Homepage

 ISO Buyers Guide

 ISO 14000

 Hoshin

 Effortless QS-9000

 Letters

 News Digest

 Quality Mgmt.

 One Minute Mgr.

 Quality Standards

 Philip Crosby

 Gage Guide

 SPC Toolkit

 Book Reviews

 Quality Software

 May 1997 Article

Picture

Integration and Legal Impacts of EMS Documentation
by Annette Dennis McCully

Building a system that captures ISO 14001 requirements
in the ISO 9000 conformance system can help
streamline the EMS development process.

For companies planning to integrate management systems, developing documentation to meet ISO 9000 and ISO 14001 guidelines can be daunting. To learn how best to manage this documentation and its legal ramifications, Quality Digest spoke with Len Pasculli, director of environmental law for Sequa Corp.; John Wolfe, vice president of ICF Kaiser Consulting Group in Toronto; and Alan Knight, vice president of ICF Kaiser Canada in Toronto. Pasculli is in-house counsel for all of Sequa Corp. on safety and environmental matters, and is a participating member of the Legal Issues Forum for the U.S. Technical Advisory Group to Technical Committee 207, which developed the ISO 14000 standards.

Sequa Corp., headquartered in New York, runs several manufacturing companies for jet engine repair, rocket propulsion and coating for rolled-out steel, among others. The company has 9,700 employees at 46 U.S. sites and 14 international sites, with $1.5 billion in sales. ICF Kaiser Canada, a part of ICF Kaiser International, provides consulting services for environmental and engineering issues. Established in 1914, ICF Kaiser International has 7,500 employees in 70 sites worldwide and revenues of $1.3 billion.

Deciding who gets certified

"We had the green light from upper management to pursue third-party certification for ISO 14001, so we had to identify which segment of the company was being driven by market or by customer, and to help that division from the environmental health and safety department," explains Pasculli. "We decided upon the manufacturer of dashboard cigarette lighters in automobiles, Casco Products Corp. The obvious driver was the automotive industry because the Big Three automakers want their suppliers to be ISO 14001-certified."

The other driver is the fact that the company has facilities in Connecticut and Italy, which gives the company a European presence. In addition to being one of the world's largest manufacturers of cigarette lighters, the company is expanding its manufacturing to include other car products and is going through ISO 9000 certification, many elements of which can be applied to ISO 14001.

John Wolfe of ICF Kaiser Consulting Group says that they find that most companies which have an ISO 9000 program in place find it easier to implement ISO 14001. This is true for two reasons: The companies are accustomed to      systems thinking, and they are used to document control, records control and nonconformances.

"At the top end of the system where policy is developed, there will be separate documents for quality, environment, and safety and health," explains Wolfe. "At the bottom end, it is much easier to integrate these systems. There will also be some separate high-level procedures to support ISO 14001 because some elements of this standard require documentation for definition."

In terms of integrating safety and health as well as quality and environmental at the lower end, Wolfe asserts that integration is advisable and is a logical inclusion. Alan Knight of ICF Kaiser Canada adds that whether this occurs is based on the corporate culture, the current organization of the company and whether quality or safety and health people are driving the ISO 14001 implementation.

What documentation is needed?

Pasculli explains that he speaks from two perspectives: as a member of the Legal Issues Forum and as a team leader within Sequa Corp. for ISO 14001. "Not all parts of ISO 14001 require documentation, but it's a good idea to have these practices in writing to present these when audited," he advises.

The oversight committee that develops the policy should be made up of people at the facility and also staff from the environmental health and safety department who can assist, recommends Pasculli. The environmental health and safety group at Sequa plans to become certified auditors of environmental management systems and will be able to assist departments through the certification process. "Having been certified ourselves, we will be able to help with the documentation that is required," says Pasculli.

Wolfe suggests that companies focus on the minimum documentation that they need to demonstrate conformance with the standard. "We have found that companies that began with ISO 9000 went overboard on documentation and have become discouraged about developing more documentation," says Wolfe. "It's important to make sure that the documentation serves the company instead of the company serving the documentation. It's the old 'say what you do and do what you say' concept, and be able to prove it."

