Authors Posts by ISOUpdate.com

ISOUpdate.com

56 POSTS 1 COMMENTS
ISO Update is an independent website that aims to provide information, resources, and updates around the Standards and Certification industry. We believe that organizational standards can help businesses of all shapes and sizes become more efficient and successful on a local, federal, or global scale.

4 21086

Since its first publication in 1999, OHSAS 18001 has been a recognized occupational health and safety management system (OH & SMS) standard against which management systems can be assessed and certified.  19 years later, a new ISO standard has been released to replace OHSAS 18001; this standard is ISO 45001.

ISO 45001 is an OH SMS standard developed by an ISO Project Committee which was published on March 12th 2018. A number of differences are evident between ISO 45001 and OHSAS 18001. Some of the main differences between the two standards are explored below.



The first difference concerns its structure. ISO 45001 is based on the ISO Guide 83 (“Annex SL”) which defines a common high level structure, text and common terms and definitions for the next generation of management systems (e.g. ISO 9001, ISO 14001, etc.). This structure aims to facilitate the implementation process and the integration of several management systems in a harmonized, structured and efficient manner. Such structure is as follow:

  1. Scope
  2. Normative References
  3. Terms and Definitions
  4. Context of the Organization
  5. Leadership
  6. Planning
  7. Support
  8. Operation
  9. Performance Evaluation
  10. Improvement

In the new standard there is a stronger focus on the “organization’s context”. With ISO 45001, organizations will have to look beyond their own health and safety issues and consider what the society expects from them, in regard with health and safety issues.

Some organizations that use OHSAS 18001 delegate health and safety responsibilities to a safety manager, rather than integrating the system into the organization’s operations. ISO 45001 requires the incorporation of health and safety aspects in the overall management system of the organization, thus driving top management to have a stronger leadership role with respect to the OH&S management system.

ISO 45001 focuses on identifying and controlling risks rather than hazards, as it is required in OHSAS 18001.

ISO 45001 requires organizations to take into account how suppliers and contractors are managing their risks.

In ISO 45001 some fundamental concepts are changed, like risk, worker and workplace. There are also new definitions of terms such as: monitoring, measurement, effectiveness, OH&S performance and process.

The terms “document” and “record” have both been replaced with the term “documented information” in ISO 45001. The standard also states that documented information must be maintained to the extent necessary to have confidence that the processes have been carried out as planned.

In spite of these changes, the overall aim of ISO 45001 remains the same as OHSAS 18001, which is to reduce unacceptable risks and ensure the safety and wellbeing of everyone involved in an organization’s activities.


Read about more differences between OHSAS 18001 and ISO 45001

Read about who needs ISO 45001

0 4699
Become a Third Party Auditor - ISOUpdate.com

Third party auditors are those who perform an external and independent audit of an organization’s management system to evaluate if it meets the requirements of a specific standard; if successful, this third-party audit will provide the organization with certification or registration of conformity with the given standard.

A third party audit is carried out by a Registrar/Certification Body (CB) hired by the organization; therefore, in order for someone to be a third-party auditor, he/she needs to be employed by a CB.


Find a CB that is hiring in your area by visiting our Career Resources


All CB’s need to ensure that the auditor possesses the knowledge and skills necessary to achieve the intended results of the audits they are expected to perform. Standard interviews are typical.

  • Personal attributes that will enable them to act in accordance with the principles of auditing, which include ethical conduct, fair presentation, due professional care, independence, and free use of an evidence-based approach.
  • Knowledge on the contents of ISO 19011: 2011, Guidelines for auditing management systems.
  • Knowledge and skills on audit principles, procedures and methods, which will enable them to conducted audits in a consistent and systematic manner.
  • They should be able to exhibit professional behavior during the performance of audit activities, including being ethical, open-minded, diplomatic, observant, perceptive, versatile, tenacious, decisive, self-reliant, open to improvement, culturally sensitive, and collaborative.
  • Knowledge and skills on management system and reference documents that will enable them to comprehend the audit scope and apply audit criteria.
  • Sector specific knowledge which will enable them to comprehend the organization’s structure, business, management practices and the legal and contractual requirements applicable to the organization being audited.

