An integrated management system manual sets the foundation for how your business runs its quality, safety, and environmental systems in one place. When you’re building one, you’re deciding how your business meets ISO standards, manages risks, and proves compliance.
This article shows you how to build your manual step by step. You’ll start by defining what the manual covers, including your business goals, which standards apply, and who it affects. From there, you’ll set clear policies, define responsibilities, map out processes, and document how everything gets done. By the end, you’ll have a single, working reference that brings your integrated management systems together.
1. Define the Purpose and Scope of the IMS Manual
Before drafting an integrated management system manual, you need to clearly define its purpose and scope. This ensures that the manual is relevant, targeted, and aligned with your business needs.
Business Objectives and Commitments
Start by stating your organisation’s core objectives related to quality, environmental performance, and workplace health and safety. These objectives reflect your commitment to meeting customer expectations, reducing environmental impact, and maintaining a safe work environment. The manual should articulate these commitments clearly, demonstrating leadership and responsibility across all business operations.
Standards to Be Integrated
Identify which management system standards your manual will cover. Commonly, these include ISO 9001 for quality management, ISO 14001 for environmental management, and ISO 45001 for occupational health and safety. If your business operates in sectors with additional compliance requirements, include those standards as well. This clarifies the framework your integrated management system manual is built on and sets the foundation for consistent processes.
Applicable Sites, Departments, and Functions
Specify where the IMS manual applies within your organisation. This could range from all company sites and locations to specific departments or business functions. For example, manufacturing sites, head office, field operations, or supplier management units. Defining this scope ensures that all relevant teams understand their roles and responsibilities within the integrated system.
Interested Parties and Their Expectations
Outline the internal and external stakeholders affected by the IMS. These could include employees, customers, suppliers, regulators, and local communities. Detail their expectations, such as compliance with legal requirements, quality service delivery, environmental stewardship, and workplace safety. Addressing these expectations ensures the manual remains relevant and focused on meeting stakeholder needs.
Clearly defining these elements in your manual helps guide consistent implementation and continual improvement. Using integrated management system software can assist in maintaining alignment between your documentation, processes, and business objectives, ensuring your manual remains a practical, living tool rather than a static document.
2. Establish IMS Policy and Objectives
Setting a clear policy and measurable objectives is crucial when developing your integrated management system manual. These elements anchor your system in purpose and direction, reflecting your organisation’s commitment to meeting IMS standards.
Top Management Commitment Statement
Begin with a strong statement from top management that confirms their dedication to the integrated management system. This declaration should emphasise leadership responsibility for quality, environmental protection, and workplace health and safety. It also serves as a promise to provide the necessary resources and support to achieve the system’s goals.
Quality, Environment, Health, and Safety Policies
Your policies should clearly define your organisation’s stance on quality assurance, environmental management, and occupational health and safety. Each policy needs to be concise yet comprehensive enough to guide behaviour and decision-making throughout the business. These policies form the foundation of your system, aligning with the requirements of ISO 9001, ISO 14001, ISO 45001, or any other relevant standards.
Objectives Aligned with the Policies
Next, set specific, measurable objectives that directly relate to your policies. For example, if your environmental policy prioritises reducing waste, then an objective might be to lower waste generation by a certain percentage within a defined period. Objectives must be realistic and monitored regularly to track progress. This ensures your integrated management system manual translates policy into actionable targets.
Communication of Policy and Objectives
Finally, ensure that both your policies and objectives are communicated effectively to all levels of the organisation. This includes employees, contractors, and any other relevant parties. Communication can take various forms, such as inductions, training sessions, internal newsletters, or digital platforms. Using integrated management system software can simplify this process, making it easier to distribute updates and confirm understanding.
Defining these components firmly establishes the framework that guides the entire management system. Clear policies and objectives help embed a culture of responsibility and continuous improvement throughout your organisation.
3. Identify Legal and Other Requirements
Understanding and managing legal and compliance obligations is essential when building an integrated management system manual. Without this foundation, achieving IMS certification and maintaining regulatory compliance becomes difficult. This section outlines how to identify and organise these requirements.
Statutory and Regulatory Requirements
Begin by listing all applicable laws and regulations that your organisation must comply with. These include national, state, and local statutes governing environmental protection, workplace health and safety, and quality standards. Keep in mind these requirements can evolve, so regular monitoring is necessary. Compliance with these laws is mandatory and forms the baseline for your integrated management system.
Industry-Specific Compliance Obligations
Certain sectors have unique compliance requirements beyond general legislation. These may relate to licensing, permits, environmental impact assessments, or safety certifications specific to your industry. Understanding these helps ensure that your IMS manual addresses all critical controls relevant to your operations, avoiding costly breaches or disruptions.
