Management for Professionals

The Springer series Management for Professionals comprises high-level businessand management books for executives. The authors are experienced businessprofessionals and renowned professors who combine scientific background, bestpractice, and entrepreneurial vision to provide powerful insights into how toachieve business excellence.

More information about this series at http://www.springer.com/series/10101

Herfried Kohl

Standards for ManagementSystemsA Comprehensive Guide to Content,Implementation Tools, and CertificationSchemes

123

Herfried KohlErlangen, Germany

ISSN 2192-8096 ISSN 2192-810X (electronic)Management for ProfessionalsISBN 978-3-030-35831-0 ISBN 978-3-030-35832-7 (eBook)https://doi.org/10.1007/978-3-030-35832-7

© Springer Nature Switzerland AG 2020This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or partof the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations,recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmissionor information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilarmethodology now known or hereafter developed.The use of general descriptive names, registered names, trademarks, service marks, etc. in thispublication does not imply, even in the absence of a specific statement, that such names are exempt fromthe relevant protective laws and regulations and therefore free for general use.The publisher, the authors and the editors are safe to assume that the advice and information in thisbook are believed to be true and accurate at the date of publication. Neither the publisher nor theauthors or the editors give a warranty, expressed or implied, with respect to the material containedherein or for any errors or omissions that may have been made. The publisher remains neutral with regardto jurisdictional claims in published maps and institutional affiliations.

Cover illustration: © Kenishirotie/stock.adobe.com

This Springer imprint is published by the registered company Springer Nature Switzerland AGThe registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland

To M., who’s always around.

Preface

This book is written for serious readers looking for a straightforward introduction tothe topics mentioned in the title. Presenting the material, I employ a down-to-earthapproach, however, without trivializing things.

Standards for management systems and their respective certification schemesstarted to conquer organizations more than 25 years ago. At that time, they focusedprimarily on quality management issues. Over the years, their scopes substantiallybroadened, covering now almost all aspects of a modern management system:quality, environment, energy efficiency, information security, occupational healthand safety, anti-bribery, social responsibility and more.

Today most organizations—in what industry ever—find themselves pushed bycustomer requirements to pass successfully one or the other certification of theirmanagement system. Quality management is mainstream now. Depending on inwhat industry you are, other schemes may be a must.

Fortunately, in the course of time the building principles for management systemstandards converged to a widely accepted set of basic ingredients: processes,risk-based thinking, continual improvement, commitment of top management andmanagement by fact. This simplifies things and opens the way to design integratedmanagement systems much easier and tailor them according to the individual needsof an organization.

This book spans a relatively wide spectrum of topics. I’ll give an overview aboutthe content and meaning of almost all currently existing standards for managementsystems one by one and discuss their interrelationships and interfaces. I always havea reader in mind who may easily get lost and discouraged sitting in front of a pile ofstandards being written in an abstract language. Trying to find an easy path throughthe stuff, some guidance may be welcome. I hope, to offer it.

Why this book on management system standards and what distinguishes it fromothers? The main aspects include:

• There are books out there on one or the other of the standards treated here.However, mostly they cover only single aspects like quality or environmentalmanagement and shed little or no light on the others. This approach seems to be

vii

outdated now, as an organization usually must target several aspects of itsmanagement system simultaneously.

• Most importantly, many of the management system standards have beenupdated very recently and some others are brand new. There’s little or noupdated literature available yet, and some of the new standards haven’t beendealt in a book like this yet.

• Writing this book, my philosophy was simple: Helping the reader to get amaximum of information out of one single volume and save him or her fromcollecting it from a variety of sources.

• Management system standards define requirements for management systems.A few of these standards also include guidance material that may help theorganization to better understand the intentions of the respective standard.However, in practice this will not suffice to establish and implement a man-agement system complying with the respective standard and being beneficial foryour organization. Instead, you should have a set of field-proved tools at yourdisposal that you may employ to get your daily issues done. With this in mind, Iadded an extensive chapter on the most important of these tools. They will, forexample, be indispensable when you have to:

– Lead teams and organize improvement processes;– Analyze and improve the performance of processes;– Collect and analyze data;– Identify and manage risks;– Document processes and other issues of a management system;– Organize trainings for staff;– Evaluate the performance of subcontractors and suppliers;– Audit your management system;– Review your management system.

