Guidance on Clause 4.2 of ISO 9001:2008

Guidance on Clause 4.2 of ISO 9001:2008

The following comments are intended to assist users of ISO 9001:2008 in understanding the intent of the general documentation requirements of the International Standard.

a) Documented statements of a quality policy and objectives:

Requirements for the quality policy are defined in clause 5.3 of ISO 9001:2008. The documented quality policy has to be controlled according to the requirements of clause 4.2.3.

Note: Organizations that are revising their quality policy for the first time, or in order to meet the amended requirements in ISO 9001:2008, should pay particular attention to clause 4.2.3 (c), (d) and (g).

Requirements for quality objectives are defined in clause 5.4.1 of ISO 9001:2008. These documented quality objectives are also subject to the document control requirements of clause 4.2.3.

b) Quality Manual:

Clause 4.2.2 of ISO 9001:2008 specifies the minimum content for a quality manual. The format and structure of the manual is a decision for each organization, and will depend on the organization’s size, culture and complexity. Some organizations may choose to use the quality manual for other purposes besides that of simply documenting the QMS

A small organization may find it appropriate to include the description of its entire QMS within a single manual, including all the documented procedures required by the standard.

Large, multi-national organizations may need several manuals at the global, national or regional level, and a more complex hierarchy of documentation.

The quality manual is a document that has to be controlled in accordance with the requirements of clause 4.2.3.

c) Documented procedures:

ISO 9001:2008 specifically requires the organization to have “documented procedures” for the following six activities:

4.2.3 Control of documents

4.2.4 Control of records

8.2.2 Internal audit

8.3 Control of nonconforming product

8.5.2 Corrective action

8.5.3 Preventive action

These documented procedures have to be controlled in accordance with the requirements of clause 4.2.3 Some organizations may find it convenient to combine the procedure for several activities into a single documented procedure (for example, corrective action and preventive action). Others may choose to document a given activity by using more than one documented procedure (for example, internal audits). Both are acceptable.

Some organizations (particularly larger organizations, or those with more complex processes) may require additional documented procedures (particularly those relating to product realization processes) to implement an effective QMS.

Other organizations may require additional procedures, but the size and/or culture of the organization could enable these to be effectively implemented without necessarily being documented. However, in order to demonstrate compliance with ISO 9001:2008, the organization has to be able to provide objective evidence (not necessarily documented) that its QMS has been effectively implemented.

d) Documents needed by the organization to ensure the effective planning, operation and control of its processes:

In order for an organization to demonstrate the effective implementation of its QMS, it may be necessary to develop documents other than documented procedures. However, the only documents specifically mentioned in ISO 9001:2008 are:

- Quality policy (clause 4.2.1.a)

- Quality objectives (clause 4.2.1.a)

- Quality manual (clause 4.2.1.b)

There are several requirements of ISO 9001:2008 where an organization could add value to its QMS and demonstrate conformity by the preparation of other documents, even though the standard does not specifically require them. Examples

may include:

- Process maps, process flow charts and/or process descriptions

- Organization charts

- Specifications

- Work and/or test instructions

- Documents containing internal communications

- Production schedules

- Approved supplier lists

- Test and inspection plans

- Quality plans

All such documents have to be controlled in accordance with the requirements of clause 4.2.3 and/or 4.2.4, as applicable

e) Records:

Examples of records specifically required by ISO 9001:2008 are presented in Annex B.

Organizations are free to develop other records that may be needed to demonstrate conformity of their processes, products and quality management system.

Requirements for the control of records are different from those for other documents, and all records have to be controlled according to those of clause 4.2.4 of ISO 9001:2008.

ISO 9001:2008 Documentation Requirements

ISO 9001:2008 Documentation Requirements

ISO 9001:2008 clause 4.1 General requirements requires an organization to “establish, document, implement, and maintain a quality management system and continually improve its effectiveness in accordance with the requirements of this International Standard”

Clause 4.2.1 General explains that the quality management system documentation shall include:

documented statements of a quality policy and quality objectives;

a quality manual documented procedures required by this International Standard documents needed by the organization to ensure the effective planning, operation and control of its processes, and records required by this International Standard;

The notes after Clause 4.2 make it clear that where the standard specifically requires a “documented procedure”, the procedure has to be established, documented, implemented and maintained. It also emphasizes that the extent of the QMS documentation may differ from one organization to another due to:

the size of organization and type of activities;

the complexity of processes and their interactions, and

the competence of personnel.

All the documents that form part of the QMS have to be controlled in accordance with clause 4.2.3 of ISO 9001:2008, or, for the particular case of records, according to clause 4.2.4.

SUMMARY OF CHANGES TO ISO 14001:2004

SUMMARY OF CHANGES TO ISO 14001:2004

ISO 14001:2004 aims to clarify the 1996 edition and align it more closely with the ISO 9001:2000 standard. Some clauses have not been modified for content but have been rewritten to align ISO 14001:2004 with the format, wording, and layout of ISO 9001:2000 and to enhance the compatibility between the two standards.

