As MDSAP deadlines draw near companies are asking how to prepare for the MDSAP audit. The most basic step for the success of any management system is to say what you do and do what you say. When the system as documented is captured to reflect the “As-Is” of how it is done then implanting the system leads to conformity at all levels.
Auditing Organizations (AOs) that will come to assess the conformity of the system will be using a process-based approach to the audit as also prescribed by ISO 13485 and ISO 19011. As such internal audit teams too should be trained to conduct process-based audits. This will ensure that the organization will be ready and familiar with the way the AO audit will be conducted. Process-based audits also allow a better look at how the system is working to meet objectives. In the aerospace industry PEAR diagrams are used to identify the inputs, resources and controls for each process to better understand the interrelation of them within the process, whether they are sufficient and how they interact with other processes.
In the process audits for MDSAP the AO will first start with an audit of the leadership (top management) to appreciate their commitment to the system as also their awareness of the risks impacting their system and the actions, they are taking to address them. At each level the auditors will be seeking evidence of competence, documentation and data control and monitoring and measurement being done.
Internal audit teams should use a grading system familiar to those used by MDSAP auditors and as prescribed by HTF/SG3/N19:2012. The grading system follows a scale of 1 to 5 with 5 being the most severe. This will enable a realistic look at the state of the system. Auditors will also focus on the design and development and production controls from a risk perspective. They will assess how well the outsourced providers are controlled and what risks were determined in assessing the type and extent of control to be applied.
As with all systems auditors will want to assess that a system exists to identify and deal with non-conformities including implementation of corrective action within the defined time frame. Internal audit personnel can gain a better understanding of MDSAP audits and how to prepare by enrolling in QMII’s suite of course offerings tailored to various levels of the organization. Keep in mind that MDSAP audits are longer in duration as the audit time is based on tasks and not the number of employees.
Should you start using the system only after it is fully documented
The word quality means different things to different people. To companies it often means delivering a conforming product/service to a customer aka meeting their requirements. To achieve this conformity consistently successful companies, implement quality management systems. Rather than re-invent the wheel, ISO 9001 is often selected as the standard to use to set up a quality management system (QMS) In addition, ISO 9001 training is provided to individuals at all levels within the company.
As companies start to implement the system ISO 9001 training can prove useful. Leadership is trained so they are aware of their role in the system and how they can positively contribute to its success. The personnel are trained so they are aware of their need to contribute and implication is they don’t. The project managers who own the project for implementing a QMS get training on the process to go about implementing the requirements of the standard as also their correct interpretation. Auditors are trained in an ISO 9001 training course designed to also teach the auditing requirements per ISO 19011.
So should personnel then start using the documentation as soon as it is complete or wait for the entire system to be documented and for the official launch date. If the system has been implemented correctly then the documented processes should reflect the way work is currently done and not a fictional process. It should not increase the burden for the users. As users start to use their newly documented processes, they can begin to provide feedback on its accuracy as well as the need for change. Personnel therefore should have to wait until the entire system is documented. Yes, organizations could however set an official launch date from which point forth records will be maintained. As such all data prior to the launch date is not then auditable nor is there a requirement to maintain it.
It should also be kept in mind that not every process needs to be documented as also that the organization can determine the extent to which to document the system. The extent to which to document depends on a number of factors including competency. ISO 9001 training is one way of increasing awareness of the requirements of ISO 9001 as also the system. Training may not always result in competency however.
At QMII a number of ISO 9001 training options are available and our training can be customized to meet the clients’ needs. The training is also available in an instructor-led virtual interactive format.
What are the functional requirements of the ISM code
The ISM Code was ratified and brought into effect to improve the safety of shipping. With this was ushered in new era for the maritime industry. The ISM code was launched with the intent of getting companies to self-regulate and proactively mange risks. Companies that have embraced the ISM Code and not solely viewed it as a paperwork burden have reaped the benefits of the ISM code. Companies with ISM certification that have a well implemented system are able to proactively manage risks and thus able to save costs from saving the costs on dealing with non-conformities.
