PA088 Systems of Integrated Management

PA088 Systems of Integrated Management [IS MU]

Course summary
During the lectures you go through a number of standardized management systems created by ISO (International Organization for Standardization) and BSI (British Standards Institution):


 * Quality Management Systems (ISO 9000)
 * Environmental Management Systems (ISO 14000)
 * Occupational Health and Safety Management Systems (OHSAS 18000; by BSI)
 * Information Technology Service Management (ISO 20000)
 * Iformation Security Management Systems (ISO 27000)
 * Software Product Quality Requirements and Evaluation Management (ISO 25000)

In 2012, materials and lectures were available in Czech, only. Lecturer: prof. Hřebíček.

Key knowledge
ISO management standards named in the course summary. Since these standards shall be interconnected when implemented in the company, Integrated Management System (IMS) must be created respecting all these implemented standards. Companies implementing a management system or IMS are certified by third-party auditing company.

Management
Definition: Management is a way of achieving objectives through other people.

Functions of management:


 * sequential: plannig, organization, HR, leading, monitoring
 * continuous: analyzing, decisioning, communication

Systematic approach to management:

&lt;upload image&gt;

Goal of management: long-term profit generation/maximization. Usual goals: profit to assets, high added value, high productivity, market success.

Deming's cycle:

&lt;upload image&gt;


 * PLAN: define objectives and processes
 * DO: implement processes
 * CHECK: monitor and measure processes
 * ACT: change goals and processes

Deming's cycle is incorporated in all above management systems to assure their systematic continuous improvement.

ISO 9000, quality management
Latest revision: ISO 9001:2008 (allows better integration with ISO 14000 standards)

Basic idea: It is cheaper and requires less effort to prevent failures than to produce, sort out and throw away scraps.

Definition of quality: "Whatever the customer perceives good quality to be." (Feigenbaum)

ISO 9000 family of standards focuses on process management, including continuous process improvement, with respect to product quality and customer satisfaction.

ISO 14000, environmental management
Basic idea: environmentally sustainable production process.

If ISO 14000 & ISO 9000 IMS is impemented, company certification is performed according to ISO 19011 audit protocol

The family of standards shall help companies change their processes with respect to living environment - reduce pollution of air, water, or land.

OHSAS 18000, occupational health and safety management systems
Standard by BSI.

Compatible with ISO 9001:2000 and ISO 14001:2004. Compatibility shall be assured by revisions whenever ISO 9001 or 14001 are changed.

ISO 20000, IT service management (ITSM)
Best practices described in Information Technology Infrastructure Library (currently ITILv3 edition). ITILv3 underpins ISO 20000:2005.

The family of standards provides a guidance how to organize processes in IT management in IT services companies.

Basic idea: decrease incidents, increase quality of support and accessibility of IT services, increase adaptability of IT services provider

ISO 27000, information security management (ISMS)
Best practice recommendations for information security management, risks and controls. The requirements formulated in ISO 27001:2005 offer systematic approach to implementing, operation, monitoring, maintenance and improvement of risk management of information security. Goal of this system is to actively manage security risks resulting from company processes dependency on information systems and technolgy. Deming's PDCA approach.

ISO 27001 is harmonized with ISO 9001 and ISO 14001.

ISO 25000, software product quality requirements and evaluation management
ISO 25000 shall incorporate yet inconsistent standards of ISO/IEC regarding software product and/or service quality. Six main characteristics of quality: functionality, reliability, usability, efficiency, maintainability, transferability.

Families of standards provided above usually do not fully cover whole areas. Those might be covered by national laws, international or global directives and pacts. In the Czech republic, it is a Czech standards institution (Český normalizační institut) who translate and provide standards (not only) regarding international mstandards.

Integrated management system
To achieve successful management of an organization in the case that more management systems are implemented, all systems must be interconnected - either adopting one system by another (and then integrated), or by adopting integrated system as a whole (know-how of consultancy companies).

Such system and methods that would provide a framework of IMS implementation have not been standardized, yet, but it could be built upon risk management (as incorporated in OHSAS 18000).

IMS shall be maintainted and continuously improved using Deming's approach. Since PDCA cycle is present in all management systems, this cycle can be shared, as well as policy, documentation structure, powers and responsobilities, regular audits etc.

Aspects of various specific management systems combinations can be found; e.g. EMS-OHSAS: toxic materials management in EMS has positive impact on OHSAS by increasing safety, hygiene of work and health of workers (and vice versa).

Resources
Hřebíček, J. - Štefaník, M. Systémy integrovaného managementu. Masarykova univerzita: 2008.

http://en.wikipedia.org/wiki/ISO_9000

http://en.wikipedia.org/wiki/ISO_14000

http://en.wikipedia.org/wiki/ISO_20000

http://en.wikipedia.org/wiki/ISO_27000

http://en.wikipedia.org/wiki/Software_quality