Capita Total Document Solutions (CTDS) offer everything from simple archive storage of physical documentation to fully blown outsourced and web based document management solutions. Including an industry leading Electronic Mailroom service.
When David Bellshaw joined CTDS in 2009 as Business Support Manager, the integrated management system in place was very much in its infancy and in need of some redesign.
David was immediately tasked by the CTDS senior management team to build on the foundations of the existing certifications. The company had held certification for ISO 9001 and OHSAS 18001 since 2006 but was struggling with clearing non-conformances.
It also recognised the need to more fully engage with its employees. It had led to a disconnect between the management system and the business. However, there was a strong desire to improve and a clear recognition of the value that the system could potentially offer to the business.
ISO 9001 and OHSAS 18001 had initially been introduced to help ensure the organisation met all relevant legislation and the requirements of its potential and existing clients. At this point while the standards were cited on the same certificate and LRQA undertook a single visit, the two systems were essentially separate.
The first meeting with the LRQA co-ordinating assessor gave David Bellshaw a good opportunity to fully assess the status of the systems, and to discuss a route map for improvement. With commitment from the CTDS Senior Management Team including Diane Aloia (Managing Director) and Anthony Lamb (Operations Director) the introduction of a series of awareness training sessions across the three sites and ongoing support of the LRQA assessment team, it ensured that by the time of the following surveillance visit - just six months later - the system was back on track and beginning to make a difference to the organisation.
A significant part of the improvement process was the way in which management review was to encompass both standards as David explains.
“When I came in, the objective that was set was to formalise management reviews and make sure the agenda incorporated the objectives for both ISO 9001 and OHSAS 18001. I then quickly added to the agenda all the review criteria of each of the standards that we had identified as being of potential benefit to the business. This allowed the team to build up a history of discussion, involvement, setting of objectives, looking at conformances and non-conformances, even before certification.
“I had spent my career to date in quality management and I had the in-depth knowledge of the standard to know that I could use ISO 9001 as the foundation stone on which to build these additional standards. It made sense to integrate from the outset. A new system isn’t an island; it cannot operate as a silo. We introduce new systems to support our business and for sound commercial reasons.
“This is the model that I use and it has worked well for our business. Within two years our management system has incorporated certification to three new standards: ISO 27001, BS 25999 and ISO 14001.”
Buy-in…key to success
The success of the management system, including the incorporation of three standards into an existing system in less than two years, would not have been possible without the buy-in from all employees.
Senior management had been quick to accept change to the management review process, and prepared to fully commit to invest in training and supporting the on-going cost of the certification programme.
Likewise it was necessary to get support from the core team, those employees engaged in the day to day operation of the business. The approach here saw David visiting each of the company’s three sites and presenting a series of awareness training workshops to discuss management systems and why they were necessary.
David comments. “Getting buy-in from the people actually doing the job was really important. The message the business wanted to get across was that a management system is about helping and controlling what they do better. The aim was to get all employees to understand how they fitted into the system and that they all had a role to play.
“I left them with a copy of the manual and asked each to go back to work, get a copy of the relevant procedures that belong to their work areas and read through. Did they agree? If not, they were to come back and tell me and jointly would change where appropriate. It has worked. Behaviours have changed. And now it’s seen as business as usual.
“We now have LRQA assessors visit us for five standards twice a year in addition to occasional client visits and our programme of internal audits. It has now become accepted that this is the way we run our business. We operate an open door policy which works well. We frequently have emails back from clients saying they are impressed with our operation and we’ve won business off the back of people coming to do pre-contract visits.”
Benefits of an integrated approach
The first management systems to be added to the core system was the information security management system standard, ISO 27001 in August 2010 at the company’s Darlington site.
By this time, the approach of introducing criteria for management review prior to certification was well established. And the choice of 27001 was a sound one considering the company was in the business of managing data, and had well established security controls in place for assuring data protection. Group Management and the IT Team were instrumental in creating the asset register and controls.
When the organisation decided to pursue certification to ISO 14001, the team had initially struggled with some elements of the environmental standard and a decision was taken by the Senior Management Team for David to take the Lead Auditor Conversion course with LRQA in November 2010. “We had chosen to implement the environmental standard in-house but needed some additional support. I needed a better understanding of how I could apply the standard to what is a fairly straightforward and low-risk business in terms of the environment. I came away not only understanding EMS’s better but was able to apply it more readily by using the templates and tools included within my training pack.”
CTDS gained certification to ISO 14001, together with BS 25999 in May 2011. Today, the company operates an integrated management system for the now five core standards, fully integrated across the common business management activities. All five standards are dealt within a single management review meeting which has been a pivotal part of the journey. Here opportunities for continual improvement can be discussed and agreed, and the same with any non-conformances. Common elements also include internal auditing, a single log for non-conformances, and a team approach for decision-making.
Final word to David who comments: “Our integrated system promotes a team ethos at all levels throughout the business. It encourages us to use the management system to look closely at everything that we do and how we do it, in order to strive to improve across all disciplines of the business. This ranges from customer service right through to keeping a tidy warehouse and IT security through to whether our car parks are salted in winter. The beauty of an IMS is that we are focusing on the business the whole time,” he concludes.
David offers advice from the journey that CTDS have taken in the last few years while developing their integrated management system.
Senior management is key. It is important that they are involved and consulted from the very first step. This may be support and sign-off on initial training for the first management system to be developed and then take that support through the systems planning, creation, implementation, gap analysis, formal certification and beyond to the maintenance and improvement of all subsequent standards. Getting that buy-in is key to the eventual success of the project.
Business awareness training helps to ensure that all stakeholders understand what a management system is and its importance to the business. This harks back to my firm belief that the training that we undertook really paid off. It is vital to get all employees on board and involved from the early stages.
Process ownership. The management system should fit the business and not the other way around. Too many people adhere strictly to the clauses of the standard only to fail to link the system to meet the needs of the business, thereby losing all-important buy-in from employees.
Here at CTDS we use management review as a review of the business and not the management system. Our management system is reviewed by internal and external audits and we can change it where necessary at that point however the output from audit can then be fed into the management review. The focus during management review is on how the business is performing, and helps creates a platform for improvement so keeping the business in tune with the marketplace making it easier to adapt to changes in the commercial landscape.