As indicated in ISO 19011, someone pursuing to become a third-party auditor can acquired all these knowledge and skills by using a combination of the following:

  • Formal education/training and experience that contribute to the development of knowledge and skills in the management system discipline and sector the auditor intends to audit.
  • Training programs that cover generic auditor knowledge and skills.
  • Experience in a relevant technical, managerial or professional position involving the exercise of judgment, decision making, problem solving and communication with managers, professionals, peers, customers and other interested parties.
  • Audit experience acquired under the supervision of an auditor in the same discipline.

After acquiring all the necessary knowledge and skills and successfully being employed by a CB, third-party auditors must pledged to advocate a particular code of ethical conduct in the performance of an audit and they must abide the internal policies and rules of the CB that hires them. All these requirements must be followed in order to protect everyone involved in the audit process.

Find a CB that is hiring in your area by visiting our Career Resources.



0 1071

The 2015 revision of ISO 9001 has removed the requirement of a Quality Manual, something that has been needed historically if your organization has wanted to achieve and maintain certification. This requirement appears no more! Woohoo! Shred those Quality Manuals and never look back!

Right? If the standard doesn’t say we need it, then we don’t need it. One less document to maintain. Finally, life as an ISO 9001 certified company is getting easier!

Let’s hold on a second…

A common practice to create and maintain a Quality Manual for the ISO 9001:2008 standard (and earlier versions) was to create an exact copy of the verbiage in the standard, change all of the “shall” words with “will” or similar term that fits, change all references to “the organization” to the name of your company, slap a few logos on it, give it a control number and publish it.

And then…nothing. Let it sit for years until the new standard is published and then repeat this copy-paste process all over again. That practice, although common, doesn’t help anyone.



It’s Time to Re-Think the Manual

Now is the perfect time to rethink the Quality Manual. Take a step back and really consider what a manual should do for your company – provide the framework for your entire management system. Here are a few ideas to get you started.

  1. Start thinking about the manual as something you can hand to a new employee that will help give them an introduction and overview as to how you do business – in plain English with the terms and acronyms that are used in your company – not in “standard speak”. Build this manual within the framework of the standard but in a way where the general employee won’t know it.
  2. Rename the Quality Manual. I don’t know how many times I have heard a Quality Manager complain about their organization’s culture viewing the management system as something separate from how business is done, as in, “the quality stuff is for the auditor”. Start dissolving that problem today – change the name to Business Manual. Because that is what it is – a document that describes how you do business. And we all know, well executed business processes result in top notch quality.
  3. Keep that thing updated! Considering many Quality Manuals were nearly a carbon copy of the actual standard language it was understandable that Quality Manual revisions were uncommon as well. In order to make this Business Manual an ally, it needs to be current.


Keeping your Business Manual Current

Even if your ISO Certified Company has a thorough and accurate Manual for the previous year, it is still very important to keep this document up to date. Here are some things to watch out for that may trigger the need for an update.

  1. Significant changes to business structure or business processes. Keep in tune to changing reporting structures, new processes (manufacturing or service), acquisitions, partnerships, etc.
  2. Rules and Regulations. International rules and regulations are fluid, and it is vital to integrate such changes into business operations. Any change in an Industrial Standard, big or small, could necessitate a change for your employees, external providers, managers, or customers.
  3. Technology. Technology changes very fast and new systems are installed yearly, monthly, weekly, and sometimes even daily. Technology changes can come in various forms: hardware, software, machines, equipment, etc.
  4. Safety. Changes to the physical building structure, layout and environment happen as time goes on and ensuring the manual stays up to date with these changes will assist with the awareness of the safety rules and conditions to ensure a safe work environment.

