Authors Posts by Chris



0 232

AS9100 applies to large aerospace suppliers only 

Although only intended to be used by aerospace companies, AS9100 is not meant for only the largest of organizations. Requirements have been determined in a descriptive way, but not by prescriptive means. The standard contains what must be done (requirements), but does not dictate how they must be accomplished by the organization (processes). Therefore, the requirements of AS9100 can be implemented in a way that works best for each individual organization, be they large or small. Using this particular method, the organization is provided with the best possible practices of what the QMS requires to be effective, regardless of the size of the aerospace organization.

0 413

When going about creating a new business and you’re in the stages of being a startup, some startups might gloss over ISO 9001. The price may be a turnoff to people who see themselves only digging a bigger hole if they invest and go along with ISO 9001 implementation and certification. With any part of business, companies have to weigh the benefits and the cons of investing into something – ISO 9001 is no different. We’re here to tell you about the strongest benefits of investing in ISO 9001. You’re investing in yourself first off, and that’s a big help to startups looking to get their foot in the door.

ISO 9001 – The Benefits
The first thing about ISO 9001 is thinking about the cost. Most startup companies may have to consider a lot of things in their starting stages, and the return that can yield from that investment. When looking towards ISO 9001, you’re investing in practicalities and the foundation for a business. With the foundation set for success, all it takes is time and work for you to be on the road to success. Here are a few things that ISO 9001 can bring you.

ISO 9001 offers the process towards getting your product and sending it out towards the people who are interested in it. The process for building any startup up is complex and lot of work is needed. What are all of the things that are needed from the start of the end of this? What is needed at the start to make the product, finalize the product, send the product and make sure that it fits the requirements of what the customer needs from you? When looking at these processes, you cannot just think about it as a whole – each little thing is its own entity. These all come together and make one large thing in the end – the process. All steps in the process must flow smoothly or you may risk an error that can alter everything later on.

Using ISO 9001, you’re also finding a way to plan, act and find a way to interact to people properly. This goes from customers, analyzing your sales and communicating with them through customer service, monitor and reviewing the effect of these practices, and your employees. By setting a proper environment for your employees who will monitor and act properly to ensure the business flows and thrives. By properly managing customers and employees, the environment will feel great and this can help maximize profits and risks early in time.

ISO 9001:2015 also offers a great view into the goals, objectives, and elements for any startup business. With these, businesses will be able to take action against errors and fix them to move onto bigger and better things.

Why does ISO 9001 matter?

Implementation of ISO 9001 and getting a certification with it can help a startup. With ISO 9001, businesses are given a head start into the world and given a glimpse into what they can be. By pointing out errors, giving tips into what can be and how to go along with doing it, owners are able to maximize their profits, satisfy their customers and please their employees. Although the road to certification can take some time and can certainly be from six months to a year, ISO 9001 offers benefits instantly that can help any business. These habits and guidelines set up a business for success, and give startups access to exclusive markets. ISO 9001 is quickly becoming the normal for those who which to have local and federal contracts with the government – what are you waiting for?


0 245

The Process of Managing Outsourced Suppliers in accordance with ISO 14001:2105  

Following the release of the ISO 14001:2015 standard, organizations had to incorporate multiple changes and activities into their EMS (Environmental Management System) and enable to meet the terms of the ISO 14001:2015 standard. One of the changes that might not seem so obvious is the process by which one’s organization manages outsourced services and suppliers, ensuring that they are aligned with the standard’s terms. By mentioning “outsourced suppliers,” the standard denotes third parties who are contracted to perform critical parts of one’s process and service normally, but not always outside one’s own facility. What does one need to understand and what actions does one need to take in order to ensure that one’s EMS remains compliant? 

Important Changes in ISO 14001:2015 

The ISO 14001:2015 standard states that the organization shall “determine its environmental requirement(s) for the operational planning and control regarding products and services as appropriate.” While this statement does not seem drastically different compared to the 14001:2004 standard, Annex A provides more information. One is told how an organization should decide on the amount of control needed over its external suppliers based on factors such as the ability to meet compliance, technical aptitude, the significance and the consequences of the product or service for the organization, and the average capability of the organization’s purchasing process of delivery.  

