ISO is a worldwide federation of national standards bodies. The work of preparing standards is carried out by committees. International organisations, governmental and non-governmental bodies also take part in the work. There are different approval criteria needed for different types of ISO documents.
Achieving balance between the environment, economy and society is essential to meet the needs of our generation. We are aiming to achieve the three pillars of sustainability. Society long expects transparency and accountability from businesses. We need to be able to react to ever-changing environmental conditions.
ISO14001 provides a systematic approach to built success over long term. We are being offered options to contribute. This can be done by protecting the environment and mitigate the negative environmental impacts as well as mitigate the adverse environmental conditions on our organisation.
ISO14001 also allows businesses to meet their compliance obligations and enhance the environmental performance.
We are in a better position to control the process of designing, manufacturing, using and disposing of the products or services we offer. This also leads to achieving economic benefits by choosing environmentally friendly alternatives that allows competitive advantage.
The success
The success of the standard implemented in an organisation highly depends on the level of commitment from senior management. The actions have strategic implications. By integrating the management system management can evaluate relevant risks and opportunities and define new strategic goals. These, of course, need to be aligned with business strategic direction.
The complexity of the system will depend on the organisational context, its scope, and the nature of business processes and activities.
The basic approach is made out of Plan-Do-Check-Act principles.
We Plan by establishing the environmental objectives necessary to deliver the results.
We Do and implement the planned processes.
We Check and monitor and measure the processes against the environmental policy, objectives and criteria.
We Act and ensure continuous improvement.
The standard requirements are made of high level structure and enables organisations to use common approach and risk-based thinking.
The conformity to the standard can be based on self-declaration, or obtain conformance through third parties through certification.
It is designed for businesses who seek to enhance the environmental performance. We can manage the responsibilities in a systematic manner and contribute to the efforts of obtaining sustainable developments. It provides value to the environment, as well to the organisation and interested parties.
The standard is applicable to any organisation, regardless of size and nature. It also does not specify any environmental criteria that should be met.
The requirements
Clauses 4 to 10 of the standard specifies requirements that business should meet. There are also mandatory requirements as well as mandatory documents that must be retained.
The mandatory requirements are:
The scope of the Environmental Management System (EMS)
Information necessary to support the business processes
Environmental policy
Risks and opportunities that need to be addressed
EMS aspects and impacts, hazards and risks as well as criteria to determine significance
Information about the business compliance obligations
Environmental objectives
In terms of the documented information required the mandatory requirements are:
Documented information to the extend necessary to have confidence that the EMS processes are being carried out as planned,
Evidence of fitness for purpose of monitoring and measuring resources,
Evidence of the basis used for calibration of the monitoring and measuring resources,
Evidence of competence of people doing the work under the control of the organisation that affects the performance and effectiveness of the EMS,
Evidence of communication to external and internal interested parties,
Documented information required by the EMS,
Results of the review and new requirements for the products and services,
Records to demonstrate compliance with design and development requirements,
Records of design and development inputs,
Records of activities of the design and development controls,
Records of design and development outputs,
Design and development changes, including the results of the review and authorisation of the changes and necessary actions,
Records of the evaluation, selection, monitoring of performance and re-evaluation of external providers and any actions arising,
Evidence of the unique identification of outputs where traceability is a requirement,
Records of property of a customer or external provider that is lost, damage or non-conforming and of its communication to the owner,
Results of the review of changes for production or service provision, the person's authorising the change, and necessary actions taken,
Records of authorised release of products to delivery to the customer including acceptance criteria and traceability of the authorising persons,
Records of non-conformities, actions taken concessions and the identify of the authority deciding the actions in the respect of the non-conformity,
Evidence of the evaluation of the performance and the effectiveness of the EMS,
Evidence of compliance evaluations,
Evidence of the implementation of the internal audit programme,
Evidence of the internal audit results,
Evidence of the results of management reviews,
Evidence of the nature of the non-conformities,
Evidence of the subsequent actions taken to correct non-conformities,
Results of any corrective actions.
The scope
When developing the scope of the EMS we need to consider the activities involved, resulting products and services and the activities location. Generally the scope comprise one or two sentences. We can demonstrate the understanding of the scope by identifying aspects, establishing objectives and developing operational control.