So, there are some things to think about. Even though the Quality Manual is not mandatory, it is still very much necessary. Use this opportunity to increase the role of the Manual within your business management system.


Christopher Spranger is the owner and CEO of Spranger Business Solutions; a management consulting firm that helps people run more efficient businesses across the United States. They have a team of Quality Management experts that assist companies with internal audits and in achieving Quality Management System Certification.

Interested in having Spranger Business Solution do your internal audits click here.

This article was originally posted on Spranger Business Solutions website and is published here with permission.



0 2382

The Benefits of Integrated Management Systems: Guest article from Steve Tyler, CEO & Founder of BusinessDocsOnline

Are your Business Management Systems still operating in Silos?

If so then you may want to think about adopting a more integrated approach…


Working in Silos?

There comes a point in the development of many organisations when they need to obtain some form of certification, and for the majority they will probably implement a management system for either Quality or Health & Safety.

There then follows a period of time where their requirements for certification will be covered with a single management system.

However, once an organisation grows to a point where it requires more than one management system, then that is the time for top management to step back and consider adopting a more integrated approach.

Yet too many organisations miss this opportunity and implement their management systems as stand-alone platforms. They then end up with individual management systems being used in silos.

For some organisations, working in silos may be the most suitable way to function, and there may be operational reasons why this approach works best for them.

But working in silos also has a downside…

Silo Mentality (as defined by the Business Dictionary):

“a mind-set present when certain departments or sectors do not wish to share information with others in the same company. This type of mentality will reduce efficiency in the overall operation, reduce moral, and may contribute to the demise of a productive company culture.”
Whilst an integrated management system may not work for every organisation, for many the long-term benefits will far outweigh the short-term effort required to move forward.

So why not integrate your management systems and eliminate all the inefficiencies and duplication of activities that are part and parcel of having individual systems and working in silos?

But how easy is this to achieve?

The PDCA Cycle: – Plan – Do – Check – Act

With the latest release of ISO 9001:2015, this revised standard aims to further develop the “Risk Based Thinking” approach within an organisations. It also brings two other aspects into the management system arena that are going to redefine the future of management systems. One of these is Annex SL and the other is the PDCA cycle.

Lets come back to Annex SL later, and deal with the PDCA cycle first. Within ISO 9001:2015 this functions as follows:

Plan

Top Management must assess the risks & opportunities that may impact on the organisation and carry out the planning required to ensure these risks do not affect the organisations ability to deliver its “desired outputs”. Exploiting any opportunities that have been identified must also be planned.

Do

Process activities must be carried out in such a way as to ensure they are aligned with the outputs of the planning processes.

Check

Top Management must review & measure the organisations performance against their objectives.

Act

Top Management must also plan & implement any actions that will deliver continual improvement.

Whilst the “desired outputs” of each organisation are quite unique, one way or another they all lead back to Customer Satisfaction. Once Customer Satisfaction can be monitored, it can be measured. And as the saying goes – “What gets measured gets done….”

So we can see how the PDCA cycle works for a Quality Management System, but this is really just the tip of the iceberg.

This PDCA cycle can now be applied to just about every other ISO standard, including Health & Safety [45001]*, Environmental [14001:2015] and Information Security Management [27001], and every system you implement can follow the same structure.

The net result here is that it is now possible to implement an integrated management system that combines Quality, Environmental, Health & Safety and Information Security.

But can they be that much more effective if they are integrated?

The Benefits of Integrated Management Systems

Once an organisation has decided to integrate their management systems then it’s at this point they can start to see the real benefits.

Organisations that have already implemented a single management system based around the PDCA cycle will find it up to 50% quicker when they come to implement their next management system.