References in Annex A of the standard are aligned with the numbering in the standard for ease of use. Annex B of the standard identifies similarities and associations between ISO 9001:2000 and ISO 14001:2004.

An important change in wording throughout the revised standard appears in requirements that previously stated that an organisation shall “establish and maintain”; these have now been changed to “establish, implement and maintain”.

Throughout the standard the word “personnel” in the original standard is replaced with “persons working for or on behalf of the organisation” in the revised standard. This is included to ensure that external contractors and applicable suppliers are included under the requirements of certain clauses.

In developing, implementing and maintaining the organisation’s EMS, significant environmental aspects, applicable legal requirements and other requirements to which the organisation subscribes must be considered, and management must ensure the availability of resources.

There are additional paragraphs in the introduction, which generally cover:

• the aim of the ISO 14001:2004 standard is to enhance compatibility with ISO 9001:2000;

• alignment is improved between clause references and supporting Annexes. For example, 4.3.3 and A.3.3 both deal with objectives, targets and programme(s), and 4.5.5 and A.5.5 both deal with internal audit;

• an explanation of the Plan-Do-Check-Act (PDCA) model used in ISO 9001:2000;

• the use of the process approach is promoted in alignment with ISO 9001:2000;

• possible alignment and integration with other management systems is reviewed.

Change In ISO 14001:2004 – Documentation

Change In ISO 14001:2004 – Documentation

This clause has been updated to align it with ISO 19001:2004, but has not changed in intent. The listed EMS documentation now includes:

• the environmental policy,

• objectives and targets,

• a description of the scope of the EMS,

• a description of the main elements of the EMS and their interaction and reference to related documents, documents and records

• required by the standard, • documents and records determined by the organisation as necessary to ensure the effective planning, operation and control of processes that relate to the significant environmental aspects.

Formatting changes help align Clause 4.4.5 of ISO 14001:2004 with ISO 9001:2000. An additional clarification has been made to define records as a special type of document requiring control under Clause 4.5.4. A new addition to the requirements aims to ensure documents of external origin, (i.e. MSDS, permits) that are necessary to the system, are identified and their distribution is controlled.

Formatting changes help align Clause 4.4.5 of ISO 14001:2004 with ISO 9001:2000. An additional clarification has been made to define records as a special type of document requiring control under Clause 4.5.4. A new addition to the requirements aims to ensure documents of external origin, (i.e. MSDS, permits) that are necessary to the system, are identified and their distribution is controlled.

The revised standard requires documents required by the EMS and the standard to be controlled documents.

Note that “document” is included in the definitions, and includes its supporting medium which can be paper, magnetic, electronic or optical computer disc, photograph or master sample, or a combination thereof.

ISO 14001:2004 Evaluation of compliance

ISO 14001:2004 Evaluation of compliance

This clause has been separated from 4.5.1 and includes two sub-clauses, as well as clarification and an addition to the ISO 14001:1996 standard. Included in Clause 4.5.1 of ISO 14001:1996 was a requirement for the organisation to periodically evaluate compliance with relevant (now applicable) environmental legislation and regulations. This requirement has been retained in Clause 4.5.2.1 of the revised standard. In Clause 4.5.2.2, ISO 14001:2004 includes evaluation of compliance with other requirements to which the organisation subscribes, which was not specifically required by ISO 14001:1996. This clarification also includes a requirement for records of periodic evaluations of compliance to be kept.

The UK-based Institute of Environmental Management and Assessment (IEMA) has published an opinion that this means that compliance against each and every piece of legislation / regulation relating to an organisation’s environmental aspects will need to be evaluated before it can be considered to be in conformity with ISO 14001: 2004; it will not be acceptable for organisations to claim that the periodic evaluation will be covered by their internal EMS audit program at some future date.

This has always been one of the most difficult issues in ISO 14001:2004, and organisations will need to review and revise their compliance procedures to ensure that they meet these new requirements.

KEY CONSIDERATIONS IN IMPLEMENTING ISO 9001 IN SMEs

KEY CONSIDERATIONS IN IMPLEMENTING ISO 9001 IN SMEs

There are many issues that must be addressed in moving the QMS from the initial state to the desired state. For example, all organizations implementing ISO 9001 will need to consider the unique culture within the organization, its size, and the resources available. Beyond those widely discussed points, three issues that merit particular attention are (1) consideration of the QMS as a parallel function, (2) training, and (3) auditing. Key points associated with these issues are discussed below.