The scope includes the business function, physical boundaries, its activities, products and services that have significant environmental aspects or to evade the compliance obligations. The whole of the organisation should be included in the scope, or specific organisations sections and departments. These can be associated with the procurement of goods, raw materials, outsourcing, product performance requirements as well as the end of life treatment.
Top management should establish the scope of the business management system.
Next to the internal activities, products and processes external issues and interested parties can provide guidance on what the organisation wants to include in the scope. It will depend on the issues that require stricter environmental controls.
Additionally, the compliance obligations would be a significant consideration when defining the scope. For example, waste law related matters.
The scope of the EMS should be made available to interested parties, for example, online.
The policy
Next to the scope, the top management should establish and maintain the environmental policy. The policy should include as minimum:
* To protect the environment,
* To fulfil the compliance obligations,
* To continuously improve the EMS and the organisations environmental performance.
This can also include, for example sustainable resource use, climate change mitigation and adaptation, protection of biodiversity and ecosystems.
The risks and opportunities
The standard requires organisations to address risks and opportunities in relation to internal and external issues, environmental aspects and compliance obligations. These can also be a source of opportunities themselves. The business must maintain documented information of the processes needed to avoid the risks and opportunities and have the confidence that they are being executed as planned.
The business must document the risks and opportunities as well as the abnormal risks that may arise in an emergency situations. The business must also show the opportunities identified to make a positive environmental impact.
The approach should be evidence-based as well as a sound operational plan must be provided. Relevant environmental aspects should be reviewed with identification of risks and opportunities arising for each aspect as well as compliance obligation.
Environmental objectives must be addresses of each relevant level in the organisation.
A good idea would be here to perform SWOT analysis as well as identification of external risks and opportunities. Actions should be planned to address them. A formal risk assessment should include mitigation plans.
Risks also can be handled in number of ways:
* Avoiding the risk
* Taking the risk on in order to pursue an opportunity
* Eliminating the risk source
* Changing the likelihood or consequences
* Sharing the risks with stakeholders
* Retaining the risks by informed decision
The objectives
Effectively implemented EMS aligns the policies with the strategic business objectives. The objectives can apply to the entire organisation or be specific to individual activities. The personnel who sets objectives may not be the same who sets targets. The environmental objectives are the overall goals as defined in the environmental policy.
The number of environmental objectives must be realistic and achievable.
When determining the environmental objectives we should consider:
* Legal and compliance requirements
* Significant aspects and impacts
* Significant safety hazards
* Economic and operational business requirements
* Views of interested parties
Examples of environmental objectives:
* Sustainable resource use,
* Climate change mitigation and adaptation,
* Protection of biodiversity and ecosystem.
The targets
The targets must be quantifiable where possible. They are to be measured through performance indicators. Some targets may include:
* The quantity of raw materials or energy used,
* The amount of waste produced,
* The number of incidents and accidents,
* The percentage of waste recycled,
* Investment in environmental protection.
Each objective would have its targets and indicators. The objectives need to be set for relevant functions, levels and processes within the operation.
The organisation must undertake planning to meet the environmental objectives. It can include determining the work required to realise the objectives, the necessary resources, the person(s) responsible and the deadlines on when the work is to be completed.
The improvement programmes
The organisation is also required to establish and maintain one or more management improvement programmes for achieving the environmental objectives. Properly designed management programmes should be able to achieve the objectives and improve the organisation's environmental performance.
The targets and objectives should involve many people from different departments. The responsible persons need to develop a plan and monitor the performance.
The action plans
Establishing the action plans for each objective may require considerable efforts. We must ensure progress with these plans and have person responsible for the completing of the actions. The plans must be implemented. It is a good idea to involve the employees as early as possible in establishing and carrying out the action plan. The expectations and responsibilities shall be communicated to those who need to know. Try and keep it simple and focus on improvement of the EMS over time.
The organisation must demonstrate the evidence of planning.
The EMS processes
A process is set of interrelated or interactive activities which transforms input into outputs. It is considered a series of activities and actions that are consistently repeated to produce a change to a product or service. Procedures help as they are the specific ways of fulfilling the activity with the process.
A process approach is when the organisation takes into account all possible variables and their effects on the EMS. Actions and activities are managed together with considerations towards each other and the end result.
The process approach is the vital part of certification and compliance with ISO14001 standard. It creates a link between the policy, requirements, objectives, actions and performances. It is proven the most effective way to mitigate and manage the environmental impacts, risks and hazards.
