Search results

OH&S Objectives

The new requirements for OH&S objectives are for you to create your objectives, and then to create a plan to achieve them including steps that state who needs to do what, with what resources, by what time and how you are going to know that each step is done. Your OH&S objective should have a target and timeline for full completion (that lines up with your plan), such as “We will reduce workplace injuries and near misses from 5 per month to 1 per month by June 2021”. So, your OH&S objective is a chosen improvement that you are trying to make, and each step of your plan is working towards this improvement. You track the realization of your plan towards your objective through the closure of your plan steps.

As for Key Performance Indicators (KPI), these are the important measurables you have chosen to track for your OHSMS, such as number of injuries per month, or number of near misses per month. AS per the example above, if your OH&S objective aligns with a KPI then as you track your KPI over the next several months you should see the reduction in injuries and near misses each month as you plan progresses, with the goal of reaching the target in your objective. It is important to note that not every OH&S objective will be linked to a KPI, and you do not need to create an objective for every KPI you track, but when they do line up this is helpful.

You can read more on OH&S objectives in the article: How to define ISO 45001 objectives and plans, https://advisera.com/45001academy/blog/2018/12/04/how-to-define-iso-45001-objectives-and-plans/

ISO 9001 clauses relating to Incoming Quality

ISO 9001:2015 clauses 8.4.1, 8.4.2 are specifically about defining and implementing Incoming Quality control. Clauses 8.6 and 8.7 are generically applicable to quality control and non-conformities at any stage, like incoming quality control.

You can find more information below:

• Understanding Product & Service Provision in ISO 9001 - https://advisera.com/9001academy/blog/2014/10/07/understanding-product-service-provision-iso-9001/
• Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ 

Justification for selection a control

In general a “Top Management decision” is made because the management considers the control as a market best practice in the related field (i.e., best practice in IT for network control, best practice in HR for a human-related control, etc.), so your first example is acceptable (it will only make the main reason explicit), but it needs to be related to the highest position in the ISMS scope (e.g., "Best practices in IT according to Top Management").

Regarding your second example, you can use IT management only if this is the highest position in your ISMS scope (e.g., the ISMS scope is limited to the IT department or IT processes).

These articles will provide you a further explanation about risk management and SoA:

• ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
• The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/

Managing customer complaints

ISO 9001:2015 is not about perfect organizations, it is about continual improvement. Receiving one, two, ten complaints is not in itself a non-conformity during a certification or surveillance audit. What is certainly a non-conformity is receiving a complaint and doing nothing. Neither respond nor analyze and after a trend analysis decide to implement improvements.
In the abstract, the number seems high. What I recommend is starting right away with improvement projects. Please check this free webinar on-demand - Measurement, analysis, and improvement according to ISO 9001:2015 - https://advisera.com/9001academy/webinar/measurement-analysis-and-improvement-according-to-iso-9001-2015-free-webinar/

You can find more information below:

• How to use root cause analysis to support corrective actions in your QMS - https://advisera.com/9001academy/blog/2016/03/01/how-to-use-root-cause-analysis-to-support-corrective-actions-in-your-qms/
• Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
• Book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

Context, internal and external factors and interested parties

I invite you to see this free webinar on demand - ISO 9001:2015 clause 4 - Context of the organization, interested parties, and scope - https://advisera.com/9001academy/webinar/iso-90012015-clause-4-context-of-the-organization-interested-parties-and-scope-free-webinar-on-demand/ - Where I present an approach about how to implement context analysis and relate it also with the risk-based thinking.

You can find more information below:

• How to determine interested parties and their requirements according to ISO 9001:2015 - https://advisera.com/9001academy/blog/2015/11/10/how-to-determine-interested-parties-and-their-requirements-according-to-iso-90012015/
• How to identify the context of the organization in ISO 9001:2015 - https://advisera.com/9001academy/knowledgebase/how-to-identify-the-context-of-the-organization-in-iso-90012015/
• Free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
• Book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

Showing evidence for clause 4.4

ISO 45001 clause 4.4 does not require you to keep documented information, so there is no requirement to have something written down to meet this requirement. Many companies will create a flowchart showing the processes of the OHSMS, including the interactions between them, but this piece of written evidence is not a requirement of the standard. It is important to remember that written evidence is not the only evidence used in an audit, statements of fact and assessments at the end of the audit are also used.

This requirement is often assessed once an entire audit is completed, rather than asking for one piece of evidence; where at the audit conclusion the auditors will look at all of their evidence and findings and ask “Does all of this evidence indicate that the OHSMS is established, implemented, maintained and improved?”

You can learn a bit more about what documented information is mandatory in the whitepaper: Checklist of Mandatory Documentation Required by ISO 45001, https://info.advisera.com/45001academy/free-download/checklist-of-mandatory-documentation-required-by-iso-45001

Defining scope

To support scope definition I suggest you these materials:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Defining the ISMS scope if the servers are in the cloud https://advisera.com/27001academy/blog/2017/05/22/defining-the-isms-scope-if-the-servers-are-in-the-cloud/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/
- How to set the ISMS scope according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-set-the-isms-scope-according-to-iso-27001-free-webinar-on-demand/ (this one is a recording from previous presented webinar)

 Additionally, included in your toolkit, you have access to a video tutorial that can help you define the ISMS scope.

Interpretación de requisitos de la norma

Un requisito legal o una obligación de cumplimiento es una condición que ha sido establecido por leyes, reglamentos, estatutos, acuerdos con terceras partesque le son aplicables a una organización y al sector en el que opera.

Dentro de los requisitos legales en ISO 14001, podemos encontrar varios tipos: 

- Requisitos operativos: se trata de autorizaciones y programas de seguimiento en los que el gobierno emite un permiso especial a una organización para realizar una actividad. La empresa en este caso, debe reportar a la entidad con la frecuencia establecida, algún tipo de resultados de test, informes de emisiones, etc.
- Permisos operativos: están relacionados con requisitos establecidos en una ley, un decreto, un reglamento o una disposición oficial. Estos permisos,  son de carácter general y su vigencia no está supeditada al suministro de determinados informes.
- Acuerdos de colaboración:se tratan de acuerdos aprobados por una organización, ya sea en su interior o con socios externos, que finalmente se convierten en una obligación de cumplimiento ambiental para la organización y por ende, para ISO 14001. 

Para más información sobre los requisitos legales y otras obligaciones de cumplimiento, vea los siguientes materiales: 

- ISO 14001 legislation checklist: how to create it: https://advisera.com/14001academy/blog/2019/11/04/iso-14001-legislation-checklist-how-to-create-it/

- Curso gratuito en línea - Curso de Fundamentos ISO 14001:2015: https://advisera.com/training/es/course/curso-fundamentos-iso-14001/

- Libro - The ISO 14001:2015 companion: https://advisera.com/books/the-iso-14001-2015-companion/

Design process

In IATF 16949: 2016 standard, product design, and production design are specified in item 8.3. Product design is out of scope for companies that do not design products, but for all manufacturing companies, the production design is within the scope and is a must requirement. Tool design is part of the production design and according to the IATF Standard clause 8.3, the production design clauses of the standard are valid for your company. 

Section 8.5.6

There is no explicit requirement in the standard to use such a procedure. However, as you rightly mention, any changes may bring risks and opportunities. A good practice is to determine and evaluate them in order to act when needed. For example, I’m working with a manufacturing company that determined the risk, the possibility of having to use employees to perform unusual tasks to replace colleagues on sick leave with covid. For this reason, they prepared an on-the-job training plan for eventual substitutes. Another example, when organizations update procedures it is a good practice to inform and or train people about the changes.