OHSAS 18001 and ISO 9001 Work Environment Requirements

Workplace safety, OHSAS 18001, work environments

Q: We had the opportunity to get the certification for OHSAS 18001:2007 Occupational health and safety management systems — Requirements. While looking at the clause interaction between ISO 9001 Quality management systems–Requirements and OHSAS 18001 given at the end of the standard, I did not find any interaction between the standards for clause 6.4 work environment in ISO 9001.

Am I missing anything or is there any reason for it?

A: I am a U.S. Technical Expert for ISO 9001 and associated  quality management system (QMS) standards and have been involved with QMS standards since 1975.

In my opinion, the answer to your question is that the developers of OHSAS 18001:2007 did not feel that ISO 9001 clause 6.4 related to 18001. This, incidentally, I find puzzling.

The requirement in ISO 9001:2008 Quality management systems–Requirements clause 6.4 reads: The organization shall determine and manage the work environment needed to achieve conformity to product requirements.

In other words, you should make sure that your employees have an adequate work environment for producing your products. They should have adequate room temperature, lighting, and etc.

The 2005 report: Integrated Management Systems (IMS) – Potential Safety Benefits Achievable from Integrated Management of Safety, Health, Environment and Quality (SHE&Q) from Environment Directorate, Organisation For Economic Cooperation And Development, Paris, includes the following which might be of interest to you:

“OHSAS 18001 and National Standards

During drafting of the original BS 8800 a major division of opinion arose as to whether or not independent assessment and certification of an organisation’s OSHMS should be encouraged, as for QMS and EMS.  Some viewed such certificates as valuable, particularly in the context of effective supply chain management, others believed that existing certification processes: added minimal value, required excessive resources and resulted in unused manuals – so new certification processes should be resisted.  It proved impossible to reconcile these views within BS8800, which was structured and published as a non-certifiable standard.

As a result, an international consortium of certification bodies, including the commercial arm of BSI, produced the OHSAS 18001 specification in 1999, followed by implementation guidelines OHSAS 18002 in 2000.  Neither document is an official British Standard, but OHSAS 18001 either is, or is likely to become, a national standard in other countries, notably in Pacific Rim.  A recent survey by BSI identified that over 8000 OSHMS certificates have been issued in 70 countries, to many different standards and guidance, and that some 46% are to OHSAS 18001.

With the revision of BS 8800, from which it is derived, it might be presumed that OHSAS would be updated automatically.  A review is indeed planned, but the decision on when to publish a revision will take into account other factors, including the needs of current new users to have time to ‘bed down’ their internal processes before revising them to meet an improved standard.  When a revision is agreed, it is likely to include some alignment with other high-quality national standards such as AUS/NZ 4801, to aid recognition as a truly global standard.

A new US standard was published in 2005: ANSI/AIHA Z10 – Occupational Health and Safety Systems.  The format includes both a standard and associated guidance, but is not intended as a basis for certification.  It is fully compatible with ISO 9001/14001 and takes account of the other national/global OSHMS documents outlined in this section.”

OHSAS 18001:2007 is not an ISO standard. It appears to be simply an update of OHSAS 18001:2000. Its development was driven by the British Standards Institute which publishes the standard and profits directly from its distribution and sales.

Part of the answer to your question is to evaluate for yourself:

1) Why did you go to the expense to be certified to 18001:2007 and who were the customers that you were satisfying by doing this?

2) What is the expectation of these customers?

From a practical standpoint, consider embracing the concept in ISO 9001 clause 6.4. I would expect that providing your employees adequate conditions for producing products can only improve your product offerings and help to enhance customer satisfaction.

Joe Tsiakals
Voting member of the U.S. TAG to ISO/TC 176 (ASQ)
Voting member of the U.S. TAG to ISO/TC 210 (AAMI)

ISO 9001 Management Representative and Reporting Structure

Inspection, Management, Management Representative

Q: Please define the preferred method of meeting the requirements of the management representative in regards to clause 5.5.2.b in ISO 9001:2008 Quality management systems–Requirements.

My organization has reorganized, and I find the role of management representative somewhat detached. I work for a military organization that would like this role to be several layers below the base captain vs. the open door policy for the management representative used by previous commands. Should the management representative have direct access to the top?

A: There is no defined or preferred method for addressing the reporting arrangement for the management representative to top management. Your organization defines and deploys the approach that is workable for the management representative to report to top management.

