My days as a SHEQ Manager are long gone, now I am lucky to be able to help many more companies than I could ever imagine. Every day, we help companies to push much further than simple compliance. SHEQ is about so much more than just compliance. Yes, compliance is an important component, but a company can get so much more out of a proper working management system.
Safety Is Everything
Safety should come before anything else. You can simply not do anything when people get injured all the time. Eventually, you will be left with nobody to do the job. The business reasons aside, we have a duty to everybody to make sure people leave through the door the same way they arrived. This has nothing to do with compliance perse, but just good moral and business practices.
With this in mind, safety should be practical as well. We hire professionals or train people to become professionals. Please trust them a little bit. Only intervene when things are getting out of hand and try to grow a sense for people that are slacking.
Quality Is Everything
Quality is not just the product or service produced or delivered by the company. It is everywhere from the marketing material, packaging, employees, and customers to even the way you handle leaving customers. It doesn’t have to be perfect, but the Quality should be great and the experience should be even better. Not everything will go according to plan, but make sure the customer is informed and knows what is going on. Try to make these bad experiences as painless as possible.
In essence, this has nothing to do with compliance to begin with, it is just good business. The Quality standards (ISO9001/IATF16949/IS13485) are merely guidelines. As a company, you should strive to do the best you can, regardless of the applicable standard.
Security Is Everything
In today’s highly connected world, digital security should be an incorporated part of the management system. Even if the company isn’t certified for any standard, it is crucial to take the necessary steps in order to prevent a breach. Ransomware costs billions every year and up to 8 billion dollars globally. Having a proper security program in place is critical, especially for non-IT companies. It still happens too often that people click on a link or PDF without knowing the sender.
Again, the 8 billion spent on Ransomware has nothing to do with compliance. You need to make sure the company is ready and resilient to these matters, whether you are certified or not.
Culture
The certification, whether it is ISO9001, ISO14001, ISO45001, or ISO27001, is merely a framework. In the end, almost all the compliance topics boils down to culture. Some people might say, “It is not important” or “Don’t bother me with this”—but they don’t really get it. As a Quality/Safety/Compliance manager it is your duty to make them see the importance. It is not your job to do all the tedious tasks, those should be done by the responsible person. You should guide them, train them, and make them aware. A culture is created by everybody in the organization and the stakeholders close it. But it is your job to make Safety, Quality, and Security a part of the culture.