Management System: Basic checklist to start an implementation

By May 12, 2020 No Comments

* Tayná Delvechio

Based on the principles found in families ISO / IEC 20000, referring to Service Management; ISO / IEC 22301, referring to Business Continuity; and ISO / IEC 27001, referring to Information Security, a Management system is the one composed of planning, guidelines and documentation that guide your organization on the path towards its final goal, guiding people and processes from Top Management to Operational on how to achieve defined goals - In fact, one of the objectives to reach the maturity of a well-structured Management System is the consistent definition of objectives.

THE responsibility of a Management System be it Information Security or Business Continuity, for example, is to carry out continuous critical analyzes to understand possible process failures and work on continuous improvement through pre-defined metrics, based on the PDCA continuous improvement cycle (plan, do, check, act).

Why are the Organizational Context and stakeholders essential to a Management System?

Organizational Context is one of the supporting pillars for the definitions of a Management System (SG), assisting the organization in understanding, evaluating and analyzing its role within the market to which it belongs. In this reflection, it is understood what are the key activities and actions for the SG to follow a continuous and coherent line of activities.

It is from its definitions that the company begins to understand internal and external issues essential for its functioning - Using as support, often matrices of the type SWOT (Strengths/Forces, Weaknesses/ Weaknesses, Opportunities/ Opportunities and Threats/ Threats) and Business Model Canvas.

In the midst of these definitions, we understand what are the important roles for the functioning of the defined activities, whether strategic or operational, internal and external (suppliers). With that, we foster definitions of interested parts within the understanding of essential direct and indirect participations within the Management system.

Now we can understand the effects of a well-structured organizational context and well-defined stakeholders within a Management System

Management system it is only effective if implemented based on real reasons, and for that you need a thorough understanding of your business.

Understand the Organizational Context of your company is to understand what your main objectives are within the corporate world and your principles within it - It is necessary to assert yourself in the right direction in an assertive way. Understand which products and / or services are produced and offered to which types of customers, understand the target audience of your actions that make your development strategies more assertive.

Basically, the creation of these structures is simple and efficient if performed in an assertive way. For this reason I prepared a check list basic guidance material relevant to the first steps of this activity:

  1. What is the role of my organization? - Identify main products and activities;

      2. What affects my organization? - Identify and analyze relevant internal and external factors, both positively and negatively for the development of my products and services;

     3. Documented processes? Fundamental step! - Document through policies, standards, procedures and work instructions the crucial points for the Management system only needs annual review and maintenance;

    4. How do I achieve my goals? - When identifying strengths and weaknesses (Matrix SWOT/Business Model Canvas), work continuously (PDCA) in search of improvement of activities and offer of products;

   5. Does your company perform risk analysis? - A good analysis of the risks to processes and services makes it possible to improve the quality of activities;

   6. Is stakeholder participation important? - Yes! The more stakeholders, especially senior management, are involved in the processes, the more support and flexibility the processes can adhere to.

THE [SAFEWAY] can assist your company in implementing a Management system consistent. Want to know more about the implementation and maintenance of Management Systems related to standards ISO / IEC 20000, ISO / IEC 22301 and ISO / IEC 27001? Contact us and one of our specialists will contact you to clarify your doubts.

* Tayná Delvechio is GRC and Information Security Consultant at [SAFEWAY]