#188 – IMPLEMENTING ISO 14001 WITH MINIMAL DOCUMENTS – DEBRA HAY HAMPTON

Posted on by

279b40e27d901e66a6c769505006a629Focus on What Adds Value

So many environmental management systems have an environmental management manual!  Why?  There isn’t a requirement in the standard for a manual.  It adds no value.  It wasn’t a requirement in the 2004 standard.  It isn’t a requirement in the 2015 standard.  Why do some organizations choose to have one?

Why do most environmental management systems have standard operating procedures for each clause of the standard?  There isn’t a requirement!  Why do we do these things?

The only possible explanation is when the ISO 14001 standard was first issued, quality professionals “helped” write the system in most organizations.  They knew what was required in the quality management standards and “assumed” this was required in the 14001.  It wasn’t.

What is Required?

Maintained Documented Information

In the 2015 standard, a few items are required to be maintained as documented information.  Documented information that is “maintained”, in laymen’s terms, is information that must be kept either on paper, in electronic form, or in some other form that can be seen.

  1. Scope
  2. Policy
  3. Its risks and opportunities that need to be addressed and of the processes needed to have confidence these controls are carried out as planned
  4. Its environmental aspects and impacts, the criteria used to determine the significant environmental aspects
  5. Its significant environmental aspects
  6. Its compliance obligations
  7. Its environmental objectives

Seven things!

Retained Documented Information

In the 2015 standard, a few types of documented information must be retained.    Documented information that is “retained” is information that must be kept as historical evidence such as records, data, electronically or on paper.

The organization shall retain appropriate documented information:

  1. As evidence of competence
  2. As evidence of communication
  3. To the extent necessary to have confidence that the processes (methods of operational planning and control) have been carried out as planned.
  4. To the extent necessary to have confidence that the processes (methods of emergency preparedness and response) have been carried out as planned.
  5. As evidence of the monitoring, measurement, analysis and evaluation results
  6. As evidence of compliance evaluation results
  7. As evidence of the implementation of the audit program and audit results
  8. As evidence of the results of management reviews
  9. AS evidence of the nature of nonconformities and any subsequent actions taken and of the results of any corrective action.

Nine retained instances of documented information!  Bringing the total of types of documented information to sixteen (16).  It is simple.

Summary:

I’ve spent many years as an ISO 9001 auditor, 15 plus.  I’ve spent about 5 plus years as an environmental and health and safety auditor.  If there is one thing I’ve learned it is that people don’t read.  They do read.  They recognize words but, they cannot comprehend.  If you put 10 words together they stumble.  They can’t read it.

If you want to make something credible that engages all employees in following the expectations, planned arrangements, then you must, communicate in sentences that are less than 10 words.  It must become your mantra.

It must become the mantra in your organization.  If you give an order for expectations in a process map, it must be followed.

Each task in every process map must have less than 10 words.  10 words start another square, diamond, or scroll.

I sent instructions on how to do this in a process map to a young woman.  She built an entire process for planning a QMS by documenting in process maps.

She used a process map to create a Quality Management System to create her system.  If it can be done for quality, it can be done for Environmental Management Systems, Health and Safety Management Systems, Security Systems, Continuity, Good Manufacturing Practices, Medical Device, Automotive, and Aerospace.

To purchase one describing your system, go to www.CE-Q.com.  It is also where free documentation is found.  Where free examples of management review, internal auditing, and corrective action are found.

Where there are videos on how to implement the system, you have.

Where questions can be asked, and answers gotten, questions are answered based on IAF documents and the Guidelines for the particular standard, i.e. ISO 9001 and ISO 9002; ISO 14001, and ISO 14004.

The following subjects

On the following subjects, I will state items that have to be addressed that are easy to miss.  Things third party auditors, who are on top of their game can see and catch.  I know most of them.  I don’t know all of them.  Our knowledge as third party auditors will grow over time.  As it grows more of these nuances in the standard will continue to be developed which is why you should always be on my mailing list.  From time to time, I send out “blurps”.    Dabs of information that are meant to give you knowledge.  Remember, people without knowledge are dumb.  Newsletters publish sporadically, but are not meant to be spam.  Feel free to opt out at any time if enroll.

Risks and Opportunities

Complicated.  It should be called a process for “Assessing Risks”.  It isn’t a map but a tool.

“Opportunities” somehow is difficult to understand.  The key is to adopt risk-based thinking in the organization is to adopt it.  It sounds strange but, it should become the jargon in every process.  It shoud become part of every process.  A day to day method for making decisions.  It should permeate.

Once context and interested parties are understood it will be a ancestral diagram tool.  The issues and interested parties create risks and opportunities.  What are these?

Risk and opportunities are the backbone of the system.

When internal auditing, look for risks to meeting the objectives of the process.  When internal auditing, look for opportunities to improve the outcomes of the process.  Each process should have a key measurement that everyone in the department knows.  What are the risks and opportunities to ensure these measurement(s) are always positive.

(Processes are diagrammed using the principles of ISO 9001:2015, 4.1.4.  ISO 9001:2015 requires identifying the processes, determining their sequence and interaction, determining the criteria, methods, documented information needed, and other resources, monitoring and measuring methods, and methods to measure to ensure the process is becoming better.  Environmentalists study these maps to determine potential environmental hazards as Health and Safety Gurus study these maps to determine health and safety issues as security professionals study these maps to become aware of potential security risks.)

Aspects, Impacts, Significant Aspects and Criteria Used to Determine Significant Aspects

Normal and Non-Normal.

We have gained knowledge in what types of aspects there are.  Aspects can be divided into two categories.  Normal and Non-Normal.  Normal risks to the environment are potential things that could damage our reputation, our social and economic standard, embarrass us, contaminate our streams for future use.

