DraftInternalISO 9001ISO 14001ISO 27001
SW-IMS-ROLE-001
IMS Owner / Management Representative
Version
1.0
Owner
CEO
Effective Date
TBD
Review Date
TBD
Role: IMS Owner / Management Representative
Document ID: SW-IMS-ROLE-001-v1.0
Effective Date: [TBD]
Review Date: [TBD]
Reports to: CEO
Current Assignment: [TBD - Name to be assigned by management]
Role Summary
The IMS Owner / Management Representative is the central coordination role for Swedwise's Integrated Management System (IMS), ensuring effective integration and operation of quality (ISO 9001), environmental (ISO 14001), and information security (ISO 27001) management systems. This role provides strategic coordination while working closely with domain specialists to drive continual improvement and ensure certification compliance.
Time Allocation
- Implementation Phase: 20-30% of working time
- Ongoing Operations: 10-15% of working time
- During Audit Periods: Up to 40% of working time
This role is designed to be combined with other operational responsibilities appropriate to Swedwise's size and structure.
Key Responsibilities
1. IMS Coordination and Integration
- Coordinate the integrated management system across quality, environmental, and information security domains
- Ensure alignment and synergy between the three management systems
- Maintain the IMS framework, policies, and strategic documentation
- Drive integration of IMS processes into daily business operations
- Facilitate cross-functional collaboration on IMS initiatives
2. Document Control Oversight
- Oversee the document control process for all IMS documentation
- Ensure documents are current, accessible, and properly version-controlled
- Maintain the document register and control master list
- Coordinate document reviews and approval workflows
- Monitor compliance with document control procedures (SW-IMS-PRO-001)
3. Internal Audit Program Management
- Plan and coordinate the annual internal audit program
- Ensure coverage of all IMS processes and ISO requirements
- Schedule and coordinate internal audits across all three standards
- Manage the internal auditor network and competence development
- Track audit findings and verify corrective action closure
- Prepare audit summary reports for management review
4. Management Review Preparation
- Schedule and prepare quarterly and annual management reviews
- Collect and analyze IMS performance data from all domains
- Prepare management review agenda and supporting materials
- Document management review outputs and action items
- Follow up on management decisions and action items
- Ensure management review meets ISO requirements
5. Continual Improvement Leadership
- Drive the continual improvement culture within Swedwise
- Coordinate analysis of non-conformities, corrective actions, and opportunities
- Facilitate improvement initiatives across the organization
- Monitor effectiveness of improvements
- Share best practices and lessons learned
- Support innovation aligned with IMS objectives
6. Certification Body Liaison
- Serve as primary contact with the certification body
- Coordinate external audit scheduling and logistics
- Prepare for certification and surveillance audits
- Manage certification audit findings and responses
- Maintain certification status and renewal timelines
- Handle certification-related communications and documentation
7. Training and Awareness Coordination
- Coordinate IMS training and awareness programs
- Ensure appropriate induction for new employees
- Monitor training effectiveness and competence development
- Develop and maintain IMS awareness materials
- Coordinate with CISO, Quality Lead, and Environmental Lead on domain-specific training
- Maintain training records relevant to IMS roles
8. Performance Monitoring and Reporting
- Monitor IMS performance indicators across all three standards
- Prepare regular IMS performance reports for management
- Analyze trends and identify areas for improvement
- Maintain the objectives and targets register
- Track progress against annual IMS objectives
- Report on IMS effectiveness to stakeholders
9. Non-Conformity Management Oversight
- Oversee the non-conformity and corrective action process
- Monitor timely resolution of identified issues
- Ensure root cause analysis is conducted appropriately
- Track effectiveness of corrective actions
- Escalate systemic or critical issues to management
- Maintain non-conformity register and analytics
10. Stakeholder Communication
- Communicate IMS performance and initiatives to the organization
- Report to management on IMS status and needs
- Coordinate with external stakeholders on IMS matters
- Ensure appropriate communication of IMS changes
- Represent the IMS to customers and prospects when required
- Promote IMS visibility and engagement across Swedwise
Authority
The IMS Owner has authority to:
- Access: Access all areas, processes, and documented information relevant to the IMS
- Audit: Initiate internal audits and investigations into IMS compliance
- Escalation: Escalate IMS issues directly to the CEO and Management Team
- Coordination: Coordinate cross-functional IMS activities and request support from department heads
- Documentation: Approve IMS framework documents (policies, procedures, guidelines)
- Reporting: Report directly to top management on IMS performance, independent of other responsibilities
- Suspension: Recommend suspension of non-compliant processes or activities pending corrective action
- Resources: Request resources necessary for effective IMS operation
- Training: Mandate IMS-related training for personnel with IMS responsibilities
- External Communication: Represent Swedwise to the certification body and other IMS-related external parties
Required Competencies
Knowledge Requirements
- ISO Standards: Working knowledge of ISO 9001, ISO 14001, and ISO 27001 requirements
- Management Systems: Understanding of integrated management system principles and practices
- Process Approach: Understanding of process-based management and PDCA cycle
- Risk Management: Knowledge of risk-based thinking and risk assessment methodologies
- Audit Principles: Understanding of internal audit principles and techniques
- Swedwise Business: Knowledge of Swedwise's business model, services, and organizational structure
- Regulatory Context: Awareness of relevant legal and regulatory requirements
Skills Requirements
- Coordination: Ability to coordinate cross-functional activities and stakeholders