Additionally, Annex A explains that the amount of control exerted by the organization over the delivery of a service or product is variable. However, one thing is certain: one’s organization must assume all final responsibilities for the environmental performances of any outsourced suppliers in the delivery of one’s product or service.  

How would one achieve this? 

Laying down the foundations 

Regarding the ISO 14001:2015 standard, there are several criteria that should be checked: 

  • How likely are one’s suppliers to deliver one’s key environmental performance indicators? 
  • If one’s supplier is not ISO 14001:2015 certified, do they have an environmental policy? If not, do they follow the terms of one’s organization’s environmental policy? 
  • Does one’s supplier have an internal audit policy and results readily available? 
  • Does one’s supplier completely comprehend legislation that pertains to one’s product and its delivery? 
  • Does one’s supplier have evidence of factoring in risks and identifying environmental aspects to mitigate environmental impacts? 

Now, how can an organization guarantee that its supplier has the capability to manage environmental performance in accordance with the ISO 14001:2015 guidelines? Consider: 

  • Insisting on routinely creating key performance indicators for the outsourced supplier. 
  • Ensuring one’s supplier places great emphasis on environmental criteria whenever they make purchases. 
  • Seeing evidence of actions such as assessing risks and identifying environmental impacts that will produce improvement.  
  • Asking for a record of the supplier’s legislation and proof that they comply with environmental laws that pertain to their work 
  • Seeking proof that any environmental accidents or hazards as a result of the supplier will be documented and reported to the organization according to an emergency preparedness procedure and confirm the existence of a procedure whenever authorities, containment, and corrections are involved. It is advised that the supplier is guided as to how this process should operate, given that the organization itself is responsible any outcomes. 
  • Ensuring that one’s organization agrees to a program for the supplier’s regular inspections, where the environmental performance of the supplier is judged. If necessary, the supplier may take action. 

An Organization’s Key Responsibilities 

When managing one’s outsourced suppliers, it is important to remember that one’s organization has the ultimate responsibility for environmental performance and all internal and external environmental impacts caused by the manufacturing of one’s product or service. As a result of the more descriptive Annex A, the more control one’s organization asserts over its supplier, the better one’s general environmental performance. Taking the steps mentioned above will help one ensure that the suppliers’ environmental performance is managed effectively and the terms of ISO 14001:2015 are consistently surpassed. 


0 366

The implementation of ISO 27001 involves a Senior Management Team (SMT) who are committed to the goals and agree fully that the Information Security Management System (ISMS) provides benefits to the organization which may include: a market position enhancement, a lower risk of disruption in business, and an overall boost in the body of work’s compliance with legal requirements. 

For employees, however, a new system or practice being introduced to the workplace could be perceived as additional tasks to be completed, as well as, a hindrance to their daily work routine. The term internal buy-in means the ability of your employees to accept new implementations given by the management. A lack of internal buy-in is a key factor for failure of a new system being put in place. 

Benefits of internal buy-in 

Demonstrating what employees can gain from the change in system is key to a successful transition. Outlining the benefits, which include an increase in stability of the organization, as well as a decrease in disruption of the business, will make it easier for employees to buy into the changes required by an Information Security Management System, instead of trying to repel the changes. This action will make employees easier to manage in the transitional phase. 

 How to obtain a universal buy-in within your organization 

Change is difficult to implement; hence, management must take sufficient steps to ensure transition proceeds as smoothly as possible. Providing lectures, training, and seminars about how employees can benefit from the introduction of ISO 27001 would be a good start. Giving employees the space to voice concerns and inquiries and answering them will provide an honest and transparent environment that will make them trust the change more. Involving the employees, as well as the management team, in the process of development will allow employees to provide more information and concerns on the matter, as well as to become familiarized with the initial, as well as, gradual changes throughout the entire process. Adding content, such as, trivia or games during the process can also foster a light environment where people can be at ease and become more comfortable with the system changes. 

