Search results

Environmental Management System in transport company

Unfortunately, we don’t have a vase study about an Environmental Management system in a transport company.

However, we have this article about the steps needed to implement an Environmental Management system in general - List of ISO 14001 implementation steps - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/list-of-iso-14001-implementation-steps/

As you can see in step 3, one of the cornerstones of an Environmental Management system is to determine its environmental aspects. In this article - How the transportation business can benefit from identifying environmental aspects according to ISO 14001 - https://advisera.com/14001academy/blog/2016/05/09/how-the-transportation-business-can-benefit-from-identifying-environmental-aspects-according-to-iso-14001/ you can get some ideas about how to do it.

Check also this other article that may be relevant to your challenge - Importance of ISO 14001 for shipping companies - https://advisera.com/14001academy/blog/2019/05/07/iso-14001-for-shipping-companies-why-is-it-important/

Please consider these sources of information:

• Article - Environmental aspect identification and classification - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/environmental-aspect-identification-and-classification/
• Article - Catalogue of environmental aspects - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/catalogue-of-environmental-aspects/
• Free webinar - ISO 14001: Identification and evaluation of environmental aspects - https://advisera.com/14001academy/webinar/iso-14001-identification-and-evaluation-of-environmental-aspects-free-webinar-on-demand/
• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

Has e-Privacy come into effect?

In "Module 13: Sustaining and improving compliance", in the "Keep Looking Forward" video, the lecturer says that the e-Privacy regulation is in the drafting stage and will soon set rules for privacy and security in the context of electronic communications. My question is, has the e-Privacy already come into effect?

I assume that you are referring to Advisera's EU GDPR DPO Course, Module 13. E-Privacy regulation is still a proposal to be approved by the European Parliament. The approval procedure is not concluded.

And where can I find out more information about it?

You can find all information about e-Privacy regulation discussion on the Official European Union websites.

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications): https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52017PC0010

Here you can find the ongoing approval procedure: https://eur-lex.europa.eu/legal-content/EN/HIS/?uri=celex:52017PC0010

On the website of European Data Protection Board (EDPB) you can find the EDPB’s statements on this proposal: https://edpb.europa.eu/our-work-tools/our-documents/statements/statement-32019-eprivacy-regulation_en

If you want to have more information about e.Privacy regulation and GDPR you can check this article:
GDPR vs e-Privacy regulation https://advisera.com/eugdpracademy/blog/2018/02/21/gdpr-vs-e-privacy-regulation/

ISO 14001 controllers

So, you want to perform an environmental initial assessment in your lab in order to implement control.

Let us start with an example:

You need to determine all aspects and impacts under normal, abnormal and periodical situations. Then you need to evaluate those impacts and determine what kind of control or improvement you need in place, to improve your relationship with the environment.

You can start by getting a plant of your lab. Make several copies and use each copy for a specific environmental aspect. Please check this article to get a starting point about the main environmental aspects - Catalogue of environmental aspects - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/catalogue-of-environmental-aspects/

Let us consider, as an example, that you are with your lab plant for “hazardous chemical waste” (both in chemical form and materials contaminated with chemicals such as filters from a vent hood): Gather a team from the lab and go to each location and write, draw, comment in your lab plant all situations, all activities, where hazardous chemical wastes can be generated. You can repeat this procedure for every environmental aspects.

Then, you can organize all that information into a table and write the environmental impacts. Define an evaluation scheme to determine which aspects/impacts are critical or not. Please check these articles - 4 steps in identification and evaluation of environmental aspects - https://advisera.com/14001academy/knowledgebase/4-steps-in-identification-and-evaluation-of-environmental-aspects/ and - What makes an environmental aspect significant in ISO 14001? - https://advisera.com/14001academy/blog/2015/03/09/what-makes-environmental-aspect-significant-in-iso-14001/ to help design that evaluation scheme.

For each critical environmental aspect/impact you can design one or more actions. For example:

• Invest in buying a pallet spill to minimize leaking impacts;
• Invest in training, procedures and/or simulations to improve practices or minimize wrong practices
• Decide to eliminate an activity, for example some organizations decide to no longer paint and subcontract that activity
• Decide to establish control procedures – frequently checking appearance or making measurements

Please consider these sources of information:

• Article - Environmental aspect identification and classification - https://advisera.com/14001academy/blog/2019/08/27/key-iso-14001-benefits-to-customers/nowledgebase/environmental-aspect-identification-and-classification/
• Free webinar - ISO 14001: Identification and evaluation of environmental aspects - https://advisera.com/14001academy/webinar/iso-14001-identification-and-evaluation-of-environmental-aspects-free-webinar-on-demand/
• Enroll for free in this course – ISO 14001:2015 Foundations Course - https://advisera.com/training/iso-14001-internal-auditor-course/
• Book – The ISO 14001:2015 Companion - https://advisera.com/books/the-iso-14001-2015-companion/

ISO 9001 vs ISO 17025

That will depend on the extra benefits that your organization can get from being ISO 9001 certified. Do your company’s target customers value ISO 9001 certification besides ISO 17025 accreditation? It that is so, perhaps getting ISO 9001 certification could be useful.

Just implementing ISO 9001 on top of ISO 17025 accreditation can be useful if used by top management to introduce the business flavor. ISO 17025 is about technical competence. ISO 9001 has several business-related topics not included in ISO 17025 like:

• Context of organization and interested parties
• Quality policy and strategic direction
• Quality objectives
• Monitoring and measurement that can be very useful together with the use of the process approach.

