How will ISO 22301 Benefit you?

What is ISO 22301?

ISO 22301 is an international standard for Business Continuity Management Systems. This standard is designed to protect, prepare for, respond to, and recover from unexpected incidents when they arise. When your organization has a Business Continuity Management System, it is prepared to detect and prevent unforeseen threats.

ISO 22301 applies to all organizations no matter the size or industry. In 2012, when this standard was first developed, it was the world’s first international standard for implementing and maintaining effective business continuity plans, systems, and processes. It was revised in late 2019 to bring it up to date with current best practices and is based on the High-Level Structure (HLS).  Consequently, it aligns well with many other internationally recognized management system standards including ISO 9001 (quality management) and ISO 14001 (environmental management).

What are the benefits of being ISO 22301 certified?

There are many possible threats that organizations face including supply chain issues as we saw in the recent pandemic, or natural disasters such as earthquakes, floods, hurricanes, and tornadoes, and even cyber-attacks such as the recent news with the ransomware attacks on the oil and gas and food industries. These are major threats, but there are even other types of risks, such as the loss of skilled labor, power outages, and IT breakdowns that can cause disruption to a business.

How is a certification in ISO 22301 beneficial to an individual?

With a certificate in ISO 22301, you will be able to help your organization meet its business objectives and gain the necessary knowledge to manage a team in the implementation of this standard.

If your organization does not have a Business Continuity plan, then they may be at risk.  It is important to take these plans seriously or your business could suffer consequences. Some impacts of not having a plan include business failure, damaged reputation, loss of data and clients, and business interruption.

 What will students learn about ISO 22301 from QMII?

During ISO 22301 five-day training at QMII, students will understand how to respond effectively based on the procedures that apply before, during, and after an event. It is important for an organization to implement a Business Continuity plan because it shows that you are prepared for the unexpected. This assures that your business will continue to operate without any major impacts or losses. Our training enables you to develop the necessary expertise to perform a Business Continuity Management System (BCMS) audit by applying widely recognized audit principles, procedures, and techniques.

 

Implementing Safety Management Systems for Passenger Vessels

PV SMS White Paper – FinalExcerpt below is from White Paper by ‘Implementing Safety Management Systems for Passenger Vessels’ by Dr. Inderjit (IJ) Arora (QMII), Julius Desilva (QMII) and Captain Lee Boone (USCG, Retired). To continue reading the paper click on link in text.

INTRODUCTION

All too often, major accidents are the catalyst for change in the maritime industry. Evidence of this is seen in the development and implementation of maritime conventions and codes in existence today. The International Safety Management (ISM) Code, the result of such a catalyst, was meant to change this reactive nature. The ISM Code intended to promote a safety culture wherein risks are properly considered, work is effectively planned, personal accountability is enhanced, and operations are continually improved.

Unfortunately, this target was missed in many cases and a pervasive by-product called compliance culture set in, wherein the system achieves the minimum and only to satisfy regulators. The maritime industry and regulators learned much from this experience. We know now that if the true value of safety management systems (SMS) is not realized, further implementation efforts become self-defeating. This leads to even more than normal resistance from many who have seen colleagues, shipmates and competitors negatively impacted. A carefully planned implementation strategy expanding the use of safety management systems (SMS) to domestic passenger vessels should therefore be executed to avoid these pitfalls. As Safety Management Systems for domestic passenger vessels are intended in the same way as those for SOLAS1 vessels, we must apply lessons that have been learned from similar regulatory efforts.

In this paper, recommendations are made for implementing SMSs for domestic passenger vessels (PV) based on the concepts of incentives, scalability, and collective use of resources. When implemented in the right way and for the right reasons, the value that SMSs offer passenger vessel owner/operators is maximized, while the cost of implementation is minimized.

