Last reviewed 19 May 2021
Integrating different management system standards can bring benefits to an organisation. However, there are barriers that, if not addressed, may negate the successful integration process. Mike Sopp investigates.
When ISO 45001 Occupational Health and Safety Management Systems. Requirements with Guidance for Use was published in 2018 it was based upon the high-level structure approach adopted for other management system standards which, the International Organization for Standardization (ISO) stated would “allow for the alignment and integration with requirements of other ISO management system standards”.
But how simple is it really to integrate an organisation’s management system standards?
Influences on integration
With growing competitiveness and higher expectations from customers, the marketplace and other stakeholders, organisations are under increasing pressure to demonstrate their corporate compliance, social responsibility and governance credentials.
To meet these expectations, many organisations have adopted the use of internationally recognised management system standards such as ISO 9001 (on quality), ISO 14001 (on environment) and ISO 45001 (on occupational health and safety).
These systems have in most cases been established and implemented as standalone or silo systems with each one being allocated separate management, administration and operational resources.
The risk environment in which many organisations operate is becoming increasingly complex and subject to continual change. There is growing recognition of the “interconnectivity of risks” and the need for an organisation to be more resilient so as to manage these risks as whole and adapt accordingly to change in the risk landscape.
This is recognised in BS 65000:2014 Guidance on Organizational Resilience, which states that to ensure organisational resilience “the organisation should integrate the risk management activities and operational disciplines”.
The International Organization for Standardization (ISO) has recognised that this proliferation of standards that are subtly or substantially different has caused confusion and inconsistent understanding and implementation for organisations.
As such, all future revisions of system standards will adopt the Annex SL high-level framework for a generic management system so that all management system standards will have the same overall “look and feel” but with the addition of discipline-specific requirements.
A key aspect of the Annex SL approach is to enable the integration of the various management systems.
Benefits and barriers
Organisations that have more than one formal management system can benefit significantly by merging their systems into one formal system.
With an integrated system, an organisation becomes a unified whole, with each function aligned behind a single goal: improving the overall performance of the organisation.
In terms of operational benefits, notable bodies such as the Institution of Occupational Safety and Health (IOSH) and the International Institute of Risk and Safety Management (IIRSM) provide a comprehensive list of benefits, including the following.
Better decision-making by providing a complete view of the impact of the potential risks on the organisation.
Reduced costs by avoiding duplication in resources, internal auditing, document control, training and administration.
Reduced duplication and bureaucracy by having one set of processes and procedures including a governance framework.
Less conflict between systems by avoiding separate “empires” with roles and responsibilities being made clear from the outset.
Improved communication, both internal and external by having one set of objectives, engendering a single risk culture, using a single “risk language”.
Enhanced business focus and planning by having one system linked to strategic objectives of the organisation.
Optimised auditing (both internal and external) that focuses on the significant risks that can impact on the strategic objectives.
Better opportunities to adapt to changing risk landscape through single management status reviews.
However, as IOSH notes, there can be arguments for maintaining separate systems.
Integration could threaten the coherence and consistency of current well-functioning arrangements.
Relevant specialists can continue to concentrate solely on their core areas of expertise.
Integrated systems can become over-centralised and over-complex and lack the capacity to consider local needs and constraints at the operational level.
During planning and implementing an integrated system, the organisational vulnerability to risks could increase.
System and organisational requirements/priorities may vary across the spectrum of standards (eg head of departments having own priorities).
There can be variances in standard status internally which can influence the meeting of regulatory requirements.
Regulators and single-topic auditors may have difficulty evaluating standards in an integrated/interwoven system.
A negative culture or flaws in one-system area could ‘infect’ other more positive cultures in other systems.
Organisational culture and silo mentality creates vested interests among those managing systems.
Despite these potential issues, if the management standard is well designed and carefully implemented, these issues should be overcome.
Integration is about the co-ordination of elements such as organisational structures, strategic decision-making, resource allocation, auditing and reviewing. The specific operational areas unique to various disciplines still have to be managed within the integrated framework and therefore do not dilute the risk control measures required.
The British Standards Institution recommends that before commencing integration the organisation should assess its ability to integrate, considering the following areas in advance.
The extent to which integration should occur taking into account the business case and risk landscape.
The political and cultural situation within the organisation (ie the will to integrate and risk appetite).
The levels of competency required to achieve integration.
The legal and other compliance requirements of the organisation.
The objectives of integration and whether these are cost-effective.
Future needs of the organisation in terms of managing risks.
The adequacy of the current systems (eg maturity status).
This scoping and assessment exercise should lead to the identification of the elements to be integrated along with the phasing of the integration.
During the planning and implementation stage, IOSH recommends that the following issues be given consideration.
The choice of an overall integrated management system model (ie to follow the PDCA cycle).
How to retain the integrity of current system elements and remain functional during transition to an integrated system.
The need to pilot parts of the IMS to confirm that they are effective.
The introduction of the IMS using appropriate organisational change management processes.
The document control procedures that will be required.
The level of competency required including any needs analysis and learning/development programme.
The introduction of a process to ensure the on-going commitment of employees to the new system (ie to retain involvement and change behaviour).
Typically, the management systems that will be integrated will be those relating to health and safety, environmental management and quality. However, there are now many additional risk related standards that many organisations may aspire to achieving including those relating to compliance, asset management, fire safety, road traffic safety and business continuity.
The introduction of Annex SL, BS 65000 and PAS 99:2012 Specification of Common Management Systems Requirements as a Framework for Integration has potentially broadened the scope of integration with the potential for more standards to be integrated into one system.
PAS 99 provides a clause by clause framework which covers the common requirements and enables an organisation to have one common system for the core elements of all the standards.
PAS 99:2012 Specification for Integration of Common Management Systems, BSI Shop
BS 65000:2014 Guidance on Organizational Resilience, BSI Shop