 Provide employees reasons to participate 

Employees must be an important part of the process, as members need to buy-in for the implementations to take full effect. That is why it is important for employees to know the possible consequences if they do not participate. Note that there is a difference between a scare tactic and solidly provided guidelines/expectations. Providing disciplinary procedures for non-compliance, ensuring understanding by the staff of the different guidelines involved, as well as being clear in the communication process on what is expected of the staff will help your organization achieve the utmost results possible. 

 Setting an example 

Embedding an ISMS within an organization’s body of work is an important part of growth and improvement. Senior management must take the lead in ensuring that they themselves follow the changes and guidelines that are implemented. Failure to comply with changes, by means of forgetting or showing that these new changes can be a cumbersome hindrance to everyday work routines, will provide a clear visual to employees that the new changes are ineffective, even for the managerial staff. Leading by example is the way to solve this. Some ways to set a positive example include, having senior management provide a constant line of communication, management participating as early as possible in the process, and providing training sessions on how management should demonstrate order throughout the implementation process. 

Through proper communication with employees, leading by example from senior management, and drawing up clear and definitive expectations for everyone involved, the likelihood of a buy-in to take effect is increased significantly. Just remember that all members of the organization must take part for the changes to fully set in. This means creating an environment that includes the employees in the transition process, rather than just simply issuing orders. Ensuring that a buy-in is successful increases the chances of implementing an effective and comprehensive Information Security Management System.

0 469
strategic planning iso

The release of new updates and changes in the ISO 9001:2015 standard has brought a variety of new concepts to the field. This involves the process of Quality Management System or QMS to be in line with the organization’s own strategic direction, as well as having the understanding of the said system in order to maximize a company’s efficiency and potential. ISO 9001:2015 requirements state in its domain four different times the importance of strategic direction in correlation to an organization’s progress.  

Understanding the company’s context while ensuring quality in both the policies and objectives stated by the board is paramount, as well as both factors being in line with the body’s general strategic direction. Members of the company must then verify quality checks in policies, compatibility with the strategic direction, and all while making sure that the QMS is in line with all mentioned factors.  

Knowing your Strategic Direction 

Knowing the strategic direction for an organization may seem like an easy and simple enough task to undertake, but there is more to it than meets the eye. Strategic direction refers to the path of actions you are utilizing to achieve the goals you and your company has set out to do in the basics of organizational strategy. The creation of achievements and goals are a common step that a company takes during the building process. You may know it as the Mission and Vision Statement of the company, something that I am sure you have noticed written on the organization’s walls for all to see. It is a statement where the founding members state their agenda on where they see the company headed, as well as laying out the plans step by step in order to make sure they are going the right direction. This will guide the companys course of action through the years of growth and progress.  

Utilizing Quality Objectives towards the Strategic Direction 

Quality objectives are the target statements that will be looked upon when considering more growth and progress in a company. These objectives provide bullet points for consistent and continued improvement all around the organization, and each objective has a specific layout or plan to ensure that the motives are in line with the scope of the vision of the company. For an example, if the organization’s formulated mission statement involves the improvement in quality of their product while still maintaining a competitive edge on quantity and creation, the quality objective would involve a specific targeted percentage of growth in an X number of time. This would give an outline and guide on the mission’s landmarks to make sure that the company grows and develops as planned and in the same level of the timeframe they provided.  Of course, the quality objective must be realistic enough to foresee some roadblocks and adjust accordingly. This would ensure a grounded approach to the goals, and will be of prime importance when trying to meet the standards set in the creation of objectives at the time estimated. 

