CC BY
85THE PCDA CYCLE - THE MASTER KEY TO UNLOCKING THE SECRETS OF ISO
MANAGEMENT SYSTEM STANDARDS
TZVETELIN KIRILOV GUEORGUIEV
Lecturer at the University of Ruse "Angel Kanchev", Ruse, Bulgaria
Abstract: The Purpose of this paper is to present the Plan - Do - Check - Act (PDCA) Cycle which is also called the Deming cycle. This approach to organizing systems, processes, activities and operations dominates a large number of standards published by the International Organization for Standardization (ISO). The research is focused on some of the most popular management system standards as evidenced by the most recent ISO Survey data. The standard with requirements for quality management systems - ISO 9001:2015, is used as a basis, and the other management system standards are compared to it based on their clauses aligned to the PDCA cycle. The research results suggest that knowing and practicing the PDCA cycle can unlock the secrets of ISO management system standards.
Keywords: Plan - Do - Check - Act (PDCA) Cycle, ISO Management System Standards (MSS), Annex SL, ISO 9001:2015.
INTRODUCTION
The ISO Management System Standards (MSS) summarize best practices from around the world. There are four types of such documents:
S MSS are designed to be applicable across all economic sectors, various types and sizes of organizations and diverse geographical, cultural and social conditions;
S MSS that provide additional requirements or guidance for the application of a generic management standard in a specific economic or business sector;
S MSS that are intended to provide further guidance and/or requirements;
S MSS that may support the implementation of specific aspects of an organization's management system [17].
The publication of Annex SL to the ISO Directives has greatly impacted the homogeneity of MSS by providing a common structure, terms and definitions. After its first publication in 2012, Annex SL has provoked a wave that has influenced the updating of existing ISO standards and the publication of new ones. In 2022, Annex SL has been updated to reflect the latest trends in economy, society and ISO standards as a whole.
The most widely used ISO standards are focus of The ISO Survey [2]. Each year ISO collects data about the organizations certified to specific MSS by the total number of valid certificates and the total number of sites. The most recent ISO Survey covers the period from the beginning of 2021 till 31 December 2021. It is published on 26 September 2022 and presents the results for 16 management system standards, including 4 new ones- ISO 20121, ISO 29001, ISO 44001 and ISO 55000. The traditional leaders in the ISO Survey are:
S ISO 9001:2015 Quality management systems - Requirements (1 447 080 sites);
S ISO 14001:2015 Environmental management systems - Requirements with guidance for use (610 924 sites);
S ISO 45001:2018 Occupational health and safety management systems — Requirements with guidance for use (369 897 sites).
RESEARCH RESULTS Quality Management Systems and the PDCA Cycle
In its introduction, the most reputable ISO standard- ISO 9001, highlights the importance of the PDCA cycle: "The PDCA cycle enables an organization to ensure that its processes are adequately resourced and managed, and that opportunities for improvement are determined and acted on.". The PDCA cycle is then presented in the chapter dealing with the process approach, and
ОФ "Международный научно-исследовательский центр "Endless Light in Science"
more specifically- in Clause 0.3.2 of ISO 9001:2015. This clause states that "ThePDCA cycle can be applied to all processes and to the quality management system as a whole. '. It goes on to detail how to recognize whether a process or an activity belongs to a Plan, Do, Check or Act step in the management cycle. The clauses from 4 to 10 of ISO 9001:2015 are also indicated by their type:
S Clause 4 "Context of the organization" - Plan;
S Clause 5 "Leadership" - Plan;
S Clause 6 "Planning" - Plan;
S Clause 7 "Support" - Do;
S Clause 8 "Operation" - Do;
S Clause 9 "Performance evaluation" - Check;
S Clause 10 "Improvement" - Act.
Additional hints how to recognize the PDCA type of processes or activities are given by the ISO 9001 Auditing Practices Group [1]. A practical aspect of the PDCA cycle is presented by Professor Sobek in his book titled "Understanding A3 Thinking: A Critical Component of Toyota's PDCA Management System" [18].
Environmental management systems and the PDCA Cycle Clause 0.4 of ISO 14001:2015 has slightly different wording that describes the 4 steps of the PDCA cycle [5]. The figure that visually interprets the type of clauses 4 to 10 in the PDCA cycle is also somewhat different in comparison to the one in ISO 9001:2015. It must be admitted that the detailed table of contents of the standard has more differences in the sub-clauses of ISO 14001 versus those of ISO 9001.