• Certification schemes for management systems, processes and products play animportant role in local and global economies. In many cases, certificates forspecific modules of the organization’s management system may be a prereq-uisite to become accepted by customers and other members of the supply chains.Managers and employees should, therefore, know enough about the content andrequirements of certification schemes.

• For many potential readers of the book, it is important to have a soundunderstanding of the TIC industry (TIC = Testing, Inspection and Certification),its rules and challenges, especially if you consider working in that industry oryou already do. Therefore, I include a chapter on topics like accreditation andthe international landscape of accreditation and certification organizations.

• Internal and external audits play an important role when dealing with man-agement systems and their certification. For that reason, there’s a chapterexplaining the principles of planning, conducting and following up audits.

• Some potential readers may be scared and find it even disgusting to see someformulas and mathematical stuff here and there in the book. I am aware thatmath isn’t everybody’s passion. Keep in mind, however, that quality manage-ment and quality assurance were from their very beginnings based on the

viii Preface

application of mathematical statistics and other mathematical methods. If youwant to dive deeper into some topics of management systems, the applicationof these methods cannot be avoided.

Examples include: Reliability theory, testing of hypotheses, linear and non-linear regression, estimation of parameters, confidence intervals, fault treeanalysis and others. Not everybody working in the field needs these things, andthose who don’t may neglect them. Be aware, however, that most of these thingsare accessible with standard college algebra and calculus. Chapter 9 is intendedto serve as a refresher.

The style of the book is straight to the point, avoiding talkativeness. Wherever itseems reasonable and makes things easier to understand, I use simple graphicalillustrations. Often, a lengthy verbal discussionmay be boiled down to a simple picture.

No special prerequisites are needed to read this book. It may be used by anyoneinterested in the matter, but I’ve three groups of readers especially in my mind:

• Practitioners at all levels;• Auditors who are involved in internal and external audits of management sys-

tems and• Students who want to get an overview about this important topic.

Beyond these obvious target groups, I also address general readers. Sometimes,we are not sufficiently aware how much our daily life decisions get triggered byproduct certificates, quality statements and other certificates and assertions of alltypes. No matter where you go and where you check products and services or surfthe net: Labels and certificates are everywhere. Are they trustworthy? What do theyhave to offer? Are they reliable? Are they just a promotional gimmick? How canthey support you to make rational decisions? To answer these questions, everyoneshould have at least some basic understanding of standards, certification programsand the testing and certification industry. It really helps in daily life!

A final word about how to read this book. Although it has a story to tell, startingwith Chap. 1 and ending with Chap. 8, you may start reading wherever you wantand just pick out those parts which are of immediate interest to you. Forget aboutthe other parts or read them in a second turn. As each chapter starts with a shortabstract, one approach could be to just read some of these abstracts first and thendecide how you would like to proceed and what you’d like to study in detail first.You also may follow the navigation guide on the following pages.

Erlangen, Germany Herfried Kohl

Acknowledgements Working in the TIC industry for over 25 years, I found it exciting to followits developments. At the beginning of this journey, I did work for German accreditation bodies. Atthat time, the accreditation organizations just started to establish their rules and I was lucky to havemet the pioneers who did that. My thanks also go to the many professionals I met over the years invarious industries. I owe a lot to all of them.

Preface ix

What Is in the Book and How to NavigateThrough It

This book is written for those who are after a single introductory source on man-agement system standards and the tools needed to apply those standards in real life.Readers will come from different fields, have different interests and bring individualprerequisites. Therefore, you should choose your individual path through the book.However, some guidance may be helpful. To get an idea what you can find in thebook, check the following word cloud of randomly selected keywords (Fig. 1):

Chapter 1 is a short introduction to the general topic of management systemstandards: Where do they come from and why are they needed? If you are new inthe field, you should have a look at this chapter first.

Chapter 2 offers an introduction to the most important generic managementsystem standards and some standards closely related to them. These include ISO9001, ISO 14001, ISO 17025, ISO 21001, ISO 22301, ISO 27001, ISO 31000, ISO44001, ISO 45001, ISO 50001, ISO 55001, ISO 22316.

