ISO has published an updated edition of ISO/TS 29001. This technical specification is intended to ensure safe and reliable equipment and services throughout the oil and gas industries by providing a unique requirements document for quality management.

The 2003 edition incorporated the requirements of ISO 9001:2000 and supplemental, sector-specific requirements. ISO/TS 29001:2007 has edited and expanded these requirements, as well as, added new definitions.

ISO/TS 29001:2007 was developed to meet the needs of the oil and gas industry, specifically the major petroleum, petrochemical, and natural gas organizations, as well as, government and regulatory agencies, as the basis for qualification of the quality management systems of equipment manufacturers and service suppliers.

ISO/TS 29001:2007, is the result of cooperation between the American Petroleum Institute (API) and ISO technical committee ISO/TC 67. In conjunction with API and ISO product specifications, it will be used as one of the baseline documents in the API Monogram program for the qualification of products and services used in the petroleum industry.

Potential end users include organizations:

• Involved in exploration, production, pipelines, transportation, and refining of petroleum and natural gas products
• Involved in the design, manufacture, installation, service, and repair of equipment used in the exploration, production, transportation, and refining of petroleum and natural gas products
• Providing technical, operational, and support services to the various industry sectors identified above

ISO/TS 29001:2007, Petroleum, petrochemical, and natural gas industries - Sector-specific quality management systems - Requirements for product and service supply organizations, is available from the ANSI Web Store.

Have you adequately defined the responsibilities for your quality management system? Clause 5.5.1 of ISO 9001:2000 requires top management to ensure responsibilities and authorities are defined and communicated within the organization.

Responsibilities and authorities should be expressed to implement and maintain an efficient and effective quality management system. Employees should be given this information so they can help achieve the quality objectives and establish their involvement, motivation, and commitment.

The ISO 9001:2000 standard doesn't require written job descriptions. The responsibilities and authorities can be communicated in a combination of the quality manual, plans, procedures, and instructions. However, most companies also use job descriptions.

Properly written job descriptions not only convey responsibilities, they also help with hiring, retention, and legal compliance.

Hiring
According to the HR Daily Advisor, bad hires often stem from not clearly defining what is required for the job. The result may be a bad fit, low productivity, poor morale, and eventually, resignation or termination. A good job description helps you and the applicants understand just what the job requires and what it's like to do it. That makes for hires who are more likely to become competent and happy employees.

Responsibility
Job descriptions help clarify roles and define relationships. They can provide a basis for analyzing and improving the organizational structure. They also form the basis for the compensation system, including job evaluations and salary levels.

Legal
The HR Daily Advisor says that many a lawsuit has turned on a bad job description. You don't want to be in front of a jury explaining that you fired someone for doing a poor job at a key task that's not in the job description. So, if you use job descriptions, review them to ensure they continue to accurately reflect the actual functions of the job.

And, don't overlook the Fair Labor Standards Act. According to the U.S. Department of Labor, job titles do not determine exempt status. In order for an exemption to apply, the specific job duties and salary must meet all the requirements of the Department's regulations. The job descriptions should back you up.

Mistakes
The HR Daily Advisor lists some of the common job description mistakes:

1. Writing a job description that describes the person performing the job, not the job itself. It's easy to think about the person in the job, and write about how he or she has chosen to do the work. A good job description focuses purely on job expectations and outcomes, not how the job is handled by the person doing the job.

2. Using vague wording. It is tempting to quickly write job descriptions by inserting vague language like "takes care of employment." Does that mean routine recordkeeping, labor negotiations, or executive recruiting? Does that involve responsibility for employment or just participation in the process? Spell it out.

3. Glossing over essential vs. nonessential functions. With the advent of the Americans with Disabilities Act (ADA), it became important to separate the essential functions of a job. This allows persons with disabilities to still be hired if they can carry out those key tasks (sometimes with reasonable accommodation), even if they can't do lesser tasks. Every job description must make this separation to be ADA-compliant.

4. Failing to update. Change happens. There aren't many jobs that haven't changed significantly in the past few years. If job descriptions haven't kept up, confusion and legal challenges may be headed your way.

To subscribe to the free HR Daily Advisor, go to this web site.

ISO has published the first internationally ratified benchmark document addressing incident preparedness and continuity management for organizations in both public and private sectors.

The Publicly Available Specification, ISO/PAS 22399:2007, Societal security - Guideline for incident preparedness and operational continuity management, is based on best practice from Australia, Israel, Japan, the United Kingdom, and the United States.