The process approach provides a systematical view to analyse how processes operate and their effects. It allows for complete understanding of the processes, their interactions and long- as well as short-term effects on the organisations.
The below processes should be defined as minimum:
* Supplier selection and performance,
* Manufacturing process,
* Internal and external customer issues,
* Material, resource, energy and waste,
* Design, operation, production, logistics,
* Activities, products and services,
* Customers and end users.
Environmental risk assessments, operational procedures, work instructions, and flow charts can be used to demonstrate compliance.
Strategic Environmental Processes
There are also strategic environmental processes to be undertaken and defined. These include:
* Understanding and communicating how the EMS contributes to he business overall goals,
* Include environmental risks and opportunities as part of corporate risk management process to understand the context of the organisation,
* Using sustainability or corporate social responsibility strategies to support the process of identifying interested parties as well as their needs and expectations,
* Report environmental performance alongside financial reporting and considering environmental processes,
* Developing and reviewing environmental performance indicators as part of the business review process,
* Understanding the environmental implications such as scrap rates and energy costs.
Functional Environmental Processes
These include:
* Environmental performance and environmental initiatives being included in the employee business briefings, newsletters and other forms of communications,
* Top management team being involved in the internal and external audits and ensuring corrective actions are being implemented,
* Integration of the EMS with Quality, H&S and Security Management,
* Considering the environment when developing new facilities or refurbishing current ones,
* Including the environmental criteria when selecting suppliers, including environmental requirements in commercial contracts,
* Including environmental criteria in design and development process,
* Including environmental criteria into sales and marketing activities,
* Including environmental criteria into job postings, job descriptions, training needs, analysis, competency matrix, employee appraisal process.
Departments Environmental Processes
These may include:
* Environmental briefings as part of a shift start,
* Environmental indicators being monitored alongside other business indicators,
* Each department having its own environmental representative.
Resources and training
For EMS to operate effectively, there needs to be a sufficient provision of resources. People who operate within the EMS should have the necessary training, guidance and support to fulfil their tasks.
The communications
Organisations need to develop and implement a process to determine those matters on which it wishes to communicate, taking into account the compliance obligations and the quality of the communicated information.
These communications may relate to ongoing compliance to various obligations, milestone achievements, or sustainable resourcing.
The organisation should identify the necessary internal and external communications that are required for the operation of the EMS. We need to determine:
* what is being communicated,
* when it will communicate
* with whom it will communicate
* how it will communicate
The key to success is the involvement of people within the organisation. Let everyone know that you started introducing the EMS and hold basic awareness sessions for employees. Ensure that you retain records of attendance.
Communication is the key. We need to communicate goals, plans, progress and milestones. We will listen first and then ask for feedback.
Lack of communication is one of the main sources of errors within a business.
We need to keep people involved on a progress of a project against the plans.
We need to make the progress visible and transparent to all involved. This can be done through progress charts or via office boards. Employees that are not part of the implementation team may think that the project has faded away. Try and communicate the progress via newsletters and bulletins.
The procedures for internal and external communications should be in place. Especially in relation to communications from external parties. These may include layers, enforcement authorities, insurance companies.
Internally, we need to communicate information relevant to EMS among different business functions. This include information of any change. We may use different methods to improve awareness. For example posters, leaflets, training sessions.
The internal communications
Information should be communicate at various levels at specified intervals. The frequency of the communications should encourage continual improvement. We could communicate through:
* Day to day operations and general awareness,
* Environmental and H&S regulatory reporting,
* Information on achieving the EMS objectives,
* Incidents, accidents and near misses,
* Environmental aspects and impacts.
Employees should be aware of those policies and know where to find them.
A quick and efficient way of communicating a policy might be to create a short version of the policy, even condensed in five points of few sentences. This can be posted in bulletin boards in each department.
The organisation should also encourage two way communication between the workforce and the management. This consultation could be done both formally and informally.
Environmental representatives can feedback to the top on the information from employees.
Inputs of environmental communications may include:
* Identification of environmental risks,
* EMS objectives and targets,
* Incident investigations,
* Operational changes affecting safety and welfare,
* Introduction of new plant and equipment,
* Contractors and visitors to site,
* Information requests from interested parties.
The organisation should also communicate the environmental requirements to the visitors and contractors. Visitors should receive policies and procedures and have a scheduled briefing.
