ISO 14001 Quality System

The Audit Plan In ISO 14001

2011-06-03T05:34:00.000-07:00

The audit plan is the document that establishes the scope, objectives and criteria, and schedule of the audit. It also goes into specific details on what areas will be audited, when, and by whom.

Other details such as which checklists may be used, how the report is to be formatted and distributed, and how meetings will be conducted can also be included in the plan. In essence, the audit plan reflects the programs, procedures, and methodologies of the EMS audit process, in accordance with element 4.5.4 of ISO 14001. These planning items are usually described in the procedures for element 4.5.4 and do not need to be re-created every time an audit occurs. For example, it can be determined that the entire EMS will be audited once per year, but in four partial events. This schedule then becomes part of the procedure.

The audit scope defines what part of the organization will be audited. Obviously, this should coincide with the scope of the EMS itself, and is usually the site in question. If the full EMS audit is divided in smaller segments conducted throughout the year, then the scope of any given segment is what portion of the organization will be audited at that time. Typically, an organization will create a chart or matrix showing the various divisions of the site or activity and when it will be audited. A typical entry may show the maintenance department being audited in the first quarter and production in the fourth quarter, for example.

Also noted in the audit plan is the audit objective(s). The audit objective describes why an audit is being conducted. Typically the reason is to conform to ISO 14001 4.5.4 requiring that the EMS be periodically evaluated. Another reason is demonstrate conformance to others.

Although EMS audits may appear in their own right to be “good practice”, it is essential that auditors have a clear concept of what the general objectives of such audits are.

The definition of EMS audits highlights the need to confirm conformance with planned arrangements and to ensure that these arrangements are effective and suitable to achieve objectives. ISO 14011 expands this to form a number of general objectives for any type of EMS audit. Audits should be carried out to:

- determine conformance of an auditee’s EMS with the EMS audit criteria

- determine whether the auditee’s EMS has been properly implemented and maintained

- to identify areas of potential improvement in the auditee’s EMS

- assess the ability of the internal management review process to ensure the continuing suitability and effectiveness of the EMS

- evaluate the EMS of an organization where there is a desire to establish a contractual relationship, such as with a potential supplier or a joint-venture partner.

Using this definition and sources such as ISO 14010 and 14011, the following statement of the specific objectives of an internal EMS audit has been developed. Internal audits should be carried out to ensure that:

- The EMS continues to meet the needs of the business

- The necessary documented procedures that exist are practical and satisfy any specified requirements

- The necessary documented procedures are understood and followed by appropriately trained personnel

- Areas of conformity and nonconformity with respect to implementation of the EMS system are identified and corrective action implemented

- The effectiveness of the system in meeting the EMS objectives is determined and that a basis is created for identifying opportunities and initiating actions to improve the EMS system

The above objectives imply that internal audits are concerned with more than just the policing of an established system. If auditors and managers are to remain committed to the implementation of the EMS system, it must also contribute to the process of developing that system and seeking improvements.

Internal auditing must not be carried out in a way that results in the transfer of responsibility from the operating staff to the auditor or auditing organization, i.e., at all times the individual or department must retain and accept responsibility for his or her role in the EMS.

If the internal audit process is not designed and implemented to meet the objectives and to avoid the pitfalls described above, it is unlikely that the top management commitment essential to an effective audit process will be readily forthcoming.

The audit criteria define what the “rules” are. For the sake of this guide, the criteria will be the elements of ISO 14001. A subtle point to note however is that the site’s EMS requirements are also part of the criteria. This means that in addition to responding to the requirements of ISO 14001, the EMS must also respond to “planned arrangements”, or what the organization said it was going to do. In audits, a common response is “the standard does not require such and such detail”. However, if the site’s procedure does require some specific response, then it becomes part of the criteria. In essence, the auditors are verifying the system not only to ISO 14001, but also to what the EMS documentation states.

How the audit is divided and scheduled throughout the time interval is up to the organization and will be a function of minimizing disruption to site operations and resource needs. The only requirement is that the full audit be completed within the frequency established in the procedures under 14001, 4.5.4. One of the requirements regarding frequency is that how often an area is audited be in part a function of prior audit results. This means that the planned frequency may change with time based on what auditors are finding.

How long each audit takes again is a function of resource needs and operations. It is recommended, however, that any individual audit event not be protracted out over long time periods. The longer a task takes, the easier it is to get distracted and lose focus.

Much has been written about how to audit a system if the full audit is not completed in one event. Unlike other audits, including quality audits, where a more segmented approach can be taken, ISO 14001 systems tend to be very sensitive to consistency. For example, the emergency planning process may conform to the standard element 4.4.7 in that a procedure exists; however,

it may not reflect the potential significant impacts identified in element 4.3.1. Had the audit team focused only on element 4.4.7, they would not have noted the apparent nonconformance.

When developing an audit plan, it is wise to consider the three C’s of ISO 14001 EMS auditing:

Conformance, Consistency, and Continual Improvement. Conformance relates to addressing each of the requirements of the standard, i.e., the “shalls”. Consistency relates to how well each procedure or process of the EMS relates to the others. In other words, do objectives and targets reflect the policy commitments? Are personnel trained on the correct legal and other requirements? Finally, Continual Improvement requires that the system lead to improvements in the system itself as well as with environmental performance. A system that has all the prerequisite procedures, but remains static, is not in conformance.

The concepts of consistency and continual improvement are more subtle because they are through-running threads of the standard and not always a definitive statement. The required commitment to continual improvement and the text of the standard itself however do go some way towards reminding the auditor.

With the three C’s in mind, one now sees why it is best to audit all applicable elements of the standard in a given area at one time, rather that tracing any one standard element throughout various areas. For example, during the first quarter audit event, Company X may audit all of ISO 14001 in maintenance. During the second quarter event, all of ISO 14001 will be audited in the production area, and so on. This is in contrast to auditing only a certain element, i.e., corrective action, across several site areas in one audit event.

Now we know what is being audited, when it is being audited, and to what “rules” it is being audited. The remainder of the plan is simply then the logistics of the audit. The logistics include identification of team members, noting if and what checklists will be used, schedule and formats of meeting to name a few. Below is the full list of recommended audit plan elements as described in ISO 14011:

• the audit objectives and scope;

• the audit criteria;

• identification of the auditee’s organizational and functional units to be audited;

• identification of the functions and/or individuals within the auditee’s organization having significant direct responsibilities regarding the auditee’s EMS;

• identification of those elements of the auditee’s EMS that are of high audit priority;

• the procedures for auditing the auditee’s EMS elements as appropriate for the auditee’s organization;

• the working and reporting languages of the audit;

• identification of reference documents;

• the expected time and duration for major audit activities;

• the dates and places where the audit is to be conducted;

• identification of audit team members;

• the schedule of meetings to be held with the auditee’s management;

• confidentiality requirements;

• report content and format, expected date of issue and distribution of the audit report;

• document retention requirements.

If the internal audit is to proceed smoothly, it is helpful for the internal auditor to establish a dialogue prior to the actual audit with the person responsible for the area being audited. This dialogue may be conducted by memo, telephone, or during a formal or informal meeting. The main factor that should influence the auditor’s choice of method for setting up this dialogue should be the organization’s normal style or culture. Irrespective of the method of communication the auditor adopts, the following points should be established:

• The overall duration of the proposed audit

• The starting location and time

• The proposed scope and areas to be covered by the audit

• A timetable for approximate progress of the audit where applicable, e.g., if a number of different departments or geographical areas are to be included in the scope of the audit

• The arrangements for any close out meeting where the findings of the audit can be agreed and corrective action requirements discussed

• The personnel liable to be involved at each stage of the audit

If an auditor does not give sufficient attention to ensuring that clear agreement is reached with respect to the above points, the potential for misunderstandings that can affect the conduct of the audit is greatly increased. However, these initial communications with the personnel of the area being audited not only affect the “tone” of the forthcoming audit, but they can significantly influence the commitment and level of cooperation shown by that area throughout the audit process and for many subsequent audits.

Prior to commencing the audit, but once the plan is prepared, the audit team assignments are made, and working documents are defined. Working documents are those documents such as observation logs and checklists that are used during the audit to collect evidence, but are not necessarily retained as records. In other words, they may be discarded after the audit is complete and the report prepared.

Of these, only the checklist should require an input at this stage from the auditor. However, before compiling a checklist, the auditor must determine if the function and format of the checklist are prescribed by the audit procedure or whether personal preference can be exercised.

The format of the checklist may vary considerably, depending on whether it is intended to act as an aide or as a part of audit records showing the scope and conduct of the audit. The former may consist only of general topics to be covered during the audit, whereas the latter may be an extensive and detailed questionnaire on which details of sampling and answers to the questions are to be recorded.

The need for checklists and the type appropriate will vary according to other experience of the auditors and the culture of the company. It is recommended that for purposes of internal audits, checklists, even if limited, should always be developed. However, standard questionnaire type checklists not prepared by the auditor that must be slavishly followed and completed, should be

avoided. This latter type is likely to result in an unnecessary restriction in the scope of the audit and a stifling of auditor initiative.

