|

ISO Management System Standards vs. Conformity Assessment Standards (Part 2)

Metallic purple boxes and light representing the structure of ISO management system and conformity assessment standards.

In Part 1 of this blog post series, some general similarities of ISO management system standards and ISO CASCO standards were noted. A more detailed look at these two types of standards will show that ISO CASCO standards are not a type of management system standard.

ISO Harmonized Structure (HS) and Shared Management System Requirements

ISO management system standards share a common structure called the Harmonized Structure (HS) as described in ISO Directives Part 1 Annex SL. Adherence to Annex SL throughout ISO means not only are ISO management system standards structured the same way, but they even share some common identical requirements, regardless of the domain (e.g., quality, impact on the environment, occupational health and safety) the management system standard addresses.

For example, all ISO management system standards require an organization to consider its context (external and internal issues that affect achievement of results), understand the needs and expectations of interested parties relevant to the management system, and determine risks and opportunities related to achieving results. All this planning activity feeds the organization’s decisions about the objectives to achieve.

The key here is that the management system standard sets requirements for how an organization chooses the objectives to achieve. The organization, not the management system standard, makes the choice of objectives to be achieved.

Fulfillment of ISO CASCO Standards

This is a major difference between ISO management system standards and ISO CASCO standards. ISO CASCO standards directly set requirements for conformity assessment and accreditation bodies to fulfill. The bodies do not consider context, understand needs, or determine risks and opportunities to decide objectives to achieve or requirements to fulfill. Rather, a body either commits to fulfilling a CASCO standard or it doesn’t. Once that commitment is made, the CASCO standard makes no provisions for the body to decide which requirements are invoked and which are not. When fulfillment of ISO CASCO standards is demanded, there is no expectation that bodies will choose which requirements in the standard are necessary to achieve the body’s objectives.

ISO CASCO standards are specifically not competence, impartiality, and consistency management system standards. ISO CASCO standards do not follow the Harmonized Structure, do not use ISO management system terminology, and are not included in ISO’s posted list of management system standards.

Plan-Do-Check-Act (PDCA) Cycle in Management System Standards

The difference related to choosing objectives is one aspect of a broader difference between ISO management system standards and ISO CASCO standards. Specifically, the Harmonized Structure reflects the well-known Plan-Do-Check-Act (PDCA) cycle. ISO 9001, for example, shows how the clauses in the Harmonized Structure can be grouped in relation to the PDCA cycle. Considering context, understanding needs and expectations, and determining risks and opportunities relate to the Plan portion of the PDCA cycle in ISO management system standards.

However, while the clauses in an ISO CASCO standard can also be grouped in relation to a cycle, the cycle must be somewhat different since ISO CASCO standards do not permit or require the type of “Plan” activities required by ISO management system standards. Instead, in this part of the cycle a commitment is made by the body to fulfill the requirements specified in the ISO CASCO standard. The body is not required, nor even permitted, to perform planning to decide the objectives it will achieve or the requirements it will choose to fulfill.

Commit-Implement-Do-Check (ColDCh) Cycle in ISO CASCO Standards

When the remainder of the clauses in ISO CASCO standards are reviewed in detail, the cycle in which they can be grouped is more accurately described as the Commit-Implement-Do-Check (CoIDCh) cycle.

A conformity assessment or accreditation body proactively decides or commits to fulfilling an ISO CASCO standard (Co). The body creates or identifies and implements or reinforces processes, procedures, responsibilities, information, etc., that fulfill the requirements in the ISO CASCO standard (I). The body then operates, or does, conformity assessment activities in accordance with those processes, procedures, and responsibilities and generates the required information (D). The body checks itself for fulfillment, identifies nonconformities and considers the root causes (Ch). 

At this point, the body can choose to no longer fulfill the ISO CASCO standard. However, if it chooses to continue to fulfill the standard (a proactive decision), it commits to developing and implementing a corrective action to reestablish fulfillment (Co), and the cycle restarts. The body then develops and implements changes to achieve fulfillment of the standard and thus resolve the nonconformity (I). The body performs conformity assessment in accordance with both the changed (as a result of corrective action) and unchanged (those confirmed as conforming) processes, procedures, responsibilities and generates required information (D). The next check of fulfillment (Ch) includes but is not limited to checks of fulfillment impacted by corrective actions.

This same cycle is applicable even if no nonconformities are identified.  A body can decide whether to continue to fulfill the ISO CASCO standard (and continue the cycle) whether nonconformities are identified or not.  This choice can also be made anytime change impacts the fulfillment of the ISO CASCO standard.

PCDA vs ColDCh Cycles

The difference between the PDCA and CoIDCh cycles is most apparent when each is visualized.  The PDCA cycle is commonly visualized as an upward spiral of the cycle repeating itself as an indication that continuous improvement is the overall result of fulfilling an ISO management system standard.  However, the CoIDCh cycle is flat, or 2-dimensional.  The objective is not improvement but fulfillment.  In other words, if a conformity assessment body or accreditation body achieves consistent fulfillment, and nothing changes to impact fulfillment, then there is no need for change, including no need for improvement of fulfillment.

This point is illustrated by a hypothetical example of a very small certification body which has no parent, sister, or daughter legal entities.  It has processes, procedures, responsibilities and generates required information that consistently fulfills ISO CASCO impartiality requirements.  Per the CoIDCh cycle, if the requirements do not change and nothing in the body changes there is no need for “improvement” in the fulfillment of the impartiality requirements.  The CoIDCh cycle is flat, maintains fulfillment and is not an upward spiral of improvement per se.

ISO Management System Standards vs ISO CASCO Standards

While there are similarities between ISO management system standards and ISO CASCO standards, they are intended to drive very different types of results; one is not the type of another.

In Part 3, the differences in ISO management system standards and ISO CASCO standards will be shown by their adoption by a hypothetical testing laboratory. This example will show the similarities between the two types of standards in a new light.

Read the Other Blog Posts in this Series:

ISO Management System Standards vs. Conformity Assessment Standards (Part 1)

ISO Management System Standards vs. Conformity Assessment Standards (Part 3)

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.