See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/327515797

Sistemas Integrados de Gestión ISO 9001:2015, ISO 14001:2015, ISO 45001:2018 y

su Importancia en la Gestión Empresarial

Preprint · September 2018

CITATIONS READS

0 17,719

1 author:

Miguel Zuñiga Corbett

Universidad Técnica Federico Santa María
30 PUBLICATIONS 191 CITATIONS

SEE PROFILE

All content following this page was uploaded by Miguel Zuñiga Corbett on 18 November 2018.

The user has requested enhancement of the downloaded file.

Integrated Management Systems ISO 9001:2015, ISO 14001:2015, ISO 45001:2018 and
their Importance in Business Management*

Miguel Zuñiga Corbett, Universidad Tecnológica de Chile INACAP

Summary

This paper presents an analysis of the integration of quality management systems (ISO 9.001:2015,
environment management systems (ISO 14.001:2015) and occupational safety and health management
systems (ISO 45.001:2018), based on the proposed model of the PAS 99 guide and UNE 66.177 standard. It
considers the importance of key management concepts, such as client focus, leadership, people involvement,
process-based approach, improvement, relationship management and also discusses the importance of
incorporating risk-based thinking and the management of environmental aspects and hazards. An integrated
model is presented for application in companies, indicating the advantages of incorporating integrated
management.

Introduction

Management systems have been key for companies to give an excellent response to the demands of today's
market, to the needs of stakeholders, especially the different actors of society and the environment. However,
these same requirements have led to the continuous adaptation of management models. In this way, climate
change, the increase in environmental awareness, the globalization of markets, greater competitiveness,
economic crises and consumer trends with increasingly aware customers are aspects that affect companies
and that they have to face in their daily activities [1].

ISO standards have had relative success worldwide, with ISO 9.001 being the most important, with 1,106,356
certifications in 2016, followed by ISO 14.001 with 346,189 certificates [2]. In Chile, in the same year there
were 4,993 certifications in ISO 9001 (4,936 in ISO 9001:2008[3] and 57 in ISO 9001:2015[4]) and 1,231 in ISO
14001:2004[5] and 9 in ISO 14001:2015 [2, 6], occupying seventh and sixth place in America, respectively.
Other ISO certifications, such as ISO 50.001[7], ISO 27.001[8], ISO 22.000[9] have much lower levels
worldwide. It should be noted that, in 2016, Chile had 49 certifications in ISO 27.001, 17 in ISO 50.001 and 56
in ISO 22.000 [2]. As for OHSAS 18.001[11], there is no clear record of certifications, although world statistics
for 2015 indicated that there were 92,302 certified companies [12].

A company's success will depend on how it integrates its management systems, as these do not operate in
isolation and management systems are increasingly designed to work together. Thus, ISO 45.001 users will be
able to integrate seamlessly with established systems for ISO 9.001 and ISO 14.001 management. Regarding
the integration of ISO management systems, this paper proposes an analysis of the integration of ISO 9001,
ISO 14001 and ISO 45001 through a management model, indicating its importance for organizations wishing
to implement management systems.

Development

A management system is a set of interrelated or interacting elements of an organization to establish policies,

objectives and processes to achieve these objectives (ISO 9000:2015). In addition, a management system may
address a single discipline or several disciplines (e.g., quality, environment, safety and occupational health).
On the other hand, elements of the system include organizational structure, roles and responsibilities
(resources), planning and operation, evaluation, and performance improvement.
Currently, integrated management systems are mainly focused on risk prevention, their objectives depending
on the type of management approach given to them (quality, environment, safety, etc.). A quality
management system aims to provide products and services that ensure and satisfy customer requirements
and, on the other hand, increase customer satisfaction [4]. On the other hand, in an environmental
management system, the objective is to improve its environmental performance through the control of the
environmental aspects of its activities, products and services [6]. In an occupational safety and health
management system, the objective and results are to prevent work-related injuries and deterioration of
health to workers and to provide safe and healthy workplaces [10]. It should be noted that it is critically
important for the organization to also take into consideration compliance with legal requirements and to take
appropriate preventive measures to minimize quality, environmental, and safety/disease risks.

Among the key factors for achieving these objectives, the company must consider leadership and
commitment, organizational culture, communication, consultation and participation of workers, policies in
alignment with strategic objectives, effective processes, continuous performance evaluation and monitoring
of the management system, integration of management in business processes, consideration of risks and
opportunities and as already indicated compliance with legal requirements. Also, before implementing any
management system, it is essential that the organization considers the principles of quality management,
which include customer focus, leadership, people commitment, process-based approach, improvement,
decision-making based on evidence and relationship management. It has been established that the success of
a management system will depend on the leadership, commitment and participation of all levels and functions
of the organization. The main focus of quality management is to meet customer requirements and try to
exceed customer expectations. By considering an integrated management system, this approach can be
expanded to meet the demands of all stakeholders.

