Saturday, December 26, 2009
Tuesday, December 8, 2009
IMPLEMENTATION GUIDANCE FOR ISO 9001:2008
IMPLEMENTATION GUIDANCE FOR ISO 9001:2008
This Implementation Guidance has been developed to assist users in understanding the issues that need to be considered during the co-existence period between ISO 9001:2000 and ISO 9001:2008.
While the changes between ISO 9001:2000 and ISO 9001:2008 are expected to have a limited impact on users, some arrangements regarding implementation are needed.
Note: To reflect the limited scope of the changes the term “implementation” is now being used to make a clear distinction with the former “transition” from ISO 9001:1994 to ISO 9001:2000, when there were significant changes throughout the standard.
A wide diffusion of this implementation guidance is recommended, in particular the comparison table between ISO 9001:2008 and ISO 9001:2000, given in Annex B to ISO 9001:2008.
ISO 9001:2008 has been developed in order to introduce clarifications to the existing requirements of ISO 9001:2000 and to improve compatibility with ISO 14001:2004. ISO 9001:2008 does not introduce additional requirements nor does it change the intent of the ISO 9001:2000 standard.
Certification to ISO 9001:2008 is not an “upgrade”, and organizations that are certified to ISO 9001:2000 should be afforded the same status as those who have already received a new certificate to ISO 9001:2008 No new requirements were introduced in this edition but, in order to benefit from the clarifications of ISO 9001:2008, users of the former version will need to take into consideration whether the clarifications introduced have an impact on their current interpretation of ISO 9001:2000, as changes may be necessary to their QMS In order to assist organizations to have a full understanding of the new ISO 9001:2008, it may be useful to have an insight on the revision process, how this revision reflects the inputs received from users of the standard, and the consideration given to benefits and impacts during its development.
Prior to the commencement of a revision (or amendment) to a management system standard, ISO/Guide 72:2001 Guidelines for the justification and development of management system standards recommends that a “Justification Study” is prepared to present a case for the proposed project and that it outlines details of the data and inputs used to support its arguments. In relation to the development of ISO 9001:2008 user needs were identified from the following:
- the results of a formal “Systematic Review” on ISO 9001:2000 that was performed by the members of ISO/TC 176/SC2 during 2003-2004
- feedback from the ISO/TC 176/Working Group on “Interpretations”
- the results of an extensive worldwide “User Feedback Survey on ISO 9001 and ISO 9004″ by ISO/TC 176/SC 2/WG 18 and similar national surveys.
The Justification Study identified the need for an amendment, provided that the impact on users would be limited and that changes would only be introduced when there were clear benefits to users.
The key focuses of the ISO 9001:2008 amendment were to enhance the clarity of ISO 9001:2000 and to enhance its compatibility with ISO14001:2004.
A tool for assessing the impacts versus benefits for proposed changes was created to assist the drafters of the amendment in deciding which changes should be included, and to assist in the verification of drafts against the identified user needs. The following decision making principles were applied:
1) No changes with high impact would be incorporated into the standard;
2) Changes with medium impact would only be incorporated when they provided a correspondingly medium or high benefit to users of the standard;
3) Even where a change was low impact, it had to be justified by the benefits it delivered to users, before being incorporated.
The changes incorporated in this ISO 9001:2008 edition were classified in terms of impact into the following categories:
- No changes or minimum changes on user documents, including records
- No changes or minimum changes to existing processes of the organization
- No additional training required or minimal training required
- No effects on current certifications
The benefits identified for the ISO 9001:2008 edition fall into the following categories:
- Provides clarity
- Increases compatibility with ISO 14001.
- Maintains consistency with ISO 9000 family of standards.
- Improves translatability.
ISO 9000 Standards – Document Approval
ISO 9000 Standards – Document Approval
The ISO 9000 Standards requires that documents be approved for adequacy prior to issue.
Approval prior to issue means that designated authorities have agreed the document before being made available for use. Whilst the term ade-
quacy is a little vague it should be taken as meaning that the document is judged as fit for the intended purpose. In a paper based system, this means approval before the document is distributed. With an electronic system, it means that the documents should be approved before they are published or made available to the user community.
The ISO 9000 Standards document control process needs to define the process by which documents are approved. In some cases it may not be necessary for anyone other than the approval authority to examine the documents. In others it may be necessary to set up a panel of reviewers to solicit their comments before approval is given.
It all depends on whether the approval authority has all the information
needed to make the decision and is therefore ‘competent’. One might think that the CEO could approve any document in the organization but just because a person is the most senior executive does not mean he or she is competent to perform any role in the organization.
Users should be the prime participants in the approval process so that the
resultant documents reflect their needs and are fit for the intended purpose. If the objective is stated in the document, does it fulfil that objective? If it is stated that the document applies to certain equipment, area or activity, does it cover that equipment, area or activity to the depth expected of such a document? One of the difficulties in soliciting comments to documents is that you will gather comment on what you have written but not on what you have omitted. A useful method is to ensure that the procedures requiring the document specify the acceptance criteria so that the reviewers and approvers can check the document against an agreed standard.
To demonstrate documents have been deemed as adequate prior to issue,
you will need to show that the document has been processed through the
prescribed document approval process. Where there is a review panel, a simple method is to employ a standard comment sheet on which reviewers can indicate their comments or signify that they have no comment. During the drafting process you may undertake several revisions. You may feel it
necessary to retain these in case of dispute later, but you are not required to do so. You also need to show that the current issue has been reviewed so your comment sheets need to indicate document issue status.
Monday, December 7, 2009
Save The Environment – Implement ISO 14001 Standards
Environmental Management System (EMS)
Global warming, ozone depletion, pollution and extinction of numerous species of animals. These are just a few of the environmental issues that the world faces, in the name of development. As responsible corporate citizens, SMEs can play their part in preserving our natural environment for our next generation.
Both individuals and businesses especially have a social and environmental responsibility to fulfil. With the rapid development in today’s industrialised world, the issue of preserving and managing our environment has become crucial. The increasing awareness of the importance of good environmental management systems is evidenced by the amendments made to the Environmental Quality Act 1974 and other environmental regulations which serve to ensure stricter compliance of environmental standards. Malaysia also adopted the National Environment Policy in 2002 as a means of addressing environmental issues in an integrated manner while more and more companies are striving to attain the MS14001 EMS certification.
WHAT SMEs CAN DO TO SAVE THE ENVIRONMENT
As responsible corporate citizens, SMEs have a major role to play in preserving the environment. For starters, they can help the Government to achieve its recycling goals, by creating mechanisms to facilitate the segregation of recyclable wastes and to ensure that these wastes are sent to the relevant parties instead of being dumped in landfills and illegal dumpsites. Furthermore, SMEs must also ensure that proper waste management systems are in place in conducting their day-to-day businesses.
Below are a few steps that SMEs can take to do their part for the environment:
• Dispose off company wastes properly and responsibly.
• Encourage employees to reuse items where possible, for example, printing on both sides of the paper, etc.
• Practise recycling in the office, by introducing a recycling programme. Among the items that can be recycled are papers, cardboards, glass, aluminium cans and scrap metals.
• Implementing an Environmental Management System (EMS).
WHAT IS AN ENVIRONMENTAL MANAGEMENT SYSTEM (EMS)?
An EMS provides a framework for managing environmental practices that integrates with overall business goals in a systematic way. Various models can be applied to develop, implement and maintain an EMS. One of the more common models used by industries is the model described by the ISO 14001 standard which was developed by the International Organisation for Standardisation (ISO). The ISO 14001 standard EMS model focuses on continuous improvement through an on-going cycle of actions called the continual improvement cycle which incorporates the elements of planning, doing, checking and acting.
An EMS typically begins with a strong environmental policy which describes the organisation’s approach in managing its environmental affairs and reflects its commitment to protect the environment and human well-being. The environmental policy establishes the framework for environmental leadership and serves as a contract between an organisation’s employees and its stakeholders. As such, commitment and strong support from top management is essential in making an EMS a success. Developing the environmental policy also helps to lay the groundwork for the planning phase of the EMS cycle. It is in this stage that active management support is sought, a multi-disciplinary EMS implementation team is formed and an introduction meeting is held to brief employees on the implementation of EMS. On top of that, the scope and budget for the implementation of EMS is also pre-defined. In other words, it is important that management provides all the resources necessary for the successful implementation of EMS.
CURRENT ENVIRONMENTAL PRACTICES
It is evident that some SME has put in place various initiatives to preserve the environment while utilizing resources efficiently. These initiatives include the following:
1. Discouraging open burning in fields and plantation sites while encouraging the composting of felled trees and crops in an environmentally-friendly way which in turn prepares land for replanting by using natural fertilizer;
2. Discouraging the use of chlorofluorocarbons (CFCs) in various industrial, commercial and household appliances; and
3. Encouraging the recycling of resources for example, in the plastic manufacturing industry, materials are being regenerated through the forming process in an effort to reuse biodegradable products in an environmentally-friendly way.
WHAT IS WASTE MANAGEMENT?
Waste management involves collecting, transporting, processing, recycling and disposing waste materials, in an effort to reduce their adverse effects on human health and the environment. Waste materials include solid, liquid or gaseous substances. The implementation of waste management requires careful planning and also adequate financial resources and is the responsibility of all parties involved such as individuals, businesses and corporations, including SMEs.
INCENTIVES FOR ENVIRONMENTAL PROTECTION AND WASTE MANAGEMENT
In an effort to support an enhanced level of environmental pro activity, the government provides a range of fiscal activities which includes the Pioneer Status tax exemption and the Investment Tax Allowance for the manufacture of environmentally-friendly products, the provision and supply of environmentally-friendly services and specific activities which contribute towards the presentation of the environment. The said incentives are available for the following activities:
- Storage, treatment and disposal of toxic and hazardous waste
- Waste recycling activities which are high-tech in nature for instance, recycling agricultural wastes, chemicals and the production of reconstituted wood-based panel boards or other products
- Energy-generating activities using biomass which are renewable and environmentally-friendly. Examples of biomass resources include palm oil mill waste, rice mill waste, sugar cane mill waste, timber/sawmill waste and paper recycling mill waste
- Energy conservation services
Accelerated Capital Allowance with a special initial rate of 40% and an annual rate of 20% for total write-off within three years is given to organisations that are waste generators, for their capital expenditure on machinery and equipment incurred, to set up facilities to store, treat and dispose their waste. This incentive is also available to companies undertaking waste recycling activities.
Thursday, November 26, 2009
ISO 14001 Standards Audit
ISO 14001:2004 emphasizes the continuous improvement of an environmental management system (EMS). The standard specifies requirements for an environmental management system to enable an organization to develop and implement a policy and objectives which take into account legal requirements and information about significant environmental aspects. The certification process ensures the conformance of your EMS against the international standard, as well as any organizational specific requirements that have been identified.