You can perform an initial Gap Analysis to check was is missing from ISO 9001:2015 in your organization - Free ISO 9001:2015 Gap Analysis Tool - https://advisera.com/9001academy/iso-9001-gap-analysis-tool/

You can find more information below:

• Should you use a gap analysis in your ISO 9001 implementation? - https://advisera.com/9001academy/17/use-gap-analysis-iso-9001-implementation/
• Six key benefits of ISO 17025 implementation - https://advisera.com/17025academy/blog/2019/10/18/six-key-benefits-of-iso-17025-implementation/
• Six Key Benefits of ISO 9001 Implementation - https://advisera.com/9001academy/knowledgebase/six-key-benefits-of-iso-9001-implementation/
• ISO 17025 vs. ISO 9001 – Main differences and similarities for some more information, available at https://advisera.com/17025academy/blog/2019/07/11/iso-17025-vs-iso-9001-main-differences-and-similarities//
• Free webinar on demand - Overview of ISO 9001 implementation steps - https://advisera.com/9001academy/webinar/overview-of-iso-9001-implementation-steps-free-webinar-on-demand/
• Enroll for free course - ISO 9001:2015 Foundations Course - https://advisera.com/training/iso-9001-foundations-course/
• Book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/

ISO 9001 program vs process

Let us use an example of what can be a flowchart for an internal audit process:

A process consists of a set of main steps. In one of these steps, an Audit Program must be established and approved. This Audit Program must be approved by someone who has been given the authority to do so.

However, the internal audit process includes more steps. The person responsible for the process as a whole is responsible for the fulfillment of the process purpose and for its effectiveness and compliance with the procedures. If your organization has a procedure describing the internal audit process it must have an item answering to the question: who is responsible for this process as a whole.

You can find more information below:

• What is the ISO 9001 audit program, and how does it work? - https://advisera.com/9001academy/blog/2017/01/24/what-is-the-iso-9001-audit-program-and-how-does-it-work/
• Free webinar on demand - How to perform an ISO 9001:2015 internal audit - https://advisera.com/9001academy/webinar/how-to-perform-an-iso-9001-2015-internal-audit-free-webinar-on-demand/ (includes the slide above)
• ISO 9001:2015 Internal Auditor Course: https://advisera.com/training/iso-9001-internal-auditor-course/
• Book - ISO internal audit: A plain English guide: https://advisera.com/books/iso-internal-audit-plain-english-guide/

Non - conformance

First is important to note that the concept of major and minor non-conformities is not commonly used in internal audits because the type of the identified non-conformity normally does not affect the development of the internal audit (as it occurs in certification and surveillance audits). Considering that:

Minor nonconformity - a non-conformity that does not affect the capability of the management system to achieve the intended results. An example might be that you find some people have not undertaken training that the organization has made mandatory (ISO 27001 clause 7.2), but you find that those people are still competent to carry out their tasks.

Major nonconformity - a non-conformity that affects the capability of the management system to achieve the intended results or in other words, when you have found that the requirement of the standard has not been met. For example, if an organization completely failed to fulfill a certain requirement; if a process has completely fallen apart; or if you have several minor nonconformities that are related to the same process, or to the same element of your management system.

Regarding your scenario, since you have several cases in the same process, you could consider it a major non-conformity, because of its recurrence.

This article will provide you a further explanation about major and minor nonconformities:

• Major vs. minor nonconformities in the certification audit - https://advisera.com/27001academy/blog/2014/06/02/major-vs-minor-nonconformities-in-the-certification-audit/

GDPR - Breaking of Confidentiality

I have been in dispute with a care company over an invoice dating from late 2018. Basically the company was trying to charge my mother, who suffers from *** for appointments where they didn't turn up or left early to get to other appointments. I asked for some information under the "Freedom of Information Act 2000" several months back which the care company did not supply. Recently a Debt Recovery company contacted me reference the unpaid invoice. We have been in communication for a several weeks now. This week I received an email from the Debt Recovery company attached to the email was some of the information that I had requested from the care company. The attachments were a copy of my mothers contract with the care company, a copy of her Individual Care and Support Agreement and a copy of my Power of Attorney for my mothers finances.

Are the care company in breach of GDPR for sharing this information with a third party i.e. the Debt Recovery company?

First, you should verify if any privacy notice was given to your mother and if she signed it. She may have given consent to data processing and data transfer.

In any case, Article 6 GDPR paragraph 1 (b), (f) states that data processing (without consent) is lawful when it is necessary to perform a contract between the controller and the data subject or for the purposes of a legitimate interest of the controller or a third party. Therefore, transferring data to collect money for an unpaid invoice is considered lawful.

You should verify with a lawyer if the Member State where you live introduced some internal regulation over data processing in debt collecting procedure which limits data transferring in some way. 

What can I do about this breach of confidentiality?

It can be considered a breach of confidentiality only if your mother signed a privacy notice where it was stated that personal data would not transfer to any third party. Otherwise, it can be considered lawful.

Can I take the Care Company to court over this matter? As I am really not happy with them over this!

I can understand that you are not happy, you should ask for advice from a lawyer in your own country and verify if there is any chance to defend from their request on the basis of the care service provided. 

You can find more information about data processing here:

• Article 6 GDPR: https://advisera.com/eugdpracademy/gdpr/lawfulness-of-processing/
• Understanding 6 key GDPR principles: https://advisera.com/eugdpracademy/knowledgebase/understanding-6-key-gdpr-principles/
• Is consent needed? Six legal bases to process data according to GDPR: https://advisera.com/eugdpracademy/knowledgebase/is-consent-needed-six-legal-bases-to-process-data-according-to-gdpr/
• Everything you need to know about the GDPR Privacy Notice: https://advisera.com/articles/gdpr-privacy-notice-6-key-elements-to-include/

You may also consider enrolling in this online EU GDPR Foundations Course:
EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//