Natural disasters, acts of terror, technology-related accidents, and environmental incidents have clearly demonstrated that public and private sectors are not immune from crises. This has led to a global awareness that organizations in the public and private sectors must know how to prepare for and respond to unexpected and potentially devastating incidents.

ISO/PAS 22399 establishes the process, principles, and terminology of incident preparedness and operational (business) continuity management within the context of societal security.

The purpose of the guideline is to provide a basis for understanding, developing, and implementing incident preparedness and operational continuity management within an organization, as well as, to provide confidence in organization-to-community, business-to-business, and organization-to-customer/client dealings.

The guideline is a tool to allow public or private organizations to consider the factors and steps necessary to prepare for an unintentionally, intentionally, or naturally caused incident (disruption, emergency, crisis or disaster) so that it can manage and survive the incident and take the appropriate actions to help ensure the organization's continued viability.

Organizational resilience requires proactive preparation for potential incidents and disruptions, in order to avoid suspension of critical operations and services, or if operations and services are disrupted, that they resume operations and services as rapidly as required by those who depend on them.

ISO/PAS 22399 describes a holistic management process that identifies potential impacts that threaten an organization and provides a framework for minimizing their effect.

According to an article in Safety + Health magazine, the top ten violations cited during fiscal 2007 by the Occupational Safety and Health Administration (OSHA) were:

1. Scaffolding: Failure to provide fall protection; failure to provide proper access; failure to provide adequate platform construction; failure to provide support scaffolding and guard rails.

2. Fall Protection: Failure to provide protection; failure to use fall arrest or safety net; failure to provide protection on roofs and wall openings.

3. Hazard Communication: Failure to maintain a written program; failure to provide training; failure to provide MSDS sheets for each chemical and maintain MSDS sheets in workplace.

4. Respiratory Protection: Failure to establish a program; failure to provide medical evaluation of ability to use respirator; failure to provide respirators and with tight-fitting face piece.

5. Lockout/Tagout: Failure to document and use procedures for control of potentially hazardous energy; failure to conduct periodic inspections; failure to provide training.

6. Powered Industrial Trucks: Failure to take damaged trucks out of service; failure to ensure operators can safely operate trucks; failure to certify operators are trained and evaluated.

7. Electrical - Wiring: Failure to close conductors and protect them from abrasion; failure to provide junction boxes with approved covers; failure to connect flexible cords to devices for strain relief.

8. Ladders: Failure to extend ladder side rails at least 3 feet above landing surface; failure to use on stable and level surfaces; use of top step of ladders as a step.

9. Machine Guarding: Failure to provide machine guarding; failure to anchor fixed machines.

10. Electrical - General Requirements: Failure to install and use electrical equipment per factory instructions; failure to guard equipment; failure to keep work spaces clear.

For more information on the most frequently cited violations for your industry sector, go to this page at the OSHA web site.

In the last newsletter, I previewed the requirement changes in the ISO/DIS 9001:2008 standard. However, the changes planned for Edition 4 of ISO 9001 weren't limited to clauses 4 through 8.

0.1 General

ISO 9001:2000 states, "The design and implementation of an organization's quality management system is influenced by varying needs, particular objectives, the products provided, the processes employed, and the size and structure of the organization."

The following factors are added to the list by ISO/DIS 9001:2008, "influenced by: its business environment, changes in that environment, or risks associated with that environment; "

Later in section 0.1, ISO 9001:2000 states the standard is used, "to assess the organization's ability to meet customer, regulatory, and the organization's own requirements."

ISO/DIS 9001:2008 changes "regulatory" to "statutory and regulatory requirements applicable to the product."

0.2 Process Approach

In this section, ISO/DIS 9001:2008 has modified the definition of the process approach by adding "to produce the desired outcome" to the text below:

"The application of a system of processes within an organization, together with the identification and interactions of these processes, and their management to produce the desired outcome, can be referred to as the "process approach"."

0.3 Relationship with ISO 9004

The planned revision to ISO 9004:2000 is expected to be issued in 2009 with extensive changes, including a new clause structure that no longer matches that of ISO 9001. As a result, it will no longer forms a "consistent pair" with ISO 9001.

In anticipation of that change, ISO/DIS 9001:2008 no longer refers to the two standards as having, "similar structures in order to assist their application as a consistent pair."