Register of Legal and Other Requirements
Maintain a formal register documenting all legal, regulatory, and industry-specific obligations. This register should include details such as the source of the requirement, its relevance to your operations, and review dates to ensure currency. Using integrated management system software can simplify maintaining this register, providing automatic updates and reminders for review or changes.
Clearly documenting these obligations in your integrated management system manual keeps your organisation aware of its duties. It supports ongoing compliance and forms a key element during IMS certification audits.
4. Define Organisational Structure and Responsibilities
An integrated management system manual must clearly outline how your organisation is structured, who is responsible for what, and how authority flows. This ensures that accountability is traceable and that your system operates as intended.
Organisation Chart
Start with a clear and current organisation chart. This diagram must show reporting relationships across all functions that affect quality, environmental performance, health, and safety. From top management to field staff, every position connected to the integrated system must be visible. The chart should also highlight support roles, external providers, and operational leads where relevant.
Roles, Responsibilities, and Authorities
Each role involved in your IMS must have defined responsibilities and delegated authority. These should cover the planning, execution, monitoring, and review of system processes. This is especially important for roles linked to legal compliance, risk controls, internal audits, and emergency responses. Avoid ambiguity. Staff must know what is expected of them, where they can make decisions, and when they must escalate issues. These responsibilities should be documented and reviewed regularly.
Appointment of IMS Representative
An IMS representative must be appointed by top management. This person is responsible for maintaining the system, reporting on its performance, and promoting awareness across the organisation. They act as the key contact for external audits and IMS certification. The IMS representative must have access to senior leadership and the authority to take corrective action if system breakdowns occur.
Competency and Training Requirements
Assigning responsibilities is only effective if those assigned are competent. You must define the required skills, experience, and qualifications for each role that influences your IMS. Then, assess current staff capabilities against these criteria. Where there are gaps, provide targeted training. Keep records of training completed and review them during internal audits.
Using the best IMS software in Australia can support this structure. It allows real-time tracking of training records, automatic alerts for expired competencies, and version control for updated responsibilities.
5. Describe the IMS Processes and Interactions
Every integrated management system manual must describe how processes operate and how they interact. This is where system structure becomes functional. You move from planning to execution. From concept to measurable action. The purpose is to ensure every activity contributing to quality, safety, environmental or compliance outcomes is understood and controlled.
Process Identification and Mapping
Start by identifying all core and support processes. These include service delivery, purchasing, training, incident management, document control, customer communication, and internal audits. Each process should be mapped in a way that reflects how your organisation actually works—not how it’s meant to work in theory. Use simple flowcharts or swimlane diagrams to show the sequence and interaction of activities. These should be reviewed whenever a significant operational or structural change occurs.
Process Inputs and Outputs
For each process, define what goes in and what comes out. Inputs might be raw data, requests, materials, customer complaints, or regulatory requirements. Outputs may include reports, services, compliance records, approvals, or physical deliverables. Mapping these helps trace how value is added and where errors could arise. It also supports risk-based thinking, especially when used alongside monitoring controls.
Process Owners and Accountabilities
Every process must have an owner. This is the person accountable for performance, monitoring, and continual improvement of that process. They’re responsible for ensuring staff follow procedures, records are maintained, and results are reviewed. Avoid gaps in accountability. When process owners are clearly appointed and empowered, issues can be resolved quickly and improvements made with confidence.
Criteria and Methods for Control
Once processes are defined, you must establish how they will be controlled. This includes setting acceptance criteria, defining performance indicators, and specifying methods for measurement and review. Controls can be in the form of checklists, automated alerts, scheduled audits, review meetings, or exception reporting. These should be practical and proportionate to the level of risk. Regularly assess whether these methods are effective, and revise them as needed.
A quality manual often includes these process descriptions, but in an integrated system, your approach must go further. It must reflect the interaction between quality, health and safety, and environmental management. Using HSEQ management software can help structure, automate, and monitor these processes without the usual administrative burden.
6. Detail Documented Information Requirements
Managing documented information is essential to the integrity of your system. Whether it’s a procedure, policy, checklist or form, each document needs to be accurate, current, and accessible to the right people. The integrated management system manual must set out how you structure, approve, protect, retain, and dispose of information.
This section outlines the core requirements.
Structure and Control of Documented Information
Documents must follow a defined structure. This typically includes a title, document number, version, issue date, and author or owner. Grouping by process, business function or standard requirement makes it easy to find the right document. Formatting should remain consistent to support readability and reduce errors.