The ISO 14001 Standards audit consist of 2 stage registration audit process followed by surveillanceaudits, and ultimately a recertification audit. ISO 14001 Audits include on-site assessments of documents, data, records, activity and personnel. Process audit trails are followed by interviews of personnel responsible for the tasks and reviewing associated activity and records of occurrence. The audit trail will follow interactions between processes as well as the details of the process itself. Following are the stages of the audit process.
Pre-assessmentRegistration Audit – Stage 2Audit Findings• A review of action taken on nonconformities identified during the previous audit• A review of the continued effectiveness of the management system in its entiretyThe continued applicability to the scope of registration
The pre-assessment audit is an optional activity, outside of the registration process, it is highly encourages that any organization to undertake to evaluate the readiness to undergo the two stage registration process. That would optimally occur prior to the stage 1 and 2 audits.
Unlike the Stage 1 and Stage 2 activities you have full discretion as to which areas the preassessment should focus on and for the length of the pre-assessment. This activity allows your organization to become familiar with the audit process and helps prepare your employees for the registration assessment.
The auditor conducting the pre-assessment will typically return to the organization for the assessment. Similar to a ‘true’ audit, the end result of the pre-assessment will be a documented report identifying findings observed during the audit and a closing meeting to discuss the issues.
The pre-assessment activity allows you to correct any issues prior to beginning the registration process.
Assessment
New requirements for certification bodies have changed the registration process. Registration is now conducted in two distinct visits- Stage One and Stage Two- each of which has defined requirements that are outlined below.
Registration Audit – Stage 1
The stage 1 audit, conducted at your facility, is primarily performed for planning and determining the readiness of an organization to undergo a stage 2 registration audit. It also facilitates communicating any needs and expectations to the organization. Activities performed at a stage 1 audit include:
• Conducting a documentation review – This review determines if the organization’s EMS documentation adequately covers all the requirements of the ISO standard
• A review of the aspects and impacts and their significance and an evaluation of the facility(s) site specific conditions
• A review of your organizations non-conformance, preventive and corrective action system • An overview of applicable regulations
• Interviewing your organization’s personnel to assess their general readiness to undertake a stage 2 audit
• Confirming the applicability of the scope of the organization’s EMS
• Obtaining evidence that internal audits and management reviews are being planned and performed
• Providing focus for the planning of the stage 2 audit
If during the stage 1 audit any nonconformities are identified, the auditor will request a corrective action response (see Corrective Action Response).
The objective of the Stage 2 on-site audit is to assess your organizations’ adherence to your own policies, objectives, and procedures and to ascertain conformance to the requirements of the ISO 14001 standard. To accomplish this, the audit will address the implementation of all the elements of the standard. Review of documentation and records to support the implementation is an expected part of the assessment process. If non-conformances or opportunities for improvement are identified they will be documented in a report which will be presented to the organization during the closing meeting. The report will include the auditor’s recommendation regarding registration.
Any deviation from procedures or requirements of the standard will be identified as an audit finding, which will be documented in the audit report. The auditor will draw your attention to non-conformities as they arise so there will be no “surprises” at the closing meeting. Findings are categorized into three categories defined as follows:
• A major non-conformity relates to the absence or total breakdown of a required process or a number of minor non-conformities listed against similar areas. A major non-conformity at the Registration Audit – Stage 2 would defer recommendation for registration until that major has been closed.
• A minor non-conformity is an observed lapse in your systems ability to meet the requirements of the standard or your internal systems, while the overall process remains in tact.
• An observation or opportunity for improvement relates to a matter about which the Auditor is concerned but which cannot be clearly stated as a non-conformity. Observations also indicate trends which may result in a future non-conformity.
Corrective Action Response
ISO 14001 Standards requires corrective action responses from all Registration Audits. Once certification is achieved, dependant upon the extent and nature of the findings, your organization may be required to submit a corrective action plan, detailing your intent to correct the non conformity.
The auditor may also recommend that your organization submit objective evidence to support the to verify closure may be required.
It is recommended that all non-conformities are addressed within your internal corrective action system. Typically, opportunities for improvement would be addressed as preventive actions by your organization.
closure of the finding. In certain circumstances such as a major non conformity an on site activity
Surveillance Audits
Company shall conduct Surveillance Audits on an annual or semi-annual basis. The purpose of the Surveillance Audit is to ensure that the EMS continues to conform to both the organizations’ and the ISO 14001 requirements. Certain processes will be reviewed at each surveillance including:
• Internal audits and management review
• Customer and interested parties communications
• Effectiveness of the management system in achieving defined objectives
• The progress of planned continual improvement activities
• Continuing operational control
• A review of any changes made by the organization which may have impact on the registration
• Use of accreditation and certification body logos provided to the organization upon registration
• objectives, targets and programs
• evaluation of compliance
Re-assessment Audits
The accreditation body requires that a recertification audit be carried out every three years. The purpose of the recertification audit is to confirm the continued conformity and effectiveness of the management system as a whole, and its continued relevance and applicability for the scope of activity.
Recertification audits review the performance of the EMS over the registration period, and include a review of previous surveillance audit records. The recertification audit includes the following:
• The continued relevancy of the organization’s policy and objectives
• The continued effective interaction between the processes of the management system
• A review of internal audits, management reviews, document changes during this certification period
ISO 14001 Standards – Emergency Preparedness and Response Plans
ISO 14001 Section 4.4.7, Emergency Preparedness and Response, requires that organizations establish and maintain procedure(s) to:
1. Identify potential accidents and emergencies
2. Respond to accidents and emergencies
3. Prevent and mitigate the environmental impacts that may be associated with accidents and emergencies.
Section 4.4.7 also requires that organizations review and revise, when necessary, their emergency preparedness
and response procedure(s), especially after an accident or emergency situation. Organizations must also periodically test such procedures where practicable.
Most organizations have already developed and implemented emergency response plans to comply with various federal and state regulations that require such plans. Examples of federal regulations that require such plans include:
• Resource Conservation and Recovery Act (RCRA) Contingency Plans
• Spill Prevention, Control, and Countermeasures (SPCC) Plans
• Facility Oil Response Plans under the Oil Pollution Prevention Act of 1990
• Employee Emergency and Fire Prevention Plans under Occupational Safety and Health Administration (OSHA).
Some states have regulations that require similar emergency response plans. For instance, the state of Pennsylvania requires certain facilities to develop and implement a Preparedness, Prevention, and Contingency (PPC) Plan in addition to federal requirements.
The ISO 14001 requirements are similar to the requirements of most regulatory emergency plans. Whether your facility has emergency response plans or not, you should review the following sections to ensure you meet the ISO 14001 emergency response requirements.
ISO 14001 Section 4.4.7, Emergency Preparedness and Response, requires that organizations establish and maintain procedure(s) to:
1. Identify potential accidents and emergencies
2. Respond to accidents and emergencies
3. Prevent and mitigate the environmental impacts that may be associated with accidents and emergencies.
Section 4.4.7 also requires that organizations review and revise, when necessary, their emergency preparedness
and response procedure(s), especially after an accident or emergency situation. Organizations must also periodically test such procedures where practicable.
Most organizations have already developed and implemented emergency response plans to comply with various federal and state regulations that require such plans. Examples of federal regulations that require such plans include:
• Resource Conservation and Recovery Act (RCRA) Contingency Plans
• Spill Prevention, Control, and Countermeasures (SPCC) Plans
• Facility Oil Response Plans under the Oil Pollution Prevention Act of 1990
• Employee Emergency and Fire Prevention Plans under Occupational Safety and Health Administration (OSHA).
Some states have regulations that require similar emergency response plans. For instance, the state of Pennsylvania requires certain facilities to develop and implement a Preparedness, Prevention, and Contingency (PPC) Plan in addition to federal requirements.
Thursday, November 12, 2009
Tuesday, November 3, 2009
Thursday, October 8, 2009
Understand Quality Management
Quality Management may be defined as the process through which organizations apply statistical process control mechanisms in order to improve the quality and standards of goods and services that are manufactured. Closely related to Quality Management is tqm, also known as total quality management. This is basically a management strategy that is applied in businesses in order to create awareness of high quality in most organizational processes. Quality Management features three main components including quality assurance, quality improvement and quality control. Quality management is focused not only on the quality of products and services but also on continuous improvement of quality standards.
Most methods that are now being used for Quality Management, quality system and quality manufacturing system take into consideration the need for high quality as an essential attribute in services and products that are manufactured by companies and organizations. Quality Management usually involves the successful improvement of quality of services and products. This is usually done through quality training processes where one can also acquire lessons on quality process and process management. One tool that is used for ensuring auditing quality in Quality Management is the MasterControlQAAD(TM) software. Besides using tools to carry out Quality Management successfully, one can also consider applying project management. This will help ensure continuous quality improvement.
The other way through which organizations can improve quality of process and service output is by using six sigma. This is basically a business management strategy that helps identify and remove defects and variations in the manufacturing process. It also helps guarantee Quality Management. It works by using a set of high quality business management and overall management methods to ensure quality and guarantee Quality Management. Most products and services to which Quality Management is applied are certified with iso certificates. Some of the iso certificates that guarantee that a product or service has undertaken Quality Management, change management and process improvement is iso 9001.
iso 9001 and iso 14001:2004 set down specific guidelines for environmental management systems and Quality Management. Other guidelines can be found in other generic process management philosophies such as the lean management that follows iso 9000 quality improvement standards aimed at guaranteeing total quality to its quality systems. The other mode through which organizations guarantee Quality Management is by use of a quality plan that meets iso 14000 and iso 14001 iso certification requirements. The other iso certification that guarantees product quality in Quality Management include iso 9001 2000.
In order to meet supplier quality in Quality Management systems, there are several iso training sessions that are offered. These meet iso standards. An organization that is in need of Quality Management for its products and services may also consider using a quality manual for its day to day Quality Management plans. Such a manual will usually have guidelines for iso quality. However, when applying the guidelines in the manual, regard must be had to quality audit measures aimed at guaranteeing Quality Management for the organization. Quality Management also involves knowledge of as9100 and iso 13485 that are commonly applicable in supplier management.
Quality Management programs that are iso certified help offer quality policy to existing iso 9001 certifications and quality management system that meet iso 9000 and ts16949 requirements. Quality companies that are aimed at ensuring Quality Management for the products and services that they manufacture also use quality management software that guarantees managing quality. In order to enhance Quality Management, the software guarantees quality procedures through its high rate of functionality. Besides such software, an organization can adopt quality assurance training and also offer quality consulting to its members in order to guarantee Quality Management to its products and services.
