INTEGRATED MANAGEMENT SYSTEM

CONTENTS 1. An Overview & Common Requirements 2. Key Requirements of ISO 9001 3. ISO 14001 & The Key Requirements 4. OHSAS 18001 & The Key Requirements 5. Dos & Donts During an External ISO Audit

PAGE 2-3 4-7 8-12 13-15 16

Pg 1 of 16

INTEGRATED MANAGEMENT SYSTEM

AN OVERVIEW OF INTEGRATED MANAGEMENT SYSTEM (IMS)

The IMS comprises the following standards: 1. ISO 9001:2000 (Quality Management System) 2. ISO 14001:1996 (Environmental Management System) 3. OHSAS 18001:1999 (Occupational Health & Safety Management System) All 3 standards have a similar structure which enables integration. Many requirements within ISO 14001 & OHSAS 18001 are very similar.

COMMON IMS REQUIREMENTS: 1. The IMS covers all activities of the organisation from operations to support activities. Eg. from tendering to execution to handover of completed works to defects liability stage. 2. Management Commitment must be apparent. 3. Process Planning identify key processes, monitor and manage key processes. Implement process approach and PDCA (Plan-Do-Check-Act) cycles. 4. Data Collection & Analysis - of data pertaining to customers, suppliers, product & process, impact and risk analysis. This enables top management to make effective decisions based on analysis of the data. 5. Emphasis on Performance Improvement & Continual Improvement.

Pg 2 of 16

INTEGRATED MANAGEMENT SYSTEM COMMON EMS & OHS REQUIREMENTS 1. Compliance with legislations and regulatory requirements, especially in the realm of environmental protection and OHS. 2. Take steps to control and manage those significant aspects / hazards or risks. For example: Establish Env/OHS management programmes Set Env/OHS objectives and targets to reduce impact and risks Determine the operation control measures to eliminate / prevent / mitigate these impacts and risks 3. Establish operation controls for the activities to ensure that they are carried out under controlled conditions: Operating criteria Procedures / work instructions Monitoring of these processes

4. Have procedures to deal with emergency situations (eg. accidents / incidents, spillages, etc). procedures. 5. Training of people involved to make them aware of environmental impacts, hazards and risks in relation to their work. Need to consider the competence of people performing such work. Training may cover management staff, employees, subcontractors/suppliers and visitors. Commonly known as Emergency Preparedness & Response

Pg 3 of 16

INTEGRATED MANAGEMENT SYSTEM

KEY REQUIREMENTS OF ISO 9001:2000

1. ISO 9001 covers all activities of the organisation from operations (eg. tendering, operations, handover, DLP) to support activities (training, purchasing, filing and record maintenance). 2. Management Commitment Senior management involvement in the quality management system must be apparent. This is a major area of audit. 3. Process Planning & Approach Need to identify key processes, monitor and manage these key processes. Implement a process approach and adopt the PDCA cycle in every process. 4. Customer Focus Must know what the customer requirements are. May come in form of specifications, drawings, instructions, standards and codes (where applicable), etc. 5. Customer Satisfaction Information Monitoring Customer Complaints alone is NOT adequate. Need to find out if customers are indeed satisfied with our products / services and how satisfied they are. 6. Data collection and analysis Data on customers, suppliers/subcons, products and processes. analysis. 7. Emphasis on Performance Improvement and Continual Improvement. 8. Documentation Requirements: a. Quality Policy & Objectives b. Quality Manual This will enable effective decisions to be made based on facts and

Pg 4 of 16

INTEGRATED MANAGEMENT SYSTEM c. Quality Procedures (minimum 6 mandatory documented procedures i.e. Control of Documents, Control of Records, Internal Audit, Control of Nonconforming Product, Corrective Action, Preventive Action). d. Planning & Operations documents (eg. time schedules, resource planning, specifications / drawings, contract documents, method statements, handover evidence, etc) e. Records (eg. inspection records, test results / reports, progress reports/ records, etc) ISO 9001:2000 The Standard Clause headings: 1. Scope 2. Normative Reference 3. Terms & Definitions 4. Quality Management System 5. Management Responsibility 6. Resource Management 7. Product Realisation 8. Measurement, Analysis & Improvement ISO 9001 requirements are within clauses 4, 5, 6, 7 and 8. Clause 1 - Scope: a. Generally : To consistently meet customer and applicable regulatory requirements. To enhance customer satisfaction with continual improvement and assurance of conformity. b. Application : Applicable to all types and sizes of product / service based organisations. Exclusions limited to Cl. 7 requirements only.

