ISO 9001 Standard / ISO 9001 Standards – ISO 9000 Standard / ISO 9000 Standards Certification & Implementation

An environmental policy is a statement of the organization’s overall aims and principles ofaction with respect to the environment, including compliance with all relevant stakeholders. As such, it should be written clearly and concisely to enable a

regulatory requirements. It is a key tool in communicating the environmental priorities of your organization to employees at all levels, as well as to external layperson to understand it, and should be made publicly available. It is up to the organization to decide on environmental priorities based on an initial environmental review, but these choices should be justified in the policy. To be truly effective the policy should regularly be reviewed and revised and incorporated into the organization’s overall corporate policy. The policy statement should set in writing a few achievable quantifiable priorities related to the environmental management system and the significant environmental effects found at the work-site. Furthermore, EMAS requires that the most signifcant environmental effects be mitigated within three years. Some form of improvement must also be accomplished from year-to-year by the organization and must be shown in the annual reports.

Although the formulation of policies and clear priorities is the most important step of

environmental management, this step is often neglected. Many top managers feel pressure to do something for the environment and thus embark on some form of ?Environmental activism?E often containing many isolated activities but no clear direction. For an organization to be a credible and efficient environmental performer and to reap the benefits of being an environmental leader in its markets, the rationale for investing in environmental management must be very clear.

To ensure an organization’s commitment towards a formulated environmental policy, it is

essential that top management is involved in the process of formulating the policy and of setting priorities. Therefore the first step is to get the commitment from the highest level of management. Based on this commitment the organization should then conduct an initial environmental review and draft an environmental policy. This draft should be discussed and approved by the board of directors. Finally, the approved environmental policy statement must be communicated internally and made available to the public.

As the environmental policy establishes an overall sense of direction and sets the principles

of action for an organization, it requires commitment from the highest level of management. Top management should be involved in the development and adoption of an environmental policy.

Getting the commitment from the highest level should be argued on the basis of costs and the implementation of an EMS increases shareholder value it is easier for top

benefits and their impact on shareholder value. If management to commit themselves to approving an environmental policy and to implementing an environmental management system. This commitment includes three basic policy statements:

Continuous improvement in environmental performance

Compliance with environmental regulations

Maintaining public relations regarding environmental issues of the organization, its activities, products and services.

The central focus of the policy should be a commitment to continuous improvement. This

means improvement in the EMS itself and a decrease in environmental impacts caused by an organization’s activities, products and services. It is important for businesses to show improvement over time, both in environmental performance and in organizational commitment to this path.

A commitment to comply with at least local environmental regulations is a minimum

requirement for all of the environmental standards. However, multinationals operating in various environments and facing different laws in each, should think about which laws to abide by and if it is feasible to adopt the same standard worldwide. Generally, laws in newly industrializing countries are lax as compared to industrialized countries. However, given the increase in interest in environmental issues in these industrializing countries and the possible impact of the ISO 14000 series, it may be sound practice to adopt the more stringent laws in worldwide operations, where it is feasible to do so. In addition, the adoption of high standards worldwide can yield other benefits, such as an improved public image or easier technology transfer between different sites.

Companies should guard against going overboard in fulfilling environmental policies. Limits

are in fact set on how far a company has to go to reduce its environmental impacts. Reductions do not have to exceed levels which can be achieved by economically viable application of the best available technology (BAT).

 1. Organization Evaluation

  a. Environmental Management Systems (ISO 14001, 14004)

  b. Environmental Performance Evaluation (ISO 14014, 14015, 14031)

The ISO 14000 series of standards has

received widespread attention, and, like ISO 9000, it is becoming a requirementfor domestic and global organizations.

This document is intended to provide a

baseline understanding of the ISO 14000 standards and to discuss the current status of this important standard.

The International Organization for Geneva, Switzerland, is composed of 92 European Union (EU) to establish universal quality standards. Over time, ISO

Standardization (IOS), headquartered in member countries. Adherance to standards developed by the IOS is voluntary. However, countries and industries may adopt the IOS standards. Until approximately 15 years ago, IOS focused on traditional standards-setting activities. In 1987, IOS published the ISO 9000 series standards that were used with the 9000 became recognized as a positive indicator of quality and a prerequisite to establishing/maintaining business relationships within and outside the European Union.

