ISO 9001 Requirement Dilemma - Security Aspects

Q

QMSNoob

Hi guys,

First of all, thank GOD there's this forum and those special people in it and well met all of you :bigwave:

Now to my dilemma, I'm will participating in a consultancy tender for an oil & gas related park which covers Security & HSE and I'm at a lost in regards to one of the requirement which is to have a QMS manual akin to the ISO 9001 standard particular for the Security aspect of it. Is there a standard ISO 9001 template (documents) that I could base this QMS system on?

Have browsed the web but most seems to offer a generic template that I'm afraid that would not suit my particular scenerio, especially after going thru the forum thread, correct me if I'm wrong, there seems to be a specific type of QMS for specific industry type. I do plan to have it certified soon as it seems to be the standard norm.

I hope someone could point me in the right direction on this one as I just don't which way to start, any feedback would be much appreciated.

Thanks in advance.

-QMSNoob
 
P

pldey42

Re: ISO 9001 Standard Requirement Dilemma

I'm no expert in oil and gas but would ISO 29001 help?

According to BSI

"ISO/TS 29001 defines the quality management system requirements for the design, development, production, installation and service of products for the petroleum, petrochemical and natural gas industries.

"Developed as a direct result of a partnership between ISO and the international oil and gas industry (led by the American Petroleum Institute - API), ISO 29001 specifically focuses on the oil and gas supply chain."

If it's like other industry-specific variants of ISO 9001 it will be based upon ISO 9001 but include extra detailed requirements specific to oil and gas.

You can purchase it from BSI or, probably, your local standards institute.

Hope this helps
Pat
 

John Broomfield

Leader
Super Moderator
Re: ISO 9001 Standard Requirement Dilemma - Security aspect

Hi guys,

First of all, thank GOD there's this forum and those special people in it and well met all of you :bigwave:

Now to my dilemma, I'm will participating in a consultancy tender for an oil & gas related park which covers Security & HSE and I'm at a lost in regards to one of the requirement which is to have a QMS manual akin to the ISO 9001 standard particular for the Security aspect of it. Is there a standard ISO 9001 template (documents) that I could base this QMS system on?

Have browsed the web but most seems to offer a generic template that I'm afraid that would not suit my particular scenerio, especially after going thru the forum thread, correct me if I'm wrong, there seems to be a specific type of QMS for specific industry type. I do plan to have it certified soon as it seems to be the standard norm.

I hope someone could point me in the right direction on this one as I just don't which way to start, any feedback would be much appreciated.

Thanks in advance.

-QMSNoob

QMSNoob,

ISO 28000 perhaps?

However, I see no reason why ISO 9001 cannot be used to assure the quality of security.

Just define your product and the processes that work together in a system to deliver that product.

Then bring your definitions here and we may be able to help you to plan the development of your process-based security management system.

John
 
R

Reg Morrison

Re: ISO 9001 Standard Requirement Dilemma - Security aspect

I'm no expert in oil and gas but would ISO 29001 help?
ISO TS 29001 has a very uncertain future, as API (the real force for 29001 to exist) withdrew support for that standard, in favor of the 9th Edition of API Q1. I suspect that ISO 29001 will die a slow death, specially because no accreditation body under the IAF has ever set up an accreditation scheme for that standard. All certificates issued against 29001 are not accredited.....

ISO 28000 perhaps?

However, I see no reason why ISO 9001 cannot be used to assure the quality of security.
If they want a security and HSE model, try RCMS. If ISO 9001 could be used for any "discipline", why would ISO bother with all other management system standards, such as 14001, 16949, 29001, 50001, 27001, 22000, 28000, etc....?
 
Last edited by a moderator:

John Broomfield

Leader
Super Moderator
Re: ISO 9001 Standard Requirement Dilemma - Security aspect

Reg,

RCMS is based on ISO 14001 and is not a bad choice.

Neither is applying ISO 9001 to improve the quality of any service or product.

John
 

John Broomfield

Leader
Super Moderator
Re: ISO 9001 Standard Requirement Dilemma - Security aspect

I guess the API execs were not making enough money out of ISO/TS 29001.
 
P

pldey42

Re: ISO 9001 Standard Requirement Dilemma - Security aspect

I'm pleased to see that RCMS is risk-based. For a project involving security I would see risk assessment as an essential element, especially since risks will vary according to what the plant actually does, its location and the neighbouring geography, local political stability, and so forth.

In the absence of anything specific for oil and gas, the ISO 31000 series of standards on risk assessment might be helpful.

And/or, one could consider using ISO/TS 29001 as a model, and getting the resultant system certified to ISO 9001 (on the assumption that 29001 is upward-compatible with 9001, which these things usually are) and using a certification body and auditors with specific competencies in oil and gas services.

Pat
 

John Broomfield

Leader
Super Moderator
Re: ISO 9001 Standard Requirement Dilemma - Security aspect

Assessing risks is just another process that can result in the appropriate controls being added to the other processes in the process-based management system for realizing beneficial risks (aka opportunities) while limiting adverse risks.

Current revisions to ISO 14001 and ISO 9001 will recognize this.

Customers may still insist on their own variants of these management system standards, instead of inserting special conditions in their contracts, to broaden their choice of prequalified suppliers.
 
Q

QMSNoob

Re: ISO 9001 Standard Requirement Dilemma - Security aspect

Hi Guys,

Thanks for all the feed backs and inputs :applause:

Let me try to shed more light into the requirements for this particular request.

Tenderer request QA/QC for execution for the proposal in regards to the Security consultancy, mentioning ISO standards, whilst it be assessed too for the option of project management. As mentioned it concerns a proposed industrial park that will include a refinery, supply marine base and other oil & gas downstreams'

Would the ISO 9001 be able to be utilised for these requirements?

Is there any drafts/templates in the forum files for any of the suggestions you guys made (ISO 31000, 28000, RSM, etc) apart from the ISO 9001 which I've browsed thru?

I would like to adopt a particular standard that would permit application to most as the company would be handling supply, services and now, consultancy related to the oil & gas industry.

Thanks in advance.
 
Q

QMSNoob

Re: ISO 9001 Standard Requirement Dilemma - Security aspect

QMSNoob,

ISO 28000 perhaps?

However, I see no reason why ISO 9001 cannot be used to assure the quality of security.

Just define your product and the processes that work together in a system to deliver that product.

Then bring your definitions here and we may be able to help you to plan the development of your process-based security management system.

John

Definitions?
 
Top Bottom