Pg 5 of 16

INTEGRATED MANAGEMENT SYSTEM Clause 2 - Normative Reference: All undated references indicated in ISO 9001:2000 should refer to their latest editions. Clause 3 Terms & Definitions : To refer to ISO 9000:2000. Clause 4 Quality Management System : Cl. 4.1 General Requirements Cl. 4.2 Documentation Requirements : Not all procedures need to be documented but there are 6 mandatory documented procedures. Control of Documents, Control of Records. Clause 5 Management Responsibility : Cl. 5.1 Management Commitment Cl. 5.2 Customer Focus Cl. 5.3 Quality Policy Cl. 5.4 Planning Cl. 5.5 Responsibility, Authority and Communication Cl. 5.6 Management Review Clause 6 Resource Management : Cl. 6.1 Provision of Resources Cl. 6.2 Human Resources Cl. 6.3 Infrastructure Cl. 6.4 Work Environment Clause 7 Product Realisation : Cl. 7.1 Planning of Product Realisation Cl. 7.2 Customer Related Processes Cl. 7.3 Design & Development Cl. 7.4 Purchasing Cl. 7.5 Product & Service Provision Cl. 7.6 Control of Monitoring & Measuring Devices

Pg 6 of 16

INTEGRATED MANAGEMENT SYSTEM

Clause 8 Measurement, Analysis & Improvement Cl. 8.1 General Cl. 8.2 Monitoring & Measurement Cl. 8.3 Control of Nonconforming Product Cl. 8.4 Analysis of Data Cl. 8.5 Improvement The 8 Quality Management Principles 1. Customer Focus 2. Leadership 3. Involvement of People 4. Process Approach 5. System Approach to Management (system is a set of interrelated processes) 6. Continual Improvement 7. Factual Approach & Decision Making 8. Mutually Beneficial Supplier Relationships Network of Processes The entire ISO 9000 system is based on the PDCA (Plan-Do-Check-Act) where: P = Cl. 4, 5, 6 D = Cl. 7 C = Cl. 8 A = Cl. 8 Each process implementation should also be guided by the PDCA cycle.

Pg 7 of 16

INTEGRATED MANAGEMENT SYSTEM

ISO 14001:1996 & THE KEY REQUIREMENTS

ISO 14001 is an environmental management system that: a. Provides a framework to identify business aspects with significant impact on environment b. Sets objectives & targets to minimise these impacts c. Introduces programmes to achieve the objectives & targets d. Establishes operational control measures to ensure compliance Reasons for Implementing ISO 14000 EMS: a. Commitment to protect the environment b. Public image and good corporate citizenship c. Cost savings / efficient allocation of resources d. Stakeholders pressure e. Trade / Business restrictions (if without EMS) f. Competitors pressure Cost Savings from having an EMS: a. Efficient use of electricity, water and gas b. Efficient use of raw materials c. Efficient deployment of operatives d. Continual Improvement of process design e. Reduce process contamination, increase yield f. Reduce possible future environmental liabilities g. Reduce possible workmen compensation liabilities The above cost savings are NOT immediately gained at the beginning of EMS implementation.

