Implementing a Risk-Based Management System Using the ISO 9001 and ISO 31000

Presenter: Dr. Marc Siegel, Director, Global Security and Resilience Projects, San Diego State

Keywords: Risk Management, Integrated Management System, Quality

Industry: Service

Level: Intermediate

ABSTRACT

The continuing proliferation of ISO management system standards has created a burden on many organizations and their supply chains. Is it best to create a single management system framework, compatible with all ISO management system standards, or build systems based on individual standards? This presentation focuses on a case-study of Pathfinder-SMS’s (Pakistan) approach to building a risk-based management system framework using the ISO 31000 as the common denominator for integrating management system standards into a single holistic framework using the ISO 9001:2015. Pathfinder-SMS increased their overall business management efficiency while successfully implementing an integrated management system to achieve simultaneous accredited certification to the ISO 9001, ISO 18788, and ANSI/ASIS.PSC.1 for the past three years with no nonconformances. The framework also allowed seamless integration of elements of the ISO standards for occupational health and safety, business continuity, supply chain security, information security, and social responsibility into Pathfinder-SMS’s overall management system. Pathfinder-SMS emphasized a cultural change throughout the organization where every individual understands how to identify and manage risks associated with their day-to-day activities. Combining the risk-thinking aspects of the ISO 9001 with the risk management process of the ISO 31000 created a framework with the flexibility to manage a range of risks and improve overall organizational management.