your questions answered by ASQ's expert network
Question
Do EHS procedure have to be managed under ISO 9001:2008 if the company is not ISO 14001 certified?
Answer
It depends – are the EHS procedures part of the QMS of the organization. If so, yes. Otherwise no.
Here’s more information about ISO 14001.
Q: In a food manufacturing company, with certifications to ISO 22000:2005 Food safety management systems — Requirements for any organization in the food chain as well as ISO 14001-2004: Environmental management systems – Requirements with guidance for use, the certification to ISO 22000 allows the company to operate with exemption from the Food Act. The exemption from Food Act determines that the organization has a permit to use its physical premises to indulge in industrial activity involving consumable food products.
Now, this permit is issued with certain conditions — e.g., regular updates to the issuing authority regarding changes to to the food safety plan. We view this requirement as a legal requirement.
My question is, would we use the legal register developed as part of ISO 14000 as the tool to manage the compliance to the above legal requirements? Doubt arises because the legal requirement addresses a condition imposed by the food safety system, but at the same time, if it is not complied with we could lose our license to operate (which I could interpret as an environmental aspect…license to exist).
Could someone kindly advise what they would consider to be a logical option?
Response from Susan Briggs:
A: I am not a food safety expert, so I cannot give an opinion on whether or not using a register/process established for environmental regulations can be used for tracking food safety regulatory requirements. But from the ISO 14001 perspective, and my professional opinion, the answer is “of course!.”
The intent of management system standards — certainly all of the ones I have worked with– is to integrate the processes that are required by a standard (whether it be ISO 14001, ISO 22000, etc.) into the company’s business management process (i.e., a single process that is used to track all of the company’s legal obligations…environment, safety, finance, food safety, etc.), not to create stove piped processes (i.e., separate processes/systems for tracking depending on the nature of the regulation).
Susan Briggs
Director of Environment, Health and Safety, Textron Systems
Wilmington, MA
Chair, U.S. TAG to ISO/TC 207 on Environmental Management Systems
Response from John Surak:
A: I am not sure what is meant by the term “exemption from the Food Act.” ISO 22000 requires that the organization meet all of the legal requirements of the country in which the site is located. In addition, if the organization is exporting food, they must meet all of the legal requirements of the target company. ISO 22000 was developed to be compatible with the other ISO management system standards. Therefore, it is fully permissible to develop an integrated management system as long as the management system meets the requirements of each standard and regulatory requirements. I personally support the development of an integrated management system. Sue conveyed this thought very well in her response.
Just one additional note, if the organization’s customers expect that the organization has a food safety management system that meets the requirements of Global Food Safety Initiative (GFSI), then the organization should seek registration to FSSC 22000 rather than ISO 22000. FSSC 22000 is a food safety audit scheme that utilizes ISO 22000 and ISO 22002-1.
John G. Surak, PhD
Surak and Associates
Clemson, SC
A member of Stratecon International Consultants
http://www.stratecon-intl.com/jsurak.html
For more on this topic, please visit ASQ’s website.
Q: Based on Section 4.3.1 of ISO 14001-2004: Environmental management systems – Requirements with guidance for use, would an organization control, or be expected to influence, environmental aspects in the following situations:
Clarification of Intent:
A: Clause 4.3.1 of ISO 14001:2004 requires an organization to identify the environmental aspects of its activities, products and services within the defined scope of its environmental management system (EMS) “that it can control and those that it can influence.” This differs from the 1996 standard which used the phrase “that it can control and over which it can be expected to have an influence.”
The revised language removes one ambiguity in the 1996 version – some users incorrectly interpreted this phrase to imply that views of someone outside the organization must be considered when determining the environmental aspects the organization might influence. The intent of the new phrase in Clause 4.3.1 is to make it clear that the organization makes that determination.
Furthermore, as in the 1996 standard, the organization is obligated to identify environmental aspects only for those activities, products and services that are within its EMS scope, which again is decided by the organization (see Clause 4.1). Of these environmental aspects, the organization must decide which it can control and which are not within its control. For those of its environmental aspects that it cannot control, the organization must decide if it can exercise influence over them
The Standard does not define criteria that an organization must use to determine its control of or influence over environmental aspects. It is up to the organization to make that determination, on a case by case basis, considering its own unique factors, such as its governance structure, legal or contractual authority, its policies, local or regional issues, its obligations and responsibilities to interested parties, technological issues and implications on its own environmental performance. What might be appropriate for one organization might not be appropriate for others. It is important to note that it is possible for two different organizations or two different organizational units to control or influence the “same” environmental aspect.
In summary, an organization is only responsible for managing its own environmental aspects (those arising from activities, products, and services within its EMS scope) and only those aspects which it can control or which it can influence.
Regarding the three situations posed in the question:
1) Determining “control and influence” within a corporation or other hierarchical organization. For purposes of identifying environmental aspects, the scope of the EMS is the key. It delineates the activities, products, and services from which environmental aspects might arise and for which the organization needs to consider its control or influence.
If the EMS scope is restricted to corporate headquarters, the issue of control or influence pertains to the environmental aspects arising from headquarters’ activities, products and services. It may be that some environmental aspects are not within corporate headquarters control, but instead are controlled by an operating facility. In this case, corporate headquarters must consider whether it can influence those aspects that are within its scope and yet controlled by the operating facility.
If the EMS scope is restricted to one operating facility, the issue of control or influence pertains to that operating facility. It may determine that some environmental aspects are not within the operating facility’s control, i.e., certain aspects may be controlled by another operating unit (such as headquarters or an engineering department). The operating facility must consider whether it can influence those aspects that are within its EMS scope and yet controlled by another unit.
If the EMS scope includes both headquarters and the operating facilities, both headquarters and operating facilities need to consider their collective control or influence over the aspects within the scope of the EMS.
