I've been very privileged to have been involved in the development of a new standard, PAS 7 for Fire Safety Management, and recently led a workshop training auditors in the skills they would need to effectively audit the standard.

PAS7 seeks to provide a defined structure for the management of fire safety and is already raising interest amongst housing agencies, universities and other providers of accommodation.  Taking the principles of other management system standards, primarily 9001, on board the standard encourages landlords and organisations to take a risk based approach to their management of fire safety, looking at how they make their provisions, how they define what those provisions should be and how they assure themselves that what is in place is not only working but is suitable and sufficient.  

The standard will shortly go out for 'trial' and a small group of companies will take forward the 3rd party testing of certification against the standard, and I will be very interested to see how this testing stage goes, and to be involved as the standard rolls out across the UK.  I suspect there is going to be high demand for it!

​We are fast approaching the first birthday for our ‘new’ versions of ISO9001 and ISO14001 and the time really has flown by.  In the last year I’ve worked with a number of key clients to help them transition to the new versions and also undertaken transition audits for 3rd party certification bodies against the enhanced requirements.
 
I use the word ‘enhanced’ with purpose.  So much of what was there before is till there now, but some aspects have been given more ‘clout’ and there are other aspects which are completely new.  The standard is therefore a meld, or mixture of the old and the new and, in my view, it does that mix very well indeed.
 
I ran a Lead Auditor programme in November last year, having spent the previous 4 weeks working with a client who was determined to be the first in their industry to achieve certification to ISO9001:2015, and whilst the comments made above hold true the combination of the work with the client and the return to the 2008 standard for the LA programme made me realize that there are other very key differences to the approach needed and the way the various clauses work together.
 
ISO9001:2008 was, in many ways (or so it seems to me) a linear standard.  You moved from clause to clause on a journey.  It was in many ways like a rail line, you start at A and end at B.  The tracks of the standard kept you secure in your direction and path.  From documentation to management commitment, to resources and on to product realization, finally considering measurement, analysis and of course improvement.  Classic Deming cycle stuff. 
 
The ‘new standard’ is different.  It is much more cyclical in structure.  Clauses link to the one before and the one after but also to one 3 stations down the line and 2 stations back. . . .  Nothing automatically follows, nothing automatically precedes.  I liken this to a toy my daughter had as a baby.  It was called a Squish and was a series of wooden blocks and beads joined together by elastic. You could bend it, pull it, change it’s shape but everything linked to everything else no matter what you did to it.  This is what I see as I work – either as a practitioner or an auditor – with the standard.
 
Take a recent gap analysis client as an example.  A mind bogglingly good strategy document had been developed setting objectives and targets for the next 5 years.  It provided really measurable objectives and goals, and was couched in such terms that anyone in the business could understand what was to be achieved and who was involved. In that one document we ticked off aspects of risk and opportunity, context, needs and expectations of interested parties, communication, objectives, resourcing.  I could see clear buy in from the management team, not just the Directors.  Documented information was available in quantity – from minutes of strategic development reviews to the monthly SMT meetings.  The agenda for the company wide staff conference showed the strategy document being the start point for a whole day of discussions.  I then looked a their policy statement and the multi-colour so visible in the their strategy and objectives paled to shades of grey in terms of it’s punch and vibrancy.  
I drew the policy to the attention of the Directors and asked them how they felt it sat with the rest of the documentation they’d shown me to date.  Not surprisingly they were very quick to take it away, review it and 2 weeks later produced a much more aligned and appropriately punchy document at their transition audit.   In short in it’s original form it simply didn’t align with or support the rest of the system.    It was a block which wasn’t tied into the other aspects of the system.
 
Having talked about the strategy at some length I was left with some very clear trails to follow up as we progressed through the transition audit.  Clearly the expansion of the business into new geographical areas would require additional resources and organisational knowledge – and what risks/opportunities would this present?  What plans did the management team have to allow them to support new offices some miles away without losing touch with the core business staff at HQ?  What consideration had been given to the needs and expectations of the existing customer base and the new customer base and how were they planning to achieve both?  The client was, in this case, well able to answer all the questions put to them.  They’d undertaken significant amounts of work in terms of SWOT and PEST analysis and were incredibly aligned and focused in their work.  They could see risk and had planned to mitigate it.  They could see opportunity and had planned to maximize it.  This approach was core to every thing they did – not just so that they could meet ISO9001:2015 but because it made good business sense.  And that’s what so beautiful about this new standard, and why it will help businesses develop and grow and become stronger.
 
Take another company. I visited them to undertake their Surveillance visit earlier this year.  It was a good 8 months post issue of the standard and clearly there needed to be some discussion about their plans for transition.  I waited until we were part way through the audit to raise the issue as the Consultant had asked me to do this ‘because I know nothing about it, we’ve got a half day training session in a couple of months’ but by that time I’d already got significant concerns.  
 
The Consultant used by the business to ‘develop and implement’ their management system appeared to be the only person who had any idea where any of the records which I was asking for could be found.  A simple request for evidence of training received by the Fork Lift Truck driver I’d witnessed working in the factory area was met with a blank stare by the Operations Manager (noted to be the Management Representative for the system) and her assistant.  Cue Consultant, pointing at the computer ‘– click on ‘Resources’ and then click on ‘Matrix’ and then click on ‘Internal Staff’ and it should be there’.   
 
Miraculously it was, showing him having done the training 18 months ago.  But my auditor mind was now racing ahead – if they didn’t know how to find records did they know how to upload them?  I asked to see the records of anyone who had done training in the last year.  Blank looks again, and once again cue Consultant ‘oh I’ll be adding those in when I do my annual visit next month – normally I’d come ahead of your visit but it didn’t work out this year’.    A system owned and used by the business to manage it’s processes?    I think not.  Eventually an envelope folder was found with all manner of records in it, all clearly awaiting upload to the ‘defined’ management system process, said to be entirely IT based.   “We put them in that file and then when X (the Consultant) comes in for her annual visit she scans them all and puts them in the right place in the database’.
 
At the closing meeting we were joined by the MD and the Consultant asked me to ‘explain a bit about the new standard to him’, smiling at him and saying ‘you don’t need to worry about anything, it’s really easy’.  I talked briefly about the new structure, and explained that many of the systems they already had in place to manage their production processes would be unlikely to require much change but that the key changes would be a the ‘front end’, with a requirement to consider strategy and risk, needs and expectations of interested parties’ and that this would inevitably mean that I’d need to spend time with him when they transitioned. 
 
The look of sheer horror on his face said it all.  Here was a guy who had a system which gave him a tick in a box and a certificate on the wall.  Once a year a Consultant turned up and ‘made everything ok for the audit’ and now he was going to be expected to actually talk with the auditor and discuss things like strategy?  And understand his system and what it did for the business? 
 
The consultant was quick to re-assure him.  ‘Don’t worry, I’ve got a little matrix which we will fill in which will cover it all and you’ll be able to leave it to me to talk the auditor through it all when we’ve done it.  Set an hour aside when I come in next month and we can get it done then over a cup of coffee.’ 
 
It will be an interesting revisit I am sure – by that time the Consultant should have received her half day training and everything should be so very much clearer!!  I feel so very sorry for some of the folk out there, who are led such a pointless dance by consultants – and hope that this new standard and the emphasis on strategy and leadership which it brings with it will see some of these frankly worthless systems disappearing.