Although an auditor should always work within the scope defined for the audit, the working documents must not be designed so that they restrict additional audit activities or investigations that may become necessary as a result of information gained during the audit. There are differences of opinion over whether it is preferable to create the checklist anew or whether a previously developed checklist can be used. Although the former is desirable in principle, it is not always practical in terms of the best use of the resources available. The best compromise is to utilize whatever available checklists are already in existence, but to review these critically

against the relevant documents previously identified. In this way, time can be saved in using them as a foundation without detracting from effectiveness.

The Audit Report In ISO 14001

2011-06-03T05:33:00.000-07:00

Once agreement has been reached, both among the audit team and with the auditee, it is time to prepare the audit report. Note that ISO 14001 does not require a documented audit report. However, it is very difficult to verify that the auditing requirement has been satisfied without a supporting record, which is typically a documented audit report.

The audit report is prepared by the lead auditor, although he or she may have other team members prepare portions. The content of the audit report is determined by the audit plan and the organization’s EMS audit procedures. Having completed the examination phase and evaluated the collected data observations, etc., the assessor is faced with the problem of documenting any deficiencies he or she may have found. There are many different methods of documenting deficiencies, ranging from inclusion in the body of the audit report to producing non-conformance notes or corrective action requests. Irrespective of which method is adopted, the basic principles to be followed are similar. ISO 14001 does not dictate what should be in the report, and ISO 14011 only suggests contents. ISO 14011 indicates that at a minimum, the findings need to be in the report. The findings appear as a statement that the EMS is or is not in conformance with the criteria, and states what the criteria and supporting evidence are for the statement. ISO 14011 also lists other optional items to include such as:

• the identification of the organization audited and of the client;

• the agreed objectives, scope and plan of the audit;

• the agreed criteria, including a list of reference documents against which the audit was conducted;

• the period covered by the audit and the date(s) the audit was conducted;

• the identification of the auditee’s representatives participating in the audit;

• the identification of the audit team members;

• a statement of the confidential nature of the contents;

• the distribution list for the audit report;

• a summary of the audit process including any obstacles encountered;

• audit conclusions such as:

- EMS conformance to the EMS audit criteria;

- whether the system is properly implemented and maintained;

- whether the internal management review process is able to ensure the continuing suitability and effectiveness of the EMS.

The format of such reports can vary considerably and may range from completion of a simple pro-forma to expansive documents describing all aspects of the audit performance and findings. However, irrespective of the style and format, the audit report should cover the key topics already identified as being essential for discussion and presentation at the opening and closing meetings. In constructing the report two specific objectives must be borne in mind.

(1) The report has to provide objective evidence of effective implementation of the audit procedure.

(2) The report has to allow for corrective action to be addressed and that the follow-up requirements can be established and initiated.

Where there are non-conformances, there are various options regarding deficiency reporting. One option is to describe each of the deficiencies identified in the main body of the report along with any supporting evidence, and if requested, corresponding recommendations. Although this may result in a comprehensive report of audit findings, it has the disadvantage that the individual

deficiencies are often difficult to locate, particularly when trying to monitor follow-up actions.

This can be partly overcome by writing separate corrective action requests for this purpose. A useful alternative that is less time consuming is to restrict the description of deficiencies in the body of the report to general summaries only. Details of deficiencies can then be included in non-conformance notes. Ideally, the non-conformance note should also provide space for agreeing corrective actions and recording subsequent monitoring of that corrective action. In this manner, any duplication of effort with respect to audit reporting is minimized, thus producing a more easily managed system. It is important that however non-conformances are handled, it be constant with the EMS correction action process (ISO 14001, Section 4.5.2).

Before considering the steps in preparing the non-conformance note we must be clear about their purpose.

• To convey to the auditee the findings in a clear and accurate manner so that they know what to do next.

• To advise the EMS personnel or other auditors what you have found so that he can follow it up.

• To present a record that can be reviewed remotely from the scene and be understood.

All non-conformance notes must contain certain basic information.

• The physical area being audited.

- Failure to record this often results in great confusion 3 to 6 months later when a follow up visit is carried out to review corrective action implementation.

• The specific clause(s) of the assessment standard(s) against which the non-conformance is issued.

- If the auditor is unable to readily identify the applicable section of the EMS manual or the procedure against which to issue the non-conformance, he must question whether or not he is justified in writing the non-conformance. It is good practice to re-read the

requirements of the relevant system documentation to confirm that these can be interpreted as supporting the non-conformance. If they do not, then the non-conformance cannot be issued.

• The detailed nature of the non-conformance including the specific identity of documents/procedures/material, etc.

Earlier we considered the requirements for recording observations during the assessment and emphasized the need for them to be factual and to contain objective evidence that the system requirements were not being satisfied. Although this appears to be fairly straightforward, in practice this is often not the case. It is not unusual for inexperienced auditors to identify a deficiency only to fail to communicate the findings in a manner that facilitates implementation of the appropriate corrective action. The non-conformance note, while not being over long, must contain sufficient information to enable a person not present during the audit to be able to gauge the seriousness or otherwise of the observation.

The use of descriptive terms such as extensive, several, isolated, etc… is essential to communicate accurately the nature and extent of the deficiency, but care must be taken to ensure that their use does not result in a lack of objectivity; e.g., the term extensive can only be included if there is irrefutable evidence to justify its use. The auditor must also take care to ensure that the description is not only accurate but it is also fair, e.g., a statement that 50% of manifests were incorrectly signed may be accurate but is hardly fair if only two manifests were sampled.

Having documented the nature of the deficiency, some audit systems require the auditor to grade the deficiency or non-conformance, e.g., major and minor. It is not intended to discuss grading systems in detail since there are many potential variations that companies may wish to adopt. Irrespective of what system is being adopted, the auditor must ensure that the grading given and

the text describing the deficiency are completely compatible.

Distribution of the audit report and nature of documentation are decided between the auditor and auditee, although this too is usually addressed in the audit plan. An audit is considered successful when the auditee and client feel that they have useful, constructive feedback that allows them to improve the system.

ISO 9001 Standards Quality Manual Preparation

2011-06-03T05:32:00.000-07:00

An ISO 9001 quality manual details how an organization will actively ensure customer satisfaction through the application of established quality management principles. For this reason, the quality manual is one of the most scrutinised high-level documents present in an organization. This article discusses a number of issues surrounding the format and content of the manual.

There are no requirements defining the format of the ISO 9001 quality manual, most organizations often use a pre-formatted template which is easily modified as the quality system develops. Using a quality template will afford an organization more time to focus on documenting systems and processes with greater accuracy during the implementation phase.

There is often considerable debate about the format and content of the manual. The balance of opinion is divided between those who believe the manual’s format does not matter, as long as, what occurs out in the field complies with the requirements and those who believe the quality manual should say something ‘personal’ about the organization’s approach to quality management.

It would be true to say that every company has their own style of operation which will inevitably be reflected in the manual and procedures. This variance is fine; all that matters is that the quality manual and procedures are able to respond positively to these questions:

1. Does it define the scope of the organization’s approach to quality management?

2. Does it define how the scope is applied?

3. Does it give suitable reason for permissible exclusions from that scope?

4. Does it contain, or make reference to, documented procedures?

5. Does it ensure a cycle of feedback exists to allow improvement?

It is important to maintain a clear distinction between the contents of the manual and the purpose and scope of the procedures. The QMS should define top management’s intent to operate an effective quality management system, while the procedures define how those intentions will be implemented at an operational level.

The quality manual should not be over burdened with excessive detail which requires frequent change to ensure relevance is maintained. The approach taken many companies to avoid over-burdening their manual is by allowing lower-level documents, such as procedures and work instructions to contain operational detail. Then, simple reference is made to the procedures and work instructions from within the manual itself. In other words, let the procedures take the strain of controlling day-to-day activities; after all, they are ‘working’ documents the organization uses to achieve the goal of customer satisfaction.

How to Get an ISO 14001 Accreditation

2010-06-29T06:26:00.000-07:00

If you are someone who is looking into getting an ISO 14001, then you may be wondering exactly why it is that you have to get this accreditation. First, you have to understand that ISO stands for the International Organisation of Standardisation. This is a series of standards that have been developed with a singular level of guidance for all companies to measure up to. The particular 14001 deals with the requirements that you will need to have in order to measure up to the environmental standards that have been set forth by the ISO.

While you do not necessarily have to get the ISO 14001 accreditation to operate your business, it is something you can do to prove to your clients and customers that you are doing your part to help out with the environment. However, you may be confused on how to go about getting this important accreditation, but it is not as difficult to attain as you might think, and most businesses should be able to get the certification within a year of the application. You should know that they will want to make sure that you have been following some form of environmental standards for at least three months prior to your application. To do this you can write an environmental review of your company’s environmental impact as it is in its current operating state. You will then want to make sure that you provide this information when you send off your initial paperwork to begin the overall process.

In order to help prove that your company is doing its part to be environmentally aware you will have to go through an initial audit once the application has been filled out and filed. After the audit has been completed you will get a list of issues that the auditor feels you need to resolve before you can be certified for the ISO 14001. You will need to work on and correct these issues before the second audit is conducted, and they will give you a time period (usually three to six months) when they will return to check on your progress.

