ISO 14001 Implementation Book Recommendations

[Dr. L. Ramakrishnan]

Re: ISO-14000 books - for implementing

Here, the question is of legitimacy and applicability of a REQUIREMENT, absence of which may lead to a non-conformance.

Thanks for your response. It is possible that I have not expressed myself clearly. Indeed, the customer company's requirement on suppliers (4.4.6) becomes a requirement for the supplier (4.3.2). So if the supplier has established an ISO-14001, the requirement of the customer has to be captured as one of the "the other requirements". If this is not captured the auditor can identify this "gap" as a non-conformance of the supplier's EMS.

With kind regards,

Ramakrishnan

 

[samsung]

Re: ISO-14000 books - for implementing

Thanks for your response. It is possible that I have not expressed myself clearly. Indeed, the customer company's requirement on suppliers (4.4.6) becomes a requirement for the supplier (4.3.2). So if the supplier has established an ISO-14001, the requirement of the customer has to be captured as one of the "the other requirements". If this is not captured the auditor can identify this "gap" as a non-conformance of the supplier's EMS.

With kind regards,

Ramakrishnan

Thanks but what I am looking for is something different. The issue is related to considering (or not considering) the persons of the other org. / deptt./ suppliers as the persons 'working for or on its behalf' v/s the responsibility of the organization of ensuring control over its own significant aspects which, among other things, involves determination of competence of those persons who are supposedly 'working for or on its behalf'

Further, the Customer requirements, as you mentioned, are normally related to 'products', e.g., a customer may demand an environment friendly packaging which is also a concern of ISO 9001's customer concerns. With this particular requirement, the company cannot treat the customer as the person 'working for it or on it's behalf' in so far its own EMS matters. The organizations practically have little or no control over the use and environment friendly disposal of its products once despatched out from the factories. It's for this reason, the standard uses the term

the aspects that it can control and those that it can influence...."

IMHO, in all such situations, the organizations can only "consider, where practicable, communication of proper handling and disposal mechanisms to these users in order to exert influence." If the organization has properly 'influenced' the supplier / business associates / remotely located deptts. (falling out of the defined & documented scope of the EMS), it has fulfilled the requirement but to what extent it's intent is materialized, solely depends on the second party's will which doesn't, by itself, becomes a point of interest for the auditor unless the organization has shown a firm commitment to this effect.

 

[harry]

The issue is related to considering (or not considering) the persons of the other org. / deptt./ suppliers as the persons 'working for or on its behalf'

By the way Samsung, where did this term (persons 'working for or on its behalf') come from?

 

[samsung]

by the way samsung, where did this term (persons 'working for or on its behalf') come from?

iso 14001 : 2004

4.4.2 competence, training and awareness
the organization shall ensure that any person(s) performing tasks for it or on its behalf that have the potential to cause a significant environmental impact(s) identified by the organization is (are) competent on the basis of appropriate education, training or experience, and shall retain associated records.

The organization shall identify training needs associated with its environmental aspects and its environmental management system. It shall provide training or take other action to meet these needs, and shall retain associated records.
The organization shall establish, implement and maintain a procedure(s) to make persons working for it or on its behalf aware of a) the importance of conformity with the environmental policy and procedures and with the requirements of the environmental management system,
b) the significant environmental aspects and related actual or potential impacts associated with their work, and the environmental benefits of improved personal performance,
c) their roles and responsibilities in achieving conformity with the requirements of the environmental management system, and
d) the potential consequences of departure from specified procedures.

 

[harry]

Thank you and excuse me for being lazy to check.

How do you handle contractors workmen coming to work in your site (such as maintenance, repairs, construction, etc)? As a minimum, do you require their supervisors to attend training course (on awareness & what nots) conducted by your organization? Your contractor and their workers are working on your behalf.

What if the contractor works off-site (they send their finished products to you)? Still the same isn't. You still need to fulfill items a) - d) of 4.4.2. Some people communicate it to their contractors through a contractors policy and the onus of communicating it to their workmen rests on the contractors. If you are questioning the effectivesness of this arrangement, it's another story.

 

[samsung]

Thank you and excuse me for being lazy to check.

What if the contractor works off-site (they send their finished products to you)? Still the same isn't. You still need to fulfill items a) - d) of 4.4.2. Some people communicate it to their contractors through a contractors policy and the onus of communicating it to their workmen rests on the contractors. If you are questioning the effectiveness of this arrangement, it's another story.

Thanks Harry for the response. Here the organization has fulfilled the requirement as long as it has 'communicated' something yet not 'ensured' it because it has little control over what the contractor does offsite even if it (the activities of the persons) affects the organization's significant aspects. By all means, the organization can identify those operations but should not commit to control those beyond the capability and scope as well.

...excuse me for being lazy

I don't think so. Absolutely.

 

[Dr. L. Ramakrishnan]

Hi,

Thank you for the interesting interpretations and discussions. To me as an auditor and as an implementer of ISO-14001 the main purpose of an audit is not only to assess the conformance but also to identify risk areas and inform the client about the risk areas. "Control" and "influence" are contextual. Obviously if I am a "small" customer, the "big" supplier will not bother about my requirements. But if I am a "big" customer, the "small" supplier has to bother about me, if my business with him is significant. That is why many of the multinationals (e.g. Ford, Philips) have influenced their suppliers to establish ISO-14001; if the supplier does not have an ISO-14001 certification he ceases to be the supplier. In the latter case definitely it is possible to identify issues related to persons at the supplier's organization, if they are related to significant aspects of the customer organization, and record the gaps as non-conformance, provided the requirements are formally communicated to the supplier much ahead of the audit. For example, in the company where I worked, any significant deviation to ISO-14001 at the supplier organization (including employing personnel not qualified for a particular function which can cause significant environmental impact) was a RED issue to be closed within a month. In my opinion, in the type of example you have brought out, the auditor has a special responsibility to identify risk areas that need to be reported to the client; it is not just conformance to EMS alone but also about the quality and rigour of EMS that matters in such audits. Again these approaches depend on the maturity of the EMS as well as the client organization; but the auditor has the professional requirement to flag the issue, either as a non-conformance or just as information to the client.

