SBS - The best value in QMS software

The organisation shall Establish, Implement & Maintain a Procedure(s)? ISO 14001

S

samsung

#11
Re: Establish, Implement & Maintain ?

Here is an example at your request. Let's assume that there is no documented procedure for this, threfore as an auditor I would ask a responsible function about the process steps then I would 'walk' the process to understand and verify the procedure. The potential verification methods are listed in parenthesis.

Example 1: Receiving process (or procedure, if you wish) at a company X:
1. Evaluate the condition of shipment before unloading. If no damages, then unload shipment, else take pictures of shipment and refuse delivery. (observation, interview)
2. Retrieve shipping paperwork (pack list, BOL, etc) and verify that shipment matches paperwork. If OK continue, else note discrepancies then continue. (observation, interview, records of discrepancies on receiving records)
3. Verify that item(s) was ordered against open POs in database. If ordered, check on paperwork and update database records. If quantity discrepancy, accept as is if w/n +/-5%, else contain product for review & disposition. If not ordered, contain product for review & disposition. (observation, interview, receiving records, data base updates, NC product records)
4. Submit product sample to QC for receiving inspection. (observation, interview, samples in QC lab)
5. QC inspects per receiving control plan. If OK then release product in database to available inventory, else reject product in database. Notify Receivign of disposition. (observation, interview, receiving inspection records, communication records)
6. Move product to stock if released, else contain for review & disposition. (observation, interview, NC product records)

During the 'walk' I would record employee names, equipment used, materials used, records retained, documents used (if any), performance indicators for the process and the product, inspection equipment, work environment conditions, etc. Now I can follow up on training, control of records, document control, goals & objectives (planning, management review, improvement actions), maintenance, safety, control of materials, etc. You can do this with any process within an organization, IMHO. Hope this helps.
Thanks for the response and example cited by you. Infact I was expecting one on an EMS related process since it was posted in ISO 14001 & Env. forum. Anyway, here are my points:

1. This appears to be a good example of how a procedure is 'followed' while the point I referred to was how a procedure is 'maintained' without documenting it.

2. How does the auditor ensure that the next time when he visits this site, another guy will be following through the same sequence.

3. How does the guy know that s/he is to proceed through step # 1 to 6 especially if s/he is new to this organization. Since 'receiving' is a complex sort of process, somewhere during the course of training, as I believe, s/he must be documenting (be it a personal note book) it, as a reminder, so as not to skip any of the steps when a responsibility is assigned to him.

4. Let's assume, it's a small organization and the one who has been looking after the job, suddenly leaves away. I don't presume that the one who is now transferred from another section to take over the charge, is competent enough to do the job effortlessly right for the first time.

5. And if it's a large organization with moderate level of staff turn around (which is not uncommon), is it possible to run the process(es) with 'consistent outcome'.

6. I'm sure there must be many expert auditors on the Cove who, with their vast experience of auditing different organizations, will let us know if the organizations which do not maintain documented procedures are really doing as effectively as the ones who maintain 'documented' procedures atleast for the sake of consistency, avoiding ambiguous situations and the like.
 
Last edited by a moderator:
Elsmar Forum Sponsor
D

DrM2u

#12
Re: Establish, Implement & Maintain ?

Samsung, you are raising some very good points. I will try to answer to some of the points from my perspective (which does not mean it is right or wrong, just that it makes more sense to me).
1. This appears to be a good example of how a procedure is 'followed' while the point I referred to was how a procedure is 'maintained' without documenting it.

