Search results

ISO 14001 implementation in a small company

Start with a self-assessment compliance checklist to list the initial gaps between ISO 14001:2015 requirements and your organization’s current environmental practices and performance. As long as you have top management support, any sound environmental management system starts with a clear identification of environmental aspects and impacts and its evaluation, and with an identification of any compliance obligations. Then, you have to plan your implementation project about how to improve environmental aspects situations and meet your environmental objectives aligned with an environmental policy. If you are in a hurry to implement your environmental management system, perhaps our ISO 14001:2015 Documentation Toolkit - https://advisera.com/14001academy/iso-14001-documentation-toolkit/ can be useful.

Please check this information below with more detailed answers:

• How to use an ISO 14001 self-assessment compliance checklist - https://advisera.com/14001academy/blog/2019/12/04/iso-14001-self-assessment-checklist-how-to-use-it/
• List of ISO 14001 implementation steps - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/list-of-iso-14001-implementation-steps/
• Project checklist for ISO 14001 implementation - https://info.advisera.com/14001academy/free-download/project-checklist-for-iso-14001-implementation
• ISO 14001:2015 Implementation diagram - https://info.advisera.com/14001academy/free-download/iso-14001-2015-implementation-diagram
• Article - Environmental aspect identification and classification - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/environmental-aspect-identification-and-classification/
• Article - Catalogue of environmental aspects - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/catalogue-of-environmental-aspects/
• Free webinar on demand - How to use a Documentation Toolkit for the implementation of ISO 14001 - https://advisera.com/14001academy/webinar/how-to-use-a-documentation-toolkit-for-the-implementation-of-iso-14001-free-webinar-on-demand/
• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/
   

Environmental strategic risk and operational risk

How can environmental strategic risk be integrated with operational risk in environmental risk register?

Supplier Security Program (Annex A 15 Supplier Relationships)

Besides those classified as high risk or critical, for the identification of these suppliers you must consider:

• the ISMS scope, i.e., the suppliers that can affect the information you want to protect
• the legal requirements (e.g., laws, regulations and contract) you must comply to (for example, a contractual clause with a customer may require a specific supplier or suppliers to be included in the program)

If a supplier does not fall in one of the above-mentioned situations, then you do not need to include it in your supplier management program related to information security.

This article will provide you a further explanation about supplier management:

• 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/

8.5 production and service provison

Clause 8.5.3 may not be applicable to every organization.

Simple case – a customer bought a product and that product is returned for planned maintenance, or for correcting some defect, or for upgrading some part (last week I updated my computer battery, for example).

Business to business case – consider a brand that outsources the manufacturing of its jackets to a manufacturer. The manufacturer buys and applies all materials, but the brand supplies the high-profile brand labels. Those labels must be protected from theft or any kind of loss. For all purposes, those labels are like money.

Intellectual property – a customer send you, the manufacturer, the blueprints of its later high-tech gadget. Customers expect that the blueprints are protected from theft or leaking into the media.

Molds – A customer has a mold and asks your organization to manufacture injection molding parts with it. The customer expects that you don’t start injection parts with that mold for your own use.

External providers – It is becoming more common that organizations don’t possess equipment, they rent it to an external provider. For example, in a construction company, the scaffolding structure used may belong to an external provider.

You can find more information below:

• How does ISO 9001 property clause 8.5.3 reflect on software? - https://advisera.com/9001academy/blog/2018/03/23/how-does-iso-9001-property-clause-8-5-3-reflect-on-software/
• Free webinar on demand - Overview of ISO 9001 implementation steps - https://advisera.com/9001academy/webinar/overview-of-iso-9001-implementation-steps-free-webinar-on-demand/
• Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/

ISO 17025 Quality Manual Option B

Firstly a comment. As laboratories that are already ISO 17025:2017 accredited do not typically seek ISO 9001 certification, I assume you are referring to the larger organisation going for ISO 9001 certification for support departments like HR and Finance ? A laboratory that is accredited to ISO 17025 conforms to the requirements of ISO 17025 clause 8, Management requirements for laboratory activities. As these are the clauses covered in ISO 9001 management, It is considered that the laboratory fulfils the intent of ISO 9001.

You can refer to a similar question and reply, Are there any things in ISO 9001 not covered by ISO 17025? at https://community.advisera.com/topic/are-there-any-things-in-iso-9001-not-covered-by-iso-17025/

You asked

Is it better to integrate or have two separate manuals. The chances of having an integrated or combine audit is zero, since it is two separate bodies. There is a strong suggestion to integrate the manuals”

This is a organisational preference. If top management is the same for the ISO 17025 and ISO 9001 activities, then rather have one manual.  This is simpler, and duplication will be avoided. The argument for two separate manuals can be made if there are different people involved, for different departments, such as HR. I suggest you look at the risks of combining them, versus having them separate in terms of responsibilities for processes such as dealing with complaints and noncomformances, auditing, management review and couemntation.

For more information, see ISO 17025 – Main guidelines at https://advisera.com/17025academy/what-is-iso-17025/  and the article ISO 17025 vs. ISO 9001 – Main differences and similarities at https://advisera.com/17025academy/blog/2019/07/11/iso-17025-vs-iso-9001-main-differences-and-similarities/ for some more insight.