In the United States, both the American

National Standards Institute and the American Society of Quality Control are privately funded organizations that have adopted ISO 9000, Quality Management, and the ISO 14000 standards.

ISO 14000 is the generic title given to 14040, ISO 14041, and ISO14050 have

the 14000 series of standards. ISO 14001, ISO 14004, ISO 14010, ISO 14011, ISO 14012, ISO 14020, ISO been published as international standards. The ISO 14000 series of standards consists of the following 18 subjects that can be grouped under two major headings:

14001 Specification with Guidance for Use

At the current time, the ISO 14000 as International Standards are referred to

Standards that have not been published as Draft International Standards (DIS). Most DIS are in the final review period before publication. If a particular standard is of interest and is not final, a copy of the DIS may be available for review.

The 1990s have indeed been a period of change. This has seen a change from a perspective that longer viewed as something that is primarily done for publicity sake or to avoid prosecution. Rather it is recent emergence of the ISO 14000 environmental standard. There are several features that make this 

emphasized trade-offs (you can have only one of the following ? shorter lead times, lower costs or higher quality) to a paradigm that stresses simultaneity (you can simultaneously achieve lower costs and higher quality and shorter lead times). This has also become a period when more and more managers are expected to become increasingly environmentally conscious. Being environmentally responsible is no seen as a matter of good business. An indication of the increasing importance of the environment is the new standard noteworthy. First, it builds on the success of ISO 9000, and its variants (e.g., QS 9000). Second, ISO 14000 is an international standard. It is hoped that it will replace the numerous and often conflicting standards found in various countries. Third, ISO 14000 shifts attention from the outcome (reduced pollution) to processes. However, being a new standard, the introduction of ISO 14000 has raised a number of questions, namely:

ISO 14001 Section 4.5.4, Environmental Management System Audits, requires that organizations establish and maintain programs and procedures to conduct periodic EMS audits. The EMS audits must determine if the EMS:

• is properly implemented and maintained

• conforms to the planned arrangements

• meets the requirements of the ISO 14001 standard.

ISO 14001 Section 4.5.4 requires the programs and procedures to define:

• audit scope

• audit frequency

• audit methodologies

• responsibilities and requirements for conducting audit

• communication of the audit results.

ISO 14001 has the potential to reframe the conduct of environmental management. It has proven to be an elegant document that anticipates the needs of organizations of all sizes and purposes for direction on environmental management. 

 As ISO 14001 gains credibility as an effective system for managing and improving environmental performance, environmental regulators will be encouraged to accept registration to ISO 14001 in satisfaction of some regulatory administrative requirements and, thus, reduce the burden of compliance for those organizations that are managing their environmental exposures.

 Ultimately, the greatest strides in environmental performance improvement and sustainability will come as a consequence of millions of organizations  – municipalities, colleges and universities, governmental departments, and property owners and operators as well as industrial corporations – identifying and managing the environmental impacts of their activities, services, and products.

ISO 14001 Registration

 A registration system has grown up around the implementation of the ISO 9000 quality management documents and has formed the basis for a similar system of registration to ISO 14001. At this writing, ISO 14001 is the only specification_ document of the ISO 14000 series and the only standard that is intended to be auditable; all of the other standards are, or will be, guidance documents. 

 Registrars  –  Globally, there are 40  – 50 or more organizations established to register organizations to ISO 14001. These registration organizations are accredited by the standards bodies in, for the most part, major industrial nations that have adopted ISO 14001 as  their country’s EMS standard. In the U.S., for example, the body that accredits registrars is the ANSI-ASQ National Accreditation Board (ANAB). ANAB passes on the credentials of registrars to register organizations to ISO 14001. 

