Do we need a separate QMS software alongside IFS Cloud?

No. IFS Cloud contains a fully integrated Quality Management System (QMS). Using external software creates data silos and disconnects quality from the production/procurement transactions. The native IFS module satisfies ISO 9001 requirements effectively.

How do external auditors access the system?

We recommend creating a specific 'Auditor' User Role. This role should have 'Read Only' access to the specific ISO Lobbies (Dashboards) and Document Management. This allows auditors to self-serve evidence without seeing sensitive financial data.

Does IFS Cloud automatically update legal registers for ISO 14001?

IFS Cloud is a system of record, not a content provider. While it manages the compliance tasks and documents, it does not natively pull in local legislation changes. You will need to subscribe to a legal update service and manage the resulting tasks within IFS.

Can we perform Safety Inspections on mobile devices?

Yes. The IFS Cloud Mobile Maintenance app supports Surveys and Work Assignments. Safety officers can complete checklists, take photos of hazards, and raise incidents directly from the shop floor, working seamlessly online or offline.

How does the system handle 'Management Review' (Clause 9.3)?

Instead of compiling static slides, you can configure an 'Executive Quality Lobby'. This dashboard aggregates real-time data on NCR trends, Audit results, Customer Feedback, and Supplier Performance, allowing the Management Review to be data-driven and dynamic.

Integrated Compliance

Executive Summary (TL;DR)

For CIOs, IT Directors, and Quality Managers:

Transitioning to modern Cloud ERP environments like IFS Cloud™ presents a unique opportunity to dismantle the silos between your operational data and your compliance requirements. Traditionally, ISO 9001 (Quality), ISO 14001 (Environment), and ISO 45001 (Health & Safety) have been managed via disparate spreadsheets, third-party software, or physical paper trails. This fragmented approach increases risk, duplicates data entry, and fails to provide real-time insights.

This guide demonstrates how to utilize native ERP capabilities as a single, digital "Source of Truth" for your Integrated Management System (IMS). By embedding compliance controls directly into the ERP transactional flow—such as blocking a receipt from an unapproved vendor or preventing a work order assignment to an uncertified technician—you move from "compliance by inspection" to "compliance by design."

Core Takeaways:

Unified Data Model: A single audit trail links a customer complaint (ISO 9001) to a root cause analysis, or a chemical spill (ISO 14001) to the specific inventory batch and storage location.
Audit Velocity: Reduce external audit preparation time by up to 40% using "Lobby" dashboards that present real-time evidence to auditors without manual report compilation.
Active Risk Management: Replace static risk registers with dynamic controls. Use the system to physically stop processes (e.g., shipping, production) when compliance criteria are not met.

ISO 9001:2015 – Quality Management Systems

The standard for Quality Management is not just about product quality; it is about process consistency and customer satisfaction. Native ERP architecture covers this primarily through the Quality Management (QM) and Document Management (DocMan) modules.

Clause 7.5: Documented Information

ISO 9001 demands strict control over documents. In legacy systems, "Work Instructions" often drift out of sync with the actual process.

Implementation Strategy:

Integrated Document Management (IDM): Configure your Doc Class structure to separate Policies, SOPs, and Forms.
Access Control: Use "Access Templates" to ensure that Obsolete documents are automatically hidden from the "Shop Floor Workbench" users.
Visual Work Instructions: Attach media (PDFs, Videos) directly to the Routing Operation. When a shop floor operator opens a shop order operation, the latest approved instruction opens automatically.

Clause 8.4: Control of External Processes

You must ensure your suppliers meet your requirements. This goes beyond a one-time check.

Implementation Strategy:

Supplier for Purchase Part (SFPP): Configure "Inspection Codes" to force mandatory incoming inspections for new vendors.
Vendor Rating: Utilize the automatic Supplier Reliability calculation (delivery on time) and link it to quality stats.
Solution: Set up a "Lobby" element that flags any Purchase Order creation for a supplier with an expired ISO 9001 certificate (tracked in Supplier_Info_Address).

Addressing Clause 10.2: Non-conformity and Corrective Action

Do not manage NCRs in a separate "Quality" software. Use the integrated Non-Conformance Report (NCR) object. Configure the Corrective Action tab to be mandatory before the NCR status can move to "Closed". This enforces the "Check" and "Act" phases of the PDCA cycle directly in the transactional workflow.

ISO 14001:2015 – Environmental Management

This standard focuses on environmental performance and the "Lifecycle Perspective." Advanced ERP platforms support this via Eco-Footprint Management and Chemical Safety.