Externally, organisation needs to communicate its compliance obligations.
External communications may include:
* Annual reports of performance,
* Open house meetings,
* Results of audits,
* Policies published.
The communication may benefit the organisation. This includes market exposure and improved employee morale. The organisation may not wish to communicate the organisational aspects.
Required documented information
We must ensure that our EMS includes documented information. The organisation needs to choose the level of documents necessary to control the EMS. Only relevant people should have access to view or update the documentation. Some examples of documented informations include:
* Business charts,
* Process maps,
* Process descriptions,
* Standard Operational procedures,
* Work instructions,
* Inspection plans,
* Labels,
* Specifications,
* Production schedules,
* Approved supplier lists,
* Strategic plans,
* Forms.
The documented information may have different forms. For example: paper, master plans or electronic versions.
We need to be able to confirm when the documented information was created, updated, have a title, date, author, reference number, it must be of appropriate format, media and confirm these are adequately reviewed.
A robust document control process is important for any management system. Ongoing maintenance of documented information must be overlooked. The process should define the scope, purpose, method and responsibilities. All persons must understand what type of information should be controlled and how the control should be exercised. Department managers should always be responsible for communicating good information management.
Individuals should be responsible for the information they create as well as retention and disposal.
We need to maintain the following documents:
* the EMS scope,
* the environmental policy,
* the risks and opportunities,
* the environmental aspects,
* compliance obligations,
* environmental objectives,
* evidence of competence,
* evidence of communication,
* the evidence that processes are carried out as planned,
* the evidence of monitoring, measurement, analysis and evaluation results,
* the evidence of compliance evaluation results,
* the evidence of implementation of audit programme and audit results,
* the evidence of management reviews,
* the evidence and nature of non-conformities, any subsequent actions taken and results of any corrective actions.
The retention periods are as below:
The Monitoring, Measurement, Analysis and Evaluation
In order to ensure the business meets their objectives and targets. These are:
Identify activities that have significant impacts and risks,
Determine the key characteristics of each activity to be monitored,
Select the best way to measure these characteristics,
Record data on performance, controls and conformance with objectives and targets,
Determine frequency in which to measure the key characteristics,
Analysis and reporting,
Establish management review and evaluation.
The ISO place emphasis on continual improvement of processes and monitoring the effectiveness. We need to keep records of these observations and evaluations. The business needs to monitor and measure the criteria by which the EMS is evaluated, including relevant key performance indicators ( KPIs).
We need to determine the criteria by which we can measure and monitor the performance. Particular attention must be placed to those criteria that must be communicated and where it relates to compliance obligations.
We can measure, for example: the environmental policy commitments, environmental objectives, the characteristics of operational activities or the status of compliance obligations.
Methods may include statistical techniques applied to the analysis.
We need to develop processes (methods and techniques) to identify and analyse various data. These include EMS records, monitoring and measuring results, process performance results, meeting objectives, internal audit results, customer surveys and feedback, 3rd party audit results, competitor and benchmarking information, product test results, supplier performance information.
These re the inputs. The outputs must provide information ( understanding, awareness, confidence, knowledge).
Indicators may include energy consumed or waste generated. An example of indicator could include parts per million of heavy metal, number of suppliers responding to questionnaires, electricity consumption, scrap rates, production units, emissions, fuel use, number of incidents and accidents.
The data for monitoring and measurement should be reliable. Validity and verification may be needed.
Analysis should include the data quality, validity, adequacy and completeness of information. The data should constitute verifiable evidence. It allows independent body to determine whether claims can be substantiated.
The analysis outputs should include:
* customer satisfaction and perception
* product conformance
* process performance
* product and process characteristics
* trends in products and processes
* opportunities for preventive actions
* suppliers and subcontractors
Documented information and organisational knowledge should be subject to analysis, including potential improvements.
When data analysis is complete the organisation can evaluate the performance against the criteria. The indicators will show the progress made over the monitoring period and whether the criteria have been met. This includes the evaluation of fulfilling of compliance obligations.
The data from evaluations then is used for communications. For example reporting to Top Management Team. This also includes regular reporting to top management of compliance status.
The Evaluation of compliance
The organisation should have process that:
* Determines the frequency of the evaluation
* Execution of the evaluation
* The actions that need to be taken
If during a compliance evaluation failure to fulfil compliance obligations is identified, the organisation needs to take action to achieve compliance. This may include getting in contact with regulatory agency.