With regard to leadership, leaders at all levels establish unity of purpose and direction, and create conditions
in which people are involved in achieving the management system. The high direction must demonstrate its
leadership in the management systems assuming the total responsibility and accountability, assuring that the
policies and objectives are established, making them compatible with the strategic direction of the
organization, integrating the requirements of the management systems in the business processes of the
organization, allocating the necessary resources, communicate the importance of effective management and
the achievement of expected results by leading and supporting people to contribute to effectiveness, ensuring
and promoting continuous improvement, supporting other relevant management roles, developing, leading
and promoting a culture in the organization that supports the expected results of management systems,
among others [4, 6, 10].

The process-based approach promotes the definition of processes and their interactions, being incorporated
in the cycle of continuous improvement PHVA (plan, do, check, act), a methodology that facilitates the
development of management systems integration due to its proven effectiveness approach [4, 6, 10]. The
PHVA approach is an iterative process used by an organization to achieve continuous improvement of the
management system (Figure 1). At the planning phase, the objectives of the system and its processes must be
established, as well as the resources needed to generate and deliver results with customer requirements and
the organization's policies, and to identify and address risks and opportunities. The Do phase implements
what is planned. Verification follows and measures the resulting processes, products and services against the
planned policies, objectives, requirements and activities, and reports the results. Finally, in the act phase,
actions are taken to improve performance where necessary.
 Figure 1. Diagram of the PHVA and its relationship with the requirements of ISO 9.001, ISO 14.001
and ISO 45.001 [4, 6, 10].

Importance of Risk Management based on ISO 31.000

Risk management has been standardized, with ISO 31.000 being the first international standard to provide a
common approach to managing any type of risk [15, 16]. Risk management means that the company must
identify business risks in all areas of management (quality, environment and safety), perform risk analysis and
assessment to determine unacceptable risks and finally treat them appropriately to avoid them, eliminate the
source of risk, reduce them, control them or assume them (Figure 2). In addition, the organization must
adequately communicate risks to the entire organization and consult when workers are required about the
risks they face. Thus, risk management is a fundamental tool of integrated management systems to detect
and prevent potential risk situations that affect the normal functioning of the organization.

Figure 2. Risk management based on ISO 31000:2018 [18].

Analysis of environmental aspects-impacts of ISO 14.001 and risks-hazards of ISO 45.001

The level of detail and complexity of an integrated management system will vary depending on its
environmental aspects and impacts and the hazards and risks associated with an organization's activities,
products and services [6, 10]. The organization must identify them and demonstrate that it can control or
influence them. Figure 3 presents a general scheme for the identification of environmental aspects and
hazards in activities and processes, as they relate to current environmental and occupational safety and health
regulations, and how impacts and risks are evaluated through criteria, in order to finally implement actions or
measures for the control of significant environmental aspects and/or hazards-risks. Finally, it indicates that
compliance with the objectives and integrated management programmes for the environment and
occupational safety and health will have a direct impact on the commitments of the organization's
management policies.

Figure 3. General scheme for identification of environmental aspects and hazards and assessment of
environmental impacts and risks according to ISO 14.001 and ISO 45.001, respectively.

Integrated Management Systems

The UNE 66.177 standard was the first guide for the integration of management systems [13]. This standard
considers the integration of the common elements of management standards, incorporating the analysis of
the context of the organization, the experience of the organization in management systems, the needs and
expectations of customers and other interested parties, the risks of integration for the organization, especially
those associated with legal breaches and what is the best method of integration and associated resources for
its implementation. The standard proposes three integration methods: the basic method that does not require
process expertise and is affordable for any organization; the advanced method that does require process
management expertise; and the expert method that requires extensive process management expertise. Prior
to integration, the company is required to generate an integration plan, where it must answer the following
questions: What are the objectives of integration and what is the context of the organization? What will be
integrated: systems, processes, other aspects? What are the results of the context analysis? What integration
method will be used? What will be the communication plan? Who will be responsible for the integration
project? What activities will be carried out in the program?

In accordance with standard UNE 66.177 [13], among the critical elements in the integration of management
systems must be considered:

a. The identification of the benefits that will be obtained with the integration.

b. The analysis of the context of the organization (risks, limitations, level of maturity in the use of
management systems).

c. The selection of the level of integration that is appropriate to the possibilities of the organization.
 d. The commitment of the high direction and allocation of the necessary resources.

e. The updating of the functional structure, coordination, communication, participation and

commitment of the personnel, redefinition of the processes and associated documented
information.

On the other hand, PAS 99:2012 was generated to be used by those organizations that are implementing the
requirements of two or more management systems [14]. The adoption of this PAS is intended to simplify the
application of multiple system standards and any associated conformity assessment. The structure of PAS 99
has been adapted to the SL Annex published by ISO, which establishes the common structure to be followed
by all management system standards (HLS, high-level structure). The structure is indicated in Figure 4, which
includes the context of organization, leadership, planning, support, operation, performance evaluation and
improvement, which is common to all new management standards [3, 6, 10]. According to Figure 4, the
structure is also associated with the PHVA cycle.

Figure 4. Integrated management structure based on PAS 99.

