In the years since ISO 9001 and ISO 14001 were first published, many organizations have followed the models of these standards in designing their own management systems. However, many of those systems haven’t been utilized to effectively manage risk. Many have been minimally developed to meet customer requirements or legal regulations.
ADVERTISEMENT |
The draft revisions to ISO 9001 and ISO 14001 will provide a way for companies to look at their processes in a new light and to take a more active approach to risk management. For example, if a company wishes to pursue ISO 14001 certification, its prevention of pollution policy will have to be revamped to focus on protection of the environment. As the company moves in that direction it will truly become more competitive on a global basis.
Although we’ve seen this trend coming, the upcoming revisions to ISO 9001 and ISO 14001 are proof that quality management and risk management can no longer be considered separate issues for your organization. The revisions call for greater flexibility and recognize the need for businesses to integrate their quality or environmental management processes into the overall business strategy.
As the basis for many other standards, many of the changes found in the draft international standard (DIS) ISO/DIS 9001:2014 are in the ISO/DIS 14001:2014 document as well. The ISO/DIS 9001:2014 revision addresses global and technological changes in the market and reinforces a new risk-based sensitivity. It also departs even further from the traditional ideas of command and control from a small cadre of top managers on down. Risk management, change management, and knowledge management are each given a sharper focus.
One major change to the ISO 9001 standard you will notice is the removal of any mention or requirements for “preventive actions.” This may sound counterintuitive, but this is actually because there is a larger focus on risk management and prevention. The new standard assumes that management structure and the quality management system are designed in a way to prevent potential risks to the greatest extent possible. For example, clause 6.1 requires a company to identify risks, in addition to ways those risks can be addressed for the management system to work properly.
New clauses have been introduced to section four, entitled “Context of the Organization.” The organization is now required to identify, analyze, and determine how external and internal issues can affect the organization’s ability to achieve the expected outcomes of their quality management system.
External issues to be considered could be changes in the competitive landscape, economic issues, environmental issues, legal requirements, regulatory issues, and technological changes, regardless if they are domestic or global. Internal issues could be related to the organization’s culture and the beliefs, values, or principles therein.
ISO/DIS 9001:2014 increases the importance in finding the root cause of a problem that may occur within the organization. Currently, once the problem is identified, the organization is required to fix it and keep it from happening again. The new revision escalates this entire concept of organizational risk management to another level, looking at the concerns to all aspects of the organization, not only customers but employees, vendors, and even the communities in which the company operates.
The ISO 14001 revision expresses a greater focus on preventing organizational risk within the organization’s environmental management system. The environmental policy refers to organizational context, implying that the policy should focus on the overall environmental management system. This applies not only to key environmental risks, but also to broader threats and opportunities posed to the organization. This is a big difference from the narrower focus on pollution prevention found in the 2004 version.
The ISO 14001 revision also emphasizes the benefits of determining where in the value chain the organization can control or influence performance, so that the consequences of environmental aspects can be reduced or mitigated. The objective is to encourage the consideration of external opportunities for improvement. For some organizations, the revised requirements will require an expansion of scope beyond the typical property “fence line,” to ensure the consideration of the aspects and compliance obligations associated with the value chain; services/activities; and product performance, use, and disposal.
Again, “preventive action” has been removed and replaced by the wider concept of risk management as a core element of planning. Indeed, all references are made to risk, identification of risks and opportunities, and planning actions to address risks and opportunities identified. In fact, the “planning” section of the ISO/DIS 14001:2014 standard requires actions to address risk associated with threats and opportunities.
The ISO 14001 revision includes a greater focus on the context of the organization. In fact, the new clause 4 now requires the organization to consider itself within its context, and then determine the scope of its environmental management system. Two new clause headings include:
4.1—“Understanding the organization and its context”
4.2—“Understanding the needs and expectations of interested parties”
Together these clauses require the organization to determine the environmental issues and requirements that can affect the planning of the environmental management system. This would result in a broader business outlook that would imply a more detailed operational planning, always considering the environmental issues within its context.
The expectation for organizations has been expanded to commit to proactive initiatives to protect the environment from harm and degradation, consistent with the context of the organization. Identification and managing aspects and risks must take into account the issues determined to be within the context of the organization, as well as the needs and expectations of other interested parties.
Paula Oddy and Jeff Eves are managers at Intertek, a Quality Digest content partner.
For more information about the ISO 9001 standard, see the Quality Digest knowledge guide, “What Is ISO 9001:2015?”
Add new comment