Lack of Strategic Direction 

In earlier stages of progress, a company may delay the creation of the mission and vision statements, leading to a vague strategic direction for the entire process. This should not be the case, as if you are applying ISO 9001:2015 or undertaking the transitional process from using an ISO 9001:2008 to 2015, the creation and having an overall mission and vision is paramount to a company’s initial growth. These goals create a critical role and aspect in the successful implementation of the requirements provided by the QMS. A lack of an overall vision would lead to several problems along the way, such as the decreased focus in specific standards; an inferior demonstration of the company’s quality policies, objectives, and management review. The best way of getting a head start in this process is definitely the creation of a unified and specific vision under the company’s umbrella, ensuring that all the elements involved have a general direction where they need to focus, as well as an easier time creating and maintaining standards set by the QME. These factors will create a steady form of development and improvement for the company, and may even provide ways to improve relations with customers, build rapport, all while growing your business. This is what application of ISO 9001 is all about. 

0 395

ISO standards may seem confusing to the common reader. There are thousands of standards available, and it can sometimes be a burden to distinguish one from another. Here we explain the different functions and purpose of the ISO 9000 family, starting with the ISO 9001 standard that covers the requirements for the Quality Management System (QMS).

The ISO 9000 standards focus on quality management, created and maintained by a vast number of organizations and experts, both from the public and the private sectors. It was created with the sole intention of helping organizations, regardless of the size or the industry the organization is involved with. The ISO 9000 family of standards, when implemented correctly help companies to be better managed, more efficient at their work, and head to a more customer-focused field of view.

The ISO 9000 family of standards are based around eight Quality Management Principles, which include:

  1. Customer focus
  1. Leadership
  1. Involvement of people
  1. Process approach
  1. System approach to management
  1. Continual improvement
  1. Factual approach to decision making
  1. Mutually beneficial supplier relationships

ISO 9000 family has a multitude of standards under its wing. This includes ISO 9000 itself, which creates the path to their target goal by setting a tone for the organizations under it; be it providing fundamentals or supplying the vocabulary for these systems of bodies. The remaining standards cover a variety of specific points, which include documentation of work, training management and supervision, as well as other performance improvements that the organization may need.

ISO 9001 on the other hand determines the requirements of a Quality Management System. Any body of work within the organization responsible for these standards, who are unaware of the current system are urged to acquire ISO 9000 training provided within the organization. This will ensure that all members that govern the group have a sufficient enough grasp on the topics at hand.

Definition of iso 9001

ISO 9001 is the standard that creates the boundaries in which an organization or group must comply with, in order to meet requirements for having a Quality Management System. It is of prime importance in that it is the only standard within the ISO 9000 family that any and all organizations interested can be certified against.

Currently, the complete title of ISO 9001 is ISO 9001:2015, where the 2015 determines the most recent revision date of the said standard. It provides a framework to managing a body of work’s process and inner workings, ensuring that there would be a systematic approach in an organization’s attempt at creating consistency and meeting client demands. The capability of the organization to follow and uphold relevant laws and regulations is also ensured in this process.

is there a need TO USE THE OTHER ISO 9000 STANDARDS?

Most bodies of work do not use the other standards because the ISO 9001 in itself is an incredibly effective and efficient process, especially when used in association with a separate third party certification method. With that said, using the rest of the standards within the family can still help these groups and teams, especially if they are interested in getting the most out of the Quality Management System.

ISO 9004 guidance standard is meant to help bodies of work interested in the system to extend benefits of 9001 to the stakeholders, which adds in creating a sustained success within the company. With these methods at hand, you can assess the satisfaction of all members involved; from the clients, employees, to the suppliers and other groups. These aspects are needed to be checked firmly in order to see any improvement and growth.


ISO 9001 is similar in structure with the ISO 14001 Environmental Management standard. Both are created in structure to be compatible with each other’s ISO management standards, meaning these two standards are an excellent way for organizations to expand their management systems.

0 879

If your company is in the process of becoming certified to ISO 9001:2015, you’re probably wondering, “What do we need to do to ensure we are prepared?”   There’s no worse feeling than being caught in the middle of an audit unprepared, especially if it is for an ISO certification. Consistent planning and preparation can make sure that you’ll never be caught unaware, but of course, the fact remains that ISO 9001:2015 includes a number of new requirements. Below, we have covered some of the most asked questions organizations have when preparing for an ISO 9001:2015 audit.

