Answer:
Clause 5.4 d, 9 requires that you consult non-managerial workers on continual improvement of the OHSMS. This entire clause is based on the fact that workers are the most immediate interested parties within your OHSMS as they are directly affected by your efforts to improve OH&S within the workplace. Additionally, continual improvement and involvement of people are two of the main principles behind all of the ISO management system standards, and the best way to identify improvement within the processes is through the use of the people involved.
This requirement is pointing to the need to have workers involved in making the OHSMS better within your company to improve the processes and reduce the incidences of injury or ill health.
Answer:
Clause 4 of Iso 45001:2018 is all about understanding the context of your organization, or in other words what affects your company so that you can determine where and how the rules and polices will be applied. Clause 4.1 asks you to determine internal and external issues that affect your OHSMS, so what issues affect your you ensure a safe workplace. Internal issues could include the level of safety culture within your company and industry. External issues could include a push in your industry to eliminate a certain hazardous chemical, or the issue that a supplier will stop making a product that you use which is the safest product available and needs to be replaced with a more hazardous one.
Clause 4.2 asks you to understand who is interested in your OHSMS and what their needs and expectations are. While workers are identified as interested parties and have the expectation that they will not suffer injury or ill health at work, there are other interested parties who will have needs to be fulfilled. This could include government agencies that have laws in place related to your workplace OH&S,
For a better understanding of interested parties in ISO 45001, see the article: Determining interested parties according to ISO 45001, https://advisera.com/45001academy/blog/2018/03/14/determining-interested-parties-according-to-iso-45001/
Comparing environmental performance
Answer:
If both companies are ISO 14001 certified, we can expect that at least both companies comply with environmental legislation and regulation.
If you want to compare their environmental performance, you can ask them their environmental objectives and main indicators and a list of their most relevant environmental impacts. Two companies can comply with the same legislation and yet have very different environmental performances.
Even if those companies are not based in Europe, you can ask them if they have any study or report about their own situation against Best Available Techniques (BAT) in their industry.
There is no requirement in ISO 14001:2015 that states that companies should share that information with interested parties. Your company, as a potential customer can re quest that information and hope for their openness.
Examples of documents that can be used are checklists, production plans, and PPAP, control plans (SPC and APQP), risk analysis (FMEA), records of Measurement system analysis (MSA), preventive and predictive maintenance and similar.
If you want to become an ISO 9001 implementer it is important that you acquire two competencies:
Learn about ISO 9001:2015, the reference standard to develop a quality management system;
Learn about good implementation practices.
ISO 27001 can be used to prevent third party data risk by means of:
- Identification of relevant data risks imposed by third parties with access to information
- Definition of proper treatment options and controls to reduce risks to acceptable levels
- Establishment of contracts or legal agreements including clauses to enforce the application of previously defined controls (for third-parties authorized to access information assets)
This last article also covers conditions for third-parties working for the organization.
Procedure for commercial activities
Answer:
ISO 9001:2015 has no mandatory procedures. Please check clause 4.4.2 a). It is up to each organization to decide which procedures are needed to support operations.
Most organizations decide to develop procedures to describe how processes should be performed, and work instructions to describe how specific activities should be done.
A commercial procedure could be one that describes how requests for quotation are received, treated and proposals elaborated, approved, sent, negotiated until an agreement is reached.
Answer:
The PDCA cycle is embedded in the way ISO 14001 was written. If someone does not follow the PDCA cycle it will, most likely, be inefficient and ineffective.
Following the PDCA cycle is a way of trying to avoid a situation where something not needed is done. The PDCA cycle help us start by where action is needed. If an organization does not follow the PDCA cycle it can do a lot of work, use precious resources, and getting progress in areas where there is no priority for change.
Following the PDCA cycle is a way of promoting continuous improvement because the end of a cycle can be the start of the next one.
Answer:
First, you can go to an internet search engine and look for "environmental management system certificate textile" or “environmental management system certificate knit garments" to see several real life examples of environmental management systems’ certificates stating their scope.
You can see that some are very general "manufacturing of garments" and others are very detailed.
Second, your proposal goes into the more detailed field and I believe there is no problem with that.
By the way if your organization has more than one location, some certification bodies require to identify the applicable location in the scope statement.
Although these templates were created for a Quality Management System, they also can be used for an ISO 27001 ISMS, but please note that ISO 9001 supplier evaluation does not cover information security aspects. For that I suggest you work these templates together with the Supplier Security Policy and Security Clauses for Suppliers and Partners, included in your toolkit on folder 08 Annex A Security Controls A.15 Supplier Relationships