This section adds that an objective of the ISO 9004 guidance is to manage for the "sustainable success" of an organization. And, instead of saying ISO 9004 is a guide to "move beyond the requirements of ISO 9001", it now says ISO 9004 is a guide to "extend the benefits of ISO 9001."

ISO 9001:2000 states ISO 9004 should be used to pursue "continual improvement of performance", but ISO/DIS 9001:2008 has reworded it to pursue "systematic and continual improvement of the organization's overall performance".

0.4 Compatibility with Other Management Systems

The change at this section was to refer to ISO 14001:2004 instead of ISO 14001:1996.

1. Scope
1.1 General

This section still explains that ISO 9001 specifies requirements for a quality management system. It refers to the product meeting customer and applicable regulatory requirements, as well as, enhancing customer satisfaction by assuring conformity to customer and applicable regulatory requirements.

ISO/DIS 9001:2008 has changed the two uses of "regulatory" to "statutory and regulatory".

The Note at this section used to say the term "product" applied only to the product intended for, or required by, a customer. ISO /DIS 9001:2008 has expanded the Note to read "or required by, a customer or the product realization processes." It goes on to add, "This applies to any intended output resulting from product realization processes, including purchasing.

A second Note has been added to explain that, "Statutory and regulatory requirements may be expressed as legal requirements."

1.2 Application

ISO 9001:2000 states that any exclusions cannot affect the organization's ability, or responsibility, to provide product that meets customer and applicable regulatory requirements. ISO/DIS 9001:2008 replaces "regulatory" with "statutory and regulatory".

2. Normative Reference

Although the text at this section has been significantly reduced, the key change is to reference ISO 9000:2005 instead of the old ISO 9000:2000.

3. Terms and Definitions

The change at this section was to drop the explanation of the supply chain terms, including that "supplier" replaced "subcontractor" and "organization" replacing "supplier". The explanation was needed when making the transition from ISO 9001:1994 to ISO 9001:2000, but not now.

Annex A

Table A.1 in the Annex was revised to show the correspondence of ISO/DIS 9001:2008 clauses with ISO 14001:2004 (instead of ISO 14001:1996). Table A.2 shows the reverse correspondence, from ISO 14001:2004 clauses to ISO/DIS 9001:2008 clauses.

The old Annex B that showed the correspondence of ISO 9001:2000 and ISO 9001:1994 has been dropped since the clause structure of ISO 9001:2000 and ISO/DIS 9001:2008 are the same.

Bibliography

The bibliography has been updated with the latest versions of standards, and in a few cases, references to new standards, e.g., ISO 10002:2004 on complaint handling, ISO 10019:2005 on the selection and use of consultants, and IEC 61160:2006 on design reviews.

ISO 9001:2000
Understanding ISO 9001:2000
Implementing ISO 9001:2000
Quality System Documentation
ISO 9001:2000 Internal Auditor
ISO 9001:2000 Lead Auditor

ISO 14001:2004
Implementing an EMS
ISO 14001:2004 Internal Auditor
ISO 14001:2004 Lead Auditor

ISO/TS 16949:2002
ISO/TS 16949:2002 Internal Auditor
ISO/TS 16949:2002 Lead Auditor
Understanding and Implementing ISO/TS 16949:2002

AS9100B:2004
AS9100 Internal Auditor
Implementing AS9100
AS9100 Lead Auditor

ISO 27001 / ISO 17799
ISO 27001 - Understanding an ISMS
ISO 27001 - ISMS Implementation
ISO 27001 - ISMS Internal Auditor
ISO 27001 - ISMS Lead Auditor

ISO 20000
Understanding ISO 20000
Implementing ISO 20000
ISO 20000 Internal Auditor

ISO 22000
Understanding ISO 22000
ISO 22000 Internal Auditor
Understanding HACCP
Implementing SQF Systems
Advanced HACCP

ISO 13485:2003
Understanding ISO 13485:2003
ISO 13485:2003 Internal Auditor
Implementing ISO 13485:2003
ISO 9001 Lead Auditor - ISO 13485 Emphasis

Capability Maturity Model Integration
Introduction to CMMI v1.2

Six Sigma
Introduction to Statistics
Green Belt Certification
Black Belt Certification

Books
See our list of ISO 9001, Auditing, and Six Sigma books. Includes book descriptions and links to Amazon.

© 2000-2008 Whittington & Associates, LLC

email: larry@whittingtonassociates.com

phone: 770-517-7944

web: http://www.whittingtonassociates.com