ims training notes

INTEGRATED MANAGEMENT SYSTEM

CONTENTS PAGE

1. An Overview & Common Requirements 2-3

2. Key Requirements of ISO 9001 4-7

3. ISO 14001 & The Key Requirements 8-12

4. OHSAS 18001 & The Key Requirements 13-15

5. Do’s & Don’ts During an External ISO Audit 16

Pg 1 of 16


AN OVERVIEW OF INTEGRATED MANAGEMENT SYSTEM (IMS)

The IMS comprises the following standards:

1. ISO 9001:2000 (Quality Management System)

2. ISO 14001:1996 (Environmental Management System)

3. OHSAS 18001:1999 (Occupational Health & Safety Management System)

All 3 standards have a similar structure which enables integration. Many requirements within

ISO 14001 & OHSAS 18001 are very similar.

COMMON IMS REQUIREMENTS:

1. The IMS covers all activities of the organisation from operations to support activities.

Eg. from tendering to execution to handover of completed works to defects liability

stage.

2. Management Commitment must be apparent.

3. Process Planning – identify key processes, monitor and manage key processes.

Implement process approach and PDCA (Plan-Do-Check-Act) cycles.

4. Data Collection & Analysis - of data pertaining to customers, suppliers, product &

process, impact and risk analysis. This enables top management to make effective

decisions based on analysis of the data.

5. Emphasis on Performance Improvement & Continual Improvement.

Pg 2 of 16


COMMON EMS & OHS REQUIREMENTS

1. Compliance with legislations and regulatory requirements, especially in the realm of

environmental protection and OHS.

2. Take steps to control and manage those significant aspects / hazards or risks. For

example:

- Establish Env/OHS management programmes

- Set Env/OHS objectives and targets to reduce impact and risks

- Determine the operation control measures to eliminate / prevent / mitigate

these impacts and risks

3. Establish operation controls for the activities to ensure that they are carried out under

controlled conditions:

- Operating criteria

- Procedures / work instructions

- Monitoring of these processes

4. Have procedures to deal with emergency situations (eg. accidents / incidents,

spillages, etc). Commonly known as “Emergency Preparedness & Response”

procedures.

5. Training of people involved to make them aware of environmental impacts, hazards

and risks in relation to their work. Need to consider the competence of people

performing such work. Training may cover management staff, employees,

subcontractors/suppliers and visitors.

Pg 3 of 16


KEY REQUIREMENTS OF ISO 9001:2000

1. ISO 9001 covers all activities of the organisation from operations (eg. tendering,

operations, handover, DLP) to support activities (training, purchasing, filing and

record maintenance).

2. Management Commitment – Senior management involvement in the quality

management system must be apparent. This is a major area of audit.

3. Process Planning & Approach – Need to identify key processes, monitor and manage

these key processes. Implement a process approach and adopt the PDCA cycle in

every process.

4. Customer Focus – Must know what the customer requirements are. May come in

form of specifications, drawings, instructions, standards and codes (where applicable),

etc.

5. Customer Satisfaction Information – Monitoring Customer Complaints alone is NOT

adequate. Need to find out if customers are indeed satisfied with our products /

services and how satisfied they are.

6. Data collection and analysis – Data on customers, suppliers/subcons, products and

processes. This will enable effective decisions to be made based on facts and

analysis.

7. Emphasis on Performance Improvement and Continual Improvement.

8. Documentation Requirements:

a. Quality Policy & Objectives

b. Quality Manual

Pg 4 of 16


c. Quality Procedures (minimum 6 mandatory documented procedures i.e.

Control of Documents, Control of Records, Internal Audit, Control of

Nonconforming Product, Corrective Action, Preventive Action).

d. Planning & Operations documents (eg. time schedules, resource planning,

specifications / drawings, contract documents, method statements, handover

evidence, etc)

e. Records (eg. inspection records, test results / reports, progress reports/ records,

etc)

ISO 9001:2000 – The Standard

Clause headings:

1. Scope

2. Normative Reference

3. Terms & Definitions

4. Quality Management System

5. Management Responsibility

6. Resource Management

7. Product Realisation

8. Measurement, Analysis & Improvement

ISO 9001 requirements are within clauses 4, 5, 6, 7 and 8.