When the second audit occurs they will once again assess the overall business and then they will address the issues that were laid out in the previous audit. If everything goes well then your company will have proven that they are doing what they can to meet the standard set forth in ISO 14001, and they will then receive accreditation. However, this is not the end of the process. Even though you are now recognised as having environmentally conscious policies that are congruent with the international standards, you will have to go through periodic audits every three years to make sure that you are still operating correctly. Not only this, but every three months partial aspects of your company will be analysed to see that they are still working within the standards as well. As long as you remain within the compliance terms you will continue to receive your ISO 14001 certification.

Is Green Business Really Environmentally Sustainable ?

2010-06-29T06:25:00.000-07:00

Is Green Business Really Environmentally Sustainable ?

Green Business is about a good management of a range of issues including reduced carbon footprint and good energy management but also including a broader environmental sustainability, within a practical environmental management system. The most effective system is ISO 14001. Many other approaches are less than effective

There is a wide variety of concepts that are understood by some as environmental management systems or EMS and this varies in different industries. The concept has evolved over time. Essentially the name says it all – A system to enable the business owner or manager to manage environmental problems both real and potential.

Owners and managers setting out to have a green business do not always achieve their aim of environmental sustainability and may not even include reduced carbon footprint and good energy management.

Many industry groups have developed industry wide simplistic programs that they call EMS that actually miss the S for system and some really only have a checklist approach that is based on an “average” or “typical” business in that industry. So effectively they also miss much of the environment. Many do not really involve any management either. Some are very superficial in the way that they select the environmental aspects they manage because they have been drawn up to be generic and cut out the need for the business owner to stop and think. In this case it is difficult to understand how any process of continual improvement can result.

One of these programs are as simple as a checklist, or what many involved call a “tick and flick” exercise. These are barely even educational for the business owner and have no ongoing benefits like reduction of costs or legal protection.

Even where the business owners and or managers spend a lot of time filling in forms and communicating with neighbours, there is often a real lack of understanding of how to identify and varied environmental risks in an individual businesses and why these need to be manage. They can easily miss things and even find they are risking legal implications in areas that are not typical and so not covered by the so called system..

An effective management system needs individual businesses to identify and understand what their environmental risks are or may be. These risks need to be managed and there also needs to be a feedback system going into a regularly reviewed system for continual improvement. This can be enhanced with auditing by qualified independent auditors, whether internal or external; although the greatest benefit does come from employing and independent external auditing body such as a certification body.

There were some early ISO 14001 systems that gave the system a bad name because they were based on outdated engineering and military approaches to ISO systems are overly paper heavy and full of jargon. These were not suitable for small business and farms. These systems have given ISO 140001 a bad name in some circles.

Unfortunately many consultants have come from an old style quality management background without any real understanding of or training in the environment. The training to upgrade from quality auditing only involves doing a three day seminar with a minimal assessment by a training organization. Then they audit with a rigid paper based approach and do a serious disservice to both their clients and to the auditing industry.

Small to medium businesses benefit from a simpler approach based on a real understanding of the issues involved and a genuine understanding of risks. Such systems are based on ISO 14001 and have a real emphasis on keeping things simple and minimizing paperwork. These give very real benefits to the businesses involved.

Environmental Aspects In ISO 14001 Standards EMS

2010-05-22T15:46:00.000-07:00

Environmental Aspects In ISO 14001 Standards EMS

First make lists of the environmental aspects (issues) that are relevant

to the business. The environmental review mentioned earlier should

provide most of this information and the Annex to ISO 14001 provides

guidance on the format for doing this.

Consider the inputs, outputs and processes/activities of the business in

relation to;

a) emissions to air

b) releases to water

c) waste management

d) contamination of land

e) use of raw materials and natural resources

f) other local environmental and community issues

Consider both site (direct) and offsite (ie. indirect) aspects that you

control or have influence over (such as suppliers) and in relation to

normal operations, shut-down and start-up conditions and reasonably

foreseeable and emergencies situations

A simple written procedure is then required to determine which of the

aspects identified are really or probably significant (important) and should

therefore be managed by the EMS. This process which is

similar to health and safety risk assessment ranks the aspects by order

of importance and the significant aspects identified are then the core

of the environmental management system.

There are various methods of determining significance but most are

based on the principle of attributing a relative value for the

environmental hazard or potential to cause harm (eg. on a scale of 1-

5) and the risk or likelihood of occurrence (eg. on a scale of 1-5). The

relative significance is then determined by multiplying the hazard by

the risk. (eg. max score of 25). An arbitrary but cautious threshold

value is then set above which environmental aspects are considered to

be significant. This threshold can be determined by a common sense

consideration of the aspects identified.

Business benefits of ISO 14000

2009-09-30T06:34:00.001-07:00

Business Benefits Of ISO 14001
Any manager will try to avoid pollution that could cost the company a fine for infringing environmental legislation. But better managers will agree that doing only just enough to keep the company out of trouble with government inspectors is a rather weak and reactive approach to business in today’s increasingly environment-conscious world.
There is a better way. The ISO 14000 way. The ISO 14000 standards are practical tools for the manager who is not satisfied with mere compliance with legislation – which may be perceived as a cost of doing business. They’re for the proactive manager with the breadth of vision to understand that implementing a strategic approach can bring return on investment in environmentrelated measures. Implementing an ISO 14000-basedenvironmental management system, and using other tools from the ISO 14000 family, will give you far more than just confidence that you are complying with legislation.
The ISO 14000 approach forces you to take a hard look at all areas where your business has an environmental impact. And this systematic approach can lead to benefits like the following:
a. Reduced cost of waste managementb. Savings in consumption of energy and materialsc. Lower distribution costsd. Improved corporate image among regulators, customers and the publice. Framework for continuous improvement of your environmental performance.
The manager who is “too busy managing the business” to listen to good senseabout environmental management could actually be costing the business plenty. Just think, for example, of the lost opportunities for achieving benefits like those above.
The ISO 14000 standards are management tools that will help your businessachieve environmental goals that go way beyond acquiring a mere “green sheen”.

Requirements for Product Environmental Quality Assurance

2009-09-30T06:33:00.000-07:00

All Mandatory Requirements for Product Environmental Quality Assurance need to be carried out in the following manner1. Establish a system that meets all requirements2. Ensure the system is stable and efficient.3. Document the processes and procedures4. Keep records of the system’s performance.
The assigned management of the supplier shall establish a system to prevent BannedSubstances from being used in the products and packaging.(1) To determine policies and methods for ensuring Product Environment Quality.(2) To assign a person to be in charge of managing Product Environment Quality(“Product Environmental Quality Management Representative”)(3) To establish an organization in managing Product Environment Quality,determine responsibilities, authorities, roles of each department and familiarize allmembers in each department with the importance of Product Environment Quality.(4) To establish a “Cadmium-Free Factory”(5) To review the adequacy and efficiency of the system.
Maintenance of the SystemThe supplier shall maintain the system in a condition to be able to respond to therequests for Product Environment Quality and instruction letters to suppliers),ensure the system is properly functioning.(1) Plan and carry out an internal audit at least once a year.(2) When Non-conforming Products or defects are found in the system, the suppliershall conduct an internal audit immediately.(3) The assigned management for Product Environment Products at the suppliershall revise the system according to the results of the internal audit if necessary.
Documents, Data and RecordsThe supplier should manage documents, verification data related to ProductEnvironment Quality.(1) Keep documents, verification data for three years or longer, if required by law.(2) Provide documents and verification data when requested.(3) Review the documents regularly and keep them updated instructions
Selection of Materials and PartsThe supplier has to comply with the following request when selecting material and parts.(1) “No Use of Banned Substances Allowed” (or equal) must be mentioned in allrelevant documents (specifications, blueprints, purchase orders, etc)(2) Materials must not contain any Banned Substances.(3) Only purchase Designated Raw Materials from Green Partners.