These standards are discussed one by one in separate sections. You may pick justthose sections first that discuss the standard you’re most interested in. However, in asecond reading you should go through one after the other section of that chapter, toget a complete picture. Due to the now generally applied “high-level” ISO structure,you’ll find it easier to compare the requirements of each standard with those of theothers.

You should definitely read the section on ISO 9001, as this is considered to bethe “mother” of all management system standards and serves as a model for allothers.

Chapter 3 is on industry-specific standards and certification schemes. It includesan overview about the schemes in the

• Automotive industry;• Aerospace industry;• Railway industry;• Information and telecommunication industry;• Food, agriculture and forestry industry;• Healthcare industry;

xi

• Sustainable event industry;• Supply chain security management;• Facility management.

If you are a newcomer to the field, I would recommend reading at least thesection on ISO 9001 of Chap. 2, before you start with Chap. 3. It depends on yourspecific interests, which of the industry-specific standards you will look throughfirst. Again, all sections of this chapter may be read independently. The chaptercontains guidance to external sources (mostly to the scheme owners and theirmaterial) for those readers, who need to go into the details of the respectiveindustry-specific schemes.

Fig. 1 What is in the book: Word cloud of randomly selected keywords

xii What Is in the Book and How to Navigate Through It

Chapter 4 gives an overview about important standards for compliance,anti-bribery and corporate social responsibility. The standards treated include:

• ISO 19600;• ISO 26000;• ISO 37001.

This chapter also gives a short overview about other corporate social responsi-bility schemes.

Chapter 5 gives a very short discussion of special purpose tailor-made auditschemes and a short look at quality awards.

Chapter 6 is on “how to get things done”. It contains a sketch of theDefine-Measure-Analyze-Improve-Control (DMAIC) approach, which is employedin Six Sigma projects. It may be used very generally as a guidance scheme toorganize implementation and improvement projects in the context of managementsystems. Mainly, however, this chapter includes a long list of practical tools whichmay be employed to analyze and solve issues of very different types. These toolsare presented in alphabetical order and may be absorbed one by one, depending onindividual preferences and needs.

Chapter 7 is on the important topic of audits. Audits may be internal or external.As they are a requirement of each management system standard, I deal with themost important issues related to them in this separate chapter. If you are on the wayto become an internal or external auditor, you may read this chapter separately, tosee what expects you.

Chapter 8 gives an overview about different forms of certification and theconcept of accreditation. The rules behind the certification of management systemsare discussed. You also will learn to understand the importance of accreditation andthe principles how mutual recognition of certificates is achieved globally. A longlist of organizations working in the field of accreditation and related areas isincluded in this chapter.

Chapter 9 is on management system standards that come with requirements formeasurements, quantifications, analysis and statistical methods. This chapter isdesigned to offer you some guidance which mathematical concepts will be crucialfor your practical applications. My suggestion would be to go through and absorbthe material at any time you feel so. It is mainly for reference and also offers somebasic statistical tables (Fig. 2).

What Is in the Book and How to Navigate Through It xiii

Fig. 2 Map of the book

xiv What Is in the Book and How to Navigate Through It

Declaration

If not otherwise stated, all figures and tables in this book have been drawn andcalculated by the author. The Microsoft Office 365 suite and Wolfram Mathematica12 have proved to be more than helpful.

xv

Contents

1 Standards for Management Systems: Overview and MainIngredients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11.1 Does the World Need Management System Standards? . . . . . . . . 1

1.1.1 General Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . 11.1.2 Global Supply Chains . . . . . . . . . . . . . . . . . . . . . . . . . 31.1.3 Robust Processes and Reliable Process Management . . . 41.1.4 Globally Accepted Requirements for Management

Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41.1.5 Genuine Versus Industry-Specific Models for Quality

Management Systems . . . . . . . . . . . . . . . . . . . . . . . . . . 51.1.6 Certification Schemes . . . . . . . . . . . . . . . . . . . . . . . . . . 6

1.2 Where Do All These Management System StandardsCome from? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71.2.1 Why Are Most Management System Standards

Global? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71.2.2 ISO—International Organization for Standardization . . . 71.2.3 National Organizations for Standardization . . . . . . . . . . 81.2.4 The Role of Industry Organizations and Other

