PART 2 | What’s in ISO 55001?
The ISO 55000 series of standards was officially released 15 Jan 2014. It comprises 3 separate standards:
This paper focuses on ISO 55001, arguably the “meat” of the set of standards where we find a definition of “what” is required. Guidance on the “how” comes in ISO 55002.
- Organizational context
- Leadership
- Planning
- Support
- Operation
- Performance evaluation and
- Improvement.
Keep in mind that the requirement of the standard is straightforward. An organization (company, plant, mine, school board, etc.) has a portfolio of assets. It has a corporate strategy (or equivalent) that provides overall objectives for the entire organization. Those assets are intended (somehow) to deliver on part of those objectives. The Asset Management System creates the link from corporate objectives, through a number of interacting elements to establish policy (i.e.: rules), asset management objectives, and processes through which to achieve them. Asset Management itself is the activity of executing on that set of processes to realize the value (as the organization defines it) from those assets.
ISO 55000 makes it clear that “Asset Management” is an activity (something you do) to implement the Asset Management System (something you define). The AM System is not just a computerized program as some might be inclined to believe. It may employ computerized tools and probably needs to, but the AM System is not in itself a computerized tool or system, nor does it need to be.
Asset Management is data and information-intensive. It touches on nearly all aspects of any business, although many outside of our field probably recognize that so clearly. Under the heading of leadership, the standard points out that this is a multi-disciplinary and multi-level endeavor involving the whole organization.
Let’s look at each part of ISO 55001 separately. In each of the following areas the standard sets out requirements of what should be done to meet what are considered good asset management practices.
Organization context: An organization determines its external and internal drivers and constraints – anything relevant to its purpose and ability to achieve the outcomes of its AM system. The Strategic Asset Management Plan (SAMP) includes AM objectives (linked to corporate strategic intent and objectives). An organization must determine and understand which stakeholders are relevant to the AM system, their requirements, and expectations, the criteria for AM decision making, stakeholder requirements for financial and non-financial information and its reporting both internally and externally.
The scope of the AM System must be defined. What are the boundaries of its span (i.e.: to what does it apply?) This considers the above drivers, constraints, requirements and any interactions required with other management systems.
There are requirements to document all of this and to continually improve the AM System, describing it all within a well-documented SAMP.
Leadership: The standard describes three main requirements – leadership and commitment, policy and organizational roles, responsibilities, and authorities. Leadership and commitment require that top management ensure:
- The AM Policy, SAMP, and objectives are established and compatible with organizational objectives,
- AM system requirements are integrated into the organization’s business processes,
- Resources are available,
- Communication of the importance of effective AM and of confirming to AM System requirements,
- The AM system achieves intended outcomes,
- That personnel contribute to the effectiveness of the AM system,
- Cross-functional collaboration,
- Continual improvement,
- That support and other management roles demonstrate leadership and
- That risk management is aligned with the organization’s risk management approach.
Much of this is arguable just good business management practice in a complex business having separate functional areas that must ultimately work towards common goals in each and all areas.
An AM Policy must be established that is appropriate to the organization, provides a framework for setting objectives and satisfying them, as well as continuous improvement. It must be consistent with the organization’s plan and policies, be appropriate to the organization’s assets and operations, be available, communicated and periodically reviewed, updated if needed.
Top management must also ensure that roles, responsibilities, and authorities are assigned, communicated, and effectively executed to:
- Establish and update the SAMP,
- Ensure the AM System delivers,
- Ensure it complies with the ISO itself,
- Ensure the AM System is suitable, adequate, and effective,
- Establish and update AM plans (as needed) and
- Ensure reporting on performance of the AM System to top management.
AM It is not something that can be abdicated to lower levels of management. Delegation does not absolve top management of responsibility nor participation.
Planning: Planning is a key element of the AM System – it is where the details of how the organization will deal with risks, opportunities, and its AM objectives are found. Plans describe what the organization will do to execute on AM. The standard outlines a number of requirements that those plans should meet/consider.
As in any endeavor, there are both risks and opportunities. Those must be identified and addressed to ensure the AM System can achieve its intended outcomes, prevent or reduce undesired effects, and achieve continual improvement. Plans are needed to address both the risks and opportunities, considering how they may change with time and organizational context. Again, those activities must also integrate with AM System processes and in turn with other organizational processes.
Objectives are established for all relevant functions and levels considering the requirements of stakeholders and other financial, technical, legal, regulatory, and organizational requirements. Those objectives should be aligned with organizational objectives, consistent with the AM policy, be established and updated using AM decision-making criteria, be included within the SAMP, be measurable, monitored, communicated, reviewed, and updated as appropriate. All of this should be documented. Note that this is a recurring theme through the standard.