What is context of your organization all about?

This question is the benchmark point of ISO 9001:2015 and it appears in section 4.1. The standard question uses the term “context”, but this could be easily translated to Business Environment.  Quite simply it is asking you to understand the environment in which your organization is operating.  It asks you to identify your organization’s internal and external influences. These questions about “context” are usually directed to the top management and the team responsible for the QMS. The auditor will be looking for a clear examination of forces at work within and around the organization. Some organizations use a SWOT analysis (strengths, weaknesses, opportunities, and threats) to help them get a grip of this, but it is not a requirement. What the auditors learn here will be a key input for risk analysis.

Who are your interested parties and what are their requirements? 

This question relates to 4.2 and is trying to ensure organizations understand who can be affected by their organization and who has requirements for them as an organization. The term “interested parties” could also be termed “stakeholders”. The auditor will always make sure that a reasonable range of interested parties has been identified, along with their corresponding requirements.

These first two requirements now lead us to the main requirements surrounding risk in section 6.0 – Planning.

What risks and opportunities have been identified in relation to the above, and what are you doing about them? 

Risks as well as opportunities could accurately be called the foundation of ISO 9001:2015. No fewer than 13 other clauses refer to risks and opportunities, making them the most “connected” section of the standard. If an organization does a poor job of identifying risks and opportunities, then the QMS cannot be effective.

How are you working to achieve your quality objectives?

Measurable quality objectives are not new to ISO 9001. What is new is the requirement to plan actions to make them happen. The plans are intended to be specific and actionable, addressing actions, resources, responsibilities, timeframes, and evaluation of results.

How has the QMS been integrated into the organization’s business processes? 

This question is asked directly to top management (see section 5.1.1c) as they have the overall responsibility to ensure this is happening. ISO 9001 is becoming a more strategic management system. It’s not only about making sure products or services meet requirements. The standard is about managing every aspect of your business using risk based thinking and continuous improvement.

How do you capture and use organizational knowledge?

ISO 9001:2015 wants organizations to learn from their experiences, both good and bad. This could be handled by a variety of means: project debriefs, exit interviews, staff meetings, customer reviews and feedback, examination of data, lessons learned logs. How the organization captures knowledge is up to them, but the process should be clear and functional. The knowledge should also be maintained and accessible. These should be documented in a way that your institution could create its own “Knowledge Base”.

These are some of the most asked questions when preparing for an ISO 9001:2015 audit.  We hope that this gave you a more clear understanding on how to use the standard to ensure a successful outcome for your organization.

0 838

When organizations decide to implement an Information Security Management System they often wonder what is the difference between ISO 27001 and the ISO 27002? To put it simply ISO 27001 holds the requirements of the Information Security Management System Standard and ISO 27002 gives guidelines and best practices intended for organizations who are becoming certified or implementing their own security processes and controls.

ISO 27000 is a series of international standards all related to information security. The ISO 27001 standard has an organizational focus and details requirements against which an organization’s ISMS (Information Security Management System), can be audited. ISO 27001 is a management system standard and therefore establishes specific requirements in which it can be certified by a third party accredited registrar.  If an organization wants to certify its Information Security Management System (ISMS) it needs to comply with all requirements in ISO 27001.

On the other hand, ISO 27002 is more focused on specific examples, guidelines and provides a code of practice for use by individuals within an organization. You cannot get certified against ISO 27002 because it is not a management system standard.

Instead it was established based on various guidelines and principles for initiating, implementing, improving and maintaining information security management within an organization. The actual controls in the standard address specific requirements through a formal risk assessment. The standard consists of specific guidelines for the developments in organizational security standards and effective security management practices that would be useful in building confidence within inter-organizational activities.

There are a dozen other standards in the ISO 27000 series which are all designed to assist companies is securing their organizational information. These include ISO 27005 for organizations looking for more detail on how to carry out risk assessment and risk treatment and ISO 27004 which provide guidelines intended to help organizations with monitoring, measurement, analysis and evaluation of their information security performance and the effectiveness of their ISMS.

