ISO 9001 & ISO 14001 Standards

Initial Review Of Gap Analysis In ISO 14001

A fundamental concept of the ISO 14001 EMS Standard is continual improvement of environmental performance. Before you can plan for improvement, you must first determine the current state of the organization’s environmental programs.The initial review or gap analysis is, in itself, a microcosm of a well-organized approach to the entire ISO 14001 EMS development process. Each specification of the standard must be reviewed, including policy, legal requirements, training, objectives and targets, operational control systems, document control, auditing, management review, and corrective action.

The review should take into account the culture, products, marketing strategies, and other specifics of the organization. In all cases, consideration should be given to the full range of operating conditions, including possible incidents and emergency situations that may be encountered.The ability of suppliers and subcontractors to comply with the Organization’s EMS program and applicable regulatory requirements should also be evaluated.

It is strongly recommended that the initial review consider energy use, financial accounting, and information systems so that these issues may be integrated into the EMS program.To effectively begin the Initial Review, several things must happen.

First, Management should issue a company-wide announcement of intent and endorsement. This should include estimates of the time required to complete the Initial Review, and time required to complete the entire project.

Second, the project leader should be identified and vested with ample authority for completion of the project.The Initial Review is a review of all pertinent documents, from which an accurate plan is designed for the EMS Gap Analysis.

All information from the review, including deviation from regulatory requirements and adverse impacts on the environment, should be identified along with policies, programs, procedures, training and work instructions, and operational controls.A portion of the project team should begin to assemble a registry of appropriate regulations identified during the Initial Review.

All pertinent national, state, local and self-subscribed requirements should be assembled. They should be compared with identified environmental impacts.An Initial Review is also important in ensuring that EMS design is compatible with all current organizational management structures and operations wherever possible. This is especially important where the EMS interfaces with the site’s existing health and safety, accounting, computer systems, purchasing, energy utilization and other management programs. The focus will be to achieve operational efficiencies that ensure environmental improvements and maximize cost reductions.

Initial Review outputs will be:

· An EMS Gap Analysis Design that details where existing environmental management procedures must be further investigated to determine conformance with the Standard.

· A review of the site’s overall environmental management strengths/weaknesses.

· A schedule of events for the Gap Analysis.The gap analysis allows for a quick but comprehensive assessment of the facility’s existing environmental management practices and procedures, and compares themwith the requirements of the Standard.

To perform the Gap Analysis, a standard template tailored for that specific purpose is used. The template is a questionnaire with a three way scoring system, which develops a final rating of the current programs of the site as they compare with the sections of the Standard. The score from this questionnaire and investigative template identifies which areas of the EMS might be enhanced to improve environmental performance and comply with the Standard.Based on the results of the Gap Analysis, the project schedule and design may require modifications. Modification should precede further systems development.

Using the results of the Gap Analysis, the EMS developmental process can now begin.This may involve modifying existing procedures, adapting other business procedures such as those designed for health and safety, accounting, or risk management to environmental utilization. At certain points, new procedures will be required.Prior to embarking on EMS development, always remember that the more flexible your EMS is, the easier it will be to implement and the more flexible it will be in the future.

The Difference Between Compliance Auditing and Systems Auditing In ISO 14001

Often however, there is confusion between regulatory compliance auditing and EMS auditing. This is because there are many elements of regulatory compliance that overlap with the EMS. Recall that the criteria in a compliance audit are the applicable regulations, whereas the criteria in an EMS audit would be ISO 14001. But does not ISO 14001 address compliance?

The answer is yes, but from a system standpoint, not performance.In other words, the standard requires that certain procedures exist regarding identification of legal and other requirements, that periodic compliance assessments be performed, that legal requirements be considered in setting objectives and targets, and that there be a commitment to compliance.

However, actually being in compliance is a performance issue, and out of the purview of ISO 14001.Of course, a system that is constantly out of compliance or does not identify and initiate action to correct noncompliances, will eventually fail due to system failure. The subtle, yet important point is that during an EMS audit, identified regulatory noncompliances are relevant only to the extent that they reflect a potential system problem.

The finding therefore is not that the site is out of compliance with a given regulation, but that the noncompliance means some EMS element is not conformed to. For example, a regulatory noncompliance can be related to a problem with training, recordkeeping, or monitoring and measurement.The EMS auditor is not to do a compliance audit as part of the EMS audit.

If, as part of the statistical sampling to verify EMS element requirements, the auditor identifies a regulatory noncompliance, he or she treats it as any other evidence.This point has been difficult to accept, especially in U.S. industry because of our long history of regulatory enforcement. The EMS auditor needs to constantly remember that compliance auditing is being done separately as part of the EMS requirements itself (4.5.1, paragraph 3) and to stay focused on the criteria at hand – ISO 14001 and the site’s EMS.

There may be legal requirements regarding noncompliances encountered during the EMS audit, but this should be decided and addressed in the audit plan.In summary, the goal of the compliance audit is to verify compliance with regulations, whereas the EMS audit’s goal is to verify that the EMS conforms to planned arrangements, including ISO 14001.

The Audit Report In ISO 14001The Audit Report In ISO 14001

Once agreement has been reached, both among the audit team and with the auditee, it is time to prepare the audit report. Note that ISO 14001 does not require a documented audit report. However, it is very difficult to verify that the auditing requirement has been satisfied without a supporting record, which is typically a documented audit report.

The audit report is prepared by the lead auditor, although he or she may have other team members prepare portions. The content of the audit report is determined by the audit plan and the organization’s EMS audit procedures. Having completed the examination phase and evaluated the collected data observations, etc., the assessor is faced with the problem of documenting any deficiencies he or she may have found. There are many different methods of documenting deficiencies, ranging from inclusion in the body of the audit report to producing non-conformance notes or corrective action requests. Irrespective of which method is adopted, the basic principles to be followed are similar.

ISO 14001 does not dictate what should be in the report, and ISO 14011 only suggests contents. ISO 14011 indicates that at a minimum, the findings need to be in the report. The findings appear as a statement that the EMS is or is not in conformance with the criteria, and states what the criteria and supporting evidence are for the statement.

ISO 14011 also lists other optional items to include such as:

• the identification of the organization audited and of the client;

• the agreed objectives, scope and plan of the audit;

• the agreed criteria, including a list of reference documents against which the audit was conducted;

• the period covered by the audit and the date(s) the audit was conducted;

• the identification of the auditee’s representatives participating in the audit;

• the identification of the audit team members;• a statement of the confidential nature of the contents;

• the distribution list for the audit report;

• a summary of the audit process including any obstacles encountered;

• audit conclusions such as:

- EMS conformance to the EMS audit criteria;

- whether the system is properly implemented and maintained;

- whether the internal management review process is able to ensure the continuing suitability and effectiveness of the EMS.

The format of such reports can vary considerably and may range from completion of a simple pro-forma to expansive documents describing all aspects of the audit performance and findings. However, irrespective of the style and format, the audit report should cover the key topics already identified as being essential for discussion and presentation at the opening and closing meetings.

In constructing the report two specific objectives must be borne in mind.

(1) The report has to provide objective evidence of effective implementation of the audit procedure.

(2) The report has to allow for corrective action to be addressed and that the follow-up requirements can be established and initiated.Where there are non-conformances, there are various options regarding deficiency reporting.

One option is to describe each of the deficiencies identified in the main body of the report along with any supporting evidence, and if requested, corresponding recommendations. Although this may result in a comprehensive report of audit findings, it has the disadvantage that the individualdeficiencies are often difficult to locate, particularly when trying to monitor follow-up actions.This can be partly overcome by writing separate corrective action requests for this purpose. A useful alternative that is less time consuming is to restrict the description of deficiencies in the body of the report to general summaries only.

Details of deficiencies can then be included in non-conformance notes. Ideally, the non-conformance note should also provide space for agreeing corrective actions and recording subsequent monitoring of that corrective action. In this manner, any duplication of effort with respect to audit reporting is minimized, thus producing a more easily managed system. It is important that however non-conformances are handled, it be constant with the EMS correction action process (ISO 14001, Section 4.5.2).

Before considering the steps in preparing the non-conformance note we must be clear about their purpose.

• To convey to the auditee the findings in a clear and accurate manner so that they know what to do next.

• To advise the EMS personnel or other auditors what you have found so that he can follow it up.

• To present a record that can be reviewed remotely from the scene and be understood.All non-conformance notes must contain certain basic information.

• The physical area being audited.

- Failure to record this often results in great confusion 3 to 6 months later when a follow up visit is carried out to review corrective action implementation.

• The specific clause(s) of the assessment standard(s) against which the non-conformance is issued.

- If the auditor is unable to readily identify the applicable section of the EMS manual or the procedure against which to issue the non-conformance, he must question whether or not he is justified in writing the non-conformance.

It is good practice to re-read therequirements of the relevant system documentation to confirm that these can be interpreted as supporting the non-conformance. If they do not, then the non-conformance cannot be issued.