To gain ISM certification an organization must demonstrate that they have met the intent of the code and inherent in this is meeting the following functional requirements of the ISM code:
• A Safety and Environmental Protection Policy – To attain ISM Certification in the form of a Document of Compliance or Safety Management Certificate for the vessel the company must demonstrate that a policy is in place that shows how the company will meet the safety objectives of the code. It must be implemented at both shore and vessel.
• Instructions and procedures to ensure safe operation of ships and protection of the environment in compliance with relevant international and flag State legislation – These are essentially addressed by implemented SMS documentation meeting the requirements of clause 7 of the ISM code.
• Defined levels of authority and lines of communication between, and amongst, shore and shipboard personnel – The key words of between and amongst in this clause should not be missed. For the system to go beyond ISM certification the processes must work interactively to achieve the goals of the company and personnel must be clear on the expectations of them.
• Procedures for reporting accidents and non-conformities with the provisions of this Code – Identifying and addressing non-conformities plays a crucial role in the success of the system. With effective corrective action companies are able to ensure that the non-conformity does not occur again. This requirement is further amplified in clause 9 of the code.
• Procedures to prepare for and respond to emergency situations – ISM certification includes being able to demonstrate that a company can respond to emergencies at any time. To ensure this a designated person ashore is appointed who is available 24 x 7.
• Procedures for internal audits and management reviews – Internal audits and reviews to assess the effectiveness of the system must be conducted. Apart from the internal audits done by the company the Flag Administration conduct ISM certification audits prior issue of the interim SMC/ DOC as also prior the first full term certificate. Thereafter verifications are conducted at periodic intervals.
To learn more about how to implement and assess the effectiveness of implementation through audit enroll for QMII’s ISM Auditor class.
ISO/IEC 27001 Lead Auditor Coaching: Bettering Cybersecurity Compliance
Introduction:
In today's digital era, where data breaches and cyber threats have become increasingly common, organizations must prioritize robust information security management systems (ISMS). One of the most recognized and globally accepted frameworks for ISMS implementation is ISO/IEC 27001. Achieving compliance with ISO/IEC 27001 requires thorough audits conducted by skilled professionals. This article explores the significance of ISO/IEC 27001 Lead Auditor Training in equipping auditors with the necessary knowledge and skills to ensure effective implementation and continuous improvement of information security measures.
The Role of ISO/IEC 27001 Lead Auditor Training
ISO/IEC 27001 Lead Auditor Training equips professionals with the knowledge and expertise required to conduct comprehensive audits of information security management systems. This specialized training program focuses on familiarizing auditors with the ISO/IEC 27001 standard and its associated controls, enabling them to evaluate an organization's ISMS against the requirements set forth in the standard. The training delves into the core principles of ISO/IEC 27001, including risk assessment, risk treatment, and continual improvement. Auditors learn about key areas such as information security policies, asset management, access control, cryptography, and incident management. By mastering these aspects, auditors gain the necessary competence to identify vulnerabilities, assess risks, and recommend appropriate controls.
Benefits of ISO/IEC 27001 Lead Auditor Training
1. Enhanced Understanding of ISO/IEC 27001: ISO/IEC 27001 Lead Auditor Training provides a comprehensive understanding of the ISO/IEC 27001 standard, enabling auditors to interpret its requirements accurately. This knowledge allows them to identify non-compliance and recommend effective corrective actions.
2. Effective Auditing Techniques: The training equips auditors with the skills to plan, conduct, and report on audits effectively. They learn how to assess the implementation and effectiveness of security controls, evaluate risk management processes, and ascertain compliance with legal and regulatory requirements.
3. Risk Assessment and Mitigation: ISO/IEC 27001 Lead Auditor Training emphasizes risk assessment methodologies and strategies for risk treatment. Auditors gain the ability to identify vulnerabilities, evaluate risks, and propose appropriate control measures to mitigate potential threats.