Charlie Cianfrani
Consulting Engineer
Green Lane Quality Management Services
Green Lane, PA
ASQ Fellow; ASQ CQE, CRE, CQA, RABQSA Certified QMS-Auditor (Q3558)
ASQ Quality Press Author

For more information about management representatives, view the information here.

ISO 9001 Clause 7.4.1, Supplier Control

Mr. Pareto Head and Supply Chain comic strip

Q: My interpretation of  ISO 9001:2008 Quality management systems–Requirements regarding supplier control as addressed in clause 7.4.1 Purchasing process is that suppliers who would require evaluation, selection and registry, would be those who supply products (or services) which affect subsequent product realization, or the final product.

Excellent examples for our organization would be vendors providing raw material, tool/dies, surface preparation or calibration services.

I also believe that the “extent of control” exercised by the organization, could, in fact, mean that certain suppliers are not controlled (evaluated, selected and registered), due to their lack of impact on product realization.

Good examples here would be stationery or sanitation supplies.

After conferring with several colleagues, we are all puzzled to see freight companies (UPS, FedEx) included as controlled suppliers and nonconformance reports written for failure to comply with the standard if they are not included on our approved suppliers list.

I understand the standard is written to provide a framework, and not examples, however I find this interpretation to be too broad for the intended purpose.

A: Thank you for contacting ASQ’s Ask the Experts program.  The intent of ISO 9001:2008, clause 7.4.1 is to ensure suppliers are selected based upon their ability to meet the organization’s requirements, which generally include quality and delivery of product or service intended for the customer.

As you mentioned, suppliers of office supplies such as paper, printer toner and etc. are not usually included on an approved suppliers list since they have zero impact on the organization’s ability to meet customer requirements.

However, some registrars may consider trucking firms or delivery services such as UPS and FedEx as suppliers of services that could impact an organization’s  ability to meet requirements, such as on time delivery and the delivery of product in an acceptable condition to the customer.

Most registrars welcome rebuttals from their clients regarding audit findings.  This could be an excellent opportunity for your company state its position to the registrar and to understand their rationale as to why they believe UPS and FedEx must be on the approved suppliers list.

The bottom line is that your registrar determines how its auditors interpret audit criteria such as clause 7.4.1.

If it is decided to add these companies to the approved supplier list, it should be a painless process since your company probably already has an established performance history for them.

I hope this helps!

Bill Aston
ASQ Senior Member
Managing Director of Aston Technical Consulting Services
Kingwood, TX
www.astontechconsult.com

Does ISO 9001 Clause 7 Apply to Processes?

Manufacturing, inspection, exclusions

Q: Does clause 7 Product Realization in ISO 9001:2008 Quality management systems–Requirements apply to the design and development of manufacturing processes?

We have four facilities that are ISO 9001 certified under one certificate. One location designs the product, and the other facilities manufacture it. In the “design facility” we follow the requirements of clause 7. In the manufacturing facilities, we currently do not apply clause 7 for the process of developing the manufacturing processes.

A: ISO 9001 clause 7.3 is applicable to the design and development characteristics of a product.

ISO 9001:2008 clause 7.1 (Planning of Product Realization) and its reference to clause 4.1 (General Requirements) is more specific to product planning to ensure that the product quality objectives and the processes/resources are available to produce a product that will meet defined quality requirements as specified during design and development in clause 7.3.

Clause 7.1 requires that the planning process include identification of the inter-related processes (i.e., monitoring, inspection, product quality objectives, testing, records of conformity needed to verify the product requirements have been achieved.

The bottom line:  the product characteristics, quality objectives and inter-related processes must be documented.  If this is not fully achieved in the design and development process (clause 7.3), it must be included in the product planning process (clause 7.1). Please see clause 4.1.

Please keep in mind that your company’s ISO registrar will require evidence of conformity (records/documentation) to verify the requirements of clauses 4.1, 7.1 and 7.3 have been met.

Bill Aston
ASQ Senior Member
Managing Director of Aston Technical Consulting Services
Kingwood, TX
www.astontechconsult.com

ISO 17025 Certified Facility

ISO/IEC 17025:2017 General requirements for the competence of testing and calibration laboratories

Q: We have a specification that states test reports shall be from an facility certified to ISO 9001:2008 Quality management systems–Requirements. Our test reports are from a facility certified to ISO/IEC 17025-2005: General requirements for the competence of testing and calibration laboratories.

Isn’t ISO 17025:2005 under the ISO 9001:2008 umbrella?

