Testing Emergency procedures in real life.

Hi all,

I'd like to hear your opinions on this one:

A company in the neighbourhood got into trouble during the ISO 14001 certification audit, when it was discovered that they had not tested their emergency preparedness routines. (4.4.7. and yes, the nature of their process certainly warrants such procedures). But they got off the hook...

They had recently had a real life emergency and claimed that the procedures had been tested that way. I don't know whether they had reviewed the emergency or not at the time of the audit.

Anyway they got away with it. They now hold a certificate.



They got lucky. A real life emergency does is not a substitute for periodic testing. Primarily because it does not involve other people in the process. :)

Dean P.

We have a process that evaluates how effective our emergency response procedures are, with corrective actions or improvements noted. This process is used to evaluate both actual and mock situations.

I agree, the company got lucky. The procedure states that they must 'periodically test' (which would imply a mock situation). They may have passed on the basis that they had a drill schedule, and also if they evaluated the effectiveness of the particular real-life response (I don't know whether or not they did). If they did have a testing plan in place but hadn't yet got around to it, and they also evaluated the effectiveness of the actual response, I can see how the auditor would buy this.


Super Moderator
It depends on what their procedure states. If they requie a test every 6 months and exceeded that time limit it doesn't matter whether the actual emergency happened or not, they failed to conform to their requirement.

On the other hand if they stipulate that a test must be conducted, but don't give a specific time period (it must be at least annually or as required by regulatory agencies) an the actual emergency happened, the system was in fact tested under actual conditions, and the requirement has been satisified.

I am curious as to whether or not they did any follow up, reviewed what went right an what didn't and decided on corrective actions for shortcomings.
I don't have that info

Of course one can argue that since their entire EMS is brand new, they had not had the time for any drills yet. The question in that case would be if they had planned one? Anyway, I agree with Sam & Dean that they got lucky. My reason for starting this thread is that I can foresee this happening a lot in the future.

I am curious as to whether or not they did any follow up, reviewed what went right an what didn't and decided on corrective actions for shortcomings.
So am I, but I'm afraid I don't have that information...

Dean P.


I started a thread earlier this year with respect to your concern - namely, how mature does a system have to be in order to be certified to ISO-14001?

Based on the responses I received, the answer was 'not very'. Basically, if you have documented procedures in place that meet the requirements of the standard, you can set up your audit and claim immaturity of the system as the reason why you can't show progress on anything (targets, drills, regulatory issues, etc.). The difficult part will be the 2nd, 3rd, and 4th audit. This is where companies must show continual improvement and complete records that they are doing EVERYTHING they say they are.

We are starting our system next week (by starting I mean we have ID's all sig. aspects, set our objectives and targets, all procedures are 'live' in our controlled system and we are working on our EMP's). We are set to have our certification audit in September. Basically, I can meet the requirements of the standard for this audit without having any drills, and without meeting any of our targets, as long as I have plans to meet all of these by the end of the year. I don't know if it's right or not, but we need to have the certification by the end of the year and the bottom line is, we better show results for our surveillance audit in March.

Personally, I think that this mainly stems from the fact that most companies are doing ISO-14001 because the Big 3 say so, not because they want to prevent pollution and improve the environment. JMO.


Super Moderator
Pretty perceptive of you Dean:vfunny:

Make sure that you have performed some type of internal audit and can show some corrective / preventive action by the time the registrar comes knocking.

And if you're the MR...never, never, never answer a question with "I don't know." Remember you are addressing issues, developing information, so on and so forth

Same here

Hi Dean,

We have reached the same stage as you have, with the certification audit planned for late May. (Good luck btw :) )

The difficult part will be the 2nd, 3rd, and 4th audit. This is where companies must show continual improvement and complete records that they are doing EVERYTHING they say they are.
Aye, there's the rub. You can get the certificate before you are ready to back your words up with action.



Emergencies vs real life

The reason we have to periodically test ER procedures is to make sure if a "real" emergency occurs, we have the capability to effectively deal with it.

If we say that a "real" emergency is not a test, we are only playing word games. A real emergency will definitely test our procedures. In fact, it is the best test. During drills and tests, we are not dealing with the stress of an actual emergency. During an actual emergency, we are also testing our ability to react under pressure. “Real” emergencies are the BEST test.

With the little information Claes provided, I do not see how “they got away with it”. There is nothing to “get away with”. They have a process and the process worked (an assumption – if it did not work, a “test” should have shown the same failure)

The important thing will be how they analyzed their response to the emergency and how they used lessons learned; not only how they dealt with the emergency, but also what went wrong to allow it to happen.

Dean P.

I think that if the company did have a drill / testing schedule, then you are right, Dave, there was nothing to 'get away with' and they did meet the requirements (as long as they evaluated the effectiveness of the response). The fear is that they were relying on real life emergencies to test their system. I don't think any of us would want to count on live emergency situations to see how our system works.

As for getting our certificate before we achieve anything, well, I hope that is why we are all here, to make sure our respective companies actually achieve what we set out to do and make improvements to our own environments. That's the challenge of any 'system' I guess (quality or env): to make progress and achieve positive results, even if management is only concerned with the certificate on the wall.
Top Bottom