Interested Parties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91.3 Processes: Why Are They in the Focus of Management

Systems? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101.4 Risk-Based Thinking: A Cornerstone of Management System

Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151.5 Universal Design: The Architecture of Management System

Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

2 Generic Standards for Management Systems: An Overview . . . . . . . 192.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202.2 ISO 9001—QMS—Quality Management System . . . . . . . . . . . . 21

2.2.1 Introductory Remarks . . . . . . . . . . . . . . . . . . . . . . . . . . 22

xvii

2.2.2 The Principles Behind ISO 9001 . . . . . . . . . . . . . . . . . . 242.2.3 Discussion of the Clauses of ISO 9001 . . . . . . . . . . . . . 272.2.4 Shortened Checklist for ISO 9001 . . . . . . . . . . . . . . . . . 592.2.5 Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . 592.2.6 Examples for Illustrational Purposes . . . . . . . . . . . . . . . 722.2.7 Some Supportive Standards for Quality Management

Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 762.3 ISO 14001—EMS—Environmental Management System . . . . . . 77

2.3.1 Introductory Remarks . . . . . . . . . . . . . . . . . . . . . . . . . . 792.3.2 Discussion of the Clauses of ISO 14001 . . . . . . . . . . . . 812.3.3 Other Important ISO Standards in the ISO

140XX-Series . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 892.3.4 Shortened Checklist for ISO 14001 . . . . . . . . . . . . . . . . 892.3.5 Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . 92

2.4 ISO/IEC 17025—Laboratory Management . . . . . . . . . . . . . . . . . 922.4.1 Introductory Remarks . . . . . . . . . . . . . . . . . . . . . . . . . . 922.4.2 Discussion of the Clauses of ISO 17025 . . . . . . . . . . . . 1012.4.3 Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . 112

2.5 ISO 21001—EOMS—Management Systems for EducationalOrganizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1162.5.1 Introductory Remarks . . . . . . . . . . . . . . . . . . . . . . . . . . 1162.5.2 Discussion of the Clauses of ISO 21001 . . . . . . . . . . . . 1172.5.3 Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . 140

2.6 ISO 22301—BCMS—Business Continuity ManagementSystem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1412.6.1 Introductory Remarks . . . . . . . . . . . . . . . . . . . . . . . . . . 1412.6.2 Discussion of the Clauses of ISO 22301 . . . . . . . . . . . . 1442.6.3 Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . 155

2.7 ISO 27001—ISMS—Information Security ManagementSystem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1562.7.1 Introductory Remarks . . . . . . . . . . . . . . . . . . . . . . . . . . 1562.7.2 Discussion of the Clauses of ISO 27001 . . . . . . . . . . . . 1572.7.3 Frequently Asked Question . . . . . . . . . . . . . . . . . . . . . . 171

2.8 ISO 31000—RM—Risk Management . . . . . . . . . . . . . . . . . . . . 1732.8.1 Introductory Remarks . . . . . . . . . . . . . . . . . . . . . . . . . . 1732.8.2 Discussion of the Clauses of ISO 31000 . . . . . . . . . . . . 1742.8.3 Implementation Hints . . . . . . . . . . . . . . . . . . . . . . . . . . 1822.8.4 Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . 187

2.9 ISO 44001—CBRMS—Collaborative Business RelationshipManagement System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1882.9.1 Introductory Remarks . . . . . . . . . . . . . . . . . . . . . . . . . . 1882.9.2 Discussion of the Clauses of ISO 44001 . . . . . . . . . . . . 1892.9.3 Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . 202

xviii Contents

2.10 ISO 45001—OH&SMS Occupational Health and SafetyManagement System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2032.10.1 Introductory Remarks . . . . . . . . . . . . . . . . . . . . . . . . . . 2032.10.2 Discussion of the Clauses of ISO 45001 . . . . . . . . . . . . 2052.10.3 Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . 218

2.11 ISO 50001—EnMS—Energy Management System . . . . . . . . . . . 2202.11.1 Introductory Remarks . . . . . . . . . . . . . . . . . . . . . . . . . . 2202.11.2 Discussion of the Clauses of ISO 50001 . . . . . . . . . . . . 2212.11.3 Frequently Asked Questions and Implementation