2. How does the auditor ensure that the next time when he visits this site, another guy will be following through the same sequence.
As an auditor (or consultant) I would me more concerned if the current process is effective, effcient and compliant with the requirements rather than if it is the same like a year ago. An organization can make many improvements (hence changes) within a year, some large and some small, some documented and some not. When a process is changed the procedure changes also, hence it is impossible to be 'maintained'. What should be maintained or improved are the efficiency, effectiveness and level of compliance. Therefore I would 'walk' the process just like in the past. I would look for what changed if there would be any problems with the process and probably follow another audit trail from there.
3. How does the guy know that s/he is to proceed through step # 1 to 6 especially if s/he is new to this organization. Since 'receiving' is a complex sort of process, somewhere during the course of training, as I believe, s/he must be documenting (be it a personal note book) it, as a reminder, so as not to skip any of the steps when a responsibility is assigned to him.
There are many ways to transfer knowledge (teach) to someone, some more effective than others. Procedures or work instructions (if available)are one way to teach someone a new process or task and to use as reference (compensate for lack of knowledge). On-the-job training is another form of training that is frequently employed with success (and there is nothing wrong with taking notes). One way to minimize the need for training is to hire someone with previous experience who would need to learn only the tasks particular to the organization. Any way you look at it, the need for training and training methods should be identified by the responsible functions when any employee is assigned to a new task. This is part of clause 6.2.

4. Let's assume, it's a small organization and the one who has been looking after the job, suddenly leaves away. I don't presume that the one who is now transferred from another section to take over the charge, is competent enough to do the job effortlessly right for the first time.

5. And if it's a large organization with moderate level of staff turn around (which is not uncommon), is it possible to run the process(es) with 'consistent outcome'.
One thing that I often asked auditees in the past was "who will do your job if you win the lottery tomorrow?". For some reason this question seemed like a light switch for many organizations and individuals. I believe it is just good practice and good planning (and common sense to me) to have a back-up employee who can perform a task if the regular employee is not available (temporay or permanently). Surprisingly enough, from my experiences this type of cross-training seems to be more common in smaller organizations (less than 100 employees), probably because many employees have to 'wear more than one hat'.

To clarify my position, I am not against documentation, just against over-documentation. I believe the purpose of documentation is mainly to compensate for the lack of necessary knowledge. I also believe that documentation is also a good way to capture and preserve knowledge (although a knowledge database is a little more effective IMO). Therefore it is up to each individual organization to identify its needs for documentation. Now I will defer to the other current or former auditors to address your point #6.
 
#13
Re: Establish, Implement & Maintain a Procedure(s)? ISO 14001

Samsung - straight answer? How do you know an undocumented process/procedure is maintained? I've taken this to mean that, as changes occur, in requirements, methods, equipment etc. the 'defined' process - that is what the process owner and responsible personnel say - now includes the change and there is consistency in that description.

If we use an example of an environmental system, the auditor might ask a number of people responsible for the quality of water used in a process. The organization now has the right equipment to do the H20 analysis instead of being sent to a suppliers lab. All involved should be able to describe what had happened and the new process, possibly even what has been improved etc. They should, of course, also be able to demonstrate competency in the use of the new equipment etc.
 

Randy

Super Moderator
#14
Re: Establish, Implement & Maintain ?

Can you site an example or two to show that a Procedure is being 'maintained' without the need to document it and how it is demonstrated and verified by the auditors?
Just look at the Bushmen of the Kalahari or the Australian Aborigines as examples...lots of "procedures" and not much documentation, but they all seem to be able to hunt, eat, find water and survive where you and I might not.

Do you have a documented procedure on how to turn your office light on when you start work?

There are thousands of procedures being performed everyday within organizations that aren't documented, but they are maintained...continuity of required action and achievement of desired results demonstrates that.
 
S

samsung

#15
Re: Establish, Implement & Maintain a Procedure(s)? ISO 14001

Samsung - straight answer? How do you know an undocumented process/procedure is maintained? I've taken this to mean that, as changes occur, in requirements, methods, equipment etc. the 'defined' process - that is what the process owner and responsible personnel say - now includes the change and there is consistency in that description.

If we use an example of an environmental system, the auditor might ask a number of people responsible for the quality of water used in a process. The organization now has the right equipment to do the H20 analysis instead of being sent to a suppliers lab. All involved should be able to describe what had happened and the new process, possibly even what has been improved etc. They should, of course, also be able to demonstrate competency in the use of the new equipment etc.
Yes, I do agree with the above if the things are seen in conjunction with your previous post which suggests some excellent points which can be considered as guiding factors like :
When the organization is small enough that effective verbal communication of requirements is sufficient and/or

When the turn over of staff is minimal, so there's a lot of retained knowledge of requirements, and/or

When the requirements are stable and have not changed frequently or significantly, and/or

When the requirements are very complex and their application can be risky, and/or
In a nutshell, if any one of the above conditions exist, need to or not to document a procedure should be determined. An 'undocumented' procedure can be considered to be 'maintained' & effective as long as it meets the above criteria.
 
S

samsung

#16
Re: Establish, Implement & Maintain ?

You have provided a reasonably good explanation to my query and I do support to your quoting:
When a process is changed the procedure changes also, hence it is impossible to be 'maintained'. What should be maintained or improved are the efficiency, effectiveness and level of compliance. Therefore I would 'walk' the process just like in the past. I would look for what changed if there would be any problems with the process and probably follow another audit trail from there.
As far as EMS, in a manufacturing environment, is concerned, it's hard to demonstrate the 'efficiency, effectiveness & level of compliance on a consistent basis without documenting the processes. I would like to cite few instances where the standard does not (directly) mandate a document, but I don't think these can be effectively managed without some sort of documentation. e.g.

1. Procedure for identifying the environmental aspects & determining their 'significance' - without documenting the criteria, people within the organization may have different interpretations of the same aspect. This may lead to inconsistency in the 'desired' process outcome.

2. Legal & other requirements - Standard doesn't require the procedure to be documented yet, IMO, it's hard to remember which law says what. Why should a system rely on people's memory which is often ephemeral.

3. Similar is the case with 'Emergency Preparedness - Responding to emergency situations & accidents and mitigating the adverse environmental impacts is a highly complex process and thus may require to be documented even if the standard doesn't say so.

4. "Audit procedure(s) shall be established, implemented and maintained that address
— the responsibilities and requirements for planning and conducting audits, reporting results and retaining associated records,
— the determination of audit criteria, scope, frequency and methods" - again no reference to 'Documentation'

5. The standard, in certain cases, has also used terms such as 'determine', 'define', stipulate', 'identify', 'revise' etc. etc. which may require some sort of documentation.

One thing that I often asked auditees in the past was "who will do your job if you win the lottery tomorrow?". For some reason this question seemed like a light switch for many organizations and individuals. I believe it is just good practice and good planning (and common sense to me) to have a back-up employee who can perform a task if the regular employee is not available (temporay or permanently). Surprisingly enough, from my experiences this type of cross-training seems to be more common in smaller organizations (less than 100 employees), probably because many employees have to 'wear more than one hat'.
As a part of the Risk Evaluation process, when the organization can think of having a backup employee (which is not a bad practice either), why shouldn't it consider 'documenting' the process as the first step towards effective management of the processes.

To clarify my position, I am not against documentation, just against over-documentation. I believe the purpose of documentation is mainly to compensate for the lack of necessary knowledge. I also believe that documentation is also a good way to capture and preserve knowledge (although a knowledge database is a little more effective IMO). Therefore it is up to each individual organization to identify its needs for documentation.
Quite appreciable. And the most important reason to document a process is 'the need to ensure that the activity is undertaken consistently,'

Now I will defer to the other current or former auditors to address your point #6.
I heartily welcome the opinions of expert auditors on it.
 
S

samsung

#17
Re: Establish, Implement & Maintain ?

Further guidance on documentation as provided in Annex 'A' (informative) of ISO 14001:2004 -

A.4.4 Documentation
The level of detail of the documentation should be sufficient to describe the environmental management system and how its parts work together, and to provide direction on where to obtain more detailed information on the operation of specific parts of the environmental management system.
Any decision to document procedure(s) should be based on issues such as
the consequences, including those to the environment, of not doing so,
— the need to demonstrate compliance with legal and with other requirements to which the organization subscribes,
— the need to ensure that the activity is undertaken consistently,
— the advantages of doing so, which can include easier implementation through communication and training, easier maintenance and revision, less risk of ambiguity and deviations, and demonstrability and visibility,
the requirements of this International Standard.
 
J

jerzki

#18
Re: Establish, Implement & Maintain a Procedure(s)? ISO 14001

Hello guys,

Good day. This thread has caught my attention since during our last IMS certification audit this has been raised as an NC but eventually been closed and the RCA/CA had been accepted, we're recommended for IMS certification by the way.
Going back to our debate (me & the auditor), the auditor insisted that a documented procedure should be established since it is stated in the standards. However, we challenge the auditor stating the fact the such requirements has been covered in our Manual and evidence of fulfillment have been given. Since we are applying for IMS, he pointed out the requirements of 4.4.5 (ISO 14001) as an example wherein it is also stated the same, "establish,implement and maintain a procedure(s)". Still we justify our stand and had provided evidence that such requirements are fulfilled (the point of argument is 4.4.3 by the way). As the auditor noted as what you have said in the previous post(s).
However, IMHO, the need for DOCUMENTED procedures depends on the organization as long as it will be justifiable and evidence can be provided. In our case, I believe it's better to have it documented to avoid further debate during the surveillance audit.
Thanks to this site and to all of you.
Have a nice day.

jerzki
 
S

samsung

#19
Re: Establish, Implement & Maintain a Procedure(s)? ISO 14001

Going back to our debate (me & the auditor), the auditor insisted that a documented procedure should be established since it is stated in the standards. However, we challenge the auditor stating the fact the such requirements has been covered in our Manual and evidence of fulfillment have been given. Since we are applying for IMS, he pointed out the requirements of 4.4.5 (ISO 14001) as an example wherein it is also stated the same, "establish,implement and maintain a procedure(s)". Still we justify our stand and had provided evidence that such requirements are fulfilled (the point of argument is 4.4.3 by the way). As the auditor noted as what you have said in the previous post(s).i
I can't precisely say why the auditor raised an NC in your case unless the exact wording of the problem are known. However, if the issue is related to 4.4.3 (communication), there are two explicit requirements that need documentation (but not to say 'documented procedure). One of them is documenting & responding to relevant communication received from the external parties. What's important is how to document & deal with the problem/concerns or information received from the external interested parties (complaints, feedback, show cause notices, directives to follow, media enquiries etc.), and who will respond & upto what extent (means delegation of authority) looking to the sensitivity of the issues, in particular, during the emergencies. Obviously such things need to be documented and should be seen concomitantly with other requirements, e.g. Responsibility & authority and Emergency Preparedness & Response.

Secondly, the standard also requires that the organization documents it's decision to (or not to) communicate externally about it's significant aspects. This is quite obvious and there shouldn't be any issue.

But I differ with your opinion that
the need for DOCUMENTED procedures depends on the organization as long as it will be justifiable and evidence can be provided.
IMO, standard has made it explicit in clause 4.1 General Requirements
The organization shall establish, document, implement, maintain and continually improve an environmental management system in accordance with the requirements of this International Standard and determine how it will fulfill these requirements.
Hence there is very little or no option for the organization but to "document the environment management system" and 'determine how the (documented) EMS fulfills the requirements of ISO 14001. It's immaterial how and where these requirements are documented; in a manual, procedure, handbook or elsewhere.
 
#20
Also, don't forget about 4.4.4 e). If the absence of a documented procedure leads to ineffective planning, operation and control of its processes relating to significant aspects, then a procedure needs to be documented. So, if you have lapses in your EMS because there is no documented procedure (or any other level of document), then documentation is required.
 