Pg 8 of 16

INTEGRATED MANAGEMENT SYSTEM Truth about ISO 14000: It is NOT about prohibiting anyone from doing things harmful to the environment because whatever we do will have an impact on the environment in one way or another. ISO 14000 EMS is about knowing and understanding what exactly we are doing and how these activities impact on the environment and implementing the necessary controls on these activities. KEY REQUIREMENTS OF ISO 14001:1996 1. Compliance with legislation and regulatory requirements such as Factories Act, Environmental Pollution Control Act, etc 2. Understanding what you do will harm the environment. Need to determine: a. The environment aspects (elements of the activities which have impact on the environment eg. vehicle emission) and the impact on the environment (eg. air pollution as a result of vehicle emission). b. The significance of these aspects / impacts by evaluation of the impacts against a set criteria. Aspect & Impact analysis shall include operating conditions as in Normal, Abnormal and Emergency. approach. Method: Select an activity Identify its environmental aspects Identify its environmental impacts Evaluate significance of impacts Evaluation of significance may be based on: a. Environmental concerns such as scale of impact, severity of impact, probability of occurrence and duration of impact. The analysis should also be done on a brain-storming / team

Pg 9 of 16

INTEGRATED MANAGEMENT SYSTEM b. Business concerns such as potential regulatory and legal exposure, difficulty and cost of changing impact, effect of changes on other activities and processes, effect on public image, etc. 3. Take steps to control and manage those significant aspects by: a. Establishing environmental management programmes. The MP is used to achieve objectives and targets and shall include the identity of person responsible for it, the means to achieve it and the time frame to complete it. b. Setting environmental objectives and targets to reduce the impacts. Objective is an overall goal arising from the environmental policy and which is quantified where applicable. Target is a detailed performance requirement, quantified where practicable that arises from the objective, to be set and achieved in order to achieve that objective. c. Determining & implementing operation control measures to eliminate / prevent / mitigate these impacts. 4. Establish operation controls for the activities to ensure that they are carried out under controlled conditions. Eg. operating criteria, procedures / work instructions, monitoring of these processes. The key characteristics of processes associated with significant impacts shall be monitored. The monitoring devices shall be calibrated. 5. Have procedures to deal with emergency situations eg. accidents / incidents, spillages of chemicals, fuels, etc. Need to be proactive in determining what can possibly go wrong and have ready steps in dealing with such situations. Aim to minimise / mitigate the environmental impacts when such things occur. The procedures shall be tested periodically and reviewed and revised where necessary, especially after an accident / emergency. 6. Training of people involved to make them aware of the environmental impacts in relation to their work. subcontractors/suppliers. Such training may cover management staff, workers and

Pg 10 of 16

INTEGRATED MANAGEMENT SYSTEM 7. Institute continual improvement in environmental performance. The ISO 14001 Standard: Scope Normative references Definitions EMS Requirements 4.1 4.2 4.3 General Requirements Environmental Policy Planning 4.3.1 4.3.2 4.3.3 4.3.4 4.4 4.4.1 4.4.2 4.4.3 4.4.4 4.4.5 4.4.6 4.4.7 4.5 4.5.1 4.5.2 4.5.3 4.5.4 4.6 Environmental Aspects Legal & other Requirements Objectives & targets Environmental Management Programme(s) Structure & responsibility Training, awareness & competence Communication EMS documentation Document Control Operational Control Emergency Preparedness & Response Monitoring & measurement Nonconformance and corrective and preventive action Records EMS audit

Implementation and Operation

Checking and Corrective Action

Management Review

Concluding Remarks:

Pg 11 of 16

INTEGRATED MANAGEMENT SYSTEM

ISO 14001 does not spell out what you can or cannot do. Must comply with regulations and legal requirements. 3. 4. 5. Emphasis is on knowing what you do will harm or affect the environment and have measures to control them. Stresses on continually improving such measures. Certain areas extend to outside of the organisation (eg. to suppliers, subcontractors)

Pg 12 of 16

INTEGRATED MANAGEMENT SYSTEM

OSHAS 18001:1999 & THE KEY REQUIREMENTS

The objectives of OHS are to enable an organisation to: Identify Control Improve HAZARDS RISKS PERFORMANCE

in occupational health & safety. Reasons for Implementing an OHS Management System: a. b. c. d. e. To manage safety and health issues proactively To avoid potential liability To protect business and image To demonstrate concern to employees To ensure and assure compliance

Key Requirements of OHSAS 18001:1999 1. Compliance with legislations, regulations and other requirements such as Factories Act, Fire Safety Act, etc 2. Understanding the hazards in your activities and their associated risks and determine if those risks are tolerable. A Risk Assessment is carried out based on set criteria. Hazard is the potential to harm. Risk is a combination of the likelihood and

consequences of a specified hazardous event occurring. Hazard Identification to consider the source of harm, who or what could be harmed and how the harm could occur. Hazard identification shall include routine and nonroutine activities and should be done on a brainstorm / team approach.