ISO 9000 Standards

2009-09-30T06:32:00.004-07:00

ISO 9000 Standards
ISO 9000 is a written set of rules (a “Standard”) published by an internationalstandards writing body (International Organization for Standardization. The rules define practices that are universally recognized and accepted for assuring that organizations consistently understand and meet the needs of their customers.ISO 9000 is also highly generic. Its principles can be applied to any organization providing any product or service anywhere in the world.Since meeting customer needs is one of the (many) definitions of quality, ISO 9000 is often called a quality system or a quality management system. But the rules, referred to as requirements, go beyond quality matters as they are traditionally understood. The requirements fall roughly into the following types:
a. Requirements that help assure that the organization’s output (whether product, service, or both) meets customer specifications. (Making, and keeping, them happy.)
b. Requirements that assure that the quality system is consistently implemented and verifiable. (We must actually do what we say we are supposed to do. This must be verifiable via independent, objectiveaudit.)
c. Requirements for practices that measure the effectiveness of variousaspects of the system. (In God we trust; all others bring data.)
d. Requirements that support continuous improvement of the company’sability to meet customer needs. (We cannot sit still. We must strive to get better all the time, because customers change, and competitors gain strength.)
Nothing in ISO 9000 is new. The first edition, published by ISO in 1987, was drawn almost word for word from a British quality system standard. It in turn evolved from a long succession of written quality system specifications that had their ultimate origin in the defense and arms industries. Most of the practices required by ISO 9000 have been in use in industries of various kinds for decades. One intent of ISO 9000 is to simplify things for organizations. ISO 9000 strives to harmonize the sometimes conflicting, sometimes redundant quality programs that have traditionally been imposed by major corporations on their suppliers. (Note, however, that ISO 9000 is not meant to supersede customer, legal, or regulatory requirements.)
Very often, major customers require or strongly “suggest” that their suppliers implement ISO 9000 systems. Equally often, such customers require independent verification that suppliers are meeting the equirements.
So third-party registration bodies audit suppliers, confirm compliance to the ISO 9000 standard, and register the suppliers. It does not stop there. To stay registered, suppliers must undergo periodic (often semi-annual) surveillance audits, also carried out by their registration body.
Implementing an ISO 9000 quality system is neither cheap, nor easy. How costly and difficult it can be depends on:
a. The level of commitment of senior management. (The single most important factor.)
b. Where you are when you start. If you have already implemented a disciplined, documented quality system, you will have a less difficult time migrating to ISO 9000. (But that does not mean you will waltz to registration, either.)
c. Whether your company (or any part of it) is “design responsible” or not.
d. How much time you have. If you are under the customer’s gun and have merely months to get the job done, the process will be highly stressful.
e. The physical size and configuration of your company.
The bottom line is this. ISO 9000 is a comprehensive set of rules—a business system, really—that can cause the way your organization runs to profoundly change, almost always for the better. Yet, because it is often customer-mandated, many suppliers regard ISO 9000 as “just another hoop to jump through to keep our customers happy.”
They see their choice as swallow hard, pony up, and jump through the hoops; or walk away from the customer. What many do not fully appreciate is that implementing ISO 9000—expensive, exhausting, and annoying as it can be—can also have the salutary effect of improving the performance of your organization. Not just at first, but on an ongoing basis.

Goal and Scope of an ISO 9000 quality system

2009-09-30T06:32:00.003-07:00

Goal and Scope of an ISO 9000 quality system
The ISO 9000 Standard states its goal in two blunt words: customer satisfaction.How do we achieve customer satisfaction? By meeting customer requirements.The quality management system (QMS) helps us to dothis by:
a. Applying the system. Actually using it. Putting it at the heart ofour organization.b. Continually improving the system. The QMS is never done. Afterall, customer requirements do not stand still—they evolve and grow tougher.So we have to improve continually in order to survive.
(The guidance document, ISO 9004: 2000, sets a compatibleand in some respects more ambitious goal: “improving theprocesses of an organization to enhance performance.”) Prevention of nonconformity. Prevention is the key term here: prevention,rather than detection. Quality management has longsince evolved away from the old “inspect quality in” approach.Prevention is cheaper, more effective, and more protective of thecustomer. Detection is also a different mindset. It requires a veryhigh degree of process orientation, upstream thinking, and relentlessanalysis.To what types of organizations does the Standard apply? Alltypes. The requirements “are generic and applicable to all organizations,regardless of type and size.” A compliant QMS can be implementedby any organization, producing any product or service,anywhere in the world.Within the organization, the impact of the requirements and theQMS are similarly broad. The Standard “applies to the activities of organizationsfrom the identification of customer requirements, throughall quality management system processes, to the achievement of customersatisfaction.” Every activity within the organization that impactsthe process of creating customer satisfaction is affected by therequirements of the Standard.

ISO 9000 registration or certification

2009-09-30T06:32:00.001-07:00

ISO 9000 registration or certification
Registration is documented and objective evidence that an organization’squality system meets the requirements of ISO 9000.
Certification is a term often used interchangeably with registration.
In the context of ISO 9000, they mean the same thing. Registration isthe technically correct term for verification of compliance to standardsof quality systems. Certification usually applies to verification of thequality of products (as opposed to quality systems).
Registration is carried out by independent companies called registrars.These companies are:- Wholly independent.- Accredited by a recognized international accreditation body.- Selected, and paid, by you.
Registration can cover:- The sole location of a single-location organization.- Multiple locations of a multilocation organization.- Only certain parts of a multilocation organization (under certain conditions).- Separate locations under separate certificates. (This is a more costlyapproach.)The registration body audits your quality system against the requirementsof ISO 9000. It reports its findings in writing. These findings may (and usually do) include noncompliances (Question 96). Major noncompliances must be closed out prior to official registration.
When this has been done, the registration body:- Lists the organization’s name in its book of registered companies—in effect, registers the organization in its book.- Issues a certificate to the registered organization. This registrationincludes:— Identity of the organization.— Location(s) covered by the registration.— A list of products/services supplied by the registered locations.— Revision date of the Standard.— Registration effective dates.— Name and location of registrar.
Most registrars limit registrations to three years. After that, youmust renew your registration by undergoing another complete systemsaudit. Some registrars do not use the renewal approach. They simplykeep checking the system via surveillance audits.
Whichever the scheme, the organization, to keep registration, mustundergo a surveillance assessment every so often. Six months is the typicalinterval. Some registrars offer annual surveillance schemes (notrecommended except for firms with exceptionally well-implementedquality management systems). Surveillance assessments are scheduledevents (there is no such thing as a “surprise” surveillance audit). Onlypart of the quality system is checked at each surveillance. Usually, theregistrar does not disclose what part will be assessed until the day of theassessment, although some registrars will tell you everything up front.The entire quality system is usually checked via surveillance audits overthe course of three years.
There is no way to “fail” a surveillance assessment, just as there isno way to “fail” a registration audit—except by refusingto implement corrective action required by the registrar. Normally,registrars allow adequate time, but corrective actions must be done ina timely and agreed upon manner to keep registration.One final note: As mentioned, each registrar publishes a list ofthe firms it has registered to ISO 9000.

What is a quality systems registrar

2009-09-30T06:31:00.002-07:00

What is a quality systems registrar
A registrar, or registration body (the preferred term), is sometimes called a certification body. (Accreditation bodies are entirely different—they are the entities that audit/approve registration bodies.)
There are some 573 registration bodies in operation worldwide, including52 in the United States.
The registrar is the organization that checks your quality system and confirms that it meets ISO 9000 requirements for a prescribed and agreed period of time.
To do this, the registrar:a. Audits your organization’s quality system to determine the degree of conformity to ISO 9000 standards. The audit is carried out:— On paper (desktop study).— On site (throughout your facility).b. Registers your quality system, assuming it conforms, to ISO 9000.c. Monitors conformity on an ongoing basis by means of regular reauditsand other methods.All quality system registrars perform these functions, with certainvariations. Registrars differ in two principal ways:a. Accreditation status.b. Scope of accreditation
Reputable ISO 9000 registrars are accredited by international accreditationbodies. These enforce a standard, EN 45012 (European Standard for Bodies Certificating Suppliers’ Quality Systems), that governs the processes that registrars follow. This standard is quite strict:a. Registrars must make their services available to all qualified supplierswithout imposing undue financial or other conditions, andmust administer their regulations in a nondiscriminatory manner.b. The registrar’s organization must not engage in activities that mayaffect its impartiality. For example:— It must not provide consulting services “on matters to whichits certificates are related” (i.e., quality systems). This requirementis superseded by the ISO 9000 restriction noted earlier.— It must not directly engage in commerce with firms that it hasassessed and/or registered.— Individuals involved in the registration process must not haveprovided consulting services to registration clients, or any relatedfirms, within the previous two years.— Its employees and agents must not engage in business activitiesthat would cause others to question the firm’s impartiality.— The registrar may not market consultancy and registrationservices together, and may not recommend consulting servicesto clients.— Auditors may not give advice as part of registration audits.— The registrar must provide the accreditation body with documentationof its employees’ qualifications.— The registrar must have appropriate facilities for carrying outits activities.— The registrar must have a quality manual and documentedprocedures. (Curiously, EN 45012 does not require that registrarsregister to ISO 9000!)— Registrars may not grant or renew certificates of registration until all major noncompliances are eliminated.
Another point of differentiation is scope of accreditation. All registrarsare not accredited, or approved, to register firms in any line of business. Each registrar is accredited to operate within the business or industrial sectors about which it has documented expertise. This is generically referred to as the registrar’s scope.

How long does it take to register to ISO 9000?

2009-09-30T06:31:00.001-07:00

The time it takes to get ISO 9001 registered are varies. But it is talkingmonths here, not weeks. For one thing, you have to keep running yourbusiness. You cannot simply shut down while getting registered.The entire process can be broken down into the following generalphases:a. Implementing the ISO 9000 system.b. Operating it for the minimum time. (A minimum of three, andpreferably six, months before registration audit.)c. Selecting a registrar. This can be done during the registrationprocess, to save time.d. Interval between application and registration audit. This dependson the registrar’s backlog.
The time it takes to implement the ISO 9000 system depends in largepart on where you are when you start. If you already have any of thefollowing, implementation time should be relatively short:a. A documented quality system of any kind that is active, meaningful,but not necessarily compliant with any particular standard.b. Resources temporarily dedicated solely to implementing the system.c. The guidance of a good consultant
If you are starting from square one, implementation can take a longtime. (Unless you can shut down operations while implementing—butwho can do that?) Here are some other factors that can extend thetime it takes:a. Multiple locations.b. Head count.c. Whether or not you are design responsible.d. Corporate turmoil.e. Lack of ongoing, consistent, persistent top management commitment.This exhibits itself in a host of symptoms, including lack ofsufficient resources, other issues taking priority, vacillation, failureto pay attention, failure to learn and understand, and failureto lead.All that being said, experience has shown the following:a. On average, the shortest interval for the entire process—fromlaunch through registration audit—seems to be around 6 to 9months.b. At the other extreme, it’s been known to take 18 to 24 to 36months, even with significant resources and full managementcommitment.On average, for the typical organization (whatever that is), you arelooking at 10 to 18 months to get the job done.