Consideration of QMS as Parallel Function

In the case of all of the transitions depicted, real benefits from the QMS are more likely to be experienced if the QMS is implemented directly into the core structure of the organization. SMEs must be cautious against establishing a QMS that is run separately in parallel to its other systems. In SMEs, the parallel subsystem most commonly exhibits itself as a separate Quality Assurance, or in some cases, ISO 9001 department. Possible reasons for this may include the existence of rigid departmental boundaries in some SMEs or overemphasis on core activities. As Yauch and Steudel [10] note, SMEs tend to focus their attention on “…necessary routine activities (such as sales, production, shipping, etc.) rather than activities aimed at improving processes or systems.” If a SME insists on establishing a separate quality department, its level of effectiveness can be increased by embedding the QMS in widely-used organizational systems where practical. The integration is largely a function of how well the QMS manages to share information with other subsystems and its ability to align with the policies, norms, goals, and values in place throughout the organization.

Training

In SMEs, training and staff development is more likely to be ad hoc and small scale because of modest human and financial resources and the absence of a specific training budget. To prevent the problems arising from lack of education and training, two things must be done:

1. Education of Top Management: The centralization of decision-making processes within many SMEs means that the management can either be the main stumbling block to change or the main catalyst for change. Therefore, any approach to ISO 9001 implementation must involve considerable education for the top management of the organization to create awareness and understanding of the implementation process as a change initiative. Implementing a fully functional and documented QMS requires motivation by top management to appreciate, achieve, and implement the necessary measures to meet the standards’ criteria.

2. Education and Training of Employees: SMEs are often under pressure to quickly gain ISO 9001 registration. Meeting the requirements of the standard in a short period of time can prove a formidable obstacle for a small company. Since most SMEs do not possess the needed expertise internally, they may be inclined to hire external experts to provide the necessary technical expertise and manpower. However, having a functioning and documented QMS requires more than that. It requires ensuring that all employees in the organization clearly know what is expected of them and how they can contribute to the attainment of their organizations’ goals. This will likely require the preparation and implementation of a training plan tailored specifically to the unique characteristics and maturity level of the SME.

Auditing

As emphasized throughout the paper, a QMS is not going to produce the expected results unless it is fully functional. While auditing must therefore verify the existence of the necessary documentation, it must also focus on the functionality of the QMS. The measurement of the functionality and the qualitative and financial impacts of a QMS have been the subject of several studies, including Kaynak [11]. Among the categories used to measure functionality and performance improvement, two are particularly noteworthy for our purposes: management commitment and employee involvement. A QMS cannot be functional in the absence of those two characteristics. Therefore, as a minimum, internal and external auditors should continually verify top management’s commitment to increased company-wide quality awareness and improvement in addition to employee involvement in the design, implementation, operation, and improvement of quality related processes and procedures.

Understand Quality Management

Quality Management may be defined as the process through which organizations apply statistical process control mechanisms in order to improve the quality and standards of goods and services that are manufactured. Closely related to Quality Management is tqm, also known as total quality management. This is basically a management strategy that is applied in businesses in order to create awareness of high quality in most organizational processes. Quality Management features three main components including quality assurance, quality improvement and quality control. Quality management is focused not only on the quality of products and services but also on continuous improvement of quality standards.

Most methods that are now being used for Quality Management, quality system and quality manufacturing system take into consideration the need for high quality as an essential attribute in services and products that are manufactured by companies and organizations. Quality Management usually involves the successful improvement of quality of services and products. This is usually done through quality training processes where one can also acquire lessons on quality process and process management. One tool that is used for ensuring auditing quality in Quality Management is the MasterControlQAAD(TM) software. Besides using tools to carry out Quality Management successfully, one can also consider applying project management. This will help ensure continuous quality improvement.

The other way through which organizations can improve quality of process and service output is by using six sigma. This is basically a business management strategy that helps identify and remove defects and variations in the manufacturing process. It also helps guarantee Quality Management. It works by using a set of high quality business management and overall management methods to ensure quality and guarantee Quality Management. Most products and services to which Quality Management is applied are certified with iso certificates. Some of the iso certificates that guarantee that a product or service has undertaken Quality Management, change management and process improvement is iso 9001.

iso 9001 and iso 14001:2004 set down specific guidelines for environmental management systems and Quality Management. Other guidelines can be found in other generic process management philosophies such as the lean management that follows iso 9000 quality improvement standards aimed at guaranteeing total quality to its quality systems. The other mode through which organizations guarantee Quality Management is by use of a quality plan that meets iso 14000 and iso 14001 iso certification requirements. The other iso certification that guarantees product quality in Quality Management include iso 9001 2000.

In order to meet supplier quality in Quality Management systems, there are several iso training sessions that are offered. These meet iso standards. An organization that is in need of Quality Management for its products and services may also consider using a quality manual for its day to day Quality Management plans. Such a manual will usually have guidelines for iso quality. However, when applying the guidelines in the manual, regard must be had to quality audit measures aimed at guaranteeing Quality Management for the organization. Quality Management also involves knowledge of as9100 and iso 13485 that are commonly applicable in supplier management.