A: Your interpretation is, indeed, correct. Actually, for a testing lab, accreditation to ISO/IEC 17025 is superior to registration to ISO 9001! As you know, your accreditation agency actually observed your personnel performing tests. They had to demonstrate competency. This was in addition to the verification that you had a working management system in place (that’s why they call it accreditation and not registration. We won’t even get into the misuse of the word certification).

To make sure your customer gets the assurance they want, I recommend you contact your accreditation agency. Ask them for a letter that states this equivalency. That will probably blow your customer away – or at least amaze them! Unless you can show the text you provided to ASQ was from one of the ISO or ANSI standards-writing committees, as an official interpretation, it probably holds little weight.

Your customer is right to monitor your performance this way. Recent food safety issues, prominent in the news, have a common element to them — insufficient attention to supplier performance. Expect to see more of this as the manufacturers and distributors pay more attention to their supply chain. I expect you are or will be doing the same for your critical sub-suppliers. Remember too, there are many ways to monitor supplier performance. Registration/accreditation is one of the ways.

Dennis Arter
ASQ Fellow
The Audit Guy
Columbia Audit Resources
Kennewick, WA
http://auditguy.net

Framework to Integrate ISO Standards and Non-ISO Standards

Reviewing confidential files, training records, human resources files

Q: I have a few questions about integrating standards for one of the experts:

1) Will registrars (in addition to BSI, who wrote it) accept a documented quality management system organized around the framework suggested in PAS 99:2006 – Specification of common management system requirements as a framework for integration, given there is adequate audit evidence that the requirements of both of the integrated standards have been addressed and have been implemented?

2) Is PAS 99 only for ISO-related standards, e.g.,  ISO 9001:2008 Quality management systems–Requirements and  ISO 14001-2004: Environmental management systems – Requirements with guidance for use, or can other combinations be made – e.g., ISO 9001 and American Institute of Steel Construction-Bridge and Highway AISCQC028?

AISCQC028 is not an ISO or ISO sector-specific standard, although the framework and structure is very similar. The AISC has its own certification body (registrar) and would insist that their auditors conduct a certification audit even though an organization has been previously ISO registered. AISC does not object to an integrated system that integrates/combines ISO 9001 with one of their certification standards as long as AISC certification requirements have been addressed.

The integration of ISO 9001 and 14001 is becoming common place and I’m fairly certain that PAS 99 is an acceptable format in those cases. I’m more interested in other industry standards and requirements not generally considered ISO-related that are being demanded by certain customer segments and integrating them in a system that must also be acceptable to ISO registrars because of other customer segments who are demanding ISO registration by their suppliers.

A: This is an excellent, and timely, question.

More and more organizations are developing integrated management systems based on multiple specification standards – such as ISO 9001, ISO 14001 and OHSAS 18001.   In addition, there are more and more management system standards being developed.  This includes both ISO standards and non-ISO standards – such as OHSAS 18001, Responsible Recycling (R2) and, based on your question, AISCQC028.

It is not even clear how many different management system specification standards there are. What one individual considers a guidance document; someone else insists is a specification standard suitable for certification.

So when you are developing documentation for an integrated management system, how should it be organized?

There are several options:

•    One option is to choose one of the standards as the primary high-level structure – say, ISO 9001:2008 – and address the requirements of the other standards within that structure.

•    PAS 99:2006 offers a different option for a high-level framework for organizing the management system documentation for an integrated management system.  (As you correctly point out in your question, PAS 99 cannot be used as a replacement specification standard for any of the discipline-specific management system standards.)

•    Another option is to establish a high-level structure that makes sense for your organization.

There is no required framework for organizing management system documentation.  You can use whichever overall structure and numbering scheme works for your organization.

ISO has recognized that having different high-level structures for its various management system standards may be problematic for organizations that are implementing integrated management systems that are intended to meet the requirements of multiple specification standards.  As a result, in February 2012, the ISO Technical Management Board (TMB) approved a guide for ISO standard writers that specifies a common structure and definitions to be used for all new and future revisions of ISO management system standards.  This was circulated as ISO Guide 83. This action by ISO highlights the primary issue with using PAS 99:2006.  It is out-of-date.

First, the normative references listed in PAS 99:2006 are not the current versions for some of the standards (notably ISO 9001 and OHSAS 18001).  Second, the high-level structure set out in PAS 99:2006 is not consistent with the common structure recently approved by ISO.

The key to establishing an integrated management is NOT the use of a particular organizing framework or high-level structure.  How you organize your management system documentation needs to fit the needs of your organization – not the desires of a particular registration auditor.