Hints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2312.12 ISO 55001—AMS—Asset Management System . . . . . . . . . . . . . 233

2.12.1 Introductory Remarks . . . . . . . . . . . . . . . . . . . . . . . . . . 2332.12.2 Discussion of the Clauses of ISO 55001 . . . . . . . . . . . . 2352.12.3 Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . 242

2.13 ISO 22316—Organizational Resilience . . . . . . . . . . . . . . . . . . . 2432.14 Finishing This Chapter and Looking Forward to Chap. 3 . . . . . . 248

3 Industry-Specific Standards for Management Systems . . . . . . . . . . . 2513.1 Introduction and Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2513.2 Automotive Industry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2523.3 Aerospace Industry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2593.4 Railway Industry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2603.5 ICT—Information and Communication Technology Industry . . . . 2623.6 Quality Management Schemes for Food Industry

and Agriculture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2673.6.1 General Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . 2673.6.2 ISO 22000—FSMS—Food Safety Management

System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2733.6.3 More Standards for Food Industry and Agriculture . . . . 2853.6.4 Concluding Remarks: Which Scheme to Choose? . . . . . 290

3.7 Forestry and Chain of Custody . . . . . . . . . . . . . . . . . . . . . . . . . 2903.7.1 General Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . 2903.7.2 PEFC and FSC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2913.7.3 ISO 38200: Chain of Custody of Wood

and Wood-Based Products . . . . . . . . . . . . . . . . . . . . . . 2923.8 Healthcare . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294

3.8.1 General Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . 2943.8.2 International ISO Standards for Healthcare . . . . . . . . . . 2943.8.3 The European Standard EN 15224 . . . . . . . . . . . . . . . . 2953.8.4 JCI—Joint Commission International . . . . . . . . . . . . . . 2993.8.5 Case Study: Quality Management Initiatives in German

Healthcare . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303

Contents xix

3.9 ISO 20121—ESMS—Event Sustainability ManagementSystem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3053.9.1 Introduction to the Standard . . . . . . . . . . . . . . . . . . . . . 3053.9.2 Discussion of the Clauses of ISO 20121 . . . . . . . . . . . . 3063.9.3 Example to Illustrate Some Concepts of the ESMS . . . . 3103.9.4 Beyond Event Sustainability . . . . . . . . . . . . . . . . . . . . . 312

3.10 ISO 28000—SCSMS—Supply Chain Security ManagementSystem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313

3.11 ISO 41001—FMS—Facility Management System . . . . . . . . . . . 3193.11.1 Introductory Remarks . . . . . . . . . . . . . . . . . . . . . . . . . . 3193.11.2 Discussion of the Clauses of ISO 41001 . . . . . . . . . . . . 320

3.12 ISO 39001—RTSMS—Road Traffic Safety ManagementSystem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331

References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334

4 Standards for Compliance, Anti-bribery and Corporate SocialResponsibility (CSR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3354.1 Introductory Remarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3354.2 ISO 19600—CMS—Compliance Management System . . . . . . . . 336

4.2.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3364.2.2 Discussion of the Clauses of ISO 19600 . . . . . . . . . . . . 337

4.3 ISO 26000—Guidance on Social Responsibility . . . . . . . . . . . . . 3474.3.1 General Description of ISO 26000 . . . . . . . . . . . . . . . . 3474.3.2 Integrating ISO 26000 into the Organization’s

Management System . . . . . . . . . . . . . . . . . . . . . . . . . . 3514.4 ISO 37001—ABMS—Anti-bribery Management System. . . . . . . 352

4.4.1 Introductory Remarks . . . . . . . . . . . . . . . . . . . . . . . . . . 3524.4.2 Discussion of the Clauses of ISO 37001 . . . . . . . . . . . . 353

4.5 CSR—Corporate Social Responsibility . . . . . . . . . . . . . . . . . . . . 362

5 Special Purpose Audit Schemes and Quality Awards . . . . . . . . . . . . 3655.1 Special Purpose Audits Schemes . . . . . . . . . . . . . . . . . . . . . . . . 3655.2 Quality Awards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368

5.2.1 The Deming Prize . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3695.2.2 MBNQA—Malcolm Baldridge National Quality