 ISO 14001 Audits

 First-,  second-, or third-party auditors can assess an organization’s conformity to the requirements of the standard.  First-party Audits –  In the first-party circumstance, the internal auditors of the implementing organization conduct an audit to determine that the EMS has been properly implemented and is being maintained. If the organization passes the internal audit, it may self declare_ its conformity to ISO 14001.

 Second-party Audits – In the second-party circumstance, the audit is conducted by a representative of a party interested in the environmental performance of the implementing organization. The interested party_ may be a customer, an environmental regulator, an insurance company, or any other organization affected by the environmental performance of the implementing organization. The second-party audit can be a condition of doing business with the auditor’s organization.

 Third-party Audits –  In the third-party circumstance, an external EMS auditor conducts an audit, usually at the request of the implementing organization, to determine if the organization conforms to the requirements of ISO 14001. The third-party audit is most often for the purpose of certifying_ that the organization is in conformity with the requirements of ISO 14001.

Typically, when a registration is awarded, it is for a period of three years with a provision for the periodic conduct of surveillance_ audits to ensure continuing conformity.

 A principal benefit of the third-party audit is that it compels organizations to continually maintain the EMS in order to pass the follow-up surveillance audits; without this, there might be slippage in the maintenance of ISO 14001.

 It is not a requirement of implementing ISO 14001 that organizations have a registration audit conducted; this is a decision made by each organization based upon its determination of the commercial value or necessity of certifying. When an ISO 14001 EMS is intended to be audited, 

the requirements must be implemented and documented sufficiently for an auditor/registrar  to be

able to conduct the audit based on the finding of  objective evidence that the organization has implemented an EMS conforming to ISO 14001. 

 Establishing objective evidence requires a higher level of documentation and record keeping than is required for mere implementation of ISO 14001. The implementation of ISO 14001 is a simpler task for the organization when it is only seeking to implement the policy and sixteen procedures than when it is implementing with the intention or expectation of being audited.

Implementation of ISO 9000 affects the entire organization right from the start. If pursued with total dedication, it results in ‘cultural transition’ to an atmosphere of continuous improvement.
The process of implementing ISO 9000 depends on:
???? The sophistication of your existing quality program,
???? The size of your organization, and
???? The complexity of your process.
The 14 essential steps, briefly described below, are to be followed through in order to implement ISO 9000 quality management  system successfully.
Step 1: Top management commitment
Step 2: Establish implementation team
Step 3. Start ISO 9000 awareness programs
Step 4: Provide Training
Step 5. Conduct initial status survey
Step 6: Create a documented implementation plan
Step 7. Develop quality management system documentation
Step 8: Document control
Step 9. Implementation
Step 10. Internal quality audit
Step 11. Management review
Step 12. Pre-assessment audit
Step 13. Certification and registration
Step 14: Continual Improvement
Step 1: Top Management Commitment
The top management (managing director or chief executive) should demonstrate a commitment and a determination to implement an ISO 9000 quality management system in the organization. Without top management commitment, no quality initiative can succeed. Top management must be convinced that registration and certification will enable the organization to demonstrate to its customers a visible commitment to quality. It should realize that a quality management system would improve overall
business efficiency by elimination of wasteful duplication in management system.
The top management should provide evidence of its commitment to the development and implementation of the quality management system and continually improve its effectiveness by:
a. Communicating to the organization the importance of meeting customer as well as statutory and regulatory requirements,
b. Defining the organization’s quality policy and make this known to every employee,
c. Ensuring that quality objectives are established at all levels and functions,
d. Ensuring the availability of resources required for the development and
implementation of the quality management system,
e. Appointing a management representative to coordinate quality management system activities, and Conducting management review.
The top management should also consider actions such as:
1.  Leading the organization by example,
2. Participating in improvement projects,
3. Creating an environment that encourages the involvement of people.
This type of top management commitment may be driven by:
1. Direct marketplace pressure: requirements of crucial customers or parent
conglomerates.
2. Indirect marketplace pressure: increased quality levels and visibility among competitors.
3. Growth ambitions: desire to exploit market opportunities.
4. Personal belief in the value of quality as a goal and quality management systems as a means of reaching that goal.
The top management should identify the goals to be achieved through the quality management system. Typical goals may be:
• Be more efficient and profitable
• Produce products and services that consistently meet customers’ needs and
expectations
• Achieve customers satisfaction
• Increase market share
• Improve communications and morale in the organization
• Reduce costs and liabilities
• Increase confidence in the production system
Step 2. Establish Implementation Team
ISO 9000 is implemented by people. The first phase of implementation calls for the commitment of top management – the CEO and perhaps a handful of other key people.
The next step is to establish implementation team and appoint a Management
Representative (MR) as its coordinator to plan and oversee implementation. Its members should include representatives of all functions of the organization -
Marketing, Design and development, Planning, Production, Quality control, etc.
In the context of the standard, the MR is the person within the Organization who acts as interface between organization management and the ISO 9000 registrar. His role is, in fact, much broader than that. The MR should also act as the organization’s “quality management system champion,” and must be a person with:

1. Total backing from the CEO,
2. Genuine and passionate commitment to quality in general and the ISO 9000 quality
management system in particular,
3. The dignity – resulting from rank, seniority, or both – to influence managers and others of all levels and functions,
4. Detailed knowledge of quality methods in general and ISO 9000 in particular.
The members of the implementation team should also be trained on ISO 9000 quality management systems by a professional training organization.

Step 3. Start ISO 9000 Awareness Programs
ISO 9000 awareness programs should be conducted to communicate to the
employees the aim of the ISO 9000 quality management system; the advantage it offers to employees, customers and the organization; how it will work; and their roles and responsibilities within the system. Suppliers of materials and components should also participate in these programs.
The awareness program should emphasize the benefits that the organization expects to realize through its ISO 9000 quality management system. The program should also stress the higher levels of participation and self-direction that the quality management system renders to employees. Such a focus will go far to enlist employee support and commitment.
The programs could be run either by the implementation team or by experts hired to talk to different levels of employees.
Step 4. Provide Training
Since the ISO 9000 quality management system affects all the areas and all personnel in the organization, training programs should be structured for different categories of employees – senior managers, middle-level managers, supervisors and workers. The ISO 9000 implementation plan should make provision for this training. The training should cover the basic concepts of quality management systems and the standard and their overall impact on the strategic goals of the organization, the changed processes, and the likely work culture implications of the system. In addition, initial training may
also be necessary on writing quality manuals, procedures and work instruction; auditing principles; techniques of laboratory management; calibration; testing procedures, etc.
When in-house capacity to carry out such training is not available, it may be necessary to participate in external training courses run by professional training organizations.
Alternatively, an external training institution could be invited to conduct in-house training courses.

Step 5. Conduct Initial Status Survey
ISO 9000 does not require duplication of effort or redundant system. The goal of ISO 9000 is to create a quality management system that conforms to the standard. This does not preclude incorporating, adapting, and adding onto quality programs already in place. So the next step in the  implementation process is to compare the organization’s existing quality management system, if there is one — with the requirements of the
standard (ISO 9001:2008).
For this purpose, an organization flow chart showing how information actually flows (not what should be done) from order placement by the customer to delivery to this customer should be drawn up. From this over-all flow chart, a flow chart of activities in each department should be prepared.
With the aid of the flow charts, a record of existing quality management system should be established. A significant number of written procedures may already be in place.
Unless they are very much out of date, these documents should not be discarded.
Rather, they should be incorporated into the new quality management system.
Documents requiring modification or elaboration should be identified and listed. This
exercise is some times referred to as ” gap analysis”. During these review processes,
wide consultation with executives and representatives of various unions and
associations within the organization is required to enlist their active cooperation.
In the review process, documents should be collected, studied and registered for further use, possibly after they have been revised. Before developing new quality management system documentation, you need to consider with which quality requirements or department you should start. The best is to select an area where processes are fairly well organized, running effectively and functioning satisfactorily.
The basic approach is to determine and record how a process is currently carried out.
We can do this by identifying the people involved and obtaining information from them during individual interviews. Unfortunately, it often happens that different people will give different, contradicting versions of a process. Each one may refer to oral instructions that are not accurate or clear. This is why the facts are often not described correctly the first time around, and have to be revised several times.
Once it has been agreed how to describe the current process, this process has to be adapted, supplemented and implemented according to the requirements of the quality standard (ISO 9001:2008). This requires organizational arrangements, the drawing up of additional documents and possible removal of existing documentation (e.g. procedures, inspection/test plans, inspection/test instructions) and records (e.g.
inspection/test reports, inspection/test certificates).
In introducing a quality management system, the emphasis is on the improvement of the existing processes or the re-organization of processes.
In general, the steps to follow are the following:
Ascertain and establish the following:
What is the present operation/process? What already exists?