Quality Management programs that are iso certified help offer quality policy to existing iso 9001 certifications and quality management system that meet iso 9000 and ts16949 requirements. Quality companies that are aimed at ensuring Quality Management for the products and services that they manufacture also use quality management software that guarantees managing quality. In order to enhance Quality Management, the software guarantees quality procedures through its high rate of functionality. Besides such software, an organization can adopt quality assurance training and also offer quality consulting to its members in order to guarantee Quality Management to its products and services.

There are also several quality project management plans, which meet iso standards such as iso 9002 that are available today. Such plans are usually developed with a view to developing flexible, affordable and scalable management solutions to companies that seek to uphold Quality Management for their products and services. Such plans feature quality management systems that offer quality control management and quality assurance management through quality a management plan. Other quality objectives that can be obtained through iso 9001 training thus meeting iso 9000 certification use project management skills to improve Quality Management for the manufactured products and services.

ISO 14001 Standards – Complying with Environmental Laws and Regulations

One of the most commonly cited reasons for implementing an ISO 14001 environmental management system is that it helps an organization comply with environmental laws and regulations.

ISO 14001 registration will provide additional assurance to City Council, senior management, regulators and key stakeholders that appropriate procedures have been implemented to identify, track, and communicate environmental laws and regulations. ISO 14001 registration will also provide assurance that our Administration is controlling, monitoring, and improving performance, relative to these laws/regulations.

A strong environmental management system, aimed at legal/regulatory compliance, will serve the City of Edmonton by increasing the likelihood of avoiding convictions, fines and judgments; avoiding internal legal costs; and promoting positive relations with regulators.

IS0 14001 – HISTORICAL DEVELOPMENT

Firstly ISO 14000 environment system standards was prepared in June of 1992 year in Rio at world apex and this standard brooks decisions of this world apex and Rio contract principles. After 1 year, ISO established one technique committee which is yielded by 50 different country representatives to prepare international environment management system in 1993 year. ISO 14001 environment management system standard was issued in September of 1996 year with works of this committee. ISO 14001 standard is used as voluntary now but ISO 14001 will be burden by coercions of societies, international organizations, states in the future. Levels which environment management system passed are the following briefly:

= Europe community countries issued I action plan in 1973 year (to practice protecting preventions of environment )
= BS 7750 Standard in 1992
= Rio Declaration in 1992 year
= ISO/TC 207. Environmental management technique committee was established in 1993 year to develop ISO 14000 family standards
= TS 9719 standard (environment management system – General features) in 1994 year
= ISO 14001 standard in 1996 year
= ISO 14001 current version in April of 2005 Nisan 2005

ISO 14001 and The Environment

The ISO 14000 family of International Standards on environmental management is a relative newcomer to ISO’s portfolio – but enviroment-related standardization is far from being a new departure for ISO.

In fact, ISO has two-pronged approach to meeting the needs of business, industry, governments, non-governmental organizations and consumers in the field of the environment.

On the one hand, it offers a wideranging portfolio of standardized sampling, testing and analytical methods to deal with specific environmental challenges. It has developed more than 350 International Standards (out of a total more
than 12000) for the monitoring of such aspects as the quality of air, water and soil. These standards are means of providing business and government with scientifically valid data on the environmental effects of economic activity.

They also serve in a number of countries as the technical basis for environmental regulations.

ISO is leading a strategic approach by developing environmental management system standards that can be implemented in any type of organization in either public or private sectors (companies, administration, public utilities). To spearhead this strategic approach, ISO establish a new technical commitee, ISO /TC 207, Environmental management, in

1993. This followed ISO’s successful pioneering experience in management system standardization with the ISO 9000 series for quality management.

ISO’s direct involvement in environmental management stemmed from an intensive consultation process, carried out within the framework of a Strategic Advisory Group on Environment (SAGE),set up in 1991, in which 20 countrie, 11 international organizations and more than 100 environmental experts participated in defining the basic requirements of a new approach to environment-related standards.

This pioneering work was consolidated with ISO’s commitment to support the objective of “sustainable development” dicussed at the United Nations Conference on Environment and Development in Rio de Janeiro in 1992.

Today, delegations of business and government experts from 55 countries have participate actively within TC 207,

and another 16 countries have observer status. These delegations are chosen by the national standars institute concerned and they are required to bring to TC 207 a national consensus on issue being addressed by the commitee.

This national consensus is derived from a process of consultation with interested parties.

From its beginning, it was recognized that ISO/TC 207 should have close cooperation with ISO/TC 176, Quality management and quality assurance, in the areas of management systems, auditing and related terminology. Active efforts are under way to ensure compatibility of ISO environmental management and quality management standards, for the benefit of all organizations wishing to implement them.

ISO 14001 ENVIRONMENTAL MANAGEMENT SYSTEM AUDIT

In order to be in conformance with this provision of ISO 14001 an organization must be able to answer the overall question: “How does the organization conduct environmental audits of the EMS?”. In order to answer that question four specific tasks must be addressed under the Management System Audit section of the standard.