Each standard has its own specific requirements, but these seven elements will be present in all of them and
can be adopted as the basis for integration. Therefore, PAS 99 uses the same classification as the framework
for common management system requirements. The organizational context identifies the internal and
external elements relevant to the integration, the stakeholders and their requirements for integration, the
scope and limits of the integration and the processes and their interactions to be integrated. Leadership
groups together the commitment of management, policy, objectives, resource allocation and the assignment
of roles, responsibilities and authority. Planning incorporates the process of identifying risks and opportunities
and actions to act on them, as well as setting objectives and planning activities to achieve them. Support
includes staff competence and awareness, communication, documentation and documentation control. The
operation includes the planning and control aspects of the operation. Performance evaluation includes
monitoring, measurement, analysis and evaluation, internal audits and management review. Finally,
improvement includes non-conformities, corrective actions and continuous improvement.

Proposal for an Integrated Management System

Based on the integrated management model of the PAS 99 guide and the ISO 9001:2015, ISO 14.001:2015 and
ISO 45.001:2018 standards, the following integrated management model is proposed, which considers the
normative requirements of the three standards (Figure 5). It starts by considering the determination of the
context of the organization and the stakeholders, both internal and external, and customer requirements as
input to the management system. Scope, policy, leadership and commitment and compliance with legal
requirements are considered to be directly related to the strategic management of the organization. At
another level, internal audits and management review are considered and associated with these requirements
are the management of corrective actions and the continuous improvement of the integrated management
system.

Risk management and process management are considered central elements of the integrated management
system, which are related to planning, operation, operational control and performance tracking,
measurement, analysis and evaluation, as well as processes related to design and development, externally
contracted products/services (external providers, i.e, suppliers and contractors) and emergency preparedness
and response.

At the support level are document management, internal and external communication, resource
management, competencies and awareness, organizational knowledge, participation and consultation, and
change management. This model is finally translated into the documented information required for each level
of the integrated management system.

Figure 5. Integrated management system model based on ISO 9001:2015, ISO 14.001:2015 and ISO
45.001:2018 standards.

Advantages of an integrated management system

Among the advantages of an integrated management system can be cited the significant reduction of
documents, since aspects such as the determination of the context of the organization, identification of
stakeholders, risk analysis, scope, policy, definition of resources, operational control, audit processes and
continuous improvement, among other requirements can be considered in an integrated manner.

Audit processes can be better planned, reducing audit times and saving money and resources, while the
integral audit is a more realistic process.
Integration improves the overall level of effectiveness and efficiency of management systems as it reduces
the need to duplicate tasks and resources and allows a better focus on the results of management systems,
i.e. meeting individual objectives.

An integrated system makes it possible to clearly define roles and responsibilities, since the common
objectives pursued by management systems are highlighted.

On the other hand, integration makes it possible to facilitate the continuous improvement of management
systems as a whole.

Conclusions

The new common structure of the ISO management systems allows a total integration of them, allowing
organizations to achieve a better fulfillment of objectives.

Several elements of the new ISO management standards can be fully integrated into a management system,
including integrated determination of the organizational context, stakeholders, scope, processes and their
interactions, risk assessment, allocation of resources, roles, responsibilities and authority, internal and
external operational control processes, internal audit and management review and continuous improvement
process.

Finally, the integration of management systems makes it possible to reduce the information required to meet
the requirements of individual systems.

References

[1] Gasiorowski-Denis, E (2017) Why the future belongs to the norms?. Focus 123:6-13.

[2] ISO (2017) The ISO Survey of Management System Standard Certifications 2016. https://www.iso.org/the-iso-
survey.html

[3] ISO 9001 (2008) Quality management systems - Requirements.

[4] ISO 9001 (2015) Quality management systems - Requirements.

[5] ISO 14001 (2004) Environmental management systems - Requirements with guidance for use.

[6] ISO 14001 (2015) Environmental management systems - Requirements with guidance for use.

[7] ISO 50.001 (2011) Energy management systems – A practical guide for SMEs.

[8] ISO 27.001 (2013) Information technology – Security techniques – Information security management systems –
Requirements.

[9] ISO 22.000 (2005) Food safety management systems – Requirements for any organization in the food chain.

[10] ISO 45.001 (2018) Occupational safety and health management systems - Requirements with guidance for use.

[11] OHSAS 18.001 (2007) Occupational safety and health management system – Requirements.

[12] De La Roca, L. (2017) Gestión de la seguridad y Salud Ocupacional OHSAS 18001:2007 vs ISO 45001:2017.

[13] Norma UNE 66.177. (2005). Sistema de gestión. Guía para la integración de los sistemas de gestión. España: AENOR.
 ISO 31000 (2018)

[14] PAS 99 (2012). Specification of common management system requirements as a framework for integration

[15] Escorial, A & P Pérez- Paradelo (2018) Nuevo marco de gestión de riesgos para las organizaciones. AENOR Revista de
la Normalización y Evaluación de la Conformidad 333:38-41.

[16] ISO 31.000 (2018). Risk management – Guidelines.

View publication stats