- Communication: Strong written and verbal communication skills in English and Swedish
- Analysis: Analytical skills for data analysis and trend identification
- Organization: Strong organizational and project management skills
- Facilitation: Ability to facilitate meetings, reviews, and collaborative sessions
- Problem-Solving: Systematic problem-solving and root cause analysis capabilities
- Relationship Building: Ability to build effective working relationships across the organization
- Attention to Detail: Thoroughness in documentation and compliance verification
Experience Requirements
- Minimum 2 years experience in quality, environmental, or information security management
- Experience with management systems (ISO certification preferred)
- Experience in a coordination or cross-functional role
- Internal auditor training and experience (desirable)
- Understanding of IT consulting or SaaS business models (desirable)
Recommended Training
- ISO 9001 Foundation or Lead Auditor course
- ISO 14001 Foundation or Lead Auditor course
- ISO 27001 Foundation or Lead Auditor course
- Integrated Management Systems training
- Internal Auditor training (combined IMS preferred)
- Root Cause Analysis training
- Risk assessment and management training
Key Relationships
| Stakeholder | Nature of Interaction | Frequency |
|---|---|---|
| CEO | Reports to; receives mandate and resources; provides IMS updates | Weekly |
| Management Team | Coordinates IMS implementation; presents at management reviews | Monthly |
| CISO | Collaborates on information security aspects; coordinates ISMS activities | Weekly |
| Quality Lead | Collaborates on quality aspects; coordinates QMS activities | Weekly |
| Environmental Lead | Collaborates on environmental aspects; coordinates EMS activities | Bi-weekly |
| Risk Manager | Coordinates risk assessment and treatment activities | Bi-weekly |
| Department Heads | Coordinates IMS implementation in departments; addresses issues | Monthly |
| Internal Auditors | Manages audit program; provides guidance and support | During audits |
| Document Controller | Coordinates document management activities | Weekly |
| Certification Body | Liaison for audits and certification maintenance | As required |
| All Employees | Promotes awareness; receives feedback and improvement suggestions | Ongoing |
Relationship with Other IMS Roles
CISO (Chief Information Security Officer)
- Collaboration Model: The IMS Owner coordinates the overall IMS while the CISO owns the information security domain
- Division of Responsibility: CISO leads ISMS content, risk assessments, and security controls; IMS Owner ensures integration with QMS and EMS
- Interaction: Regular coordination meetings; joint management review preparation; shared internal audit program
Quality Lead
- Collaboration Model: The IMS Owner coordinates the overall IMS while the Quality Lead owns the quality management domain
- Division of Responsibility: Quality Lead manages customer satisfaction, process quality, and QMS-specific activities; IMS Owner ensures integration
- Interaction: Regular coordination meetings; joint performance monitoring; collaborative improvement initiatives
Environmental Lead
- Collaboration Model: The IMS Owner coordinates the overall IMS while the Environmental Lead owns the environmental management domain
- Division of Responsibility: Environmental Lead manages environmental aspects, compliance, and EMS-specific activities; IMS Owner ensures integration
- Interaction: Bi-weekly coordination; joint objective setting; integrated reporting
Risk Manager
- Collaboration Model: Complementary roles with overlapping responsibilities
- Division of Responsibility: Risk Manager owns enterprise risk management; IMS Owner ensures IMS-specific risks are integrated into enterprise framework
- Interaction: Joint risk review sessions; coordinated risk treatment planning; shared risk register maintenance
Performance Indicators
| KPI | Target | Measurement Method |
|---|---|---|
| IMS Documentation Currency | 95% of documents within review date | Monthly document register review |
| Internal Audit Completion | 100% of planned audits completed on schedule | Audit program tracking |
| Audit Finding Closure | 90% of findings closed within agreed timescale | Non-conformity register analysis |
| Management Review Frequency | 4 reviews per year minimum | Calendar tracking |
| Training Completion | 100% of IMS role holders trained within 3 months of assignment | Training records |
| Certification Maintenance | Zero major non-conformities in external audits | Audit reports |
| Objective Achievement | 80% of annual IMS objectives achieved | Objectives register review |
| Stakeholder Satisfaction | 80% satisfaction with IMS support and coordination | Annual internal survey |
| Improvement Initiative Completion | 75% of improvement actions completed on time | Action tracking register |
| Document Access Issues | <5 document access issues per quarter | Issue log tracking |
Delegation and Backup
During Planned Absence
Responsibilities are delegated in the following manner:
- Operational coordination: Delegated to CISO or Quality Lead (pre-designated)
- Urgent escalations: Directed to CEO
- Audit coordination: Delegated to qualified internal auditor (pre-designated)
- External audit liaison: Notification provided to certification body with backup contact
Deputy Role
A deputy IMS Owner should be designated from:
- CISO
- Quality Lead
- Risk Manager
The deputy should receive appropriate training to assume responsibilities during extended absences.
Success Factors
The IMS Owner will be successful when:
- Integration: The three management systems work cohesively with minimal duplication
- Compliance: Swedwise maintains certification to all three ISO standards
- Engagement: Employees understand and actively participate in the IMS
- Efficiency: IMS processes add value without creating bureaucratic burden
- Improvement: Continual improvement is embedded in Swedwise's culture
- Visibility: IMS performance is transparent and understood by management
- Audit Readiness: The organization is consistently prepared for audits
- Customer Confidence: Customers recognize and value Swedwise's IMS commitment
Document Control
| Version | Date | Author | Changes |
|---|---|---|---|
| 1.0 | [TBD] | [Author] | Initial release |
Approval
| Role | Name | Signature | Date |
|---|---|---|---|
| CEO | |||
| Management Team |
Related Documents
Related Documents