First, the organization must develop a program and related procedures that define an audit plan of the environmental management system. In addition the program must define frequency of the audit process. Second, the procedures must specify the methodology of the audit process, including the qualifications of the auditors. Third, the audit reports must be submitted to top management. Fourth, the audit reports must provide recommendations directed at correcting any reported nonconformance that was discovered in the audit process.

The audit process discussed in this section of the standard is directed at internal audits. The standard is silent on the frequency issue. Generally accepted practice with a mature ISO 14001 system is a total audit of the system once a year. In the implementation phase of an environmental management system a more frequent audit process might be appropriate. In addition any part of the environmental management system that has been previously determined to be in nonconformance should be audited with an increased frequency. The methodology of the audit process required by the standard requires two distinct steps:

A. determine whether the environmental management system conforms to the requirements of ISO 14001, and
B. that the system has been managed as described in the Environmental Policy statement, the Environmental Objectives and Targets, and the related work descriptions and procedures.

It is critical that an audit report that relates a nonconformance be forwarded to top management promptly. The internal audit staff must be competent with respect to the requirements of ISO 14001.

Reasons a Company Becomes Certified in ISO 9001 Standards

ISO 9000 certification or registration can be an expensive process. A company must consider the reasons and promised benefits for going through this process. If a company decides to seek certification, they should consider making sure their suppliers are certified or at least compliant to the ISO 9000 standards.

Major reasons
In the early 1990s, companies seemed to be jumping on the certification bandwagon without seriously considering the rationale for doing so. Often they did so because competitors or “everybody else” is getting registered. Today companies seriously look at the reasons and benefits for becoming registered.

The major reasons that company leadership or management decides to seek ISO 9000 certification are to gain continued or increased business and to maintain effective operations.

Improved business
A company can maintain a relationship with customers, as well as get increased business through complying to the ISO 900 standards or becoming certified. This comes from satisfying customer demands, the desire for European business, and to advertise.

Finally, some companies want to become certified, so they can advertise that fact and give the impression of being better than their competitors.

You have seen ads with a logo stating the company is certified at some ISO 9000 level. It apparently gives those companies a leg up on competitors not registered.

Again, this seemed more important in the 1990s, but you don’t see that many companies using ISO 9000 certification as an advertising tool.

ISO 9000 is supposed to make sure your business is run in an orderly manner that will assure continued success.

One would think that a goal such as being run effectively and able to deliver goods consistently and reliably would also be desirable for a company’s own operation. Surprisingly, many companies do not consider that as a goal.

Transition from ISO 9001:2000 to ISO 9001:2008 Posted by everise | iso 9001 standard | Friday 9 October 2009 12:

Transition from ISO 9001:2000 to ISO 9001:2008

This reference guide was developed to help you understand the nature of the changes to the ISO 9001 standard.

Clause Change/Emphasis Not Auditable

0.1 General – Added language emphasizing statutory and regulatory requirements are a concern as it relates to products for this international standard.

0.4 Compatibility with Other Management Systems Standards - Emphasis was added on the consideration given to ISO 14001:2004 to ensure that the standards are compatible.

1.1 General

1.2 Application – “Statutory” was added in certain paragraphs to ensure the user is aware that these requirements must be taken into consideration. Additional notes were added to explain that where the word “product” appears, it refers to every stage of its existence, from raw material received to the final product being shipped to the customer.

2. Normative Reference – Reference to ISO 9000 (vocabulary and concepts) was updated to refer to the current revision (i.e. ISO 9000:2005).

3. Terms and Definitions – The supplier/organization/customer model was removed. These relationships, in reality, are not always linears.

The Auditable Requirements
Clause Change/Emphasis
4.1
In 4.1 a, “identify” was replaced with “determine” to emphasize that an organization must give careful consideration to what processes are needed in order to fulfill requirements.
A link is drawn to 7.4 in the additional note. This was done to show that the supplier approval, evaluation, and re-evaluation process is where evidence of controlled outsourced processes should be demonstrated.
4.2.1
References to records and documents were consolidated.
Also, the organization can require records not specified in this international standard that are created and maintained.
4.2.3
Clarification is given to the requirement for outsourced documents. Only those needed for the planning and operation of the QMS need to be controlled. This could exclude documents related to occupational health and safety since ISO 9001 contains requirements only concerned with product (see 0.1).
4.2.4
Rephrased, but no additional clarifications or emphasis added. Editorial change only.
5.5.2
The management representative must be from the organization’s management. This would exclude consultants and other individuals external to the organization (e.g. a management representative from the corporate entity). The purpose of this is to ensure that this individual, entrusted with the responsibilities of championing the quality management system, is not “out of touch” with the organization.
6.2.1
The boundaries of competence only extend to individuals who impact product conformity. However, this does not just include those who are directly involved in production. The decisions made by management affect product conformity; therefore, they must be competent as well.

