For us, this is a fairly standard project for which we have developed a very efficient process.

This is important for the cannabis product users since most users want to ensure that they are purchasing products with accurate listings for THC content, and that the products meet requirements for Herbicides and other potentially harmful chemicals. A quick internet search will show that historically there has been significant discrepancy in the reported THC contents of many products, and a real concern for other chemicals that can be concentrated as part of the processing.

If your organization is like most these days, you are having trouble finding enough staff to complete your work in an effective and efficient manner. One significant task that you can find highly competent staff to assist you with is your internal audits. Whether you are operating a quality, environmental or safety management system we have the ability to support you in an efficient manner. Once complete you will:

• Have a very thorough internal audit completed by highly competent staff
• Know the areas to focus on for action
• Have confidence that your surveillance audits will go smoothly
• Need less internal resource needs for completing the internal audit and corrective actions
• Receive input on any issues found that will also provide outside eyes on ideas to solve these issues

Many organizations that complete their own internal audits struggle to find the right team members, obtain training (Particularly for staff changes), allocate the necessary time for the audits, struggle to maintain internal auditor focus while work piles up on the auditor’s desk, and do not always obtain audit results that are really reflective of the actual system effectiveness and efficiency.

Our workshops are hands on learning events that focus on your processes and designs. These onsite or virtual sessions can be focused on training newer staff or staff transitioning from the 4th edition AIAG FMEA methods. All of our training staff have worked with the previous 4th edition AIAG FMEA Manual and understand the challenges of the new FMEA approach, and the resources and knowledge required. We have 2 specific training options for organizations

For Practitioners:

These classes will help organizations and staff understand the new format of the FMEA forms and how to utilize the new format to implement the 7 Step Process along with the 5T’s needed to effectively create FMEA’s that will:

• Provide prioritized actions to reduce for potential risk
• Provide opportunities for preventive actions and continual improvement
• Effectively document cause & effects of failures
• Document preventive and detection risk
• Increase the usefulness of the resulting FMEA’s for continual improvement
• Ensure that your staff are creating the new FMEA's inthe most efficient way possible

We also offer options to start a draft of a current 4th Edition FMEA in the new format prior to the training to help workshop participants view the results of the process

For Auditors:

This training is specifically for auditors (3rd Party and Internal) with a focus on an overview of the FMEA process, the new FMEA requirements (Design and Process), and how to audit this as part of the management system and process audit.

(Determination of Legal and Other Requirements):

Management Solutions Group has team members competent in the regulatory requirements for safety & environment and as such can assist an organization with their required Evaluation of Compliance with Legal requirements that apply to the organization and advise on how to take these into account with the Management System. Those organizations with ISO 14001 Environmental Management Systems will be familiar with this process. For others, we will review the regulations and your processes determine the applicable requirements. These would then be managed through operational controls. If you have questions, we would be happy to discuss the requirements and your options.

Take a 45001 Course on Ingentius.com.

The events of this past year have created challenges for many organizations working to complete internal audits and maintain their management systems. With the large number of organizations that we work with, we have encountered some specific issues that affect most of them and some specific solutions to these challenges.

The EPA has released the Hazardous Generator Improvement Rule, Federally Implemented starting May 30, 2017, and adopted by states thereafter (Typically July 1, 2018 or July 1, 2019 or later) and Michigan as of August 1, 2020. Note that this does not only apply to organization that are ISO 14001 Certified, but any organization with any wastes. The EPA estimates, based on regular inspections, that up-to 30% of all organizations are noncompliant with these rules. One of the goals of this revision was to make the rules more understandable.

This article is not intended to be a full review of the requirements, just some highlights of the changes that affect the large number service and manufacturing organizations. There is a lot of free information available on the web. If you have any specific questions just contact us and we will assist you or point you in the correct direction for details.

Some of the changes that affect a lot of our clients are:

2020 Challenges: What should I be focusing on with my Management Systems (Quality, Environmental, Safety, Laboratory, Information Security…)

• What should I do to make sure my 3^rd party audit goes well?
• What should I do to help my company through these challenging times?

With the pandemic and staff working from home, the management systems (ISO 9001, ISO 14001, ISO 45001 etc.) follow through can be a challenge, as well as the internal audit and improvement processes.  Many organizations are working in smaller groups, performing more of the basic functions, and skipping some of the important documentation due to other important organizational needs. This does not leave us without opportunities to accomplish important tasks.  Here are a few suggestions that will not only create improvements and risk reduction, but will also continue to support a management system’s requirements:

• Conduct internal audits focused on documentation and records. This can be done remotely and can also identify outdated language, redundant documentation that may not be consistent, and areas for improvement. These audits can be followed up with documentation and records process improvements. Future audits can always include increased production or manufacturing floor audits as a focus.
• Focus the audit and risk identification processes on contingency plans. This can allow an organization to document lessons learned and improve the organizations processes and contingency plans going forward. It will likely be some time before things in most organizations really return to normal, so improvements in these areas can be valuable for an organization.
• Management system staff and internal auditors can also assist departments and areas of the company organize and improve their processes in a changing environment. These staff are typically more trained and focused on this aspect of the work which can be of great value to many areas of an organization.
• Some specific areas to watch:
  • IATF Temporary Change requirements
  • Automotive PPAP requirements for internal changes
  • IATF Shutdown and Startup requirements, where applicable
  • Scheduling processes where order quantities are changing
  • Changes to workflow and security requirements for staff working remotely
  • Supplier management and development – many of the above items would also apply to the organization’s suppliers, and to protect your organization, you may want to ensure you are reviewing suppliers to determine if they are proactively addressing these changes and associated risks

(IATF 16949 Surveillance audit, transition audit, upgrade audit)

We have been reviewing the data from many sources on the common nonconformances during transition audits for IATF 16949: 2016 as well as ISO 9001, ISO 14001, AS9100, ISO 13485 and now ISO 17025.

Some things stay the same

An analysis of the data identified many nonconformances that are consistent with audits conducted prior to the newly revised standards. These nonconformance are more common than those written to the new requirements for companies that spend more time addressing the new requirements explicitly in their management systems. Examples include:

• A gage that is past due for calibration without any extension records
• Control Plans and PFMEAs that do not match
• Work instructions that are not being followed or out of date…

Here is some very good advice on migrating to the new 16949 standard.

When you are looking at upgrading your management systems to meet the new requirements, you really need a solid approach to the project ahead. One important piece of advice that we have learned from experience is that when resources are needed for a project like this, it is critical to obtain the resources at the beginning of the project. If you are able to muddle your way through the process and achieve registration to the new standard which the hopes of finding resources to make the necessary improvement to the management system after certification, you will likely be disappointed. Here are some additional suggestions to the approach to the project:

What are notable changes?

The new ISO 9001 standard aligns with high-level organizational structure, requiring all new ISO management system standards to be aligned on a high-level structure with a set of common requirements.