Clause 1 - Scope:

a. Generally :

- To consistently meet customer and applicable regulatory requirements.

- To enhance customer satisfaction with continual improvement and assurance

of conformity.

b. Application :

- Applicable to all types and sizes of product / service based organisations.

- Exclusions limited to Cl. 7 requirements only.

Pg 5 of 16


Clause 2 - Normative Reference:

All undated references indicated in ISO 9001:2000 should refer to their latest editions.

Clause 3 – Terms & Definitions :

To refer to ISO 9000:2000.

Clause 4 – Quality Management System :

Cl. 4.1 – General Requirements

Cl. 4.2 – Documentation Requirements : Not all procedures need to be documented but there

are 6 mandatory documented procedures. Control of Documents, Control of Records.

Clause 5 – Management Responsibility :

Cl. 5.1 – Management Commitment

Cl. 5.2 – Customer Focus

Cl. 5.3 – Quality Policy

Cl. 5.4 – Planning

Cl. 5.5 – Responsibility, Authority and Communication

Cl. 5.6 – Management Review

Clause 6 – Resource Management :

Cl. 6.1 – Provision of Resources

Cl. 6.2 – Human Resources

Cl. 6.3 – Infrastructure

Cl. 6.4 – Work Environment

Clause 7 – Product Realisation :

Cl. 7.1 – Planning of Product Realisation

Cl. 7.2 – Customer Related Processes

Cl. 7.3 – Design & Development

Cl. 7.4 – Purchasing

Cl. 7.5 – Product & Service Provision

Cl. 7.6 – Control of Monitoring & Measuring Devices

Pg 6 of 16


Clause 8 – Measurement, Analysis & Improvement

Cl. 8.1 – General

Cl. 8.2 – Monitoring & Measurement

Cl. 8.3 – Control of Nonconforming Product

Cl. 8.4 – Analysis of Data

Cl. 8.5 – Improvement

The 8 Quality Management Principles

1. Customer Focus

2. Leadership

3. Involvement of People

4. Process Approach

5. System Approach to Management (system is a set of interrelated processes)

6. Continual Improvement

7. Factual Approach & Decision Making

8. Mutually Beneficial Supplier Relationships

Network of Processes

The entire ISO 9000 system is based on the PDCA (Plan-Do-Check-Act) where:

P = Cl. 4, 5, 6

D = Cl. 7

C = Cl. 8

A = Cl. 8

Each process implementation should also be guided by the PDCA cycle.

Pg 7 of 16


ISO 14001:1996 & THE KEY REQUIREMENTS

ISO 14001 is an environmental management system that:

a. Provides a framework to identify business aspects with significant impact on

environment

b. Sets objectives & targets to minimise these impacts

c. Introduces programmes to achieve the objectives & targets

d. Establishes operational control measures to ensure compliance

Reasons for Implementing ISO 14000 EMS:

a. Commitment to protect the environment

b. Public image and good corporate citizenship

c. Cost savings / efficient allocation of resources

d. Stakeholders’ pressure

e. Trade / Business restrictions (if without EMS)

f. Competitors’ pressure

Cost Savings from having an EMS:

a. Efficient use of electricity, water and gas

b. Efficient use of raw materials

c. Efficient deployment of operatives

d. Continual Improvement of process design

e. Reduce process contamination, increase yield

f. Reduce possible future environmental liabilities

g. Reduce possible workmen compensation liabilities

The above cost savings are NOT immediately gained at the beginning of EMS

implementation.

Pg 8 of 16


Truth about ISO 14000:

It is NOT about prohibiting anyone from doing things harmful to the environment because

whatever we do will have an impact on the environment in one way or another.

ISO 14000 EMS is about knowing and understanding what exactly we are doing and how

these activities impact on the environment and implementing the necessary controls on these

activities.

