Professional Documents
Culture Documents
IMS Training Notes
IMS Training Notes
CONTENTS 1. An Overview & Common Requirements 2. Key Requirements of ISO 9001 3. ISO 14001 & The Key Requirements 4. OHSAS 18001 & The Key Requirements 5. Dos & Donts During an External ISO Audit
Pg 1 of 16
COMMON IMS REQUIREMENTS: 1. The IMS covers all activities of the organisation from operations to support activities. Eg. from tendering to execution to handover of completed works to defects liability stage. 2. Management Commitment must be apparent. 3. Process Planning identify key processes, monitor and manage key processes. Implement process approach and PDCA (Plan-Do-Check-Act) cycles. 4. Data Collection & Analysis - of data pertaining to customers, suppliers, product & process, impact and risk analysis. This enables top management to make effective decisions based on analysis of the data. 5. Emphasis on Performance Improvement & Continual Improvement.
Pg 2 of 16
INTEGRATED MANAGEMENT SYSTEM COMMON EMS & OHS REQUIREMENTS 1. Compliance with legislations and regulatory requirements, especially in the realm of environmental protection and OHS. 2. Take steps to control and manage those significant aspects / hazards or risks. For example: Establish Env/OHS management programmes Set Env/OHS objectives and targets to reduce impact and risks Determine the operation control measures to eliminate / prevent / mitigate these impacts and risks 3. Establish operation controls for the activities to ensure that they are carried out under controlled conditions: Operating criteria Procedures / work instructions Monitoring of these processes
4. Have procedures to deal with emergency situations (eg. accidents / incidents, spillages, etc). procedures. 5. Training of people involved to make them aware of environmental impacts, hazards and risks in relation to their work. Need to consider the competence of people performing such work. Training may cover management staff, employees, subcontractors/suppliers and visitors. Commonly known as Emergency Preparedness & Response
Pg 3 of 16
Pg 4 of 16
INTEGRATED MANAGEMENT SYSTEM c. Quality Procedures (minimum 6 mandatory documented procedures i.e. Control of Documents, Control of Records, Internal Audit, Control of Nonconforming Product, Corrective Action, Preventive Action). d. Planning & Operations documents (eg. time schedules, resource planning, specifications / drawings, contract documents, method statements, handover evidence, etc) e. Records (eg. inspection records, test results / reports, progress reports/ records, etc) ISO 9001:2000 The Standard Clause headings: 1. Scope 2. Normative Reference 3. Terms & Definitions 4. Quality Management System 5. Management Responsibility 6. Resource Management 7. Product Realisation 8. Measurement, Analysis & Improvement ISO 9001 requirements are within clauses 4, 5, 6, 7 and 8. Clause 1 - Scope: a. Generally : To consistently meet customer and applicable regulatory requirements. To enhance customer satisfaction with continual improvement and assurance of conformity. b. Application : Applicable to all types and sizes of product / service based organisations. Exclusions limited to Cl. 7 requirements only.
Pg 5 of 16
INTEGRATED MANAGEMENT SYSTEM Clause 2 - Normative Reference: All undated references indicated in ISO 9001:2000 should refer to their latest editions. Clause 3 Terms & Definitions : To refer to ISO 9000:2000. Clause 4 Quality Management System : Cl. 4.1 General Requirements Cl. 4.2 Documentation Requirements : Not all procedures need to be documented but there are 6 mandatory documented procedures. Control of Documents, Control of Records. Clause 5 Management Responsibility : Cl. 5.1 Management Commitment Cl. 5.2 Customer Focus Cl. 5.3 Quality Policy Cl. 5.4 Planning Cl. 5.5 Responsibility, Authority and Communication Cl. 5.6 Management Review Clause 6 Resource Management : Cl. 6.1 Provision of Resources Cl. 6.2 Human Resources Cl. 6.3 Infrastructure Cl. 6.4 Work Environment Clause 7 Product Realisation : Cl. 7.1 Planning of Product Realisation Cl. 7.2 Customer Related Processes Cl. 7.3 Design & Development Cl. 7.4 Purchasing Cl. 7.5 Product & Service Provision Cl. 7.6 Control of Monitoring & Measuring Devices
Pg 6 of 16
Clause 8 Measurement, Analysis & Improvement Cl. 8.1 General Cl. 8.2 Monitoring & Measurement Cl. 8.3 Control of Nonconforming Product Cl. 8.4 Analysis of Data Cl. 8.5 Improvement The 8 Quality Management Principles 1. Customer Focus 2. Leadership 3. Involvement of People 4. Process Approach 5. System Approach to Management (system is a set of interrelated processes) 6. Continual Improvement 7. Factual Approach & Decision Making 8. Mutually Beneficial Supplier Relationships Network of Processes The entire ISO 9000 system is based on the PDCA (Plan-Do-Check-Act) where: P = Cl. 4, 5, 6 D = Cl. 7 C = Cl. 8 A = Cl. 8 Each process implementation should also be guided by the PDCA cycle.
