Addressing Changes to Management Systems due to COVID-19
Organizations are navigating internal and external issues as they operate during shelter-in-place orders.
The new reality of potential virus issues presents a wide range of challenges from crisis response to cyber threats. Customer requirements and disruptions in supply chains further add to the complexity of managing efficient products manufacturing, assembly, and service delivery activities.
Determining who will be responsible and accountable for an organization’s certified management system(s) during this time is extremely important. The reduction of resources may directly impact an organization’s certified management system and therefore remote work is a go-to for many organizations as they aim to ensure that customer communications, project management, purchasing, product delivery and customer service remain effective during the COVID-19 crisis.
Many certifying bodies responses to management system certification expiration is remote assessments. Certifying bodies are required to justify any certification expiry extension during this time (per direction from the IAF, IATF, IAQG and other accreditation bodies including ANAB/ANSI and UKAS) and are therefore conducting these remote assessments in line with MD-22 and ISO 17021 requirements.
There are several common areas of weakness and discrepancies being identified during these remote assessments. The most common issues include organizational failure to reassign roles and responsibilities for maintaining the implemented management system, failure to ensure access to relevant documented information to support the external assessment process and customer needs and failure to implement controls to ensure process changes are effectively analyzed with appropriate actions implemented, monitored and measured.
As organizations are caught “flat footed” during this time, certification bodies are focusing their efforts to define and implement methods for ensuring remote assessments meet the requirements of the accreditation bodies and oversight committees.
As organizations implement change, it is imperative that they analyze the environment in which they are currently operating, conduct a re-assessment of contextual risks and opportunities and, incorporate the results into the business strategies.
The following changes to the organization’s management system should be considered with evidence to support the organization addressing:
- Changes in Responsibilities and Authorities – Top Management, Process Owners, Process Managers, Management Representatives including technical skills and knowledge.
- Changes in Context of the Organization boundaries and structures including internal and external issues relative to such factors as new processes to product, COVID 19 related products and/or services, revised processes and activities to comply with social distancing requirements, change in technology methods to accommodate remote work and communications.
- Changes to interested party needs, expectations and requirements including shareholders, management, government, regulatory, supply chain, employee, union, certifying and accreditation bodies, and insurance agency requirements posing additional risks to the organization.
- Increased risk analysis results based on, at minimal, the impacts of the COVID-19 related changes to the organization’s management system, process, products, and services.
- Changes in technology resource needs (software, hardware, methods) including addressing confidentiality and cyber security issues.
Considerations to the degree of change may include:
- Type — The nature of change to be implemented (i.e., process, program, technology, product, service, strategy).
- Scope — Boundary and applicability taking into account the current state to changed state. Elements related to current jobs or work experiences to be modified. Additional knowledge or skills required.
- Scale — Impacts of change to shareholders, personnel, customers, supply chain, products, services, processes, policies, and programs. The extent of the change – local to global.
Organizations should update their associated risk documents (register, matrix, etc.,) as evidence of continued management system conformance.
Daetec Group is positioned to provide organizations with risk and system evaluations, management system updates, training, and auditing services.
Reach out to us for more information about the services available during this challenging crisis to ensure the effectiveness and conformance of your organization’s management system.
Contact us at Support@daetecgroup.com for more information.
About the Author
Deborah Piatt is the Managing Director and Sr. Consultant at Daetec Group, LLC. and is an internationally recognized trainer, coach, consultant and certifying body Lead Assessor. Deborah holds numerous certifications as a Lead Assessor for ISO 9001:2015, ISO 14001:2015, IATF 16949:2016, AS9100D:2016, ISO 17025:2017, ISO 45001:2018, and ISO 27001:2013 management systems.
As Adjunct Instructor for Schoolcraft College and Training Developer/Instructor for Elcometer Education Institute, Deborah brings her industry experience and expertise to the classroom and to the boardroom.
You can contact Deborah at: firstname.lastname@example.org.