What does ISO 9000 offer?

2009-09-30T06:30:00.000-07:00

What does ISO 9000 offer? For one thing, it offers you continuedbusiness with customers who may be requiring you to register. That isa pretty strong benefit right there.These customers may never question your quality, but these customersdepend heavily on their main suppliers. They know they canimprove their quality and through-put, if you improve yours. Just because you are great does not mean you are as great as you couldbe. ISO 9000 mandates a continuous improvement system. Youcan wriggle and fudge, but if you implement that system and workit conscientiously, you cannot help but improve. Continuous improvementis not just a buzz term. It is an imperative. Just because you are great today does not mean you will be great tomorrow.Has your industry changed? Has your organizationchanged? A well-implemented ISO 9000 helps your organizationadapt to change. It brings independence of individuals and consistencyof practices—two features that tend to resist declines inperformance.
What else does ISO 9000 bring you? When well implemented, anISO 9000 quality system improves organization performance. That is,after all, the whole point. In cases where it does not, the fault tendsnot to be in the ISO 9000 process (its inherent deficiencies notwithstanding).When an ISO 9000 system does not provide substantial benefits andimprovement in performance, it is usually because managementhas consciously chosen to cut corners, blowsmoke,stay uninvolved, and starve the system of all but the most essentialresources. “We’ll do this stupid thing, but we’re sure not goingto change the way we operate.”ISO 9000 registration brings you one more thing that your organizationmay not have today: International credibility. ISO 9000 is deployedand practiced in nearly 100 countries around the world. Intoday’s ever-growing international economic climate, this is not a bademblem to have, however narrow the scope of your market today.

Policy and Procedures for Quality Assurance

2009-09-30T06:29:00.002-07:00

Quality PolicyThe Institute seeks to ensure that the following standards, guidelines, requirements and procedures are adhered to:· European Standards and Guidelines for Quality Assurance in the European Higher Education Area;· All relevant HETAC Standards and Guidelines;· National Framework of Qualifications Standards;· Policies and Procedures approved by the Institute’s Academic Council;· All other relevant regulatory and professional requirements.The Institute also seeks to ensure that its education provision and services meet the requirements of its students in a learner centered and supportive environment.1.2 CommunicationThis Policy is published on the Institute website and communicated to stakeholders through email alerts. It will be formally published in Institute Yearbook from September 2009.1.3 ImplementationIt is the responsibility of the President, the Registrar, the Academic Council, Heads of School, Heads of Department and Heads of Function to ensure that this policy is implemented.1.4 MeasurementThe policy is measured by internal audits, Programmatic Review and external peer review.1.5 EvaluationEach quality process will be audited for compliance by the Registrar’s Office annually. This audit can include recommendations for minor changes to the process. The audit reports will be placed before the Academic Council.The Academic Council will conduct an evaluation of each process against national and international best practice on a three year cycle. The environmental scanning technique discussed in the Institute’s Self-Study 2009 will support this evaluation.1.6 Continuous ImprovementRecommendations for improvement will be generated through the measures indicated in 1.4 and 1.5 above. The implementation of these recomendations will ensure continuous improvement.1.7 Key Performance Indicators(i) Each of the seven areas identified under the European Standards and Guidelines will be revised on a three year cycle. See 1.8 below.(ii) Best practice will become an embedded feature of the process and external peer review reports will testify that minimum standards are surpassed.
1.8 Goals and Objectives

PRELIMINARY GAP ANALYSIS FOR ISO 9001:2008

2009-09-30T06:29:00.001-07:00

Quality Management System Preliminary Gap Analysis
Decide on a number from 0 to 5 for each item below. The scoring criteria are given in a table at the end. 1 to 5 Make notes to explain your score for future reference.
1. Have you established, documented, implemented and now maintain a Quality Management System (QMS) to any system including ISO 9001?
2. Have you identified the processes needed for your QMS and
a. the sequence of your production and service delivery processes,
b. the criteria and methods needed to ensure the processes are effective, and
c. have the resources and the information you need to support the processes?

3. Do you have
a. a Quality Manual including your Quality Policy and quality objectives, and
b. written procedures and work instructions?
4. Do your records provide evidence that your business processes are effective?
5. Is your Top Management committed to the development and implementation of a new QMS (i.e. based on the 2008 version of ISO 9001)?

6. Has your Top Management communicated the importance of meeting customer and other business requirements to all the employees?
7. Has your Top Management made a commitment to ensure your customers’ requirements are top priority?
8. Do your quality objectives include requirements for production and delivery?
9. Are your quality objectives measurable?
10. Have the responsibilities and authorities of managers and employees been defined and communicated to them?
11. Does your management have the drive and resources needed
a. to implement, and maintain a QMS and continually improve its effectiveness, and
b. to enhance customer satisfaction by meeting customer requirements?
12. Does your organization have procedures to select competent personnel for work activities?
13. Does your organization provide training or take other action to help develop your people?
14. Does your organization provide adequate:
a. buildings, workspace and utilities,
b. process equipment, and
c. supporting services such as transport or communication?
15. When you receive a customer order do you review it for
a. requirements specified by the customer, including the delivery and post-delivery activities,
b. requirements not stated by the customer but necessary for specified use or known and intended use, and
c. statutory and regulatory requirements related to the product?
16. Do you inform your customers concerning
a. product information,
b. enquiries, contracts or order handling, including changes, and
c. channels for customer feedback and complaints?
17. Does your organization plan and control product design and development activities?
18. Does your organization maintain records of design or development review, verification and validation activities and resulting action?
19. Does your organization inspect or otherwise confirm that purchased products, materials, components and services conform to your specified purchase requirements?
20. Does your organization select suppliers depending on how important the purchased product is for production?
21. Does your organization evaluate suppliers (subcontractors or vendors) based on their ability to satisfy your requirements?
22. Do you ensure production has
a. the information that describes the characteristics of the product,
b. the necessary work instructions,
c. suitable equipment, and
d. the monitoring and measuring devices needed?
23. Does your organization regularly confirm that your production and service processes are capable of consistently meeting your requirements?
24. Are parts, components, subassemblies and products identified throughout production or service delivery?
25. Are monitoring and measurement requirements clearly shown with the status of the product?
26. Where traceability is a requirement, does production keep records of unique product identification?
27. Do you care for and protect customers’ property under your control or being used by your people?
28. Do you look after your product (including the parts or components) during both production and delivery to the customer, by providing suitable identification, packaging, storage, preservation and handling?
29. Do you have instructions needed to identify inspection or monitoring activities to be done during production or service delivery and the devices to be used?
30. Is your measuring equipment:
a. Calibrated or verified at specified intervals, or prior to use?
b. Adjusted or re-adjusted as necessary?
c. Identified to enable the calibration status to be determined?
d. Safeguarded from adjustments that would invalidate the measurement result?
e. Protected from damage and deterioration during handling, maintenance and storage?
31. Does your organization monitor customer information that shows you have satisfied customer requirements?
32. Does your organization conduct internal quality audits at planned intervals?
33. Does your organization use suitable methods to monitor and, where practical, measure the performance of your processes?
34. Does your organization inspect or measure the characteristics of finished products and record the results?
35. Does your organization identify nonconforming products and review them for disposition?
36. Does your organization collect and analyze data to assess the suitability and effectiveness of the QMS?
37. Does your organization use data to evaluate or identify where continual improvement of the QMS can be made?
38. Does your organization continually improve the effectiveness of the QMS?
39. Does your organization take corrective action to eliminate the causes of problems and to prevent their recurrence?
40. Does your organization determine and eliminate potential nonconformities in order to prevent their occurrence?
To score this table:
0 – You do not understand what is required or believe it is necessary
1 – Your organization does not perform this activity
2.- You understand this activity is a good thing to do but do not do it
3 – You do this sometimes
4 – You do this but not very well
5 – You do this quite well.
Add all the points together.
150 – 200
You are almost ready to complete your ISO 9001 QMS and apply for certification/
registration.
100 – 149
You are ready to implement the QMS. This will likely improve your business results.
0 – 99
You have a lot to do but should begin. You could consider seeking help from a
consultant or specialist.