There are also several quality project management plans, which meet iso standards such as iso 9002 that are available today. Such plans are usually developed with a view to developing flexible, affordable and scalable management solutions to companies that seek to uphold Quality Management for their products and services. Such plans feature quality management systems that offer quality control management and quality assurance management through quality a management plan. Other quality objectives that can be obtained through iso 9001 training thus meeting iso 9000 certification use project management skills to improve Quality Management for the manufactured products and services.
Most methods that are now being used for Quality Management, quality system and quality manufacturing system take into consideration the need for high quality as an essential attribute in services and products that are manufactured by companies and organizations. Quality Management usually involves the successful improvement of quality of services and products. This is usually done through quality training processes where one can also acquire lessons on quality process and process management. One tool that is used for ensuring auditing quality in Quality Management is the MasterControlQAAD(TM) software. Besides using tools to carry out Quality Management successfully, one can also consider applying project management. This will help ensure continuous quality improvement.
The other way through which organizations can improve quality of process and service output is by using six sigma. This is basically a business management strategy that helps identify and remove defects and variations in the manufacturing process. It also helps guarantee Quality Management. It works by using a set of high quality business management and overall management methods to ensure quality and guarantee Quality Management. Most products and services to which Quality Management is applied are certified with iso certificates. Some of the iso certificates that guarantee that a product or service has undertaken Quality Management, change management and process improvement is iso 9001.
iso 9001 and iso 14001:2004 set down specific guidelines for environmental management systems and Quality Management. Other guidelines can be found in other generic process management philosophies such as the lean management that follows iso 9000 quality improvement standards aimed at guaranteeing total quality to its quality systems. The other mode through which organizations guarantee Quality Management is by use of a quality plan that meets iso 14000 and iso 14001 iso certification requirements. The other iso certification that guarantees product quality in Quality Management include iso 9001 2000.
In order to meet supplier quality in Quality Management systems, there are several iso training sessions that are offered. These meet iso standards. An organization that is in need of Quality Management for its products and services may also consider using a quality manual for its day to day Quality Management plans. Such a manual will usually have guidelines for iso quality. However, when applying the guidelines in the manual, regard must be had to quality audit measures aimed at guaranteeing Quality Management for the organization. Quality Management also involves knowledge of as9100 and iso 13485 that are commonly applicable in supplier management.
Quality Management programs that are iso certified help offer quality policy to existing iso 9001 certifications and quality management system that meet iso 9000 and ts16949 requirements. Quality companies that are aimed at ensuring Quality Management for the products and services that they manufacture also use quality management software that guarantees managing quality. In order to enhance Quality Management, the software guarantees quality procedures through its high rate of functionality. Besides such software, an organization can adopt quality assurance training and also offer quality consulting to its members in order to guarantee Quality Management to its products and services.
There are also several quality project management plans, which meet iso standards such as iso 9002 that are available today. Such plans are usually developed with a view to developing flexible, affordable and scalable management solutions to companies that seek to uphold Quality Management for their products and services. Such plans feature quality management systems that offer quality control management and quality assurance management through quality a management plan. Other quality objectives that can be obtained through iso 9001 training thus meeting iso 9000 certification use project management skills to improve Quality Management for the manufactured products and services.
Reasons a Company Becomes Certified in ISO 9001 Standards
ISO 9000 certification or registration can be an expensive process. A company must consider the reasons and promised benefits for going through this process. If a company decides to seek certification, they should consider making sure their suppliers are certified or at least compliant to the ISO 9000 standards.
Major reasonsIn the early 1990s, companies seemed to be jumping on the certification bandwagon without seriously considering the rationale for doing so. Often they did so because competitors or “everybody else” is getting registered. Today companies seriously look at the reasons and benefits for becoming registered.
The major reasons that company leadership or management decides to seek ISO 9000 certification are to gain continued or increased business and to maintain effective operations.
Improved businessA company can maintain a relationship with customers, as well as get increased business through complying to the ISO 9001 standards or becoming certified. This comes from satisfying customer demands, the desire for European business, and to advertise.
Finally, some companies want to become certified, so they can advertise that fact and give the impression of being better than their competitors.
You have seen ads with a logo stating the company is certified at some ISO 9000 level. It apparently gives those companies a leg up on competitors not registered.
Again, this seemed more important in the 1990s, but you don’t see that many companies using ISO 9000 certification as an advertising tool.
ISO 9000 is supposed to make sure your business is run in an orderly manner that will assure continued success.
One would think that a goal such as being run effectively and able to deliver goods consistently and reliably would also be desirable for a company’s own operation. Surprisingly, many companies do not consider that as a goal.
Major reasonsIn the early 1990s, companies seemed to be jumping on the certification bandwagon without seriously considering the rationale for doing so. Often they did so because competitors or “everybody else” is getting registered. Today companies seriously look at the reasons and benefits for becoming registered.
The major reasons that company leadership or management decides to seek ISO 9000 certification are to gain continued or increased business and to maintain effective operations.
Improved businessA company can maintain a relationship with customers, as well as get increased business through complying to the ISO 9001 standards or becoming certified. This comes from satisfying customer demands, the desire for European business, and to advertise.
Finally, some companies want to become certified, so they can advertise that fact and give the impression of being better than their competitors.
You have seen ads with a logo stating the company is certified at some ISO 9000 level. It apparently gives those companies a leg up on competitors not registered.
Again, this seemed more important in the 1990s, but you don’t see that many companies using ISO 9000 certification as an advertising tool.
ISO 9000 is supposed to make sure your business is run in an orderly manner that will assure continued success.
One would think that a goal such as being run effectively and able to deliver goods consistently and reliably would also be desirable for a company’s own operation. Surprisingly, many companies do not consider that as a goal.
Wednesday, September 30, 2009
ISO 9001 & ISO 14001 Blog
Some of the new blogs on ISO 9001 Standards & ISO 14001 standards was found as below:
http://iso14000standards.blogspot.com/
http://iso-9001-standards.blogspot.com/
http://iso14001environmentmanagementsystem.blogspot.com/
http://iso9001qualitymanagementsystem.blogspot.com/
http://iso9001qualitymanual.blogspot.com/
http://iso9000standards.blogspot.com/
http://iso9001-standards.blogspot.com/
http://iso14001standards.blogspot.com/
http://iso14000standards.blogspot.com/
http://iso-9001-standards.blogspot.com/
http://iso14001environmentmanagementsystem.blogspot.com/
http://iso9001qualitymanagementsystem.blogspot.com/
http://iso9001qualitymanual.blogspot.com/
http://iso9000standards.blogspot.com/
http://iso9001-standards.blogspot.com/
http://iso14001standards.blogspot.com/
ISO 9001 Standards – Document Repository
ISO 9001 Standards - Document Repository
All QMS and product realization documents can be stored electronically within the computerize Document Management System like ISO 9001 Document Control Sytem. This provides a set of category and sub-category headings that enable users to drill down intothe different levels of the documentation category tree.QMS documents are created and maintained within a top level category entitled “ISO 9001 Quality Management System (QMS)“. Documents in this category follow a 4-tier approach:• Quality Manual – company scope and process interactions within the QMS• Quality Procedures – responsibilities, controls and activities within the QMS that effect customer service• Records – objective evidence to demonstrate our goal in achieving customer satisfaction• Forms & Reports to support the QMS processesProduct realization documents are stored in categories corresponding to Products, Projects and Departments. Each document is unique, but can be accessed from multiple categories.Documents created within the FablessSemi Inc CogniDox system are assigned a unique identifier using the format “PO-NNNNNN-XX”; where the “PO” prefix identifies them as FablessSemi Inc documents, the “NNNNNN” is an automatically generated and uniquely assigned numerical ID, and the “XX” suffix indicates the document type.All Fabless Semi Inc personnel are responsible for creating document part numbers and uploading documents to an appropriate category. Selected users with additional system privileges are responsible for creating and maintaining document categories.
All QMS and product realization documents can be stored electronically within the computerize Document Management System like ISO 9001 Document Control Sytem. This provides a set of category and sub-category headings that enable users to drill down intothe different levels of the documentation category tree.QMS documents are created and maintained within a top level category entitled “ISO 9001 Quality Management System (QMS)“. Documents in this category follow a 4-tier approach:• Quality Manual – company scope and process interactions within the QMS• Quality Procedures – responsibilities, controls and activities within the QMS that effect customer service• Records – objective evidence to demonstrate our goal in achieving customer satisfaction• Forms & Reports to support the QMS processesProduct realization documents are stored in categories corresponding to Products, Projects and Departments. Each document is unique, but can be accessed from multiple categories.Documents created within the FablessSemi Inc CogniDox system are assigned a unique identifier using the format “PO-NNNNNN-XX”; where the “PO” prefix identifies them as FablessSemi Inc documents, the “NNNNNN” is an automatically generated and uniquely assigned numerical ID, and the “XX” suffix indicates the document type.All Fabless Semi Inc personnel are responsible for creating document part numbers and uploading documents to an appropriate category. Selected users with additional system privileges are responsible for creating and maintaining document categories.
Useful Aids to Implement ISO 9001 Standards
Useful Aids To Implement ISO 9001 Standards
Many companies implement ISO 9001 without using all the available tools. As a result, some companies may not fully optimize their implementation. This issue could be manifested as confusion over terms, misunderstanding about requirements, and perplexity concerning intention.ISO, the International Organization for Standardization, based in Geneva Switzerland issues thousands of standards, but we limit our scope to ISO 9001:2008 and its immediate “family”.This includes ISO 9000:2005 and ISO 9004:20002. ISO 9001 is a general industry standard for quality management, but ISO also issues industry specific standards. Many of these standards, such as ISO 13485 for medical devices, are based on ISO 9001 and can also utilize these available tools.
In addition to the information discussed below, ISO also issues standards related to specific activities that may arises in a quality management system. The following lists these supporting documents.
Automotive ISO/TS 16949:2002Education IWA 2:2007Energy PC 242, ISO 50001Food safety ISO 22000:2005Information security ISO/IEC 27001:2005Health care IWA 1:2005Local government IWA 4:2005Medical devices ISO 13485:2003Petroleum and gas ISO 29001:2003Ship recycling ISO/PAS 30000:2008Supply chain security ISO 28000:2007
Many companies implement ISO 9001 without using all the available tools. As a result, some companies may not fully optimize their implementation. This issue could be manifested as confusion over terms, misunderstanding about requirements, and perplexity concerning intention.ISO, the International Organization for Standardization, based in Geneva Switzerland issues thousands of standards, but we limit our scope to ISO 9001:2008 and its immediate “family”.This includes ISO 9000:2005 and ISO 9004:20002. ISO 9001 is a general industry standard for quality management, but ISO also issues industry specific standards. Many of these standards, such as ISO 13485 for medical devices, are based on ISO 9001 and can also utilize these available tools.