Pg 7 of 16
Pg 8 of 16
INTEGRATED MANAGEMENT SYSTEM Truth about ISO 14000: It is NOT about prohibiting anyone from doing things harmful to the environment because whatever we do will have an impact on the environment in one way or another. ISO 14000 EMS is about knowing and understanding what exactly we are doing and how these activities impact on the environment and implementing the necessary controls on these activities. KEY REQUIREMENTS OF ISO 14001:1996 1. Compliance with legislation and regulatory requirements such as Factories Act, Environmental Pollution Control Act, etc 2. Understanding what you do will harm the environment. Need to determine: a. The environment aspects (elements of the activities which have impact on the environment eg. vehicle emission) and the impact on the environment (eg. air pollution as a result of vehicle emission). b. The significance of these aspects / impacts by evaluation of the impacts against a set criteria. Aspect & Impact analysis shall include operating conditions as in Normal, Abnormal and Emergency. approach. Method: Select an activity Identify its environmental aspects Identify its environmental impacts Evaluate significance of impacts Evaluation of significance may be based on: a. Environmental concerns such as scale of impact, severity of impact, probability of occurrence and duration of impact. The analysis should also be done on a brain-storming / team
Pg 9 of 16
INTEGRATED MANAGEMENT SYSTEM b. Business concerns such as potential regulatory and legal exposure, difficulty and cost of changing impact, effect of changes on other activities and processes, effect on public image, etc. 3. Take steps to control and manage those significant aspects by: a. Establishing environmental management programmes. The MP is used to achieve objectives and targets and shall include the identity of person responsible for it, the means to achieve it and the time frame to complete it. b. Setting environmental objectives and targets to reduce the impacts. Objective is an overall goal arising from the environmental policy and which is quantified where applicable. Target is a detailed performance requirement, quantified where practicable that arises from the objective, to be set and achieved in order to achieve that objective. c. Determining & implementing operation control measures to eliminate / prevent / mitigate these impacts. 4. Establish operation controls for the activities to ensure that they are carried out under controlled conditions. Eg. operating criteria, procedures / work instructions, monitoring of these processes. The key characteristics of processes associated with significant impacts shall be monitored. The monitoring devices shall be calibrated. 5. Have procedures to deal with emergency situations eg. accidents / incidents, spillages of chemicals, fuels, etc. Need to be proactive in determining what can possibly go wrong and have ready steps in dealing with such situations. Aim to minimise / mitigate the environmental impacts when such things occur. The procedures shall be tested periodically and reviewed and revised where necessary, especially after an accident / emergency. 6. Training of people involved to make them aware of the environmental impacts in relation to their work. subcontractors/suppliers. Such training may cover management staff, workers and
Pg 10 of 16
INTEGRATED MANAGEMENT SYSTEM 7. Institute continual improvement in environmental performance. The ISO 14001 Standard: Scope Normative references Definitions EMS Requirements 4.1 4.2 4.3 General Requirements Environmental Policy Planning 4.3.1 4.3.2 4.3.3 4.3.4 4.4 4.4.1 4.4.2 4.4.3 4.4.4 4.4.5 4.4.6 4.4.7 4.5 4.5.1 4.5.2 4.5.3 4.5.4 4.6 Environmental Aspects Legal & other Requirements Objectives & targets Environmental Management Programme(s) Structure & responsibility Training, awareness & competence Communication EMS documentation Document Control Operational Control Emergency Preparedness & Response Monitoring & measurement Nonconformance and corrective and preventive action Records EMS audit
Management Review
Concluding Remarks:
Pg 11 of 16