Document control involves restricting who can create, edit, and publish documents. All documents must be formally issued, and obsolete versions must be removed from circulation. Any document used for operational purposes should be traceable. You must know who last updated it and when.
HSEQ management system software allows you to enforce these controls systematically. This reduces the risk of incorrect documents being used in the field or office.
Document Approval, Review and Update Procedures
Every controlled document must be approved before release. Approval must come from a competent person who understands both the content and the operational impact of the document. The process should be recorded and include sign-off from designated roles.
You must review documents at regular intervals or when operational changes occur. If they require an update, the revised version must go through the same approval process. Once released, archive the previous version or marked as superseded.
This is a direct response to the ISO 9001 document control requirements, which state that documents must be suitable for use, available where needed, and protected from loss of integrity.
Retention and Disposal of Records
Records show that your compliance. These may include inspection forms, incident reports, training records, audit results, and maintenance logs. You need to keep them long enough to meet legal, contractual, and operational requirements.
Each record type must have a documented retention period. Once that period expires, you must destroy those records securely. This could mean shredding paper copies or deleting digital files using secure erase methods. You must also record the disposal process where appropriate.
Digital retention rules simplify this task and reduce the risk of non-compliance.
Access and Security Measures
Access must be controlled. Staff should only be able to view or edit documents relevant to their role. Access levels need to be defined by role or position, not by individual, to maintain consistency. Sensitive documents—such as injury reports, supplier compliance files, or audit findings—require stricter controls.
Documented information must also be protected against accidental loss or corruption. This includes regular backups, version history, and audit trails. You need to know who accessed or changed a document, and when.
Strong access and security measures not only protect your business but also support accountability and transparency across your operations.
Clear, controlled documentation protects your business from errors, legal exposure, and inefficiencies. Your documented information system is not just a compliance tool. It’s a working framework that supports safe, effective and repeatable business operations.
7. Define Operational Control and Procedures
This part of your integrated management system manual outlines how you control daily operations. The goal is simple. You want consistent results, safe working conditions, and full compliance with your legal and customer requirements. Outsourced work must also meet the same standards as your internal operations.
You achieve this through defined procedures, risk-based decision making, and clear responsibilities.
Standard Operating Procedures (SOPs)
Standard operating procedures (SOPs) provide step-by-step instructions for tasks that affect quality, safety, or the environment. They remove guesswork from the process. You must identify which processes need a procedure, then write it in clear, direct language. Include who is responsible, what steps they take, what equipment they use, and what records they produce.
Make the SOPs available at the point of use. You should also review them when operations change or after any incident. In FocusIMS, SOPs can be linked directly to the projects, assets, or risks they relate to.
SOPs support compliance with ISO 9001 Clause 8, which requires you to plan, carry out, and control your operations in a way that meets customer and statutory requirements.
Risk-Based Thinking in Operations
You must consider risk before, during, and after each operational activity. This is not just about identifying hazards. It also means thinking about things that could affect quality, delivery, or customer satisfaction. The idea is to prevent problems before they occur.
Build this thinking into your processes. For example, assess job safety before work begins. Review equipment condition before using it. Check supplier capability before signing contracts. Document the controls you apply, and train staff to follow them.
The FocusIMS Risk Management module allows you to record these assessments and track the effectiveness of controls over time.
Environmental and Health & Safety Controls
You are responsible for protecting both people and the environment. This means identifying legal requirements, setting objectives, and applying controls in the workplace.
Environmental controls may include waste management, spill response, and emissions reduction. Health and safety controls may include PPE use, isolation procedures, permits to work, or emergency drills.
These controls must be documented, communicated, and enforced. You must also keep records to show compliance. Field-based workers can use digital forms in FocusIMS to complete prestarts, report incidents, or log hazards as they occur.
Control of Outsourced Processes
Outsourced processes can affect your compliance, safety, and quality outcomes. You must identify which processes are outsourced and apply the same level of control as you would internally.
Start by choosing the right supplier. Review their licences, insurances, and previous performance. Set clear expectations in contracts. Require evidence of completed work, and monitor results regularly.
In FocusIMS, you can allocate suppliers to specific projects, store their compliance records, and set automatic alerts when documents expire. This allows you to stay in control of external work without adding unnecessary administrative burden.
9. Establish Monitoring, Measurement, Analysis and Evaluation
Once your management system is in place, you need to confirm it works. This means tracking performance, testing compliance, and using results to guide decisions. Without measurement, you cannot improve. Without evaluation, you cannot correct. Monitoring closes the loop between planning and results.