Every standard from the ISO 27000 series is designed with a certain focus in mind but if you want to build the foundations of information security in your organization, and devise its framework, you should use ISO 27001; ISO 27002 is design to be a tool to help organizations with the implementation of ISO 27001 or for organizations who want to implement their own management guidelines and controls surrounding Information security.

0 1083

Are your Business Management Systems still operating in Silos?

If so then you may want to think about adopting a more integrated approach…

Steve Tyler, CEO & Founder of BusinessDocsOnline

Working in Silos?

There comes a point in the development of many organisations when they need to obtain some form of certification, and for the majority they will probably implement a management system for either Quality or Health & Safety.

There then follows a period of time where their requirements for certification will be covered with a single management system.

However, once an organisation grows to a point where it requires more than one management system, then that is the time for top management to step back and consider adopting a more integrated approach.

Yet too many organisations miss this opportunity and implement their management systems as stand-alone platforms.  They then end up with individual management systems being used in silos.

For some organisations, working in silos may be the most suitable way to function, and there may be operational reasons why this approach works best for them.

But working in silos also has a downside…

Silo Mentality (as defined by the Business Dictionary):

“a mind-set present when certain departments or sectors do not wish to share information with others in the same company.  This type of mentality will reduce efficiency in the overall operation, reduce moral, and may contribute to the demise of a productive company culture.”
Whilst an integrated management system may not work for every organisation, for many the long-term benefits will far outweigh the short-term effort required to move forward.

So why not integrate your management systems and eliminate all the inefficiencies and duplication of activities that are part and parcel of having individual systems and working in silos?

But how easy is this to achieve?

The PDCA Cycle: – Plan – Do – Check – Act

With the latest release of ISO 9001:2015, this revised standard aims to further develop the “Risk Based Thinking” approach within an organisations.  It also brings two other aspects into the management system arena that are going to re-define the future of management systems.  One of these is Annex SL and the other is the PDCA cycle.

Lets come back to Annex SL later, and deal with the PDCA cycle first.  Within ISO 9001:2015 this functions as follows:


Top Management must assess the risks & opportunities that may impact on the organisation and carry out the planning required to ensure these risks do not affect the organisations ability to deliver its “desired outputs”.  Exploiting any opportunities that have been identified must also be planned.


Process activities must be carried out in such a way as to ensure they are aligned with the outputs of the planning processes.


Top Management must review & measure the organisations performance against their objectives.


Top Management must also plan & implement any actions that will deliver continual improvement.

Whilst the “desired outputs” of each organisation are quite unique, one way or another they all lead back to Customer Satisfaction.  Once Customer Satisfaction can be monitored, it can be measured.  And as the saying goes – “What gets measured gets done….”

So we can see how the PDCA cycle works for a Quality Management System, but this is really just the tip of the iceberg.

This PDCA cycle can now be applied to just about every other ISO standard, including Health & Safety [45001]*, Environmental [14001:2015] and Information Security Management [27001], and every system you implement can follow the same structure.

The net result here is that it is now possible to implement an integrated management system that combines Quality, Environmental, Health & Safety and Information Security.

But can they be that much more effective if they are integrated?

The Benefits of Integrated Management Systems

Once an organisation has decided to integrate their management systems then it’s at this point they can start to see the real benefits.

Organisations that have already implemented a single management system based around the PDCA cycle will find it up to 50% quicker when they come to implement their next management system.

The PDCA Cycle means it is possible to integrate your management systems into one platform, and organisations can now implement a single solution that controls all of the following:

  • Risks & Opportunities for Product & Services
  • Customer Requirements & Satisfaction
  • Environmental Impacts
  • Health & Safety Hazards
  • Information Security Integrity

With this integrated approach, much of what is needed from the management team can now be done under one umbrella, and top management can now take a broader view of their organisation whilst undertaking the following activities:-

  • Planning
  • Assessments of Risk & Opportunities
  • Internal Audits
  • Management Reviews
  • Continual Improvement

The end result is that:

  • The organisation can now be managed using joined-up thinking.
  • Auditing models can be revised to provide a much broader remit, but with fewer audits.
  • KPI’s & SMART objectives can now become more aligned.