Award . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3695.2.3 The Continuum of National Quality Awards . . . . . . . . . 370

6 How to Get Things Done: A Practitioner’s Toolbox . . . . . . . . . . . . . 3736.1 Introduction and Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3736.2 DMAIC: Define-Measure-Analyze-Improve-Control . . . . . . . . . . 375

6.2.1 General Description of the DMAIC Approach . . . . . . . . 3756.2.2 Detailed Steps of the DMAIC Approach . . . . . . . . . . . . 376

6.3 Integrated Management Systems . . . . . . . . . . . . . . . . . . . . . . . . 382

xx Contents

6.4 Tools and Concepts in Alphabetical Order . . . . . . . . . . . . . . . . . 3836.4.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3836.4.2 5S Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3846.4.3 5 Whys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3876.4.4 5W2H—5 Whys and 2 Hows . . . . . . . . . . . . . . . . . . . . 3886.4.5 8D-Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3896.4.6 Acceptance Sampling . . . . . . . . . . . . . . . . . . . . . . . . . . 3926.4.7 Affinity Diagrams . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3996.4.8 ALARP—As Low as Reasonably Practicable . . . . . . . . 4016.4.9 ANOVA—Analysis of Variance . . . . . . . . . . . . . . . . . . 4026.4.10 Balanced Scorecards . . . . . . . . . . . . . . . . . . . . . . . . . . 4096.4.11 Bayesian Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4116.4.12 Bow-Tie Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4126.4.13 Brainstorming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4136.4.14 Brainwriting—6-3-5 Method . . . . . . . . . . . . . . . . . . . . . 4146.4.15 Causal Mapping and Relationship Diagrams . . . . . . . . . 4166.4.16 CBA—Cost Benefit Analysis . . . . . . . . . . . . . . . . . . . . 4186.4.17 Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4196.4.18 Check Sheet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4206.4.19 C&E Matrix—Cause-and-Effect Matrix . . . . . . . . . . . . . 4216.4.20 CIA—Cross-Impact Analysis . . . . . . . . . . . . . . . . . . . . 4226.4.21 Control Charts, Process Capability and Process

Sigma . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4246.4.22 Correlation Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . 4426.4.23 CTQ—Critical to Quality . . . . . . . . . . . . . . . . . . . . . . . 4496.4.24 CVAM—Customer Value Assessment Matrix . . . . . . . . 4536.4.25 Data Collection and Presentation . . . . . . . . . . . . . . . . . . 4546.4.26 Decision Tree Analysis . . . . . . . . . . . . . . . . . . . . . . . . . 4576.4.27 Delphi Technique . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4606.4.28 DOE—Design of Experiments . . . . . . . . . . . . . . . . . . . 4616.4.29 Estimation of Parameters and Confidence Intervals . . . . 4656.4.30 ETA—Event Tree Analysis . . . . . . . . . . . . . . . . . . . . . 4906.4.31 Five Max Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4936.4.32 FMEA—Failure Modes and Effects Analysis . . . . . . . . . 4946.4.33 Force Field Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . 4996.4.34 FTA—Fault Tree Analysis . . . . . . . . . . . . . . . . . . . . . . 5006.4.35 HACCP—Hazard Analysis and Critical

Control Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5056.4.36 Hazard Level Matrix . . . . . . . . . . . . . . . . . . . . . . . . . . 5066.4.37 HAZOP—Hazard and Operability Studies . . . . . . . . . . . 5076.4.38 HRA—Human Reliability Analysis . . . . . . . . . . . . . . . . 5116.4.39 Involvement Matrix . . . . . . . . . . . . . . . . . . . . . . . . . . . 5126.4.40 Interested Parties—Selection Criteria . . . . . . . . . . . . . . . 514

Contents xxi

6.4.41 Interviews . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5146.4.42 Ishikawa Diagrams—Root-Cause Analysis . . . . . . . . . . 5166.4.43 Kaizen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5196.4.44 Kappa Index Calculation and Inter-Rater Agreement . . . 5216.4.45 Markov Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5246.4.46 MEP—Maximum Entropy Principle and Probability

Distributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5286.4.47 Mind-Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5316.4.48 Monte Carlo Simulation . . . . . . . . . . . . . . . . . . . . . . . . 5336.4.49 NGT—Nominal Group Technique . . . . . . . . . . . . . . . . 5406.4.50 Order Statistics and Distribution of Extreme Values . . . . 5426.4.51 Pareto Analysis and Pareto Charts . . . . . . . . . . . . . . . . . 5446.4.52 PDCA: Plan-Do-Check-Act . . . . . . . . . . . . . . . . . . . . . 5476.4.53 PESTLE Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5476.4.54 PHA—Preliminary Hazard Analysis . . . . . . . . . . . . . . . 5486.4.55 PMI—Plus-Minus-Interesting . . . . . . . . . . . . . . . . . . . . 5506.4.56 Poka-Yoke. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5516.4.57 Prioritization Matrix . . . . . . . . . . . . . . . . . . . . . . . . . . . 5526.4.58 Process Flow Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . 5536.4.59 RACI Matrix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5626.4.60 Regression Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . 5646.4.61 Reliability Theory . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5756.4.62 Sampling of Data and Surveys . . . . . . . . . . . . . . . . . . . 5966.4.63 Scenario Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6006.4.64 SIPOC Diagrams . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6026.4.65 Solution Selection Matrix . . . . . . . . . . . . . . . . . . . . . . . 6036.4.66 Stakeholder Profile Matrix . . . . . . . . . . . . . . . . . . . . . . 6066.4.67 Strategy Alignment with Operational Capabilities

and Needs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6076.4.68 SWIFT—Structured What-IF Technique . . . . . . . . . . . . 6086.4.69 SWOT Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6106.4.70 Taguchi Loss Function . . . . . . . . . . . . . . . . . . . . . . . . . 6126.4.71 Teams and Meeting Guidelines . . . . . . . . . . . . . . . . . . . 6136.4.72 Testing of Hypotheses . . . . . . . . . . . . . . . . . . . . . . . . . 6166.4.73 To-Do-List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6436.4.74 Tree Diagrams . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6446.4.75 Visual Management . . . . . . . . . . . . . . . . . . . . . . . . . . . 6466.4.76 VOC—Voice of the Customer . . . . . . . . . . . . . . . . . . . 6476.4.77 VSM—Value Stream Mapping . . . . . . . . . . . . . . . . . . . 6496.4.78 Y = F(X) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 651

Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 652

xxii Contents

7 Auditing the Management System . . . . . . . . . . . . . . . . . . . . . . . . . . 6537.1 Introduction: The Need for Performance Control

and the Role of Audits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6537.2 Audits: A Means to Control the Performance of Management

Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6547.2.1 The Role and Content of ISO 19011:2018 . . . . . . . . . . . 6547.2.2 Auditors: General Requirements . . . . . . . . . . . . . . . . . . 6607.2.3 Audits: General Process . . . . . . . . . . . . . . . . . . . . . . . . 6627.2.4 Determining Audit Time and Some Related Issues . . . . . 664

8 Certification and Accreditation: Types and Rules . . . . . . . . . . . . . . . 6698.1 Why This Chapter? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6698.2 Types of Certification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6708.3 Accreditation: Organizations, Rules and Achievements . . . . . . . . 6718.4 Organizational Requirements for Organizations Certifying

Management Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6748.5 How to Select the Right Certification Body? . . . . . . . . . . . . . . . 688

9 Mathematical Methods and Statistical Tables . . . . . . . . . . . . . . . . . . 6899.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6899.2 Why Logic Is Important . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6909.3 Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 693

9.3.1 Introduction to Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . 6939.3.2 Definition and Basic Properties of Sets . . . . . . . . . . . . . 6939.3.3 Combinatorics and Principles of Counting . . . . . . . . . . . 695

9.4 Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6989.4.1 Numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6989.4.2 Sequences and Limits . . . . . . . . . . . . . . . . . . . . . . . . . . 7019.4.3 Maps and Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . 7029.4.4 Differential Calculus . . . . . . . . . . . . . . . . . . . . . . . . . . . 7049.4.5 Integral Calculus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 708