The organisation is obliged to maintain the knowledge and understanding of compliance status. The organisations must have the means, via inspections, tests and audits to ensure the understanding is maintained.
Generally, it is the responsibility of the Environmental and Sustainability Manager to maintain and review the compliance obligations register. This is to determine:
* whether the piece of legislation, amendment or current legislation or new legislation is "relevant" or "irrelevant",
* whether the organisation is compliant with the legislation, describing how the requirements, apply, what controls are in place to manage and mitigate the requirements and relevant environmental aspects,
* whether other compliance obligations relevant to our organisation and those that we have adopted describing how the requirements apply and what controls are in place to maintain compliance,
* update the register quarterly and update relevant staff whose responsibilities and actions can affect compliance.
The Compliance Obligations procedure
A compliance obligations procedure comprises a set of formalised instructions to outline the steps implemented to ensure identification and fulfilment of compliance obligations.
Compliance obligations that are relevant to environmental aspects and the needs and expectations of interested parties need to be documented and understood in terms of risk.
These obligations will arise from mandatory requirements. For example, laws that require permits, regulations that apply to environmental aspects of the business activities, products and services, as well the environmental impacts. Commitments established in contracts and product specifications, community relations and ethical standards. Both mandatory and voluntary requirements can raise risks and opportunities the way we do business.
Compliance obligations procedure describes how the processes needed to comply with requirements of ISO14001 are identified, documented, controlled and reviewed. Developing a compliance obligations procedure allows to identify areas where we need improvements so that we can start correcting them right away.
The purpose of compliance obligations procedure is to outline the methods for identifying, complying and monitoring obligations which relate to the identified aspects in the context of the organisation and the product life cycle. The evaluation and review of compliance obligations is often achieved through access to legal requirements databases and resources.
Implementing a compliance obligations procedure is critical for ensuring compliance with regulatory requirements. It helps to reduce the legal risks the business may face in operations and help to built a positive brand image. It also allows to prevent and detect misconduct that may be illegal or harmful. It also allows to avoid any negative consequences of violating mandatory regulatory requirements or industry standards.
We can identify some critical elements of the procedure:
* A designated individuals responsible for overseeing compliance obligations the reviewing the procedure,
* A list of regulatory requirements that need to be compiled for each standard and checklist identifying the actions required,
* a checklist for conducting periodic reviews,
* guidance on how to handle notice from regulators or other authorities.
To create procedure, we can take the following steps:
Identify the compliance obligations
We need to identify the internal and external issues that can hinder the achievement of the intended outcomes of the EMS. The compliance obligations will include the mandatory and non-mandatory requirements. Consideration should be given for compliance obligations that result from needs and expectations of interested parties.
These will arise from primary environmental aspects:
* the use of natural resources,
* purchased raw materials,
* by-products: air, waste and waste emissions,
* transportation and movement of products,
* use of products and services,
* end of life cycle issues associated with recycling and disposal.
Once the needs and expectations of interested parties are identified the organisation should decide which of them should become the compliance obligations we will manage going forward. We need to consider the organisational units, functions, activities, products and services. We need to consider the risks and opportunities presented by not complying.
A number of related departments should be consulted before a compliance obligation is adopted and transferred to compliance obligations register.
Some companies use qualitative and quantitative approaches such as evaluating and prioritising each stakeholder based on the level of influence.
Following the initial assessment of the stakeholders, it is suggested that organisation holds several workshops with relevant functions to review the findings in order to consolidate the list of interested parties, their needs, expectations and compliance obligations.
2. Identify legal requirements
The organisation must ensure that all legal requirements that apply to the workplace are identified and met. The environmental practices related to environmental aspects are incorporated. The compliance obligations include legal requirements which are mandatory as well as those voluntarily adopted. The latter may include expectations which has been established, for example regular meetings or correspondence with community group.
We need to create compliance obligations register.
The Environmental and Sustainability Manager should assess all relevant legislation and related legal requirements using to ensure that all established environmental aspects and stakeholders environmental needs are evaluated and understood including current legislation.