ISO 14001 does not spell out what you can or cannot do. Must comply with regulations and legal requirements. 3. 4. 5. Emphasis is on knowing what you do will harm or affect the environment and have measures to control them. Stresses on continually improving such measures. Certain areas extend to outside of the organisation (eg. to suppliers, subcontractors)
Pg 12 of 16
in occupational health & safety. Reasons for Implementing an OHS Management System: a. b. c. d. e. To manage safety and health issues proactively To avoid potential liability To protect business and image To demonstrate concern to employees To ensure and assure compliance
Key Requirements of OHSAS 18001:1999 1. Compliance with legislations, regulations and other requirements such as Factories Act, Fire Safety Act, etc 2. Understanding the hazards in your activities and their associated risks and determine if those risks are tolerable. A Risk Assessment is carried out based on set criteria. Hazard is the potential to harm. Risk is a combination of the likelihood and
consequences of a specified hazardous event occurring. Hazard Identification to consider the source of harm, who or what could be harmed and how the harm could occur. Hazard identification shall include routine and nonroutine activities and should be done on a brainstorm / team approach.
Pg 13 of 16
INTEGRATED MANAGEMENT SYSTEM Risk How likely can things go wrong (likelihood)? How serious can it be if it did go wrong (severity)? Risk = Likelihood of harm x Severity of harm [a combination of likelihood and severity] Risk Assessment - is to determine if the risks are tolerable or further control measures to contain the risks are required. It also requires the consideration of legal/regulatory requirements. It shall be done with consideration for the safety/control measures already in place. Risk Control Are means of eliminating or minimising adverse effects from happening and there are basically 3 categories of action: a. Actions which eliminate / remove the hazard or target b. Actions which eliminate / reduce the consequences (eg. PPE) c. Actions which reduce the likelihood (eg. Safe Work Procedures, training, etc) 3. Take steps to control and manage those risks which are significant by: a. Setting objectives to reduce risks. b. Establishing management programmes to achieve the objectives. The MP is used to achieve objectives and targets and shall include the identity of person responsible for it, the means to achieve it and the time frame to complete it. c. Determining & implementing operation control measures to eliminate / prevent / mitigate these risks. 4. Establish operation controls for the activities to ensure that they are carried out under controlled conditions. Eg. operating criteria, procedures / work instructions, monitoring of these processes. 5. Institute continual improvement in risk management.
Pg 14 of 16
INTEGRATED MANAGEMENT SYSTEM The OHSAS 18001 Standard: 1. 2. 3. 4. Scope Reference Publications Terms & Definitions OH&S Management System Elements 4.1 4.2 4.3 General Requirements OH&S Policy Planning 4.3.1 4.3.2 4.3.3 4.3.4 4.4 4.4.1 4.4.2 4.4.3 4.4.4 4.4.5 4.4.6 4.4.7 4.5 4.5.1 4.5.2 4.5.3 4.5.4 4.6 Planning for hazard identification, risk assessment & risk Legal & Other Requirements Objectives OH&S Management Programme(s) Structure & responsibility Training, awareness & competence Consultation & communication Documentation Document & Data Control Operational Control Emergency Preparedness & response Performance measurement & monitoring Accidents, Incidents, Nonconformance and corrective and Records & record management Audit control
preventive action
Management Review
Pg 15 of 16
Donts: a. Dont panic. b. Dont go on the offensive or defensive when questioned; no matter how you feel about the auditors or the questions asked. c. Dont argue or quarrel with the auditors. d. Dont argue or quarrel with your colleagues or bosses during the audit. e. Dont blame or bad-mouth your colleagues or anyone else during the audit if the auditor picks up a non-conformity from your area of work. f. Dont volunteer information or data unless requested to do so specifically. g. Dont offer entire file of documentation to the auditor unless requested to do so. Pick a good sample and show the auditor.
Pg 16 of 16