Hi,
(first of all, sorry for bad English)
In our company with 3000 employees, we “integrated” 4 management systems (QMS, EMS, OHSMS, EnMS), and are going towards fifth (ISMS).
When I say “integrated”, I mean “half integrated”, because I never saw sample of real integration of all possible common/shared elements that could be integrated, and all standards’ requirements properly treated.
We integrated Policy and Manual, and are using (so called) “system” QMS procedures for Control of documents, Internal Audits, etc.
But, what about Objectives, Legal requirements, Aspects&Impacts, Hazards&Risks, Contingency plans? Every MS has its own requirements, specifics, terminology and ideas, that could not easily be molded into unique structure.
Anyway, we tried unofficially, at least for experiment!
PAS 99 specification was criticized a lot, but we’ve found it pretty interesting.
Under Planning, PAS 99 have:
4.3.1 Identification and evaluation of aspects, impacts and risks
4.3.2 Identification of legal and other requirements
4.3.3 Contingency plans
4.3.4 Objectives
4.3.5 … not relevant
Under 4.3.1, terms “aspects, impacts and risks” are generalized for any management system from those I mentioned.
Having “ISO 14004, Table A.1 — Examples of activities, products and services and their associated environmental aspects and impacts” in mind, we’ve tried to make an acceptable table structure to hold the information we want.
In fact, we’ve made two almost identical documents because the last column “Actual and potential impacts” (“normal operating conditions, abnormal conditions including start-up and shut-down, and emergency situations and accidents”), because a slight difference in methodology to determine significance, and further actions if the aspect is “significant”.
For “normal conditions” for significant aspects - we make Objectives, and for „abnormal conditions“ for significant aspects - we make „Contingency plans“.
This is that magic table structure, that „establishes a common framework to identify, evaluate and control business risks of any type“, even in theory
(Imagine a table with these columns)
Code:
ASPECT IN WIDER CONTEXT:
1. Organizational unit
2. Process
3. Activity/Product/service
4. Aspect
IMPACT IN WIDER CONTEXT:
1. Management System
2. Impact
METHODOLOGY TO DETERMINE SIGNIFICANCE:
1. Parameter 1
2. Parameter 2
3. Parameter 3
4. Parameter X
SIGNIFICANCE (SOME KIND OF „RISK”, SO IT HAVE TO BE HANDLED SOMEHOW IF SIGNIFICANT):
1. Yes / No
For this purpose we made a Methodology to determine significance, that takes into account column „Management System”. Different MS’s has different standpoints. For QMS we take into account loss of productivity, loss of reputation, material damage, … and make some quantification of that). For EMS and OHSMS we use well known methodologies, etc.
When presented to Management, the we very interested!
For the first time, the same ASPECT IN WIDER CONTEXT:
1. Organizational unit
2. Process
3. Activity/Product/service
4. Aspect
… can obviously have more than one associated IMPACT IN WIDER CONTEXT:
1. Management System
2. Impact
… and one or more could be SIGNIFICANT.
Many times, by one single Objective, we can handle both EMS and OHSMS impacts, because they could be in a relation.
And there we stuck. What about OHSMS terminology? We say “impacts”. What about hazards? Auditors will say that’s not OHSMS terminology! Also, what about proper document name: “Aspects, impact and risks in normal conditions”, “Aspects, impact and risks in abnormal conditions”? On the other side QMS does not have that terminology at all, although Legislator and interested parties, for example asks from us to make „Contingency plans“ for many QMS things. All that perfectly fits into presented structure.
We understand that table structure and we’ve found it useful to us, but I’m afraid not to estrange from explicit standard requirements and terminology.
I would like to here your experiences and observations on this.
Best Regards,
Vladimir