4. Continuous Improvement: By understanding the principles of continual improvement embedded in ISO/IEC 27001, auditors can guide organizations in establishing a culture of ongoing enhancement. They learn to assess the effectiveness of security measures and recommend improvements to strengthen the ISMS.
Conclusion
ISO/IEC 27001 Lead Auditor Training plays a pivotal role in developing competent auditors who can drive information security compliance within organizations. By mastering the intricacies of the ISO/IEC 27001 standard, auditors gain the ability to assess an organization's ISMS, identify areas for improvement, and ensure the implementation of robust security controls. As cybersecurity threats continue to evolve, organizations must invest in skilled professionals who can navigate the complexities of information security management. ISO/IEC 27001 Lead Auditor Training equips auditors with the necessary expertise to bolster cybersecurity defenses, mitigate risks, and establish a robust framework for safeguarding sensitive information. By prioritizing ISO/IEC 27001 Lead Auditor Training, organizations demonstrate their commitment to protecting valuable assets, gaining stakeholder trust, and maintaining a competitive edge in an increasingly interconnected world.
Bettering High quality Control: Inside Auditor Coaching ISO 9001
Introduction:
Enhancing Quality Management: Internal Auditor Training ISO 9001. In today's competitive business landscape, organizations strive to deliver high-quality products and services to gain a competitive edge. The International Organization for Standardization (ISO) plays a crucial role in facilitating this objective through the ISO 9001 standard, which sets out the requirements for a robust quality management system (QMS). Within ISO 9001, internal audits serve as a vital mechanism for evaluating and improving the effectiveness of the QMS. In this article, we delve into the significance of internal auditor training ISO 9001, exploring its key elements, benefits, and the impact it has on overall organizational success.
Key Elements of Internal Auditor Training ISO 9001 :
To fulfill the requirements of ISO 9001, organizations must ensure that their internal auditors possess the necessary knowledge and skills to conduct thorough and effective audits.Internal auditor training ISO 9001 encompasses several key elements:
1. Understanding the ISO 9001 Standard: Internal auditors need a comprehensive understanding of the ISO 9001 standard, including its principles, requirements, and terminology. This knowledge provides auditors with a solid foundation for conducting audits and assessing compliance.
2. Audit Planning and Preparation: Training programs equip internal auditors with the skills to plan and prepare for audits effectively. This includes defining audit objectives, developing checklists, and establishing clear criteria for evaluating processes and procedures.
3. Audit Techniques and Methodologies: Internal auditor training focuses on imparting various auditing techniques and methodologies. Auditors learn how to gather evidence, conduct interviews, and use sampling techniques to assess the effectiveness and efficiency of processes.
4. Communication and Reporting: Effective communication is vital for internal auditors to convey their findings and recommendations clearly. Training programs emphasize the importance of concise and accurate reporting, enabling auditors to communicate audit results effectively to management and stakeholders.
Benefits of Internal Auditor Training ISO 9001 :
Internal auditor training ISO 9001 offers numerous benefits to organizations, enhancing their quality management systems and driving overall success. Some key advantages include:
1. Improved Compliance: Trained internal auditors ensure compliance with ISO 9001 requirements, identifying non-conformities and areas for improvement within the QMS. This helps organizations address issues promptly and maintain adherence to the standard.
2. Enhanced Risk Management: Through internal audits, trained auditors identify potential risks and vulnerabilities within processes, enabling organizations to proactively mitigate these risks. This contributes to a more robust risk management framework.
3. Continual Improvement: Internal auditors play a pivotal role in driving continual improvement within the organization. By identifying areas for enhancement, auditors enable organizations to optimize processes, enhance customer satisfaction, and increase operational efficiency.
Conclusion :
Internal auditor training ISO 9001 serves as a critical element in ensuring the effectiveness and compliance of an organization's quality management system. By equipping auditors with the necessary knowledge and skills, organizations can conduct thorough internal audits, identify areas for improvement, and drive continual enhancement. Through effective internal auditor training, organizations can foster a culture of quality, resulting in improved customer satisfaction, increased operational efficiency, and a competitive advantage in the market.
