Welcome to the Whittington & Associates e-Newsletter!
Visit and bookmark our web site today: http://www.WhittingtonAssociates.com

The US Technical Advisory Group to Technical Committee 207 has a set of questions and answers available to help clarify the intent of ISO 14001:2004 requirements. Some examples are:
 
1. Question
Must a regulated environmental aspect automatically be considered a significant environmental aspect?
 
Answer
No. Section 3.6 states that a “significant environmental aspect has or can have a significant environmental impact.”  ISO 14001 does not establish the criteria for determining significance.

2. Question
Must each objective have a measurable target?  Or, can an organization have an objective without a measurable target?
 
Answer
Yes. Each environmental objective must have at least one measurable environmental target. The definition of an environmental target (Section 3.12) states, "Detailed performance requirement … that arises from the environmental objectives and that needs to be set and met in order to achieve those objectives.” Furthermore, Section 4.5.1 on Monitoring and Measurement states the organization must "establish, implement, and maintain a procedure to monitor and measure … The procedure shall include the documenting of information to monitor ... conformance with the organization's environmental objectives and targets." Consequently, targets must also be measurable.

3. Question
Is it permissible for a small organization to declare that they have no significant aspects and still be conformant to the ISO 14001 standard?
 
Answer
Although there is no explicit requirement in ISO 14001 that an organization will identify one or more significant environmental aspects, there is an underlying assumption that the organization will do so. The intent of the requirement (to determine those aspects that an organization considers significant) is to enable the organization to focus attention and resources on its most important environmental aspects, recognizing that not all aspects require or deserve the same degree of management. ISO 14001 does not define “significance” nor does it identify any external or absolute standard for what will be considered significant. Significance is intended to be a relative term. What is significant for one organization may not be for another, and what an organization considers a significant aspect may change over time. The use of "significance" in ISO 14001 was intended to be an aid in managing a range of environmental aspects.

There is no special category of requirements in ISO 14001 for “small” organizations. The requirements for an ISO 14001 environmental management system, including those regarding significant aspects, are intended to apply to “… all types and sizes of organizations …”

4. Question
Is there an expectation in ISO 14001:2004 that compliance with ALL applicable legal and other requirements will be assessed for ALL environmental media over some time frame (e.g., every 3-5 years), or are periodic compliance assessments on a sampling basis (selected based on the environmental importance of activities, history of noncompliance, and other factors) considered adequate?
 
Answer
ISO 14001 requires the organization to periodically evaluate compliance with all applicable legal requirements (Clause 4.5.2.1) and other requirements to which an organization subscribes (Clause 4.5.2.2) related to its environmental aspects. It does not specify a particular methodology or frequency for doing so. Periodic compliance assessments performed on a sampling basis may satisfy this requirement if, taken together, they cover all applicable legal and other requirements over a period defined by the organization.

5. Question
Does clause 4.3.2 (b) mean that an organization must demonstrate a linkage, if any, between each aspect and its applicable legal and other requirements? If so, what documentation is required?
 
Answer
Clause 4.3.2 (b) of ISO 14001:2004 requires an organization to establish, implement, and maintain a procedure to determine how legal and other requirements apply to its environmental aspects.  With the inclusion of this new requirement, an organization not only must identify and have access to the requirements that pertain to its environmental aspects, but also know the manner in which these requirements are relevant to its environmental aspects. The intent is that the organization understands these requirements sufficiently to put processes in place to meet them. There is no specific requirement for establishing a “linkage” between each environmental aspect and the identified legal and other requirements.
 
Regarding documentation, there is no specific requirement in clause 4.3.2 (b) of ISO 14001 that these determinations or the resulting information be documented. Clause 4.4.4 (e) on Documentation leaves it up to each organization to decide what documents, including records, are necessary to ensure the effective planning, operation and control of processes that relate to its significant environmental aspects.  In addition, clause 4.5.4 on Control of Records requires the organization to keep records in those situations where such records are needed to be able to demonstrate conformity to the requirements of its EMS and ISO 14001 and the results achieved. Since records are not the only means of demonstrating conformity, as affirmed in the Annex note to A.5.4, the organization must decide which situations require such records.