What is important is being able to clearly explain how your management system meets the requirements of each of the specification standards to which you want to become certified.  This requires clearly written documentation that defines the links to the requirements you are addressing within your management system.  It may also require discussion with your registrar and/or the use of reference tables – similar to those set out in the Annexes of ISO 9001, ISO 14001, OHSAS 18001 – and PAS 99:2006.

Thea Dunmire, JD, CIH, CSP
ENLAR Compliance Services, Inc.
Thea’s Blogs:
http://www.OHSAS18001expert.com
http://www.managementsystemexpert.com

ISO 9001 7.1 Product Realization

Suppliers, supplier management

Q: Our company, certified to ISO 9001:2008 Quality management systems–Requirements, is experiencing quite a bit of supplier non-conformance.

An option we are interested in is to have a set of manufacturing drawings for our suppliers and a set of inspection drawings. Either the manufacturing set would require tighter tolerance than the inspection set, or the inspection set would have looser tolerances than the manufacturing set.

What would the criteria be to introduce this theory into our procedures?

A: I suggest that you consider the point of ISO 9001:2008 Quality management systems–Requirements, clause 7.1, regarding the development of product objectives. Your planned approach is similar to what is intended by this clause.

The organization should set its product requirements during the product planning stage. Product requirements should be based upon design inputs, outputs, verifications and validations. This provides the essential measurements (tolerances) required for the product to function as designed or intended.

The requirements sent to suppliers, or to the shop floor, should be within the design tolerances or criteria, but not necessarily the same. However, in the event that inspection or a supplier identifies/provides a product that is outside the drawing requirements, it would be up to the engineer or the designer to decide if the product still meets the design criteria. If so, the product would be disposition “accept as is” and would still function as planned.

If repetitious non-conformance is encountered and the product is still within the design criteria, then changes to the supplier and inspection criteria should be considered to prevent continued non-conformance. If the non-conformance does not meet the product requirement or the design criteria, corrective action should be taken with the supplier.

Bill Aston
ASQ Senior Member
Managing Director of Aston Technical Consulting Services
Kingwood, TX
www.astontechconsult.com

Qualifications for QMS Staff Training Position

Training, learning, conference, certification, recertification

Question

I work at an environmental testing laboratory company with facilities in California.  We are certified to ANSI/ISO/ASQ Q9001-2008: Quality management systems – Requirements ISO/IEC 17025-2005: General requirements for the competence of testing and calibration laboratories and are pursuing certification to  ANSI/ISO/ASQ E14001-2004: Environmental management systems – Requirements with guidance for use.

We are attempting to hire an assistant quality manager (AQM) whose primary function will be staff training on the quality management system.

We have identified an excellent candidate in Ireland and are attempting to secure a work visa for her in order to come to the United States and join us. The folks at the Immigration and Naturalization Service are demanding that we write a job description so that they can somehow justify bringing her into the country.  One of their requirements appears to be related to having a bachelor’s degree in education in order to fulfill the training function. In addition, they are demanding that we prove that this is an “industry standard,” namely, having an education degree in order to become a training manager.

My question for you is: is a bachelor’s degree in education a normal requirement for a quality training position? If so, can you offer any guidelines in terms of companies or types of firms that may have this requirement? If not, what can you tell me about normal background or education requirements necessary for the AQM – the training position that I am considering?

Answer

The short answer is no — a degree in education is not a normal industry requirement. I believe the Immigration folks are confusing this position with a school teacher who is required by most states to have a teaching certificate. One of the requirements for most teaching certificates is an education degree from an accredited college or university – the so-called “normal” schools.

An education degree is not normally required and usually not desired in industry.

It would be much better to emphasize the quality knowledge aspects. It is quite common for candidates to have one of the ASQ certifications, such as ASQ Certified Quality Improvement Associate certification (easier) or the ASQ Certified Quality Engineer certification (very hard).

Dennis Arter
ASQ Fellow
The Audit Guy
Columbia Audit Resources
Kennewick, WA
http://auditguy.net

Standard Vs. Specification and Guidance Documents

 

ISO documentation practices, requirements, records

Question

What is the difference between a standard and a specification?

Answer

There is no single or simple answer to your question. The answer depends upon the context of the question. Relative to the ANSI/ISO/ASQ Q9000 Series: Quality management standards, I direct you to ANSI/ISO/ASQ Q9000:2005 Quality management systems – Fundamentals and vocabulary.