Remember, investing in internal auditor training ISO 9001 is an investment in the long-term success and sustainability of your organization's quality management system.ISO 14001 – Environmental Management System Auditing
With the HLS (high-level structure) common to all standards ensuring the ten-clause structure an organization can ensure the best results to its management system by having an integrated management system. A divided approach to managing an organization based on several standards can often result in environmental and quality policy being in conflict. If occupational health and safety (ISO 45001) are also to be integrated, it enables the management to consider the risks in the combined context of the organization. When these are separated the combined risks can be mixed. Further, if security is to be also part of the management system (ISO 28000 – still not in the HLS format), integrating the system would ensure a functional management system.
Environmental management system based on ISO 14001, has integral it the consideration of aspects, their impacts, recognition of significant impacts, and prioritization of the same. Experience shows that implementing ISO 14001 is easier and simpler and more readily accepted by the employees when the organization already has a functioning Quality Management System (QMS) based on ISO 9001 in place.
A well-implemented EMS, EMS ensures cost savings by recycling, reduction in consumption, and cost savings in waste. This gives tremendous advantages over competitors for projecting the organization as a responsible company but when tendering for business. Managing risks is more comprehensive, as the leadership is able to see combined risks to the organization in quality, safety, occupational health, and security. The demonstration of commitment to improving the environment in a socially responsible manner is more systematically implemented by interpreting the ISO 14001.
Auditing the integrated management system, if that be the choice (recommended), or just the EMS based on ISO 14001 requires the auditors to first interpret the standard based on company policy, the organization’s goals based on consideration including expectations of the interested parties and the external and internal issues aligned to statutory requirements. Auditors, particularly internal auditors must ensure the interpretations of ISO 14001 are aligned per guidelines for the industry. ISO 14001 certification can improve an organization’s reputation and result in improved relationships to the mutual benefit of stakeholders and the organization.
Auditors must not forget that internal auditing is not to judge the legal compliance of the processes. Legal compliance is a requirement and is best judged by compliance auditors. Internal auditors audit to see that the organization has the processes to ensure compliance. Internal auditors look at the plans of the organization to ensure processes monitor environmental aspects and mitigate as required, systematically address them.
QMII (www.qmii.com) has for 30 plus years integrated management systems and training lead auditors for various standards including ISO 14001. With our vast consulting experience in ISO 14001, we reinvest our field experience into the content development of our courses. The real-world experiences back our instructors and training material in ensuring auditors understand ISO 14001.
A good internal audit process, for any standard, particularly the ISO 14001, should start with a good plan. Good QMII training ensures, auditors prioritize audits, and allocation of time-based on risks, previous results, the importance of the process. The audit cycle is often one year (can vary), and so depending on the environmental importance of the process and past performance-critical environmental aspects can be audited.
Can training solve the issue of human error at sea?
Those who have been employed in the maritime industry for even few months will have heard the term that 80% of the accidents incidents at sea can be attribute to human error. The solution for this is often quality maritime training for the personnel involved. However, training is perhaps the most easily reversible corrective action. System experts will even go so far as to say that when something goes wrong do not blame the individual but blame the system. Can it always only be the system fault. Surely human error does play some part.
With the onset of STCW, new rules were ushered in to ensure quality maritime training for all personnel at sea. Similar rules have been extended to those in the inland water towboat industry with the onset of Subchapter M. STCW required maritime training centers to have quality standards systems in place and for flags to provide oversight of the training institutions to ensure quality maritime training was indeed being delivered. So, with such well trained personnel why then do errors still take place?
Safety management system are truly only successful when a just culture for safety exists aboard the vessels. This means there is no fear of repercussion or reprimand for stopping someone performing an unsafe act or to report an unsafe condition. When human error does creep in, it can often be attributed to the dirty dozen of unsafe acts and conditions. When a non-conformity occurs, or a potential non-conformity is identified the corrective action identified must address the root cause(s) of the problem. Poor root causes analysis will lead to quick fixes but no long-term improvement. Identifying the root cause leads to systemic corrective action with solutions perhaps being newly identified competence, mistake proofing of the system, revised procedures and in some case training. However, this time the training is made systemic and so repeated at periodic intervals.
