ISO 9001 - FAQ

• What is ISO 9001:2015?
  • ISO 9001:2015 is the latest revision of the ISO 9001 international standard that specifies requirements for a quality management system (QMS). The 2015 revision has replaced ISO 9001:2008. Organizations currently ISO 9001:2008 certified will have until September 2018 to transition to the 2015 standard.
• What is the benefits of ISO 9001?

  • Increased Quality Awareness and Internal Advantages

    Organisations often implements ISO 9001 QMS for a variety of reasons. However, the main incentive is to be more competitive in the intense competition of today’s economy. A majority of company leaders are pressured to stay competitive through improved offerings and the achievement of enhanced productivity, while at the same time reducing overall costs and advancing business processes.

    Amidst the challenges, for small, medium and large companies are looking forward to the benefits that ISO 9001:2015 can offer. ISO 9001 helps organisations geared up for worldwide competition by helping organisations improve performance through a wide array of components, such as: analysis, proper design, careful observation and control as well as modification of business processes.

    Some of the benefits of implementation ISO 9001:2015 Quality Management System:

    Improved Business Agility
    Reduced Costs and Higher Revenues
    Higher Efficiency
    Better Visibility
    Compliance, Safety and Security

• What is Process Approach?
  • The process approach is an activity that uses resources to transform inputs to outputs, for an organisation to function effectively, they need to identify and manage a numerous interrelated and interacting processes. The ISO 9001:2015 Standard is designed to manage and improve those processes.
    1. Input to a process are generally output to another process.
    2. Processes in an Organisation are generally planned and carried out under controlled conditions to add value to a business.
    3. A process where the conformity of the resulting product, cannot be readily or economically verified is frequently referred to as a “special process”.
    4. The ISO standard requires that you identify your processes and determine the sequence and interaction of the processes. This is most easily accomplished by preparing flow charts of your product realization processes.

• How many procedures are required by the standards?
  • The extend of documented information for a quality management system can differ from one organisation to another due to:
    • The size of the organisation and its type of activities, processes, products and services
    • The complexity of processes and their interactions
    • The competent of a persons
    • Refer to section 4.4 Quality management system and its processes for further information

    The ISO 9001 standard also asks that you prepare any other documents information that you may need to for planning, designs, operation and control of your processes. The standard also asks that you have available the standard operational procedures (SOP’s) you feel are necessary. The answer to how many procedures or work instructions are required, this is decided by your organisation during the developing of the Quality Management Systems.

• What records are required by the standard?

  • The standard specifically requires records for the following items:

    • Management reviews
    • Education, training, skills and experience
    • Evidence that processes and product or service meets the requirement
    • Review of customer requirements and any related actions
    • Design and development including: inputs, reviews, verification, validation and changes
    • Results of supplier evaluations
    • Traceability where it is an industry requirement
    • Notification to customer of damaged or lost property
    • Calibration
    • Internal audit
    • Product testing results
    • Nonconforming product and actions taken
    • Corrective action
    • Preventive action
    • Records you need to provide evidence of following your processes.

• How often should we have management review meetings?
  • There is no specific requirement for frequency of management review meetings. (Senior management shall review the organisation’s quality management system, at planned intervals, to ensure its continuing suitability, adequacy, effectiveness and alignment with the strategic direction of the organisation.

    We recommend as a minimum monthly meetings at operational management level and quarterly meetings at senior management level. This allows you to stay on top of upcoming issues and collect data between meetings that is meaningful to the organisation. We have found annual meetings are not acceptable. With annual meetings you may not be able to prevent issues or resolves problems in a timely manner.

• Are Job descriptions required?
  • In the ISO standards do not specifically mentions that a job description is required. The standard requires that the organisation:
    • define roles, responsibility and authority, and
    • define the organisational knowledge, competency and awareness in terms of education, experience, skills and training.

    Normally Job descriptions are one way of accomplishing this, there are also other ways by, including preparing organisational, job responsibility lists, and competency matrices, so forth.