6.2.2
If said personnel have not yet attained the competence needed to perform the assigned job, then the organization must provide training or some other remedy to ensure that competence is achieved. The organization must also have a mechanism to ensure that personnel have been evaluated based on how well they demonstrate their knowledge and skill (i.e. competence). It is not enough to merely provide training or consider an individual’s experience. The organization must prove to itself that this person can, in fact, perform.
6.3
Infrastructure also includes databases and information technology.
6.4
Emphasis is added in a note to highlight that the concept of “work environment” only extends to product quality.
7.1 c
“Measurement” is added.
7.2.1
“Post-delivery activity” is clarified in a note with examples.
7.3.1
A note emphasizes that design verification, validation, and review are different from one another and serve different purposes. Design review is where the organization evaluates if the design can meet requirements and if any changes need to be made. Design verification is where the organization has ensured that requirements have been met (e.g. is the widget blue and is it hexagonal?). Design validation is where the organization proves that the design can perform as required.
However, the records of design verification, validation, and review do not have to be separate.
7.3.3
Production and service provisions also extend to how product is preserved, handled, etc., to ensure product conformity. See 7.5.1
Design outputs must include requirements related to preservation. See 7.5.5.

7.5.2
Notes were added to give examples of the types of processes where this requirement would apply along with a statement that service organizations should have additional considerations in the planning stages when deficiencies and conformity are not likely to be identified prior to delivery.
7.5.3
Product status must be identified throughout product realization, not just the final product. See 1.2.
7.5.4
Wording was modified to add clarity, but the intent of the requirement has not changed.
7.5.5
Again, emphasis is added that care must be given to preserving the product regardless of where it falls in the realization process.
7.6
An obsolete reference to another ISO document was replaced.
The definition of “monitoring and measuring devices” has been clarified to include equipment and devices that are purposed for monitoring and measuring, regardless of their original or intended purpose.
An additional note regarding software was added.
8.2.2
Document and record requirements were reworded and their placement modified to improve clarity.
The reference to the auditing guidance document was updated (i.e. ISO 19011).

8.2.3
Wording was modified to emphasize that correction and corrective actions are not only to be taken to preserve the conformity of the product, but also to preserve the quality management system. For example, internal rejection/scrap rates could show evidence that the organization is preserving product conformity and is taking intermediate action to prevent bad product from being shipped to their customers; however, it could also be a sign that the organization is not efficient since the higher rejection/scrap rates are undesirable.
A note was added to clarify the meaning of “suitable methods” related to planning, monitoring and measurement processes. Suitability should be determined based on risk and the impact that nonconformity would have on the product or process.
8.2.4
Product can be released to other internal processes despite planned arrangements not being satisfactorily completed as long as it conforms prior to release to the customer. This relaxes requirements on intermediate inspection results and records.
8.3
Actions taken against nonconforming product must be proportional to its impact or potential impact. See 8.2.3 related to impact considerations for monitoring and measurement.
This would mean that in the planning stages of a product, the organization needs to customize responses to nonconforming products based on the risk or potential risk to the organization.
This requirement existed in ISO 9001:2000; however, its location has changed.

8.5.2
Nonconformity can have multiple causes (“cause”; i.e. a singular reason, was used in the 2000 version); therefore, the organization must consider this when conducting root cause analysis.
Also, it is not enough to simply review corrective action and ensure that procedures were changed, personnel have been re-trained, and that processes were amended. The organization must review whether or not the action(s) taken were effective; i.e. did they successfully eliminate the nonconforming condition?
8.5.3
Similar to the new emphasis on the effectiveness of corrective action, the organization must also document whether or not the preventive action(s) taken were effective in eliminating the risk of nonconformity.

Understanding the ISO 14001 Standard

ISO 14001 is an international voluntary standard that specifies the minimum elements for an environmental management system. It was published in 1996 by the International Organization for Standardization and is being taken up by organizations throughout the world at varying speeds.
The above is accepted as true by most people who are aware of the standard. Beyond these simple facts, however, there are many misconceptions about ISO 14001. For instance:
ISO 14001 will be a requirement for all companies.As with ISO 9000, conformance to ISO 14001 may become a condition of doing business in certain countries, regions or markets. This process already has begun in some industrial sectors, such as the automotive and electronics markets. However, there are still a tremendous number of companies in business today that do not conform to ISO 9000, even though that standard is now 13 years old. Thus it is too early to tell how widely ISO 14001 will be required in the future.
Implementing ISO 14001 means getting a registration.Many suppliers choose to demonstrate conformance to ISO 14001 through third-party certification. Some customers may require this. However, the standard itself considers a company’s self-declaration of conformance as an acceptable alternative. Further, some companies simply use the ISO 14001 model for internal purposes as a means to enhance their environmental performance.
ISO 14001 is just paperwork and won’t really help my company.ISO 14001 is like many things in life – you get out of it what you put into it. The way a company implements the standard determines what benefits it receives. Many companies that have implemented ISO 14001 report a variety of benefits, including improved environmental performance, greater operating efficiency, cost reduction, improved employee awareness and enhanced public image, among others.
Implementing ISO 14001 means throwing out our current environmental programs.ISO 14001 criteria specify “what to do,” not “how to do it.” Implementation approaches vary widely. There is no reason to think that your existing approach to environmental management must be put aside to satisfy ISO 14001.