In addition to the information discussed below, ISO also issues standards related to specific activities that may arises in a quality management system. The following lists these supporting documents.
Automotive ISO/TS 16949:2002Education IWA 2:2007Energy PC 242, ISO 50001Food safety ISO 22000:2005Information security ISO/IEC 27001:2005Health care IWA 1:2005Local government IWA 4:2005Medical devices ISO 13485:2003Petroleum and gas ISO 29001:2003Ship recycling ISO/PAS 30000:2008Supply chain security ISO 28000:2007
Process Approach In ISO 9001 Standards
Process Approach In ISO 9001 Standards
The process approach was introduced into ISO 9001 with the year 2000 version of the standards.Prior versions used an element approach. The document Guidance on the concept and use of the process approach for management systems describes to process approach and offers an implementation paradigm.1. Identification of processes of the organization1.1. Define the purpose of the organization1.2. Define the policies and objectives of the organization1.3. Determine the processes in the organization1.4. Determine the sequence of the processes1.5. Define process ownership1.6. Define process documentation2. Planning of a process2.1. Define the activities within the process2.2. Define the monitoring and measurement requirements2.3. Define the resources needed
2.4. Verify the process and its activities against its planned objectives3. Implementation and measurement of the process4. Analysis of the process5. Corrective action and improvement of the process ImplementationThis document explains the process used to evaluate changes to the 2008 version. In particular, it explains the revision process and illustrates the impact vs. benefit analysis used to evaluate potential changes.In addition to the guidance documents, ISO maintains a web site with “official interpretations” of ISO 9001. Currently, these interpretations only include ISO 9001:2000, but, because the changes to the 2008 version were limited, they are valuable.Consider a common question. An organization needs a documented procedure for preventive action (8.5.3), and must keep records of the results of preventive action (8.5.3.d). One of the interpretation requests asks, “Does sub-clause 8.5.3 a) require organizations to demonstrate, with objective evidence in the form of records, that they have undertaken actions to determine the existence of ‘potential nonconformities and their causes’?” The answer is “No”.Auditing PracticesThe ISO 9001 Auditing Practices Group maintains a website9 with guidance and information on auditing ISO 9001 quality management systems. It is an informal group of quality management system (QMS) experts, auditors, and practitioners drawn from the ISO Technical Committee 176 Quality Management and Quality Assurance (ISO/TC 176) and the International Accreditation Forum (IAF).The website, primarily aimed at QMS auditors, consultants, and quality practitioners, is an online source of papers and presentations on auditing a QMS and reflect the process based approach.The website contains almost forty guidance documents with practical advice ranging from “How to audit top management processes” to “The role and value of the audit checklist”.
The process approach was introduced into ISO 9001 with the year 2000 version of the standards.Prior versions used an element approach. The document Guidance on the concept and use of the process approach for management systems describes to process approach and offers an implementation paradigm.1. Identification of processes of the organization1.1. Define the purpose of the organization1.2. Define the policies and objectives of the organization1.3. Determine the processes in the organization1.4. Determine the sequence of the processes1.5. Define process ownership1.6. Define process documentation2. Planning of a process2.1. Define the activities within the process2.2. Define the monitoring and measurement requirements2.3. Define the resources needed
2.4. Verify the process and its activities against its planned objectives3. Implementation and measurement of the process4. Analysis of the process5. Corrective action and improvement of the process ImplementationThis document explains the process used to evaluate changes to the 2008 version. In particular, it explains the revision process and illustrates the impact vs. benefit analysis used to evaluate potential changes.In addition to the guidance documents, ISO maintains a web site with “official interpretations” of ISO 9001. Currently, these interpretations only include ISO 9001:2000, but, because the changes to the 2008 version were limited, they are valuable.Consider a common question. An organization needs a documented procedure for preventive action (8.5.3), and must keep records of the results of preventive action (8.5.3.d). One of the interpretation requests asks, “Does sub-clause 8.5.3 a) require organizations to demonstrate, with objective evidence in the form of records, that they have undertaken actions to determine the existence of ‘potential nonconformities and their causes’?” The answer is “No”.Auditing PracticesThe ISO 9001 Auditing Practices Group maintains a website9 with guidance and information on auditing ISO 9001 quality management systems. It is an informal group of quality management system (QMS) experts, auditors, and practitioners drawn from the ISO Technical Committee 176 Quality Management and Quality Assurance (ISO/TC 176) and the International Accreditation Forum (IAF).The website, primarily aimed at QMS auditors, consultants, and quality practitioners, is an online source of papers and presentations on auditing a QMS and reflect the process based approach.The website contains almost forty guidance documents with practical advice ranging from “How to audit top management processes” to “The role and value of the audit checklist”.
Quality Planning
Whenever the term “product” is used within the ISO 9001 standard, it refers to both tangible goods and intangible services. The ISO 9001 standard is meant to be generic which means that it is suitable for all kinds of organization, whether commercial or otherwise. The purpose of the quality management system model that is being propagated by the standard is the fulfillment of customer requeirements and expectations in order to induce high levels of customer satisfaction. An unsatisfied customer is essentially a customer whose requirements or needs, and expectations of the level of services being granted upon him/her have not been met. We are all customers because we buy products all the time. So we know what it means to be a dissatisfied customer. The common reaction is to never to go back to that seller and look for other alternatives. A successful organization is one which understands what it takes to meet customer requirements in order to satisfy their needs and expectations. A specific process is thus necessary to resolve any customer complaint or dispute. This process should be geared towards satisfying the customer’s needs and expectations. The parameters of this process should be referenced from the terms of the sale and purchase. This is why it is necessary to review the customer’s requirements before committing to the sales contract. It is necessary that the customer understands what he/she is paying for and it is equally necessary for the organization to understand what it is supposed to deliver. When your organization has these processes in place, then the only thing to do next is to continually measure the effectiveness and subsequently take actions to continually improve the whole process.
ISO 9001 – Compatibility with other management systems
ISO 9001 – Compatibility with other management systems
ISO 9001 and ISO 9004 are quality management system standards which have been designed to complement each other, but can also be used independently.ISO 9001 specifies requirements for a quality management system that can be used for internal application by organizations, for certification, or for contractual purposes. It focuses on the effectiveness of the qualitymanagement system in meeting customer requirements.ISO 9004 gives guidance on a wider range of objectives of a quality management system than does ISO 9001, particularly for the continual improvement of an organizations overall performance and efficiency, as well as its effectiveness. ISO 9004 is recommended as a guide for organizations whose top management wishes to move beyond the requirements of ISO 9001, in pursuit of continual improvement of performance. However, it is not intended for certification or for contractual purposes.
During the development of this International Standard, due consideration was given to the provisions of ISO 14001:2004 to enhance the compatibility of the two standards for the benefit of the user community.This International Standard does not include requirements specific to other management systems, such as those particular to environmental management, occupational health and safety management, financialmanagement or risk management. However, this International Standard enables an organization to align or integrate its own quality management system with related management system requirements. It is possible foran organization to adapt its existing management system(s) in order to establish a quality management system that complies with the requirements of this International Standard.
ISO 9001 and ISO 9004 are quality management system standards which have been designed to complement each other, but can also be used independently.ISO 9001 specifies requirements for a quality management system that can be used for internal application by organizations, for certification, or for contractual purposes. It focuses on the effectiveness of the qualitymanagement system in meeting customer requirements.ISO 9004 gives guidance on a wider range of objectives of a quality management system than does ISO 9001, particularly for the continual improvement of an organizations overall performance and efficiency, as well as its effectiveness. ISO 9004 is recommended as a guide for organizations whose top management wishes to move beyond the requirements of ISO 9001, in pursuit of continual improvement of performance. However, it is not intended for certification or for contractual purposes.
During the development of this International Standard, due consideration was given to the provisions of ISO 14001:2004 to enhance the compatibility of the two standards for the benefit of the user community.This International Standard does not include requirements specific to other management systems, such as those particular to environmental management, occupational health and safety management, financialmanagement or risk management. However, this International Standard enables an organization to align or integrate its own quality management system with related management system requirements. It is possible foran organization to adapt its existing management system(s) in order to establish a quality management system that complies with the requirements of this International Standard.
ISO 9001 Standards In General
ISO 9001 Standards In General
The adoption of a quality management system should be a strategic decision of an organization. The design and implementation of an organization’s quality management system is influenced by— its business environment, changes in that environment, or risks associated with that environment,— its varying needs,— its particular objectives,— the products it provides,— the processes it employs,— its size and organizational structure.It is not the intent of this International Standard to imply uniformity in the structure of quality management systems or uniformity of documentation.The quality management system requirements specified in this International Standard are complementary to requirements for products. Information marked “NOTE” is for guidance in understanding or clarifying theassociated requirement.This International Standard can be used by internal and external parties, including certification bodies, to assess the organization’s ability to meet customer, statutory and regulatory requirements applicable to theproduct, and the organization’s own requirements.The quality management principles stated in ISO 9000 and ISO 9004 have been taken into consideration during the development of this International Standard.
The adoption of a quality management system should be a strategic decision of an organization. The design and implementation of an organization’s quality management system is influenced by— its business environment, changes in that environment, or risks associated with that environment,— its varying needs,— its particular objectives,— the products it provides,— the processes it employs,— its size and organizational structure.It is not the intent of this International Standard to imply uniformity in the structure of quality management systems or uniformity of documentation.The quality management system requirements specified in this International Standard are complementary to requirements for products. Information marked “NOTE” is for guidance in understanding or clarifying theassociated requirement.This International Standard can be used by internal and external parties, including certification bodies, to assess the organization’s ability to meet customer, statutory and regulatory requirements applicable to theproduct, and the organization’s own requirements.The quality management principles stated in ISO 9000 and ISO 9004 have been taken into consideration during the development of this International Standard.
Wednesday, September 16, 2009
Useful Aids to Implement ISO 9001 Standards
Useful Aids To Implement ISO 9001 Standards
Many companies implement ISO 9001 without using all the available tools. As a result, some companies may not fully optimize their implementation. This issue could be manifested as confusion over terms, misunderstanding about requirements, and perplexity concerning intention.ISO, the International Organization for Standardization, based in Geneva Switzerland issues thousands of standards, but we limit our scope to ISO 9001:2008 and its immediate “family”.This includes ISO 9000:2005 and ISO 9004:20002. ISO 9001 is a general industry standard for quality management, but ISO also issues industry specific standards. Many of these standards, such as ISO 13485 for medical devices, are based on ISO 9001 and can also utilize these available tools.
In addition to the information discussed below, ISO also issues standards related to specific activities that may arises in a quality management system. The following lists these supporting documents.