Thread starter Similar threads Forum Replies Date
L Where to place the what/when/how/who/where procedures in a multi-regulation AS9110C organisation AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
G Tool tracebility and First calibration requirements for aerospace (AS9100) organisation AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
DuncanGibbons How is the arrangement between Design and Production organisation envisaged? EASA and JAA Aviation Standards and Requirements 4
M Risk Classification For Supplier - Clinical Research Organisation (CRO) Supply Chain Security Management Systems 3
B Embedding a Culture of Quality Into the Organisation Consultants and Consulting 6
F WHO (World Health Organisation) Requirements - Africa Other Medical Device Regulations World-Wide 0
D Could an organisation outsource all Part M activities? EASA and JAA Aviation Standards and Requirements 0
R Organisation knowledge specified in the ISO 9001 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
M Can an organisation hold an EASA Part 145 approval WITHOUT a QMS EASA and JAA Aviation Standards and Requirements 1
G Is it compulsory to make DFMEA for proto parts making organisation APQP and PPAP 1
A How to rollout Security Awarness at Project Level in the Organisation IEC 27001 - Information Security Management Systems (ISMS) 1
B Improving Safety Culture within an Organisation Occupational Health & Safety Management Standards 8
G 7.3 Design and Development in a Sales and Service Organisation ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
M Manager IMS (9001, 14001, 18001) Position in Organisation Chart ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 17
A Organisation Structure and Responsibilities - Clarification Misc. Quality Assurance and Business Systems Related Topics 6
S Organisation Manual - Anyone willing to share a sample? Document Control Systems, Procedures, Forms and Templates 4
R How to implement Six Sigma within an IT-driven organisation? Six Sigma 14
Q Global Organisation Chart for the Quality Management Department Quality Manager and Management Related Issues 1
S ADOA (Alternative Procedures to Design Organisation Approval) Procedures EASA and JAA Aviation Standards and Requirements 1
C Purpose of the Quality Manual for an Organisation Quality Management System (QMS) Manuals 4
G Example/Sample Part 21J - "Anybody's Design Organisation Exposition" EASA and JAA Aviation Standards and Requirements 9
B ISO9001 Process Organisation Diagram - Does this make sense to you? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
G Can anyone outline the advantages to an organisation - ISO 9001 Benefits ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
C QMS Design Approach for a Government Organisation - Advice sought ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
J Certifying Staff Training in a Part 21/145 organisation Training - Internal, External, Online and Distance Learning 3
S World Health Organisation ? Medical Device Publications Links Other Medical Device Regulations World-Wide 0
S Cluster or Sector - Organisation Map Process Maps, Process Mapping and Turtle Diagrams 6
B TS 16949 and ISO 9001:2008 in the same organisation IATF 16949 - Automotive Quality Systems Standard 4
E How to become a Repair Design Organisation, part 21 subpart M EASA and JAA Aviation Standards and Requirements 4
M Which organisation best embodies a 'Quality Approach'? Misc. Quality Assurance and Business Systems Related Topics 12
B Need Assistance for Implementing ISO 9001 in our organisation ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
M TPM Announcement Letter for TPM introduction in a organisation Lean in Manufacturing and Service Industries 3
J Can any organisation avoid Identification of Key Characteristics AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 6
A Quality System Basics - Implementing quality system basics in our organisation Misc. Quality Assurance and Business Systems Related Topics 3
J Clause 7.5.2 applicability to a CRO (Clinical Research Organisation) Qualification and Validation (including 21 CFR Part 11) 3
D Implementing ISO9001: 2008 in an unstable organisation ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
A Auditing stable organisation with long certification history, minimal documentation. ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
S Quality Policy Content - Employee vs. All the persons working in the organisation ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
E How to implement an integrated QMS&EMS fitting organisation practices & ISO norms? Quality Manager and Management Related Issues 6
A EASA Part M - Continuing Airworthiness Management Organisation EASA and JAA Aviation Standards and Requirements 40
T Work Place and Control of Organisation for OHSAS 18001:2007 Occupational Health & Safety Management Standards 5
O QMS (Quality Management System) in a Project Implementation Organisation Quality Manager and Management Related Issues 3
T Checking Contractors for Charity Organisation Service Industry Specific Topics 5
B Section 7.5 of ISO9001:2000 for a Quality Manual - Charity organisation Quality Management System (QMS) Manuals 9
A Any Books for AS9100 Services Organisation Book, Video, Blog and Web Site Reviews and Recommendations 0
B Generic list of ISO9001 processes for an organisation (manufacturing set up) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
T QMS (Quality Management System) for a business support organisation ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
A Producing a supplier audit system for my TS 16949 organisation IATF 16949 - Automotive Quality Systems Standard 2
A Configuration Management for an Engineering Services Organisation - Seeking Procedure AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
D Implement ISO/TS 16949 from our ISO 9001 in our Organisation IATF 16949 - Automotive Quality Systems Standard 8

Similar threads

Top Bottom