ISO 14001:2004 Document Control System

Documents required by the environmental management system and by this international standard shall be controlled. Records are a special type of document and shall be controlled in accordance with the requirements given in 4.5.4 (Control of Records).
The organization shall establish, implement, and maintain a procedure(s) to
a) approve documents for adequacy prior to issue;
b) review and update as necessary and re-approve documents;
c) ensure that changes and the current revision status of documents are identified;
d) ensure that relevant versions of applicable documents are available at points of use;
e) ensure that documents remain legible and readily identifiable;
f) ensure that documents of external origin determined by the organization to be necessary for the planning and operation of the environmental management system are identified and their distribution controlled; and
g) prevent the unintended use of obsolete documents and apply suitable identification to them if they are retained for any purpose. [ISO 14001, 4.4.5]
http://www.iso-consults.com
http://www.e-wia.com

Document and Data Control in ISO 9001 & ISO 14001

The organization shall establish and maintain procedures for controlling all documents and data required by ISO 9000 & ISO 14001
a) they can be located;
b) they are periodically reviewed, revised as necessary, and approved for adequacy by authorized personnel;
c) current versions of relevant documents and data are available at all locations where operations essential to the effective functioning of the OH&S system are performed;
d) obsolete documents and data are promptly removed from all points of issue and points of use, or otherwise assured against unintended use;
e) archival documents and data retained for legal or knowledge preservation purposes, are suitably identified.
Accidents, incidents, non-conformances and corrective and preventive action
The organization shall implement and record any changes in the documented procedures resulting from corrective and preventive action.
Documents required by the ISO 9000 & ISO 14001 shall be controlled. Records are a special type of document and shall be controlled in accordance with the requirements.
The organization shall establish, implement and maintain procedure[s] to:
a) approve documents for adequacy prior to use;
b) review and update as necessary and re-approve documents;
c) ensure that changes and the current revisions status of documents are identified;
d.) ensure that relevant versions of applicable documents are available at points of use;
e.) ensure that documents remain legible and readily identifiable;
f.) ensure that documents of external origin determined by the organization to be necessary for the planning and operation of the ISO 9000 & ISO 14001 management system are identified and their distribution controlled, and
g.) prevent the unintended use of obsolete documents and apply suitable identification to them if they are retained for any purpose.

THE REQUIREMENTS OF ISO 14001:2004 WITH RESPECT TO LEGAL COMPLIANCE

ISO 14001:2004 requires an organization to make a “commitment” in its environmental policy to comply with applicable legal requirements that relate to its environmental aspects. The organization shall establish, implement and maintain a procedure(s) for periodically evaluating compliance with applicable legal requirements that is consistent with realising this commitment.
The specific clauses of ISO 14001:2004, which are most important with respect to legal compliance are the following EMS elements:
1) public environmental policy commitment to legal compliance (sub-clause 4.2);
2) identification and having access to applicable legal requirements and other requirements related to its environmental aspects (sub-clause 4.3.2 a));
3) how those legal requirements apply to the organisation’s environmental aspects (sub-clause 4.3.2 b));
4) objectives/targets/programs (sub-clause 4.3.3)
5) how legal obligations are routinely managed and monitored (sub-clauses 4.4.6 and 4.5.1);
6) evaluation of legal compliance (sub-clause 4.5.2);
7) corrective and preventive actions where necessary (sub-clause 4.5.3);
8) internal audit (sub-clause 4.5.5); and
9) management review (sub-clause 4.6).