BACKGROUND – RESISTANCE TO CHANGE

Looking at the data from the 1980’s to date, one would expect to see a decline in marine casualties starting in 1998 when the ISM code’s first compliance deadline came into effect. Initially the data shows a downward trend for a few years and then a spike starting in 2001. Those resisting change brought about by the ISM code would argue that the code had not delivered any improvements. However, the upward trend peaked in 2008 and has since seen a decline.

When a new management system is put in place, irrespective of industry, the first sign of success albeit non-intuitive, is a spike in accidents, incidents and hazardous occurrences. This leading indicator should be accepted as a positive as it demonstrates that the personnel within the system have started reporting non-conformities that went unreported before. This reporting enables corrective action to be taken in a systematic manner to prevent a similar non-conformity from occurring again.

To continue reading click here.

TSMS Template: Are they worth it

Subchapter M ushered in a new era for the inland water companied within the US in the towing industry. The need for the regulation was driven by the many accidents that occurred on the inland waters of the US owing substandard vessels and incompetent personnel in use. As companies struggle to meet the requirements of the new regulation, those opting for the TSMS option seek documentation templates that will ease the implementation efforts. At first glance these seem the ideal solution and a quick band aid to heal a new wound. However, in the long run companies will find that these templates slowly start failing and the damage they cause can be quite long lasting.

Subchapter M through the regulation seeks to usher in greater safety standards for vessels to enable safer operations as also protection of the marine environment. As with any change there was tremendous push back against the regulation to the extent that it took 10 years to come into force. Companies however are working to a tighter deadline to implement these regulations. As such it is in their best interests to minimize the change needed to enable greater buy-in. Templates will not enable this and will be analogous to fitting a square peg in a round hole.

For a TSMS complaint with subchapter M to work, the company should begin by identifying what is already documented. This documentation should be reviewed to ensure that it accurately captures the As-is of the operations as they are done on board or in the office. Once the system as it exists today is identified it is not time to compare it against the subchapter M regulations and note the gaps. These gaps that can then be filled in with new processes. Whenever new processes are being developed the organization should determine the feasibility of implementing them including the provision of resources.
Subchapter M requires a lot of training to be done but training alone will not enable buy-in from the personnel.

In order for the system to succeed and for all personnel to embrace it, there is a need to keep them involved in the development of the system from the outset. As processes are captured gain their inputs on the challenges they currently face or may potentially face. Based on available recourses identify automation options or engineering controls to reduce the chance of human error.

A TSMS thus developed based on what is done makes it easier for personnel to implement. It results in smaller changes, a well-accepted and thus well implemented system. Subchapter M regulations do not guarantee safe operations. They do however increase the likelihood of safe operations and a willing workforce increases that likelihood.

How is ISO 13485 different from ISO 9001

ISO 13485 released an updated version of the standard in 2016 but it broke ranks with ISO 9001. In the past the two standards were aligned with the ISO 13485 capturing the additional requirements for the medical device industry. An ISO 13485 overview would reveal that it has retained a lot of the documentation requirements and not left the standard as subjective as the revised ISO 9001:2015.
ISO 13485 provides the requirements for quality management systems for use by the medical device industry. While it still remains broadly based on the framework set by ISO 9001 compliance with the standard will not inherently mean compliance with ISO 9001. The standard is published by ISO, an international organization. It is assessed by certification bodies across the globe accredited by IAF.
ISO 13485 overview of the standard will show much more in-depth requirements for rick management. This essentially aligns with the US CGMP regulations as also regulations by international bodies. The standard for further assessing risk is ISO 14971 which specifically deals with risk within the medical device industry. In dues course the US CFRs will get aligned with ISO 13485 and plans are underway for the update.
As a part of risk management of the systems companies will now have to assess add address the risks from outsourced processes, Lack of competent personnel, lack of adequate number of personnel, loss of traceability, failure in testing of the products at relevant stages, Failure to timely address non-conformities, and the documentation of risk itself. Management need to keep an ISO 13485 overview of their system through the planned management reviews and periodic internal audits. To ensure audits add value these must be conducted by trained and competent personnel.
QMII’s ISO 13485 lead auditor training prepares your personnel to not only effectively audit the system but also implement it as needed. An ISO 13485 overview version of the course is also available for senior management, so they understand their roles and responsibilities with respect to the standard. Having discussed this the question often arises if ISO 13485 is mandatory. As with all other ISO standards it is not mandatory to implement ISO 13485 though it is mandatory to meet regulatory requirement such as CFRs and EU MDR. However, implement ISO 13485 provides confidence to customers that the organizations uses a process based approach to continual improvement.
ISO 13485 overview of the standard demonstrates that product quality cannot be guaranteed just from implementing the standard but that it must be vigorously used. The standard can also be applied to all sizes of organizations.