Test validity for the regulatory bodies

You asked if your laboratory's use of a internal Standard test method will be valid for the regulatory bodies, even if you are not accredited.

I am not in the position to comment on specific regulations (e.g. FDA GMP) and can only comment from an ISO 17025 implementation and accreditation point of view.  Performing a test is only a part of the overall management system requirements of ISO17025. The competency required to provide a consistently valid result is demonstrated through a number activities to meet the requirements of ISO 17025. Hence the importance of accreditation – the process of independent assessment and attestation to this competency.

I do not know what regulatory bodies you are referring to, nor the purpose of the test, i.e. type of product and application. Bear in mind the requirements may be different; for example if the test results were being used for quality control for a manufacturer, compared to studies for research or a product registration.  As the laboratory, your responsibility is to understand, define and document the requirements for the work you do.  Out of interest, I can mention that if the testing relates to alcohol-based hand sanitizer products during the COVID-19 pandemic; the FDA has issued a Temporary Policy for the preparation of certain products. See https://www.fda.gov/regulatory-information/search-fda-guidance-documents/guidance-industry-temporary-policy-preparation-certain-alcohol-based-hand-sanitizer-products-during

I suggest you enquire as to the specific requirements of your customers (the use / purpose of the test result) and the requirements of their applicable regulatory bodies. ISO 17025:2017 clause 7.1 Review of requests, tenders and contracts and clause 7.2 Selection Verification and validation of methods are particularly relevant to your question. These are covered under section 09_Customer_Service and 10_Test_and_Calibration_Method in the ISO 17025 toolkit. https://advisera.com/17025academy/iso-17025-documentation-toolkit/

Sandblasting under ISO 14001

ISO 14001:2015 does not forbid any specific practice. ISO 14001:2015 require that organizations commit to comply with legislation or regulation applicable. So, if in your country there are no compliance obligations forbidding sand blasting you can use it. If during your initial environmental assessment, you conclude that sand blasting has significant environmental impacts, your organization should take actions to minimize or control those impacts.

Please consider these sources of information:

• Article - Identifying environmental aspects in the engineering business according to ISO 14001 - https://advisera.com/14001academy/blog/2017/03/20/identifying-environmental-aspects-in-the-engineering-business-according-to-iso-14001/
• Article - Environmental aspect identification and classification - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/environmental-aspect-identification-and-classification/
• Article - Catalogue of environmental aspects - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/catalogue-of-environmental-aspects/
• Free webinar - ISO 14001: Identification and evaluation of environmental aspects - https://advisera.com/14001academy/webinar/iso-14001-identification-and-evaluation-of-environmental-aspects-free-webinar-on-demand/
• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

Environmental Management System in transport company

Unfortunately, we don’t have a vase study about an Environmental Management system in a transport company.

However, we have this article about the steps needed to implement an Environmental Management system in general - List of ISO 14001 implementation steps - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/list-of-iso-14001-implementation-steps/

As you can see in step 3, one of the cornerstones of an Environmental Management system is to determine its environmental aspects. In this article - How the transportation business can benefit from identifying environmental aspects according to ISO 14001 - https://advisera.com/14001academy/blog/2016/05/09/how-the-transportation-business-can-benefit-from-identifying-environmental-aspects-according-to-iso-14001/ you can get some ideas about how to do it.

Check also this other article that may be relevant to your challenge - Importance of ISO 14001 for shipping companies - https://advisera.com/14001academy/blog/2019/05/07/iso-14001-for-shipping-companies-why-is-it-important/

Please consider these sources of information:

• Article - Environmental aspect identification and classification - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/environmental-aspect-identification-and-classification/
• Article - Catalogue of environmental aspects - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/catalogue-of-environmental-aspects/
• Free webinar - ISO 14001: Identification and evaluation of environmental aspects - https://advisera.com/14001academy/webinar/iso-14001-identification-and-evaluation-of-environmental-aspects-free-webinar-on-demand/
• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

Has e-Privacy come into effect?

In "Module 13: Sustaining and improving compliance", in the "Keep Looking Forward" video, the lecturer says that the e-Privacy regulation is in the drafting stage and will soon set rules for privacy and security in the context of electronic communications. My question is, has the e-Privacy already come into effect?

I assume that you are referring to Advisera's EU GDPR DPO Course, Module 13. E-Privacy regulation is still a proposal to be approved by the European Parliament. The approval procedure is not concluded.

And where can I find out more information about it?

You can find all information about e-Privacy regulation discussion on the Official European Union websites.

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications): https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52017PC0010

Here you can find the ongoing approval procedure: https://eur-lex.europa.eu/legal-content/EN/HIS/?uri=celex:52017PC0010

On the website of European Data Protection Board (EDPB) you can find the EDPB’s statements on this proposal: https://edpb.europa.eu/our-work-tools/our-documents/statements/statement-32019-eprivacy-regulation_en

If you want to have more information about e.Privacy regulation and GDPR you can check this article:
GDPR vs e-Privacy regulation https://advisera.com/eugdpracademy/blog/2018/02/21/gdpr-vs-e-privacy-regulation/