Non-Normal are those things that could occur. that if they did occur, would put the environment in danger.  If there were an explosion, what would be released into the atmosphere.  If there were a fire, what should the firemen know.  If there were a tornado, what dust gets into the air?

These potential normal and non-normal aspects should be assessed to determine their risks.

Significant Aspects should be chosen based on documented criteria.

Significant efforts should be made to decrease these aspects, so they are mitigated.

Methods of mitigation include:

  1. Ensuring competency of those who are exposed to the aspect.
  2. Monitoring and measuring to ensure the aspect is mitigated, and stays mitigated. Look for opportunities to further mitigate the risk.
  3. Practice Emergency Responses so when the crisis comes, all are trained. They know what to do.  Decrease the risk of someone or something being harmed.
  4. Plan operational controls to mitigate risk. Operational controls can be equipment, both personal protective equipment and equipment to prevent backflow and mixing of chemicals.  Ensure the operational controls are maintained, retained as appropriate, and improved.
  5. Ensure Communication channels are defined. Everyone should know what to communicate, when to communicate, where to communicate.  A documented communication table is not a requirement of the standard but, one should be present in my opinion to ensure communication is done to mitigate risks when people need to know certain things.

Compliance Obligations

Know what federal, state, and local requirements there are.  Know what they require and create a table that states what the requirement is, what you are required to do, who in your organization is required to perform the task, when it is performed, and how top management checks to ensure it is done.

Top management signs their name to all documentation submitted to federal, state, and local agencies.  Top management should understand where this compliance table is and what is to be done when.  After all it is them who is held liable for the actions to meet compliance obligations.

Competence

Abilities, Skills, and Knowledge.  Abilities are God given.  You either have abilities or your don’t.  Know one can help you.  You must help yourself attain skills and knowledge so that you are valuable to your family, your co-workers, as an employee.  You are responsible for attaining skills and knowledge and for becoming more and more valuable.  What do you need to know to ensure the management system improves?   What competencies do you need to do your job?  What do you need to know?  What skills must you have?  Remember competence was a method used to mitigate risk.  What competencies are needed to mitigate the risks in each job function.  Each job function is called out on the swim lane process maps of most ISO 9001:2015 certified management systems. (Not all companies employ swim lane process maps.  Some use other methods and things which is fine but, a requirement of ISO 9001:2015 is that the roles and responsibilities of a quality management system must be known therefore if an organization is conforming to the requirements of ISO 9001:2015.  Ask them for the roles of the organization.

Communication

Communication is also a tool for mitigating risks of aspects.  Ensuring proper, effective communication can be an awesome tool to mitigate the risks of an aspect.  Once a company understands its aspects, it will know what it’s people should know and understand.  The company can then ensure the communication occurs.

Operational Controls

Equipment can be in all forms and fashions.  Operational controls are normally equipment of some sort used to control or mitigate and aspect.  One we all use most often and that is a control to protect the environment is the feature on the gas pump that stops the nozzle to prevent over-running the tank.  Backflow valves prevent waste treatment from backflowing and contaminating its source.

Equipment should have maintenance and as appropriate, calibration.

Emergency Preparedness and Response

As stated above, Emergency Preparedness and Response must be planned, practiced, and improved.  A good question for auditors to ask top management to determine their commitment and involvement in the environmental management system is “What types of emergency practice sessions do you insist your company participate in each year to prevent risk to the environment?”  Another good management question is “What legal documents do you sign annually to indicate you take responsibility for the actions of the organization in preventing environmental risks?”  (Be prepared for an emergency if you asked these questions on an internal audit.)

Monitoring, Measuring, and Analysis

If you aren’t measuring, you don’t know how it’s doing.  If you aren’t analyzing the information you get, then why are you getting the information?  Monitoring and measuring is how you get information.  Could be a table or on each process but, know what you are monitoring and measuring about each activity or aspect to ensure it is performing as expected.  If it isn’t look for opportunities to improve it.

Monitoring and Measuring is a tool used to mitigate an aspect’s risk.  Don’t monitor and measure things that don’t add value.  Only monitor and measure to mitigate risk.  If you monitor or measure something, the standard requires you analyze it.  The standard requires you must analyze in hopes to learn.  No guarantees but analysis will help you predict potential risks coming at you and discover opportunities to improve.

Management of the System Requirements

As with all management systems, there are requirements to have an internal audit process, a corrective action process, and a management review.

The internal audits determine if the plans made to ensure the policy and objectives are met are being followed.

Corrective actions are used to document projects performed to address problems including as needed determining the cause of the problem.

Management Reviews are the Top Managements tool for getting a report on the health of the organization.  Some organizations do this annually.  Some in addition to annually use the management reviews to ensure progress is being made to the objectives of the organization.

Conclusion

Keep it simple stupid is a common saying where I am raised.  Einstein said, “Any fool can make something complicated.  It takes a man with a lot of courage or a stroke of genius to make something simple.”  I don’t think I’m a genius but, I have a lot of courage.  I use my courage to ask you to create a management system that is simple, has few words, and embraces risk-based thinking to improve and protect our environment.  We only have one earth.  We must protect it’s and our future.

I can be contacted by email at debra@CE-Q.com.  My website has much more to learn and we welcome you there, www.CE-Q.com.  Thank you for reading this article.

Debra M. Hay Hampton lives with her husband on the family farm her Grandfather purchased in 1917.  She works as an independent trainer, consultant, and auditor.  Her passion is speaking and teaching.  Her speeches entertain and inform, never a waste of your time.  You are guaranteed to learn.    Send an email to Debra@CE-Q.com to schedule a speaking engagement, audit or remote review of your system.

Leave a Reply

Your email address will not be published.