Framework to Integrate ISO Standards and Non-ISO Standards

Reviewing confidential files, training records, human resources files

Q: I have a few questions about integrating standards for one of the experts:

1) Will registrars (in addition to BSI, who wrote it) accept a documented quality management system organized around the framework suggested in PAS 99:2006 – Specification of common management system requirements as a framework for integration, given there is adequate audit evidence that the requirements of both of the integrated standards have been addressed and have been implemented?

2) Is PAS 99 only for ISO-related standards, e.g.,  ISO 9001:2008 Quality management systems–Requirements and  ISO 14001-2004: Environmental management systems – Requirements with guidance for use, or can other combinations be made – e.g., ISO 9001 and American Institute of Steel Construction-Bridge and Highway AISCQC028?

AISCQC028 is not an ISO or ISO sector-specific standard, although the framework and structure is very similar. The AISC has its own certification body (registrar) and would insist that their auditors conduct a certification audit even though an organization has been previously ISO registered. AISC does not object to an integrated system that integrates/combines ISO 9001 with one of their certification standards as long as AISC certification requirements have been addressed.

The integration of ISO 9001 and 14001 is becoming common place and I’m fairly certain that PAS 99 is an acceptable format in those cases. I’m more interested in other industry standards and requirements not generally considered ISO-related that are being demanded by certain customer segments and integrating them in a system that must also be acceptable to ISO registrars because of other customer segments who are demanding ISO registration by their suppliers.

A: This is an excellent, and timely, question.

More and more organizations are developing integrated management systems based on multiple specification standards – such as ISO 9001, ISO 14001 and OHSAS 18001.   In addition, there are more and more management system standards being developed.  This includes both ISO standards and non-ISO standards – such as OHSAS 18001, Responsible Recycling (R2) and, based on your question, AISCQC028.

It is not even clear how many different management system specification standards there are. What one individual considers a guidance document; someone else insists is a specification standard suitable for certification.

So when you are developing documentation for an integrated management system, how should it be organized?

There are several options:

•    One option is to choose one of the standards as the primary high-level structure – say, ISO 9001:2008 – and address the requirements of the other standards within that structure.

•    PAS 99:2006 offers a different option for a high-level framework for organizing the management system documentation for an integrated management system.  (As you correctly point out in your question, PAS 99 cannot be used as a replacement specification standard for any of the discipline-specific management system standards.)

•    Another option is to establish a high-level structure that makes sense for your organization.

There is no required framework for organizing management system documentation.  You can use whichever overall structure and numbering scheme works for your organization.

ISO has recognized that having different high-level structures for its various management system standards may be problematic for organizations that are implementing integrated management systems that are intended to meet the requirements of multiple specification standards.  As a result, in February 2012, the ISO Technical Management Board (TMB) approved a guide for ISO standard writers that specifies a common structure and definitions to be used for all new and future revisions of ISO management system standards.  This was circulated as ISO Guide 83. This action by ISO highlights the primary issue with using PAS 99:2006.  It is out-of-date.

First, the normative references listed in PAS 99:2006 are not the current versions for some of the standards (notably ISO 9001 and OHSAS 18001).  Second, the high-level structure set out in PAS 99:2006 is not consistent with the common structure recently approved by ISO.

The key to establishing an integrated management is NOT the use of a particular organizing framework or high-level structure.  How you organize your management system documentation needs to fit the needs of your organization – not the desires of a particular registration auditor.

What is important is being able to clearly explain how your management system meets the requirements of each of the specification standards to which you want to become certified.  This requires clearly written documentation that defines the links to the requirements you are addressing within your management system.  It may also require discussion with your registrar and/or the use of reference tables – similar to those set out in the Annexes of ISO 9001, ISO 14001, OHSAS 18001 – and PAS 99:2006.

Thea Dunmire, JD, CIH, CSP
ENLAR Compliance Services, Inc.
Thea’s Blogs: