Re: ISO 9001 Implementation for Law Section in my company
Does this help? It's the "Supply Chain Management Policy and Procedures Manual" for Emfuleni, which is "s one of three Local Municipalities comprising the Sedibeng District Municipality situated in Vanderbijlpark, Gauteng, South Africa" (
http://www.emfuleni.gov.za/index.php?option=com_content&view=article&id=2&Itemid=7)
http://www.docstoc.com/docs/43698004/Supply-Chain-Management-Policy-and-Procedures-Manual
Until I looked at this I thought, "How hard can it be?" Now I realize that if you're documenting legal procedures for a Supply Chain Management environment there are some serious issues to consider such as staying on the right side of any anti-corruption legislation that may apply in your country, minimizing opportunities for fraud, corporate governance and so forth.
I can quite understand that the legal people may not want to co-operate, and you'll certainly need their help in order to succeed. I think it would be a good idea to ask your manager, or the CEO, to say why the law team need to be within the scope of the ISO 9001 QMS - professionals are always more likely to co-operate when they see a good reason to do so. I would suggest also a course or a book on facilitating process mapping and documentation, so that you can guide the legal experts in documenting what's necessary.
If it were me I would be very careful. The penalties for a company for getting its legal stuff wrong can be crippling and I would not want to be found to have pushed the company into an illegal situation by, for example, not correctly documenting a legal process. With that in mind, there's a lot to be said for having the legal people document their own processes.
I've had some experience of legal processes in my ISO 27001 information security work, and it can be a nightmare. I suspect that some companies are knowingly illegal some of the time (e.g with regard to the UK Data Protection Act) and regard being completely legal as too expensive. Their plan is a financial settlement and an apology out of court if they're caught out.
In some cases the procedures for keeping the company legal (e.g with regard to the Data Protection Act) is led by the law department but involves others (e.g call centre operatives who take calls regarding personal data from members of the public). How they keep legal is a mixture of rigid procedures, regular training and re-training (for those situations that are hard to proceduralize and need "common sense" and legal knowledge) and the provision of escalation procedures for situations that people are uncomfortable with. Escalation goes up the hierarchy eventually to the chief legal officer. There are also processes for regularly checking for changes in the law as written, and as interpreted in Courts as "case law", and revising procedures and training as necessary.
It gets harder when different laws contradict each other (often mediated by courts) and again when the company operates in several different countries.
It gets harder again when corruption is common, e.g. paying bribes (which I think they call "contributions to the pension fund") to police and customs in order to be allowed to move goods. I suspect that for some companies the bribes, while illegal, are quietly declared in the accounts as something else so that at least the cash is accounted for.
Because of the complexities and the risks of illegal practices becoming disclosed in Court, I imagine there may be some resistance to writing it all down in documented procedures and that legal departments often rely heavily on skill and experience instead of documented procedures.
Hope this helps,
Pat