Category Archives: Registration

14001:2015, Annex SL, ISO, ISO 14001, Registration

DIS 14001:2015 Review – Definitions 1

Leave a comment

DIS 14001 was released on July 1st and it represents the latest iteration of the Environmental Standard. I’ve been reviewing it against the current 2004 version and there are some interesting changes.

This first part covers the overall contents, but primarily looks at how the Definitions section has evolved.

Timeline for ISO 14001:2015

First, a quick timeline summary of the process; actual and planned. DIS 14001 As you may notice, the Final Draft International Standard – FDIS was due originally at the beginning of this year. Didn’t happen.

So, I don’t think it’s likely that the actual release of ISO 14001:2015 will occur in January. I’m thinking September, 2015. Then, as with other standards roll-outs, there will be a transition period of up to sixteen months or so, while existing Certifications move to the new standard at their Surveillance and reCertification audits.

New Certifications typically have a timeframe where the client has a choice in revisions, depending on where they started their process.

Table of contents section of DIS 14001

First thing you’ll notice – the Contents section – huge.  HUGE I tell ya. Where the now familiar 2004 has thirteen humble lines, the DIS has, oh… two pages of lines. Audacity.

And it is clearly compliant with Annex SLDon’t know what that is? We’ve got two great posts with details – here – and here.

Those who are familiar with Annex SL will have an easy time understanding new standards’ releases in the coming years. In actuality, most of what is changed in DIS 14001 can be easily grasped if Annex SL is understood.  

Again, this is true for most of the upcoming management systems standards; updated and new. 

Definitions section of DIS 14001

There are twenty definitions in the 2004 version, versus thirty-three definitions in the DIS. Of the thirty-three, eleven are both specific to 14001 and new or different in the DIS than in the 2004 version. So, using the power of maths, about two-thirds of the Definitions are built right into the structure of DIS 14001 – courtesy of Annex SL.

Because Annex SL is the new structure for multiple standards, I won’t review what is defined there. If it isn’t in 2004 but is in the DIS I will list it below – with three exceptions.

Same word, different definitions

Thomas, prior to man age.

These are terms defined one way in the 2004 version, and another in DIS 14001. Nothing as blatant as say, the word “Hello” – which was once a exclamation of surprise (thank you, Thomas Edison. See, he wasn’t so bad), or “Manage” which once meant, literally, “the age at which one became a man” (thankfully Sheryl Sandberg never read a vintage dictionary).

But I digress… the differences are subtle, but important because they do illustrate a shift in focus. A focus toward identifying [Annex SL] risks, for one.

environmental aspect

Discussion: DIS 14001 adds “or can interact”. This implies – again – a consideration of risks and the first note does this as well. That second new note, likely closes a loophole present in the current version by forcing the organization to have a rationale for decision making. Here is the text for your own comparison. I’ll use this “Discussion – DIS 14001 – 2004” format for the other definitions, too.

DIS 14001
3.9 – element of an organization’s activities or products or services that interacts or can interact with the environment

Note 1 to entry: An environmental aspect can cause (an) environmental impact(s). A significant environmental aspect is one that has or can have a significant environmental impact.

Note 2 to entry: Significant environmental aspects are determined by the organization applying one or more criteria.

2004
 3.6 – element of an organization’s activities or products or services that can interact with the environment

NOTE A significant environmental aspect has or can have a significant environmental impact.

environmental management system

Discussion: The reference to policy is removed in DIS 14001, and risk is integrated along with threats and opportunities. The management of environmental aspects remains the same. The full text of both is below.

DIS 14001
3.4 – part of the management system used to manage environmental aspects, conform to compliance obligations, and address risk associated with threats and opportunities

2004
3.8 – EMS – part of an organization’s management system used to develop and implement its environmental policy and manage its environmental aspects 

environmental objective

Discussion: I’m going to miss, “sets itself to achieve” it was almost English.

DIS 14001
3.17 – objective set by the organization consistent with the environmental policy

2004
3.9 – overall environmental goal, consistent with the environmental policy, that an organization sets itself to achieve

environmental performance

Discussion: Some quibbling about what “performance” is here; DIS 14001 translating it to “measurable results”. The rest is very similar, adding “environmental targets” – do not miss the “and” that replaces the “or”; I believe this closes a loophole of sorts.

DIS 14001
3.13 – performance related to the management of environmental aspects

Note 1 to entry: In the context of environmental management systems, results can be measured against the organization’s environmental policy, environmental objectives or other criterion, using indicators.

2004
3.10 – measurable results of an organization’s management of its environmental aspects

NOTE In the context of environmental management systems, results can be measured against the organization’s environmental policy, environmental objectives, environmental targets and other environmental performance requirements.