You should measure what matters. Choose indicators that reflect your goals, risks, and responsibilities.
Performance Indicators and Targets
Start by defining clear indicators. These are your signals. They tell you whether your processes meet expectations. You might measure on-time delivery, defect rates, customer satisfaction, energy use, or staff turnover.
Set targets for each indicator. Make them realistic, measurable, and time-bound. Align them with your business goals. For example, if your objective is to reduce injury rates, your indicator could be “number of lost time injuries per quarter” and your target might be “zero”.
Review targets regularly. Don’t let them go stale. Raise the bar when needed, or adjust it if circumstances change.
Internal Audits
Internal audits test the system from the inside. They check whether staff follow the process, whether documents match practice, and whether controls are effective.
Create an internal audit schedule that covers every part of the management system over time. Use trained staff or competent contractors to conduct the audits. Keep them objective. Document the findings and record actions taken.
Audits don’t exist to catch people out. They exist to confirm what works and to find areas for improvement. A good audit adds value. It should give you insight, not just paperwork.
Compliance Evaluations
Besides checking your own system, you must check whether you meet external requirements. These include legal obligations, contractual terms, and relevant standards.
Do a compliance evaluation at least once a year. Document the rules that apply to your business, identify the evidence that shows you meet them, and record any gaps. If you find a breach, take corrective action quickly.
Compliance automation software can help manage this process. It can track obligations, store evidence, send alerts, and reduce manual effort.
Data Analysis Methods
Data is only useful when you understand it. That’s why analysis matters.
Use tools like trend graphs, pie charts, run charts, and dashboards help visualise performance. Compare results over time, across sites, or against targets. Ask questions like “What is improving?” or “What is stable? “What is declining?” For more depth, use root cause analysis, Pareto charts, or statistical methods.
Monitoring and analysis turn numbers into knowledge. They let you steer the business with confidence. Your integrated management system manual must include a section on how your organisation does this.
10. Detail Incident, Nonconformance and Corrective Action Procedures
No system works perfectly all the time. Incidents happen. Nonconformances occur. Your job is to deal with them quickly, learn from them, and stop them from recurring. An ISO-certified management system requires more than a reaction. It requires a structured response.
This section outlines the essentials. You need to record what went wrong, understand why, fix it, and check that your fix worked.
Reporting and Recording Incidents
Anyone in your business must be able to report an incident or nonconformance. Make the process easy, clear, and available. If it’s too hard, people won’t report. If it’s vague, you’ll get the wrong information.
Use forms or digital tools that capture who, what, when, where, and how. Record all incidents, not just major ones. Every report helps you see trends and potential issues.
Your records must include evidence, actions taken, and results. Store them in a central location. Keep them up to date. These records show regulators, clients, and auditors that you are serious about safety, quality, and compliance.
Root Cause Analysis Methods
Fixing the symptom doesn’t fix the problem. You need to find the cause. For this reason you need root cause analysis.
Several methods are useful. You can use the 5 Whys. Ask “Why?” until you reach the real source of the issue. You can use a fishbone (Ishikawa) diagram to sort causes into categories like people, equipment, or process. You can use fault tree analysis for complex issues.
Choose the method that suits your issue and resources. Keep your approach consistent across the business.
In your integrated management system manual, include the process your business uses to conduct this analysis. Make sure staff understand how and when to use it.
Corrective and Preventive Action Procedures
Once you find the cause, act on it. Your corrective action should remove the cause. Not just patch the result.
Document each step. What was done? When? By whom? Record the changes made to processes, documents, training, or controls.
Where appropriate, also consider preventive action. Look for similar risks in other areas. Address those before they become incidents. This stops a small issue from turning into a system-wide failure.
Both types of actions must be traceable. You need to know what was decided, who was responsible, and whether the risk was removed.
Verification of Action Effectiveness
You need to check whether your actions worked. Don’t assume. Go back and verify. Did the incident recur or did the process improve? Did staff apply the new procedure?
Set a timeframe to review the results. Use audits, inspections, or follow-up reports. If the action failed, revisit the analysis. You might have missed the real cause.
Verification closes the loop. It confirms that your business learns from mistakes and improves over time.
When you apply these steps consistently, you build trust in your ISO-certified management system. More importantly, you protect your people, your clients, and your business.
11. Outline Management Review Process
A management review is your formal checkpoint. It confirms whether your system is working as intended and whether it still meets your business needs. You do not guess. But you use data and feedback. You look at facts.
An integrated management system manual must include a structured review process. That process ensures your business maintains control and direction.
