The confusion between goal management and performance management processes, which is a common situation in management system audits, is seen in almost every organisation. Although performance management is a critical process for the sustainability of management systems, it cannot be managed effectively.
To give an example from the ISO/IEC 27001:2013 Information security management system standard, when it is desired to see the information security objectives of the organisation within the scope of Article 6.2 of the standard, the objectives table opens. Again, when it is desired to see the records related to the performance evaluation process within the scope of Article 9.1 of the same standard, the objectives table is opened.
6.2 If we look at the information security objectives addressed in Article 6.2, the objectives to be determined here should support the objectives of the organisation's Information Security management system. For example; let's assume that one of the ISMS installation objectives of the organisation is to maintain the information security required to protect the information assets of the organisation. What can you support this purpose? With the awareness of employees/users. High information security awareness of employees is a supportive factor for the organisation to achieve its goal. You can set a goal to increase employee awareness and plan activities for this purpose.
However, when it comes to performance management, there is a need for a systematic that can measure the performance of the operating processes of the management system. Let us explain as follows; the information security management system has its own processes. What are these? This list goes on and on with processes such as documentation management, risk management, awareness training management, internal audit management. Above, we have given examples of activities to raise awareness regarding the objectives. Here, you can evaluate the performance of the "Awareness Training" process within the scope of the activities carried out to raise awareness. Or you can set performance criteria for "Management of objectives". In summary, we can say that objectives are not a performance criterion, but management of objectives is a performance criterion.
Performance management is one of the most important elements of continuous improvement in the Check step. Failure to evaluate the performance will not only trigger major non-conformities but also damage the effectiveness of the management system.
The main reasons underlying the ineffective operation of performance management can be listed as follows;
With Puki®, you can provide performance management with a single click without even having to prepare data to monitor the performance of your management systems.