Occupational health and safety management systems and the PDCA Cycle
ISO 45001:2018 bears a closer resemblance to ISO 14001 than to ISO 9001 when it comes to the explanation of the PDCA cycle [14]. The details about it are to be found in clause 0.4 and in a figure similar to the one in ISO 14001.
Information security management systems and the PDCA Cycle The fourth standard in the ranking of the ISO Survey- ISO/IEC 27001:2022 does not have a specific chapter detailing the elements of the PDCA cycle [10]. Nevertheless, the overall structure of clauses 4 to 10 is identical with that of Annex SL. Naturally, there are differences in the sub-clauses when compared to those of ISO 9001, ISO 14001 and ISO 45001.
Food safety management systems and the PDCA Cycle There are a few notable differences between the standard for food safety management systems - ISO 22000:2018, and the abovementioned standards [8]. The first one is that the figure is substantially different- Clause 8 "Operation" is presented in more detail and further focusing on the elements of this clause (from 8.1 to 8.9) and how they relate to the PDCA cycle. Another difference is that Clause 7 "Support" is considered as type "Plan", just like Jack West presented it in a publication of ISO / TC176 / SC2 / WG23 which preceded the official publication of ISO 9001:2015.
Energy management systems and the PDCA Cycle The figure representing the clauses of ISO 50001:2018 is identical to the one used in the standards for environmental management systems and occupational health and safety management systems. The only major difference is the amount of detail in the description of the step "Plan": "understand the context of the organization, establish an energy policy and an energy management team, consider actions to address risks and opportunities, conduct an energy review, identify significant energy uses (SEUs) and establish energy performance indicators (EnPIs), energy baseline(s) (EnBs), objectives and energy targets, and action plans necessary to deliver results that will improve energy performance in accordance with the organization's energy policy." [15]. Also, Clause 6 substantially adds to the base structure of Annex SL.
Anti-bribery management systems and the PDCA Cycle
ОФ "Международный научно-исследовательский центр "Endless Light in Science"
ISO 37001:2016 is another MSS that follows the structure of Annex SL [12]. As such, it completes the four steps of the PDCA cycle. Unlike the previously mentioned standards, there is no figure and no detailed explanation of the PDCA cycle.
Business continuity management systems and the PDCA Cycle Clause 0.3 "Plan-Do-Check-Act (PDCA) cycle" of ISO 22301:2019 states that "This document applies the Plan (establish), Do (implement and operate), Check (monitor and review) and Act (maintain and improve) (PDCA) cycle to implement, maintain and continually improve the effectiveness of an organization'sBCMS." [9]. It goes on to uncover the consistency with other MSS, such as ISO 9001, ISO 14001, ISO/IEC 20000-1, ISO/IEC 27001 and ISO 28000. Furthermore, it provides details about the main elements of clauses 4 to 10.
Road traffic safety management systems and the PDCA Cycle The introduction of ISO 39001:2012 states that "this International Standard promotes the use of an iterative (plan, do, check, act) process approach that will guide the organization towards delivery of the (road traffic safety) results." [13]. The structure of this standard follows the one of Annex SL and extends it mainly in Clauses 6 and 9.
Security management systems and the PDCA Cycle ISO 28000:2022 "applies the Plan-Do-Check-Act (PDCA) model to planning, establishing, implementing, operating, monitoring, reviewing, maintaining and continually improving the effectiveness of an organization's security management system'' [11]. This second edition of the standard provides a table with details about the four steps of the PDCA cycle. The fresh look at PDCA when it comes to security and resilience once again, just like ISO 22000, puts "Support" processes at the planning stage.
Event sustainability management systems and the PDCA Cycle The standard ISO 20121:2012 is one of the earliest adopters of Annex SL [7]. The PDCA cycle is presented as a methodology to achieve continual improvement of the management system. The model, shown on Figure 1 of ISO 20121:2012, consists of the following elements:
S Plan: Identify and engage interested parties (4.2), Determine scope of the management system (4.3), Define governing principles of sustainable development (4.5), Establish and document policy (5.2), Assign and communicate roles and responsibilities (5.3), Identify and evaluate issues. Set objectives and plans to achieve them (6);
S Do: Provide resources and ensure sufficient competencies and awareness (7.1, 7.2, 7.3), Maintain internal and external communications (7.4), Create and maintain documentation and procedures required for system effectiveness (7.5), Establish and implement process for operational control and supply chain management (8);
S Check: Monitor and evaluate system performance, including internal audits and management review (9);
S Act: Identify nonconformities and take corrective action.
