Now, I’ve always been a pretty terrible record keeper in my own life.
To remedy this I tried the hoarder technique. If I thought something was even remotely important, I’d throw it in a box file and vow to come back to it one day in the future.
It was only when I came to moving, and thought I’d try to Marie Kondo my crap away, that I dug out all my box files and the piles of messy paper inside them.
I’ll be really honest with you – it’s not an approach to records management that I would recommend.
Your business probably creates exponentially more records than I do, so you certainly can’t use an unthought-out approach to records management either.
That’s why we’ve decided to take some of the basics of records management, explain them, and give you a series of actionable ways to get started taking control over the lifecycles of records in your company.
That’s another way of saying someone takes a look at what you’re doing, gathers some evidence, and compares that evidence to what you’re supposed to be doing (in other words, a set of clearly documented requirements).
In the case of ISO, these requirements are known as standards. ISO 9001 is a standard. ISO 14001 is a standard.
Importantly, this understanding of audit implies that there are a few main things being considered by the auditor:
What’s documented by the company (e.g. internal processes, policies, and SOPs)
Evidence gathered to support how these policies, procedures, and SOPs are implemented in practice
The requirements defined by the ISO standard being audited against (e.g. ISO 9001)
Audits performed by companies to assess and analyze their own management systems are known as internal audits. Many resources for guiding companies on how to perform internal audits exist, and foremost of these is the ISO 19011 standard.
For most management system standards, internal audits are an important requirement. Even guideline standards like ISO 26000 for social responsibility depend on reports to evidence the success of their implementations.
As such, ISO 19011 defines a set of guidelines; a framework for companies to plan, implement, and improve upon their audit programs, for auditing the implementation of management systems.
These standards often share a common structure, including certain requirements, terms, and definitions being used. That means ISO 19011 can be used to devise highly economic audit programs, wherein knowledge and processes can be shared and applied across various management systems.
By considering how they might take a broader approach to management system auditing and integration, companies implementing ISO management systems stand to save time, money, and confusion when preparing for and implementing internal audits.
The goal of this post is to provide a spring-board for understanding ISO 19011, and how to get started with internal ISO auditing. In this post, I’ll cover:
What is ISO 19011
7 principles of ISO auditing
Different types of ISO audit
Key elements of an ISO audit
8 free ISO audit templates
If you just want the free ISO audit templates, then here they are:
When you’re building a business, a team, or any kind of system, you need ways to understand how well you’re doing.
You want to be able to look at your performance and set base standards which have to be met, and be able to contrast those standards with an understanding of what best practice looks like.
You want to understand where on that scale of performance you are at.
It’s why we use things like KPIs, OKRs, or other goal/objective driven metrics.
But those metrics, as useful as they are for some things, are often hard to apply to qualitative data.
This is where maturity models can become an incredibly useful tool.
One model we’ll discuss here is the Capability Maturity Model, and the CMMI Institute alone appears to have about +8500 accredited users of this model (interestingly, in 2018 ~80% were pairing it with agile methodologies).
The problem, though, is that maturity models are often shrouded in complex terminology and overly-convoluted systems. How am I supposed to implement one in my business if people can’t understand it?
In this Process Street article, we’ll tear through the jargon and look at:
What is a maturity model?
What are the current limitations of business process maturity models?
Which are the best business process maturity models?
What is a Capability Maturity Model (CMM)?
What is the Agile ISO Maturity Model (AIMM)?
How does Process Street fit in your maturity model?
In today’s business world, owners are constantly grappling with concerns and surmounting obstacles, the least of which is actually staying afloat financially in what can be an unforgiving economy.
However, the struggle to turn a profit pales in comparison to some of the harsher consequences of failing to comply with certain regulatory requirements.
Take HRIS broker Zenefits for example. Failure to comply with several licencing regulations issued by the California Department of Insurance landed them a $7million fine.
That’s just the tip of the iceberg; more severe penalties extend to include government bodies compelling you to dissolve your company, and ultimately the endangerment of the lives and well-being of individuals your organization is servicing.
“On a global scale, we are all being asked to do more with less—and for less. At some point soon, the current internal systems will not be able to hold back the deluge, and companies will be faced with a stark decision—consistently improve or perish” – Erik Myhrberg and Joseph Raciti, Practical Field Guide for ISO 13485
Often, these kinds of requirements take the form of the ISO 13485 standard for medical device manufacturers.
In this article, I’ll break down the ISO 13485 standard, from a basic introduction to suggestions and resources for implementing it in your business or organization.
Implementing an EMS, or any of the ISO 14000 standards used to be a confusing and intimidating process.
What’s more, in the past, companies that wanted to conform to and implement standards for environmental and quality management systems would be faced with the task of building out huge, complex manuals, with lengthy processes for changing how each task and procedure in the business was approached.
The result of this kind of EMS implementation would often be a huge, labyrinthine system of paper forms; slow to implement, difficult to navigate, and a nightmare update in tandem with real, changing business needs.
However, things changed with the recent ISO 2015 updates.
Deepwater Horizon – arguably one of the most catastrophic industrial disasters of human history, and the estimated largest marine oil spill in the history of the petroleum industry.
It also happens to be one of the most abysmal failures of quality management by any company, period.
On an otherwise unsuspecting evening of April, 2010, approximately 50 miles off the coast of Louisiana in the Gulf of Mexico, the first in a chain of quality management related failures became glaringly apparent as the emergency response protocols were enforced after an oil leak in the drilling well was discovered.
Not one point of failure, but four. Clearly not an anomaly, this disaster was the result of a series of systematic failures that uncover a dark truth about the reality of cost-cutting and disregard for quality control.
If the United Nations Environment Programme is to be taken seriously, the current generation is the last generation with a realistic chance of kick-starting the processes necessary to halt or reverse the looming global crisis of climate change.
“We are clearly the last generation that can change the course of climate change, but we are also the first generation with its consequences,” Kristalina Georgieva, the CEO of the World Bank.
ISO 9001 is an international standard for defining a quality management system (QMS). It outlines various criteria (or standards) to define quality management principles such as focusing on the customer, optimizing leadership and management within the organization, improving and fine-tuning internal processes, and general methods of continuous improvement.
Let’s break down each of the components of and ISO 9001 certification.