Improve your performance management with new version of ISO 9001

2009-09-30T06:28:00.004-07:00

A quality management system enables you to manage your business processes effectively:
it is much more than a set of rules and procedures. When properly implemented and maintained, a QMS addresses the needs of your organisation and delivers tangible business benefits.
The new version of ISO 9001 has recently been published. One of the main aims of ISO 9001:2008 is to facilitate integration with other standards. Although there are no new requirements as such, there are some key clarifications to be taken into account.
There are three main objectives to the new standard:
Detail, clarify, improve the understanding of ISO 9001:2000 (previous version)
Improve compatibility with ISO 14001:2004 Simplify the way in which ISO 9001 can be integrated with other management system standards (such as OHSAS 18001)
There are no new requirements in the new standard:
The title, scope, and structure of the standard are unchanged
The process approach is confirmed
Compatibility with the latest revision of ISO 14001:2004 is maintained and improved upon
Preservation of the quality management principles included in ISO 9000:2000
There are five main areas to note. The relevant sections of the standard are noted in brackets.
1. A reinforcement of the notion of product conformity
2. Compatibility with other standards is evolving
3. A better understanding of outsourced processes
4. An editorial clarification of some requirements – for instance;
A reinforcement of the notion of product conformity2.3.4.
An editorial clarification of some requirements – for instance;A better understanding of outsourced processesCompatibility with other standards is evolving
• (6.4) work environment, including an explanatory note on work environment giving examples,
to help meet product conformity requirements
• (8.2.1) measurement of customer satisfaction, including a note broadening the scope beyond
satisfaction surveys to include other channels such as customer feedback5.
• (Introduction) the notion of risk
• (5.5.2) appointment of a management représentative
• (6.2.2) assessing the effectiveness of achieving compétence
• (8.5.2 et 3) assessing the effectiveness of corrective and preventive actions?
Some additional explanations regarding the requirements of the standard;An editorial clarification of some requirements – for instance;A better understanding of outsourced processesCompatibility with other standards is evolvingA reinforcement of the notion of product conformity

The Similarity between ISO 9001 and BS 7799-2

2009-09-30T06:28:00.003-07:00

The Similarity between ISO 9001 and BS 7799-2
BS 7799-2:2002 is a specification for an Information Security Management System (ISMS). It is shortly to be upgraded to the status of a full
International Standard, and published as ISO/IEC 27001. The normative part of this standard has four sections and an annex . The requirements of the four sections are associated with the PDCA cycle. The annex defines all the controls that must be considered for generating the SOA. Thus the structure of BS 7799-2:2002, as will be ISO/IEC 27001, can be simply described as:
A PDCA framework;
An SOA.
ISO 9001:2000 is a specification for a Quality Management System (QMS). The normative part of this standard has five normative sections,
numbered 4 – 8. All of these requirements must be met in order to claim conformance with the standard, save for section 7 (Product Realisation),
where the standard states in paragraph 1.2 “Where exclusions are made, claims of conformity to this International Standard are not acceptable unless
these exclusions are limited to requirements within clause 7, an such exclusions do not affect the organisation’s ability, or responsibility, to provide
product that meets customer and applicable regulatory requirements”.
In Table 2 we relate the requirements of sections 4, 5, 6 and 8 to the PDCA framework. We treat section 7 as an SOA.
The BS 7799-2:2002 standard gives instruction on how the controls documented in BS 7799-2 Annex A are to be determined as being applicable or nonapplicable. In particular, if the control is applicable it must be justified in terms of the results of a risk assessment.
The controls listed in Section 7 of ISO 9001 may be excluded with justification. Thus, Section 7 of ISO 9001 may be treated in exactly the same manner as BS 7799-2 Annex A provided that applicable quality controls are also justified by
reference to a risk assessment. Conversely for an integrated MS, information security controls that are declared to be non-applicable should also be
justified as not applicable by reference to a risk assessment, in order to bring the two standards into line. Interestingly, this requirement was present in
BS 7799-2:1999 but was dropped in the 2002 revision.
The amalgamation of these two approaches in an integrated MS should not be seen as a disadvantage. The justification of non-applicable information security controls greatly simplifies the task of determining, given a change of threat or
business practice, whether a non-applicable control has now become applicable. The justification of Product Realisation controls by way of a reference to a risk assessment serves to remind us that, for many organisations, quality controls are not uniform across the whole organisation but are commensurate with the degree of risk involved.
For example, in the software business, a fixed price assignment with tight timescales to produce a bespoke software system has a greater risk than a
time and materials contract to supply programming staff, and the quality controls applied to management planning and reporting of the two projects would be very different.

BACKGROUND TO THE ISO 9001:2008 REVISION PROCESS

2009-09-30T06:28:00.001-07:00

BACKGROUND TO THE ISO 9001:2008 REVISION PROCESS
In order to assist organizations to have a full understanding of the new ISO 9001:2008, it may be useful to have an insight on the revision process, how this revision reflects the inputs received from users of the standard, and the consideration given to benefits and impacts during its development.
Prior to the commencement of a revision (or amendment)to a management system standard, ISO/Guide 72:2001 Guidelines for the justification and development of management system standards recommends that a Justification Study” is prepared to present a case for the proposed project and that it outlines details of the data and inputs used to support its arguments. In relation to the development of ISO 9001:2008 user needs were identified from the following:
- the results of a formal “Systematic Review on ISO 9001:2000 that was performed by the members of ISO/TC 176/SC2 during 2003-2004
- feedback from the ISO/TC 176/Working Group on Interpretations,
- the results of an extensive worldwide “User Feedback Survey on ISO 9001 and ISO 9004″ by ISO/TC 176/SC 2/WG 18 and similar national surveys.
The key focuses of the ISO 9001:2008 amendment were to enhance the clarity of ISO 9001:2000 and to enhance its compatibility with ISO 14001:2004.
A tool for assessing the impacts versus benefits for proposed changes was created to assist the drafters of the amendment in deciding which changes should be included, and to assist in the verification of drafts against the identified user needs. The following decision making principles were applied:1) No changes with high impact would be incorporated into the standard;
2) Changes with medium impact would only be incorporated when they provided a correspondingly medium or high benefit to users of the standard;
3) Even where a change was low impact, it had to be justified by the benefits it delivered to users, before being incorporated.
The changes incorporated in this ISO 9001:2008 edition were classified in terms of impact into the following categorie
- No changes or minimum changes on user documents, including records
- No changes or minimum changes to existing processes of the organization
- No additional training required or minimal training required
- No effects on current certifications
The benefits identified for the ISO 9001:2008 edition fall into the following categories:
- Provides clarity
- Increases compatibility with ISO 14001.- Maintains consistency with ISO 9000 family of standards.
-

Improves translatability

Summaries of changes to ISO 14001

2009-09-30T06:27:00.004-07:00

Summaries of changes to ISO 14001
ISO 14001 year 2004 changes are consider having some effect on EMS ISO 14001, the changes require reviewing the EMS and taking action for transition (information is under control of TC 207). Considering the most relevant changes in advancing / transition to ISO 14001 2004 standard includes (an overview for transition / implementation):
Clause 4.1, Scope – requires defining the scope of the EMS (environmental management system) linking to the organizations activities, products, and services (and processes). First consider defining the scope of the EMS within the “boundaries” of products, services, activities, and processes as these relate [for ISO 9001:2000 organizations consider requirement 4.1, and organizations implementing ISO 14001 may be helpful reading ISO 9001:2000 clause 4.1]. The previous indicates an overview on how the EMS fulfills ISO 14001 2004 [some thoughts are internal auditing, management system review providing that these link].
Clause 4.2, Policy – The scope of the EMS and its policy must be consistent. The requirements for the policy remains about the same, now explicitly indicating that must be developed by top management, and other explicit terms in tune with the 1996 version.
Clause 4.3.1, Environmental Aspects Identification – Changes involve in assisting to clarifying statements from 1996 version and the change of the “or” for “and” (within the scope of the EMS); “… products and services…” Control and influence are now mutually exclusive, whilst introducing planned and new developments… new and modified activities… Considering identifying significant aspects must occur from development, implementation, and maintaining the EMS (see 4.1). Information on environmental aspects needs be in documentation format.
To a more assertive statement, “… over which it can be expected to have…” changes to the following “…those which it can influence.”
Clause 4.3.2, Legal and Other Requirements – The wording changes to “legal” in better addressing context to different world regions. Consideration must be given with changes to clause 4.1, for development, implementation, and maintaining the EMS.
Clause 4.3.3 – No significant change.
Clause 4.3.4 – No significant change.
Clause 4.4.1 , Resources, Roles, Responsibility and Authority, please note that this is a new title. This title reflects the importance and relevancy of each term to the EMS. Some minor wording changes include from “…provide…” to “…ensure the availability…” Do not forget that this will require reviewing auditing, planning, and responding to emergencies.
Clause 4.4.2, Competence, Training and Awareness – Whilst using the same
terms in the title notice the change in sequence. This change reflects the expected order of importance of the terms-subjects. Also consider that introduces a new phrase that broadens the individuals within an EMS; “…persons working for, or on behalf of …” Combining these previous two sentences, provides for the organization to include not only relevancy to significant environmental aspects but as well extending to those working for or in behalf of the organization . (Note: also consider that training provider and supporting services are inclusive to 4.4.6).
Clause 4.4.3, Communication – In specifically addressing the European Requirements (EMAR / EMAS), if the organization decides communicating externally the environmental aspects (environmental performance), ISO 14001:2004 address this issue. This is strictly on a volunteer globally, realizing that within the European Union is require.
Clause 4.4.4, Environmental Management System Documentation – in pursuit
of continuing compatibility with ISO 9001:2000 the term applied is “Documentation.”
Thereof, consider this clause also in the light of ISO 9001:2000 when integrating
EMS and QMS. The EMS documentation and records must be those to ascertain
objective evidence on the effectiveness of implementing the policy, planning, and
execution (including improving), control of operations, verification, and control,
improving, and reviewing the EMS.
Clause 4.4.5, Document Control – Again, changing the title and wording reflects
compatibility with ISO 9001:2000. Other than compatibility between QMS ISO
9001:2000 and EMS ISO 14001:2004 there are no significant changes.
4.4.6, Operational Control – No significant change.
4.4.7, Emergency Preparedness and Response – The structure changes by
placing some of its already content in bullets to emphasize each as pointer for the organization to address.
4.5.1, Monitoring and Measurement – Best to see new clause 4.5.2.
4.5.2, Evaluation of Legal Compliance – This is a new clause
[Note: addressing the concern of many government entities / authorities on
their responsibility on environmental and social issues and EMS ISO 14001 1996].
This is construe as the most impacting change to ISO 14001 2004 – this “new” clause brings the last paragraph of 4.5.1 as a separate clause. This clause brings the importance of periodically reviewing legal requirements / compliance under which the organization ascribes. It implies provision of records to demonstrate that this review occurs. This requires that the EMS be review to address the requirements of this “new” clause.
4.5.3, Non Conformance, Corrective and Preventive Action – Includes clarifications ascertaining that prevention (measures or potential of non conformity)and corrective action are two occurring events (which may be mutually inclusive).
Thereof, “action to eliminate the causes of potential non conformities to prevent their occurrence” can lead to changes in your EMS procedures.
4.5.4, Records – States that organizations need records to demonstrate
implementation of procedures and achieving results. These must demonstrate complying with the EMS (procedures and results). Whilst record retention times are not specifically required, record retention needs being specified (consider legal requirements and contractual agreements such that provide a demonstrable sustainable EMS).
4.5.5, Environmental Management System Audit – Whilst there are no wording changes, auditing must be reviewed in the light and effect of other changes (such as 4.5.1, 4.4.2).
4.6, Management Review – The wording provides (more direct) compatibility with ISO 9001:2000, which includes inputs and outputs for reviewing the EMS. Addition includes reviewing for improving the EMS (from target and not merely objectives).
The advent of ISO 14001:2004 shall not require additional training, unless otherwise the organization decides for a short review presentation or an “IMS” (integrated management systems,” integration of management systems such as ILO-OSH, OSH.MS, OSHAS 18001, ISO 9001 and variants with ISO 14001.) It will require reviewing the EMS by management, (perhaps a gap analysis), acting on any changes, inclusive to auditing against ISO 14001:2004 before transition.