The PDCA Cycle means it is possible to integrate your management systems into one platform, and organisations can now implement a single solution that controls all of the following:

  • Risks & Opportunities for Product & Services
  • Customer Requirements & Satisfaction
  • Environmental Impacts
  • Health & Safety Hazards
  • Information Security Integrity

With this integrated approach, much of what is needed from the management team can now be done under one umbrella, and top management can now take a broader view of their organisation whilst undertaking the following activities:-

  • Planning
  • Assessments of Risk & Opportunities
  • Internal Audits
  • Management Reviews
  • Continual Improvement

The end result is that:

  • The organisation can now be managed using joined-up thinking.
  • Auditing models can be revised to provide a much broader remit, but with fewer audits.
  • KPI’s & SMART objectives can now become more aligned.

But just how well are all the different standards able to interact, and how easy is it to implement a single integrated platform across 2, 3 or 4 different management systems?

That’s where Annex SL comes in…

What is Annex SL?

Annex SL is an ISO document that defines a high level structure [HSL] for the framework of a generic management system.

It was first published by ISO’s Technical Management Board (TMB) in 2012 and the recent release of ISO 9001:2015 has been revised to align with Annex SL.

Annex SL has arrived with a vengeance with the latest version of ISO 9001:2015, and is now here to stay.

In the future, all new ISO management system standards will adhere to the Annex SL framework and all current management system standards will migrate to it at their next revision.

As a result of the introduction of Annex SL, all ISO management system standards will become more consistent, and hence more compatible. They will share the same look and feel, having been built on a common foundation. The structure of all management systems will now include the following sections:

  • Context of the Organisation
  • Leadership
  • Planning
  • Support
  • Operation
  • Performance Evaluation
  • Improvement

There are common core definitions too; the following words will have the same interpretations across all Annex SL standards:

  • organisation
  • interested party (preferred term)
  • stakeholder (admitted term)
  • requirement
  • management system
  • top management
  • effectiveness
  • policy
  • objective
  • risk
  • competence
  • documented information

  • process
  • performance
  • outsource (verb)
  • monitoring
  • measurement
  • audit
  • conformity
  • nonconformity
  • correction
  • corrective action
  • continual improvement

Annex SL represents the beginning of the end of the conflicts, duplication, confusion and misunderstanding arising from subtly different requirements across the various management system standards.

Auditors now face the challenge of focusing their own, and their clients’, thinking on viewing organisations’ management systems holistically.


About BusinessDocsOnline

0 2665
Auditor Training

Internal Auditors require 3 types of training; formal, theoretical and practical auditor training. 

Auditor Formal Training

Formal auditor training must consist of the following:

  • Audit principles
  • Objectives of an audit.
  • Types of audits.
  • Benefits of implementing internal audits.
  • Different auditing approaches.
  • Competences of an auditor.
  • Responsibilities of an auditor
  • How to Prepare for an audit
  • How to Conduct an audit
  • Reports and Follow-up
  • Evaluations

How to prepare for the audit: Establishing the audit program, defining the elements of the management system to be audited, preparation of checklists, selecting the audit team.

How to conduct an audit: How to contact the auditee, developing the audit plan, carrying out the opening meeting, how to gather evidences, defining findings, conducting the closing meeting.

Reports and Follow-up: Categorization of findings, preparing the report, approval and distribution of the report, monitoring.

Competence and evaluation of auditors: General, personal attributes, knowledge and skills, training and work experience, maintenance and enhancement of skills, auditor evaluation.

Auditor Theoretical Training

In addition to this basic auditor training regarding the skills, knowledge and competences of auditors and how to prepare, conduct and monitor audits, it is essential for internal auditors to fully know and understand the standard that they will be auditing against. Here an additional training session will be required. The most frequent standards that organizations use that require the execution of internal audits are ISO 9001, ISO 14001 and OHSAS 18001; however, the standards use will depend on the needs and objectives of each organization.