Pg 13 of 16

INTEGRATED MANAGEMENT SYSTEM Risk How likely can things go wrong (likelihood)? How serious can it be if it did go wrong (severity)? Risk = Likelihood of harm x Severity of harm [a combination of likelihood and severity] Risk Assessment - is to determine if the risks are tolerable or further control measures to contain the risks are required. It also requires the consideration of legal/regulatory requirements. It shall be done with consideration for the safety/control measures already in place. Risk Control Are means of eliminating or minimising adverse effects from happening and there are basically 3 categories of action: a. Actions which eliminate / remove the hazard or target b. Actions which eliminate / reduce the consequences (eg. PPE) c. Actions which reduce the likelihood (eg. Safe Work Procedures, training, etc) 3. Take steps to control and manage those risks which are significant by: a. Setting objectives to reduce risks. b. Establishing management programmes to achieve the objectives. The MP is used to achieve objectives and targets and shall include the identity of person responsible for it, the means to achieve it and the time frame to complete it. c. Determining & implementing operation control measures to eliminate / prevent / mitigate these risks. 4. Establish operation controls for the activities to ensure that they are carried out under controlled conditions. Eg. operating criteria, procedures / work instructions, monitoring of these processes. 5. Institute continual improvement in risk management.

Pg 14 of 16

INTEGRATED MANAGEMENT SYSTEM The OHSAS 18001 Standard: 1. 2. 3. 4. Scope Reference Publications Terms & Definitions OH&S Management System Elements 4.1 4.2 4.3 General Requirements OH&S Policy Planning 4.3.1 4.3.2 4.3.3 4.3.4 4.4 4.4.1 4.4.2 4.4.3 4.4.4 4.4.5 4.4.6 4.4.7 4.5 4.5.1 4.5.2 4.5.3 4.5.4 4.6 Planning for hazard identification, risk assessment & risk Legal & Other Requirements Objectives OH&S Management Programme(s) Structure & responsibility Training, awareness & competence Consultation & communication Documentation Document & Data Control Operational Control Emergency Preparedness & response Performance measurement & monitoring Accidents, Incidents, Nonconformance and corrective and Records & record management Audit control

Implementation and Operation

Checking and Corrective Action

preventive action

Management Review

Pg 15 of 16

INTEGRATED MANAGEMENT SYSTEM

DOS & DONTS DURING AN EXTERNAL ISO AUDIT

Dos: a. RELAXAuditors arent supposed to pick on your mistakes; they are here to see if the management system is in working order. They are looking for positive evidence of compliance and conformity. b. Be prepared. Ensure all the documentation and records are in order and updated about a week prior to Audit. c. Understand the requirements in your area of work and requirements within the Standard and IMS Manuals. Its not an exam. d. Ensure files are properly labelled and identified. Its really for your own convenience when you need to quickly retrieve a document, than a show for the auditors only. e. Be punctual, friendly, courteous and attentive to the auditors. f. Pay close attention to questions asked and request for clarification, if necessary. Its ok to ask the auditor to repeat and rephrase the question. Its also ok to discuss with your colleagues before you answer. g. Be professional at all times.

Donts: a. Dont panic. b. Dont go on the offensive or defensive when questioned; no matter how you feel about the auditors or the questions asked. c. Dont argue or quarrel with the auditors. d. Dont argue or quarrel with your colleagues or bosses during the audit. e. Dont blame or bad-mouth your colleagues or anyone else during the audit if the auditor picks up a non-conformity from your area of work. f. Dont volunteer information or data unless requested to do so specifically. g. Dont offer entire file of documentation to the auditor unless requested to do so. Pick a good sample and show the auditor.

Pg 16 of 16