But just how well are all the different standards able to interact, and how easy is it to implement a single integrated platform across 2, 3 or 4 different management systems?

That’s where Annex SL comes in…

What is Annex SL?

Annex SL is an ISO document that defines a high level structure [HSL] for the framework of a generic management system.

It was first published by ISO’s Technical Management Board (TMB) in 2012 and the recent release of ISO 9001:2015 has been revised to align with Annex SL.

Annex SL has arrived with a vengeance with the latest version of ISO 9001:2015, and is now here to stay.

In the future, all new ISO management system standards will adhere to the Annex SL framework and all current management system standards will migrate to it at their next revision.

As a result of the introduction of Annex SL, all ISO management system standards will become more consistent, and hence more compatible.  They will share the same look and feel, having been built on a common foundation.  The structure of all management systems will now include the following sections:

  • Context of the Organisation
  • Leadership
  • Planning
  • Support
  • Operation
  • Performance Evaluation
  • Improvement

There are common core definitions too; the following words will have the same interpretations across all Annex SL standards:

  • organisation
  • interested party (preferred term)
  • stakeholder (admitted term)
  • requirement
  • management system
  • top management
  • effectiveness
  • policy
  • objective
  • risk
  • competence
  • documented information

  • process
  • performance
  • outsource (verb)
  • monitoring
  • measurement
  • audit
  • conformity
  • nonconformity
  • correction
  • corrective action
  • continual improvement

Annex SL represents the beginning of the end of the conflicts, duplication, confusion and misunderstanding arising from subtly different requirements across the various management system standards.

Auditors now face the challenge of focusing their own, and their clients’, thinking on viewing organisations’ management systems holistically.

About BusinessDocsOnline

0 954
What Does Schedule 16 of Bill 70 Really Mean for Companies in Ontario?

On the 8th of December in 2016 Schedule 16 of Bill 70, the Building Ontario Up for Everyone Act (Budget Measures), 2016, gained royal assent and its amendments to the Occupational Health and Safety Act came into effect:

Schedule 16 – Occupational Health and Safety Act – says:

“The Schedule amends the Occupational Health and Safety Act to give the Chief Prevention Officer the power to accredit health and safety management systems, and to give recognition to employers who use accredited health and safety management systems. The Chief Prevention Officer may also establish standards and criteria that must be met by health and safety management systems or employers in order to receive accreditation or recognition. Related amendments are also made.”

What Schedule 16 Means

What this means in a nutshell is that once the CPO (Chief Prevention Officer) has defined the requirements through bill 70 for an accredited health and safety management system, companies could then become certified to that system. Certified companies that are then able to demonstrate their commitment to using a coordinated system to improve their OHAS would then be able to benefit from things such as reduced routine inspections through the MOL.

In addition, the CPO will need to put in place a system that will recognize and incentivize companies to become certified. Details of those companies and their performance can then be made publicly available through the CPO.

Currently the CPO has not yet released any standards for accredited health and safety management systems and has said that they will be holding an “extensive consultation” to develop an “accreditation standard and employer recognition program”. Until the CPO actually defines the standards for accredited health and safety systems, the changes implemented by this act will have no real effect on anyone.

ISO 45001 as a Framework for OHS Standards in Ontario

Of course, an accredited standard is currently on the verge of being released should the CPO want to use the framework provided by ISO. The new standard ISO 45001 Occupational health and safety management system – requirements will follow a similar framework to that of ISO 9001 and 14001 giving companies an accredited standard against which they can be certified by a third party. This new worldwide standard will become available hopefully towards the end of 2017.

Assuming that this will meet the expectations of the CPO and interested parties then this would be a perfect way for companies to start putting in place processes, procedures, and other measures to drive continuous improvement in occupational health and safety.