2) Determining “control and influence” with regard to contractors and suppliers. An organization is not responsible for the environmental aspects of its contractors or suppliers; it is responsible only for its own environmental aspects. An organization may have environmental aspects associated with activities within its own EMS scope which are performed by contractors, or environmental aspects arising from materials or services purchased from suppliers. For such aspects, the organization must consider what control it might have, e.g. through contracts, and what influence it might have, e.g. through purchasing power.
3) Determining “control and influence” for a regulatory agency. When a regulatory agency identifies environmental aspects associated with its activities, products, and services, it must consider the same issues as other organizations; that is, it must determine the extent of control or influence it has over the identified aspects. It is clear that such an agency may influence or even be perceived to control some environmental aspects associated with organizations that it regulates. The important point is defining the regulatory agency’s environmental aspects that arise from the activities (e.g., setting water quality standards), products (e.g., discharge permits), and services (e.g., inspection) within its EMS scope. Deciding which aspects are under the agency’s control or influence follows the same logic as for other organizations.
U.S. Technical Advisory Group (TAG) 207 Task Group on Interpretations
– – – – – – – – – – –
What are clarifications of intent?
The ISO 14001:2004 standard on environmental management systems has been negotiated over a period of years, with language carefully chosen to reflect delicate compromises and flexibility in their use and application.
Recognizing that questions of intent may arise from time to time in various settings, the U.S. TAG responds to questions regarding clarification of the ISO 14001 requirements. These responses reflect U.S. SubTAG 1’s understanding of the requirements as intended during its drafting. Responses are prepared by the SubTAG 1 Clarification of Intent Drafting Group, which consists of the Administrator, the U.S. SubTAG 1 Working Group experts and others who participated in the drafting of the ISO 14001 and 14004 standards. Responses are developed based on the group’s consensus understanding of the intent of the SC1 Working Group members who drafted the standard.
For more on this topic, please visit ASQ’s website.
Q: I have a few questions about integrating standards for one of the experts:
1) Will registrars (in addition to BSI, who wrote it) accept a documented quality management system organized around the framework suggested in PAS 99:2006 – Specification of common management system requirements as a framework for integration, given there is adequate audit evidence that the requirements of both of the integrated standards have been addressed and have been implemented?
2) Is PAS 99 only for ISO-related standards, e.g., ISO 9001:2008 Quality management systems–Requirements and ISO 14001-2004: Environmental management systems – Requirements with guidance for use, or can other combinations be made – e.g., ISO 9001 and American Institute of Steel Construction-Bridge and Highway AISCQC028?
AISCQC028 is not an ISO or ISO sector-specific standard, although the framework and structure is very similar. The AISC has its own certification body (registrar) and would insist that their auditors conduct a certification audit even though an organization has been previously ISO registered. AISC does not object to an integrated system that integrates/combines ISO 9001 with one of their certification standards as long as AISC certification requirements have been addressed.
The integration of ISO 9001 and 14001 is becoming common place and I’m fairly certain that PAS 99 is an acceptable format in those cases. I’m more interested in other industry standards and requirements not generally considered ISO-related that are being demanded by certain customer segments and integrating them in a system that must also be acceptable to ISO registrars because of other customer segments who are demanding ISO registration by their suppliers.
A: This is an excellent, and timely, question.
More and more organizations are developing integrated management systems based on multiple specification standards – such as ISO 9001, ISO 14001 and OHSAS 18001. In addition, there are more and more management system standards being developed. This includes both ISO standards and non-ISO standards – such as OHSAS 18001, Responsible Recycling (R2) and, based on your question, AISCQC028.
It is not even clear how many different management system specification standards there are. What one individual considers a guidance document; someone else insists is a specification standard suitable for certification.
So when you are developing documentation for an integrated management system, how should it be organized?
There are several options:
• One option is to choose one of the standards as the primary high-level structure – say, ISO 9001:2008 – and address the requirements of the other standards within that structure.
• PAS 99:2006 offers a different option for a high-level framework for organizing the management system documentation for an integrated management system. (As you correctly point out in your question, PAS 99 cannot be used as a replacement specification standard for any of the discipline-specific management system standards.)
• Another option is to establish a high-level structure that makes sense for your organization.
There is no required framework for organizing management system documentation. You can use whichever overall structure and numbering scheme works for your organization.
ISO has recognized that having different high-level structures for its various management system standards may be problematic for organizations that are implementing integrated management systems that are intended to meet the requirements of multiple specification standards. As a result, in February 2012, the ISO Technical Management Board (TMB) approved a guide for ISO standard writers that specifies a common structure and definitions to be used for all new and future revisions of ISO management system standards. This was circulated as ISO Guide 83. This action by ISO highlights the primary issue with using PAS 99:2006. It is out-of-date.
First, the normative references listed in PAS 99:2006 are not the current versions for some of the standards (notably ISO 9001 and OHSAS 18001). Second, the high-level structure set out in PAS 99:2006 is not consistent with the common structure recently approved by ISO.
The key to establishing an integrated management is NOT the use of a particular organizing framework or high-level structure. How you organize your management system documentation needs to fit the needs of your organization – not the desires of a particular registration auditor.
What is important is being able to clearly explain how your management system meets the requirements of each of the specification standards to which you want to become certified. This requires clearly written documentation that defines the links to the requirements you are addressing within your management system. It may also require discussion with your registrar and/or the use of reference tables – similar to those set out in the Annexes of ISO 9001, ISO 14001, OHSAS 18001 – and PAS 99:2006.
Thea Dunmire, JD, CIH, CSP
ENLAR Compliance Services, Inc.
Thea’s Blogs:
http://www.OHSAS18001expert.com
http://www.managementsystemexpert.com