Nonconformity

DIS 14001 
While the definition remains the same between the 2004 version and the DIS (and Annex SL), there is an added:

Note 1 to entry: Nonconformity relates to compliance obligations, including requirements in this International Standard and additional environmental management system requirements that an organization establishes for itself.

Until next time

I’ve covered what Definitions have changed between the two versions, next post I’ll review the new terms.

A copy of your very own DIS 14001 can be purchased – here at ISO.org (I feel sheepishly obliged to tell you I’m not financially connected to them).

Thanks  for stopping by!

Sal

P.S. While this is my own independent blog, I would be remiss if I did not point out that if your company is in fact starting down the path to Certification, regardless of the standard, and are in need of a Registrar – I happen to know a great organization that does that kind of thing: Start here at TUV USA (part of TUV Nord).

Mention my name, please – so they’ll think I’ve been up to something useful in my spare time.

Events, ISO, Registration

ISO Survey Results Released

Leave a comment

The most recent ISO survey results were released. It shows a significant rise in Energy Management certificates, along with gains across all standards.

ISO does this every year, as it has done since 1993, to show the number of certificates issued to management system standards in the previous year.

The big increases were found in energy management (ISO 50001) with a 332% increase, and food safety (ISO 22000) coming in at 20% higher between 2011 and 2012.

ISO Study 1

The ISO survey results do only cover certificates by subset of those issued, specifically by IAF accredited certification bodies (registrars). The IAF is essentially an international club of accreditation bodies – this is the layer that audits registrars like TUV, BSi, NSAI, UL – there are more. You are audited by the registrar, the registrar is audited by the accreditation body, or a representative of them.

There is arguably a higher level of credibility with an accredited registrar, and when selecting vendors on the basis of their ISO registration status, it’s a good idea to ensure their certificate is accredited – fodder for another post, however.

I’d like to say that if we were to count the non-IAF certificates, the numbers would likely be higher, which is generally true, but percentage-wise; from one year to the next – who knows. I won’t even mention it then.

The ISO standard for the medical devices field (ISO 13485) and the information security standard (ISO 27001) did quite well, too, both showing about a 12.5% growth.

9001 certifications in 2012, which are by far the most numerous at over 1.1 million worldwide,  show steady growth in the ISO survey, along with the environmental standard (ISO 14001).

Personally, I wasn’t surprised to see the very healthy increase in ISO 27001 certifications, and I think it will continue to do so. The growth in the food safety sector with ISO 22000 is also pretty stunning, especially in light of how recently it has been added to the playing field.

The full report can be found on ISO’s site.

Thanks for reading; go forth – and calibrate thyself.

Sal

Audit Preparation, Certification, Registration

Audit Preparation

Leave a comment

So, you’ve got an audit coming up – your registrar is sending out someone you know is out to ruin your whole day. I’d like to help save you.

One important key to success is self confidence. An important key to self confidence is preparation
– Arthur Ashe

First off, some context  – what are you preparing for? In order to be Certified (or Registered), at some point there needs to be troops on the ground to evaluate your company against your standard of choice. Sure, they are friendly troops – probably even likable in their doltish, uncomplicated way; but they aren’t your troops, and you’re really not sure what side they’re on.

Fact is that they probably are on your side, and they don’t want to make your life more complicated – or theirs, but you have to meet them at least half-way. The trick is to start off on the right foot by making their job easier. Why not? And let them know you understand they are only there to make the system stronger.

So we’re all on the same page, let’s review the process of getting and staying Registered (or Certified – let’s pretend it’s the same thing, okay?).

The Certification Cycle

There is a sequence of events to getting Registered. Part of it is a continuous loop. Once you’ve gotten your system mostly installed and have a minimal amount of records from it, typically you will begin the path that includes several stages.

Certification Loop - audit preparation

Stage 1” audit: Also known as a “Readiness Review” this is where you want to show the skeletons in the closet; reveal as much as you can. It is more of a “check off the boxes” type of audit; does the piece exist or not? Registrars vary in the depth of auditing on Stage 1’s and generally more is better. Ideally you’ll want a deeper audit, but time is a factor. If you’re confident in an area, best to encourage the auditor to move on. Don’t forget that this is mostly for your benefit (the auditor is using it to get a feel for the territory and help in his planning process). It is a good idea to have your Registrar describe the depth of their version of a Stage 1. Even within a Registrar there is variation between auditors in just how deep they’ll go on a Stage 1 – letting your program manager know you are concerned with depth will help ensure you get what you want.