Many companies are issue-management-oriented, so it is difficult for them to go back and think about operating procedures and systems procedures, adds Wolfe. "That's where companies usually need a lot of help, in documentation on the procedures side," he notes.

Gap analysis

Before auditing a site for ISO 14001, the registrar performs a review of the site to point out where gaps or deficiencies exist within the management system. The site then has an opportunity to correct these gaps before the registrar returns to audit for certification. Because the documentation accompanying ISO 14001 management systems creates a paper trail, the whole process of gap analysis sometimes causes lawyers concern that identified gaps are privileged information, says Pasculli.

"The concept here is that nothing should be disclosed that makes the company uncomfortable," he explains. "The flip side of the coin is that companies well on their way to becoming ISO 14001-certified should have good systems, compliance and performance records in place. There may be a gap that is identified as a system deficiency, but this should not be the kind of deficiency that gives rise to a noncompliance or regulatory issue."

ICF Kaiser Consulting Group usually performs a gap analysis right away when assisting a company with ISO 14001 implementation, says Wolfe. "We provide a program to help the company put in place their operating procedures, programs and all the targets and objectives to meet the gaps," he explains. "Part of this is documenting what they do and looking for ways to integrate it with their other systems."

Integration

To get quality, environmental, and safety and health issues and documentation to flow together effectively, organizations should put together a cross-functional team at the start to perform systems integration on the documentation side, recommends Wolfe. Knight also recommends using ISO 9001 document control wherever possible.

"Build ISO 14001 documentation on ISO 9001 because it's already done," offers Knight. "Don't try to reinvent the wheel. Cross-check and double-check to make sure that the ISO 14001 requirements can be captured by the ISO 9001 conformance system, which should not be a problem. Wherever there is work construction, standard operating procedures and other procedures already in place, incorporate ISO 14001 systems into this documentation instead of creating new documents."

Many companies are looking at integration from the internal audit perspective, supplementing a regulatory compliance program with EMS criteria, or they are supplementing their ISO 9000 audit program with EMS criteria, says Knight. The audit teams are frequently cross-functional, he adds. Most companies are including their internal compliance assessments with internal EMS assessments.

"If only the environmental department were involved in the implementation of ISO 14001, the environmental management system would die," explains Pasculli. "It is necessary to have corporatewide awareness and participation. By its nature, the EMS is trying to address the environmental needs, from the raw materials brought in the back door to the product going out the front door. The management system must include quality people, line operators, purchasing and facility maintenance staff, along with any others affected by the system."

Conformance vs. compliance

It is important to recognize the difference between conformance and compliance. Conformance applies to management systems, just as compliance applies to regulatory issues. Pasculli points out that a management system deficiency is not the same as a noncompliance. Identifying a system deficiency does not necessarily give rise to a noncompliance.

"An environmental management system is different from compliance under a regulation," observes Pasculli. "It shouldn't automatically mean that an outsider coming and observing a deficiency in the system means that disclosure of this deficiency will give the company trouble. This is not like a compliance audit, where lawyers are concerned about disclosures being protected. We are trying to get away from the impression that these audits are going to be detrimental to a company merely because they have identified a deficiency. This is a debate that has been going on for a long time in the ISO 14000 context. It is unclear what the legal involvement will be."

Companies can perform preregistration audits in-house to locate gaps in the system, or they can have a different auditor come in for a preview assessment before the official registrar's audit. "Ideally, by the time a company gets to the certification audit, there won't be any gaps," says Pasculli.

He explains that Joe Cascio, chairman of the U.S. TAG to TC 207, has said not to get bogged down in the defensive lawyering issues and not to be shy or protective about pursuing ISO 14000. Instead, herald the environmental management system and be more free-flowing.

Document storage

Documents for ISO 14001 do not need to be stored in one place, explains Pasculli. This is neither a requirement for the standard, nor is it practical. Emergency response documents and manifests can continue to be stored where they currently are, but several employees need to know where these are. He suggests that if the whole environmental, health and safety staff spun off to form a new company tomorrow, the new staff should be able to pick up where the old staff left off.