Automotive ISO/TS 16949:2002Education IWA 2:2007Energy PC 242, ISO 50001Food safety ISO 22000:2005Information security ISO/IEC 27001:2005Health care IWA 1:2005Local government IWA 4:2005Medical devices ISO 13485:2003Petroleum and gas ISO 29001:2003Ship recycling ISO/PAS 30000:2008Supply chain security ISO 28000:2007
Many companies implement ISO 9001 without using all the available tools. As a result, some companies may not fully optimize their implementation. This issue could be manifested as confusion over terms, misunderstanding about requirements, and perplexity concerning intention.ISO, the International Organization for Standardization, based in Geneva Switzerland issues thousands of standards, but we limit our scope to ISO 9001:2008 and its immediate “family”.This includes ISO 9000:2005 and ISO 9004:20002. ISO 9001 is a general industry standard for quality management, but ISO also issues industry specific standards. Many of these standards, such as ISO 13485 for medical devices, are based on ISO 9001 and can also utilize these available tools.
In addition to the information discussed below, ISO also issues standards related to specific activities that may arises in a quality management system. The following lists these supporting documents.
Automotive ISO/TS 16949:2002Education IWA 2:2007Energy PC 242, ISO 50001Food safety ISO 22000:2005Information security ISO/IEC 27001:2005Health care IWA 1:2005Local government IWA 4:2005Medical devices ISO 13485:2003Petroleum and gas ISO 29001:2003Ship recycling ISO/PAS 30000:2008Supply chain security ISO 28000:2007
Costs and resources Of ISO 9001 Standards
Costs and resources Of ISO 9001 Standards
The largest cost of ISO 9001 is the involvement of company employees. The ‘ownership’ created by involving employees in designing the quality system maximises the chances of them accepting it. Reducing this cost by minimising employee involvement is a false economy. The next largest cost will be for designing and developing the system. This needs to be led by someone with experience in this particular field. You may have someone within your own organisation who has carried out this role, perhaps with a former employer. Your Business Link may offer free or subsidised advice and training, and will be able to provide names of approved consultants. Grants for work in this area tend to be directed through Business Links. Different areas have different grants, which depend on local conditions. A typical grant may cover up to 50 per cent of the cost of an approved consultant. Certification fees are around £800 for the smallest companies. Overall costs depend upon company size and the number of locations involved. Ask certification bodies for quotes for initial audits and surveillance visits. Many will give an all-inclusive price, including surveillance visits for three years. Typically, special rates will depend on how long the assessment is likely to take and what the company’s turnover is. Ask your certification body if it offers special rates for small companies. The standard requires that companies have trained internal auditors to conduct audits on the system. An internal audit can provide an effective means of monitoring the system and identifying areas for improvement. For further details, contact the International Register of Certificated Auditors.
The largest cost of ISO 9001 is the involvement of company employees. The ‘ownership’ created by involving employees in designing the quality system maximises the chances of them accepting it. Reducing this cost by minimising employee involvement is a false economy. The next largest cost will be for designing and developing the system. This needs to be led by someone with experience in this particular field. You may have someone within your own organisation who has carried out this role, perhaps with a former employer. Your Business Link may offer free or subsidised advice and training, and will be able to provide names of approved consultants. Grants for work in this area tend to be directed through Business Links. Different areas have different grants, which depend on local conditions. A typical grant may cover up to 50 per cent of the cost of an approved consultant. Certification fees are around £800 for the smallest companies. Overall costs depend upon company size and the number of locations involved. Ask certification bodies for quotes for initial audits and surveillance visits. Many will give an all-inclusive price, including surveillance visits for three years. Typically, special rates will depend on how long the assessment is likely to take and what the company’s turnover is. Ask your certification body if it offers special rates for small companies. The standard requires that companies have trained internal auditors to conduct audits on the system. An internal audit can provide an effective means of monitoring the system and identifying areas for improvement. For further details, contact the International Register of Certificated Auditors.
Saturday, September 12, 2009
The Similarity between ISO 9001 and BS 7799-2
The Similarity between ISO 9001 and BS 7799-2
BS 7799-2:2002 is a specification for an Information Security Management System (ISMS). It is shortly to be upgraded to the status of a full
International Standard, and published as ISO/IEC 27001. The normative part of this standard has four sections and an annex . The requirements of the four sections are associated with the PDCA cycle. The annex defines all the controls that must be considered for generating the SOA. Thus the structure of BS 7799-2:2002, as will be ISO/IEC 27001, can be simply described as:
A PDCA framework;
An SOA.
ISO 9001:2000 is a specification for a Quality Management System (QMS). The normative part of this standard has five normative sections,
numbered 4 – 8. All of these requirements must be met in order to claim conformance with the standard, save for section 7 (Product Realisation),
where the standard states in paragraph 1.2 “Where exclusions are made, claims of conformity to this International Standard are not acceptable unless
these exclusions are limited to requirements within clause 7, an such exclusions do not affect the organisation’s ability, or responsibility, to provide
product that meets customer and applicable regulatory requirements”.
In Table 2 we relate the requirements of sections 4, 5, 6 and 8 to the PDCA framework. We treat section 7 as an SOA.
The BS 7799-2:2002 standard gives instruction on how the controls documented in BS 7799-2 Annex A are to be determined as being applicable or nonapplicable. In particular, if the control is applicable it must be justified in terms of the results of a risk assessment.
The controls listed in Section 7 of ISO 9001 may be excluded with justification. Thus, Section 7 of ISO 9001 may be treated in exactly the same manner as BS 7799-2 Annex A provided that applicable quality controls are also justified by
reference to a risk assessment. Conversely for an integrated MS, information security controls that are declared to be non-applicable should also be
justified as not applicable by reference to a risk assessment, in order to bring the two standards into line. Interestingly, this requirement was present in
BS 7799-2:1999 but was dropped in the 2002 revision.
The amalgamation of these two approaches in an integrated MS should not be seen as a disadvantage. The justification of non-applicable information security controls greatly simplifies the task of determining, given a change of threat or
business practice, whether a non-applicable control has now become applicable. The justification of Product Realisation controls by way of a reference to a risk assessment serves to remind us that, for many organisations, quality controls are not uniform across the whole organisation but are commensurate with the degree of risk involved.
For example, in the software business, a fixed price assignment with tight timescales to produce a bespoke software system has a greater risk than a
time and materials contract to supply programming staff, and the quality controls applied to management planning and reporting of the two projects would be very different.
BS 7799-2:2002 is a specification for an Information Security Management System (ISMS). It is shortly to be upgraded to the status of a full
International Standard, and published as ISO/IEC 27001. The normative part of this standard has four sections and an annex . The requirements of the four sections are associated with the PDCA cycle. The annex defines all the controls that must be considered for generating the SOA. Thus the structure of BS 7799-2:2002, as will be ISO/IEC 27001, can be simply described as:
A PDCA framework;
An SOA.
ISO 9001:2000 is a specification for a Quality Management System (QMS). The normative part of this standard has five normative sections,
numbered 4 – 8. All of these requirements must be met in order to claim conformance with the standard, save for section 7 (Product Realisation),
where the standard states in paragraph 1.2 “Where exclusions are made, claims of conformity to this International Standard are not acceptable unless
these exclusions are limited to requirements within clause 7, an such exclusions do not affect the organisation’s ability, or responsibility, to provide
product that meets customer and applicable regulatory requirements”.
In Table 2 we relate the requirements of sections 4, 5, 6 and 8 to the PDCA framework. We treat section 7 as an SOA.
The BS 7799-2:2002 standard gives instruction on how the controls documented in BS 7799-2 Annex A are to be determined as being applicable or nonapplicable. In particular, if the control is applicable it must be justified in terms of the results of a risk assessment.
The controls listed in Section 7 of ISO 9001 may be excluded with justification. Thus, Section 7 of ISO 9001 may be treated in exactly the same manner as BS 7799-2 Annex A provided that applicable quality controls are also justified by
reference to a risk assessment. Conversely for an integrated MS, information security controls that are declared to be non-applicable should also be
justified as not applicable by reference to a risk assessment, in order to bring the two standards into line. Interestingly, this requirement was present in
BS 7799-2:1999 but was dropped in the 2002 revision.
The amalgamation of these two approaches in an integrated MS should not be seen as a disadvantage. The justification of non-applicable information security controls greatly simplifies the task of determining, given a change of threat or
business practice, whether a non-applicable control has now become applicable. The justification of Product Realisation controls by way of a reference to a risk assessment serves to remind us that, for many organisations, quality controls are not uniform across the whole organisation but are commensurate with the degree of risk involved.
For example, in the software business, a fixed price assignment with tight timescales to produce a bespoke software system has a greater risk than a
time and materials contract to supply programming staff, and the quality controls applied to management planning and reporting of the two projects would be very different.
BACKGROUND TO THE ISO 9001:2008 REVISION PROCESS
BACKGROUND TO THE ISO 9001:2008 REVISION PROCESS
In order to assist organizations to have a full understanding of the new ISO 9001:2008, it may be useful to have an insight on the revision process, how this revision reflects the inputs received from users of the standard, and the consideration given to benefits and impacts during its development.
Prior to the commencement of a revision (or amendment)to a management system standard, ISO/Guide 72:2001 Guidelines for the justification and development of management system standards recommends that a Justification Study” is prepared to present a case for the proposed project and that it outlines details of the data and inputs used to support its arguments. In relation to the development of ISO 9001:2008 user needs were identified from the following:
- the results of a formal “Systematic Review on ISO 9001:2000 that was performed by the members of ISO/TC 176/SC2 during 2003-2004
- feedback from the ISO/TC 176/Working Group on Interpretations,
- the results of an extensive worldwide “User Feedback Survey on ISO 9001 and ISO 9004″ by ISO/TC 176/SC 2/WG 18 and similar national surveys.
The key focuses of the ISO 9001:2008 amendment were to enhance the clarity of ISO 9001:2000 and to enhance its compatibility with ISO 14001:2004.
A tool for assessing the impacts versus benefits for proposed changes was created to assist the drafters of the amendment in deciding which changes should be included, and to assist in the verification of drafts against the identified user needs. The following decision making principles were applied:1) No changes with high impact would be incorporated into the standard;
2) Changes with medium impact would only be incorporated when they provided a correspondingly medium or high benefit to users of the standard;
3) Even where a change was low impact, it had to be justified by the benefits it delivered to users, before being incorporated.
The changes incorporated in this ISO 9001:2008 edition were classified in terms of impact into the following categorie
- No changes or minimum changes on user documents, including records
- No changes or minimum changes to existing processes of the organization
- No additional training required or minimal training required
- No effects on current certifications
The benefits identified for the ISO 9001:2008 edition fall into the following categories:
- Provides clarity
- Increases compatibility with ISO 14001.- Maintains consistency with ISO 9000 family of standards.
- Improves translatability.