• The detailed nature of the non-conformance including the specific identity of documents/procedures/material, etc.Earlier we considered the requirements for recording observations during the assessment and emphasized the need for them to be factual and to contain objective evidence that the system requirements were not being satisfied. Although this appears to be fairly straightforward, in practice this is often not the case. It is not unusual for inexperienced auditors to identify a deficiency only to fail to communicate the findings in a manner that facilitates implementation of the appropriate corrective action. The non-conformance note, while not being over long, must contain sufficient information to enable a person not present during the audit to be able to gauge the seriousness or otherwise of the observation.The use of descriptive terms such as extensive, several, isolated, etc… is essential to communicate accurately the nature and extent of the deficiency, but care must be taken to ensure that their use does not result in a lack of objectivity; e.g., the term extensive can only be included if there is irrefutable evidence to justify its use.

The auditor must also take care to ensure that the description is not only accurate but it is also fair, e.g., a statement that 50% of manifests were incorrectly signed may be accurate but is hardly fair if only two manifests were sampled.Having documented the nature of the deficiency, some audit systems require the auditor to grade the deficiency or non-conformance, e.g., major and minor. It is not intended to discuss grading systems in detail since there are many potential variations that companies may wish to adopt. Irrespective of what system is being adopted, the auditor must ensure that the grading given andthe text describing the deficiency are completely compatible.Distribution of the audit report and nature of documentation are decided between the auditor and auditee, although this too is usually addressed in the audit plan. An audit is considered successful when the auditee and client feel that they have useful, constructive feedback that allows them to improve the system.

ISO 14001 Standards Audit
ISO 14001 sets out a system that can be audited and certified. In many cases, it is the issue of certification that is critical or controversial and is at the heart of the discussion about the trade implications.Certification means that a qualified body (an accredited certifier) has inspected the EMS system that has been put in place and has made a formal declaration that the system is consistent with the requirements of ISO 14001.The standard allows for self-certification, a declaration by an enterprise that it conforms to ISO 14001. There is considerable skepticism as to whether this approach would be widely accepted, especially when certification has legal or commercial consequences. At the same time, obtaining certification can entail significant costs, and there are issues relating to the international acceptanceof national certification that may make it particularly difficult for companies in some countries to achieve credible certification at a reasonable cost. For firms concerned about having certification that carries real credibility, the costs of bringing in international auditors are typically quite high, partly because the number of internationally recognized firms of certifiers is limited at present.2The issue of accreditation of certifiers is becoming increasingly important as the demand increases.Countries that have adopted ISO 14001 as a national standard can accredit qualified companies as certifiers, and this will satisfy national legal or contractual requirements. However, the fundamental purpose of ISO is to achieve consistency internationally. If certificates from certain countries or agencies are not fully accepted or are regarded as second class, the goal will not have been achieved. It is probable that the international marketplace will eventually put areal commercial value on high-quality certificates, but this level of sophistication and discrimination has not yet been achieved. It is essential to the ultimate success of the whole system that there be a mechanism to ensure that certification in any one country has credibility and acceptability elsewhere.The ISO has outlined procedures for accreditation and certification (Guides 61 and 62), and a formal body, QSAR, has been established to operationalize the process. At the same time, a number of established national accreditation bodiesheavily involved in ISO have set up the informal International Accreditation Forum (IAF) to examine mechanisms for achieving international reciprocity through multilateral agreements (MLAs). However, these systems are in the earlystages, and many enterprises continue to use the established international certifiers, even at additional cost, because of lack of confidence in the acceptability of local certifiers.Given the variability in the design of individual EMS and the substantial costs of the ISO 14000 certification process, there is a growing tendency for large companies that are implementing EMS approaches to pause before taking thislast step. After implementing an EMS and confirming that the enterprise is broadly in conformance with ISO 14001, it is becoming routine to carry out a gap analysis to determine exactly what further actions would be required to achievecertification and to examine the benefits and costs of bringing in third-party certifiers.
ISO 14001 Standards Certification

ISO 14001 Standards sets out a system that can be audited and certified. In many cases, it is the issue of certification that is critical or controversial and is at the heart of the discussion about the trade implications.

Certification means that a qualified body (an accredited certifier) has inspected the EMS system that has been put in place and has made a formal declaration that the system is consistent with the requirements of ISO 14001 Standards.

The standard allows for self-certification, a declaration by an enterprise that it conforms to ISO 14001 Standards. There is considerable skepticism as to whether this approach would be widely accepted, especially when certification has legal or commercial consequences. At the same time, obtaining certification can entail significant costs, and there are issues relating to the international acceptance of national certification that may make it particularly difficult for companies in some countries to achieve credible certification at a reasonable cost. For firms concerned about having certification that carries real credibility, the costs of bringing in international auditors are typically quite high, partly because the number of internationally recognized firms of certifiers is limited at present.