Auditor Practical Training

After an auditor has received this theoretical auditor training, they can now begin their practical training by participating in an internal audit. This practical auditor training usually is done following these steps:

  1. Participate in at least 2 audits as an observer or auditor in training. Here they usually participate in the planning stage of the audit but when the audit is being conducted they only observe; they do not take any actions in any of the activities during the audit.
  2. Participate in at least 2 internal audits with supervision of a lead auditor. Here they take a more active role in the preparation and in the conducting of the audit.
  3. After having successfully carried out a number of internal audits and having sufficient skills, knowledge and experience as an internal auditor, he or she may start to conduct audits as an internal auditor leader. This leader takes full action in all of the stages of the audit.

Note: Training can vary. Each organization may decide to train their auditors in a way that is best for them. It is important for auditors to receive a constant and progressive auditor training that allows them to acquired the necessary skills and knowledge to conduct objective and impartial audits that meet the objectives for which they audits are carried out for.


Looking for auditor training? Check our listing to see what’s available near you.

1 2453
Ten ISO 9000 Facts You Need To Know - ISOUpdate.com

The ISO 9000 series of quality standards is the most used management system worldwide; thousands of organizations rely on these standards to establish an effective quality management system.

Here are some facts every organization pursuing to implement ISO 9001 should know.

1. ISO 900 Family of Standards

The ISO 9000 family of standards are a set of standards and guidelines that have global reputation as being the basis for the establishment of quality management systems (QMS).

2. It’s Voluntary

The adoption of all standards published by ISO, including standards in the ISO 9000 family, is voluntary in nature.

3. You Don’t Need a Certificate to Use ISO 9000

In the ISO 9000 series, all standards can be implemented without certification. Any business can use the models from the standards to improve quality management systems.

4. Names Vary in Different Country

Many countries have adopted the ISO 9000 family of standards and have also appropriated its numbering system for their national standards. For instance in the United Kingdom, ISO 9001 is referred to as BS EN ISO 9001:2008, with BS standing for British Standard and EN for European Norm. In Sri Lanka, the standard is numbered SLS ISO 9001:2008, with SLS denoting Sri Lankan Standard.

5. Everyone Can Use the ISO 9000 Series

Any organization, regardless of the type of products or services they offer, can use ISO 9001 as their guideline to implement, maintain and improve a successful QMS.

6. The Focus is on Your Company Performance

ISO 9001 provides a process approach for its execution, which enables the QMS to connect with other organizational processes; and its focus on continuous improvement and customer satisfaction will lead to an improved business performance.

7. ISO 9001 Promotes Flexibility Within the Standards

ISO 9001 specifies what an organization “should” do, but not “how” they should do it, giving great flexibility for any company, large or small, to use this standard. Additionally, ISO 9001 does not establish specific quality requirements; this is a decision taken by each organization; the standard is only a guide to achieve the goals and objectives set by each organization.

8. ISO Industry Specific Requirements Don’t Dilute the ISO 9000 Family

Specific industry requirements were added to ISO 9001 to create standards for organizations in the automotive, telecommunications, aerospace, medical devices, oil and gas, and information technology sectors. These QMS standards have not diluted or modified the requirements of the ISO 9001 generic standard, but have added some sector-specific requirements, guidelines and clarifications. Some of these are:

  • Automotive industry:  ISO/TS 16949
  • Medical devices: ISO 13485
  • Primary packaging materials for medicinal products: ISO 15378
  • Petroleum, petrochemical and natural gas industries: ISO/TS 29001
  • Telecommunications industry: TL 9000
  • Aerospace Industry: AS 9100; AS9110 and AS9120

9. Understand the Benefits of an Accredited Certification

Certification of your QMS by an accredited certification body generates confidence among your existing and potential customers and other interested parties that you are capable of supplying consistently conforming products or services.

10. You Can Promote Your Certification

Adherence to the ISO standards can be publicized to gain market access abroad, because many foreign buyers place a premium on these standards.

Learn Tips and Tricks for ISO 9001 Certification