In order to assist organizations to have a full understanding of the new ISO 9001:2008, it may be useful to have an insight on the revision process, how this revision reflects the inputs received from users of the standard, and the consideration given to benefits and impacts during its development.
Prior to the commencement of a revision (or amendment)to a management system standard, ISO/Guide 72:2001 Guidelines for the justification and development of management system standards recommends that a Justification Study” is prepared to present a case for the proposed project and that it outlines details of the data and inputs used to support its arguments. In relation to the development of ISO 9001:2008 user needs were identified from the following:
- the results of a formal “Systematic Review on ISO 9001:2000 that was performed by the members of ISO/TC 176/SC2 during 2003-2004
- feedback from the ISO/TC 176/Working Group on Interpretations,
- the results of an extensive worldwide “User Feedback Survey on ISO 9001 and ISO 9004″ by ISO/TC 176/SC 2/WG 18 and similar national surveys.
The key focuses of the ISO 9001:2008 amendment were to enhance the clarity of ISO 9001:2000 and to enhance its compatibility with ISO 14001:2004.
A tool for assessing the impacts versus benefits for proposed changes was created to assist the drafters of the amendment in deciding which changes should be included, and to assist in the verification of drafts against the identified user needs. The following decision making principles were applied:1) No changes with high impact would be incorporated into the standard;
2) Changes with medium impact would only be incorporated when they provided a correspondingly medium or high benefit to users of the standard;
3) Even where a change was low impact, it had to be justified by the benefits it delivered to users, before being incorporated.
The changes incorporated in this ISO 9001:2008 edition were classified in terms of impact into the following categorie
- No changes or minimum changes on user documents, including records
- No changes or minimum changes to existing processes of the organization
- No additional training required or minimal training required
- No effects on current certifications
The benefits identified for the ISO 9001:2008 edition fall into the following categories:
- Provides clarity
- Increases compatibility with ISO 14001.- Maintains consistency with ISO 9000 family of standards.
- Improves translatability.
Summaries of changes to ISO 14001
Summaries of changes to ISO 14001
ISO 14001 year 2004 changes are consider having some effect on EMS ISO 14001, the changes require reviewing the EMS and taking action for transition (information is under control of TC 207). Considering the most relevant changes in advancing / transition to ISO 14001 2004 standard includes (an overview for transition / implementation):
Clause 4.1, Scope – requires defining the scope of the EMS (environmental management system) linking to the organizations activities, products, and services (and processes). First consider defining the scope of the EMS within the “boundaries” of products, services, activities, and processes as these relate [for ISO 9001:2000 organizations consider requirement 4.1, and organizations implementing ISO 14001 may be helpful reading ISO 9001:2000 clause 4.1]. The previous indicates an overview on how the EMS fulfills ISO 14001 2004 [some thoughts are internal auditing, management system review providing that these link].
Clause 4.2, Policy – The scope of the EMS and its policy must be consistent. The requirements for the policy remains about the same, now explicitly indicating that must be developed by top management, and other explicit terms in tune with the 1996 version.
Clause 4.3.1, Environmental Aspects Identification – Changes involve in assisting to clarifying statements from 1996 version and the change of the “or” for “and” (within the scope of the EMS); “… products and services…” Control and influence are now mutually exclusive, whilst introducing planned and new developments… new and modified activities… Considering identifying significant aspects must occur from development, implementation, and maintaining the EMS (see 4.1). Information on environmental aspects needs be in documentation format.
To a more assertive statement, “… over which it can be expected to have…” changes to the following “…those which it can influence.”
Clause 4.3.2, Legal and Other Requirements – The wording changes to “legal” in better addressing context to different world regions. Consideration must be given with changes to clause 4.1, for development, implementation, and maintaining the EMS.
Clause 4.3.3 – No significant change.
Clause 4.3.4 – No significant change.
Clause 4.4.1 , Resources, Roles, Responsibility and Authority, please note that this is a new title. This title reflects the importance and relevancy of each term to the EMS. Some minor wording changes include from “…provide…” to “…ensure the availability…” Do not forget that this will require reviewing auditing, planning, and responding to emergencies.
Clause 4.4.2, Competence, Training and Awareness – Whilst using the same
terms in the title notice the change in sequence. This change reflects the expected order of importance of the terms-subjects. Also consider that introduces a new phrase that broadens the individuals within an EMS; “…persons working for, or on behalf of …” Combining these previous two sentences, provides for the organization to include not only relevancy to significant environmental aspects but as well extending to those working for or in behalf of the organization . (Note: also consider that training provider and supporting services are inclusive to 4.4.6).
Clause 4.4.3, Communication – In specifically addressing the European Requirements (EMAR / EMAS), if the organization decides communicating externally the environmental aspects (environmental performance), ISO 14001:2004 address this issue. This is strictly on a volunteer globally, realizing that within the European Union is require.
Clause 4.4.4, Environmental Management System Documentation – in pursuit
of continuing compatibility with ISO 9001:2000 the term applied is “Documentation.”
Thereof, consider this clause also in the light of ISO 9001:2000 when integrating
EMS and QMS. The EMS documentation and records must be those to ascertain
objective evidence on the effectiveness of implementing the policy, planning, and
execution (including improving), control of operations, verification, and control,
improving, and reviewing the EMS.
Clause 4.4.5, Document Control – Again, changing the title and wording reflects
compatibility with ISO 9001:2000. Other than compatibility between QMS ISO
9001:2000 and EMS ISO 14001:2004 there are no significant changes.
4.4.6, Operational Control – No significant change.
4.4.7, Emergency Preparedness and Response – The structure changes by
placing some of its already content in bullets to emphasize each as pointer for the organization to address.
4.5.1, Monitoring and Measurement – Best to see new clause 4.5.2.
4.5.2, Evaluation of Legal Compliance – This is a new clause
[Note: addressing the concern of many government entities / authorities on
their responsibility on environmental and social issues and EMS ISO 14001 1996].
This is construe as the most impacting change to ISO 14001 2004 – this “new” clause brings the last paragraph of 4.5.1 as a separate clause. This clause brings the importance of periodically reviewing legal requirements / compliance under which the organization ascribes. It implies provision of records to demonstrate that this review occurs. This requires that the EMS be review to address the requirements of this “new” clause.
4.5.3, Non Conformance, Corrective and Preventive Action – Includes clarifications ascertaining that prevention (measures or potential of non conformity)and corrective action are two occurring events (which may be mutually inclusive).
Thereof, “action to eliminate the causes of potential non conformities to prevent their occurrence” can lead to changes in your EMS procedures.
4.5.4, Records – States that organizations need records to demonstrate
implementation of procedures and achieving results. These must demonstrate complying with the EMS (procedures and results). Whilst record retention times are not specifically required, record retention needs being specified (consider legal requirements and contractual agreements such that provide a demonstrable sustainable EMS).
4.5.5, Environmental Management System Audit – Whilst there are no wording changes, auditing must be reviewed in the light and effect of other changes (such as 4.5.1, 4.4.2).
4.6, Management Review – The wording provides (more direct) compatibility with ISO 9001:2000, which includes inputs and outputs for reviewing the EMS. Addition includes reviewing for improving the EMS (from target and not merely objectives).
The advent of ISO 14001:2004 shall not require additional training, unless otherwise the organization decides for a short review presentation or an “IMS” (integrated management systems,” integration of management systems such as ILO-OSH, OSH.MS, OSHAS 18001, ISO 9001 and variants with ISO 14001.) It will require reviewing the EMS by management, (perhaps a gap analysis), acting on any changes, inclusive to auditing against ISO 14001:2004 before transition.
ISO 14001 year 2004 changes are consider having some effect on EMS ISO 14001, the changes require reviewing the EMS and taking action for transition (information is under control of TC 207). Considering the most relevant changes in advancing / transition to ISO 14001 2004 standard includes (an overview for transition / implementation):
Clause 4.1, Scope – requires defining the scope of the EMS (environmental management system) linking to the organizations activities, products, and services (and processes). First consider defining the scope of the EMS within the “boundaries” of products, services, activities, and processes as these relate [for ISO 9001:2000 organizations consider requirement 4.1, and organizations implementing ISO 14001 may be helpful reading ISO 9001:2000 clause 4.1]. The previous indicates an overview on how the EMS fulfills ISO 14001 2004 [some thoughts are internal auditing, management system review providing that these link].
Clause 4.2, Policy – The scope of the EMS and its policy must be consistent. The requirements for the policy remains about the same, now explicitly indicating that must be developed by top management, and other explicit terms in tune with the 1996 version.
Clause 4.3.1, Environmental Aspects Identification – Changes involve in assisting to clarifying statements from 1996 version and the change of the “or” for “and” (within the scope of the EMS); “… products and services…” Control and influence are now mutually exclusive, whilst introducing planned and new developments… new and modified activities… Considering identifying significant aspects must occur from development, implementation, and maintaining the EMS (see 4.1). Information on environmental aspects needs be in documentation format.
To a more assertive statement, “… over which it can be expected to have…” changes to the following “…those which it can influence.”
Clause 4.3.2, Legal and Other Requirements – The wording changes to “legal” in better addressing context to different world regions. Consideration must be given with changes to clause 4.1, for development, implementation, and maintaining the EMS.
Clause 4.3.3 – No significant change.
Clause 4.3.4 – No significant change.
Clause 4.4.1 , Resources, Roles, Responsibility and Authority, please note that this is a new title. This title reflects the importance and relevancy of each term to the EMS. Some minor wording changes include from “…provide…” to “…ensure the availability…” Do not forget that this will require reviewing auditing, planning, and responding to emergencies.
Clause 4.4.2, Competence, Training and Awareness – Whilst using the same
terms in the title notice the change in sequence. This change reflects the expected order of importance of the terms-subjects. Also consider that introduces a new phrase that broadens the individuals within an EMS; “…persons working for, or on behalf of …” Combining these previous two sentences, provides for the organization to include not only relevancy to significant environmental aspects but as well extending to those working for or in behalf of the organization . (Note: also consider that training provider and supporting services are inclusive to 4.4.6).
Clause 4.4.3, Communication – In specifically addressing the European Requirements (EMAR / EMAS), if the organization decides communicating externally the environmental aspects (environmental performance), ISO 14001:2004 address this issue. This is strictly on a volunteer globally, realizing that within the European Union is require.
Clause 4.4.4, Environmental Management System Documentation – in pursuit
of continuing compatibility with ISO 9001:2000 the term applied is “Documentation.”
Thereof, consider this clause also in the light of ISO 9001:2000 when integrating
EMS and QMS. The EMS documentation and records must be those to ascertain
objective evidence on the effectiveness of implementing the policy, planning, and
execution (including improving), control of operations, verification, and control,
improving, and reviewing the EMS.