KEY REQUIREMENTS OF ISO 14001:1996

1. Compliance with legislation and regulatory requirements such as Factories

Act, Environmental Pollution Control Act, etc

2. Understanding what you do will harm the environment. Need to determine:

a. The environment aspects (elements of the activities which have impact on the

environment eg. vehicle emission) and the impact on the environment (eg. air

pollution as a result of vehicle emission).

b. The significance of these aspects / impacts by evaluation of the impacts

against a set criteria.

Aspect & Impact analysis shall include operating conditions as in Normal, Abnormal

and Emergency. The analysis should also be done on a brain-storming / team

approach.

Method:

Select an activity Identify its environmental aspects Identify its environmental

impacts Evaluate significance of impacts

Evaluation of significance may be based on:

a. Environmental concerns such as scale of impact, severity of impact, probability of

occurrence and duration of impact.

Pg 9 of 16


b. Business concerns such as potential regulatory and legal exposure, difficulty and

cost of changing impact, effect of changes on other activities and processes, effect

on public image, etc.

3. Take steps to control and manage those significant aspects by:

a. Establishing environmental management programmes. The MP is used to achieve

objectives and targets and shall include the identity of person responsible for it,

the means to achieve it and the time frame to complete it.

b. Setting environmental objectives and targets to reduce the impacts. Objective is

an overall goal arising from the environmental policy and which is quantified

where applicable. Target is a detailed performance requirement, quantified where

practicable that arises from the objective, to be set and achieved in order to

achieve that objective.

c. Determining & implementing operation control measures to eliminate / prevent /

mitigate these impacts.


controlled conditions. Eg. operating criteria, procedures / work instructions,

monitoring of these processes. The key characteristics of processes associated with

significant impacts shall be monitored. The monitoring devices shall be calibrated.

5. Have procedures to deal with emergency situations eg. accidents / incidents, spillages

of chemicals, fuels, etc. Need to be proactive in determining “what can possibly go

wrong” and have ready steps in dealing with such situations. Aim to minimise /

mitigate the environmental impacts when such things occur. The procedures shall be

tested periodically and reviewed and revised where necessary, especially after an

accident / emergency.

6. Training of people involved to make them aware of the environmental impacts in

relation to their work. Such training may cover management staff, workers and

subcontractors/suppliers.

Pg 10 of 16


7. Institute continual improvement in environmental performance.

The ISO 14001 Standard:

1. Scope

2. Normative references

3. Definitions

4. EMS Requirements

4.1 General Requirements

4.2 Environmental Policy

4.3 Planning

4.3.1 Environmental Aspects

4.3.2 Legal & other Requirements

4.3.3 Objectives & targets

4.3.4 Environmental Management Programme(s)

4.4 Implementation and Operation

4.4.1 Structure & responsibility

4.4.2 Training, awareness & competence

4.4.3 Communication

4.4.4 EMS documentation

4.4.5 Document Control

4.4.6 Operational Control

4.4.7 Emergency Preparedness & Response

4.5 Checking and Corrective Action

4.5.1 Monitoring & measurement

4.5.2 Nonconformance and corrective and preventive action

4.5.3 Records

4.5.4 EMS audit

4.6 Management Review

Concluding Remarks:

Pg 11 of 16


1. ISO 14001 does not spell out what you can or cannot do.

2. Must comply with regulations and legal requirements.

3. Emphasis is on knowing what you do will harm or affect the environment and have

measures to control them.

4. Stresses on continually improving such measures.

5. Certain areas extend to outside of the organisation (eg. to suppliers, subcontractors)

Pg 12 of 16


OSHAS 18001:1999 & THE KEY REQUIREMENTS

The objectives of OHS are to enable an organisation to:

Identify HAZARDS

Control RISKS

Improve PERFORMANCE

in occupational health & safety.

Reasons for Implementing an OHS Management System:

a. To manage safety and health issues proactively

b. To avoid potential liability

c. To protect business and image

d. To demonstrate concern to employees

e. To ensure and assure compliance

Key Requirements of OHSAS 18001:1999

1. Compliance with legislations, regulations and other requirements such as Factories

Act, Fire Safety Act, etc

2. Understanding the hazards in your activities and their associated risks and determine

if those risks are tolerable. A Risk Assessment is carried out based on set criteria.