To see additional interpretations, go to the Standards page at the ASQ web site. If you are Interested in submitting your own question, send it in written or electronic form to:
 
American Society for Quality (ASQ)
Attention: Administrator, U.S. ISO 14000 SubTAG 1
611 East Wisconsin Avenue, P.O. Box 3005
Milwaukee, Wisconsin 53201-3005; or
 
Fax:  414-273-1734, Attention: Administrator, U.S. ISO 14000 SubTAG 1; or
 
E-mail: standards@asq.org
 
Include your name, affiliation, address, and phone/fax number. Pose your question in a question format, as specific as possible, and preferably, in a style to facilitate a concise answer. Questions that are not clear will be returned to the submitter for clarification.
 
Responses will be prepared by the SubTAG 1 Clarification of Intent Drafting Group, which consists of the Administrator, the U.S. SubTAG 1 Working Group experts who participated in the drafting of the ISO 14001 and 14004 standards, and others, as appropriate, who assisted in the formulation of U.S. positions on these standards and the auditing standards. Responses will be developed based on this group’s consensus understanding of the intent of the SC1 Working Group members who drafted the standard.
 
After confirmation by the U.S. SubTAG1 and review by the U.S. TAG, final responses will be provided to the person that submitted the question and will be widely disseminated through the media and other publication channels, including submission to the ANSI/ASQ National Accreditation Program (ANAB).

Want to improve your internal audit program? Read these audit improvement ideas from Kristin Case that may be counter to what you would think ... yet greatly benefit your organization.

1. Limit the number of corrective actions from an internal audit. This is especially important when the quality management system is young or in its early stages of development. I’m not suggesting that you blindfold your auditors as they set out to audit. But, an internal audit program besieged with corrective actions can choke the progress toward a more mature system. Overwhelming a system causes resource shortages and no organization can fix everything at once.

If you limit the number of corrective actions, you must limit the number of nonconformities found during the audit. Here’s the catch: the audit scope must be revised once the maximum number of nonconformities has been reached. As an oversimplified example: Suppose the original audit scope was “NDT:  fluorescent penetrant process” (see flowchart below) and the maximum number of findings was one (1). Now suppose the auditor noticed that the NDT inspector was rinsing the part incorrectly: with the water nozzle 6 inches from and perpendicular to the part. The specification calls for a minimum distance between the nozzle and part of 12 inches and a 45° angle to the part. At this point the audit would end, the finding would be documented, and the scope of the audit report reduced  to: “NDT:  fluorescent penetrant process from cleaning to rinsing”. 

Revised audit scope:  cleaning through rinsing.

Figure 1. NDT: fluorescent penetrant process (original audit scope).

The person who schedules internal audits can then reschedule an audit for the remaining scope “NDT: fluorescent penetrant from drying through recording results”.

2. Require volunteerism. Mandatory volunteerism may seem contradictory, but in internal auditing, it is essential. Preparing an employee to be an internal auditor requires a significant investment of resources. Typical training for ISO 9001:2000 internal auditing involves 16 to 24 hours. Add to that some practice time; a mentor (experienced) auditor; preparation, performance, and documentation time; and the “real” work that is falling behind and suddenly it is easy to see the magnitude of the organization’s investment.

Training internal auditors to assess the quality management system is a significant investment. When making a serious investment, you expect a serious return. But, auditing isn’t for everyone. Auditing takes a specific skill set and resilient personality. After investing in training is a lousy time to find out the employee does not want to volunteer as an auditor. Before investing in training is a good time to discuss required auditor attributes (open-minded, diplomatic, decisive, and self-reliant [1]) and expectations. If you are going to make this type of investment in an employee, demand a certain return on your investment in terms of internal audits performed. Make a fair trade.

3. Do not have fixed due dates for corrective actions. Many companies allow 30 days for performing corrective actions. Some allow 14 days; others 90 days. Having a fixed period for performing corrective actions assumes that all corrective actions (and therefore all nonconformities) are the same size. 