Clause 4.4.5, Document Control – Again, changing the title and wording reflects
compatibility with ISO 9001:2000. Other than compatibility between QMS ISO
9001:2000 and EMS ISO 14001:2004 there are no significant changes.
4.4.6, Operational Control – No significant change.
4.4.7, Emergency Preparedness and Response – The structure changes by
placing some of its already content in bullets to emphasize each as pointer for the organization to address.
4.5.1, Monitoring and Measurement – Best to see new clause 4.5.2.
4.5.2, Evaluation of Legal Compliance – This is a new clause
[Note: addressing the concern of many government entities / authorities on
their responsibility on environmental and social issues and EMS ISO 14001 1996].
This is construe as the most impacting change to ISO 14001 2004 – this “new” clause brings the last paragraph of 4.5.1 as a separate clause. This clause brings the importance of periodically reviewing legal requirements / compliance under which the organization ascribes. It implies provision of records to demonstrate that this review occurs. This requires that the EMS be review to address the requirements of this “new” clause.
4.5.3, Non Conformance, Corrective and Preventive Action – Includes clarifications ascertaining that prevention (measures or potential of non conformity)and corrective action are two occurring events (which may be mutually inclusive).
Thereof, “action to eliminate the causes of potential non conformities to prevent their occurrence” can lead to changes in your EMS procedures.
4.5.4, Records – States that organizations need records to demonstrate
implementation of procedures and achieving results. These must demonstrate complying with the EMS (procedures and results). Whilst record retention times are not specifically required, record retention needs being specified (consider legal requirements and contractual agreements such that provide a demonstrable sustainable EMS).
4.5.5, Environmental Management System Audit – Whilst there are no wording changes, auditing must be reviewed in the light and effect of other changes (such as 4.5.1, 4.4.2).
4.6, Management Review – The wording provides (more direct) compatibility with ISO 9001:2000, which includes inputs and outputs for reviewing the EMS. Addition includes reviewing for improving the EMS (from target and not merely objectives).
The advent of ISO 14001:2004 shall not require additional training, unless otherwise the organization decides for a short review presentation or an “IMS” (integrated management systems,” integration of management systems such as ILO-OSH, OSH.MS, OSHAS 18001, ISO 9001 and variants with ISO 14001.) It will require reviewing the EMS by management, (perhaps a gap analysis), acting on any changes, inclusive to auditing against ISO 14001:2004 before transition.
Concept of quality – historical background
Concept Of Quality – Historical Background
The concept of quality as we think of it now first emerged out of the Industrial Revolution. Previously goods had been made from start to finish by the same person or team of people, with handcrafting and tweaking the product to meet ‘quality criteria’. Mass production brought huge teams of people together to work on specific stages of production where one person would not necessarily complete a product from start to finish. In the late 1800s pioneers such as Frederick Winslow Taylor and Henry Ford recognized the limitations of the methods being used in mass production at the time and the subsequent varying quality of output. Taylor established Quality Departments to oversee the quality of production and rectifying of errors, and Ford emphasized standardization of design and component standards to ensure a standard product was produced. Management of quality was the responsibility of the Quality department and was implemented by Inspection of product output to ‘catch’ defects. Application of statistical control came later as a result of World War production methods. Quality management systems are the outgrowth of work done by W. Edwards Deming, a statistician, after whom the Deming Prize for quality is named.
Quality, as a profession and the managerial process associated with the quality control function, was introduced during the second-half of the 20th century, and has evolved since then. Over this period, few other disciplines have seen as many changes as the quality profession.
The quality profession grew from simple control, to engineering, to systems engineering. Quality control activities were predominant in the 1940s, 950s, and 1960s. The 1970s were an era of quality engineering and the 1990s saw quality systems as an emerging field. Like medicine, accounting, and engineering, quality has achieved status as a recognized profession.
The concept of quality as we think of it now first emerged out of the Industrial Revolution. Previously goods had been made from start to finish by the same person or team of people, with handcrafting and tweaking the product to meet ‘quality criteria’. Mass production brought huge teams of people together to work on specific stages of production where one person would not necessarily complete a product from start to finish. In the late 1800s pioneers such as Frederick Winslow Taylor and Henry Ford recognized the limitations of the methods being used in mass production at the time and the subsequent varying quality of output. Taylor established Quality Departments to oversee the quality of production and rectifying of errors, and Ford emphasized standardization of design and component standards to ensure a standard product was produced. Management of quality was the responsibility of the Quality department and was implemented by Inspection of product output to ‘catch’ defects. Application of statistical control came later as a result of World War production methods. Quality management systems are the outgrowth of work done by W. Edwards Deming, a statistician, after whom the Deming Prize for quality is named.
Quality, as a profession and the managerial process associated with the quality control function, was introduced during the second-half of the 20th century, and has evolved since then. Over this period, few other disciplines have seen as many changes as the quality profession.
The quality profession grew from simple control, to engineering, to systems engineering. Quality control activities were predominant in the 1940s, 950s, and 1960s. The 1970s were an era of quality engineering and the 1990s saw quality systems as an emerging field. Like medicine, accounting, and engineering, quality has achieved status as a recognized profession.
Five Steps to Implementing ISO 14001:2004
ISO 14001 provides a logical, common-sense approach for businesses to adopt. To start it is recommended to carry out an environmental review of the business and the Annex to the Standard provides guidance on the approach required. The Standard then requires a management system to be developed that addresses the key environmental issues that were identified by the review as being relevant to the business, through a rational programme of control and continual improvement.
There are five key steps to ISO 14001 EMS implementation, and subsequent operation which are clearly laid out in just three pages of text.
The five key steps are:
1. Environmental Policy
2. Planning
3. Implementation and Operation
4. Checking and Corrective Action
5. Management Review
Step 1. Environmental Policy
The company or organisation must write an environmental policy statement which is relevant to the business activities and approved by top management. Their full commitment is essential if environmental management is to work. The ISO 14001 Standard clearly sets out what to cover in the policy. Often a one page document is sufficient.
Produce a first issue and expect to amend it several times before assessment and registration as knowledge grows in the company.
Step 2. Planning
Plan what the EMS is to address.
Environmental aspects
First make lists of the environmental aspects (issues) that are relevant to the business. The environmental review mentioned earlier should provide most of this information and the Annex to ISO 14001 provides guidance on the format for doing this.
Consider the inputs, outputs and processes/activities of the business in
relation to;
a) emissions to air
b) releases to water
c) waste management
d) contamination of land
e) use of raw materials and natural resources
f) other local environmental and community issues
Consider both site (direct) and offsite (ie. indirect) aspects that you control or have influence over (such as suppliers) and in relation to normal operations, shut-down and start-up conditions and reasonably foreseeable and emergencies situations.
A simple written procedure is then required to determine which of the aspects identified are really or probably significant (important) and training needs, outline the key stages of the project and dates that will lead to the target achievement).
Gradually apply environmental management programme thinking to such things as the introduction of new products, new or improved processes and other key activities of the business. In particular, ensure existing projects become environmental management projects
where there is a significant environmental impact involved, so that the EMS becomes company wide. This is a frequent oversight found during ISO 14001 assessments. The EMS must cover the whole business – like a net thrown over the whole business and for example
including such things as engineering and maintenance
Step 3. Implementation and Operation
Structure and responsibility
Appoint one or more people, depending on the size of the business, to have authority and responsibility for implementing and maintaining the EMS and provide sufficient resources. (It’s worth monitoring costs carefully and benchmarking these against key consumption figures so
that improvements delivered by the EMS become apparent).
Training, awareness and competence
Implement a procedure to provide environmental training appropriate to identified needs for management, the general workforce, project teams and key plant operators. This can have far reaching benefits on employee motivation. The workforce is usually very supportive of
moves to achieve genuine environmental improvement. Every company has its share of cynics but even some of these can be won over with time. Training will vary from a general briefing for the workforce to detailed environmental auditor training.
Communication
Implement procedures to establish a system of internal and external communication to receive environmental information and respond to it and to circulate new information to people that need to know. This will include: new legislation, information from suppliers, customers and
neighbours and communications both with employees and for employees about progress with the EMS. This process can often generate worthwhile ideas from employees themselves for future
environmental improvements.
Environmental management system documentation
The EMS itself needs to be documented with a manual, procedures and work instructions but keep it brief and simple. The Standard clearly states where procedures are required. Eleven system procedures are required to maintain the EMS, plus operating work instructions but if you already have ISO 9000, this will cover most of six of the procedures required and a quality system can certainly be expanded to cover ISO 14001 as well. Cross reference the EMS
manual to other environmental and quality documents to link the EMS and to integrate it with existing business practices.
Operational control
Implement additional operating procedures (work instructions) to control the identified significant (important) aspects of production processes and other activities. Some of these will already exist but may need a ‘bit of polish’. Don’t forget significant aspects that relate to
goods and services from suppliers and contractors.
Emergency preparedness and response
Implement procedures to address reasonably foreseeable
emergencies and to minimise their impact should they occur. (eg. Fire, major spillages of hazardous materials, explosion risks etc.)
Step 4. Checking and Corrective Action
Monitoring and measurement
Implement procedures to monitor and measure the progress of projects against the targets which have been set, the performance of processes against the written criteria using calibrated equipment (verify monitoring records) and regularly check (audit) the company’s
compliance with legislation that has been identified as relevant to your business. The most effective way of doing this is through regular progress meetings.
Nonconformance and corrective and preventive action
Implement procedures to enable appropriate corrective and subsequent preventive action to be taken where breaches of the EMS occur (eg. process control problems, delays in project process, noncompliance with legislation, incidents etc.).
Records
Implement procedures to keep records generated by the environmental management system. The Annex to the Standard suggests those that are likely to be required.
Environmental management system audit
Implement a procedure to carry out audits of each part of the EMS and company activities and operations to verify both compliance with the EMS and with ISO 14001. Audit results must be reported to top management . A typical audit cycle is one year but more critical activities will require auditing more frequently.
Step 5. Management Review
At regular intervals (typically annual), top management must conduct through meetings and record minutes of a review of the EMS, to determine that it is still appropriate and effective or to make changes where necessary. Top management will need to consider audit results, project progress, changing circumstances and the requirement of ISO 14001 for continual improvement, through setting and achieving further environmental targets.
There are five key steps to ISO 14001 EMS implementation, and subsequent operation which are clearly laid out in just three pages of text.
The five key steps are:
1. Environmental Policy
2. Planning
3. Implementation and Operation
4. Checking and Corrective Action
5. Management Review
Step 1. Environmental Policy
The company or organisation must write an environmental policy statement which is relevant to the business activities and approved by top management. Their full commitment is essential if environmental management is to work. The ISO 14001 Standard clearly sets out what to cover in the policy. Often a one page document is sufficient.
Produce a first issue and expect to amend it several times before assessment and registration as knowledge grows in the company.