ISO 9000:2005 defines specification as a document that states requirements. A specification can be related to activities (e.g. procedure document, process specification and test specification), or products (e.g. product specification, performance specification and drawing).

ISO 9000:2005 does not define “standard”. The first part of the ISO 9000:2005 introduction reads:

“The ISO 9000 family of standards listed below has been developed to assist organizations, of all types and sizes, to implement and operate effective quality management systems.

ISO 9000 describes fundamentals of quality management systems and specifies the terminology for quality management systems.

ISO 9001 specifies requirements for a quality management system where an organization needs to demonstrate its ability to provide products that fulfill customer and applicable regulatory requirements and aims to enhance customer satisfaction.

ISO 9004 provides guidelines that consider both the effectiveness and efficiency of the quality management system. The aim of this standard is improvement of the performance of the organization and satisfaction of customers and other interested parties.

ISO 19011 provides guidance on auditing quality and environmental management systems.

Together they form a coherent set of quality management system standards facilitating mutual understanding in national and international trade.”

In other words…

ISO 9000 is a standard that describes fundamentals and specifies the terminology.

ISO 9001 is a standard that specifies requirements.

ISO 9004 is a standard that provides guidelines.

ISO 19011 is a standard that provides guidance.

This implies that a standard is a formal document that establishes uniform criteria, methods, processes and practices — which may or may not be requirements.

ISO 9000:2005 also makes a distinction between quality management system requirements and requirements for products using the terms “specifications” and “standards.” It states:

“The ISO 9000 family distinguishes between requirements for quality management systems and requirements for products.

Requirements for quality management systems are specified in ISO 9001. Requirements for quality management systems are generic and applicable to organizations in any industry or economic sector regardless of the offered product category. ISO 9001 itself does not establish requirements for products.

Requirements for products can be specified by customers or by the organization in anticipation of customer requirements, or by regulation. The requirements for products and in some cases associated processes can be contained in, for example, technical specifications, product standards, process standards, contractual agreements and regulatory requirements.”

Joe Tsiakals
Voting member of the U.S. TAG to ISO/TC 176 (ASQ)
Voting member of the U.S. TAG to ISO/TC 210 (AAMI)

ISO 9001 SOPs for HR and IT Departments

Mr. Pareto Head and IT

Q: My company wants to become certified to ISO 9001:2008 Quality management systems–Requirements by the end of this year. We have nearly all of our common standard operating procedures (SOPs) identified and written. But some of our departments—HR and IT in particular—are proving to be a little more difficult as far as identifying activities we might need to document.

Could you provide a few examples of procedures that might be available for  an IT and HR department? More specifically, I’m looking for examples of what others may have done with ISO 9001:2008 in conjunction with corresponding SOPs.

A: ISO 9001:2008 specifically requires the organization to have documented procedures for the following six activities:

4.2.3 Control of documents.
4.2.4 Control of records.
8.2.2 Internal audit.
8.3 Control of nonconforming product.
8.5.2 Corrective action.
8.5.3 Preventive action.

From an ISO 9001:2008 perspective, there are no mandatory procedures required for HR or IT departments as supporting functions for an organization. It is recommended, however, that you have your processes documented to ensure accountability for actions, consistency and standardization.

When there are many employees involved in various organizational functions, the hand-offs between the functions and employees can blur, with little to no accountability for the final outcome. In addition, having processes undocumented is not scalable, repeatable and reproducible as the organization grows larger.

The ISO 9001 website guideline further clarifies that the extent of the quality management system’s documentation can differ from one organization to another based on:

The size of organization and type of activities.
The complexity of processes and their interactions.
The competence of personnel.

While this may not be the right forum to share examples of SOPs, I can provide a typical list of ISO 9001:2008 procedures that may be applicable to HR and IT functions.

A better way to develop procedures for the listed processes is to bring the stakeholders and experts together, map the process in its current state, brainstorm, identify and remove nonvalue-added activities, and then reissue a new value-added procedure.

Typical SOPs in HR

  •     HR planning process.
  •     New employee orientation process, including mandatory training and certifications.
  •     Training needs analysis.
  •     Employee training and development process, which also includes training, skill competency assessments, periodic evaluations and certifications.

Typical SOPs in IT

  •     IT resource planning process.
  •     Data archival, retention, backup and disaster recovery process.
  •     IT hardware and software maintenance and information security management process.
  •     Quality information systems, including infrastructure planning, implementation and improvement.

Govind Ramu
Senior manager, quality systems
SunPower Corp.
San Jose, CA

Ask A Librarian