ISO 9001 and OSHA
From: The ISO Listserve
Date: Mon, 30 Jul 2001 09:34:32 -0500
Subject: Re: Design Legality & OSHA (2)/Naish
From: PNaish
Previously I posted 2 questions regarding legal ramifications of design and OSHA requirements.
First to answer the industry: my friend works for a computer manufacturing company that sells world wide but the computer are used in various products from low end low tech to use in cars to who knows what.
I asked her to call the auditor and have him give her references for what he is saying they will be auditing for under the new 9001 standard. His response was as follows:
For the OSHA type requirements he told her to look at 6.3 (which is infrastructure) and 6.4 (Which is work environment). He indicated that the registrar he works for said that these two sections mean the auditors are to look for unsafe working conditions and indicated things that OSHA would be looking for such as oily floors and electrical cords exposed and trip hazards and falling hazards, etc.
I think the auditor is going a little too far as this is outside the scope of his audit and I do not see how he interprets the work environment to include OSHA and the remaining safety areas he is talking about. The company does comply with OSHA and have been audited by them and comply. I do not think there is anything they need to do unless someone else has any ideas about what this auditor is looking for. As far as I can tell the registrar does not do safety audits so I do not think this has anything to do with it.
For the legal ramifications of design he said to look at 7.2.1.b ...requirements stated or not .. and for intended use along with c statutory and regulatory for product.. Further he told her to look at 7.3.2b and 7.3.3d regarding safe and proper use. He said they would be looking for records that the company had checked with the customer what the intended use was and if there were are legal ramifications of the customer's use that they needed to be aware of. He also said that they would need to have records showing they knew that what they were making met the regulatory requirements of the end customer.
For review of the sections he references I can see how some of the legal portion applies as far as regulatory but the company can not know whether the customer is going to sell to Timbuktu or where the customer is going to sell it so the only place they sell to that I think is appropriate for them is where the customer is. The customer then becomes responsible for the application of where they sell it. Is this not correct?
I think the auditor is a little too eager and suggested she wait and see what happens in the next audit. This audit was to the old standard so I would continue with what they are doing in this area. Anyone see anything differently?
If anyone has anything that differs with my opinion please let me know so I can pass the information on to her. Also if anyone else has heard the same thing from their auditor would you send me an email off line so I can see if it is just this one person or if it is a registrar's interpretation.
Thanks,
Phyllis
****************************
I stand by my previous posts on compliance auditing vs. conformance auditing and agree that this auditor is being overzealous in his/her pursuit (I'm being nice in my characterization). ISO auditors are systems and process auditors; we are not OSHA experts, environmental regulators, or lawyers, or nuclear regulators, or FDA inspectors, on and on. Seems to me as if this auditor is one of those that give others of us a bad name.
Cheers...and have a great day!
John
***************************
From: Nancy J
Date: Tue, 31 Jul 2001 10:02:46 -0500
Subject: Re: Design Legality & OSHA (2)/Naish/Vianna
From: Sidney
No (mentally) sane auditor would expect an organization to be legally responsible for what their customer do with the products delivered by the supplier. For example, if I produce lead, and this lead finds itself being used in the production of residential paint (illegal in the US) without my knowledge, I obviously can not be held responsible, nor liable for that fact.
On the other hand, as part of my business risk management, I need to ensure that the products that I develop and market are legal within the marketplaces I am (trying) to sell it. There is nothing new. For example, if I am an Italian manufacturer of cars and I want to export my vehicles for sale to the US, not only I need to certify and homologate the vehicle for US Standards, but very likely will have to do something more, in terms of emission, IF I want to sell it in California, where there are more stringent requirements for anti-pollution devices.
Concerning occupational health and safety requirements, I am amazed how (supposedly) professional auditors fail to carefully read the REQUIREMENTS of the Standard.
Both paragraphs 6.3 and 6.4 address "...NEEDED TO ACHIEVE CONFORMITY TO PRODUCT REQUIREMENTS...."