The legislation should include:
The Control of Pollution (Oil Storage) (England) Regulations 2001 (SI 2001/2954)
Water Industry Act 1991 as amended by Water Industry Act 1999
Contaminated Land (England) Regulations 2006 SI 1380 as amended SI 2012/263
The Environmental Damage (Prevention and Remediation) Regulations 2009 (SI 2009/153) as amended SI 2009/3275, SI 2010/587
The Environmental Noise (England) Regulations 2006 (SI 2006/2238) as amended SI 2008/375, SI 2009/1610, SI 2010/340
The Environmental Protection (Disposal of Polychlorinated Biphenyls and other Dangerous Substances) (England and Wales) Regulations 2000 (SI 2000/1043) as amended SI 2000/3359
The Environmental Protection (Controls on Ozone-Depleting Substances) Regs 2011 (SI 2011/1543)
The Ozone-Depleting Substances (Qualifications) Regulations 2009 (SI 2009/216);
The Fluorinated Greenhouse Gases Regulations 2009 (SI 2009/261)
Clean Air Act 1993 as amended SI (2014/3318)
The Smoke Control Areas (Authorised Fuels) (England) Regulations 2014 (SI 2014/2366)
Control of Pollution Act (COPA) 1974: Part III as amended by the Environmental Protection Act 1990, Water Resources Act 1991, Water Industry Act 1991, Noise and Statutory Nuisance Act 1993
Anti-Pollution Works Regulations 1999 (SI 1999/1006)
Control of Pesticides Regulations 1986 (SI 1986/1510) as amended SI 2007/188
The Plant Protection Products (Sustainable Use) Regulations 2012 (SI 2012/1657)
The Control of Substances Hazardous to Health (COSHH) Regulations 2002
The Control of Asbestos in the Air Regulations 1990 (SI 1990/556)
Control of Asbestos Regulations 2012 (SI 2012/632)
Radioactive Substances Act 1993
The Environmental Permitting (England & Wales) Regs 2010 (SI 2010/675)
3. Document the compliance obligations
To document the compliance obligations we should maintain a list of relevant legal requirements and other obligations. Other obligations may include standards and procedures in connection with operational activities and associated hazards by referencing the minimum accepted legal, industry standards and technical specifications against the associated equipment.
Information in the register should include:
* Interested parties and their environmental needs and expectations
* Title and description of related legal requirements
* Description of how the legal requirement applies and whether relevant licences or approvals are required
* The related risks, opportunities and mitigation actions
* The title and description of supportive documents that demonstrate compliance
* How compliance is verified
The register must be updated and reviewed for adequacy on a quarterly basis and communicated to relevant staff whose actions can affect the compliance.
4. Monitor changes in existing legislation
The introduction of new legislation, changes to existing legislation, new government agendas, charters or policies are monitored by the Environmental and Sustainability Manager.
Those of particular importance or relevance to the organisation are communicated to relevant employees as quickly as possible.
It is often the responsibility of the Environmental and Sustainability Manager to:
* Determine whether a piece of new or amended legislation is "applicable" or "not applicable",
* Determine whether the organisation is compliant with the legislation whilst describing how the requirements apply and what controls are in place to manage the requirement,
* Undertake a periodic review of legal requirements, other standards and codes of practice when changes are planned to ensure continuous compliance
* Determine whether other legal requirements relevant are adopted, whilst describing how the requirements apply and what controls exist to remain compliant
5. Monitor EMS compliance status
The organisation is also required to understand and maintain the compliance status. Evaluating performance includes evaluating compliance obligations. Organisation has to set up a process that will involve determination the frequency of the evaluation, the execution of the evaluation and the actions that need to be taken.
If a failure to fulfil compliance obligation is identified, the organisation needs to take action to achieve compliance.
The understanding on compliance status must be demonstrated. Therefore the organisation must have means via inspections, tests and audits robust enough so that the understanding is maintained.
The management review team members ensure that applicable environmental aspects are identified and understood in terms of stakeholders requirements and current legislation.
An excellent way to ensure that you are on track is to regularly discuss the progress of compliance obligations with the management team.
To avoid problems it is helpful to perform regular audits to ensure that process is implemented correctly. Auditing helps to ensure that the process is executed as previously designed. It also allows to make necessary changes. Repeat audits reduce number of non-conformances.
New regulations are to be considered by Top Management. Any non-conformities are recorded, actioned and tracked within the Non-conformity and Corrective Actions procedures.