There will typically be an action list from this exercise – no non-conformances (there may be several dozen; more is better). Use this to help you determine if you are ready for the next stage. Two months is typical, sometimes it means six; depends on the issues and your resources.

The “Stage 2” or Registration/Certification Audit is the actual game time. You’ll want to limit your answers (and the answers of all employees) to what is being asked. Part of this is because time will be relatively tight, and side-trips are exactly that. There will be interviews, paperwork and records reviewed – an audit. They are as fun as they sound. In all actuality they are often quite pleasant, the key is to remember that everyone is really on the same team, and the goal is improvement. It is not unusual to have a small training session so folks know what to expect and how to act.

Action items become non-conformances in two flavors; minors and majors. Definitions vary, but essentially a minor represents a single or a few occurrences or deviations to an established procedure. Majors would be a large numbers of minors in one area, or a missing key process; such as no or shoddy Internal Audits, lack of an effective Management Review, or evidence of bad product escaping to a customer. Majors may require either a submission of documents, or a physical re-audit of the impacted section of the standard.

You can expect, and should not feel sheepish about, a small number of minors. The only real difference between majors and minors is the amount of time allowed to respond and correct them before Certification will be recommended.

Once Recommendation occurs – this, by the way, is the most an Auditor can grant you, the audit package is submitted. Usually there are two levels of post-audit review; an administrative review, and a technical review. Administrative means checking for the correct forms – were all the right things done. Technical review means a more detailed review by someone who knows about auditing and has knowledge of the applicable standard. It is for checking if the right things were done right.

It is seldom that a recommendation is overturned, but not terribly unusual for there to be small clerical errors in need of repair or clarifications needed.

And then – CONGRATULATIONS! You’ve got yourself a Certificate – probably even a framed one (some Registrars actually provide an engraved plaque…)

Then the “Surveillance Audit” cycle begins. Usually it is in one year’s time, though some Registrars allow, and customers request, that these occur twice per year. This will depend on the culture and resources of the company, and typically a twice-annual process works when higher external supervision or validation is desired.

These audits look always at the core clauses; Internal Audits, Management Reviews, Corrective and Preventive Actions, Improvements – along with some portion of the remainder. After another year, there is another Surveillance. This one, again, looks at those core clauses plus whatever was not looked at in the previous audit. There is often overlap regarding manufacturing.

Completing the loop, after two yearly surveillances have occurred, is a “reCertification” audit. This looks at the full system, though with less depth than the original audit and more focus on improvement capabilities.

I’ll close with a short list of what you should have ready for the auditor to look at on your Surveillance audits.

Surveillance Audit Preparation

This list is made specifically for Surveillance audits, but should work well as a start for Certification audits as well. Have available the following documents and records:

Minimum Documents

  1. Quality Manual (1 printed copy for each auditor).
  2. Procedures, if you have them, for:
    • Management review,
    • internal audits,
    • corrective and preventive action and
    • non-conforming product. Ensure they are easily accessible.
  3. These can be either printed, put onto a USB stick for auditor use, or easily accessible via some on-line interface. Allow the auditor time and space to “drive”.
  4. The above is the minimum they’ll need; if you’ve got a binder with all of the procedures then all the better. Also, a master list of all documents is handy – I know this is not a requirement in many cases (unless your dated system has made it one), but if you have one – this would be a good time to have it there for the auditors.

Minimum Records

  1. Last two Management Reviews; the “minutes and materials” with any action items and progress to them if those are not contained in the record.
  2. Internal audit reports and notes, including the full schedule [<- how to make one].
  3. Recent corrective, preventive and improvement actions. Sometimes this is a database, sometimes it is a log with references to completed forms; have them available or a plan for how the auditor may access them.
  4. If Training is on the agenda, having a list of recent hires is useful (past 6 months should be fine).

vs donutsSome other “nice to haves”

  1. Internet access; wired or wireless.
  2. Bottled water and juice (juice boxes … tempting).
  3. Snacks and the like are completely optional – auditors eat enough junk food on the road. But if you and your crew want an excuse to get bagels or donuts, or bagels and donuts – or muffins, or bagels and donuts and muffins then I’m sure the auditor will be happy to join you. Let’s call coffee and tea (hot water) a given.
  4. A provision for lunch – typically this should be brought-in to save time. A selection of menus is usually good. Please, keep in mind that some of us are vegetarians – and the house salad shouldn’t be the only option. Do you really want a grumpy, hungry auditor?

So there’s a few things you should know as you prepare for an audit. A little background, what to expect, and how you can get off on the right foot with the audit team.

Keep it positive and non-contentious, and you’ll do just fine.

 

Good luck and, I know you will with pride – go forth, and calibrate thyself.

Thank you,

Sal