Summaries of changes to ISO 14001

2009-09-30T06:27:00.003-07:00

Concept Of Quality – Historical Background
The concept of quality as we think of it now first emerged out of the Industrial Revolution. Previously goods had been made from start to finish by the same person or team of people, with handcrafting and tweaking the product to meet ‘quality criteria’. Mass production brought huge teams of people together to work on specific stages of production where one person would not necessarily complete a product from start to finish. In the late 1800s pioneers such as Frederick Winslow Taylor and Henry Ford recognized the limitations of the methods being used in mass production at the time and the subsequent varying quality of output. Taylor established Quality Departments to oversee the quality of production and rectifying of errors, and Ford emphasized standardization of design and component standards to ensure a standard product was produced. Management of quality was the responsibility of the Quality department and was implemented by Inspection of product output to ‘catch’ defects. Application of statistical control came later as a result of World War production methods. Quality management systems are the outgrowth of work done by W. Edwards Deming, a statistician, after whom the Deming Prize for quality is named.
Quality, as a profession and the managerial process associated with the quality function, was introduced during the second-half of the 20th century, and has evolved since then. Over this period, few other disciplines have seen as many changes as the quality profession.
The quality profession grew from simple control, to engineering, to systems engineering. Quality control activities were predominant in the 1940s, 950s, and 1960s. The 1970s were an era of quality engineering and the 1990s saw quality systems as an emerging field. Like medicine, accounting, and engineering, quality has achieved status as a recognized profession.

Concept of quality – historical background

2009-09-30T06:27:00.001-07:00

Five Steps to Implementing ISO 14001:2004

2009-09-30T06:26:00.000-07:00

ISO 14001 provides a logical, common-sense approach for
businesses to adopt. To start it is recommended to carry out an
environmental review of the business and the Annex to the Standard
provides guidance on the approach required. The Standard then
requires a management system to be developed that addresses the
key environmental issues that were identified by the review as being
relevant to the business, through a rational programme of control and
continual improvement.
There are five key steps to ISO 14001 EMS implementation, and
subsequent operation which are clearly laid out in just three pages of
text.
The five key steps are:
1. Environmental Policy
2. Planning
3. Implementation and Operation
4. Checking and Corrective Action
5. Management Review
Step 1. Environmental Policy
The company or organisation must write an environmental policy
statement which is relevant to the business activities and approved by
top management. Their full commitment is essential if environmental
management is to work. The ISO 14001 Standard clearly sets out
what to cover in the policy. Often a one page document is sufficient.
Produce a first issue and expect to amend it several times before
assessment and registration as knowledge grows in the company.
Step 2. Planning
Plan what the EMS is to address.
Environmental aspects
First make lists of the environmental aspects (issues) that are relevant
to the business. The environmental review mentioned earlier should
provide most of this information and the Annex to ISO 14001 provides
guidance on the format for doing this.
Consider the inputs, outputs and processes/activities of the business in
relation to;
a) emissions to air
b) releases to water
c) waste management
d) contamination of land
e) use of raw materials and natural resources
f) other local environmental and community issues
Consider both site (direct) and offsite (ie. indirect) aspects that you
control or have influence over (such as suppliers) and in relation to
normal operations, shut-down and start-up conditions and reasonably
foreseeable and emergencies situations.
A simple written procedure is then required to determine which of the
aspects identified are really or probably significant (important) and
training needs, outline the key stages of the project and dates that will
lead to the target achievement).
Gradually apply environmental management programme thinking to
such things as the introduction of new products, new or improved
processes and other key activities of the business. In particular,
ensure existing projects become environmental management projects
where there is a significant environmental impact involved, so that the
EMS becomes company wide. This is a frequent oversight found
during ISO 14001 assessments. The EMS must cover the whole
business – like a net thrown over the whole business and for example
including such things as engineering and maintenance
Step 3. Implementation and Operation
Structure and responsibility
Appoint one or more people, depending on the size of the business, to
have authority and responsibility for implementing and maintaining the
EMS and provide sufficient resources. (It’s worth monitoring costs
carefully and benchmarking these against key consumption figures so
that improvements delivered by the EMS become apparent).
Training, awareness and competence
Implement a procedure to provide environmental training appropriate
to identified needs for management, the general workforce, project
teams and key plant operators. This can have far reaching benefits
on employee motivation. The workforce is usually very supportive of
moves to achieve genuine environmental improvement. Every
company has its share of cynics but even some of these can be won
over with time. Training will vary from a general briefing for the
workforce to detailed environmental auditor training.
Communication
Implement procedures to establish a system of internal and external
communication to receive environmental information and respond to it
and to circulate new information to people that need to know. This will
include: new legislation, information from suppliers, customers and
neighbours and communications both with employees and for
employees about progress with the EMS. This process can often
generate worthwhile ideas from employees themselves for future
environmental improvements.
Environmental management system documentation
The EMS itself needs to be documented with a manual, procedures
and work instructions but keep it brief and simple. The Standard
clearly states where procedures are required. Eleven system
procedures are required to maintain the EMS, plus operating work
instructions but if you already have ISO 9000, this will cover most of six
of the procedures required and a quality system can certainly be
expanded to cover ISO 14001 as well. Cross reference the EMS
manual to other environmental and quality documents to link the EMS
and to integrate it with existing business practices.
Operational control
Implement additional operating procedures (work instructions) to
control the identified significant (important) aspects of production
processes and other activities. Some of these will already exist but
may need a ‘bit of polish’. Don’t forget significant aspects that relate to
goods and services from suppliers and contractors.
Emergency preparedness and response
Implement procedures to address reasonably foreseeable
emergencies and to minimise their impact should they occur. (eg. Fire,
major spillages of hazardous materials, explosion risks etc.)
Step 4. Checking and Corrective Action
Monitoring and measurement
Implement procedures to monitor and measure the progress of
projects against the targets which have been set, the performance of
processes against the written criteria using calibrated equipment (verify
monitoring records) and regularly check (audit) the company’s
compliance with legislation that has been identified as relevant to your
business. The most effective way of doing this is through regular
progress meetings.
Nonconformance and corrective and preventive action
Implement procedures to enable appropriate corrective and
subsequent preventive action to be taken where breaches of the EMS
occur (eg. process control problems, delays in project process, noncompliance
with legislation, incidents etc.).
Records
Implement procedures to keep records generated by the
environmental management system. The Annex to the Standard
suggests those that are likely to be required.
Environmental management system audit
Implement a procedure to carry out audits of each part of the EMS and
company activities and operations to verify both compliance with the
EMS and with ISO 14001. Audit results must be reported to top
management . A typical audit cycle is one year but more critical
activities will require auditing more frequently.
Step 5. Management Review
At regular intervals (typically annual), top management must conduct
through meetings and record minutes of a review of the EMS, to
determine that it is still appropriate and effective or to make changes
where necessary. Top management will need to consider audit
results, project progress, changing circumstances and the requirement
of ISO 14001 for continual improvement, through setting and achieving
further environmental targets.

