ISO 9001 Clause 5.4.1

Clause 5.4.1 of ISO 9001 requires that organisations “establish” quality objectives, and that these objectives “shall be measurable and consistent with the Quality Policy”. Fair enough, you could say, but saying it simply doesn’t make it happen. That’s why there is an additional requirement within clause 5.4.2 (QMS Planning) that states that planning “shall be carried out” in order to meet the requirements of the quality objectives. In other words, we set a target to achieve something, then we put a plan in place for managing the job. What could be simpler? Well, lots apparently. I have lost count of the number of times I’ve been presented with the vaguest of QMS objectives to “strive“ for this and “endeavor to achieve“ that. Virtually meaningless objectives that would make a politician blush, generally unsupported by any kind of rational plan or monitoring. It’s a common problem, and more often than not,  it is ignored or tolerated during a third party audit

OHSAS 18001 Clause 4.3.3

The strange thing is, there is a similar coupling of requirements in OHSAS 18001 with regard to OHS objectives and planning (clause 4.3.3), but the failure to identify meaningful objectives and to support the objectives with a plan is much less of a weakness in that discipline. It is actually relatively uncommon to encounter vague and meaningless OHS objectives, or to find there is no method for working towards them. Why is that? Is it that the penny has dropped better and farther with OHS people? Are they cleverer than “Quality” people? Does the training that OHS people tend to go through (IOSH, NEBOSH or whatever) emphasise this planning discipline more effectively? Or is it down to the fact that the requirement is consolidated within a single cohesive clause, so it is harder to overlook or wriggle out of?

Sharing best practice

From time to time I do get involved in various consultative processes relating to the review of standards, particularly ISO 9001, and I must say I would be lying if I said I enjoyed it. That’s probably more to do with the type of person I am, and the requirement to get a large number of people agreed around (first) general principles, and then around actual words, frankly takes ages. It wears me down quicker than it seems to wear down others. But that is my problem. I also get frustrated by what I would call a general “not invented here” syndrome. In my view, anyone with the slightest degree of objectivity would have to admit that ISO 14001:2004 and OHSAS 18001:2007 do at least a couple of things better than ISO 9001. It has long been my opinion that ISO 9001 could achieve a couple of “quick wins” simply by acknowledging the fact and replicating the structural and content issues that quite obviously work much better. The main things, in my view, are the following;

PDCA Structure

ISO 14001/OHSAS 18001 clauses are structured around a PDCA model. ISO 9001 clauses are not. They could be, but they aren’t. ISO 9001 supports a PDCA approach, so why does it not adopt the obvious sensible approach of structuring its higgledy piggledy clauses more rationally? You tell me. Our environmental and health & safety cousins have shown that it can easily be done

System Planning

For reasons I have stated above, the system planning requirements are included in a more integrated way

Management Processes

These are described in a more grown up, detailed and practical way. They are also NOT grouped together as they are in section 5 of ISO 9001. In my view this is a good thing. Again it represents a more integrated approach where “management processes” are not disaggregated from the system and applied as “bolt ons”

There are other issues that those standards just do better, but in my view these are the ones that jump out at you when you work across all three standards. The irony is indeed thick. A quality management approach supports the idea that continual improvement is supported by processes of organisational learning and the sharing of best practice. The huge caveat appears( to me at leas)t to preclude a requirement to learn from them over there ….

Post from: Capable People Blog

Quality Management System Planning

Here is a link to a comprehensive narrative and analysis of the Herald of Free Enterprise disaster, featuring some quite alarming lapses in the safety management system. It also illustrates the significance of promoting the right culture on the implementation of effective systems

Click here to view the embedded video.

Part 1

Click here to view the embedded video.