Analyze the relevant sections of the quality standard – ISO 9001:2000:
What is actually required?
 If necessary, supplement and change operational arrangements in accordance with the standard, develop documents and records, and describe operations/processes:
What is the desired operation/process?
Figure 1: Steps in introducing a quality management system
The above gap analysis can be done internally, if the knowledge level is there. Or a
formal pre-assessment can be obtained from any one of a large number of ISO 9000
consulting, implementing, and registration firms.
Step 6. Create a Documented Implementation Plan
Once the organization has obtained a clear picture of how its quality management system compares with the ISO 9001:2008 standard, all non-conformances must be addressed with a documented implementation plan. Usually, the plan calls for identifying and describing processes to make the organization’s quality management system fully in compliance with the standard.
The implementation plan should be thorough and specific, detailing:
???? Quality documentation to be developed
???? Objective of the system
???? Pertinent ISO 9001:2008 section
???? Person or team responsible
???? Approval required
???? Training required
???? Resources required
???? Estimated completion date
These elements should be organized into a detailed chart, to be reviewed and
approved. The plan should define the responsibilities of different departments and personnel and set target dates for the completion of activities. Once approved, the Management Representative should control, review and update the plan as the implementation process proceeds.
Typical implementation action plan is shown in Figure 2. Use ISO 10005:1995 for guidance in quality planning

Step 7. Develop Quality Management System Documentation
Documentation is the most common area of non-conformance among organizations wishing to implement ISO 9000 quality management systems. As one company pointed out: “When we started our implementation, we found that documentation was inadequate. Even absent, in some areas. Take calibration. Obviously it’s necessary, and obviously we do it, but it wasn’t being documented. Another area was inspection and testing. We inspect and test practically every item that leaves here, but our documentation was inadequate”.
Documentation of the quality management system should include:
???? Documented statements of a quality policy and quality objectives,
???? A quality manual,
???? Documented procedures and records required by the standard ISO 9001:2008, and
???? Documents needed by the organization to ensure the effective planning, operation and control of its processes.
Quality documentation is generally prepared in the three levels indicated in the box that follows. Use ISO 10013:1995 for guidance in quality documentation.

In small companies, the above levels of documentation could be presented in one manual; otherwise, separate manuals should be prepared.
A list of the documents to be prepared should be drawn up and the responsibility for writing the documents should be assigned to the persons concerned in various functional departments. They should be advised to prepare the drafts within a specific time frame.
Step 8: Document Control
Once the necessary quality management system documentation has been generated, a documented system must be created to control it. Control is simply a means of managing the creation, approval, distribution, revision, storage, and disposal of the various types of documentation. Document control systems should be as simple and as easy to operate as possible — sufficient to meet ISO 9001:2008 requirements and that is all.
Document control should include:
???? Approval for adequacy by authorized person (s) before issue,
???? Review, updating and re-approval of documents by authorized person (s),
???? Identification of changes and of the revision status of documents,
???? Availability of relevant versions of documents at points of use,
???? Identification and control of documents of external origin,
???? Assurance of legibility and identifability of documents, and
???? Prevention of unintended use of obsolete documents.
The principle of ISO 9000 document control is that employees should have access to the documentation and records needed to fulfil their responsibilities.
Step 9. Implementation
It is good practice to implement the quality management system being documented as the documentation is developed, although this may be more effective in larger firms. In smaller companies, the quality management system is often implemented all at once throughout the organization. Where phased implementation takes place, the effectiveness of the system in selected areas can be evaluated.
It would be a good idea initially to evaluate areas where the chances of a positive evaluation are high, to maintain the confidence of both management and staff in the merits of implementing the quality management system.
The implementation progress should be monitored to ensure that the quality
management system is effective and conforms to the standard. These activities include internal quality audit, formal corrective action and management review.
Step 10. Internal Quality Audit
As the system is being installed, its effectiveness should be checked by regular internal quality audits. Internal quality audits are conducted to verify that the installed quality management system:

