Discrimination and Discriminatory Harassment Policy

[Wes Bucey]

As if it were necessary for a voluntary standard to remind users: OBEY THE LAW!!!

I am confused about the "ISO dictum" you are referring to. There is an ISO 9001 requirement that organizations must ensure that the PRODUCT satisfies legal requirements.

Anti-discrimination laws (if they exist in the geographical location of the organization) are NOT product related.

Perhaps I am guilty of mission creep. I was hanging my point on the clause in Management responsibility which says

"Top management shall provide evidence of its commitment to the development and implementation of the quality management system and continually improving its effectiveness by (a) communicating to the organization the importance of meeting customer as well as statutory and regulatory requirements."

Nowhere in the section on management commitment does it restrict statutory and regulatory requirements to those having to do with product only. Similarly, many customer requirements in contracts often include boilerplate language about the supplier maintaining a legal operation without specifying details like "no hiring of of and using undocumented workers" or "no environmental pollution" even though such details don't directly affect the finished product delivered to the customer.

Thanks for the input, though, Sidney. Time to celebrate the USA holiday weekend with a Brazilian beverage - let's hear it for the Caipirinha!

 

[Marc]

I really think the basic key here is that the scope of the audit was not defined, or was not clearly defined.

<snip> The auditor was designated by a prospective buyer and we were never informed about the specific requirements by this customer in any previous communications. However, our organisation has taken up the issue with the customer and sought clarification.

Any time something like this comes up where the scope of the audit has not been defined the company being audited should ensure they know the scope of the audit.

My initial response was that neither standard stated by the original poster requires an audit for/of a Discrimination and Discriminatory Harassment Policy. I was negligent in not looking closely to see that krishkaar stated that a potential customer (buyer) was having the audit performed. When a customer is the party requiring the audit the customer has compete discretion as to what the scope of the audit will be. The potential customer should be clear communicating the scope of the audit, but the real responsibility rests upon the company being audited to ensure they know the audit scope prior to the arrival of the auditor.

In short, if it is a customer audit, the audit scope will almost always be beyond the scope of one or more standards simply due to the fact that most companies do have specific requirements outside the scope of ISO or other standards. These are often referred to as Customer Specific Requirements.

As to the Drive Out Fear stuff that has carried through some of the posts in this thread - That is only an issue in situations where a company is being audited to a standard (or regulation or what have you) such as a registrar doing an audit to ISO 9001. If a customer requirement is for all of a supplier's employees wear pink underwear, whether it is "fair" or not isn't an issue. If the supplier wants to do business with the potential customer the supplier has no choice in the matter.

Most customer audits of suppliers that I have been involved in are not particularly interesting in compliance to standards such as ISO 9001 and ISO 14001 - They tend to leave that to the company's registrar for the specific standard. Customer audits of suppliers that I have been involved with have focused on their specific requirements rather than (for example) the individual requirements of a standard. I remember when QS-9000 came out the idea was to eliminate the need for supplier audits by the "Big Three", or so they said at the time. That never happened because of the individual nature of each company. Nice idea but didn't work. Yes, we all know QS-9000 lives on in TS 16949 but let's face it - TS 16949 is only the basics. All automotive companies have additional requirements so the value of TS 16949 is minimal in the same way ISO 9001 is just the basics for any typical company.

While I know not all companies have Supplier Quality Manuals, many do. That is the place to start is a customer has one. BUT - Most (all?) companies have requirements unrelated to quality of the product such as Social Accountability aspects.

The bottom line is prior to *any* audit the scope of the audit should be clear to both the auditor and the auditee.

 

[Sidney Vianna]

Nowhere in the section on management commitment does it restrict statutory and regulatory requirements to those having to do with product only.

Wes, there is always context and scope to be contended with. The General section of ISO 9001 clearly describes what ISO 9001 is concerned with:

This International Standard specifies requirements for a quality management system where an organization
a) needs to demonstrate its ability to consistently provide product that meets customer and applicable statutory and regulatory requirements,

So, without a question any knowledgeable expert on ISO 9001 understands the coverage of legal requirements within the reach of the standard.

Similarly, many customer requirements in contracts often include boilerplate language about the supplier maintaining a legal operation without specifying details like "no hiring of of and using undocumented workers" or "no environmental pollution" even though such details don't directly affect the finished product delivered to the customer.

There is no organization in the world which could satisfy the "no environmental pollution" requirement. The key thing is to manage it's byproducts to make it within the legal and/or ethical limits.