Should you start using the system only after it is fully documented

The word quality means different things to different people. To companies it often means delivering a conforming product/service to a customer aka meeting their requirements. To achieve this conformity consistently successful companies, implement quality management systems. Rather than re-invent the wheel, ISO 9001 is often selected as the standard to use to set up a quality management system (QMS) In addition, ISO 9001 training is provided to individuals at all levels within the company.
As companies start to implement the system ISO 9001 training can prove useful. Leadership is trained so they are aware of their role in the system and how they can positively contribute to its success. The personnel are trained so they are aware of their need to contribute and implication is they don’t. The project managers who own the project for implementing a QMS get training on the process to go about implementing the requirements of the standard as also their correct interpretation. Auditors are trained in an ISO 9001 training course designed to also teach the auditing requirements per ISO 19011.
So should personnel then start using the documentation as soon as it is complete or wait for the entire system to be documented and for the official launch date. If the system has been implemented correctly then the documented processes should reflect the way work is currently done and not a fictional process. It should not increase the burden for the users. As users start to use their newly documented processes, they can begin to provide feedback on its accuracy as well as the need for change. Personnel therefore should have to wait until the entire system is documented. Yes, organizations could however set an official launch date from which point forth records will be maintained. As such all data prior to the launch date is not then auditable nor is there a requirement to maintain it.
It should also be kept in mind that not every process needs to be documented as also that the organization can determine the extent to which to document the system. The extent to which to document depends on a number of factors including competency. ISO 9001 training is one way of increasing awareness of the requirements of ISO 9001 as also the system. Training may not always result in competency however.
At QMII a number of ISO 9001 training options are available and our training can be customized to meet the clients’ needs. The training is also available in an instructor-led virtual interactive format.

ISO 14001 Management System Certification – Cost versus Value

The most popular type of management systems used today often depends on the type of organization, and how they run their operations.  ISO 9001:2015 Quality Management Systems is the most popular for companies selling products to the military, along with AS9000:2016 Rev D for aviation, space, and defense organizations.  Food processors lean toward ISO 14001:2015 Environmental Management Systems (EMS) and ISO 45001:2018 Occupational Health and Safety (OH&S).  The size of the organization can have a significant bearing on whether they get certified or claim to conform.  It cost less to state you conform than to conduct the number of audits needed to become, and stay, certified.

Agricultural oriented small and medium enterprises (SMEs) will often opt for EMS.  Vineyards, vegetable farms, and livestock farms like ISO 14001.  Therefore, it depends a lot on the percentage of SMEs that are in those businesses.  In many cases, the percentage of organizations conforming to ISO 14001 depends on the amount of local or government pressure to conform.  In Europe and China, ISO 14001 is much higher than in the USA, in part due to government and environmentalist pressure.

Agricultural businesses and those that are getting pressure from socially responsible groups are the types of organizations that become ISO 14001 certified.  Meat packaging companies like Smithfield Ham in Virginia (now owned by a Chinese company), is ISO 14001 certified.  Only four major Ports in the USA are ISO 14001 certified (Port of Virginia is one) but many countries require the certification.  Partly due to all of the food coming into the Ports, but also due to the amount of pollution generated by boats, trains, and trucks that service the Ports. Ports are also now looking at ISO 50001 Energy Management Systems in conjunction with ISO 14001 certification.