The issue of accreditation of certifiers is becoming increasingly important as the demand increases.

If you are someone who is looking into getting an ISO 14001, then you may be wondering exactly why it is that you have to get this accreditation. First, you have to understand that ISO stands for the International Organisation of Standardisation. This is a series of standards that have been developed with a singular level of guidance for all companies to measure up to. The particular 14001 deals with the requirements that you will need to have in order to measure up to the environmental standards that have been set forth by the ISO.

While you do not necessarily have to get the ISO 14001 accreditation to operate your business, it is something you can do to prove to your clients and customers that you are doing your part to help out with the environment. However, you may be confused on how to go about getting this important accreditation, but it is not as difficult to attain as you might think, and most businesses should be able to get the certification within a year of the application. You should know that they will want to make sure that you have been following some form of environmental standards for at least three months prior to your application. To do this you can write an environmental review of your company’s environmental impact as it is in its current operating state. You will then want to make sure that you provide this information when you send off your initial paperwork to begin the overall process.

In order to help prove that your company is doing its part to be environmentally aware you will have to go through an initial audit once the application has been filled out and filed. After the audit has been completed you will get a list of issues that the auditor feels you need to resolve before you can be certified for the ISO 14001. You will need to work on and correct these issues before the second audit is conducted, and they will give you a time period (usually three to six months) when they will return to check on your progress.

When the second audit occurs they will once again assess the overall business and then they will address the issues that were laid out in the previous audit. If everything goes well then your company will have proven that they are doing what they can to meet the standard set forth in ISO 14001, and they will then receive accreditation. However, this is not the end of the process. Even though you are now recognised as having environmentally conscious policies that are congruent with the international standards, you will have to go through periodic audits every three years to make sure that you are still operating correctly. Not only this, but every three months partial aspects of your company will be analysed to see that they are still working within the standards as well. As long as you remain within the compliance terms you will continue to receive your ISO 14001 certification.

Is Green Business Really Environmentally Sustainable ?

Green Business is about a good management of a range of issues including reduced carbon footprint and good energy management but also including a broader environmental sustainability, within a practical environmental management system. The most effective system is ISO 14001. Many other approaches are less than effective

There is a wide variety of concepts that are understood by some as environmental management systems or EMS and this varies in different industries. The concept has evolved over time. Essentially the name says it all – A system to enable the business owner or manager to manage environmental problems both real and potential.

Owners and managers setting out to have a green business do not always achieve their aim of environmental sustainability and may not even include reduced carbon footprint and good energy management.

Many industry groups have developed industry wide simplistic programs that they call EMS that actually miss the S for system and some really only have a checklist approach that is based on an “average” or “typical” business in that industry. So effectively they also miss much of the environment. Many do not really involve any management either. Some are very superficial in the way that they select the environmental aspects they manage because they have been drawn up to be generic and cut out the need for the business owner to stop and think. In this case it is difficult to understand how any process of continual improvement can result.

One of these programs are as simple as a checklist, or what many involved call a “tick and flick” exercise. These are barely even educational for the business owner and have no ongoing benefits like reduction of costs or legal protection.

Even where the business owners and or managers spend a lot of time filling in forms and communicating with neighbours, there is often a real lack of understanding of how to identify and varied environmental risks in an individual businesses and why these need to be manage. They can easily miss things and even find they are risking legal implications in areas that are not typical and so not covered by the so called system..

An effective management system needs individual businesses to identify and understand what their environmental risks are or may be. These risks need to be managed and there also needs to be a feedback system going into a regularly reviewed system for continual improvement. This can be enhanced with auditing by qualified independent auditors, whether internal or external; although the greatest benefit does come from employing and independent external auditing body such as a certification body.

There were some early ISO 14001 systems that gave the system a bad name because they were based on outdated engineering and military approaches to ISO systems are overly paper heavy and full of jargon. These were not suitable for small business and farms. These systems have given ISO 140001 a bad name in some circles.

Unfortunately many consultants have come from an old style quality management background without any real understanding of or training in the environment. The training to upgrade from quality auditing only involves doing a three day seminar with a minimal assessment by a training organization. Then they audit with a rigid paper based approach and do a serious disservice to both their clients and to the auditing industry.

Small to medium businesses benefit from a simpler approach based on a real understanding of the issues involved and a genuine understanding of risks. Such systems are based on ISO 14001 and have a real emphasis on keeping things simple and minimizing paperwork. These give very real benefits to the businesses involved.