Organizations navigate internal and external issues as they operate during shelter-in-place orders. This new reality presents a wide range of challenges from crisis response to cyber threats. Customer requirements and disruptions to supply chains further add to the complexity of efficient products manufacturing, assembly, and service delivery.
Determining who will be responsible and accountable for the certified management system(s) an organization has in place during this time is extremely important. The reduction of resources directly impacts an organization’s certified management system and remote work is the go-to for many organizations as they aim to ensure that customer communications, project management, purchasing, and customer services remain as effective as possible during the COVID-19 crisis.
While many organizations approach certification expiration, some seek extensions. Certifying bodies are required to justify any certification expiry extensions and on-going recommendations for continued certification and accreditations during this time (per direction from the IAF, IATF, IAQG and accreditation bodies including ANAB/ANSI and UKAS).Certifying bodies are currently conducting remote assessments (with guidance from IAF MD:22 and ISO 17021) to achieve these requirements.
There are several common areas of weakness and discrepancies certifying bodies are identifying during these remote assessments. The common identifications include organizational failure to reassign roles and responsibilities for maintaining the implemented management system, failure to ensure access to relevant documented information to support the external assessment process and failure to implement controls to ensure process changes are effectively implemented, monitored and measured.
As organizations are caught “flat footed” during this time, certification bodies focus efforts to define and implement methods to ensure remote assessments meet the requirements of the accreditation bodies and oversight committees, while conducting effective and streamlined assessments.
As organizations implement change, it is imperative that they analyze the environment in which they are currently operating, conduct a re-assessment of contextual risks and opportunities and incorporate the results into the change plan and management strategies.
The following changes to the organization’s management system should be considered with evidence to support the organization addressing:
- Changes in Responsibilities and Authorities – Top Management, Process Owners, Process Managers, Management Representatives including technical skills and knowledge.
- Changes in Context of the Organization boundaries and structures including internal and external issues relative to such factors as new processes to product, COVID 19 related products and/or services, revised processes and activities to comply with social distancing requirements, change in technology methods to accommodate remote work and communications.
- Changes to interested party needs, expectations and requirements including shareholders, management, government, regulatory, supply chain, employee, union, certifying and accreditation bodies, and insurance agency requirements posing additional risks to the organization.
- Changes in risk levels based on, at minimal, the impacts of the COVID-19 related changes to the organization’s management system, process, products, and services.
- Changes in technology needs (software, hardware, methods) including addressing confidentiality and cyber security issues.
Considerations to the degree of change should include:
- Type — The nature of change to be implemented (i.e., process, program, technology, product, service, strategy).
- Scope — Boundary and applicability taking into account the current state to changed state. Elements related to current jobs or work experiences to be modified. Additional knowledge or skills required.
- Scale — Impacts of change to personnel, customers, supply chain, products, services, processes, policies, and programs. The extent of the change – local to global.
Organizations should expect to update their risk document (register, matrix, etc.,) as evidence of continued management system conformance.
Daetec Group is positioned to provide organizations with risk and system evaluations, management system re-structuring, training, and auditing services.
Feel free to reach out to us for more information about the services available during this challenging crisis to ensure the effectiveness and conformance of your organization’s management system.
Contact us at Support@daetecgroup.com for more information.
About the Author
Deborah Piatt is the Managing Director and Sr. Consultant at Daetec Group, LLC. and is an internationally recognized trainer, coach, consultant and certifying body Lead Assessor. Deborah holds numerous certifications as an Exemplar Global Certified Lead Assessor for ISO 9001:2015, ISO 14001:2015, IATF 16949:2016, AS 9100D:2016, ISO 17025:2017, ISO 45001:2018, and ISO 27001:2013 management systems.
As Adjunct Instructor for Schoolcraft College and Training Developer for Elcometer Education Institute, Deborah bring her experience and expertise in various industries to the classroom for Lead Assessors and to the boardroom during consulting projects with her clients.
You can contact Deborah at: firstname.lastname@example.org.