This means that we are concerned with the product quality characteristics. So, for example, we are manufacturing semiconductor wafers, very likely we will be doing it in CLEAN ROOMS, with different levels of cleanliness, depending on the criticality of the product. Sterile rooms if we are dealing with medical devices, drugs, etc. . .. If I am producing photographic film, I will be probably be doing it in a totally dark room. These are examples of work environment considerations.
For an example as an "infrastructure" case, if I have a manufacturing process that requires compressed air at 125 psi, and my air compressor is capable only of delivering 100 psi, I have a problem.
Auditors that fail to realize the scope of a Quality Management System Audit and start tackling safety and environmental issues are doing more damage than good. Integrated management systems and audits are definitely the way of the future, but until an audit is officially and formally deemed as an INTEGRATED AUDIT, auditors HAVE to refrain from deviating from the scope of the audit.
Sidney V
****************
From: Nancy
Date: Thu, 26 Jul 2001 17:05:56 -0500
Subject: Re: Meeting OSHA Requirements /Naish/Pfrang
From: dep
> Same friend was also told the auditors will now be auditing for compliance to
> OSHA during their audits. Anyone know anything about this? Does this mean all
> auditors will now have to get trained in all the OSHA requirements?
Recognizing that what I say here might have nothing whatsoever in common with what ISO auditors actually do in the field, I see the situation as follows:
1. Auditing to OSHA regs is an enormous undertaking -- the reg book is as thick as a phone book -- so ISO auditors would be biting off far more than they could possibly chew if they were to attempt to audit against specific OSHA requirements.
2. ISO auditors are not hired to audit to OSHA regs, so they have no authorization in their work plan to perform such audit.
3. I don't have the exact wording in front of me, but the ISO Standard does require companies to include regulatory requirements as an input to their quality system. Accordingly, ISO auditors would not be overstepping the work plan to ask how the company incorporates OSHA requirements as an input. If the company has no mechanism for incorporating OSHA requirements, this might be treated as a nonconformity -- not because of any specific OSHA violation, but because of the quality system deficiency in not having a mechanism for incorporating the requirements.
4. If the ISO auditor sees what appears to be a specific OSHA violation during the ISO audit, the ISO auditor would not be overstepping the work plan to point out the violation as a remark.
5. ISO auditors are hired to perform specific tasks. If they stray beyond those tasks, the company has a valid basis for asserting that (1) the auditor is doing things the company has not hired him or her to do, and (2) the auditor is not spending enough time doing the things the company has hired him or her to do.
My $0.02.
Doug P
*********************
From: Nancy
Date: Thu, 26 Jul 2001 17:20:29 -0500
Subject: Re: Meeting OSHA Requirements /Naish/Holtz/Kiely
From: GKiely
> From: "John H
> >
> > From: PNaish
> >
> > "Same friend was also told the auditors will now be auditing for compliance
> > to OSHA during their audits. Anyone know anything about this? Does this
> > mean all auditors will now have to get trained in all the OSHA requirements?"
> Woooo...Phyllis, I have a real problem with this post, which also makes me
> ask if I'm missing something pretty basic in my general understanding of
> standards and regs. OSHA auditing is penalty-driven compliance auditing,
> & ISO auditing is improvement-driven conformance auditing, and the twain
> neither mix nor meet (reference my post on the definitions of these two).
> I'll keep my mouth shut and watch for other responses to this....
John,
I am in total agreement with your post... It is totally insane to even consider that an ISO auditor would have any type of federal regulatory authority. Our facility currently maintains 'STAR' status in OSHA's voluntary protection program (VPP). The STAR award is the highest award given as part of this program. Participation in this program requires many voluntary audits from trained OSHA auditors to retain this status. The only conceivable way I could see an ISO auditor getting involved in a company's safety program(s) would be if the safety procedures were part of the company's document control system and he found some sort of break down in that system. Lets not forget, in this country (US) ISO is applied as a matter of good business... OSHA is applied as a matter of law....
GKiely