Objectives require plans for their achievement and those plans should include the various activities, resources, and financing. Like the objectives, the plans must be aligned and consistent with the rest of the AM system. The plans should determine and document:
- Decision making and prioritizing methods and criteria,
- Processes and methods for managing assets throughout their life cycles,
- What will be done,
- Resources,
- Time frames,
- Evaluation criteria,
- An overall time horizon for the plan,
- Review periods,
- Actions to address risks and opportunities (identification, assessment, significance, and actions to deal with those risks and opportunities). Risk management for assets must be considered in the organization’s overall risk management approach and contingency planning.
This is arguably the area where you will see the greatest opportunity to integrate in a meaningful way with other established organizational processes and methods, especially risk management.
Support: AM does not exist in a vacuum. Cooperation and collaboration with other functional areas will be required for effective AM and execution of the AM System. Resources are needed to establish, implement, maintain and continually improve the AM system itself, and collaboration outside of the AM organization or functional area will be required.
Those doing the work must be competent. While that should go without saying it is stated explicitly that persons must be educated, trained, and experienced and where needed action is required to ensure they are. The effectiveness of the actions taken (e.g. training) should be evaluated and documented information is retained to provide evidence of competence. Periodically the competency needs should be evaluated and updated as needed.
The organization must establish its own information requirements to support assets, AM, and the AM System in achieving the organizational objectives. The information should consider risks, roles, responsibilities, processes, procedures, activities, information exchange, the impact of quality, availability, and management of information on decision making. Information requirements are defined in detail including specific information attributes, quality requirements, how and when the collection, analysis, and evaluation will take place. This is all managed through defined processes and it must all align with other organizational processes (financial and non-financial) as well as utilized terminology (to avoid confusion and miscommunication). The information must be consistent across its various uses – the concept of entering once, use many times comes to mind.
A page describes documentation requirements but it boils down to having a formal document management system in place for all the information (processes, plans, procedures, methods, etc.) described in the standard. Documentation must be kept current and only those current versions available for use where and as needed.
Operation: This section outlines the requirement to plan, implement and control the processes needed to meet and implement all the plans. Criteria for the processes are determined, control is applied, information is documented to ensure confidence and evidence is established, and to treat and monitor risks.
Change must be managed. Change presents risks, both temporary and permanent that must be managed. There is a requirement to manage these risks and mitigate any adverse effects.
The standard recognizes that outsourcing activities is not uncommon. The risks associated with outsourcing must be identified and managed. Outsourced activities must still be managed, again as with top management’s responsibility, activities can be delegated through outsourcing but responsibility cannot be abdicated.
Performance Evaluation: Organizations must determine what needs to be monitored and measured, the methods to monitor, measure, analyze, evaluate and validate results, when it shall be done and what results should be analyzed and evaluated. This is used to report on asset performance, asset management performance (including both financial and non-financial results), and the effectiveness of the AM system itself including risk management.
Evidence of the results of performance management activities is kept as documented information.
Internal audits are required at planned intervals to ensure AM System conformance with organization requirements, the requirements of the ISO 55001 standard, and that the AM System is effectively implemented and maintained. An audit program is established including frequency, methods, responsibilities, planning and reporting, consideration of the processes, and results of previous audits. Each audit has defined audit criteria and scope, auditors should be objective and impartial, results are reported to management, and documentation is retained.
The top management has the responsibility to review the AM System periodically to ensure its suitability, adequacy, and effectiveness. Audits and top management reviews lead into the continual improvement process and like all else in the system, everything is documented.
Improvement: Non-conformance occurs if the AM system or elements of it are not followed. Incidents are when a failure of some sort results from inadequacy or non-conformity within the system. Actions to control and correct are required along with dealing with consequences. An evaluation of the need to eliminate the cause is required to ensure that it does not happen again or elsewhere. Once decided upon, action is taken to correct and those actions are reviewed for effectiveness. If necessary, the AM system should change. Again, documented information is required.
Preventive actions are required. The organization should establish processes to identify potential failures in asset performance and evaluate the need for preventive action.
And that is the extent of the requirements. For those of us familiar with good management practices, these requirements echo those practices nicely, albeit with an AM twist.
The standard also contains an annex listing subject areas that are addressed in other published international, regional, or national standards, but does not tell the reader where to find them. It merely lists the topics, but that does provide a good point at which to search for other potentially relevant standards in your area of jurisdiction.
Conclusion:
ISO 55001 does a good job of outlining what actions should be taken by any organization that wishes to manage its physical assets responsibly. While much of it is common sense, it is not always practiced and this standard provides reminders of what might be missing. A common theme is that everything is documented including the processes, procedures, etc., and the measurements and other reports that provide evidence of compliance. Clearly, there is a need to collaborate with other functional areas within the organization, most notably finance, human resources, information management (IT / Systems), and top management.