Quality maritime training is only the first step towards ensuring qualified mariners as required by the ISM code but they competent, qualified mariners need to have the support of the system. When human error, operator error, user error and the such are identified over time as root causes it may be possible that it is indeed such, but it may also signify a deeper root cause. Perhaps a poorly managed hiring process, or induction process, or onboard training program. Training may have some role to play in the success of a safety management system and the reduction of human error as a cause of incidents/ accidents. Quality maritime training may be a leading preventive tool, however, only when the issues are treated systemically will long term improvements be gained and safer operations as a result.
Maritime Leadership – Beyond Designated Person Ashore (DPA)
It appears the maritime leadership is limited to the DPA/DP (Designated Person Ashore). The worst is when senior leadership of a company, washes its hands off, of the leadership role, by assuming a DP will do all that needs to be done! The ISM (International Safety Management) Code, in clause 4 defines the role of the DP (designated person). It is to be remembered that the DP is indeed the link between the company and those on board, to the extent decided by the leadership/ ownership of the maritime company. The DP with clause 4 of the ISM Code has his/ her role defined as the link. However, there is much more to it. There is a kind of upstream and downstream relationship between the safe operations of a vessel, and the leadership exercised by the shipping company. The DP can represent and do his best in meeting objectives if he/she is resourced and supported by the leaders. Maritime leadership is strengthened by the contribution of the DP. This is particularly true when a tragedy occurs, and the crisis management team is called to minimize the aftermath of the tragedy and hands-on dealing with the tragedy. The DP as part of the crisis management team and must play a lead role in providing his/ her experience, expertise to ensure the situation does not worsen. DP should be competent, involved and participate in designing the safe operations of the vessel as also to predict the risks and trends from the available company and industry data and make timely recommendations, to ensure tragedies do not occur. But once they occur the same detailed knowledge has to be used to meticulously plan the response actions.
The leadership of the company, particularly when not from the marine background, should orient itself to matters maritime during good times. It is in normal good times that the relationship of confidence has to build with the DP. Regular access to the TM (top management) of the company by the Designated Person Ashore, makes teamwork smooth in a crisis situation. The leadership working together with DP and the team is able to ensure the company’s safety objectives, environmental policy implementation and functional requirements are met. Regular drills and exercises and analysis of situations ensure that the lessons learnt thereof, are used as input for further planning and resourcing. Clause 4 of ISM Code is not just a job description basis for the DP, but also an input to the leadership to see where they fit in so that the support when required can be provided in a crisis without delays in a crisis. Building trust is a responsibility both the DP and the organization must build. There is much more to this dynamic leadership role. Meeting the safety, prevention of human injury or loss of life, and avoidance of damage to the environmental objectives of the company given in clause 1.2 of the ISM Code are the DP’s responsibilities. He/ she is the implementer of safety and environmental policy as given in clause 2 of the ISM Code. This however cannot be achieved without resources and support from the company top leadership.
Emergency preparedness is a requirement of the ISM Code. Clause 8 of the ISM Code requires implementation on board, with office support lead by the Designated Person Ashore and resourcing provided by the top management of the company. The DP with his/her team brings the considered opinion as input to the organizational decision-making body. Making preparations for being able to respond to emergency situations at sea needs forethought in appreciating the risks, and preparations in advance. It starts with recognizing the hazardous situations, creating the procedures, conducting drills and exercises, and learning lessons from exercises conducted, other industry inputs, similar occurrences anywhere. Data drives risk appreciation and trend recognition. Managements have to look ahead at possible crisis and be prepared with timely quick response.