9.5 Algebra . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7139.5.1 Introductory Remarks on Algebra . . . . . . . . . . . . . . . . . 7139.5.2 Matrices and Vectors . . . . . . . . . . . . . . . . . . . . . . . . . . 7139.5.3 Determinants . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7189.5.4 Derivatives of Matrices and Vectors . . . . . . . . . . . . . . . 7189.5.5 Boolean Algebra . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 720

9.6 Probability and Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7219.6.1 Why Is Probability Theory Important

in Our Context? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7219.6.2 The Intuitive Versus Formal Approach to Probability . . . 7229.6.3 Conditional Probabilities . . . . . . . . . . . . . . . . . . . . . . . . 7249.6.4 Bayes’ Theorem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7269.6.5 Random Variables, Probability Distribution Functions

and Expected Values . . . . . . . . . . . . . . . . . . . . . . . . . . 728

Contents xxiii

9.6.6 Functions of Random Variables and TheirDistributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 732

9.6.7 Approximations of Important Expectation Values . . . . . . 7329.6.8 Inequalities for Probabilities . . . . . . . . . . . . . . . . . . . . . 7349.6.9 Law of Large Numbers . . . . . . . . . . . . . . . . . . . . . . . . 7369.6.10 Characteristic Functions and Moment Generating

Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7379.6.11 CLT—Central Limit Theorem. . . . . . . . . . . . . . . . . . . . 7409.6.12 Important Discrete and Continuous Probability

Distributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7449.7 Statistical Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 772

9.7.1 Quantiles and Percentiles . . . . . . . . . . . . . . . . . . . . . . . 7729.7.2 Description and Usage of the Tables . . . . . . . . . . . . . . . 773

Suggested Further Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 793

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 795

xxiv Contents

About the Author

Dr. Herfried Kohl was born in Czechoslovakia andholds a Ph.D. in theoretical physics from theJ. W. Goethe University of Frankfurt. He has morethan 25 years of practical experience in the auditing andcertification industry, holding several managementpositions in small and global certification bodies forproducts and systems. He is an experienced auditor andwas actively involved in the development of manage-ment system standards, especially in the healthcaresector.

xxv

Abbreviations

ABMS Anti-bribery management systemALARP As low as is reasonably practicableAMS Asset management systemANOVA Analysis of varianceBCMS Business continuity management systemBPM Business process managementBRC British Retail ConsortiumCBA Cost-benefit analysisCBRMS Collaborative business relationship management systemCMS Compliance management systemCoC Chain of custodyCSR Corporate social responsibilityCTQ Critical to qualityCVAM Customer value assessment matrixDMAIC Define-Measure-Analyze-Improve-ControlDOE Design of experimentEMEA Error mode and effect analysisEMS Environmental management systemEnMS Energy management systemEOMS Management system for educational organizationsESMS Event sustainability management systemETA Event tree analysisFMEA Failure mode and effect analysisFMS Facility management systemFSC Forest Stewardship CouncilFSMS Food safety management systemFTA Fault tree analysisGFSI Global Food Safety InitiativeHACCP Hazard analysis and critical control pointsHAZOP Hazard and operability analysis

xxvii

HRA Human reliability analysisIAF International Accreditation ForumIATF International Automotive Task ForceIFS International Featured StandardILAC International Laboratory Accreditation CooperationISMS Information security management systemISO International Organization for StandardizationJCI Joint Commission InternationalLCL Lower control limitLSL Lower specification limitMBNQA Malcolm Baldrige National Quality AwardMSA Measurement system analysisNGT Nominal group techniqueOHSMS Occupational health and safety management systemOSH Occupational safety and healthPDCA Plan-Do-Check-ActPEFC Program for the Endorsement of Forest CertificationPHA Preliminary hazard analysisQMS Quality management systemRM Risk managementRMS Risk management systemRPN Risk priority numberRTSMS Road traffic safety management systemSCSMS Supply chain security management systemsSDCA Standardize-Do-Check-ActSFAIRP So far as is reasonably practicableSIPOC Suppliers, inputs, process, outputsSME Energy management systemSPC Statistical process controlSWIFT Structural What-If TechniqueSWOT Strengths-Weaknesses-Opportunities-ThreatsTIC Testing, Inspection and CertificationUCL Upper control limitUSL Upper specification limitVOC Voice of the customer

xxviii Abbreviations