Hazard is the potential to harm. Risk is a combination of the likelihood and

consequences of a specified hazardous event occurring.

Hazard Identification to consider the source of harm, who or what could be harmed

and how the harm could occur. Hazard identification shall include routine and non-

routine activities and should be done on a brainstorm / team approach.

Pg 13 of 16


Risk – How likely can things go wrong (likelihood)? How serious can it be if it did

go wrong (severity)?

Risk = Likelihood of harm x Severity of harm [a combination of “likelihood” and

“severity”]

Risk Assessment - is to determine if the risks are tolerable or further control measures

to contain the risks are required. It also requires the consideration of legal/regulatory

requirements. It shall be done with consideration for the safety/control measures

already in place.

Risk Control – Are means of eliminating or minimising adverse effects from

happening and there are basically 3 categories of action:

a. Actions which eliminate / remove the hazard or target

b. Actions which eliminate / reduce the consequences (eg. PPE)

c. Actions which reduce the likelihood (eg. Safe Work Procedures, training, etc)

3. Take steps to control and manage those risks which are significant by:

a. Setting objectives to reduce risks.

b. Establishing management programmes to achieve the objectives. The MP is

used to achieve objectives and targets and shall include the identity of person

responsible for it, the means to achieve it and the time frame to complete it.

c. Determining & implementing operation control measures to eliminate /

prevent / mitigate these risks.


controlled conditions. Eg. operating criteria, procedures / work instructions,

monitoring of these processes.

5. Institute continual improvement in risk management.

Pg 14 of 16


The OHSAS 18001 Standard:

1. Scope

2. Reference Publications

3. Terms & Definitions

4. OH&S Management System Elements

4.1 General Requirements

4.2 OH&S Policy

4.3 Planning

4.3.1 Planning for hazard identification, risk assessment & risk control

4.3.2 Legal & Other Requirements

4.3.3 Objectives

4.3.4 OH&S Management Programme(s)

4.4 Implementation and Operation

4.4.1 Structure & responsibility

4.4.2 Training, awareness & competence

4.4.3 Consultation & communication

4.4.4 Documentation

4.4.5 Document & Data Control

4.4.6 Operational Control

4.4.7 Emergency Preparedness & response

4.5 Checking and Corrective Action

4.5.1 Performance measurement & monitoring

4.5.2 Accidents, Incidents, Nonconformance and corrective and

preventive action

4.5.3 Records & record management

4.5.4 Audit

4.6 Management Review

Pg 15 of 16


DO’S & DON’TS DURING AN EXTERNAL ISO AUDIT

Do’s:

a. RELAX…Auditors aren’t supposed to pick on your “mistakes”; they are here to see if

the management system is in working order. They are looking for positive evidence

of compliance and conformity.

b. Be prepared. Ensure all the documentation and records are in order and updated

about a week prior to Audit.

c. Understand the requirements in your area of work and requirements within the

Standard and IMS Manuals. It’s not an exam.

d. Ensure files are properly labelled and identified. It’s really for your own convenience

when you need to quickly retrieve a document, than a show for the auditors only.

e. Be punctual, friendly, courteous and attentive to the auditors.

f. Pay close attention to questions asked and request for clarification, if necessary. It’s

ok to ask the auditor to repeat and rephrase the question. It’s also ok to discuss with

your colleagues before you answer.

g. Be professional at all times.

Don’ts:

a. Don’t panic.

b. Don’t go on the offensive or defensive when questioned; no matter how you feel

about the auditors or the questions asked.

c. Don’t argue or quarrel with the auditors.

d. Don’t argue or quarrel with your colleagues or bosses during the audit.

e. Don’t blame or bad-mouth your colleagues or anyone else during the audit if the

auditor picks up a non-conformity from your area of work.

f. Don’t volunteer information or data unless requested to do so specifically.

g. Don’t offer entire file of documentation to the auditor unless requested to do so. Pick

a good sample and show the auditor.

Pg 16 of 16