Crisis if handling well, requires and brings out clearly that not just competence, but motivation and leadership are all of the utmost importance. As primary consultants in the field of maritime work, QMII (www.qmii.com ) has worked on crisis management, handling media, and building teams for over 30 plus years now. Our experience shows clearly that a leadership team working with not just the Designated Person Ashore, but all departments in a participatory manner determines the success of addressing a crisis.
Safe operation of ships and prevention of pollution requires dynamic leadership at the company level with the involvement of the DP using the expertise in the ISM Code and SOLAS as also other relevant IMO conventions, as also Flag State advises to formulate robust, well thought out plans for crisis management. A process-based management system approach is most important. “If an organization can do not describe what they do as a process, then they do not know what they are doing,” it is to be remembered that behind every casualty at sea are many detentions, and behind them indicators like Major NCs (non-conformities) and near misses. The maritime leadership with Designated Person Ashore included must lead to prevent a crisis.
Effectiveness of the ISM Code
The ISM (International Safety Management) Code, in itself, is not a magic wand, that will bring safety or prevent pollution. It depends on the organization on how it implements the Code. Safe operation of ships and the prevention of pollution should have been any organization’s objective. Yet all over the world owners to save money compromise these objectives. Did not the Titanic on April 15, 1912, sink, trying to create a record of crossing the Atlantic, by going North to cut distance, run into the iceberg?
The sinking of the Titanic, with a loss of nearly 1500 passengers and the crew was an eye-opener. It led to the SOLAS (Safety of Life at Sea) convention. Did the negligence and continued operation of ships compromising safety stop with SOLAS? Sadly not. The investigation by Justice Sheen into the sinking of the Herald of Free Enterprise, on March 6, 1987, looked at why SOLAS had not helped prevent the tragedy. It brought out the necessity for a process-based management system, and the SOLAS Chapter IX was updated to authorize the ISM Code. It provides the guidelines for the implementation of a system to ensure the safety of vessels at sea.
The Flag State Administrations whose flag the ships sail under, legitimize the use of the code making it mandatory for internationally trading vessels. If any company is bent upon not implementing it in the spirit of it, then of course the objectives of the code as also the functional requirements will not be met. Owners and Operators of the vessels often look to short term gains wherein they compromise the standards and bypass the rules. They have to understand that behind every casualty at sea are many detentions and behind them indicators like Major NCs (non-conformities) and near misses.
The Flag States who do not strictly inspect and audit vessels to the ISM Code and issue SMC (safety management certificates), are actually, to retain the business of ship owners, jeopardizing the same ships! Even some responsible Flag States, due to shortage of manpower outsource their duties to ROs (recognized organizations), often represented by class societies. This results in diluted control, as an outsourced process needs strict monitoring of the process to ensure the performance is not affected. Not managing an outsourced process is as good as not taking responsibility. Authority can be delegated, bot the responsibility.
NCs (non-conformities) drive correction and CA (corrective action), and as such should be welcome as inputs to ensure continual improvement of the system based on the ISM Code. Yet, there are every day common examples of Masters of ships negotiating to somehow get the auditors to not give NCs. This is because the management ashore is not mature to realize, that keeping the master’s pressurized and performance being judged by NCs reported is creating an environment of fear and hiding of NCs. A good SMS (safety management system) based on the ISM Code, if correctly implemented should welcome NCs. The DP (designated person) should know that the “only bad NC, is the one which the organization does not know about.”
For domestic vessels, and for that matter towing and small vessels, and perhaps in due course of time for domestic passenger vessels, one would think a new standard would be required? Sub Chapter M for the towing industry in the USA, is nothing else but the ISM Code domesticated. The ISM Code is a useful well thought of document which provides strong fundamentals based on hundreds of years of sea experience, loss of life, cargoes, ships, and fortunes. The process-based management system it propagates would systematize operations. However, for an effective management system, the implementers have to be motivated and committed. The Flag States have to be strict and vigilant in their issue of certificates. When they outsource the certification to Ros, they must not wash their hands of their responsibility. The strict monitoring of the ROs by ensuring good clear concise MOUs (memorandums of understanding) with clear provisions to audit the ROs must be put in place. The owners and operators through their organization should put in place a robust internal auditing program that gives the objective inputs on the implementation of the ISM Code.