One of the key drivers is the desire to meet ISO 14001 Standard requirements in the markets that they want to operate in or sell to.  It is difficult to open facilities in most of Europe, the Middle East, and China without having an ISO 14001 certification.  Environmental impact, energy efficiency, pollution reduction, and sustainability are considered by government permitting organizations.  This is more important for large organizations, but many SMEs also want to sell internationally.

Like other ISO Standards, it takes about a year of internal audits to be ready to claim conformity or get certified to ISO 14001.  SMEs, due to their smaller size, could take less time.  Medium-size businesses, with multiple locations, may elect to just have their headquarters certified, and state conformity for branches and suppliers.  An organization may elect to get its headquarters operation certified and use second-party audits to confirm that its other facilities and suppliers conform to the Standard.

The major cost of becoming certified involves training and multiple audits to get ready for certification.  Once ready, a third-party audit is required.  Most SMEs could be ready within a year.  The actual cost would vary depending on the number of employees trained, and the number of audits conducted before certification.

With good training and responsible staff, most SMEs can become certified.  All processes need to be in line with the goal of using environmental best practices.  In some cases, the cost of changing current processes can become a barrier.  Organizations can consider out-sourcing some processes in order to become more environmentally friendly.  Internal and second party audits can help an organization determine what, if any, processes need to be modified or out-sourced.

There are many reasons why organizations decide to become certified, but over time, reasons have changed for both small and large organizations.  With the new high-level-structure (HLS), EMS is now more similar to other standards.  Organizations that use to be ISO 18001 are now considering ISO 45001, which has OSHA embedded in it.  SMEs, like larger organizations, appreciate the value of being certified to popular standards and promote their conformity in their promotional material.  Many companies that are certified to ISO 9001 have to get the certification to sell to government agencies.  Many of the companies that get ISO 14001 certification, feel their end-users appreciate the company for having it.

To be sustainable, an organization needs to consider many factors.  These factors typically fall into one of the three pillars of Sustainability – Social, environmental and economic categories.  All organizations want to be socially responsible and do minimal damage to the environment, but they have to address the economics of operation.  The key is to strike a balance and establish a management system with processes that can be defended in the light of internal and external audits.

– by Peter Burke

ISO 14001-Benefits for Maritime Companies

Environmental accidents in the maritime industry get quick media attention. ISO 14001 does not guarantee that maritime accidents will not happen. It does, however, get organizations to consider their operations from a life cycle perspective of minimizing the impact of their operations on the environment.

The maritime industry has for a while now been governed by the requirements of MARPOL. MARPOL has 6 annexes and as of date all six annexes are in force. The six annexes cover the requirements for prevention of pollution of the marine environment by oil, noxious liquid substances, harmful substances in packaged form, sewage, garbage and air. However, MARPOL does not address the lifecycle operations of the shipping business. From an ISO 14001 perspective this would need to encompass the need for recycling of ships once they are done with their life.

The French Aircraft carrier Clemenceau is a good example of a vessel that faced major issues with being scrapped. Having sailed all the way to Alang, India it was denied entry and had to transit back to French Waters. It was denied access to Alang owing the Asbestos used on the vessel and the potential harm it would have on the scrap workers at Alang. MARPOL also does not address the operations as managed from operations ashore and the environmental impact of the operations of supporting the ships.

ISO 14001 encompasses the entire operations of the company if within scope and encourages organizations to look at all their operations from a lifecycle perspective. This essentially means that when designing office spaces and building ships companies need to start thinking about how they will dispose of waste from the processes in a responsible manner to the environment. Environmental sustainability is a new buzzword and demonstrating commitment to the environment, to stakeholders, through implementation of an internationally recognized standard ISO 14001.

ISO 14001 need not run independent of the existing management system that most maritime companies have conforming to the ISM Code. The requirements of ISO 14001 as with the MARPOL requirements get incorporated into the one management system on which the company operates. ISO 14001 as with other ISO standards is a voluntary standard. As such companies must choose to implement an environmental management system conforming to ISO 14001. Many leading maritime companies have already done so. QMII’s ISO 14001 training is delivered in multiple formats such as executive overviews, internal auditor and lead auditor. The training is also provided in an instructor-led online format and QMII’s instructors, having a maritime background, bring a unique skill set to the class in connecting the requirements of the standard through real life experiences.

What is a Quality Management Systems (QMS)?

Quality Management Systems (QMS) are today extensively a part of an organization. If the TM (top management) is committed, it uses the ISO 9001 based management system to meet customer requirements, ensure customer focus and provide desired outputs. Where the TM/ leadership is immature, they often may implement a quality management system to get the ISO 9001 certification. This decision to have a QMS certification without effective implementation is a waste of money and resources. It is not worth the paper the certificate is on. Or perhaps it is, because having that ISO 9001 certificate may be the passport to win a contract or run a business.

Failed management systems (MS) invariably have a lack of management commitment or worse a leadership who do not understand the cost of not having quality. Such quality management systems are aligned to ISO 9001, but for easy auditing written to the clause structure of the standard. Such systems are written for auditors, who then audit it effortlessly as they can see the system written to the clause structure of the ISO 9001. Leaders forget that MSs should be designed for implementation by their employees.

Organizations do not work to clauses of the ISO 9001. They use the clauses to design a better MS. The organizational structure of any organization takes its direction from the policy (clause 5.2 of the ISO 9001). The policy leads the organization and its functional departments to convert the policy into measurable objectives (clause 6.2 of ISO 9001). These functional division of the organization work to achieve their objectives by functioning per their key and support processes. A quality management system based on ISO 9001 requires the system to work using a process-based management system approach. The idea is to be systematic about working so that customer requirements and expectations are analyzed before being accepted. Once accepted, the organization with the efficient interaction of its processes produces the desired outputs meeting the requirements and specifications as the case may be, and also ensures, where applicable that the statutory directions are met.

ISO 9001:2015 emphasizes customer focus not only in clause 5.1.2 but throughout the standard to ensure that the Quality Management System based on ISO 9001 appreciates the risks in the context of the organization and consistently produces confirming products and services. It is important that customer focus is maintained throughout, integrity of the quality management system always maintained and if for any reason a non-conforming product is produced then such non-conforming product or service is handled in a manner that the customer is never sent such a product.

For this reason QMSs based on ISO 9001 or for that matter any ISO standard, or an industry specific standard like AS 9100 or say a MS based on ISM Code (for maritime safety) and so on, should work using the accepted PDCA (Plan Do Check Act) cycle. Processes are designed, documented or undocumented to ensure that a good preparation is made at the Plan Stage. Any good QMS interprets the clauses of ISO 9001 for its QMS using clauses 4, 5, 6 & 7 to appreciate the risk and make a good plan before going to the do stage. The implementation of executing the inputs to convert them into desired outputs is done using ISO 9001 clauses under 8.

Any quality management system based on ISO 9001 has to sustain its processes delivering the final product or service by designing them well, resourcing them and monitoring them. Therefore, a strong objective check stage is required to conduct internal audits and to analyze data so that the information provides inputs for better resourcing. Clauses 9 and 10 of ISO 9001 address the check and act phases synonymous with monitoring and decision making by leadership before the next cycle of the PDCA cycle is implemented. The act stage is a vital stage associated with the leadership wherein a management review of the performance of the quality management system is conducted.

For the quality management system to deliver what ISO 9001 is designed around, is only possible if the leadership is genuinely committed to not just have a QMS based on ISO 9001, but uses it to make decisions. The business system and the QMS should be married in a strong unbreakable bond.