A training plan should be available to everyone who will implement the process. Any personnel who needs to understand regulatory requirements to perform their work, should be trained and updated as required.
The audits should be conducted by trained in-house personnel or a 3rd party. Competent person must have at least 2 years on the job training and formal education on legal requirements.
The statutory inspection of equipment should be undertaken by the competent persons. The organisation should provide regular training courses. Specific impact management training sessions should be held on an annual basis. The training should be facilitated by the Environmental and Sustainability Manager. The instruments providing training on controls include job descriptions, policies, procedures, terms or reference, performance planning and review programme.
There should be both written and oral training requirements to ensure that each employee fully understands their role.
Communications concerning compliance obligations maybe in a form of e-mail, link or article provided through working group, company newsletters or other internal publications. Awareness of the compliance with legal obligations is evaluated by one or more of the following:
* Internal compliance audits
* Document or records review
* Facility inspections
* Staff appraisals and meetings
* Senior Management Review
The Internal Audits
The EMS internal audit is a method used to check the reliability of EMS data. Organisations must establish internal audit programme that include of all requirements of ISO14001. The audits help to achieve EMS objectives. Top Management should be involved in the internal audits and to ensure that corrective actions are implemented. Auditors should review the processes, changes in the organisations and the results of previous audits. Internal audit will ensure that we address relevant requirements.
We must ensure that audits are performed systematically and provide objective evidence. The focus of each internal audit should be the operational procedures and the ISO14001 requirements. The frequency of each internal audit must be documented in the audit programme. It should show the areas audited, date, time and auditors involved. The frequency must be determined by the significance of the environmental aspects.
The Environmental and Sustainability Manager should consult the Environmental Aspects register to identify areas of high risk or areas where organisation failed to meet legal requirements. Previous results and corrective actions should be considered.
There are some basic principles of internal audits identified:
Ethical conduct — trust, integrity, confidentiality and discretion are essential to auditing
Fair presentation — audit findings, conclusions and reports accurately reflect the audit activities
Professional care — auditors exercise care in accordance with the importance of the task they perform
Independence — auditors must be independent of the activity being audited and be objective
Evidence-based approach — evidence must be verifiable and based on samples of information
Process auditing is about auditing the business process as well as their interactions. The process audit provides assurance that the processes have been implemented as planned. Process audit is much more than just a verification. Preparation may take a day or two but an audit lasts approx 2 hours.
The audit should start with the process owner in order to understand how the process interacts with other process inputs, outputs, suppliers and customers.
We need to prepare carefully.
Environmental Internal Audit Process
Review Documented Information
Previous Audit Findings
Environmental Aspect Register
Complaints and Corrective Actions
Process Inputs and Outputs
Relevant ISO 14001 clauses
2. Review Process Criteria, Metrics and Objectives
3. Review Staff Competencies
4. Review the Process
5. Review the Findings
6. Prepare the Audit Report
As we go though the process we note the issues and opportunities for improvements. These should be formally documented. The summary should be reviewed first with the process owner. We then prepare an audit report. The report summarises the audit scope, identifies audits objectives, description of the audited areas, sources of evidence used and audit results.
The report should include:
* The quantity and type of non-conformities
* Any corrective actions agreed
* Areas of potential risk
* Any opportunities for improvement.
The Environmental and Sustainability Manager is responsible for communicating the audit results to relevant area manager. The audit report should be signed off by relevant manager. Additionally, the reports should be available for management reviews.
Legislation audits
At least once per year an audit should be conducted on the applicability of the legal register to verify continuous compliance. This can be done by taking a sample or seeking objective evidence that the legislation is current and being complied with. The whole register should be audited at least once in 3-year period.
Certification audit
This is the last milestone before achieving ultimate goal of becoming certified. Generally, business will have an initial assessment and the certification body will advise of any identified omissions. Then the second phase will commence. Here a site visit will be requested. Audit will be performed via interviews, observations and documents reviews. Any non-conformities will be recorded. The certification body will schedule a date when corrective actions must be completed. Generally, these types of audits are conducted every 3 years.
The Management Reviews
The Top Management must periodically review the EMS for continuity, adequacy and effectiveness. The frequency must be defined within the processes. The review must consider the possible change in policy, objectives, targets and other elements of EMS.