– by Dr. IJ Arora
ISO 14001 Management System Certification – Cost versus Value
The most popular type of management systems used today often depends on the type of organization, and how they run their operations. ISO 9001:2015 Quality Management Systems is the most popular for companies selling products to the military, along with AS9000:2016 Rev D for aviation, space, and defense organizations. Food processors lean toward ISO 14001:2015 Environmental Management Systems (EMS) and ISO 45001:2018 Occupational Health and Safety (OH&S). The size of the organization can have a significant bearing on whether they get certified or claim to conform. It cost less to state you conform than to conduct the number of audits needed to become, and stay, certified.
Agricultural oriented small and medium enterprises (SMEs) will often opt for EMS. Vineyards, vegetable farms, and livestock farms like ISO 14001. Therefore, it depends a lot on the percentage of SMEs that are in those businesses. In many cases, the percentage of organizations conforming to ISO 14001 depends on the amount of local or government pressure to conform. In Europe and China, ISO 14001 is much higher than in the USA, in part due to government and environmentalist pressure.
Agricultural businesses and those that are getting pressure from socially responsible groups are the types of organizations that become ISO 14001 certified. Meat packaging companies like Smithfield Ham in Virginia (now owned by a Chinese company), is ISO 14001 certified. Only four major Ports in the USA are ISO 14001 certified (Port of Virginia is one) but many countries require the certification. Partly due to all of the food coming into the Ports, but also due to the amount of pollution generated by boats, trains, and trucks that service the Ports. Ports are also now looking at ISO 50001 Energy Management Systems in conjunction with ISO 14001 certification.
One of the key drivers is the desire to meet ISO 14001 Standard requirements in the markets that they want to operate in or sell to. It is difficult to open facilities in most of Europe, the Middle East, and China without having an ISO 14001 certification. Environmental impact, energy efficiency, pollution reduction, and sustainability are considered by government permitting organizations. This is more important for large organizations, but many SMEs also want to sell internationally.
Like other ISO Standards, it takes about a year of internal audits to be ready to claim conformity or get certified to ISO 14001. SMEs, due to their smaller size, could take less time. Medium-size businesses, with multiple locations, may elect to just have their headquarters certified, and state conformity for branches and suppliers. An organization may elect to get its headquarters operation certified and use second-party audits to confirm that its other facilities and suppliers conform to the Standard.
The major cost of becoming certified involves training and multiple audits to get ready for certification. Once ready, a third-party audit is required. Most SMEs could be ready within a year. The actual cost would vary depending on the number of employees trained, and the number of audits conducted before certification.
With good training and responsible staff, most SMEs can become certified. All processes need to be in line with the goal of using environmental best practices. In some cases, the cost of changing current processes can become a barrier. Organizations can consider out-sourcing some processes in order to become more environmentally friendly. Internal and second party audits can help an organization determine what, if any, processes need to be modified or out-sourced.
There are many reasons why organizations decide to become certified, but over time, reasons have changed for both small and large organizations. With the new high-level-structure (HLS), EMS is now more similar to other standards. Organizations that use to be ISO 18001 are now considering ISO 45001, which has OSHA embedded in it. SMEs, like larger organizations, appreciate the value of being certified to popular standards and promote their conformity in their promotional material. Many companies that are certified to ISO 9001 have to get the certification to sell to government agencies. Many of the companies that get ISO 14001 certification, feel their end-users appreciate the company for having it.
To be sustainable, an organization needs to consider many factors. These factors typically fall into one of the three pillars of Sustainability – Social, environmental and economic categories. All organizations want to be socially responsible and do minimal damage to the environment, but they have to address the economics of operation. The key is to strike a balance and establish a management system with processes that can be defended in the light of internal and external audits.
– by Peter Burke