• Who in the organisation should be involved?
  • Everyone in the organisation needs to be involved, either in the planning, implementation or maintaining the Quality Management Systems processes.

    Management involvement is critical. Management must support the project by providing resources, removing roadblocks, and watching the timeline. Employees must also be involved in evaluating and documenting the processes in which they are involved.

    Employee involvement is critical in getting a buy-into the process throughout the organisation. Their support will help successfully implement the new policy, procedure or processes.

• Should we use outside help - Consultant?

  • A consultant can help you use your time and resources effectively. Consider using a consultant:

    • To help plan your project
      An efficient implementation begins with a solid plan, taking into account those things you need to work on, leaving out those things which are already in place, and developing an accurate estimate of how long each implementation phase should take.
    • To help keep your project on time and on budget
      Everyone is stretched thin on their jobs these days. Staff working on the implementation internally is often pulled to help fights fires or assist with production. With external assistance it is easier to keep the focus on the plan without interfering with day-to-day operations.
    • To help interpret the standard
      A consultant who understands the standard’s requirements can prevent wasted time doing things the standard does not require, or that otherwise might be spent on unnecessary or noncompliant work. QCG Quality Consulting Group experienced staff is very familiar with ISO standards and requirements.
    • To allow you to benefit from experience
      Using a consultant allows you to begin work right away without having to learn things on your own, and without having to learn by your mistakes.

• What is process auditing?
  • Auditing by Element
    Auditors use various auditing techniques to collect evidence based on the audit scope and objectives.

    Auditing a process or system by element verifies compliance or conformance to requirements. The value in this type of auditing technique is the direct linkage to license, contract or regulatory requirements.

    Auditing a process by element ensures people are aware of the requirements and the organisation is adhering to them. It helps prepare employees for external audits using the same criteria.

    Auditing by element also ensures a state of readiness and compliance or conformance to external requirements. It is a management tool for sustaining conformance to safety, health or environmental and quality requirements.
    This is good, but for management this technique defines auditing in the cost of doing business category.

    Auditing by Process

    Auditing a process or system using process techniques verifies conformance to the required sequential steps from input to output across departmental. Process auditors use models and tools such as simple flowcharts, process maps, swimming lane charts or process flow diagrams or process flow diagrams.

    A process diagram, the squares (Process) could represent a flowchart of a sequential steps. Flowcharts typically identify inputs, people, activities, departments, supporting documentation or steps, measures and outputs. The auditor normally gets this information from a procedure or flowcharts provided by the audited organisation.

    During the first part of the audit, auditors should record current customer names, order numbers, routing numbers and project numbers so they can link and verify process steps during the audit.
    

• How often should we audit each department or process?
  • Management systems such as ISO 9001, ISO 14001 and ISO 45001, require internal audits are scheduled at planned intervals; they do not established a specific frequency nor do they establish that all processes need to have a yearly internal audit. Therefore, organizations need to establish a frequency which is right for their business. Audits can be performed monthly, quarterly, twice a year or once a year. There are some criteria which should be considered before defining a frequency.
• How long will it take to implement ISO 9001:2015 Management System?
  • When implementing a Quality Management System (QMS) according to the requirements of ISO 9001:2015, you will probably wonder how long this will take. There is no simple or magical answer to this question because ISO 9001 implementation varies from company to company, nevertheless there are a number of things you can do to get a good idea of what needs to be done and how long it will take.
    • Small organisations could implement an ISO 9001:2015 within in 3 ~ 6 months.
    • Medium-sized organisations could implement a system within 6 ~ 8 months.
    • Larger organisations can take up to 8 ~ 12 months or more.

    How long will it take?

    The durations for implementation a management system will vary from company to company. Organisation size is often a big predictor on how long it take to implement ISO 9001:2015 management system.

    Recommendation: Start with a gap analysis, this should help determining the approximately timeline for implementation a Management System also engaging a consultant will assist organisation in reducing the timeline of implementing a Management System(s).

ISO 14001 - FAQ

• What is ISO 14000?
  • ISO 14000 is a series of international standards that deal with environmental issues. Some key standards in the series are ISO 14001, which deals with environmental management systems, and ISO 14010 Guidelines for Environmental Auditing – General Principals, which covers environmental auditing.
• What's an environmental management system (EMS)?
  • ISO 14001:2015 is the latest revision of the ISO 14001 international standard that specifies requirements for an environmental management system (EMS) that an organisation can use to enhance its environmental performance. This international standard is intended for use by an organisation seeking to manage its environmental responsibilities in a systematic manner that contributes to the environmental pillar of sustainability.
• Why is it important ISO 14001?
  • Environmental concerns are at the forefront of corporate issues today. Having a documented environmental management system helps ensure that your policies are effectively understood and implemented, and that your environmental management system is an integral part of your overall Integrated Management System.
• Who enforces ISO 14001?
  • Like other international standards such as (ISO 9001, ISO 45001, ISO 27001). ISO 14001 environmental standards are voluntary standards adopted by consensus of the world’s standards organisations. Third-party registration by an accredited agency certifies that your organisation’s management system meets the environmental criteria.

    The Environment Protection Act 1970 was at its inception only the second Act in the world to deal with the whole of the environment in a systematic and integrated way. The environmental Protection Act 1970 is administered by EPA.

• What are the differences between ISO 14001 and ISO 9001?
  • With ISO 14001 an organisation may elect to implement its Environmental Management System as part of an existing management system such as ISO 9001. ISO 14001 International Standard enables organisation(s) to use a common approach and risk based thinking to integrate its environmental management system with the requirements of other management systems.

    Integrated Management System shares common documentation such as: policies, management responsibility, training, documented information, records, corrective action, internal auditing and risk-based thinking.

• What types of companies are getting registered to ISO 14001?
  • A variety of companies are focusing their attention on ISO 14001 environmental management systems, primarily manufacturers in automotive, construction, chemicals, pharmaceuticals, and electronics, as well as utilities, printing, metalworking, and many other organisations and government agencies are showing an active interest in ISO 14001 environmental management system.
• Can we integrate ISO 14001 EMS with ISO 14001 EMS & ISO 45001 OHS?
  • Yes companies can Integrate their Management Systems. Although subtle differences do exist, it is possible to integrate ISO 14001:2015 Environmental, ISO 9001:2015 Quality and ISO 45001 Health & Safety.
• Can I become a registered lead auditor/internal auditor to ISO 14001?
  • Yes. Attending a five-day registered lead auditor training program will satisfy the basic training requirements for applying as A lead auditor status. Refer to ISO 19011 Guidelines for auditing management systems.

AS 4801 - OHSAS 18001 - ISO 45001 - FAQ

• What is Risk Management?
  • Risk management is the identification, evaluation, and prioritization of risks (defined in ISO 31000 as the effect of uncertainty on objectives) followed by coordinator and economical application of resources to minimize, monitor, and control the probability or impact of unfortunate events[1] or to maximize the realization of opportunities. Risk management’s objective is to assure uncertainty does not deflect the endeavour from the business goals.

    Risk management involves assessing the risk / harm of those hazards. It is the process of:

    • Identifying any foreseeable hazard – anything in the workplace that has potential to harm anyone at the workplace, e.g. moving parts in machinery, toxic chemicals, manual handling tasks.
    • Assessing the risk from the hazard – finding out how significant the risk is e.g. will it cause a serious injury, illness or death and how likely is this to occur?
    • Eliminating the hazard or if this is not possible, controlling the risk from the hazard – implementing strategies to eliminate or control the hazard e.g.. design equipment differently, add machine guards, use safer chemicals, providing lifting devices to minimise manual handling or use personal protective equipment.

• What is Risk Assessment?
  • Risk management is part of managing the health and safety of your business you must control the risks in your workplace. To do this you need to think about what might cause harm to someone and decide whether you are taking reasonable steps to prevent that harm. This is known as risk assessment and it is something you are required by law to carry out.

    A risk assessment is not about creating huge amounts of paperwork, but rather about identifying sensible measures to control the risks in your workplace. You are probably already taking steps to protect your employees (workers), but your risk assessment will help you decide whether you have covered all aspect of the hazard.

    There are many types of hazards and methods for assessing the hazard. Refer to OHS/WHS Regulation’s that provides information about assessing the risks. An employer must:

    • Evaluate the likelihood of an injury or illness occurring and the likely severity of any injury or illness;
    • Review all available health and safety information relevant to the hazard (for example, information from the supplier of plant, material safety data sheets, labels, registers of installed asbestos;
    • Review results of biological monitoring and atmospheric monitoring of atmospheric contaminants, previous incident, injury or illness reports);
    • Identify factors that contribute to the risk (for example, layout and condition of working environment; capability, skill, experience and age of people ordinarily doing the work;
    • systems of work being used and reasonably foreseeable abnormal conditions);
    • Identify actions necessary to eliminate or control the risk;
    • Identify any records necessary to be kept to ensure that risks are eliminated or controlled (including how long they should be kept).

• When must Risk Management be done?

  • Under the Regulations, employers must identify hazards:

    • before using any premises as a place of work
    • before and during installation, erection, commissioning or alteration of plant in a place of work
    • before changes to work practices and systems of work are introduced
    • before hazardous substance are introduced into a place of work
    • while work is being carried out
    • when new or additional health and safety information relevant to the employer’s business becomes available.

• Who is responsible for Risk Management?
  • The employer must undertake risk management for all foreseeable hazards in their workplace that may arise from work activities and that have the potential to harm employees and any other person at that workplace.

    In particular the employer must take reasonable care to identify hazards arising from (but not limited to):

    • Work premises
    • Work practices, systems and shift working arrangements (including hazardous processes, psychological and fatigue related hazards)
    • Plant (including the transport, installation, erection, commissioning, use, repair, maintenance, dismantling, storage or disposal of plant)
    • Hazardous substances (including the production, handling, use, storage, transport or disposal of hazardous substances)
    • Presence of asbestos
    • Manual handling (including potential for occupational overuse injuries)
    • Layout and condition of the workplace (e.g. lighting and workstation design)
    • Physical working environment (including the potential for any one or more of:
      electrocution; drowning; fire or explosion; people slipping, tripping or falling; contact with moving objects; exposure to noise, heat, cold, vibration, radiation, static electricity or a contaminated atmosphere)
    • Potential for workplace violence and
    • Biological hazards.

    Others must also undertake risk management in relation to hazards and risks that arise out of their activities, for example, designers, manufacturers, suppliers, and controllers of premises all have obligations.

• Who should be involved in Risk Management?
  • The employer must consult with employees about any OHS/WHS matter that affects them – this includes the risk management process.

    Involving employees in risk management can be done through the consultative arrangements that have been agreed to at the workplace (e.g. health and safety committee, health and safety representative or through other agreed arrangements).

    Consulting with employees about the hazards and how to eliminate or control them will help:

    • To comply with the law
    • To get the whole team involved in the process
    • To give you many different points of view
    • To encourage safe thinking

• Are there any exemptions for Risk Management?
  • No. There are no exemptions for risk management. Risk management applies to all hazards and all workplaces covered by the OHS/WHS Act and Regulations.
• What responsibilities does an employer have in relation to injury management?

  • Injury management plans focus on early intervention. As an employer you must:

    • Notify your insurer within forty eight (48) hours of becoming aware of any workplace injury that seems to be a significant injury is likely to result in the worker being partially or totally incapacitated for work (or a combination of both) for more than seven (7) days. (If the injury does not seem to be a significant injury, you must notify your insurer within s even (7) days of becoming aware of the injury;
    • Co-operate and participate in the establishment of an injury management place for an injured worker;
    • If a Category 1 employer, you must nominate one of your staff as the Rehabilitation Coordinator is responsible for preparing the return-to-work plan in consultation with the injured worker’s treating doctor, the workplace supervisor, and the injured worker;
    • If you are a small business proprietor, you will usually assume the role of the rehabilitation coordinator.

• Is there any compulsory Health and safety representative training?
  • You do not need any experience or special qualifications to become a Health and Safety Representative (HSR).

    The PCBU (Company) must give Health and Safety Representative paid time off to attend a course and pay the course costs and reasonable expenses, within three months of the request.
    Training courses approved under section 21 of the Work Health and Safety Regulation 2011, are:

    • an initial five-day training course
    • an annual one-day refresher course.

• What if the employer uses a supervisor or employee or consultant to undertake the Risk Management on their behalf?

  • Obligations for risk management remain the responsibility of the employer regardless of any delegation or contracting arrangements that may be made in carrying out the risk management process.

• What is a hazard?
  • A hazard is an agent which has the potential to cause harm to a vulnerable target. The terms “hazard” and “risk” are often used interchangeably. However, in terms of risk assessment, these are two very distinct terms.

    A hazard is anything in the (workplace, office, construction site, etc.) that has the potential to harm the health and safety of a person. Hazards can arise from but not limited to:

    • The workplace environment
    • The use of plant & equipment or substances
    • Poor work design, infrastructure or practices
    • Inappropriate safety management systems and procedures
    • Human behavior (horse-playing)

• Do I need to conduct a separate Risk Management for the same hazards in different locations?

  • A general risk assessment of the hazard is enough, however you will need to examine the different places or circumstances in which the hazard occurs and make sure that your risk assessment outcomes are applicable. You will also need to check that the risk is eliminated or effectively controlled for each place or circumstance.

• What are some ways in which you can identify hazards?
  • What should you be looking out for when identifying an hazards?

    Really, it could be any situation, substance, activity, event, or environment that could cause injury, ill health or death to a worker or other people in the workplace.

    Health and safety legislation, requires you to be proactive in identifying and controlling hazards before they cause actual harm to anyone. Your aim should always be to be proactive – reactive hazard identification processes such as identifying the cause of an injury after it has occurred, are less effective and have failed to prevent the workplace incident. They can also be costly if courts impose penalties.

    10 proactive hazard identification methods

    • conducting pre-start discussions on the work to be carried out;;
    • encouraging workers to recognise and highlight hazards while performing work;
    • carrying out safety inspections and audits of the workplace and work procedures;
    • conducting job safety analyses (or similar task evaluation processes);
    • monitoring, measuring and testing the working environment, such as noise monitoring, electrical testing and atmospheric testing;
    • analysing proposed new or modified plant, material, process or structure;
    • conducting hazard (or risk) surveys;
    • reviewing product information, e.g. safety data sheets, operating manuals;
    • researching publicly available data on hazards, e.g. media articles, industry or safety regulator alerts; and
    • looking at past incident and near-miss reports.

    Remember that a workplace is any place that a worker carries out a work task for your business, so even when your workers are offsite or travelling on business, for example, you need to be sure that they are not exposed to health and safety risks.

• What is Work Health & Safety Consultation?
  • Consultation needs to be a two-way exchange between employers and employees that involves, sharing information about health and safety, giving employees a reasonable opportunity to express their views, and taking those views into account.

    Employees (workers) can be consulted in a variety of ways, including by setting up a health and safety committee or by holding regular meetings. If employees have elected a health and safety representative (HSR), the HSR must be involved in consultation.

    OHS consultation involves:

    • The sharing of relevant information about OHS and welfare with employees;
    • Giving employees the opportunity to express their views and to contribute to the resolution of OHS and welfare issues;
    • Valuing the views of employees and taking them into account.