CEOs perform best when they truly understand their organization’s entire DNA. To understand the DNA of an organization requires segments of the organization be examined, integrated as a whole, and then presented for management review. Tools to examine segments of an organization are available in the form of auditable international standards or national consensus standards.

For example, an organization’s quality management system is a highly important DNA segment. This segment usually contains a sequence that includes (as outlined in ISO 9001): requirements of the organization’s quality management system and documentation; management responsibility, focus, policy, planning and objectives; resource management and allocation; product realization and process management; and, measurement, monitoring, analysis and improvement. The sequence can be examined through internal and external audit to conformance with the standard. Given that more than one million organizations have achieved certification to ISO 9001; and, there was an eight percent increase in new certifications in 2009 compared to 2008, it is clear that this information is highly sought by CEOs.

Correspondence matrix

Looking at a single segment, such as ISO 9001 alone, does not reveal the entire DNA of an organization. Additional standards to cover other segments such as the environment, occupational health and safety, business risk, and social responsibility are needed to fill in the gaps. A correspondence matrix as shown in Table I can be developed to better understand how a full EHS management system may look when complemented with other standards.

The matrix in Table I is buttressed at each end with international standards, in the form of guidelines, on risk management (ISO 31000) and social responsibility (ISO 26000), both relatively new standards. These standards are in their appropriate place where risk management leads the way and social responsibility wraps up the overarching objective of the organization to “maximize its contribution to sustainable development.” Note, however, that the standards for risk management and social responsibility are designed for internal audit only. There is no third-party certification to ISO 31000 and ISO 26000.

Table I will contain as many cells/rows as needed to complete a review of how the various standards correspond and align. The American Chemistry Council (ACC) has developed full matrix(s) that aligns several EHS standards and programs. These ACC matrix(s), in Word document form that you may edit, are found online at

OHSMS comparison matrix

Another use of a matrix is shown in Table II. While there is agreement on international standards for risk management, quality management systems, environmental management systems, and social responsibility, there are choices among occupational health and safety management systems (OHSMSs). The main choices are titled in Table II. If OSHA were to finalize an Injury & Illness Prevention Program (I2P2), it may be argued that it would be another OHSMS for consideration.

Table II will contain as many cells/rows as needed to complete a comparison among the various OHSMSs. The comparison matrix is important in the selection of which OHSMS an organization will choose. While there may be 95+ percent agreement among the various OHSMSs, the approximate five percent difference may be significant to the DNA of your organization.

For example, communication requirements under OHSAS 18001 include “receiving, documenting and responding to relevant communications from external interested parties.” Z10 and OSHA’s Voluntary Protection Program only require communication among management, employees and contractors at the worksite. This seeming small difference, alone or in concert with other differences, will alter the DNA of an organization.

Compatible and complementary standards

OHSAS 18001 and Z10 are not ISO standards. Both of these standards, however, are built to align with the nomenclature and language (e.g. uses same/similar numbering system, clause titles, etc. within ISO standards 9001 and 14001). The grand plan is to have standards, such as shown in Table I to be compatible and complementary. As mentioned before, when used together they help reveal the entire DNA for an organization.

The success of ISO 9001 (one million+ certifications) has pulled along ISO 14001 (about one-quarter million certificates issued in 159 countries). The number OHSMSs that have third-party certification is unknown. ISHN’s 27th White Paper Survey, however, finds that 26 percent of EHS pros “will implement/continue a formal management system.”

The strategy of leading organizations is to blend standards together. For example, Nestlé, with 280,000 employees in over 450 facilities worldwide, has been deeply engaged with ISO 9001 for years. It embarked on a quest in 2006 to certify all facilities to ISO 14001 and OHSAS 18001 by the end of 2010. Nestlé achieved 352 certifications in just one year (see What does Nestlé say about these achievements? Nestlé’s corporate website says, “… we are encouraging our business partners to apply similar standards.”

Nestlé’s advice may also apply to most EHS pros. If you believe engaging leadership is the primary focus of your work, then you must give something to which the CEO can easily relate. CEOs relate to management systems. So… you must understand the various management systems, how they interrelate, and how they are used.