I’ve seen corrective action performed (yes, with a complete root cause analysis) the same day. [The nonconformity involved expired shelf-life items and the team’s solution effectively prevented the recurrence.]  On the other end of the spectrum, I’ve seen a corrective action that took 18 months to complete. [That nonconformity was obsolete documents and the corrective action involved major capital investment to triple the size of the library, update the technology (more than once), subscribe to revision control services, and double the library staff to control every copy of approximately 500,000 pieces of technical data.]  

Allow a timeline that is adequate to effectively perform root cause analysis and implement corrective action. Not all problems are equal; not all timelines should be. Have the auditor and assignee agree to a due date. The benefit is twofold: (a) the timeline is customized to fit the nonconformity and (b) the assignee is more likely to complete the corrective action on time if he was involved in setting the due date. 

4. Do not issue corrective actions. Lots of organizations call them corrective action “requests”, but are they ever requested?  Corrective actions are issued, signed, assigned, published, ascribed, handed out, released, logged, initiated, and delivered, but rarely requested. Too many organizations accidentally use corrective actions as a “big stick o’ punishment”. They are frequently issued to a supervisor in the area where the nonconformity occurred. Let’s assume most people do not come to work daily and attempt to cause nonconformities. Why would we then expect the department involved in creating the nonconformity to be responsible for preventing its recurrence? Chances are, this work area is lacking in some resource (training, equipment, calibrated instruments) or the nonconformity would not have occurred in the first place. 

The “assignee” of a corrective action should be the person who can answer in the positive:

(1) Do you agree that this situation is a nonconformity?

(2) Do you have the organizational authority (power) to fix it?

If you “issue” a corrective action request to someone who doesn’t believe that it is a nonconformity, or doesn’t have the power to fix it, you cannot expect results. 

5. Do not address corrective actions in an “Internal Audit” procedure.  Many companies document far more than is required by ISO 9001:2000 in their “Internal Audit” procedure. The standard [2] actually   requires a documented procedure to address “the responsibilities and requirements for planning and conducting audits, and for reporting results and maintaining records.” Most companies add a little more content to their audit procedure(s), but some wander outside the scope of audits and into the scope of corrective action. The standard [3] also requires a procedure to address corrective action. If corrective action is discussed in two procedures, the best case is redundancy; the more likely case (over time) is contradiction.

The internal audit procedure should contain a statement similar to the following: “In the event that nonconformities are found, refer to Procedure 14, Corrective Action." That allows corrective actions from a multitude of sources, including internal audits, to be addressed in the same procedure. 

Conclusion. Continual improvement of an organization’s processes, such as auditing, is a requirement [ISO 9001:2000, paragraph 4.1(f)]. A solid internal audit program is one of the most effective ways to continually improve a quality management system [paragraphs 8.1(c) and 8.5.1] and help an organization meet its quality objectives [paragraph 5.4.1].  If you found a useful improvement idea in this article, don’t forget to make sure your organization takes credit for preventive action [paragraph 8.5.3]!

The ISO 14064 standards for greenhouse gas accounting and verification published in March 2006 provide government and industry with an integrated set of tools for programs aimed at reducing greenhouse gas emissions, as well as for emissions trading.
 
ISO Secretary-General Alan Bryden commented: “Claims made about reductions of the greenhouse gas emissions widely held responsible for climate change may have political and financial implications, in addition to environmental and technical ones. Ensuring their credibility is thus vital.”

ISO launched the development of ISO 14064 in 2002 as a solution to the problems posed by the fact that governments, business corporations, and voluntary initiatives were using a number of approaches to account for organization- and project-level GHG emissions and removals with no generally accepted validation or verification protocols.
 
Dr. Chan Kook Weng, convenor of the ISO working group that developed the standard explains: “ISO’s goal is to provide a set of unambiguous and verifiable requirements or specifications to support organizations and proponents of GHG emission reduction projects. ISO 14064 will provide clarity and consistency between those reporting GHG emissions and stakeholders.”
 