With kind regards,

Ramakrishnan

 

[samsung]

Hi,

Thank you for the interesting interpretations and discussions. To me as an auditor and as an implementer of ISO-14001 the main purpose of an audit is not only to assess the conformance but also to identify risk areas and inform the client about the risk areas. "Control" and "influence" are contextual. Obviously if I am a "small" customer, the "big" supplier will not bother about my requirements. But if I am a "big" customer, the "small" supplier has to bother about me, if my business with him is significant. That is why many of the multinationals (e.g. Ford, Philips) have influenced their suppliers to establish ISO-14001; if the supplier does not have an ISO-14001 certification he ceases to be the supplier. In the latter case definitely it is possible to identify issues related to persons at the supplier's organization, if they are related to significant aspects of the customer organization, and record the gaps as non-conformance, provided the requirements are formally communicated to the supplier much ahead of the audit. For example, in the company where I worked, any significant deviation to ISO-14001 at the supplier organization (including employing personnel not qualified for a particular function which can cause significant environmental impact) was a RED issue to be closed within a month. In my opinion, in the type of example you have brought out, the auditor has a special responsibility to identify risk areas that need to be reported to the client; it is not just conformance to EMS alone but also about the quality and rigour of EMS that matters in such audits. Again these approaches depend on the maturity of the EMS as well as the client organization; but the auditor has the professional requirement to flag the issue, either as a non-conformance or just as information to the client.

With kind regards,

Ramakrishnan

Yes, I do agree that the terms like 'control' and 'influence' are contextual and their application is subject to limitations as you mentioned above. But the extent to which the organization decides to implement the controls or exerts 'influence' will largely determined by its Policy commitments and no doubt it's scope. Why the MN giants look beyond their own premises is because they extended their scope beyond their factory boundaries and thus have shown a policy commitment to make their suppliers to operate in line with their own EMS requirements. They do it because somewhere they committed that they would to do it but smaller organizations can't (& shouldn't) emulate them. They have to operate within their own capabilities and if they are able to achieve what they aimed at in balance with enviro-socio-economic needs, they have successfully demonstrated to their stakeholders the implementation of an EMS based on ISO 14001.

ISO 14001, as it says,

"does not establish absolute requirements for environmental performance beyond the commitments in the environmental policy, compliance to legal & 'other' requirements, prevention of pollution....".

It's where the auditor has to determine:
1. If a risk exists within the defined 'area'
2. If a risk exists within the perimeters of organizational commitments that it failed to address

'Beyond compliance' is also contextual - It may mean to comply beyond the minimum standard requirement yet on the other extreme, it can also mean to convey compliance beyond the 'organization's EMS requirements & it's commitments' (which should be possible avoided). If one wishes to go with the later, one is free to review the policy (& EMS as a whole, if need be) to set new standards for the employees & other business associates to achieve so that they don't have a false feeling of having gone (or achieved) 'beyond' the finish line.

 

[harry]

Very well put, Dr. Rama. For a developing country where the laws are not that comprehensive, enforcement lax and other priorities often over ride environmental concerns, it is very difficult to imagine what one can do. But it had to start from some where - me and you!

 

[samsung]

In the latter case definitely it is possible to identify issues related to persons at the supplier's organization, if they are related to significant aspects of the customer organization, and record the gaps as non-conformance, provided the requirements are formally communicated to the supplier much ahead of the audit.

Le's take the example of water which being a scarce resource, is considered as a highly significant aspect in our organization. (The area where we operate falls in one of the most water scarce areas (desert land) of the country with an annual rainfall of around 300 mm with no perennial source around. People have to rely on poorly replenished groundwater reservoirs for their daily need of less than 70 Litres/person/per day.)

On the other hand, the workers at one of our suppliers end wear locally manufactured jeans clothing as part of their job. If one is conscious of 'water foot print' and goes into the upstream life cycle of jeans manufacture, one will be surprised to note that one trouser consumes more than 5000 litres of water during it's manufacturing process alone. It consumes more water for routine washing as well. But it was later on discovered that the supplier doesn't have to consider 'water' as a 'significant aspect' since they have no water shortage @ 2500 mm of annual rainfall; operating near a big perennial river. Average per capita water consumption is around 320 Litres/person/day. Further, the laws of land do not mandate the supplier for being miser on this front.

What should we do in such a scenario ? Do we still go on to 'influence' him to consider 'water' as a significant aspect because we have considered it so ? He doesn't care for because he had determined that this 'significant aspect' does not have any significant environmental impact in his case.

Why should we bother about it ! We, in this instance, should focus on our own (relatively) significant aspects only.

Significance, therefore, is a relative term and "the process of identification and evaluation of environmental aspects should take into account the location of activities, cost and time to undertake the analysis, and the availability of reliable data." The standard offers sufficient degree of freedom to the organization for determining significance. Then why an external auditor, for no apparent reasons, should be looking into the issues or the risk areas (beyond the scope) that he is not supposed to.