Step 2. Planning
Plan what the EMS is to address.
Environmental aspects
First make lists of the environmental aspects (issues) that are relevant to the business. The environmental review mentioned earlier should provide most of this information and the Annex to ISO 14001 provides guidance on the format for doing this.
Consider the inputs, outputs and processes/activities of the business in
relation to;
a) emissions to air
b) releases to water
c) waste management
d) contamination of land
e) use of raw materials and natural resources
f) other local environmental and community issues
Consider both site (direct) and offsite (ie. indirect) aspects that you control or have influence over (such as suppliers) and in relation to normal operations, shut-down and start-up conditions and reasonably foreseeable and emergencies situations.
A simple written procedure is then required to determine which of the aspects identified are really or probably significant (important) and training needs, outline the key stages of the project and dates that will lead to the target achievement).
Gradually apply environmental management programme thinking to such things as the introduction of new products, new or improved processes and other key activities of the business. In particular, ensure existing projects become environmental management projects
where there is a significant environmental impact involved, so that the EMS becomes company wide. This is a frequent oversight found during ISO 14001 assessments. The EMS must cover the whole business – like a net thrown over the whole business and for example
including such things as engineering and maintenance
Step 3. Implementation and Operation
Structure and responsibility
Appoint one or more people, depending on the size of the business, to have authority and responsibility for implementing and maintaining the EMS and provide sufficient resources. (It’s worth monitoring costs carefully and benchmarking these against key consumption figures so
that improvements delivered by the EMS become apparent).
Training, awareness and competence
Implement a procedure to provide environmental training appropriate to identified needs for management, the general workforce, project teams and key plant operators. This can have far reaching benefits on employee motivation. The workforce is usually very supportive of
moves to achieve genuine environmental improvement. Every company has its share of cynics but even some of these can be won over with time. Training will vary from a general briefing for the workforce to detailed environmental auditor training.
Communication
Implement procedures to establish a system of internal and external communication to receive environmental information and respond to it and to circulate new information to people that need to know. This will include: new legislation, information from suppliers, customers and
neighbours and communications both with employees and for employees about progress with the EMS. This process can often generate worthwhile ideas from employees themselves for future
environmental improvements.
Environmental management system documentation
The EMS itself needs to be documented with a manual, procedures and work instructions but keep it brief and simple. The Standard clearly states where procedures are required. Eleven system procedures are required to maintain the EMS, plus operating work instructions but if you already have ISO 9000, this will cover most of six of the procedures required and a quality system can certainly be expanded to cover ISO 14001 as well. Cross reference the EMS
manual to other environmental and quality documents to link the EMS and to integrate it with existing business practices.
Operational control
Implement additional operating procedures (work instructions) to control the identified significant (important) aspects of production processes and other activities. Some of these will already exist but may need a ‘bit of polish’. Don’t forget significant aspects that relate to
goods and services from suppliers and contractors.
Emergency preparedness and response
Implement procedures to address reasonably foreseeable
emergencies and to minimise their impact should they occur. (eg. Fire, major spillages of hazardous materials, explosion risks etc.)
Step 4. Checking and Corrective Action
Monitoring and measurement
Implement procedures to monitor and measure the progress of projects against the targets which have been set, the performance of processes against the written criteria using calibrated equipment (verify monitoring records) and regularly check (audit) the company’s
compliance with legislation that has been identified as relevant to your business. The most effective way of doing this is through regular progress meetings.
Nonconformance and corrective and preventive action
Implement procedures to enable appropriate corrective and subsequent preventive action to be taken where breaches of the EMS occur (eg. process control problems, delays in project process, noncompliance with legislation, incidents etc.).
Records
Implement procedures to keep records generated by the environmental management system. The Annex to the Standard suggests those that are likely to be required.
Environmental management system audit
Implement a procedure to carry out audits of each part of the EMS and company activities and operations to verify both compliance with the EMS and with ISO 14001. Audit results must be reported to top management . A typical audit cycle is one year but more critical activities will require auditing more frequently.
Step 5. Management Review
At regular intervals (typically annual), top management must conduct through meetings and record minutes of a review of the EMS, to determine that it is still appropriate and effective or to make changes where necessary. Top management will need to consider audit results, project progress, changing circumstances and the requirement of ISO 14001 for continual improvement, through setting and achieving further environmental targets.
Quality Planning
Whenever the term “product” is used within the ISO 9001 standard, it refers to both tangible goods and intangible services. The ISO 9001 standard is meant to be generic which means that it is suitable for all kinds of organization, whether commercial or otherwise. The purpose of the quality management system model that is being propagated by the standard is the fulfillment of customer requeirements and expectations in order to induce high levels of customer satisfaction. An unsatisfied customer is essentially a customer whose requirements or needs, and expectations of the level of services being granted upon him/her have not been met. We are all customers because we buy products all the time. So we know what it means to be a dissatisfied customer. The common reaction is to never to go back to that seller and look for other alternatives. A successful organization is one which understands what it takes to meet customer requirements in order to satisfy their needs and expectations. A specific process is thus necessary to resolve any customer complaint or dispute. This process should be geared towards satisfying the customer’s needs and expectations. The parameters of this process should be referenced from the terms of the sale and purchase. This is why it is necessary to review the customer’s requirements before committing to the sales contract. It is necessary that the customer understands what he/she is paying for and it is equally necessary for the organization to understand what it is supposed to deliver. When your organization has these processes in place, then the only thing to do next is to continually measure the effectiveness and subsequently take actions to continually improve the whole process.
Refer http://www.iso9001-standard.us for more information.
Refer http://www.iso9001-standard.us for more information.
Friday, September 4, 2009
ISO 14001 Auditing and Registration
ISO 14001 Registration
A registration system has grown up around the implementation of the ISO 9000 quality management documents and has formed the basis for a similar system of registration to ISO 14001. At this writing, ISO 14001 is the only specification_ document of the ISO 14000 series and the only standard that is intended to be auditable; all of the other standards are, or will be, guidance documents.
Registrars – Globally, there are 40 – 50 or more organizations established to register organizations to ISO 14001. These registration organizations are accredited by the standards bodies in, for the most part, major industrial nations that have adopted ISO 14001 as their country’s EMS standard. In the U.S., for example, the body that accredits registrars is the ANSI-ASQ National Accreditation Board (ANAB). ANAB passes on the credentials of registrars to register organizations to ISO 14001.
ISO 14001 Audits
First-, second-, or third-party auditors can assess an organization’s conformity to the requirements of the standard. First-party Audits – In the first-party circumstance, the internal auditors of the implementing organization conduct an audit to determine that the EMS has been properly implemented and is being maintained. If the organization passes the internal audit, it may self declare_ its conformity to ISO 14001.
Second-party Audits – In the second-party circumstance, the audit is conducted by a representative of a party interested in the environmental performance of the implementing organization. The interested party_ may be a customer, an environmental regulator, an insurance company, or any other organization affected by the environmental performance of the implementing organization. The second-party audit can be a condition of doing business with the auditor’s organization.
Third-party Audits – In the third-party circumstance, an external EMS auditor conducts an audit, usually at the request of the implementing organization, to determine if the organization conforms to the requirements of ISO 14001. The third-party audit is most often for the purpose of certifying_ that the organization is in conformity with the requirements of ISO 14001.
Typically, when a registration is awarded, it is for a period of three years with a provision for the periodic conduct of surveillance_ audits to ensure continuing conformity.
A principal benefit of the third-party audit is that it compels organizations to continually maintain the EMS in order to pass the follow-up surveillance audits; without this, there might be slippage in the maintenance of ISO 14001.
It is not a requirement of implementing ISO 14001 that organizations have a registration audit conducted; this is a decision made by each organization based upon its determination of the commercial value or necessity of certifying. When an ISO 14001 EMS is intended to be audited,
the requirements must be implemented and documented sufficiently for an auditor/registrar to be
able to conduct the audit based on the finding of objective evidence that the organization has implemented an EMS conforming to ISO 14001.
Establishing objective evidence requires a higher level of documentation and record keeping than is required for mere implementation of ISO 14001. The implementation of ISO 14001 is a simpler task for the organization when it is only seeking to implement the policy and sixteen procedures than when it is implementing with the intention or expectation of being audited.
A registration system has grown up around the implementation of the ISO 9000 quality management documents and has formed the basis for a similar system of registration to ISO 14001. At this writing, ISO 14001 is the only specification_ document of the ISO 14000 series and the only standard that is intended to be auditable; all of the other standards are, or will be, guidance documents.
Registrars – Globally, there are 40 – 50 or more organizations established to register organizations to ISO 14001. These registration organizations are accredited by the standards bodies in, for the most part, major industrial nations that have adopted ISO 14001 as their country’s EMS standard. In the U.S., for example, the body that accredits registrars is the ANSI-ASQ National Accreditation Board (ANAB). ANAB passes on the credentials of registrars to register organizations to ISO 14001.
ISO 14001 Audits
First-, second-, or third-party auditors can assess an organization’s conformity to the requirements of the standard. First-party Audits – In the first-party circumstance, the internal auditors of the implementing organization conduct an audit to determine that the EMS has been properly implemented and is being maintained. If the organization passes the internal audit, it may self declare_ its conformity to ISO 14001.
Second-party Audits – In the second-party circumstance, the audit is conducted by a representative of a party interested in the environmental performance of the implementing organization. The interested party_ may be a customer, an environmental regulator, an insurance company, or any other organization affected by the environmental performance of the implementing organization. The second-party audit can be a condition of doing business with the auditor’s organization.
Third-party Audits – In the third-party circumstance, an external EMS auditor conducts an audit, usually at the request of the implementing organization, to determine if the organization conforms to the requirements of ISO 14001. The third-party audit is most often for the purpose of certifying_ that the organization is in conformity with the requirements of ISO 14001.
Typically, when a registration is awarded, it is for a period of three years with a provision for the periodic conduct of surveillance_ audits to ensure continuing conformity.
A principal benefit of the third-party audit is that it compels organizations to continually maintain the EMS in order to pass the follow-up surveillance audits; without this, there might be slippage in the maintenance of ISO 14001.
It is not a requirement of implementing ISO 14001 that organizations have a registration audit conducted; this is a decision made by each organization based upon its determination of the commercial value or necessity of certifying. When an ISO 14001 EMS is intended to be audited,
the requirements must be implemented and documented sufficiently for an auditor/registrar to be
able to conduct the audit based on the finding of objective evidence that the organization has implemented an EMS conforming to ISO 14001.
Establishing objective evidence requires a higher level of documentation and record keeping than is required for mere implementation of ISO 14001. The implementation of ISO 14001 is a simpler task for the organization when it is only seeking to implement the policy and sixteen procedures than when it is implementing with the intention or expectation of being audited.
Subscribe to:
Posts (Atom)