Innovation management system and the PDCA Cycle
A unique approach to the PDCA cycle is presented in the guidance standard for innovation management ISO 56002:2019. Figure 1 of this standard represents the framework of the innovation management system with references to the clauses 4 to 10. "The cycle is informed and directed by the context of the organization (Clause 4) and its leadership (Clause 5)." [16]. Planning is only Clause 6, Clauses 7 and 8 are of type Do. Clause 8 comprises of 3 sub-clauses and interestingly- the core innovation process is integrated in the PDCA cycle: identify opportunities, create concepts, validate concepts, develop solutions, and deploy solutions. Quite expectedly Clause 9 is of type Check, and Clause 10- Act.
Other ISO standards and the PDCA Cycle
The list of ISO standards that implement the PDCA cycle is much longer and richer in content. It would be a serious omission if the standard for auditing management systems - ISO 19011:2018, is not in the list. Figure 1 "Process flow for the management of an audit programme" explicitly frames
ОФ "Международный научно-исследовательский центр "Endless Light in Science"
the subclauses of Clause 5 "Managing and audit programme" and Clause 6 "Conducting an audit" in the PDCA cycle [6]. This can also be said about Clause 7 "Competence and evaluation of auditors" where to determine the necessary competence would be of type Plan, to achieve auditor competence-Do, to evaluate the achieved auditor competence- Check, and to maintain and improve it- Act. The terms "audit criteria", "audit evidence", "audit findings", and "audit conclusion" naturally fit the PDCA sequence of steps in the auditing process.
The process for managing competence and developing people shown on Figure 1 of ISO 10015:2019 is yet another proof of the validity of the PDCA cycle in practically any MSS. As a kind suggestion to the unbiassed reader, anyone of us should follow the learning PDCA cycle below: S Plan: identify competence needs, assess competence gaps, plan competence development; S Do: establish a development programme, implement development activities; S Check: monitor and evaluate development activities against competence needs; S Act: identify areas of further development needs, improve development activities [4]
CONCLUSIONS
The Plan - Do - Check - Act (PDCA) Cycle is frequently encountered in many ISO management system standards. This fact dictates that whoever reaches a certain degree of proficiency in the understanding and implementation of the PDCA cycle, will be able to fully grasp the interactions and interdependencies between operations, processes and management systems.
Knowing the PDCA cycle helps professionals navigate successfully the different standards and their clauses. The experience gained in one or more management systems standards greatly affects the smooth adaptation to changes in existing standards or to newly developed ISO standards.
REFERENCES
1. ISO & IAF. ISO 9001 Auditing Practices Group Guidance on Processes. Edition 2, 2020.
2. ISO Survey 2021. URL: https://www.iso.org/the-iso-survey.html - Date of access: 16.12.2022.
3. ISO 9001:2015 Quality management systems - Requirements.
4. ISO 10015:2019 Quality management — Guidelines for competence management and people development.
5. ISO 14001:2015 Environmental management systems - Requirements with guidance for use.
6. ISO 19011:2018 Guidelines for auditing management systems.
7. ISO 20121:2012 Event sustainability management systems — Requirements with guidance for use.
8. ISO 22000:2018 Food safety management systems — Requirements for any organization in the food chain.
9. ISO 22301:2019 Security and resilience — Business continuity management systems — Requirements.
10. ISO/IEC 27001:2022 Information security, cybersecurity and privacy protection — Information security management systems — Requirements.
11. ISO 28000:2022 Security and resilience — Security management systems — Requirements.
12. ISO 37001:2016 Anti-bribery management systems — Requirements with guidance for use.
13. ISO 39001:2012 Road traffic safety (RTS) management systems - Requirements with guidance for use.
14. ISO 45001:2018 Occupational health and safety management systems — Requirements with guidance for use.
15. ISO 50001:2018 Energy management systems — Requirements with guidance for use.
16. ISO 56002:2019 Innovation management — Innovation management system — Guidance.
17. Management system standards. URL: https://www.iso.org/management-system-standards.html - Date of access: 16.12.2022.
18. Sobek, Durward K., Art Smalley. Understanding A3 Thinking: A Critical Component of Toyota's PDCA Management System. Productivity Press, Taylor & Francis Group, 2008
ОФ "Международный научно-исследовательский центр "Endless Light in Science"