ISO 9001:2008 Requirements – QMS

2009-09-30T06:25:00.002-07:00

ISO 9001:2008 Requirements – Quality Management System
Establish, document, implement, and maintain a quality management system. Continually improve its effectiveness in accordance with ISO 9001 requirements. Implement the system to:? Determine processes needed for the quality management system (and their application throughout the organization)? Determine process sequence and interaction? Determine criteria and methods for process operation and control? Ensure resources and supporting information are available? Monitor, measure where applicable, and analyze these processes? Implement actions to achieve planned results and continual process improvementManage these processes in accordance with ISO 9001 requirements. Define the type and extent of control applied to any outsourced processes that affect product conformity to requirements.NOTE 1: Processes needed for the quality management system include the processes for management activities (see 5), provision of resources (see 6), product realization (see 7), and measurement, analysis, and improvement (see 8).NOTE 2: An outsourced process is a process the organization needs for its quality management system, and which the organization chooses to have performed by an external party.NOTE 3: Ensuring control over outsourced processes does not absolve your organization of the responsibility to conform to all customer, statutory, and regulatory requirements. The type and extent of control applied to an outsourced process can be influenced by factors such as:? Potential impact of the outsourced process on your organization’s capability to provide product that conforms to requirements? Degree to which the control for the process is shared? Capability of achieving the necessary control through the application of 7.4

ISO 9001:2008 Requirements – Documentation Requirements

2009-09-30T06:25:00.001-07:00

ISO 9001:2008 Requirements – Documentation Requirements
Include in the quality management system documentation:? Documented statements of a quality policy and quality objectives? A quality manual? Documented procedures and records required by ISO 9001? Documents and records determined by the organization to be necessary for the effective planning, operation, and control of its processesNOTE 1: Where “documented procedure” appears within the Standard, this means that the procedure is established, documented, implemented, and maintained. A single document may address the requirements for one or more procedures. A requirement for a documented procedure may be covered by more than one document.NOTE 2: The extent of the quality management system documentation can differ from one organization to another due to:? Size of the organization and type of activities? Complexity of processes and their interactions? Competence of personnelNOTE 3: The documentation can be in any form or type of medium.4.2.2 Quality ManualEstablish and maintain a quality manual with:? Scope of the quality management system? Details and justification for any exclusions? Procedures or references to the procedures? Description of interaction between processes4.2.3 Control of DocumentsControl the documents required by the quality management system. Records are a special type of document and must be controlled as required by clause 4.2.4.
Establish a documented procedure to:? Approve documents for adequacy prior to issue? Review, update as necessary, and re-approve documents? Identify the changes and current document revision status? Make relevant documents available at points of use? Ensure the documents remain legible and readily identifiable? Identify external documents and control their distribution? Prevent obsolete documents from unintended use? Apply suitable identification if obsolete documents are retained4.2.4 Control of RecordsEstablish and control records as evidence of conformity to requirements and to demonstrate the effective operation of the quality management system.Establish a documented procedure to define the controls needed for record:? Identification? Storage? Protection? Retrieval? Retention? DispositionKeep records legible, readily identifiable, and retrievable.

ISO 9001:2008 Requirements – Management Responsibility

2009-09-30T06:24:00.002-07:00

ISO 9001:2008 Requirements - Management Responsibility
All requirements in clause 5 are the responsibility of top management.5.1 Management CommitmentProvide evidence of management commitment to develop and implement the quality management system, as well as, continually improve its effectiveness by:? Expressing the importance of meeting requirements? Establishing the quality policy and quality objectives? Conducting management reviews? Ensuring the availability of necessary resources
5.2 Customer FocusEnsure customer requirements are determined and met in order to improve customer satisfaction.5.3 Quality PolicyEnsure the quality policy is:? Appropriate to the purpose of the organization? Focused on meeting requirements and continual improvement? Used as a framework for quality objectives? Communicated and understood at appropriate levels? Reviewed for continuing suitability5.4 Planning5.4.1 Quality ObjectivesEnsure quality objectives, including those needed to meet product requirements, are established at the relevant functions and levels within the organization. Ensure quality objectives are measurable and consistent with the quality policy.5.4.2 Quality Management System PlanningEnsure that planning for the quality management system:? Meets the general requirements (4.1), as well as, quality objectives (5.4.1)? Maintains the system integrity when changes are planned and implemented5.5 Responsibility, Authority, and Communication5.5.1 Responsibility and AuthorityEnsure responsibilities and authorities are defined and communicated within the organization.
5.5.2 Management RepresentativeAppoint a member of your management who, irrespective of other duties, has the responsibility and authority to:? Ensure the needed processes are established, implemented, and maintained? Report to top management on quality management system performance? Report to top management on any need for improvement? Ensuring the promotion of awareness of customer requirementsNOTE: The responsibility of a management representative can include being the liaison with external parties on matters relating to the quality management system.5.5.3 Internal CommunicationEnsure the appropriate communication processes are established and carried out within the organization regarding the effectiveness of the system.5.6 Management Review5.6.1 GeneralReview the quality management system at planned intervals to:? Ensure a suitable, adequate, and effective system? Assess possible opportunities for improvement? Evaluate the need for any changes to the system? Consider the need for changes to the quality policy and objectivesMaintain records of the management reviews.5.6.2 Review InputInputs for management review must include information on:? Results of audits? Customer feedback? Process performance and product conformity? Status of preventive and corrective actions? Follow-up actions from earlier reviews? Changes that could affect the quality system? Recommendations for improvement
5.6.3 Review OutputOutputs from the management review must include any decisions and actions related to:? Improvement of the effectiveness of the quality management system and its processes? Improvement of product related to customer requirements? Resource needs

ISO 9001:2008 Requirements – Resource Management

2009-09-30T06:24:00.001-07:00

ISO 9001:2008 Requirements – Resource Management
6.1 Provision of ResourcesDetermine and provide the resources necessary to:? Implement and maintain the quality management system? Continually improve the effectiveness of the system? Enhance customer satisfaction by meeting customer requirements6.2 Human Resources6.2.1 GeneralEnsure people performing work affecting conformity to product requirements are competent based on the appropriate education, training, skills, and experience.NOTE: Conformity to product requirements can be affected directly, or indirectly, by personnel performing any task within the quality management system.6.2.2 Competence, Training, and AwarenessThe organization must:? Determine the competency needs for personnel? Provide training (or take other actions) to achieve the necessary competence? Evaluate the effectiveness of the actions taken? Inform employees of the relevance and importance of their activities? Ensure they know their contribution to achieving quality objectives? Maintain education, training, skill, and experience records
6.3 InfrastructureDetermine, provide, and maintain the necessary infrastructure to achieve product conformity. Infrastructure includes, as applicable:? Buildings, workspace, and associated utilities? Process equipment (both hardware and software)? Supporting services (such as transport, communication, or information systems)6.4 Work EnvironmentDetermine and manage the work environment needed to achieve product conformity.NOTE: The term “work environment” relates to those conditions under which work is performed, including physical, environmental, and other factors such as noise, temperature, humidity, lighting, or weather.

ISO 14001 And The Environment

2009-09-23T06:49:00.001-07:00

The ISO 14000 family of International Standards on environmental management is a relative newcomer to ISO’s portfolio – but enviroment-related standardization is far from being a new departure for ISO.
In fact, ISO has two-pronged approach to meeting the needs of business, industry, governments, non-governmental organizations and consumers in the field of the environment.
On the one hand, it offers a wideranging portfolio of standardized sampling, testing and analytical methods to deal with specific environmental challenges. It has developed more than 350 International Standards (out of a total morethan 12000) for the monitoring of such aspects as the quality of air, water and soil. These standards are means of providing business and government with scientifically valid data on the environmental effects of economic activity.
They also serve in a number of countries as the technical basis for environmental regulations.
ISO is leading a strategic approach by developing environmental management system standards that can be implemented in any type of organization in either public or private sectors (companies, administration, public utilities). To spearhead this strategic approach, ISO establish a new technical commitee, ISO /TC 207, Environmental management, in
1993. This followed ISO’s successful pioneering experience in management system standardization with the ISO 9000 series for quality management.
ISO’s direct involvement in environmental management stemmed from an intensive consultation process, carried out within the framework of a Strategic Advisory Group on Environment (SAGE),set up in 1991, in which 20 countrie, 11 international organizations and more than 100 environmental experts participated in defining the basic requirements of a new approach to environment-related standards.
This pioneering work was consolidated with ISO’s commitment to support the objective of “sustainable development” dicussed at the United Nations Conference on Environment and Development in Rio de Janeiro in 1992.
Today, delegations of business and government experts from 55 countries have participate actively within TC 207,
and another 16 countries have observer status. These delegations are chosen by the national standars institute concerned and they are required to bring to TC 207 a national consensus on issue being addressed by the commitee.
This national consensus is derived from a process of consultation with interested parties.
From its beginning, it was recognized that ISO/TC 207 should have close cooperation with ISO/TC 176, Quality management and quality assurance, in the areas of management systems, auditing and related terminology. Active efforts are under way to ensure compatibility of ISO environmental management and quality management standards, for the benefit of all organizations wishing to implement them.