To do this, there should be written policy and clear identification records of where these documents are. The system requirement is that this information be readily available. Pasculli recommends that responsibilities for various documents be listed by department or job title because an EMS reaches many departments, such as purchasing, facilities maintenance and line operators. Employees need to know where to go when an issue comes up.

As to whether documents that represent various portions of the EMS must be labeled as such, Pasculli says they do not. An emergency evacuation plan, for instance, is a part of the ISO 14001 system but is already in place for regulated and nonregulated reasons. This can be in a binder on a shelf or be posted on a wall, but does not need to be labeled as part of the ISO 14001 system. It does, however, need to be labeled as an emergency evacuation plan and listed as to location for employee access as described earlier. The auditors will use the document to try to identify the employees given responsibility and will go to these employees, who are listed by name or job title, to ask them if they understand what they are supposed to do.

"There is no such thing as a trophy document sitting on someone's shelf," emphasizes Pasculli. "It has to be a working process."

If the employee responds to the auditor's questions by saying that the policy's description of his or her job hasn't been done that way in years, this is a failure of the policy, explains Pasculli. "The policy must describe what is done, and this must be confirmed by the operators, who explain what they do," he says. "The documentation must reflect exactly what is going on in the facility, not an ideal. If what is described is not what the company actually does, it should not be on the company's bookshelf."

Additionally, there is no required or predetermined format for the documentation. ISO 14001 is totally flexible as to how the policy should look and can be developed to suit the facility. However, once the policy is developed, it should be reflected in action throughout the company."

When to document

When ISO 14001 was developed, each time the word "documentation" appeared or did not appear in the text was hotly debated, so there is no room for debate by any registrar to assume that absence of this word in a section of the standard was an oversight, explains Pasculli. If no documentation is required by a section, this is how the standard was meant to be. Some provisions require documentation, and some do not.

While the exact definition of environmental documentation appears in ISO 14001 in section A.4.3.4., Pasculli explains that "documented means it is written, findable, accurate and legible. There are just three sections that have the word 'documentation' in them." A company may choose to have additional procedures related to the standard in writing to make the system's effectiveness easier to demonstrate, but it will not be out of conformance with a registrar for not having written procedures if none are required by that section of the standard.

Sections of the standard requiring documentation of procedures include 4.4.3, 4.4.6 and 4.5.1. Section 4.5.3 mentions maintaining procedures and keeping environmental records without mentioning documents. In interpreting this section, Pasculli points out that records exist and there must be a procedure for identifying, maintaining and disposing of records, such as a record-retention policy, but the standard does not require this to be in writing.

"However, practically speaking, it's probably a good idea to have a written record-retention policy," he says. "Other sections as well that speak of maintaining procedures do not require documentation of the process, and a registrar cannot say that this is a requirement."

Clearly, the task of developing policy for ISO 14001 is a complex issue. Companies that are researching ISO 14001 may wish to order a copy of the ISO 14001 standard -- which is copyrighted -- from the American Society for Quality Control at (800) 248-1946 or (414) 272-8575 to learn the requirements firsthand. Cost of the standard is $40 per copy. Additional detail on integrated documentation and procedures will appear in the August 1997 issue of Quality Digest in a feature on information management.

About the author

Annette Dennis McCully, owner of McCully Technical Services in Kirkland, Washington, is a technical writer and science journalist who develops corporate policies, technical handbooks, marketing communications and newsletters. In addition to her articles on ISO 14000 issues that appear regularly in International Environmental Systems Update newsletter, published by CEEM Information Services, McCully developed several sections of CEEM's ISO 14000 Handbook and ISO 14000 Case Studies.

For more information, contact Annette McCully at McCully Technical Services, 14351-109th Ave. N.E., Kirkland, WA  98034. Telephone (206) 488-3480, fax (206) 485-9232 or e-mail amccully@aol.com.

 

Back to Top

Picture

Picture

Picture

[Homepage]

[Current Issue]

[ISO 9000 Database]

[Daily News]

[Past Issues]

[Quality Links]

[About Us]

[Media Kit]

[To Subscribe]

[Guestbook]

Copyright 1997 QCI International. All rights reserved. Quality Digest can be reached by phone at (916) 893-4095.

Picture

e-mail Quality Digest

Picture

Please contact our Webmaster with questions or comments.