Implementing ISO 14001

ISO 14001 is an internationally recognised standard that provides a framework for a strategic approach to corporate environmental management. This standard gives organisations the means to identify and control their environmental impacts, improve performance and achieve their objectives and targets. The standard is independently audited, giving it great strength and integrity.
Due to its widespread adoption (e.g. Barclays, Credit Suisse and UBS in the financial sector), it now acts as a common reference for communication about environmental issues. ISO 14001 provides assurance to stakeholders on environmental claims and helps organisations meet requirements laid down by clients and investors.
Adoption of ISO 14001 is being driven by stakeholder concerns as well as the significant benefits on offer to adopters. Few companies are now exempt from government, client and investor demands for accountability and improved environmental performance. With brand and reputation on the line, it is a risky strategy to ignore these concerns.
However, choosing how to act is not a straightforward decision. Companies that rushed to announce their green credentials without independent verification and transparency fell foul of greenwash accusations and suffered perhaps more damage to their reputation than had they not acted in the first place. In response to this, many companies are now choosing to implement internationally recognised and independently audited environmental management systems such as ISO 14001.
The benefits of implementing ISO 14001 are extensive:
It immediately enhances corporate reputation and sends a clear signal of commitment to corporate responsibility. Accusations of greenwash are prevented by the transparent and robust approach of the standard.
Proactive environmental management increases attractiveness to investors, especially for Socially Responsible Investment (SRI), an area already accounting for £9 billion investment per year in the UK alone.
ISO 14001 accreditation may also bring financial benefits through increased market share. Firms can differentiate themselves from competitors as responsible companies as well as securing the rewards of first mover advantage in new markets. In addition, many buyers are now implementing sustainable procurement codes and stipulating conditions in Requests for Information (RFIs) where suppliers are required to have environmental credentials. Gaining ISO 14001 accreditation ensures access to environmentally demanding but high reward markets.
Financial benefits are not limited to increased investment and sales. Implementation of an EMS may produce significant cost savings that actually negate the initial outlay. With energy and waste prices rising sharply, environmental responsibility can produce a win:win opportunity.
Perhaps the most significant benefit for many will be the positive effect on attracting and retaining staff. With intense competition for the best staff, corporate responsibility is becoming a key criterion against which employers are judged.
Finally, responsible environmental management is quickly becoming a necessary condition for business, a socially accepted norm of behaviour. Those who fail to follow these norms risk damage to their reputation and the possibility of their social licence to operate being revoked.
A standard as thorough and robust as ISO 14001 has an equally thorough implementation process with extensive requirements for procedures and auditable document trails. Implementation follows the Plan-Do-Check-Review cycle and key required procedures are detailed in the diagram below. Implementation will entail the creation of at least 20 procedures and supporting documents. The procedures are all company-specific and must be tailored to suit individual operations. It is this level of detail that gives the standard such strength and integrity.

The ISO 14000 Challenge

The building blocks of an environmental management system is an understanding of aspects and impacts.
Implementing ISO 14001 begins with identifying how an organisation’s business activities impact on the
environment.
Many organisations believe they are already aware of the significant aspects and impacts of their operations.
The process of implementing ISO 14001 may uncover significant impacts not previously identified and allows
for a consistent approach to analysis.
Generally this analysis is done department by department or centre by centre.
It is best if it is a team approach that involves the employees who do the activity. An employee’s
familiarity with a task is essential for both the identification of the environmental impacts of business
activities and the determination or implementation of control measures.
An aspect is any element of an organisation’s activities, products or services that can interact with the
environment.
An impact is the change caused to the environment.
Impacts may occur during normal and abnormal operating conditions, such as accidents and
emergencies.
Aspects can often be isolated by analysing the inputs and outputs of an activity.
EVALUATION OF IMPACTS
Once the impacts have been determined they have to be evaluated.
Criteria for evaluation include environmental concerns such as the severity of the impact, and business
concerns such as potential regulatory and legal exposure, the probability of the impact occurring, the
cost of changing the impact and effect on public image.
This type of evaluation highlights the significant impacts. These, in turn, determine the significant
aspects. Once the significant aspects have been determined, targets and objectives can be set.

What Is an Environment Management System (EMS) ?

An EMS can be described as a program of continuous environmental improvement that follows a defined sequence of steps drawn from established project management practice and routinely applied in business
management. In simple terms these steps are as follows:
• Review the environmental consequences of the operations.
• Define a set of policies and objectives for environmental performance.
• Establish an action plan to achieve the objectives.
• Monitor performance against these objectives.
• Report the results appropriately.
• Review the system and the outcomes and strive for continuous improvement.
Not every system will present these steps in exactly the same way, but the basic principles are clear and easily understandable.
The ISO 14000 series is a series of standards for different aspects of environmental management. A number of these standards relating to environmental management systems have been adopted formally by
the members of the ISO, while others are in different stages of preparation.
The standards that have been adopted are (as of early 1997):
ISO 14001-1996 Environmental management systems:
specification with guidance for use
ISO 14004-1996 Environmental management systems:
general guidelines on principles, systems, and supporting techniques
ISO 14010-1996 Guidelines for environmental auditing:
general principles of environmental auditing
ISO 14011-1996 Guidelines for environmental auditing:
audit procedures; auditing of environmental management systems.
ISO 14012-1996 Guidelines for environmental auditing:
qualification criteria for environmental auditors Standards currently available as draft international standards:
ISO 14021 Environmental labels and declarations:
self-declaration environmental claims; guidelines and definition and usage of terms.
ISO 14040 Environmental management: life cycle assessment; principles and framework
ISO 14050 Environmental management: vocabulary More than half a dozen others in this series have been drafted and are under discussion.