Part 2

Post from: Capable People Blog

Herald of Free Enterprise Disaster – Case Study

Transition to the revised standard for registered organisations There will be a two year transition period, starting 1st July 2007

Summary of revisions
The importance of “health” has been given greater emphasis BS OHSAS 18001:2007 can now be referred to as a standard, rather than a specification New definitions have been added, old definitions have been revised Improved alignment and compatibility with ISO 9001 and ISO 14001 The term “tolerable risk” has been replaced with the term “acceptable risk” The term “accident” has been included in the term “incident” The definition of the term “hazard” no longer makes reference to the damage to property, workplace or environment

Sub-clauses 4.3.3 and 4.3.4 have been merged (objectives and management program) in line with ISO 14001 A new requirement to consider the hierarchy of controls as part of the OH&S planning process has been introduced Management of change is now more specifically addressed within clauses 4.3.1 & 4.4.6 A new requirement “Evaluation of Compliance (4.5.2)” has been introduced Requirements for consultation and participation have been expanded A new requirement “Incident Investigation (4.5.3.1)” has been introduced

Overall, and at first site, the revision does seem to constitute a significant improvement, both in content and user friendliness. Obviously time will tell, but early signs are positive

Auditor CPD transition requirements
Auditors wishing to update their skills and knowledge, particularly with regard to the IRCA OHS Auditor Certification Scheme should complete a minimum 4 hour structured workshop and complete an appropriate number of audits to the BS OHSAS 18001:2007 standard

Shameless Plug
Capable People has developed a distance learning program that meets the IRCA transition requirements outlined in Briefing Notes IRCA 531 and 532. Details on our web site

Post from: Capable People Blog

OHSAS 18001:2007 – a heads up on the major changes

Workplace Safety and Health Framework

Have a nice day

Health & Safety in “The Office” (thanks to Steven Howard)

www.capablepeople.co.uk

Post from: Capable People Blog

Some free OHS video clips

Here’s a link to an excellent occupational health & safety audit good practice guide

With big thanks again to our great friend Chris Baker

You’ll search long and hard before you find anyone else that gives away such high quality complimentary material

Post from: Capable People Blog

OHS auditing – a good practice guide

How often have we heard that argument? We’re not having a pop at smokers in this post, by the way, just the argument, because it makes no sense. Do these people seriously hope to meet a sticky end under the wheels of a Number 23 in order to negate the risk of dying from lung cancer? Does a willingness to accept one risk mean that, for the sake of consistency, we have to accept them all? We all use our arguments selectively and when it suits us, often hoping that we won’t be challenged to take the argument to the next level. However this time we will

Most people, smokers and non-smokers, would like to lead a long and healthy life, but it is sadly true that no matter what steps we take, there are no guarantees and, yes, we can all get hit by buses (assuming we live in an environment where buses are also present). Life is full of hazards and each hazard has its risk element. To quit smoking does not guarantee longevity. It doesn’t even eliminate the risk of lung cancer, but it does slant the odds in our favour. We increase or decrease our odds by the choices we make. Life is just a series of bets. If we gamble too much and too freely on long odds bets, we increase our chances of coming a cropper. Failing to understand the odds or, some would say worse, ignoring them, again works in favour of the bookie who, in this case, is the grim reaper. To beat the grim reaper, like all good gamblers, we need a system

So what on earth has that got to do with ISO 9001, or OHSAS 18001? Well, a lot as it turns out. A management system is just a collection of controls. Controls that reduce our risks and slant the odds in our favour on a daily basis. Risks of product failure, risks of lost orders, lost information, accidents, litigation, all sorts of risks. Even with our system, we still have no guarantees, but our odds are better, and that’s got to be a good thing. That’s why we’ve said in the past that customers like to see management system certification.

It gives them confidence that they will have a reduced risk of supplier-related problems. But there are certainly some good systems and some bad systems about, because the quality of our risk reduction strategies will be directly proportional to the quality of our risk assessments, (for an idea how “risk assessment” relates to “quality” check out this earlier post). So we need to get them right for starters. Anyway, the lesson is that the better we understand the risks, the better our controls are likely to be, and the higher will be our chances of success. Our management standards help us to evaluate the odds, and the winners tend to be the ones that understand the odds the best

Las Vegas, it is often said, is a place where people who don’t understand maths, give a lot of money to people who do*

*Shaun Sayers, February 2008

Post from: Capable People Blog

Manage your risks with ISO 9001 & OHSAS 18001

With compliments

How do I achieve ISO 9001?

How do I achieve OHSAS 18001?

We’ve also developed a couple of neat distance learning packages that some of you may find useful

ISO 9001 distance learning

OHSAS 18001 distance learning

Post from: Capable People Blog

How do I achieve ISO 9001 and /or OHSAS 18001?