In order to produce an accounting and verification tool that would have broad international backing, ISO embarked on three years of detailed study and engagement with the international community of governmental and business organizations with a stake in climate change. ISO 14064 has resulted from the work of some 175 international experts from 45 countries and 11 international business, development or environmental organizations, and eight international meetings.

Kevin Boehmer, secretary of the ISO working group, comments: “We are confident that ISO 14064 will prove to be an important building block for organizations or project proponents participating in various voluntary or regulatory initiatives, or to administrators responsible for designing and implementing GHG schemes or programs.”

Implementing ISO 14064 is intended to achieve the following benefits:

• Promote consistency, transparency, and credibility in GHG quantification, monitoring, reporting, and verification;
• Enable organizations to identify and manage GHG-related liabilities, assets, and risks;
• Facilitate the trade of GHG allowances or credits, and
• Support the design, development, and implementation of comparable and consistent GHG schemes or programs.

ISO 14064 is comprised of three standards, respectively detailing specifications and guidance for the organizational and project levels, and for validation and verification. They can be used independently, or as an integrated set of tools to meet the varied needs of GHG accounting and verification. They are:

1. ISO 14064-1:2006, Greenhouse gases – Part 1: Specification with guidance at the organization level for the quantification and reporting of greenhouse gas emissions and removals.

ISO 14064-1 details principles and requirements for designing, developing, managing, and reporting organization or company-level greenhouse gas (GHG) inventories. It includes requirements for determining GHG emission boundaries, quantifying an organization's GHG emissions and removals, and identifying specific company actions or activities aimed at improving GHG management. The standard also includes requirements and guidance on inventory quality management, reporting, internal auditing, and the organization's responsibilities in verification activities.

2. ISO 14064-2:2006, Greenhouse gases – Part 2: Specification with guidance at the project level for the quantification, monitoring, and reporting of greenhouse gas emission reductions and removal enhancements.

ISO 14064-2 focuses on GHG projects or project-based activities specifically designed to reduce GHG emissions or increase GHG removals. It includes principles and requirements for determining project baseline scenarios and for monitoring, quantifying, and reporting project performance relative to the baseline scenario and provides the basis for GHG projects to be validated and verified.

3. ISO 14064-3:2006, Greenhouse gases – Part 3: Specification with guidance for the validation and verification of greenhouse gas assertions.

ISO 14064-3 details principles and requirements for verifying GHG inventories and validating or verifying GHG projects. It describes the process for GHG-related validation or verification and specifies components such as validation or verification planning, assessment procedures, and the evaluation of organization or project GHG assertions. It can be used by organizations or independent parties to validate or verify GHG assertions.

ISO 14064 will be complemented by ISO 14065, which specifies requirements to accredit or otherwise recognize bodies that undertake GHG validation or verification using ISO 14064 or other relevant standards or specifications. ISO 14065 is expected to be published in early 2007.

A new set of ISO guidelines has been published to enable management to deliver authentic, reliable, and usable records over time to meet their business needs.

Records are created, received, and constantly referred to in the conduct of business activities. To preserve records and guarantee their authenticity, reliability, usability, and integrity, metadata must be produced through time both within and across domains. The implementation of the new ISO 23081-1:2006 will support business and records management processes by enabling records to be used in any application or information system.

Before continuing to describe this new standard, let's discuss metadata, which literally means data about data. An example is the library catalog card, which contains data about the contents and location of a book. Other types of metadata would include the source or author of a described dataset, how it should be accessed, and its limitations. So, Metadata is structured information that describes, explains, locates, or otherwise makes it easier to retrieve, use, or manage an information resource.

Robert McLean, an expert member of the ISO subcommittee responsible for archives and records management, comments: "ISO 23081-1 clearly shows how an organization can systematically and effectively improve its recordkeeping – and do so in such a way that the business objectives are supported."

By creating and maintaining reliable records, and protecting their integrity as long as is required, organizations can reap the benefits of conducting their business in an orderly, efficient, and accountable manner. "Senior management will be able to identify tangible benefits such as reduced costs and better managed risks, thereby contributing to better corporate governance," further notes Mr. McLean.