 

ISO 45001 Transition: Change is coming to health and safety

Organizations currently certified to BS OHSAS 18001 have until March 21, 2021 for their ISO 45001 transition. Those who are currently implementing management system conforming to BS OHSAS 18001 will notice some similarities and some differences. Those who are certified to other ISO standards such as ISO 9001 will notice the similarities in the standard owing the use of the High-Level Structure in the new ISO 45001 transition standard. This article discussed the key changes to the standard over the BS OHSAS 18001 requirements. It also highlights certain key aspects for those undertaking an ISO 45001 transition.

Keeping with the High-Level Structure, ISO 45001 in clause 4.1 and 4.2 asks organization to consider the context of their organization or the aspects of their business environment that may impact their operations. The business environment includes both internal and external issues such as new regulatory requirements, new technologies, cultural issues and company values to name a few. Companies need to consider the needs of different relevant stakeholders that may impact their system including the needs of their workers. Organizations are asked to have workers participate in the system development as they complete their ISO 45001 transition.

ISO under the high-level structure has removed the need for preventive action as now the entire standard is designed as a preventive tool. Further to support this is the introduction of risk-based thinking’ both from a strategic perspective and from an operational health and safety perspective. Risk-based thinking and the awareness of personnel of this is key to ISO 45001 transition. There is now a stronger stress of leadership’s role in the system. Leaders must take accountability for the effectiveness of the system and cannot wash their hands of the system. Leaders must not only engage in the system themselves but also engage others as the ISO 45001 transition takes place.. The Clauses under 5 also have a requirement for the consultation and participation of workers. They have to remove the barriers to participation and include even non-managerial workers.

Documents and records are not controlled under the common clause for control of documented information and based on the risk-based thinking there is more freedom allowed with the documentation. Outsources contractors will also need to be controlled within the scope of the system.

Organizations undergoing an ISO 45001 transition, will need to incorporate all these aspects into their system. Care must be exercised when setting up the system to design it around the user and not around the auditor or certification body for the system to be useful in the long run and to drive continual improvement.

Aspects and Impacts: Let’s start here

Every organization needs to consider the aspects of their organization, and the impacts they have on the planet.  Understanding the impacts is critical to the sustainability of the organization, and in the long run, the planet.

Most organizations only consider the impacts of their processes in relation to waste created and materials used.  While these are important, an organization should consider all aspects of their operation and processes before they start a business.  This includes the facilities, people, materials and other elements of their operations.  Once operational, they need to continually evaluate all process to look for improvement.

Many aspects are considered by organizations in order to borrow money to launch a product or service.  This is a good place to start.  Clearly understanding the impacts the organization will have on the local environment and community is a good step toward launching a sustainable business.  Lenders, both private and public, will be more generous lending if they know the organization is considering all three pillars of sustainability; social, environmental and economic.

Generally speaking, recycling an existing structure to a new operational use has less impact than building a new facility.  Applying building technics recommended under Leadership in Environmental and Energy Design (LEED) and Energy Star, will also reduce environmental impacts, and improve the operational economics.  If new structures are required, considering the site location, building facing direction and proximity to water, public transportation, and workers, will also help the organization conform to LEED and other building Standards.  Local communities will be much more accepting of an organization operating in their community if the proper design considerations are considered before construction is begun.

Once operational, every group in an organization needs to evaluate their processes on a regular basis to determine what improvements can be made to the aspects of the organization, and the impacts of there processes.  Management is accountable for the operation of the organization, but every department needs to be responsible for their processes.  This is not just the manufacturing or production departments, but also sales, marketing, receiving, packaging, shipping and customer services.  Organizations are also responsible for the performance of their products and/or services, and often the potential recycling of products. 

The International Organization for Standardization (ISO) has established Standards that can be used by an organization to help improve their management system processes and reduce risks.  ISO 14001:2015 Environmental Management Systems and ISO 9001:2015 Quality Management Systems can be used separately, or together, to provide guidance in improving an organization’s operations.  Lenders and communities appreciate the value of a well-run organization that understands the aspects of their operations and addresses the impacts.