ISO Requirement	Relevant Capability	Implementation Strategy
6.1.2 Environmental Aspects	Eco-Footprint Management	Enable the Eco-Footprint component. Map emission factors (CO2, Water, Energy) to your Work Centers and Purchase Parts. This allows the system to calculate the environmental impact of a finished good based on its BOM and Routing, satisfying the "Lifecycle Perspective."
6.1.3 Compliance Obligations	Document Management	Gap Note: ERPs do not natively stream global regulations. Action: Create a Document Class "REG" for your Legal Register (Permits, Laws). Set "Review Intervals" in DocMan to trigger reminders 90 days before a permit expires.
8.1 Operational Planning	Maintenance (Asset Mgmt)	Identify environmentally critical equipment (e.g., Scrubbers, Waste Water Treatment). Create Preventive Maintenance (PM) Actions with a specific "CRITICALITY" flag. Use IoT connectors to trigger a PM if a sensor detects an emission breach.
8.2 Emergency Preparedness	Incident Management	Configure Incident Class = "ENVIRONMENTAL". Train staff to log spills via the Mobile app immediately. This logs the time, location, and immediate containment actions, serving as vital evidence for auditors.

ISO 45001:2018 – Occupational Health & Safety

Preventing work-related injury is paramount. Robust ERP systems integrate OHS directly into Human Capital Management (HCM) and Work Orders.

Clause 7.2: Competence

"Ensure that workers are competent on the basis of appropriate education, training, or experience."

The "Hard Stop" Configuration

One of the most powerful features is the ability to link Qualifications to Resource Management to prevent uncertified work.

Define a "License" in HCM for high-risk tasks (e.g., "Forklift Operation", "Confined Space Entry").

Assign this License to the specific Employee Profile with a valid-to date.

Critical Step: In the Maintenance Scheduling Optimization (MSO) or Service Dispatch, enable the constraint that checks for valid licenses.

Result: The system will fail to assign a work order to a technician if their safety certification has expired. This is irrefutable evidence of compliance.

Clause 5.4: Consultation and Participation of Workers

ISO 45001 requires non-managerial workers to participate. Use the Survey module to send out monthly "Safety Culture" surveys to shop floor users. The results can be aggregated anonymously and displayed in a Safety Lobby, demonstrating active worker engagement.

Source Data Prerequisites

Your system is only as compliant as the data within it. Before you enter the "Construct" phase, ensure the following datasets are cleansed and ready.

Quality Data

Inspection Codes: Standardize your defect reasons (e.g., "Scratch", "Dimension", "Color").
Variable Data: Define min/max tolerances for all critical attributes.
Tool Calibration: List of all gauges, serial numbers, and last calibration dates.

Environmental

Emission Factors: CO2e per kWh, Water usage per hour per work center.
Waste Streams: List of EWC (European Waste Catalogue) codes you utilize.
Hazardous Materials: CAS numbers and REACH status for all raw materials.

Safety Data

Risk Library: Standard list of workplace hazards (Slip/Trip, Electrical, Noise).
PPE Matrix: Which Personal Protective Equipment is required for which Job Role?
Employee Certs: Scans of physical licenses and their expiry dates.

Frequently Asked Questions

Do we need to buy a separate QMS software package?

No. A robust ERP includes a fully embedded Quality Management System. Using third-party "bolt-on" software often leads to data silos where quality data (NCRs) is disconnected from inventory and production data. An integrated approach is superior for ISO 9001 compliance.

How can external auditors access our records?

We recommend configuring a restricted "Auditor" user role. This role should have "Read Only" access to specific Lobbies (Dashboards) and the Document Management system. This allows auditors to self-serve evidence without accessing sensitive commercial or HR salary data.

Can the ERP handle the 'Legal Register' for ISO 14001?

Core ERP systems are transactional systems, not legal content providers. While it cannot automatically "know" that a local environmental law has changed, you can manage the compliance tasks within it. We recommend subscribing to a legal update service and manually updating your "Legal Register" document, using "Review Tasks" to prompt periodic checks.

How do we handle 'Change Management' (ISO 9001 Clause 6.3)?

For product changes, use the Engineering Change Management (ECM) module. For process or organizational changes, many clients configure a "Change Request" case in the Call Center/Case Management module to track the approval, risk assessment, and implementation steps of a change project.

Is mobile capability required for ISO 45001?

While not strictly "required" by the standard, it is highly recommended for Incident Reporting. The easier you make it for workers to report "Near Misses" (via a mobile app on the shop floor), the more data you will capture, leading to better risk prevention and demonstrable "Worker Participation."

Blog