The new ISO standard is a guide to understanding and implementing metadata for use within the framework of ISO 15489, Information and documentation – Records management. It addresses the relevance of records management metadata in business processes and the different roles and types of metadata that support business and records management processes. It also sets a framework for managing these metadata.
 
Benefits expected to result from records management metadata include the ability to:

• Protect records as evidence and ensure their accessibility and usability through time;
• Facilitate the ability to understand records;
• Support and ensure the evidential value of records;
• Help to ensure the authenticity, reliability, and integrity of records;
• Support and manage access, privacy, and rights, as well as support efficient retrieval.

ISO 23081-1:2006, Information and documentation – Records management processes – Metadata for records – Part 1: Principles, is the first part of an overall framework being developed over the next two years. It will include ISO 23081-2, Implementation issues and ISO 23081-3, Evaluation instrument for existing metadata sets or schemas to assess them in relation to the principles in part 1 of ISO 23081.

ISO 9000:2005 is the third edition of the Fundamentals and Vocabulary standard and replaces ISO 9000:2000. Some of its new definitions and notes are:

1. Competence is now included twice in the definitions section. At section 3.1.6 under the Quality-related terms it is defined as the "demonstrated ability to apply knowledge and skills". At section 3.9.14 under Audit-related terms it is defined as "(audit) demonstrated personal attributes and demonstrated ability to apply knowledge and skills".

2. Contract is added at 3.3.8 under Organization-related terms and defined as a "binding agreement".

3. The Note under 3.9.1 for Audit has been expanded to state "Internal audits, sometimes called first-party audits are conducted by, or on the behalf of, the organization itself for management review and other internal purposes, and may form the basis for an organization's declaration of conformity. In many cases, particularly in small organizations, independence can be demonstrated by the freedom from responsibility for the activity being performed.

4. A Note has been added for Audit Program that states "An audit program includes all activities necessary for planning, organizing, and conducting audits".

5. A Note has been added for Audit Criteria that states "Audit criteria are used as a reference against which audit evidence is compared."

6. A Note has been added for Audit Client that states "The audit client may be the auditee or any other organization that has the regulatory or contractual right to request an audit."

7. A Note has been added for Auditor that states "The relevant personal attributes for an auditor are described in ISO 19011."

8. The definition of Audit Team has been expanded to state "... supported if needed by technical experts."

9. The definition for Audit Plan has been added: "description of the activities and arrangements for an audit".

10. The definition for Audit Scope has been added: "extent and boundaries of an audit".

11. The Measurement Control System entry was changed to Measurement Management System. The definition remained the same.

You can order a copy of this standard at the ASQ Quality Press web site.

To enroll in these public classes, you can click on the course title, go to Class Schedule at our web site, or call us at 800-404-7585.

Classes taught by Larry Whittington are shown in yellow.

Quality Management System Courses
ISO 9001:2000 Lead Auditor (RABQSA Certified) - BSI Management Systems
Initial course version developed by Larry Whittington 

• ISO 9001:2000 Auditor Update - The Process Approach (1 Day) - Course developed by Larry Whittington
• Understanding ISO/TS 16949:2002 Requirements (1 Day) - Course developed by Larry Whittington
• Understanding ISO 14001:2004 Requirements - Course developed by Larry Whittington
• Internal Quality Auditing (2 Days) - Course developed by Larry Whittington (based on ISO 19011)
• AS9100B: Requirements Beyond ISO 9001:2000  (1 Day) - Course developed by Larry Whittington

Copyright © 2000 - 2007  Whittington & Associates, LLC.
All Rights Reserved.
242 Highlands Drive, Woodstock, GA 30188
770-517-7944 or fax 770-517-7945

 
Whittington & Associates provides training, consulting and auditing services for quality systems based on
ISO 9001, ISO/TS16949, TL9000, AS9100, ISO 13485, as well as, ISO 27001, ISO 20000, ISO 22000, and ISO 14001.