Inputs to the Review
Begin with the right information. Without it, the review becomes opinion. You want insight, not guesswork.
Bring in audit results, incident reports, customer complaints, inspection findings, and performance data. Include compliance obligations, legislative changes, and updates to relevant standards.
You also need feedback from staff and clients. Include risk management outcomes, system updates, and previous review actions. Look at whether corrective actions were completed and whether they worked.
Use your ISO compliance software to collect and organise this data in a way that is easy to assess.
Frequency and Participants
The review must happen at least once a year. More often if your business operates in high-risk sectors or undergoes rapid change.
Senior management must lead the process. They are responsible for making decisions and assigning resources. Depending on the size of your business, include department heads, compliance officers, safety managers, or supervisors.
If people lead processes, they must attend. You need accurate updates and practical insights.
Review Outcomes and Follow-up
The review does not end with discussion. It must produce action.
Outcomes may include updates to policies, system changes, staff training, resourcing adjustments, or process redesign. Assign responsibilities and set deadlines for each outcome. Record decisions in meeting minutes.
Follow-up is not optional. Someone must check that each assigned action was completed. Someone must verify that it worked. The system must support these tasks with reminders and documentation.
Continual Improvement Opportunities
This is your opportunity to improve. You are not just fixing problems. You are finding better ways to work.
Ask whether current controls are still effective, whether customer needs have shifted, and whether your processes still match your goals.
Improvement can take many forms. You might simplify a procedure, eliminate duplication, or introduce automation. You might respond to feedback that shows where service fell short.
The point of the review is not to tick a box. The point is to run a better business. When your management review works, your integrated system stays relevant, efficient, and aligned with your business objectives.
12. Control of Changes and Continual Improvement
Change is unavoidable. What matters is how you manage it. A structured process protects your business from disruption and keeps your system working as intended. Your integrated management system manual must explain how your organisation controls change and improves over time.
Change Management Process
Treat every change as a controlled activity. This includes changes to procedures, equipment, roles, suppliers, software, or legislation.
First, identify the proposed change. Then assign a responsible person to review and approve it. Record the reason for the change, what parts of the system it affects, and who needs to be informed. Update all relevant documents and communicate clearly to everyone involved.
Track each change to completion. Use documented records to prove that the change was reviewed, approved, and implemented properly. This step supports traceability and improves accountability.
Evaluation of Impact and Risks
Every change brings consequences. Some are good. Some may introduce new risks.
Before you act, assess how the change will affect your objectives, people, and compliance. Look at who will be affected. Examine how it will influence safety, quality, timelines, cost, and your legal obligations.
Involve your team in the evaluation. Use risk assessments, checklists, and feedback tools. This helps you avoid unintended consequences and keeps your system stable.
Improvement Initiatives
Improvement is not a one-off task. It is an ongoing responsibility.
Start with issues. Look at what has gone wrong. Find the root cause. Fix the problem so it does not repeat.
Then look at opportunities. These may come from staff suggestions, client feedback, performance trends, or industry benchmarks. Assign actions. Set deadlines. Monitor progress.
Improvement should be part of daily operations. Encourage staff to suggest changes. Reward ideas that make work safer, faster, or clearer. Small gains, over time, build strong systems.
Learning from Audits and Feedback
Audits and feedback offer clear lessons. Internal audits reveal whether your system is working. They show what you are doing well and where gaps exist. Nonconformances must lead to action. Track these actions to ensure they are closed.
Customer complaints, supplier feedback, and staff observations are just as valuable. Record them. Analyse patterns. Identify themes. Then respond.
This process reinforces ISO compliance success and builds trust across your business.
You cannot improve what you ignore. When you treat audits and feedback as learning tools, you build a smarter, stronger, and more responsive system.
Takeaway Message
Building an integrated management system manual is not just about meeting a requirement. It is about creating a reliable reference that reflects how your business operates, how it manages risk, and how it improves.
Each section of the manual connects people, processes, and responsibilities. It gives your team clarity and shows auditors consistency. It helps you meet legal obligations, improve outcomes, and maintain control as your business grows.
When supported by practical tools like ISO compliance software, your manual becomes more than a document. It becomes a live system that drives accountability, guides decision-making, and keeps your operations aligned.
![Download this ISO 9001 Gap Analysis Template Now [Free]](data:image/svg+xml;nitro-empty-id=MTU5Njo2MjQ=-1;base64,PHN2ZyB2aWV3Qm94PSIwIDAgNTEwIDUxMCIgd2lkdGg9IjUxMCIgaGVpZ2h0PSI1MTAiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+PC9zdmc+)