In the review the Top Management review the effectiveness of the EMS. Need for change and suitability of policies and objectives is also evaluated. The frequency might be quarterly, six monthly or annually. It is not mandatory to document the review process but a review procedure can be very helpful.
The procedure should define the responsibilities, scheduling of the reviews, review inputs ( data) and outputs ( minutes, actions).
The Top Management should review customer feedback, audit findings and audit results, as well as internal and external issues, process performance, EMS objectives, preventive actions, recommendations for improvement - and their potential effects on the strategic direction of the organisation.
The meetings should include the potential need for change of the objectives, policy or targets. Gap analysis tools or ISO14001 audit checklists can be used. The necessary information should be collected beforehand so that the evaluation is possible.
There could be external evaluations:
New or proposed legislation or regulations
External providers and suppliers performance
Changing expectations/requirements of relevant interested parties (customer feedback, customer requirements)
New or modified activities, products, or services
Advances in technology and science
Changing market preferences of buyers
Risks and opportunities
All management reviews must be documented. Observations, conclusions and recommendations with actions must be recorded. any corrective actions must be taken.
The process of management review must be structured.
The inputs would generally include following INPUTS:
The status of actions from previous management reviews considered during management review
Changes in:
External and internal issues that are relevant to the EMS
Compliance obligations and other expectations of interested parties
Significant environmental aspects
Risks and opportunities
The extent to which objectives have been met
Information on our organisation's environmental performance, including trends in:
Non-conformities and corrective actions
Monitoring and measurement results
Compliance obligations fulfilment
Audit results
The adequacy of resources
Communications from interested parties, including complaints
Opportunities for continual improvement
The OUTPUTS would include:
Conclusions on the continuing suitability, adequacy and effectiveness of the EMS
Decisions related to continual improvement opportunities
Decisions on any need for changes to the EMS, including resource needs
Actions if needed, when objectives have not been met
5. Opportunities to improve integration of the environmental management system with other business processes, if needed
Any implications for the strategic direction of the organisation
Management review output is documented in the minutes of the review meeting:
Action items are highlighted to ensure that they are easily identifiable
Action items include the assignment of responsibility
Action items include timeframe and allocation of resources for implementation
The improvements
Your organisation should actively seek out for improvement opportunities that will better enable to achieve intended outcomes of the EMS.
Improvement can be triggered by:
* Corrective actions
* By step change
* Through innovation
* Transformation and re-organisation
* Results of analysis of performance, compliance, audits and management reviews
We need to look for objective evidence that improvements are taking place. It does not need to be continuous, but evidenced.
Non-conformities
The organisation needs necessary actions to control non-conformities. This is to deal with any environmental impact.
We need to determine what causes the non-conformity and consider whether similar problems occur. We need to consider whether further action is required to prevent it from happening in the same place or elsewhere in the future. We must evidence that we have determined whether other non-conformities exist. We must also consider whether we need to make changes to the EMS to prevent recurrence.
We need to:
Take action whatever necessary to control and correct the non-conformity, and to deal with any environmental impacts
Determine what caused the non-conformity and consider whether a potential for similar issue exist
Define whether any further action is required to prevent similar non-conformity recurring
Determine whether similar non-conformity has occurred elsewhere and whether we need to take similar corrective action
There might be instances where it is impossible to completely eliminate the cause of non-conformity. In this instance we action what we can do best to reduce the likelihood and consequences and reduce the risk to acceptable level.
Corrective actions
Corrective action should be considered as a reactive response to a problem resulting from customer compliant. We must determine the root cause to take corrective action.
Define the problem
Select Interim Containment Action
Verify Interim Containment Action
Implement Interim Containment Action
Identify Root Cause
Complete Comparative Analysis
Develop root cause theories
Test the theories
Verify the root cause
Determine and verify escape point
Implement and validate permanent corrective action
Prevent recurrence
Organisation must evidence whether they have considered improvement opportunities using outputs from the analysis and evaluation, internal audits, management reviews, tools and methodologies. The opportunities for improvement should be implemented in a controlled manner.
The organisation should seek to implement the process with methods and techniques to identify opportunities for improvement. It ca come from:
* EMS policies
* Risks and opportunities
* EMS objectives
* Aspects and impacts
* Hazards and safety risks
* Analysis and evaluation of data
* Management review
* Non-conformity and corrective actions
Processes can always be made more efficient and effective. The aim of continual improvement is to increase customer satisfaction.
Comments