???? Conform to the planned arrangements, to the requirements of the standard (ISO 9001:2008) and to the quality management system requirements established by your organization, and
???? Is effectively implemented and maintained.
Even after the system stabilizes and starts functioning, internal audits should be planned and performed as part of an ongoing strategy.
A few staff members should be trained to carry out internal auditing. Use ISO 19011 for guidance in auditing, auditor qualification and programmes.
Step 11. Management Review
When the installed quality management system has been operating for three to six months, an internal audit and management review should be conducted and corrective actions implemented. The management reviews are conducted to ensure the continuing suitability, adequacy and effectiveness of the quality management system.????
The review should include assessing opportunities for improvement and the need for changes to the quality management system, including the quality policy and quality objectives.
The input to management review should include information on:
???? Results of audits,
???? Customer feed back,
???? Process performance and product conformity,
???? Status of preventive and corrective actions,
???? Follow-up actions from previous management reviews,
???? Changes that could affect the quality management system, and
???? Recommendations for improvements.
Management reviews should also address the pitfalls to effective implementation, including lack of CEO commitment, failure to involve everyone in the process, and failure to monitor progress and enforce deadlines.
Step 12. Pre-assessment Audit
When system deficiencies are no longer visible, it is normally time to apply for certification. However, before doing so, a pre-assessment audit should be arranged with an independent and qualified auditor. Sometimes certification bodies provide this service for a nominal charge. The pre-assessment audit would provide a degree of confidence for formally going ahead with an application for certification.
Step 13. Certification and Registration
Once the quality management system has been in operation for a few months and has stabilized, a formal application for certification could be made to a selected certification agency. The certification agency first carries out an audit of the documents (referred to as an “adequacy audit”). If the documents conform to the requirements of the quality standard, then on-site audit is carried out. If the certification body finds the system to be working satisfactorily, it awards the organization a certificate, generally
for a period of three years. During this three-year period, it will carry out periodic surveillance audits to ensure that the system is continuing to operate satisfactorily.
Step 14: Continual Improvement
Certification to ISO 9000 should not be an end. You should continually seek to improve the effectiveness and suitability of the quality management system through the use of:
???? Quality policy
???? Quality objectives
???? Audit results
???? Analysis of data
???? Corrective and preventive actions
???? Management review
ISO 9004:2008 provides a methodology for continual improvement.

ISO 14001 Section 4.4.4, EMS Documentation, requires that organizations “. . . establish and maintain information, in paper or electronic form, to: 1. describe the core elements of the management system and their interaction; 2. provide direction to related documentation.” 

ISO 14001 Section 4.4.5, Document Control, requires that organizations establish and maintain procedures to control all documents required by ISO 14001. The purpose of these document control procedures is to ensure that organizations create and maintain documents sufficient to implementing an EMS.

The procedure must ensure that:

• EMS documents can be located

• EMS documents are legible, dated (with dates of revisions) and readily identifiable

• EMS documents are maintained in an orderly manner and retained for a specified period

• EMS documents are periodically reviewed, revised as necessary, and approved for adequacy by authorized personnel

• The current versions of relevant documents are available at all locations where they are necessary

• Obsolete documents are promptly removed from all distribution points

• Any obsolete documents retained for legal and/or knowledge preservation purposes must be identified as such.  

ISO 14001 Section 4.3.5 also requires that organizations establish procedures and designate responsibilities and

authority regarding the creation and modification of EMS documents.